Why is my hacked website redirecting to bitcoin.Org ...

Blitzino Casino (Pay N Play) 100% up to €500 free bonus

Blitzino Casino (Pay N Play) 100% up to €500 free bonus

Blitzino Casino Free Play & Welcome Bonus
Get 100% up to €500 welcome bonus when you join Blitzino Casino. This is the best Pay N Play Casino for Germany. Instant Deposits & Cashouts! No download required! Tax-free payouts!
>> Play for Free Now <<

Welcome to Blitzino Casino Review

Blitzino Casino is an online gambling site, owned by the company Co-Gaming Limited Casino. It was established in 2018. The casino has acquired a license from the Malta Gaming Authority (MGA), to ensure easy access and accommodation for the gamblers. The customer support is friendly and always ready to give answers to the player’s questions. Agents are active 24/7 and can be reached email, phone and live chat.
Blitzino Casino has partnered with numerous software providers, which can create a plethora of various games with stunning visuals and rich audio, therefore promising the customers a good time. Some of the most popular developers that work with the site are Thunderkick, Play n’ Go, NYX Interactive, NetEnt, Microgaming, Yggdrasil, Evolution Gaming, Betsoft and Gamomat, but, of course, there are many more.
Blitzino Casino uses a Secure Sockets Layer ( SSL) encryption technology, to protect the gambler’s data, hence creating a secure link between the web server and the player’s browser that cannot be hacked easily. A clear indication that the site has made this security measure is the green padlock on the left side of the bank’s URL.
Furthermore, the providers have created the game collection with a mobile-friendly design. The casino is available mostly on iPhone and Android. There is no need to download other apps or external clients to access the site.

Blitzino Casino Login

In order to play all casino games at Blitzino Casino, you will have to register an account. For your convenience, simply tap here or at the red button below and you will be redirected to the casino’s website. You will find a login / register button in the middle of your screen. Signing up at Blitzino casino will give you access to all casino games and you can try them for free before playing with real money.

Blitzino Casino Bonus

Blitzino Casino will wish the new players a very warm welcome with an exclusive 100% first deposit bonus up to €500. The minimum amount you can deposit is €5. It is important to mention that deposits made via e-wallets (Skrill and Neteller) do not qualify for the bonus. To be able to withdraw your winnings, both the deposit and the bonus amounts need to be rolled over 35 times. The roll-over requirements need to completed in 30 days after activating the bonus.
>> Play for Free Now <<

Blitzino Casino Free Spins

On top of a hefty welcome bonus, Blitzino Casino cares for their regular customers by offering a wide variety of different on-going promotions. Most of them award free spins on daily reload bonuses. You can check the Daily Bonus offers simply by visiting the Daily Offer page in the casino’s website. Usually Blitzino Casino provides two options for its players, depending on their bankroll. A daily deposit up to €50 will award you with 20 free spins, whille high-rollers with deposits of €50 and more will get 100 free spins.

Blitzino Casino Games

The games that are included in the casino’s collection have been created with an adaptive and responsive design. There are well over 500 games, created to keep the players coming back to the site time and time again- blackjack, slots, live dealer games, poker, roulette, bingo, lotto etc.
Slots are probably the most popular type of game, primarily thanks to the ‘speed round’ bonus the casino has, that could naturally be played mostly on slot games. There are many varieties-multi-line, 3-reel, 1- pay line, and so on. The casino has included the most popular and exciting slot games in its line-up, such as Mega Moolah, The Dark Knight, King Cashalot, Mega Fortune, Gonzo’s Quest, Game of Thrones and many others.
Blackjack is a game that requires a little more skill, so it’s preferred mostly by professional players. Blitzino Casino’s blackjack collection includes many famous titles, such as American Blackjack, Pontoon, Single Deck Blackjack, Double Deck Blackjack, Progressive Blackjack and Super 21 Blackjack. Roulette is a well-known game of chance. The casino has featured a few of the most popular versions- European roulette, French roulette and American roulette.
Poker in Blitzino Casino also comes with a few variations – Texas Hold’em, Caribbean Stud poker, Triple Stud, 7- Card Stud, Ace 5 Low- Ball, 2-7 Single Draw, 2-7 Triple Draw, 5- Card Omaha and many more. Besides, there are two games that the site offers, which are not utilized much in other casinos – these are the games Bingo and Lotto. They are great for beginners because the stakes are low. Players can gradually improve their skills, before trying their luck at a more advanced game like video poker or blackjack.
Blitzino Casino has an impressive collection of Live dealer games. These types of games provide a comfortable atmosphere, incredible graphics and a helpful dealer who is always ready to come to the aid of the wondering player. The list of Live casino games mostly feature versions of Roulette, Blackjack and Poker, as those titles are the most common in the selection.
>> Play for Free Now <<

Blitzino Casino Mobile App

Blitzino Casino are yet to develop a mobile app, but it does not mean you can’t enjoy their games on your smartphone devices. The casino’s mobile version works just fine and is a clone of its desktop version. All casino games available on the desktop version can be found in your mobile browser. In order to play your favorite games at Blitzino Casino from your mobile device, simply load the website from your preferred browser.

Blitzino Casino Payment Methods

The site uses only the most convenient payment methods. This way, it’s easier for the customers to quickly deposit or withdrawal the money if they need to. The top three ways a player can transfer money when they make an account at Blitzino Casino are using Trustly, a bank wire transfer and a Cryptocurrency.
Trustly has the reputation of a safe, fast and simple-to-use method of making transactions. There isn’t a stated withdrawal limit, and the pending time is rather quick at around 15 minutes per transaction. Cryptocurrency is a newly developed way for players around the world to make transactions. With this casino, transfers are usually made with Bitcoin.

Blitzino Casino Conclusion

Blitzino Casino is an online gambling establishment, created in 2018. Though the site is recent, the operators have made it clear that they prioritize the safety of the players. Blitzino Casino uses high-quality forms of encryption to ensure that the personal information of customers stays intact. The primary language, in which the casino site operates is German.
Furthermore, the site has partnered up with numerous software providers, to give the gamblers a multitude of different and exciting games to enjoy. The downsides are that there aren’t many bonuses or promotions or that many different payment methods. This could be explained with the fact that the site has only recently come into being, and therefore has plenty of time to improve on these aspects of its portfolio.
>> Play for Free Now <<
submitted by casinogy to u/casinogy [link] [comments]

Why did I build AmputatorBot?

Why did I build AmputatorBot?
AmputatorBot.com | Remove AMP from URLs in just one click! - More info
Open-sourced on GitHub - More info
Summon AmputatorBot by mentioning it like this: u/AmputatorBot

Why AMP is a threat to the Open Web

What is AMP?
AMP is an open-source web component framework developed by the AMP Open Source Project, first announced by Google in 2015 as a reaction to Facebook’s Instant Articles and Apple News. While it was originally aimed at accelerating mobile pages (hence AMP), it’s now a much broader project aimed at improving the UX of websites, stories, ads and mail. The AMP framework consists of three components: AMP HTML, which is standard HTML markup with web components; AMP JavaScript, which manages resource loading; and AMP caches, which serves and validates AMP pages.
In plain English: AMP is Google’s attempt at making pages (and more) faster. They did a good job, pages built with the AMP framework will normally load faster. However, as this article explains, you won’t notice much of a difference unless the AMP library is served using the AMP cache, but more on that later.
The controversies with cached AMP pages
The AMP format is itself not much of a problem. In fact, we should applaud search engines that give ranking preference to fast-loading pages like AMP, but four aspects of its implementation are flawed:
  1. Google mobile Search’s Top Stories carousel has a premium position above of all other results, which is only accessible for AMP pages. These pages have to use a technology that was build and maintained mostly by Google (of the top 10 contributors to the AMP project on GitHub, 9 are Google employees), are then served by Google from their infrastructure and placed within a Google controlled user experience. And since this carousel generates a lot of clicks and revenue, publishers are left no choice but to embrace AMP. This has the effect of further reinforcing Google’s dominance of the Web. Fortunately, Google has announced that it's working on opening up the Top Stories carousel to non-AMP pages in 2021.
  2. The biggest performance boost doesn’t come from the AMP framework, but from preloading the page. It begs the question: Should preloading really be exclusive to AMP? They could introduce a way for publishers to allow or disallow preloading and if Google sees fit, they could preload those pages too, alongside AMP.
  3. When a user navigates from Google to a piece of content Google has recommended (or when a user clicks on a shared cached AMP link), they are, unwittingly, remaining within Google’s ecosystem and the publisher’s domain is obscured by the google.com/amp prefix. To work around this Google introduced Signed HTTP Exchanges ([Draft], [1], [2]), a web-standard that allows the browser to display the original site's URL, instead of the actual one (the one with the google.com/prefix). This would solve the original issue, but while doing so it introduced new ones (e.g. it obfuscates the fact that they're delivering the AMP page you're visiting). Interestingly enough, Google's Chrome already has support for this technology, but parties not involved with AMP are not so enthusiastic: Mozilla has deemed it a harmful web standard [2], and Apple has taken a similar stance.
  4. Google’s entire business model is about collecting as much personal data as possible, AMP is just another tool to do so. As described in Google’s Support article:
“When you use the Google AMP Viewer, Google and the publisher that made the AMP page may each collect data about you.”
The controversies with non-cached AMP pages
To be clear, the above flaws are only with AMP pages cached by Google (or another party like Bing or Cloudflare) but there are also plenty of pages simply utilizing the AMP framework, recognized by URLs such as bbc.com/news/amp/. However, these are also problematic, mainly because there's only a small performance improvement when AMP pages aren't cached and AMP pages tend to be less feature-rich and less diverse than their originals. And in some edge cases, it breaks stuff.
One could argue that the more popular the AMP framework becomes, the more AMP threatens the open web. That said, it should be clear that the biggest problem lies with the cached AMP pages.
AMP is open source, but that doesn't make it holy. Or as Ferdy Christant puts it quite nicely in his blog:
Google’s main defense is that AMP is open source. Which isn’t just a weak defense, it’s no defense at all. I can open source a plan for genocide. The term “open source” is meaningless if the thing that is open source is harmful.
Just so we’re clear, I’m not claiming Google or the AMP project is evil (hell, they might even have good intentions!), but the fact is that AMP and it's implementation have some major flaws that threaten the Open Web. And as long as that's the case, AmputatorBot will be there to remove AMP from your URLs.
AmputatorBot scans for AMP pages on Reddit and replies with the canonical version
Learn more
Up next for the nerds among us:
  • AmputatorBot.com
  • Automatic working subreddits
  • Non-working subreddits
  • Changelog
  • Opt-out & opt-back-in
  • Browser extension
  • Support the project by donating, giving feedback, summoning the bot or spreading the word

AmputatorBot.com

Remove AMP in just one click with www.AmputatorBot.com! This is a free online tool (no ads) to remove AMP from your URLs. All you have to do is to copy paste an AMP URL, click the conversion-button and that's all! For more (background) info, check out this post. Here's a quick (no but literally) demo:
A demo of the AMP-removal process over at AmputatorBot.com
Alternatively, you can do it even quicker by doing this:
https://amputatorbot.com/?https://www.google.com/amp/s/electrek.co/2018/06/19/tesla-model-3-assembly-line-inside-tent-elon-musk/amp/
It's build up like this:
https://amputatorbot.com + /? + https://www.google.com/amp/s/electrek.co/2018/06/19/tesla-model-3-assembly-line-inside-tent-elon-musk/amp/

Automatic working subreddits

u/amputatorbot currently works automatically in a select number of subreddits: Afghanistan, Africa, against5G, againstRFID, amputatorbot, anime_titties, Argentina, Assyria, Azerbaijan, Bangladesh, Bosnia, Brasil, Bulgaria, Business, CenturyClubStairs, Chile, Chodi, chrome, Colombia, conspiracy, CorpFree, cyberpunk, Cuba, DeAmazon, DebunkThis, DeFacebook, deGoogle, deMicrosoft, economy, Ecuador, entertainment, Environment, europe, Europe, europrivacy, FakeNews, Features, Fijian, firefox, France, freesoftware, gamernews, Germany, Greece, Guyana, hacking, helpmefind, hockey, HumanRights, Hungary, ID_news, indiaspeaks, initFreedom, Iranian, Iraq, Israel, Italy, Kazakhstan, Kerala, Kurdistan, LeopardsAteMyFace, LevantineWar, MachineLearning, Malaysia, Mexico, MiddleEastNews, MideastPeace, Moldova, Nepal, NewsOfTheWeird, Nicaragua, NorthKoreaNews, Oceania, OnGuardForThee, Pakistan, Palestine, pcgaming, PeerTube, Philippines, Piracy, Poland, praisetheeditor, privacy, PuertoRico, robotics, Russia, Scotland, security, selfhosted, seo, Serbia, singapore, socialism, spacex, Spain, suckless, Switzerland, Syria, tech, technology, TechnologyDetox, test, TrueCrime, TrueCrimeDiscussion, TrueReddit, Turkey, Turkey, Ukraina, Ukraine, UkrainianConflict, UnresolvedMysteries, upliftingnews, Uruguay, USA, Venezuela, web_design, Westpapua, whatisthisthing, worldnews, Yemen and YemeniCrisis.
Feel free to hit me up with suggestions for subreddits to add!
You can summon the bot almost everywhere else by typing: u/AmputatorBot, more info here.

