Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Darknet Mystery Boxes and UN-Boxing: Buying Mystery Boxes on Ebay and CLAIMING They Came From the SCARY SCARY DARKNET for Ad Revenue!

leave a comment »

Spooky Darknet BOXES!!!

Lately I have become more of a YouTube junky than I ever have been. This means that I have been pluming the depths of the derp in the YouTubes as well as looking at cool documentaries that get posted there on History and the like. Lately though, I have been watching these “Top 5/10/15” channels with weird things like found footage posts and other oddities, ya know, the urban legends kind of shit. Well, once I started getting into that it was only fate that I would be presented with a whole bunch of videos around “Dark Net MYSTERY Boxes!”

Spoooooky!

If you are not familiar with this whole craze, the story is that in the deepest and darknets of darknets there are places where you can cough up cash (bitcoin) for mystery boxes that will be shipped to you and contain strange and spooky shit! This then, once delivered to you, the intrepid YouTuber will “unbox” that strange shit for you LIVE on cam! Often these people suit up in surgical gloves and masks and eagerly open these mystery boxes only to find random strange shit in them that often is supposed to make you think they have either been cursed or been sent a serial killers kit of tools.

WOOOO!

A prime example of this dipshittery is Ali H a YouTuber who claims to have spent one thousand dollars on a “darknet mystery box” for his channel and opened it on camera. While rummaging around in it he claims to have felt a stick and pinch only to pull out a syringe complete with needle! It’s here that I have to call out some things, first off, if this guy actually bought some rando box of stuff off of “the darknet” well, then where is he getting that kind of money to do stupid stuff like this? Second, what the hell is he doing sitting in front of the camera if this is indeed a random box of stuff he did not put in there himself and did not really get a needle stick on? I would think that he would have shut that camera down and went straight to the E.R. with that needle and the story to start some tests!

*swigs whiskey*

Which then makes me wonder, is this guy faking it all for clicks? Or is there some money to be made here with these kinds of stories? Now, in looking at his video there were no ads, so, he is not making money off of advertising on his channel that I can see. He does have some other channels like an instagram and such, but I am not seeing any other revenue streams here. Well, he does have a “business inquiries” email address though… Business? What business is that? Opening darknet boxes for profit? TV hosting? Being a millennial idiot?

So yeah, if this guy has a grand to drop on some darknet mystery box and is not making some money on this somehow I can easily show you a fool who was parted with his money as the old adage goes. But ok, so what if there is no money in it? What if he really did not spend ANY money on this box that he packed himself and opened on air? Well, then WHY is he doing it? Well, that’s a good question and in the age of social media I am going to go with likes, clicks, and internet fame! Yup, indeed we as a society have gone full reality TV online as well as on air. I mean, this one video here is even trying to imply that this guy could DIE from buying and intrepidly braving the darknet to buy and open this spooky box! In reality, if I were this guy and really got a box that gave me a needle stick that could potentially lead to life threatening illness I’d be on the phone toot suite with the USPS and the cops about an incident.

This guy, nah, he just looks like a stuck dull eyed cow into the YouTube machine hoping for clicks, comments, and “business inquiries”…

Ugh.

In fact while looking over the plethora of spooky mystery box channels I see many of them have no ads, but instead have other channels where they are asking for anything from bitcoin donations to hawking their own merch to keep their channels going. I mean, hell, YOU GOTTA have the bank to buy these $500, $600, $5000  mystery boxes man! What’s even more galling is that people on the other side of the screen believe this stuff! Honestly, have we devolved that much that we have an era where Slenderman and mystery boxes are “real” to people who watch a video online?

No wonder we are in the mess we are in with fake news and russian disinformation! We need to start teaching logic and ethics STAT!

There are no “Darknet Mystery Boxes”

Kids, listen close, get closer, sit by the cyber fire here… I have something to tell you. There is no such thing as a “darknet mystery box”

Trust me, I know, I live in the darknet…

*baleful stare*

In fact, I have searched high and low as others have done on the darknet forums and not one mystery box can be found for sale.

NO REALLY!

Don’t believe me? Well look above here and take it from a minion of the darknet on  a post IN THE DARKNET!!

 

 

So yeah, they don’t exit on the forums but they DO exist on Ebay! In fact while looking at these I do not even see any for sale for that alleged 5k… Hmmmm… Gee, I must not be in the right place huh? Maybe I need to go further down into the Marianas Web huh? If I do I better harden my system, I mean the pressure in the Marianas is a brazillion pounds per square inch right?

Nah, I shall just stay in the surface darknet I guess because THE DARKNET MYSTERY BOX IS A LIE KIDS! Don’t believe these numbnuts on YouTube and certainly don’t give them money for this fakery!

STAHHHHHHHHHHHP!

Ugh.. and I thought Russian disinfo was bad…

I’m gonna just go drink in the corner here kids.

K.

