Archive for the ‘2016’ Category
Defeating Disinformation
This tweet came up in my feed this morning and it got me thinking. There has been a lot of talk about how disrupting or denying the sources of disinformation could put a stop to it altogether. I for one have not been a proponent of strictly technical solutions to this because they never will work fully and while you can play whack a mole with fake news or disinfo operations, it will always propagate with those who have the cognitive bias and dissonance. What I mean by that is that the mind virus that is fake news or disinformation is just that, those who are disposed to it will propagate it if not create it out of whole cloth for their own reasons be they financial, cultural, or psychological.
While it has been shown that if you give those predisposed to these narratives, the truth once or twice they do not come to the conclusion that they are in fact falsehoods. In fact, the studies thus far have shown that you must repeatedly bombard those individuals with the truth (truth bombs heh) until they actually accept the truth. So, unless you can force these individuals to accept “truth” via other channels than the disinformation feeds, you will have little luck in stopping the disinformation from doing it’s harm and being magnified by those predisposed to their belief in them.
So, what I am saying here is that once again, the technology will not be able to stop the false narratives. The technologies today short of a truly Turing compliant AI that is plugged into the internet as a whole, will not be stopping the disinformation never mind those campaigns of falsehoods by the likes of an Alex Jones because they will be passing them in email, news sites, comments in sites, texts, tweets, over the phone, over the air, …everywhere possible. The reliance or thought of reliance on technologies alone to save us from all this kind of warfare is patently naive. The psychology of why disinformation works and how these things propagate WITH the technology is where we need to focus. More so we need to focus on the psychological aspects in relation to how we might leverage technologies to get the truth into the right minds with repeated viewings is key. Alas though, I fear that this is not what many in the technology space are considering and are relying on algorithms instead of focusing on the animal behind the keyboard. Until we do this I am afraid we are quite doomed to failure.
I also began to parse this tweet out a bit as well on the hacking versus the disinformation campaign. It is quite clear that the hacking and the dumps of information were at some level laced with disinformation but not as a whole was the hack a part of the disinformation campaigns by the GRU. While “not getting hacked” is a good start, the real problems came from other sources and in fact when I looked at the DC leaks stuff and the claims I did come up with some gold that the data did not come from the Clinton Foundation, but instead was DCCC and DNC only to the contrary of what Guccifer 2.0 wanted people to believe.
So yeah, the information being hacked surely added to the mix of disinformation out there but it was not a main contributor to it. Overall, the problems of disinformation rely much more on the psychology of the tribes at play now and the cognitive issues we have within them than the hacking ever did. It turned out at least in the Clinton campaign there was no real “there” there to latch on and make her look even worse with an expose of wrongdoings. The most we got was that they were treating Bernie poorly but really, that was it.
Where were the Benghazi revelations?
Where where the revelations that she and others were running a pedophile ring out of a pizza parlor in DC?
Where was the absolute proof that Clinton had ordered the murders of a number of US citizens and in fact was funneling monies around to places like Panama?
Oh yeah, there were none and this is the reason why the others out there including the GRU and the SVR were creating those narratives on Twitter, Reddit, and elsewhere for those predisposed to those mental virus were living and ready to echo the message to others. When the day comes that we see a dump of information that has been tampered with well enough to detect forensically, then we can parse that out a bit and prove out that a hacked dbase was the cause of disinformation like some of the DC leaks stuff tried to be. Other than that, the two roads do not meet in my book.
The technology is the amplifier but the humans behind the keyboard are the real engines here.
K.
Reality: Spearphishing Campaigns and Election Systems
So Bloomberg has a story out today concerning allegations that the hack on the election was larger than first admitted to by authorities and the leak of a document by Reality Winner. This of course started the Twitterati to start making noises and got me to thinking about the whole thing. People have been asking about whether or not the hack was successful and to what end would the hacks be if they were successful or not. I myself have held the idea that the success or failure of the hacks isn’t as important as the notion that the systems had been tainted by hacking or manipulation. As you all may remember there were news stories of how the hackers attacked the systems before the elections before Reality dropped her document on the Intercept and then promptly went to jail for her stellarly bad OPSEC. Those stories seem to have been largely forgotten by the general populace but not so much with the IC given the snips of the document given to the Intercept. The snips show how the adversaries used common phishing exploits to “spearphish” the users at particular companies in a credential harvesting operation. Once I really took a close look at these though I began to question some things and thought maybe you all should too.
