Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

MuslimCrypt and Clickbait

leave a comment »

MEMRI talked up a report on a new “steg” program being offered and “used” by da’esh that was then picked up on by Wired (or more to the point someone called from MEMRI offering a story because slow news day at Wired) touting the new scareware booga booga booga that jihadi’s are using STEGO ERMEGERD! Of course this type of encryption has been around all along and in fact, as Wired alludes to, it has even been used by UBL back in the day as well. The fact that there is stego out there is nothing new but this alleged program is, maybe. You see, the problems I have with this assessment and the Wired story sold to them is that there is no real penetration of this software being used as far as can be seen and in fact nowhere on the net can the actual software be found to download.

So yeah, it is not in every da’esh cyber toolbox kids and if anything, it may be an OP trying to pop some of them on Telegram.

Telegram Accounts:

The Telegram accounts involved in this drop also seem to lack some history as well. I looked them up on Telegram and there isn’t much to see at all. Of course it could be that one needs to engage with them to see more but I am not going to do that for this so suffice to say that Google searches of these accounts, the names in them, and iterations thereof come up with nothing useful. In essence what I am saying here is they have “no history” and thus to me should be looked at as cutout accounts to drop this software from and nothing more. This is an important piece of the puzzle too but it seems MEMRI is more interested in selling subscriptions and getting on Wired than they are at being thorough in investigating things like this.

MuslimCrypt.zip and .exe:

Meanwhile one cannot find the software at all nor the zip file anywhere on the net. Not one download link anywhere. No uploads to MEGA, nor any of the other places that you would think that these guys would want to put it so that the jihadi masses can securely talk right?

Nopesauce.

The staggering lack of the file only leads me to believe that it was a drop to entice people to download in-line on Telegram in hopes that the account (MuslimTec) would be a form of watering hole attack. We see this kind of thing all the time in the hacking world and many of those kinds of attacks are carried out by more sophisticated actors. In this case the only place that the file can be seen is on Hybrid Analysis and on VirusTotal and even there there are only one to two drops of the file for testing. In all of these cases the files are not available for download so only one source has uploaded them.

Interesting huh?

So what do we have here so far… One source (MEMRI) sharing a story with Wired about a software package no one really has except MEMRI? How odd is this? Well, kinda odd and to me smacks of two things;

  1. MEMRI got played
  2. This was an OP by a nation state actor looking to own some jihadi’s

I will go into these ideas in some more detail below. Just remember that it is odd that these files are not out there in the forums nor being saved and uploaded for more penetration of use.

Reversal of the binary:

I found that the zip file had been uploaded to Hybrid in January as well as March 4th 2018. The VT upload happened in February 2018 so this has been around and about a bit. Remember though, these are the only instances of the files that I could find, and I REALLY wanted to find a copy. So whoever had the files to upload (assuming it was MEMRI) are the only ones to do so. I looked at the whole sandbox report of the zip and the executable and came up with some interesting factoids for you all.

  1. The language set is German
  2. The language of some of the re-used code snippets are in German, so, I could go either way on this one. Could be a German who did the coding or just someone who knows some and worked on re-used code to make this program
  3. This was cobbled together by someone with some skills
  4. The software does have what seems to be a keystroke recorder built in but it has nothing really to do in sandbox because it is a sandbox and no actual keystrokes are made
  5. Whoever compiled this has a pc name or a folder name on their system of “SultanEasy” with “SultanEasy-2” which, ya know, kinda sounds all code wordy to me

I scoured the internet for “SultanEasy” and “SultanEasy-2” to no avail. Now with that in mind consider that this was a slip up on the part of the coder and that this folder in projects is a code name.

Ponder ponder ponder… A piece of software magically dropped on Telegram by accounts with no history and a binary that has a keystroke logger embedded in it?

Hmmmmmmmmm…..

Oh, by the way MEMRI, your reversal skills suck.

An Op?

Overall, this smells bad and MEMRI seems to have fallen for it or is unable to read a reversal report and strings well enough to see things in perspective.

Could this be an operation by a nation state? Sure.

Could it be another group like Anonymous or some other vigilante group? Sure.

Could it be a serious attempt at making steagnography the go to encryption for jihadi’s today? Yeah no.

Nice clickbait though.

Derp.

K.

 

UPDATE: I was sent this by <REDACTED> this is from a paste of conversation screenshots from the MuslimTec Telegram channel…

Screenshot from 2018-04-02 14-45-24

So yeah, there are many comments in there about spies and even at one point claims of being hacked by dissension…

Just sayin.

Written by Krypt3ia

2018/04/02 at 18:06

Posted in Da'esh, jihad, Jihobbyists

Cambridge Analytica And Psychographics Versus Facebook Algorithms and Targeting

with 3 comments

Last week I came across some tasty data out on the net concerning the clients that Cambridge Analytica had been serving in the last election cycle other than Trump. Within that data dump I also came across some python scripts for harvesting data on Twitter as well from a developer at CA which ties them also to mining and using potentially, Twitter as well as Facebook to create pscyhographic profiles and to target those people out there who had the same sentiments and desires around electing Trump as president. What I found in looking at the data and doing some research has brought me to the notion that Analytica’s part in this whole thing was just one sliver of a larger whole. That together with the Russian active measures campaigns, disinformation, propaganda, and echo chamber incitement thereof, Analytica helped target some of the people that Russia needed to target as well as the Trump campaign itself.

In fact, after really digging in here, it has become clear to me that Facebook may have a larger part of the problem with their algorithms that commoditize their user base and allowed for weaponizing of that data to be used in the propaganda campaigns by the Trump campaign and the GRU’s operations. Cambridge Analytica is not the big bad here in essence but a part of a larger whole that the news media seems to be unable to grok because it is not as sexy as having a new Bond style villain to get clicks on. No, the larger and more subtle story here is that the people were manipulated by the Mercer’s, the Bannon’s and the GRU using the tools given to them by Facebook and Facebook as well as the media, to synergize the propaganda with the help of all that information the people have chosen (wittingly or otherwise) to give up by using these platforms.

While the truth keeps coming out in drips and drabs on Cambridge Analytica, one has to also take note of the Channel 4 undercover video’s as well where CA’s Alexander Nix offers up age old kompromat style operations to their would be client. This all likely is second nature to the SCL group, the company that is tied to the MOD and DOD as offering tools for propaganda and manipulation in the past and of which CA is a spin-off company. Once you understand this, then you can see how Nix might just be offering things off of the menu from SCL and happily so to make a sale here.

What Nix is offering though might in fact be the modus operandi for the “whole package” in the case of political manipulation. Think about it, you target the people you want to vote, you then set up the opponent with kompromat and then you leak that judiciously. It would destroy the candidate and prop up their opponent pretty well don’t you think? Overall, what you have to realize here is that Cambridge Analytica was selling itself not just as an analytics company with a side of advertising for political campaigns, but instead a one stop shop in black propaganda and dirty tricks using analytics and psychology to target the voter. Of course now you have to ask yourselves just how effective CA’s pscyhographics and operations really were, how they may have learned from past experience, and what may have been their pivot from just analytics and psychology to propaganda and dirty tricks to pay the bills. First though, let’s look at the data I found and run through some of the premises that CA puts forth to see where fact meets Phrenology.

