Profile picture
The_War_Economy @The_War_Economy
, 83 tweets, 45 min read Read on Twitter
Thread on CrowdStrike. I'll just add to it whenever I can be bothered.
On June 2, 2014, the US DOJ published "US Leads Multi-National Action Against GameOver Zeus Botnet and Cryptolocker Ransomware, Charges Botnet Administrator", where they worked with Dell SecureWorks and CrowdStrike to take down Evgeniy Bogachev.

fbi.gov/news/pressrel/…
In mid-2014, the organisation "Fancy Bear" started to target journalists, bloggers and publishers, with the list totalling over 200 people.

apnews.com/c3b26c647e7940…
In January 2015, "Fancy Bear" started to infiltrate, acting as the organisation "CyberCaliphate", the networks of TV5Monde's computer systems.

independent.co.uk/news/world/eur…
In March 2015, Pavel Lobkov was targeted by "Fancy Bear".

apnews.com/c3b26c647e7940…
On April 14, 2015, ThreatConnect, Inc. and CrowdStrike announced a partnership with each other.

threatconnect.com/press-releases…
During the 2015 United Kingdom general election, "Fancy Bear" attempted to target every Whitehall server, but they were defeated by GCHQ.

independent.co.uk/news/uk/home-n…
In Summer 2015, "Cozy Bear" successfully infiltrated the Democratic National Committee, according to CrowdStrike Services.

washingtonpost.com/world/national…
On June 10, 2015, "Fancy Bear" attempted to hack into the e-mail account of Adrian Chen.

apnews.com/c3b26c647e7940…
On June 26, 2015, "Fancy Bear" targeted Maria Titizian.

apnews.com/c3b26c647e7940…
In July 2015, the Federal Bureau of Investigation hired CrowdStrike Services for a 1-year contract worth $150,000.00.

mcclatchydc.com/news/nation-wo…
On July 13, 2015, Google Capital made a $100 million investment into CrowdStrike.

fortune.com/2015/07/13/goo…
In November 2015, Robert Johnston was hired as a Principal Consultant at CrowdStrike in Washington, DC.

linkedin.com/in/robertsjohn…
After December 1, 2015, Pavel Lobkov's Facebook messages were leaked by "Fancy Bear".

apnews.com/c3b26c647e7940…
Between February 12 - 14, 2016, the Munich Security Conference is hosted. It is attended, as an observer, by Dmitry Alperovitch.

securityconference.de/fileadmin/MSC_…
In March 2016, "Fancy Bear" penetrated the computers at the Democratic Congressional Campaign Committee and then moved over to the Democratic National Committee, investigators believe.

nytimes.com/2016/12/13/us/…
In March 2016, SecureWorks' Counter Threat Unit identified a spearphishing campaign which used Bitly accounts to shorten URLs, which affected the Democratic National Committee and the Clinton campaign.

secureworks.com/research/threa…
On March 1, 2016, Dmitri Alperovitch spoke at the RSA Conference, discussing "Detection, Prevention and Response Strategy: The Return of the Endpoint" with Anton Chuvakin (moderator), Rafal Los and Rick Holland.

rsaconference.com/events/us16/ag…
On March 3, 2016, Dmitri Alperovitch and George Kurtz spoke at the RSA Conference, discussing "Hacking Exposed: The Mac Attack".

rsaconference.com/events/us16/ag…
On the same day, March 3, Shawn Henry spoke at the RSA Conference, discussing "Not So Fast... Myths and Misunderstanding Surrounding Reactive Strikes" with Gerry Stegmaier.

rsaconference.com/events/us16/ag…
On March 7, 2016, CrowdStrike, Inc. announced the launch of their EMEA operations by opening an office in London, England.

crowdstrike.com/resources/news…
Between March 7 - 8, 2016, CrowdStrike, Inc. attended the e-Crime and Information Security Congress in London, England.

crowdstrike.com/resources/news…
On March 19, 2016, Charles Delavan sent an e-mail to Sara Latham and Shane Hable titled "Re: Someone has your password", where he requested for John Podesta to change his password.

