(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

The Road To PII Hell Is Lined With Job Applications

Due to unfortunate circumstances, I found myself in the position of looking for work after twelve years in one place. As I have been applying for new positions, I have been astonished and appalled at the amount of very personal information that companies are now collecting from prospective applicants. Gone are the days of simple applications where you fill out details about your location, work history, and education. Now, companies are asking the deeper personal questions about your sex, sexuality, status as protected persons, veteran status, veteran status as a protected vet, and other data points that should have us all kinda perturbed.

This story was in my Masto feed this morning and clearly to me, is a harbinger of things to come. While people may openly proclaim their sexuality now, with pronouns and the like, not all of them I am sure, would be overly comfortable with a scenario like the one above happening to them. Now, consider it is not only the university you are attending, but also the companies that you applied for in the past as well as the one perhaps you got your job with, that have this data in some database and they get hacked and all this stuff is up for sale in the darknet as well?

If you all thought that your data was in disparate places and could not be married together easily, well, those days are over, and with the successive hacks and dumps being sold in the darknet and on forums, a savvy collector could create quiete a dossier on you with all this kind of personal information. Never mind, that the government of late, seems to be in a space where, at least in the US, certain factions have gained a foothold, and are setting up agenda’s to abuse your data as well.

Case in point, Florida…

Florida’s mini Trump wants all the Trans Data for unclear reasons, but, I think you all can get a sense of what he might be up to with his rhetoric in the past and his dark ambissions of a White House run maybe in 24. What is clear though, should be that seeking such data is likely going to lead to abuse of it either deliberately, or by being careless in caring for it and you all should be afraid. By all, I mean anyone and everyone, not just trans people, this kind of data being collected, just as I mentioned above in the applications process today, is basically a single stop shop for someone looking to know about you pretty completely in one handy data dump.

Your email address

Your phone numbers

Your address

Your work history

Your certifications and education

…and now

Your sexual preferences

Your pronouns

Your protected status

Your vet status

Your major ailments (I have even seen them asking if you have IBS etc)

Your Instagram address

Your blog addresses

Your twitter address

Your LinkedIN address

Hell, I even got asked on one of the applications (well, technically, it was an email after, separately with a form to fill out) asking about my religious affiliation as well! (This was a remote job, but the firm was in Northern Ireland)

Quite the collection of data just to get a job these days….

All of this data, being handed to every company that you apply for, specifically, online in a form that is saved on a server database somewhere, that likely will not be purged or encypted.

It all waits to be stolen.

Of course, this is just my considered opinion, just a security practitioner off the street so to speak..

Be afraid.


Written by Krypt3ia

2023/01/20 at 16:54

The Canny Authoritarian Climate Change Synergy

leave a comment »

It’s been a while since I have typed anything into this blog, and as I continue to eschew caring much about the cybers to write anything about them, I have had more time to ponder. It’s the tail end of 2022 now and boy, have we been through some shit huh? First it was Trump, the authoritarian (ok, Fascist) interloper on to the American Democratic experiments stage. His ascension with the help of Russia and the “alt-right” was just the opening salvo in a war that is only heating up today.

During Trumps 4 year attempt to disrupt, degrade, and grift America, we also began to reap the whirlwid of climate change. Climate changes effects started to bubble up, but, it was the encroachment of man on climate (and maybe other manmade forces) that allowed for SARS-CoV-2 to rear its ugly head and throw everything into a tail spin. It seems that the forces of nature have a sense of irony, as COVID began to spread around the world, allowing for even more grift and fascist behavior to be facilitated within the Trump administration.

Add to this, the outbreak of the Ukraine war, and the effects of Putin attempting to destabilize the rest of the world by manipulation of gas and other trade, we have a trifecta of cause and effect that has put the whole world on a very uneven kilter. If you are paying attention though, you might be seeing a pattern within the global news though, and that has sometimes been splashed onto your screen with headlines like the following;

While Trump may have emboldened them, the fact of the matter is, that they all are seeing openings, or urgency to act now and obtain control. The reason for this is that they are seeing the changes that are happening climactically and politically and they see a future where they need to be in control or they will perish. Some, may in fact be more financially driven and see an opportunity to command and grift before the times become really bad, but, most through a canny self interest see the opportunity and urgency and are acting now. Now is the time to strike due to all the turmoil and uncertainty.

