It has been a running theme lately that the U.S. government blaming Russia for the DNC/Podesta leaks is an attempt at deflection and is false. In the past few days, however, some very interesting pieces of information have come out from three different well-respected cybersecurity companies tasked with investigating the leaks or the groups behind these leaks. These companies are CrowsdStrike, Symantec, and SecureWorks. I think it is important that we cast away the media's non-technical analyses and go straight to the source.
The founder of CrowdStrike is a Russian-American and his company has been tasked with investigating the DNC/Podesta leaks. He blames Mother Russia. Relevant excerpts:
At six o'clock on the morning of May 6, Dmitri Alperovitch woke up in a Los Angeles hotel to an alarming email. Alperovitch is the thirty-six-year-old cofounder of the cybersecurity firm CrowdStrike, and late the previous night, his company had been asked by the Democratic National Committee to investigate a possible breach of its network. A CrowdStrike security expert had sent the DNC a proprietary software package, called Falcon, that monitors the networks of its clients in real time. Falcon "lit up," the email said, within ten seconds of being installed at the DNC: Russia was in the network.
Alperovitch, a slight man with a sharp, quick demeanor, called the analyst who had emailed the report. "Are we sure it's Russia?" he asked.
The analyst said there was no doubt. Falcon had detected malicious software, or malware, that was stealing data and sending it to the same servers that had been used in a 2015 attack on the German Bundestag. The code and techniques used against the DNC resembled those from earlier attacks on the White House and the State Department. The analyst, a former intelligence officer, told Alperovitch that Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike's experts believed was affiliated with the FSB, Russia's answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence.
Alperovitch then called Shawn Henry, a tall, bald fifty-four-year-old former executive assistant director at the FBI who is now CrowdStrike's president of services. Henry led a forensics team that retraced the hackers' steps and pieced together the pathology of the breach. Over the next two weeks, they learned that Cozy Bear had been stealing emails from the DNC for more than a year. Fancy Bear, on the other hand, had been in the network for only a few weeks. Its target was the DNC research department, specifically the material that the committee was compiling on Donald Trump and other Republicans. Meanwhile, a CrowdStrike group called the Overwatch team used Falcon to monitor the hackers, a process known as shoulder-surfing.
Ultimately, the teams decided it was necessary to replace the software on every computer at the DNC. Until the network was clean, secrecy was vital. On the afternoon of Friday, June 10, all DNC employees were instructed to leave their laptops in the office. Alperovitch told me that a few people worried that Hillary Clinton, the presumptive Democratic nominee, was clearing house. "Those poor people thought they were getting fired," he says.
For the next two days, three CrowdStrike employees worked inside DNC headquarters, replacing the software and setting up new login credentials using what Alperovitch considers to be the most secure means of choosing a password: flipping through the dictionary at random. (After this article was posted online, Alperovitch noted that the passwords included random characters in addition to the words.) The Overwatch team kept an eye on Falcon to ensure there were no new intrusions. On Sunday night, once the operation was complete, Alperovitch took his team to celebrate at the Brazilian steakhouse Fogo de Chão.
Aperovitch's June 14 blog post garnered so much media attention that even its ebullient author felt slightly overwhelmed. Inevitably there were questions about the strange names his company had given the Russian hackers. As it happened, "Fancy Bear" and "Cozy Bear" were part of a coding system Alperovitch had created. Animals signified the hackers' country of origin: Russians were bears, Chinese were pandas, Iranians were kittens, and North Koreans were named for the chollima, a mythical winged horse. By company tradition, the analyst who discovers a new hacker gets to choose the first part of the nickname. Cozy Bear got its nickname because the letters coz appeared in its malware code. Fancy Bear, meanwhile, used malware that included the word Sofacy, which reminded the analyst who found it of the Iggy Azalea song "Fancy."
