Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Author Archive

Trump Domains Hacked and Shadow Subdomains

leave a comment »

Well now, the worm is turning on our old friend trunip ain’t it? It seems that something I was playing with back last April should have dug deeper I guess because today Mother Jones put up a post on how Donny’s domains had shadow subdomains that all pointed to Russia! Of course in the interim since the post went public two things happened. One, Donny and his people said “We ain’t been hacked! We have the BEST security! Nothing to see here!” and then rather rapidly. some of the domains started to go down and be unreachable on the tubes today! Well, I did some more digging after reading this Mother Jones post and while I was not seeing the same IP addresses used in the stuff that was posted today, the malware I was seeing back in April still had some commonalities to ranges in the same region of the world.

Back in 2014 Trump was hacked and credit cards were stolen by the attackers. It seems though that perhaps it wasn’t only credit cards that were hacked but also a persistence to the network may have occurred as well as access to the Trump domains registrar as well. In the Mother Jones piece they show how sub domains or “shadow” domains had been created with interesting domain names that usually involved random letters. These domains, once you start looking at them show a couple of things. First off, that these domains were all created under the Trump umbrella’s account and second the IP’s that these pointed to resided in Russia. In looking at these domains myself I noted a few other interesting factoids that I will share here for context.

First off, the hackers used the same registrar as Donny did (more likely his minions) using the “Trump General Counsel” moniker as the owner of the domains;

These domains were registered with Godaddy and then pointed to other IP addresses later on. Also, the sample I just pulled randomly show both being created in 2009 on 5/22/2009 to be precise. So the question for me is this, were these created by the trump org themselves as a means of stopping domain squatting or were they owned (Trump networks) earlier than we assumed from the article by Mother Jones? It is kinda of hard for me to think that Trump and his org would have been creating such domains as donaldtrumppyramidscheme.com to prevent squatting. Trump ain’t the sharpest marble on the internets and certainly Barron wasn’t an uber hacker back then right? Curiouser and Curiouser, but maybe they were being overly litigious and decided to take up all the permutations right?

So, looking at the IP addresses that the domains were pointing to also adds some interesting context here…

When the domains were created they sat on Godaddy from 2009 to 2013 when the IP changes. In the case of both of these domains on GoDaddy, the IP has a long storied history of having bad actors attached to it.

…But that is GoDaddy for ya right? They aren’t the cleanest of the orgs out there so meh. However, in 2013 the IP was redirected as Mother Jones showed to another IP; 184.168.221.41 which is also a GoDaddy IP. Now, looking at this IP in VT and in ThreatCrowd, you can see it also has a pretty dirty history as well.

So was the change made by Trump or Godaddy? Or was this change made by the actors in 2013 to a host they owned in Godaddy? Now historically I am not able to see the malware history for the IP or the domain name for 2013, which would be a nice feature for VT and Threatcrowd to offer right? Anyway, the point is not all of the addresses were pointed to the Russian addresses in the Mother Jones piece. Over the whole of the domain space it is likely that the IP’s used by the actors who had access to the Trump registrar account were not only focused on the Russia space as C2’s go. In fact the second sample I pulled also was changed to another GoDaddy IP as well that has some dirty history as well.

So maybe these were moves by the trump org or maybe it was the attackers moving these around per their needs for each campaign? Inasmuch as I can tell many of these domains never had sites attached to them and were in fact just parked domains. However, in the case of donaldtrumprealty.com I see a lot of action moving this around the globe for IP pointers over the years. So what is the deal with that? Looking at the Wayback Machine for this domain shows the following activity over the years.

It’s been parked since inception but that parked page has some redirects and popups to potential scams. What does this all mean? Well, that Trump has not been paying attention to his domains and that what has been laid out is exactly the case. The only thing I can maybe say is that the activities have been going on longer than we are led to believe in the Mother Jones piece from the samples of IP changes I have seen in Domain Tools. If that is the case what else has been going on with Trump domains and perhaps their internal networks?

