(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Scenarios on Outcomes from Russian Information Operations on the US 2016 Election

leave a comment »


Assessment Goals:

With all that has been happening with the disinformation and influence operations during this election cycle I thought it prudent to thought experiment out some scenarios if Russia or any other adversary with the means, decided to attack the election cycle in other ways. One might ask right now what benefit would other countries like Russia gain from such operations and you would be right to ask. That is a question for another post but suffice to say that if Russia is indeed tampering with our electoral process like they have in others, then the reasons are geopolitical and very much Putin’s aegis in ordering the SVR and KGB to carry them out.

The goal here is to just lay out the attacks that could happen simply and then give you the likely outcomes. All of these are not as comprehensive as you might find in some think tanks like Wikistrat but you get the idea. All of these attacks are possible, and they do not have to all work completely to have secondary and tertiary effects on the US population and political system. Please read through them and ponder yourselves how would you react if these happened? How would the general populace? Would government be able to carry on? If the election cycle is broken and the systems not trusted, how would one re-set the vote and how long would it take?

Interesting times….


The voting machine have been tampered with electronically or code has been inserted. The potential for votes being tabulated incorrectly or data tampered with is possible but not probable in the grander scheme in the US according to sources. However, this does not preclude a way found to insert such code or physical devices in key states. It is also not impossible to have assets in play such as sympathizers or outright KGB assets on the ground helping to tamper with the results. I will not go into the details because this is a scenario to start but it is also not the point. Let’s just assume ways have been found to tamper enough to call the electoral data into question via tampering directly with the systems.


  • Trust in the election system is diminished
  • Recalls are called for by both candidates and the public
  • The electronic systems will lose public trust and a re-assessment of the process will be mandated


Scenario 2 is based on recent events. The hacking of the rolls databases in key states could be an attempt to manipulate the data and cause secondary issues with that data on the day of the election. The posit is that the adversary has tampered with people’s voting preferences data. If you are a republican they can change that roll to the opposite party and vice versa. Additionally what if a users region or address were changed surreptitiously? To date there are no systems that I am aware of that will email you when a change is made to your voting status and how many people check before they go to the polls? This is a common tactic that has been used in gerrymandering an election area by disallowing voters from voting on the day of the election. To date, the FBI has not been able to determine what the hacking on the voter databases was about and this could be one of the goals.


  • Voters are unable to vote once they get to the polling place.
  • Voters are not allowed to correct these records and are thusly negated from the process
  • Attack key states once again, going for the electoral college and you can change the outcome of an election
  • All of the above once again have the amplification of causing distrust of the system and damage to the election
  • The candidates and the people are left with a recall and with the system being manipulated already how can they trust it?


Russia has attacked the Ukraine elections by inserting malware/code into the election machines in 2014 that effectively bricked them. If such an attack code were placed and propagated within the American voting systems the disruption would cause the election to be halted and emergency measures taken. Perhaps the election might try to carry on with paper ballots but I am unsure the process can be that effectively nimble. If the election systems are down, since they are of varying makes and models of machines, the time to return of service would be long, causing more FUD to the elections process itself.


  • Voters are unable to vote or the process takes so long that they walk away with a more analog process
  • Trust in the electronic system would be degraded or destroyed
  • The election cycle would be likely broken and emergency measures would have to be employed (contingencies)
  • Continuity of government is challenged


These three scenarios to date, have not been covered I believe. This post comes to you as the fruit of a discussion I had with @SteveD3 and I believe that in our current atmosphere of information warfare and influence operations carried out by Russia, one has to take these thought experiments out for a drive. All of these scenarios are possible and will have the effects of denial, disruption, and degradation to our election systems and the stability of the nation. It need not render the election completely in the favor of one or the other candidate conclusively to cause faith in the system and its outcome to be questioned. Imagine if you will, as Trump has already been saying repeatedly, that these tactics are used and the general populace believes that the election has been rigged? With or without the hand of the Russians, others could be easily blamed by a candidate like Trump and his followers. The outcomes from this could lead to civil unrest and other worse things if they came to pass with the help of information operations attacks by another nation state.