Written by Krypt3ia

2018/09/06 at 13:39

Posted in DARKNET

SADAQAHCOINS: Darknet Jihad Funding

leave a comment »

A few days ago the word got out that a new da’esh jihadi funding site had hit the darknet. Much of the reporting has been about the novelty around this idea which isn’t all that novel really. There was another site back in the day that was looking for bitcoin donations and was much more sketchy than this site is but who’s paying attention right? Anyway, this site is the next generation of jihobbyist funding by an unknown group of guys and it is novel in a couple of ways that in reading the other reports, was missed out on. In fact, one alleged expert just marked this site down as just another scam site when in fact, while it may in fact be a scam, it is much more nuanced than the usual fare you see in the darknet and thus, I judge it to be run by people who at least know the jihad well and understand the Hadiths.

The premise of the site is based on the Islamic notion of Sadaqah, which is misspelled for the jihobbyists on this site to make it catchy. Sadaqah, literally means charity or benevolence and is an apt name for this site because it is exactly that which they are seeking. It is an interesting area of Islam concerning your obligations for charity as well as public works and in this twist, the sadaqacoins crew is attempting, as others have, to manipulate the original intent of Sadaqah, for jihad and the furtherance of the war against the infidels. That this site is using trackable bitcoins and attempts to use a more opaque currency like Monero is novel only for the fact that this site is much more slick and put together than the others I have seen out there in the past. Honestly, much of the jihad has always been propped up on donations and the Hawala system since the beginning of the GWOT.

Of course this site not only wants to have the believers give them bitcoin for the jihad but they have funding programs for specific things like buying a sniper rifle or a truck that they can mount a gun on. Not much new here in the way of asking for donations like this inside the jihad. Now, what is new is that the site is open to “others” to suggest finding programs or “projects” as well so anyone could hit them up within different areas of the jihad to get this funding set up. This could be the big difference if this thing actually flies. Imagine more of the disparate cells asking for new projects and then setting up their own bitcoin wallets. This could mushroom a bit for the more savvy jihadi’s out there on the net looking to help but maybe not get blown up in the lands right?

In fact, the most interesting bit for me and for my old friend Onionscan, was the fact that these guys added an Eid celebration to the mix where you could donate for sacrifice. What this means is that you could help the jihadi’s celebrate Eid in country by funding their goat dinner. This is a bit that I think others missed in reporting this because of two reasons. First, these people who wrote about the site don’t understand the religion and the sociology, and two the site had been updated by the time I got to it with the Eid celebration. In fact, it was here that Onionscan puked out some interesting information about the mostly secure site. It seems that their Eid celebrations were in haste to be posted and they forgot to get rid of their EXIF data.

Oops.

Basically, the data that I managed to pull out of all these photos show that they are using a phone camera by Motorola and managed to not have their geolocation turned on. Of course this doesn’t mean they won’t mess up later and leave that kind of data in them for us to hoover up and use as coords for a hellfire visit. This all could be leveraged by the right players though to manipulate them to make a mistake in the future as well. I look forward to seeing where this all goes in the future. However as it stands now, their OPSEC is fair to medium. They did manage to give us a lot to work with though with all the email addresses to reach them on and their Telegram channels to infiltrate and get in their insides with.

 

 

Another point of interest for me on the OPSEC front was their choice of languages  for the site. It seems that these jihadi’s like to speak German, Turkish, and English. These three languages are of note because the site has no area that is strictly in Arabi and that is an oddity. This implies that the group who set this up are English speakers, Turks, and Germans but not really well equipped to write and read Arabic and this kind of tracks with some of the intelligence that comes out of the da’esh circles over the last couple years. There has been an influx of foreign fighters to the jihad but really guys, no Arabi? Shame on you as good Muslims not at least being able to have a page in Arabi!

I guess maybe we can see if they add some Arabic later on…

14gymFijxkFzbxbacbP9ioGndsqHRuJJTc —0 coins
1Dft8kgCWiuqRBLqgTuH2ZhVeUAxC8KGGi—0 coins
1KHDmXfqHJM9XqDHvGfCN4KVhsuReHDfLc—0 coins
1LGHotsLQF1evDXkt7DBTwvZ48SY3idTBL—0 coins
12QufGGoEoNUZN6aobofCoj9giNzCeHFP4—0 coins
184FNLi5aXGcurjEmUs7kgc7cYJ5gauduB—0 coins
1HABpbonuhGUL1woiQELuoDFXBEV6ZLpyG—0 coins
1Br6MtEQLgikLAQSFsrZKWxX6UPYzkAQz9—0 coins
15zbyqsq3q5s5ea5uEQz8xFkEpsPYAW3CE—0 coins
1KHmpHw8p7VGjQpftj2axdqq5NE3JYGT6C—0 coins
1MFeZbNsfWqBVytLmUjYcZoV3RhxJpQ3Kn—0 coins
17mwSmM6NzZTzoAiP3PHLAkooF9jd1xDY8—0 coins

Meanwhile, back to the bitcoins. This site has 12 bitcoin wallets at the time of my assessment and NONE of them have any coin in there at all. Nothing, nada, niente. Of course the site is fairly new so I can see why it wouldn’t have any coin in there yet. In fact the site only popped up on my link search in the darknet on the 24th of August so there is that. (see below) So we need to give it time to see what else they do and if anyone actually donates. Once they do, well then we can track the coins and see who did what huh?