The Data:

I was Google dorking around the other day and came across someone’s git repo that had an Excel sheet in it concerning Cambridge Analytica’s clients in 2016. When I opened this up I was amazed to see just who else was using CA’s psychometrics for their campaigns other than Trump. What I saw was that Ben Carson, John Bolton, Ted Cruz, and a host of other orgs had been using CA’s offerings as far back as 2014, in the case of Bolton’s super PAC. Carson and Cruz both had limited dalliances with CA but Trump spent considerably on Analytica in 2016. In fact you can see from the sheet, the campaign slogans or catch phrases that they tried too, using them as code names for projects.

All of this data was obtained through the fec.gov website where they have to give up the information as part of the law. So no secrets here really but interesting information to be gleaned on who was using CA’s services and just how long this has been going on. In the case of John Bolton, you can see that he was attempting to use CA to further the candidacy of someone he was supporting back in 2014. In total, the sum for all this work shown here is over four million dollars between all the campaigns and entities.

Notice though, no charges for Ukrainian hookers and blow for kompromat though. *snerk*

Of note as well are the ancillary campaign strategies or slogans that they had for Trump before they came up with the MAGA (Make America Great Again) claptrap, a slogan though that for those of a certain mind, worked wonders for Trump and his particular brand of populism no? You had “Make America Number 1” which is just not as catchy as “Make America GREAT Again” which they refined from the number one phrase. Of course the whole mode here is to say that America is no longer ‘great’ and it can only be made ‘great’ again by Trump. This is a clever little psychological trick in that it pastes everyone else as part of the pool of people that made America lose it’s greatness and is a phrase that those of a mind, can latch onto as a dog whistle.

While I was dorking, I also located a bunch of FARA statements that SCL-Social filled out and gee, who was funneling money to CA to work as a foreign agent? Why Dubai and the UAE of course! You can see the FARA statements made by Andreae and Associates (a political intelligence and risk group in the US) that is working for SCL-Social, a sub division of SCL-Group, and parent to Cambridge Analytica. What a tangled web we weave when we practice to deceive… Or at last manipulate.

Anyway, there is a lot out there and you can play the home game here.

As a side note, if you look at the original filings on the FEC site you can see more information on the who and the what and the how. In one case I have looked at so far, the LLC that was created to spend the money on “Make America Number 1” is called “GLITTERING STEEL” which to me sounds like one of those derpy names given to APT actors or bad spy novels. Well, once you Google that name though you can see even more about this, that it was a Bannon run entity and that there is at least one law suit pending over their illegal actions in California.

This shit is deep folks… Like “deep state” deep. Anyway, I will continue Googling but you can too! Let me know if you find good stuff out there that maybe I can further write about.

Python Scripts:

While I was Googling up that spreadsheet, I also came across some .py scripts that were on a github for a Michael Phillips, who works for Cambridge Analytica. His creations were for harvesting data from Twitter and pulled geolocation data in one and sentiments in the other. In his geolocation script he was looking to pull addresses with accurate lat and long too! Now, you and I know that Twitter allows this kind of thing and others like me have used different tools to pull OSINT on characters like da’eshbags and the like over the years. It is of note though, that Twitter has to my knowledge, not been mentioned that much with regard to targeting and psychometrics mining by CA in the press. So, this is interesting and makes me wonder if perhaps CA has had more inside access to other features of Twitter as well?

Twitter is notoriously not that helpful to the government and others so I have to wonder if access was given was it bought? What kind of data would Twitter have sold? What do we really know here? Do we know anything about this? Anyone have any insight here for me? I for one would like to know if Twitter was working with CA and to what extent if any they where. This becomes really important just like access to Facebook data because Twitter was the second tool du jour that the GRU used to sow all the chaos and push the propaganda in the 2016 election cycle as well as in other areas such as Brexit and other attacks on Ukraine and the like.

But I digress… Let’s look at the real value of Cambridge Analytica’s potential versus the tools afforded by the likes of Twitter and Facebook themselves.

Psychographics Versus Custom Audiences and Lookalike Audiences:

A lot of the news cycle has been taken up with Analytica of late but what are they offering and just how effective could psyhcometric profiles be of users on Facebook? CA claims to have the ability to target people by the OCEAN profiling system of analytics. This is how they managed to make an application that then stole others data in the form of a personality test that they leveraged on Facebook. While this testing can lead to some valuable information, it is not as accurate or the right tool in my book to micro target a voter as opposed to someone buying something that they like or want. While this was the bread and butter of CA’s claims the reality is that this tool is not enough to hone in on people that well to be a real factor in electing Donald Trump and you all have to realize this.

What’s more, if you look at the toolbox of Facebook alone, they have some algorithms and applications alone that could have been a major factor in Trumps win. The primary two tools are ‘Custom Audiences‘ and ‘Lookalike Audiences‘ which Facebook uses to target people for advertising and the like. Both of these tools take outside data, in the case of this last election cycle that data would be voter rolls. Uploading those rolls (which you can access) you then are targeting your audience to push feeds to. In the case of Trump, then you are using the Republican rolls and targeting en mas your message to them. Now, consider this, those same rolls were used by the GRU to push content to those feeds as well. That’s right, ad buys by the GRU, remember all the talk about that in the news?

Ok so where does that leave us? Well, with CA and Facebook, you could be targeting those people who are outside the rolls and magnifying your efforts with the likes and the comments by stealing the 50 million people’s data as well. This basically becomes an amplification attack kinda like a DoS if you think about it. In the scheme of things it seems CA was just another cog but when you look at it all as a whole you have to ask yourselves these questions;

1) Was CA able to target more people outside the norm?

2) Was CA then able to take ancillary data (other people’s) that also had the same “sentiments” as their core psychometric profile because they were friends of those core friendly users?

3) Was this data then given to the Russians either by insiders at CA or by the Trump campaign itself to help target users and spread the propaganda and active measures to greater effect?

These are the questions the Senate and House should be asking and I am sure that these are Questions the FBI and the Mueller probe are asking. Also, one should consider this more macro targeting than micro but meh, either way it seems that Facebook has a larger share of the blame that they certainly don’t want to take. This is especially true now that they have lost so much value on the stock market as well as losing clients like Space-X and Tesla recently in a backlash that continues.

 

Was, and Is Cambridge Analytica an Arm of SCL’s Propaganda and Psyops Operations?:

This leaves us at the point where Alexander Nix and his compatriot are seen on hidden video offering kompromat style operations as well as targeted psychographics. If you start looking into SCL, it’s mother org, you can see that they have a history of this kind of black propaganda offerings for the military and governments of the world. It would not be a stretch to see CA using SCL to do some dirty work if not doing it in house so to speak. So when Nix was caught on camera and later made some excuses that he was just “going with what the client wanted” I feel that this is closer to what he wanted to offer because it made money as opposed to the straight analytics package CA offers. Perhaps even more so, Nix knew that analytics was just not enough and that psychographics should really only be used in micro targeted ads for shoes.

If the targeting works, and psychometrics/psychographics do up to a point, then they can be a part of a larger package of tools to target a macro audience with micro tools. I think we have seen, and I have pointed out above that this is likely to work better as a larger package of many tools and operations to influence an audience but it is not the make all be all. I think they discovered that and went back to the old ways to make money with SCL’s cache and tools that have been in use for many years with great effect. Where the rubber meets the road in the 2016 election is that the Russians then possibly leveraged SCL and CA with or without their knowledge to even greater effect and that is what led us to where we are today.

How that actually happened is something for the investigators at the special counsel to tell us later on.

SCL’s Domains:

While I am on the subject of SCL and looking at future possibilities, I looked up everything that SCL owns domain wise. There are many domains that they own and we should keep an eye out for them in future being spun up. In fact, I kind of wonder if they have other domains hidden under other LLC’s etc that we have not seen that may have been part and party to some of the 2016 psyops and propaganda operations on behalf of the Trump campaign. Looking at these domains they have many plans and we should all be paying attention.