I suggest you red team these ideas yourselves and see what else you can come up with…

Written by Krypt3ia

2016/10/11 at 14:20

GDD53: A Russian Hosted i2p Site That Claims Trump’s Email System Had Ties To Alfabank (Russia)

with 2 comments


Recently a page showed up on WordPress (10/5/2016 to be precise) that has an interesting albeit hard to prove claim. The site is named gdd53 and the claim is that Donald Trump’s email systems were set to have a direct connection to servers in Russia for Alfabank, a Russian bank. Alfabank I caught wind of the site when someone asked me to look at an i2p address that they couldn’t figure out and once I began to read the sites claims I thought this would be an interesting post. While the site makes these claims, I cannot, as I don’t see any concrete examples of data other than the screen shots on the site and the assertions of those who put this up. In looking into the facts all I could come up with was some truths to the IP addresses and machine/domain names but nothing really solid on ASN’s being pointed between the Trump email servers and Alfabank nor Spectrum Health as is also claimed.

i2p Site:

However, there are some interesting twists to the page. First off, the i2p address in the WordPress site is wrong from the start. Once I dug around I found that the real address was which is actually a site hosted on a server in Moscow on Marosnet. This site in the i2p space was a bit more spartan, however, it had much more data to offer on the whole contention that Donny had a connection to Russia. There is a claim that a NYT reporter asked about this connection and then server changes were made yadda yadda, but why is this on a Russian server? Why i2p? Why is the site gone now? Why was the address only half there on the WordPress site to start?

So many questions…

screenshot-from-2016-10-05-14-30-44i2p site main body text (part)

screenshot-from-2016-10-05-14-38-53Alleged network map of how the system “would” look

screenshot-from-2016-10-05-14-52-53A traffic map that shows alleged history of peaks and troughs in data between the alleged servers

screenshot-from-2016-10-07-15-16-59Maltego of the servers

screenshot-from-2016-10-07-15-30-38Onionscan of the i2p site

screenshot-from-2016-10-07-15-31-02WHOIS of the i2p site

screenshot-from-2016-10-07-15-31-26Only one ping Mr. Vasiliy

screenshot-from-2016-10-07-15-31-42Nmap of the site while it was up

After poking around and doing some historic WHOIS I came to the conclusion that I cannot prove out their claims because really I would need to have access to the server in order to see the direct routes for mail being put in there at the time this was alleged to be happening. I did however in my searches come across some interesting things concerning the company that hosts Donny’s email systems though. Cendyn is the name of the company and in their business history you can see how maybe a connection can be made to Russia at least. Certainly you can begin to see why ol’ Donny boy would use Cendyne as his go to but no smoking gun here.


As stated above Cendyn hosts the servers for Donny’s email. I looked into Cendyn and the closest thing I can see without doing a real in depth on them is that they do CRM for hotels and that maybe some of the hotels in Russia may use it? No confirmation there though. Mostly though Donny uses Cedndyn for his hotel businesses as well so I guess since this company also does some hosting he had them do this for him. If anyone wants to ask Cendyn for their records perhaps we can get some clarity on this whole thing. I doubt though if asked will they give up logs/configs on the systems in question. I also have to wonder about this whole allegation that a NYT reporter asked about this.

Say, any of you NYT’s people out there care to respond?

screenshot-from-2016-10-08-15-41-55 screenshot-from-2016-10-08-15-42-26


At the end of the day, in a week of old dumps of data by Wikileaks and Guccifer2.0, I am unimpressed with this attempt unless someone can come up with something more concrete. One does wonder though just who might be trying this tac to attempt to cause Donny trouble. It seems a half assed attempt at best or perhaps they were not finished with it yet.. But then why the tip off email to someone who then got in touch with me? Someone I spoke to about this alluded to maybe that was the plan, for me to blog about this from the start..

Ehhhh nah I don’t buy that.

