Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for May 2019

The 2020 Disinformation and Election Meddling Melee Playbook.

leave a comment »

The Game:

 

“There is no objective truth, there is only subjective truth”

The upcoming 2020 Election cycle will be an all out melee I suspect for a few reasons. The first reason I am making this claim is that the US has done pretty much nothing under Trump to secure the next election because Trump cannot bear to discuss what happened in 2016 and has rebuffed Homeland Security and others ovations to talk about 2020’s security. Additionally, even not talking about the subject, Trump has seen fit to do absolutely nothing about the problem because, hey, it’s how he won the last time right? The big difference in the next election cycle’s attacks will be that the field has opened up much more since the playbook was used by the GRU and SVR in 2016. Now we will have a slew of other nation states as well as internal players (Republicans, Dems, and private groups with interests) who now can spin up campaigns of their own using the Russian active measures playbook.

The Players:

Russia

Russia will undoubtedly has already spun up operations tempo on the 2020 election cycle. We have seen an uptick already in GRU style action in disinformation stories being published by the likes of Sputnik and RT. Of course these entities are always at this, but, it seems the online game has also been at work with fake accounts on Facebook, Twitter, and other places online. The real question now is how will the GRU and the Kremlin innovate to counter the paltry efforts of Facebook and Twitter and get their message out.

Of course Russia already has the in with Trump in office to begin with and it seems that play for play Trump emulates or communicated what the Kremlin wants, in effect Trump is Putin’s puppet even if he doesn’t really understand that fact. The reality though is this; the Russians have moved in on all fronts and are using proxies to effect the overall fractured nature of the political landscape today not only in the US but all over the world. Remember, Putin’s goal is to cause chaos, division, and a malaise that will leave their perceived enemies unable to function as a nation/government/force that could threaten them.

To that end, we even have been seeing more incursions lately into US air space by BEAR-FOXTROT bombers with SU-35’s. This is also a means of pressure to keep the US off balance and garner news cycles. Russia will continue overtly and covertly to influence the US in myriad ways to keep us off balance and continue the division that makes us unable to act on the world stage with decisive action. The most insidious actions though will be to continue to use money and power to further their goals internally within the US along with kompromat to keep a hold on those in power that they can use.

Trump & Surrogates

We have been seeing what Trump and his surrogates have been doing these last two years already if you have been paying attention. Trump’s use of the constant rallies, constant lies, and “iniquity signalling” will only crescendo as he leads up to the 2020 vote. Trump’s current actions against the IC are also a means of control and division as well. I am sure that Trump will use any and all TS/TSCI information that Barr might declassify to leak or blatantly beat the media and his perceived enemies with it. Let’s just say that a person like Trump with this kind of power will use anything and everything he can get his hands on to distort and destroy in furtherance of his own power.

I would be looking for more disinformation operations being created and played out by not only Trump’s internal teams but also any others who may feel a kinship to his world view. You will likely see more home grown operations like Jacob Wohl’s though some might actually not be as easily stopped as has last few attempts. I would also say that Trump himself, with his patterns of lies, half truths, and confabulation, is a main player in this because he has the multiple stages of media that include the internet via Twitter at his disposal. Of course now that Trump and Barr are in a position to declassify TS/SCI information and weaponize it, we are likely to see much more come from the candidate/president than we have ever seen before as a nation. As I am writing this as well, the debate cycle for the Democratic party starts this evening, so buckle up kids, it is all starting in earnest. It will be interesting though to watch the President and his minions to see exactly what operations they try. Perhaps I will take notes and have a follow up list of attacks that he and his minions carry out.

China:

China has always had an interest in our politics and more specifically, our economy for a long time now. In that the shackles of information warfare have been removed by Russia, the Chinese are likely to be more aggressive in this arena as well. China is currently in an economic war with the whole of the world and it is their hegemony alone that they seek to effect. Of course now Trump has begun a trade war with China so there is even more inclination for China to play a part in effecting a change in our leadership with an eye toward a more accommodating trade policy from a more friendly candidate. The question there is who among the Democrats, Republicans (if any run) and or third party candidates suits their goals. I also wonder if maybe China might make the same calculus about American politics and dysfunction as the Russians do and just seek to cause more chaos. This would mean that the US as a global power would be that much more diminished and would give China a more free hand to assert their power along with Russia globally.