Throughout the world we have seen the rise of these movements, and the people that support them have the same fear reaction and possibly see the writing on the wall and want to belong to the “strong man” party like something out of a post apocalyptic movie. Only the strong man can save them, he will take care of them, shelter them from the storms and the shortages…

Meanwhile, in particular, the United States, the RNC has completely kneeled to the power they percieve Trump and his dark forces have in a rough calculus that only the strong man can not only shelter them, but, to give them their every desire on re-shaping a world that is inexorably changing around them in ways that they are uncomfortable with. Most of that discomfort comes from their being a minority party, and perhaps even a minority in skin color, or religiosity. They see their hegemony dying and they are not going into that dying of the light quietly, and will sign up with one of the worst people in history, who’s name will be uttered with the likes of Hitler and Stalin, even if he did not get to commit the atrocities that they did.

In the last few months, we all have been party to climate change over this summer. The UK’s runways melting, much of the US in a drought, and temps that have been in a sustained triple digit area. Storms are becoming more frequently dangerous, flooding parts of the country that it did not before, and even now, we are seeing more serious lightning strikes causing death and destruction because there are more and more powerful storms being created by the conditions brought on by climactic changes. With these forces and the political instability we are seeing continuing we will see more adept fascist psychopaths attempt to curry power in order to have the control the need in order to be in control and keep their way of life in power.

As for myself, I have been sitting here watching and reading the news, doing research when I have the energy, and feeling an overwhelming sense of despair at the situation. The media is ill equipped to delineate disinformation and misinformation from the truth. The internet is a sewer of all of the worst elements out there seeking to control the narrative, and the companies that facilitate the medium have generally done a piss poor job at trying to fight it all.

It’s simply not in their financial interest to do so.

Personally, I am taking a more fatalistic approach to it all. There is nothing I can do or say that will change the paradigm. I can blog here, but what does it really mean? I have some readership but the net effect of me saying anything is just pissing in the wind. Nope, all I can do is maybe make my thoughts clear and put them here for some to read and perhaps have some small catharsis from getting it out of my head onto the page.

One hopes that the J6 committee and the DOJ will put a stop to Trump’s next run, but, I hold out little hope of that happening. The mid terms are coming, and the likelihood is, that the Dems will lose, and when that happens, everything that they may have done to right this ship will be undone.

Hate will rise.

Authoritarian’s emboldened, will seek to carry out more overt actions.

The center will not hold.


Something to read:

Written by Krypt3ia

2022/08/08 at 15:31

Posted in Entropy

The Pivot: Nuke To Cyber

with 2 comments

Sitting here monitoring the situation, with the activation of the nuclear ready forces in Russia by Putin, I had to game things out a bit and wanted to share.

Short of a tactical nuclear strike, and then escalation, Putin may turn to the cyber arena instead come Tomorrow or later this week in reprisal for his being cut off from SWIFT, as well as other pressures that are coming to bear today. In the last few minutes, I have also seen Sweden sending lethal aid as well as other warfare equipment, Switzerland freezing Russian assets, British Petroleum pull out of Rosneft, and others around the globe starting to make Putin and Russia a pariah state.

These actions, mostly financial, are already wreaking havoc on his economy, but the more of them that come to play, the more cut off he will be to even prosecute his war…. Except maybe his cyber, war. Which brings me to the point. Come Monday, we may see reprisal attacks that generally, will not be considered, or haven’t been in the past, as reasons for kinetic responses.

As such, expect that soon we may see DDoS attacks on financial infrastructure, Ransomware attacks, Wiper attacks, and general detonation of malware. If you are in the FI space as a defender, get ready. If not, be aware that all of these actions could have effects on your business and your personal lives.

Be ready.


Russia Insider & The Mainstreaming of Russian Propaganda Narratives Into the Republican Party

I had a conversation today with <REDACTED> and while discussing all of the things happening around Ukraine and Russia, they mentioned a site that was one of many, that pretty clearly showed how the Russian talking points had been injected into the Republican party by propaganda online. The site, Russia Insider, sounded familiar to me when they mentioned it, and sure enough while I was on the phone with them, I looked up my old post from 2018.

What prompted this was a question I had about just how the Republican party had become so inured with Russian talking points as to now make many of them outright Putin propagandists. The response I got was in essence this; “Russia portrayed themselves as Christian, Anti Gay, and Strong” and then the mention of the Russia Insider was made as one of the sites that blatantly mouths these talking points. This now, all made perfect sense for me and I will outline it for you simply here and now.