Domain Name Create Date Registrar
behaviouralanalytics.io 2016-09-17 GANDI SAS
behaviouralanalytics.org 2016-08-13 GANDI SAS
ca-affiliates.com 2017-08-23 GANDI SAS
ca-commercial.com 2017-04-07 GANDI SAS
ca-commercial.org 2015-05-06 GODADDY.COM, LLC
ca-commerical.com 2017-01-27 GANDI SAS
ca-commerical.net 2017-01-27 GANDI
ca-commerical.org 2017-01-27 GANDI
ca-commerical.us 2017-01-27 GANDI
ca-connect.net 2015-05-22 GANDI
ca-political.net 2017-01-27 GANDI SAS
ca-political.org 2015-05-06 GANDI SAS
ca-research.org 2015-05-06 GODADDY.COM, LLC
ca-worldwide.com 2017-08-25 GANDI SAS
cacommerical.com 2017-01-27 GANDI
cacommerical.org 2017-01-27 GANDI
caconnect.net 2015-05-22 GANDI SAS
caconnect.org 2015-05-22 Gandi SAS
cambridgeanalytica.co.uk 2015-07-08 GANDI [TAG = GANDI]
cambridgeanalytica.net 2015-04-21 GANDI SAS
cambridgeanalytica.org 2014-04-01 Gandi SAS
cambridgeanalytica.org.uk 2015-07-08 GANDI [TAG = GANDI]
cambridgeanalytica.tv 2015-10-22
cambridgeanalytica.uk 2015-07-08 GANDI [TAG = GANDI]
cambridgeanalyticaresearch.com 2014-12-31 GODADDY.COM, LLC
capolitical.co.uk 2015-07-08 GANDI [TAG = GANDI]
capolitical.net 2017-01-27 GANDI SAS
capolitical.org 2017-01-27 GANDI
capolitical.org.uk 2015-07-08 GANDI [TAG = GANDI]
capolitical.party 2017-01-27 GANDI SAS
capolitical.tech 2017-01-27
capolitical.uk 2015-07-08 GANDI [TAG = GANDI]
capolitical.us 2017-01-27 GANDI SAS
carchargeruk.co.uk 2017-02-16
daymate.com 2001-05-31 TIERRANET INC. DBA DOMAINDISCOVER
dclisten.com 2015-03-09 GANDI SAS
floridaediblesandextracts.com 2017-07-22 GODADDY.COM, LLC
free2teach.net 2009-05-22 TUCOWS, INC
ripon.global 2015-01-21 GANDI SAS
ripon.us 2014-08-13 GANDI SAS
riponplatform.com 2014-04-07 GANDI SAS
scl-connect.com 2014-12-11 GANDI SAS
scl.cc 2004-09-16 SCHLUND.DE
scl.group 2016-06-15 GANDI SAS
sclbehavioural.com 2010-05-27 GANDI
sclcommercial.co.uk 2015-06-21 GANDI [TAG = GANDI]
sclcommercial.com 2010-03-15 GANDI SAS
sclcommercial.uk 2015-06-21
sclconnect.cc 2014-12-11 GO DADDY SOFTWARE INC
sclcorporate.cc 2014-01-02 GO DADDY SOFTWARE INC

 

Domain Name Create Date Registrar
sclcorporate.com 2014-01-02 GANDI
scldata.co.uk 2015-06-20 GANDI [TAG = GANDI]
scldata.org 2014-04-07 GANDI SAS
scldata.org.uk 2015-06-20 GANDI [TAG = GANDI]
scldata.uk 2015-06-20 GANDI [TAG = GANDI]
scldefence.cc 2014-01-02 GO DADDY SOFTWARE INC
scldefence.com 2010-03-15 GANDI SAS
scldefense.com 2010-03-15 GANDI SAS
scldigital.com 2015-01-16 GO DADDY SOFTWARE INC
sclelections.cc 2008-08-04 GO DADDY SOFTWARE INC
sclelections.co.uk 2015-06-21 GANDI [TAG = GANDI]
sclelections.com 2008-08-04 GANDI SAS
sclelections.net 2015-07-07 GANDI SAS
sclelections.org 2008-08-04 GANDI SAS
sclelections.org.uk 2015-07-07 GANDI [TAG = GANDI]
sclelections.uk 2015-06-21
sclgroup.cc 2013-08-29 GO DADDY SOFTWARE INC
sclgroup.net 2016-05-02 GANDI
sclgroup.org 2016-05-04 GANDI SAS
sclgroup.org.uk 2015-06-21 GANDI [TAG = GANDI]
sclsocial.cc 2014-01-02 GO DADDY SOFTWARE INC
sclsocial.com 2010-03-15 GANDI SAS
sclsocial.net 2015-07-07 GANDI SAS
sclsocial.org.uk 2015-07-07 GANDI [TAG = GANDI]
sclstrategy.com 2012-11-14 GANDI
scluk.cc 2014-01-02 GO DADDY SOFTWARE INC
sclworldwide.cc 2014-01-02 GO DADDY SOFTWARE INC
solventlessextracts.net 2017-07-22 GODADDY.COM, LLC
thesclgroup.com 2016-04-25 GODADDY.COM, LLC
thetealgroup.org 2015-09-21 GODADDY.COM, LLC

 

Conclusions:

So here are my conclusions looking at all of this stuff. First off, CA is not the big bad here but Facebook and maybe Twitter are. Ask yourselves and ask them just how much data they sold or gave access to other entities in the 2016 election cycle. Who were they? Were they connected to CA? SCL? GRU? Also be asking yourselves just how much do you want Facebook to have of your privacy? In posts recently I have seen people saying that phone calls and other private data were in the data dumps they downloaded. How did that data all get into their hands? Well, you let it happen! If you have Facebook on your phone, well, then they have everything and unless you read the fine print, you are boned.

Secondly, I for one believe that Facebook and Twitter and other social media entities sold data to GRU cutouts and they should be taking more responsibility henceforth. I know that Facebook has made efforts to control ad buys and such but really, they hold the keys and unless they vet every application and client, well, it could happen easily again. Zuck needs to grow up and stop the fuckery. His platform is now a weapon and our privacy is the ammunition. I also think that everyone should consider leaving the platform because they hold too much of your data that can be abused. Until such a time as they take this seriously I would not invest the time on them.

Thirdly, I have to wonder just how much information was being passed between CA and Trump/Bannon/etc that made it to the GRU. There are more than a few Russians in the CA constellation that could have been leveraged by the Russians but until some thorough investigation is done it is hard to tell what happened here and at what scale. I do find it interesting though that at least the Facebook data and tools were leveraged and wonder how much was direct buy from GRU cutouts as opposed to passed on perhaps by assets within the Trump campaign itself.

Time will tell but in the meantime here is some data for you all to Mueller.

K.

Written by Krypt3ia

2018/03/25 at 15:00

Posted in .gov, Propaganda, PsyOPS

Russia Insider: How A Connecticut Gold Coast Boy Grows Up To Be A Russian Troll

leave a comment »

I was recently looking at some stuff online about the Skripal case and came across this guy and his site through a link from an article. The article was on a guy who also has been evidently poisoned by Russia (biotoxin this time) in France but they make reference to Inside-Russia as they wrote about the case evidently. Anyway, the Inside Russia thing intrigued me because the guy who started the site and still runs it is from my neck of the woods (Greenwich Connecticut) on the gold coast as we call it here. Evidently Charles J. Bausman, a 53 year old American (ex… Patriot?) who now evidently lives in Russia, runs the propaganda site known as “Inside-Russia” and works in finance, or agro-business finance. At any rate, the site is quite the nest of pro Putin propagandist and antisemitism. In looking around I had to wonder just how a kid from Connecticut who went to a swank prep school here and Wesleyan University (somewhere I went for a summer) ended up a Russian propagandist front and allied with a couple oligarchs close to the Kremlin?