nytimes.com/2016/12/13/us/…
On the same day, March 19, John Podesta received the phishing e-mail, where he changed his password upon recommendation from Charles Delavan, allegedly allowing "Fancy Bear" to gain access to his e-mails.

nytimes.com/2016/12/13/us/…
On March 21, 2016, the website misdepatrment.com was registered to spoof the website of The MIS Department, Inc..

washingtonpost.com/world/national…
In April 2016, the Federal Bureau of Investigation and other intelligence agencies started to federally investigate the cyber attacks on the Democratic National Committee.

nytimes.com/2016/07/27/us/…
On April 5, 2016, the International Association of Privacy Professionals hosted the Global Privacy Summit in Washington, DC for its third day. Michael Sussmann and James A. Baker hosted a discussion titled "A Candidate Interview with James A. Baker".

iapp.org/conference/pas…
By mid-April 2016, the Democratic National Committee installed a set of monitoring tools after multiple campaign officials lost control of their accounts due to phishing e-mails.

nytimes.com/2016/12/13/us/…
On April 18, 2016, Steven Chabinsky was appointed by President Barack Obama to the Commission On Enhancing National Cybersecurity.

crowdstrike.com/resources/news…
On April 19, 2016, the website DCLeaks was registered after an initial attempt to register the domain electionleaks dot com.

justice.gov/file/1080281/d…
In late April 2016, "Fancy Bear" allegedly gained access to the Democratic National Committee's networks and targeted the opposition research on Donald Trump.

washingtonpost.com/world/national…
On April 29, 2016, an internal Democratic National Committee e-mail, possibly from Amy Dacey, was sent to Michael Sussmann, with the contents having the DNC employee being worried that the DNC had been hacked, with regards to password theft.

nytimes.com/2016/12/13/us/…
On the same day, April 29, an internal committee at the DNC was formed by Amy Dacey to discuss the potential password theft. The committee contained Dacey, Representative Debbie Wasserman Schultz, Andrew Brown and Michael Sussmann.

nytimes.com/2016/12/13/us/…
On the same day, April 29, Michael Sussmann sent an e-mail to his clients to tell them to avoid using the Democratic National Committee e-mail addresses.

nytimes.com/2016/12/13/us/…
On the same day, April 29, Michael Sussmann contacted Shawn Henry to request his assistance with the Democratic National Committee's issues, hiring CrowdStrike Services.

washingtonpost.com/world/national…

nytimes.com/2016/12/13/us/…
On April 30, 2016, CrowdStrike Services finished installing software onto the Democratic National Committee's computers to analyse data that could indicate who gained access and when.

washingtonpost.com/world/national…
On the same day, April 30, CrowdStrike Services informed the Democratic National Committee that their systems had been infiltrated by Russia.

nytimes.com/2016/12/13/us/…
In May 2016, DNC leadership were briefed by Robert Johnston on two separate Russian cyber attacks which had taken all e-mails sent by DNC employees. Rep. Wasserman Schultz listened into the briefing via speakerphone. Johnston said hacking was routine.

buzzfeednews.com/article/jasonl…
In May 2016, SecureWorks completed their analysis of the 8,909 Bitly links which had targeted 3,907 Gmail accounts.

secureworks.com/research/threa…
On May 6, 2016, at 06:00 AM, Dmitri Alperovitch received an alarm from the software package Falcon that Russia was infiltrating the Democratic National Committee network, something which had been detected within 10 seconds of it being installed on their computer networks.
The CrowdStrike analyst then informed Dmitri Alperovitch that "Cozy Bear" and "Fancy Bear" had been identified as the culprits. At the time, Alperovitch was located at a hotel in Los Angeles, CA.

esquire.com/news-politics/…
On June 7, 2016, agents at the Federal Bureau of Investigation interviewed Marcel "Guccifer" Lazar, where he apparently stated that he never claimed to have hacked the Clinton server.

politico.com/story/2016/09/…
On June 8, 2016, the website DC Leaks was officially launched.