  1. Russia begins the propaganda with sites like RT but, slides into others like Russia Insider

  1. They put out articles/propo on the very things that the Trumper’s love, strong men, God, Guns (Maria Butina) and hate.
  2. They help Trump, become the President of the United States
  3. Trump in turn, is Trump, and normalizes the language and behavior

And there you have it. Because Trump was in love with Putin, and surely had propo campaigns in synergy with all this aimed at his followers, it all worked in concert, and the base ate it up. All of these machinations culminate in today’s Republican love of Putin and the complete flip of the Republican ethos from American values, to Putin and Oligarchy.

Think on that. Take a look at the Russia Today site, and see from the articles what I am talking about. This is of course one site of many, but, it is also of interest to me because this guy lived here in my state and if you read the post on him, was just spinning this all up in 2018. Futher reading on Charles Bausman shows that since I looked into him, The Southern Poverty Law Center has been writing about him as well. It seems that on 1/6/21 Charles was at the Capitol, and then rushed off to Moscow….

Interesting that eh?

Just something to think about while you all watch the impending war in Ukraine, and the furthering of Putin’s agenda. All the while, this and other propaganda is being mainstreamed into the Rrepublican party.

I am thinking that we need to change the Rrepublican logo from the Elephant to that gif of Putin riding a bear….

Smoke em if you got em kids….


Written by Krypt3ia

2022/02/22 at 20:07

Cartel Extortion Text & Call Campaigns

leave a comment »

Extortion text sent this week

A user got an unwelcome call and set of extortion texts yesterday that I had never seen anything of it’s kind before. The above text is part of a chain, which I will upload here (beware, images of violence/death follow) to show just how shocking and scary these can be. I just want to let the rest of the community know about this vector of attack and to be ready in case they get the same thing happening to their user bases.

This user not only had texts and images of threats come through, but, the user also stated that the incident started with a phone call that they did not answer. While the actor did not attempt to leave a message or call back, they then switched over to the messaging. The cell phone number used was a legit one, but, had been passed around, as cell numbers do. Tracking it down further would take a warrant it seems, but, a bit of digging on my part gave the user a sense of relief that this was just a rando looking tor a payday, albeit, one by threatening the lives of family and friends.

In this specific case, the hook was that the actor was claiming that the target had been harassing sex workers and wasting their time? The language is poor, but this seems to be the gist. While the actor went all in, and had done OSINT on the user’s name (probably linked via phone or social media connections) they failed to really profile the user’s family enough to know who was already deceased and who was not, etc. Though, this was still enough to get a worried reaction from the user, and escalation to me to investigate.

The coup de gras…

The images then sent, were the moment of fight or flight really. I have reverse engined the images and they come from the Congo. These images are of the gangland type slayings there, and man, when you reverse search images like these, you really get a sense of just how fucked up the internet is. The analogous images out there are ALL OVER and you can access them easily. No wonder why our children are so desensitized to things huh?

After contacting the user and having them block the number, I then took a look at the net for other like campaigns, and variations have been ongoing for over a year. The worst of them seems to be when the actor has enough intel to involve the “kidnapping” scheme. In this one, they claim to have kidnapped the targets child or children, which I am sure sends the target into a higher panic.

The FBI has put out some guidance on these but, I wanted to post the gist right here for you…

To avoid becoming a victim of this extortion scheme, look for the following possible indicators:

  • Calls are usually made from an outside area code.
  • May involve multiple phone calls.
  • Calls do not come from the kidnapped victim’s phone.
  • Callers go to great lengths to keep you on the phone.
  • Callers prevent you from calling or locating the “kidnapped” victim.
  • Ransom money is only accepted via wire transfer service.

If you receive a phone call from someone who demands payment of a ransom for a kidnapped victim, the following should be considered:

  • Stay calm.
  • Try to slow the situation down.
  • Avoid sharing information about you or your family during the call.
  • Request to speak to the victim directly. Ask, “How do I know my loved one is ok?”
  • Request the kidnapped victim call back from his/her cell phone
  • Listen carefully to the voice of the kidnapped victim if they speak, and ask questions only they would know.
  • If they don’t let you speak to the victim, ask them to describe the victim or describe the vehicle they drive, if applicable.
  • While staying on the line with alleged kidnappers, try to call the alleged kidnap victim from another phone.
  • Attempt to text or contact the victim via social media.
  • Attempt to physically locate the victim.
  • To buy time, repeat the caller’s request and tell them you are writing down the demand, or tell the caller you need time to get things moving.
  • Don’t directly challenge or argue with the caller. Keep your voice low and steady.

