Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Cyber’ Category

ATTRIBUTION GAMES: LAZARUS, SHADOWBROKERS, BLOFELD.

with one comment

The Game:

I figured since everyone else is playing the ATTRIBUTION GAMES over Wannacrypt0r that I would get in on the action and give it my own personal spin. The big difference here is that I am not selling any of you anything so if you read this post it is all about not buying my shiny new machine learning, next gen machine that goes PING! Nope, I just thought I would put a few words down to stop the insanity so to speak that I already see in the eyes of those $VENDOR’s out there about to hit SEND on their latest salvo of shenanigans concerning the Wannacry event of last week.

That’s right, I am already calling shenanigans!

Right so this game here is a red team on the idea that Wannacry was either an APT Nation State actor (either LAZ or SHADOW) or a criminal gang who will be represented by Ernst Stavro Blofeld. Once this is all said and done I hope that some sanity will ensue and more to the point, some elaborate death will be planned out, set into motion, and then foiled by James Bond…

Wait… what?

Let’s begin… DOMINATION OF THE WORLD….. Let’s just list the indicators and possible motivations all kinds of bulletized shall we?

THE LAZARUS GROUP (UNIT 180):

  • LAZARUS code snippets found in WANNACRY samples
  • LAZARUS has been active in stealing large sums of money from banks, as this attack was about ransom and money… well… UNDERPANTS GNOMES AND PROFIT!
  • LAZARUS aka Un, would likely love to sow terror by unleashing the digital hounds with malware attacks like this to prove a point, that they are out there and to be afraid.
  • LAZARUS aka Un, might have done this not only to sow fear but also to say to President CRAZYPANTS (Official USSS code name btw) “FEAR US AND OUR CYBER PROWESS
  • LAZARUS aka Un, is poor and needs funds so ransoming hospitals and in the end gathering about $100k is so gonna fill the coffers!
  • LAZARUS aka UNIT 180 players are “Freelancing” and using TTP’s from work to make MO’ MONEY MO’ MONEY MO’ MONEY (No! Someone actually really floated that idea!)
  • LAZARUS is a top flight spooky as shit hacking group that needed to STEAL code from RiskSense (lookit that IPC$ from the pcap yo) to make their shit work.. Huh?

SHADOWBROKERS (GRU):

  • SHADOWBROKERS made no money on their auction and posted a long pissy diatribe about it after the incident reached critical media frenzy
  • SHADOWBROKERS had the code already and then needed to CRIB some of the ETERNALBLUE/FUZZBUNCH NSA code ganked from RiskSense because they lack the ability to make the shit work themselves… Which they then re-coded in C…  Huh?
  • SHADOWBROKERS want to just sow mayhem with WANNACRY and continue the massive schadenfreude that the NSA is feeling from their theft (*cough MOLE HUNT cough*) but once again, they had to STEAL that code snippet to make it work… Or, is that just another poke at the US? A diversion? A red herring so to speak? Hmmmm….
  • SHADOWBROKERS re-used or re-purposed old malware WANNACRYPT0R and threw in some code snippets from LAZARUS GROUP TTP’s to muddy the waters and have EVERYONE pointing their collective fingers at the Hermit Nation because WHY THE FUCK NOT HUH!? This would sow more FUD and gee, isn’t that the playbook chapter like 3 in ACTIVE MEASURES komrade?

ERNST STAVRO BLOFELD:

  • ERNST has a well known volcano lair and upkeep is rather steep in this global market so ransomware is the way to go baby!
  • ERNST is a Devil may care kind of guy and wants to sprinkle clues for both RUSSIAN and DPRK actors here to cause all kinds of mayhem while he sits and strokes his cat while the bitcoins amass.
  • ERNST is a gangster and his coders, well, sometimes they suck so they stole the ETERNALBLUE snippets but then they couldn’t make that work UNTIL they coded it all in C so.. yeah..
  • ERNST is a nihilist at heart so he just slapped this shit together and then made sure that there was a killswitch in there as a safety valve, I mean, look at how many times he tried to kill Bond but always missed by that much!

Well there you have it. I have gamed it all out for you. Who do you think dunnit? If you look at all of these players and their motivations along with the superior threat intel evidence we have out there that the attribution firms are selling…

OBVIOUSLY IT’S ALL OF THEM! THEY ARE WORKING TOGETHER PEOPLE! IT’S THE NEW SPECTRE! CAN’T YOU ALL SEE THAT WITH THE PLETHORA OF EVIDENCE WE HAVE! COME ON!