Why doesn’t the NSA know whether or not the attacks were successful?
So yeah, why doesn’t the NSA know whether or not things worked for the adversaries attacking these systems? Were there no forensics? Were the NSA not allowed to see anything? One begins to wonder why all this is in the report marked TS and such. Of course something in the markings also says “To US” so would this imply that the data came from FIVEEYE to the us? Once you begin to ponder all these things you start down the dark path of the game of shadows and we don’t need that. All of this said though, once again, the document here is showing only that they know attacks happened but they have no evidence of the attacks working and to what extent.
Why is that?
Where are the C2’s and other IOC’s?
Given that we don’t have the information on whether or not these attacks worked, then I guess it is a foregone conclusion to ask for, ya know, evidence right? Well I am gonna ask anyway, where is the evidence of the attacks other than the email address given in the report? No C2’s no infrastructures outlined. Are they in another compartment somewhere? In fact Reality had made mention of another document in her jailhouse tapes so are these bits in there? Without these one cannot conclude much of anything as to the adversary we are dealing with. After all, you all in the business know that these kinds of phishing attacks are quite common. How many of you blue team folks who read me have seen these same kinds of Google Drive/WP/PHP sites that harvest creds then pass you to the site you wanted?
This is not advanced
This is not uncommon
This is not a lock on any adversary in particular
Yet here they are saying it was the GRU… Why? What other evidence do they have? HUMINT? SIGINT? None of this is mentioned in what we have been given by the Intercept.
Why is this all marked TS if there is no real sources and methods here to burn?
Back to the whole TS/FVEY/ORCON alphabet soup, why is this being held so closely? Now, I have my own particular bent here that I have written about in the past which goes something like this;
- We don’t want to admit the hacks happened because if we did it would cast doubt on the election
- If we admit they happened people will doubt the system and it will erode the democracy
- If we admit they happened AND they actually got in and they manipulated the system… Well… HOLY SHIT there’s goes the election system and the democracy
- If we admit it happened and it worked then how much trust would there be in the government anymore?
In fact in articles circulating today, and I think it was in the Bloomberg piece, the case was made by President Obama that they would not want to admit to a hack for these very reasons…
So, there is that huh? If the scope of the hack is proven then it will in fact have the effects above and it would give Putin the satisfaction that his goals of active measures are still bearing him smelly fruit. I can then see them wanting to keep all of this stuff super secret couldn’t you? I guess Reality, though an idiot, perhaps had the same feeling and decided to do this in some warped view on trying to get rid of the current president. Another reason may be, and this is a tenuous one, that all of this is now part of the investigation into Russian meddling that the Congress is carrying out. I doubt that is the reason though. I really think it is just the IC being the IC and that the government has a reason to keep this all secret because it would erode things further where the government and our system of elections are concerned.
GRU or Patriot Hackers? (A Team versus B Team)
Alrighty, now we get on to the whole whodunnit thing. The documents sure do say that it is the GRU but like I said they don’t give you enough proof to do anything in a court of law for sure. While I was pondering this I had a flash on what Pooty said recently about “patriot hackers” and how the NSA document here alludes to klunky attacks. Like I said above, these phishing exploits are not uncommon. I see these every god damned day so it is really a measure of how well they were put together and whether or not escalation and pivoting happened to show another kind of actor here. Oh, and yeah, that information is conveniently not in the report here and once again, the NSA does not know if the attacks succeeded.
Think about that.
Then they go on to say it was Russia.
Ok, so maybe, just maybe it was Russia but it was the patriotic hacker B team eh? What if Pooty was telling a truth there and we all just scoffed and moved on? Given what the documents say I can see that maybe some talented amateurs or a B team decided to carry out a moonlighting operation to amplify things. Hey crazier things have happened right? What I am saying is open your minds to the idea that this was not the GRU but other actors like cyber patriots who may have gotten in but then failed to really do damage to the systems.
Maybe.
Without ya know like evidence though… Meep Meep.