See, this is the question that the Trump admin will not want to touch with a very long poll but it may also lend credence to the DNS stuff that was happening with the Alpha servers as well. If there was traffic going on that was amiss, and it was perhaps as others suggest, spam traffic, then maybe it was indeed the same actor using their domains and network systems to route traffic and not a secret plot against America huh? We do know that Trump Hotels had been popped back in 2014/2015 as they have admitted it. What we really don’t have any idea of was the level of compromise that occurred and just whether or not they were able to get them out of the network. What I am seeing here is that maybe they did not and in fact the adversaries used them for even more things.. And it may still be going on.

Imagine that kids… Trumps networks owned and he may still be using them for things while in the White House?

*shudder*

Just remember that Ivanka and Jarred were using that secret email server on that personal domain too!

Anyway, there are over 3k domains and I am not spending all that time on all of them to track the IP changes over the years. Others can do all that leg work if they want to. For me, this just shows that there may be much more that has happened with Trump networks and domains than we are aware of. Russian IP space does not imply KGB or GRU access but let’s just spin it this way; We know that the Russians use the criminal hacker groups to do their work as well as the actual operators from KGB and GRU so there is that. If the actors using these shadow domains for malware deployment, they may also have used them for other activities right? Maybe propaganda spam? Other stuff? Who really knows right?

As for the malware involved with the cited IP’s and urls we see .zip files that only are seen by one or two vendors on VT (Kaspersky being the one continually) I am told that the files were in fact not zip files but jar files and java infrastructure to deploy malware. Which malware? Well, no one really knows at the present time that I am ware of. I could not get a sample of the alleged zip files and all the domains were non responsive and not in Wayback Machine to gather so there is that. It could be that these guys were using this infrastructure for Locky or they could have been passing out RAT’s so until we have some solid telemetry and samples it is once again, hard to say what went down. The interesting bit is that most of the RU I space I looked at all had stuff going on last August.

Just in the middle of the election huh?

Hmmmm….

Welp, I am done looking at this for now. You kids have a look and lemme know what you all see. Just remember to ask this one question; “Just how compromised are Donny’s networks today?”

K.

Written by Krypt3ia

2017/11/03 at 15:12

Posted in Malware, TRUMP

The Philosophy of Rick & Morty: Szechuan Ricksauce

leave a comment »

Recent events with McDonald’s and Mulan Szechuan sauce have steered me down the philosophical path and I feel that a post on these events might be in order. I myself have been feeling like Rick Sanchez C-137 lately and I think a lot of that has to do with the state of the world today. Another reason is really kind of encapsulated in Rick’s comments to Beth in SE03E09 of The Adventures of Rick & Morty. To wit my “I drink and know things, because I know things I drink” moment.

Beth:Am I evil?

Rick:Worse. – You’re smart. – When you know nothing matters, the universe is yours. – And I’ve never met a universe that was into it. – The universe is basically an animal. – It grazes on the ordinary. – It creates infinite idiots just to eat them, not unlike your friend Timmy.

Beth:Tommy.

Rick:Yeah, it hardly matters now, sweetie. – You know, smart people get a chance to climb on top, take reality for a ride, but it’ll never stop trying to throw you. – And, eventually, it will. – There’s no other way off.

The whole kerfuffle with McDonald’s and the McNugget sauce being in scare quantity while not even being connected to the show formally kinda rides on the whole Nihilist precepts that Rick holds himself. What’s even more interesting is that most of those who were flocking to Mcee Dee’s to get the sauce had no clue about the meanings behind the whole first season three first episode of Rick and Morty at all because, and this is my Rickian opinion here, they are all the idiots that the universe grazes on.

You see kids, I tend to ascribe to Nihilism/Absurdism/Existentialism myself and lately, oh, since about January 2017, have been sucking on that Nihilist teet tenaciously JUST to survive each fucking day in this universe. My worst fear of late is that I would invent a portal gun and find that in every universe Trump is actually president! But I digress …Ok so yeah, the show, Rick & Morty is densely populated not only with scifi and humor but also philosophy and the kids who are watching it by and large I fear just aren’t hip enough to get that. I could be wrong though, I mean storming the McDonalds for Mulan Rick & Morty sauce only to be told that there is none is kinda really absurdist poetry to me. I somehow doubt though that Mcdonald’s marketing folks really grokked that when they pulled this stunt though.

