Archive for the ‘PsyOPS’ Category
Cambridge Analytica And Psychographics Versus Facebook Algorithms and Targeting
Last week I came across some tasty data out on the net concerning the clients that Cambridge Analytica had been serving in the last election cycle other than Trump. Within that data dump I also came across some python scripts for harvesting data on Twitter as well from a developer at CA which ties them also to mining and using potentially, Twitter as well as Facebook to create pscyhographic profiles and to target those people out there who had the same sentiments and desires around electing Trump as president. What I found in looking at the data and doing some research has brought me to the notion that Analytica’s part in this whole thing was just one sliver of a larger whole. That together with the Russian active measures campaigns, disinformation, propaganda, and echo chamber incitement thereof, Analytica helped target some of the people that Russia needed to target as well as the Trump campaign itself.
In fact, after really digging in here, it has become clear to me that Facebook may have a larger part of the problem with their algorithms that commoditize their user base and allowed for weaponizing of that data to be used in the propaganda campaigns by the Trump campaign and the GRU’s operations. Cambridge Analytica is not the big bad here in essence but a part of a larger whole that the news media seems to be unable to grok because it is not as sexy as having a new Bond style villain to get clicks on. No, the larger and more subtle story here is that the people were manipulated by the Mercer’s, the Bannon’s and the GRU using the tools given to them by Facebook and Facebook as well as the media, to synergize the propaganda with the help of all that information the people have chosen (wittingly or otherwise) to give up by using these platforms.
While the truth keeps coming out in drips and drabs on Cambridge Analytica, one has to also take note of the Channel 4 undercover video’s as well where CA’s Alexander Nix offers up age old kompromat style operations to their would be client. This all likely is second nature to the SCL group, the company that is tied to the MOD and DOD as offering tools for propaganda and manipulation in the past and of which CA is a spin-off company. Once you understand this, then you can see how Nix might just be offering things off of the menu from SCL and happily so to make a sale here.
What Nix is offering though might in fact be the modus operandi for the “whole package” in the case of political manipulation. Think about it, you target the people you want to vote, you then set up the opponent with kompromat and then you leak that judiciously. It would destroy the candidate and prop up their opponent pretty well don’t you think? Overall, what you have to realize here is that Cambridge Analytica was selling itself not just as an analytics company with a side of advertising for political campaigns, but instead a one stop shop in black propaganda and dirty tricks using analytics and psychology to target the voter. Of course now you have to ask yourselves just how effective CA’s pscyhographics and operations really were, how they may have learned from past experience, and what may have been their pivot from just analytics and psychology to propaganda and dirty tricks to pay the bills. First though, let’s look at the data I found and run through some of the premises that CA puts forth to see where fact meets Phrenology.
The Data:
I was Google dorking around the other day and came across someone’s git repo that had an Excel sheet in it concerning Cambridge Analytica’s clients in 2016. When I opened this up I was amazed to see just who else was using CA’s psychometrics for their campaigns other than Trump. What I saw was that Ben Carson, John Bolton, Ted Cruz, and a host of other orgs had been using CA’s offerings as far back as 2014, in the case of Bolton’s super PAC. Carson and Cruz both had limited dalliances with CA but Trump spent considerably on Analytica in 2016. In fact you can see from the sheet, the campaign slogans or catch phrases that they tried too, using them as code names for projects.
All of this data was obtained through the fec.gov website where they have to give up the information as part of the law. So no secrets here really but interesting information to be gleaned on who was using CA’s services and just how long this has been going on. In the case of John Bolton, you can see that he was attempting to use CA to further the candidacy of someone he was supporting back in 2014. In total, the sum for all this work shown here is over four million dollars between all the campaigns and entities.
Notice though, no charges for Ukrainian hookers and blow for kompromat though. *snerk*
Of note as well are the ancillary campaign strategies or slogans that they had for Trump before they came up with the MAGA (Make America Great Again) claptrap, a slogan though that for those of a certain mind, worked wonders for Trump and his particular brand of populism no? You had “Make America Number 1” which is just not as catchy as “Make America GREAT Again” which they refined from the number one phrase. Of course the whole mode here is to say that America is no longer ‘great’ and it can only be made ‘great’ again by Trump. This is a clever little psychological trick in that it pastes everyone else as part of the pool of people that made America lose it’s greatness and is a phrase that those of a mind, can latch onto as a dog whistle.
While I was dorking, I also located a bunch of FARA statements that SCL-Social filled out and gee, who was funneling money to CA to work as a foreign agent? Why Dubai and the UAE of course! You can see the FARA statements made by Andreae and Associates (a political intelligence and risk group in the US) that is working for SCL-Social, a sub division of SCL-Group, and parent to Cambridge Analytica. What a tangled web we weave when we practice to deceive… Or at last manipulate.
Anyway, there is a lot out there and you can play the home game here.
As a side note, if you look at the original filings on the FEC site you can see more information on the who and the what and the how. In one case I have looked at so far, the LLC that was created to spend the money on “Make America Number 1” is called “GLITTERING STEEL” which to me sounds like one of those derpy names given to APT actors or bad spy novels. Well, once you Google that name though you can see even more about this, that it was a Bannon run entity and that there is at least one law suit pending over their illegal actions in California.
This shit is deep folks… Like “deep state” deep. Anyway, I will continue Googling but you can too! Let me know if you find good stuff out there that maybe I can further write about.
Python Scripts:
While I was Googling up that spreadsheet, I also came across some .py scripts that were on a github for a Michael Phillips, who works for Cambridge Analytica. His creations were for harvesting data from Twitter and pulled geolocation data in one and sentiments in the other. In his geolocation script he was looking to pull addresses with accurate lat and long too! Now, you and I know that Twitter allows this kind of thing and others like me have used different tools to pull OSINT on characters like da’eshbags and the like over the years. It is of note though, that Twitter has to my knowledge, not been mentioned that much with regard to targeting and psychometrics mining by CA in the press. So, this is interesting and makes me wonder if perhaps CA has had more inside access to other features of Twitter as well?
Twitter is notoriously not that helpful to the government and others so I have to wonder if access was given was it bought? What kind of data would Twitter have sold? What do we really know here? Do we know anything about this? Anyone have any insight here for me? I for one would like to know if Twitter was working with CA and to what extent if any they where. This becomes really important just like access to Facebook data because Twitter was the second tool du jour that the GRU used to sow all the chaos and push the propaganda in the 2016 election cycle as well as in other areas such as Brexit and other attacks on Ukraine and the like.
But I digress… Let’s look at the real value of Cambridge Analytica’s potential versus the tools afforded by the likes of Twitter and Facebook themselves.
Psychographics Versus Custom Audiences and Lookalike Audiences:
A lot of the news cycle has been taken up with Analytica of late but what are they offering and just how effective could psyhcometric profiles be of users on Facebook? CA claims to have the ability to target people by the OCEAN profiling system of analytics. This is how they managed to make an application that then stole others data in the form of a personality test that they leveraged on Facebook. While this testing can lead to some valuable information, it is not as accurate or the right tool in my book to micro target a voter as opposed to someone buying something that they like or want. While this was the bread and butter of CA’s claims the reality is that this tool is not enough to hone in on people that well to be a real factor in electing Donald Trump and you all have to realize this.
What’s more, if you look at the toolbox of Facebook alone, they have some algorithms and applications alone that could have been a major factor in Trumps win. The primary two tools are ‘Custom Audiences‘ and ‘Lookalike Audiences‘ which Facebook uses to target people for advertising and the like. Both of these tools take outside data, in the case of this last election cycle that data would be voter rolls. Uploading those rolls (which you can access) you then are targeting your audience to push feeds to. In the case of Trump, then you are using the Republican rolls and targeting en mas your message to them. Now, consider this, those same rolls were used by the GRU to push content to those feeds as well. That’s right, ad buys by the GRU, remember all the talk about that in the news?
Ok so where does that leave us? Well, with CA and Facebook, you could be targeting those people who are outside the rolls and magnifying your efforts with the likes and the comments by stealing the 50 million people’s data as well. This basically becomes an amplification attack kinda like a DoS if you think about it. In the scheme of things it seems CA was just another cog but when you look at it all as a whole you have to ask yourselves these questions;
1) Was CA able to target more people outside the norm?
2) Was CA then able to take ancillary data (other people’s) that also had the same “sentiments” as their core psychometric profile because they were friends of those core friendly users?
3) Was this data then given to the Russians either by insiders at CA or by the Trump campaign itself to help target users and spread the propaganda and active measures to greater effect?
These are the questions the Senate and House should be asking and I am sure that these are Questions the FBI and the Mueller probe are asking. Also, one should consider this more macro targeting than micro but meh, either way it seems that Facebook has a larger share of the blame that they certainly don’t want to take. This is especially true now that they have lost so much value on the stock market as well as losing clients like Space-X and Tesla recently in a backlash that continues.
Was, and Is Cambridge Analytica an Arm of SCL’s Propaganda and Psyops Operations?:
This leaves us at the point where Alexander Nix and his compatriot are seen on hidden video offering kompromat style operations as well as targeted psychographics. If you start looking into SCL, it’s mother org, you can see that they have a history of this kind of black propaganda offerings for the military and governments of the world. It would not be a stretch to see CA using SCL to do some dirty work if not doing it in house so to speak. So when Nix was caught on camera and later made some excuses that he was just “going with what the client wanted” I feel that this is closer to what he wanted to offer because it made money as opposed to the straight analytics package CA offers. Perhaps even more so, Nix knew that analytics was just not enough and that psychographics should really only be used in micro targeted ads for shoes.