Non-working subreddits

AmputatorBot doesn't work in these subreddits android, androiddev, armenia, AskHistorians, askscience, AskScienceDiscussion, audio, australia, awfuleverything, bayarea, beer, belgium, bitcoin, books, canada, CanadaPolitics, cars, CCW, childfree, China, collapse, conservative, Cringetopia, croatia, CryptoCurrency, DataHoarder, disneyvacation, economics, ELI5, facepalm, flying, Futurology, gadgets, Games, gaming, gatesopencomeonin, geopolitics, Georgia, GlobalTalk, google, history, India, insaneparents, insanepeoplefacebook, instantkarma, iphone, iran, ireland, kitchener, korea, meme, moviedetails, movies, news, newzealand, nextfuckinglevel, nottheonion, oklahoma, pcmasterrace, Pete_Buttigieg, Philosophy, pihole, PoliticalDiscussion, politics, popheads, programming, raisedbynarcissists, rareinsults, Romania, science, SeattleWA, Sikh, SouthAfrica, space, survivor, television, Thailand, thenetherlands, TikTokCringe, TIL_Uncensored, todayilearned, trashy, tumblr, TwoXChromosomes, ukpolitics, unitedkingdom, unpopularopinion, USANews, warplaneporn, WatchPeopleDieInside, wellthatsucks, whatcouldgowrong, worldevents, worldpolitics, YouShouldKnow and almost all subreddits moderated by u/BotDefense or u/BotTerminator for diverse reasons. When you summon the bot there, you'll receive a DM with the canonical URL instead.p
If you're moderating a subreddit that is incorrectly listed here or if you would like AmputatorBot to work in your subreddit that's using u/BotDefense or u/BotTerminator please contact me.

Changelog

Check out the changelog here. Latest update: 22/08/2020

Opt out & opt back in

The bot works automatically in the subreddits mentioned above and manually using mentions.
Opt out: If you want to prevent the bot from replying to your comments and submissions, click here to opt out.
Opt back in: Did you opt-out and regret it? NP! Click here to opt back in.
Note: If you want to opt out from AmputatorBot on Twitter, please contact me or block it.

Browser-extension

Check out this browser-extension by Daniel Aleksandersen: 'Redirect AMP to HTML', it makes it that every time you click an AMP page, you will be redirected to the canonical page instead. In other words, it does the the same as u/AmputatorBot and AmputatorBot.com, but fully automatic. I can't recommend this one enough!

Support the project

.. By summoning the bot: If you've spotted an AMP URL on Reddit and u/AmputatorBot seems absent, you can summon the bot by mentioning u/AmputatorBot in a reply to the comment or submission containing the AMP URL. You'll receive a confirmation through PM. For more details, check out this post!
.. By giving feedback: Most of the new features were made after suggestions from you guys, so hit me up if you have any feedback! You can contact me on Reddit, fill an issue or make a pull request.
.. By sponsoring: The bot and website cost approximately €8.26 a month to host and while that might not seem like much, it adds up. All donations will be used ONLY to pay for hosting. You can specify any amount you want, but please keep in mind that I only want to try to cover some of the costs. Thank you so much! - https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=EU6ZFKTVT9VH2
.. By spreading the word: In the end, the only goal of AmputatorBot is to allow people to have an informed choice. You can help by spreading the word in whatever way you deem the most appropriate.

From the bottom of my heart, thank you so much for the tremendous support you've given me and AmputatorBot <3

https://preview.redd.it/fzhy8jedu6e51.png?width=3890&format=png&auto=webp&s=581561e0e267bb53ee3961a5e894633f8d6ff73f
submitted by Killed_Mufasa to AmputatorBot [link] [comments]

My darkweb experience

As you can expect from the title, this how my first experience on the dark web went. I'm writing this as a warning to all of you who have interest going on there. I know this may just encourage more of you on there, but please just know that what I'm telling you has given me nightmares for days now. Just read this and learn from my wisdom. Thinking you can handle what is out there isn't the same as actually handling it.
I had always been interested in the dark web. However, I never owned a personal computer growing up, and the college I went to had strict internet monitoring/filtering, so I never risked making an incursion. Well I went home due to the coronavirus outbreak, and decided it was time to figure out what all the fuss was about.
So I did some research, and decided to install Tails as a VM and browse from their, hopefully protecting my computer from any malicious attacks. I pull up a tor browser and hop on the hidden-wiki. For the most part, most of the links timed out, most likely they were taken down for one reason or another. Then I found more links to updated "hiden-wikis."
These must've been updated more recently as several more of the links worked. Nothing crazy. Some deepweb porn (honestly the clearnet stuff is better), sites selling drugs, IDs, bitcoin, etc. The occasional conspiracy site. "Red Rooms" that looked like a 10 year old taking an HTML course made, most likely scams.
It was near the bottom of this hidden-wiki page that I found an interesting cite. I forget the name, but the description said "link paste." If you ever find the wiki page, a quick ctrl-f will find it for you. It was a pretty simple website. Basically it was an online forum, actually similar to reddit. However it appeared it was primarily used for posting newfound links and offering various services - hacking, drugs, prostitution. Some darker stuff too, linking/selling child porn and pay to view webcams of blackmailed teens. I stayed away from those.
One of the links caught my eye for some reason. "Get revenge on my girlfriend!" Normally posts like these linked the girlfriends nudes or whatever, but not this one. The OP gave a ton of her info, saying she cheated. Her drivers licence, pictures, email, address. I couldn't read all of it because apparently the girl was chinese.
At first the comments were actually quite wholesome and I laughed, people telling him that she wasn't worth it and he could do way better. "Don't worry about her, king, you can do so much better" and whatnot. Surprisingly wholesome actually. I guess even on the darkweb we're all still bros. But as I scrolled down, one of the comments posted a link, captioned "got revenge."
I, being an idiot, opened it. It redirected me to what looked like a downgraded youtube video. I clicked play. The video started off in what looked like somebody's unfinished basement. The camera panned, around to a hooded woman tied up in a chair, naked. The floor was covered by a tarp. I had a sinking feeling of where this was going. I should've closed the link, deleted the VM, and never looked back. But my curiosity got the better of me. A man walks in from the edge. He's shirtless, revealing a hairy beer gut, but hes wearing what looks like a gimp mask (the footage was kinda grainy so I'm not totally sure). I see he's holding a hacksaw. I should've closed that browser then and their, but I sat, paralyzed by fear of what I knew I was about to see. He took the hood off of the woman, revealing what looked like the woman in the photos above. Her hair was disheveled and her makeup was smeared across her face crying. She looked around frantically, trying to make out her surroundings.
The man started with her arm. Still tied to the chair, he began hacking away at her shoulder as she screamed and squirmed. I could hear the sound of the saw, tearing at her bone. It makes me sick just to think about. The tarp pooled with blood.
I don't really want to describe in any more detail what happened next. Needless to say, the rest of her limbs were removed, and her corpse was strewn across the floor, matted with blood. The camera came in close to her face, as if to verify it was the girl.
No longer paralyzed, I immediately closed the browser, horrified by what I had just seen. However, there was a new window open, like one of those popup boxes. On it was simply a series of numbers. An IP address. And below it, the text, "We know who you are."
I quickly opened a terminal, and typed in 'ipconfig,' displaying my IP address. It was a match.
I stared for a minute in terror. Did they know who I was? Where I am? I sprung into action. I powered off the Virtual Machine, deleted it from VMware. I then immediately deleted the disk image file it came in and emptied the recycle bin. I restarted my computer. There didn't seem to be any sign of any malware, so I shut it down, and went to bed, falling into a restless dream.
I haven't really slept since then. I keep seeing what I saw in my nightmares. I'm still scared that somehow they'll find me. I sleep with a gun now. Every noise at night wakes me up in terror. I'm writing this to all of you would be deep web delvers. This isn't going to stop most of you, but at the least I can warn you. Be careful. Try to stay to the safer sites. Don't just click random links. There's some cool stuff out there. But whatever you see is with you forever. I'm probably not ever going back there. Theres nothing on there worth what I've been through.
submitted by Nordic_Shadow to Scary [link] [comments]

Echange AUTOMATIQUE | CRYPTO PAYPAL CASH NEOSURF

SeekToken est un service en ligne qui permet la conversion, l'achat et la vente. Nous acceptons les crypto-monnaies, Paypal, Cash et Neosurf.
Vous achetez des TOKEN (monnaie du site) avec les différents modes de paiements cités précédemment, ensuite, vous pouvez les utiliser pour acheter vers la monnaie de votre choix (crypto-monnaies, Paypal et Neosurf).
Plusieurs possibilités s'offrent à vous : #1 - Via un dépôt Bitcoin (il sera automatiquement converti en TOKEN*)* #2 - Via Neosurf (Acheté via Paypal sur notre site ou en cash chez votre Buraliste)
Pour les dépôts en Bitcoin les frais sont de 10%, Pour les dépôts en Neosurf les frais sont de 15%. Aucuns frais lors des retraits ne seront appliqué de notre part.
Le site étant terminé, nous commençons dans un premier temps par des pre-inscriptions à la Beta pour avoir des retours sur notre site avant de le lancer publiquement. Nous invitons donc les membres de Reddit à faire partie de cette première vague de pré-inscriptions à la Beta (les comptes seront activés par ordre d'arrivée).
https://www.seektoken.com
N’hésitez pas à rejoindre notre Discord afin de vous tenir informé sur la beta ainsi que le lancement public du site. Tous vos retours et toutes vos critiques (constructives) seront bonnes à prendre.
https://discord.gg/8uaVpY
submitted by siwalex to BitcoinFrance [link] [comments]

Echange AUTOMATIQUE | CRYPTO PAYPAL CASH NEOSURF

SeekToken est un service en ligne qui permet la conversion, l'achat et la vente. Nous acceptons les crypto-monnaies, Paypal, Cash et Neosurf.

Vous achetez des TOKEN (monnaie du site) avec les différents modes de paiements cités précédemment, ensuite, vous pouvez les utiliser pour acheter vers la monnaie de votre choix (crypto-monnaies, Paypal et Neosurf).

Plusieurs possibilités s'offrent à vous : #1 - Via un dépôt Bitcoin (il sera automatiquement converti en TOKEN*)* #2 - Via Neosurf (Acheté via Paypal sur notre site ou en cash chez votre Buraliste)

Pour les dépôts en Bitcoin les frais sont de 10%, Pour les dépôts en Neosurf les frais sont de 15%. Aucuns frais lors des retraits ne seront appliqué de notre part.

Le site étant terminé, nous commençons dans un premier temps par des pre-inscriptions à la Beta pour avoir des retours sur notre site avant de le lancer publiquement. Nous invitons donc les membres de Reddit à faire partie de cette première vague de pré-inscriptions à la Beta (les comptes seront activés par ordre d'arrivée).

https://www.seektoken.com

N’hésitez pas à rejoindre notre Discord afin de vous tenir informé sur la beta ainsi que le lancement public du site. Tous vos retours et toutes vos critiques (constructives) seront bonnes à prendre.
https://discord.gg/8uaVpY
submitted by siwalex to cryptomonnaies [link] [comments]

The importance of being mindful of security at all times - nearly everyone is one breach away from total disaster

This is a long one - TL;DR at the end!

If you haven't heard yet: BlankMediaGames, makers of Town of Salem, have been breached which resulted in almost 8 million accounts being leaked. For most people, the first reaction is "lol so what it's just a game, why should I really care?" and that is the wrong way to look at it. I'd like to explain why everyone should always care whenever they are part of a breach. I'd also like to talk about some ways game developers - whether they work solo or on a team - can take easy steps to help protect themselves and their customers/players.
First I'd like to state that there is no practical way to achieve 100% solid security to guarantee you'll never be breached or part of a breach. The goal here will be to get as close as possible, or comfortable, so that you can rest easy knowing you can deal with problems when they occur (not if, when).

Why You Should Care About Breaches

The sad reality is most people re-use the same password everywhere. Your email account, your bank account, your steam account, your reddit account, random forums and game websites - you get the idea. If you haven't pieced it together yet the implication is that if anyone gets your one password you use everywhere, it's game over for you - they now own all of your accounts (whether or not they know it yet). Keep in mind that your email account is basically the holy grail of passwords to have. Most websites handle password changes/resets through your email; thus anyone who can login to your email account can get access to pretty much any of your accounts anywhere. Game over, you lose.

But wait, why would anyone want to use my password? I'm nobody!

It doesn't matter, the bad guys sell this information to other bad guys. Bots are used to make as much use of these passwords as possible. If they can get into your bank they might try money transfers. If they get into your Amazon account they might spin up $80,000 worth of servers to mine Bitcoin (or whatever coin is popular at the time). They don't care who you are; it's all automated.
By the way, according to this post (which looks believable enough to be real) this is pretty much how they got into the BMG servers initially. They checked for usernames/emails of admins on the BMG website(s) in previous breach dumps (of which there are many) and found at least one that used the same password on other sites - for their admin account!
If you want to see how many of your accounts are already breached check out Have I Been Pwned - I recommend registering all of your email addresses as well so you get notified of future breaches. This is how I found out about the Town of Salem breach, myself.