The day after the media maelstrom, the reporters were back with less friendly questions: Had Alperovitch gotten his facts right? Was he certain Russia was behind the DNC hacks? The doubts were prompted by the appearance of a blogger claiming to be from Eastern Europe who called himself Guccifer 2.0. Guccifer said that the breach was his, not Russia's. "DNC'S servers hacked by a lone hacker," he wrote in a blog post that included stolen files from the DNC. "I guess CrowdStrike customers should think twice about company's competence," Guccifer wrote. "Fuck CrowdStrike!!!!!!!!!"
an incorrect attribution in public. "Did we miss something?" he asked CrowdStrike's forensics team. Henry and his staff went back over the evidence, all of which supported their original conclusion.
Alperovitch had also never seen someone claim to be the only intruder on a site. "No hacker goes into the network and does a full forensic investigation," he told me. Being called out, he said, was "very shocking. It was clearly an attack on us as well as on the DNC."
Alperovitch initially thought that the leaks were standard espionage and that Guccifer's attacks on CrowdStrike were just a noisy reaction to being busted. "I thought, Okay, they got really upset that they were caught," he said. But after documents from the DNC continued to leak, Alperovitch decided the situation was far worse than that. He concluded that the Russians wanted to use the leaked files to manipulate U. S. voters—a first. "It hit me that, holy crap, this is an influence operation. They're actually trying to inject themselves into the election," he said. "I believe that we may very well wake up on the morning the day after the election and find statements from Russian adversaries saying, 'Do not trust the result.' "
Days later, Alperovitch got a call from a Reuters reporter asking whether the Democratic Congressional Campaign Committee had been hacked. CrowdStrike had, in fact, been working on a breach at the DCCC; once again, Alperovitch believed that Russia was responsible. Now, however, he suspected that only Fancy Bear was involved. A lawyer for the DCCC gave Alperovitch permission to confirm the leak and to name Russia as the suspected author.
Two weeks later, files from the DCCC began to appear on Guccifer 2.0's website. This time he released information about Democratic congressional candidates who were running close races in Florida, Ohio, Illinois, and Pennsylvania. On August 12, he went further, publishing a spreadsheet that included the personal email addresses and phone numbers of nearly two hundred Democratic members of Congress.
Alperovitch's friends in government told him privately that an official attribution so close to the election would look political. If the government named Russia, it would be accused of carrying water for Hillary Clinton. The explanations upset Alperovitch. The silence of the American government began to feel both familiar and dangerous. "It doesn't help us if two years from now someone gets indicted," he said. After Michelle Obama's passport was published online, on September 22, Alperovitch threw up his hands in exasperation. "That is Putin giving us the finger," he told me.
Source: The Russian Expat Leading the Fight to Protect America
The guy responsible for ousting Stuxnet as being an American/Israeli cyberworm (no friend of the U.S. government/establishment) also says that his company, Symantec, has found that Russia was responsible for the leaks:
It is pretty clear judging by the indicators of compromise [IOCs]. The binaries that were used to hack the DNC as well as Podesta’s email as well as some other Democratic campaign folks, those IOCs match binaries and also infrastructure that was used in attacks that were previously recorded by others as having Russian origin. That much we can confirm. So if you believe other people’s—primarily government’s—attribution that those previous attacks were Russian, then these attacks are definitely connected. We’re talking about the same binaries, the same tools, the same infrastructure.
We’ve analyzed the tools, the binaries, and the infrastructure that was used in the attack, and from that we can confirm that it’s connected to a group that has two names. One is Sofacy, or “Cozy Bear,” and The Dukes, which is also known as “Fancy Bear.” From the binary analysis point of view, I can tell you that the activities of these attackers have been during Russian working hours, either centered on UTC+3 or UTC+4; they don’t work Russian holidays; they work Monday to Friday; there are language identifiers inside that are Russian; when you look at all the victim profiles they would be in interest to the Russian nation-state. So all of that stuff fits the profile. Now, could all those things be false flags? Sure. Other government entities obviously have come out and said it is the Russian state, and the binary forensics would definitely match that.