When the masses of zombie like Rick & Morty fans began to get violent over their lack of Mulan Szechuan sauce and everyone began to pile on McDonald’s it became clear that too many people are just mindlessly watching Rick & Morty not getting the whole cosmic joke that there is no sauce to be had really and that it was not on offer everywhere. I personally would have just laughed and given a hearty belch at the whole thing but then again, I drink and know things right? What the whole episode did for me was finally push that one small piece of belief from my gray matter into a complete state of nihilistic bliss.

If you watch and actually pay attention to S03E01 at the end you see that Rick say’s it all:

 

Nothing matters, so I did it for the sauce.

Nothing will change.

Entropy will win out.

The universe is an absurdist play and you can all play your parts.

Or more like Morty…

“Nobody exists on purpose. Nobody belongs anywhere. Everybody‘s gonna die.

Enjoy the fuckery kids.

Dr. K C-137

Written by Krypt3ia

2017/10/16 at 13:06

Posted in Philosophy

Bluebox2600: It’s Time

leave a comment »

So the other day I posted about some puzzle sites linked together in the darknet by someone calling themselves BlueBox2600. Today I am bringing you their new game site and the creepy imagery and puzzles that are there. Check the site out for yourselves but I thought it appropriate to pull apart some of the stuff that is there and having copied the site totally locally I have posted the videos for you on YouTube if you don’t want to dare go to the darknets. Inasmuch as this site is supposed to be a puzzle box of sorts, I will tell you know on the surface of it I am kinda meh. The only really interesting bits are Doors one and four but you decide for yourselves. The site just went up this week and is fresh so this may be virgin territory for the Reddit set.

Let’s begin….

Entrance

The entrance has a video that shows what looks to be some hooded figure who brings in a small body and begins to dissect it or gut it. Within the imagery you get a quick flash of the following text below…

I have tried to string this together into a sentence but have yet to make it work. I will say that there are two capitalized letters “On” and “I” and either could start a sentence. I will play with this some more….

Choose your door

Once you enter the “game” you are presented with four doors to choose from…. Below are the videos behind each.

Door One

This starts with a pan of an outdoor scene and a song by Billie Holiday but starts to skip and break up. The scene goes blank and words start to appear on the screen…

 

Mortus

Dead Man!

The screen clears to the sight of what I liken to Batman’s Scarecrow villain…

It’s at this point that the figure begins to talk and it is garbled at first but clears up. The scarecrow starts talking about stalking a woman…

I saw you with your true love…

I saw you with your child….

I have watched the child…

I have watched your child but some day I may decide to do more…

One day I merely may decide not to follow, not to watch…

I may decide something needs to be done…

Something more vicious…

Whether it be with you or your child….

The face of Scarecrow

So far this is the creepiest and longest of the videos on the site but amazingly the hidden code in the HTML says that it is not the right door. As far as I am concerned it is in fact the right door for creeptastic imagery and sound.

All in all, this video has the most interest for me with the imagery and the strange details it is putting out there for us all to parse. Is this some kind of scary footage you would see on YouTube that would lead to other sites or some kind of creepypasta? I have yet to see anything in the footage to show a link anywhere but I have yet to look at the file itself to see if there is something else there. Are there more things interlaced into the video that you cannot see with the naked eye? Basically the story line of some crazy scarecrow like figure hunting/stalking some poor woman and her kid is disconcerting.

Door Two

Door two is a bit strange…

KITTY CANDY!

Strange shots of a mannequin and yelling about feeding the kitty….

Go watch it… But it is not the right door according to the hidden text in the HTML

Door Three

Door three’s video is just plain boring to me and the fact that the hidden text in the HTML is telling you that it is the right door kinda makes me wonder what I am missing here. I will see if I can take a look at the file itself and look for interlaced things you can’t see with the naked eye but all this is some rando images of a hokey mask like figure and nothing more.