If the targeting works, and psychometrics/psychographics do up to a point, then they can be a part of a larger package of tools to target a macro audience with micro tools. I think we have seen, and I have pointed out above that this is likely to work better as a larger package of many tools and operations to influence an audience but it is not the make all be all. I think they discovered that and went back to the old ways to make money with SCL’s cache and tools that have been in use for many years with great effect. Where the rubber meets the road in the 2016 election is that the Russians then possibly leveraged SCL and CA with or without their knowledge to even greater effect and that is what led us to where we are today.
How that actually happened is something for the investigators at the special counsel to tell us later on.
SCL’s Domains:
While I am on the subject of SCL and looking at future possibilities, I looked up everything that SCL owns domain wise. There are many domains that they own and we should keep an eye out for them in future being spun up. In fact, I kind of wonder if they have other domains hidden under other LLC’s etc that we have not seen that may have been part and party to some of the 2016 psyops and propaganda operations on behalf of the Trump campaign. Looking at these domains they have many plans and we should all be paying attention.
| Domain Name | Create Date | Registrar |
|---|---|---|
| behaviouralanalytics.io | 2016-09-17 | GANDI SAS |
| behaviouralanalytics.org | 2016-08-13 | GANDI SAS |
| ca-affiliates.com | 2017-08-23 | GANDI SAS |
| ca-commercial.com | 2017-04-07 | GANDI SAS |
| ca-commercial.org | 2015-05-06 | GODADDY.COM, LLC |
| ca-commerical.com | 2017-01-27 | GANDI SAS |
| ca-commerical.net | 2017-01-27 | GANDI |
| ca-commerical.org | 2017-01-27 | GANDI |
| ca-commerical.us | 2017-01-27 | GANDI |
| ca-connect.net | 2015-05-22 | GANDI |
| ca-political.net | 2017-01-27 | GANDI SAS |
| ca-political.org | 2015-05-06 | GANDI SAS |
| ca-research.org | 2015-05-06 | GODADDY.COM, LLC |
| ca-worldwide.com | 2017-08-25 | GANDI SAS |
| cacommerical.com | 2017-01-27 | GANDI |
| cacommerical.org | 2017-01-27 | GANDI |
| caconnect.net | 2015-05-22 | GANDI SAS |
| caconnect.org | 2015-05-22 | Gandi SAS |
| cambridgeanalytica.co.uk | 2015-07-08 | GANDI [TAG = GANDI] |
| cambridgeanalytica.net | 2015-04-21 | GANDI SAS |
| cambridgeanalytica.org | 2014-04-01 | Gandi SAS |
| cambridgeanalytica.org.uk | 2015-07-08 | GANDI [TAG = GANDI] |
| cambridgeanalytica.tv | 2015-10-22 | — |
| cambridgeanalytica.uk | 2015-07-08 | GANDI [TAG = GANDI] |
| cambridgeanalyticaresearch.com | 2014-12-31 | GODADDY.COM, LLC |
| capolitical.co.uk | 2015-07-08 | GANDI [TAG = GANDI] |
| capolitical.net | 2017-01-27 | GANDI SAS |
| capolitical.org | 2017-01-27 | GANDI |
| capolitical.org.uk | 2015-07-08 | GANDI [TAG = GANDI] |
| capolitical.party | 2017-01-27 | GANDI SAS |
| capolitical.tech | 2017-01-27 | — |
| capolitical.uk | 2015-07-08 | GANDI [TAG = GANDI] |
| capolitical.us | 2017-01-27 | GANDI SAS |
| carchargeruk.co.uk | 2017-02-16 | — |
| daymate.com | 2001-05-31 | TIERRANET INC. DBA DOMAINDISCOVER |
| dclisten.com | 2015-03-09 | GANDI SAS |
| floridaediblesandextracts.com | 2017-07-22 | GODADDY.COM, LLC |
| free2teach.net | 2009-05-22 | TUCOWS, INC |
| ripon.global | 2015-01-21 | GANDI SAS |
| ripon.us | 2014-08-13 | GANDI SAS |
| riponplatform.com | 2014-04-07 | GANDI SAS |
| scl-connect.com | 2014-12-11 | GANDI SAS |
| scl.cc | 2004-09-16 | SCHLUND.DE |
| scl.group | 2016-06-15 | GANDI SAS |
| sclbehavioural.com | 2010-05-27 | GANDI |
| sclcommercial.co.uk | 2015-06-21 | GANDI [TAG = GANDI] |
| sclcommercial.com | 2010-03-15 | GANDI SAS |
| sclcommercial.uk | 2015-06-21 | — |
| sclconnect.cc | 2014-12-11 | GO DADDY SOFTWARE INC |
| sclcorporate.cc | 2014-01-02 | GO DADDY SOFTWARE INC |
| Domain Name | Create Date | Registrar |
|---|---|---|
| sclcorporate.com | 2014-01-02 | GANDI |
| scldata.co.uk | 2015-06-20 | GANDI [TAG = GANDI] |
| scldata.org | 2014-04-07 | GANDI SAS |
| scldata.org.uk | 2015-06-20 | GANDI [TAG = GANDI] |
| scldata.uk | 2015-06-20 | GANDI [TAG = GANDI] |
| scldefence.cc | 2014-01-02 | GO DADDY SOFTWARE INC |
| scldefence.com | 2010-03-15 | GANDI SAS |
| scldefense.com | 2010-03-15 | GANDI SAS |
| scldigital.com | 2015-01-16 | GO DADDY SOFTWARE INC |
| sclelections.cc | 2008-08-04 | GO DADDY SOFTWARE INC |
| sclelections.co.uk | 2015-06-21 | GANDI [TAG = GANDI] |
| sclelections.com | 2008-08-04 | GANDI SAS |
| sclelections.net | 2015-07-07 | GANDI SAS |
| sclelections.org | 2008-08-04 | GANDI SAS |
| sclelections.org.uk | 2015-07-07 | GANDI [TAG = GANDI] |
| sclelections.uk | 2015-06-21 | — |
| sclgroup.cc | 2013-08-29 | GO DADDY SOFTWARE INC |
| sclgroup.net | 2016-05-02 | GANDI |
| sclgroup.org | 2016-05-04 | GANDI SAS |
| sclgroup.org.uk | 2015-06-21 | GANDI [TAG = GANDI] |
| sclsocial.cc | 2014-01-02 | GO DADDY SOFTWARE INC |
| sclsocial.com | 2010-03-15 | GANDI SAS |
| sclsocial.net | 2015-07-07 | GANDI SAS |
| sclsocial.org.uk | 2015-07-07 | GANDI [TAG = GANDI] |
| sclstrategy.com | 2012-11-14 | GANDI |
| scluk.cc | 2014-01-02 | GO DADDY SOFTWARE INC |
| sclworldwide.cc | 2014-01-02 | GO DADDY SOFTWARE INC |
| solventlessextracts.net | 2017-07-22 | GODADDY.COM, LLC |
| thesclgroup.com | 2016-04-25 | GODADDY.COM, LLC |
| thetealgroup.org | 2015-09-21 | GODADDY.COM, LLC |
Conclusions:
So here are my conclusions looking at all of this stuff. First off, CA is not the big bad here but Facebook and maybe Twitter are. Ask yourselves and ask them just how much data they sold or gave access to other entities in the 2016 election cycle. Who were they? Were they connected to CA? SCL? GRU? Also be asking yourselves just how much do you want Facebook to have of your privacy? In posts recently I have seen people saying that phone calls and other private data were in the data dumps they downloaded. How did that data all get into their hands? Well, you let it happen! If you have Facebook on your phone, well, then they have everything and unless you read the fine print, you are boned.
Secondly, I for one believe that Facebook and Twitter and other social media entities sold data to GRU cutouts and they should be taking more responsibility henceforth. I know that Facebook has made efforts to control ad buys and such but really, they hold the keys and unless they vet every application and client, well, it could happen easily again. Zuck needs to grow up and stop the fuckery. His platform is now a weapon and our privacy is the ammunition. I also think that everyone should consider leaving the platform because they hold too much of your data that can be abused. Until such a time as they take this seriously I would not invest the time on them.
Thirdly, I have to wonder just how much information was being passed between CA and Trump/Bannon/etc that made it to the GRU. There are more than a few Russians in the CA constellation that could have been leveraged by the Russians but until some thorough investigation is done it is hard to tell what happened here and at what scale. I do find it interesting though that at least the Facebook data and tools were leveraged and wonder how much was direct buy from GRU cutouts as opposed to passed on perhaps by assets within the Trump campaign itself.
Time will tell but in the meantime here is some data for you all to Mueller.
K.
Russian Meddling: Indictments and Troll Farms
The indictment by the Mueller special counsel investigation into the meddling by Russia into the election cycle last year is just another nail in the coffin on the conclusion that there was no action by the Russians to affect the election cycle in favor of Trump. Though many still have their cognitive dissonance helmets on full, the reality even struck into the White House with Trump tweeting out that there was actually meddling, no collusion, but meddling. So this indictment has shown it’s potential power on the whole case but I wanted to dig a bit deeper into the Troll farm and it’s KGB ties before we ever heard about it as a general populace post 2016.
Point of fact is that in 2015 Adrian Chen wrote about the Troll farm as it was still carrying out attacks on Russia’s other pressing enemy, Ukraine. People seem to have forgotten with all of the talk about the farm in 2016, that the Russian propaganda and PSYOPS machine was actively working for Putin in support of his agenda against Ukraine and it is this fact and how they operated then that should be addressed and shown how they evolved to today’s hybrid warfare tip of the spear.
Back in 2015 the nascent troll farm was active in trying to spin stories about Ukrainian ologarchs and their activities as counter to Russia. One particular story line took place after the assassination of Boris Nemtsov, an opposition candidate to Putin and a progressive in Russia. A reporter for a Russian news service did a story on the Troll Farm and actually managed to gather their documentation including opposition research (internet research) which later would be the name they would take up as IRA right? Anyway, within that cache of documents you have papers with links on things like the Middle East and other areas with ideas on how you could attack them politically with posts like the above on Nemtsov’s being killed not by Putin, but instead by those nasty Ukrainians.