The above is a reaction to a Salt Lake City incident, but, it works for all of these kinds of attacks. If you get wind of one of these, you can connect with your local FBI office to report it.

Heads on a swivel, people.


Written by Krypt3ia

2022/01/14 at 15:17

Posted in Uncategorized

The 2021 Krampus List Masacree

leave a comment »

The Great Krampus has been sleeping for some time now, while the whole of the world burns and careens closer to its inevitable dreary end. As we close out 2021 with another variant, lockdowns beginning, and the fuckery levels not abating whatsoever, Krampus just wants to say that he is fucking tired of all this shit.

So, so, so, tired.

But alas, Krampus cannot rest because INFOSEC is just as fucked as the rest of the world and he has a job to do. So, he slogged out this here post for all you kids, so shit down by the fire kidsh, and let Uncle Krampus lay out the masacree.

Right, well, there is a lot of fuckery going on out there kids. Krampus’ jaundiced eye has noticed, and you all should be ashamed of yourselves really.

Just who, you may be asking?

You know who you are, and you should be ashamed.

The fact is, there are just too many for Krampus to actually have a list and name you all. Whether it is the Ransomware groups, phishing masters, initial access brokers, techbro’s, cyber mysoginists, cyber hate mongers, trolls, cyber wokeists for the sake of being woke, whatever that is, the mewling masses online just making a constant background static of fuckery, you all need a serious caining in my basket.

What about all the INFOSEC?

Well, you just fucking hold on there skippy, I am getting to that ok!

INFOSEC has been a up to the same old crap really, sales, sales cold calls, sales cold email spamming, and the inevitable barkers on all corners of the mediasphere trying to hawk their crappy products with promises that it will even give you added male potency. Nothing changes but the names of the companies that do so to get out of chapter 11 and start up fresh with a new name and hopes that no one will notice their previous chiacnery.

In essence kids, its the same ol’ same ol’ and will continue to be so until there is no one left after the great collapse of our society from pandemics, plagues, and climate change.

Rosey huh?

But, what about all the people trying to do good? You ask…

Not enough of them kids, not enough, and never will be. Humanity is a plague upon the world and Krampus holds out no hope that it will get better. The cybers are now out of Pandora’s box, thanks to all of the techbro’s, Cyber Utopians, and grifters looking to make a quick bitcoin on an animated gif of a fist giving the bird as an NFT.

As Krampus gazes into his snow globe (stolen from Winter Wizard played by Kennan Winn… Ok how many had to look that up after reading that?) he only see’s doom and cyber dystopia to come. He has watched as Democracy has been eroded and may be destroyed will all of you mewl about it online but fail to really do anything about it but tweet.

So, continue on kids, complain and snipe at each other over cyber stuff all you like, the world will burn around you anyway, like that “This is Fine” gif that you all seem to love so much… Hell, maybe log4rj will be that final cyber straw on the cyber camels back huh?

One can only hope….

Maybe it’s time to just pay Elon in bitcoin and get the fuck off this planet.


Written by Krypt3ia

2021/11/21 at 15:45

Posted in Uncategorized

Perilous Times

leave a comment »

Earlier today I posted a long thread, but I wanted to make a more cogent post for those of you not on Twitter. My tweet thread went something like this…

Militia site proposing and architecting the 4k militia action against the inauguration of Joe Biden and Kamala Harris

The events of January 6th, 2021, were I fear, just a prelude to an ongoing threat that will culminate in actions against not only the inauguration, but also across the country at capitols in most of the states. These actions, basically more insurgency and insurrections, will be a turning point for the United States more so than what has already taken place within the space of four years of Trump degradation to the values the Constitution upholds.

What I have been monitoring online in the open and places more dank, has been the first time since monitoring Islamic Jihad, that I have felt that we have finally reached a point where domestic terrorism was the larger threat to the nation than Islamic Jihad and all the various flavors of that there are. Specifically, since 9/11, I have never felt that internal forces could come close to wreaking the devastation that the 19 attackers did on September 11th, 2001. Now though, I am worried that the first skirmish at the Capitol of our Democracy, will not be the last, nor will it be the bloodiest.

The forces of the Alt-Right, are now, it seems, the totality of the Republican base, and within them are a melange of unstable individuals and groups:

We have the Qanon folks, who are outright paranoid delusional individuals or grifters, mostly though, they comprise of true believers with mental instability and ideations that lean toward violence when their world view is challenged.

We have the MAGAheads who also cross pollinate with the Qanon true believers as well. These are the people who are just drawn to the strongman in Trump.