Door Four

Now, here at door four we have something interesting.. Actually some “things” that are interesting. The footage is a staged scene of a devil or Baphomet figure who is holding some woman in a chair hostage… Poorly. She breaks free of the chair easily all the while screaming about feeling gross from being in the chair and unwashed. However, once this cuts away we have the Baphomet figure holding a giant fan open and this has some interesting things on it in handwritten text…

So once again, the most interesting content is marked as not important but yet here we have all this stuff on the fan. You are sleeping is the clearest thing to see but under it are esoteric symbols again and names like David Kelly and Steve Mostow and Ian langford. Now once you start to Google those names you get some interesting things popping up;

Steven Mostow is either a character on Grey’s Anatomy or it is this guy, I am gonna go with this guy because the other name above him is David Kelly..

David Kelly refers to another scientist who was killed which is in turn connected to Ian Langford, yes, another scientist who got whacked. One of 24 scientists alleged to have been killed by some cabal…

 

Right! So all of these names lead back to conspiracy theories surrounding these doctors deaths! Interesting and yet NOT the door we want? Something is out of whack here I think.

You can also make out three Bible verses scrawled on the fan;

Genesis 5 3:1 When Adam had lived 130 years, he had a son in his own likeness, in his own image; and he named him Seth.

Revelation 12:9 And the great dragon was cast out, that old serpent, called the Devil, and Satan, which deceiveth the whole world: he was cast out into the earth, and his angels were cast out with him.

Revelation 20:2 And he laid hold on the dragon, that old serpent, which is the Devil, and Satan, and bound him a thousand years,

All of this is tied back to the esoterica of previous puzzles by BlueBox2600 (oh and yeah, for all you hackers out there BlueBox 2600 come on!) All of this seems to be pointing in the general direction of esoteric beliefs, conspiracy theories and general creepypasta action on the darknet. Hell, there’s even a Fibonacci Sequence on the fan as well!

Mostly I find this stuff to be kind of muddled and not really leading me in any one direction. Maybe there are clues within clues I haven’t seen yet and I will keep looking for a bit. I thought though that this site was worth a gander for you all. If you are in the darknet feel free to slide on over and check it out yourselves… And if you find something new let me know.

K.

 

Written by Krypt3ia

2017/10/13 at 19:11

Posted in DARKNET, Esoterica

Bluebox2600: Darknet Games

leave a comment »

It all started for me yesterday when a new darknet site popped up on the spider. The page primarily consisted of the image above that contained a movie that plays automatically. The movie consists of what looks like a hooded figure bringing in a small corpse of some kind and through cut scenes begins to dissect it with a kitchen knife. This of course intrigued me so I went down the darknet rabbit hole to find out more. Luckily for me the breadcrumb trail was left on the page listing the previous sites that the user had created “games” on in the past.

 

I then copied down the urls in that image file above and began to call them all up in the browser. It turns out I had seen these sites before and dug around a bit on them in the past. The reason for my interest back then, which waned eventually, was that each site had embedded codes in the html to break. These codes weren’t hard really and I wondered if I was missing something else but you know me, I get bored and I walked away after a bit. Of course now with this new site I had to go back and take another look.

Once I went down the rabbit hole, I kinda found myself in an interesting esoterica hell. The pages pretty much all lead to one after the other when you decode the hidden codes. Note that I have only looked at the HTML and not into the imagery itself (e.g. looking for Steg) and maybe I will do that after a time. Anyway, these are the sites as linked by code and the “puzzle” that this person(s) has put out on the darknet for the chosen few to work out. It all comes down to some kind of esoterica that is supposed to enlighten the puzzler.

I don’t feel too illuminated but it was fun. I did get a little turned around a couple times and I still have not quite solved the math problem into a URL. I do dig the imagery used especially all the old creepy photos and shops of things like the anthropomorphic rabbit. I don’t quite know what about him there is that makes it nightmare fuel for me but I am all up into that. These pages though as a whole don’t seem to give you a way to talk to the creator, but maybe they were watching the hits on the pages to see if people were working them out. As I show in the post here I also was able to dig up a WHOIS and a name as well as an email address used in Domain Tools so I may have nailed down who made these and what else they have online. I will look more into that later on and let you know…

For now, enjoy the puzzling and know that the images at the top here? Well, they are back at it and I already am going down the new rabbit puzzle hole too.

K.

