Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Disinformation’ Category

Put A Phishing Campaign In A Sealed Box With A Cat, and Some Poison….

leave a comment »

So a startup run by a former NSA guy say’s that the GRU has spearphished Burisma by creating cloned pages…

Ok, and? Say, you got any kind of ya know, evidence there?

What’s that, no, nothing you can give us?

Well then, from Gods lips then.

Here’s my thing, whether or not the GRU has really hacked and gained access to Burisma, the fact that A-1 put this out to the NYT, the damage is done already ain’t it? This is how DISINFORMATION works kids! Now the fickle finger of flying fate has been launched and this means fuck all. Please understand gentle readers, that this is done now, no matter what so called evidence does turn up, the fact is this, EVERYTHING about this incident and now Burisma’s records is called into question as being tampered with. Specifically more so because no real proof was laid out here with, ya know, like forensic evidence.

Nope nope nope, just a nice little ad for A-1 right?

Yeah….

So yeah, as far as I am concerned, Burisma was likely owned by the GRU before this story and I would lay money on the fact that shits been tampered with. I will take everything with a grain of salt until such time as a forensics report is placed in front of me with that pesky EVIDENCE that things should all be based on.

Welcome to the 2020 race.

K.

Written by Krypt3ia

2020/01/15 at 13:24

Posted in Disinformation

How a Russian Disinfo Op Ended Up On A Sticker On A Sign In Colorado

leave a comment »

I was recently passed the image above on a Twitter dm from someone who was out in their neighborhood and saw the sticker above on the back of a sign. The source tapped me to get a translation of the Arabic script above the CIA emblem. The translation of the script is the first part of the “Shahada” “There is no god but Allah” which is usually seen on the top of the Da’esh black flag you all may have seen prominently online and in the news over the last ten years.

In this case though, the intent of having the Shahada over the CIA emblem was odd for me. This is the first time I have seen this image and certainly so for the sender. This sticker is located in Colorado and after making some inquiries it seems to be an image that has been seen being pushed by Russian disinformation campaigns circa 2016-2017 concerning the Iranian/Saudi/Yemen dynamic ongoing still today. Where the CIA is brought in on this is that the Russian disinformation campaign started on RT (Russia Today). The story goes like this; The CIA sold or gave weapons to Saudi Arabia and were then turned over (unsure how) to Da’esh and the intonation is that there is complicity on the part of the US/CIA/Saudi in arming ISIS as a larger Zionist scheme to destabilize the region. Of course this should be something that should give us pause because the House of Saud has members who funded and perhaps worked with directly the 9/11 hijackers and Bin Laden. This is a kooky little disinfo plot but one that many buy into.

This of course may be the case, that the CIA put weapons into the hands of Saudi Arabia and they did in fact end up in the hands of Da’esh, but, the campaign by Russia here is to keep all of the players in the Middle East off balance while Russia plays all the angles in weapons sales, training, and having their pieces played on the board in the region. On top of this, the secondary play here is also to offer those who are conspiracy driven to also ask the question is there a deal between the Saudi’s and Israel to work against Iran as well.

Interestingly enough, the Iranians are prone as a society to conspiracy belief, so this plays well with them and foments more ire. If indeed the CIA is part of a Zionist scheme, well, they are all over that shit because Iran and Israel, well, don’t get along as you may well know. So, the image first shows up in 2016 on RT and then makes the rounds in certain circles. Fast forward to today, the image turns up in the form you see at the top of the page. The original version is the following image below.

The persistence of the image has been propagated further from the Qanon groups picking it up and passing it around as well as other conspiracy sites. That it has now turned up in a sticker in Colorado is what is more of a mystery though is who had this made? Was it just a one off? Are there more on offer online? Most of all, what is the intent here by the poster of the sticker? Is this just a random image pasted on a sign by someone or does that person really believe the disinformation that RT posted and is still being passed around today in certain quarters?

The meaning of the imagery can be read in a few ways. The first to me would be an indemnification of the CIA and the US government. The thought being that the CIA and the US government are in on perpetuating Da’esh and the wars in the region as a Zionist plot with the House of Saud. The imagery of this simply seems to equate the CIA to Da’esh. In fact, there is a conspiracy video (linked here) that says that John Brennan became a Muslim and that Da’esh is actually akin to a mind control program like Jonestown.

… Jonestown? Really? Claims are even made that Jim Jones was a CIA agent.

I shit you not.

Yes, the former intelligence analyst (alleged) in the video and the host makes these claims. Now there is some conspiracy for ya! So, back to the sticker. If more show up perhaps there is an issue here. If anyone out there see’s more of these let me know. At the very least this is just another example for you all on how RU disinformation reaches out from sources like RT, to the net, to physical stickers placed on signs in places. Of course this showing up now, as we are potentially going weapons hot on Iran post the Saudi refinery drone attacks may be a coincidence, but, it is rather on the nose timing wise.