However, what has my attention is that this is just one attempt in a sea of attempts to manhandle the US election process. A series of hacks and leaks by Russia (if you believe the DNI) attempting to cause our election cycle to melt down and perhaps let the tiny handed orange Hitler win the election. Jesus fuck what a scary time. I mean sure, I lived through the 80’s and the bad times with Reagan and the nukes but Jesus Fuck all of this is balls out destroy the system by pushing the idiots to the boiling point!

Meanwhile Donny is not preparing for the next debate because it’s “annoying”

BAAAAHAHAHAHAHAA fucking chucklehead.

Interesting times kids…


PS… Feel free to investigate for yourselves and let me know if you find anything interesting!


After posting this yesterday there have been some revelations. First off, someone in my feed put me in touch with the NYT and a reporter has confirmed to me that what the site says about NYT reaching out and asking about the connections, then the connections going bye bye is in fact true.

Ponder that one kids…

So I decided to use my eagle eye and look for another eepsite to pop up and sho-nuff it did yesterday at some point UPDATED with new and fun data! The “Tea Leaves” person(s) have added logs that they allege came from the name servers for Cendyne.





These are the key files in the new dump but the problem I have is that they are just text files. Anyone with the know how could re-create these to look legit enough but yet still be questioned. I see no actual login to the shell and queries being run here so really coulda just done a find/replace on another query on any server you have access to.

I have to say it though, these guys are trying to get the word out but in a strange way. I mean this eepsite is now hosted in Czechoslovakia, staying with the Baltic flavor but why not broadcast this more openly? Why does the WordPress site have the wrong address to start and then the other eepsite disappears after a little poking and prodding?

krypt3ia@krypt3ia:~$ whois
% This is the RIPE Database query service.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See

% Note: this output has been filtered.
%       To receive output for a database update, use the “-B” flag.

% Information related to ‘ –’

% Abuse contact for ‘ –’ is ‘’

inetnum: –
netname:        CZ-GTT-20101025
country:        CZ
org:            ORG-Ga241-RIPE
admin-c:        LM1397-RIPE
tech-c:         LM1397-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-by:         MNT-GTT
mnt-lower:      MNT-GTT
mnt-routes:     MNT-GTT
created:        2010-10-25T13:24:34Z
last-modified:  2016-05-19T09:42:08Z
source:         RIPE # Filtered

organisation:   ORG-Ga241-RIPE
org-name:       GTT a.s.
org-type:       LIR
address:        Hornatecka 1772/19
address:        180 00
address:        Praha 8
address:        CZECH REPUBLIC
phone:          +420261001179
fax-no:         +420261001188
admin-c:        LM1397-RIPE
abuse-c:        AR14420-RIPE
mnt-ref:        RIPE-NCC-HM-MNT
mnt-ref:        MNT-GTT
mnt-by:         RIPE-NCC-HM-MNT
mnt-by:         MNT-GTT
created:        2010-10-04T15:25:45Z
last-modified:  2016-05-20T10:04:31Z
source:         RIPE # Filtered

person:         Lukas Mesani
phone:          +420-725-793-147
address:        Czech Republic
nic-hdl:        LM1397-RIPE
mnt-by:         MNT-FRODO
created:        2006-06-07T13:57:53Z
last-modified:  2014-02-11T22:58:02Z
source:         RIPE

% Information related to ‘’

descr:          GTT-NET
origin:         AS51731
mnt-by:         MNT-GTT
created:        2010-12-09T01:08:59Z
last-modified:  2010-12-09T01:08:59Z
source:         RIPE

The biggest takeaway is that the NYT confirmed that they asked the question and shit happened. They are still looking into it.

Oh Donny shit’s about to get worse in your dumpster fire world.




Dear Tea Leaves,

Answer my questions in email sent Monday. Stop muddying the waters with information that cannot be proven.


Dr. K.




Above was emailed to me Sunday. I responded and asked specific questions. This comment is useless static.