Illuminati

Code in HTML:

.-.. .. --. .... - .- --.. .--. .. -.. --- -..- -.- --.- -.-. . .-.-.- --- -. .. --- -. -..-. - .... . -.. --- .-.. .-.. .- .-. .-.-.- .... - -- .-..

Translation: LIGHTAZPIDOXKQCE.ONION/THEDOLLAR.HTML

The Dollar

HTML code:

http://lightazpidoxkqce.onion/_ _ _.html Looking for 3 letters here .. Type illuminati backwards then add .com what is the abbreviation of the organization this leads you to.

itanimulli.com redirects to the NSA website

TEXT

WHOIS info on this is interesting…

Domain Name: ITANIMULLI.COM
Registry Domain ID: 92386827_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2017-06-22T22:32:21Z
Creation Date: 2002-11-20T07:54:13Z
Registrant Name: John Fenley
Registrant Organization:
Registrant Street: 1985N 360E
Registrant City: Provo
Registrant State/Province: Utah
Registrant Postal Code: 84604-1803
Registrant Country: US
Registrant Phone: 8014273274
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: pontifier@hotmail.com
Registry Admin ID: Not Available From Registry
Admin Name: John Fenley

Crop Circles

Code in HTML:

<!–
2+3=8,
3+7=27,
4+5=32,
5+8=60,
6+7=72,
7+8=?? 98
/??.html

As a math problem:

*1 + 3 *2 = 2+6 = 8

*2 + 7 *3 = 6+21 =27

*3 + 5 *4 = 12+20 = 32

*4 + 8 *5 = 20+40 = 60

*5 + 7 *6 = 30+42 = 72

*6 + 8 *7 = 42+56 = 98

SOLVE: 7+8 = 98

I never quite got this one… Can you put this solve into a URL?

To Wonderland

Code in HTML:

01101000 01110100 01110100 01110000 00111010 00101111 00101111 01100011 01110010 01100101 01100101 01110000 01111001 01101101 01101000 01110000 01100111 01101001

01100010 01110011 01100101 01110111 01110010 00101110 01101111 01101110 01101001 01101111 01101110 00101111 01110100 01101000 01100101 01110010 01100001 01100010

01100010 01101001 01110100 00101110 01101000 01110100 01101101 01101100

Binary Translation: http://creepymhpgibsewr.onion/therabbit.html

The Rabbit

Code in HTML:

WVVoU01HTkViM1pNTWs1NVdsZFdkMlZYTVc5alIyUndXVzVPYkdRelNYVmlNalZ3WWpJMGRtUkhhR3hhTWtaNllsZEdlbUY1Tlc5a1J6RnpTVU13ZEZveU9YWmFRMEp4WWpKSlBRPT0=

Base 64 decode thrice = http://creepymhpgibsewr.onion/thegasmask.html –good job

The Gas Mask

Code in HTML: 68 74 74 70 3a 2f 2f 63 72 65 65 70 79 6d 68 70 67 69 62 73 65 77 72 2e 6f 6e 69 6f 6e 2f 66 61 63 65 6c 65 73 73 2e 68 74 6d 6c

HEX decode: http://creepymhpgibsewr.onion/faceless.html

Faceless

Code in HTML:

\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x65\x65\x70\x79\x6d\x68 \x70\x67\x69\x62\x73\x65\x77\x72\x2e\x6f\x6e\x69\x6f\x6e\x2f \x68\x61\x6c\x6c\x6f\x77\x65\x65\x6e\x2e\x68\x74\x6d\x6c

HEX Decode: http://creepymhpgibsewr.onion/halloween.html

Halloween

Code in HTML:

104 116 116 112 58 47 47 99 114 101 101 112 121 109 104 112 103 105 98 115 101 119 114 46 111 110 105 111 110 47 116 104 101 115 99 114 101 97 109 46 104 116 109 108

Decimal Decode: http://creepymhpgibsewr.onion/thescream.html

The Scream

Code in HTML: http://creepymhpgibsewr.onion/thepic.jpg

The Pic

This kinda dead ends for me….