Conclusion:
Welp, the cat is out of the bag NSA. It’s time to fess up. I think you and the government need to start producing evidence, forensic evidence, or GTFO. If the election data was hacked and manipulated then let us all know and then FUCKING FIX THE SYSTEMS AND MAKE THEM CRITICAL FUCKING INFRASTRUCTURE!
Dr. K.
The 2016 Election Cycle: Information War
Just wanted to put this all together for you all…
Starting in June…
https://krypt3ia.wordpress.com/2016/06/17/the-dnc-hack-svr-kgb-gru-lone-hacker/
https://krypt3ia.wordpress.com/2016/07/24/wait-till-october/
https://krypt3ia.wordpress.com/2016/09/06/influence-operations-we-all-carry-them-out/
https://krypt3ia.wordpress.com/2016/11/01/shits-gone-plaid-gdd53-and-slate/
https://krypt3ia.wordpress.com/2016/11/09/dear-republicrats-you-are-now-comrade-putins-puppets/
https://krypt3ia.wordpress.com/2016/11/28/re-counts-and-forensics-in-2016/
https://krypt3ia.wordpress.com/2016/12/12/informatsionnaya-yoyna/
Re-Counts and Forensics in 2016
Since the election I have taken a break from the insanity as much as I could. I blocked off Trump on Twitter but he keeps leaking through the blocks anyway. I have been reading though on the usual source sites like the New York Times and other news sites and with each day I am seeing the utter unravelling of America. Thinking about it though I have to wonder if the unravelling happened long ago and this is all just an echo of the failure finally reaching us all like a radio wave from a distant dying pulsar…
Anyway, I wanted to write today about the current debacle concerning the vote and the calls for an audit of that vote. Since the Green’s have gotten the ball rolling and the Clinton camp finally agreed to look at the vote it seems to be happening and that is a good thing. In an election where blatant tampering through hacking and information operations (DISINFO and IFO-OPS) by the Russian state one can have some sense that perhaps the same adversaries ‘might’ have tampered with the actual votes as well. Now, had it been just troll propaganda wars I might say; “Ok we have been played, they did it, we lost because we as a people are unable to comprehend real news from fake news” but that is not all that happened here. We saw actual hacking campaigns carried out on our voting infrastructure and one of the parties outright and still no one is clamouring for a re-count AND an audit of the systems that are already known to be security challenged?
It is incomprehensible to me at times how our government works at all. The group think and the lackadaisical attitudes towards information security are staggering but this whole episode takes the cake. You mean to tell me that the DHS and the government, the ones who brought us the OPM hack and other massive data breaches are going to tell us that the vote could not have been hacked and it is silly to even consider a forensic audit? This is what I keep hearing in the media and out of the government as calls for the votes to be re-counted and audited. It is also what I am hearing post Halderman’s paper and blog post that says: “I’m not saying the vote was hacked but there is evidence enough to say maybe we should look into it” What the fuck? We know things went down so why all the reticence to check?
Well let’s look at it another way shall we? let’s say the government, ya know the one who keeps claiming we have “cyber superiority” in fact is shown to have such a poor state of security (like OPM isn’t enough to cast doubt on that one) that the election systems, the ones that the security community has been warning about as insecure for years now, was in fact manipulated as part of a larger operation to fix the election for Putins puppet regime? What exactly would the outcomes be from that revelation?
- The system would not be trusted
- The country would be in chaos
- The government would be seen as incompetent
- Putin wins.
It seems to me that most of these things have already come to pass. Sure, we have not actually proven that the systems in key Electoral College states were tampered with by malware or added code yet. That code could have been put in the supply chain easily by infecting the key systems the polling places use (see Halderman’s paper *think USB and ballot templates*) but all it takes is a real forensic evaluation to determine if something was amiss right? Yet I still don’t hear a clamour to get this done. Why is that really? We have been sold the idea on many occasions that it is too hard to hack the election but really, with a limited target and a goal of manipulating it subtly one would not see it blatantly would they? I mean fuck, look, Clinton has what like 2 million more popular votes and this fuckwit wins the college? It is either fantastic strategy on the part of his campaign (I mean Putin’s campaign) or, given all of the other evidence of tampering and obfuscation that something could be amiss with the known insecure systems we vote with right?