Honestly, if Russia is pushing these narratives again, it would make sense in that they are trying to stir the pot post the Trump administration’s pulling out of the JCPOA and tensions rising of late in the Straight of Hormuz. Very interesting times indeed. So, if you see one of these stickers or you see the imagery being used feel free to send me a note or a DM. In the meantime, keep an eye on the news because I sense things are going to get hairy in the near future.

~K.

Written by Krypt3ia

2019/09/18 at 00:26

The 2020 Disinformation and Election Meddling Melee Playbook.

leave a comment »

The Game:

 

“There is no objective truth, there is only subjective truth”

The upcoming 2020 Election cycle will be an all out melee I suspect for a few reasons. The first reason I am making this claim is that the US has done pretty much nothing under Trump to secure the next election because Trump cannot bear to discuss what happened in 2016 and has rebuffed Homeland Security and others ovations to talk about 2020’s security. Additionally, even not talking about the subject, Trump has seen fit to do absolutely nothing about the problem because, hey, it’s how he won the last time right? The big difference in the next election cycle’s attacks will be that the field has opened up much more since the playbook was used by the GRU and SVR in 2016. Now we will have a slew of other nation states as well as internal players (Republicans, Dems, and private groups with interests) who now can spin up campaigns of their own using the Russian active measures playbook.

The Players:

Russia

Russia will undoubtedly has already spun up operations tempo on the 2020 election cycle. We have seen an uptick already in GRU style action in disinformation stories being published by the likes of Sputnik and RT. Of course these entities are always at this, but, it seems the online game has also been at work with fake accounts on Facebook, Twitter, and other places online. The real question now is how will the GRU and the Kremlin innovate to counter the paltry efforts of Facebook and Twitter and get their message out.

Of course Russia already has the in with Trump in office to begin with and it seems that play for play Trump emulates or communicated what the Kremlin wants, in effect Trump is Putin’s puppet even if he doesn’t really understand that fact. The reality though is this; the Russians have moved in on all fronts and are using proxies to effect the overall fractured nature of the political landscape today not only in the US but all over the world. Remember, Putin’s goal is to cause chaos, division, and a malaise that will leave their perceived enemies unable to function as a nation/government/force that could threaten them.

To that end, we even have been seeing more incursions lately into US air space by BEAR-FOXTROT bombers with SU-35’s. This is also a means of pressure to keep the US off balance and garner news cycles. Russia will continue overtly and covertly to influence the US in myriad ways to keep us off balance and continue the division that makes us unable to act on the world stage with decisive action. The most insidious actions though will be to continue to use money and power to further their goals internally within the US along with kompromat to keep a hold on those in power that they can use.

Trump & Surrogates

We have been seeing what Trump and his surrogates have been doing these last two years already if you have been paying attention. Trump’s use of the constant rallies, constant lies, and “iniquity signalling” will only crescendo as he leads up to the 2020 vote. Trump’s current actions against the IC are also a means of control and division as well. I am sure that Trump will use any and all TS/TSCI information that Barr might declassify to leak or blatantly beat the media and his perceived enemies with it. Let’s just say that a person like Trump with this kind of power will use anything and everything he can get his hands on to distort and destroy in furtherance of his own power.

I would be looking for more disinformation operations being created and played out by not only Trump’s internal teams but also any others who may feel a kinship to his world view. You will likely see more home grown operations like Jacob Wohl’s though some might actually not be as easily stopped as has last few attempts. I would also say that Trump himself, with his patterns of lies, half truths, and confabulation, is a main player in this because he has the multiple stages of media that include the internet via Twitter at his disposal. Of course now that Trump and Barr are in a position to declassify TS/SCI information and weaponize it, we are likely to see much more come from the candidate/president than we have ever seen before as a nation. As I am writing this as well, the debate cycle for the Democratic party starts this evening, so buckle up kids, it is all starting in earnest. It will be interesting though to watch the President and his minions to see exactly what operations they try. Perhaps I will take notes and have a follow up list of attacks that he and his minions carry out.

China:

China has always had an interest in our politics and more specifically, our economy for a long time now. In that the shackles of information warfare have been removed by Russia, the Chinese are likely to be more aggressive in this arena as well. China is currently in an economic war with the whole of the world and it is their hegemony alone that they seek to effect. Of course now Trump has begun a trade war with China so there is even more inclination for China to play a part in effecting a change in our leadership with an eye toward a more accommodating trade policy from a more friendly candidate. The question there is who among the Democrats, Republicans (if any run) and or third party candidates suits their goals. I also wonder if maybe China might make the same calculus about American politics and dysfunction as the Russians do and just seek to cause more chaos. This would mean that the US as a global power would be that much more diminished and would give China a more free hand to assert their power along with Russia globally.

Hmmm….