Written by Krypt3ia

2016/10/08 at 20:27

Guccifer 2.0’s Clinton Foundation Data Drop Is NOT Clinton Foundation According To The Metadata

leave a comment »



You all have likely seen the news since October 4th where the Gucci boy dropped another dump of dox on Hilly and Bill. Yo  yo yo though this dump isn’t what he claims it is. Of course in the news reports the Clinton camp denied the files as being theirs and on the face of it with the screenshots given, I can agree to agree. However in this world of of insta media fuckery I wanted to follow up with some forensication on this shit. So I downloaded the “dox” and I did some metadata forensics. What I did it seems the media has failed to do once again, I mean really, is it so fucking hard for the media to like do due diligence and shit?

Anyway, the bulk of the docs were written by Miss Kurek of the DCCC 499 of them to be specific, I did not go into the stats on the excel files and pdf  but if you Google up Missy (kurek) she is a Pelosi minion and has a position at the DCCC. So that right there made me say “hmmmmmm” I went further though and pulled the PC user/machine data that could be captured from the documents in question. What I found was that none of these documents were written on any asset with the name “clinton” or “clintonfoundation” at all. In fact, all of the machine names involved just pretty much said “pc” and a user name, so no real enterprise networking here kids.

Furthermore, when you pull out the network data all you see are DCCC servers. So unless the Clinton foundation is running all their shit out of another bathroom server at the DCCC this ain’t the dox Gucci was promising. So that leaves me to wonder just what the hell is up with ol Gucci boy? Are the Russians running out of shit to post or is this cat going rogue on them? Perhaps the Gucci cutout is now believing his or her own hype? This dump though casts a doubt on everything else he or she may put out in the future and if it was an “off the rez” situation then he or she may be in for a visit from the GRU in the near future.

Anyway, public service done here… You can thank me at any point Grandma Nixon!

Oh, and yeah, you newsies, fucking do your homework!





User List



Email addresses found in metadata (doc/docx/pdf/xls/xlsx)



Networks and servers found in metadata


Clinton Foundation Metadata


Clinton Email located


I found two emails for in two docs but nothing else.


Evidently I was a bit hasty in saying no journo’s had done due diligence. I have been informed that The Hill and Ars did look at the metadata by clicking on “properties” Good on them! Now, how about some real forensics.. I mean it did not take long….

*post written to Ghost Dog OST by RZA*

Written by Krypt3ia

2016/10/06 at 17:35

DD0S: Posters From Walls To Legitimate Weapon Of War and Its Possible Use Scenarios

leave a comment »

e832ad312e217a0fbcb4fe34c5dc65e1pew pew pew


Historical DDoS

Distributed Denial of Service has been the go to tool for the script kiddie and Anonyous over the years but recent developments have shown that this tool may be evolving and maturing with new use by actors within the nation state arena. In fact DDoS has been used before by Russia on Georgia in 2008 and again recently on the attack of the power grid in Ukraine. The types of attacks varied but the end state of denying service to sections of infrastructure have been the same in each of those occasions.

What was once considered to be just a tool for skids is now fast becoming a dangerous tool for other attacks that in tandem with kinetic action, could be the prelude to war or, more to the point, smaller actions that may not lead to the intensity of war by the standard definition by countries like the USA. This blog post contains a set of scenarios that could possibly play out but they are more so thought experiments to show the potential use of a denial of service in hybrid or network centric war that includes information warfare, CNO, and CNE implications.

Recent Events

Directed Attacks on Infrastructure and Defense (Schneier)

In a recent post on his blog, Bruce Schneier alluded to some very directed DoS activity against infrastructure of the internet. He was not really forthcoming with the data but I too had heard of some activity and thus began to ponder who might be carrying out tests of new denial of service tools. His go to on who was carrying out the attacks was China, which was a poor choice in my opinion and wrote an off the cuff retort here. I believe that another actor is afoot in that one and as you read below that actor is DPRK. I think this for many reasons that I will cover later.