It is informative to look at the postings and the nick names that were being used by the early IRA as opposed to what they have used in 2016 and still use today. In early days they did not really try to insert themselves so well into the public space as being citizens of the areas they were talking about, in fact, most of the names have English connotations and not Russian at all. So by looking at the users and their posts (livejournal for instance) show’s you what it was like in 2015 spinning up and learning. There may have been just as many Twitter accounts but for the most part they were using Livejournal, which makes sense because at the point this was going on, Russia had bought Livejournal…(I left LJ when they did)
No. П / П |
THE CHANGE OF KAZAKABBAEV TATYANA |
CHANGE OF LEBEDYANTSEVA OLGA |
|||
| 1
2 |
mazurov_89
braille_teeth |
vehofunzi
qitsen |
|||
| 3 | koka-kola23 | raphahunthig | |||
| 4 | lipyf837 | panebcaj | |||
| 5 | vince-crane | tergparriotio | |||
| 6th | ya_karnavalova | lihohor | |||
| 7th | nannik-dr | sojaan884 | |||
| 8 | Rezites | cypetcompbis | |||
| 9 | konorlaoo04 | destforkowoo | |||
| 10 | qkempek | nouglysv | |||
| eleven | caradoxee5 | petraffilya | |||
| 12 | ynuka | Backlashealthma | |||
| 13 | natalex84 | amenem | |||
| 14 | anna_02051990 | paintbellu | |||
| 15 | mrokiralex | iugegeizh | |||
| 16 | annetjohnson | pexirgarnez | |||
| 17th | rghkride | chicocali | |||
| 18 | gkohio | pexirub | |||
| 19 | karber861 | kmfemovmpxxx | |||
| 20 | innyla92 | lojtautome | |||
| 21 | cotedo | inkiptiruc | |||
| 22 | Smurfetka-24 | palecefaz | |||
| 23 | raikbowee1 | hhlayz | |||
| 24 | ohvis134 | ningcotedin | |||
| 25 | demouu1 | olginarkew | |||
| 26th | nofk452 | renfidebun | |||
| 27th | alexander7171 | portlandam | |||
| 28 | vadro | olga_lebedyan | |||
| 29 | makgxiewua | andriudruz | |||
| thirty | mofan926 | unmolarlay | |||
| 31 | smspudilj | repaw968 | |||
| 32 | varkhotel | stepalexos | |||
| 33 | shtots | prasingyy55 | |||
| 34 | rijbc | steltertheeness | |||
| 35 | wylwurwolv | spinrarata | |||
| 36 | workroman | ddesesexla | |||
| 37 | pheyeroo57 | antaauu4 | |||
| 38 | tritonst | wihhie917 | |||
| 39 | milka_e20 | pagkagezmeat | |||
| 40 | codirips814 | werhellvolkfu | |||
| 41 | lorislaley | tiopretytcur | |||
| 42 | eekim81 | aladorzam | |||
| 43 | oftibar | nyntynuriu | |||
| 44 | elegmhehov | begtotenlu | |||
| 45 | aple_at_the_tab | abezhiu | |||
| 46 | Nikolaabil | oxyitt | |||
| 47 | hey_son1c | rabrukywiz | |||
| 48 | firyupa | snowdidsmomuds | |||
| 49 | asus | paradana | |||
| 50 | Symatvei | durenhuntpi | |||
| 51 | xamit251 | sixfeevae | |||
| 52 | farpodmuu07 | nebozuanrou | |||
| 53 | oloviit | procomdn | |||
| 54 | diuu085 | kovikotuss | |||
| 55 | alenkujl | urigcon211 | |||
| 56 | rcrims | peosaytranos | |||
| 57 | snoop83 | borgperwensgod | |||
| 58 | vynal | rhealaltrades | |||
| 59 | sportto | nishihatu | |||
| 60 | danybody | asafasngut | |||
| 61 | alexmosyan | cophetycoo | |||
| 62 | poragpalkhe | merzasarsgepf | |||
| 63 | sergalyev839 | promvogtsigold | |||
| 64 | vadim_spx | pesina20k | |||
| 65 | rus-policy | vuhyzowi | |||
| 66 | wafyy248 | skewerilgraph | |||
| 67 | katerina2703 | wladmancornnes | |||
| 68 | dragon_uz | feedpecosleft | |||
| 69 | Winter-kinder | prosorouqu | |||
| 70 | Pjobynrutri | frantirigesch | |||
| 71 | green_margo | cirgadisla | |||
| 72 | ptirenw | precalacov | |||
| 73 | pastogross | zlavaq037 | |||
| 74 | igerenbart | hrilepswia | |||
| 75 | mskilys | szehdes | |||
| 76 | pantyyy08 | bestthecalpa | |||
| 77 | thepicard | lasorpprogso | |||
| 78 | igtego | classatopos | |||
| 79 | paqurni | zipkingfilci | |||
| 80 | emory6townsend | preaphoubowo | |||
| 81 | aspera76 | geoversive | |||
| 82 | zymecs | gingsenpirem | |||
| 83 | 001usa | tes40uvir | |||
| 84 | ca119idia | judj747 | |||
| 85 | fadaqpm | throwenelan | |||
| 86 | pybden | sfouninmire | |||
| 87 | Protsyon | diotradconpe | |||
| 88 | phidiwp507 | llanpaclaive | |||
| 89 | makabu | neytilmigers | |||
| 90 | osobroim | glyzitneko | |||
| 91 | yuliya_korshyn | metcentlighrou | |||
| 92 | Parabellum50 | bentakiffo | |||
| 93 | policyrus | pqalongese | |||
| 94 | tuyqer898 | chaicoffskaya | |||
| 95 | aljin | cenhoufimou | |||
| 96 | rammathets | siohuntired | |||
| 97 | overtimorouq | feascoacoca | |||
| 98 | overtimorouq | prozaet | |||
| 99 | ntnwoc | inga | |||
| 100 | stranamasterov | glycmamortga | |||
| 101 | ktoroj14 | imclasfulte | |||
| 102 | Yohohoguy | izorylie646 | |||
| 103 | pbijipsfem | lighwinsbrachig | |||
| 104 | wyazfunovv | mafomeri | |||
| 105 | ariol921 | oryanhuazo | |||
| 106 | mariya-789 | kfuu0 | |||
| 107 | roavrumper | daytrolchildcha | |||
| 108 | kyxapka | odassaflot | |||
| 109 | ryypaulinm | tamred1 | |||
| 110 | jang033 | paca979 | |||
| 111 | wwwevgemie | vollatasklu | |||
| 112 | p01t11 | legahedddis | |||
| 113 | pohezvitie | othoee111 | |||
| 114 | zhakim755 | trugleyscorun | |||
| 115 | Asswalker | ybdocegesch | |||
| 116 | vvp2014 | rpmuntar | |||
| 117 | to12scorta | nahezuu91 | |||
| 118 | Spicemachine | socompdanfi | |||
| 119 | nastia642 | beadeadsdentfi | |||
| 120 | nungsorivat | pia986 | |||
| 121 | homyr657e | pzsg | |||
| 122 | orlenrenosr | pdachee | |||
| 123 | kalininkhu | paschig | |||
| 124 | parydaq070 | plimtintaza | |||
| 125 | enot_kot | ptimenalhook | |||
| 126 | abfyr890 | Ladushki2014 | |||
| 127 | vamiqyy63 | photographereye | |||
| 128 | evgenyashm | balyk2014 | |||
| 129 | palfemine | polza1985 | |||
| 130 | tay-zakulisnay1 | polina_i_liza | |||
| 131 | radbec | gymbreaker | |||
| 132 | revivaldude | strelach | |||
| 133 | cykularj | tolstunovich | |||
| 134 | ageev013 | demosfen-en | |||
| 135 | porkimes | Ikehujaik | |||
| 136 | owwaxde082 | nersis | |||
| 137 | andrei-kovrin | IvanichKem | |||
| 138 | pasioda | BVDfan | |||
| 139 | fooqbal951 | bookworm-war | |||
| 140 | nugotvapi | nina_zlova | |||
| 141 | swull786 | ||||
| 142 | nina_istomina | ||||
| 143 | gig180 | ||||
| 144 | raokabea | ||||
| 145 | synbmulty | ||||
| 146 | beloham848 | ||||
| 147 | lissa-marioko | ||||
| 148 | kater971 | ||||
| 149 | peflirz | ||||
| 150 | hikonozauu00 | ||||
| 151 | hikonozauu00 | ||||
| 152 | michael_jd | ||||
| 153 | uglycoyotespb | ||||
| 154 | urajr | ||||
| 155 | bobzan | ||||
| 156 | peulgieness | ||||
| 157 | scavamerzl | ||||
| 158 | levyshkinr | ||||
| 159 | pavetbrer | ||||
| 160 | ddanii33 | ||||
| 161 | goodrus | ||||
| 162 | supersonicwall | ||||
| 163 | mannaliobrit | ||||
| 164 | pierii01 | ||||
| 165 | panbiran | ||||
| 166 | georgi-grusha | ||||
| 167 | pashka208 | ||||
| 168 | vmoffee179 | ||||
| 169 | etopiterdetka99 | ||||
| 170 | jenyamelika | ||||
| 171 | anya_rocket | ||||
| 172 | snowy_trail | ||||
| 173 | malkovich_i | ||||
| 174 | samiyymniy | ||||
| 175 | chadimi | ||||
| 176 | kvazarion | ||||
| 177 | Nestero85 | ||||
| 178 | nika_anisina | ||||
| 179 | savoiyar | ||||
| 180 | oksadoxa | ||||
| 181 | mercymt | ||||
Most of these you have to look up with the Wayback Machine and you will notice that a lot of them were one off posts and that was it. Just sowing the ground for the infowar and then linking that post around. For Ukraine and anyone who has been paying attention, the PSYOPS and Hybrid War has been ongoing for many years so this is nothing new. For the US, well, the general populace that is, they hadn’t a clue I guess but I wanted to get across to you that what they pulled off in the US wasn’t new, it was just the next evolution of what they have been doing all along elsewhere. It was the magic of ubiquitous social media and a really polarized political landscape that made it work so well in 2016.