How You Can Protect Yourself

Before I go into all the steps you can (and should) take to protect yourself I should note that security is in a constant tug of war with convenience. What this means is that the more security measures you apply the more inconvenienced you become for many tasks. It's up to you to decide how much is too much either way.
First of all I strongly recommend registering your email(s) on https://haveibeenpwned.com/ - this is especially important if your email address is associated to important things like AWS, Steam developer account, bank accounts, social media, etc. You want to know ASAP when an account of yours is compromised so you can take steps to prevent or undo damage. Note that the bad guys have a head start on this!

Passwords

You probably need to have better password hygiene. If you don't already, you need to make sure every account you have uses a different, unique, secure password. You should change these passwords at least once a year. Depending on how many accounts you have and how good your memory is, this is your first big security vs convenience trade-off battle. That's easily solved, though, by using a password manager. You can find a list of password managers on Wikipedia here or you can search around for some comparison articles.
Some notable choices to consider:
Regardless of which one you choose, any of them is 100x better than not using one at all.

Multi-Factor Authentication / Two-Factor Authentication (aka MFA / 2FA)

The problem with all these passwords is that someone can still use them if they are found in a breach. Your passwords are only as strong as the website you use them on. In the case of the BMG breach mentioned above - all passwords were stored in an ancient format which has been insecure for years. It's likely that every single password in the breach can be reversed/cracked, or already have been. The next step you need to take is to make it harder for someone else to login with your password. This is done using Multi-Factor Authentication (or Two-Factor Authentication).
Unfortunately not every website/service supports MFA/2FA, but you should still use it on every single one that does support it. You can check which sites support MFA/2FA here or dig around in account options on any particular site. You should setup MFA/2FA on your email account ASAP! If it's not supported, you need to switch to a provider that does support it. This is more important than your bank account! All of the big email providers support it: GMail, Outlook.com, Yahoo Mail, etc.
The type of MFA/2FA you use depends on what is supported by each site/service, but there is a common approach that is compatible on many of them. Most of them involve phone apps because a phone is the most common and convenient "thing you have" that bad guys (or anyone, really) can't access easily. Time-based One-time Password or TOTP is probably the most commonly used method because it's easy to implement and can be used with many different apps. Google Authenticator was the first popular one, but it has some limitations which continue the security vs convenience battle - namely that getting a new phone is a super huge chore (no backup/restore option - you have to disable and setup each site all over again). Many alternatives support cloud backup which is really convenient, though obviously less secure by some measure.
Notable choices to consider:
Some sites/services use their own app, like Blizzard (battle.net) and Steam, and don't allow you to use other ones. You will probably have a few apps on your phone when all your accounts are setup, but it's worth it. You'll definitely want to enable it on your password manager as well if you chose a cloud-based one.
Don't forget to save backup codes in an actual secure location! If you lose your backup codes and your auth app/physical key you will be locked out of accounts. It's really not fun recovering in that situation. Most recommendations are to print them and put in a fireproof safe, but using some other secure encrypted storage is fine.
There is such a thing as bad MFA/2FA! However, anything is at least better than nothing. A lot of places still use SMS (text messaging) or e-mail for their MFA/2FA implementation. The e-mail one has the most obvious flaw: If someone gets into your email account they have defeated that security measure. The SMS flaws are less obvious and much less likely to affect you, but still a risk: SMS is trivial to intercept (capture data over the air (literally), clone your SIM card data, and some other methods). Still, if you're not a person of interest already, it's still better than nothing.

What Does This Have To Do With GameDev?

Yeah, I do know which subreddit I'm posting in! Here's the section that gets more into things specific to game development (or software development in general).

Secure Your Code

Securing your code actually has multiple meanings here: Securing access to your code, and ensuring your code itself is secure against exploitation. Let's start with access since that's the easier topic to cover!
If you're not already using some form of Source Control Management (SCM) you really need to get on board! I'm not going to go in depth on that as it's a whole other topic to itself, but I'll assume you are using Git or Mercurial (hg) already and hosting it on one of these sites (or a similar one):
First, ensure that you have locked down who can access this code already. If you are using private repositories you need to make sure that the only people who have access are the people who need access (i.e. yourself and your team). Second, everyone should have strong passwords and MFA/2FA enabled on their accounts. If 1 person on the team does not follow good security practices it puts your whole project at risk! So make sure everyone on the team is following along. You can also look into tools to do some auditing and even automate it so that if anyone's account becomes less secure over time (say they turned off MFA one day) they would automatically lose their access.
Additionally you should never commit secrets (passwords, API keys, tokens, social security numbers, etc) to your code repository. Probably 90% of cases where people have their AWS/Google Cloud/Azure accounts compromised and racking up huge bills for bitcoin mining is due to having their passwords/keys stored in their git repo. They either accidentally made it public or someone got access to the private repo through a compromised account. Never store sensitive information in your code repository!
Next topic: Securing your code from vulnerabilities. This one is harder to talk about for game dev as most engines/frameworks are not as susceptible (for lack of a better word) to these situations as others. In a nutshell, you need to keep track of the following:
A lot of these things cannot be solved automatically, unfortunately, but some of it can. If you are using Javascript for your game you likely will be using packages from npm - luckily they (recently) added security auditing for packages. For other languages you can look at tools like Snyk or some other alternatives to audit the libraries you use in your project. Unfortunately none that I know of are aimed at game dev in particular, but it's still important to use these tools when you can. In general, be aware of all of your code dependencies and what impact they can have on your game or your customers if there are security bugs. Impact can range from "can cheat in multiplayer" to "can get IP addresses of all players in the world" or even "can get all information I ever put on my server", etc.
In general you'll want to look into Secure Software Development Lifecycle (commonly SDLC) practices. Microsoft has some information on how they do it.

Secure Your Computer

I'm not going to go in depth on this one because at this point everyone should have a handle on this; if not there are limitless articles, blogs, and videos about the how/what/why. In summary: Keep everything updated, and don't open suspicious links.

Secure Your Website

I will have to add more to this later probably, but again there are tons of good articles, blogs, and videos on these topics. Hopefully the information in this section is enough to get you on the right track - if not feel free to ask for more info. Lots of guides can be found on Digital Ocean's site and they are relevant even if you don't use DO for your servers.
A lot of this will apply to your game servers as well - really any kind of server you expect to setup.

That's it, for now

I ran out of steam while typing this all up after a couple hours, but I may revisit it later to add more info. Feel free to ask any questions about any of these topics and I'll do my best to answer them all.

TL;DR (y u words so much??)

... in general... in general... in general... I sure wrote those 2 words a lot.

Why Should I Trust This Post?

Hopefully I have provided enough information and good links in this post that you can trust the contents to be accurate (or mostly accurate). There is certainly enough information to do some searches on your own to find out how right or wrong I might be about these things.
If you want my appeal to authority answer: I've been working at a major (network/computer) security company for almost 7 years as a software developer, and I've had to put up with pretty much every inconvenience brought on by security. I've also witnessed the aftermath of nearly every type of security failure covered in this post, via customers and the industry at large. None of the links I used are related to my employer or its products.
Edit: Fixed some typos and added some more links
More edit: added a few more points and links
submitted by exoplasm to gamedev [link] [comments]

Vitalik Keeps Saying It. A lot of others say it too. Let's Get Real. Crypto and Blockchain Has a Major Problem Problem We Need to Address Immediately. Here's How I Think We'll Do It.

Vitalik Keeps Saying It. A lot of others say it too. Let's Get Real. Crypto and Blockchain Has a Major Problem Problem We Need to Address Immediately. Here's How I Think We'll Do It.

Let's get real. [Vitalik talks about this constantly]. The cryptocurrency/blockchain community has a cultural problem.

Edit: Links here suck. I put quotes around them so you can spot them out. I did a lot of research for this post.
Edit #2: Put square brackets around links. Now they should be clearly visible.
TLDR: The ills Vitalik talks about are primarily about psychology. New scalable solutions can fix it partially, but we have to deal with people first.
Before I dig deep into this post, I want to let you know what it's about. Yes, you'll see some emotional content. You'll see ideological ideas. However, this post ain't about ideologies. It's about something I deem as a real problem. Its about the corrupt mindsets that we have as community since the prices spiked early 2017. To advance forward, I want to analyze them, distill the problem into the most basic form possible, then point people into a direction I deem would be good for the cryptocurrency community. The format will go like this:
  1. My history with Crypto/Blockchain. Why I'm here in the first place.
  2. My analysis of the problem Vitalik talked about
  3. My perceived solution to the problem.
  4. The steps I've already taken towards the problem

Why I'm Here

Time travel back into pre-2017 and you'll see that the cryptocurrency/blockchain community was filled with hopeful young nerds that dreamed of making the world into a better place; A much more open, peaceful and freer place. I was going through a hard time with my life 2015-16 -- my twin died, I was on the verge of going homeless with nobody else to rely on, had to go unbanked in America, almost entirely dropped out of college and my first contracting business failed. I couldn't get my life right at all, and I didn't see any hope. The future was bleak to me. However, I found people here in the blockchain community actually trying their hardest to do things that would solve the world's problems, [even if that was mainly reporting the news for people and addressing people live in chat to create a community]. That drew me in well before the price of cryptocurrencies spiked; almost in a manic like way -- I read about it constantly, practiced solidity, talked to everyone I could that would have the capacity to understand cryptocurrencies and more.
Even now, when I attend conferences, I meet good-hearted, sleep deprived developers, marketers, business owners and specialist that aim to solve the world's greatest problems in the best ways they can. Many are in small corners of the world helping each other out. Inside of this community I found hope and meaning. My depression lifted, my anxiety went away, my life got back on track, and that hope propels me though the field years since I joined this movement. I'm now more confident than ever knowing that collectively this industry will possibly be the epicenter of change for not only money, but for everything. We'll [eliminate poverty], [solve global warming], [prevent hyper-inflation like we've seen with Venezuela], [improve supply chains] around the world, improve healthcare, and solve the [social ills of the world like corruption]. That's just the tip of the iceberg. I believe intensely in the vision set for crypto.
The community is filled with brilliant people that will make a difference. That excites me.
I'm for freedom, boosting happiness of individuals, increasing health, making life more fun and less stressful for the common person, open discussions to progress everyone forward, and a more livable planet. I'm thinking of all people and I'm not against any group. However, I'm not for FUD, greed while abusing others, bigotry, trolling, hatred, racism, evil acts and stealing. Those are against my values. I think that's against the values of many of the cryptocurrency community's foundational members.

A problem we can't ignore

In 2017, as the prices exploded and the returns grew in for the average person, I noticed the community was starting to get tainted. People were no longer focusing on technology, freedom and community. No longer focusing on creating better lives for people in their communities around the world. We were missing the altruism I originally felt in the community. [If I were in Vitalik shoes, where I'd invest 80-100 hours a week into a vision, I'd feel extreme frustration too]. People are instead focusing on [needless politics], searching for the next big price pump, the next big score. Instead of people figuring out about how to use blockchain and crypto for making people's lives better, I've heard people say HODL and scam more than I ever have in the history of the community. This saddens me and frustrates me at the same time. On one end I see great potential and beauty in the community, and at the same time I see the beast within us come out that hasn't been even thought about deeply enough to be accurately tamed. Trolls, profiteers running away with ICO money, market manipulators and scam artist ruining the reputation and progress of the community.
While I could complain about what I see, I decided to instead dissect it in this post. I wanted to know what's causing this on a larger scale. See, by training I'm a psychologist, social scientist and computer scientist. I've been transitioning over to economics and data science because I feel it's a solid cornerstone of the industry. My perspective will be coming from those first. Allow me to explain. If our community is going to "grow up and actually solve problems", the corruption of minds because of money needs to be fully explored first.
Only by understanding the problem thoroughly can we solve it.
Explicitly stating the problem: Its the extreme predatory, egotistical, harsh behavior we as a community have adopted.

The Psychology And Behavioral Science Of Finance

Let's start with the biggest premise. Money is an idea. It exist because people communicate, produce, share, trade, have scarcity for goods and have needs. Money is an ideological binding agent for people.
  • It helps us exchange two irrelevant things with a medium
  • Helps us do more things in knowing the value we hold will help us improve productivity in the future
  • Helps us determine value in an abstract way
  • Helps us navigate the world.
Money is about as social and psychological as anything in the world can get outside of direct human interactions. Coincidentally, this psychological/social aspect isn't talked about very much inside of the cryptocurrency landscape. However, it's the foundation of everything we have here today. If we can't talk about how money is connected to the mind, we can't solve the maturity problem Vitalik was talking about. My intent is to explore that deeply so a firm direction can be at least set.

