How to Become a Millionaire (with Pictures) - wikiHow

The next wave of crypto-speculation is coming and it will be longer and more intense than any before it. 2013 was nothing compared to what's about to happen.

"Hofstadter's Law: It always takes longer than you expect, even when you take into account Hofstadter's Law." (https://en.wikipedia.org/wiki/Hofstadter's_law)
Can you feel that? It feels like a stadium of 200,000 fans, all cheering for the fabled emergence of the legendary artist who's supposed to be performing. Sure, the show is delayed - it's always delayed because there's just too many variables, but stop thinking of the world in such rigid terms. Look at the evidence:
We sit in a position of bewildering adoption:
And the price has bottomed and stabilized for more than a year.
The cries of "gillion dollar bitcoins" have died down and quite frankly now sound a little silly. Meanwhile 'real' financial problems have started plaguing the globe - stock markets all over the world are cracking under the stress of unnatural growth and the lies they were founded on. Every month a new national currency seems to plunge into the abyss. Billionaires are watching as their entire fortunes vaporize into the aether from which they came: http://www.bloomberg.com/news/articles/2015-10-02/china-billionaire-with-canal-dream-confronts-biggest-loss-of-15
Good. How else did you expect it to possibly go down? Do you believe the world will sing songs of friendship as bitcoin pierces the $10k level, and then the $100k level? No. It's going to be a Zapp Brannigan scale catastrophe. And as this current wave of crypto-cooling finally draws to an end, the next titanic swelling of interest won't be laid on top of a chorus of songs about friendship and magic. It will be a cacophony of this face, right here: http://i.imgur.com/4c7nV0O.png
That's the bitcoin face. That's the face of someone who finally realizes that every ounce of 'money' they've ever believed in is all fairy dust and make believe. That's the face of someone who finally understands money for the first time.
Bottom line: Since birth, bitcoin (and all crypto) has undergone a violent series of movements - rocketships and crashes, starting at one cent and culminating at $1200+. With such a new financial universe the early movements were rapid and violent, even though they were comparatively small in the global scheme of things. But as the financial universe of cryptocurrency grows we can expect to see those major movements grow less frequent over time while increasing in real-world intensity. It just looks a little dismal at the moment because our latest (and longest) movement was a downward one from the recent hype peak of late 2013.
Remember that? Everyone was talking about crypto; it was on the news, and random animal based altcoins were popping up everwhere. We went from 20 cryptocurrencies to over 1,000. Bitcoins and crypto were on the tip of everyone's tongue.
Well that's nothing.
When this next wave kicks off (and it will be very soon, possibly sometime next year) you are going to see a big bang of crypto that may just send us soaring right past the tipping point of the entire technology.
My predictions for the next crypto-rush?
And this wave will last a period of years, not months. That's important to remember is that each wave lasts longer than the one before it. So if the next wave begins in 2016 we will likely see it swell upward until 2019 at least before the inevitable retraction begins.
Get your popcorn ready. It's been a quiet couple of years, but that's all about to change radically. And it feels damn good to be here so early with you all.
submitted by americanpegasus to Bitcoin [link] [comments]

Bitcoin Segwit 2x Fork Speculations and Tin Foil Hat Theories.

https://steemit.com/bitcoin/@golden.parazyth/6tz1dz-bitcoin-segwit-2x-fork-speculations-and-tin-foil-hat-theories#
Bitcoin Segwit 2x Fork Speculations and Tin Foil Hat Theories.
This article summarises the current theories of what will happen after the Bitcoin Segwit 2x fork from the most likely and sensible outcomes to currently circulating conspiracy theories. Facts regarding the coming fork (somewhere around the 16th of November) are nicely summarized by the tenmillionsterling , therefore they are not repeated in this article as this is a summary of potential ‘What will happen to the price and bitcoin?’ OPINIONS and by no means it’s a financial advice. For the readers who don’t know what is the coming fork, please follow this link. I would like to stress out one more time that this article is a collection of opinions based on facts, feelings, bias, and pure human idiocy so please use your own critical thinking in making life decisions.
https://steemitimages.com/DQmUQs6f2j8Ee9yuEaehtFyCeGndHGVnuvjN2K89nMof7GY/4140332263_6e88268e80_z.jpg
Terminology. Current Bitcoin (core) is called 1x or core. The updated/forked (Segwit2x)is referred as 2x or B2X. Alts – alternative crypto currencies also widely known as shitcoins. Double spending Replay protection
Theory number 1. No split occurs and life goes on. Probably the best outcome (not necessarily the most likely) is to avoid the blockchain split altogether. In this scenario all miners update the protocol to Segwit2x (or abandon 2x) and Bitcoin does not split. Therefore, the second chain does not occur and Segwit2x protocol gets successfully activated. As a result, there is only one Bitcoin (2X or 1X) and every exchange calls 2x (or 1X) as a Bitcoin, there is no network disruption, no double spending. In this scenario Bitcoin price should continue its uprising trend and altcoins would continue to be suppressed. The likelihood of every miner achieving consensus is moderate. Currently 83% of miners signal for 2x and 33.2 percent signal for 1x coin (reference). It is possible for no split to occur, although I think, there is going to be a split. Theory number 2. Bitcoin splits into 2 coins (1x and 2x). Bitcoin core developers are unlikely to give in and split occurs. Peter Todd (core developer) said Segwit2x is a fraud. As a result all hell breaks loose, a disaster, since there is no replay protection and no consensus of what will be called Bitcoin. Opinion alert! In my humble opinion this is the most likely scenario. First of all, there are no consensus among exchanges and various service providers of what is going to be Bitcoin and what is going to be called B2X as each company want to call Bitcoin with their own names. Table 1 shows summary of what each coin after split is being called, taking into the consideration that B2X will have the most hash.
Table 1
Table 1 shows the decision of crypto service providers regarding the naming of split coins. Bitcoin is going to be called a chain with the majority of hash power and only 1 coin listed. In case B2X is called Bitcoin, it is not clear how the original coin is going to be named. *Opinion alert! I think they name Bitcoin with the most hash power. References: 1) https://bitcoinmagazine.com/articles/b2x-or-not-b2x-how-exchanges-will-list-segwit2x-coin/ 2) http://nob2x.org/ 3) https://cointelegraph.com/news/xapo-on-segwit2x-we-might-not-treat-btc-chain-as-real-bitcoin 4) https://blog.bitpay.com/segwit2x/ 5) Peter Todd calling Segwit2x a fraud
As the table 1 indicates, there is no consensus of what is going to be Bitcoin, the lack of replay protection specifies that spending Bitcoin you will also spend the B2X and vice versa. It will cause madness. For example, if you spend Bitcoin to pay for the game on Steam which effectively will name B2X (Bitpay) as Bitcoin, your money may be lost or transferring BTC from one exchange to the other when the same name Bitcoin is used while indicating 2 different chains! On the other hand, a lot of miners may switch back to support the 1x chain (or they may not). Opinion alert!!! What does this mean and what to do? In this scenario until the consensus is reached (and it will be reached), price of 1x and 2x plummets, while money flows back to dirty, disgusting, filthy fiat and glorious alternative crypto currencies. All major alts should experience the price boom against the Bitcoin and depending how low the Bitcoin drops, possibly against the fiat. I think DASH, LTC, ETH, NEO will be the major gainers. I deliberately left BCH out of this. Depending to the miners support, original Bitcoin will become vulnerable to the double spending attack. High difficulty and low mining profitability may lead to the remaining miners to switch to the most profitable coin (BCH or B2X), in fact potentially exposing 1x and 2x chains to double spending attacks (probably unlikely scenario). All depends on how fast the emergency protocol is released to adjust the difficulty for the Bitcoin Core (1x) chain to avoid exodus of the miners. In case of the double spending attack 1X would loose all the confidence, generally would die. However, the emergency protocol may be released quickly, difficulty adjusted really fast and enough of miners will remain mining 1X to prevent any potential attacks. The uncertainty about the support for each chain (1x or 2x), lack of consensus of what is what, logically should cause the BTC price to drop. However, this is crypto, logic does not work all the time, why else bitconnect exist?
This leads us to the conspiracy. AND WE ALL LOVE CONSPIRACY, JET FUEL CANT MELT STEAL ! For the following theories please put your tin foil hats.
![tinfoilhat.gif](https://steemitimages.com/DQmVyacpCN4YrKHDt4KqBRyXk6We93hxcrK9uSTrurJXJnH/tinfoilhat.gif)
For readers that don’t have one here is the link why you should have one and how to make one.
Theory number 3. Destruction of Bitcoin and rise of B2X. Overtake by the bankers.
Split occurs and majority of the hash power supports B2X. The 1x chain becomes laggy and slow, and hence experience the dump by people and groups interested in killing core. The large sums of 1x gets dumped while B2X is being equivalently bought while cheap. All big holders (hedge funds, whales, bankers buy a large sums of B2X while the price is low) and increase the total Bitcoin stake (2X), rich get richer and now have the absolutely majority of the coins hence can do various price manipulations and steer the direction of the Bitcoin. This theory is provided by the poorbrokebastard. This article about Segwit2x and its threat. And here the most highly controlled Brokerage service Coinbase says that Bitcoin Core are the biggest threat.While Coinbase itself may freeze your account at any time due to any reason they want (bitcoin you own previously was used in a gambling or any other activity they don’t like), Coinbase is happy to hand all the customer info to the government at any time and yet still, they see volunteer developers as a threat.
**
Theory number 4. BCH becomes Bitcoin as Jihan Wu will take over the world!
**
![DCZY16tUMAAw7kc.jpg](https://steemitimages.com/DQmUPVk9G2RdYD7DYu59Jcx7NDzK1SFr5NmgqtcGMve2Ycz/DCZY16tUMAAw7kc.jpg)
The lack of reply protection and deliberate attack on 1x chain by the major hashing power would lead to the loss of confidence in 1x and 2x chains. Price would plummet of 1x and 2x coins, while at the same time BCH would be pumped leading to the miners and herd of people flocking to the BCH. Jihan Wu and Roger Ver with the power of lobbying persuade business to call BCH as Bitcoin. We need very thick hat to understand this! Bitcoin cannot be destroyed, however it can be changed. Hundreds of millions have been invested in Bitcoin mining operations. Hence Bitcoin will prevail, however it may be core,B2X or BCH. As noted by the tenmillionsterrling, it is possible for the BCH to overtake Bitcoin name in the case of 1x and 2x destruction. That does not mean that people will start using BCH over the much better alternative crypto currencies. I would like to add to the tenmillionsterrling comment, in support of the BCH take over. Jihan Wu and Bitmain is the major supplier of BTC miners, they only accept BCH as a payment option, and hence have enough power and influence to blackmail the community and stir the Bitcoin future to their own benefit. Jihan Wu is very smart and he rightly deserves applause for being the best in the mining business. I don’t believe in this theory at all and don’t want to support the BCH, although BCH may increase in price significantly.
Other theories will be added later as they appear. Please share and I will add them giving you credit.
Summary. OPINION ALERT.
The most likely scenario is that split occurs. Exchanges will disable BTC deposits and Withdrawals 24 hours before the fork and will enable only when its save. Various service providers such as Bitpay (that supports major businesses as Steam) will suspend the service. Therefore BTC price should drop as people will still need to perform transactions. Consequently, the transactions will be performed using altcoins. The biggest gainer is LTC as this coin is universally accepted by every exchange and is frequently used to transfer BTC from one exchange to the other due to smaller fees and shorter block generation time. However, second contender is DASH and several businesses already accept DASH over Bitcoin (BitCart – save on your amazon vouchers), or via the use ShapeShift integration as popular amazon discount provider states that DASH is the most popular altcoin used on the site. Which coin will prevail (1x or 2x) as Bitcoin, I don’t know, but tend to think it will be B2X as currently it has the majority hash supply. Secondly, the massive split in the hash power would lead to Bitcoin core being vulnerable to the double spend attack at any point and lead to the loss of confidence, hence disappearance. However, anything is possible and it all depends on the intentions of the participating groups. Are all the miners evil and mine what is the most profitable disregarding the technology? Have the core developers ditched the vision of Satoshi and are closed to the public opinion? Does Jihan Wu seek to replace Bitcoin with BCH? Do the bankers and governments want to control the Bitcoin or perhaps even destroy it? There are plenty of arguments for and against, while answer to each question directly correlates to the quality of foil used to make the hat.
But hey– money talks. As much as I would like to see the decentralization the trend is set not by the early and crazy libertarian adopters, but by the herd of newcomers, who don’t really care about escaping the system. How can unpaid volunteers (Bitcoin core) compete with billionaires such as Jihan Wu? Masses and Bankers seek stability which is in their opinion only achieved by the regulations and control. It is possible for B2X take over the core, also possible for Bitcoin Core (1x) to prevail and B2X being listed as an altcoin. The month after the fork (in case of the split) will be turbulent, and as I expressed earlier, its probably best to stay out of bitcoin and keep fiat or alts (again OPINION so you are free not to listen at all and do whatever the hell your heart desires).
NOTE: I generally don’t like the control and centralization, monopoly. Otherwise I would stick with the fiat and would lead the life of a slave, take a mortgage, and would demand Bitcoin to be banned or at least regulated by the government. Maybe also become a communist too or at least highly aggressive socialist and a vegan. If you are looking for the more serious predictions, please read these articles 1 2.
Disclaimer. I don’t own any LTC, well I do, but cant remember the password I set 4 years ago, and 200 LTCs are locked forever. Perhaps someone knows how I could reach into my consciousness and help remember it? Also, I don’t like BCH, I don’t use it, I hate it. I did my best to make this article entertaining and informing at the same time. The tinfoil hat theories, well you need a hat to understand them.For the more comprehensive theories you should read Jimmy Song and other highly influential people.
submitted by Golden_parazyth to CryptoCurrency [link] [comments]

Thoughts on my culminating analysis of Russia's involvement in the U.S elections?

It has been a running theme lately that the U.S. government blaming Russia for the DNC/Podesta leaks is an attempt at deflection and is false. In the past few days, however, some very interesting pieces of information have come out from three different well-respected cybersecurity companies tasked with investigating the leaks or the groups behind these leaks. These companies are CrowsdStrike, Symantec, and SecureWorks. I think it is important that we cast away the media's non-technical analyses and go straight to the source.
The proof is that the hackers used Bitly to mask the malicious URL and trick people into thinking the URL was legitimate. They made two mistakes, however.
First, they accidentally left two of their Bitly accounts public, rather than setting them to private. This allowed security researchers to view some general account information, like what URLs were shortened and what they were changed to.