Hmmm….

Frankly, China has more to lose were the US to go up in flames financially than in trying to stabilize things here though. My gut tells me that they will attempt to get Trump out and place a more friendly face in the office with any means that they can (probably dark money to candidate of their choice) to stop the Trump trade war…

Iran:

Well, this will be the new and youthful player in the space this election cycle. Iran is presently on the edge of forever war with Bolton and Trump it seems and their delusions are getting stronger by the day that Iran is an existential threat. Iran will have to play catch up with regard to disinformation and information operations before they can be a real player like Russia or even China but I am sure they will be playing the game as well. In fact, there have been more moves on the internet of late that seem to be leading toward psyops and disinfo ops for the upcoming elections so keep an eye on them.

DPRK:

DPRK is a dark horse here and I am sure they will be taking part as well in the great games of 2020. History has shown that Un and his forces are a little more kinetic than most of the others in their operations online and off. Actually, in the arena they are second to Russia so I would be looking for some hacks and perhaps dumps akin to what Russia pulled off in 2016 to muddy the waters further. Of course in the case of Un and DPRK it is also in their interest to keep Donny in office. Donny is a weak president that Un can lie to and manipulate in order to further his own ends no matter what Donny says about their great relationship. I think if we watch for DPRK activity we will see some hacks, dumps, and more likely than those dark monies being funneled to campaigns to further their ends.

Saudi Arabia:

Saudi… What’s more to say right? Money, more money, more influence, and perhaps some disinformation as an appetizer? My bet would be that Saudi will go full in on Trump and perhaps be passing him dirt on candidates as well as funneling large sums to the Trump campaign to keep him in there. With the Kashoggi killing and the total air cover by Trump for that killing, I am sure that Saudi is a lock in support for Trump. With the alleged hack and dump on Bezos’ phone, we can see that if it was indeed Saudi who carried that out in retaliation for the WashPo, well, then they are certainly capable of much more. The question for me is just how much they will care to try and obfuscate where it’s all emanating from.

Scenarios

Disinformation:

What we have seen in disinformation operations since 2016 is just the tip of the iceberg. With the advent of social media and now computing power, we will likely see even more forgery of information or distortion of data that will cause people to believe all kinds of things in this election cycle. Remember, the point is to cause friction and sow chaos so the media does not have to be air tight, it only has to feed the cognitive dissonance of the target audience that they target. Even with information being proven to be false, we have seen people’s inability to get past their own beliefs to see the truth of things. So by dropping video, audio, articles, etc the damage is done and the momentum is carried. Look for the following types of disinformation operations:

  • Fake video (DeepFake) of individuals in the election cycle (even if they are easily found to be false)
  • Tampered video (Pelosi is slurring words)
  • Faked or tampered audio files
  • False information being leaked or posted (including forged email spools, documents, etc)
  • False or misleading stories being amplified on media
  • Leaking false information to news outlets (Leaked forged or tampered with databases)
  • Leaking false information in the form of oppo (opposition research) to opponents (Think Steele dossier on steroids created whole cloth)
  • YouTube and other video documentaries or clips with totally fictional content offered as “the truth” like flat earth videos
  • Insertion and operation of accounts on Twitter, Facebook, Telegram, Discord, Redit, basically any feed available with an audience to spill disinformation on
Propaganda:

Propaganda and Disinformation are kissing cousins really. Basically all of the above being pumped out by the likes of RT, FOX News, and other outlets. The ubiquity of the advertising and the news feeds that have become wholly about propaganda has made this hard to miss and or be affected by today.