So with this indictment we can peek further under the hood of the hybrid information war against the US election process. It seems that this all kind of was being at least thought about in 2013 when Putin was pissed off with Clinton about his own elections and some of what later came out in the cables that were dumped by Wikileaks. By 2014 the notion of hybrid warfare had been put out by the Gerasimov and Russia was starting to plan. The creation of the Troll Farm I personally think was a part of the Gerasimov doctrine’s modus operandi that the SVR/GRU and Putin decided to create for this purpose and furthermore that the first fledgling attacks were the prelude to what would come in 2016. Certainly by 2015 they were spinning up and already had assets in place in the US gathering intel and creating the baselines for the attacks.
Truly this was a hybrid form of warfare using human assets and technical ones to carry off the plan. This wasn’t just some one off fly by night operation, they invested a lot of time and money getting assets in country (US) to collect data and to add to the planning stages. They then went as far to hire out servers in the US and create VPN’s to make it look as though their troll armies were actually here in the states. Add to this the fact that they also used carding sites to create users and bank accounts to fund the operations also speaks to the sophistication of the operation.
This wasn’t dedushka’s propaganda operation!
So what does all this mean other than it is an entertaining diversion for those who want to go down the rabbit hole OSINT wise? Well, it shows that the Russian plan was larger than one might have thought, more effective than some still think, and was but one component of a larger operation. That last bit is key for me to get across to you all. Of late I have been seeing reports online since the indictments came out that said the campaign really did not affect the election and this is poppycock. This was just a part of the larger whole and to take this module of the whole plan and separate it out to say nothing happened, is idiotic.
Though the President and the Russian operations still ongoing would like you to believe this is the case, it is a falsehood. In tandem with the hacking and the leaks, the Russians most definitely affected the voting by the populace. In fact, when information starts to come out about how Analytica data targeting very specific groups and regions comes to light you will see just how much the whole is the sum of the parts and the synergy was leveraged. This was no simple hack and dump of data, there were psychologists and social scientists involved as well as technicians and hackers.
This indictment just sets the stage for more to come my friends… And seeing Donny squirm and rage has been amusing.
More will come. For now though, do read the aricle and look at all the docs in the Google docs dump there.
Dos va donya
K.
UPDATE: I am going through the metadata of the files from the Google drive and I have found a document that comes from a .mil address (function.mil.ru) and this document (Nightly TK of 06.01) gives direction on post keywords and writing direction for content.
It was created 1/26/2015 by “user”
You can now see a military connection to the Troll farm.
Industrial Society and Its Future (1995) & Our Socio-Technology Woes Today
With Manhunt Unabomber on TV recently which I binged, I have been thinking about old Ted and his ideals behind the madness he was pushing. I would like to state up front that I do believe that Ted is clinically mentally ill and that manifested itself when he finally went into seclusion. What happened over the years that followed was an unbalanced reaction to ideas that have a core of truth though and many people actually see the same kernels of insight that I am going to talk about here. I have just finished re-reading the manifesto that he got the papers to publish under threat in 1995 and clipped some passages for you to see here without having to read the tome yourselves.
Where I want to direct this post though is about the problems we have today with technology that Ted seemed to foresee and also to extend a little further into the social issues that we have seen played out in our recent election cycle and the probable attacks on the one upcoming in 2018. Ted touched on some of the sociological and more human issues of technologies and systems in his manifesto but for the most part he was taking a very rigid stance that all technology is bad for human beings and the environment. He had some interesting ideas on sociology specifically on left wing and right wing personalities and ideals that, well, he get’s all wrong frankly, but I feel it is important to mention. Though he got it wrong and his opinions on motivations was, well, very 1950’s, you can see some of what he is talking about in what has been playing out with the alt-right movement.
Ted is misdiagnosing people’s motivations likely tinged with his own issues psychologically so his assessment is flawed. However, if you read above you can see something there if you align it to the alt-right today. They feel inferior in that they lack the power, or, lacked the power until Trump was put into power by their minority of thirty odd percent of the vote. Anyway, Ted goes on for a fair bit on this and I will not bore you with it as it is not overly germane to this post, but I thought you should at least get a glimpse here. Ted, you got leftists and right wing all wrong dude. Of course this was within the first pages of his manifesto and he really does not get to the technology part until section 114 or so where we want to be.
In 114 Ted starts to talk about “the system” which means all technologies to him I think, but if you look at it from the perspective of a political system as well, you can see something that maybe we all have felt. How many of you have thought about voting and come to the conclusion that your vote doesn’t count? I have, in fact in the last election I almost did not vote because I just felt that the system was rigged. In rigged I mean districts were gerrymandered, back door deals are all in play, and possibly even the election machines had been hacked because, as we all know in the security circle here, they are so weak in security mechanisms to be laughable to hack. In effect, these systems, both technological and rule based were inherently made untrustworthy by the system of politics. We have had our real autonomy and ability of action removed from us through the system and it’s rules …So why bother voting if it’s a foregone conclusion and there is no foreseeable change right?
Another area of thought that Ted writes about that seems to be a companion to the above section is once again your power is taken from you because the government or the system. In Ted’s mind it is the technology at the bottom of all this but here again he is making what I would consider more a political or societal argument. In that conservatives really want states rights over big government, I for one cannot extricate this paragraph from the notion today that the right wing would like to take away the power of the people locally as well as nation wide even with “small government” Honestly some of their thought processes are rife with cognitive dissonance but the goals seem to be “we are in control because we have the money and the power and you should just do what we say” Anyway, it is just another system and technology today only enhances the control as far as I can see. Of course we are also seeing that with things like Anonymous and the internet, the power can be interrupted with the application of the right technologies as well huh?
Here Ted is talking about the system taking over the individual to perpetuate the “system” and if you read this with an eye to today’s concerns over jobs and the rise of the Trumpists, you can see a parallel right? If the systems are now creating supply chains that are automated enough to not need human intervention for function, then we lose jobs right? Of course Trump really doesn’t cover this notion completely in favor of jingoism over borders and immigrants taking over our jobs but the real reality is that automation is doing this as well as tax games that move companies overseas. I sometimes wonder how the future will look if we do not educate our people better and these systems just function without the need for under educated workers, will we see more of this unrest that leads to another Trump?
If you have seen Manhunt Unabomber, then you will recognize the imagery that they used at the end concerning free will and systems of control. Ted takes it to the nth degree but the reality is that systems do control our actions but once again you have to accept that control and accede to it to be controlled. The very core of hackers and hacking is the notion that we can subvert the systems to make them do things they were not meant to do right? In the case of the stop light and the philosophical questions over being part of a system or controlled by one is very interesting. You all should ponder this as hackers and persons within a series of systems both technical and logical and consider your position here as well. I think we are at a cross roads here post 2016 and the use of technologies and systems of governance where one might feel like Ted a bit. What control do we really have when you could opt out of the system but the masses don’t? Look at what has happened when a small percentage of people in this country gamed the electoral system to elect Trump over the clear popular vote. The system has control over the lot of us and there isn’t very much we can do as we have seen if those in power, a small group, is in control of all our fates.
It makes one have thoughts about hacking systems… What does it mean? Can it be done? Should it?
In 130 and 147 here we have an important point from 1995 kids about the uses of technology as a form of control. Take that paragraph in and think about where we are today and what we have seen since 2001. We have fetishized technology in the name of freedom today. We have autonomous drones, cameras, NSA systems that monitor everything, and lest we forget our own abdication of our personal information and privacy for the new shiny phone or application. Collectively we have allowed our own security and privacy to be degraded for shiny things. What’s even more interesting is that those in the know, the one’s who have the capabilities to secure their private information may never really be able to completely do so because the systems are so prevalent that our data is out there anyway, just one breach away from being publicly available for sale on the darknet. I have often had thoughts about just backing away from the technology, but then my lizard brain just says “you can do this, you can secure your shit with crypto and all the things”
That’s delusional thinking.
Look at what played out in 2016 and then try to convince yourself that you can control the system enough to be immune.
Geez I am starting to sound like Neo.
Anyway, all of this manifesto reading has given me perspective on things in 2018. Ted had some ideas that are valid but he was unstable and decided to act on them to save humanity in the wrong way. Frankly he should have just lived in that cabin and kept to himself and paid no attention to the outside world. This is the crux of the problem though, could he? It seems like he lived on the fringes of society and he knew he could not go full mountain man and live off the land so he did what he did. Herein lies the problem though for us all. Unless you have the wherewithal to live fully off the land then you have to deal with technology and society right? So here we are, how many of you out there could just walk into the woods and live? I find it funny that a lot of our zombie shows pretty much deal with this issue and we are eating it up. Deep down we all know that if society broke down and technology stopped, we would have to fight for everything to survive. Many of us wouldn’t be able to handle it and there would be a lot of attrition.