We have the ProudBoys, who, well, are much more oriented toward hate and are often times bridges between Neo Nazism. The Nazis are all over the place too now in amongst the sheeple that are the MAGAheads and the Qanon’s, and they are something to really be concerned about.

What is really happening here is that as things play out, it is becoming increasingly clear in the Telegram channels for the NaziProudBoy set, is that they are planning on using the MAGAheads and the Qanon’s as cannon fodder in their own putsch for their own goals. These people have another more hate filled agenda and that is of the kind that you saw some in the crowd at the events on Capitol Hill. The kind who wear shirts like this and believe that eleven million Jews killed in the holocaust were not enough.

The net effect though, is that there are forces at work in the open at first, but now scattering to the darker parts of the internet, plotting and planning actively, another series of attacks because they have been empowered to do so by the likes of MAGA and Qanon. This canon fodder, are their diversion to carry out more focused and dangerous attacks like what was attempted at the Capitol. They failed last time, but only just, and now, if they can rally their canon fodder along with Trump, then they will have another few bites at the apple.

Also, if they succeed, even marginally, then they will be empowered further in recruiting and planning for more later on down the road. All of us should be concerned by this, just as much as you should be concerned in how many of these people of like mind, already sit within the government, military, and police forces of the United States.

As the date approaches for the next insurrection, we should all concern ourselves with idea that Washington DC and in fact many places in the United States (e.g. capitols, state buildings, federal buildings as well as corporate buildings) may become the new American Kabul or Palestine. With fighting in the streets by pseudo guerilla forces of Trump America. They will plan all their actions in private chat rooms on Gab and Telegram, or create new venues that likely will rely on services from places like Russia, where they will not deplatformed, because these sites and these forces, plotting and acting out, are a boon to Putin.

As if this all wasn’t bad enough, last night the Joint Chiefs felt moved to put out a statement memorandum admonishing sedition and re-iterating that the military is not a political body and that their directive was to protect the Constitution and the people. The fact that they had to say this in this way, is a troubling thing and we all should be concerned about just how many in the military and other forces like the police, are in fact believers in Trump and these other doctrines being put out there by Qanon, Alt-Right, Nazi’s and Proudboys.

One of the biggest concerns out there that you all should be aware of, is just how much sway someone like Flynn might have on these same people. Also, just how many connections and loyalties he may still have, as he is now the titular leader of Qanon, the public face of Q, a man in the “know” as he was in the IC proper and held a high position.

Here he is before the insurrection at the capitol, basically pointing at the stadium seats and saying “go for it, I got your back and Q has all the answers as well as Trump” This is a dangerous man, who is now free to carry out Trump’s and his own grifter agenda after being pardoned by his master. This man, who worked as an agent of Turkey, willing to rendition a US citizen to the Turks for money.

We are through the looking glass ,people.

Be afraid, because if Trump continues to be a chaotic and psychotic force, whipping these people up, we will be seeing more of this in the coming years. Unless the states that have criminal cases against him act, we will not see the last of Trump. Without him being charged and perhaps incarcerated, he will continue on this path and it seems, attempt to run for high office again.

This will not end well.

Keep your wits about you.


Written by Krypt3ia

2021/01/13 at 12:50

Posted in Uncategorized

Supply Chain Attacks and Nation State Pwnage: A Primer

leave a comment »

I've seen things, you people, wouldn't believe....

Last Sunday night, while I was lounging on the couch watching some British Bake Off, I got word of the Solar Winds supply chain hack. After kicking back the last of my whiskey, I immediately got on the phone to start IR at work, cuz, yep, we have Solar Winds too.

Who’da thunk it?

Anyway, three days of IR stuff later, I am here to blog on the meanings for the muggles out there after having a conversation with a reporter on what it all meant. The reporter asked me about a tweet that was put out by Richard Blumenthal about needing to know more about this evolving hack and fallout thereof.

While I think that Dick is being a bit hyperbolic here, I also can tell you, gentle reader, that there is a lot to in fact be worried about regarding this instance of adversarial activity (most likely Russia’s APT29 Sluzhba vneshney razvedki Rossiyskoy /SVR group) which managed to break into a system application that many in the government, military, and corporations still run to manage their network.

This system is so prevalent in the space, that even in my environment, we still had it running and man, I thought we had made it go away long ago. So, you might be wondering what does Solar Winds really do? Well, glad you asked, it is a series of applications that help you maintain your large networks.