Really what I am saying here is this; “We have been played. We have been played and now we have this kleptocrat in office who’s been placed there, whether or not you want to hear this, by the Russian governments intelligence apparatus. The least you can do now is do the due diligence to see if something more happened than the hacks and disinformation operations we already know about.” I suspect though that the government does not want to do this because it would call everything into question. It would openly call out the fact that a nation state fucked with us in such a fundamental way that the only real response would have to be, well, war? I mean what is the response to something of this scale anyway right?
Weigh the evidence.
Occams Razor this shit.
DO THE FUCKING FORENSICS.
K.
Dear Republicrats, You Are Now Comrade Putin’s Puppets.
Well you did it GOP and America, you finally elected a person who seems to be on the face of it, aligned with Russia, is an asset of Russia, or in fact is just a “Useful Idiot” as Uncle Joe Stalin called it. Worse still, it seems that you also have given access to at least three people within the Trump campaign who have had ties, direct ones, to Russia, the Kremlin and Alfabank to the White House. These people too may in fact be outright assets of Putin and the KGB.
Congratulations America.
What’s worse is that the GOP has actively pursued this all in the guise of being alt-right or more American than most Americans all the while you have been Putin’s pawns as well.
Once again, congratulations America.
I fear for the country in more ways than one. I fear that our President elect can easily be led to foolish action. (just look at his Twitter)
I fear that his strong man sensibilities and his crazy ideas about NATO will make the world a more dangerous place.
I fear that he has no idea how to run the country and likely will not listen to those who do.
I fear that in an age of Cyber “Warfare” and espionage this man has no cogent ideas on how to protect the nation.
I fear that this man also has a hair trigger and will pursue actions both Cyber and otherwise in the warfare arena that will only end in escalation of tensions globally.
I fear that his minions, and by that I mean the neo nazi’s the white supremacists, and the general maladjusted nut cases like those Alex Jones has in his thrall will only be emboldened to take actions against anyone they don’t like.
In short people we are fucked.
See ya..
Or maybe more on point, “dasvidaniya”
K.
Shits Gone Plaid: GDD53 and Slate
Last night, Halloween Night, it turned out was the last of the last nights for October Surprises and this time I was dragged into the mire by piss poor reporting by Slate’s Franklin Foer. Evidently Franky has been talking to “Tea Leaves” the titular secret security squirrel who has been pimping this conspiracy theory about Trump email servers and Russian banks for a while now. I came across the story when someone I know got hold of me asking technical questions about the story. I then did the due diligence and began looking into it and wrote a blog post that in the end after a couple updates dismissed Tea as a fabricator and moved on with life. I then edited the post with an update that in fact, part of Tea’s story was right that the New York Times had looked into this. While this was true, it is also true they dropped it for lack of evidence that you could get past editorial, so my blog confirmed that much at least. Unfortunately Tea still shopped this around until someone took the bait hook line and sinker (Foer) putting out speculation, anonymous testimony, and not much more as proof positive that Trump is in league with Russia’s Alfabank via secret emails and configured servers.
Evidence:
There was none. There was a lot of speculation and theory but what Tea had put on the darknet and had been shopping around was not forensically proven and in fact all of the metadata that may have existed had been stamped out of all documents or never existed in the first place as they were using text files. In looking at the so called evidence I called bullshit and began questioning Tea. Tea emailed me trying to pimp more of this story but I asked pointed forensic questions and about the provenance of their “data” after doing so, Tea claimed they “never got the email”. This was utter bullshit because I even created an account on the same encrypted email server as theirs to send it to them. Clearly they did not want to or could not answer my direct questions on authenticity.
Here were the questions:
I got nothing back so I walked away from this story updating the blog with the image you see at the top. This was a non story and this was someone’s troll or an IC operation of some kind. I left it at that… That is until last night when this fallacy laden report came out of Slate.
Anonymous Security Professionals
So here is what I believe happened with Slate and Foer. Tea, not happy with my ignoring their bullshit, went on to pimp at least five venues looking for a way to get this wide and Foer was the gullible one to do so. Now, with a live one on the line Tea spun their tale and added the new twist that they are in fact a group of “security professionals” with insider knowledge and that this story is really real. Of course once again they provided no real proof of Trumps servers being configured for this purpose, no evidence of actual emails, and no real forensically sound information that proves any of what they say can be proven in a court of law. This is a key thing and Slate may not care but others do. Even in the previous dumps on the i2p site that tea set up their diagram said “this is what it would look like” would is not proof, that there is speculation and not evidence.