justice.gov/file/1080281/d…
On June 10, 2016, employees at the Democratic National Committee were instructed to leave their laptops in their offices to allow CrowdStrike to replace the software on them.

esquire.com/news-politics/…
On June 12, 2016, CrowdStrike completed their operation on replacing the software on the Democratic National Committee employee laptops, where Dmitri Alperovitch then took his team to a Brazilian steakhouse to celebrate.

esquire.com/news-politics/…
Before June 14, 2016, executives at the Democratic National Committee met with the Federal Bureau of Investigation, where they requested for the United States Government to attribute their hacking to Russia.

nytimes.com/2016/12/13/us/…
Before June 14, 2016, on the advice of Michael Sussmann, CrowdStrike and the Democratic National Committee crafted a story to damage control the hacks on their computers, which was then passed over to The Washington Post.

nytimes.com/2016/12/13/us/…

buzzfeednews.com/article/jasonl…
On June 14, 2016, Ellen Nakashima, with contributions from Tom Hamburger, published the article "Russian government hackers penetrated DNC, stole opposition research on Trump" in The Washington Post.

washingtonpost.com/world/national…
On June 15, 2016, Dmitri Alperovitch published the blog post "Bears in the Midst: Intrusion into the Democratic National Committee" on the CrowdStrike website, where he claimed "Fancy Bear" was behind the Democratic National Committee hacks.

crowdstrike.com/blog/bears-mid…
On the same day, June 15, "Guccifer 2.0" claimed credit for hacking the network of the Democratic National Committee.

guccifer2.wordpress.com/2016/06/15/dnc/

thesmokinggun.com/file/roger-sto…
On the same day, June 15, Sam Biddle and Gabrielle Bluestone published the article "This Looks Like the DNC's Hacked Trump Oppo File" in Gawker, which was about "Guccifer 2.0", with embedded metadata created by Warren Flood, created on December 19, 2015.

gawker.com/this-looks-lik…
On June 16, 2016, SecureWorks published the article "Threat Group-4127 Targets Hillary Clinton Presidential Campaign", which was about "Fancy Bear", to their official website.

secureworks.com/research/threa…
On June 17, 2016, ThreatConnect, Inc. released a press statement titled "Rebooting Watergate: Tapping into the Democratic National Committee", where they used the CrowdStrike blog post as a basis for further research into the breach of the DNC.

threatconnect.com/blog/tapping-i…
On June 20, 2016, Fidelis Cybersecurity published a press release titled "Findings from Analysis of DNC Intrusion Malware", where they mentioned that they had been provided malware samples from the CrowdStrike investigation.

fidelissecurity.com/threatgeek/mal…
On the same day, June 20, "Guccifer 2.0" created their Twitter account.
On June 26, 2016, SecureWorks published the article "Threat Group-4127 Targets Google Accounts" on their official website, which was dedicated to their efforts tracking the activities of "Fancy Bear".

secureworks.com/research/threa…
On June 30, 2016, Matt Tait started to tweet about his findings on "Guccifer 2.0"'s data.

dailymail.co.uk/news/article-3…
In July 2016, Robert Johnson left his position as a Principal Consultant at CrowdStrike.

linkedin.com/in/robertsjohn…
On July 6, 2016, "Guccifer 2.0" released the Democratic National Committee's battle plan and budget for countering the upcoming Republican National Convention.

nytimes.com/2016/12/13/us/…
On July 13, 2016, "Guccifer 2.0" released a series of DNC documents to The Hill, which included opposition research into Sarah Palin from 2011, and files into two donors to the Democratic Party, Norman Hsu and Paul J. Magliocchetti.

thehill.com/policy/cyberse…
On July 21, 2016, White House officials convened for a high-level security meeting to discuss reports that Russia had hacked the DNC and the FBI's conclusions surrounding it from their federal investigation.