In any case, the attacks have been systematic and show planning in a way that alludes to a desire to take out large areas of the internet and or command and control systems for the nation(s) that would degrade our abilities to fight a war, carry out daily business, or just surf the web. Of course the former is the most important and likely the aegis here rather than the latter for this adversary.


Another event that has taken place in rapid succession to the attacks on infrastructure was the DDoS of Brian Krebs website after he outed a company that performs DDoS as a service in Israel. This attack for the most part appears to me to be revenge for the takedown he was part of, but he has over the years managed to piss off many of the skidz out there today so the list of names grows exponentially there. What struck me though in this attack was that the tool used was then burned by it’s one time use on Brian. If this actor were someone within the space of nation state, they would not want to burn the tool so to speak.

In fact, post the hubbub of the determination that the tool in question leveraged a botnet consisting of IoT devices (Internet of Things) the author dumped his code online because within days he already was seeing his output diminish because ISP’s were cleaning up their acts and denying access to insecure IoT devices and telnet sessions that had default creds. With this revelation it leaves the tool up for use to some, upgrades to others, but overall it is burned as tools go for surprise attacks. Of course the tool’s DDoS is carried out by GRE packets which is a hard one to stop. If others find new sources of bots for the botnets then the tool once again can be fired and take down the targets pretty readily, so there is that.

South Korean Router Hack

The Yonhap News agency recently put out a report stating that the ROK military had suffered an attack on a ‘Vaccine Routing Server’ at their cyber command in Seoul. I am still not sure what a vaccine routing server is other than perhaps a bad translation from Korean to English but if it is in fact a router, then this attack could further a DDoS quite well. Of course this attack if carried out the right way, could be just like the OVH attack that leveraged traffic directly through to the back end of the OVH infrastructure. This type of attack would be devastating on any network. If in fact the OVH attack was another “test” of another, as yet un-named tool, then leveraging such a router compromise on the ROK cyber command by DPRK would be the next best thing to just dropping a missile on the building, which would likely happen right after the DDos begins in a lightning war.. But I digress.

Tactical Use

So with all of these things in mind, I would like to next discuss the tactical use of DDoS in a hybrid warfare scenario. In the cases earlier stated with Russia, both types of denial of service were used in differing capacities. In Georgia, they used the DoS to cut off the country’s communications both internally and externally leaving them dark the rest of the world. In the case of the recent attack in Ukraine they did not use the common tactic of DoS by packet, instead they used a phone DoS on the helpdesk at the power company as well as other tricks like attempting to re-write the firmware in the ICS/PLC environment so that the power would stay down after the attack. Both of these attacks plainly show the value of this type of attack but below I will go into the thought process behind their use.

Deny, Degrade, Disrupt & Psyops

DoS of any kind’s main goal in a warfare sense is to deny access and communications, degrade access and communications, and disrupt access & communications. These primary goals have sub goals of slowing the adversary, denying the adversary, and disrupting their abilities to respond to attacks. If you carry out these denial of service attacks on communications lines for say military command and control (C4ISR) then you are effectively blinding the enemy and or disrupting their ability to respond and prosecute a war.

Years ago an example of this was carried out in Syria by Israel when they attacked a radar station electronically and allowed their jets to make it through unseen by the air defense of the country. This operation (Orchard) leveraged this electronic attack to destroy a nuclear facility before it went live. In certain situations these attacks also can have the added benefit, or even the main goal, of prosecuting a PSYOP (Psychological Operations) on the affected country by destabilizing their networks (public and mil) and sow distrust of the infrastructure as well as cause pandemonium. I will write further on the PSYOPS angle below in one of the scenarios.

Signal To Noise

In some cases a DdoS can be used to distract an adversary while you are attacking a specific asset(s) in a hack. This type of activity has been seen in some of the Chinese activity in the past. This type of attack is quite successful as the IR teams are otherwise engaged in trying to mitigate being offline, it is easy to miss a certain network or device that may still be connected and being attacked. With the masses of data being aimed at the defenses it is easy to miss the attack within the deluge of bad data.