Second, they used Gmail's official numeric ID for each person inside of their maliciously crafted URLs. This allowed cybersecurity researchers to find out exactly who had been targeted.
The founder of CrowdStrike is a Russian-American and his company has been tasked with investigating the DNC/Podesta leaks. He blames Mother Russia. Relevant excerpts:
Alperovitch is the thirty-six-year-old cofounder of the cybersecurity firm CrowdStrike, and late the previous night, his company had been asked by the Democratic National Committee to investigate a possible breach of its network. A CrowdStrike security expert had sent the DNC a proprietary software package, called Falcon, that monitors the networks of its clients in real time. Falcon "lit up," the email said, within ten seconds of being installed at the DNC: Russia was in the network.
Alperovitch, a slight man with a sharp, quick demeanor, called the analyst who had emailed the report. "Are we sure it's Russia?" he asked.
The analyst said there was no doubt. Falcon had detected malicious software, or malware, that was stealing data and sending it to the same servers that had been used in a 2015 attack on the German Bundestag. The code and techniques used against the DNC resembled those from earlier attacks on the White House and the State Department. The analyst, a former intelligence officer, told Alperovitch that Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike's experts believed was affiliated with the FSB, Russia's answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence.
Alperovitch then called Shawn Henry, a tall, bald fifty-four-year-old former executive assistant director at the FBI who is now CrowdStrike's president of services. Henry led a forensics team that retraced the hackers' steps and pieced together the pathology of the breach. Over the next two weeks, they learned that Cozy Bear had been stealing emails from the DNC for more than a year. Fancy Bear, on the other hand, had been in the network for only a few weeks. Its target was the DNC research department, specifically the material that the committee was compiling on Donald Trump and other Republicans. Meanwhile, a CrowdStrike group called the Overwatch team used Falcon to monitor the hackers, a process known as shoulder-surfing.
For the next two days, three CrowdStrike employees worked inside DNC headquarters, replacing the software and setting up new login credentials using what Alperovitch considers to be the most secure means of choosing a password: flipping through the dictionary at random. (After this article was posted online, Alperovitch noted that the passwords included random characters in addition to the words.) The Overwatch team kept an eye on Falcon to ensure there were no new intrusions. On Sunday night, once the operation was complete, Alperovitch took his team to celebrate at the Brazilian steakhouse Fogo de Chão.
...
Aperovitch's June 14 blog post garnered so much media attention that even its ebullient author felt slightly overwhelmed. Inevitably there were questions about the strange names his company had given the Russian hackers. As it happened, "Fancy Bear" and "Cozy Bear" were part of a coding system Alperovitch had created. Animals signified the hackers' country of origin: Russians were bears, Chinese were pandas, Iranians were kittens, and North Koreans were named for the chollima, a mythical winged horse. By company tradition, the analyst who discovers a new hacker gets to choose the first part of the nickname. Cozy Bear got its nickname because the letters coz appeared in its malware code. Fancy Bear, meanwhile, used malware that included the word Sofacy, which reminded the analyst who found it of the Iggy Azalea song "Fancy."
The day after the media maelstrom, the reporters were back with less friendly questions: Had Alperovitch gotten his facts right? Was he certain Russia was behind the DNC hacks? The doubts were prompted by the appearance of a blogger claiming to be from Eastern Europe who called himself Guccifer 2.0. Guccifer said that the breach was his, not Russia's. "DNC'S servers hacked by a lone hacker," he wrote in a blog post that included stolen files from the DNC. "I guess CrowdStrike customers should think twice about company's competence," Guccifer wrote. "Fuck CrowdStrike!!!!!!!!!"
an incorrect attribution in public. "Did we miss something?" he asked CrowdStrike's forensics team. Henry and his staff went back over the evidence, all of which supported their original conclusion.
Alperovitch had also never seen someone claim to be the only intruder on a site. "No hacker goes into the network and does a full forensic investigation," he told me. Being called out, he said, was "very shocking. It was clearly an attack on us as well as on the DNC."
Alperovitch initially thought that the leaks were standard espionage and that Guccifer's attacks on CrowdStrike were just a noisy reaction to being busted. "I thought, Okay, they got really upset that they were caught," he said. But after documents from the DNC continued to leak, Alperovitch decided the situation was far worse than that. He concluded that the Russians wanted to use the leaked files to manipulate U. S. voters—a first. "It hit me that, holy crap, this is an influence operation. They're actually trying to inject themselves into the election," he said. "I believe that we may very well wake up on the morning the day after the election and find statements from Russian adversaries saying, 'Do not trust the result.' "
...
Days later, Alperovitch got a call from a Reuters reporter asking whether the Democratic Congressional Campaign Committee had been hacked. CrowdStrike had, in fact, been working on a breach at the DCCC; once again, Alperovitch believed that Russia was responsible. Now, however, he suspected that only Fancy Bear was involved. A lawyer for the DCCC gave Alperovitch permission to confirm the leak and to name Russia as the suspected author.
Two weeks later, files from the DCCC began to appear on Guccifer 2.0's website. This time he released information about Democratic congressional candidates who were running close races in Florida, Ohio, Illinois, and Pennsylvania. On August 12, he went further, publishing a spreadsheet that included the personal email addresses and phone numbers of nearly two hundred Democratic members of Congress.
...
Alperovitch's friends in government told him privately that an official attribution so close to the election would look political. If the government named Russia, it would be accused of carrying water for Hillary Clinton. The explanations upset Alperovitch. The silence of the American government began to feel both familiar and dangerous. "It doesn't help us if two years from now someone gets indicted," he said. After Michelle Obama's passport was published online, on September 22, Alperovitch threw up his hands in exasperation. "That is Putin giving us the finger," he told me.
Source: The Russian Expat Leading the Fight to Protect America
The guy responsible for ousting Stuxnet as being an American/Israeli cyberworm (no friend of the U.S. government/establishment) also says that his company, Symantec, has found that Russia was responsible for the leaks:
It is pretty clear judging by the indicators of compromise [IOCs]. The binaries that were used to hack the DNC as well as Podesta’s email as well as some other Democratic campaign folks, those IOCs match binaries and also infrastructure that was used in attacks that were previously recorded by others as having Russian origin. That much we can confirm. So if you believe other people’s—primarily government’s—attribution that those previous attacks were Russian, then these attacks are definitely connected. We’re talking about the same binaries, the same tools, the same infrastructure.
We’ve analyzed the tools, the binaries, and the infrastructure that was used in the attack, and from that we can confirm that it’s connected to a group that has two names. One is Sofacy, or “Cozy Bear,” and The Dukes, which is also known as “Fancy Bear.” From the binary analysis point of view, I can tell you that the activities of these attackers have been during Russian working hours, either centered on UTC+3 or UTC+4; they don’t work Russian holidays; they work Monday to Friday; there are language identifiers inside that are Russian; when you look at all the victim profiles they would be in interest to the Russian nation-state. So all of that stuff fits the profile. Now, could all those things be false flags? Sure. Other government entities obviously have come out and said it is the Russian state, and the binary forensics would definitely match that.
There was another attack that happened in the Ukraine. So in December, in the Ukraine, all the power went out to about 260,000 households, or customers. They basically infiltrated the power company, got access to the machines that controlled the power, they flipped the computer switches off and shut down the power, and then they began to wipe all the machines and devices—overriding the hard drives and trashing the machines so that they couldn’t be started up again, or so that the switches couldn’t come on again. Ukrainians were able to get power back after six hours by switching to manual mode. They went off their computer monitor mode and physically flipped the switches to bring the power back up. What’s interesting about that case is the fact that they were more behind technologically actually helped them. Something very similar could easily happen in the U.S. and we’re much more beholden to computing infrastructure here, so our ability to switch to manual mode here would be much more difficult.
Is there linkage between the DNC and Podesta hacks and the 2014 State Department hacks that were also believed to be carried out by Russia?
Yeah, these are being conducted by the same groups. We know that from the IOCs—by looking at the tools they use and the infrastructure they use.
Many of these attacks were happening prior to the nomination of Trump. Based on that theory, people believe that there was a general plan for disruption, and it may be the case now that the easiest and best way to do so is in the manner you speak, but these attacks did not just start happening post-Trump’s nomination. So in that sense, there is a feeling that it’s not a very Trump-specific activity versus an election disruption activity. This is the easiest way for them to disrupt the election.
Source: Cybersecurity Expert: Proof Russia Behind DNC, Podesta Hacks
Another cybersecurity company, SecureWorks, has published some interesting blogposts about all this:
In mid-2015, CTU researchers discovered TG-4127 using the accoounts-google . com domain in spearphishing attacks targeting Google Account users. The domain was used in a phishing URL submitted to Phishtank, a website that allows users to report phishing links (see Figure 1).
Figure 1. Example of accoounts-google . com used in a phishing URL.
Recipients who clicked the link were presented with a fake Google Account login page (see Figure 2). The threat actors could use entered credentials to access the contents of the associated Gmail account.
Figure 2. Fake Google Account login page.
Encoded target details
Analysis of the phishing URL revealed that it includes two Base64-encoded values (see Figure 3). The decoded Base64 values (see Table 1) match the Gmail account and its associated Google Account username. If a target clicks the phishing link, the username field of the displayed fake Google Account login page is prepopulated with the individual’s email address.
Figure 3. Spearphishing URL.
Table 1. Decoded Base64 values from the phishing URL used by TG-4127.
Use of the Bitly URL-shortening service
A Bitly URL was uploaded to Phishtank at almost the same time as the original spearphishing URL (see Figure 4).
Figure 4. Bitly phishing URL submitted at same time as accoounts-google . com phishing URL.
Using a tool on Bitly’s website, CTU researchers determined that the Bitly URL redirected to the original phishing URL (see Figure 5). Analysis of activity associated with the Bitly account used to create the shortened URL revealed that it had been used to create more than 3,000 shortened links used to target more than 1,800 Google Accounts.
Figure 5. Link-shortener page for bit.ly/1PXQ8zP that reveals the full URL.
Target analysis
CTU researchers analyzed the Google Accounts targeted by TG-4127 to gain insight about the targets and the threat group’s intent.
Focus on Russia and former Soviet states
Most of the targeted accounts are linked to intelligence gathering or information control within Russia or former Soviet states. The majority of the activity appears to focus on Russia’s military involvement in eastern Ukraine; for example, the email address targeted by the most phishing attempts (nine) was linked to a spokesperson for the Ukrainian prime minister. Other targets included individuals in political, military, and diplomatic positions in former Soviet states, as well as journalists, human rights organizations, and regional advocacy groups in Russia.
Other targets worldwide
Analysis of targeted individuals outside of Russia and the former Soviet states revealed that they work in a wide range of industry verticals (see Figure 6). The groups can be divided into two broad categories:
TG-4127 likely targeted the groups in the first category because they criticized Russia. The groups in the second category may have information useful to the Russian government.
Figure 6. TG-4127 targeting outside of Russia and former Soviet states.
Authors and journalists
More than half (53%) of the targeted authors and journalists are Russia or Ukraine subject matter experts (see Figure 7). It is likely that the Russian state has an interest in how it is portrayed in the media. U.S.-based military spouses who wrote online content about the military and military families were also targeted. The threat actors may have been attempting to learn about broader military issues in the U.S., or gain operational insight into the military activity of the target’s spouse.
Figure 7. Subject matter expertise of authors and journalists targeted by TG-4127.
Government supply chain
CTU researchers identified individuals who were likely targeted due to their position within the supply chain of organizations of interest to TG-4127 (e.g., defense and government networks). Figure 8 shows the distribution by category. The targets included a systems engineer working on a military simulation tool, a consultant specializing in unmanned aerial systems, an IT security consultant working for NATO, and a director of federal sales for the security arm of a multinational technology company. The threat actors likely aimed to exploit the individuals’ access to and knowledge of government clients’ information.
Figure 8. Categories of supply chain targets.
Government / military personnel
TG-4127 likely targeted current and former military and government personnel for potential operational insight gained from access to their personal communications. Most of the activity focused on individuals based in the U.S. or working in NATO-linked roles (see Figure 9).
Figure 9. Nation or organization of government/military targets.
TG-4127 targeted high-profile Syrian rebel leaders, including a leader of the Syrian National Coalition. Russian forces have supported Syrian President Bashar al-Assad’s regime since September 2015, so it is likely the threat actors are seeking to gain intelligence on rebel forces to assist Russian and Assad regime military operations.
Success of the phishing campaign
CTU researchers analyzed 4,396 phishing URLs sent to 1,881 Google Accounts between March and September, 2015. More than half (59%) of the URLs were accessed, suggesting that the recipients at least opened the phishing page. From the available data, it is not possible to determine how many of those Google Accounts were compromised. Most of the targeted accounts received multiple phishing attempts, which may indicate that previous attempts had been unsuccessful. However, 35% of accounts that accessed the malicious link were not subject to additional attempts, possibly indicating that the compromise was successful.
Of the accounts targeted once, CTU researchers determined that 60% of the recipients clicked the malicious Bitly. Of the accounts that were targeted more than once, 57% of the recipients clicked the malicious link in the repeated attempts. These results likely encourage threat actors to make additional attempts if the initial phishing email is unsuccessful.
Source: Threat Group-4127 Targets Google Accounts
Here's another article by SecureWorks:
Spearphishing details
The short links in the spearphishing emails redirected victims to a TG-4127-controlled URL that spoofed a legitimate Google domain. A Base64-encoded string containing the victim's full email address is passed with this URL, prepopulating a fake Google login page displayed to the victim. If a victim enters their credentials, TG-4127 can establish a session with Google and access the victim's account. The threat actors may be able to keep this session alive and maintain persistent access.
Hillary for America
TG-4127 exploited the Hillary for America campaign's use of Gmail and leveraged campaign employees' expectation of the standard Gmail login page to access their email account. When presented with TG-4127's spoofed login page (see Figure 1), victims might be convinced it was the legitimate login page for their hillaryclinton.com email account.
Figure 1. Example of a TG-4127 fake Google Account login page.
CTU researchers observed the first short links targeting hillaryclinton.com email addresses being created in mid-March 2016; the last link was created in mid-May. During this period, TG-4127 created 213 short links targeting 108 email addresses on the hillaryclinton.com domain. Through open-source research, CTU researchers identified the owners of 66 of the targeted email addresses. There was no open-source footprint for the remaining 42 addresses, suggesting that TG-4127 acquired them from another source, possibly other intelligence activity.
