(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Author Archive

Prosecuting The Russian Cyber War: Beyond The Hyperbole

leave a comment »


This weekend my father actually asked me what I thought Big O was gonna do to respond to the hacking of our elections. He continued in the same breath to ask if we were going to take out Russia’s grid or something like that. My first thought was to say “Noooo” and to then explain to him how that might go all kinetic real quick like on us if we did. My response to him yesterday will be the genesis of this blog post today for you all. Since everyone seems all hot and bothered as to how we will respond and not giving Big O the benefit of the doubt that he actually reads the PDB’s and thinks about them, I will boil it all down to what I would do against Russia and Pooty to thread the needle and not cause an escalation.


I would undertake the review on what exactly happened with the IW/DISINFO/PSYOP/Hack that took place for the election. This is important to not only understand what happened, but to understand just how much damage was done and what actions it took to set that into motion. From this you can assess the response level you need and in this case it has been rather speculative as to what really went down. This I also really point at the whole argument that the election machines in key states may or may not have had some supply chain tampering going on. So far I personally have seen no evidence that there was enough of an investigation to rule this out.


I would look at the capabilities we have and the intelligence we have collected on Putin. Intel such as a good psych profile and anything on his wealth/business structure. With both of these I would seek to discern what would hurt him personally, not so much the country. I would also use the psych profile to determine in red teaming out what his responses would be to certain scenarios. In essence I would perform a game scenario simulation to get the best results for us and start to build a plan(s) on those.


I would, knowing that this attack was personal for Pooty, and given his nature (much like Trumps really) I would perform the following actions;

  1. Attack his finances. All of the dirty ones first.
  2. Attack him with whatever kompromat we have (CIA/NSA) in the same leaks style that we saw from the elections (See news today about Tillerson for a cue)
  3. IF we have the assets in place both digital and “other” I would work to counter ongoing efforts in Germany and France as well as other places where we know he wants to do the same thing politically

These are the things I would do in parallel to assessing the damage to our forward capacities regarding the ShadowBrokers recent tease. IF all of those exploits on there are real, then all of them have been compromised and burned. Any operations that may have used those tools are burned and any future use of them has been burned. It is my opinion that the new events with the ersatz “Boceefus” account is just Pooty and the GRU saying “Try anything and you will fail” but that is only one dimensional thinking frankly. It is time to go beyond bits and bytes and also use HUMINT.

Just this guys take…


Written by Krypt3ia

2016/12/19 at 19:05

The 2016 Election Cycle: Information War

leave a comment »

Written by Krypt3ia

2016/12/14 at 15:15

Posted in 2016

Informatsionnaya Voyna

leave a comment »


As I write this the Twitter-sphere is on fire as the President Elect tweets that he does not believe the IC that the 2016 election cycle was tampered with by Russia (KGB and GRU) by Putin’s orders. Many people in the media and online are all up in arms over Turnip’s refusals and the hue and cry over how the IC should present what they have to Congress, the Electoral College members, and the people of the United States. I for one am sick of this back and forth armchair NATSEC bullshit. So here are my beefs in simple sentences for the simple minded…

If the IC says something happened then we should have an investigation.

Evidence from Crowdstrike on the DNC hack was enough for me to say we need a better investigation.

The fact that the RNC had nothing of merit dropped on them as DOX go to Wikileaks or elsewhere says volumes on direction of the attack.

Now that the IC is coming out of the shadows with allegations then the government should look at the voting machines forensically as well as other systems polling places use.

The hacking of the DNC was just ONE part of a LARGER action taken by the KGB and GRU and people should STOP just focusing on the DNC hack. It was an Informatsionnaya Yoyna operation!

People need to fucking STOP yammering about “why” Putin wanted to do this and his goals. His goals were to upset the apple cart here and IF he got a USEFUL IDIOT to control in the bargain even better!

Fake news is really PROPAGANDA just fucking call it what it is!


Fuck Turnip, stop listening to him at all. He is a pathological narcissist and NEEDS to feel that he is in control, he is wonderful, and he is LOVED by his minions.

FOCUS on how we are going to react to this! Do we allow this guy to be in the Whitehouse after we KNOW Russia played us?

We need to act or that dystopia everyone talks about will be fucking real!