As we move forward with AI and more technologies that are supposed to make our lives easier, we are also infantilizing ourselves, separating ourselves from communities, and giving away certain aspects of ourselves to the machine. So I can understand some of what Ted was saying …I am just not mentally unstable enough to want to live in a shack and make little packages of explosives. I do however have my moments when I as; “What are we doing here?” I have written posts on Stratfor about hybrid warfare counter programs and honestly between the pervasiveness of the technology and the cognitive dissonance of those who use it I can see no good options for countering it. Is the answer then to just leave Twitter and Facebook? Is the answer to just not surf the net and read a book from a library? Or do you double down and work the system like a hacker and try to get some sanity?
K.
The Post Conspiracy Age
In last weeks episode of The X-Files, the whole notion of conspiracy theories, truth, and reality were amusingly deconstructed. The premise of the episode was put into one of the more amusing funny X-Files over the years but the core observations it made were something to think about outside of satire. The story line follows the idea that Mulder and Scully had a partner that neither can remember because he has been collectively erased from their memories by a “Dr. They” a hypnotist spooky doctor of some kind. The plot line slides along greased by all the conspiracies over the decades of the show concerning belief in cryptozoology and aliens while making the case that the human memory is not only fallible, but it is also highly manipulatable.
Throughout the story line the notion that people remember things differently per experience also is at play with the idea that forces are at possibly at work shaping the collective memory. One of the ideas they drag up is that of the Mandela effect, where people have varying memories of Mandela dying in prison as opposed to him being released in 2013. Of course Mulder offers the theory that these are often explained by parallel universes, but that is shot down by Scully and “Reggie” the alleged partner they cannot remember. I for one have heard of the Mandela effect but then Reggie says it is not the Mandela effect, it’s the Mengele effect. The Mengele effect as far as I can tell is just a plot device for this episode of the X-Files but the Mandela effect is another matter. It seems many who misremember go on to substantiate their own inability to remember things properly as an “effect” to save face.
“It’s the Mandela effect. When someone has a memory of something that’s not shared by the majority or the factual record. For instance, there are some people that have a memory of seeing a movie called Shazam starring Sinbad as an irrepressible genie. Even after it’s pointed out to them they’re probably thinking of a movie called Kazaam starring Shaquille O’Neil as an irrepressible genie. Especially because a movie named Shazam was never made.”
“But what if I don’t remember either movie?”
“You win!” – Mulder and Scully
Aside from the idea that there are Mandela effects, aliens, squatches, and government conspiracies, this episode focuses not on them for me as much as the methods these ideas are spread and the nature of just what is truth anymore. In a meeting near the end of the episode, Mulder meets the mysterious Dr. They, who is seen standing by a sculpture making the “tsk tsk” or naughty hand gesture that you see above. He starts off talking to Mulder about how the kids today have no idea what this means anymore and that we are living in a “Post conspiracy age” where nothing is real anymore anyway so conspiracies just mean nothing.
“They don’t care if the truth gets out. Because the public no longer knows what is meant by the truth.” – Dr. They
Basically They tells Mulder that none of his truth seeking matters anymore because we are in a post truth society. In effect, nothing can be true anymore because everyone just believes what they want to paying no never mind to facts and things that are known to have been truths. It was this scene of the episode that just hit home for me. In a time where social media has given rise to the common man’s ability to leverage their own cognitive dissonance as part of a larger machine of propaganda and psyops by nation states and corporate entities, nothing is real anymore. Even if you present people with facts and data, they can just discount it because of they now have an arcology of communities that they belong to which re-assure and amplify their own ideas whether or not they are patently wrong and provably so.
….In essence an arcology of echo chambers.
“Believe what you want to believe. That’s what everybody does nowadays anyways.” – Dr. They
As I watched that scene over again a few times it all hit home in a way that I had not overtly thought about in a while. We are living in an age of subtle Nihilism where nothing really exists or matters on a factual or truthful level. It’s all “Truthiness” as it was coined by Stephen Colbert. You choose the level of the truthiness and it’s content per your belief system and no one will be able to assail your notions because they are just wrong. In the X-Files episode the quote by Orwell was brought up twice of “He who controls the past controls the future.” which is then re-stated by They in the meeting scene with Mulder where he says that it was Orson Welles who said it. He is corrected by Mulder that it was Orwell, but basically They then says “for now” as if he is about to manipulate everyone’s memory to change that. It’s amusing as a scene but the reality is that with the facile minded and the misinformation of the internet and manipulative media, it is a possibility that it could become a reality where the masses believe it was in fact Orson instead of Orwell, and then it will be come de facto fact as someone edits the Wiki page and commits.
“We’re living in a post-cover-up, post-conspiracy age.” The “poco”
I was left thinking after this episode about the problems I had been mulling over concerning counter narratives and programs to fight active measures campaigns like the one that Russia carried out and is still carrying out on us. One could just buy into the idea that there is no real way to fight this because we have a system now that allows and perpetuates these echo chambers. Twitter is a steaming pile of minis-information and food pictures. Facebook, well, Facebook is another animal altogether and Zuck has recently doubled down on the problem by saying they plan on only having more inter-networked news being passed on by it’s users instead of real news service feeds. This will only lead to amplification of misinformation as those groups only echo those “truths” they want to believe as opposed to facts. It all makes one want to embrace Nihilism all the more and really believe in nothing at all because what can you believe in when everything is just opinion as fact?
Today we are bombarded with information that has been created, ,managed, or manipulated by the unseen hand of corporations, people, governments, and cabals if you want to believe that. It is up to the consumer to do the leg work and discover what is truth, but unfortunately for the masses it seems, the truth is just subject to their own cognitive dissonance. In 2018 we are about to embark on a new roller coaster of disinformation and active measures not only perpetrated by Russia and other actors, but ourselves. How do we really fight that power?
K.
GDD53: A Russian Hosted i2p Site That Claims Trump’s Email System Had Ties To Alfabank (Russia)
Recently a page showed up on WordPress (10/5/2016 to be precise) that has an interesting albeit hard to prove claim. The site is named gdd53 and the claim is that Donald Trump’s email systems were set to have a direct connection to servers in Russia for Alfabank, a Russian bank. I caught wind of the site when someone asked me to look at an i2p address that they couldn’t figure out and once I began to read the sites claims I thought this would be an interesting post. While the site makes these claims, I cannot, as I don’t see any concrete examples of data other than the screen shots on the site and the assertions of those who put this up. In looking into the facts all I could come up with was some truths to the IP addresses and machine/domain names but nothing really solid on ASN’s being pointed between the Trump email servers and Alfabank nor Spectrum Health as is also claimed.
i2p Site:
However, there are some interesting twists to the page. First off, the i2p address in the WordPress site is wrong from the start. Once I dug around I found that the real address was gdd.i2p.xyz which is actually a site hosted on a server in Moscow on Marosnet. This site in the i2p space was a bit more spartan, however, it had much more data to offer on the whole contention that Donny had a connection to Russia. There is a claim that a NYT reporter asked about this connection and then server changes were made yadda yadda, but why is this on a Russian server? Why i2p? Why is the site gone now? Why was the address only half there on the WordPress site to start?
So many questions…
i2p site main body text (part)
Alleged network map of how the system “would” look
A traffic map that shows alleged history of peaks and troughs in data between the alleged servers
Maltego of the servers
Onionscan of the i2p site
WHOIS of the i2p site
Only one ping Mr. Vasiliy
Nmap of the site while it was up
After poking around and doing some historic WHOIS I came to the conclusion that I cannot prove out their claims because really I would need to have access to the server in order to see the direct routes for mail being put in there at the time this was alleged to be happening. I did however in my searches come across some interesting things concerning the company that hosts Donny’s email systems though. Cendyn is the name of the company and in their business history you can see how maybe a connection can be made to Russia at least. Certainly you can begin to see why ol’ Donny boy would use Cendyne as his go to but no smoking gun here.
Cendyne:
As stated above Cendyn hosts the servers for Donny’s email. I looked into Cendyn and the closest thing I can see without doing a real in depth on them is that they do CRM for hotels and that maybe some of the hotels in Russia may use it? No confirmation there though. Mostly though Donny uses Cedndyn for his hotel businesses as well so I guess since this company also does some hosting he had them do this for him. If anyone wants to ask Cendyn for their records perhaps we can get some clarity on this whole thing. I doubt though if asked will they give up logs/configs on the systems in question. I also have to wonder about this whole allegation that a NYT reporter asked about this.
Say, any of you NYT’s people out there care to respond?
At the end of the day, in a week of old dumps of data by Wikileaks and Guccifer2.0, I am unimpressed with this attempt unless someone can come up with something more concrete. One does wonder though just who might be trying this tac to attempt to cause Donny trouble. It seems a half assed attempt at best or perhaps they were not finished with it yet.. But then why the tip off email to someone who then got in touch with me? Someone I spoke to about this alluded to maybe that was the plan, for me to blog about this from the start..
Ehhhh nah I don’t buy that.
However, what has my attention is that this is just one attempt in a sea of attempts to manhandle the US election process. A series of hacks and leaks by Russia (if you believe the DNI) attempting to cause our election cycle to melt down and perhaps let the tiny handed orange Hitler win the election. Jesus fuck what a scary time. I mean sure, I lived through the 80’s and the bad times with Reagan and the nukes but Jesus Fuck all of this is balls out destroy the system by pushing the idiots to the boiling point!
Meanwhile Donny is not preparing for the next debate because it’s “annoying”
BAAAAHAHAHAHAHAA fucking chucklehead.
Interesting times kids…
K.
PS… Feel free to investigate for yourselves and let me know if you find anything interesting!
UPDATES
After posting this yesterday there have been some revelations. First off, someone in my feed put me in touch with the NYT and a reporter has confirmed to me that what the site says about NYT reaching out and asking about the connections, then the connections going bye bye is in fact true.
Ponder that one kids…
So I decided to use my eagle eye and look for another eepsite to pop up and sho-nuff it did yesterday at some point UPDATED with new and fun data! The “Tea Leaves” person(s) have added logs that they allege came from the name servers for Cendyne.