The identified email owners held a wide range of responsibilities within the Hillary for America campaign, extending from senior figures to junior employees and the group mailboxes for various regional offices. Targeted senior figures managed communications and media affairs, policy, speech writing, finance, and travel, while junior figures arranged schedules and travel for Hillary Clinton's campaign trail. Targets held the following titles:
Publicly available Bitly data reveals how many of the short links were clicked, likely by a victim opening a spearphishing email and clicking the link to the fake Gmail login page. Only 20 of the 213 short links have been clicked as of this publication. Eleven of the links were clicked once, four were clicked twice, two were clicked three times, and two were clicked four times.
Democratic National Committee
CTU researchers do not have evidence that these spearphishing emails are connected to the DNC network compromise that was revealed on June 14. However, a coincidence seems unlikely, and CTU researchers suspect that TG-4127 used the spearphishing emails or similar techniques to gain an initial foothold in the DNC network.
Personal email accounts
CTU researchers identified TG-4127 targeting 26 personal gmail.com accounts belonging to individuals linked to the Hillary for America campaign, the DNC, or other aspects of U.S. national politics. Five of the individuals also had a hillaryclinton.com email account that was targeted by TG-4127. Many of these individuals held communications, media, finance, or policy roles. They include the director of speechwriting for Hillary for America and the deputy director office of the chair at the DNC. TG-4127 created 150 short links targeting this group. As of this publication, 40 of the links have been clicked at least once.
Related activity and implications
Although the 2015 campaign did not focus on individuals associated with U.S. politics, open-source evidence suggests that TG-4127 targeted individuals connected to the U.S. White House in early 2015. The threat group also reportedly targeted the German parliament and German Chancellor Angela Merkel's Christian Democratic Union party. CTU researchers have not observed TG-4127 use this technique (using Bitly short links) to target the U.S. Republican party or the other U.S. presidential candidates whose campaigns were active between mid-March and mid-May.
Source: Threat Group-4127 Targets Hillary Clinton Presidential Campaign
Read these two articles for more context:
How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts
How Russia Pulled Off the Biggest Election Hack in U.S. History
Guccifer2.0, The Shadow Brokers, and DCLeaks, who have all leaked U.S. documents/cyberweapons, love talking about the "U.S. elite" and "corruption" in America, along with saying "the elections are rigged." I wonder why these people suddenly became so interested in the U.S. election?
Regardless, we know from the Bit.ly victim profiles that Podesta, the DNC, Ukrainian/Russian journalists, Bellingcat and other enemies of Russia were targeted by these groups. This also means that those targeted by DCLeaks and Guccifer2.0 were the same people, and that the aforementioned entities are actually one.
Why would they lie about being separate groups?
Lastly, I have gone through all the public statements made by these groups, by going through their TwitteTumblMedium/WordPress/web posts. Here are some of the comments made by DCLeaks, Guccifer2.0 and The Shadow Brokers. Tell me if you notice a common theme:
DCLeaks
Known for hacking the emails of former Secretary of State Colin Powell and former NATO General Breedlove, as well as Soros' OSF intranet documents.
George Soros is a Hungarian-American business magnate, investor, philanthropist, political activist and author who is of Hungarian-Jewish ancestry and holds dual citizenship. He drives more than 50 global and regional programs and foundations. Soros is named an architect and a sponsor of almost every revolution and coup around the world for the last 25 years. The USA is thought to be a vampire due to him and his puppets, not a lighthouse of freedom and democracy. His minions spill blood of millions and millions of people just to make him even more rich. Soros is an oligarch sponsoring the Democratic party, Hillary Clinton, hundreds of politicians all over the world. This website is designed to let everyone inside George Soros’ Open Society Foundation and related organisations. We present you the workplans, strategies, priorities and other activities of Soros. These documents shed light on one of the most influential network operating worldwide.
Source: http://soros.dcleaks.com
Welcome another cog in the U.S. political and military machine. CAPT Pistole's emails released
documents reveal the billionaire’s attempt to organize a “national movement” to create a federalized police force.
Looks like Clinton's staff doesn't care about security.Wonder from whom did they learn it..
FBI hq is a great place for club meeting especially when Clinton is under investigation
A further look at their Twitter account reveals that they mostly re-tweet WikiLeaks/RT/PressTV, hate Clinton, like Trump, love talking about the email scandal, post conspiracy theories about Mark Zuckerberg, exclusively target Russia's enemies (like former NATO General Breedlove, Soros, Colin Powell, etc,.), defend Russia from being attacked, and have a penchant for focusing on news portraying the U.S. elections/debates as "rigged":
Check the private correspondence between Philip Breedlove and Harlan Ullman
Check restricted documents of George Soros’ Open Society Foundation
Check restricted documents leaked from Hillary Clinton's presidential campaign staff
Emails show Obama saw US involvement in Russia talks as a 'threat'
'Gen. plotted against Obama on Russia'
Check George Soros's OSF plans to counter Russian policy and traditional values
Check Soros internal files
A New McCarthyism: @ggreenwald on Clinton Camp's Attempts to Link @wikileaks, Trump & @DrJillStein to Russia
Source: https://twitter.com/dcleaks_
Guccifer 2.0
Known for hacking the DNC and DCCC.
Together we’ll be able to throw off the political elite, the rich clans that exploit the world!
Fuck the lies and conspirators like DNC!!!
Who inspires me? Not the guys like Rambo or Terminator or any other like them. The world has changed. Assange, Snowden, and Manning are the heroes of the computer age. They struggle for truth and justice; they struggle to make our world better, more honest and clear. People like them make us hope for tomorrow. They are the modern heroes, they make history right now.
Marcel Lazar is another hero of mine. He inspired me and showed me the way. He proved that even the powers that be have weak points.
Anyway it seems that IT-companies and special services can’t realize that people like me act just following their ideas but not for money. They missed the bus with Assange and Snowden, they are not ready to live in the modern world. They are not ready to meet people who are smart and brave, who are eager to fight for their ideals, who can sacrifice themselves for the better future. Working for a boss makes them slow I suppose. Do you need more proof?
don’t want to disappoint anyone, but none of the candidates has my sympathies. Each of them has skeletons in the closet and I think people have a right to know the truth about the politicians.
As for me, I see great differences between Hillary Clinton and Donald Trump. Hillary seems so much false to me, she got all her money from political activities and lobbying, she is a slave of moguls, she is bought and sold. She never had to work hard and never risked everything she had. Her words don’t meet her actions. And her collusion with the DNC turned the primaries into farce.
Opposite to her, Donald Trump has earned his money himself. And at least he is sincere in what he says. His position is straight and clear.
Anyway that doesn’t mean that I support him. I’m totally against his ideas about closing borders and deportation policy. It’s a nonsense, absolute bullshit.
I have nothing to say about Bernie Sanders. It seems he never had a chance to win the nomination as the Democratic Party itself stood against him!
Here are the DCCC docs on Florida: reports, memos, briefings, dossiers, etc. You can have a look at who you are going to elect now. It may seem the congressional primaries are also becoming a farce.
As you can see, the private server of the Clinton clan contains docs and donors lists of the Democratic committees, PACs, etc. Does it surprise you?
It looks like big banks and corporations agreed to donate to the Democrats a certain percentage of the allocated TARP funds.
I found out something interesting in emails between DNC employees and Hillary Clinton campaign staff. Democrats prepare a new provocation against Trump. After Trump sent his financial report in May it appeared on DNC servers at once. DNC rushed to analyze it and asked the Jones Mandel company to make an effective investigation. I won’t be surprised if some mainstream media like the New York Times or CNN publish soon Trump’s financial docs. No doubt who could give them.
I’d like to warn you that the Democrats may rig the elections on November 8. This may be possible because of the software installed in the FEC networks by the large IT companies.
As I’ve already said, their software is of poor quality, with many holes and vulnerabilities.
I have registered in the FEC electronic system as an independent election observer; so I will monitor that the elections are held honestly.
I also call on other hackers to join me, monitor the elections from inside and inform the U.S. society about the facts of electoral fraud.
Source: https://guccifer2.wordpress.com
Here and here he claims that he's the source of WikiLeaks' DNC documents.
He frequently re-tweets WikiLeaks, just like DCLeaks. He re-tweets and follows conspiracy theory outlets like Alex Jones and Roger Stone, just like DCLeaks followed RT and PressTV. Of course, he sprang back to life two days before Election Day, to complain about "Democrats rigging the election." I thought he didn't favour any political party?
Source: https://twitter.com/GUCCIFER_2
The Shadow Brokers
Known for leaking the NSA's elite hacking entity's, Equation Group's, cyberweapons.
!! Attention Wealthy Elites !!!
We have final message for “Wealthy Elites”. We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?
Source: https://archive.is/WkT7o#selection-337.0-341.1595
TheShadowBrokers is having special trick or treat for Amerikanskis tonight. But first questions.
Why is DirtyGrandpa threating CIA cyberwar with Russia? Why not threating with NSA or CyberCommand? CIA is cyber B-Team, yes? Where is cyber A-Team? Maybe threating is not being for external propaganda? Maybe is being for internal propaganda? Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures. But neverminding, hacking DNC is way way most important than EquationGroup losing capabilities. Amerikanskis is not knowing USSA cyber capabilities is being screwed? Where is being “free press”? Is ABC, NBC, CBS, FOX negligent in duties of informing Amerikanskis? Guessing “Free Press” is not being “Free as in free beer” or “Free as in free of government influence?
Let us be speaking regarding corruption. If Peoples#1 is having $1.00 and Peoples#2 is having $1000.00 which peoples is having more money? Which peoples is having more spending power? Voter$1 is giving $1 to politician and Voter$1000 is giving $1000 to politician, which voters is having more political power? Is both voters having equal political power? “one person, one vote”? Politicians, lobbyist, media, even SCOTUS (supreme court) is saying this is being true, money is not corrupting. In binary world, maybe. But world is not being binary, is it? What about peoples#3, VoterUndecided? VoterUndecided is giving no moneys and no votes. Politician is needing money for campaign to buy advertising, positive media stories, advisors, pollsters, operatives to be making VoterUndecided vote for politician. Political fundrasing, now which voter is having more political power? VoterUndecided votes for politician and politician wins. Re-election is coming. Government budget decision is required. Voter$1 is wanting politician to be spending taxes on education for making children into great thinkers, leaders, scientists. Voter$1000 is shareholder of defense & intelligence company is wanting politician spending taxes on spying and war to be making benefit self, for great profit. Political favors, now, which voter is having more political power? Did theshadowbrokers lose Amerikanskis? Amerikanskis is still thinking “one person, one vote”? Money isn’t corrupting elections, politics, govenments?
USSA elections is coming! 60% of Amerikansky never voting. Best scenario is meaning half of remaining red or blue fanatics or 20% of the most fanatical is picking USSA government? A great power. A free country. A good-doer. TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots? The wealthy elites is being weakest during elections and transition of power. Is being why USSA is targeting elections in foreign countries. Don’t beleiving? Remembering Iran elections? Rembering stuxnet? Maybe is not Russia hacking election, maybe is being payback from Iran?
Ok peoples theshadowbrokers is promising you a trick or treating, here it is
https://mega.nz/#F!D1Q2EQpD!Lb09shM5XMZsQ_5_E1l4eQ https://yadi.sk/d/NCEyJQsBxrQxz
Password = payus
This is being equation group pitchimpair (redirector) keys, many missions into your networks is/was coming from these ip addresses. Is being unfortunate no peoples is already owning eqgrp_auction_file. Auction file is having tools for to making connect to these pitchimpairs. Maybe tools no more installed? Maybe is being cleaned up? To peoples is being owner of pitchimpair computers, don’t be looking for files, rootkit will self destruct. Be making cold forensic image. @GCHQ @Belgacom TheShadowBrokers is making special effort not to using foul language, bigotry, or making any funny. Be seeing if NBC, ABC, CBS, FOX is making stories about now? Maybe political hacks is being more important?
How bad do you want it to get? When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!
Source: https://medium.com/@shadowbrokerss/message-5-trick-or-treat-e43f946f93e6#.9cfljtkx3
Again, the usual old spiel of brave hackers fighting "USSA"/"Amerikansky" "corruption". It's gotten quite repetitive by now.
Bizarrely, they began posting Bill Clinton and Lorreta Lynch erotic fan fiction at some point:
https://medium.com/@shadowbrokerss/begin-pgp-signed-message-hash-sha1-2a9aa03838a4#.896d0iqpi
submitted by MangekyouSharinganKa to AskTrumpSupporters [link] [comments]

Culminating Analysis of DNC/DCCC/Soros/Colin-Powell/NATO-General-Breedlove/NSA-Equation-Group/Podesta Leaks and Hacks

It has been a running theme lately that the U.S. government blaming Russia for the DNC/Podesta leaks is an attempt at deflection and is false. In the past few days, however, some very interesting pieces of information have come out from three different well-respected cybersecurity companies tasked with investigating the leaks or the groups behind these leaks. These companies are CrowsdStrike, Symantec, and SecureWorks. I think it is important that we cast away the media's non-technical analyses and go straight to the source.
The founder of CrowdStrike is a Russian-American and his company has been tasked with investigating the DNC/Podesta leaks. He blames Mother Russia. Relevant excerpts:
At six o'clock on the morning of May 6, Dmitri Alperovitch woke up in a Los Angeles hotel to an alarming email. Alperovitch is the thirty-six-year-old cofounder of the cybersecurity firm CrowdStrike, and late the previous night, his company had been asked by the Democratic National Committee to investigate a possible breach of its network. A CrowdStrike security expert had sent the DNC a proprietary software package, called Falcon, that monitors the networks of its clients in real time. Falcon "lit up," the email said, within ten seconds of being installed at the DNC: Russia was in the network.
Alperovitch, a slight man with a sharp, quick demeanor, called the analyst who had emailed the report. "Are we sure it's Russia?" he asked.
The analyst said there was no doubt. Falcon had detected malicious software, or malware, that was stealing data and sending it to the same servers that had been used in a 2015 attack on the German Bundestag. The code and techniques used against the DNC resembled those from earlier attacks on the White House and the State Department. The analyst, a former intelligence officer, told Alperovitch that Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike's experts believed was affiliated with the FSB, Russia's answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence.
Alperovitch then called Shawn Henry, a tall, bald fifty-four-year-old former executive assistant director at the FBI who is now CrowdStrike's president of services. Henry led a forensics team that retraced the hackers' steps and pieced together the pathology of the breach. Over the next two weeks, they learned that Cozy Bear had been stealing emails from the DNC for more than a year. Fancy Bear, on the other hand, had been in the network for only a few weeks. Its target was the DNC research department, specifically the material that the committee was compiling on Donald Trump and other Republicans. Meanwhile, a CrowdStrike group called the Overwatch team used Falcon to monitor the hackers, a process known as shoulder-surfing.