  • Meme’s
  • Television/Internet/Radio news and advertising
  • YouTube videos and ads (lately they have been buying up interstitial space as well as before and after videos)
  • Whatabout-ism
Dirty Tricks:

Dirty tricks have been a long standing go to in our political system and now it is getting a re-assessment and revitalization since 2016. I would wholly attribute this to Roger Stone and his machinations along with the Trump/Russia collusion that took place. Incidents can be clearly outlined in 2016 like the actions of Cambridge Analytica that were caught on tape. Cambridge was looking to sell services of not only analytics but also dirty tricks by capturing people on tape with hookers etc to destroy them. Stone is famously known as being a dirty trickster and worked as such in the Nixon campaign. So yeah, we are likely to see this play out in 2020 as well. I would hasten to add that the recent Giuliani attempts in Ukraine to get dirt on Joe Biden are exactly this type of activity albeit totally and nakedly open to us all to see. You see, even the whiff of this dirt feeds the cognitive dissonance of the avid Trumper.

  • Setup’s like ACORN or Cambridge Analytica offerings of secret videos
  • Sex stings with video/audio/pictures
  • National Enquirer-esque leaks of dirt
  • Blog posts, tweets, etc that can be forged and said to be from a candidate
  • Fake claims made against candidates etc
  • Theft and release of information that is not flattering to a candidate (honestly, this is what happened to Clinton in 2016, what was really revelatory in those email dumps?)
Direct Action:

Russia really set the bar here for direct action. The hacking and leaking of information, even data that like the Clinton emails was a big “meh” was enough to feed the base of Trump and perhaps change minds of those who were on the fence about voting for her. Then again, the idea of hacking the election systems and the systems that tally the rolls has not been totally elucidated upon by the FBI and others. The fact of the matter is this, we now know that the GRU hacked those systems and had access, we just have no idea of what they actually did while on them. Did GRU put their thumb on the electoral scale and win Donny the election by the smallest of margins via the electoral system?

…. I kinda think they did but no proof means no certainty.

With that, consider what may happen this go round in 2020.

  • Hacking and dumping of data as we saw in 2016
  • Hacking and destruction of systems in an effort to make systems seem insecure/not trustworthy
  • Hacking and placing disinformation into data then leaking for effect
  • Hacking election systems and tampering with them secretly for vote control
  • Hacking systems not to actually damage them or change the vote but only to sow FUD on their security
  • Hacking and use of data in blackmail
  • Hacking and using ransomware etc to lock up systems and cause chaos and inaction
TRUMP:

Donny has been hard at work since taking office by having the constant rallies for his base. He has been feeding them a steady mixture of lies, distortions, and promises of “winning” since the start. Faced now with another election cycle where he could potentially be beat, he will go into overdrive with his antics to keep his base active as well as make all opponents look bad. What Trump will double down on though will be the same things as he has previously, e.g. “rigged elections, fake news, and whatever the Kremlin line is being put out there currently” I would add though, these bullet points of what he will likely try in 2020 pre and post election.

  • Begins to call election system into question pre-election
  • Leverages National Guard and or Active MIL to “guard” polling stations nationally (pressure on people to not vote through intimidation)
  • Calls the election “rigged” and challenges the result
  • Makes calls for his term to be extended
  • Calls a national emergency if he loses and attempts to go to court over the election results
  • Calls for a re-call election due to tampering
  • His usual disinformation road show will go full steam during the election cycle
  • Trump will amp up the discord by doing more outrageous things
  • Lastly, the Trump/Barr IC war will be leveraged against his perceived enemies using secret data to dump or distort to attack if not actually attempt to arrest his enemies.
Conclusions:

Well, here we are at what kind of feels like the end of Democracy. Trump is the catalyst for so much that is a detriment to the values of the United States that it is hard to even to attempt to prognosticate what he will try to keep his place in the White House. Of course, as I said before in this piece, the norms have all been broken now and the US and other countries still have not made any inroads and how to respond to these kinds of attacks. This means that we are all just unable to stop these things from happening and without solid responses when they do. This will all just escalate and get worse I fear with a specific scenario that Trump, by hook or by crook, wins in 2020 and is allowed to destroy how the countries government is supposed to work.