There was another attack that happened in the Ukraine. So in December, in the Ukraine, all the power went out to about 260,000 households, or customers. They basically infiltrated the power company, got access to the machines that controlled the power, they flipped the computer switches off and shut down the power, and then they began to wipe all the machines and devices—overriding the hard drives and trashing the machines so that they couldn’t be started up again, or so that the switches couldn’t come on again. Ukrainians were able to get power back after six hours by switching to manual mode. They went off their computer monitor mode and physically flipped the switches to bring the power back up. What’s interesting about that case is the fact that they were more behind technologically actually helped them. Something very similar could easily happen in the U.S. and we’re much more beholden to computing infrastructure here, so our ability to switch to manual mode here would be much more difficult.
Is there linkage between the DNC and Podesta hacks and the 2014 State Department hacks that were also believed to be carried out by Russia? Yeah, these are being conducted by the same groups. We know that from the IOCs—by looking at the tools they use and the infrastructure they use.
Many of these attacks were happening prior to the nomination of Trump. Based on that theory, people believe that there was a general plan for disruption, and it may be the case now that the easiest and best way to do so is in the manner you speak, but these attacks did not just start happening post-Trump’s nomination. So in that sense, there is a feeling that it’s not a very Trump-specific activity versus an election disruption activity. This is the easiest way for them to disrupt the election.
Source: Cybersecurity Expert: Proof Russia Behind DNC, Podesta Hacks
Another cybersecurity company, SecureWorks, has published some interesting blogposts about all this:
In mid-2015, CTU researchers discovered TG-4127 using the accoounts-google . com domain in spearphishing attacks targeting Google Account users. The domain was used in a phishing URL submitted to Phishtank, a website that allows users to report phishing links (see Figure 1).
Figure 1. Example of accoounts-google . com used in a phishing URL.
Recipients who clicked the link were presented with a fake Google Account login page (see Figure 2). The threat actors could use entered credentials to access the contents of the associated Gmail account.
Figure 2. Fake Google Account login page.
Encoded target details
Analysis of the phishing URL revealed that it includes two Base64-encoded values (see Figure 3). The decoded Base64 values (see Table 1) match the Gmail account and its associated Google Account username. If a target clicks the phishing link, the username field of the displayed fake Google Account login page is prepopulated with the individual’s email address.
Figure 3. Spearphishing URL.
Table 1. Decoded Base64 values from the phishing URL used by TG-4127.
Use of the Bitly URL-shortening service
A Bitly URL was uploaded to Phishtank at almost the same time as the original spearphishing URL (see Figure 4).
Figure 4. Bitly phishing URL submitted at same time as accoounts-google . com phishing URL.
Using a tool on Bitly’s website, CTU researchers determined that the Bitly URL redirected to the original phishing URL (see Figure 5). Analysis of activity associated with the Bitly account used to create the shortened URL revealed that it had been used to create more than 3,000 shortened links used to target more than 1,800 Google Accounts.
Figure 5. Link-shortener page for bit.ly/1PXQ8zP that reveals the full URL.
CTU researchers analyzed the Google Accounts targeted by TG-4127 to gain insight about the targets and the threat group’s intent.
Focus on Russia and former Soviet states
Most of the targeted accounts are linked to intelligence gathering or information control within Russia or former Soviet states. The majority of the activity appears to focus on Russia’s military involvement in eastern Ukraine; for example, the email address targeted by the most phishing attempts (nine) was linked to a spokesperson for the Ukrainian prime minister. Other targets included individuals in political, military, and diplomatic positions in former Soviet states, as well as journalists, human rights organizations, and regional advocacy groups in Russia.
Other targets worldwide
Analysis of targeted individuals outside of Russia and the former Soviet states revealed that they work in a wide range of industry verticals (see Figure 6). The groups can be divided into two broad categories:
TG-4127 likely targeted the groups in the first category because they criticized Russia. The groups in the second category may have information useful to the Russian government.
- Authors, journalists, NGOs, and political activists (36%)
- Government personnel, military personnel, government supply chain, and aerospace researchers (64%)
Figure 6. TG-4127 targeting outside of Russia and former Soviet states.