Ultimately, the teams decided it was necessary to replace the software on every computer at the DNC. Until the network was clean, secrecy was vital. On the afternoon of Friday, June 10, all DNC employees were instructed to leave their laptops in the office. Alperovitch told me that a few people worried that Hillary Clinton, the presumptive Democratic nominee, was clearing house. "Those poor people thought they were getting fired," he says.
For the next two days, three CrowdStrike employees worked inside DNC headquarters, replacing the software and setting up new login credentials using what Alperovitch considers to be the most secure means of choosing a password: flipping through the dictionary at random. (After this article was posted online, Alperovitch noted that the passwords included random characters in addition to the words.) The Overwatch team kept an eye on Falcon to ensure there were no new intrusions. On Sunday night, once the operation was complete, Alperovitch took his team to celebrate at the Brazilian steakhouse Fogo de Chão.
...
Aperovitch's June 14 blog post garnered so much media attention that even its ebullient author felt slightly overwhelmed. Inevitably there were questions about the strange names his company had given the Russian hackers. As it happened, "Fancy Bear" and "Cozy Bear" were part of a coding system Alperovitch had created. Animals signified the hackers' country of origin: Russians were bears, Chinese were pandas, Iranians were kittens, and North Koreans were named for the chollima, a mythical winged horse. By company tradition, the analyst who discovers a new hacker gets to choose the first part of the nickname. Cozy Bear got its nickname because the letters coz appeared in its malware code. Fancy Bear, meanwhile, used malware that included the word Sofacy, which reminded the analyst who found it of the Iggy Azalea song "Fancy."
The day after the media maelstrom, the reporters were back with less friendly questions: Had Alperovitch gotten his facts right? Was he certain Russia was behind the DNC hacks? The doubts were prompted by the appearance of a blogger claiming to be from Eastern Europe who called himself Guccifer 2.0. Guccifer said that the breach was his, not Russia's. "DNC'S servers hacked by a lone hacker," he wrote in a blog post that included stolen files from the DNC. "I guess CrowdStrike customers should think twice about company's competence," Guccifer wrote. "Fuck CrowdStrike!!!!!!!!!"
an incorrect attribution in public. "Did we miss something?" he asked CrowdStrike's forensics team. Henry and his staff went back over the evidence, all of which supported their original conclusion.
Alperovitch had also never seen someone claim to be the only intruder on a site. "No hacker goes into the network and does a full forensic investigation," he told me. Being called out, he said, was "very shocking. It was clearly an attack on us as well as on the DNC."
Alperovitch initially thought that the leaks were standard espionage and that Guccifer's attacks on CrowdStrike were just a noisy reaction to being busted. "I thought, Okay, they got really upset that they were caught," he said. But after documents from the DNC continued to leak, Alperovitch decided the situation was far worse than that. He concluded that the Russians wanted to use the leaked files to manipulate U. S. voters—a first. "It hit me that, holy crap, this is an influence operation. They're actually trying to inject themselves into the election," he said. "I believe that we may very well wake up on the morning the day after the election and find statements from Russian adversaries saying, 'Do not trust the result.' "
...
Days later, Alperovitch got a call from a Reuters reporter asking whether the Democratic Congressional Campaign Committee had been hacked. CrowdStrike had, in fact, been working on a breach at the DCCC; once again, Alperovitch believed that Russia was responsible. Now, however, he suspected that only Fancy Bear was involved. A lawyer for the DCCC gave Alperovitch permission to confirm the leak and to name Russia as the suspected author.
Two weeks later, files from the DCCC began to appear on Guccifer 2.0's website. This time he released information about Democratic congressional candidates who were running close races in Florida, Ohio, Illinois, and Pennsylvania. On August 12, he went further, publishing a spreadsheet that included the personal email addresses and phone numbers of nearly two hundred Democratic members of Congress.
...
Alperovitch's friends in government told him privately that an official attribution so close to the election would look political. If the government named Russia, it would be accused of carrying water for Hillary Clinton. The explanations upset Alperovitch. The silence of the American government began to feel both familiar and dangerous. "It doesn't help us if two years from now someone gets indicted," he said. After Michelle Obama's passport was published online, on September 22, Alperovitch threw up his hands in exasperation. "That is Putin giving us the finger," he told me.
Source: The Russian Expat Leading the Fight to Protect America
The guy responsible for ousting Stuxnet as being an American/Israeli cyberworm (no friend of the U.S. government/establishment) also says that his company, Symantec, has found that Russia was responsible for the leaks:
It is pretty clear judging by the indicators of compromise [IOCs]. The binaries that were used to hack the DNC as well as Podesta’s email as well as some other Democratic campaign folks, those IOCs match binaries and also infrastructure that was used in attacks that were previously recorded by others as having Russian origin. That much we can confirm. So if you believe other people’s—primarily government’s—attribution that those previous attacks were Russian, then these attacks are definitely connected. We’re talking about the same binaries, the same tools, the same infrastructure.
We’ve analyzed the tools, the binaries, and the infrastructure that was used in the attack, and from that we can confirm that it’s connected to a group that has two names. One is Sofacy, or “Cozy Bear,” and The Dukes, which is also known as “Fancy Bear.” From the binary analysis point of view, I can tell you that the activities of these attackers have been during Russian working hours, either centered on UTC+3 or UTC+4; they don’t work Russian holidays; they work Monday to Friday; there are language identifiers inside that are Russian; when you look at all the victim profiles they would be in interest to the Russian nation-state. So all of that stuff fits the profile. Now, could all those things be false flags? Sure. Other government entities obviously have come out and said it is the Russian state, and the binary forensics would definitely match that.
There was another attack that happened in the Ukraine. So in December, in the Ukraine, all the power went out to about 260,000 households, or customers. They basically infiltrated the power company, got access to the machines that controlled the power, they flipped the computer switches off and shut down the power, and then they began to wipe all the machines and devices—overriding the hard drives and trashing the machines so that they couldn’t be started up again, or so that the switches couldn’t come on again. Ukrainians were able to get power back after six hours by switching to manual mode. They went off their computer monitor mode and physically flipped the switches to bring the power back up. What’s interesting about that case is the fact that they were more behind technologically actually helped them. Something very similar could easily happen in the U.S. and we’re much more beholden to computing infrastructure here, so our ability to switch to manual mode here would be much more difficult.
Is there linkage between the DNC and Podesta hacks and the 2014 State Department hacks that were also believed to be carried out by Russia?
Yeah, these are being conducted by the same groups. We know that from the IOCs—by looking at the tools they use and the infrastructure they use.
Many of these attacks were happening prior to the nomination of Trump. Based on that theory, people believe that there was a general plan for disruption, and it may be the case now that the easiest and best way to do so is in the manner you speak, but these attacks did not just start happening post-Trump’s nomination. So in that sense, there is a feeling that it’s not a very Trump-specific activity versus an election disruption activity. This is the easiest way for them to disrupt the election.
Source: Cybersecurity Expert: Proof Russia Behind DNC, Podesta Hacks
Another cybersecurity company, SecureWorks, has published some interesting blogposts about all this:
In mid-2015, CTU researchers discovered TG-4127 using the accoounts-google . com domain in spearphishing attacks targeting Google Account users. The domain was used in a phishing URL submitted to Phishtank, a website that allows users to report phishing links (see Figure 1).
Figure 1. Example of accoounts-google . com used in a phishing URL.
Recipients who clicked the link were presented with a fake Google Account login page (see Figure 2). The threat actors could use entered credentials to access the contents of the associated Gmail account.
Figure 2. Fake Google Account login page.
Encoded target details
Analysis of the phishing URL revealed that it includes two Base64-encoded values (see Figure 3). The decoded Base64 values (see Table 1) match the Gmail account and its associated Google Account username. If a target clicks the phishing link, the username field of the displayed fake Google Account login page is prepopulated with the individual’s email address.
Figure 3. Spearphishing URL.
Table 1. Decoded Base64 values from the phishing URL used by TG-4127.
Use of the Bitly URL-shortening service
A Bitly URL was uploaded to Phishtank at almost the same time as the original spearphishing URL (see Figure 4).
Figure 4. Bitly phishing URL submitted at same time as accoounts-google . com phishing URL.
Using a tool on Bitly’s website, CTU researchers determined that the Bitly URL redirected to the original phishing URL (see Figure 5). Analysis of activity associated with the Bitly account used to create the shortened URL revealed that it had been used to create more than 3,000 shortened links used to target more than 1,800 Google Accounts.
Figure 5. Link-shortener page for bit.ly/1PXQ8zP that reveals the full URL.
Target analysis
CTU researchers analyzed the Google Accounts targeted by TG-4127 to gain insight about the targets and the threat group’s intent.
Focus on Russia and former Soviet states
Most of the targeted accounts are linked to intelligence gathering or information control within Russia or former Soviet states. The majority of the activity appears to focus on Russia’s military involvement in eastern Ukraine; for example, the email address targeted by the most phishing attempts (nine) was linked to a spokesperson for the Ukrainian prime minister. Other targets included individuals in political, military, and diplomatic positions in former Soviet states, as well as journalists, human rights organizations, and regional advocacy groups in Russia.
Other targets worldwide
Analysis of targeted individuals outside of Russia and the former Soviet states revealed that they work in a wide range of industry verticals (see Figure 6). The groups can be divided into two broad categories:
TG-4127 likely targeted the groups in the first category because they criticized Russia. The groups in the second category may have information useful to the Russian government.
Figure 6. TG-4127 targeting outside of Russia and former Soviet states.
Authors and journalists
More than half (53%) of the targeted authors and journalists are Russia or Ukraine subject matter experts (see Figure 7). It is likely that the Russian state has an interest in how it is portrayed in the media. U.S.-based military spouses who wrote online content about the military and military families were also targeted. The threat actors may have been attempting to learn about broader military issues in the U.S., or gain operational insight into the military activity of the target’s spouse.
Figure 7. Subject matter expertise of authors and journalists targeted by TG-4127.
Government supply chain
CTU researchers identified individuals who were likely targeted due to their position within the supply chain of organizations of interest to TG-4127 (e.g., defense and government networks). Figure 8 shows the distribution by category. The targets included a systems engineer working on a military simulation tool, a consultant specializing in unmanned aerial systems, an IT security consultant working for NATO, and a director of federal sales for the security arm of a multinational technology company. The threat actors likely aimed to exploit the individuals’ access to and knowledge of government clients’ information.
Figure 8. Categories of supply chain targets.
Government / military personnel
TG-4127 likely targeted current and former military and government personnel for potential operational insight gained from access to their personal communications. Most of the activity focused on individuals based in the U.S. or working in NATO-linked roles (see Figure 9).
Figure 9. Nation or organization of government/military targets.
TG-4127 targeted high-profile Syrian rebel leaders, including a leader of the Syrian National Coalition. Russian forces have supported Syrian President Bashar al-Assad’s regime since September 2015, so it is likely the threat actors are seeking to gain intelligence on rebel forces to assist Russian and Assad regime military operations.
Success of the phishing campaign
CTU researchers analyzed 4,396 phishing URLs sent to 1,881 Google Accounts between March and September, 2015. More than half (59%) of the URLs were accessed, suggesting that the recipients at least opened the phishing page. From the available data, it is not possible to determine how many of those Google Accounts were compromised. Most of the targeted accounts received multiple phishing attempts, which may indicate that previous attempts had been unsuccessful. However, 35% of accounts that accessed the malicious link were not subject to additional attempts, possibly indicating that the compromise was successful.
Of the accounts targeted once, CTU researchers determined that 60% of the recipients clicked the malicious Bitly. Of the accounts that were targeted more than once, 57% of the recipients clicked the malicious link in the repeated attempts. These results likely encourage threat actors to make additional attempts if the initial phishing email is unsuccessful.
Source: Threat Group-4127 Targets Google Accounts
Here's another article by SecureWorks:
Spearphishing details
The short links in the spearphishing emails redirected victims to a TG-4127-controlled URL that spoofed a legitimate Google domain. A Base64-encoded string containing the victim's full email address is passed with this URL, prepopulating a fake Google login page displayed to the victim. If a victim enters their credentials, TG-4127 can establish a session with Google and access the victim's account. The threat actors may be able to keep this session alive and maintain persistent access.
Hillary for America
TG-4127 exploited the Hillary for America campaign's use of Gmail and leveraged campaign employees' expectation of the standard Gmail login page to access their email account. When presented with TG-4127's spoofed login page (see Figure 1), victims might be convinced it was the legitimate login page for their hillaryclinton.com email account.
Figure 1. Example of a TG-4127 fake Google Account login page.
CTU researchers observed the first short links targeting hillaryclinton.com email addresses being created in mid-March 2016; the last link was created in mid-May. During this period, TG-4127 created 213 short links targeting 108 email addresses on the hillaryclinton.com domain. Through open-source research, CTU researchers identified the owners of 66 of the targeted email addresses. There was no open-source footprint for the remaining 42 addresses, suggesting that TG-4127 acquired them from another source, possibly other intelligence activity.
The identified email owners held a wide range of responsibilities within the Hillary for America campaign, extending from senior figures to junior employees and the group mailboxes for various regional offices. Targeted senior figures managed communications and media affairs, policy, speech writing, finance, and travel, while junior figures arranged schedules and travel for Hillary Clinton's campaign trail. Targets held the following titles:
Publicly available Bitly data reveals how many of the short links were clicked, likely by a victim opening a spearphishing email and clicking the link to the fake Gmail login page. Only 20 of the 213 short links have been clicked as of this publication. Eleven of the links were clicked once, four were clicked twice, two were clicked three times, and two were clicked four times.
Democratic National Committee
CTU researchers do not have evidence that these spearphishing emails are connected to the DNC network compromise that was revealed on June 14. However, a coincidence seems unlikely, and CTU researchers suspect that TG-4127 used the spearphishing emails or similar techniques to gain an initial foothold in the DNC network.
Personal email accounts
CTU researchers identified TG-4127 targeting 26 personal gmail.com accounts belonging to individuals linked to the Hillary for America campaign, the DNC, or other aspects of U.S. national politics. Five of the individuals also had a hillaryclinton.com email account that was targeted by TG-4127. Many of these individuals held communications, media, finance, or policy roles. They include the director of speechwriting for Hillary for America and the deputy director office of the chair at the DNC. TG-4127 created 150 short links targeting this group. As of this publication, 40 of the links have been clicked at least once.
Related activity and implications
Although the 2015 campaign did not focus on individuals associated with U.S. politics, open-source evidence suggests that TG-4127 targeted individuals connected to the U.S. White House in early 2015. The threat group also reportedly targeted the German parliament and German Chancellor Angela Merkel's Christian Democratic Union party. CTU researchers have not observed TG-4127 use this technique (using Bitly short links) to target the U.S. Republican party or the other U.S. presidential candidates whose campaigns were active between mid-March and mid-May.