Bausman’s Resume in Cyrillic sent to an Oligarch in hopes of getting financing

Bausman say’s he was born in Germany in 64 and travelled a lot including a long stint in Russia (Moscow) when his father was on a “long business trip” which is to say that his father was bureau chief for the AP back in the old Sov days. John Bausman III was all over the place as an AP reporter but that time in Russia seems to have affected Charles quite a bit. I am not sure just when and how Charles became a Putin propagandist but the site he set up started in August 2014 and has been gaining momentum ever since. In doing all the background on Charles I had to wonder about his father, which, I could not find too much on other than his obit’s online.

I have to wonder just how his father felt about his son’s Soviet/Putin leanings after he started the site, which by the way, was registered with the house in Greenwich where they Bausman’s lived in Greenwich CT. As John was older, perhaps he did not really get to see the site or know much about it. Maybe he did and approved of his son’s leanings? I am not sure, but suffice to say that it may be their travels in the Baltics during the old days might have affected his young son profoundly. I can imagine that if he wasn’t home schooled, he may have been indoctrinated by the Soviet state in some way in his youth. I just don’t really know, but, the other thing that kinda crossed my mind again and again was what were John’s leanings on all this? Like father like son?

At any rate, the son is an out and out Putin “Praetorian” as the book “Putin’s Praetorians” claims and evidently Charles could not resist writing a review of it on Amazon. In fact Charles enjoys his titles as even on his Twitter feed, he boasts of being one of Louise Mensch’s “Russian Trolls” which is I have to say Amusing as I myself am blocked by her because she is an idiot hanger on of the jester. Anyway, if not a troll, what Charles is is, a propagandist tool. Or, I should really say a “would be” tool because he is not trying to hide his identity and is fairly open with his propaganda claptrap he is trying to sell the the conspiracy masses. His site is a “collective” of writers he says, but in looking at them only a few are named and one of them, Anatoly Karlin, is a straight out conspiracy Nazi connected apparatchik for Putin.

Now, on the account of this site being akin to the IRA, well, no that is not the case. However, the Twitter feed and the content is pretty popular and has been rising over the last couple years, peaking in January this year as everything went to hell concerning the RussiaGate story. I would not be surprised if anyone were to do some more mining and find that accounts proximal to the IRA Twitter accounts might have this on their feeds as well. While all of this spin and energy has been building though, Charles has been hungry for funds to continue his work, even though he is some kind of finance wizard according to all his degree work and jobs over the years with Russian banks and the like.

 

You can donate to Russia-Insider on their site and they take bitcoin and paypal as well as a couple other more obscure payment schemes. Evidently “citizen journalism” costs the big bucks! While his bitcoin wallet has had no transactions at all, I have to wonder just who is paying for his site and activities. In 2014, just after launching the site he exhorted Alexey Komov and Konstantin Malofeev that “I still need money!” which can be seen in the screen shots above from emails that I got from Shaltai Boltai’s dump of Malofeev’s email spool. I went through all seven hundred plus emails and found no more than those you see above. So it is unclear whether or not the Kremlin connected Komov and Malofeev ponied up money but they seemed amenable to it in the emails that I saw. I am going to assume that since the site is still up and that Bausman has added a slew of other domains, he has more plans and that he also got the funding to start. Only time will tell if he moves further and activates the other sites that he owns.

As you can see, if he had it his way, perhaps Russia-Insider would not be the only “insider” site that he could be spreading propaganda with. It is interesting to note that the countries he has chosen to create domains for are all ones that the Russian state would be interested in targeting propaganda at. I am not really sure what the “Cadmus” site would be all about but if you know your history, Cadmus was a slayer of monsters in the Greek pantheon. So far none of these sites has ever had content on them so there is nothing to see.. yet. Maybe if Charles gets his money he will someday have a media empire eh?

Overall, this guy is no clear and present danger but he is one of the lights in the constellation that is RU apologist propaganda. He isn’t RT or Sputnik just yet but he has ambitions to be I think. What really just makes me wonder is, as I said at the top, how does this kid go from US citizen to Russian propagandist? So many unanswered questions on this one for me. Was his father enamored with the Soviet state in the 60’s and 70’s? I mean it was no pleasure dome out there at that time no matter what the Soviet state would like you to think. Of course some might see Wesleyan and think that the left leaning’s of the school would only entice a youth to become more liberal, but jeez, I mean this guy is full on nutbaggy! Also, this guy still has everything listed in America as ownership goes! The Russia-Insider site before being set to privacy still has his parents place listed as the address! Choose a country dude.

Well, that’s about it on this one. Just a little heads up on this guy and a bit of background. I kind of have a yen to drive down to Greenwich and visit the Russia-Insider HQ just for shits and giggles. If anyone else has any tidbits they care to drop on me use the Protonmail acct. Until next time, keep watching these whacknuts.

Dos vidanya,

K.

Written by Krypt3ia

2018/03/19 at 18:46

Follow The Trail of Dead Russians

with 2 comments

On September 7th 1978 Georgi Markov, a Bulhgarian defector and vocal opponent of the Bulgarian regime felt a pinch of what he thought was a bug bite on his thigh as he walked across the Waterloo Bridge in London England. Four days later after a fever started that day on the bridge, Georgi was dead from what would be discovered as a Ricin attack using a small pellet of refined Ricin injected into his system by an umbrella created and used by the KGB. Of course this assassination was carried out by both Bulgaria and the KGB, but it was the KGB who planned the operation and insured it worked.

This event was the first time I had been cognizant of a KGB assassination in the UK back in the day and in light of recent events, it seems what is old is new again in London and with the Putin KGB regime in Russia. The latest assassination using dangerous nerve toxin was even more dangerous and brazen in that, as we understand it today, the deployment of the Novichok agent was likely either in the form of a spray (puff) aimed at the Skripal’s or it was a dusting of objects or places in the public by the KGB (and yes, it’s the KGB, always will be in my book. Nothing has changed but the name of the org) Though it has yet to be revealed just how the KGB operatives deployed the nerve agent, it is important to note that back in the day it seems that the KGB at least took more care to not have collateral damage with innocent bystanders possibly being killed with the umbrella device as opposed to the anything goes style of the Skripal assassination. This post is about the change in aggression and sloppiness by Putin and his KGB minions and what is motivating these attacks and methods.

 

Putin’s Putsch

Since I am not sure how many of you are familiar of how Putin rose to power, I will just highlight the fact that he came to power as the inside KGB man that he was. When Yeltsin finally fell apart Putin made his move. Or, more to the point perhaps Putin helped Yeltsin fall apart and made his move. Granting a “pardon” of sorts to Yeltsin he took over the presidency and his regime began in earnest December 31st 1999. It is an interesting fact that Putin himself was under investigation for corruption as well, but soon after the take over the investigation was dropped. Since then, Putin has consolidated power, side stepped the Russian rules of law concerning the presidency, and carried out his desires on making Russia Great Again. Along the way Putin has amassed what is considered possibly to be the largest amount of wealth held by one person, annexed other countries territories, and of late, brazenly attacked another sovereign nations electoral system to sow chaos and potentially install a friendly entity at it’s head, or at least one that is beholden to him.