Authors and journalists
More than half (53%) of the targeted authors and journalists are Russia or Ukraine subject matter experts (see Figure 7). It is likely that the Russian state has an interest in how it is portrayed in the media. U.S.-based military spouses who wrote online content about the military and military families were also targeted. The threat actors may have been attempting to learn about broader military issues in the U.S., or gain operational insight into the military activity of the target’s spouse.
Figure 7. Subject matter expertise of authors and journalists targeted by TG-4127.
Government supply chain
CTU researchers identified individuals who were likely targeted due to their position within the supply chain of organizations of interest to TG-4127 (e.g., defense and government networks). Figure 8 shows the distribution by category. The targets included a systems engineer working on a military simulation tool, a consultant specializing in unmanned aerial systems, an IT security consultant working for NATO, and a director of federal sales for the security arm of a multinational technology company. The threat actors likely aimed to exploit the individuals’ access to and knowledge of government clients’ information.
Figure 8. Categories of supply chain targets.
Government / military personnel
TG-4127 likely targeted current and former military and government personnel for potential operational insight gained from access to their personal communications. Most of the activity focused on individuals based in the U.S. or working in NATO-linked roles (see Figure 9).
Figure 9. Nation or organization of government/military targets.
TG-4127 targeted high-profile Syrian rebel leaders, including a leader of the Syrian National Coalition. Russian forces have supported Syrian President Bashar al-Assad’s regime since September 2015, so it is likely the threat actors are seeking to gain intelligence on rebel forces to assist Russian and Assad regime military operations.
Success of the phishing campaign
CTU researchers analyzed 4,396 phishing URLs sent to 1,881 Google Accounts between March and September, 2015. More than half (59%) of the URLs were accessed, suggesting that the recipients at least opened the phishing page. From the available data, it is not possible to determine how many of those Google Accounts were compromised. Most of the targeted accounts received multiple phishing attempts, which may indicate that previous attempts had been unsuccessful. However, 35% of accounts that accessed the malicious link were not subject to additional attempts, possibly indicating that the compromise was successful.
Of the accounts targeted once, CTU researchers determined that 60% of the recipients clicked the malicious Bitly. Of the accounts that were targeted more than once, 57% of the recipients clicked the malicious link in the repeated attempts. These results likely encourage threat actors to make additional attempts if the initial phishing email is unsuccessful.
Source: Threat Group-4127 Targets Google Accounts
Here's another article by SecureWorks:
The short links in the spearphishing emails redirected victims to a TG-4127-controlled URL that spoofed a legitimate Google domain. A Base64-encoded string containing the victim's full email address is passed with this URL, prepopulating a fake Google login page displayed to the victim. If a victim enters their credentials, TG-4127 can establish a session with Google and access the victim's account. The threat actors may be able to keep this session alive and maintain persistent access.
Hillary for America
TG-4127 exploited the Hillary for America campaign's use of Gmail and leveraged campaign employees' expectation of the standard Gmail login page to access their email account. When presented with TG-4127's spoofed login page (see Figure 1), victims might be convinced it was the legitimate login page for their hillaryclinton.com email account.
Figure 1. Example of a TG-4127 fake Google Account login page.
CTU researchers observed the first short links targeting hillaryclinton.com email addresses being created in mid-March 2016; the last link was created in mid-May. During this period, TG-4127 created 213 short links targeting 108 email addresses on the hillaryclinton.com domain. Through open-source research, CTU researchers identified the owners of 66 of the targeted email addresses. There was no open-source footprint for the remaining 42 addresses, suggesting that TG-4127 acquired them from another source, possibly other intelligence activity.
The identified email owners held a wide range of responsibilities within the Hillary for America campaign, extending from senior figures to junior employees and the group mailboxes for various regional offices. Targeted senior figures managed communications and media affairs, policy, speech writing, finance, and travel, while junior figures arranged schedules and travel for Hillary Clinton's campaign trail. Targets held the following titles:
Publicly available Bitly data reveals how many of the short links were clicked, likely by a victim opening a spearphishing email and clicking the link to the fake Gmail login page. Only 20 of the 213 short links have been clicked as of this publication. Eleven of the links were clicked once, four were clicked twice, two were clicked three times, and two were clicked four times.