Ok, now that I have that out of my system… Go read this NATO FM on Russian Information Warfare. You need to understand your enemy to react to them.


Written by Krypt3ia

2016/12/12 at 20:58


leave a comment »



A Note from Krampus….

Well kids it has been one hell of a fucking year for Krampus and he is feeling pretty god damned angry so you all better gird your loins for a good nut-sacking! Last year Krampus managed to get all the butt-hurt en fuego because he posted raw data and made the community look at their own shit. This year he sourced the nominations to the Krampus INFOSEC star chamber (you all know who you are and why you are wearing the hoodies when you voted!) but the general sense was that the aphorism of “None of us is as bad as all of us” is quite appropriate. To that end, Krampus is still fucking pissed with all of you really. You all, as a ‘community’ suck and you should stop thinking you are all special rock star INFOSEC snowflakes.

All of you con whores need to stop.

All of you Rock Stars need to get a life.

If you only care about breaking shit… Well… Fuck you. Hug a blue teamer so they can stab you in the spleen.

I guess Krampus just wants to quote Shatner here:

You know, before I answer any more questions there’s something I wanted to say. Having received all your letters over the years, and I’ve spoken to many of you, and some of you have traveled… y’know… hundreds of miles to be here, I’d just like to say… GET A LIFE, will you people? I mean, for crying out loud, it’s just a TV show! I mean, look at you, look at the way you’re dressed! You’ve turned an enjoyable little job, that I did as a lark for a few years, into a COLOSSAL WASTE OF TIME!

Grow the fuck up!

Ok now that Krampus has that off his plate, on to the Krampus list 2016!


JESUS FUCKING FUCK! As if the government’s current approval rating of 17% overall wasn’t bad enough they still have not clue one how to secure shit! 2016 was a fuckfest of data loss and cyber fuckery! Take heart though kids… 2017 under Der Trumpler will be EVEN WORSE!


HOLY FUCKING SHIT! could you guys please not have all your email and databases on systems secured by the local village idiot for a fucking change? What the fuck people? Watching all your email sprayed upon Wikileaks like so much CYBER JIZZ was enough for me to just pine for Putin’s shock troops to parachute in like in RED DAWN!



Allowing Putin’s re-constituted KGB do your cyber war dirty work was spectacular really but FUCK YOU.






Dear China,

You now have Krampus’ SF-86 and YET he has not had an attempt by some SWALLOWS to turn me? WHAT THE FUCK? Come on!




YOU are on the list because you sit there like a turkey in a rainstorm while all our CYBER shit goes to hell.

Krampus hates you with the force of a nuclear explosion.


Krampus first would like to say that he is often times just injecting shit into the stream to cause your SIGINT to be shitty.


THIRDLY, Krampus would like to say that your loss, carelessly, of those tools this year… JESUS FUCK! WHY NOT JUST PUT IT ALL ON THE DARKNET FOR BITCOIN HUH?

FBI: Director Comey

JIMMY! JIMMY BOY! what the ever loving fuck man? First your moaning over crypto then this whole thing with emails and fucking up elections? Extra flailing for you!


Jake Applebaum

JAKE,  your room in hell has been furnished and is ready to go. The giant drill dildo that has a perpetual spray of ghost pepper is Krampus’ idea and Lucifer approved. Ride it like you stole it you fucker.




HILLY! HIL, HILLSTER! WHAT THE FUCK? You are a smart woman and yet you fuck up the most simple things around email?

Welp… There you go… Krampus hopes that your BLEACH BIT of your history goes better than your classified data mishandling and email fuckery!



UGH, Krampus hates you all really but a few of you stood out in your cyber shit speaking and douchery! Generally though, the business of security has only doubled and tripled down on the fuckery. If Krampus really cared he could have a whole screed but he is just too shagged out over the community anyway to give a proper fuck!





Facebook (aka FaceCult)




Symantec Buys Lifelock!


Guess it is one way to make money of your shitty product…

The Media:

Shitty Reporters (general)

Krampus saw and is still seeing some truly shitty reporting on the “cybers” out there. It is still playing out with reporters not talking to experts on a thing but then again it is the new age of there not being such a thing as facts so I guess fuck it all.

THIS douche really really really got shit wrong this year in the cyber. He is on Krampus’ list for some special treatment.