This is a key fact, we do not have a means of stopping the disinformation propagation nor do we have a means to effectively counter its effects. without laws and norms around this as well as a means to counter it all, we are lost. I have been watching the think tank reports and have in fact taken part in some of these working groups and in every case, it comes back to “what does the government have as tools and techniques to counter this?” and the answer even more so now is “none” … In fact, Trump has cut funding as well as ignored calls to formulate plans to stop these attacks on Democracy.

The net effect is we are fucked.

So, sit back kids, grab a tasty beverage and watch the fires of what is left of our Democracy burn.

… That’s kinda Millennial huh?

K.

Written by Krypt3ia

2019/05/28 at 13:03

Posted in 2020, Disinformation, Russia

Anders Brievik and Brenton Tarrant: Parallels of Manifesto’s, Actions and Psychology

leave a comment »

I recently began to consider the parallels between the Christchurch and the Norwegian mass shooters which was sparked by watching a special on Anders Breivik. In the documentary on Breivik, they delve into the manifesto and his history a bit and these two things seemed to track a bit with Brenton Tarrant’s actions. In fact, it seems that Tarrant was directly influenced by Anders and his actions as well as his manifesto. So much so, that Tarrant say’s in his manifesto that he idolized Anders and in fact reached out to the “knights Justiciar” online and had communication with Breivik; “Receiving a blessing for my mission after contacting his brother knights”  in his own manifesto placed online minutes before the attacks.

Digging in further, I located several copies of the full video that Tarrant was live streaming on Facebook on the darknet. I watched this and took notes on parallels between what Breivik’s and Tarrant’s actions methods and actions. It quickly became clear just how much Tarrant had taken from Breivik’s attacks and methodology. From this, I then sought out each of their writings online and their manifesto’s. I then began to map out just how much one had imitated the other and started to ponder if they are both suffering from the same mental maladies and to what extent. I began to see the parallels quite clearly and this is something the media really has not delved into. First, let’s look at the planning stages of their actions.

  • Breivik planned his attacks meticulously for eleven years
  • Tarrant planned for two years

 

  • Breivik wrote extensively about certain regions and histories around clashes of cultures
  • Tarrant seems to have traveled to those countries and regions that Breivik wrote about as a means to understand what Breivik had been writing about

 

  • Breivik researched and wrote quite a bit on his plan and his mission to include a manifesto over one thousand pages long
  • Tarrant wrote a seventy six page manifesto and his research was haphazard and minimal as to targeting

It seems that Tarrant lacked the concentration or perhaps the methodical nature that Breivik shows. By looking at the manifesto’s side by side, you can see that Tarrant pretty much just cribbed Breivik’s style and format as seen below. The imagery and the motive seem to be pretty parallel but once again, the diversion is on Tarrant’s side where he could not muster the longer and more convoluted writings as well as the complex ideas that Breivik is trying to get across in his writings. Of course the writings that Breivik put out also are cribbed as well from many sources and are mostly overly complex, the machinations of a disturbed mind. Actually, they remind me a lot of the writings of Ted Kaczinsky.

 

 

Breivik

Tarrant

Breivik Manifesto

Tarrant Manifesto

Formatting is not the only similarity that these two documents hold though. Tarrant actually copies Breivik’s style as well. In the much longer Breivik manifesto he drones on and on but finally toward the end has a Q&A with himself as a Justiciar Knight to describe what and why he is doing what he is doing. This is a direct attempt at self justification as well as a narcissistic pastiche about seeking others to emulate him as a warrior for the cause. In both cases they show the same pathology of attention seeking and self aggrandizement as rationalization for their actions and a call to others of like mind.

  • Both saw themselves as warriors in a greater war
  • Both have a need to be seen as a great actor in history
  • Both uploaded the manifesto just before actions
  • Both expected that these actions would be the lynch pin in causing a race war or cause great social changes

In addition to the manifesto’s and desires to be “great men” both actors had very specific needs to look and play the part of the warrior. What I mean here is that both nationalistically needed to be seen as well as heard. In this way, Breivik made the mold that Tarrant re-used and added to in his attacks. While Breivik did not live stream his attack, he did plan it and carry it out in a way that made him look and feel the part. Tarrant as well followed these visual and audio cues in his own way.