Well, this was an interesting diversion for a while but I am still kinda meh about the whole thing. I am gonna keep an eye on it and maybe visit those Telegram channels to see what other OPSEC FAIL’s they make. Until then, hey, it’s out there and it’s novel.

BOOGA BOOGA BOOGA JIHAD IN THE DARKNET BOOGA!

Derp.

K.

Written by Krypt3ia

2018/08/27 at 18:22

Fine Old Cannibals: The Sexual Cannibal Site Started in 2007 and Is Still Munching Today

leave a comment »

Well, I have done it again and went down the rabbit hole on cannibalism. This time I came upon another clearnet site called the “Donner Party Catering” site (donnerpartycatering.com) and, well, I let the Twitter poll decide all your fates so here’s the post on what I saw. First off, let me say that this site actually had a lot more “visual aids” than the previous site that the real cannibal Armin Miewes made his cannibal connection on. This site has been fodder for darknet stories though, and in this case the stories are more lurid than the actuality in a lot of ways. However, after looking at the “content” and at those who are actively still posting their stories, videos, and other materials, I wanted this time to not only cover the ick factor and novelty of this kind of site but also the actual psychology of sexual cannibalism.

The site has been around since 2007 like I said earlier but the design has stayed in the 90’s throughout the whole length of time as seen in the screen shot above. It’s so Geocities that it out Geocities Geocities! I guess though that it is fairly easy to maintain so it has that going for them. The owner has been traced to a man and his wife who currently live in Florida in a retirement community. I have decided to not out their names on this post but suffice to say that there is a married couple in Clearwater Florida at a retirement community who are still actively living out sexual cannibalism fantasies online and in real life. They make photo’s and video’s and they seem to be making some money off of this content today.

Note though, that while he is a computer guy, he isn’t a computer security guy. The OPSEC on this site and is terrible! The images and the doc and pdf files are all laden with metadata. I assume the movie files are too but in the case of the images I saw the EXIF data is all from their digital cameras and not from phones where you could get some more interesting info. However, who needs that when you have everything else for you to see by using their email addresses and such to track their real names and locations. Anyway, yeah, you can pretty easily find out just who they are in the world but I want to take a deeper look at the why of all this.

 

Necrobabes

Google: site:darkfetishnet.com cannibal

Why cannibalism? Why cannibalism of women primarily? Of course there is a lot of the run of the mill BDSM on this site as well and plenty of amateur auteurs making videos. For me the puzzle is why the mock eating of people that gets sexualized for them? I also wonder just how far it is from fantasy to actually carrying these fantasies out for those who seriously have this fetish. According to my readings thus far, even if you have these impulses and carry them out in a fantasy, you may in fact already be showing signs of a serious psychopathy. You have to admit that this is a fairly odd fetish and to go to the extreme of Photoshopping images or, in one case a series of live action videos where women being spit roasted over a live flame, buttered, and basted like a turkey are considered arousing.

I started to do some research into the psychology here concerning what I have been seeing on this and other sites and I would have to say there are dual paraphilia’s at play. The first paraphilia that is most prevalent displayed on these sites is Gynophagia (see above) In this we see the preponderance of the sites use of cannibalistic/ritualistic fantasies of cooking and consuming women by men for the most part but I have also seen some women on women fantasies here as well. Of course all of this sits under the Erotophonophilia diagnosis but you get the picture right?

All of this seems to be focused on feelings of not only control on the part of the cooker,  but the sense of loneliness and the desire to be integrated into a more powerful entity (person or animal in some cases) that may also concern feelings of inadequacy and loathing. In a study that I obtained online; “Vorarephilia: A Case Study in Masochism and Erotic Consumption”, one patient recounted how they had paraphilia’s concerning analingus and fantasies of being devoured by a large powerful woman and then excreted as feces. In this case it seems to have stemmed from a combination of loneliness and other incidents in the patients past that created this behavior. It then makes me wonder about these people online at this site and others. What histories they might have that led them to this particular paraphilia and what other darker and possibly more active measures they may have taken to sate their desires.

Lykins, A. D., & Cantor, J. M. (2014). Vorarephilia: A case study in masochism and erotic consumption. Archives of
Sexual Behavior, 43, 181–186. DOI 10.1007/s10508-013-0185-y

I also have to wonder about the pornography habits of people like Armin Miewes and Dahmer cited above in the paper on Vorarephilia. There has been very little study on this from my searching so maybe someone out there would like to take this up and do some scholarly work on the convergence of fantasies of Gynophagia/Erotophonophilia/Vorarephilia from online communities to real life and finally committing murder and physical cannibalism. This is a very interesting subculture and psychological area that will likely have me reading some more on as time goes by.