Page # The Witch

Code in HTML:

V1ZWb1UwMUhUa1ZpTTFwTlRUSlNkMXBGWkU5aU1EVklWR3BhYTFZeFNuWlhWRTV2WVZad1dHUXpWbWxOYWxaM1dXcEpNR1J0VFhsU2FrSmFWbnBTTVZsVmFGTmtSMHBFVVZoU1RWWXlVakpaYWtwU1dqSkdkRTlYYXowPQ==

Base64 Decode: http://witch4czudhcxbel.onion/satan.html –good job

I am going to assume that the witch is the solve for the math problem converted into a URL…

Satan

Code in HTML:

WVVoU01HTkRWWHBSVTFWNVVtbFZlVkp1WkhCa1IwNXZUa2RPTm1SWFVtOVpNMmhwV2xkM2RXSXlOWEJpTWpSc1RXdGFlbVZYTVdsaU1uaDZURzFvTUdKWGQzSk1VekZ5V2xkV2Qwc3laSFpoVnpWdQ==

Base 64 Decode: http//witch4czudhcxbel.onion/symbols.html+–keep+going

Symbols

Code in HTML:

YUhSMGNEb3ZMM2RwZEdOb05HTjZkV1JvWTNoaVpXd3ViMjVwYjI0dmRHaGxaRzl2Y25NdWFIUnRiQT09

Base 64 Decode: http://witch4czudhcxbel.onion/thedoors.html

Doors

Choose your doors…

Door One “Gore 226”

Code in HTML:

Base 64 Decode: http://gore226jrod4ia2c.onion/gore911/ — enter

Once you put in the url you get the following text on the new page:

Door Two “Grandma’s Garden”

I have yet to play with this one… I will get round to that.

Door Three “The End”

Code in HTML:

Congrats!! You broke the witches code.There will be more puzzles to come. Hope you enjoyed this Bluebox2600 @ http://blueboxlxc4o7mvk.onion/

Now the Esoterica begins…

Door Four “Sacred Geometry”

Code in HTML:

“Once in a while you get shown the light In the strangest of places if you look at it right”

Right! Well we are back to esoteric teachings that seem to be Illuminati in nature. I am not sure where this guy is going but it was a fun trip.

 

Written by Krypt3ia

2017/10/12 at 14:32

Posted in DARKNET, Esoterica

Trump Personal Emails for Government Business: How Many Sites Do They Have?

with 2 comments

The recent story about Javanka’s personal email server that they had used for government business made me ponder when it had been created and just how many others the Trumps may have out there. So after looking at the pastebin listing all their domains I noticed a couple things. The first thing I noticed was that after doing the WHOIS on their domain in question recently, was that it was a new acquisition. The domain had been created 12/31/16 which means it is pretty new as their domains go. Secondly, this domain is not attached to the over one thousand domains owned by Trump which kinda made me go “hmmmmm that there looks like obfuscation” and made mu Spidey sense tingle.

Ivanka and Jared’s Server: IJKFAMILY.COM

Domain Name: IJKFAMILY.COM
Registry Domain ID: 2086283293_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2017-03-06T06:55:27Z
Creation Date: 2016-12-31T01:33:34Z
Registry Expiry Date: 2017-12-31T01:33:34Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com

If you will take note that all of the other domains (see link above) are affiliated with the Trump name but this one was under the radar so to speak (IJKFAMILY.COM) being it is not overtly Trumpian in it’s name scheme. So my first question became “Did they set this up for this sole purpose? Or was it just a domain they had in the wings for something but decided to spin up port 25 and SMTP?” I am not sure on either of those reasons behind the creation of this particular domain but it did start the wheels of my mind turning toward the notion that out of all the Trump domains out there, how many could support an easy means of email under the radar for Donny and his brood? Well, the real answer here is that there are over one thousand possible domains that could immediately be set up to send email. However, upon looking into all those domains there are only 25 presently that have the ports open for email and running the services to allow for emails to be sent via them. Some of those systems have the ports filtered but many others do not and interestingly some of these also have secure protocols in place for emails using encryption which is very interesting indeed…