Scenario One: Core Infrastructure Attacks on ROK and USA

With the attacks on infrastructure mentioned above, and the ROK Cyber Command attack on a “router” this scenario concerns a “short war” which is the favored type of warfare by the DPRK. In this attack the following happens:

  1. DPRK launches a DDoS of some kind(s) on ROK and US assets to disrupt C4ISR
  2. DPRK engages their rocket batteries just outside of the DMZ with a three minute flight time to Seoul
  3. DPRK launches other forces and attempts to overtake ROK

It is within the nature of DPRK to attempt this kind of attack because it is doctrine for them, they have nothing to lose, and they would aim to deny, degrade, and disrupt ROK’s allie, the US with the types of attacks we have seen recently with the GRE packet attacks. Of course there would have to be other maneuvers going on and other attacks within the spectrum, but this attack vector would be easy enough for DPRK to leverage in a kinetic hybrid war scenario.

Additionally, the use of DDoS by DPRK is a natural fit because of the lack of infrastructure within the hermit kingdom. If DPRK were to leverage DDoS like the GRE elsewhere, it could easily do so because of the aforementioned lack of connectivity as well as the norms today for warfare do not really cover DDoS (yet) as a type of attack that would require a kinetic response. DoS and DDoS are the perfect asymmetric cyber warfare tool for DPRK and I for one would not be surprised to see in the near future, it’s use by them in scenarios like these.

Directed Attacks In Concert on US Elections

The following scenario concerns the upcoming US election and the possible use of DoS/DDoS as a tool to sow mayhem during the process. Russia seems to be actively tampering with the US electoral process in 2016 through direct means by way of hacking and cyber warfare tactics. However, this attack could be just as easily leveraged by DPRK or anyone else. I am using Russia in this instance because it is October and, well, you all have seen the news lately right?

  1. Russia attacks the internet infrastructure within the united states to deny and degrade access large scale
  2. Russia attacks polling places connectivity either by the larger DoS or direct action against polling places and the electronic voting machines connection to upload results

The net effects of these types of attacks on the voting systems on the day of the election would have these potential effects on the process:

  • Insecurity and fear that the US is under attack
  • Insecurity and mistrust of the electoral process through electronic means
  • Not all voting systems have the paper backup so counting ballots would be null and void in some areas
  • Re-counts would occur
  • The parties (Dem and Rep) specifically in this heated election race would demand redress on the systems being corrupted by possible hacking attacks
  • Election results could be null and void

This scenario is quite possible and it does not have to be fully successful technically to actually be successful as an attack. The net effect of PSYOPS on the American process and people would already be carried out and in effect. Given this election cycle’s level of crazy, this one would be very hard to control and not have it spin into disarray. It does not take a lot to throw a monkey wrench into an already contentious election where persistent October surprises from hacked data are being splayed across the scrolling bars of CNN.




With all the scenarios laid out, it is important to now cover the two actors and circle back to the events recently concerning DDoS. In Bruce’s piece he immediately went to the old stand by that; “China did it” I however do not agree with this assessment and the reasons are due to the nature of the actors and their motivations. Rational actors versus irrational actors are key points to consider when you are trying to attribute an attack like these recent attacks. All of this is speculative to start, so please bear that in mind with the attribution I make. (see dice above) For all I know these attacks could all just be cyber criminals seeking to hawk their “booter” service.

Who’s to say really?


Per the assessments of CSIS and other experts on DPRK there is not much to go on in the way of hard data on cyber capabilities and actions from North Korea. However, they do have patterns of behavior and doctrine that has been smuggled out of the country in the past. The use of asymmetric attacks that take very little resources would fit perfectly with the DPRK’s desires and modalities. As mentioned above also, this type of attack would fit well with their “short war” stratagem.