These are the key files in the new dump but the problem I have is that they are just text files. Anyone with the know how could re-create these to look legit enough but yet still be questioned. I see no actual login to the shell and queries being run here so really coulda just done a find/replace on another query on any server you have access to.
I have to say it though, these guys are trying to get the word out but in a strange way. I mean this eepsite is now hosted in Czechoslovakia, staying with the Baltic flavor but why not broadcast this more openly? Why does the WordPress site have the wrong address to start and then the other eepsite disappears after a little poking and prodding?
krypt3ia@krypt3ia:~$ whois 46.36.37.82
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the “-B” flag.
% Information related to ‘46.36.32.0 – 46.36.63.255’
% Abuse contact for ‘46.36.32.0 – 46.36.63.255’ is ‘abuse@gtt-as.cz’
inetnum: 46.36.32.0 – 46.36.63.255
netname: CZ-GTT-20101025
country: CZ
org: ORG-Ga241-RIPE
admin-c: LM1397-RIPE
tech-c: LM1397-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-by: MNT-GTT
mnt-lower: MNT-GTT
mnt-routes: MNT-GTT
created: 2010-10-25T13:24:34Z
last-modified: 2016-05-19T09:42:08Z
source: RIPE # Filtered
organisation: ORG-Ga241-RIPE
org-name: GTT a.s.
org-type: LIR
address: Hornatecka 1772/19
address: 180 00
address: Praha 8
address: CZECH REPUBLIC
phone: +420261001179
fax-no: +420261001188
admin-c: LM1397-RIPE
abuse-c: AR14420-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: MNT-GTT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: MNT-GTT
created: 2010-10-04T15:25:45Z
last-modified: 2016-05-20T10:04:31Z
source: RIPE # Filtered
person: Lukas Mesani
phone: +420-725-793-147
address: Czech Republic
nic-hdl: LM1397-RIPE
mnt-by: MNT-FRODO
created: 2006-06-07T13:57:53Z
last-modified: 2014-02-11T22:58:02Z
source: RIPE
% Information related to ‘46.36.32.0/19AS51731’
route: 46.36.32.0/19
descr: GTT-NET
origin: AS51731
mnt-by: MNT-GTT
created: 2010-12-09T01:08:59Z
last-modified: 2010-12-09T01:08:59Z
source: RIPE
The biggest takeaway is that the NYT confirmed that they asked the question and shit happened. They are still looking into it.
Oh Donny shit’s about to get worse in your dumpster fire world.
K.
UPDATE TWO OR THREE….
Dear Tea Leaves,
Answer my questions in email sent Monday. Stop muddying the waters with information that cannot be proven.
Yours,
Dr. K.
Above was emailed to me Sunday. I responded and asked specific questions. This comment is useless static.
Guccifer 2.0’s Clinton Foundation Data Drop Is NOT Clinton Foundation According To The Metadata
OCTOBER SURPRISE! I’MA OPENING A CAN OF NOPE SAUCE ON GUCCIFER 2.0
You all have likely seen the news since October 4th where the Gucci boy dropped another dump of dox on Hilly and Bill. Yo yo yo though this dump isn’t what he claims it is. Of course in the news reports the Clinton camp denied the files as being theirs and on the face of it with the screenshots given, I can agree to agree. However in this world of of insta media fuckery I wanted to follow up with some forensication on this shit. So I downloaded the “dox” and I did some metadata forensics. What I did it seems the media has failed to do once again, I mean really, is it so fucking hard for the media to like do due diligence and shit?
Anyway, the bulk of the docs were written by Miss Kurek of the DCCC 499 of them to be specific, I did not go into the stats on the excel files and pdf but if you Google up Missy (kurek) she is a Pelosi minion and has a position at the DCCC. So that right there made me say “hmmmmmm” I went further though and pulled the PC user/machine data that could be captured from the documents in question. What I found was that none of these documents were written on any asset with the name “clinton” or “clintonfoundation” at all. In fact, all of the machine names involved just pretty much said “pc” and a user name, so no real enterprise networking here kids.
Furthermore, when you pull out the network data all you see are DCCC servers. So unless the Clinton foundation is running all their shit out of another bathroom server at the DCCC this ain’t the dox Gucci was promising. So that leaves me to wonder just what the hell is up with ol Gucci boy? Are the Russians running out of shit to post or is this cat going rogue on them? Perhaps the Gucci cutout is now believing his or her own hype? This dump though casts a doubt on everything else he or she may put out in the future and if it was an “off the rez” situation then he or she may be in for a visit from the GRU in the near future.
Anyway, public service done here… You can thank me at any point Grandma Nixon!
Oh, and yeah, you newsies, fucking do your homework!
K.
DATA
Users
User List
Emails
Email addresses found in metadata (doc/docx/pdf/xls/xlsx)
Networks
Networks and servers found in metadata
Clinton Foundation Metadata
Clinton Email located
I found two emails for Clinton.com in two docs but nothing else.
UPDATE!!
Evidently I was a bit hasty in saying no journo’s had done due diligence. I have been informed that The Hill and Ars did look at the metadata by clicking on “properties” Good on them! Now, how about some real forensics.. I mean it did not take long….
*post written to Ghost Dog OST by RZA*
DD0S: Posters From Walls To Legitimate Weapon Of War and Its Possible Use Scenarios
pew pew pew
Historical DDoS
Distributed Denial of Service has been the go to tool for the script kiddie and Anonyous over the years but recent developments have shown that this tool may be evolving and maturing with new use by actors within the nation state arena. In fact DDoS has been used before by Russia on Georgia in 2008 and again recently on the attack of the power grid in Ukraine. The types of attacks varied but the end state of denying service to sections of infrastructure have been the same in each of those occasions.
What was once considered to be just a tool for skids is now fast becoming a dangerous tool for other attacks that in tandem with kinetic action, could be the prelude to war or, more to the point, smaller actions that may not lead to the intensity of war by the standard definition by countries like the USA. This blog post contains a set of scenarios that could possibly play out but they are more so thought experiments to show the potential use of a denial of service in hybrid or network centric war that includes information warfare, CNO, and CNE implications.
Recent Events
Directed Attacks on Infrastructure and Defense (Schneier)
In a recent post on his blog, Bruce Schneier alluded to some very directed DoS activity against infrastructure of the internet. He was not really forthcoming with the data but I too had heard of some activity and thus began to ponder who might be carrying out tests of new denial of service tools. His go to on who was carrying out the attacks was China, which was a poor choice in my opinion and wrote an off the cuff retort here. I believe that another actor is afoot in that one and as you read below that actor is DPRK. I think this for many reasons that I will cover later.
In any case, the attacks have been systematic and show planning in a way that alludes to a desire to take out large areas of the internet and or command and control systems for the nation(s) that would degrade our abilities to fight a war, carry out daily business, or just surf the web. Of course the former is the most important and likely the aegis here rather than the latter for this adversary.
Krebs
Another event that has taken place in rapid succession to the attacks on infrastructure was the DDoS of Brian Krebs website after he outed a company that performs DDoS as a service in Israel. This attack for the most part appears to me to be revenge for the takedown he was part of, but he has over the years managed to piss off many of the skidz out there today so the list of names grows exponentially there. What struck me though in this attack was that the tool used was then burned by it’s one time use on Brian. If this actor were someone within the space of nation state, they would not want to burn the tool so to speak.
In fact, post the hubbub of the determination that the tool in question leveraged a botnet consisting of IoT devices (Internet of Things) the author dumped his code online because within days he already was seeing his output diminish because ISP’s were cleaning up their acts and denying access to insecure IoT devices and telnet sessions that had default creds. With this revelation it leaves the tool up for use to some, upgrades to others, but overall it is burned as tools go for surprise attacks. Of course the tool’s DDoS is carried out by GRE packets which is a hard one to stop. If others find new sources of bots for the botnets then the tool once again can be fired and take down the targets pretty readily, so there is that.
South Korean Router Hack
The Yonhap News agency recently put out a report stating that the ROK military had suffered an attack on a ‘Vaccine Routing Server’ at their cyber command in Seoul. I am still not sure what a vaccine routing server is other than perhaps a bad translation from Korean to English but if it is in fact a router, then this attack could further a DDoS quite well. Of course this attack if carried out the right way, could be just like the OVH attack that leveraged traffic directly through to the back end of the OVH infrastructure. This type of attack would be devastating on any network. If in fact the OVH attack was another “test” of another, as yet un-named tool, then leveraging such a router compromise on the ROK cyber command by DPRK would be the next best thing to just dropping a missile on the building, which would likely happen right after the DDos begins in a lightning war.. But I digress.
Tactical Use
So with all of these things in mind, I would like to next discuss the tactical use of DDoS in a hybrid warfare scenario. In the cases earlier stated with Russia, both types of denial of service were used in differing capacities. In Georgia, they used the DoS to cut off the country’s communications both internally and externally leaving them dark the rest of the world. In the case of the recent attack in Ukraine they did not use the common tactic of DoS by packet, instead they used a phone DoS on the helpdesk at the power company as well as other tricks like attempting to re-write the firmware in the ICS/PLC environment so that the power would stay down after the attack. Both of these attacks plainly show the value of this type of attack but below I will go into the thought process behind their use.
Deny, Degrade, Disrupt & Psyops
DoS of any kind’s main goal in a warfare sense is to deny access and communications, degrade access and communications, and disrupt access & communications. These primary goals have sub goals of slowing the adversary, denying the adversary, and disrupting their abilities to respond to attacks. If you carry out these denial of service attacks on communications lines for say military command and control (C4ISR) then you are effectively blinding the enemy and or disrupting their ability to respond and prosecute a war.