Source: Threat Group-4127 Targets Hillary Clinton Presidential Campaign
Read these two articles for more context:
How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts
How Russia Pulled Off the Biggest Election Hack in U.S. History
Guccifer2.0, The Shadow Brokers, and DCLeaks, who have all leaked U.S. documents/cyberweapons, love talking about the "U.S. elite" and "corruption" in America, along with saying "the elections are rigged." I wonder why these people suddenly became so interested in the U.S. election?
Regardless, we know from the Bit.ly victim profiles that Podesta, the DNC, Ukrainian/Russian journalists, Bellingcat and other enemies of Russia were targeted by these groups. This also means that those targeted by DCLeaks and Guccifer2.0 were the same people, and that the aforementioned entities are actually one.
Why would they lie about being separate groups?
Lastly, I have gone through all the public statements made by these groups, by going through their TwitteTumblMedium/WordPress/web posts. Here are some of the comments made by DCLeaks, Guccifer2.0 and The Shadow Brokers. Tell me if you notice a common theme:
DCLeaks
Known for hacking the emails of former Secretary of State Colin Powell and former NATO General Breedlove, as well as Soros' OSF intranet documents.
George Soros is a Hungarian-American business magnate, investor, philanthropist, political activist and author who is of Hungarian-Jewish ancestry and holds dual citizenship. He drives more than 50 global and regional programs and foundations. Soros is named an architect and a sponsor of almost every revolution and coup around the world for the last 25 years. The USA is thought to be a vampire due to him and his puppets, not a lighthouse of freedom and democracy. His minions spill blood of millions and millions of people just to make him even more rich. Soros is an oligarch sponsoring the Democratic party, Hillary Clinton, hundreds of politicians all over the world. This website is designed to let everyone inside George Soros’ Open Society Foundation and related organisations. We present you the workplans, strategies, priorities and other activities of Soros. These documents shed light on one of the most influential network operating worldwide.
Source: http://soros.dcleaks.com
Welcome another cog in the U.S. political and military machine. CAPT Pistole's emails released
documents reveal the billionaire’s attempt to organize a “national movement” to create a federalized police force.
Looks like Clinton's staff doesn't care about security.Wonder from whom did they learn it..
FBI hq is a great place for club meeting especially when Clinton is under investigation
A further look at their Twitter account reveals that they mostly re-tweet WikiLeaks/RT/PressTV, hate Clinton, like Trump, love talking about the email scandal, post conspiracy theories about Mark Zuckerberg, exclusively target Russia's enemies (like former NATO General Breedlove, Soros, Colin Powell, etc,.), defend Russia from being attacked, and have a penchant for focusing on news portraying the U.S. elections/debates as "rigged":
Check the private correspondence between Philip Breedlove and Harlan Ullman
Check restricted documents of George Soros’ Open Society Foundation
Check restricted documents leaked from Hillary Clinton's presidential campaign staff
Emails show Obama saw US involvement in Russia talks as a 'threat'
'Gen. plotted against Obama on Russia'
Check George Soros's OSF plans to counter Russian policy and traditional values
Check Soros internal files
A New McCarthyism: @ggreenwald on Clinton Camp's Attempts to Link @wikileaks, Trump & @DrJillStein to Russia
Source: https://twitter.com/dcleaks_
Guccifer 2.0
Known for hacking the DNC and DCCC.
Together we’ll be able to throw off the political elite, the rich clans that exploit the world!
Fuck the lies and conspirators like DNC!!!
Who inspires me? Not the guys like Rambo or Terminator or any other like them. The world has changed. Assange, Snowden, and Manning are the heroes of the computer age. They struggle for truth and justice; they struggle to make our world better, more honest and clear. People like them make us hope for tomorrow. They are the modern heroes, they make history right now.
Marcel Lazar is another hero of mine. He inspired me and showed me the way. He proved that even the powers that be have weak points.
Anyway it seems that IT-companies and special services can’t realize that people like me act just following their ideas but not for money. They missed the bus with Assange and Snowden, they are not ready to live in the modern world. They are not ready to meet people who are smart and brave, who are eager to fight for their ideals, who can sacrifice themselves for the better future. Working for a boss makes them slow I suppose. Do you need more proof?
don’t want to disappoint anyone, but none of the candidates has my sympathies. Each of them has skeletons in the closet and I think people have a right to know the truth about the politicians.
As for me, I see great differences between Hillary Clinton and Donald Trump. Hillary seems so much false to me, she got all her money from political activities and lobbying, she is a slave of moguls, she is bought and sold. She never had to work hard and never risked everything she had. Her words don’t meet her actions. And her collusion with the DNC turned the primaries into farce.
Opposite to her, Donald Trump has earned his money himself. And at least he is sincere in what he says. His position is straight and clear.
Anyway that doesn’t mean that I support him. I’m totally against his ideas about closing borders and deportation policy. It’s a nonsense, absolute bullshit.
I have nothing to say about Bernie Sanders. It seems he never had a chance to win the nomination as the Democratic Party itself stood against him!
Here are the DCCC docs on Florida: reports, memos, briefings, dossiers, etc. You can have a look at who you are going to elect now. It may seem the congressional primaries are also becoming a farce.
As you can see, the private server of the Clinton clan contains docs and donors lists of the Democratic committees, PACs, etc. Does it surprise you?
It looks like big banks and corporations agreed to donate to the Democrats a certain percentage of the allocated TARP funds.
I found out something interesting in emails between DNC employees and Hillary Clinton campaign staff. Democrats prepare a new provocation against Trump. After Trump sent his financial report in May it appeared on DNC servers at once. DNC rushed to analyze it and asked the Jones Mandel company to make an effective investigation. I won’t be surprised if some mainstream media like the New York Times or CNN publish soon Trump’s financial docs. No doubt who could give them.
I’d like to warn you that the Democrats may rig the elections on November 8. This may be possible because of the software installed in the FEC networks by the large IT companies.
As I’ve already said, their software is of poor quality, with many holes and vulnerabilities.
I have registered in the FEC electronic system as an independent election observer; so I will monitor that the elections are held honestly.
I also call on other hackers to join me, monitor the elections from inside and inform the U.S. society about the facts of electoral fraud.
Source: https://guccifer2.wordpress.com
Here and here he claims that he's the source of WikiLeaks' DNC documents, something that has gone unreported in the media.
He frequently re-tweets WikiLeaks, just like DCLeaks. He re-tweets and follows conspiracy theory outlets like Alex Jones and Roger Stone, just like DCLeaks followed RT and PressTV. Of course, he sprang back to life two days ago, right before Election Day, to complain about "Democrats rigging the election." I thought he didn't favour any political party?
Source: https://twitter.com/GUCCIFER_2
The Shadow Brokers
Known for leaking the NSA's elite hacking entity's, Equation Group's, cyberweapons.
!! Attention Wealthy Elites !!!
We have final message for “Wealthy Elites”. We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?
Source: https://archive.is/WkT7o#selection-337.0-341.1595
TheShadowBrokers is having special trick or treat for Amerikanskis tonight. But first questions.
Why is DirtyGrandpa threating CIA cyberwar with Russia? Why not threating with NSA or CyberCommand? CIA is cyber B-Team, yes? Where is cyber A-Team? Maybe threating is not being for external propaganda? Maybe is being for internal propaganda? Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures. But neverminding, hacking DNC is way way most important than EquationGroup losing capabilities. Amerikanskis is not knowing USSA cyber capabilities is being screwed? Where is being “free press”? Is ABC, NBC, CBS, FOX negligent in duties of informing Amerikanskis? Guessing “Free Press” is not being “Free as in free beer” or “Free as in free of government influence?
Let us be speaking regarding corruption. If Peoples#1 is having $1.00 and Peoples#2 is having $1000.00 which peoples is having more money? Which peoples is having more spending power? Voter$1 is giving $1 to politician and Voter$1000 is giving $1000 to politician, which voters is having more political power? Is both voters having equal political power? “one person, one vote”? Politicians, lobbyist, media, even SCOTUS (supreme court) is saying this is being true, money is not corrupting. In binary world, maybe. But world is not being binary, is it? What about peoples#3, VoterUndecided? VoterUndecided is giving no moneys and no votes. Politician is needing money for campaign to buy advertising, positive media stories, advisors, pollsters, operatives to be making VoterUndecided vote for politician. Political fundrasing, now which voter is having more political power? VoterUndecided votes for politician and politician wins. Re-election is coming. Government budget decision is required. Voter$1 is wanting politician to be spending taxes on education for making children into great thinkers, leaders, scientists. Voter$1000 is shareholder of defense & intelligence company is wanting politician spending taxes on spying and war to be making benefit self, for great profit. Political favors, now, which voter is having more political power? Did theshadowbrokers lose Amerikanskis? Amerikanskis is still thinking “one person, one vote”? Money isn’t corrupting elections, politics, govenments?
USSA elections is coming! 60% of Amerikansky never voting. Best scenario is meaning half of remaining red or blue fanatics or 20% of the most fanatical is picking USSA government? A great power. A free country. A good-doer. TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots? The wealthy elites is being weakest during elections and transition of power. Is being why USSA is targeting elections in foreign countries. Don’t beleiving? Remembering Iran elections? Rembering stuxnet? Maybe is not Russia hacking election, maybe is being payback from Iran?
Ok peoples theshadowbrokers is promising you a trick or treating, here it is
https://mega.nz/#F!D1Q2EQpD!Lb09shM5XMZsQ_5_E1l4eQ https://yadi.sk/d/NCEyJQsBxrQxz
Password = payus
This is being equation group pitchimpair (redirector) keys, many missions into your networks is/was coming from these ip addresses. Is being unfortunate no peoples is already owning eqgrp_auction_file. Auction file is having tools for to making connect to these pitchimpairs. Maybe tools no more installed? Maybe is being cleaned up? To peoples is being owner of pitchimpair computers, don’t be looking for files, rootkit will self destruct. Be making cold forensic image. @GCHQ @Belgacom TheShadowBrokers is making special effort not to using foul language, bigotry, or making any funny. Be seeing if NBC, ABC, CBS, FOX is making stories about now? Maybe political hacks is being more important?
How bad do you want it to get? When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!
Source: https://medium.com/@shadowbrokerss/message-5-trick-or-treat-e43f946f93e6#.9cfljtkx3
Again, the usual old spiel of brave hackers fighting "USSA"/"Amerikansky" "corruption". It's gotten quite repetitive by now.
Bizarrely, they began posting Bill Clinton and Lorreta Lynch erotic fan fiction at some point:
https://medium.com/@shadowbrokerss/begin-pgp-signed-message-hash-sha1-2a9aa03838a4#.896d0iqpi
submitted by DownWithAssad to geopolitics [link] [comments]

Bitcoin Segwit 2x Fork Speculations and Tin Foil Hat Theories.

https://steemit.com/bitcoin/@golden.parazyth/6tz1dz-bitcoin-segwit-2x-fork-speculations-and-tin-foil-hat-theories# Please use steemit link as images there are posted properly.
Bitcoin Segwit 2x Fork Speculations and Tin Foil Hat Theories.
This article summarises the current theories of what will happen after the Bitcoin Segwit 2x fork from the most likely and sensible outcomes to currently circulating conspiracy theories. Facts regarding the coming fork (somewhere around the 16th of November) are nicely summarized by the tenmillionsterling , therefore they are not repeated in this article as this is a summary of potential ‘What will happen to the price and bitcoin?’ OPINIONS and by no means it’s a financial advice. For the readers who don’t know what is the coming fork, please follow this link. I would like to stress out one more time that this article is a collection of opinions based on facts, feelings, bias, and pure human idiocy so please use your own critical thinking in making life decisions.
https://steemitimages.com/DQmUQs6f2j8Ee9yuEaehtFyCeGndHGVnuvjN2K89nMof7GY/4140332263_6e88268e80_z.jpg
Terminology. Current Bitcoin (core) is called 1x or core. The updated/forked (Segwit2x)is referred as 2x or B2X. Alts – alternative crypto currencies also widely known as shitcoins. Double spending Replay protection
Theory number 1. No split occurs and life goes on. Probably the best outcome (not necessarily the most likely) is to avoid the blockchain split altogether. In this scenario all miners update the protocol to Segwit2x (or abandon 2x) and Bitcoin does not split. Therefore, the second chain does not occur and Segwit2x protocol gets successfully activated. As a result, there is only one Bitcoin (2X or 1X) and every exchange calls 2x (or 1X) as a Bitcoin, there is no network disruption, no double spending. In this scenario Bitcoin price should continue its uprising trend and altcoins would continue to be suppressed. The likelihood of every miner achieving consensus is moderate. Currently 83% of miners signal for 2x and 33.2 percent signal for 1x coin (reference). It is possible for no split to occur, although I think, there is going to be a split.
Theory number 2. Bitcoin splits into 2 coins (1x and 2x). Bitcoin core developers are unlikely to give in and split occurs. Peter Todd (core developer) said Segwit2x is a fraud. As a result all hell breaks loose, a disaster, since there is no replay protection and no consensus of what will be called Bitcoin. Opinion alert! In my humble opinion this is the most likely scenario. First of all, there are no consensus among exchanges and various service providers of what is going to be Bitcoin and what is going to be called B2X as each company want to call Bitcoin with their own names. Table 1 shows summary of what each coin after split is being called, taking into the consideration that B2X will have the most hash.