Putin has pushed the envelope and no one has stopped him. NATO cannot, the US was the bulwark against an unchecked Russia, but now that is no more. This is an important factor that will play out below but you have to understand the players and the dynamic of the game to realize just what is happening here with the assassination of Skripal and it’s political import. We are living through a time where the shift seems to be occurring where China and Russia are becoming the super powers and the US is steadily losing, if not already has lost, it’s seat at the super power table at least politically if not literally. Putin has directly affected our policy in Trumps winning the presidency and now he is empowered. This empowerment will only lead to more attacks on the US and anywhere else he deems he wants to destabilize.

Putin’s Assassinations

Let’s go back though and look at the assassinations that we know the Putin regime carried out.

Yuri Shchekochikhin, 2003: Shchekochikhin died suddenly on 3 July 2003 after a mysterious 16-day illness. It was officially declared though that he died from an allergic Lyell’s syndrome. His medical treatment and his post-mortem were held secret by state security though.

Sergei Yushenkov, 2003: Sergei Yushenkov was shot dead near his house in Moscow on 17 April 2003, just hours after finally obtaining the registrations needed for his Liberal Russia party to participate in the December 2003 parliamentary election

Paul Klebnikov 2004: On July 9, 2004, while leaving the Forbes office, Klebnikov was attacked on a Moscow street late at night by unknown assailants who fired at him from a slowly moving car. Klebnikov was shot four times and initially survived, but he died at the hospital after being transported in an ambulance that had no oxygen bottle and the hospital elevator that was taking him to the operating room broke down.

Anna Politkovskaya, 2006: Shot dead in the elevator of her apartment block in central Moscow

Alexander Litvinenko, 2006: On 1 November 2006, Litvinenko suddenly fell ill. His illness was later attributed to poisoning with radionuclide polonium-210 after the Health Protection Agency found significant amounts of the rare and highly toxic element in his body. This was deployed in a cup of tea by two Russian assets of the Putin regime.

Sergei Magnitsky, 2009: n 16 November, eight days before he would have had to have been released if he were not brought to trial, Magnitsky died. Prison officials at first attributed his death to a “rupture to the abdominal membrane” and later to a heart attack. It was later reported however that Magnitsky had died from being beaten and tortured by several officers of the Russian Ministry of Interior.

Natalia Estemirova, 2009: Estemirova was abducted on 15 July 2009 from her home in Grozny, Chechnya. Two witnesses reportedly saw Estemirova being pushed into a car shouting that she was being abducted. Lokshina said Estemirova was abducted as she was working on “extremely sensitive” cases of human rights abuses in Chechnya.

Stanislav Markelov 2009: Markelov was shot to death on 19 January 2009 while leaving a news conference in Moscow less than half a mile from the Kremlin; he was 34. Anastasia Baburova, a journalist for Novaya Gazeta who tried to come to Markelov’s assistance, was also shot and killed in the attack.

Anastasia Baburova, 2009: Russian law enforcement authorities declared that Baburova was shot in the back of her head. Baburova died a few hours after the attack at a Moscow hospital

Boris Berezovsky, 2013: On 23 March 2013, Berezovsky was found dead at his home, Titness Park, at Sunninghill, near Ascot in Berkshire. His body was found by a bodyguard in a locked bathroom, with a ligature around his neck. hen Berezovsky’s death became known, there was speculation by mainstream British news media that Moscow might be somehow involved. The Thames Valley Police classified his death as “unexplained” and launched a formal investigation into the circumstances behind it. There are still some questions on this case.

Boris Nemtsov, 2015: Just before midnight (at 23:40 GMT+3) on 27 February 2015, Nemtsov was shot several times from behind as he was crossing the Bolshoy Moskvoretsky Bridge in Moscow, close to the Kremlin walls and Red Square (55.7495°N 37.62421°E). He died at the scene. A convenient dump truck obscured the surveillance cameras on the bridge when the event occurred.

Sergei Viktorovich Skripal 2018: On 4 March 2018, Skripal and his 33-year-old daughter Yulia, who was visiting from Moscow, were found in a catatonic state on a public bench near a shopping centre in Salisbury by a passing doctor and nurse. Paramedics took them to Salisbury District Hospital where medical staff determined that the pair had been poisoned with a nerve agent (Novichok)

This list is just the one’s we know about, those who directly opposed Putin, I am sure there are others out there without names who disappeared as well. In looking at these assassinations, many of them in country, they are pretty brutal and straight forward. However, with the operations outside the countries where Putin has influence he had to get a bit more creative. Thus we have the polonium poisoning of Litvinenko and now Sergei Skripal with a nerve agent. Notice also that both of these guys were former secret services people (KGB/FSB/GRU) and as such, their acts of defection or opposition are seen by Putin as the ultimate insult. Putin you see, does not forgive or forget those who worked for the state turning their backs on him or the state. So, since these former operatives made Putin mad, he decided to do away with them in a very public and dastardly way. Dying of nerve agent or being poisoned by polonium are both painful ways to die and certainly send a message to anyone else who might cross Putin.

Lack of Response

Post the assassination of Skripal though, I fear that Putin will only become more brazen in his assassinations outside the greater confines of Russia. I say this because post election of Trump and the chaos that has been sown with his election as well as the BREXIT by the UK, the world is fairly unstable and factional. In the case of Skripal as well as Livinenko, it seems that the UK may be somewhat hard pressed to have a response against Russia that would mean anything. In fact, given the reaction this week by Theresa May on this incident, it is clear that the UK wants to do something but is unsure exactly what they can do because of Russia’s heavy investment in England as a whole. Add to this that the US and Trump specifically, seem unable or unwilling to respond to the actions of Putin and his regime and you can see how impotent the UK may in fact be in response to an overt act of criminality on their shores by Russia. It remains to be seen just what the UK will do in response to this attack but I for one hope that they do act, even if it is just a sting to Putin’s ego if anything.

Will the UK eject the Residentura?

Will they sanction certain players?

Will they go after Putin’s money?

Time will tell…

Dynamic Changes (Trump)

Meanwhile, all of this, the ability and the gumption for Putin to carry out these attacks is directly possible because of the election and inaction of Trump and the US government. By interfering in our election and potentially getting Trump elected by the active measures campaigns of 2015-2016 Putin has destabilized our ability to react. In fact, it may even be said that he has nulled out our ability to react because he has kompromat on the president himself and thus he knows that Trump will not act substantively against him. At worst this is the case, at best it is Trump’s own inability to govern that allows for Putin to go unchecked. As we move along with the special prosecutor’s case being made, we may eventually see just what happened in the Trump campaign and whether or not there is kompromat on him and others within his inner circle. However, as the spectacle continues Putin will have free reign to wreak havoc as he see’s fit, and that includes assassinating former assets with impunity that might still threaten his regime or just piss him off.

Please do note that it is likely this is just the tip of the iceberg yet to be seen. As we move forward there may be other assets who will be assassinated like this. Recently in fact there have been rumblings that there is also a hit out on anyone involved with the Steel dossier and that includes an intimation that Steel himself is a current target of opportunity for the KGB assassins. There is furthermore allegations and insinuations that Skripal actually was an active asset and in fact had a hand in the dossier as well. If this is the case then you can also say that the motives for assassination of Skripal would be two fold; one, don’t talk and two, this is what happens if you do. Now that there seems to be little that the US is willing to do and other countries seem to be groping for answers, Putin will live in the slack space and carry out more of these until he is satisfied.

