, 23 tweets, 12 min read Read on Twitter
In the Equation Group dump is a module known as "m12000000", or TADAQUEOUS, which does not have a Listening Post (LP) attached to it.

"It can only be loaded and unloaded through this interface, not controlled, and it will spit an error message."

What apparently TADAQUEOUS does is cripple or disable IPsec, or Internet Protocol Security.

"Most of the symbols are not standard Linux symbols but specific to the TOS/Fortinet implementation."

"I read this to mean that the hardware or software of the system running IPsec was compromised, causing it to send valid protocol ESP packets, but creating those in such a way that these could be decrypted without knowing the ESP session keys (from IKE)".

For background on why TADAQUEOUS may be important, see the thread I did on The Shadow Brokers yesterday:

On February 16, 2015, Kaspersky Lab published "Equation Group: The Crown Creator of Cyber-Espionage" on their website, where they described the Equation Group as a "threat actor".

As a side reference, Ruslan Stoyanov of the Kaspersky Lab, the head of computer incident response investigations, was later arrested back in January 2017.

Shortly after Kaspersky Lab outed the Equation Group as existing, the Central Intelligence Agency discussed this on an online forum.

The last files in the Equation Group dump was from June 2013.

Now one of the files exfiltrated from The Equation Group, eqgrp-free-file[dot]tar[dot]xz was released by the Shadow Brokers. In it, there is a text file titled "listing".

In this text document is a series of file locations and calendar dates, where something has happened. Look, I'm good with computers but I'm no programmer, so I don't actually know what the rest of this stuff is. However...

By searching for "m12000000", it reveals the existence of TADAQUEOUS, of which there are 20 instances. They each have specific dates assigned to them.

What follows is theory, conjecture, et cetera.

In the sense that the events on the dates absolutely did happen, but whether TADAQUEOUS's dates have anything to do with it is the conjecture / theory part.
April 9, 2010.

This was the day after the United States and Russia signed the New Strategic Arms Reduction Treaty (START) in Prague.

October 26, 2009.

Hillary Clinton's birthday.

August 2, 2011.

On August 1, Clinton swore in Gary Locke as Ambassador to China.

On August 2, Clinton met with Syrian opposition activists.


May 3, 2011.

The day after the death of Osama bin Laden.

"In order to ensure her e-mails were private, Clinton's system appeared to use a commercial encryption product from Fortinet."

Fortinet is also listed as a hardware partner of Platte River Networks.

It was back in June 2013 when Hillary Clinton transferred her server.

On June 23, 2013 the Pagliano Server at the Chappaqua residence was shut down and then transported to Secaucus, NJ, where it was ran by Equinix. It stayed there until October 3, 2015.

Also of reference is that Edward Snowden had already fled the United States to Hong Kong on May 20, 2013.

That's it, that's the end of the thread for now.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to The_War_Economy
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!