Table 1
Table 1 shows the decision of crypto service providers regarding the naming of split coins. Bitcoin is going to be called a chain with the majority of hash power and only 1 coin listed. In case B2X is called Bitcoin, it is not clear how the original coin is going to be named. *Opinion alert! I think they name Bitcoin with the most hash power. References: 1) https://bitcoinmagazine.com/articles/b2x-or-not-b2x-how-exchanges-will-list-segwit2x-coin/ 2) http://nob2x.org/ 3) https://cointelegraph.com/news/xapo-on-segwit2x-we-might-not-treat-btc-chain-as-real-bitcoin 4) https://blog.bitpay.com/segwit2x/ 5) Peter Todd calling Segwit2x a fraud
As the table 1 indicates, there is no consensus of what is going to be Bitcoin, the lack of replay protection specifies that spending Bitcoin you will also spend the B2X and vice versa. It will cause madness. For example, if you spend Bitcoin to pay for the game on Steam which effectively will name B2X (Bitpay) as Bitcoin, your money may be lost or transferring BTC from one exchange to the other when the same name Bitcoin is used while indicating 2 different chains! On the other hand, a lot of miners may switch back to support the 1x chain (or they may not). Opinion alert!!! What does this mean and what to do? In this scenario until the consensus is reached (and it will be reached), price of 1x and 2x plummets, while money flows back to dirty, disgusting, filthy fiat and glorious alternative crypto currencies. All major alts should experience the price boom against the Bitcoin and depending how low the Bitcoin drops, possibly against the fiat. I think DASH, LTC, ETH, NEO will be the major gainers. I deliberately left BCH out of this. Depending to the miners support, original Bitcoin will become vulnerable to the double spending attack. High difficulty and low mining profitability may lead to the remaining miners to switch to the most profitable coin (BCH or B2X), in fact potentially exposing 1x and 2x chains to double spending attacks (probably unlikely scenario). All depends on how fast the emergency protocol is released to adjust the difficulty for the Bitcoin Core (1x) chain to avoid exodus of the miners. In case of the double spending attack 1X would loose all the confidence, generally would die. However, the emergency protocol may be released quickly, difficulty adjusted really fast and enough of miners will remain mining 1X to prevent any potential attacks. The uncertainty about the support for each chain (1x or 2x), lack of consensus of what is what, logically should cause the BTC price to drop. However, this is crypto, logic does not work all the time, why else bitconnect exist?
This leads us to the conspiracy. AND WE ALL LOVE CONSPIRACY, JET FUEL CANT MELT STEAL ! For the following theories please put your tin foil hats.
![tinfoilhat.gif](https://steemitimages.com/DQmVyacpCN4YrKHDt4KqBRyXk6We93hxcrK9uSTrurJXJnH/tinfoilhat.gif)
For readers that don’t have one here is the link why you should have one and how to make one.
Theory number 3. Destruction of Bitcoin and rise of B2X. Overtake by the bankers.
Split occurs and majority of the hash power supports B2X. The 1x chain becomes laggy and slow, and hence experience the dump by people and groups interested in killing core. The large sums of 1x gets dumped while B2X is being equivalently bought while cheap. All big holders (hedge funds, whales, bankers buy a large sums of B2X while the price is low) and increase the total Bitcoin stake (2X), rich get richer and now have the absolutely majority of the coins hence can do various price manipulations and steer the direction of the Bitcoin. This theory is provided by the poorbrokebastard. This article about Segwit2x and its threat. And here the most highly controlled Brokerage service Coinbase says that Bitcoin Core are the biggest threat.While Coinbase itself may freeze your account at any time due to any reason they want (bitcoin you own previously was used in a gambling or any other activity they don’t like), Coinbase is happy to hand all the customer info to the government at any time and yet still, they see volunteer developers as a threat.
**
Theory number 4. BCH becomes Bitcoin as Jihan Wu will take over the world!
**
![DCZY16tUMAAw7kc.jpg](https://steemitimages.com/DQmUPVk9G2RdYD7DYu59Jcx7NDzK1SFr5NmgqtcGMve2Ycz/DCZY16tUMAAw7kc.jpg)
The lack of reply protection and deliberate attack on 1x chain by the major hashing power would lead to the loss of confidence in 1x and 2x chains. Price would plummet of 1x and 2x coins, while at the same time BCH would be pumped leading to the miners and herd of people flocking to the BCH. Jihan Wu and Roger Ver with the power of lobbying persuade business to call BCH as Bitcoin. We need very thick hat to understand this! Bitcoin cannot be destroyed, however it can be changed. Hundreds of millions have been invested in Bitcoin mining operations. Hence Bitcoin will prevail, however it may be core,B2X or BCH. As noted by the tenmillionsterrling, it is possible for the BCH to overtake Bitcoin name in the case of 1x and 2x destruction. That does not mean that people will start using BCH over the much better alternative crypto currencies. I would like to add to the tenmillionsterrling comment, in support of the BCH take over. Jihan Wu and Bitmain is the major supplier of BTC miners, they only accept BCH as a payment option, and hence have enough power and influence to blackmail the community and stir the Bitcoin future to their own benefit. Jihan Wu is very smart and he rightly deserves applause for being the best in the mining business. I don’t believe in this theory at all and don’t want to support the BCH, although BCH may increase in price significantly.
Other theories will be added later as they appear. Please share and I will add them giving you credit.
Summary. OPINION ALERT.
The most likely scenario is that split occurs. Exchanges will disable BTC deposits and Withdrawals 24 hours before the fork and will enable only when its save. Various service providers such as Bitpay (that supports major businesses as Steam) will suspend the service. Therefore BTC price should drop as people will still need to perform transactions. Consequently, the transactions will be performed using altcoins. The biggest gainer is LTC as this coin is universally accepted by every exchange and is frequently used to transfer BTC from one exchange to the other due to smaller fees and shorter block generation time. However, second contender is DASH and several businesses already accept DASH over Bitcoin (BitCart – save on your amazon vouchers), or via the use ShapeShift integration as popular amazon discount provider states that DASH is the most popular altcoin used on the site. Which coin will prevail (1x or 2x) as Bitcoin, I don’t know, but tend to think it will be B2X as currently it has the majority hash supply. Secondly, the massive split in the hash power would lead to Bitcoin core being vulnerable to the double spend attack at any point and lead to the loss of confidence, hence disappearance. However, anything is possible and it all depends on the intentions of the participating groups. Are all the miners evil and mine what is the most profitable disregarding the technology? Have the core developers ditched the vision of Satoshi and are closed to the public opinion? Does Jihan Wu seek to replace Bitcoin with BCH? Do the bankers and governments want to control the Bitcoin or perhaps even destroy it? There are plenty of arguments for and against, while answer to each question directly correlates to the quality of foil used to make the hat.
But hey– money talks. As much as I would like to see the decentralization the trend is set not by the early and crazy libertarian adopters, but by the herd of newcomers, who don’t really care about escaping the system. How can unpaid volunteers (Bitcoin core) compete with billionaires such as Jihan Wu? Masses and Bankers seek stability which is in their opinion only achieved by the regulations and control. It is possible for B2X take over the core, also possible for Bitcoin Core (1x) to prevail and B2X being listed as an altcoin. The month after the fork (in case of the split) will be turbulent, and as I expressed earlier, its probably best to stay out of bitcoin and keep fiat or alts (again OPINION so you are free not to listen at all and do whatever the hell your heart desires).
NOTE: I generally don’t like the control and centralization, monopoly. Otherwise I would stick with the fiat and would lead the life of a slave, take a mortgage, and would demand Bitcoin to be banned or at least regulated by the government. Maybe also become a communist too or at least highly aggressive socialist and a vegan. If you are looking for the more serious predictions, please read these articles 1 2.
Disclaimer. I don’t own any LTC, well I do, but cant remember the password I set 4 years ago, and 200 LTCs are locked forever. Perhaps someone knows how I could reach into my consciousness and help remember it? Also, I don’t like BCH, I don’t use it, I hate it. I did my best to make this article entertaining and informing at the same time. The tinfoil hat theories, well you need a hat to understand them.For the more comprehensive theories you should read Jimmy Song and other highly influential people.
submitted by Golden_parazyth to Bitcoincash [link] [comments]

Culminating Analysis of DNC/DCCC/Soros/Colin-Powell/NATO-General-Breedlove/NSA-Equation-Group/Podesta Leaks and Hacks

It has been a running theme lately that the U.S. government blaming Russia for the DNC/Podesta leaks is an attempt at deflection and is false. In the past few days, however, some very interesting pieces of information have come out from three different well-respected cybersecurity companies tasked with investigating the leaks or the groups behind these leaks. These companies are CrowsdStrike, Symantec, and SecureWorks. I think it is important that we cast away the media's non-technical analyses and go straight to the source.
The founder of CrowdStrike is a Russian-American and his company has been tasked with investigating the DNC/Podesta leaks. He blames Mother Russia. Relevant excerpts:
At six o'clock on the morning of May 6, Dmitri Alperovitch woke up in a Los Angeles hotel to an alarming email. Alperovitch is the thirty-six-year-old cofounder of the cybersecurity firm CrowdStrike, and late the previous night, his company had been asked by the Democratic National Committee to investigate a possible breach of its network. A CrowdStrike security expert had sent the DNC a proprietary software package, called Falcon, that monitors the networks of its clients in real time. Falcon "lit up," the email said, within ten seconds of being installed at the DNC: Russia was in the network.
Alperovitch, a slight man with a sharp, quick demeanor, called the analyst who had emailed the report. "Are we sure it's Russia?" he asked.
The analyst said there was no doubt. Falcon had detected malicious software, or malware, that was stealing data and sending it to the same servers that had been used in a 2015 attack on the German Bundestag. The code and techniques used against the DNC resembled those from earlier attacks on the White House and the State Department. The analyst, a former intelligence officer, told Alperovitch that Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike's experts believed was affiliated with the FSB, Russia's answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence.
Alperovitch then called Shawn Henry, a tall, bald fifty-four-year-old former executive assistant director at the FBI who is now CrowdStrike's president of services. Henry led a forensics team that retraced the hackers' steps and pieced together the pathology of the breach. Over the next two weeks, they learned that Cozy Bear had been stealing emails from the DNC for more than a year. Fancy Bear, on the other hand, had been in the network for only a few weeks. Its target was the DNC research department, specifically the material that the committee was compiling on Donald Trump and other Republicans. Meanwhile, a CrowdStrike group called the Overwatch team used Falcon to monitor the hackers, a process known as shoulder-surfing.
Ultimately, the teams decided it was necessary to replace the software on every computer at the DNC. Until the network was clean, secrecy was vital. On the afternoon of Friday, June 10, all DNC employees were instructed to leave their laptops in the office. Alperovitch told me that a few people worried that Hillary Clinton, the presumptive Democratic nominee, was clearing house. "Those poor people thought they were getting fired," he says.
For the next two days, three CrowdStrike employees worked inside DNC headquarters, replacing the software and setting up new login credentials using what Alperovitch considers to be the most secure means of choosing a password: flipping through the dictionary at random. (After this article was posted online, Alperovitch noted that the passwords included random characters in addition to the words.) The Overwatch team kept an eye on Falcon to ensure there were no new intrusions. On Sunday night, once the operation was complete, Alperovitch took his team to celebrate at the Brazilian steakhouse Fogo de Chão.
...
Aperovitch's June 14 blog post garnered so much media attention that even its ebullient author felt slightly overwhelmed. Inevitably there were questions about the strange names his company had given the Russian hackers. As it happened, "Fancy Bear" and "Cozy Bear" were part of a coding system Alperovitch had created. Animals signified the hackers' country of origin: Russians were bears, Chinese were pandas, Iranians were kittens, and North Koreans were named for the chollima, a mythical winged horse. By company tradition, the analyst who discovers a new hacker gets to choose the first part of the nickname. Cozy Bear got its nickname because the letters coz appeared in its malware code. Fancy Bear, meanwhile, used malware that included the word Sofacy, which reminded the analyst who found it of the Iggy Azalea song "Fancy."
The day after the media maelstrom, the reporters were back with less friendly questions: Had Alperovitch gotten his facts right? Was he certain Russia was behind the DNC hacks? The doubts were prompted by the appearance of a blogger claiming to be from Eastern Europe who called himself Guccifer 2.0. Guccifer said that the breach was his, not Russia's. "DNC'S servers hacked by a lone hacker," he wrote in a blog post that included stolen files from the DNC. "I guess CrowdStrike customers should think twice about company's competence," Guccifer wrote. "Fuck CrowdStrike!!!!!!!!!"
an incorrect attribution in public. "Did we miss something?" he asked CrowdStrike's forensics team. Henry and his staff went back over the evidence, all of which supported their original conclusion.
Alperovitch had also never seen someone claim to be the only intruder on a site. "No hacker goes into the network and does a full forensic investigation," he told me. Being called out, he said, was "very shocking. It was clearly an attack on us as well as on the DNC."
Alperovitch initially thought that the leaks were standard espionage and that Guccifer's attacks on CrowdStrike were just a noisy reaction to being busted. "I thought, Okay, they got really upset that they were caught," he said. But after documents from the DNC continued to leak, Alperovitch decided the situation was far worse than that. He concluded that the Russians wanted to use the leaked files to manipulate U. S. voters—a first. "It hit me that, holy crap, this is an influence operation. They're actually trying to inject themselves into the election," he said. "I believe that we may very well wake up on the morning the day after the election and find statements from Russian adversaries saying, 'Do not trust the result.' "
...
Days later, Alperovitch got a call from a Reuters reporter asking whether the Democratic Congressional Campaign Committee had been hacked. CrowdStrike had, in fact, been working on a breach at the DCCC; once again, Alperovitch believed that Russia was responsible. Now, however, he suspected that only Fancy Bear was involved. A lawyer for the DCCC gave Alperovitch permission to confirm the leak and to name Russia as the suspected author.
Two weeks later, files from the DCCC began to appear on Guccifer 2.0's website. This time he released information about Democratic congressional candidates who were running close races in Florida, Ohio, Illinois, and Pennsylvania. On August 12, he went further, publishing a spreadsheet that included the personal email addresses and phone numbers of nearly two hundred Democratic members of Congress.
...
Alperovitch's friends in government told him privately that an official attribution so close to the election would look political. If the government named Russia, it would be accused of carrying water for Hillary Clinton. The explanations upset Alperovitch. The silence of the American government began to feel both familiar and dangerous. "It doesn't help us if two years from now someone gets indicted," he said. After Michelle Obama's passport was published online, on September 22, Alperovitch threw up his hands in exasperation. "That is Putin giving us the finger," he told me.
Source: The Russian Expat Leading the Fight to Protect America
The guy responsible for ousting Stuxnet as being an American/Israeli cyberworm (no friend of the U.S. government/establishment) also says that his company, Symantec, has found that Russia was responsible for the leaks:
It is pretty clear judging by the indicators of compromise [IOCs]. The binaries that were used to hack the DNC as well as Podesta’s email as well as some other Democratic campaign folks, those IOCs match binaries and also infrastructure that was used in attacks that were previously recorded by others as having Russian origin. That much we can confirm. So if you believe other people’s—primarily government’s—attribution that those previous attacks were Russian, then these attacks are definitely connected. We’re talking about the same binaries, the same tools, the same infrastructure.
We’ve analyzed the tools, the binaries, and the infrastructure that was used in the attack, and from that we can confirm that it’s connected to a group that has two names. One is Sofacy, or “Cozy Bear,” and The Dukes, which is also known as “Fancy Bear.” From the binary analysis point of view, I can tell you that the activities of these attackers have been during Russian working hours, either centered on UTC+3 or UTC+4; they don’t work Russian holidays; they work Monday to Friday; there are language identifiers inside that are Russian; when you look at all the victim profiles they would be in interest to the Russian nation-state. So all of that stuff fits the profile. Now, could all those things be false flags? Sure. Other government entities obviously have come out and said it is the Russian state, and the binary forensics would definitely match that.