- National political director
- Finance director
- Director of strategic communications
- Director of scheduling
- Director of travel
- Traveling press secretary
- Travel coordinator
Democratic National Committee
CTU researchers do not have evidence that these spearphishing emails are connected to the DNC network compromise that was revealed on June 14. However, a coincidence seems unlikely, and CTU researchers suspect that TG-4127 used the spearphishing emails or similar techniques to gain an initial foothold in the DNC network.
Personal email accounts
CTU researchers identified TG-4127 targeting 26 personal gmail.com accounts belonging to individuals linked to the Hillary for America campaign, the DNC, or other aspects of U.S. national politics. Five of the individuals also had a hillaryclinton.com email account that was targeted by TG-4127. Many of these individuals held communications, media, finance, or policy roles. They include the director of speechwriting for Hillary for America and the deputy director office of the chair at the DNC. TG-4127 created 150 short links targeting this group. As of this publication, 40 of the links have been clicked at least once.
Related activity and implications
Although the 2015 campaign did not focus on individuals associated with U.S. politics, open-source evidence suggests that TG-4127 targeted individuals connected to the U.S. White House in early 2015. The threat group also reportedly targeted the German parliament and German Chancellor Angela Merkel's Christian Democratic Union party. CTU researchers have not observed TG-4127 use this technique (using Bitly short links) to target the U.S. Republican party or the other U.S. presidential candidates whose campaigns were active between mid-March and mid-May.
Source: Threat Group-4127 Targets Hillary Clinton Presidential Campaign
Read these two articles for more context: How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts How Russia Pulled Off the Biggest Election Hack in U.S. History
Guccifer2.0, The Shadow Brokers, and DCLeaks, who have all leaked U.S. documents/cyberweapons, love talking about the "U.S. elite" and "corruption" in America, along with saying "the elections are rigged." I wonder why these people suddenly became so interested in the U.S. election?
Regardless, we know from the Bit.ly victim profiles that Podesta, the DNC, Ukrainian/Russian journalists, Bellingcat and other enemies of Russia were targeted by these groups. This also means that those targeted by DCLeaks and Guccifer2.0 were the same people, and that the aforementioned entities are actually one.
Why would they lie about being separate groups?
Lastly, I have gone through all the public statements made by these groups, by going through their TwitteTumblMedium/WordPress/web posts. Here are some of the comments made by DCLeaks, Guccifer2.0 and The Shadow Brokers. Tell me if you notice a common theme: DCLeaks
Known for hacking the emails of former Secretary of State Colin Powell and former NATO General Breedlove, as well as Soros' OSF intranet documents.
George Soros is a Hungarian-American business magnate, investor, philanthropist, political activist and author who is of Hungarian-Jewish ancestry and holds dual citizenship. He drives more than 50 global and regional programs and foundations. Soros is named an architect and a sponsor of almost every revolution and coup around the world for the last 25 years. The USA is thought to be a vampire due to him and his puppets, not a lighthouse of freedom and democracy. His minions spill blood of millions and millions of people just to make him even more rich. Soros is an oligarch sponsoring the Democratic party, Hillary Clinton, hundreds of politicians all over the world. This website is designed to let everyone inside George Soros’ Open Society Foundation and related organisations. We present you the workplans, strategies, priorities and other activities of Soros. These documents shed light on one of the most influential network operating worldwide.
Welcome another cog in the U.S. political and military machine. CAPT Pistole's emails released
documents reveal the billionaire’s attempt to organize a “national movement” to create a federalized police force.
Looks like Clinton's staff doesn't care about security.Wonder from whom did they learn it..