  • Breivik created/bought military uniforms to include full regalia
  • Tarrant created/bought a military uniform with added Neo Nazi black sun logo
  • Both use imagery and language concerning knights (Neo Nazi black sun in Tarrant’s equates to Wewelsburg and SS knights)

I would be interested to see if more of Tarrant’s writings and or images come out during his trial. This would add context to the comparison between the two actors actions and psyche’s. It seems that both planned for acquiring weapons and tactics much the same way, but, it is yet to be seen if Tarrant had any plans for bombs or had been working on or researching such things. My guess is that Tarrant lacked the patience for this and went for the quick hit instead. This is also visible in his shorter planning phase as well as his brevity in manifesto. It is also clear that Breivik’s hate was directed not only outwardly at Muslims or foreigners but also inward at his own country in his attacks and professions. Tarrant just went for the Muslims and the foreigner in a more spree killing modus.

Finally, I will cover the video that Tarrant live streamed. It is a hard thing to watch in total but it shows some cues that backstop this idea that Tarrant was really emulating Breivik down to some fine details.

  • Breivik wrote about using an iPod during the attacks to mute out the screams. This he said was to prevent him from losing his motivation
  • Tarrant played neo nazi music in the car and was dubbing this also over his video live feed
  • Breivik game-afied his attacks and played video games incessantly in preparation for the attacks
  • Tarrant did much the same making the video a “first person shooter” game with video as he gunned people down

It is pretty clear that Tarrant took Breivik’s model and upgraded it with the technology today of Facebook and a helmet cam. This I believe will not be the last time we see this kind of activity as the technology becomes even more ubiquitous. The question is then, how much amplification we will see with such attacks being footage that can be watched and re-watched online to activate others of like mind and mental states. It’s pretty clear that the motive of creating such videos is to activate others as well as get that 15 minutes of internet fame that the narcissist needs to sate them momentarily.

As a parting thought, I would also like to say that both of these men seem to have the same mental illnesses but I am afraid there isn’t enough evidence in the case of Tarrant as yet. Breivik clearly is a paranoid schizophrenic and I believe that was the diagnosis of him at trial. Tarrant’s history and a review of his mental status as yet to my knowledge has not been carried out and released to the public. I would be interested to see more of Tarrant’s history and biography to see if there are parallels as well. As of this date I know that Tarrant’s father died when he was ten years old but there seems not to be a similar history of mental illness as presented by Breivik even at an early age. Nature versus nurture is still a coin toss as far as I am concerned so there is still much to learn about Tarrant before we can make any pronouncements of mental illness. I will keep watching as more comes out but I thought this was an interesting set of circumstances to write about.

K.

Written by Krypt3ia

2019/05/24 at 13:37

OilRig Games: Dumping IOC’s, Tools, and Deets on Iran

leave a comment »

NARRATIVE:

On March 26th 2019 an account on Telegram named  لب دوخته گان (sealed lips) “Labdookhtegan1″ began dropping details on OilRig aka Muddywaters APT group on Twitter. The data that this account dropped consisted of names, details of the actors allegedly behind OilRig/APT34, and screen shots and details of compromised systems and tools being used by Iran. Since March the actors involved in dropping the dime have gone on to create two darknet sites as well as three accounts on Telegram where they dropped much of the same data. The Telegram and the successive Dookhtegan1 account(s) on Twitter also put out a video with their announcement. The video consists of clips of President Obama making a speech much like the kind of thing you see in movies threatening someone using sound bytes.