Money and the Mind

Our mind is complex. Beyond the usual processing of information people have (our 11 senses), we people have 2 primary centers for decision making and control.
Limbic System
The first one is the limbic system. It has gone by the nickname of "the lizard brain" in recent history. It's responsible for storing memories, handling stress responses, attention and emotional processing. In a sense, it controls all of intuition and fast heuristic choices you make.
https://preview.redd.it/xvpw95ate8d11.png?width=551&format=png&auto=webp&s=eeed7e25448614af346091f6ededac41be9df5b5
Prefrontal Cortex
The second system is known as the prefrontal cortex. It controls higher order functions such as planning, reasoning, serial processing and how we think about emotions.
https://preview.redd.it/if5p4n90f8d11.png?width=512&format=png&auto=webp&s=92ef641c4f583d38239cdf380d443b2b7557767e
These two centers are not mutually exclusive. You brain has circuits to make decisions about everything. The two parts talk to each other to do so. Any dysfunction in behavior is usually due to a lack of communication between these two decision centers, rather than a lack of communication between the centers of your brain. This is heavily seen in mental disorders. According to the book [Upward Spiral ], a book that looks at mental disorders from a neuroscientific view and explains how to reverse the ill effects of them, here's now some disorders can play out inside of our heads:
  1. Depression -- A poor link between the Anterior Cingular Cortex and PFC. It means you will notice more negative and therefore act on negative impulses and thoughts.
  2. Dissociation -- A poor link between the Anterior Cingular Cortex and Anterior Insular makes it so your attention can't be accurately directed towards yourself. There will likely be a poor understanding of pain and out of body experiences. It can be reversed with meditation and yoga.

How Crypto Fits

This should hopefully be the first question we have. It's easy to only pay attention to the ill behaviors of the more recent cryptocurrency industry and say "shame on you!". But what if people had a hard time actually controlling themselves? Inside of the book Upward Spiral, Alex Korb, the neuroscientist that wrote it explored that people with depression and anxiety had a hard time not being depressed and anxious by choice. Because the depressed person's circuitry is skewed, they act on it subconsciously in a forever perpetuating loop. In fact, the only way to reverse depression is to reverse the circuitry that holds it together.
Part of what makes anti-depressants more effective is that the serotonin improves sleep and makes a person's brain more susceptible to positive changes. That would be doing things like doing gratitude journals everyday to make your anterior cingular cortices notice more positive events, being around people who love you to boost your serotonin and cut down stress hormones, or getting a little exercise everyday to send oxygen to your brain.
So that leads us back to the original question. What if people didn't have a fully conscious control over how they acted about money and crypto? I did some research between many different articles and found that this was absolutely the case. People don't have much control. They tend to be on extremes of some end all the time.
How Does Finance Play With The Brain?
Of the many ways, there's one key way it does. Money plays with people through the the hypothalamus stress response. It charges people into fight or flight mode, and can literally destabilize the homeostatic systems. This can do all sorts of things. It can make the anterior cingulate weaker in strength (known to help us control emotions and learn), and therefore reduce the power of our prefrontal cortex. When people are stressed about finance, or even excited about it, it will put people into extreme states. [Meaning the lizard brain takes the show]. That can make people easily make haphazard decisions.
Of course, there's other things that happen with the introduction of more money, but that IS the most intense thing to take note of.
If we want to solve the problem of relinquishing poor community, like Vitalik continuously makes comments about, we need to look at the problem in this way. If we don't see it this way, we're screwed. The problem wont be solved, companies like Microsoft will continuously kill off their implementations due to price fluctuations, the cryptocurrency community wont pass go and wont make a huge impact. Instead we'll blame, shout at each other, and create another Wall Street 2.0. In fact, we'll become worse than them. We will have more leverage over resources than any other group in history and the corruption will be strong.
Money affects decisions, period.

Solving the Cultural problem

I'm nervous. As I type this response, I know that by revealing my idea to the public I could be condemned by the community for "shilling", and even worse, somebody else can pick it up and run with it. That is the most nerve wreaking thing I could ever consider. Months of 80 hour weeks and extreme sacrifices to bring out a vision because I didn't see much of a choice. If we don't remove what limits us soon as a community we will get engulfed by outsiders that don't want to create virtuous society.
My solution: Algorithmic Trading
Now, before you tell me that the market is entirely unpredictable, I'd like to be one to say that the notion is false. We see everywhere that people using AI and more complex forms of math to be able to make reasonable gains in the financial world. Companies like Bridgewater predicted the financial crash of 2008 with reasonable accuracy, and other people like [mathematicians are able to do the same]. Realistically, the market has some degree of predictability. However, much of the access to that is limited.
Even beyond that, the financial industry is one of the only social fields that is highly transparent to many actors, through the news and price information, and reflects ideas and beliefs through the markets. If we can better analyze markets, we could discover all sorts of social phenomenon that previously made no sense. With algorithmic trading we're heavily incentivized to learn, as that will produce a direct outcome of earning money.
We could better solve the social ills of the world quickly and efficiently over time. On top of that, we will be able to stabilize the market and protect against bad agents if algorithmic trading becomes coordinated and effective enough throughout the industry.
Again, How Does it Fit With Cryptocurrency?
Bitconnect could answer how automated trading fits.
Before I continue, let me be clear. People lost their money through that scam. It was awful. I know some people that had a lot of money taken from them. Many of them are now fearful of cryptocurrency.
However, I don't think Bitconnect was 100% wrong with their idea. Yes they were a ponzi scheme, yet realistically many of the people I met that fell for it felt as though the crypto markets were already complex. They were losing money while HODLing, making rash decisions and trading.
Bitcoin and the entire industry carries too much of a cognitive burden for a person to keep track of beyond their normal everyday life. News, prices, scams, hacks and technical information. That's a lot to keep track of if you have 3-4 part-time jobs as a single mom or dad while raising 2 kids. That's a lot to keep track of if you're old and don't have the technical capacity to read into the crypto markets all day everyday.
Therefore, even while people were making less money from investing into Bitconnect, on paper it required less thinking and they were still getting benefits that they cared about. They could share with friends because they thought that there money would not shrink in value heavily due to a random market crash. As a consumer, it isn't wrong to believe that you can be apart of something big without having to work an extra 5 hours everyday reading blogs and watching youtube videos just to keep up with the happenings of the industry.
It doesn't require us to be judging people for falling into a ponzi scheme. It requires a bit of caring and empathy to see people's main intentions. They want a better life compared to the one that has been crushing them with student debt and poor job prospects. People want to have a better life without being as stressed beyond belief like they currently are.
And for the everyday trader, giving them the incentive they seek, while giving them the capacity to do some research for themselves is important. Choice matters a lot for some people.

Steps I've taken towards this:

Here comes the shill part you've been waiting for. Over the last year I've been building an application that would help us solve the problems we face today as a community. It I'll reduce the stress response of people worrying more about money, with technology like it getting standardized throughout the entire industry, it'll make things a lot more stable. It's an automated AI-based trading platform that aims to make reduce the cognitive load and worry about holding your funds in crypto. The aim of it is to dynamically trade for people while also letting them have 100% control over their funds. For now, that's by using exchange API keys. Though in the future, that can be through decentralized exchanges, meaning no middle man.
My product's name: It's [Funguana.com]. [Internally meaning the interconnection of all Dhrama in the Huayan Buddhist religion].
I've already received controversial reviews, and feel crazy for putting it back out there. However, I'm now confident I can follow through, and maybe by explaining my reasoning behind why I built it the community will respond differently this time.
To make it more trust-able, 4 months after public release, if my resources allow me to, I plan to open source the infrastructure code so people can implement their own platform within a matter of weeks, then systemically open many of the algorithms so they can appropriate powerful algorithms together over time (many not based on AI). I have to be strategic though. If I open it too soon, too many bad actors can enter the space and cause havoc early, without much chance to keep them in check.
Edit: I made changes to the page to make the links more obvious. Now they're in bold and italic
Edit 2: Adding quotes to make links more obvious again.
submitted by kivo360 to CryptoCurrency [link] [comments]

Thoughts on my culminating analysis of Russia's involvement in the U.S elections?