So more fuckery and none of it can be proven out, in fact as many on Twitter last night including Rob Graham skewered the whole thing pretty well. In the end there is no proof here that these events happened as they are being stated and if there is evidence, solid evidence, then it is being hidden by those said same security researchers because… Because why? If you have evidence that Trump has been in league with Russia via email servers as a defacto hotline then give the evidence to the FBI! What the holy hell are you doing spinning tales to fuckwit reporters? Like I said on Twitter last night, you lack the courage of your convictions sir.
OPSEC
Meanwhile, the story spun by Tea and now Camp et al on Slate makes me wonder just who Tea is. Obviously Camp knows Tea and the others and this is a small world so let’s work out the connections shall we?
Camp –>Vixie –> ??? let’s just assume that Camp knows these persons well and if one starts to dig you could come up with a few names of people who “would” (there’s that would again) have the kind of access to DNS data that is needed. Let’s just start naming names like Dan Kaminsky for example as Tea just because fuck he has access to that kind of stuff! It’s fuckery sure, but it is just as valid as that fucking slate article am I right or am I right?
Just remember Tea and company, we all know each other in this biz and someday your anonymity will be blown because of your fucking bad OPSEC. When that day comes then you better produce some solid evidence.
Just sayin.
Reporter Fuckery
Lastly, let me just say that I never “softened” to Tea. I got some facts that NYT looked at this and I postulated that it is possible for this kind of stuff going on but in the end I said that there was no proof. So this line that I am sure Tea gave to Slate about my “incorrect assumptions” was outright fuckery.
Proof or get the fuck out.
K.
Scenarios on Outcomes from Russian Information Operations on the US 2016 Election
Assessment Goals:
With all that has been happening with the disinformation and influence operations during this election cycle I thought it prudent to thought experiment out some scenarios if Russia or any other adversary with the means, decided to attack the election cycle in other ways. One might ask right now what benefit would other countries like Russia gain from such operations and you would be right to ask. That is a question for another post but suffice to say that if Russia is indeed tampering with our electoral process like they have in others, then the reasons are geopolitical and very much Putin’s aegis in ordering the SVR and KGB to carry them out.
The goal here is to just lay out the attacks that could happen simply and then give you the likely outcomes. All of these are not as comprehensive as you might find in some think tanks like Wikistrat but you get the idea. All of these attacks are possible, and they do not have to all work completely to have secondary and tertiary effects on the US population and political system. Please read through them and ponder yourselves how would you react if these happened? How would the general populace? Would government be able to carry on? If the election cycle is broken and the systems not trusted, how would one re-set the vote and how long would it take?
Interesting times….
SCENARIO 1: VOTE TAMPERING
The voting machine have been tampered with electronically or code has been inserted. The potential for votes being tabulated incorrectly or data tampered with is possible but not probable in the grander scheme in the US according to sources. However, this does not preclude a way found to insert such code or physical devices in key states. It is also not impossible to have assets in play such as sympathizers or outright KGB assets on the ground helping to tamper with the results. I will not go into the details because this is a scenario to start but it is also not the point. Let’s just assume ways have been found to tamper enough to call the electoral data into question via tampering directly with the systems.
POTENTIAL OUTCOME:
- Trust in the election system is diminished
- Recalls are called for by both candidates and the public
- The electronic systems will lose public trust and a re-assessment of the process will be mandated
SCENARIO 2: VOTER ROLLS TAMPERING
Scenario 2 is based on recent events. The hacking of the rolls databases in key states could be an attempt to manipulate the data and cause secondary issues with that data on the day of the election. The posit is that the adversary has tampered with people’s voting preferences data. If you are a republican they can change that roll to the opposite party and vice versa. Additionally what if a users region or address were changed surreptitiously? To date there are no systems that I am aware of that will email you when a change is made to your voting status and how many people check before they go to the polls? This is a common tactic that has been used in gerrymandering an election area by disallowing voters from voting on the day of the election. To date, the FBI has not been able to determine what the hacking on the voter databases was about and this could be one of the goals.
POTENTIAL OUTCOME:
- Voters are unable to vote once they get to the polling place.