Frankly, China has more to lose were the US to go up in flames financially than in trying to stabilize things here though. My gut tells me that they will attempt to get Trump out and place a more friendly face in the office with any means that they can (probably dark money to candidate of their choice) to stop the Trump trade war…

Iran:

Well, this will be the new and youthful player in the space this election cycle. Iran is presently on the edge of forever war with Bolton and Trump it seems and their delusions are getting stronger by the day that Iran is an existential threat. Iran will have to play catch up with regard to disinformation and information operations before they can be a real player like Russia or even China but I am sure they will be playing the game as well. In fact, there have been more moves on the internet of late that seem to be leading toward psyops and disinfo ops for the upcoming elections so keep an eye on them.

DPRK:

DPRK is a dark horse here and I am sure they will be taking part as well in the great games of 2020. History has shown that Un and his forces are a little more kinetic than most of the others in their operations online and off. Actually, in the arena they are second to Russia so I would be looking for some hacks and perhaps dumps akin to what Russia pulled off in 2016 to muddy the waters further. Of course in the case of Un and DPRK it is also in their interest to keep Donny in office. Donny is a weak president that Un can lie to and manipulate in order to further his own ends no matter what Donny says about their great relationship. I think if we watch for DPRK activity we will see some hacks, dumps, and more likely than those dark monies being funneled to campaigns to further their ends.

Saudi Arabia:

Saudi… What’s more to say right? Money, more money, more influence, and perhaps some disinformation as an appetizer? My bet would be that Saudi will go full in on Trump and perhaps be passing him dirt on candidates as well as funneling large sums to the Trump campaign to keep him in there. With the Kashoggi killing and the total air cover by Trump for that killing, I am sure that Saudi is a lock in support for Trump. With the alleged hack and dump on Bezos’ phone, we can see that if it was indeed Saudi who carried that out in retaliation for the WashPo, well, then they are certainly capable of much more. The question for me is just how much they will care to try and obfuscate where it’s all emanating from.

Scenarios

Disinformation:

What we have seen in disinformation operations since 2016 is just the tip of the iceberg. With the advent of social media and now computing power, we will likely see even more forgery of information or distortion of data that will cause people to believe all kinds of things in this election cycle. Remember, the point is to cause friction and sow chaos so the media does not have to be air tight, it only has to feed the cognitive dissonance of the target audience that they target. Even with information being proven to be false, we have seen people’s inability to get past their own beliefs to see the truth of things. So by dropping video, audio, articles, etc the damage is done and the momentum is carried. Look for the following types of disinformation operations:

  • Fake video (DeepFake) of individuals in the election cycle (even if they are easily found to be false)
  • Tampered video (Pelosi is slurring words)
  • Faked or tampered audio files
  • False information being leaked or posted (including forged email spools, documents, etc)
  • False or misleading stories being amplified on media
  • Leaking false information to news outlets (Leaked forged or tampered with databases)
  • Leaking false information in the form of oppo (opposition research) to opponents (Think Steele dossier on steroids created whole cloth)
  • YouTube and other video documentaries or clips with totally fictional content offered as “the truth” like flat earth videos
  • Insertion and operation of accounts on Twitter, Facebook, Telegram, Discord, Redit, basically any feed available with an audience to spill disinformation on
Propaganda:

Propaganda and Disinformation are kissing cousins really. Basically all of the above being pumped out by the likes of RT, FOX News, and other outlets. The ubiquity of the advertising and the news feeds that have become wholly about propaganda has made this hard to miss and or be affected by today.

  • Meme’s
  • Television/Internet/Radio news and advertising
  • YouTube videos and ads (lately they have been buying up interstitial space as well as before and after videos)
  • Whatabout-ism
Dirty Tricks:

Dirty tricks have been a long standing go to in our political system and now it is getting a re-assessment and revitalization since 2016. I would wholly attribute this to Roger Stone and his machinations along with the Trump/Russia collusion that took place. Incidents can be clearly outlined in 2016 like the actions of Cambridge Analytica that were caught on tape. Cambridge was looking to sell services of not only analytics but also dirty tricks by capturing people on tape with hookers etc to destroy them. Stone is famously known as being a dirty trickster and worked as such in the Nixon campaign. So yeah, we are likely to see this play out in 2020 as well. I would hasten to add that the recent Giuliani attempts in Ukraine to get dirt on Joe Biden are exactly this type of activity albeit totally and nakedly open to us all to see. You see, even the whiff of this dirt feeds the cognitive dissonance of the avid Trumper.

  • Setup’s like ACORN or Cambridge Analytica offerings of secret videos
  • Sex stings with video/audio/pictures
  • National Enquirer-esque leaks of dirt
  • Blog posts, tweets, etc that can be forged and said to be from a candidate
  • Fake claims made against candidates etc
  • Theft and release of information that is not flattering to a candidate (honestly, this is what happened to Clinton in 2016, what was really revelatory in those email dumps?)
Direct Action:

Russia really set the bar here for direct action. The hacking and leaking of information, even data that like the Clinton emails was a big “meh” was enough to feed the base of Trump and perhaps change minds of those who were on the fence about voting for her. Then again, the idea of hacking the election systems and the systems that tally the rolls has not been totally elucidated upon by the FBI and others. The fact of the matter is this, we now know that the GRU hacked those systems and had access, we just have no idea of what they actually did while on them. Did GRU put their thumb on the electoral scale and win Donny the election by the smallest of margins via the electoral system?