 

Analytics on Dookhtegan:

  • Dookhtegan لب دوخته گان “sealed lips” as an image and a maxim was the creation of Mehdy Kavousi, an Iranian immigrant in the Netherlands who is protesting immigrant deportations. The image is famous and literally shows Mehdy with lips sewn together in protest.
  • The original photo has been shopped by many including the actors here creating these accounts and dropping data
  • Dookhtegan is only one of many accounts
    • labdookhtegan
    • labdookhtegan1
    • Green_leaks
    • Green_Leakers
    • Bl4ck_B0x

  • The data drops all included Farsi commentary as well as English
  • The backstopping of the data is tied to actual compromised system addresses and files of malware
  • Interestingly, the translations of Farsi to English seem to imply that the writer is not a native speaker of Farsi

 

DATA DROPPED:

The data dropped by these guys is rather splashy. They have named names of at least six guys and two companies in Iran they claim are part of MOIS/IRGC actor group

  • Omid_Palvayeh
  • alireza_ebrahimi
  • mohamad masoomi
  • saeid shahrab
  • taha mahdi tavakoli
  • Noorsec —>Sec Company
  • Rahacrop –> Sec Company/School

All of the actors dossiers are included in my zipped drop below for you all to oggle. OSINT on these guys may come later but for now I am kinda meh, they are blown.

FILES DROPPED:

Labdookhtegan1 dropped many files as proofs of their work and outing of the IRGC. These included such things as passwords to compromised systems, tools they used, and other proofs to show IRGC activities on the following places of interest (see list pictured) The targets pretty much show activities in the middle east and areas that the IRGC would like to attack. Of course I am not seeing any US assets nor other areas, which, is rather interesting no? More on this in the context and timing section below….

I am currently looking at the technical tools and may have an update later on with tech details but for now, be happy with Uncle Krypt3ia’s gift of all the files and dox in one zip!

Tools, Techniques, and Assets

CONTEXT OF TIMING:

Right! So, the timing of these drops is rather convenient for the US huh? I mean, even as we speak Donny and his mustachioed pal Bolty are looking to maybe attack Iran for whatever reasons they have. The actors here try to make a case that perhaps they are in fact Turks, but I am kinda not buying that at all and the touches with “sealed lips” aka Mehdy Kavousi is also a nod toward some sympathy for Iranian immigrant feelings on deportation and feeling silenced. This too I am not buying, so once again that brings us back to the whole idea of “Cui Bono” and for me who really benefits here on so many levels would be America and the NSA perhaps or CyberCOMMAND?

So picture this… We decide to drop dox and TTP’s on Iran in the REGION as a means to blow IRGC out of the water and re-tool as we are ramping up for maybe some action in the region and we need, oh, let’s say, a receptive audience(s) in said region to help us were we to get kinetic with Iran. How’s that play for you all? It certainly plays for me. This is a stick that likely is dual edged and wins for us in my opinion. After all, the IRGC is in the regions playing their games as always, but the skinny recently is that IRGC messaged all their proxies and took them off the leash, and more to the point, in Iraq.

Think about that kids….

Say, didn’t we just pull out all our State folks from Iraq?

Why yes we did… Gee… WHO KNEW?!?!

Ponder that.

ASSESSMENT:

Overall these are interesting times and if you are in the game here and want to have all the fun bits, download the zip file with all the things. You’re welcome. I am glad to put it all in one place for you to have instead of playing games with all the companies out there trying to get you to buy their content while hiding the good shit behind a paywall. My assessment is this, that the players have been exposed, the companies they work for have been blown, and we all likely have much more to dig into now and coming soon. In fact a little birdie told me about a new dump this morning (yes it is in the zip file) so WHEEEEEEE!

Watch Iran and the region… I have a bad feeling.

K.

 

PS! I almost forgot.. I found some of the malware online in VT/Hybrid

https://app.any.run/tasks/a74d0d54-a996-4ae0-979f-675bbdd3bbad/

https://app.any.run/tasks/69ad1f9f-9dc4-475e-8762-b31283f314f1/

https://www.hybrid-analysis.com/sample/3c0c58d4b9eefea56e2f7be3f07cdb73e659b4db688bfbf9eacd96ba5ab2dfe5/5cdabffa028838cc0ea26b0a

Enjoy!

PPS! Almost forgot.. These cats even created a LinkedIN page for one of the burned!

Screenshot from 2019-05-09 10-29-37

*giggle*

Written by Krypt3ia

2019/05/16 at 14:03

Posted in APT, APT34, Infowar, Iran, OilRig