*breathe…..**

Ok ok ok… See what I did there? I am making a point with humor.

IT DOESN’T FUCKING MATTER WHO DID IT!

PATCH YOUR SHIT.

DO THE THINGS.

STOP.

Dr. K.

Written by Krypt3ia

2017/05/23 at 20:04

Posted in ATTRIBUTION, Cyber

Prosecuting The Russian Cyber War: Beyond The Hyperbole

leave a comment »

screenshot-from-2016-12-19-13-42-28

This weekend my father actually asked me what I thought Big O was gonna do to respond to the hacking of our elections. He continued in the same breath to ask if we were going to take out Russia’s grid or something like that. My first thought was to say “Noooo” and to then explain to him how that might go all kinetic real quick like on us if we did. My response to him yesterday will be the genesis of this blog post today for you all. Since everyone seems all hot and bothered as to how we will respond and not giving Big O the benefit of the doubt that he actually reads the PDB’s and thinks about them, I will boil it all down to what I would do against Russia and Pooty to thread the needle and not cause an escalation.

First:

I would undertake the review on what exactly happened with the IW/DISINFO/PSYOP/Hack that took place for the election. This is important to not only understand what happened, but to understand just how much damage was done and what actions it took to set that into motion. From this you can assess the response level you need and in this case it has been rather speculative as to what really went down. This I also really point at the whole argument that the election machines in key states may or may not have had some supply chain tampering going on. So far I personally have seen no evidence that there was enough of an investigation to rule this out.

Second:

I would look at the capabilities we have and the intelligence we have collected on Putin. Intel such as a good psych profile and anything on his wealth/business structure. With both of these I would seek to discern what would hurt him personally, not so much the country. I would also use the psych profile to determine in red teaming out what his responses would be to certain scenarios. In essence I would perform a game scenario simulation to get the best results for us and start to build a plan(s) on those.

Third:

I would, knowing that this attack was personal for Pooty, and given his nature (much like Trumps really) I would perform the following actions;

  1. Attack his finances. All of the dirty ones first.
  2. Attack him with whatever kompromat we have (CIA/NSA) in the same leaks style that we saw from the elections (See news today about Tillerson for a cue)
  3. IF we have the assets in place both digital and “other” I would work to counter ongoing efforts in Germany and France as well as other places where we know he wants to do the same thing politically

These are the things I would do in parallel to assessing the damage to our forward capacities regarding the ShadowBrokers recent tease. IF all of those exploits on there are real, then all of them have been compromised and burned. Any operations that may have used those tools are burned and any future use of them has been burned. It is my opinion that the new events with the ersatz “Boceefus” account is just Pooty and the GRU saying “Try anything and you will fail” but that is only one dimensional thinking frankly. It is time to go beyond bits and bytes and also use HUMINT.

Just this guys take…

K.

Written by Krypt3ia

2016/12/19 at 19:05

ShadowBrokers Bitcoin Transactions: Now There’s Some Taint For You!

with one comment

Screenshot from 2016-08-19 07-24-54

 

So I was looking at the bitcoin status of the #ShadowBrokers account and something interesting began to take shape. What I noticed, with the help of my trusty Maltego (@paterva) was that some transactions with “tainted” bitcoins was happening. Of course I am using the word taint in it’s original form here in that there be some funky shit going on. It seems that not only that ShadowBrokers are WAY short of the eleventy billion bitcoins they want (at about $990.00 last night) but that if I am reading this right, some of the bitcoin payments are coming from the seized Silk Road bitcoins and account.

Screenshot from 2016-08-19 08-11-55Silk Road SEIZED bitcoins SENDING DIRECT TO SHADOW

Screenshot from 2016-08-19 08-06-47Blockchain.info

Well now isn’t that an iteresting development eh? So, is this to say that these coins are still in the coffers of the feds and they are being sent to ShadowBrokers to chum the water here? Maybe get a conversation going? Maybe to get the bitcoins flying so others can trace some taint? Of course once you start to look at that address and the coins in and out there you get some other interesting hits. Suddenly you are seeing US Marshall service as well being in that loop. Which makes sense after the whole thing went down with the theft of coins and such by rogue agents of the USSS and DEA.