Incidents of cannibalism 2000-present

Finally I also have been wondering at just how many of the people on these sites and in the media created, are actually in it for the sexual paraphilia and how many are just paid performers. I am thinking that a preponderance of the material I have seen is all home made by those of both particular bents (being eaten and those doing the eating) this power dynamic needs to be determined. However, some of the content seems to be of a nature where it may be paid actresses and or models. In one series of videos called “Turkeys” three women are hunted by a man using a paintball gun while shackled. They are subsequently trussed up, taken in a truck to a remote locale, and then strung upside down. The movie cuts away to the next scene where a pit fire has been set and a spit contraption is set up with a woman being placed in it. She is then covered in butter and turkey basted while being turned over the fire by the other two women.

It’s disturbing.

Are these models paid for this? Are these women Vorarephiles seeking to live out their fantasy as well as the Gynophagic male?

I don’t really know and I really may not try to ask.

In closing, I decided to look up just how many cases of cannibalism had happened since 2000 and, well, you can see above that there have been quite a few. In fact, when you think about cannibalism you also have to take into account the core ideal of Christianity. The wafer and the wine are Jesus’ body and blood right? This has been going on since time immemorial but it’s also frowned upon by society right? Meanwhile online these people are obviously having their jollies on these clearnet sites and have been doing so for many years. You think you always hear about this stuff being spooky darknet stuff but the reality is that much more of it is on the clearnet in these really terribly designed sites by the likes of this retirement community cat.

We are a messed up species.

K

Written by Krypt3ia

2018/08/24 at 19:02

Posted in Paraphilias

Russian Phish on Hudson Institute & IRI Org: Filling In The Gaps

leave a comment »

So Microsoft proclaimed that they had taken down some domains and stopped the GRU/SVR from carrying out some more active measures against the US election cycle. Now, they obviously have some more intel than they are letting us all know about because while the domains are definitely set up for some gov spearphishing, we don’t have any emails or data to show they actively had a campaign running. The domains (see below) are concerned with two think tanks that have a plethora of data that the Russians would want to have and perhaps tinker with but the government domains are aimed squarely at the Senate.

 

While the domains that are meant to typo-squat the think tanks are around one hundred days old, the senate domains are much older. In fact, these domains have been creepin around anywhere nearly a year to just over a year. So you can see where the Russian services were aiming and have been planning for at least a year plus on the senate campaign. The think tanks are a newer though and as such I have to wonder about the thought process by the GRU/SVR on these. Were the Russians looking to simply gain access to these think tanks and gather intel not just on their Russian stances but also around the world as the Russians have done before (mostly by the SVR collections missions) or was their plan to somehow steal their data and leak it as part of the larger active measures campaigns?

It seems though from my searching that the domains never had any real pages attached to them but for one having an IIS front end with nothing else. Wayback machine fails on all of them as does Google, so I am going to assume that these were all just domains used as C2 for traffic and perhaps a drive by attack in the case of one that showed up in VT and Hybrid (see above) but I could find no malware being attached to these domains with these tools. This is not to say that they didn’t and that people clicked on links and got infected at the Senate or these think tanks. I guess we will have to wait for Microsoft to elucidate some more on these.

 

But, back to these think tanks and the phishing that likely was to come or already happened. I am going to assume they already happened and that is how these domains were picked up because something happened internally and got reported? I MS paying that much attention to domains or is it they were seeing O365 traffic (phish) and caught on? As I remember reading so far they really don’t tell us how they got the tip off but they must have had evidence because they took over the domains. In this section though, I want to focus on the why and the what of the active measures here by the Russians. Why these two think tanks? What were they going to do with the access one wonders. Or would this have been in tandem with the senate domains luring those being phished to an IRI report? It turns out that IRI (International Republican Institute) put out a press release on the revelations on their domain squat.

I guess that either IRI could be phished itself as well as this as well as the other org squatted (Hudson Institute) could be not only the targets of phish using these domains but also used as fodder to entice Republicans as well as perhaps Democrats to click on a tasty link and either get a drive by or be linked to a credential phishing site. As the DNC attacks I believe were credential harvesting sites, it is likely that this would be the case for all these entities were the Russians looking to gain a foothold on any of them. I am gonna say though, that the domain my-iri.org and the sharepoint domain for hudson.org  says that they were looking to fool internal folks into clicking on something. As to the other domains it looks straight up like internal users being targeted.

So what would the goals be here with these? If you were to go after their internal systems and the fellows there what would you be looking for? I am going to say this too would have been a fishing expedition for information that the Russian government could use to destabilize all kinds of places as well as to understand how the think tanks were approaching Russia. If you look at the image at the top of the page you can even see how Hudson has a paper on countering the Kleptocracy. My concern here would be that not only would the adversaries be looking to steal information but also to pull the same kind of job on these orgs that they did to the DNC. Basically, I think it would be a disinformation campaign against these orgs to cause instability in their content and their following. I could also see tinkering with their reports as well as a means to make them untrustworthy. An added bonus to this also would be collection on any collaborators that the Russians might want to eliminate in country if the emails have source conversations too.