It has been a running theme lately that the U.S. government blaming Russia for the DNC/Podesta leaks is an attempt at deflection and is false. In the past few days, however, some very interesting pieces of information have come out from three different well-respected cybersecurity companies tasked with investigating the leaks or the groups behind these leaks. These companies are CrowsdStrike, Symantec, and SecureWorks. I think it is important that we cast away the media's non-technical analyses and go straight to the source.
The proof is that the hackers used Bitly to mask the malicious URL and trick people into thinking the URL was legitimate. They made two mistakes, however.
First, they accidentally left two of their Bitly accounts public, rather than setting them to private. This allowed security researchers to view some general account information, like what URLs were shortened and what they were changed to.
Second, they used Gmail's official numeric ID for each person inside of their maliciously crafted URLs. This allowed cybersecurity researchers to find out exactly who had been targeted.
The founder of CrowdStrike is a Russian-American and his company has been tasked with investigating the DNC/Podesta leaks. He blames Mother Russia. Relevant excerpts:
Alperovitch is the thirty-six-year-old cofounder of the cybersecurity firm CrowdStrike, and late the previous night, his company had been asked by the Democratic National Committee to investigate a possible breach of its network. A CrowdStrike security expert had sent the DNC a proprietary software package, called Falcon, that monitors the networks of its clients in real time. Falcon "lit up," the email said, within ten seconds of being installed at the DNC: Russia was in the network.
Alperovitch, a slight man with a sharp, quick demeanor, called the analyst who had emailed the report. "Are we sure it's Russia?" he asked.
The analyst said there was no doubt. Falcon had detected malicious software, or malware, that was stealing data and sending it to the same servers that had been used in a 2015 attack on the German Bundestag. The code and techniques used against the DNC resembled those from earlier attacks on the White House and the State Department. The analyst, a former intelligence officer, told Alperovitch that Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike's experts believed was affiliated with the FSB, Russia's answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence.
Alperovitch then called Shawn Henry, a tall, bald fifty-four-year-old former executive assistant director at the FBI who is now CrowdStrike's president of services. Henry led a forensics team that retraced the hackers' steps and pieced together the pathology of the breach. Over the next two weeks, they learned that Cozy Bear had been stealing emails from the DNC for more than a year. Fancy Bear, on the other hand, had been in the network for only a few weeks. Its target was the DNC research department, specifically the material that the committee was compiling on Donald Trump and other Republicans. Meanwhile, a CrowdStrike group called the Overwatch team used Falcon to monitor the hackers, a process known as shoulder-surfing.
For the next two days, three CrowdStrike employees worked inside DNC headquarters, replacing the software and setting up new login credentials using what Alperovitch considers to be the most secure means of choosing a password: flipping through the dictionary at random. (After this article was posted online, Alperovitch noted that the passwords included random characters in addition to the words.) The Overwatch team kept an eye on Falcon to ensure there were no new intrusions. On Sunday night, once the operation was complete, Alperovitch took his team to celebrate at the Brazilian steakhouse Fogo de Chão.
...
Aperovitch's June 14 blog post garnered so much media attention that even its ebullient author felt slightly overwhelmed. Inevitably there were questions about the strange names his company had given the Russian hackers. As it happened, "Fancy Bear" and "Cozy Bear" were part of a coding system Alperovitch had created. Animals signified the hackers' country of origin: Russians were bears, Chinese were pandas, Iranians were kittens, and North Koreans were named for the chollima, a mythical winged horse. By company tradition, the analyst who discovers a new hacker gets to choose the first part of the nickname. Cozy Bear got its nickname because the letters coz appeared in its malware code. Fancy Bear, meanwhile, used malware that included the word Sofacy, which reminded the analyst who found it of the Iggy Azalea song "Fancy."
The day after the media maelstrom, the reporters were back with less friendly questions: Had Alperovitch gotten his facts right? Was he certain Russia was behind the DNC hacks? The doubts were prompted by the appearance of a blogger claiming to be from Eastern Europe who called himself Guccifer 2.0. Guccifer said that the breach was his, not Russia's. "DNC'S servers hacked by a lone hacker," he wrote in a blog post that included stolen files from the DNC. "I guess CrowdStrike customers should think twice about company's competence," Guccifer wrote. "Fuck CrowdStrike!!!!!!!!!"
an incorrect attribution in public. "Did we miss something?" he asked CrowdStrike's forensics team. Henry and his staff went back over the evidence, all of which supported their original conclusion.
Alperovitch had also never seen someone claim to be the only intruder on a site. "No hacker goes into the network and does a full forensic investigation," he told me. Being called out, he said, was "very shocking. It was clearly an attack on us as well as on the DNC."
Alperovitch initially thought that the leaks were standard espionage and that Guccifer's attacks on CrowdStrike were just a noisy reaction to being busted. "I thought, Okay, they got really upset that they were caught," he said. But after documents from the DNC continued to leak, Alperovitch decided the situation was far worse than that. He concluded that the Russians wanted to use the leaked files to manipulate U. S. voters—a first. "It hit me that, holy crap, this is an influence operation. They're actually trying to inject themselves into the election," he said. "I believe that we may very well wake up on the morning the day after the election and find statements from Russian adversaries saying, 'Do not trust the result.' "
...
Days later, Alperovitch got a call from a Reuters reporter asking whether the Democratic Congressional Campaign Committee had been hacked. CrowdStrike had, in fact, been working on a breach at the DCCC; once again, Alperovitch believed that Russia was responsible. Now, however, he suspected that only Fancy Bear was involved. A lawyer for the DCCC gave Alperovitch permission to confirm the leak and to name Russia as the suspected author.
Two weeks later, files from the DCCC began to appear on Guccifer 2.0's website. This time he released information about Democratic congressional candidates who were running close races in Florida, Ohio, Illinois, and Pennsylvania. On August 12, he went further, publishing a spreadsheet that included the personal email addresses and phone numbers of nearly two hundred Democratic members of Congress.
...
Alperovitch's friends in government told him privately that an official attribution so close to the election would look political. If the government named Russia, it would be accused of carrying water for Hillary Clinton. The explanations upset Alperovitch. The silence of the American government began to feel both familiar and dangerous. "It doesn't help us if two years from now someone gets indicted," he said. After Michelle Obama's passport was published online, on September 22, Alperovitch threw up his hands in exasperation. "That is Putin giving us the finger," he told me.
Source: The Russian Expat Leading the Fight to Protect America
The guy responsible for ousting Stuxnet as being an American/Israeli cyberworm (no friend of the U.S. government/establishment) also says that his company, Symantec, has found that Russia was responsible for the leaks:
It is pretty clear judging by the indicators of compromise [IOCs]. The binaries that were used to hack the DNC as well as Podesta’s email as well as some other Democratic campaign folks, those IOCs match binaries and also infrastructure that was used in attacks that were previously recorded by others as having Russian origin. That much we can confirm. So if you believe other people’s—primarily government’s—attribution that those previous attacks were Russian, then these attacks are definitely connected. We’re talking about the same binaries, the same tools, the same infrastructure.
We’ve analyzed the tools, the binaries, and the infrastructure that was used in the attack, and from that we can confirm that it’s connected to a group that has two names. One is Sofacy, or “Cozy Bear,” and The Dukes, which is also known as “Fancy Bear.” From the binary analysis point of view, I can tell you that the activities of these attackers have been during Russian working hours, either centered on UTC+3 or UTC+4; they don’t work Russian holidays; they work Monday to Friday; there are language identifiers inside that are Russian; when you look at all the victim profiles they would be in interest to the Russian nation-state. So all of that stuff fits the profile. Now, could all those things be false flags? Sure. Other government entities obviously have come out and said it is the Russian state, and the binary forensics would definitely match that.
There was another attack that happened in the Ukraine. So in December, in the Ukraine, all the power went out to about 260,000 households, or customers. They basically infiltrated the power company, got access to the machines that controlled the power, they flipped the computer switches off and shut down the power, and then they began to wipe all the machines and devices—overriding the hard drives and trashing the machines so that they couldn’t be started up again, or so that the switches couldn’t come on again. Ukrainians were able to get power back after six hours by switching to manual mode. They went off their computer monitor mode and physically flipped the switches to bring the power back up. What’s interesting about that case is the fact that they were more behind technologically actually helped them. Something very similar could easily happen in the U.S. and we’re much more beholden to computing infrastructure here, so our ability to switch to manual mode here would be much more difficult.
Is there linkage between the DNC and Podesta hacks and the 2014 State Department hacks that were also believed to be carried out by Russia?
Yeah, these are being conducted by the same groups. We know that from the IOCs—by looking at the tools they use and the infrastructure they use.
Many of these attacks were happening prior to the nomination of Trump. Based on that theory, people believe that there was a general plan for disruption, and it may be the case now that the easiest and best way to do so is in the manner you speak, but these attacks did not just start happening post-Trump’s nomination. So in that sense, there is a feeling that it’s not a very Trump-specific activity versus an election disruption activity. This is the easiest way for them to disrupt the election.
Source: Cybersecurity Expert: Proof Russia Behind DNC, Podesta Hacks
Another cybersecurity company, SecureWorks, has published some interesting blogposts about all this:
In mid-2015, CTU researchers discovered TG-4127 using the accoounts-google . com domain in spearphishing attacks targeting Google Account users. The domain was used in a phishing URL submitted to Phishtank, a website that allows users to report phishing links (see Figure 1).
Figure 1. Example of accoounts-google . com used in a phishing URL.
Recipients who clicked the link were presented with a fake Google Account login page (see Figure 2). The threat actors could use entered credentials to access the contents of the associated Gmail account.
Figure 2. Fake Google Account login page.
Encoded target details
Analysis of the phishing URL revealed that it includes two Base64-encoded values (see Figure 3). The decoded Base64 values (see Table 1) match the Gmail account and its associated Google Account username. If a target clicks the phishing link, the username field of the displayed fake Google Account login page is prepopulated with the individual’s email address.
Figure 3. Spearphishing URL.
Table 1. Decoded Base64 values from the phishing URL used by TG-4127.
Use of the Bitly URL-shortening service
A Bitly URL was uploaded to Phishtank at almost the same time as the original spearphishing URL (see Figure 4).
Figure 4. Bitly phishing URL submitted at same time as accoounts-google . com phishing URL.
Using a tool on Bitly’s website, CTU researchers determined that the Bitly URL redirected to the original phishing URL (see Figure 5). Analysis of activity associated with the Bitly account used to create the shortened URL revealed that it had been used to create more than 3,000 shortened links used to target more than 1,800 Google Accounts.
Figure 5. Link-shortener page for bit.ly/1PXQ8zP that reveals the full URL.
Target analysis
CTU researchers analyzed the Google Accounts targeted by TG-4127 to gain insight about the targets and the threat group’s intent.
Focus on Russia and former Soviet states
Most of the targeted accounts are linked to intelligence gathering or information control within Russia or former Soviet states. The majority of the activity appears to focus on Russia’s military involvement in eastern Ukraine; for example, the email address targeted by the most phishing attempts (nine) was linked to a spokesperson for the Ukrainian prime minister. Other targets included individuals in political, military, and diplomatic positions in former Soviet states, as well as journalists, human rights organizations, and regional advocacy groups in Russia.
Other targets worldwide
Analysis of targeted individuals outside of Russia and the former Soviet states revealed that they work in a wide range of industry verticals (see Figure 6). The groups can be divided into two broad categories:
TG-4127 likely targeted the groups in the first category because they criticized Russia. The groups in the second category may have information useful to the Russian government.
Figure 6. TG-4127 targeting outside of Russia and former Soviet states.
Authors and journalists
More than half (53%) of the targeted authors and journalists are Russia or Ukraine subject matter experts (see Figure 7). It is likely that the Russian state has an interest in how it is portrayed in the media. U.S.-based military spouses who wrote online content about the military and military families were also targeted. The threat actors may have been attempting to learn about broader military issues in the U.S., or gain operational insight into the military activity of the target’s spouse.
Figure 7. Subject matter expertise of authors and journalists targeted by TG-4127.
Government supply chain
CTU researchers identified individuals who were likely targeted due to their position within the supply chain of organizations of interest to TG-4127 (e.g., defense and government networks). Figure 8 shows the distribution by category. The targets included a systems engineer working on a military simulation tool, a consultant specializing in unmanned aerial systems, an IT security consultant working for NATO, and a director of federal sales for the security arm of a multinational technology company. The threat actors likely aimed to exploit the individuals’ access to and knowledge of government clients’ information.
Figure 8. Categories of supply chain targets.
Government / military personnel
TG-4127 likely targeted current and former military and government personnel for potential operational insight gained from access to their personal communications. Most of the activity focused on individuals based in the U.S. or working in NATO-linked roles (see Figure 9).
Figure 9. Nation or organization of government/military targets.
TG-4127 targeted high-profile Syrian rebel leaders, including a leader of the Syrian National Coalition. Russian forces have supported Syrian President Bashar al-Assad’s regime since September 2015, so it is likely the threat actors are seeking to gain intelligence on rebel forces to assist Russian and Assad regime military operations.
Success of the phishing campaign
CTU researchers analyzed 4,396 phishing URLs sent to 1,881 Google Accounts between March and September, 2015. More than half (59%) of the URLs were accessed, suggesting that the recipients at least opened the phishing page. From the available data, it is not possible to determine how many of those Google Accounts were compromised. Most of the targeted accounts received multiple phishing attempts, which may indicate that previous attempts had been unsuccessful. However, 35% of accounts that accessed the malicious link were not subject to additional attempts, possibly indicating that the compromise was successful.
Of the accounts targeted once, CTU researchers determined that 60% of the recipients clicked the malicious Bitly. Of the accounts that were targeted more than once, 57% of the recipients clicked the malicious link in the repeated attempts. These results likely encourage threat actors to make additional attempts if the initial phishing email is unsuccessful.
Source: Threat Group-4127 Targets Google Accounts
Here's another article by SecureWorks:
Spearphishing details
The short links in the spearphishing emails redirected victims to a TG-4127-controlled URL that spoofed a legitimate Google domain. A Base64-encoded string containing the victim's full email address is passed with this URL, prepopulating a fake Google login page displayed to the victim. If a victim enters their credentials, TG-4127 can establish a session with Google and access the victim's account. The threat actors may be able to keep this session alive and maintain persistent access.
Hillary for America
TG-4127 exploited the Hillary for America campaign's use of Gmail and leveraged campaign employees' expectation of the standard Gmail login page to access their email account. When presented with TG-4127's spoofed login page (see Figure 1), victims might be convinced it was the legitimate login page for their hillaryclinton.com email account.
Figure 1. Example of a TG-4127 fake Google Account login page.
CTU researchers observed the first short links targeting hillaryclinton.com email addresses being created in mid-March 2016; the last link was created in mid-May. During this period, TG-4127 created 213 short links targeting 108 email addresses on the hillaryclinton.com domain. Through open-source research, CTU researchers identified the owners of 66 of the targeted email addresses. There was no open-source footprint for the remaining 42 addresses, suggesting that TG-4127 acquired them from another source, possibly other intelligence activity.
The identified email owners held a wide range of responsibilities within the Hillary for America campaign, extending from senior figures to junior employees and the group mailboxes for various regional offices. Targeted senior figures managed communications and media affairs, policy, speech writing, finance, and travel, while junior figures arranged schedules and travel for Hillary Clinton's campaign trail. Targets held the following titles:
Publicly available Bitly data reveals how many of the short links were clicked, likely by a victim opening a spearphishing email and clicking the link to the fake Gmail login page. Only 20 of the 213 short links have been clicked as of this publication. Eleven of the links were clicked once, four were clicked twice, two were clicked three times, and two were clicked four times.
Democratic National Committee
CTU researchers do not have evidence that these spearphishing emails are connected to the DNC network compromise that was revealed on June 14. However, a coincidence seems unlikely, and CTU researchers suspect that TG-4127 used the spearphishing emails or similar techniques to gain an initial foothold in the DNC network.
Personal email accounts
CTU researchers identified TG-4127 targeting 26 personal gmail.com accounts belonging to individuals linked to the Hillary for America campaign, the DNC, or other aspects of U.S. national politics. Five of the individuals also had a hillaryclinton.com email account that was targeted by TG-4127. Many of these individuals held communications, media, finance, or policy roles. They include the director of speechwriting for Hillary for America and the deputy director office of the chair at the DNC. TG-4127 created 150 short links targeting this group. As of this publication, 40 of the links have been clicked at least once.
Related activity and implications
Although the 2015 campaign did not focus on individuals associated with U.S. politics, open-source evidence suggests that TG-4127 targeted individuals connected to the U.S. White House in early 2015. The threat group also reportedly targeted the German parliament and German Chancellor Angela Merkel's Christian Democratic Union party. CTU researchers have not observed TG-4127 use this technique (using Bitly short links) to target the U.S. Republican party or the other U.S. presidential candidates whose campaigns were active between mid-March and mid-May.
Source: Threat Group-4127 Targets Hillary Clinton Presidential Campaign
Read these two articles for more context:
How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts
How Russia Pulled Off the Biggest Election Hack in U.S. History
Guccifer2.0, The Shadow Brokers, and DCLeaks, who have all leaked U.S. documents/cyberweapons, love talking about the "U.S. elite" and "corruption" in America, along with saying "the elections are rigged." I wonder why these people suddenly became so interested in the U.S. election?
Regardless, we know from the Bit.ly victim profiles that Podesta, the DNC, Ukrainian/Russian journalists, Bellingcat and other enemies of Russia were targeted by these groups. This also means that those targeted by DCLeaks and Guccifer2.0 were the same people, and that the aforementioned entities are actually one.
Why would they lie about being separate groups?
Lastly, I have gone through all the public statements made by these groups, by going through their TwitteTumblMedium/WordPress/web posts. Here are some of the comments made by DCLeaks, Guccifer2.0 and The Shadow Brokers. Tell me if you notice a common theme:
DCLeaks
Known for hacking the emails of former Secretary of State Colin Powell and former NATO General Breedlove, as well as Soros' OSF intranet documents.
George Soros is a Hungarian-American business magnate, investor, philanthropist, political activist and author who is of Hungarian-Jewish ancestry and holds dual citizenship. He drives more than 50 global and regional programs and foundations. Soros is named an architect and a sponsor of almost every revolution and coup around the world for the last 25 years. The USA is thought to be a vampire due to him and his puppets, not a lighthouse of freedom and democracy. His minions spill blood of millions and millions of people just to make him even more rich. Soros is an oligarch sponsoring the Democratic party, Hillary Clinton, hundreds of politicians all over the world. This website is designed to let everyone inside George Soros’ Open Society Foundation and related organisations. We present you the workplans, strategies, priorities and other activities of Soros. These documents shed light on one of the most influential network operating worldwide.
Source: http://soros.dcleaks.com
Welcome another cog in the U.S. political and military machine. CAPT Pistole's emails released
documents reveal the billionaire’s attempt to organize a “national movement” to create a federalized police force.
Looks like Clinton's staff doesn't care about security.Wonder from whom did they learn it..
FBI hq is a great place for club meeting especially when Clinton is under investigation
A further look at their Twitter account reveals that they mostly re-tweet WikiLeaks/RT/PressTV, hate Clinton, like Trump, love talking about the email scandal, post conspiracy theories about Mark Zuckerberg, exclusively target Russia's enemies (like former NATO General Breedlove, Soros, Colin Powell, etc,.), defend Russia from being attacked, and have a penchant for focusing on news portraying the U.S. elections/debates as "rigged":
Check the private correspondence between Philip Breedlove and Harlan Ullman
Check restricted documents of George Soros’ Open Society Foundation
Check restricted documents leaked from Hillary Clinton's presidential campaign staff
Emails show Obama saw US involvement in Russia talks as a 'threat'
'Gen. plotted against Obama on Russia'
Check George Soros's OSF plans to counter Russian policy and traditional values
Check Soros internal files
A New McCarthyism: @ggreenwald on Clinton Camp's Attempts to Link @wikileaks, Trump & @DrJillStein to Russia
Source: https://twitter.com/dcleaks_
Guccifer 2.0
Known for hacking the DNC and DCCC.
Together we’ll be able to throw off the political elite, the rich clans that exploit the world!
Fuck the lies and conspirators like DNC!!!
Who inspires me? Not the guys like Rambo or Terminator or any other like them. The world has changed. Assange, Snowden, and Manning are the heroes of the computer age. They struggle for truth and justice; they struggle to make our world better, more honest and clear. People like them make us hope for tomorrow. They are the modern heroes, they make history right now.
Marcel Lazar is another hero of mine. He inspired me and showed me the way. He proved that even the powers that be have weak points.
Anyway it seems that IT-companies and special services can’t realize that people like me act just following their ideas but not for money. They missed the bus with Assange and Snowden, they are not ready to live in the modern world. They are not ready to meet people who are smart and brave, who are eager to fight for their ideals, who can sacrifice themselves for the better future. Working for a boss makes them slow I suppose. Do you need more proof?
don’t want to disappoint anyone, but none of the candidates has my sympathies. Each of them has skeletons in the closet and I think people have a right to know the truth about the politicians.
As for me, I see great differences between Hillary Clinton and Donald Trump. Hillary seems so much false to me, she got all her money from political activities and lobbying, she is a slave of moguls, she is bought and sold. She never had to work hard and never risked everything she had. Her words don’t meet her actions. And her collusion with the DNC turned the primaries into farce.
Opposite to her, Donald Trump has earned his money himself. And at least he is sincere in what he says. His position is straight and clear.
Anyway that doesn’t mean that I support him. I’m totally against his ideas about closing borders and deportation policy. It’s a nonsense, absolute bullshit.
I have nothing to say about Bernie Sanders. It seems he never had a chance to win the nomination as the Democratic Party itself stood against him!
Here are the DCCC docs on Florida: reports, memos, briefings, dossiers, etc. You can have a look at who you are going to elect now. It may seem the congressional primaries are also becoming a farce.
As you can see, the private server of the Clinton clan contains docs and donors lists of the Democratic committees, PACs, etc. Does it surprise you?
It looks like big banks and corporations agreed to donate to the Democrats a certain percentage of the allocated TARP funds.
I found out something interesting in emails between DNC employees and Hillary Clinton campaign staff. Democrats prepare a new provocation against Trump. After Trump sent his financial report in May it appeared on DNC servers at once. DNC rushed to analyze it and asked the Jones Mandel company to make an effective investigation. I won’t be surprised if some mainstream media like the New York Times or CNN publish soon Trump’s financial docs. No doubt who could give them.
I’d like to warn you that the Democrats may rig the elections on November 8. This may be possible because of the software installed in the FEC networks by the large IT companies.
As I’ve already said, their software is of poor quality, with many holes and vulnerabilities.
I have registered in the FEC electronic system as an independent election observer; so I will monitor that the elections are held honestly.
I also call on other hackers to join me, monitor the elections from inside and inform the U.S. society about the facts of electoral fraud.
Source: https://guccifer2.wordpress.com
Here and here he claims that he's the source of WikiLeaks' DNC documents.
He frequently re-tweets WikiLeaks, just like DCLeaks. He re-tweets and follows conspiracy theory outlets like Alex Jones and Roger Stone, just like DCLeaks followed RT and PressTV. Of course, he sprang back to life two days before Election Day, to complain about "Democrats rigging the election." I thought he didn't favour any political party?
Source: https://twitter.com/GUCCIFER_2
The Shadow Brokers
Known for leaking the NSA's elite hacking entity's, Equation Group's, cyberweapons.
!! Attention Wealthy Elites !!!
We have final message for “Wealthy Elites”. We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?
Source: https://archive.is/WkT7o#selection-337.0-341.1595
TheShadowBrokers is having special trick or treat for Amerikanskis tonight. But first questions.
Why is DirtyGrandpa threating CIA cyberwar with Russia? Why not threating with NSA or CyberCommand? CIA is cyber B-Team, yes? Where is cyber A-Team? Maybe threating is not being for external propaganda? Maybe is being for internal propaganda? Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures. But neverminding, hacking DNC is way way most important than EquationGroup losing capabilities. Amerikanskis is not knowing USSA cyber capabilities is being screwed? Where is being “free press”? Is ABC, NBC, CBS, FOX negligent in duties of informing Amerikanskis? Guessing “Free Press” is not being “Free as in free beer” or “Free as in free of government influence?
Let us be speaking regarding corruption. If Peoples#1 is having $1.00 and Peoples#2 is having $1000.00 which peoples is having more money? Which peoples is having more spending power? Voter$1 is giving $1 to politician and Voter$1000 is giving $1000 to politician, which voters is having more political power? Is both voters having equal political power? “one person, one vote”? Politicians, lobbyist, media, even SCOTUS (supreme court) is saying this is being true, money is not corrupting. In binary world, maybe. But world is not being binary, is it? What about peoples#3, VoterUndecided? VoterUndecided is giving no moneys and no votes. Politician is needing money for campaign to buy advertising, positive media stories, advisors, pollsters, operatives to be making VoterUndecided vote for politician. Political fundrasing, now which voter is having more political power? VoterUndecided votes for politician and politician wins. Re-election is coming. Government budget decision is required. Voter$1 is wanting politician to be spending taxes on education for making children into great thinkers, leaders, scientists. Voter$1000 is shareholder of defense & intelligence company is wanting politician spending taxes on spying and war to be making benefit self, for great profit. Political favors, now, which voter is having more political power? Did theshadowbrokers lose Amerikanskis? Amerikanskis is still thinking “one person, one vote”? Money isn’t corrupting elections, politics, govenments?
USSA elections is coming! 60% of Amerikansky never voting. Best scenario is meaning half of remaining red or blue fanatics or 20% of the most fanatical is picking USSA government? A great power. A free country. A good-doer. TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots? The wealthy elites is being weakest during elections and transition of power. Is being why USSA is targeting elections in foreign countries. Don’t beleiving? Remembering Iran elections? Rembering stuxnet? Maybe is not Russia hacking election, maybe is being payback from Iran?
Ok peoples theshadowbrokers is promising you a trick or treating, here it is
https://mega.nz/#F!D1Q2EQpD!Lb09shM5XMZsQ_5_E1l4eQ https://yadi.sk/d/NCEyJQsBxrQxz
Password = payus
This is being equation group pitchimpair (redirector) keys, many missions into your networks is/was coming from these ip addresses. Is being unfortunate no peoples is already owning eqgrp_auction_file. Auction file is having tools for to making connect to these pitchimpairs. Maybe tools no more installed? Maybe is being cleaned up? To peoples is being owner of pitchimpair computers, don’t be looking for files, rootkit will self destruct. Be making cold forensic image. @GCHQ @Belgacom TheShadowBrokers is making special effort not to using foul language, bigotry, or making any funny. Be seeing if NBC, ABC, CBS, FOX is making stories about now? Maybe political hacks is being more important?
How bad do you want it to get? When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!
Source: https://medium.com/@shadowbrokerss/message-5-trick-or-treat-e43f946f93e6#.9cfljtkx3
Again, the usual old spiel of brave hackers fighting "USSA"/"Amerikansky" "corruption". It's gotten quite repetitive by now.
Bizarrely, they began posting Bill Clinton and Lorreta Lynch erotic fan fiction at some point:
https://medium.com/@shadowbrokerss/begin-pgp-signed-message-hash-sha1-2a9aa03838a4#.896d0iqpi
submitted by MangekyouSharinganKa to AskTrumpSupporters [link] [comments]