Screenshot from 2016-08-18 17-07-54

Hiya marshal!

THEN we get into stranger territory…

Once you start really looking at the transactions for ShadowBrokers you get this sense of the l337 -ness you are going up against…

Screenshot from 2016-08-19 08-03-28We are all l337 here

Screenshot from 2016-08-19 08-02-50

Sent to

Screenshot from 2016-08-19 08-02-03

Sent to

Screenshot from 2016-08-19 08-01-06Sent to

It’s all amusing but one has to wonder just what is going on here. Now, if the Silk Road coins are still in the hands of the US GOV then who is sending ShadowBrokers fractions of them and why? Now, I began to ponder the imponderables last night. What if, and you can see this once you start to dig around with Maltego, the coins being paid to the account so far also come from other accounts that are, shall we call them cutout accounts for the government?

*squint*

I know, you are probably saying to yourself right about now that Krypt3ia needs to drink some more and chill the fuck out but lemme splain…

If you were the gubment and you wanted to maybe trace these fuckers would you maybe try to chum the bitcoin waters to see what wallets are used for any liquidation of the bitcoins later? I would.. Just a thought and with the hits there to the silk road and the marshall’s service I kinda wonder. In any case this is interesting and I am LOVING the l337 status on those transactions hahaha. You guys take a look and see for yourselves. I just thought this was an interesting development.

Alright, continue your cybers people and PUT ON YOUR HELMETS!!!

Dr. K.

Written by Krypt3ia

2016/08/19 at 12:26

EquationGroup, ShadowBrokers, and Loving The Cyber Pathogen Bomb

with one comment

6165571_14630612227717_rId5

We all knew that this shit was going on but now it’s reaching epic cyber douchery levels kids…

Monday:

Hey someone posted some shit on the Github and the everywhere! LOOK!

DOWNLOAD

DOWNLOAD

DOWNLOAD

Tuesday:

Shiiiit this stuff looks kinda real!

FUCK THEY TOOK DOWN ALL THE LINKS!

…EXCEPT MEGA OF COURSE…

LOOK! RC5 and RC6 Implementations match EQUATION GROUP!

ERMEGERD!

LOOK ODAYS!

SNOWMAN SAYS LAY OFF RUSSIA BECAUSE YOU WAKE DA BEAR! (Uhh hey, can I have my dacha now? I have been a good comrade)

ASS-ANGE FROM HIS EVITA BALCONY: WE HAVE ALL THE SHIT AND WE WILL BE POSTING IT BECAUSE FUCK YOU ALL!

Wednesday:

SECRET SQUIRRELS FORMERLY AT NSA SAY HOLY SHIT!

SECRET SQUIRRELS AT TAO SAY OOPS!

SECRET SQUIRRELS AT TAO SAY THIS IS RUSSIA BY GOD!

Fuckery. It’s all fuckery kids. The world is at war already and the populace never got a vote on this one. These scripts and exploits are just the tip of the 2013 iceberg and the reality is that knowing what the likes of  J-39 and their ilk were hoping for back in the day we are well and truly fucked if they decide to go all out cyberdouche. Now we have this almost parity with this leak by who? The 2016 cyber equivalent of the Rosenbergs? I haven’t a fucking clue and no one else does as to who did this and why. No really, fuck you if you say you do. And if you attempt to “treat intelligence cyber attribute” this shit you are only trying to get clicks for ads.

But seriously, the biggest issue I have with all of this is that while we are all slobbering over the dump and the potential one to come no one seems to be talking about how fucked up this is. While these guys are making and buying 0days and pwning foreign nations our own infrastructure lays like a burned out whore in the missionary position. We are prosecuting the war but we are not securing the “homeland” for shit and we see it every day. See, the rub of it all is that corporations are the ones that hold the infrastructure and fuck all trying to make them become secure through legislation or any kinds of rules. So here we are with all our shit in the wind to start with, no mass movements to secure the nations everything, and now a dump of just some of our cyber weapons has been spilled online as a big fat fuck you.

Yeah, I feel good about where we are.