Of course now we are hearing that the Russians are attacking not only Dems but also Republicans and it is important to remember that their goal is to sow chaos and cause division. This is because if they can cause these things, the outcome is to have inaction as well as possibly traction for those like Trump that they are actively supporting with these kinds of active measures as we saw in 2016. So, there you have it, unless Microsoft and others care to give us some more information to work from this is pretty much all you can glean from their motives by proxy of their domains. You can see though, that they have been working on these plans for some time, at least a year for the think tanks and over a year for the senate campaigns.

 

In closing though, I want to just say that it would be real easy for the Russians to get the conventions of the email addresses as well as who to target at these institutions just by using LinkedIN. I did some cursory searches in Google and LI and came up with shovels full of names and email addresses to use. It’s phishing season kids! I do wonder just how much security training these people have….

Hmmmm…

K.

Written by Krypt3ia

2018/08/21 at 18:28

DEFCON, Hotel Sneek & Peeks, and The Law

with one comment

DEFCON 26 was last week and as usual there was some hacker drama. It is an inevitability that drama will rise out of the con because, well, hackers know drama! In fact, they cause a lot of drama and that is their thing as a community. So, this year’s drama is brought to you by two factors. The first factor is that the DEFCON community has a long history of being kinda unruly and causes mischief, and some of that mischief is illegal while other pranks just cause heartburn for the people and the venues that the conferences are held at. However, in a post Mandalay Bay mass shooting era, the pranks and the mischief may not be tolerated as well by the casino’s like Mandalay Bay or Caesar’s because they are on edge and the community of hacker snowflakes need to take that into account when they attend.

While the conference owners/operators try to combat and police their hackers, it is still not uncommon to find attendee’s doing things that might damage the systems of the casino (like mess with WIFI using deauth) or to mess with the artwork (e.g. put googly eyes on all the statues and artwork in Caesars) So it is understandable why, as some have said this year, that “Caesar’s hates us” In fact, when you have a convention like DEFCON in Vegas and the whole town is being told not to use ATM’s, you phone, your blue tooth, your wireless, or anything electronic while the con is there, you pretty much have a bad reputation that YOU are in fact reinforcing right?

Just sayin…

Anyway, this last DEFCON we had a new wrinkle post the mass shooting at Mandalay as I alluded to last year. It seems that since the shooting the hotels have decided that they can “sneak & peek” any room they feel they need to in case the occupant might be planning something like this incident. Now you have a zillion hackers known for odd if not bad activities in the properties and a conference on hacking where shenanigans go on all the time and add this new rule and you get wailing and gnashing of teeth. It seems that the hotel had been just opening doors and walking in on guests there for DEFCON as well as going into their rooms while they were out and pawing through their things. In some cases it was said that the hotel security people had taken things like lock picks from the rooms, confiscated, because REASONS! People took to Twitter and complained saying that this was illegal and made things more dangerous for women (some had been walked in on and at least one may have been walked in on by someone not in security) and this was illegal search and seizure! The Fourth Amendment was being violated and this was targeting poor hackers!

WE ARE BEING PROFILED!

ERMEGERD!

Well, yes you security snowflake you were being profiled because look at your collective history! Honestly people, you have a bad reputation with the hotels and you expect anything else? At best we are tolerated for the money kids, we are not a beloved institution that is welcomed to Vegas, you need to wake up. While I personally think it is pretty shitty that these security folks were walking on on people with no knock in some cases, it is also my opinion that it is not illegal and that the Fourth Amendment is not being violated here because they are not doing so at the behest of the government or agents thereof, i.e. cops. I had an interesting exchange with a lawyer I know on Twitter about this and the salient point he gives is that you are not really given Fourth Amendment privileges here and that the contract you sign when you rent the space allows for these actions. What’s even more salient is that it is likely in the small print you are signing off to!

 

 

 

 

The gist here is as I said, you cannot rely on the Fourth Amendment here and that they have the legal right to do what they did. It’s sucky, but it is the law and you have to abide by it or not stay in their casino. Now, given what happened last year with the mass shooting, and that the Mandalay Bay is in fact suing the victims of the attack as a pre-emptive strike on law suits against them for allowing this to happen, you kinda see what the situation is right? The casino’s are covering their asses and using the law to do so. In a case where you, the snowflake hacker who wants to act all furtive and hide shit all week denying access to the room “because reasons” does not exactly engender the right tone to make the Casino think you are just a snuggy bear and not going to potentially do something like a mass shooting right? Think about it, how many of you all went out there and put the DND sign all week? If you were in the hotel security shoes and have to profile your guests now because of a mass shooting terrorist incident how would it look to you as a security professional?

Hotels are soft targets and as that goes they have to tread the line between security and ease of access and fun. In the case of attacks like that which was carried out at Mandalay Bay, you have to realize that the “Soft Targets” are the hardest to secure from a security perspective. Fuck, come on you guys YOU ARE SUPPOSED TO BE SECURITY PROFESSIONALS RIGHT? You should get this if anyone ever could! Yes, it is shitty for them to just be walking in on people but once again, they have the right to do so just as you have the right to not stay at their brand anymore. However, what if you denied them access by adding your own layer of security to stop them from at least walking in on you?