Culminating Analysis of DNC/DCCC/Soros/Colin-Powell/NATO-General-Breedlove/NSA-Equation-Group/Podesta Leaks and Hacks

It has been a running theme lately that the U.S. government blaming Russia for the DNC/Podesta leaks is an attempt at deflection and is false. In the past few days, however, some very interesting pieces of information have come out from three different well-respected cybersecurity companies tasked with investigating the leaks or the groups behind these leaks. These companies are CrowsdStrike, Symantec, and SecureWorks. I think it is important that we cast away the media's non-technical analyses and go straight to the source.
The founder of CrowdStrike is a Russian-American and his company has been tasked with investigating the DNC/Podesta leaks. He blames Mother Russia. Relevant excerpts:
At six o'clock on the morning of May 6, Dmitri Alperovitch woke up in a Los Angeles hotel to an alarming email. Alperovitch is the thirty-six-year-old cofounder of the cybersecurity firm CrowdStrike, and late the previous night, his company had been asked by the Democratic National Committee to investigate a possible breach of its network. A CrowdStrike security expert had sent the DNC a proprietary software package, called Falcon, that monitors the networks of its clients in real time. Falcon "lit up," the email said, within ten seconds of being installed at the DNC: Russia was in the network.
Alperovitch, a slight man with a sharp, quick demeanor, called the analyst who had emailed the report. "Are we sure it's Russia?" he asked.
The analyst said there was no doubt. Falcon had detected malicious software, or malware, that was stealing data and sending it to the same servers that had been used in a 2015 attack on the German Bundestag. The code and techniques used against the DNC resembled those from earlier attacks on the White House and the State Department. The analyst, a former intelligence officer, told Alperovitch that Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike's experts believed was affiliated with the FSB, Russia's answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence.
Alperovitch then called Shawn Henry, a tall, bald fifty-four-year-old former executive assistant director at the FBI who is now CrowdStrike's president of services. Henry led a forensics team that retraced the hackers' steps and pieced together the pathology of the breach. Over the next two weeks, they learned that Cozy Bear had been stealing emails from the DNC for more than a year. Fancy Bear, on the other hand, had been in the network for only a few weeks. Its target was the DNC research department, specifically the material that the committee was compiling on Donald Trump and other Republicans. Meanwhile, a CrowdStrike group called the Overwatch team used Falcon to monitor the hackers, a process known as shoulder-surfing.
Ultimately, the teams decided it was necessary to replace the software on every computer at the DNC. Until the network was clean, secrecy was vital. On the afternoon of Friday, June 10, all DNC employees were instructed to leave their laptops in the office. Alperovitch told me that a few people worried that Hillary Clinton, the presumptive Democratic nominee, was clearing house. "Those poor people thought they were getting fired," he says.
For the next two days, three CrowdStrike employees worked inside DNC headquarters, replacing the software and setting up new login credentials using what Alperovitch considers to be the most secure means of choosing a password: flipping through the dictionary at random. (After this article was posted online, Alperovitch noted that the passwords included random characters in addition to the words.) The Overwatch team kept an eye on Falcon to ensure there were no new intrusions. On Sunday night, once the operation was complete, Alperovitch took his team to celebrate at the Brazilian steakhouse Fogo de Chão.
...
Aperovitch's June 14 blog post garnered so much media attention that even its ebullient author felt slightly overwhelmed. Inevitably there were questions about the strange names his company had given the Russian hackers. As it happened, "Fancy Bear" and "Cozy Bear" were part of a coding system Alperovitch had created. Animals signified the hackers' country of origin: Russians were bears, Chinese were pandas, Iranians were kittens, and North Koreans were named for the chollima, a mythical winged horse. By company tradition, the analyst who discovers a new hacker gets to choose the first part of the nickname. Cozy Bear got its nickname because the letters coz appeared in its malware code. Fancy Bear, meanwhile, used malware that included the word Sofacy, which reminded the analyst who found it of the Iggy Azalea song "Fancy."
The day after the media maelstrom, the reporters were back with less friendly questions: Had Alperovitch gotten his facts right? Was he certain Russia was behind the DNC hacks? The doubts were prompted by the appearance of a blogger claiming to be from Eastern Europe who called himself Guccifer 2.0. Guccifer said that the breach was his, not Russia's. "DNC'S servers hacked by a lone hacker," he wrote in a blog post that included stolen files from the DNC. "I guess CrowdStrike customers should think twice about company's competence," Guccifer wrote. "Fuck CrowdStrike!!!!!!!!!"
an incorrect attribution in public. "Did we miss something?" he asked CrowdStrike's forensics team. Henry and his staff went back over the evidence, all of which supported their original conclusion.
Alperovitch had also never seen someone claim to be the only intruder on a site. "No hacker goes into the network and does a full forensic investigation," he told me. Being called out, he said, was "very shocking. It was clearly an attack on us as well as on the DNC."
Alperovitch initially thought that the leaks were standard espionage and that Guccifer's attacks on CrowdStrike were just a noisy reaction to being busted. "I thought, Okay, they got really upset that they were caught," he said. But after documents from the DNC continued to leak, Alperovitch decided the situation was far worse than that. He concluded that the Russians wanted to use the leaked files to manipulate U. S. voters—a first. "It hit me that, holy crap, this is an influence operation. They're actually trying to inject themselves into the election," he said. "I believe that we may very well wake up on the morning the day after the election and find statements from Russian adversaries saying, 'Do not trust the result.' "
...
Days later, Alperovitch got a call from a Reuters reporter asking whether the Democratic Congressional Campaign Committee had been hacked. CrowdStrike had, in fact, been working on a breach at the DCCC; once again, Alperovitch believed that Russia was responsible. Now, however, he suspected that only Fancy Bear was involved. A lawyer for the DCCC gave Alperovitch permission to confirm the leak and to name Russia as the suspected author.
Two weeks later, files from the DCCC began to appear on Guccifer 2.0's website. This time he released information about Democratic congressional candidates who were running close races in Florida, Ohio, Illinois, and Pennsylvania. On August 12, he went further, publishing a spreadsheet that included the personal email addresses and phone numbers of nearly two hundred Democratic members of Congress.
...
Alperovitch's friends in government told him privately that an official attribution so close to the election would look political. If the government named Russia, it would be accused of carrying water for Hillary Clinton. The explanations upset Alperovitch. The silence of the American government began to feel both familiar and dangerous. "It doesn't help us if two years from now someone gets indicted," he said. After Michelle Obama's passport was published online, on September 22, Alperovitch threw up his hands in exasperation. "That is Putin giving us the finger," he told me.
Source: The Russian Expat Leading the Fight to Protect America
The guy responsible for ousting Stuxnet as being an American/Israeli cyberworm (no friend of the U.S. government/establishment) also says that his company, Symantec, has found that Russia was responsible for the leaks:
It is pretty clear judging by the indicators of compromise [IOCs]. The binaries that were used to hack the DNC as well as Podesta’s email as well as some other Democratic campaign folks, those IOCs match binaries and also infrastructure that was used in attacks that were previously recorded by others as having Russian origin. That much we can confirm. So if you believe other people’s—primarily government’s—attribution that those previous attacks were Russian, then these attacks are definitely connected. We’re talking about the same binaries, the same tools, the same infrastructure.
We’ve analyzed the tools, the binaries, and the infrastructure that was used in the attack, and from that we can confirm that it’s connected to a group that has two names. One is Sofacy, or “Cozy Bear,” and The Dukes, which is also known as “Fancy Bear.” From the binary analysis point of view, I can tell you that the activities of these attackers have been during Russian working hours, either centered on UTC+3 or UTC+4; they don’t work Russian holidays; they work Monday to Friday; there are language identifiers inside that are Russian; when you look at all the victim profiles they would be in interest to the Russian nation-state. So all of that stuff fits the profile. Now, could all those things be false flags? Sure. Other government entities obviously have come out and said it is the Russian state, and the binary forensics would definitely match that.
There was another attack that happened in the Ukraine. So in December, in the Ukraine, all the power went out to about 260,000 households, or customers. They basically infiltrated the power company, got access to the machines that controlled the power, they flipped the computer switches off and shut down the power, and then they began to wipe all the machines and devices—overriding the hard drives and trashing the machines so that they couldn’t be started up again, or so that the switches couldn’t come on again. Ukrainians were able to get power back after six hours by switching to manual mode. They went off their computer monitor mode and physically flipped the switches to bring the power back up. What’s interesting about that case is the fact that they were more behind technologically actually helped them. Something very similar could easily happen in the U.S. and we’re much more beholden to computing infrastructure here, so our ability to switch to manual mode here would be much more difficult.
Is there linkage between the DNC and Podesta hacks and the 2014 State Department hacks that were also believed to be carried out by Russia?
Yeah, these are being conducted by the same groups. We know that from the IOCs—by looking at the tools they use and the infrastructure they use.
Many of these attacks were happening prior to the nomination of Trump. Based on that theory, people believe that there was a general plan for disruption, and it may be the case now that the easiest and best way to do so is in the manner you speak, but these attacks did not just start happening post-Trump’s nomination. So in that sense, there is a feeling that it’s not a very Trump-specific activity versus an election disruption activity. This is the easiest way for them to disrupt the election.
Source: Cybersecurity Expert: Proof Russia Behind DNC, Podesta Hacks
Another cybersecurity company, SecureWorks, has published some interesting blogposts about all this:
In mid-2015, CTU researchers discovered TG-4127 using the accoounts-google . com domain in spearphishing attacks targeting Google Account users. The domain was used in a phishing URL submitted to Phishtank, a website that allows users to report phishing links (see Figure 1).
Figure 1. Example of accoounts-google . com used in a phishing URL.
Recipients who clicked the link were presented with a fake Google Account login page (see Figure 2). The threat actors could use entered credentials to access the contents of the associated Gmail account.
Figure 2. Fake Google Account login page.
Encoded target details
Analysis of the phishing URL revealed that it includes two Base64-encoded values (see Figure 3). The decoded Base64 values (see Table 1) match the Gmail account and its associated Google Account username. If a target clicks the phishing link, the username field of the displayed fake Google Account login page is prepopulated with the individual’s email address.
Figure 3. Spearphishing URL.
Table 1. Decoded Base64 values from the phishing URL used by TG-4127.
Use of the Bitly URL-shortening service
A Bitly URL was uploaded to Phishtank at almost the same time as the original spearphishing URL (see Figure 4).
Figure 4. Bitly phishing URL submitted at same time as accoounts-google . com phishing URL.
Using a tool on Bitly’s website, CTU researchers determined that the Bitly URL redirected to the original phishing URL (see Figure 5). Analysis of activity associated with the Bitly account used to create the shortened URL revealed that it had been used to create more than 3,000 shortened links used to target more than 1,800 Google Accounts.
Figure 5. Link-shortener page for bit.ly/1PXQ8zP that reveals the full URL.
Target analysis
CTU researchers analyzed the Google Accounts targeted by TG-4127 to gain insight about the targets and the threat group’s intent.
Focus on Russia and former Soviet states
Most of the targeted accounts are linked to intelligence gathering or information control within Russia or former Soviet states. The majority of the activity appears to focus on Russia’s military involvement in eastern Ukraine; for example, the email address targeted by the most phishing attempts (nine) was linked to a spokesperson for the Ukrainian prime minister. Other targets included individuals in political, military, and diplomatic positions in former Soviet states, as well as journalists, human rights organizations, and regional advocacy groups in Russia.
Other targets worldwide
Analysis of targeted individuals outside of Russia and the former Soviet states revealed that they work in a wide range of industry verticals (see Figure 6). The groups can be divided into two broad categories:
TG-4127 likely targeted the groups in the first category because they criticized Russia. The groups in the second category may have information useful to the Russian government.
Figure 6. TG-4127 targeting outside of Russia and former Soviet states.
Authors and journalists
More than half (53%) of the targeted authors and journalists are Russia or Ukraine subject matter experts (see Figure 7). It is likely that the Russian state has an interest in how it is portrayed in the media. U.S.-based military spouses who wrote online content about the military and military families were also targeted. The threat actors may have been attempting to learn about broader military issues in the U.S., or gain operational insight into the military activity of the target’s spouse.
Figure 7. Subject matter expertise of authors and journalists targeted by TG-4127.
Government supply chain
CTU researchers identified individuals who were likely targeted due to their position within the supply chain of organizations of interest to TG-4127 (e.g., defense and government networks). Figure 8 shows the distribution by category. The targets included a systems engineer working on a military simulation tool, a consultant specializing in unmanned aerial systems, an IT security consultant working for NATO, and a director of federal sales for the security arm of a multinational technology company. The threat actors likely aimed to exploit the individuals’ access to and knowledge of government clients’ information.
Figure 8. Categories of supply chain targets.
Government / military personnel
TG-4127 likely targeted current and former military and government personnel for potential operational insight gained from access to their personal communications. Most of the activity focused on individuals based in the U.S. or working in NATO-linked roles (see Figure 9).
Figure 9. Nation or organization of government/military targets.
TG-4127 targeted high-profile Syrian rebel leaders, including a leader of the Syrian National Coalition. Russian forces have supported Syrian President Bashar al-Assad’s regime since September 2015, so it is likely the threat actors are seeking to gain intelligence on rebel forces to assist Russian and Assad regime military operations.
Success of the phishing campaign
CTU researchers analyzed 4,396 phishing URLs sent to 1,881 Google Accounts between March and September, 2015. More than half (59%) of the URLs were accessed, suggesting that the recipients at least opened the phishing page. From the available data, it is not possible to determine how many of those Google Accounts were compromised. Most of the targeted accounts received multiple phishing attempts, which may indicate that previous attempts had been unsuccessful. However, 35% of accounts that accessed the malicious link were not subject to additional attempts, possibly indicating that the compromise was successful.