25 Instances on 8 Domains SMPT/POP/IMAP Already Running:

chicagotrumplimo.com
estatesattrumpnational.com
realdonaldtrump.info
theestatesattrumpnational.com
tirpromotions.com
trumpgolfscoring.com
trumppuntadeleste.com
votefordonaldtrump.com
trumpublican.org
200riversideboulevard.com
220rb.com
240rb.com
502parkavenue.com
721fifth.com
trumpparceast.com
trumpworldtower.com
votefordonaldtrump.com
chicagotrumplimo.com
estatesattrumpnational.com
realdonaldtrump.info
theestatesattrumpnational.com
tirpromotions.com
trumpgolfscoring.com
trumppuntadeleste.com
trumpwaikiki.com

So, all of these domains should be on the radar of the investigators out there in the Senate, House, FBI, IC etc and  I would hope that is the case. If I were those investigatory bodies I would be asking for some records from those domains if I were them, ya know, just to see if there were some emails going out concerning government business like Javanka’s little mishap recently. It is utterly fatuous that these people, who made a feast of Hillary’s email server are using private domains and emails to bypass the national record are doing this so flagrantly. Many of the servers also have some interesting ports open but I digress. Suffice to say that these people have patterns of behaviour so I would not be surprised if more turned up on other domains or that they may have even started new domains under the radar like Javanka there to hide the emails.

Now, on another note, I noticed something else as I was doing this little investigation. I noted a few domains that involved Russia and the Baltics. Once I did the WHOIS on them I also noted that they all were created around the same time in 2008. I have yet to really look into the timeline around 2008 for Trump but I have to ask just what was happening then that he thought to buy these domains? Were these domains bought after a possible deal had been struck or in hopes that talks would work out? I mean, if that is the case how could Trump make that claim that he had no business with Russia?

Well, yeah I know he lies like a bad toupee but really…

Domain Name: TRUMPRUSSIA.COM
Registry Domain ID: 1508991998_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2017-06-28T20:25:15Z
Creation Date: 2008-07-17T20:24:29Z
Registry Expiry Date: 2018-07-01T03:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS49.DOMAINCONTROL.COM
Name Server: NS50.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2017-10-09T13:04:03Z <<< Domain Name: TRUMPUKRAINE.COM Registry Domain ID: 1508992006_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2017-06-28T20:26:04Z Creation Date: 2008-07-17T20:24:29Z Registry Expiry Date: 2018-07-01T03:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS49.DOMAINCONTROL.COM Name Server: NS50.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2017-10-09T13:26:27Z <<< Domain Name: TRUMPBAKIAZERBAIJAN.COM Registry Domain ID: 1679227892_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2017-06-28T20:27:01Z Creation Date: 2011-09-27T14:00:19Z Registry Expiry Date: 2018-06-30T11:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS49.DOMAINCONTROL.COM Name Server: NS50.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2017-10-09T16:52:03Z <<<

So what made them buy all but one of these domains on July 17th 2008 I wonder? Now, one might then want to look into say Felix Sater’s domains that he might own on the internet as well right? After all Felix was the point man on all these deals with Russia that seem to keep bubbling back up. Not that I would go and do some digging like that…

Right?

Maybe next post…

Oh well, there’s a data dump for you all. Interesting stuff no?

Dr. K.

 

Written by Krypt3ia

2017/10/09 at 16:57

Posted in Turnip

Russian Active Measures: Propaganda, Targeted Ad’s, and The Mob

leave a comment »

Handbook of Russian Information Warfare 2016

 

With all the talking heads on CNN expounding on the ad buy’s in Rubles and the oblique presentments by the senators yesterday on the Russia collusion investigation on C-Span, I felt the needs to drop some knowledge. All of these measures are not new but it seems like the general populace, the government, and the media all cannot comprehend that fact. Propaganda has been around since the dawn of civitas and today it is just more able to be used more nimbly in our hyper-connected society. With the advent of social media, the use of propaganda has been been turned into a more precision tool using demographics, analytics, and a medium that engenders itself as a new asymmetric warfare tool and this should be no surprise to anyone.

Propaganda has long been a tool for the radio, print, and television media to be paid and or tricked into releasing content that serves one of the political masters out there. However, the new wrinkle is the heuristics of computing and social dynamics data thereof of all the data points that we now collect on everyone who is using the internet or sites like Facebook, Google, or Twitter. So much information is collected today that it is possible to accurately determine how a person thinks and acts given their preferences and their secret activities that are seen by the algorithms inside these systems. Unless someone today takes greater pains to obfuscate their activities, companies, and governments can easily mine that data for ammunition to create such things as the black propaganda we saw used in the 2016 election cycle here. Since people really don’t pay attention to the other countries out there, they too would have seen the same measures used in places like Ukraine if they had been paying attention.