Say you are at the hotel and you know they can do this, or in fact anyone else with a modicum of technological know how, ya know, like HACKERS, who can pick locks and bypass PROX CARDS! What do you do in a situation like that to protect yourselves? Well, you could start by getting a simple door stop or a door stop with an alarm right? For all the women who were walking in on and scared, this technology might have made some difference in the threat right? It would have stopped the door from being opened and given you warning that something was happening. These tools would give you the ability to enhance your personal security AND allow you to call the front desk in the knowledge that unless they have a battering ram they are not going to get into the room quickly and you can make the call.

It’s my suggestion you spend the money and use them…

For a bunch of people who claim to be security professionals including and up to physical security you all seem kinda snow-flake like to me of late. Either don’t use their hotels anymore or assess the situation and adjust accordingly. For fucks sake people! I have said it before and I will repeat myself now, you are now targets of not only hotel searches because you seem scary but also because YOU ARE TARGETS OF NATION STATES BECAUSE YOU ARE AN ASSET!! How long till you finally figure this out? Hotel sneak and peeks by nation state actors including our own are NOTHING NEW! It’s just that now you are the targets as well because you now work in a space where you can and will be targeted.

Wake up.

K.

 

UPDATE: Dave Cochran makes a reasonable point about the dickishness level of the no knock on the people involved here. Yes, it is dickish, but, it is still not against the law per the cited text here. So, yeah, you don’t like it you can go elsewhere or you can try to get the hotels to not be dicks about it.

See what works.

Written by Krypt3ia

2018/08/14 at 14:13

Posted in DEFCON

QAnon and Qclearancearchive: Another False Flag Influence Campaign by Russia?

leave a comment »

Recently the bowels of 4chan erupted with an ongoing thread’s dire warnings from an anonymous poster named “Q” into the real world. The posts, consisting of word jumbles and conspiracy wet dreams began to take on a new life in the real world at protests over Trump, MAGA, and the fight against all that is sane. I had looked at the original posts on Reddit in 2017 when they started and just shrugged it off as just another conspiracy hoax cum disinformation campaign by person’s unknown. How it would become an issue today just before the mid-term elections few could have conceived.

As you can see the posts are little more than bad haiku but, the conspiracy nuts on Reddit and 4chan and now a couple other aggregation sites (more on that later) have been busily using their cognitive dissonance to make crazy connections from these posts to a globalist conspiracy the likes of which even Alex Jones could not come up with himself! Basically the stories all lead to an overarching New World Order conspiracy that has everything, Illuminati, NWO, Soros, Pizzagate, and other crazy ideas all wrapped up in a bow being spoon fed crumbs about by someone allegedly inside the government with what is known as a “Q” clearance (DOE clearance) Of course Q cannot give just a straight narrative or a drop of classified data, no, it has to be this whack haiku as you see above.

I have tried to read more of this than a few pages but literally I started to go insane from reading this drivel, so I moved on to reading the output from a QAnon conspiracy site that archives and “makes sense” for the lay reader all the juicy secret conspiracies that are in the Q “archives” and man, it is full of cognitive bias, mental illness, and fantasy. I will not make you read it all here but if you do want to look for yourselves you can check the links at the bottom I will gift you all with. More interestingly though, I wanted to cover the movement as it stands today and to show you some of the information I was able to wrest from the archive site itself. The data that I got actually show’s real names of people involved (well, real I guess) that perhaps can be drilled down on some more later on.

Seen above are just some of the crazy ideas these people have about hidden codes in Q posts as well as the interaction of Trump on his Twitter feed. It seems these idiots believe that “Q” is in contact with Trump over Twitter and they are working together to destroy the globalist NWO conspiracy of lizard people ruling the world!

I shit you not.

So yeah, it’s a fair bit insane so please medicate if you plan on wading any further into the nutbaggery. However, I want to direct you to the site that this stuff came from and in particular the guy(s) who created it and are running it. At the top of this post you can see the image of a Twitter account for a “Iambecauseweare” which it turns out is the owner/operator (self proclaimed) of the irc.qclearancearchive.net a clearinghouse of all things Q and a primer of sorts for those who want to know the great truth and get involved.

This site is a font of Q information but, when you start to look under the hood, then you can see that there are some interesting threads to tug on. The site has a lot of information but what I was more interested in was that they have a penchant for creating pdf’s for the masses to conveniently download. Using Foca, I aggregated all the pdf’s and then ripped out all their metadata to see who was creating these things.

Out of about 200 pdf’s I have come up with 8 user names in the metadata. In this group one of them is a known conspiracy author (William Milton Cooper) but the others are all unknown people to me. Four of the accounts are just short names and no help but the other two, Mark C. Duncan and Martin Jr. Donald, seem to be legit names on the face of it. Now since they were all pdf’s there was not as much rich metadata as there would have been had they been Word files but at the very least we have some names to work with here.

