Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Shits Gone Plaid: GDD53 and Slate

with one comment

screenshot-from-2016-11-01-08-12-48

 

Last night, Halloween Night, it turned out was the last of the last nights for October Surprises and this time I was dragged into the mire by piss poor reporting by Slate’s Franklin Foer. Evidently Franky has been talking to “Tea Leaves” the titular secret security squirrel who has been pimping this conspiracy theory about Trump email servers and Russian banks for a while now. I came across the story when someone I know got hold of me asking technical questions about the story. I then did the due diligence and began looking into it and wrote a blog post that in the end after a couple updates dismissed Tea as a fabricator and moved on with life. I then edited the post with an update that in fact, part of Tea’s story was right that the New York Times had looked into this. While this was true, it is also true they dropped it for lack of evidence that you could get past editorial, so my blog confirmed that much at least. Unfortunately Tea still  shopped this around until someone took the bait hook line and sinker (Foer) putting out speculation, anonymous testimony, and not much more as proof positive that Trump is in league with Russia’s Alfabank via secret emails and configured servers.

Evidence:

There was none. There was a lot of speculation and theory but what Tea had put on the darknet and had been shopping around was not forensically proven and in fact all of the metadata that may have existed had been stamped out of all documents or never existed in the first place as they were using text files. In looking at the so called evidence I called bullshit and began questioning Tea. Tea emailed me trying to pimp more of this story but I asked pointed forensic questions and about the provenance of their “data” after doing so, Tea claimed they “never got the email”. This was utter bullshit because I even created an account on the same encrypted email server as theirs to send it to them. Clearly they did not want to or could not answer my direct questions on authenticity.

Here were the questions:

screenshot-from-2016-11-01-08-39-45

I got nothing back so I walked away from this story updating the blog with the image you see at the top. This was a non story and this was someone’s troll or an IC operation of some kind. I left it at that… That is until last night when this fallacy laden report came out of Slate.

Anonymous Security Professionals

So here is what I believe happened with Slate and Foer. Tea, not happy with my ignoring their bullshit, went on to pimp at least five venues looking for a way to get this wide and Foer was the gullible one to do so. Now, with a live one on the line Tea spun their tale and added the new twist that they are in fact a group of “security professionals” with insider knowledge and that this story is really real. Of course once again they provided no real proof of Trumps servers being configured for this purpose, no evidence of actual emails, and no real forensically sound information that proves any of what they say can be proven in a court of law. This is a key thing and Slate may not care but others do. Even in the previous dumps on the i2p site that tea set up their diagram said “this is what it would look like” would is not proof, that there is speculation and not evidence.

screenshot-from-2016-10-05-14-38-53

So more fuckery and none of it can be proven out, in fact as many on Twitter last night including Rob Graham skewered the whole thing pretty well. In the end there is no proof here that these events happened as they are being stated and if there is evidence, solid evidence, then it is being hidden by those said same security researchers because… Because why? If you have evidence that Trump has been in league with Russia via email servers as a defacto hotline then give the evidence to the FBI! What the holy hell are you doing spinning tales to fuckwit reporters? Like I said on Twitter last night, you lack the courage of your convictions sir.

OPSEC

Meanwhile, the story spun by Tea and now Camp et al on Slate makes me wonder just who Tea is. Obviously Camp knows Tea and the others and this is a small world so let’s work out the connections shall we?

Camp –>Vixie –> ??? let’s just assume that Camp knows these persons well and if one starts to dig you could come up with a few names of people who “would” (there’s that would again) have the kind of access to DNS data that is needed. Let’s just start naming names like Dan Kaminsky for example as Tea just because fuck he has access to that kind of stuff! It’s fuckery sure, but it is just as valid as that fucking slate article am I right or am I right?

Just remember Tea and company, we all know each other in this biz and someday your anonymity will be blown because of your fucking bad OPSEC. When that day comes then you better produce some solid evidence.

Just sayin.

Reporter Fuckery

Lastly, let me just say that I never “softened” to Tea. I got some facts that NYT looked at this and I postulated that it is possible for this kind of stuff going on but in the end I said that there was no proof. So this line that I am sure Tea gave to Slate about my “incorrect assumptions” was outright fuckery.

Proof or get the fuck out.

K.

Written by Krypt3ia

2016/11/01 at 12:59

Posted in 2016

One Response

Subscribe to comments with RSS.

  1. I am very eager to learn how he got access to those nameserver logs.

    I suspect the logs he provided are probably legit. Of course they might be faked since there’s no solid proof, but the impression I get is an anti-Trump researcher falling victim to some biases and connecting too many dots where there are none; not someone wittingly fabricating evidence.

    But assuming they are legit, how and why does he have access to Cendyn’s DNS logs? Does he have access to something that lets him see arbitrary logs for tons of nameservers?

    Another thing that I think could elucidate the situation: Is there any evidence of trump-email.com blasting email in the past few months? Anywhere? If other servers report receiving messages from that domain (or an SMTP server spoofing that domain), then Alfa’s claim about automated DNS lookups seems plausible. If there is no evidence of it, then it is a pretty curious fact.

    I figure Mandiant wouldn’t be too easy to fool, so if that ends up being their analysis results, I’ll accept it. But there’s still some stuff up in the air that could make this a real story if Tea Leaves provides more hard evidence. I think his conclusion probably wrong, but I think he’s not a willful bullshit artist.

    Sorof

    2016/11/01 at 17:02


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: