(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Propaganda’ Category

Cambridge Analytica And Psychographics Versus Facebook Algorithms and Targeting

with 3 comments

Last week I came across some tasty data out on the net concerning the clients that Cambridge Analytica had been serving in the last election cycle other than Trump. Within that data dump I also came across some python scripts for harvesting data on Twitter as well from a developer at CA which ties them also to mining and using potentially, Twitter as well as Facebook to create pscyhographic profiles and to target those people out there who had the same sentiments and desires around electing Trump as president. What I found in looking at the data and doing some research has brought me to the notion that Analytica’s part in this whole thing was just one sliver of a larger whole. That together with the Russian active measures campaigns, disinformation, propaganda, and echo chamber incitement thereof, Analytica helped target some of the people that Russia needed to target as well as the Trump campaign itself.

In fact, after really digging in here, it has become clear to me that Facebook may have a larger part of the problem with their algorithms that commoditize their user base and allowed for weaponizing of that data to be used in the propaganda campaigns by the Trump campaign and the GRU’s operations. Cambridge Analytica is not the big bad here in essence but a part of a larger whole that the news media seems to be unable to grok because it is not as sexy as having a new Bond style villain to get clicks on. No, the larger and more subtle story here is that the people were manipulated by the Mercer’s, the Bannon’s and the GRU using the tools given to them by Facebook and Facebook as well as the media, to synergize the propaganda with the help of all that information the people have chosen (wittingly or otherwise) to give up by using these platforms.

While the truth keeps coming out in drips and drabs on Cambridge Analytica, one has to also take note of the Channel 4 undercover video’s as well where CA’s Alexander Nix offers up age old kompromat style operations to their would be client. This all likely is second nature to the SCL group, the company that is tied to the MOD and DOD as offering tools for propaganda and manipulation in the past and of which CA is a spin-off company. Once you understand this, then you can see how Nix might just be offering things off of the menu from SCL and happily so to make a sale here.

What Nix is offering though might in fact be the modus operandi for the “whole package” in the case of political manipulation. Think about it, you target the people you want to vote, you then set up the opponent with kompromat and then you leak that judiciously. It would destroy the candidate and prop up their opponent pretty well don’t you think? Overall, what you have to realize here is that Cambridge Analytica was selling itself not just as an analytics company with a side of advertising for political campaigns, but instead a one stop shop in black propaganda and dirty tricks using analytics and psychology to target the voter. Of course now you have to ask yourselves just how effective CA’s pscyhographics and operations really were, how they may have learned from past experience, and what may have been their pivot from just analytics and psychology to propaganda and dirty tricks to pay the bills. First though, let’s look at the data I found and run through some of the premises that CA puts forth to see where fact meets Phrenology.

The Data:

I was Google dorking around the other day and came across someone’s git repo that had an Excel sheet in it concerning Cambridge Analytica’s clients in 2016. When I opened this up I was amazed to see just who else was using CA’s psychometrics for their campaigns other than Trump. What I saw was that Ben Carson, John Bolton, Ted Cruz, and a host of other orgs had been using CA’s offerings as far back as 2014, in the case of Bolton’s super PAC. Carson and Cruz both had limited dalliances with CA but Trump spent considerably on Analytica in 2016. In fact you can see from the sheet, the campaign slogans or catch phrases that they tried too, using them as code names for projects.

All of this data was obtained through the website where they have to give up the information as part of the law. So no secrets here really but interesting information to be gleaned on who was using CA’s services and just how long this has been going on. In the case of John Bolton, you can see that he was attempting to use CA to further the candidacy of someone he was supporting back in 2014. In total, the sum for all this work shown here is over four million dollars between all the campaigns and entities.

Notice though, no charges for Ukrainian hookers and blow for kompromat though. *snerk*

Of note as well are the ancillary campaign strategies or slogans that they had for Trump before they came up with the MAGA (Make America Great Again) claptrap, a slogan though that for those of a certain mind, worked wonders for Trump and his particular brand of populism no? You had “Make America Number 1” which is just not as catchy as “Make America GREAT Again” which they refined from the number one phrase. Of course the whole mode here is to say that America is no longer ‘great’ and it can only be made ‘great’ again by Trump. This is a clever little psychological trick in that it pastes everyone else as part of the pool of people that made America lose it’s greatness and is a phrase that those of a mind, can latch onto as a dog whistle.

While I was dorking, I also located a bunch of FARA statements that SCL-Social filled out and gee, who was funneling money to CA to work as a foreign agent? Why Dubai and the UAE of course! You can see the FARA statements made by Andreae and Associates (a political intelligence and risk group in the US) that is working for SCL-Social, a sub division of SCL-Group, and parent to Cambridge Analytica. What a tangled web we weave when we practice to deceive… Or at last manipulate.

Anyway, there is a lot out there and you can play the home game here.

As a side note, if you look at the original filings on the FEC site you can see more information on the who and the what and the how. In one case I have looked at so far, the LLC that was created to spend the money on “Make America Number 1” is called “GLITTERING STEEL” which to me sounds like one of those derpy names given to APT actors or bad spy novels. Well, once you Google that name though you can see even more about this, that it was a Bannon run entity and that there is at least one law suit pending over their illegal actions in California.

This shit is deep folks… Like “deep state” deep. Anyway, I will continue Googling but you can too! Let me know if you find good stuff out there that maybe I can further write about.

Python Scripts:

While I was Googling up that spreadsheet, I also came across some .py scripts that were on a github for a Michael Phillips, who works for Cambridge Analytica. His creations were for harvesting data from Twitter and pulled geolocation data in one and sentiments in the other. In his geolocation script he was looking to pull addresses with accurate lat and long too! Now, you and I know that Twitter allows this kind of thing and others like me have used different tools to pull OSINT on characters like da’eshbags and the like over the years. It is of note though, that Twitter has to my knowledge, not been mentioned that much with regard to targeting and psychometrics mining by CA in the press. So, this is interesting and makes me wonder if perhaps CA has had more inside access to other features of Twitter as well?

Twitter is notoriously not that helpful to the government and others so I have to wonder if access was given was it bought? What kind of data would Twitter have sold? What do we really know here? Do we know anything about this? Anyone have any insight here for me? I for one would like to know if Twitter was working with CA and to what extent if any they where. This becomes really important just like access to Facebook data because Twitter was the second tool du jour that the GRU used to sow all the chaos and push the propaganda in the 2016 election cycle as well as in other areas such as Brexit and other attacks on Ukraine and the like.

But I digress… Let’s look at the real value of Cambridge Analytica’s potential versus the tools afforded by the likes of Twitter and Facebook themselves.

Psychographics Versus Custom Audiences and Lookalike Audiences:

A lot of the news cycle has been taken up with Analytica of late but what are they offering and just how effective could psyhcometric profiles be of users on Facebook? CA claims to have the ability to target people by the OCEAN profiling system of analytics. This is how they managed to make an application that then stole others data in the form of a personality test that they leveraged on Facebook. While this testing can lead to some valuable information, it is not as accurate or the right tool in my book to micro target a voter as opposed to someone buying something that they like or want. While this was the bread and butter of CA’s claims the reality is that this tool is not enough to hone in on people that well to be a real factor in electing Donald Trump and you all have to realize this.

What’s more, if you look at the toolbox of Facebook alone, they have some algorithms and applications alone that could have been a major factor in Trumps win. The primary two tools are ‘Custom Audiences‘ and ‘Lookalike Audiences‘ which Facebook uses to target people for advertising and the like. Both of these tools take outside data, in the case of this last election cycle that data would be voter rolls. Uploading those rolls (which you can access) you then are targeting your audience to push feeds to. In the case of Trump, then you are using the Republican rolls and targeting en mas your message to them. Now, consider this, those same rolls were used by the GRU to push content to those feeds as well. That’s right, ad buys by the GRU, remember all the talk about that in the news?

Ok so where does that leave us? Well, with CA and Facebook, you could be targeting those people who are outside the rolls and magnifying your efforts with the likes and the comments by stealing the 50 million people’s data as well. This basically becomes an amplification attack kinda like a DoS if you think about it. In the scheme of things it seems CA was just another cog but when you look at it all as a whole you have to ask yourselves these questions;

1) Was CA able to target more people outside the norm?

2) Was CA then able to take ancillary data (other people’s) that also had the same “sentiments” as their core psychometric profile because they were friends of those core friendly users?

3) Was this data then given to the Russians either by insiders at CA or by the Trump campaign itself to help target users and spread the propaganda and active measures to greater effect?

These are the questions the Senate and House should be asking and I am sure that these are Questions the FBI and the Mueller probe are asking. Also, one should consider this more macro targeting than micro but meh, either way it seems that Facebook has a larger share of the blame that they certainly don’t want to take. This is especially true now that they have lost so much value on the stock market as well as losing clients like Space-X and Tesla recently in a backlash that continues.


Was, and Is Cambridge Analytica an Arm of SCL’s Propaganda and Psyops Operations?:

This leaves us at the point where Alexander Nix and his compatriot are seen on hidden video offering kompromat style operations as well as targeted psychographics. If you start looking into SCL, it’s mother org, you can see that they have a history of this kind of black propaganda offerings for the military and governments of the world. It would not be a stretch to see CA using SCL to do some dirty work if not doing it in house so to speak. So when Nix was caught on camera and later made some excuses that he was just “going with what the client wanted” I feel that this is closer to what he wanted to offer because it made money as opposed to the straight analytics package CA offers. Perhaps even more so, Nix knew that analytics was just not enough and that psychographics should really only be used in micro targeted ads for shoes.

If the targeting works, and psychometrics/psychographics do up to a point, then they can be a part of a larger package of tools to target a macro audience with micro tools. I think we have seen, and I have pointed out above that this is likely to work better as a larger package of many tools and operations to influence an audience but it is not the make all be all. I think they discovered that and went back to the old ways to make money with SCL’s cache and tools that have been in use for many years with great effect. Where the rubber meets the road in the 2016 election is that the Russians then possibly leveraged SCL and CA with or without their knowledge to even greater effect and that is what led us to where we are today.

How that actually happened is something for the investigators at the special counsel to tell us later on.

SCL’s Domains:

While I am on the subject of SCL and looking at future possibilities, I looked up everything that SCL owns domain wise. There are many domains that they own and we should keep an eye out for them in future being spun up. In fact, I kind of wonder if they have other domains hidden under other LLC’s etc that we have not seen that may have been part and party to some of the 2016 psyops and propaganda operations on behalf of the Trump campaign. Looking at these domains they have many plans and we should all be paying attention.

Domain Name Create Date Registrar 2016-09-17 GANDI SAS 2016-08-13 GANDI SAS 2017-08-23 GANDI SAS 2017-04-07 GANDI SAS 2015-05-06 GODADDY.COM, LLC 2017-01-27 GANDI SAS 2017-01-27 GANDI 2017-01-27 GANDI 2017-01-27 GANDI 2015-05-22 GANDI 2017-01-27 GANDI SAS 2015-05-06 GANDI SAS 2015-05-06 GODADDY.COM, LLC 2017-08-25 GANDI SAS 2017-01-27 GANDI 2017-01-27 GANDI 2015-05-22 GANDI SAS 2015-05-22 Gandi SAS 2015-07-08 GANDI [TAG = GANDI] 2015-04-21 GANDI SAS 2014-04-01 Gandi SAS 2015-07-08 GANDI [TAG = GANDI] 2015-10-22 2015-07-08 GANDI [TAG = GANDI] 2014-12-31 GODADDY.COM, LLC 2015-07-08 GANDI [TAG = GANDI] 2017-01-27 GANDI SAS 2017-01-27 GANDI 2015-07-08 GANDI [TAG = GANDI] 2017-01-27 GANDI SAS 2017-01-27 2015-07-08 GANDI [TAG = GANDI] 2017-01-27 GANDI SAS 2017-02-16 2001-05-31 TIERRANET INC. DBA DOMAINDISCOVER 2015-03-09 GANDI SAS 2017-07-22 GODADDY.COM, LLC 2009-05-22 TUCOWS, INC 2015-01-21 GANDI SAS 2014-08-13 GANDI SAS 2014-04-07 GANDI SAS 2014-12-11 GANDI SAS 2004-09-16 SCHLUND.DE 2016-06-15 GANDI SAS 2010-05-27 GANDI 2015-06-21 GANDI [TAG = GANDI] 2010-03-15 GANDI SAS 2015-06-21 2014-12-11 GO DADDY SOFTWARE INC 2014-01-02 GO DADDY SOFTWARE INC


Domain Name Create Date Registrar 2014-01-02 GANDI 2015-06-20 GANDI [TAG = GANDI] 2014-04-07 GANDI SAS 2015-06-20 GANDI [TAG = GANDI] 2015-06-20 GANDI [TAG = GANDI] 2014-01-02 GO DADDY SOFTWARE INC 2010-03-15 GANDI SAS 2010-03-15 GANDI SAS 2015-01-16 GO DADDY SOFTWARE INC 2008-08-04 GO DADDY SOFTWARE INC 2015-06-21 GANDI [TAG = GANDI] 2008-08-04 GANDI SAS 2015-07-07 GANDI SAS 2008-08-04 GANDI SAS 2015-07-07 GANDI [TAG = GANDI] 2015-06-21 2013-08-29 GO DADDY SOFTWARE INC 2016-05-02 GANDI 2016-05-04 GANDI SAS 2015-06-21 GANDI [TAG = GANDI] 2014-01-02 GO DADDY SOFTWARE INC 2010-03-15 GANDI SAS 2015-07-07 GANDI SAS 2015-07-07 GANDI [TAG = GANDI] 2012-11-14 GANDI 2014-01-02 GO DADDY SOFTWARE INC 2014-01-02 GO DADDY SOFTWARE INC 2017-07-22 GODADDY.COM, LLC 2016-04-25 GODADDY.COM, LLC 2015-09-21 GODADDY.COM, LLC



So here are my conclusions looking at all of this stuff. First off, CA is not the big bad here but Facebook and maybe Twitter are. Ask yourselves and ask them just how much data they sold or gave access to other entities in the 2016 election cycle. Who were they? Were they connected to CA? SCL? GRU? Also be asking yourselves just how much do you want Facebook to have of your privacy? In posts recently I have seen people saying that phone calls and other private data were in the data dumps they downloaded. How did that data all get into their hands? Well, you let it happen! If you have Facebook on your phone, well, then they have everything and unless you read the fine print, you are boned.

Secondly, I for one believe that Facebook and Twitter and other social media entities sold data to GRU cutouts and they should be taking more responsibility henceforth. I know that Facebook has made efforts to control ad buys and such but really, they hold the keys and unless they vet every application and client, well, it could happen easily again. Zuck needs to grow up and stop the fuckery. His platform is now a weapon and our privacy is the ammunition. I also think that everyone should consider leaving the platform because they hold too much of your data that can be abused. Until such a time as they take this seriously I would not invest the time on them.

Thirdly, I have to wonder just how much information was being passed between CA and Trump/Bannon/etc that made it to the GRU. There are more than a few Russians in the CA constellation that could have been leveraged by the Russians but until some thorough investigation is done it is hard to tell what happened here and at what scale. I do find it interesting though that at least the Facebook data and tools were leveraged and wonder how much was direct buy from GRU cutouts as opposed to passed on perhaps by assets within the Trump campaign itself.

Time will tell but in the meantime here is some data for you all to Mueller.


Written by Krypt3ia

2018/03/25 at 15:00

Posted in .gov, Propaganda, PsyOPS

Russia Insider: How A Connecticut Gold Coast Boy Grows Up To Be A Russian Troll

leave a comment »

I was recently looking at some stuff online about the Skripal case and came across this guy and his site through a link from an article. The article was on a guy who also has been evidently poisoned by Russia (biotoxin this time) in France but they make reference to Inside-Russia as they wrote about the case evidently. Anyway, the Inside Russia thing intrigued me because the guy who started the site and still runs it is from my neck of the woods (Greenwich Connecticut) on the gold coast as we call it here. Evidently Charles J. Bausman, a 53 year old American (ex… Patriot?) who now evidently lives in Russia, runs the propaganda site known as “Inside-Russia” and works in finance, or agro-business finance. At any rate, the site is quite the nest of pro Putin propagandist and antisemitism. In looking around I had to wonder just how a kid from Connecticut who went to a swank prep school here and Wesleyan University (somewhere I went for a summer) ended up a Russian propagandist front and allied with a couple oligarchs close to the Kremlin?

Bausman’s Resume in Cyrillic sent to an Oligarch in hopes of getting financing

Bausman say’s he was born in Germany in 64 and travelled a lot including a long stint in Russia (Moscow) when his father was on a “long business trip” which is to say that his father was bureau chief for the AP back in the old Sov days. John Bausman III was all over the place as an AP reporter but that time in Russia seems to have affected Charles quite a bit. I am not sure just when and how Charles became a Putin propagandist but the site he set up started in August 2014 and has been gaining momentum ever since. In doing all the background on Charles I had to wonder about his father, which, I could not find too much on other than his obit’s online.

I have to wonder just how his father felt about his son’s Soviet/Putin leanings after he started the site, which by the way, was registered with the house in Greenwich where they Bausman’s lived in Greenwich CT. As John was older, perhaps he did not really get to see the site or know much about it. Maybe he did and approved of his son’s leanings? I am not sure, but suffice to say that it may be their travels in the Baltics during the old days might have affected his young son profoundly. I can imagine that if he wasn’t home schooled, he may have been indoctrinated by the Soviet state in some way in his youth. I just don’t really know, but, the other thing that kinda crossed my mind again and again was what were John’s leanings on all this? Like father like son?

At any rate, the son is an out and out Putin “Praetorian” as the book “Putin’s Praetorians” claims and evidently Charles could not resist writing a review of it on Amazon. In fact Charles enjoys his titles as even on his Twitter feed, he boasts of being one of Louise Mensch’s “Russian Trolls” which is I have to say Amusing as I myself am blocked by her because she is an idiot hanger on of the jester. Anyway, if not a troll, what Charles is is, a propagandist tool. Or, I should really say a “would be” tool because he is not trying to hide his identity and is fairly open with his propaganda claptrap he is trying to sell the the conspiracy masses. His site is a “collective” of writers he says, but in looking at them only a few are named and one of them, Anatoly Karlin, is a straight out conspiracy Nazi connected apparatchik for Putin.

Now, on the account of this site being akin to the IRA, well, no that is not the case. However, the Twitter feed and the content is pretty popular and has been rising over the last couple years, peaking in January this year as everything went to hell concerning the RussiaGate story. I would not be surprised if anyone were to do some more mining and find that accounts proximal to the IRA Twitter accounts might have this on their feeds as well. While all of this spin and energy has been building though, Charles has been hungry for funds to continue his work, even though he is some kind of finance wizard according to all his degree work and jobs over the years with Russian banks and the like.


You can donate to Russia-Insider on their site and they take bitcoin and paypal as well as a couple other more obscure payment schemes. Evidently “citizen journalism” costs the big bucks! While his bitcoin wallet has had no transactions at all, I have to wonder just who is paying for his site and activities. In 2014, just after launching the site he exhorted Alexey Komov and Konstantin Malofeev that “I still need money!” which can be seen in the screen shots above from emails that I got from Shaltai Boltai’s dump of Malofeev’s email spool. I went through all seven hundred plus emails and found no more than those you see above. So it is unclear whether or not the Kremlin connected Komov and Malofeev ponied up money but they seemed amenable to it in the emails that I saw. I am going to assume that since the site is still up and that Bausman has added a slew of other domains, he has more plans and that he also got the funding to start. Only time will tell if he moves further and activates the other sites that he owns.

As you can see, if he had it his way, perhaps Russia-Insider would not be the only “insider” site that he could be spreading propaganda with. It is interesting to note that the countries he has chosen to create domains for are all ones that the Russian state would be interested in targeting propaganda at. I am not really sure what the “Cadmus” site would be all about but if you know your history, Cadmus was a slayer of monsters in the Greek pantheon. So far none of these sites has ever had content on them so there is nothing to see.. yet. Maybe if Charles gets his money he will someday have a media empire eh?

Overall, this guy is no clear and present danger but he is one of the lights in the constellation that is RU apologist propaganda. He isn’t RT or Sputnik just yet but he has ambitions to be I think. What really just makes me wonder is, as I said at the top, how does this kid go from US citizen to Russian propagandist? So many unanswered questions on this one for me. Was his father enamored with the Soviet state in the 60’s and 70’s? I mean it was no pleasure dome out there at that time no matter what the Soviet state would like you to think. Of course some might see Wesleyan and think that the left leaning’s of the school would only entice a youth to become more liberal, but jeez, I mean this guy is full on nutbaggy! Also, this guy still has everything listed in America as ownership goes! The Russia-Insider site before being set to privacy still has his parents place listed as the address! Choose a country dude.

Well, that’s about it on this one. Just a little heads up on this guy and a bit of background. I kind of have a yen to drive down to Greenwich and visit the Russia-Insider HQ just for shits and giggles. If anyone else has any tidbits they care to drop on me use the Protonmail acct. Until next time, keep watching these whacknuts.

Dos vidanya,


Written by Krypt3ia

2018/03/19 at 18:46

Russian Meddling: Indictments and Troll Farms

leave a comment »

The indictment by the Mueller special counsel investigation into the meddling by Russia into the election cycle last year is just another nail in the coffin on the conclusion that there was no action by the Russians to affect the election cycle in favor of Trump. Though many still have their cognitive dissonance helmets on full, the reality even struck into the White House with Trump tweeting out that there was actually meddling, no collusion, but meddling. So this indictment has shown it’s potential power on the whole case but I wanted to dig a bit deeper into the Troll farm and it’s KGB ties before we ever heard about it as a general populace post 2016.

Point of fact is that in 2015 Adrian Chen wrote about the Troll farm as it was still carrying out attacks on Russia’s other pressing enemy, Ukraine. People seem to have forgotten with all of the talk about the farm in 2016, that the Russian propaganda and PSYOPS machine was actively working for Putin in support of his agenda against Ukraine and it is this fact and how they operated then that should be addressed and shown how they evolved to today’s hybrid warfare tip of the spear.

Back in 2015 the nascent troll farm was active in trying to spin stories about Ukrainian ologarchs and their activities as counter to Russia. One particular story line took place after the assassination of Boris Nemtsov, an opposition candidate to Putin and a progressive in Russia. A reporter for a Russian news service did a story on the Troll Farm and actually managed to gather their documentation including opposition research (internet research) which later would be the name they would take up as IRA right? Anyway, within that cache of documents you have papers with links on things like the Middle East and other areas with ideas on how you could attack them politically with posts like the above on Nemtsov’s being killed not by Putin, but instead by those nasty Ukrainians.

It is informative to look at the postings and the nick names that were being used by the early IRA as opposed to what they have used in 2016 and still use today. In early days they did not really try to insert themselves so well into the public space as being citizens of the areas they were talking about, in fact, most of the names have English connotations  and not Russian at all. So by looking at the users and their posts (livejournal for instance) show’s you what it was like in 2015 spinning up and learning. There may have been just as many Twitter accounts but for the most part they were using Livejournal, which makes sense because at the point this was going on, Russia had bought Livejournal…(I left LJ when they did)

No. П / П









3 koka-kola23 raphahunthig
4 lipyf837 panebcaj
5 vince-crane tergparriotio
6th ya_karnavalova lihohor
7th nannik-dr sojaan884
8 Rezites cypetcompbis
9 konorlaoo04 destforkowoo
10 qkempek nouglysv
eleven caradoxee5 petraffilya
12 ynuka Backlashealthma
13 natalex84 amenem
14 anna_02051990 paintbellu
15 mrokiralex iugegeizh
16 annetjohnson pexirgarnez
17th rghkride chicocali
18 gkohio pexirub
19 karber861 kmfemovmpxxx
20 innyla92 lojtautome
21 cotedo inkiptiruc
22 Smurfetka-24 palecefaz
23 raikbowee1 hhlayz
24 ohvis134 ningcotedin
25 demouu1 olginarkew
26th nofk452 renfidebun
27th alexander7171 portlandam
28 vadro olga_lebedyan
29 makgxiewua andriudruz
thirty mofan926 unmolarlay
31 smspudilj repaw968
32 varkhotel stepalexos
33 shtots prasingyy55
34 rijbc steltertheeness
35 wylwurwolv spinrarata
36 workroman ddesesexla
37 pheyeroo57 antaauu4
38 tritonst wihhie917
39 milka_e20 pagkagezmeat
40 codirips814 werhellvolkfu
41 lorislaley tiopretytcur
42 eekim81 aladorzam
43 oftibar nyntynuriu
44 elegmhehov begtotenlu
45 aple_at_the_tab abezhiu
46 Nikolaabil oxyitt
47 hey_son1c rabrukywiz
48 firyupa snowdidsmomuds
49 asus paradana
50 Symatvei durenhuntpi
51 xamit251 sixfeevae
52 farpodmuu07 nebozuanrou
53 oloviit procomdn
54 diuu085 kovikotuss
55 alenkujl urigcon211
56 rcrims peosaytranos
57 snoop83 borgperwensgod
58 vynal rhealaltrades
59 sportto nishihatu
60 danybody asafasngut
61 alexmosyan cophetycoo
62 poragpalkhe merzasarsgepf
63 sergalyev839 promvogtsigold
64 vadim_spx pesina20k
65 rus-policy vuhyzowi
66 wafyy248 skewerilgraph
67 katerina2703 wladmancornnes
68 dragon_uz feedpecosleft
69 Winter-kinder prosorouqu
70 Pjobynrutri frantirigesch
71 green_margo cirgadisla
72 ptirenw precalacov
73 pastogross zlavaq037
74 igerenbart hrilepswia
75 mskilys szehdes
76 pantyyy08 bestthecalpa
77 thepicard lasorpprogso
78 igtego classatopos
79 paqurni zipkingfilci
80 emory6townsend preaphoubowo
81 aspera76 geoversive
82 zymecs gingsenpirem
83 001usa tes40uvir
84 ca119idia judj747
85 fadaqpm throwenelan
86 pybden sfouninmire
87 Protsyon diotradconpe
88 phidiwp507 llanpaclaive
89 makabu neytilmigers
90 osobroim glyzitneko
91 yuliya_korshyn metcentlighrou
92 Parabellum50 bentakiffo
93 policyrus pqalongese
94 tuyqer898 chaicoffskaya
95 aljin cenhoufimou
96 rammathets siohuntired
97 overtimorouq feascoacoca
98 overtimorouq prozaet
99 ntnwoc inga
100 stranamasterov glycmamortga
101 ktoroj14 imclasfulte
102 Yohohoguy izorylie646
103 pbijipsfem lighwinsbrachig
104 wyazfunovv mafomeri
105 ariol921 oryanhuazo
106 mariya-789 kfuu0
107 roavrumper daytrolchildcha
108 kyxapka odassaflot
109 ryypaulinm tamred1
110 jang033 paca979
111 wwwevgemie vollatasklu
112 p01t11 legahedddis
113 pohezvitie othoee111
114 zhakim755 trugleyscorun
115 Asswalker ybdocegesch
116 vvp2014 rpmuntar
117 to12scorta nahezuu91
118 Spicemachine socompdanfi
119 nastia642 beadeadsdentfi
120 nungsorivat pia986
121 homyr657e pzsg
122 orlenrenosr pdachee
123 kalininkhu paschig
124 parydaq070 plimtintaza
125 enot_kot ptimenalhook
126 abfyr890 Ladushki2014
127 vamiqyy63 photographereye
128 evgenyashm balyk2014
129 palfemine polza1985
130 tay-zakulisnay1 polina_i_liza
131 radbec gymbreaker
132 revivaldude strelach
133 cykularj tolstunovich
134 ageev013 demosfen-en
135 porkimes Ikehujaik
136 owwaxde082 nersis
137 andrei-kovrin IvanichKem
138 pasioda BVDfan
139 fooqbal951 bookworm-war
140 nugotvapi nina_zlova
141 swull786
142 nina_istomina
143 gig180
144 raokabea
145 synbmulty
146 beloham848
147 lissa-marioko
148 kater971
149 peflirz
150 hikonozauu00
151 hikonozauu00
152 michael_jd
153 uglycoyotespb
154 urajr
155 bobzan
156 peulgieness
157 scavamerzl
158 levyshkinr
159 pavetbrer
160 ddanii33
161 goodrus
162 supersonicwall
163 mannaliobrit
164 pierii01
165 panbiran
166 georgi-grusha
167 pashka208
168 vmoffee179
169 etopiterdetka99
170 jenyamelika
171 anya_rocket
172 snowy_trail
173 malkovich_i
174 samiyymniy
175 chadimi
176 kvazarion
177 Nestero85
178 nika_anisina
179 savoiyar
180 oksadoxa
181 mercymt

Most of these you have to look up with the Wayback Machine and you will notice that a lot of them were one off posts and that was it. Just sowing the ground for the infowar and then linking that post around. For Ukraine and anyone who has been paying attention, the PSYOPS and Hybrid War has been ongoing for many years so this is nothing new. For the US, well, the general populace that is, they hadn’t a clue I guess but I wanted to get across to you that what they pulled off in the US wasn’t new, it was just the next evolution of what they have been doing all along elsewhere. It was the magic of ubiquitous social media and a really polarized political landscape that made it work so well in 2016.

So with this indictment we can peek further under the hood of the hybrid information war against the US election process. It seems that this all kind of was being at least thought about in 2013 when Putin was pissed off with Clinton about his own elections and some of what later came out in the cables that were dumped by Wikileaks. By 2014 the notion of hybrid warfare had been put out by the Gerasimov and Russia was starting to plan. The creation of the Troll Farm I personally think was a part of the Gerasimov doctrine’s modus operandi that the SVR/GRU and Putin decided to create for this purpose and furthermore that the first fledgling attacks were the prelude to what would come in 2016. Certainly by 2015 they were spinning up and already had assets in place in the US gathering intel and creating the baselines for the attacks.

Truly this was a hybrid form of warfare using human assets and technical ones to carry off the plan. This wasn’t just some one off fly by night operation, they invested a lot of time and money getting assets in country (US) to collect data and to add to the planning stages. They then went as far to hire out servers in the US and create VPN’s to make it look as though their troll armies were actually here in the states. Add to this the fact that they also used carding sites to create users and bank accounts to fund the operations also speaks to the sophistication of the operation.

This wasn’t dedushka’s propaganda operation!

So what does all this mean other than it is an entertaining diversion for those who want to go down the rabbit hole OSINT wise? Well, it shows that the Russian plan was larger than one might have thought, more effective than some still think, and was but one component of a larger operation. That last bit is key for me to get across to you all. Of late I have been seeing reports online since the indictments came out that said the campaign really did not affect the election and this is poppycock. This was just a part of the larger whole and to take this module of the whole plan and separate it out to say nothing happened, is idiotic.

Though the President and the Russian operations still ongoing would like you to believe this is the case, it is a falsehood. In tandem with the hacking and the leaks, the Russians most definitely affected the voting by the populace. In fact, when information starts to come out about how Analytica data targeting very specific groups and regions comes to light you will see just how much the whole is the sum of the parts and the synergy was leveraged. This was no simple hack and dump of data, there were psychologists and social scientists involved as well as technicians and hackers.

This indictment just sets the stage for more to come my friends… And seeing Donny squirm and rage has been amusing.

More will come. For now though, do read the aricle and look at all the docs in the Google docs dump there.

Dos va donya


UPDATE: I am going through the metadata of the files from the Google drive and I have found a document that comes from a .mil address ( and this document (Nightly TK of 06.01) gives direction on post keywords and writing direction for content.

Ночное ТЗ от 06.01

It was created 1/26/2015 by “user”

You can now see a military connection to the Troll farm.

Written by Krypt3ia

2018/02/20 at 20:57

Industrial Society and Its Future (1995) & Our Socio-Technology Woes Today

with one comment

With Manhunt Unabomber on TV recently which I binged, I have been thinking about old Ted and his ideals behind the madness he was pushing. I would like to state up front that I do believe that Ted is clinically mentally ill and that manifested itself when he finally went into seclusion. What happened over the years that followed was an unbalanced reaction to ideas that have a core of truth though and many people actually see the same kernels of insight that I am going to talk about here. I have just finished re-reading the manifesto that he got the papers to publish under threat in 1995 and clipped some passages for you to see here without having to read the tome yourselves.

Where I want to direct this post though is about the problems we have today with technology that Ted seemed to foresee and also to extend a little further into the social issues that we have seen played out in our recent election cycle and the probable attacks on the one upcoming in 2018. Ted touched on some of the sociological and more human issues of technologies and systems in his manifesto but for the most part he was taking a very rigid stance that all technology is bad for human beings and the environment. He had some interesting ideas on sociology specifically on left wing and right wing personalities and ideals that, well, he get’s all wrong frankly, but I feel it is important to mention. Though he got it wrong and his opinions on motivations was, well, very 1950’s, you can see some of what he is talking about in what has been playing out with the alt-right movement.

Ted is misdiagnosing people’s motivations likely tinged with his own issues psychologically so his assessment is flawed. However, if you read above you can see something there if you align it to the alt-right today. They feel inferior in that they lack the power, or, lacked the power until Trump was put into power by their minority of thirty odd percent of the vote. Anyway, Ted goes on for a fair bit on this and I will not bore you with it as it is not overly germane to this post, but I thought you should at least get a glimpse here. Ted, you got leftists and right wing all wrong dude. Of course this was within the first pages of his manifesto and he really does not get to the technology part until section 114 or so where we want to be.

In 114 Ted starts to talk about “the system” which means all technologies to him I think, but if you look at it from the perspective of a political system as well, you can see something that maybe we all have felt. How many of you have thought about voting and come to the conclusion that your vote doesn’t count? I have, in fact in the last election I almost did not vote because I just felt that the system was rigged. In rigged I mean districts were gerrymandered, back door deals are all in play, and possibly even the election machines had been hacked because, as we all know in the security circle here, they are so weak in security mechanisms to be laughable to hack. In effect, these systems, both technological and rule based were inherently made untrustworthy by the system of politics. We have had our real autonomy and ability of action removed from us through the system and it’s rules …So why bother voting if it’s a foregone conclusion and there is no foreseeable change right?

Another area of thought that Ted writes about that seems to be a companion to the above section is once again your power is taken from you because the government or the system. In Ted’s mind it is the technology at the bottom of all this but here again he is making what I would consider more a political or societal argument. In that conservatives really want states rights over big government, I for one cannot extricate this paragraph from the notion today that the right wing would like to take away the power of the people locally as well as nation wide even with “small government” Honestly some of their thought processes are rife with cognitive dissonance but the goals seem to be “we are in control because we have the money and the power and you should just do what we say” Anyway, it is just another system and technology today only enhances the control as far as I can see. Of course we are also seeing that with things like Anonymous and the internet, the power can be interrupted with the application of the right technologies as well huh?

Here Ted is talking about the system taking over the individual to perpetuate the “system” and if you read this with an eye to today’s concerns over jobs and the rise of the Trumpists, you can see a parallel right? If the systems are now creating supply chains that are automated enough to not need human intervention for function, then we lose jobs right? Of course Trump really doesn’t cover this notion completely in favor of jingoism over borders and immigrants taking over our jobs but the real reality is that automation is doing this as well as tax games that move companies overseas. I sometimes wonder how the future will look if we do not educate our people better and these systems just function without the need for under educated workers, will we see more of this unrest that leads to another Trump?


If you have seen Manhunt Unabomber, then you will recognize the imagery that they used at the end concerning free will and systems of control. Ted takes it to the nth degree but the reality is that systems do control our actions but once again you have to accept that control and accede to it to be controlled. The very core of hackers and hacking is the notion that we can subvert the systems to make them do things they were not meant to do right? In the case of the stop light and the philosophical questions over being part of a system or controlled by one is very interesting. You all should ponder this as hackers and persons within a series of systems both technical and logical and consider your position here as well. I think we are at a cross roads here post 2016 and the use of technologies and systems of governance where one might feel like Ted a bit. What control do we really have when you could opt out of the system but the masses don’t? Look at what has happened when a small percentage of people in this country gamed the electoral system to elect Trump over the clear popular vote. The system has control over the lot of us and there isn’t very much we can do as we have seen if those in power, a small group, is in control of all our fates.

It makes one have thoughts about hacking systems… What does it mean? Can it be done? Should it?

In 130 and 147 here we have an important point from 1995 kids about the uses of technology as a form of control. Take that paragraph in and think about where we are today and what we have seen since 2001. We have fetishized technology in the name of freedom today. We have autonomous drones, cameras, NSA systems that monitor everything, and lest we forget our own abdication of our personal information and privacy for the new shiny phone or application. Collectively we have allowed our own security and privacy to be degraded for shiny things. What’s even more interesting is that those in the know, the one’s who have the capabilities to secure their private information may never really be able to completely do so because the systems are so prevalent that our data is out there anyway, just one breach away from being publicly available for sale on the darknet. I have often had thoughts about just backing away from the technology, but then my lizard brain just says “you can do this, you can secure your shit with crypto and all the things”

That’s delusional thinking.

Look at what played out in 2016 and then try to convince yourself that you can control the system enough to be immune.

Geez I am starting to sound like Neo.

Anyway, all of this manifesto reading has given me perspective on things in 2018. Ted had some ideas that are valid but he was unstable and decided to act on them to save humanity in the wrong way. Frankly he should have just lived in that cabin and kept to himself and paid no attention to the outside world. This is the crux of the problem though, could he? It seems like he lived on the fringes of society and he knew he could not go full mountain man and live off the land so he did what he did. Herein lies the problem though for us all. Unless you have the wherewithal to live fully off the land then you have to deal with technology and society right? So here we are, how many of you out there could just walk into the woods and live? I find it funny that a lot of our zombie shows pretty much deal with this issue and we are eating it up. Deep down we all know that if society broke down and technology stopped, we would have to fight for everything to survive. Many of us wouldn’t be able to handle it and there would be a lot of attrition.

As we move forward with AI and more technologies that are supposed to make our lives easier, we are also infantilizing ourselves, separating ourselves from communities, and giving away certain aspects of ourselves to the machine. So I can understand some of what Ted was saying …I am just not mentally unstable enough to want to live in a shack and make little packages of explosives. I do however have my moments when I as; “What are we doing here?” I have written posts on Stratfor about hybrid warfare counter programs and honestly between the pervasiveness of the technology and the cognitive dissonance of those who use it I can see no good options for countering it. Is the answer then to just leave Twitter and Facebook? Is the answer to just not surf the net and read a book from a library? Or do you double down and work the system like a hacker and try to get some sanity?


Written by Krypt3ia

2018/01/31 at 14:12

The Post Conspiracy Age

leave a comment »

In last weeks episode of The X-Files, the whole notion of conspiracy theories, truth, and reality were amusingly deconstructed. The premise of the episode was put into one of the more amusing funny X-Files over the years but the core observations it made were something to think about outside of satire. The story line follows the idea that Mulder and Scully had a partner that neither can remember because he has been collectively erased from their memories by a “Dr. They” a hypnotist spooky doctor of some kind. The plot line slides along greased by all the conspiracies over the decades of the show concerning belief in cryptozoology and aliens while making the case that the human memory is not only fallible, but it is also highly manipulatable.

Throughout the story line the notion that people remember things differently per experience also is at play with the idea that forces are at possibly at work shaping the collective memory. One of the ideas they drag up is that of the Mandela effect, where people have varying memories of Mandela dying in prison as opposed to him being released in 2013. Of course Mulder offers the theory that these are often explained by parallel universes, but that is shot down by Scully and “Reggie” the alleged partner they cannot remember. I for one have heard of the Mandela effect but then Reggie says it is not the Mandela effect, it’s the Mengele effect. The Mengele effect as far as I can tell is just a plot device for this episode of the X-Files but the Mandela effect is another matter. It seems many who misremember go on to substantiate their own inability to remember things properly as an “effect” to save face.

“It’s the Mandela effect. When someone has a memory of something that’s not shared by the majority or the factual record. For instance, there are some people that have a memory of seeing a movie called Shazam starring Sinbad as an irrepressible genie. Even after it’s pointed out to them they’re probably thinking of a movie called Kazaam starring Shaquille O’Neil as an irrepressible genie. Especially because a movie named Shazam was never made.”
“But what if I don’t remember either movie?”
“You win!” – Mulder and Scully

Aside from the idea that there are Mandela effects, aliens, squatches, and government conspiracies, this episode focuses not on them for me as much as the methods these ideas are spread and the nature of just what is truth anymore. In a meeting near the end of the episode, Mulder meets the mysterious Dr. They, who is seen standing by a sculpture making the “tsk tsk” or naughty hand gesture that you see above. He starts off talking to Mulder about how the kids today have no idea what this means anymore and that we are living in a “Post conspiracy age” where nothing is real anymore anyway so conspiracies just mean nothing.

“They don’t care if the truth gets out. Because the public no longer knows what is meant by the truth.” – Dr. They

Basically They tells Mulder that none of his truth seeking matters anymore because we are in a post truth society. In effect, nothing can be true anymore because everyone just believes what they want to paying no never mind to facts and things that are known to have been truths. It was this scene of the episode that just hit home for me. In a time where social media has given rise to the common man’s ability to leverage their own cognitive dissonance as part of a larger machine of propaganda and psyops by nation states and corporate entities, nothing is real anymore. Even if you present people with facts and data, they can just discount it because of they now have an arcology of communities that they belong to which re-assure and amplify their own ideas whether or not they are patently wrong and provably so.

….In essence an arcology of echo chambers.

“Believe what you want to believe. That’s what everybody does nowadays anyways.” – Dr. They

As I watched that scene over again a few times it all hit home in a way that I had not overtly thought about in a while. We are living in an age of subtle Nihilism where nothing really exists or matters on a factual or truthful level. It’s all “Truthiness” as it was coined by Stephen Colbert. You choose the level of the truthiness and it’s content per your belief system and no one will be able to assail your notions because they are just wrong. In the X-Files episode the quote by Orwell was brought up twice of “He who controls the past controls the future.” which is then re-stated by They in the meeting scene with Mulder where he says that it was Orson Welles who said it. He is corrected by Mulder that it was Orwell, but basically They then says “for now” as if he is about to manipulate everyone’s memory to change that. It’s amusing as a scene but the reality is that with the facile minded and the misinformation of the internet and manipulative media, it is a possibility that it could become a reality where the masses believe it was in fact Orson instead of Orwell, and then it will be come de facto fact as someone edits the Wiki page and commits.

“We’re living in a post-cover-up, post-conspiracy age.” The “poco”

I was left thinking after this episode about the problems I had been mulling over concerning counter narratives and programs to fight active measures campaigns like the one that Russia carried out and is still carrying out on us. One could just buy into the idea that there is no real way to fight this because we have a system now that allows and perpetuates these echo chambers. Twitter is a steaming pile of minis-information and food pictures. Facebook, well, Facebook is another animal altogether and Zuck has recently doubled down on the problem by saying they plan on only having more inter-networked news being passed on by it’s users instead of real news service feeds. This will only lead to amplification of misinformation as those groups only echo those “truths” they want to believe as opposed to facts. It all makes one want to embrace Nihilism all the more and really believe in nothing at all because what can you believe in when everything is just opinion as fact?

Today we are bombarded with information that has been created, ,managed, or manipulated by the unseen hand of corporations, people, governments, and cabals if you want to believe that. It is up to the consumer to do the leg work and discover what is truth, but unfortunately for the masses it seems, the truth is just subject to their own cognitive dissonance. In 2018 we are about to embark on a new roller coaster of disinformation and active measures not only perpetrated by Russia and other actors, but ourselves. How do we really fight that power?


Written by Krypt3ia

2018/01/29 at 14:58

Russian Active Measures: Propaganda, Targeted Ad’s, and The Mob

leave a comment »

Handbook of Russian Information Warfare 2016


With all the talking heads on CNN expounding on the ad buy’s in Rubles and the oblique presentments by the senators yesterday on the Russia collusion investigation on C-Span, I felt the needs to drop some knowledge. All of these measures are not new but it seems like the general populace, the government, and the media all cannot comprehend that fact. Propaganda has been around since the dawn of civitas and today it is just more able to be used more nimbly in our hyper-connected society. With the advent of social media, the use of propaganda has been been turned into a more precision tool using demographics, analytics, and a medium that engenders itself as a new asymmetric warfare tool and this should be no surprise to anyone.

Propaganda has long been a tool for the radio, print, and television media to be paid and or tricked into releasing content that serves one of the political masters out there. However, the new wrinkle is the heuristics of computing and social dynamics data thereof of all the data points that we now collect on everyone who is using the internet or sites like Facebook, Google, or Twitter. So much information is collected today that it is possible to accurately determine how a person thinks and acts given their preferences and their secret activities that are seen by the algorithms inside these systems. Unless someone today takes greater pains to obfuscate their activities, companies, and governments can easily mine that data for ammunition to create such things as the black propaganda we saw used in the 2016 election cycle here. Since people really don’t pay attention to the other countries out there, they too would have seen the same measures used in places like Ukraine if they had been paying attention.

Previously I had posted about such measures in Ukraine that included the whole cloth creation of a media company to manipulate the populace there with propaganda as well as the use of malware to spy on the populace. Today I am covering the precepts of the use of our own systems of social media as well as our collective group psychologies to sow chaos. Given the outcomes in the 2016 elections and the continued attacks on our psyche’s by Russia post election we now have a pretty good idea of how the dynamic works. One must though take into account that human nature plays the largest roll in this type of warfare for it is the base of the equation that the Russians are trying to manipulate. The targeting of ads to key states and cities was just a targeting mechanism to the overall more targeted PSYOPS operation that was at play. The Russians parlayed the divisions within the US by creating echoes within already nascent echo chambers for those who are of like minds on social media systems. Once the psychology was worked out it was just a matter of locating those pockets of people and then creating the media (e.g. fake news) to feed into those systems and agitate those people into a frenzy.

Once again, human nature was keenly leveraged to sow chaos as well as being a vehicle for those noise to signal messages (dog whistles) for the believers and I can appreciate that. Frankly I am in awe of the techniques used while at the same time I am concerned that there are no real ways to mitigate these kinds of attacks due to that said same human nature. We all have our bias’ and we all ascribe to our own echo chambers whether we do so consciously or not. Social media in itself is the perfect medium for this and we just fall into place as the lizard brain takes over. So when people today ask the questions around how to combat this type of thing I often say that there is no real way to stop it. We can of course use people to look at ads like Facebook is doing now, having hired or in the process of hiring thousands to do so. Or we could just look at the ad buys and insure that they are not being paid for in Rubles… But these means are clunky and the adversary has many other options so in the end it will not work.

The ongoing Senate investigation into collusion and the Russian active measures campaign in 2016 has many people also asking specifically about the targeting data. Did the targeting data come from the Trump organization? Well, yeah, it may well have come from them or it could have just been collated from online searches and a working knowledge of the electoral system. You see, this attack was simple enough to calculate if you wanted to attempt to win the electoral college. One can Google the states that are key to winning the electoral vote but it is the fact that it seems the targeting went down to actual names and addresses that matters. I for one would be asking Cambridge Analytica about that data and how it may have come into the possession of the Russians. Now it is possible that the Russians had their own parallel program for this, or it is also possible they hacked into Analytica for it, and as far as I am aware of no one has asked for a forensic analysis of CA’s security there. Of course the data could have been handed off by someone like Paul Manafort as a quid pro quo (black caviar) right? Or perhaps it was Jared as a means of paying off his Russian friends in hopes of a loan to cover his bad real estate debts? I also think that it is possible that the rolls hacking that happened in the same time frame could also be the answer to this. It is possible that all those rolls were copied, sifted, and used for targeting of propaganda at the final stage of the race to the White House.

At the end of the day though, the problems of social media, cognitive biases within the populace and the mob mentality that humans tend to fall into (Republican/Democrat/TeaParty) will not be going away. We are creatures of habit and limited by our own brain biology. Do not expect that knowing that there is a propaganda campaign will stop those willing to receive it from buying into it whole heartedly. Social media isn’t going away anytime soon and the idea of algorithms being the key to stopping this is a falsehood. It all really just matters how you consume this media and how you react to it. If you fall into the echo chamber of cognitive bias or bent, then you will likely become a part of that machine and not be able to separate the truths from the bias truths that you personally ascribe to. So when you all ask how this happened remember that we are the culprits, the people.


Written by Krypt3ia

2017/10/05 at 14:51

RULEAKS: Russian Media and Disinformation in Ukraine by the DNR-ONLINE

with 3 comments


Back in December I located a dump of data on the darknet placed there by a hacker collective in Ukraine called RUH8. The dump is rather good sized and all come from Russian backed Ukraine sources. RUH8’s dumped one group in particular that I was interested in because I located a piece of malware in the email spool that, once run through the usual tests, showed to be something not widely seen before. I will cover the malware further down the article and will include IOC’s but once I harvested the email spool itself and began to get things translated things got even more interesting.

Once I mirrored the site I got some help from <REDACTED> and set to work in translation of emails and documents attachments. Most of the bulk of the dump is average emails concerning daily business but a few began to tell a tale of the company that the emails came from and how it was in fact a Russian front organization created for propaganda in Ukraine and used to manipulate the populace in the Donetsk People’s Republic (The Russian separatist area of Ukraine) and those outside it including other countries outside of Ukraine.

Having all of this come to light just after the election win for Trump, and now coming out here in the midst of the Russian intervention and collusion investigations today, I thought this report would be prescient and give a rare insight into how the Russian propaganda machine works, how the intelligence apparatus of Russia works in this respect, and perhaps bring to light a new piece of malware for everyone to see.


The leak by RUH8 in the darknet consists od more than a few entities email spools as well as individuals that they have described as assets of Russia. In the case of this post the data comes from the domain This is a media org in Ukraine that is Russian backed and as I said before caters to the Donetsk People’s Republic. Within the dump there are many documents covering the day to day but five documents stood out amongst them all (frankly there are more to be analyzed and one needs Russian speakers to translate them all) as being all things shady.

RUH8 is also the group that hacked and dumped “The Grey Cardinal’s” email spool as well. Having gone through that spool I did not find any malware of merit or anything that was new so I moved on in mirroring and checking for goodies. They keep adding content to the site too so I would expect eventually I will locate some more goodies in the future. Keep an eye on the blog for more when I find it. The Grey Cardinal though is an interesting figure and I recommend you all read up on him as well.


Right, well on to the good stuff! The following documents found in this dump show Russia’s machinations at propaganda in Ukraine, well, at least this small slice of it.


From Translator: This talks about “anti-Russian hysteria” in the media and about disinformation and fake news that makes Russia look bad. And also that pro-Russian voices are accused of being agents of the Kremlin. To counter this, this document outlines a project to create a pro-Kremlin media campaign in the Ukraine that includes a budget for hiring journalists and buying equipment like computers and voice recorders, a budget for freelancers and “insiders”, Website hosting, web administrators, editors, advertising, The amounts — which are, for some reason, in US Dollars, are $9,250 for initial set-up expenses, and $38,280 ongoing costs. Those could be monthly costs — the salary of a full-time journalist is listed at $2,000, and that’s likely to be $2,000 a month.  The editor in chief, who’ll be based in Kiev, will get $2,500 a month. Hey, their freelance budget is $6,000 a month! 


From Translator: is a little disturbing, since it outlines how the anti-war movement in the Ukraine can be used for pro-Russian purposes. For example, the idea is to create a picture of the leaders in Kremlin as corrupt power-grabbers who are using the war in eastern Ukraine to distract everyone from their own problems. Russia’s invasion of eastern Ukraine is just misformation from Kiev. Sounds totally legit.

Oh, and I figure out why it’s all in US Dollars. Hah, this is funny. Way back when I was based in Russia — something like 20 years ago, when the Soviet Union had just collapsed, inflation was rampant. Stores had to change the prices on all their products several times a day! To deal with it, they all switched to using Dollars or Euros instead, the traitors! To fix the problem, instead of fixing the economy, the Russian government outlawed the use of foreign currencies on prices. So what the stores did was switch to using something called the “arbitrary unit” — which just happened to be worth as much as the dollar, by pure coincidence. Ever since then, this “arbitrary unit” has been the default price. It particularly convenient during inflationary periods, or when dealing with local currencies in different republics. Plus, everyone knows what it means. So, in this document, they use the term “arbitrary unit” and in others, they seem to have just used the dollar symbol instead.

Also, I can confirm that the ongoing expenses are per month — they spelled that out in this budget.

So anyway, this is another juicy document. They’ve put together a budget for running a fake anti-war grassroots organization.

Initial costs are $79,200 for things like computer equipment, recruiting, registering domain names and getting business and media licenses, and website design. It’s interesting that in both this budget and the previous one I looked at, they’re careful to get all the permits and licenses in place. They might be trying to undermine the government of a foreign country, but at least they’ve got all their paperwork in order!
Then the ongoing expenses are $86,000 and include salaries for regular contributors and freelancers, salaries for editorial managers and copyeditors, a financial manager and their deputy, $2,000 for a lawyer, $20,000 for online advertising, and $10,000 for promotion on social media like Facebook and VKontakte (Russia’s LinkedIn).  

They’re expecting 100,000 unique visitors a day on weekdays.

It’s interesting they note that they’ll be playing games with the tax status of their employees — like in the U.S., there’s a difference between paying people as staff (where the employer has to pay a chunk of the taxes) and as freelancers (where the poor schmuck has to pay for everything). Also, in Ukraine, folks living in the disputed territories don’t have to pay taxes. They’re saying that they can save 40% as a result of playing around with this, which they claim is common practice in the Ukraine.

So not only are they undermining a foreign government, but trying to avoid paying taxes while they do it! I don’t know which is worse.

Document docxk7EDEjG06i is a plan for creating a major national media outlet from scratch. It will take $347,640 in startup costs, and about $146,500 a month in ongoing expensies. Total costs, for an eight-month period, are $3.82 million, including advertising costs, and other related expenses. Again, they’re playing around with the taxes. And they’re expecting to get a quarter million visitors a day on weekdays.

This one also has a budget for protection against DDOS attacks. They estimate that this will cost $2,000 a month (including the site hosting itself).

They also plan to sell advertising here, and have an ad sales department, and the editor in chief’s salary will be $10,000 a month plus a share of the ad revenues.

That’s not too shabby… Then they’ve got some projections for costs and revenues after that first eight-month period, which is interesting for those of our readers who plan to launch an online magazine in the Ukraine…


From Translator: This is super evil. I’m really impressed! The idea is is to create a pro-European, anti-Russian website — with the underlying message that the Ukraine will be better off without those annoying eastern provinces, and let Russia have them, so that it can enjoy its wonderful European future without them dragging the country down. So, again, they have an editorial budget. $69,900 in setup expenses, $65,000 a month in ongoing expenses, and plans to reach 100,000 readers a day on weekdays.


From Translator: This is a plan to create a news site to cover the conflict in the disputed territories, because people are hungry for war news. The idea is to make it seem objective and independent, but slip in a pro-Russian point of view. So they’ll use terms associated with anti-Russian reporting, but slant the coverage to make Ukraine look bad. Yicch. Startup expenses: $97,200, ongoing expenses: $126,500 per month, expected audience: 120,000 unique visitors a day during weekdays.