As you can see from the graphic from their site, the companies software performs a lot of management and monitoring capabilities within a network of individual systems. Servers, routers, databases, service desk applications, resource monitoring, network configuration, and security management. Now, you might be saying; “Ok, well, those are a lot of things that this stuff does, but, what does that mean security wise if the application (Orion) is compromised?” and that is a good question, the primary one I want you to comprehend if you are not in tech or security of the tech. What this means, is that this program suite by SolarWinds, is the ‘skeleton key’ now to a host of around 33k companies/networks that downloaded the tampered with update. This could affect around 300k clients in all, should there be more tampering or vulnerabilities exploited by the adversary now that they have the code base (assuming here) after they spent all that time inside SolarWinds systems.

So, we have a rather prevalent application suite that usually functions on a level of administrative access to do the very things it is bought to do. This means, that the Orion system contains ALL of your admin passwords up to and including domain administrator and enterprise administrator. What does this mean? It means that once the adversary had control over the Orion system, they had control over EVERYTHING that that system touched as well as now, if it did not have direct control, the passwords that would allow access within a network running this compromised system, are in the hands of the enemy.

Put simply, the adversary, has control over pretty much everything you own. They can log in, take data, manipulate data, and in the most extreme, burn your network down using other malware like a wiper or ransomware to do it. All of this, while you may not see the activity because everything is using credentials that are admin level and authenticated on your network. This is why it was so hard to detect this attack and to stop it and why they were inside the systems for so long.

Ok, so, what does that mean from the perspective of damage and about what groups the adversary hit? Well, so far, we know that the following entities were hit in this supply chain attack(s)

  • Department of Homeland Security
  • FireEye
  • Treasury
  • Commerce
  • The National Security Council

These are all either government agencies or companies that handle a lot of government contracts, so you can kind of get a sense of what it means. However, let me expand on this, DHS and the NSC alone is a treasure trove for the Russians to gather all kinds of unclassified/classified data that they would want. Not only that, but, if you own the Orion systems in places like that, and that systems is in fact running in the CLASSIFIED space, then you have broached into the CLASSIFIED networks of things like NIPRNET and SIPRNET as well probably JWICS.

What does this mean? Lemme put it into internet vernacular for you;

This could be spectacularly bad. This is why so many are freaked out about this supply chain attack and the incident responses are all going on 24×7 now. It has yet to really be determined (at least publicly) how long the adversaries were inside these networks, but, I am going to assume that it was a long time, and a lot of damage has been done. Now all these places have to clean up the mess, re-set their networks and rebuild so that this cannot happen again. Then they have to assess the real damage to our security and perhaps someday give testimony in congress about it.

Now, about the other entities, these are the reasons that this hack is bad;

  • FireEye: They do all the pentesting and security work for many of the same orgs as well as incident response. If they were owned as hard as we think, well, there is a lot of data that the adversaries could use on top of using all the tools they stole from them.
  • Treasury, well, money right? Plans? Routes? All things monetary that the adversaries could use to mess with the united states up to and including theft of large sums of money potentially.
  • Commerce as well, plans and other details that they could use against the US financially internally as well as globally.

Time will tell just how many other orgs got hit and may in fact have had data lost to the attackers. Also, do not forget the potential for further logic bombs out there that might be placed by the actor as well for future fun. Of course I have been hearing stories about power and water companies and systems being affected by this as well. All in all, it could be very bad for us all, and places us in our back foot most solidly globally.

One other aspect here, and this is highly speculative, but, what other secret orgs had connections to others with Orion? What orgs themselves in the secret spaces like FireEye, had the same software as well? What classified intelligence has been lost here?

Let that sink in…

Also, on the critical infrastructure end, I am not worried that the power will go off nationally, but, the Russians could mount more, and working attacks against regions with the right kind of access vis a vis this kind of hack.

Think about that too.

Gotta hand it to the Russians man, they play a good long game. Expect to be hearing about fallout on this for quite a long time. If you want to kind of get a sense of the scope of this, I would recommend watching “Sneakers” the whole McGuffin of the movie is the little black box that the mathematician created that decrypts all the things. This hack is kinda like that. With one box, the Russians decrypted EVERYTHING and then, like the Grinch, took it all up the chimney.


Here’s a reading list too for you all to follow along with:

Post Script:

Someone put out a tweet earlier that is very prescient;

This is an important context to have. Russia has used Ukraine as their down range test bed. If you remember back to NotPetya, you can see this exact supply chain attack cycle being leveraged there first, and tested. The Russians are old hands at this now.