Years ago an example of this was carried out in Syria by Israel when they attacked a radar station electronically and allowed their jets to make it through unseen by the air defense of the country. This operation (Orchard) leveraged this electronic attack to destroy a nuclear facility before it went live. In certain situations these attacks also can have the added benefit, or even the main goal, of prosecuting a PSYOP (Psychological Operations) on the affected country by destabilizing their networks (public and mil) and sow distrust of the infrastructure as well as cause pandemonium. I will write further on the PSYOPS angle below in one of the scenarios.
Signal To Noise
In some cases a DdoS can be used to distract an adversary while you are attacking a specific asset(s) in a hack. This type of activity has been seen in some of the Chinese activity in the past. This type of attack is quite successful as the IR teams are otherwise engaged in trying to mitigate being offline, it is easy to miss a certain network or device that may still be connected and being attacked. With the masses of data being aimed at the defenses it is easy to miss the attack within the deluge of bad data.
Scenarios
Scenario One: Core Infrastructure Attacks on ROK and USA
With the attacks on infrastructure mentioned above, and the ROK Cyber Command attack on a “router” this scenario concerns a “short war” which is the favored type of warfare by the DPRK. In this attack the following happens:
- DPRK launches a DDoS of some kind(s) on ROK and US assets to disrupt C4ISR
- DPRK engages their rocket batteries just outside of the DMZ with a three minute flight time to Seoul
- DPRK launches other forces and attempts to overtake ROK
It is within the nature of DPRK to attempt this kind of attack because it is doctrine for them, they have nothing to lose, and they would aim to deny, degrade, and disrupt ROK’s allie, the US with the types of attacks we have seen recently with the GRE packet attacks. Of course there would have to be other maneuvers going on and other attacks within the spectrum, but this attack vector would be easy enough for DPRK to leverage in a kinetic hybrid war scenario.
Additionally, the use of DDoS by DPRK is a natural fit because of the lack of infrastructure within the hermit kingdom. If DPRK were to leverage DDoS like the GRE elsewhere, it could easily do so because of the aforementioned lack of connectivity as well as the norms today for warfare do not really cover DDoS (yet) as a type of attack that would require a kinetic response. DoS and DDoS are the perfect asymmetric cyber warfare tool for DPRK and I for one would not be surprised to see in the near future, it’s use by them in scenarios like these.
Directed Attacks In Concert on US Elections
The following scenario concerns the upcoming US election and the possible use of DoS/DDoS as a tool to sow mayhem during the process. Russia seems to be actively tampering with the US electoral process in 2016 through direct means by way of hacking and cyber warfare tactics. However, this attack could be just as easily leveraged by DPRK or anyone else. I am using Russia in this instance because it is October and, well, you all have seen the news lately right?
- Russia attacks the internet infrastructure within the united states to deny and degrade access large scale
- Russia attacks polling places connectivity either by the larger DoS or direct action against polling places and the electronic voting machines connection to upload results
The net effects of these types of attacks on the voting systems on the day of the election would have these potential effects on the process:
- Insecurity and fear that the US is under attack
- Insecurity and mistrust of the electoral process through electronic means
- Not all voting systems have the paper backup so counting ballots would be null and void in some areas
- Re-counts would occur
- The parties (Dem and Rep) specifically in this heated election race would demand redress on the systems being corrupted by possible hacking attacks
- Election results could be null and void
This scenario is quite possible and it does not have to be fully successful technically to actually be successful as an attack. The net effect of PSYOPS on the American process and people would already be carried out and in effect. Given this election cycle’s level of crazy, this one would be very hard to control and not have it spin into disarray. It does not take a lot to throw a monkey wrench into an already contentious election where persistent October surprises from hacked data are being splayed across the scrolling bars of CNN.
Actors
With all the scenarios laid out, it is important to now cover the two actors and circle back to the events recently concerning DDoS. In Bruce’s piece he immediately went to the old stand by that; “China did it” I however do not agree with this assessment and the reasons are due to the nature of the actors and their motivations. Rational actors versus irrational actors are key points to consider when you are trying to attribute an attack like these recent attacks. All of this is speculative to start, so please bear that in mind with the attribution I make. (see dice above) For all I know these attacks could all just be cyber criminals seeking to hawk their “booter” service.
Who’s to say really?
DPRK
Per the assessments of CSIS and other experts on DPRK there is not much to go on in the way of hard data on cyber capabilities and actions from North Korea. However, they do have patterns of behavior and doctrine that has been smuggled out of the country in the past. The use of asymmetric attacks that take very little resources would fit perfectly with the DPRK’s desires and modalities. As mentioned above also, this type of attack would fit well with their “short war” stratagem.
North Korea under Un has shown a willingness to use cyber warfare tactics in attacks like Sony and understands they have nothing to use by leveraging them. Sanctions are not going to work on them even with the pain they may cause. The same can be said for attacks like DDoS, there is a low threshold to entry and use and they have a large asymmetric win in the eyes of DPRK. I would recommend that you call click the link at the top of this post for the CSIS paper on DPRK’s cyber capabilities and structure.
Russia
Russia is another animal altogether. Russia plays the game brashly but most of the time very smart. In the case of DDoS use we have already seen them leverage it in tandem with kinetic warfare and do so with success. Their recent use of it as a digital stick on Ukraine as well show’s that they are not afraid to use the attack in their back yard. However, use of it against other nations might be a bridge too far in some cases. The scenario I have laid out though with regard to the nations elections in November 2016 is quite plausible and the burden of proof that the DoS was carried out by Russia or a proxy would be hard to prove in an international court.
Another aspect of this scenario is just how far of a response would the US take if such attacks happened? With attribution being what it is, how would the country respond to an attack of this nature and what good would it do if the process is already tampered with? This scenario is mostly a PSYOP and once again, the damage would have been done. With Putin’s recent aggressive moves (re-forming the KGB and now walking away from the nuclear treaty) it is not beyond the scope of possibility that his penchant for disruption would win out.
Russia is a rational actor and this would be a rational attack. Imagine if by an attack of this kind it tips the election in favor of Trump?
Scary.
Conclusion
The DDoS attacks that have been happening recently do show that something is afoot. That something is coordinated and is being used to target key aspects of the net as well as DIB partners. What the end goal is and who is doing it all is still a mystery, but, these scenarios above are just as valid as once again pointing at China and yelling “THEY DID IT!”
Maybe something will happen in the near future…
Maybe not…
Either way, one should consider the adversaries who might be at play.
K.
UPDATE: Evidently I am not the only one who is thinking along these lines… The Daily NK had an article come out the same day, thanks to @JanetInfosec for the tip! According to this article they are assessing that on or near 10/10/2016 DPRK may attack ROK with electronic/hacking attacks as well as perhaps more launches of provocation.
Leaderless Jihad and Open Source Jihad: A Marriage Made In Hell.
In 2013 I wrote about leaderless jihad and the “Stand Alone Complex” Now we are seeing this type of leaderless, “inspired by” thought virus playing itself out on the national stage. Last nights attack using a lorrie was something that was presaged by two issues of Inspire Magazine back in 2010 and 2014. There isn’t much to it really to gather some weapons, steal a truck, and then plow it into a crowd but it has taken this long for the insidious idea to take root in the collective unconscious of the would be jihadi’s. The days of a more rigid and trained “jihad” are being eclipsed by would be unbalanced individuals seeking attention and reinforcement of their sick ideas through the media, the internet, and our collective inability to look away from a tragic scene on a glowing screen.
2014 Inspire
2010 Inspire 2 “Ultimate Mowing Machine”
Soft targets were always the preferred avenue of attack but now they are becoming seen as a top priority for security forces since the attacks in France and other places like Bangladesh. While Dahka on the face of it had a contingent of more trained individuals the attack last night is as simplistic as they come. This is what is really scaring the populace and the security services because now it seems that the authors and actors of these acts are in fact just one guy and not a cabal that they could perhaps track using pervasive surveillance. A cell of one is hard to track and certainly if they self radicalize by just downloading Inspire magazine and watching YouTube, well, what can one do? There are no easy answers here in the world of detection and prevention.
So here we have it, I have been pointing this out for a while and at first it was AQAP trying to inspire “OSJ” or Open Source Jihad. Now Dabiq and Da’esh are carrying it on and furthering it with the media zeitgeist that ensues with each attack. The net effect here is that these people are selfradicalizing with the help of the media’s obsession on covering ad nauseum these acts. The pervasive hand wringing and talking heads only serve to whet the appetite of the would be jihobbyist into action. Forget the Inspire magazines and the videos, just watch CNN and that is enough it seems. This all is very much like the plot line to “The Laughing Man” arc of Ghost In The Shell. An act carried out on the media instilled others to carry out like acts to be on the media and further the idea(l) as well as serve as a means to self fulfil the actors need for attention and satisfaction.
This is pure psychology at work and there are a host of reasons and syndromes that could likely be pointed at to rationalize it’s happening. The fact of the matter is that now we are seeing it play out rather bloodily on the streets of the world in furtherance of an idea and ideal set that lends itself to the like minded.. Or should I say mentally ill? Yes, I would say mentally ill. These actors are acting out and likely have some borderline tendencies to start with. These people feel outcast in their societies or out of place within the societies they are living in as a second generation citizen. It is a complex thing to nail down and I suggest that anyone who might want to delve into it further read “Leaderless Jihad” by Marc Sageman.
We need a more nuanced approach to the GWOT and I am afraid we won’t get that…
K.
The DNC Hack: SVR? KGB? GRU? Lone Hacker?
Attribution Games:
I grow more and more weary of the attribution games being played in INFOSEC and the DNC hack is just another in a cavalcade of epic missing the point parades. Since the “scoop” given to WaPo by Crowdstrike, there has been a flurry of allegations, revelations, and throwing of attribution dice akin to a basement game of Magic The Gathering repleate with summoning!