- Voters are not allowed to correct these records and are thusly negated from the process
- Attack key states once again, going for the electoral college and you can change the outcome of an election
- All of the above once again have the amplification of causing distrust of the system and damage to the election
- The candidates and the people are left with a recall and with the system being manipulated already how can they trust it?
SCENARIO 3: DISRUPTION OF THE PROCESS ELECTRONICALLY
Russia has attacked the Ukraine elections by inserting malware/code into the election machines in 2014 that effectively bricked them. If such an attack code were placed and propagated within the American voting systems the disruption would cause the election to be halted and emergency measures taken. Perhaps the election might try to carry on with paper ballots but I am unsure the process can be that effectively nimble. If the election systems are down, since they are of varying makes and models of machines, the time to return of service would be long, causing more FUD to the elections process itself.
POTENTIAL OUTCOME:
- Voters are unable to vote or the process takes so long that they walk away with a more analog process
- Trust in the electronic system would be degraded or destroyed
- The election cycle would be likely broken and emergency measures would have to be employed (contingencies)
- Continuity of government is challenged
CONCLUSIONS:
These three scenarios to date, have not been covered I believe. This post comes to you as the fruit of a discussion I had with @SteveD3 and I believe that in our current atmosphere of information warfare and influence operations carried out by Russia, one has to take these thought experiments out for a drive. All of these scenarios are possible and will have the effects of denial, disruption, and degradation to our election systems and the stability of the nation. It need not render the election completely in the favor of one or the other candidate conclusively to cause faith in the system and its outcome to be questioned. Imagine if you will, as Trump has already been saying repeatedly, that these tactics are used and the general populace believes that the election has been rigged? With or without the hand of the Russians, others could be easily blamed by a candidate like Trump and his followers. The outcomes from this could lead to civil unrest and other worse things if they came to pass with the help of information operations attacks by another nation state.
I suggest you red team these ideas yourselves and see what else you can come up with…
GDD53: A Russian Hosted i2p Site That Claims Trump’s Email System Had Ties To Alfabank (Russia)
Recently a page showed up on WordPress (10/5/2016 to be precise) that has an interesting albeit hard to prove claim. The site is named gdd53 and the claim is that Donald Trump’s email systems were set to have a direct connection to servers in Russia for Alfabank, a Russian bank. I caught wind of the site when someone asked me to look at an i2p address that they couldn’t figure out and once I began to read the sites claims I thought this would be an interesting post. While the site makes these claims, I cannot, as I don’t see any concrete examples of data other than the screen shots on the site and the assertions of those who put this up. In looking into the facts all I could come up with was some truths to the IP addresses and machine/domain names but nothing really solid on ASN’s being pointed between the Trump email servers and Alfabank nor Spectrum Health as is also claimed.
i2p Site:
However, there are some interesting twists to the page. First off, the i2p address in the WordPress site is wrong from the start. Once I dug around I found that the real address was gdd.i2p.xyz which is actually a site hosted on a server in Moscow on Marosnet. This site in the i2p space was a bit more spartan, however, it had much more data to offer on the whole contention that Donny had a connection to Russia. There is a claim that a NYT reporter asked about this connection and then server changes were made yadda yadda, but why is this on a Russian server? Why i2p? Why is the site gone now? Why was the address only half there on the WordPress site to start?
So many questions…
i2p site main body text (part)
Alleged network map of how the system “would” look
A traffic map that shows alleged history of peaks and troughs in data between the alleged servers
Maltego of the servers
Onionscan of the i2p site
WHOIS of the i2p site
Only one ping Mr. Vasiliy
Nmap of the site while it was up
After poking around and doing some historic WHOIS I came to the conclusion that I cannot prove out their claims because really I would need to have access to the server in order to see the direct routes for mail being put in there at the time this was alleged to be happening. I did however in my searches come across some interesting things concerning the company that hosts Donny’s email systems though. Cendyn is the name of the company and in their business history you can see how maybe a connection can be made to Russia at least. Certainly you can begin to see why ol’ Donny boy would use Cendyne as his go to but no smoking gun here.