Krampus had hopes for you but he always knew that you would become nothing more than an arm of propaganda for whatever intelligence service decided to use you. WHO KNEW it would be Russia? Oh yeah, ASSange did because he is their boy!

Die in a fire you propagandist fuckwits.

Written by Krypt3ia

2016/12/05 at 14:08

So Why Doesn’t Tor Blog Really Show You How To Set Up A Hidden Site?

leave a comment »


I was recently fiddle farting around on the TOR blog and looking at the setup tutorials for a ‘Hidden Site’ on TOR. When I really dug down into the alleged tutorial though, there wasn’t a whole lot of help there for someone isn’t let’s say, a “Dark Cyber Wizard”, to set up a site inside the onion. Sure they tell you to download the TOR and then to do ‘things’ and magically you have a tor site!

*blank stare*

No TOR blog not really. Since the disappearance of Vidalia and your pimping of the TOR Browser only really, you seem to be neglecting adding to the complexity of the onion with, ya know, actual sites to look at in there. So to that end I thought I would just write up this quick and dirty for Ubuntu (I hear the hisses out there already from some) and give you some guidance on what to do after you get it running. I am using Ubuntu because FUCK YOU is why! So just deal with it.


Phase one: Install your web server

Step one: Install lighttpd

sudo apt-get install lighttpd (or NGINX or whatever you like really but lighttpd is what is recommended by TOR)

Step Two: Start the server

sudo /etc/init.d/lighttpd start

Step Three: Check it is up

Open browser and go to and see if you see the default page. If that isn’t working I suggest you google some things about how lighttpd works

Phase Two: Install TOR and configure Hidden Site

Step One: Install TOR

sudo apt-get install tor

Step Two: Edit TORRC

sudo nano /etc/tor/torrc

UN-comment these two lines (in red) and of course change the port from 80 to something else if you want to.



Step Three: Start TOR

sudo /etc/init.d/tor start

Step Four: Get the onion address

sudo nano /var/lib/tor/hidden_service/hostname

Step Five: Copy the address in the file and close out.

If you have followed these steps then you “should” have a working TOR hidden site and that default page in lighttpd will be showing up in the onions. Now this mind you is just to get the shit installed and working right? I mean, there is much more to this hosting an onion site that concerns security. For that I suggest you all learn how to secure your Linux install, your lighttpd version and install, and of course the TOR itself. You are gonna have to keep up on the vulns for TOR and everything else to insure you aren’t just hanging your dick out there on the internet for everyone to slap right?

But this all leads me back to the question of why TOR blog does not simply just give you the means to install and use this product? Are you guys afraid of being liable for a naughty site to be out there? Are you guys instead all trying to be dark cyber wizards keeping secrets like some cyber dragon in their cyber cave?


It’s not that fucking hard but man you guys really make all kinds of stupid about it.

Ok kids! Go install and play!


PS.. if all of this Linux stuff is too arcane for you… well..




Oh yeah, by the way, you should really run an OnionScan against your new site to see what may be leaking or insecure. Go do that now… If you have issues please get in touch with @OnionScan

Written by Krypt3ia

2016/11/29 at 19:53

Posted in RTFM

Re-Counts and Forensics in 2016

leave a comment »


Since the election I have taken a break from the insanity as much as I could. I blocked off Trump on Twitter but he keeps leaking through the blocks anyway. I have been reading though on the usual source sites like the New York Times and other news sites and with each day I am seeing the utter unravelling of America. Thinking about it though I have to wonder if the unravelling happened long ago and this is all just an echo of the failure finally reaching us all like a radio wave from a distant dying pulsar…

Anyway, I wanted to write today about the current debacle concerning the vote and the calls for an audit of that vote. Since the Green’s have gotten the ball rolling and the Clinton camp finally agreed to look at the vote it seems to be happening and that is a good thing. In an election where blatant tampering through hacking and information operations (DISINFO and IFO-OPS) by the Russian state one can have some sense that perhaps the same adversaries ‘might’ have tampered with the actual votes as well. Now, had it been just troll propaganda wars I might say; “Ok we have been played, they did it, we lost because we as a people are unable to comprehend real news from fake news” but that is not all that happened here. We saw actual hacking campaigns carried out on our voting infrastructure and one of the parties outright and still no one is clamouring for a re-count AND an audit of the systems that are already known to be security challenged?