The domain qclearancearchive.net was registered 225 days ago and done so anonymously, and with GDPR now, you get fuck all when you are trying to do OSINT on these kinds of things (thanks EU) so I am gonna have to rely on these names and some digging to get anywhere else. I started some cursory searches on these names and did not find much in the way of data. A second pass has yielded some information on Mark C. Duncan;

This Mark C. Duncan has two reviews in his Amazon list for books on conspiracy theories. One on the Mason’s and the other on Alien abductions. Well, this could very well be the guy but I have yet to get much else on him which makes me want to keep searching and I will. The other name that came out of the metadata was “Martin Jr. Donald” which is an interesting way to put that in your system’s metadata. I am going to assume that the name is Donald Martin Jr. and a search of this name is just as obtuse. The hits that come up first for this name are all about a 400lb guy in Ohio that asphyxiated his nephew by sitting on him…

Which, yeah, anything is possible here. I see no other digital bread crumbs (snerk look it up in the archives) to go on with this. So I am kinda at a dead end here unless they make some more mistakes. However, I would like to direct you to the language of the posts and pdf’s. Either these people are the most illiterate of sorts, or, English is not their first language.

All in all this is a nightmare to read and I would not recommend anyone do so. However, given recent events in Ohio and other places where QAnon’s have started showing up (including Trump rallies) I would suggest that we pay a little more attention to this movement. I suspect that at the very least this is yet another Russian active measure that is at best supported by the GRU and at worst, run by the GRU. Given that the movement has self realized and is now in the real world, I would think that if the GRU wasn’t already supporting or running this campaign, they soon will be as well.

I will leave you with the links here and move on from here. I will take a peek at their site intermittently to see if they leak anything else. There was no Cyrillic this time in the data, no keyboard layout, no language packs. Just some names that could be crazies in the states here who are just acting out because Trump has given them the air they need to do so. At worst though, here we go again with the active measures just before the mid terms.

Kinda convenient though huh?

K.

https://8ch.net/qresearch/index.html

https://8ch.net/qresearch/welcome.html

https://8ch.net/qresearch/archive/index.html

Q_s_posts_-_CBTS_-_7.2.0

UPDATE:

It seems that some are buying into the coincidences that QAnon may be a new take on another Q, a book called Q by “Luther Bisset” a nome de plume for a couple authors of this Italian novel

Screenshot from 2018-08-06 16-39-05

While this is a close comparison I am doubtful that this is a giant prank against the Alt-right/Nazi/Trumpistanians. If it is in fact a prank, it has now gone way past that into action and terrible possible repercussions. The fact that these idiots are now showing up in the Trump Nuremberg rallies and elsewhere, and that he has tacitly accepted it all to his repertoire should scare the alleged pranksters greatly.

After looking into this whole debacle I have to say that this story doesn’t quite wash for me. This whole story isn’t just all about boomers to start. How many boomers are on fucking reddit? Fuck, for that matter how many are out there actively on 8chan or 4chan?

COME ON!

Nope, this is something else. Maybe, if it was a prank, it took on a life of it’s own but if Q is still posting, then these guys are about to get into a world of pain as I am sure now the federal authorities are interested in this because it has become a real world issue. Even if it was a prank to start, it may also be that the Russians decided to take this on and amplify this to their own ends. The whole dialog is very Trumpian and adds to the chaos.

Meh.

You guys decide for yourselves.

K.

Written by Krypt3ia

2018/08/05 at 15:34

Maria Butina: The Knockoff Anna Chapman

leave a comment »

AGENT OF INFLUENCE:

The arrest of Maria Butina, the poor man’s Anna Chapman has opened a whole new avenue of investigation by the amateur spy hunters as well as the professionals this week. As it turns out, Maria had been under surveillance for a while and a known quantity to the FBI/DOJ as well for some time. Butina was even in the news cycles back in 2016 attached in stories to Alexander Torshin, a Russian Oligarch cum Bratva/Mobster with ties to the FSB and to Putin. This however did not make her a household name and in effect many people in the media were caught off guard I think when the feds arrested her and presented the affidavit in court on her FARA violations and flight risk potential.

Butina had been a fixture in 2015-2016 with the NRA circles and in fact it seems that she and Torshin had been a part of a plot to funnel money to the NRA as well as attempt to garner access to the Trump campaign/admin as well as others in the Republican party vis a vis entree from the NRA itself and a certain person 1, in the affidavit. Person one turns out to be Paul Erickson, an alleged master of the political universe in his own mind. He and Butina had been living together and it has become clear that it was a task that Butina felt she had to carry out to complete her mission per conversations the feds have picked up during their surveillance of her.

It seems that Butina, and Torshin with the help of Erickson and one other person yet unnamed, were able to potentially funnel money through the NRA to the Trump campaign and to the tune of 30 million dollars. With this access and her machinations to meet and greet as many players as possible (a list was provided by Erickson it seems to hit up with his direction) they would also have access and influence over CPAC, the conservative political action group as well. With this kind of access it seems that perhaps, with more information to come to confirm this, Russia had an access and influence campaign that changed the Republican platforms stance on Russia to be more along the lines of what Trump is evincing today.