Cendyne:
As stated above Cendyn hosts the servers for Donny’s email. I looked into Cendyn and the closest thing I can see without doing a real in depth on them is that they do CRM for hotels and that maybe some of the hotels in Russia may use it? No confirmation there though. Mostly though Donny uses Cedndyn for his hotel businesses as well so I guess since this company also does some hosting he had them do this for him. If anyone wants to ask Cendyn for their records perhaps we can get some clarity on this whole thing. I doubt though if asked will they give up logs/configs on the systems in question. I also have to wonder about this whole allegation that a NYT reporter asked about this.
Say, any of you NYT’s people out there care to respond?
At the end of the day, in a week of old dumps of data by Wikileaks and Guccifer2.0, I am unimpressed with this attempt unless someone can come up with something more concrete. One does wonder though just who might be trying this tac to attempt to cause Donny trouble. It seems a half assed attempt at best or perhaps they were not finished with it yet.. But then why the tip off email to someone who then got in touch with me? Someone I spoke to about this alluded to maybe that was the plan, for me to blog about this from the start..
Ehhhh nah I don’t buy that.
However, what has my attention is that this is just one attempt in a sea of attempts to manhandle the US election process. A series of hacks and leaks by Russia (if you believe the DNI) attempting to cause our election cycle to melt down and perhaps let the tiny handed orange Hitler win the election. Jesus fuck what a scary time. I mean sure, I lived through the 80’s and the bad times with Reagan and the nukes but Jesus Fuck all of this is balls out destroy the system by pushing the idiots to the boiling point!
Meanwhile Donny is not preparing for the next debate because it’s “annoying”
BAAAAHAHAHAHAHAA fucking chucklehead.
Interesting times kids…
K.
PS… Feel free to investigate for yourselves and let me know if you find anything interesting!
UPDATES
After posting this yesterday there have been some revelations. First off, someone in my feed put me in touch with the NYT and a reporter has confirmed to me that what the site says about NYT reaching out and asking about the connections, then the connections going bye bye is in fact true.
Ponder that one kids…
So I decided to use my eagle eye and look for another eepsite to pop up and sho-nuff it did yesterday at some point UPDATED with new and fun data! The “Tea Leaves” person(s) have added logs that they allege came from the name servers for Cendyne.
These are the key files in the new dump but the problem I have is that they are just text files. Anyone with the know how could re-create these to look legit enough but yet still be questioned. I see no actual login to the shell and queries being run here so really coulda just done a find/replace on another query on any server you have access to.
I have to say it though, these guys are trying to get the word out but in a strange way. I mean this eepsite is now hosted in Czechoslovakia, staying with the Baltic flavor but why not broadcast this more openly? Why does the WordPress site have the wrong address to start and then the other eepsite disappears after a little poking and prodding?
krypt3ia@krypt3ia:~$ whois 46.36.37.82
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the “-B” flag.
% Information related to ‘46.36.32.0 – 46.36.63.255’
% Abuse contact for ‘46.36.32.0 – 46.36.63.255’ is ‘abuse@gtt-as.cz’
inetnum: 46.36.32.0 – 46.36.63.255
netname: CZ-GTT-20101025
country: CZ
org: ORG-Ga241-RIPE
admin-c: LM1397-RIPE
tech-c: LM1397-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-by: MNT-GTT
mnt-lower: MNT-GTT
mnt-routes: MNT-GTT
created: 2010-10-25T13:24:34Z
last-modified: 2016-05-19T09:42:08Z
source: RIPE # Filtered
organisation: ORG-Ga241-RIPE
org-name: GTT a.s.
org-type: LIR
address: Hornatecka 1772/19
address: 180 00
address: Praha 8
address: CZECH REPUBLIC
phone: +420261001179
fax-no: +420261001188
admin-c: LM1397-RIPE
abuse-c: AR14420-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: MNT-GTT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: MNT-GTT
created: 2010-10-04T15:25:45Z
last-modified: 2016-05-20T10:04:31Z
source: RIPE # Filtered
person: Lukas Mesani
phone: +420-725-793-147
address: Czech Republic
nic-hdl: LM1397-RIPE
mnt-by: MNT-FRODO
created: 2006-06-07T13:57:53Z
last-modified: 2014-02-11T22:58:02Z
source: RIPE
% Information related to ‘46.36.32.0/19AS51731’
route: 46.36.32.0/19
descr: GTT-NET
origin: AS51731
mnt-by: MNT-GTT
created: 2010-12-09T01:08:59Z
last-modified: 2010-12-09T01:08:59Z
source: RIPE
The biggest takeaway is that the NYT confirmed that they asked the question and shit happened. They are still looking into it.