Previously I had posted about such measures in Ukraine that included the whole cloth creation of a media company to manipulate the populace there with propaganda as well as the use of malware to spy on the populace. Today I am covering the precepts of the use of our own systems of social media as well as our collective group psychologies to sow chaos. Given the outcomes in the 2016 elections and the continued attacks on our psyche’s by Russia post election we now have a pretty good idea of how the dynamic works. One must though take into account that human nature plays the largest roll in this type of warfare for it is the base of the equation that the Russians are trying to manipulate. The targeting of ads to key states and cities was just a targeting mechanism to the overall more targeted PSYOPS operation that was at play. The Russians parlayed the divisions within the US by creating echoes within already nascent echo chambers for those who are of like minds on social media systems. Once the psychology was worked out it was just a matter of locating those pockets of people and then creating the media (e.g. fake news) to feed into those systems and agitate those people into a frenzy.

Once again, human nature was keenly leveraged to sow chaos as well as being a vehicle for those noise to signal messages (dog whistles) for the believers and I can appreciate that. Frankly I am in awe of the techniques used while at the same time I am concerned that there are no real ways to mitigate these kinds of attacks due to that said same human nature. We all have our bias’ and we all ascribe to our own echo chambers whether we do so consciously or not. Social media in itself is the perfect medium for this and we just fall into place as the lizard brain takes over. So when people today ask the questions around how to combat this type of thing I often say that there is no real way to stop it. We can of course use people to look at ads like Facebook is doing now, having hired or in the process of hiring thousands to do so. Or we could just look at the ad buys and insure that they are not being paid for in Rubles… But these means are clunky and the adversary has many other options so in the end it will not work.

The ongoing Senate investigation into collusion and the Russian active measures campaign in 2016 has many people also asking specifically about the targeting data. Did the targeting data come from the Trump organization? Well, yeah, it may well have come from them or it could have just been collated from online searches and a working knowledge of the electoral system. You see, this attack was simple enough to calculate if you wanted to attempt to win the electoral college. One can Google the states that are key to winning the electoral vote but it is the fact that it seems the targeting went down to actual names and addresses that matters. I for one would be asking Cambridge Analytica about that data and how it may have come into the possession of the Russians. Now it is possible that the Russians had their own parallel program for this, or it is also possible they hacked into Analytica for it, and as far as I am aware of no one has asked for a forensic analysis of CA’s security there. Of course the data could have been handed off by someone like Paul Manafort as a quid pro quo (black caviar) right? Or perhaps it was Jared as a means of paying off his Russian friends in hopes of a loan to cover his bad real estate debts? I also think that it is possible that the rolls hacking that happened in the same time frame could also be the answer to this. It is possible that all those rolls were copied, sifted, and used for targeting of propaganda at the final stage of the race to the White House.

At the end of the day though, the problems of social media, cognitive biases within the populace and the mob mentality that humans tend to fall into (Republican/Democrat/TeaParty) will not be going away. We are creatures of habit and limited by our own brain biology. Do not expect that knowing that there is a propaganda campaign will stop those willing to receive it from buying into it whole heartedly. Social media isn’t going away anytime soon and the idea of algorithms being the key to stopping this is a falsehood. It all really just matters how you consume this media and how you react to it. If you fall into the echo chamber of cognitive bias or bent, then you will likely become a part of that machine and not be able to separate the truths from the bias truths that you personally ascribe to. So when you all ask how this happened remember that we are the culprits, the people.

K.

Written by Krypt3ia

2017/10/05 at 14:51

MORTY! LOOK MORTY! I AM NO LONGER A MALICIOUS SITE MORTY! SOMEHOW THIS IS ANTICLIMACTIC MORTY! BRRRRP!

with 2 comments

Written by Krypt3ia

2017/10/03 at 20:33

Posted in Uncategorized