NSC. DOD. FBI. DoHS.

nytimes.com/2016/07/27/us/…

washingtonpost.com/politics/clint…
On July 22, 2016, the DNC Leaks started to be released from the e-mail accounts of Luis Miranda, Jordan Kaplan, Scott Comer, Daniel Parrish, Allen Zachary, Andrew Wright and Robert Stowe on WikiLeaks.

wikileaks.org/dnc-emails/
On July 24, 2016, Robby Mook claimed on ABC's "The Week" that the DNC e-mails were leaked by Russians whom wanted to help Donald Trump be elected as President of the United States, citing CrowdStrike as his source.

nytimes.com/2016/07/25/us/…
On July 29, 2016, the Democratic Congressional Campaign Committee announced that their systems had been hacked.

nytimes.com/2016/07/30/us/…
On August 11, 2016, the Democratic National Committee created a four member cyber security advisory board, which contained Rand Beers, Nicole Wong, Aneesh Copra and Michael Sussmann.

politico.com/story/2016/08/…
On the same day, August 11, House Minority Leader Nancy Pelosi declared the hacking of the Democratic National Committee to be a version of Watergate conducted by the Russians.

edition.cnn.com/2016/08/11/pol…
On August 12, 2016, "Guccifer 2.0" published a spreadsheet which featured the personal e-mail addresses and phone numbers of nearly 200 Democratic members of Congress.

esquire.com/news-politics/…
On the same day, August 12, Dmitry Alperovitch (in New York at the time), Shawn Henry, HML Nancy Pelosi and Ben Ray Luján had a conference call, where Alperovitch offered to install Falcon onto Representatives' computers.

esquire.com/news-politics/…
In September 2016, Michael Sussmann met with James A. Baker to provide information in relation to the Russia probe.

dailycaller.com/2018/10/04/fbi…

foxnews.com/politics/lawye…
On September 2, 2016, ThreatConnect published the article "Can a BEAR Fit Down a Rabbit Hole?", which was dedicated to investigating the Illinois and Arizona state election board hacking from late July 2016, in relation to King Servers.

threatconnect.com/blog/state-boa…
On September 7, 2016, Shawn Henry attended the Intelligence and National Security Summit, discussing "A National Cyber Deterrence Strategy" with Melissa Hathaway, Sean Kanuck, Dr. Greg Shannon and Lt. Gen. James "Kevin" McLaughlin.

events.jspargo.com/inss16/public/…
On September 13, 2016, "Guccifer 2.0" made an appearance at The Future of Cyber Security Europe 2016 through a message.

forbes.com/sites/thomasbr…
On the same day, September 13, Colin Powell's e-mails were published on DCLeaks.

washingtonpost.com/politics/powel…
On September 25, 2016, Caroline Mortimer published the article "Russian hackers tried to disrupt UK general election, security sources say" in The Independent, which discussed "Fancy Bear"'s attempts to hack the Whitehall servers, stopped by GCHQ.

independent.co.uk/news/uk/home-n…
On September 27, 2016, the 2016 PLUS Cyber Symposium was hosted by the PLUS Foundation, where it was attended by Shawn Henry.

plusweb.org/Events/Event-I…
On October 6, 2016, The Washington Post hosted their Cybersecurity Summit, which was attended by Lisa Monaco, Ellen Nakashima and Michael Sussmann.

washingtonpost.com/pr/wp/2016/09/…
On October 7, 2016, Dmitri Alperovitch was called as he left the Sistine Chapel by a senior government official that the United States Government was preparing to identify Russia as the sponsor of the Democratic National Committee attack.

esquire.com/news-politics/…
On October 14, 2016, Michael Morrell claimed that WikiLeaks and "Guccifer 2.0" were working with the Russians during a conference call with the Clinton campaign.

edition.cnn.com/2016/10/13/pol…
On October 15, 2016, Sheera Frenkel published the article "Meet Fancy Bear, The Russian Group Hacking The US Election" in BuzzFeed News.

buzzfeednews.com/article/sheera…
On October 20, 2016, SecureWorks concluded that John Podesta had been hacked by the Main Intelligence Directorate, the GRU.

nytimes.com/2016/10/21/us/…
On October 21, 2016, Shawn Henry attended the first day of CyCon.
And then Trump got elected. And that's the end.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to The_War_Economy
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!