Oh Donny shit’s about to get worse in your dumpster fire world.
K.
UPDATE TWO OR THREE….
Dear Tea Leaves,
Answer my questions in email sent Monday. Stop muddying the waters with information that cannot be proven.
Yours,
Dr. K.
Above was emailed to me Sunday. I responded and asked specific questions. This comment is useless static.
Guccifer 2.0’s Clinton Foundation Data Drop Is NOT Clinton Foundation According To The Metadata
OCTOBER SURPRISE! I’MA OPENING A CAN OF NOPE SAUCE ON GUCCIFER 2.0
You all have likely seen the news since October 4th where the Gucci boy dropped another dump of dox on Hilly and Bill. Yo yo yo though this dump isn’t what he claims it is. Of course in the news reports the Clinton camp denied the files as being theirs and on the face of it with the screenshots given, I can agree to agree. However in this world of of insta media fuckery I wanted to follow up with some forensication on this shit. So I downloaded the “dox” and I did some metadata forensics. What I did it seems the media has failed to do once again, I mean really, is it so fucking hard for the media to like do due diligence and shit?
Anyway, the bulk of the docs were written by Miss Kurek of the DCCC 499 of them to be specific, I did not go into the stats on the excel files and pdf but if you Google up Missy (kurek) she is a Pelosi minion and has a position at the DCCC. So that right there made me say “hmmmmmm” I went further though and pulled the PC user/machine data that could be captured from the documents in question. What I found was that none of these documents were written on any asset with the name “clinton” or “clintonfoundation” at all. In fact, all of the machine names involved just pretty much said “pc” and a user name, so no real enterprise networking here kids.
Furthermore, when you pull out the network data all you see are DCCC servers. So unless the Clinton foundation is running all their shit out of another bathroom server at the DCCC this ain’t the dox Gucci was promising. So that leaves me to wonder just what the hell is up with ol Gucci boy? Are the Russians running out of shit to post or is this cat going rogue on them? Perhaps the Gucci cutout is now believing his or her own hype? This dump though casts a doubt on everything else he or she may put out in the future and if it was an “off the rez” situation then he or she may be in for a visit from the GRU in the near future.
Anyway, public service done here… You can thank me at any point Grandma Nixon!
Oh, and yeah, you newsies, fucking do your homework!
K.
DATA
Users
User List
Emails
Email addresses found in metadata (doc/docx/pdf/xls/xlsx)
Networks
Networks and servers found in metadata
Clinton Foundation Metadata
Clinton Email located
I found two emails for Clinton.com in two docs but nothing else.
UPDATE!!
Evidently I was a bit hasty in saying no journo’s had done due diligence. I have been informed that The Hill and Ars did look at the metadata by clicking on “properties” Good on them! Now, how about some real forensics.. I mean it did not take long….
*post written to Ghost Dog OST by RZA*
The DNC Hack: October Surprises & The Second OPM
While the data may not be as invasive as an SF86, the fact of the matter is that every democrat that the DNC had access to is now up for grabs on the internet because of a hacker, or nation state, or hacker of a nation state, has dumped it all there. Whether it be the dump previously put on the net by Guccifer_2.0 or the last one this week, the upshot is that large chunks of raw data are out there with some kinda personal content if you are a Dem and that I think should give one pause.
In a discussion I had the other day with <REDACTED> about the election and the mess we are in generally as a populace, the natural turn things took were pretty fucking bleak. Look at the choices we have and then look at all the rhetoric about Russia potentially tampering with the election on the electronic warfare level and then stop to think about what has yet to come… October. The October surprise though seems to be being prepped or peppered already by the likes of Guccifer 2 and @DCleaks_ never mind Wikileaks. With the dump Guccifer put out this week while virtually speaking at a security conference (talk about flying planes sideways stunt hacking elections!) we just have more data to use and possibly abuse that might be valuable toward affecting the election process.
So when you see Mike Rogers at the podium saying “Russia might attack the election electronically” you might want to just yell back “They already did asshat!”
Just sayin…
K.
Krypt3ia 