“I summon the Russian GRU!”
“I summon the LONE ACTOR!”
“I summon the KGB!”
*slaps down cards on table* TAKE THAT!
The reality here is that there are more than a few games going on here. Think about it, Crowdstrike gets a media coup by selling this story to WaPo, who just happens to have been banned by the Orange Julius of our time, presidential candidate Donald Trump! WaPo jumps on this like a child on a fresh tit and runs with the attribution story and sets the world on fire for Donny boy with the release that the DNC not only was hacked but that his dirty laundry may be in the hands of Kommisar Putin!
“Whoa”
So, first let’s set aside the whole issue of marketing, which is akin for me, to choking on a hairball left from that chick in “Ringu” and move on to the veracity of the attribution as well as the real need to name and shame here. I for one can believe that the two nation state actors software and activities were found by Crowdstrike on the DNC systems. The fact that there are two disparate groups from the same nation state is interesting in itself. I guess they are not really talking to each other and given the state of affairs there in Russia I can see this as being a true accounting. However, I can also see my way to there being third, fourth, fith, sixtieth actors also in the network or having had been in the past as well. Face it, these are government systems who usually go to the lowest bidder right? This was likely the Diagon Alley of Democratic networks.
So, to say that it was only these two actors might be a stretch. There is room for doubt and after the dump by “Guccifer2” as they are calling themselves, it is easier to think that perhaps there is more to the story than what we have been given by the media, the DNC, and Crowdstrike. That the documents are legit on the wordpress site by Gucci and that they seem to be pretty well stamped down on metadata, one can’t make too many assumptions.. Oh, yeah, but everyone is! At the end of the day for me, even though I will play the game a little bit below the fold here, the real issues should be how the hackers did it, and fixing the behaviors of the DNC to stop it from happening for a year or two at a time in the future. Not so much pointing at Russia and yelling; “YOU TOOK OUR SHIT! BAD POOTY! BAD!”
Put another way… I eagerly await the FBI warrants and 10 most wanted cyber listings for the Russian actors they have all this attribution on … I suspect I will be waiting the rest of my life for that one kids… Just sayin. This was mostly about marketing as far as I am concerned and I have to give them props for working that one. Sales must be up in the government area now because of this caper right?
Metadata and Cyrillic:
Meanwhile, after the WaPo story hit the wires the “lone hacker” created his wordpress site and dropped dox as we say on the intertubes. Shortly after the drop people were inspecting, detecting, infecting, and making circles and arrows with captions on the back to describe what you were seeing! … And the conspiracy theory machine went into overdrive. Pwnallthethings made some good comments on the metadata in the dropped dox but really, concluding that this is a Russian disinformation operation from metadata stripped documents on the idea that the machine name was cyrillic for Felix Dzerzhinsky (Феликс Эдмундович) Really? Now that is fucking SOLID work man! Stellar! FUCK LET’S GO BOMB RUSSIA NOW!
NAILED IT!
You know at least Crowdstrike has like actual data, ya know, C2’s, malware, and shit like that. Anything else is totally speculative, I mean even more speculative than most attribution that these companies make with real data! Anyway, I took a look at the metadata on the documents and here is what I have found…
- Much of the data was stamped out in saving from format to format
- Emails of users though were still embedded in the excel files
- The word docs have no more metadata than the Iron Felix machine name save, which, gee, kinda leads one to wonder…
- The image files have no metadata.. none.. niente clean.
- Grizzli777 is just someone who pirates
Yep, not a lot to see there and people are hanging their collective hats on the deliberate placement of Феликс Эдмундович as the machine name to it’s quite OBVIOUSLY being Mother Russia’s exclusive secret services.
*squint.. takes drag of cigarette*
So here’s my assessment…. Maybe Russia did it… OR Maybe this actor is the real thing and happens to want to take credit. The facts that this person(s) reads, writes, has, cyrillic on their machine and names it after the founder of the KGB is as reliable a means to saying it was Russia as it is to say that aliens built the pyramid because people just were fucking too stupid back then!
All of this hoo ha really means nothing. The fact of the matter is that now Donny’s dirty dirt is open source!
YAAAAY!
Wait.. I read it.. What the shit people? REALLY? THAT’S ALL YOU HAD HILLARY? COME ON!
It doesn’t matter who did it really.. Horse is out of the barn and the barn is on fire kids. So please, stop with all the wankery and move on to the next hack ok?
DATA:
Motivation Analysis and Hypothesis
RIGHT! Well now I want to play the attribution/motivation/game of clue too! So here goes…
Imagine if you will that Russia did do it. Imagine also that Gucci2 is still Russia’s services performing a disinfo campain against Crowdstrike. Now imagine why would they be doing that? Why would they drop Donny’s dox AND all the other fun stuff for the Clinton campaign, which is in trouble already over the cybers! What effects would this have? Let’s list it out for you…
- Dropped dox of the dirt —-> Blows all Hill had on him unless there is a double secret probation file somewhere
- Dropped dox yet to be releast on Wikileaks —> Let’s say, as Gucci2 alluded, they were also in Hill’s mail server, ya know, the one that wasn’t supposed to be? Oh yeah…
- If that server was popped by the Russians and Gucci1 those criminal charges could be much more deleterious right? *waves at FBI*
- Dropping of dox and general hackery causes DNC and the election process to be even more fractious than it already is
- Dropping dox makes Hill’s candidacy potentially weaker (hint hint server –> Russians–>PWN wink wink nudge nudge!
So all those effects would do what possibly? Why would they want to do this? WHO WOULD WANT A TRUMP PRESIDENCY?????
Why Pooty of course!
Think about it kids. Given your knowledge of Teeny Tiny Baby Hands Trump, do you think he could stand up to a bearish Putin? *sorry had to use that one* Do you think that perhaps Donald is easily.. Shall we say.. Distracted or led? Come on, I know you can all reason this out. A Trump presidency would be sweet sweet love for Putin. He would have a friend, and someone he can sit on his knee to play ventriloquist with! … Well, until he has to polonium enema him that is.
That’s my theory and I am sticking with it… For all the fucks that it is worth.
I will say though.. I am waiting on those documents to show up in Wikileaks. That’s when the shit is really gonna hit the fan.
See you all in INFOSEC attribution Hell.
K.
The QNB Hack: Cui Bono?
The Dump
The recent dump of data from the Qatari National Bank was of interest to me and many others because it was purporting to have the accounts and identities of spies within it’s csv and text files. I downloaded the files from Cryptome thanks to someone pointing me in their direction and took a nice long look. As the story has unfolded it has come to light that the bank itself says the data is real and that they are now “completely secure” which is amusing given that this was an ols SQLi attack that netted this Turkish hacker group the jewels of QNB.
The dump consists of the oracle database files, the passwords, and the banking information of all the users therein. I have to say that most of it is really quite pedestrian but then the hackers, or the bank management, created file folders (as seen above) that marked people as spies, Mukhabarat, Security, Gov, and other tantalizing names. I first had thought that the file folders and their speculative names had been created by the hackers to sex up their dump but it has come to light that if you look within the database dump itself you see the directories and names have headings like intelligence and defence. So it seems that the bank itself may in point of fact created these tags in the belief or inside knowledge that the people in the data were in fact what they claimed, or at least thought they were.
The Spies
I looked at all the interesting folders and the data all the while wondering about the validity of the idea that these names were in fact corresponding to real assets, NOC’s or just functionaries in Qatari space that had just been quite well blown by this hack and subsequent data dump. On the whole I would call into question all of the names being linked directly to espionage organs. I really have to wonder if the bank would in fact be that “in the know” about spooks in their country and really have to be circumspect about their putting that in the users bank records. I mean even the Mukhabarat would at least demand that it be obfuscated one would hope by a code of some sort and not just in the headers/directories themselves.
It really kind of feels like the natural tendencies of the Arab nature had gotten the best of the database admin and the managers of the bank and they believed that these people were spies without there being any real proof. In any case, if these people, especially those who are FORN and in country, now may have some trouble with people thinking that they are really spies and subject to attacks. Imagine if you will any jihadi types who might take this data as gospel and go after these people for da’esh or AQ. This could be bad. I have yet to hear of anyone leaving their positions or the country. If I were one of them I would at least be looking over my shoulder henceforth.
The other data I can see perhaps the military accounts and names being totally on the money because they are their own Ministry of Defence and really, that is not top secret stuff. Likely the bank see’s where these people get their pay from (Qatari funds from the gov) but even these people could now be targets because this hack was motivated by political means it seems after all.
Cui Bono?
It seems that the Bozkurtlar (Grey Wolves) a Turkish political group and their hackers were the perpetrators of this hack. There is a long history between Turkey and Qatar and most of it seems kind of benign but when you scratch the surface a bit you can see that there are some issues between them as well as some synergies in their support of certain terrorist groups like da’esh. (click linked image below)
So, “Cui Bono?” Well, certainly the Grey Wolves, to what end I am not completely sure. They did post their video before the hack hit the pastebins out on the net so it was pretty much their gig but I still don’t quite understand why. Perhaps these hackers are quasi wolves and or it is some other entity using the wolves as a cover for their activities. Given that there has been no real perceived fire coming out of Qatar over this nor in other areas of the world that we are aware of, I kind of doubt all these people were in fact assets of foreign powers.
At the end of the day, this just turns out to be yet another derpy easy hack using SQLi on an entity that wasn’t performing any due diligence but it had the sexy sexy for the masses with the idea that some great hack exposing spies had occurred. In my opinion not so much really. So hey Grey Wolves, gimme some more context would you than some poos British shmucks MySpace page in the future would you?
K.
Krypt3ia 