…. I kinda think they did but no proof means no certainty.

With that, consider what may happen this go round in 2020.

  • Hacking and dumping of data as we saw in 2016
  • Hacking and destruction of systems in an effort to make systems seem insecure/not trustworthy
  • Hacking and placing disinformation into data then leaking for effect
  • Hacking election systems and tampering with them secretly for vote control
  • Hacking systems not to actually damage them or change the vote but only to sow FUD on their security
  • Hacking and use of data in blackmail
  • Hacking and using ransomware etc to lock up systems and cause chaos and inaction
TRUMP:

Donny has been hard at work since taking office by having the constant rallies for his base. He has been feeding them a steady mixture of lies, distortions, and promises of “winning” since the start. Faced now with another election cycle where he could potentially be beat, he will go into overdrive with his antics to keep his base active as well as make all opponents look bad. What Trump will double down on though will be the same things as he has previously, e.g. “rigged elections, fake news, and whatever the Kremlin line is being put out there currently” I would add though, these bullet points of what he will likely try in 2020 pre and post election.

  • Begins to call election system into question pre-election
  • Leverages National Guard and or Active MIL to “guard” polling stations nationally (pressure on people to not vote through intimidation)
  • Calls the election “rigged” and challenges the result
  • Makes calls for his term to be extended
  • Calls a national emergency if he loses and attempts to go to court over the election results
  • Calls for a re-call election due to tampering
  • His usual disinformation road show will go full steam during the election cycle
  • Trump will amp up the discord by doing more outrageous things
  • Lastly, the Trump/Barr IC war will be leveraged against his perceived enemies using secret data to dump or distort to attack if not actually attempt to arrest his enemies.
Conclusions:

Well, here we are at what kind of feels like the end of Democracy. Trump is the catalyst for so much that is a detriment to the values of the United States that it is hard to even to attempt to prognosticate what he will try to keep his place in the White House. Of course, as I said before in this piece, the norms have all been broken now and the US and other countries still have not made any inroads and how to respond to these kinds of attacks. This means that we are all just unable to stop these things from happening and without solid responses when they do. This will all just escalate and get worse I fear with a specific scenario that Trump, by hook or by crook, wins in 2020 and is allowed to destroy how the countries government is supposed to work.

This is a key fact, we do not have a means of stopping the disinformation propagation nor do we have a means to effectively counter its effects. without laws and norms around this as well as a means to counter it all, we are lost. I have been watching the think tank reports and have in fact taken part in some of these working groups and in every case, it comes back to “what does the government have as tools and techniques to counter this?” and the answer even more so now is “none” … In fact, Trump has cut funding as well as ignored calls to formulate plans to stop these attacks on Democracy.

The net effect is we are fucked.

So, sit back kids, grab a tasty beverage and watch the fires of what is left of our Democracy burn.

… That’s kinda Millennial huh?

K.

Written by Krypt3ia

2019/05/28 at 13:03

Posted in 2020, Disinformation, Russia

Primer: Your Algorithms Won’t Save You: Why We Need More Sociology and Psychology in The Fight Against Online Disinformation & Propaganda

leave a comment »

Well, it has been a few days since presenting to SOFWERX and having put up my slide deck on the blog and I got to thinking that without a video, you all kind of need a primer on what I was trying to say with this. Come to think of it, even with the video you might need some more clarification as I don’t know if I just came off as a raving loon on stage or not. Anyway, I have decided to put this post together as a primer for those who do not get to see the video.

SOFWERX Presentation Deck

My general premise with this presentation is as follows put simply: “Countering disinformation and propaganda operations is a people problem, not a technical one.”

While the others at SOFWERX were presenting technical means of tracking and perhaps countering disinformation campaigns online, I wanted to highlight the fact that the problem lies with the humans at the keyboards or in front of the screens are the issue that we should take up trying to counter this activity. It is the people who are being manipulated and their psyche’s which are allowing this to happen. There are social and psychological issues at play and no matter the attempts at countering, those people susceptible to the campaign will in the end, believe what is being sent to them. We need to understand why these people choose to accept these narratives and to perpetuate them before we can attempt to really fight this fight. There are so many issues here and even if we try to play whack a mole with adversaries pumping these false narratives into the system, we will lose in the end because the sticky meme or message will inevitably get out and repeated by those of a like mind.