FBI hq is a great place for club meeting especially when Clinton is under investigation
A further look at their Twitter account reveals that they mostly re-tweet WikiLeaks/RT/PressTV, hate Clinton, like Trump, love talking about the email scandal, post conspiracy theories about Mark Zuckerberg, exclusively target Russia's enemies (like former NATO General Breedlove, Soros, Colin Powell, etc,.), defend Russia from being attacked, and have a penchant for focusing on news portraying the U.S. elections/debates as "rigged":
Check the private correspondence between Philip Breedlove and Harlan Ullman
Check restricted documents of George Soros’ Open Society Foundation
Check restricted documents leaked from Hillary Clinton's presidential campaign staff
Emails show Obama saw US involvement in Russia talks as a 'threat'
'Gen. plotted against Obama on Russia'
Check George Soros's OSF plans to counter Russian policy and traditional values
Check Soros internal files
A New McCarthyism: @ggreenwald on Clinton Camp's Attempts to Link @wikileaks, Trump & @DrJillStein to Russia
Source: https://twitter.com/dcleaks_ Guccifer 2.0
Known for hacking the DNC and DCCC.
Together we’ll be able to throw off the political elite, the rich clans that exploit the world!
Fuck the lies and conspirators like DNC!!!
Who inspires me? Not the guys like Rambo or Terminator or any other like them. The world has changed. Assange, Snowden, and Manning are the heroes of the computer age. They struggle for truth and justice; they struggle to make our world better, more honest and clear. People like them make us hope for tomorrow. They are the modern heroes, they make history right now.
Marcel Lazar is another hero of mine. He inspired me and showed me the way. He proved that even the powers that be have weak points.
Anyway it seems that IT-companies and special services can’t realize that people like me act just following their ideas but not for money. They missed the bus with Assange and Snowden, they are not ready to live in the modern world. They are not ready to meet people who are smart and brave, who are eager to fight for their ideals, who can sacrifice themselves for the better future. Working for a boss makes them slow I suppose. Do you need more proof?
don’t want to disappoint anyone, but none of the candidates has my sympathies. Each of them has skeletons in the closet and I think people have a right to know the truth about the politicians.
As for me, I see great differences between Hillary Clinton and Donald Trump. Hillary seems so much false to me, she got all her money from political activities and lobbying, she is a slave of moguls, she is bought and sold. She never had to work hard and never risked everything she had. Her words don’t meet her actions. And her collusion with the DNC turned the primaries into farce.
Opposite to her, Donald Trump has earned his money himself. And at least he is sincere in what he says. His position is straight and clear.
Anyway that doesn’t mean that I support him. I’m totally against his ideas about closing borders and deportation policy. It’s a nonsense, absolute bullshit.
I have nothing to say about Bernie Sanders. It seems he never had a chance to win the nomination as the Democratic Party itself stood against him!
Here are the DCCC docs on Florida: reports, memos, briefings, dossiers, etc. You can have a look at who you are going to elect now. It may seem the congressional primaries are also becoming a farce.
As you can see, the private server of the Clinton clan contains docs and donors lists of the Democratic committees, PACs, etc. Does it surprise you?
It looks like big banks and corporations agreed to donate to the Democrats a certain percentage of the allocated TARP funds.
I found out something interesting in emails between DNC employees and Hillary Clinton campaign staff. Democrats prepare a new provocation against Trump. After Trump sent his financial report in May it appeared on DNC servers at once. DNC rushed to analyze it and asked the Jones Mandel company to make an effective investigation. I won’t be surprised if some mainstream media like the New York Times or CNN publish soon Trump’s financial docs. No doubt who could give them.
I’d like to warn you that the Democrats may rig the elections on November 8. This may be possible because of the software installed in the FEC networks by the large IT companies.
As I’ve already said, their software is of poor quality, with many holes and vulnerabilities.
I have registered in the FEC electronic system as an independent election observer; so I will monitor that the elections are held honestly.
I also call on other hackers to join me, monitor the elections from inside and inform the U.S. society about the facts of electoral fraud.
Source: https://guccifer2.wordpress.com Here
he claims that he's the source of WikiLeaks' DNC documents, something that has gone unreported in the media.