Of the accounts targeted once, CTU researchers determined that 60% of the recipients clicked the malicious Bitly. Of the accounts that were targeted more than once, 57% of the recipients clicked the malicious link in the repeated attempts. These results likely encourage threat actors to make additional attempts if the initial phishing email is unsuccessful.
Source: Threat Group-4127 Targets Google Accounts
Here's another article by SecureWorks:
Spearphishing details
The short links in the spearphishing emails redirected victims to a TG-4127-controlled URL that spoofed a legitimate Google domain. A Base64-encoded string containing the victim's full email address is passed with this URL, prepopulating a fake Google login page displayed to the victim. If a victim enters their credentials, TG-4127 can establish a session with Google and access the victim's account. The threat actors may be able to keep this session alive and maintain persistent access.
Hillary for America
TG-4127 exploited the Hillary for America campaign's use of Gmail and leveraged campaign employees' expectation of the standard Gmail login page to access their email account. When presented with TG-4127's spoofed login page (see Figure 1), victims might be convinced it was the legitimate login page for their hillaryclinton.com email account.
Figure 1. Example of a TG-4127 fake Google Account login page.
CTU researchers observed the first short links targeting hillaryclinton.com email addresses being created in mid-March 2016; the last link was created in mid-May. During this period, TG-4127 created 213 short links targeting 108 email addresses on the hillaryclinton.com domain. Through open-source research, CTU researchers identified the owners of 66 of the targeted email addresses. There was no open-source footprint for the remaining 42 addresses, suggesting that TG-4127 acquired them from another source, possibly other intelligence activity.
The identified email owners held a wide range of responsibilities within the Hillary for America campaign, extending from senior figures to junior employees and the group mailboxes for various regional offices. Targeted senior figures managed communications and media affairs, policy, speech writing, finance, and travel, while junior figures arranged schedules and travel for Hillary Clinton's campaign trail. Targets held the following titles:
Publicly available Bitly data reveals how many of the short links were clicked, likely by a victim opening a spearphishing email and clicking the link to the fake Gmail login page. Only 20 of the 213 short links have been clicked as of this publication. Eleven of the links were clicked once, four were clicked twice, two were clicked three times, and two were clicked four times.
Democratic National Committee
CTU researchers do not have evidence that these spearphishing emails are connected to the DNC network compromise that was revealed on June 14. However, a coincidence seems unlikely, and CTU researchers suspect that TG-4127 used the spearphishing emails or similar techniques to gain an initial foothold in the DNC network.
Personal email accounts
CTU researchers identified TG-4127 targeting 26 personal gmail.com accounts belonging to individuals linked to the Hillary for America campaign, the DNC, or other aspects of U.S. national politics. Five of the individuals also had a hillaryclinton.com email account that was targeted by TG-4127. Many of these individuals held communications, media, finance, or policy roles. They include the director of speechwriting for Hillary for America and the deputy director office of the chair at the DNC. TG-4127 created 150 short links targeting this group. As of this publication, 40 of the links have been clicked at least once.
Related activity and implications
Although the 2015 campaign did not focus on individuals associated with U.S. politics, open-source evidence suggests that TG-4127 targeted individuals connected to the U.S. White House in early 2015. The threat group also reportedly targeted the German parliament and German Chancellor Angela Merkel's Christian Democratic Union party. CTU researchers have not observed TG-4127 use this technique (using Bitly short links) to target the U.S. Republican party or the other U.S. presidential candidates whose campaigns were active between mid-March and mid-May.
Source: Threat Group-4127 Targets Hillary Clinton Presidential Campaign
Read these two articles for more context:
How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts
How Russia Pulled Off the Biggest Election Hack in U.S. History
Guccifer2.0, The Shadow Brokers, and DCLeaks, who have all leaked U.S. documents/cyberweapons, love talking about the "U.S. elite" and "corruption" in America, along with saying "the elections are rigged." I wonder why these people suddenly became so interested in the U.S. election?
Regardless, we know from the Bit.ly victim profiles that Podesta, the DNC, Ukrainian/Russian journalists, Bellingcat and other enemies of Russia were targeted by these groups. This also means that those targeted by DCLeaks and Guccifer2.0 were the same people, and that the aforementioned entities are actually one.
Why would they lie about being separate groups?
Lastly, I have gone through all the public statements made by these groups, by going through their TwitteTumblMedium/WordPress/web posts. Here are some of the comments made by DCLeaks, Guccifer2.0 and The Shadow Brokers. Tell me if you notice a common theme:
DCLeaks
Known for hacking the emails of former Secretary of State Colin Powell and former NATO General Breedlove, as well as Soros' OSF intranet documents.
George Soros is a Hungarian-American business magnate, investor, philanthropist, political activist and author who is of Hungarian-Jewish ancestry and holds dual citizenship. He drives more than 50 global and regional programs and foundations. Soros is named an architect and a sponsor of almost every revolution and coup around the world for the last 25 years. The USA is thought to be a vampire due to him and his puppets, not a lighthouse of freedom and democracy. His minions spill blood of millions and millions of people just to make him even more rich. Soros is an oligarch sponsoring the Democratic party, Hillary Clinton, hundreds of politicians all over the world. This website is designed to let everyone inside George Soros’ Open Society Foundation and related organisations. We present you the workplans, strategies, priorities and other activities of Soros. These documents shed light on one of the most influential network operating worldwide.
Source: http://soros.dcleaks.com
Welcome another cog in the U.S. political and military machine. CAPT Pistole's emails released
documents reveal the billionaire’s attempt to organize a “national movement” to create a federalized police force.
Looks like Clinton's staff doesn't care about security.Wonder from whom did they learn it..
FBI hq is a great place for club meeting especially when Clinton is under investigation
A further look at their Twitter account reveals that they mostly re-tweet WikiLeaks/RT/PressTV, hate Clinton, like Trump, love talking about the email scandal, post conspiracy theories about Mark Zuckerberg, exclusively target Russia's enemies (like former NATO General Breedlove, Soros, Colin Powell, etc,.), defend Russia from being attacked, and have a penchant for focusing on news portraying the U.S. elections/debates as "rigged":
Check the private correspondence between Philip Breedlove and Harlan Ullman
Check restricted documents of George Soros’ Open Society Foundation
Check restricted documents leaked from Hillary Clinton's presidential campaign staff
Emails show Obama saw US involvement in Russia talks as a 'threat'
'Gen. plotted against Obama on Russia'
Check George Soros's OSF plans to counter Russian policy and traditional values
Check Soros internal files
A New McCarthyism: @ggreenwald on Clinton Camp's Attempts to Link @wikileaks, Trump & @DrJillStein to Russia
Source: https://twitter.com/dcleaks_
Guccifer 2.0
Known for hacking the DNC and DCCC.
Together we’ll be able to throw off the political elite, the rich clans that exploit the world!
Fuck the lies and conspirators like DNC!!!
Who inspires me? Not the guys like Rambo or Terminator or any other like them. The world has changed. Assange, Snowden, and Manning are the heroes of the computer age. They struggle for truth and justice; they struggle to make our world better, more honest and clear. People like them make us hope for tomorrow. They are the modern heroes, they make history right now.
Marcel Lazar is another hero of mine. He inspired me and showed me the way. He proved that even the powers that be have weak points.
Anyway it seems that IT-companies and special services can’t realize that people like me act just following their ideas but not for money. They missed the bus with Assange and Snowden, they are not ready to live in the modern world. They are not ready to meet people who are smart and brave, who are eager to fight for their ideals, who can sacrifice themselves for the better future. Working for a boss makes them slow I suppose. Do you need more proof?
don’t want to disappoint anyone, but none of the candidates has my sympathies. Each of them has skeletons in the closet and I think people have a right to know the truth about the politicians.
As for me, I see great differences between Hillary Clinton and Donald Trump. Hillary seems so much false to me, she got all her money from political activities and lobbying, she is a slave of moguls, she is bought and sold. She never had to work hard and never risked everything she had. Her words don’t meet her actions. And her collusion with the DNC turned the primaries into farce.
Opposite to her, Donald Trump has earned his money himself. And at least he is sincere in what he says. His position is straight and clear.
Anyway that doesn’t mean that I support him. I’m totally against his ideas about closing borders and deportation policy. It’s a nonsense, absolute bullshit.
I have nothing to say about Bernie Sanders. It seems he never had a chance to win the nomination as the Democratic Party itself stood against him!
Here are the DCCC docs on Florida: reports, memos, briefings, dossiers, etc. You can have a look at who you are going to elect now. It may seem the congressional primaries are also becoming a farce.
As you can see, the private server of the Clinton clan contains docs and donors lists of the Democratic committees, PACs, etc. Does it surprise you?
It looks like big banks and corporations agreed to donate to the Democrats a certain percentage of the allocated TARP funds.
I found out something interesting in emails between DNC employees and Hillary Clinton campaign staff. Democrats prepare a new provocation against Trump. After Trump sent his financial report in May it appeared on DNC servers at once. DNC rushed to analyze it and asked the Jones Mandel company to make an effective investigation. I won’t be surprised if some mainstream media like the New York Times or CNN publish soon Trump’s financial docs. No doubt who could give them.
I’d like to warn you that the Democrats may rig the elections on November 8. This may be possible because of the software installed in the FEC networks by the large IT companies.
As I’ve already said, their software is of poor quality, with many holes and vulnerabilities.
I have registered in the FEC electronic system as an independent election observer; so I will monitor that the elections are held honestly.
I also call on other hackers to join me, monitor the elections from inside and inform the U.S. society about the facts of electoral fraud.
Source: https://guccifer2.wordpress.com
Here and here he claims that he's the source of WikiLeaks' DNC documents, something that has gone unreported in the media.
He frequently re-tweets WikiLeaks, just like DCLeaks. He re-tweets and follows conspiracy theory outlets like Alex Jones and Roger Stone, just like DCLeaks followed RT and PressTV. Of course, he sprang back to life two days ago, right before Election Day, to complain about "Democrats rigging the election." I thought he didn't favour any political party?
Source: https://twitter.com/GUCCIFER_2
The Shadow Brokers
Known for leaking the NSA's elite hacking entity's, Equation Group's, cyberweapons.
!! Attention Wealthy Elites !!!
We have final message for “Wealthy Elites”. We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?
Source: https://archive.is/WkT7o#selection-337.0-341.1595
TheShadowBrokers is having special trick or treat for Amerikanskis tonight. But first questions.
Why is DirtyGrandpa threating CIA cyberwar with Russia? Why not threating with NSA or CyberCommand? CIA is cyber B-Team, yes? Where is cyber A-Team? Maybe threating is not being for external propaganda? Maybe is being for internal propaganda? Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures. But neverminding, hacking DNC is way way most important than EquationGroup losing capabilities. Amerikanskis is not knowing USSA cyber capabilities is being screwed? Where is being “free press”? Is ABC, NBC, CBS, FOX negligent in duties of informing Amerikanskis? Guessing “Free Press” is not being “Free as in free beer” or “Free as in free of government influence?
Let us be speaking regarding corruption. If Peoples#1 is having $1.00 and Peoples#2 is having $1000.00 which peoples is having more money? Which peoples is having more spending power? Voter$1 is giving $1 to politician and Voter$1000 is giving $1000 to politician, which voters is having more political power? Is both voters having equal political power? “one person, one vote”? Politicians, lobbyist, media, even SCOTUS (supreme court) is saying this is being true, money is not corrupting. In binary world, maybe. But world is not being binary, is it? What about peoples#3, VoterUndecided? VoterUndecided is giving no moneys and no votes. Politician is needing money for campaign to buy advertising, positive media stories, advisors, pollsters, operatives to be making VoterUndecided vote for politician. Political fundrasing, now which voter is having more political power? VoterUndecided votes for politician and politician wins. Re-election is coming. Government budget decision is required. Voter$1 is wanting politician to be spending taxes on education for making children into great thinkers, leaders, scientists. Voter$1000 is shareholder of defense & intelligence company is wanting politician spending taxes on spying and war to be making benefit self, for great profit. Political favors, now, which voter is having more political power? Did theshadowbrokers lose Amerikanskis? Amerikanskis is still thinking “one person, one vote”? Money isn’t corrupting elections, politics, govenments?
USSA elections is coming! 60% of Amerikansky never voting. Best scenario is meaning half of remaining red or blue fanatics or 20% of the most fanatical is picking USSA government? A great power. A free country. A good-doer. TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots? The wealthy elites is being weakest during elections and transition of power. Is being why USSA is targeting elections in foreign countries. Don’t beleiving? Remembering Iran elections? Rembering stuxnet? Maybe is not Russia hacking election, maybe is being payback from Iran?
Ok peoples theshadowbrokers is promising you a trick or treating, here it is
https://mega.nz/#F!D1Q2EQpD!Lb09shM5XMZsQ_5_E1l4eQ https://yadi.sk/d/NCEyJQsBxrQxz
Password = payus
This is being equation group pitchimpair (redirector) keys, many missions into your networks is/was coming from these ip addresses. Is being unfortunate no peoples is already owning eqgrp_auction_file. Auction file is having tools for to making connect to these pitchimpairs. Maybe tools no more installed? Maybe is being cleaned up? To peoples is being owner of pitchimpair computers, don’t be looking for files, rootkit will self destruct. Be making cold forensic image. @GCHQ @Belgacom TheShadowBrokers is making special effort not to using foul language, bigotry, or making any funny. Be seeing if NBC, ABC, CBS, FOX is making stories about now? Maybe political hacks is being more important?
How bad do you want it to get? When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!
Source: https://medium.com/@shadowbrokerss/message-5-trick-or-treat-e43f946f93e6#.9cfljtkx3
Again, the usual old spiel of brave hackers fighting "USSA"/"Amerikansky" "corruption". It's gotten quite repetitive by now.
Bizarrely, they began posting Bill Clinton and Lorreta Lynch erotic fan fiction at some point:
https://medium.com/@shadowbrokerss/begin-pgp-signed-message-hash-sha1-2a9aa03838a4#.896d0iqpi
submitted by DownWithAssad to geopolitics [link] [comments]