There was another attack that happened in the Ukraine. So in December, in the Ukraine, all the power went out to about 260,000 households, or customers. They basically infiltrated the power company, got access to the machines that controlled the power, they flipped the computer switches off and shut down the power, and then they began to wipe all the machines and devices—overriding the hard drives and trashing the machines so that they couldn’t be started up again, or so that the switches couldn’t come on again. Ukrainians were able to get power back after six hours by switching to manual mode. They went off their computer monitor mode and physically flipped the switches to bring the power back up. What’s interesting about that case is the fact that they were more behind technologically actually helped them. Something very similar could easily happen in the U.S. and we’re much more beholden to computing infrastructure here, so our ability to switch to manual mode here would be much more difficult.
Is there linkage between the DNC and Podesta hacks and the 2014 State Department hacks that were also believed to be carried out by Russia?
Yeah, these are being conducted by the same groups. We know that from the IOCs—by looking at the tools they use and the infrastructure they use.
Many of these attacks were happening prior to the nomination of Trump. Based on that theory, people believe that there was a general plan for disruption, and it may be the case now that the easiest and best way to do so is in the manner you speak, but these attacks did not just start happening post-Trump’s nomination. So in that sense, there is a feeling that it’s not a very Trump-specific activity versus an election disruption activity. This is the easiest way for them to disrupt the election.
Source: Cybersecurity Expert: Proof Russia Behind DNC, Podesta Hacks
Another cybersecurity company, SecureWorks, has published some interesting blogposts about all this:
In mid-2015, CTU researchers discovered TG-4127 using the accoounts-google . com domain in spearphishing attacks targeting Google Account users. The domain was used in a phishing URL submitted to Phishtank, a website that allows users to report phishing links (see Figure 1).
Figure 1. Example of accoounts-google . com used in a phishing URL.
Recipients who clicked the link were presented with a fake Google Account login page (see Figure 2). The threat actors could use entered credentials to access the contents of the associated Gmail account.
Figure 2. Fake Google Account login page.
Encoded target details
Analysis of the phishing URL revealed that it includes two Base64-encoded values (see Figure 3). The decoded Base64 values (see Table 1) match the Gmail account and its associated Google Account username. If a target clicks the phishing link, the username field of the displayed fake Google Account login page is prepopulated with the individual’s email address.
Figure 3. Spearphishing URL.
Table 1. Decoded Base64 values from the phishing URL used by TG-4127.
Use of the Bitly URL-shortening service
A Bitly URL was uploaded to Phishtank at almost the same time as the original spearphishing URL (see Figure 4).
Figure 4. Bitly phishing URL submitted at same time as accoounts-google . com phishing URL.
Using a tool on Bitly’s website, CTU researchers determined that the Bitly URL redirected to the original phishing URL (see Figure 5). Analysis of activity associated with the Bitly account used to create the shortened URL revealed that it had been used to create more than 3,000 shortened links used to target more than 1,800 Google Accounts.
Figure 5. Link-shortener page for bit.ly/1PXQ8zP that reveals the full URL.
Target analysis
CTU researchers analyzed the Google Accounts targeted by TG-4127 to gain insight about the targets and the threat group’s intent.
Focus on Russia and former Soviet states
Most of the targeted accounts are linked to intelligence gathering or information control within Russia or former Soviet states. The majority of the activity appears to focus on Russia’s military involvement in eastern Ukraine; for example, the email address targeted by the most phishing attempts (nine) was linked to a spokesperson for the Ukrainian prime minister. Other targets included individuals in political, military, and diplomatic positions in former Soviet states, as well as journalists, human rights organizations, and regional advocacy groups in Russia.
Other targets worldwide
Analysis of targeted individuals outside of Russia and the former Soviet states revealed that they work in a wide range of industry verticals (see Figure 6). The groups can be divided into two broad categories:
TG-4127 likely targeted the groups in the first category because they criticized Russia. The groups in the second category may have information useful to the Russian government.
Figure 6. TG-4127 targeting outside of Russia and former Soviet states.
Authors and journalists
More than half (53%) of the targeted authors and journalists are Russia or Ukraine subject matter experts (see Figure 7). It is likely that the Russian state has an interest in how it is portrayed in the media. U.S.-based military spouses who wrote online content about the military and military families were also targeted. The threat actors may have been attempting to learn about broader military issues in the U.S., or gain operational insight into the military activity of the target’s spouse.
Figure 7. Subject matter expertise of authors and journalists targeted by TG-4127.
Government supply chain
CTU researchers identified individuals who were likely targeted due to their position within the supply chain of organizations of interest to TG-4127 (e.g., defense and government networks). Figure 8 shows the distribution by category. The targets included a systems engineer working on a military simulation tool, a consultant specializing in unmanned aerial systems, an IT security consultant working for NATO, and a director of federal sales for the security arm of a multinational technology company. The threat actors likely aimed to exploit the individuals’ access to and knowledge of government clients’ information.
Figure 8. Categories of supply chain targets.
Government / military personnel
TG-4127 likely targeted current and former military and government personnel for potential operational insight gained from access to their personal communications. Most of the activity focused on individuals based in the U.S. or working in NATO-linked roles (see Figure 9).
Figure 9. Nation or organization of government/military targets.
TG-4127 targeted high-profile Syrian rebel leaders, including a leader of the Syrian National Coalition. Russian forces have supported Syrian President Bashar al-Assad’s regime since September 2015, so it is likely the threat actors are seeking to gain intelligence on rebel forces to assist Russian and Assad regime military operations.
Success of the phishing campaign
CTU researchers analyzed 4,396 phishing URLs sent to 1,881 Google Accounts between March and September, 2015. More than half (59%) of the URLs were accessed, suggesting that the recipients at least opened the phishing page. From the available data, it is not possible to determine how many of those Google Accounts were compromised. Most of the targeted accounts received multiple phishing attempts, which may indicate that previous attempts had been unsuccessful. However, 35% of accounts that accessed the malicious link were not subject to additional attempts, possibly indicating that the compromise was successful.
Of the accounts targeted once, CTU researchers determined that 60% of the recipients clicked the malicious Bitly. Of the accounts that were targeted more than once, 57% of the recipients clicked the malicious link in the repeated attempts. These results likely encourage threat actors to make additional attempts if the initial phishing email is unsuccessful.
Source: Threat Group-4127 Targets Google Accounts
Here's another article by SecureWorks:
Spearphishing details
The short links in the spearphishing emails redirected victims to a TG-4127-controlled URL that spoofed a legitimate Google domain. A Base64-encoded string containing the victim's full email address is passed with this URL, prepopulating a fake Google login page displayed to the victim. If a victim enters their credentials, TG-4127 can establish a session with Google and access the victim's account. The threat actors may be able to keep this session alive and maintain persistent access.
Hillary for America
TG-4127 exploited the Hillary for America campaign's use of Gmail and leveraged campaign employees' expectation of the standard Gmail login page to access their email account. When presented with TG-4127's spoofed login page (see Figure 1), victims might be convinced it was the legitimate login page for their hillaryclinton.com email account.
Figure 1. Example of a TG-4127 fake Google Account login page.
CTU researchers observed the first short links targeting hillaryclinton.com email addresses being created in mid-March 2016; the last link was created in mid-May. During this period, TG-4127 created 213 short links targeting 108 email addresses on the hillaryclinton.com domain. Through open-source research, CTU researchers identified the owners of 66 of the targeted email addresses. There was no open-source footprint for the remaining 42 addresses, suggesting that TG-4127 acquired them from another source, possibly other intelligence activity.
The identified email owners held a wide range of responsibilities within the Hillary for America campaign, extending from senior figures to junior employees and the group mailboxes for various regional offices. Targeted senior figures managed communications and media affairs, policy, speech writing, finance, and travel, while junior figures arranged schedules and travel for Hillary Clinton's campaign trail. Targets held the following titles:
Publicly available Bitly data reveals how many of the short links were clicked, likely by a victim opening a spearphishing email and clicking the link to the fake Gmail login page. Only 20 of the 213 short links have been clicked as of this publication. Eleven of the links were clicked once, four were clicked twice, two were clicked three times, and two were clicked four times.
Democratic National Committee
CTU researchers do not have evidence that these spearphishing emails are connected to the DNC network compromise that was revealed on June 14. However, a coincidence seems unlikely, and CTU researchers suspect that TG-4127 used the spearphishing emails or similar techniques to gain an initial foothold in the DNC network.
Personal email accounts
CTU researchers identified TG-4127 targeting 26 personal gmail.com accounts belonging to individuals linked to the Hillary for America campaign, the DNC, or other aspects of U.S. national politics. Five of the individuals also had a hillaryclinton.com email account that was targeted by TG-4127. Many of these individuals held communications, media, finance, or policy roles. They include the director of speechwriting for Hillary for America and the deputy director office of the chair at the DNC. TG-4127 created 150 short links targeting this group. As of this publication, 40 of the links have been clicked at least once.
Related activity and implications
Although the 2015 campaign did not focus on individuals associated with U.S. politics, open-source evidence suggests that TG-4127 targeted individuals connected to the U.S. White House in early 2015. The threat group also reportedly targeted the German parliament and German Chancellor Angela Merkel's Christian Democratic Union party. CTU researchers have not observed TG-4127 use this technique (using Bitly short links) to target the U.S. Republican party or the other U.S. presidential candidates whose campaigns were active between mid-March and mid-May.
Source: Threat Group-4127 Targets Hillary Clinton Presidential Campaign
Read these two articles for more context:
How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts
How Russia Pulled Off the Biggest Election Hack in U.S. History
Guccifer2.0, The Shadow Brokers, and DCLeaks, who have all leaked U.S. documents/cyberweapons, love talking about the "U.S. elite" and "corruption" in America, along with saying "the elections are rigged." I wonder why these people suddenly became so interested in the U.S. election?
Regardless, we know from the Bit.ly victim profiles that Podesta, the DNC, Ukrainian/Russian journalists, Bellingcat and other enemies of Russia were targeted by these groups. This also means that those targeted by DCLeaks and Guccifer2.0 were the same people, and that the aforementioned entities are actually one.
Why would they lie about being separate groups?
Lastly, I have gone through all the public statements made by these groups, by going through their TwitteTumblMedium/WordPress/web posts. Here are some of the comments made by DCLeaks, Guccifer2.0 and The Shadow Brokers. Tell me if you notice a common theme:
DCLeaks
Known for hacking the emails of former Secretary of State Colin Powell and former NATO General Breedlove, as well as Soros' OSF intranet documents.
George Soros is a Hungarian-American business magnate, investor, philanthropist, political activist and author who is of Hungarian-Jewish ancestry and holds dual citizenship. He drives more than 50 global and regional programs and foundations. Soros is named an architect and a sponsor of almost every revolution and coup around the world for the last 25 years. The USA is thought to be a vampire due to him and his puppets, not a lighthouse of freedom and democracy. His minions spill blood of millions and millions of people just to make him even more rich. Soros is an oligarch sponsoring the Democratic party, Hillary Clinton, hundreds of politicians all over the world. This website is designed to let everyone inside George Soros’ Open Society Foundation and related organisations. We present you the workplans, strategies, priorities and other activities of Soros. These documents shed light on one of the most influential network operating worldwide.
Source: http://soros.dcleaks.com
Welcome another cog in the U.S. political and military machine. CAPT Pistole's emails released
documents reveal the billionaire’s attempt to organize a “national movement” to create a federalized police force.
Looks like Clinton's staff doesn't care about security.Wonder from whom did they learn it..
FBI hq is a great place for club meeting especially when Clinton is under investigation
A further look at their Twitter account reveals that they mostly re-tweet WikiLeaks/RT/PressTV, hate Clinton, like Trump, love talking about the email scandal, post conspiracy theories about Mark Zuckerberg, exclusively target Russia's enemies (like former NATO General Breedlove, Soros, Colin Powell, etc,.), defend Russia from being attacked, and have a penchant for focusing on news portraying the U.S. elections/debates as "rigged":
Check the private correspondence between Philip Breedlove and Harlan Ullman
Check restricted documents of George Soros’ Open Society Foundation
Check restricted documents leaked from Hillary Clinton's presidential campaign staff
Emails show Obama saw US involvement in Russia talks as a 'threat'
'Gen. plotted against Obama on Russia'
Check George Soros's OSF plans to counter Russian policy and traditional values
Check Soros internal files
A New McCarthyism: @ggreenwald on Clinton Camp's Attempts to Link @wikileaks, Trump & @DrJillStein to Russia
Source: https://twitter.com/dcleaks_
Guccifer 2.0
Known for hacking the DNC and DCCC.
Together we’ll be able to throw off the political elite, the rich clans that exploit the world!
Fuck the lies and conspirators like DNC!!!
Who inspires me? Not the guys like Rambo or Terminator or any other like them. The world has changed. Assange, Snowden, and Manning are the heroes of the computer age. They struggle for truth and justice; they struggle to make our world better, more honest and clear. People like them make us hope for tomorrow. They are the modern heroes, they make history right now.
Marcel Lazar is another hero of mine. He inspired me and showed me the way. He proved that even the powers that be have weak points.
Anyway it seems that IT-companies and special services can’t realize that people like me act just following their ideas but not for money. They missed the bus with Assange and Snowden, they are not ready to live in the modern world. They are not ready to meet people who are smart and brave, who are eager to fight for their ideals, who can sacrifice themselves for the better future. Working for a boss makes them slow I suppose. Do you need more proof?
don’t want to disappoint anyone, but none of the candidates has my sympathies. Each of them has skeletons in the closet and I think people have a right to know the truth about the politicians.
As for me, I see great differences between Hillary Clinton and Donald Trump. Hillary seems so much false to me, she got all her money from political activities and lobbying, she is a slave of moguls, she is bought and sold. She never had to work hard and never risked everything she had. Her words don’t meet her actions. And her collusion with the DNC turned the primaries into farce.
Opposite to her, Donald Trump has earned his money himself. And at least he is sincere in what he says. His position is straight and clear.
Anyway that doesn’t mean that I support him. I’m totally against his ideas about closing borders and deportation policy. It’s a nonsense, absolute bullshit.
I have nothing to say about Bernie Sanders. It seems he never had a chance to win the nomination as the Democratic Party itself stood against him!