Are We Headed To A US Assassination?

So what’s next? Do we think that this assassination will be the last? Do we really believe that there won’t be an assassination to come on US territory? I for one think that if Trump is allowed to erode our abilities to respond further, there may come a time when someone here will suddenly die of some kind of poison. What would be the response if this happened? Would the Republicans finally come out of their Trumpian stupor? I have been thinking about this for a while and honestly this all kind of scares me. Will Putin feel so secure that he would pull something like this here in the United States?

Time will tell…

If you have anything to do with saying anything against Putin you best watch what you ingest, touch, breathe, well, just live in a hazmat suit.

K.

 

UPDATE:

I was reminded by two comments on here about these two suspicious deaths in the US

1) Mikhail Lesin; Putin’s media tsar who died in The Dupont Circle Hotel Washington DC 11/5/2015

2) Vitaly Churkin, embassador to the UN from Russia who died in NYC in 2017

Both of these have had no autopsy records released and both seemed to maybe have had heart attacks… Maybe… In the case of Lesin he was VERY close to Putin BUT he was in trouble with the FED’s here because of his excesses financially. I figure that Lesin got the whack because he was a threat to Putin were he to have financial kompromat on him by the US.

Now, are these two assassinations? Well, the government would have to say something on that account I think for me, but, it is really convenient that at least Levin died when he did huh?

Written by Krypt3ia

2018/03/13 at 14:13

Posted in KGB, Putin, Russia

Why I don’t Allow Reporters On My Feed

leave a comment »

Recently I posted about the Russian Troll Farm’s data being on sale for more than a year on joker.buzz, an auction site for RU hackers most likely to be affiliated with Shaltai Boltai (humpy dumpty). I went through the dump looking for metadata and to backstop the screen shots that were on the site as part of the proofs that the data was legit. In doing so I managed to find out quite a bit more on the infrastructure, players, and accounts that the SVR had set up to carry out the active measures campaign against the US election in 2016. Now having been a security researcher blogger all these years I certainly expect that others may see a story and write their own and often times this happens with a link back to my post if it is germane. However, in this case it kinda seems like Beast and the reporters who wrote the two pieces on their site saw my post and decided that they would just say they had “discovered” the joker.buzz site and the data for their own clickbait desires.

Post 1

Post 2

The fact of the matter is that Beast didn’t discover anything, if anyone discovered the story it was insider.ru who posted the story in Russia on the 21st of February. I cited them in my post as well as the joker.buzz url that the Insider piece had linked in the article February 21st. So no Daily Beast and “reporters” thereof, you did not discover this nor did you even have the decency to link back to either pieces in your story. I find it funny how I post on February 26th and four days later the Beast is claiming to have “found” this site and the juicy data. What’s even worse is that Beast just goes on about accounts and tracking them back to people while the real story should be that the data is genuine, it shows more of the inner workings of the troll farm aside from the accounts on Reddit and other places, and that either an insider had been selling the data or they had been hacked for over a year and we all missed it.

At first I griped a bit on Twitter about this but I was willing to let it go until one of the editors at Beast wanted in on my Twitter feed all of a sudden. I allowed it and watched for a couple days. They did not attempt to reach out at all so now I am pretty sure they were fishing for more to rip off of my site or my feed and possibly claim it as their own “investigative journalism” cum click bait. This was the last straw, and with a word from another reporter who exhorted me to do a write up about this.. Well here I am writing this piece that I am kind of ambivalent about. I don’t want to come off as just some asshole saying “I DID IT FIRST!” but the fact of the matter is that this has happened on more than one occasion and of late more so (looking at you Franklin Foer on that Atlantic article on Manafort)

So, Beast, at least credit the Russian’s (insider.ru) for seeing this first and reporting on it even if you can’t bring yourselves to link back to my post which I am pretty sure was the tip off to what you claimed you “discovered” In fact, you should really do your own research and stop leeching off of others you yellow journalism hacks. Shit, you even really didn’t do a good job at parsing all the data in those screen shots! You really have not added to the knowledge base here on the Russia investigation.. But you sure did re-create the “Penny Dreadfuls” of the 19th century!

K.

Written by Krypt3ia

2018/03/05 at 17:43

The Insider and The IRA Data That’s Been On Auction For Over A Year

leave a comment »

Today a tweet was directed at me concerning some new information posted on a Russian news site back on February 21st that no one in the US media seems to have noticed nor the NATSEC community. In fact, I had not seen this and I kinda have chided myself for not paying better attention to the Joker Buzz site that the data was for sale on, for a year! I had actually been on their site(s) in the clearnet and darknet and thought I had posted a blog about the notion of the site and what they sell but I can’t seem to locate it. I guess maybe I just tweeted about it and moved on …My bad.

Anyway, the post on The Insider has the skinny on how a user there named “AlexDA” had ALL of the IRA’s internal documents on the active measures campaign for sale for over a year and no one really took notice. This means that we could have bought the data and had all of the actors, their data, and their METADATA if we had only seen or purchased them back in January/February 2017. What’s more is that had we had this intelligence in the open much more could have been easily available for the general public to be aware of how this was all working and what to look for. Of course now after the Indictment by Mueller of the 13 entities the op has been completely blown and the infrastructure is likely not to be operational, but, we could see operational details and OPSEC mistakes that the players made and extend that to the upcoming years election cycle and Russian influence and active measures campaigns to come right?

Even so, big things are in the small details even within the offering itself that AlexDA is making on JokerBuzz. I have been going through the images from the auction site that Alex put up to entice and prove that they are legit and here is what I have found by doing my thing as usual mining:

Proxy IP Space Used:

In the offering images you can see that AlexDA tried to obfuscate the last couple octets but if you look real hard you can see the numbers pop up. Of course if you just take the first two or three octets and you put that into Google you can see what pops right up. So, the first thing to see is that the service mentioned in the indictment is actually Total Server Solutions LLC out of Plano Texas. I would like to call your attention to how much “Texas” was involved in many of the Twitter and facebook accounts that were super patriotic. It was mentioned in the indictment that they rented the server space to appear that they were in the US. Well, there you have it kids. The data fits and it makes sense that they would try to do this to appear as if they were in the US to fool first pass looking right? I ran an Nmap of the /24 and as you can see if you look, there are some proxies, port 80 and 22 open but none are available to access at this time, so maybe they went back to being just space owned by Total server… I would hope though that those there servers had been, ya know, collected on by subpoena by the FBI right?

Wink wink nudge nudge.

 

Meanwhile, there’s a bunch of servers/IP’s listed in the images as well that are in Russia using port 8888. I haven’t looked at those with Nmap but they are VPS as well so maybe they are still in play. Suffice to say though, it is interesting data and could lead to more things coming to light if you look into them a little further. If you want to play the home game please feel free. I will be circling back over this stuff in the near future and enlightenment will be posted here when I have it for you all.

Alias and Users To Search:

Gee, look at all those aliases man! I have yet to dig into these and I am sure some are already known but you now too can play the home game! Take a look and see what histories you can find on these accounts/nicks. I am willing to bet we can put together quite the timeline and then use that as data to look at future attacks as well. All those Blacktivist accounts though were the appetizer to what I saw next in the screen shots. Alex gives us a whole thing to work with in the image below and if you start digging on that you can get some good stuff.