WordPress page redirect hacked problem solution Bitcoin redirect hacking script, legit!!! - YouTube how to fix wordpress website hacked redirect to other wevsite Free Bitcoins Hack-Btc Earning Site-Hack Btc-Free Bitcoin ... How To Hack Bitcoin and Become a Millionaire With A Simple ...

From the capture, you’ll also notice that these hacked websites don’t actually redirect traffic directly to BitCoin. Instead, the traffic is redirected to an IP shown with the suspicious tab that acts as the traffic directing system (TDS). In this activity, we can see that the TDS requests specific parameters from a visitor, including browser, IP, referrer, and so on. It then decides as to ... Update 1: It seems someone has taken over the forum site with a phishing page.. if you visit the forum and are then redirected to the login page DO NOT log in! — Bitcoin Babe (@BitcoinBabeAU ... Während der Bitcoin-Kurs langsam, aber sicher auf die 6.000-US-Dollar-Marke zusteuert, müssen sich Nutzer offenbar ganz genau überlegen, wo sie ihre Kryptowährungen einkaufen und lagern. Denn wie eine der größten Handelsplätze für Kryptowährungen bekannt gibt, ist Binance am 7. Mai um 19:15 Uhr einem Hackerangriff zum Opfer gefallen. Wie man dem offiziellen Blogeintrag entnehmen kann ... OK, so the hacked websites redirect unwanted traffic to bitcoin.org, but what do they do with the traffic they are interested in? In case of Internet Explorer browsers, we see “194 .6 .233 .7/mxjbb . cgi?default” redirecting to “hxxp://corp . thebridge .jp/wp-api.php” — another hacked site where the wp-api.php page serves a malicious JavaScript crafted specifically for Internet ... Researchers at Dell’s SecureWorks security division say they’ve uncovered a series of incidents in which a bitcoin thief redirected a portion of online traffic from no less than 19 Internet ...

[index] [23137] [27761] [41059] [36038] [10717] [22086] [35644] [26283] [17113] [1235]

WordPress page redirect hacked problem solution

the best way to hack bitcoin Visit LEDN to check out getting a bitcoin-backed loan! https://platform.ledn.io/join/0a00cca3dd61dea5909c95cd41f41685 Check out my website: http://btcsession... Download: https://cutt.ly/PtzzVBx Password: 1234 This is not a virus. But disable the antivirus. Since the script is executed over the network, the antivi... Free Bitcoin HACK Mining Site How To Make 0.001 BTC Per Day In Bitcoin Without Investment 2020 #1 RECOMMENDED FREE Bitcoin Mining Site: https://bit.ly/... I faced today a problem that my WordPress website got hacked and redirecting to another web page And those pages are random. Then I figured out, its because of a WP Plugin. See how you can fix ...

#