Not Petya:

Written by Krypt3ia

2020/12/16 at 18:47

Enemies of The People: An Information Operation

leave a comment »

Yesterday, I saw an article on the news wire that had Krebs lawyer mention a site (enemiesofthepeople) and decided to do a little looking. Going down the rabbit hole, I used Google Domains to do some searches to see what iterations of the site were already taken and found a list of sites that I began investigating. Once I located the main site, it became clear that the creators had also taken out a bunch of sites to post the same content and and were actively putting them online even as I was digging.

The sites are registered all over the place, including non domain named sites in Russia and Germany as well as a domain in Singapore and a presence in the darknet. Many of them are behind DoS protection with CloudFlare, and all are hosting the exact same content. The content is in fact the personal details of people that these actors are seeing as “enemies of the state” including Chris Krebs, Gretchen Witmer, and others in the government (state and federal) that they deem need to be assassinated.

The site also has a host of social media outlets including a now defunct Twitter account and a VK, as well as Gab and of course, Parler. In taking a more nuanced look at all of the domain data and links, I have come to the conclusion that this is probably an information operation, but the question is, by who? The domain data is littered with Russian addresses, names, and email addresses for Yandex, but, nothing in all of this data has shown to me a slip up, instead, this is all deliberate and methodical. A means to an end to make this look like, for all intents and purposes, this is Russia’s GRU putting this out on the net to cause a stir, and to enthuse the Trump/Alt-Right base to talk to each other directly about the “”next steps” post SCOTUS denial of the case to overturn the election in favor of Trump. This also tracks with the timing of the postings of these sites as we JUST heard last night that SCOTUS denied the case in a one sentence ruling in thirty four minutes.

Details of Domains:

pcp6uxkzhavhxnwb.onion —> Clearnet gateway to access onion —-> Hosted on monovm VPS/Hosting
SUB DOMAINS: —>Ties to AZ movement and had it’s own site on WayBack

Non Domain Named Sites: —>Russia Hosting —> Russia Hosting

Email addresses:

Domain contacts:
Kulkov Ei

Social Media Links:


As I said above, so far, the searches I have done show no real mistakes that would lead to the real people behind the sites, and that is going to have to come from the FBI getting warrants on the US entities (the .us domains and the sub domains likely will bear fruit) and track how the domains were paid for. Much of the other data gleaned from email addresses and names listed are pretty much dead ends on a cursory evaluation of them. Which, once again, leads me to believe that someone really wants you to think that this is Russia, but their tradecraft has been too good so far to make me think that these sites are all the work of the would be Trump acolytes, who for the most part, have shown themselves to not be tacticians.

I have yet to log into the social media sites, but I did look at the VK and it is brand new with no followers I could see. Overall though, this is something I will keep an eye on to see what develops and will report what I see when I see it.

For now though, the information operation is afoot, and, from what I have seen in chatter elsewhere, this will be a moth to the flame kind of thing for the more idiotic of the Trumplings. Here’s hoping that they all get rounded up for plotting assassinations and captures like the idiots who went after Witmer a while back.


Post Script:

They also just added a jpg file of an alleged “SECRET” memo that alleges that Krebs (who ostensibly wrote and signed this document) stating that there was a hack that happened on the election systems from Dominion. This is a pretty bad attempt, and because they did not even take the time to fake up a PDF file, I am gonna just say they may be getting a little more desparate…


Since wordpress is a fucking hot mess on editing, I lost some stuff so here it is again…

The sites keep getting updated with names and bios to attack now including Chris Wray

Meanwhile, the sites have started soliciting for Bitcoin with a wallet that at last check had about 6K in it and was zeroed out recently:

I also started a Maltego mapping session on the sites and all data:

Bitcoin transactions:

Written by Krypt3ia

2020/12/12 at 17:03

72 Days

leave a comment »

While everyone is still elated by the defeat of Donald Trump in the election that just ended, I would like to caution you all and temper that elation with some gaming out of what may yet still happen. While it is ok to be happy with this outcome, and to celebrate it, please also take a moment to consider that Trump is still in office for another 72 days.

In those 72 days, Trump may well wreak havoc with our system as much as possible out of spite, but, more likely will start to work on covering up all his crimes by a slew of pardons, which, may also include himself. So in that vein of thought, I would like to outline some potential actions Trump might take in the next 72 days that you should all contemplate as we move towards his possible physical removal from the White House.