 

http://aktivnyye.com/t/20171013-blackmattersus.html

Nolan Hack, a name that I believe others have seen in the press accounts, has a Facebook page, a phone number, and a site blackmattersus.com that is in fact still live but not updated since 2017 it seems. His Facebook is live still as well (Why no take down Facecult?) I looked up his details on there and the blackmatersus site and what I came back with was a cell phone out of california marked as a bad number and a site that has been around since 2015 that was registered anonymously and kept so throughout the time it has been up.

http://aktivnyye.com/t/20171013-blackmattersus.html

I am sure with more digging on the name (Nolan Hack *amusing*) I can put together more of the breadcrumb trail to show the cutout’s actions. Maybe in a post to come, but suffice to say that this data also is legit and tracks with everything we have been told by the IC and the news up to today on the active measures by the IRA.

Passwords:

Amazingly enough in the screen shots given on the jokerbuzz site you can also see where Alex tried to remove at least half the passwords in a couple posts. I immediately knew what the password was because, I mean, come on! The phrase “Greed is good” is a classic line from Wall Street and Gordon Gekko. If you look close enough at these images though you can make out the lower part of the G so you know it is that. Now we have to work backwords on those accounts and get the full data in order to attempt top maybe log into them and see what intel we can gather from them (see below for lower part of the g) It also amusing to see that these guys were sloppy and re-using passwords in various accounts. If we get the accounts right I am betting we could own them all and gather much more insight.

Greedisgood…. You guys amuse me.

Illegals Names and drop sites:

In amongst all the stuff is also an address and name where drops were made in NV used by the IRA and more likely the illegals who were in country. The address comes back to a known bad drop/company in NV that has a history of being used for Ebay scams. The cutout name of Gneeda Harris has zero history on first pass but I will look again and dig a little more. Maybe I can turn up something more on this ID but at the very least we have something more to work with than what the special counsel decided to drop on us.

Maybe the FBI can check this place out and see if they have had DVR’d video surveillance? Maybe this dead drop is still live? Are there still illegals in country that have been told to sleep? I wonder…

Metadata:

Lastly, or near the last thing I will cover here on this is the metadata. I used wget to pull down the jokerbuzz site and in the folder for the page of the auction are the screen caps used. Pulling those down and then running them through the old EXIF scan you can see that these captures were done September 28th and 29th 2016. The time stamp says +3hrs and that as of today they were done 1 year 4 months 28 days ago. So, back in September 2016, this data was in the hands of AlexDA and ostensibly about to be put up on Jokerbuzz. This means that either someone on the INSIDE decided to sell out the operation because they knew they were blown and wanted some cash, OR, someone hacked them and downloaded all this shit making the screen shots in September for the jokerbuzz auction. This in tandem with all the backstopping I just did shows that this data is legit and it has been on sale for at least a year and no one knew or was clued in enough to say anything about it.

Who is AlexDA?

Lastly, who is AlexDA? How did they get this data and what is the motive here other than money? Money mind you that they did not get in over a year as the auction timed out and NO ONE bought it. Now, I have been looking at who this may be and there is a case to be made that this dump came from Shaltai Boltai (humpty dumpty) a group that is now broken up due to arrests but has one last player on the loose. That player is in fact a guy named Alexander Glazastikov who has not been caught and may in fact be AlexDA. I will also point to the fact that if you look at the Jokerbuzz auctions there are a number of them from Shaltai Boltai offering all kinds of interesting data leaked from Russian operations. So, it is my guess that this is the case but just an educated one. I for one would like to have a conversation with AlexDA and see just how much he wants for the dump now that it has not sold in over a year. Maybe we all can crowdsource it?

Summing Up:

Anywho, this is what I found just by looking at the details here in the auction post. Imagine what we could have if we actually had all the documents? Hell, I would love to get my hands on them, prize out all the details and then pass it along to the feds. The data is legit, it has been around for a year online, and we all missed it man!

Hey AlexDA, you wanna just gimme that data for free feel free to reach out to my protonmail acct!

More stuff when I have it kids.

K.

Written by Krypt3ia

2018/02/26 at 22:55

Russian Meddling: Indictments and Troll Farms

leave a comment »

The indictment by the Mueller special counsel investigation into the meddling by Russia into the election cycle last year is just another nail in the coffin on the conclusion that there was no action by the Russians to affect the election cycle in favor of Trump. Though many still have their cognitive dissonance helmets on full, the reality even struck into the White House with Trump tweeting out that there was actually meddling, no collusion, but meddling. So this indictment has shown it’s potential power on the whole case but I wanted to dig a bit deeper into the Troll farm and it’s KGB ties before we ever heard about it as a general populace post 2016.

Point of fact is that in 2015 Adrian Chen wrote about the Troll farm as it was still carrying out attacks on Russia’s other pressing enemy, Ukraine. People seem to have forgotten with all of the talk about the farm in 2016, that the Russian propaganda and PSYOPS machine was actively working for Putin in support of his agenda against Ukraine and it is this fact and how they operated then that should be addressed and shown how they evolved to today’s hybrid warfare tip of the spear.

Back in 2015 the nascent troll farm was active in trying to spin stories about Ukrainian ologarchs and their activities as counter to Russia. One particular story line took place after the assassination of Boris Nemtsov, an opposition candidate to Putin and a progressive in Russia. A reporter for a Russian news service did a story on the Troll Farm and actually managed to gather their documentation including opposition research (internet research) which later would be the name they would take up as IRA right? Anyway, within that cache of documents you have papers with links on things like the Middle East and other areas with ideas on how you could attack them politically with posts like the above on Nemtsov’s being killed not by Putin, but instead by those nasty Ukrainians.

It is informative to look at the postings and the nick names that were being used by the early IRA as opposed to what they have used in 2016 and still use today. In early days they did not really try to insert themselves so well into the public space as being citizens of the areas they were talking about, in fact, most of the names have English connotations  and not Russian at all. So by looking at the users and their posts (livejournal for instance) show’s you what it was like in 2015 spinning up and learning. There may have been just as many Twitter accounts but for the most part they were using Livejournal, which makes sense because at the point this was going on, Russia had bought Livejournal…(I left LJ when they did)