North Korea under Un has shown a willingness to use cyber warfare tactics in attacks like Sony and understands they have nothing to use by leveraging them. Sanctions are not going to work on them even with the pain they may cause. The same can be said for attacks like DDoS, there is a low threshold to entry and use and they have a large asymmetric win in the eyes of DPRK. I would recommend that you call click the link at the top of this post for the CSIS paper on DPRK’s cyber capabilities and structure.


Russia is another animal altogether. Russia plays the game brashly but most of the time very smart. In the case of DDoS use we have already seen them leverage it in tandem with kinetic warfare and do so with success. Their recent use of it as a digital stick on Ukraine as well show’s that they are not afraid to use the attack in their back yard. However, use of it against other nations might be a bridge too far in some cases. The scenario I have laid out though with regard to the nations elections in November 2016 is quite plausible and the burden of proof that the DoS was carried out by Russia or a proxy would be hard to prove in an international court.

Another aspect of this scenario is just how far of a response would the US take if such attacks happened? With attribution being what it is, how would the country respond to an attack of this nature and what good would it do if the process is already tampered with? This scenario is mostly a PSYOP and once again, the damage would have been done. With Putin’s recent aggressive moves (re-forming the KGB and now walking away from the nuclear treaty) it is not beyond the scope of possibility that his penchant for disruption would win out.

Russia is a rational actor and this would be a rational attack. Imagine if by an attack of this kind it tips the election in favor of Trump?



The DDoS attacks that have been happening recently do show that something is afoot. That something is coordinated and is being used to target key aspects of the net as well as DIB partners. What the end goal is and who is doing it all is still a mystery, but, these scenarios above are just as valid as once again pointing at China and yelling “THEY DID IT!”

Maybe something will happen in the near future…

Maybe not…

Either way, one should consider the adversaries who might be at play.


UPDATE: Evidently I am not the only one who is thinking along these lines… The Daily NK had an article come out the same day, thanks to @JanetInfosec for the tip! According to this article they are assessing that on or near 10/10/2016 DPRK may attack ROK with electronic/hacking attacks as well as perhaps more launches of provocation.


Written by Krypt3ia

2016/10/04 at 21:14

Posted in CyberWar, D0S, DD0S, DPRK, Pooty Poot, PsyOPS, Russia

Tagged with ,

Dear Cloudflare, Please Stop Doing Business With ISIS

leave a comment »



A while back I posted about a new darknet site that the da’eshbags at Dabiq have put out. I decided to circle back to the site to see what has been going on with it as I originally was kinda “meh” about it. When I looked today I noticed some things that perhaps I missed before, the primary point being that this site is being hosted/protected by Cloudflare. What we have here is a new hybrid of darknet onion hidden site and clearnet hosted and DDoS protected content by Cloudflare. The site itself is http://ou7zytv3h2yaosqq.onion/ while the cloudflare backend is 






It isn’t new to see the jihobbyists using Cloudflare though, all the boards seem to be using them now on the clearnet but in the darknet this is a new hybrid model. No wonder this site is still up and still feeding fresh crap from Dabiq to Al Bayan radio feeds. Nothing can really take them down with this hybrid solution it seems. Of course a sustained attack on the onion server might do the trick but who’s got time for that huh? The fact of the matter is all their shit is out there and protected by a firm that doesn’t seem to give one crap about what they are hosting and protecting as long as they get paid.


These nitwits are commenting and leaving their hotmal, yahoo, and gmail addresses. GEE WHIZ!








I sure hope the kids all enjoy hunting these idiots down… You see uhhhh the point of the darknet is to hide who you are.

Anywho… So new darknet things in new darknet ways. The jihad has moved itself into the darknet a little further with the help of Cloudflare.


Written by Krypt3ia

2016/09/28 at 18:05

Posted in Internet Jihad

The 0day and The Snowman

with one comment


<REDACTED> sent me this blog post this morning and I read it with due diligence per our relationship. Once I had finished reading it and the bile taste left my mouth I decided that I should put down some thoughts here to share…

First off, let’s all face facts that NO ONE has the full story here. No one. Not one fucking person. Snowden is lying to some extent, the NSA and the government are lying to some extent, and anyone who does not have direct experience with what happened at the VERY top of clearance probably doesn’t have the whole story either. It’s called classification, over classification, and compartmentalization. Whether or not it is to protect “sources and methods” or not, there are always lies, obfuscations, and inveigling that happen within the community. So fuck you all for all of your jibber jabber back and forth on who’s bad and who’s not and what damage this has done to our safety.