I personally saw this activity play out early on with the Jihad online. Jihadi’s have been using social media since it’s inception and before that, they were using list servers and RSS groups to do the same thing. This activity is easy to carry out with access to the internet and there are a plethora of venues to get the message out with. In the case of the jihadi’s online we saw them use PHP sites, Twitter, Facebook, and now closed systems like Telegram and PalTalk to carry out recruitment and planning. The media outlets such as Twitter and Facebook’s attempts to whack them offline did not fully succeed, in fact they are still around and adapting to get their message out to the believers. In fact, you can see a direct line of progression from using channels (social media) to creating their own channels (Inspire and Dabiq) magazines that they can upload to various places to propagandize and disinform the jihadi’s as well as their adversaries.

Simply put, whack a mole does not work. In an effort that was more subtle and along the lines of thought I will give you in this presentation, the US government tried a program called “Think Again and Turn Away” which ostensibly was an effort to reason with and perhaps psychologically respond to those who might be tempted by jihad to consider the realities and talk them off the ledge so to speak. The program was not funded well and in the end kind of failed, but, it was an important footnote that needs to be given more attention as it dealt with the receivers of the message of jihad. We are faced with much the same problem today in that we have people in countries like the US who are targets of foreign influence operations that are not necessarily combatants in a war but are assets of influence and thus a danger to the larger whole.

The parallels can be seen today with regard to the influence operations that the Russians carried out on the US and the factions that have been created with the rise of Trumpism. Now we have the IRA (Internet Research Agency) and it’s second generation still carrying out operations online as well as the receivers of the narrative creating new platforms outside of Twitter and Facebook to repeat as well as generate new ones like the Qanon movement. While the social media companies finally caught on and started patrolling content and accounts, the IRA has created other sites to push their narratives both stealth and open in nature. The one commonality is that there are always minds willing to accept the content and to repeat it. This is the problem set that we need to approach and see if there are any countermeasures to this outside of trying to control the medium and the message. You see, by controlling the medium and the message, we become a part of the problem and likely add fuel to the fire by becoming Orwellian in the perception of the people.

Most of the talks at SOFWERX centered on using the technology of algorithms to control the narrative or stop the narrative and this is not in my opinion the best alternative. After all, the more you try and control all of this, the more you are going to be made into the latest conspiracy theory. If you try to insert counter narratives surreptitiously eventually you will be caught out and become a means to an end for the information operations teams sowing the discord. Alternatively, how do you fight things like meme’s and cognitive bias/dissonance in the people who are willing to believe in things like Flat Earth theory or that there are Lizard people secretly running the governments of the world? We need to understand the human animal better from psychological and sociological standpoints to counter these kinds of operations. Until we do more study and come up with countermeasures using this, we will just continue on playing whack a mole ad nauseum all the while the disinformation will flow and our fractions will increase.

I guess overall I would just like the technical and the more soft sciences to get together and work the problem instead of just believing that technical means are the answer to everything.

They aren’t.

*mic drop*

K.

Written by Krypt3ia

2018/12/09 at 13:53

Posted in Disinformation

QAnon and Qclearancearchive: Another False Flag Influence Campaign by Russia?

leave a comment »

Recently the bowels of 4chan erupted with an ongoing thread’s dire warnings from an anonymous poster named “Q” into the real world. The posts, consisting of word jumbles and conspiracy wet dreams began to take on a new life in the real world at protests over Trump, MAGA, and the fight against all that is sane. I had looked at the original posts on Reddit in 2017 when they started and just shrugged it off as just another conspiracy hoax cum disinformation campaign by person’s unknown. How it would become an issue today just before the mid-term elections few could have conceived.

As you can see the posts are little more than bad haiku but, the conspiracy nuts on Reddit and 4chan and now a couple other aggregation sites (more on that later) have been busily using their cognitive dissonance to make crazy connections from these posts to a globalist conspiracy the likes of which even Alex Jones could not come up with himself! Basically the stories all lead to an overarching New World Order conspiracy that has everything, Illuminati, NWO, Soros, Pizzagate, and other crazy ideas all wrapped up in a bow being spoon fed crumbs about by someone allegedly inside the government with what is known as a “Q” clearance (DOE clearance) Of course Q cannot give just a straight narrative or a drop of classified data, no, it has to be this whack haiku as you see above.

I have tried to read more of this than a few pages but literally I started to go insane from reading this drivel, so I moved on to reading the output from a QAnon conspiracy site that archives and “makes sense” for the lay reader all the juicy secret conspiracies that are in the Q “archives” and man, it is full of cognitive bias, mental illness, and fantasy. I will not make you read it all here but if you do want to look for yourselves you can check the links at the bottom I will gift you all with. More interestingly though, I wanted to cover the movement as it stands today and to show you some of the information I was able to wrest from the archive site itself. The data that I got actually show’s real names of people involved (well, real I guess) that perhaps can be drilled down on some more later on.

Seen above are just some of the crazy ideas these people have about hidden codes in Q posts as well as the interaction of Trump on his Twitter feed. It seems these idiots believe that “Q” is in contact with Trump over Twitter and they are working together to destroy the globalist NWO conspiracy of lizard people ruling the world!

I shit you not.