No. П / П

THE CHANGE OF KAZAKABBAEV TATYANA

CHANGE OF LEBEDYANTSEVA OLGA

1

2

mazurov_89

braille_teeth

vehofunzi

qitsen

3 koka-kola23 raphahunthig
4 lipyf837 panebcaj
5 vince-crane tergparriotio
6th ya_karnavalova lihohor
7th nannik-dr sojaan884
8 Rezites cypetcompbis
9 konorlaoo04 destforkowoo
10 qkempek nouglysv
eleven caradoxee5 petraffilya
12 ynuka Backlashealthma
13 natalex84 amenem
14 anna_02051990 paintbellu
15 mrokiralex iugegeizh
16 annetjohnson pexirgarnez
17th rghkride chicocali
18 gkohio pexirub
19 karber861 kmfemovmpxxx
20 innyla92 lojtautome
21 cotedo inkiptiruc
22 Smurfetka-24 palecefaz
23 raikbowee1 hhlayz
24 ohvis134 ningcotedin
25 demouu1 olginarkew
26th nofk452 renfidebun
27th alexander7171 portlandam
28 vadro olga_lebedyan
29 makgxiewua andriudruz
thirty mofan926 unmolarlay
31 smspudilj repaw968
32 varkhotel stepalexos
33 shtots prasingyy55
34 rijbc steltertheeness
35 wylwurwolv spinrarata
36 workroman ddesesexla
37 pheyeroo57 antaauu4
38 tritonst wihhie917
39 milka_e20 pagkagezmeat
40 codirips814 werhellvolkfu
41 lorislaley tiopretytcur
42 eekim81 aladorzam
43 oftibar nyntynuriu
44 elegmhehov begtotenlu
45 aple_at_the_tab abezhiu
46 Nikolaabil oxyitt
47 hey_son1c rabrukywiz
48 firyupa snowdidsmomuds
49 asus paradana
50 Symatvei durenhuntpi
51 xamit251 sixfeevae
52 farpodmuu07 nebozuanrou
53 oloviit procomdn
54 diuu085 kovikotuss
55 alenkujl urigcon211
56 rcrims peosaytranos
57 snoop83 borgperwensgod
58 vynal rhealaltrades
59 sportto nishihatu
60 danybody asafasngut
61 alexmosyan cophetycoo
62 poragpalkhe merzasarsgepf
63 sergalyev839 promvogtsigold
64 vadim_spx pesina20k
65 rus-policy vuhyzowi
66 wafyy248 skewerilgraph
67 katerina2703 wladmancornnes
68 dragon_uz feedpecosleft
69 Winter-kinder prosorouqu
70 Pjobynrutri frantirigesch
71 green_margo cirgadisla
72 ptirenw precalacov
73 pastogross zlavaq037
74 igerenbart hrilepswia
75 mskilys szehdes
76 pantyyy08 bestthecalpa
77 thepicard lasorpprogso
78 igtego classatopos
79 paqurni zipkingfilci
80 emory6townsend preaphoubowo
81 aspera76 geoversive
82 zymecs gingsenpirem
83 001usa tes40uvir
84 ca119idia judj747
85 fadaqpm throwenelan
86 pybden sfouninmire
87 Protsyon diotradconpe
88 phidiwp507 llanpaclaive
89 makabu neytilmigers
90 osobroim glyzitneko
91 yuliya_korshyn metcentlighrou
92 Parabellum50 bentakiffo
93 policyrus pqalongese
94 tuyqer898 chaicoffskaya
95 aljin cenhoufimou
96 rammathets siohuntired
97 overtimorouq feascoacoca
98 overtimorouq prozaet
99 ntnwoc inga
100 stranamasterov glycmamortga
101 ktoroj14 imclasfulte
102 Yohohoguy izorylie646
103 pbijipsfem lighwinsbrachig
104 wyazfunovv mafomeri
105 ariol921 oryanhuazo
106 mariya-789 kfuu0
107 roavrumper daytrolchildcha
108 kyxapka odassaflot
109 ryypaulinm tamred1
110 jang033 paca979
111 wwwevgemie vollatasklu
112 p01t11 legahedddis
113 pohezvitie othoee111
114 zhakim755 trugleyscorun
115 Asswalker ybdocegesch
116 vvp2014 rpmuntar
117 to12scorta nahezuu91
118 Spicemachine socompdanfi
119 nastia642 beadeadsdentfi
120 nungsorivat pia986
121 homyr657e pzsg
122 orlenrenosr pdachee
123 kalininkhu paschig
124 parydaq070 plimtintaza
125 enot_kot ptimenalhook
126 abfyr890 Ladushki2014
127 vamiqyy63 photographereye
128 evgenyashm balyk2014
129 palfemine polza1985
130 tay-zakulisnay1 polina_i_liza
131 radbec gymbreaker
132 revivaldude strelach
133 cykularj tolstunovich
134 ageev013 demosfen-en
135 porkimes Ikehujaik
136 owwaxde082 nersis
137 andrei-kovrin IvanichKem
138 pasioda BVDfan
139 fooqbal951 bookworm-war
140 nugotvapi nina_zlova
141 swull786
142 nina_istomina
143 gig180
144 raokabea
145 synbmulty
146 beloham848
147 lissa-marioko
148 kater971
149 peflirz
150 hikonozauu00
151 hikonozauu00
152 michael_jd
153 uglycoyotespb
154 urajr
155 bobzan
156 peulgieness
157 scavamerzl
158 levyshkinr
159 pavetbrer
160 ddanii33
161 goodrus
162 supersonicwall
163 mannaliobrit
164 pierii01
165 panbiran
166 georgi-grusha
167 pashka208
168 vmoffee179
169 etopiterdetka99
170 jenyamelika
171 anya_rocket
172 snowy_trail
173 malkovich_i
174 samiyymniy
175 chadimi
176 kvazarion
177 Nestero85
178 nika_anisina
179 savoiyar
180 oksadoxa
181 mercymt

Most of these you have to look up with the Wayback Machine and you will notice that a lot of them were one off posts and that was it. Just sowing the ground for the infowar and then linking that post around. For Ukraine and anyone who has been paying attention, the PSYOPS and Hybrid War has been ongoing for many years so this is nothing new. For the US, well, the general populace that is, they hadn’t a clue I guess but I wanted to get across to you that what they pulled off in the US wasn’t new, it was just the next evolution of what they have been doing all along elsewhere. It was the magic of ubiquitous social media and a really polarized political landscape that made it work so well in 2016.

So with this indictment we can peek further under the hood of the hybrid information war against the US election process. It seems that this all kind of was being at least thought about in 2013 when Putin was pissed off with Clinton about his own elections and some of what later came out in the cables that were dumped by Wikileaks. By 2014 the notion of hybrid warfare had been put out by the Gerasimov and Russia was starting to plan. The creation of the Troll Farm I personally think was a part of the Gerasimov doctrine’s modus operandi that the SVR/GRU and Putin decided to create for this purpose and furthermore that the first fledgling attacks were the prelude to what would come in 2016. Certainly by 2015 they were spinning up and already had assets in place in the US gathering intel and creating the baselines for the attacks.

Truly this was a hybrid form of warfare using human assets and technical ones to carry off the plan. This wasn’t just some one off fly by night operation, they invested a lot of time and money getting assets in country (US) to collect data and to add to the planning stages. They then went as far to hire out servers in the US and create VPN’s to make it look as though their troll armies were actually here in the states. Add to this the fact that they also used carding sites to create users and bank accounts to fund the operations also speaks to the sophistication of the operation.

This wasn’t dedushka’s propaganda operation!

So what does all this mean other than it is an entertaining diversion for those who want to go down the rabbit hole OSINT wise? Well, it shows that the Russian plan was larger than one might have thought, more effective than some still think, and was but one component of a larger operation. That last bit is key for me to get across to you all. Of late I have been seeing reports online since the indictments came out that said the campaign really did not affect the election and this is poppycock. This was just a part of the larger whole and to take this module of the whole plan and separate it out to say nothing happened, is idiotic.

Though the President and the Russian operations still ongoing would like you to believe this is the case, it is a falsehood. In tandem with the hacking and the leaks, the Russians most definitely affected the voting by the populace. In fact, when information starts to come out about how Analytica data targeting very specific groups and regions comes to light you will see just how much the whole is the sum of the parts and the synergy was leveraged. This was no simple hack and dump of data, there were psychologists and social scientists involved as well as technicians and hackers.

This indictment just sets the stage for more to come my friends… And seeing Donny squirm and rage has been amusing.

More will come. For now though, do read the aricle and look at all the docs in the Google docs dump there.

Dos va donya

K.

UPDATE: I am going through the metadata of the files from the Google drive and I have found a document that comes from a .mil address (function.mil.ru) and this document (Nightly TK of 06.01) gives direction on post keywords and writing direction for content.

Ночное ТЗ от 06.01

It was created 1/26/2015 by “user”

You can now see a military connection to the Troll farm.

Written by Krypt3ia

2018/02/20 at 20:57