He frequently re-tweets WikiLeaks, just like DCLeaks. He re-tweets and follows conspiracy theory outlets like Alex Jones and Roger Stone, just like DCLeaks followed RT and PressTV. Of course, he sprang back to life two days ago, right before Election Day, to complain about "Democrats rigging the election." I thought he didn't favour any political party?
Source: https://twitter.com/GUCCIFER_2 The Shadow Brokers
Known for leaking the NSA's elite hacking entity's, Equation Group's, cyberweapons.
!! Attention Wealthy Elites !!!
We have final message for “Wealthy Elites”. We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?
TheShadowBrokers is having special trick or treat for Amerikanskis tonight. But first questions.
Why is DirtyGrandpa threating CIA cyberwar with Russia? Why not threating with NSA or CyberCommand? CIA is cyber B-Team, yes? Where is cyber A-Team? Maybe threating is not being for external propaganda? Maybe is being for internal propaganda? Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures. But neverminding, hacking DNC is way way most important than EquationGroup losing capabilities. Amerikanskis is not knowing USSA cyber capabilities is being screwed? Where is being “free press”? Is ABC, NBC, CBS, FOX negligent in duties of informing Amerikanskis? Guessing “Free Press” is not being “Free as in free beer” or “Free as in free of government influence?
Let us be speaking regarding corruption. If Peoples#1 is having $1.00 and Peoples#2 is having $1000.00 which peoples is having more money? Which peoples is having more spending power? Voter$1 is giving $1 to politician and Voter$1000 is giving $1000 to politician, which voters is having more political power? Is both voters having equal political power? “one person, one vote”? Politicians, lobbyist, media, even SCOTUS (supreme court) is saying this is being true, money is not corrupting. In binary world, maybe. But world is not being binary, is it? What about peoples#3, VoterUndecided? VoterUndecided is giving no moneys and no votes. Politician is needing money for campaign to buy advertising, positive media stories, advisors, pollsters, operatives to be making VoterUndecided vote for politician. Political fundrasing, now which voter is having more political power? VoterUndecided votes for politician and politician wins. Re-election is coming. Government budget decision is required. Voter$1 is wanting politician to be spending taxes on education for making children into great thinkers, leaders, scientists. Voter$1000 is shareholder of defense & intelligence company is wanting politician spending taxes on spying and war to be making benefit self, for great profit. Political favors, now, which voter is having more political power? Did theshadowbrokers lose Amerikanskis? Amerikanskis is still thinking “one person, one vote”? Money isn’t corrupting elections, politics, govenments?
USSA elections is coming! 60% of Amerikansky never voting. Best scenario is meaning half of remaining red or blue fanatics or 20% of the most fanatical is picking USSA government? A great power. A free country. A good-doer. TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots? The wealthy elites is being weakest during elections and transition of power. Is being why USSA is targeting elections in foreign countries. Don’t beleiving? Remembering Iran elections? Rembering stuxnet? Maybe is not Russia hacking election, maybe is being payback from Iran?
Ok peoples theshadowbrokers is promising you a trick or treating, here it is
Password = payus
This is being equation group pitchimpair (redirector) keys, many missions into your networks is/was coming from these ip addresses. Is being unfortunate no peoples is already owning eqgrp_auction_file. Auction file is having tools for to making connect to these pitchimpairs. Maybe tools no more installed? Maybe is being cleaned up? To peoples is being owner of pitchimpair computers, don’t be looking for files, rootkit will self destruct. Be making cold forensic image. @GCHQ @Belgacom TheShadowBrokers is making special effort not to using foul language, bigotry, or making any funny. Be seeing if NBC, ABC, CBS, FOX is making stories about now? Maybe political hacks is being more important?
How bad do you want it to get? When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!
Again, the usual old spiel of brave hackers fighting "USSA"/"Amerikansky" "corruption". It's gotten quite repetitive by now.
Bizarrely, they began posting Bill Clinton and Lorreta Lynch erotic fan fiction at some point: https://medium.com/@shadowbrokerss/begin-pgp-signed-message-hash-sha1-2a9aa03838a4#.896d0iqpi