So yeah, it’s a fair bit insane so please medicate if you plan on wading any further into the nutbaggery. However, I want to direct you to the site that this stuff came from and in particular the guy(s) who created it and are running it. At the top of this post you can see the image of a Twitter account for a “Iambecauseweare” which it turns out is the owner/operator (self proclaimed) of the irc.qclearancearchive.net a clearinghouse of all things Q and a primer of sorts for those who want to know the great truth and get involved.

This site is a font of Q information but, when you start to look under the hood, then you can see that there are some interesting threads to tug on. The site has a lot of information but what I was more interested in was that they have a penchant for creating pdf’s for the masses to conveniently download. Using Foca, I aggregated all the pdf’s and then ripped out all their metadata to see who was creating these things.

Out of about 200 pdf’s I have come up with 8 user names in the metadata. In this group one of them is a known conspiracy author (William Milton Cooper) but the others are all unknown people to me. Four of the accounts are just short names and no help but the other two, Mark C. Duncan and Martin Jr. Donald, seem to be legit names on the face of it. Now since they were all pdf’s there was not as much rich metadata as there would have been had they been Word files but at the very least we have some names to work with here.

The domain qclearancearchive.net was registered 225 days ago and done so anonymously, and with GDPR now, you get fuck all when you are trying to do OSINT on these kinds of things (thanks EU) so I am gonna have to rely on these names and some digging to get anywhere else. I started some cursory searches on these names and did not find much in the way of data. A second pass has yielded some information on Mark C. Duncan;

This Mark C. Duncan has two reviews in his Amazon list for books on conspiracy theories. One on the Mason’s and the other on Alien abductions. Well, this could very well be the guy but I have yet to get much else on him which makes me want to keep searching and I will. The other name that came out of the metadata was “Martin Jr. Donald” which is an interesting way to put that in your system’s metadata. I am going to assume that the name is Donald Martin Jr. and a search of this name is just as obtuse. The hits that come up first for this name are all about a 400lb guy in Ohio that asphyxiated his nephew by sitting on him…

Which, yeah, anything is possible here. I see no other digital bread crumbs (snerk look it up in the archives) to go on with this. So I am kinda at a dead end here unless they make some more mistakes. However, I would like to direct you to the language of the posts and pdf’s. Either these people are the most illiterate of sorts, or, English is not their first language.

All in all this is a nightmare to read and I would not recommend anyone do so. However, given recent events in Ohio and other places where QAnon’s have started showing up (including Trump rallies) I would suggest that we pay a little more attention to this movement. I suspect that at the very least this is yet another Russian active measure that is at best supported by the GRU and at worst, run by the GRU. Given that the movement has self realized and is now in the real world, I would think that if the GRU wasn’t already supporting or running this campaign, they soon will be as well.

I will leave you with the links here and move on from here. I will take a peek at their site intermittently to see if they leak anything else. There was no Cyrillic this time in the data, no keyboard layout, no language packs. Just some names that could be crazies in the states here who are just acting out because Trump has given them the air they need to do so. At worst though, here we go again with the active measures just before the mid terms.

Kinda convenient though huh?

K.

https://8ch.net/qresearch/index.html

https://8ch.net/qresearch/welcome.html

https://8ch.net/qresearch/archive/index.html

Q_s_posts_-_CBTS_-_7.2.0

UPDATE:

It seems that some are buying into the coincidences that QAnon may be a new take on another Q, a book called Q by “Luther Bisset” a nome de plume for a couple authors of this Italian novel

Screenshot from 2018-08-06 16-39-05

While this is a close comparison I am doubtful that this is a giant prank against the Alt-right/Nazi/Trumpistanians. If it is in fact a prank, it has now gone way past that into action and terrible possible repercussions. The fact that these idiots are now showing up in the Trump Nuremberg rallies and elsewhere, and that he has tacitly accepted it all to his repertoire should scare the alleged pranksters greatly.

After looking into this whole debacle I have to say that this story doesn’t quite wash for me. This whole story isn’t just all about boomers to start. How many boomers are on fucking reddit? Fuck, for that matter how many are out there actively on 8chan or 4chan?

COME ON!

Nope, this is something else. Maybe, if it was a prank, it took on a life of it’s own but if Q is still posting, then these guys are about to get into a world of pain as I am sure now the federal authorities are interested in this because it has become a real world issue. Even if it was a prank to start, it may also be that the Russians decided to take this on and amplify this to their own ends. The whole dialog is very Trumpian and adds to the chaos.

Meh.

You guys decide for yourselves.

K.

Written by Krypt3ia

2018/08/05 at 15:34

USA Really: New IRA Troll Farm Site and Twitter Account

with 2 comments

So this morning I saw a tweet come across the feed by RVAWonk that was proclaiming that the IRA was back with a new site and the fuckery was pretty much just naked on their part. In the article she goes over the salient technical details of the site and the accounts. It also has another nice linked post that does a bit more in that area as well and I recommend you all read that too. However, I took a bit of a deeper dive looking at the site itself and it’s coding as well as did some Maltego mapping of it and the Twitter account. My overall take on all of that is pretty much “meh” … What really intrigues me and has been bothering me for some time now is that everyone is busy mapping all this shit but the fact of the matter is that mapping does not stop the cognitive dissonance that the Russians are playing on to win this game.

