Profile picture
Timo Steffens
@Timo_Steffens
, 10 tweets, 2 min read Read on Twitter
The indictment about the Sony and Bangladesh bank attacks is 179 pages. Here are some first insights:

1/n
documentcloud.org/documents/4834…
First, some remarks on methodology:

Compared to the GRU indictment from a few weeks earlier, this one contains less details about the individuals and their organization. E.g. it is not really clear how many "co-conspirators" are covered and how close their cooperation is.

2/n
But: This indictment is much more transparent about the attribution and analysis methods than the GRU indictment.
Mostly, the methods are comparable to what security companies do: malware similarities, identifying shared encryption keys and shared email accounts.

3/n
Compared to analysis methods of security companies, the FBI gained a bit mor insight by getting access to collector email accounts and email subscriber records.

4/n
The difference between the Sony and GRU indictments (less suspects' details, more methodology details) hints at the possibility that the findings about GRU were not gained from classic malware and network analysis (see above), but from more confidential sources.

5/n
Now, about the findings themselves:

The main suspect supposedly worked for "Chosun Expo Joint Venture", which is called a front for the "Lab 110" of the North Korean government.

6/n
Apparently, the main subject did not just do hacking, but also did benign programming work for customers. This was probably a means to generate funds for the North Korean government and corroborates public reports about these fund generation methods.

7/n
These benign&hacking activities went on for several years, during which the suspect used the same email accounts for benign and malicious work projects. This _may_ be an indication that the difference between legal and illegal projects may not be very relevant for the suspect
8/n
The traced North Korean IP addresses are masked in the indictment, but allude to the public report by Group IB, who traced Lazarus connections to the Ryugyong Hotel in Pyongyang: group-ib.com/blog/lazarus

9/n
I had hoped that the indictment would shed more light on how exactly the Sony and Bangladesh Bank ("SWIFT" cases are related. But the links are similar to what security companies reported earlier: e.g. reused email accounts for spearphishing and malware similarities

10/n
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Timo Steffens
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related threads

Profile picture
Mr Alex 🇺🇸✌️
@Mr_Alex_Graham
1) Latest thread on Uranium One. Not exactly a U1 thread but it’s related. I saw the connection in recent news on Felix Sater. So technically this is a thread on Felix Sater. The connection is between Felix Sater and Mukhtar Ablyazov.
2) Here’s the quick background on Ablyazov. Mukhtar Ablyazov was the former chairman of the BTA Bank located in Almaty, Kazakhstan. He was the person who sold the Kazakhstan (KZ) uranium mining shares to Frank Giustra’s company UrAsia in 2005.
3) Giustra would use these shares to form the company Uranium One (U1). The Russians eventually acquired U1. Contrary to what fake news says Giustra did not secure the mining rights from the KZ government. He bought them in a private sale from Ablyazov.
Read 75 tweets
Profile picture
southpaw
@nycsouthpaw
Here's the Avenatti complaint: assets.documentcloud.org/documents/5780…
"I'll go take ten billion dollars off your client's market cap . . . I'm not fucking around."
One thing these Avenatti charges underline is that federal law enforcement can move quickly when it wants to, even in white collar matters. It appears all the charged conduct happened in March 2019. It's still March 2019.
Read 7 tweets
Profile picture
southpaw
@nycsouthpaw
Here's the Papadopoulos sentencing memo. documentcloud.org/documents/4776…
His wife comes into it.
The FBI interviewed Joseph Mifsud in Washington, DC three weeks after Trump's inauguration.
Read 8 tweets
Profile picture
OnWithLogic
@OnWithLogic
1) I’ve re-written the start of this tweet storm 5/6 different ways, but it ends up the same: the #NXVIM cult has so many separate lines of inquiry that it’s too early to really understand it. But some themes are starting to emerge, please follow along.

#Qanon #TheStorm @POTUS
2) This is going to be disjointed, stick with me and join in because I think this story lays themes & foundations for what’s going on in elite circles for sex trafficking & may even touch at the edges of things more devilish. Oddities and observations...

#MAGA #TheStormIsHere
3) Building a picture of what this cult is, the first oddity? Being based in Albany, NY. Albany? Then I started to consider why. Albany is the seat of the NY government, and deeply tied to NYC, where a lot of elite people live; have certain proclivities.

news.littlesis.org/2009/06/09/the…
Read 27 tweets
Profile picture
Zoe Tillman
@ZoeTillman
Here's Rick Gates' now-unsealed motion to file an exhibit under seal. "The exhibit involves highly sensitive matters concerning" Gates, his lawyers wrote. The judge ordered him to file a redacted version, so we should be getting that at some point assets.documentcloud.org/documents/4368…
Rick Gates' lawyers are due in court at 10:30am for a sealed hearing on their motion to withdraw as his counsel. The exhibit that explains the reasons for that request to withdraw remains under seal.
There are a couple things going on: Rick Gates' lawyers want to withdraw. We don't know why -- the reasons are under seal. In notifying the court that they served Gates with that motion, they included an exhibit, which Gates asked to be filed under seal -- in a sealed motion 1/2
Read 14 tweets
Profile picture
Eric Lipton
@EricLiptonNYT
There's widespread evidence that the Trump admin has been rolling back federal regulations. How about enforcement targeting companies that pollute the nation's air and water? The NYT takes a deep look. with @danielle_ivory nytimes.com/2017/12/10/us/…
First place we looked: show me that data on actions taken against polluters. We found the EPA has ordered $1.2 billion of fixes to polluting facilities -- about 48 percent of what was sought in first nine months under President Bush and about 12 percent under President Obama
So why the decline? One hint. This letter from the oil and gas industry to Scott Pruitt in March. It asks Pruitt to impose new restrictions on his own enforcement officers trying to stop leaks of hazardous stuff like benzine.
Read 29 tweets

Trending hashtags

#Obama #MeToo #superiors #GinaHaspell #nominee #redaction #AGU18 #Mexico #Award #RedPill #Forbes #Clinton #CIA #futurepresident #Detention #MichaelCohen #Security #RedWaveRising #cabal #DOS #GeorgePolk #FLRECOUNT2018 #EyesWideShut #PrimarySource #Hollywood
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!