That really includes you Mike Rogers.

Here’s my take on it all.. Fuck if I know what the fuck happened and you don’t either!

I watched Stone’s movie and thought it heavy handed and certainly not the facts as they are presented.. That is presented by whichever source you want to believe. Just like this whole fucking HSPCI report timed EXACTLY to coincide with the release of a fucking film to spin the media and the people? JESUS FUCK if this report isn’t a propaganda leaflet drop what the fuck is?

Ok so fuck this shit. Everyone move on. Understand that you are all being surveilled to whatever extent you want to believe either by the government or the companies you slavenly give your information to in order to get access to the next great fucking Facebook app! Big brother is everywhere and he is in your pocket right now ticking your neither regions!


If you want to leave it then stop using the shit, learn to secure your shit, and use OPSEC.

Dr. K.

Written by Krypt3ia

2016/09/23 at 14:54

Posted in 1984

Ahmad Rahami’s Journal: The Sycophantic Nature of Failed Seekers

leave a comment »


Ahmad Rahami, the new jihadi wannabe lone wolf du jour made a splash with his bombings of a dumpster and a trash bin on CNN and the other media outlets but let’s really take a closer look at Ahmed and his mindset with the release of his ersatz “journal of jihad” shall we? First off, I am tired of the media coverage and while this was serious, it just show’s you the level of recruit and planning that AQAP/AQ/da’esh have in the US presently and to wit, not very high. Frankly, looking at his journal pieces here I can only surmise that if Ahmad doesn’t have some sort of personality disorder it would greatly surprise me. On the other end of that spectrum, Ahmad clearly is a failed seeker acting out within the confines of his chicken shop malcontent diaspora in search of importance.


Ahmad opines the usual catch phrase diatribes seen in Inspire or Dabiq and on the web in general on the boards but seems to not really have a greater grasp of his own religion than most of the daeshbag recruits these days. Clearly he has been suckling at the tit of the jihadi propaganda machine and in fact had close contact with recruiters in Afghanistan and Pakistan where he spent a good deal of time in recent years on and off. These guys look for recruits who have weak wills and minds that can be easily swayed. Minds and hearts, ego’s in search of self importance that they lack presently but are told that they will be martyrs for the greater cause if they blow themselves or the far enemy up and it is bullshit.







All of the propaganda placed by these Khawarij are just a mental virus, neuro-linguistic programming, used to prey on the weak minded souls out there, those failed seekers in order to bring them in and turn them to the Khawarij will. For some time now the security services and governments of the world have been trying to see how they can combat these memetic viruses online and so far no one has been able to come up with a solid solution. Those wh0 are seeking will latch onto anything that they feel an attraction to and it has been since time immemorial. Cults, and religions both rely on this to build their base, belief is key and the means to that end is dogma.

In Ahmad’s diary we see this in action and we see the brain washing and self delusion that goes on here with the repetitive statements in this journal that he used to egg himself on to action. No doubt he wrote this out and continued to do so as he built the bombs. All of this, all the language is a means to an end to justify to himself his actions. Actions fed to him by the propaganda online, in person, and programmed into him and all the others who are willing to listen, to believe, and to act.

Weak minds.

Weak souls.

Pawns of the Khawarij.

I truly hope we can come up with a means to combat such memetic viruses but so far I see no hope of it. Prepare yourselves for the other weak minded jihobbyists out there to try and catch their own brass ring of importance. Just don’t let them enable fear to win and change the course of our governance to a fear based one… Well… One that is more so than it already is.

Dr. K.

Written by Krypt3ia

2016/09/23 at 14:25