The Russians here are basically at a point where they aren’t even trying to hide the fact that the site is a Russian propaganda/disinformation effort and this is the important fact we all seem to be missing in this community. This shit works and even though most people do not have the technical abilities to look deeper into the code and the domains, it is pretty plain when you look at the site itself where they use Cyrillic and Russian in their image names and such that it is in fact a Russian operation.

We will all likely go down the rabbit hole on the how many followers they have on Twitter and who they follow. We will collate all the data and sift it and parse it all to put out reports on how they did this. My problem though is that we can investigate the shit out of this all we want but unless we come up with strategies to deny, degrade, or destroy the content, it will reach those tribalists out there who want it and the damage of 2016 will continue on unabated. What’s even more galling here is that the Russians have basically pulled a Babe Ruth by announcing this site and putting it out there so flagrantly with cyrillic in it and on domains owned by a russian domain hosting service. In reality they just gave us the bird and we are now going to just have to sit by and watch as they inflame the Trumpists to hopefully affect the mid terms with this crap.

 

Of course maybe Twitter will catch on here and swat this account offline? You hear me Jack? … *tap tap* this thing on?

 

Oh well, so there’s a new site and it seems they have also employed an SEO in there as well. The site has a lot of means to track posts, likes, geolocations etc as well. I have mirrored the whole site and am still poking through the code. The SEO is a new old site too with an anonymous domain resister back in April of this year that likely is also the Russian’s doing as well. I am sure many of the community will keep an eye on it as we go along so someone will eventually write about this as well with rapt verbiage not really doing anything about the problem as well.

 

So here’s my thing, we are all spending all this time nattering on about it but what can we do to stop such propaganda sites and Twitter accounts from spreading the mind virus? If we cannot stop them, how can we innoculate the general public from the effects of such mental plagues? These are the questions we should be asking and I just don’t hear it happening. I know that it is a rich and difficult problem dealing with the psyche and cognitive dissonance but we really need to lay off all the techno babble and focus on real solutions. Solutions that conern the human animal, not the technology kids. The Russians already know this and they are leveraging it. I mean, how much more blatant do they have to be? How about they just post billboards now in Cyrillic for Trump in all those Trump states?

Focus people.

K.

Written by Krypt3ia

2018/06/06 at 13:38

The Insider and The IRA Data That’s Been On Auction For Over A Year

leave a comment »

Today a tweet was directed at me concerning some new information posted on a Russian news site back on February 21st that no one in the US media seems to have noticed nor the NATSEC community. In fact, I had not seen this and I kinda have chided myself for not paying better attention to the Joker Buzz site that the data was for sale on, for a year! I had actually been on their site(s) in the clearnet and darknet and thought I had posted a blog about the notion of the site and what they sell but I can’t seem to locate it. I guess maybe I just tweeted about it and moved on …My bad.

Anyway, the post on The Insider has the skinny on how a user there named “AlexDA” had ALL of the IRA’s internal documents on the active measures campaign for sale for over a year and no one really took notice. This means that we could have bought the data and had all of the actors, their data, and their METADATA if we had only seen or purchased them back in January/February 2017. What’s more is that had we had this intelligence in the open much more could have been easily available for the general public to be aware of how this was all working and what to look for. Of course now after the Indictment by Mueller of the 13 entities the op has been completely blown and the infrastructure is likely not to be operational, but, we could see operational details and OPSEC mistakes that the players made and extend that to the upcoming years election cycle and Russian influence and active measures campaigns to come right?

Even so, big things are in the small details even within the offering itself that AlexDA is making on JokerBuzz. I have been going through the images from the auction site that Alex put up to entice and prove that they are legit and here is what I have found by doing my thing as usual mining:

Proxy IP Space Used:

In the offering images you can see that AlexDA tried to obfuscate the last couple octets but if you look real hard you can see the numbers pop up. Of course if you just take the first two or three octets and you put that into Google you can see what pops right up. So, the first thing to see is that the service mentioned in the indictment is actually Total Server Solutions LLC out of Plano Texas. I would like to call your attention to how much “Texas” was involved in many of the Twitter and facebook accounts that were super patriotic. It was mentioned in the indictment that they rented the server space to appear that they were in the US. Well, there you have it kids. The data fits and it makes sense that they would try to do this to appear as if they were in the US to fool first pass looking right? I ran an Nmap of the /24 and as you can see if you look, there are some proxies, port 80 and 22 open but none are available to access at this time, so maybe they went back to being just space owned by Total server… I would hope though that those there servers had been, ya know, collected on by subpoena by the FBI right?

Wink wink nudge nudge.