It is incomprehensible to me at times how our government works at all. The group think and the lackadaisical attitudes towards information security are staggering but this whole episode takes the cake. You mean to tell me that the DHS and the government, the ones who brought us the OPM hack and other massive data breaches are going to tell us that the vote could not have been hacked and it is silly to even consider a forensic audit? This is what I keep hearing in the media and out of the government as calls for the votes to be re-counted and audited. It is also what I am hearing post Halderman’s paper and blog post that says: “I’m not saying the vote was hacked but there is evidence enough to say maybe we should look into it”  What the fuck? We know things went down so why all the reticence to check?

Well let’s look at it another way shall we? let’s say the government, ya know the one who keeps claiming we have “cyber superiority” in fact is shown to have such a poor state of security (like OPM isn’t enough to cast doubt on that one) that the election systems, the ones that the security community has been warning about as insecure for years now, was in fact manipulated as part of a larger operation to fix the election for Putins puppet regime? What exactly would the outcomes be from that revelation?

  1. The system would not be trusted
  2. The country would be in chaos
  3. The government would be seen as incompetent
  4. Putin wins.

It seems to me that most of these things have already come to pass. Sure, we have not actually proven that the systems in key Electoral College states were tampered with by malware or added code yet. That code could have been put in the supply chain easily by infecting the key systems the polling places use (see Halderman’s paper *think USB and ballot templates*) but all it takes is a real forensic evaluation to determine if something was amiss right? Yet I still don’t hear a clamour to get this done. Why is that really? We have been sold the idea on many occasions that it is too hard to hack the election but really, with a limited target and a goal of manipulating it subtly one would not see it blatantly would they? I mean fuck, look, Clinton has what like 2 million more popular votes and this fuckwit wins the college? It is either fantastic strategy on the part of his campaign (I mean Putin’s campaign) or, given all of the other evidence of tampering and obfuscation that something could be amiss with the known insecure systems we vote with right?

Really what I am saying here is this; “We have been played. We have been played and now we have this kleptocrat in office who’s been placed there, whether or not you want to hear this, by the Russian governments intelligence apparatus. The least you can do now is do the due diligence to see if something more happened than the hacks and disinformation operations we already know about.” I suspect though that the government does not want to do this because it would call everything into question. It would openly call out the fact that a nation state fucked with us in such a fundamental way that the only real response would have to be, well, war? I mean what is the response to something of this scale anyway right?

Weigh the evidence.

Occams Razor this shit.



Written by Krypt3ia

2016/11/28 at 13:39

Posted in .gov, 2016

Dear Republicrats, You Are Now Comrade Putin’s Puppets.

with one comment


Well you did it GOP and America, you finally elected a person who seems to be on the face of it, aligned with Russia, is an asset of Russia, or in fact is just a “Useful Idiot” as Uncle Joe Stalin called it. Worse still, it seems that you also have given access to at least three people within the Trump campaign who have had ties, direct ones, to Russia, the Kremlin and Alfabank to the White House. These people too may in fact be outright assets of Putin and the KGB.

Congratulations America.

What’s worse is that the GOP has actively pursued this all in the guise of being alt-right or more American than most Americans all the while you have been Putin’s pawns as well.

Once again, congratulations America.

I fear for the country in more ways than one. I fear that our President elect can easily be led to foolish action. (just look at his Twitter)

I fear that his strong man sensibilities and his crazy ideas about NATO will make the world a more dangerous place.

I fear that he has no idea how to run the country and likely will not listen to those who do.

I fear that in an age of Cyber “Warfare” and espionage this man has no cogent ideas on how to protect the nation.

I fear that this man also has a hair trigger and will pursue actions both Cyber and otherwise in the warfare arena that will only end in escalation of tensions globally.

I fear that his minions, and by that I mean the neo nazi’s the white supremacists, and the general maladjusted nut cases like those Alex Jones has in his thrall will only be emboldened to take actions against anyone they don’t like.

In short people we are fucked.

See ya..

Or maybe more on point, “dasvidaniya


Written by Krypt3ia

2016/11/09 at 20:28

Posted in 2016