  • Trump is likely to leave the White House in the near future and head to his lair, uh, I mean, Mar-A-Lago, where he will stew about the loss that he is not able to really confront, because he is a malignant narcissistic psychopath. There will be turns of rage and depression that will alternately seize him and in those moments of rage, he will either act out, or hatch plots to punish us all. It is more likely though, we will see a period of inactivity from Trump as he processes this. It is called “Checking Out” and in that time we have some breathing space.
  • Trump’s people will start to flee the sinking ship for the most part. There will be others who will double down. Most will though, be seeking other jobs (as some already I have heard have begun to do so) and begin the process of disengaging.
  • Trump’s MAGA minions will also be mimicking the soon to be former president and processing the loss. They too will go through the same stages and likely will also be doubling down in their disinformation bubbles. These people will not be going away, and much like Jihadist movements, will just re-tool their process, and we must be vigilant about this. We have already seen a shift in messaging platforms, and we are likely to see them go quiet for a while, but make no mistake, they are not inactive, they are planning, re-grouping.
  • In that time of re-tooling the message, we will see them double down on the conspiracies and, pardon the vernacular, “butthurt”, which will only intensify as the Biden Administration takes over and starts, in particular, to undo the damage that Trump has done these last four years. Also as its is looking at present, Biden will have to make numerous changes by using the same power that Trump did to undo the damage (Executive Orders) because the Senate will, unfortunately, be still controlled by the Republicans and Mitch McConnell, who will block him at every step. This will be twisted in the disinformation rhetoric as an abuse of power.
  • Likely Trump actions once he returns to the White House are the following:
    • Pardons for:
      • Roger Stone
      • Paul Manafort
      • Presumtive Pardon: Ivanka
      • Presumtive Pardon: Jared
      • Presumtive Pardon: Stephen Miller
      • Presumtive Pardon:Bannon
      • Presumtive Pardon: Donald J. Trump
      • Presumtive Pardon: Rudy Giuliani
      • Michael Flynn
      • Basically anyone in his orbit he wants to pardon to protect himself from being flipped on. His inner cricle, watch them.

Of course it is hard to prognosticate every move that this unhinged president might take, but, here are some possible actions that should worry you all.

  • Use of the war powers act to create chaos and perhaps burnish his image. This could mean unilateral actions using the military on places like Iran.
  • More executive orders that would help himself and his cronies after the presidency is over, gifts if you may, to his many “donors”
  • Attempts to manipulate Barr into rigging things so that any and all Federal, and perhaps State level cases against him are sabotaged.
  • Trump may trade on his knowledge of secrets with foreign powers as play for pay. The soon to be former president is an easy mark for espionage adversaries, but, also may be willing to trade in order to secure his future state. (Think Edrogan and Turkey interference with the courts)
  • Trump may seek to secure future political capital with those who are aligned with him in the government today. This may include the aforementioned pardons, but also deals to lay possible future plans of a comeback, or, more to the point, line up Jr. for a run in 2024.

These are just a few possible actions on Trump’s part that could take place in the next 72 days. I also suspect that we will not see Trump just fade off into the Mar-A-Lago sunset. He will take some time, and then he will begin his push to continue his “legacy” as he will still be seeing it all as he was “cheated” out of the presidency in 2020. One of the more likely scenarios I see, is that he will align himself with OAN and use it as his new Fox news propaganda outlet.

We will just have to see how much of the limelight he is allowed by the media in general, and the populace though. But, you must know, that his malignant narcissism will not allow him to just go into his bunker of seclusion like an orange Hitler. He will take some time to stew, but he will be back, and so will his brood and followers.

This isn’t over for him or them.

Biden, in the process of undoing all the damage that Trump has done, after removing all his “yes” men and women will also have to help create laws where “norms” were the standard. We have seen how someone like Trump can abuse the systems of power, without any kind of firewall to protect the republic, and nearly bring it down. Biden will also have to work with the DOJ, FBI, Homeland Security, and other organs of the state to monitor the MAGA/Alt-Right groups to insure that they stop them before they potentially activate and cause real harm to people as well. In this, I mean that they may in fact act just like many Jihadi’s and hope to start the civil war that they so desperately seem to want.

So, while I am happy with the outcome here, and feel better about things, I also know that this is not over. Be aware too, that this is not over. We have a lot of work to do to repair the government, the nation, and the stature of this country ahead of us.

This is no time to relax, there is work to do. Let’s make sure it gets done.


Written by Krypt3ia

2020/11/08 at 16:06

Posted in 2020