Still, the shit is three years old.. Who’s to say that those sploits still work on systems in China let’s say. Anyone checked by the way? Anyone?… Well in any case either someone fucked up and left this shit on a server in 2013 to now OR as some have intoned, this was an insider. Either case still leads to the inevitable fuckery the nations have all been up to and we are not alone, not by a long shot. Some have said that the NSA should be securing things and I just laugh and laugh at that. What the fuck do you think their operational aegis is anyway? It’s to break all the things and own them! So all you who look to Ft. Meade for any solutions are just deluded. Nope, the war is on, it is hot, and it is all under cover. When someone finally decides to go batshit they will unleash all the sploits in tandem with kinetic operations and that will be it. A real hot war will erupt.

It’s still true.. We are the reason we can’t have anything nice.

Oh well, at the end of the day there’s fuck all we can do. The shit is in the wind and now everyone has it. It will be used as a platform of attack until all the things are patched but in between they will be used for whatever ends lone actors or nation states feel like using them for.

Yay.

Move on.

K.

 

Written by Krypt3ia

2016/08/17 at 17:00

How To Overthrow A Government… And Give Hacker Children Bad Ideas…

leave a comment »

Screenshot from 2016-08-09 13-20-32

I made a concerted attempt to go see this talk at DEFCON 24 especially since like Danny Glover, ” I am too old for this shit” and braved the masses to get a seat. I went into this talk prepared for fun and games but came out of the other end with some constructive criticism and ideas about other talks that could be made and subsequently never given for fear of arrest. Now Chris is an Aussie and those people are generally nuts, I mean come on, it was a penal colony after all right? But aside from being entertaining enough, this guy just incited, or wanted to incite, the hacker community to be higher on the threat list than da’esh and terrorism in general?

Perhaps it was tongue in cheek but upon talking to someone in the know, DEFCON had to talk him off the ledge on a few things and he had to redact the preso because he was actually going to give even more directed info on how to carry off a coup digitally. I mean he came pretty close with what he presented in the end (without real numbers and amounts of planning and time it would take) but suffice to say, someone with the effort could make a pretty good stab at this now. Hell, this was pretty much the playbook that the J39 and other groups used on places like Serbia in the 90’s right? So the data is out there for others to grab I suppose, but to get up on stage at a con like DEFCON and tell the audience, however impressionable they may be, to do more?

*blink*

Baleful stare

*blink*

What was that line from Dead Poets about the phone call again?

John Keating: Phone call from God. If it had been collect, that would have been daring!

Anyway, I kind of have to wonder at the thought process behind this but meh, likely no one will take heed and try even more grandiose shit just because they can right?

…Right?

Oh well time will tell I suppose. This preso got me thinking though of other presentations that could be made. I pondered on the plane ride home all the different scenarios that could be carried out by a small group of hackers and suddenly I was feeling like I was in an episode of Mr. Robot. *shudder* Yes, we could carry off these kinds of attacks with the right direction, planning, and OPSEC but really do we want to? Do we want to because this guy says we need to be scarier than terrorists? Is there some kind of psychopathy at play here?

Meh.

I will leave it to the nation states to play these games. Instead, how about we all maybe concentrate on getting our own shit secured so no one can do the things Rock was showing us all is so easy to do..

Now there’s a novel idea.

K.

 

Written by Krypt3ia

2016/08/09 at 17:36

Posted in Cyber

DNC Hack: The Flying Fickle Finger of Fate and Intelligence Analysis

leave a comment »

ikQnbyk

 

I had some Tweet conversations this morning that led me to a need to make yet another post on the DNC hack debacle. @Viss and @mr0x20wednesday both struck up a conversation after I posted a link to the NYT article on the consensus that is growing within the government that Russia carried out the hack. The consensus building is coming from assessment by the CIA while the FBI has initiated an investigation into the hack and the subsequent dump of data to Wikileaks and to the web via the wordpress account for Guccifer2.0. It is important to take note of the previous statement I make here about who is “assessing” and who is “investigating” and that is something people in the general population do not quite grok much of the time. The FBI attempts to prove things in court and the CIA generates analysis and assessment to help leaders make decisions. These are two different things and I want you all in INFOSEC to understand this when you start to have conversations about spooky things like the hack on the DNC and the subsequent possible propaganda, psyops, and disinformation campaigns that may ensue.