From Translator: This is an analysis of the Ukrainian political system and how a lot of work is done by “shadow” organizations in government. There don’t seem to be any action items here.


From translator: This is an overview of the Ukrainian media climate, and on how anti-Russian it is, and blames Western advisers for some of it.

So here is the context from these documents from the translator for you…

From Translator: These emails seem to have been sent to Georgi Bryusov, who heads up Russia’s wresting federation, and are in reference to a meeting with “PB.” I don’t know who “PB” is.

Bryusov then forwarded them on to Surkov.

So, how likely is this?

Well, I spent a some time covering a similar conflict in Georgia, where there was also a “separatist” province, called Abkhazia, and the conflict there was used to put pressure on the Georgian government. Although it was supposed to be a purely local, homegrown movement, Abkhazia — which didn’t even have an airport — somehow had fighter jets and bombed Georgian-controlled areas with them. (I was in one of those areas with a group of UN observers while it was being bombed. Fun! The Georgians shot down one of the planes which … surprise, surprise! … turned out to have a Russian pilot inside.)

Russia also paid the operating costs for the Abhazian press center, where I spent many a happy day. All international phones calls were free! I could call my editors anywhere in the world, and file stories about the brave Abkhazian rebels! They also fed us and provided us a place to sleep, and organized regular trips to the front lines where we could enjoy being shot at by the Georgians. They also showed us how well prisoners of war were treated and corpses of people killed by the Georgias and, allegedly, mutilated. (Though the Red Cross folks I talked to couldn’t confirm that the mutilations were real and not, say, the expected results of getting too close to an explosion.)

Anyway, the bottom line is that I do have personal experience of Russian spending gold to manipulate the media, in case anyone ever had any doubts that they were willing to do it.

As you can see from the commentary above, and you too can read the documents as well, the Russians set up a media company including websites and formulated plans to manipulate people toward the Donetsk People’s Republic and against a Free Ukraine. I am still going through the dump looking for the bills for the domains mentioned as well and will run them through Threatcrowd and other sources to see if they were used at all for malware C2 and propagation. Which brings me to the use of dnr-online as a C2. Interestingly enough the site itself is not a C2 but it does have connectivity to other IP addresses and domains that are.


The archology of malware that talks to is rather interesting. There’s a bit of everything bad attached to that one to be sure including that MrSweet address that is ransomeware central. is owned/created by which has quite the many few dirty connections as well. WHOIS

Of course beget could be innocent enough but as you can see there is enough of Mos Eisley in there to make one not want to get an account there and set up a site right? I will continue to look into other domains within the networks that dnr-online bought as soon as I can locate the bills for them or domain names and that will be another post I am sure. What all of this tells you though, is that the Russians have always been carrying out these kinds of active measures against people like those in Ukraine as well as what they did to us in the election of 2016. This is not a one time deal and certainly will not be the last one we shall see. In fact, the bots and the domains will continue to be set up by the likes of the SVR and GRU in hopes of manipulating the general populace toward the goals of the Putin regime until it’s demise.

… and likely past it.


Right! now on to the other interesting bit found in the dump from dnr-online. In looking at the spool I dumped all attachments into a folder and began checking them for malware. All the word docs, excel sheet, power-points etc. The docs all checked out but one zip file had a .scr file in it that turned out to be malware. The file (Центр управления восстановлением ДНР справка-доклад за 13 октября 2015 года.exe) Center for Recovery Management of the DNR certificate-report for October 13, 2015.exe came from an email comiing in from a Russian source to the head of dnr-online. I am unable to source the headers at this time of the email but the question becomes was this malware sent to the DNR by RUH8 or was this malware sent to DNR to send to others in some other campaign. I cannot say either way but, the malware is a new sample of GROUNDBAIT or Prikormka that was detected and reported on by ESET running rampant in Ukraine. Given that ESET claims that this malware was being used against the separatists in Ukraine it stands to reason that the logic here is that the malware was to be used by the propaganda campaign against those it was seeking to manipulate. However, the nagging thing for me is the way this was passed around. The email has no real context in the text and to me it seems to imply that it is a fix for things inside dnr. My other thought is that maybe someone got hold of the GROUNDBAIT raw sample and re-used it by re-packing it and setting it against dnr-online.

An interesting notion…

I contacted ESET and talked a bit with the guy who did the work and he was.. Well.. Not so helpful. So here are the IOC’s for this file for you all to look for.


Filename: Recovery Control Center Help DNR-Report for October 13, 2015
SHA256: f9a96ad58fb946981d196d653ec28fa31d6f946a7e2f6784b317dd9adc557b62 (AV positives: 52/57 scanned on 04/30/2016 07:33:42)
File raw: zip file:

Dropped executables
“archive.rar” has type “gzip compressed data from NTFS filesystem (NT)”
“helpldr.dll” has type “PE32 executable (DLL) (GUI) Intel 80386 for MS Windows”
“samlib.dll” has type “PE32 executable (DLL) (GUI) Intel 80386 for MS Windows”
“rbcon.ini” has type “ASCII text with CRLF line terminators”

Writes directory archive.rar (exfil)

C2 connected:
Connects and downloads second stage: GET HTTP/1.1
descr:       Domain registered for customer of
admin-c:     UKRAINE-UANIC
tech-c:      UKRAINE-UANIC
status:      OK-UNTIL 20170619000000
mnt-by:      UKRAINE-MNT-INUA
mnt-lower:   UKRAINE-MNT-INUA
changed: 20160907200219
source:      INUA

Found malicious artifacts related to “” (ASN: , Owner: ): …
URL: (AV positives: 2/68 scanned on 12/27/2016 16:55:43)

URL: (AV positives: 5/68 scanned on 11/17/2016 02:10:28) <—GROUNDBAIT C2

URL: (AV positives: 1/68 scanned on 07/20/2016 10:59:29)

URL: (AV positives: 1/68 scanned on 07/14/2016 04:35:37)

URL: (AV positives: 1/68 scanned on 07/14/2016 04:33:23)
dom-public:       NO
registrant:       xdkjv649
mnt-by:           ua.intermedia
status:           ok
created:          2014-11-07 13:31:27+02
modified:         2016-11-03 16:37:39+02
expires:          2017-11-07 13:31:27+02
source:           UAEPP

registrar:        ua.intermedia
organization:     SE Rabotnov Volodymyr
organization-loc: ФОП Работнов Володимир Володимирович
city:             Melitopol
country:          UA
source:           UAEPP

contact-id:       xdkjv649
person:           Vladimir V Rabotnov
person-loc:       Работнов Владимир Владимирович
e-mail:           not published
address:          not published
address-loc:      not published
phone:            not published
mnt-by:           ua.intermedia
status:           ok
status:           linked
created:          2013-04-05 15:01:02+03
modified:         2014-01-08 23:42:17+02
source:           UAEPP



So what we have here is the insider’s view of how dnr-online, a propaganda wing within Ukraine’s Donetsk People’s Republic put together a media service(s) and planned to use them as a framework of Russian propaganda in the region. We also have malware that is known to be actual spycraft in the region within it’s mail spool being passed around at least to two sources inside, one of them being the director of the DNR company. Was that malware meant to infect and eventually allow for the dump in the darknet or was the malware being passed along for other uses that we cannot see in this spool dump? In either case this information makes it clear that in Ukraine the Russian propaganda and espionage machines are alive and well and using the net as a force multiplier at the very least.

I will continue looking at the growing dumps by RUH8 and let you all know about any malware and goodies that pop up. It is also of interest to you all that this dump has been around and certain groups have looked at it and just sort of said “Nothing to see here” which is interesting to me. I mean malware that no one has seen really and plans for propaganda in the region are of no interest? I guess maybe these groups just did not want to spent the cycles on looking deeper into the data. I actually did with the help of others as well as checked the forensics on the metadata to insure the stuff was real.

…but that’s just me… I am not a churnalist.

Oh well..

More when I have it.


UPDATE!: One day after this report one IP address involved as a nexus of malware has changed it’s domain name! Coincidence? Hmmmm?

Screenshot from 2017-03-29 06-14-33

Written by Krypt3ia

2017/03/28 at 13:00