 

Meanwhile, there’s a bunch of servers/IP’s listed in the images as well that are in Russia using port 8888. I haven’t looked at those with Nmap but they are VPS as well so maybe they are still in play. Suffice to say though, it is interesting data and could lead to more things coming to light if you look into them a little further. If you want to play the home game please feel free. I will be circling back over this stuff in the near future and enlightenment will be posted here when I have it for you all.

Alias and Users To Search:

Gee, look at all those aliases man! I have yet to dig into these and I am sure some are already known but you now too can play the home game! Take a look and see what histories you can find on these accounts/nicks. I am willing to bet we can put together quite the timeline and then use that as data to look at future attacks as well. All those Blacktivist accounts though were the appetizer to what I saw next in the screen shots. Alex gives us a whole thing to work with in the image below and if you start digging on that you can get some good stuff.

 

http://aktivnyye.com/t/20171013-blackmattersus.html

Nolan Hack, a name that I believe others have seen in the press accounts, has a Facebook page, a phone number, and a site blackmattersus.com that is in fact still live but not updated since 2017 it seems. His Facebook is live still as well (Why no take down Facecult?) I looked up his details on there and the blackmatersus site and what I came back with was a cell phone out of california marked as a bad number and a site that has been around since 2015 that was registered anonymously and kept so throughout the time it has been up.

http://aktivnyye.com/t/20171013-blackmattersus.html

I am sure with more digging on the name (Nolan Hack *amusing*) I can put together more of the breadcrumb trail to show the cutout’s actions. Maybe in a post to come, but suffice to say that this data also is legit and tracks with everything we have been told by the IC and the news up to today on the active measures by the IRA.

Passwords:

Amazingly enough in the screen shots given on the jokerbuzz site you can also see where Alex tried to remove at least half the passwords in a couple posts. I immediately knew what the password was because, I mean, come on! The phrase “Greed is good” is a classic line from Wall Street and Gordon Gekko. If you look close enough at these images though you can make out the lower part of the G so you know it is that. Now we have to work backwords on those accounts and get the full data in order to attempt top maybe log into them and see what intel we can gather from them (see below for lower part of the g) It also amusing to see that these guys were sloppy and re-using passwords in various accounts. If we get the accounts right I am betting we could own them all and gather much more insight.

Greedisgood…. You guys amuse me.

Illegals Names and drop sites:

In amongst all the stuff is also an address and name where drops were made in NV used by the IRA and more likely the illegals who were in country. The address comes back to a known bad drop/company in NV that has a history of being used for Ebay scams. The cutout name of Gneeda Harris has zero history on first pass but I will look again and dig a little more. Maybe I can turn up something more on this ID but at the very least we have something more to work with than what the special counsel decided to drop on us.

Maybe the FBI can check this place out and see if they have had DVR’d video surveillance? Maybe this dead drop is still live? Are there still illegals in country that have been told to sleep? I wonder…

Metadata:

Lastly, or near the last thing I will cover here on this is the metadata. I used wget to pull down the jokerbuzz site and in the folder for the page of the auction are the screen caps used. Pulling those down and then running them through the old EXIF scan you can see that these captures were done September 28th and 29th 2016. The time stamp says +3hrs and that as of today they were done 1 year 4 months 28 days ago. So, back in September 2016, this data was in the hands of AlexDA and ostensibly about to be put up on Jokerbuzz. This means that either someone on the INSIDE decided to sell out the operation because they knew they were blown and wanted some cash, OR, someone hacked them and downloaded all this shit making the screen shots in September for the jokerbuzz auction. This in tandem with all the backstopping I just did shows that this data is legit and it has been on sale for at least a year and no one knew or was clued in enough to say anything about it.

Who is AlexDA?

Lastly, who is AlexDA? How did they get this data and what is the motive here other than money? Money mind you that they did not get in over a year as the auction timed out and NO ONE bought it. Now, I have been looking at who this may be and there is a case to be made that this dump came from Shaltai Boltai (humpty dumpty) a group that is now broken up due to arrests but has one last player on the loose. That player is in fact a guy named Alexander Glazastikov who has not been caught and may in fact be AlexDA. I will also point to the fact that if you look at the Jokerbuzz auctions there are a number of them from Shaltai Boltai offering all kinds of interesting data leaked from Russian operations. So, it is my guess that this is the case but just an educated one. I for one would like to have a conversation with AlexDA and see just how much he wants for the dump now that it has not sold in over a year. Maybe we all can crowdsource it?

Summing Up:

Anywho, this is what I found just by looking at the details here in the auction post. Imagine what we could have if we actually had all the documents? Hell, I would love to get my hands on them, prize out all the details and then pass it along to the feds. The data is legit, it has been around for a year online, and we all missed it man!

Hey AlexDA, you wanna just gimme that data for free feel free to reach out to my protonmail acct!

More stuff when I have it kids.

K.

Written by Krypt3ia

2018/02/26 at 22:55