I recently wrote a more irreverent post while I was in a more Hunter S. Thompson state of mind concerning American politiks and the mess we are in, but the core idea that Russia carried off this hack and the actions after it still hold true for me. Many of you out there are reacting more like how I reacted when the Sony attack happened and once again I also find myself asking the same questions and having the same concerns over attribution versus solid evidence. There are many issues at play here though that you have to take into account when dealing with an action like the Sony or DNC hacks where information warfare or “cyber war” are concerned. Most of the considerations you have to make surround the classification of much of what you might get in the way of evidence to start with never mind about the circumspect nature of attribution that is being released to the media. At the end of the day my question to the FBI was “Show me proof” which is their job right? FBI is part of the DOJ and should be leading to charges right? Well, none were proffered by the Obama administration, some sanctions were laid on DPRK but no charges, unlike the wanted posters for the Chinese agents that the FBI laid out for hacks and thefts of data. There is a distinct difference here and that is evidence that can be presented in a court versus attribution and analysis by companies like FireEye and Crowdstrike. True, both those firms can prove certain things but primarily, as you all know out there, attribution is hard to prove so it really stops at analysis, more like the intelligence agencies content and mission.

So where does that leave us with regard to the DNC hack? Well, the attribution data presented first off may only be a portion of what Crowdstrike may have. Other portions may in fact have been classified or asked to be held back by the government (I’d say pretty likely here) and may some day be revealed. If the Sony hack is any indication though of this process, not so much. I am still unaware of any real conclusive evidence of Sony’s hack being DPRK but like I said, the US government sanctioned DPRK over it. It is not likely the government and the president would do so without some more solid evidence but one must consider “sources and methods” when dealing with international intrigue like this right? Don’t like that? Well, get used to it because you are going to see more and more of this as we move into the golden age of nation state hacking and covert action. There will be things you John Q. Public, will never know and will be classified for a good long time. Just take a stroll through the Spy Museum in the cyber war section and look at some of those code names. I bet you haven’t heard of some of them and at least one of them, some of us, were VERY surprised to see on that wall already.

But I digress…

At the end of the day though I have to go with previous experience, Occams Razor, and a sense of Cui Bono concerning the DNC hack/dump/manipulation. Some may argue that the GRU and KGB (yes, once again old agencies don’t die, they just change names 😉 ) would not be as sloppy as to leave the breadcrumbs that are being found by Crowdstrike and others. I would remind you to look at at the last big operation that we busted in the US by the KGB as well as the recent posting of selfies by a KGB graduating class as examples of “everyone fucks up” For that matter, shall we mention our own CIA’s debacle with the Pizza Hut? Every agency screws up and every hacker does too. Humans and human nature insure that things will get messed up, there are no perfect operations. In this case the assets involved likely had access to the DNC as well as the RNC but decided to use this data to influence the elections in a manner that they could get away with it easily. This is the nature of spying, politics, and geopolitics, take a look at the history of the CIA and dirty tricks in the politics of South America and then picture it if they were doing the same (hint, they are) today in the cyber age.

That’s right kids, there have been other dumps and hacks. Perhaps some of those too were the US? Think about it.

Russia and Putin have been gerrymandering elsewhere, money and influence operations have always been around. Now consider yourself to be Putin and you have an operation that gave you easily funnelled information to the likes of Julian Assange and Wikileaks! Even more enticing, the fact that you all know that attribution is hard to prove in hacking! What do you have to lose if you are Putin or anyone else? So, if you look at how this plays out, and what more may play out come October, who, what nation, would have the most to benefit if we actually had trump in office?

Think… The answer is ANYONE who would like to take America down a peg and have more possible influence on world politics.

If you look though at the rhetoric by Trump you can in fact see that the big dog in the room would be Putin though. Just think about it! How much more power and sway would Putin have if Trump were in office and dismembers NATO? Come on now kids, think about it. Ask yourselves “Cui Bono?” here. So stop the quibbling about the attribution and the finger pointing. Take the analysis by the CIA and others as well as the eventual data the FBI comes up with and start looking to how can we fix the problems here? There are so many problems though that I too get disheartened. The political system is broken, the information systems are not properly protected, and we run headlong into creating more weaponized code? It is enough to make a man drink.

Ooh good idea…

Dr. K.