Poor Man’s Anna Chapman:

After all the information started coming out post the affidavit’s publication online it then became an interesting rabbit hole to go down and see just how this operation was carried out and with what skill. After looking at things myself I am going to say here that I do not believe this was a well thought out operation that was being run by the likes of the SVR nor the FSB. I think that this was a condoned and “let’s see what happens” kind of operation that was a sideshow to the main events of the influence operations by the GRU and SVR that we are all dealing with today. I say this for a few reasons;

1) Torshin is connected to the FSB but he is not FSB: He in fact likely is an asset of the FSB much like some mobsters have been to the CIA in the past.

2) Torshin and Butina’s utter lack of OPSEC leaves me to believe that this was not a managed operation by the FSB/SVR/GRU because plainly it was so inept

3) Butina seems to be a clean skin (i.e. no history as an operative) but does have a backstop story of being a Russian business owner. She isn’t really a classic kind of “illegal” because she did not have a cover identity and paperwork like the illegals busted back in 2010 who were actually trained in tradecraft and sent here undercover.

In fact the absolutely poor OPSEC with which these two carried out communications online and off is a sign to me that there were no official handlers to the operation. If there were then they were negligent to the point of idiocy. There is even an amusing exchange between Butina and Torshin about being on a phone call and it being insecure where Butina recommends using WhatsApp but it is not clear if Torshin could handle using it and that they went silent so to speak. It seems overall that they did not and the feds have quite a bit of material on them both.

Add to this the fact that they carried a lot of these conversations in email and on facebook and Twitter and you can see a clear pattern of lack of tradecraft as opposed to what we have all seen come out of the indictments recently of the GRU operation against the DCCC and DNC as well as the disinformation operations. So once again I am gonna call it as amateur hour with a side of Anna Chapman Sparrow wannabe syndrome. This can also be reinforced with Torshin’s comments on how Butina is like and or had surpassed Anna in her operations.

A Noisy Operation:

What Maria Butina lacked in tradecraft, she easily made up for in ability to entice 54 year olds like Erickson with sex and access though. It seems that she played on this quite a bit and thought of herself as the next Anna super spy given all these photos she had taken by Oleg Volk, a photographer with a gun fetish in Tennessee. Her portfolio there is all guns all the time and since she was playing the part of a Russian NRA right to bear arms supporter it all fit the greater theme. However, even with her sex appeal and her playfulness, she managed to not be overly subtle either and her connections to Torshin were pretty clear. The media and certain people in the government noticed and asked for her to be investigated as well as her connections to the NRA.

As you can see from the text here she was a known quantity but all of these people around her did nothing to report her. They all just went along with the money and the possible access to her and Russia via Torshin. It really amazes me how people can just eschew all ethics and morals when large sums of money are being handed to them in order to further their own cause. As for the Republicans and the access there, like I said above I believe there is much more yet to come on her connections to individuals and the movements of money from them to NRA to Trump. I look forward to more of this coming out and in fact a little teaser yesterday was that a new player showed up at court for Butina’s hearing on being a flight risk.

That new player is a prosecutor who’s specialty is with trials concerning espionage. It turns out that though she has been arrested on FARA issues, she may in fact be later charged with espionage given that this prosecutor has shown up. It is also interesting that during the hearing there were two guys from the Russian consulate there and the reason that Butina was remanded without bail was the concern that she had packed all her things, moved money overseas, and that the consulate folks looked like they were planning an exfil if she was let go.

Giggity.

Players Yet To Be Named:

I also have to wonder who Person 2 is as well as others out there who had connections and or friendships with Butina. They all must be shitting bricks right about now I would think. One of those people mentioned in the articles I got in my OSINT searches was Cleta Mitchell. I looked her up and wouldn’t you know it, she is involved on the International Foundation for Electoral Systems board as well as seems to have raised the alarm about Russia, the NRA, and money and access being funneled from it to Trump.

I guess she saw it all up close and personal…

I wonder when we will have some more names added to the list and perhaps some indictments or at the least subpoena’s served on this matter. Overall though, this case could be a lynch pin for the Mueller investigation in a couple of ways. Certainly there is the money angle, and Mueller is following the money most certainly. The players here could end up helping the investigation for immunity as well. However, the big thing for me is that in this net of collusion and money, we may see even more republicans touched by this case. It seems pretty clear that the Republicans changed their attitudes toward Russia after the money spigot opened and perhaps this NRA money funnel and perhaps to CPAC will crack open and give us some answers on why people like Nunes and Gowdy for instance, are so available to subverting the constitution in favor of Trump and Russia.

Perhaps they are trying to hide their guilt because, gee, there’s kompromat on them as well.

Maybe some pics of Butina, guns, and naked senators somewhere…

K.

Written by Krypt3ia

2018/07/19 at 19:06