Here are the DCCC docs on Florida: reports, memos, briefings, dossiers, etc. You can have a look at who you are going to elect now. It may seem the congressional primaries are also becoming a farce.
As you can see, the private server of the Clinton clan contains docs and donors lists of the Democratic committees, PACs, etc. Does it surprise you?
It looks like big banks and corporations agreed to donate to the Democrats a certain percentage of the allocated TARP funds.
I found out something interesting in emails between DNC employees and Hillary Clinton campaign staff. Democrats prepare a new provocation against Trump. After Trump sent his financial report in May it appeared on DNC servers at once. DNC rushed to analyze it and asked the Jones Mandel company to make an effective investigation. I won’t be surprised if some mainstream media like the New York Times or CNN publish soon Trump’s financial docs. No doubt who could give them.
I’d like to warn you that the Democrats may rig the elections on November 8. This may be possible because of the software installed in the FEC networks by the large IT companies.
As I’ve already said, their software is of poor quality, with many holes and vulnerabilities.
I have registered in the FEC electronic system as an independent election observer; so I will monitor that the elections are held honestly.
I also call on other hackers to join me, monitor the elections from inside and inform the U.S. society about the facts of electoral fraud.
Source: https://guccifer2.wordpress.com
Here and here he claims that he's the source of WikiLeaks' DNC documents, something that has gone unreported in the media.
He frequently re-tweets WikiLeaks, just like DCLeaks. He re-tweets and follows conspiracy theory outlets like Alex Jones and Roger Stone, just like DCLeaks followed RT and PressTV. Of course, he sprang back to life two days ago, right before Election Day, to complain about "Democrats rigging the election." I thought he didn't favour any political party?
Source: https://twitter.com/GUCCIFER_2
The Shadow Brokers
Known for leaking the NSA's elite hacking entity's, Equation Group's, cyberweapons.
!! Attention Wealthy Elites !!!
We have final message for “Wealthy Elites”. We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?
Source: https://archive.is/WkT7o#selection-337.0-341.1595
TheShadowBrokers is having special trick or treat for Amerikanskis tonight. But first questions.
Why is DirtyGrandpa threating CIA cyberwar with Russia? Why not threating with NSA or CyberCommand? CIA is cyber B-Team, yes? Where is cyber A-Team? Maybe threating is not being for external propaganda? Maybe is being for internal propaganda? Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures. But neverminding, hacking DNC is way way most important than EquationGroup losing capabilities. Amerikanskis is not knowing USSA cyber capabilities is being screwed? Where is being “free press”? Is ABC, NBC, CBS, FOX negligent in duties of informing Amerikanskis? Guessing “Free Press” is not being “Free as in free beer” or “Free as in free of government influence?
Let us be speaking regarding corruption. If Peoples#1 is having $1.00 and Peoples#2 is having $1000.00 which peoples is having more money? Which peoples is having more spending power? Voter$1 is giving $1 to politician and Voter$1000 is giving $1000 to politician, which voters is having more political power? Is both voters having equal political power? “one person, one vote”? Politicians, lobbyist, media, even SCOTUS (supreme court) is saying this is being true, money is not corrupting. In binary world, maybe. But world is not being binary, is it? What about peoples#3, VoterUndecided? VoterUndecided is giving no moneys and no votes. Politician is needing money for campaign to buy advertising, positive media stories, advisors, pollsters, operatives to be making VoterUndecided vote for politician. Political fundrasing, now which voter is having more political power? VoterUndecided votes for politician and politician wins. Re-election is coming. Government budget decision is required. Voter$1 is wanting politician to be spending taxes on education for making children into great thinkers, leaders, scientists. Voter$1000 is shareholder of defense & intelligence company is wanting politician spending taxes on spying and war to be making benefit self, for great profit. Political favors, now, which voter is having more political power? Did theshadowbrokers lose Amerikanskis? Amerikanskis is still thinking “one person, one vote”? Money isn’t corrupting elections, politics, govenments?
USSA elections is coming! 60% of Amerikansky never voting. Best scenario is meaning half of remaining red or blue fanatics or 20% of the most fanatical is picking USSA government? A great power. A free country. A good-doer. TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots? The wealthy elites is being weakest during elections and transition of power. Is being why USSA is targeting elections in foreign countries. Don’t beleiving? Remembering Iran elections? Rembering stuxnet? Maybe is not Russia hacking election, maybe is being payback from Iran?
Ok peoples theshadowbrokers is promising you a trick or treating, here it is
https://mega.nz/#F!D1Q2EQpD!Lb09shM5XMZsQ_5_E1l4eQ https://yadi.sk/d/NCEyJQsBxrQxz
Password = payus
This is being equation group pitchimpair (redirector) keys, many missions into your networks is/was coming from these ip addresses. Is being unfortunate no peoples is already owning eqgrp_auction_file. Auction file is having tools for to making connect to these pitchimpairs. Maybe tools no more installed? Maybe is being cleaned up? To peoples is being owner of pitchimpair computers, don’t be looking for files, rootkit will self destruct. Be making cold forensic image. @GCHQ @Belgacom TheShadowBrokers is making special effort not to using foul language, bigotry, or making any funny. Be seeing if NBC, ABC, CBS, FOX is making stories about now? Maybe political hacks is being more important?
How bad do you want it to get? When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!
Source: https://medium.com/@shadowbrokerss/message-5-trick-or-treat-e43f946f93e6#.9cfljtkx3
Again, the usual old spiel of brave hackers fighting "USSA"/"Amerikansky" "corruption". It's gotten quite repetitive by now.
Bizarrely, they began posting Bill Clinton and Lorreta Lynch erotic fan fiction at some point:
https://medium.com/@shadowbrokerss/begin-pgp-signed-message-hash-sha1-2a9aa03838a4#.896d0iqpi
submitted by DownWithAssad to Intelligence [link] [comments]

Culminating Analysis of DNC/DCCC/Soros/Colin-Powell/NATO-General-Breedlove/NSA-Equation-Group/Podesta Leaks and Hacks

It has been a running theme lately that the U.S. government blaming Russia for the DNC/Podesta leaks is an attempt at deflection and is false. In the past few days, however, some very interesting pieces of information have come out from three different well-respected cybersecurity companies tasked with investigating the leaks or the groups behind these leaks. These companies are CrowsdStrike, Symantec, and SecureWorks. I think it is important that we cast away the media's non-technical analyses and go straight to the source.
The founder of CrowdStrike is a Russian-American and his company has been tasked with investigating the DNC/Podesta leaks. He blames Mother Russia. Relevant excerpts:
At six o'clock on the morning of May 6, Dmitri Alperovitch woke up in a Los Angeles hotel to an alarming email. Alperovitch is the thirty-six-year-old cofounder of the cybersecurity firm CrowdStrike, and late the previous night, his company had been asked by the Democratic National Committee to investigate a possible breach of its network. A CrowdStrike security expert had sent the DNC a proprietary software package, called Falcon, that monitors the networks of its clients in real time. Falcon "lit up," the email said, within ten seconds of being installed at the DNC: Russia was in the network.
Alperovitch, a slight man with a sharp, quick demeanor, called the analyst who had emailed the report. "Are we sure it's Russia?" he asked.
The analyst said there was no doubt. Falcon had detected malicious software, or malware, that was stealing data and sending it to the same servers that had been used in a 2015 attack on the German Bundestag. The code and techniques used against the DNC resembled those from earlier attacks on the White House and the State Department. The analyst, a former intelligence officer, told Alperovitch that Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike's experts believed was affiliated with the FSB, Russia's answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence.
Alperovitch then called Shawn Henry, a tall, bald fifty-four-year-old former executive assistant director at the FBI who is now CrowdStrike's president of services. Henry led a forensics team that retraced the hackers' steps and pieced together the pathology of the breach. Over the next two weeks, they learned that Cozy Bear had been stealing emails from the DNC for more than a year. Fancy Bear, on the other hand, had been in the network for only a few weeks. Its target was the DNC research department, specifically the material that the committee was compiling on Donald Trump and other Republicans. Meanwhile, a CrowdStrike group called the Overwatch team used Falcon to monitor the hackers, a process known as shoulder-surfing.
Ultimately, the teams decided it was necessary to replace the software on every computer at the DNC. Until the network was clean, secrecy was vital. On the afternoon of Friday, June 10, all DNC employees were instructed to leave their laptops in the office. Alperovitch told me that a few people worried that Hillary Clinton, the presumptive Democratic nominee, was clearing house. "Those poor people thought they were getting fired," he says.
For the next two days, three CrowdStrike employees worked inside DNC headquarters, replacing the software and setting up new login credentials using what Alperovitch considers to be the most secure means of choosing a password: flipping through the dictionary at random. (After this article was posted online, Alperovitch noted that the passwords included random characters in addition to the words.) The Overwatch team kept an eye on Falcon to ensure there were no new intrusions. On Sunday night, once the operation was complete, Alperovitch took his team to celebrate at the Brazilian steakhouse Fogo de Chão.
...
Aperovitch's June 14 blog post garnered so much media attention that even its ebullient author felt slightly overwhelmed. Inevitably there were questions about the strange names his company had given the Russian hackers. As it happened, "Fancy Bear" and "Cozy Bear" were part of a coding system Alperovitch had created. Animals signified the hackers' country of origin: Russians were bears, Chinese were pandas, Iranians were kittens, and North Koreans were named for the chollima, a mythical winged horse. By company tradition, the analyst who discovers a new hacker gets to choose the first part of the nickname. Cozy Bear got its nickname because the letters coz appeared in its malware code. Fancy Bear, meanwhile, used malware that included the word Sofacy, which reminded the analyst who found it of the Iggy Azalea song "Fancy."
The day after the media maelstrom, the reporters were back with less friendly questions: Had Alperovitch gotten his facts right? Was he certain Russia was behind the DNC hacks? The doubts were prompted by the appearance of a blogger claiming to be from Eastern Europe who called himself Guccifer 2.0. Guccifer said that the breach was his, not Russia's. "DNC'S servers hacked by a lone hacker," he wrote in a blog post that included stolen files from the DNC. "I guess CrowdStrike customers should think twice about company's competence," Guccifer wrote. "Fuck CrowdStrike!!!!!!!!!"
an incorrect attribution in public. "Did we miss something?" he asked CrowdStrike's forensics team. Henry and his staff went back over the evidence, all of which supported their original conclusion.
Alperovitch had also never seen someone claim to be the only intruder on a site. "No hacker goes into the network and does a full forensic investigation," he told me. Being called out, he said, was "very shocking. It was clearly an attack on us as well as on the DNC."
Alperovitch initially thought that the leaks were standard espionage and that Guccifer's attacks on CrowdStrike were just a noisy reaction to being busted. "I thought, Okay, they got really upset that they were caught," he said. But after documents from the DNC continued to leak, Alperovitch decided the situation was far worse than that. He concluded that the Russians wanted to use the leaked files to manipulate U. S. voters—a first. "It hit me that, holy crap, this is an influence operation. They're actually trying to inject themselves into the election," he said. "I believe that we may very well wake up on the morning the day after the election and find statements from Russian adversaries saying, 'Do not trust the result.' "
...
Days later, Alperovitch got a call from a Reuters reporter asking whether the Democratic Congressional Campaign Committee had been hacked. CrowdStrike had, in fact, been working on a breach at the DCCC; once again, Alperovitch believed that Russia was responsible. Now, however, he suspected that only Fancy Bear was involved. A lawyer for the DCCC gave Alperovitch permission to confirm the leak and to name Russia as the suspected author.
Two weeks later, files from the DCCC began to appear on Guccifer 2.0's website. This time he released information about Democratic congressional candidates who were running close races in Florida, Ohio, Illinois, and Pennsylvania. On August 12, he went further, publishing a spreadsheet that included the personal email addresses and phone numbers of nearly two hundred Democratic members of Congress.
...
Alperovitch's friends in government told him privately that an official attribution so close to the election would look political. If the government named Russia, it would be accused of carrying water for Hillary Clinton. The explanations upset Alperovitch. The silence of the American government began to feel both familiar and dangerous. "It doesn't help us if two years from now someone gets indicted," he said. After Michelle Obama's passport was published online, on September 22, Alperovitch threw up his hands in exasperation. "That is Putin giving us the finger," he told me.
Source: The Russian Expat Leading the Fight to Protect America
The guy responsible for ousting Stuxnet as being an American/Israeli cyberworm (no friend of the U.S. government/establishment) also says that his company, Symantec, has found that Russia was responsible for the leaks:
It is pretty clear judging by the indicators of compromise [IOCs]. The binaries that were used to hack the DNC as well as Podesta’s email as well as some other Democratic campaign folks, those IOCs match binaries and also infrastructure that was used in attacks that were previously recorded by others as having Russian origin. That much we can confirm. So if you believe other people’s—primarily government’s—attribution that those previous attacks were Russian, then these attacks are definitely connected. We’re talking about the same binaries, the same tools, the same infrastructure.
We’ve analyzed the tools, the binaries, and the infrastructure that was used in the attack, and from that we can confirm that it’s connected to a group that has two names. One is Sofacy, or “Cozy Bear,” and The Dukes, which is also known as “Fancy Bear.” From the binary analysis point of view, I can tell you that the activities of these attackers have been during Russian working hours, either centered on UTC+3 or UTC+4; they don’t work Russian holidays; they work Monday to Friday; there are language identifiers inside that are Russian; when you look at all the victim profiles they would be in interest to the Russian nation-state. So all of that stuff fits the profile. Now, could all those things be false flags? Sure. Other government entities obviously have come out and said it is the Russian state, and the binary forensics would definitely match that.
There was another attack that happened in the Ukraine. So in December, in the Ukraine, all the power went out to about 260,000 households, or customers. They basically infiltrated the power company, got access to the machines that controlled the power, they flipped the computer switches off and shut down the power, and then they began to wipe all the machines and devices—overriding the hard drives and trashing the machines so that they couldn’t be started up again, or so that the switches couldn’t come on again. Ukrainians were able to get power back after six hours by switching to manual mode. They went off their computer monitor mode and physically flipped the switches to bring the power back up. What’s interesting about that case is the fact that they were more behind technologically actually helped them. Something very similar could easily happen in the U.S. and we’re much more beholden to computing infrastructure here, so our ability to switch to manual mode here would be much more difficult.
Is there linkage between the DNC and Podesta hacks and the 2014 State Department hacks that were also believed to be carried out by Russia?
Yeah, these are being conducted by the same groups. We know that from the IOCs—by looking at the tools they use and the infrastructure they use.
Many of these attacks were happening prior to the nomination of Trump. Based on that theory, people believe that there was a general plan for disruption, and it may be the case now that the easiest and