Wait Till October…

with 2 comments

Snip20160724_2

There is so much talk about the leak by Wikileaks of the DNC emails (20k) which is only a partial dump I think in the end. Much of the Tweet stream is going on about how this is likely the KGB (No, I will not call them FSB) and how this is bad in so many ways. The DNC dump Friday has been fun to go through from the perspective of laughing at their hubris and gawking at the people involved, the money, and the fuckery. However, once you get past all the schadenfreude you start to realize just how fucked we all are.

First you begin to realize just how dirty and full of fuckery politics is to start, that is if you aren’t already jaded about this shit. Then you realize the proportions of the fuckery when you see proof of some of the things that go on via the leaks from the DNC’s and Hill’s toilet server and you think

“What the SHIT?”

You take a shot of whiskey and crawl back into your lizard brain for a while to get away from it all.

Once you have ruminated on all of this then you start to ponder on the motives and the actions taken by the actors here. They hack Hill’s server in the disused crapper and then DNC’s systems? Or was it the opposite?  What is the motive here? Is this a hack by some kids to upset the political apple cart? Or is this something more? Is this a nation state? The attribution firms are in high gear promoting their theories but this time I will go with what Crowdstrike is selling.

th62e

Pooty and his funtime band are doing a number on us is my vote too and fuck are they pulling a whammy using our own political fuckery to destabilize all the things. This has been the hack that I would consider to be an outright CIA styled destabilization operation, the kind that you would find material online on (think South American fruit and sugar) with a cyber cyber twist. Even Nixon, who pulled this kind of shit with the plumbers and Watergate would be envious right? The only difference here is that Nixon got caught. Pooty is not gonna get caught because of the nature of hacking, attribution, and cyber cyber cyber.

Once you start to look at it as a destabilization operation against the US then you have to look at the possible goals here. The US is on a five front war? How many fuck fronts is it now anyway? We are precariously teetering on the edge of failing empire, and we have these nitwits (both party candidates) running for office, both of them now tainted beyond redemption. Hillary with  bathroom servers, no malware protections, and not even the forethought or ability to hire people to help them secure her shit properly? Then she goes on to consider their machinations safe for fucking un-encrypted classified email?

JESUS FUCK!

*deep breath*

Then we have Trump, with his.. Well.. His everything. He is the worst candidate I could ever think of and yet here we are, he is the RNC candidate. We are well and truly fucked. I can only imagine the security posture of his systems but gee, no one has hacked him.. Have they? If they have no one has leaked anything… Yet. I am sure his servers are full of dirty shit too.

Ok, so yeah, here we are in July and November rapidly approaches. We have Trump as the official RNC candidate for ORANGE CAESAR which scares the living fuck out of me, and we have Hillary, the lady who flouts all security measures for ease of use…Wait… Shit, that really is everyone ain’t it? HELL that is most of corporate MURICA! God dammit we are so fucked!

Anyway, Hill goes on to mishandle CLASSIFIED information and skates on it while frankly others have been pilloried for less. Truly people, with the leaks so far and just the epic fuckery of the race, I am just crawling into that lizard brain more and more with the help of a good grain alcohol. The problem is I keep coming back to lucidity and then hear/see/read the news and end up chugging the shit again to make it go away!

The sad thing is that what we have seen is just the tip of the shitberg. Trust me, wait till October when the real revelatory emails show up. It’s called and “October Surprise” and fuck it’s gonna make Hunter’s worst drug and loathing fueled nightmares seem tame in comparison. Think about it people, Pooty and the KGB are easily, handily, fucking us all over with the cudgel of our own hubris and lack of due care.

All the while these fuckheads are crafting all our dooms with malware and cyber cyber cyber WAR that would make Dr. Strangelove weep in ecstasy. While they argue over surveillance as good and crypto as bad they really don’t comprehending any of it. If it weren’t true it would make one hell of a farcical film. Unfortunately for us it is true, and it is happening today. We the people are the ones being fucked over by their collective business as usual in so many ways.

This isn’t over kids…

Put your helmets on and wait for October for the last of the dumps. I am fairly certain some shit will come out and in the end MURICA will begin it’s 2nd empire with an orange, small handed, orangutan at the helm of this country. Hunter was smart to have left because if he were alive now he would be reaching for the shotgun all over again in much more despair.

Dr. K.

PS.. I have written about possible motives recently… You might wanna take a look.

Written by Krypt3ia

2016/07/24 at 13:41