OPSEC plan:
Secure location ✅
Seize and secure all mobile phones to prevent surveillance ✅
Honour system that no one is wearing a wire ✅

All that security to protect against “them” but nothing to protect against “us” Image
These muppets used balloons to make IEDs that didn’t work. And they documented it with pics and videos. That they posted to Facebook? And apparently it was “bring your felony to crime plotting camp” day. Go ahead FRANKs, show everyone your illegal weapons modifications Image
These guys have a real “us” vs “them” mentality and it makes them vulnerable. The security risk is from “them” who are all bad guys, not “us” who are the good guys. They don’t seem to grasp that planning to commit violent felonies w/ 8 randos they met on Facebook is a stupid idea
I had to number the sections in this paragraph, there’s just too much crazy.
i.) secure meeting with the really eager new guy to discuss details of the felony conspiracy? Why not take notes while you’re at it!?! Image
ii.) The strategic planning on display makes the underwear gnomes seem like Sun Tzu level masters. “First thing we do, we kidnap the governor, the it’s all over man, we win. I mean next we kill her, but you know, after the laying on of hands, we win.”
iii.) the entire plan seems to be to kidnap and kill the governor. But mostly to kidnap...

iv.) this gets less organised the more they plan. “Get the governor at her house, then... go somewhere and ... a trial!” Great thinking, what this murder needs is a group vote.
v.) they don’t know where she lives so they’re going to ask a realtor. I guess they don’t have Google? And creating a trail of witnesses seems like a brilliant OPSEC move.
And the detailed recon. This is really a bit over the top for a plan that is 2 sentences long.
vim.) they need blueprints. To snatch the governor outside her home they need blueprints. Not a plan for what to do or a reason why snatching the governor is the correct action. Blueprints. And more witnesses, of course.
nvim.) what this criminal conspiracy needs is more people. Given the amount of recruiting FOX is advocating I can’t help thinking he’s maybe just lonely? Dude, there’s better ways to expand your social circle than with ppl who’ll commit crimes with Facebook friends.
Encryption protects against outsiders. Covert human sources? Not so much Image
After much deliberation FOX has decided to go with ships original plan of kidnapping the governor... somewhere... for some reason, to some end.
Incidentally, this is the safest conspiracy session FOX has held. OPSEC++
And so of course he posts about it on Facebook. Image
One of the guys wises up and doesn’t want to talk in the open about crimes. They decide to have a recorded phone call and crimes instead. FOX is back to the movie inspired reconnaissance phase of his kidnap plan. Now it’s time for “someone” to go do it. Image
Cont. but HARRIS figured if you’re looking at her house that’s effectively the same thing as murder, so just commit murder instead. What world do these guys inhabit that a bunch of Facebook randos can keep the murderer’s identity secret? They post everything on Facebook ffs!
Cont. FOX is on his shit about kidnapping, but now he’s also on an arson kick. Will he need a plumber to get blueprints for the boat?
FRANKS is down with arson, kidnapping, murder, whatever “so long as it’s well planned.” ...I got some bad news for you, bro
Using open codes is almost never a good idea. Years ago I wrote a guide on using code phrases, grugq.github.io/blog/2013/12/2…
The guys who can’t make black powder blow up with a fuse are considering a large scale bombing operation. This seems more aspirational than operational Image
On the terrorists open codes: they are consistent and have internal logic, which is good. Still, I can’t help but wonder how much further they would have gotten if they’d read the cartoon guide to smoking weed and stay out of jail. Stoners are better at security than these guys. Image
i.) The group figures out that the most pressing security issue is that one of them is working for the Feds. They figure that the infiltration will involve a fake name, and the Feds can’t produce false identity documents. This are false assumptions about how informers work. Image
i.cont.) In all honesty these guys would have better luck pursuing “if you’re an undercover cop you have to tell me.” At least this would be a direct interrogation of potential informants, not just a check on whether they’re unable to make a fake drivers license.
ii.) These guys are really into performative terrorism. They need to conduct surveillance, so one of them goes out and spends 4 grand on a helmet (???) and night vision goggles. Which he then brags about. “Make your terrorism reconnaissance pop with the right accessories.”
ii.cont.) This entire farce really seems like a sort of LARP terrorism with real guns. They’re going out to the woods, they’re hanging out and fantasising about their plans, they’re letting anyone join in, they’re buying new equipment to show off at the next meet...
iii.) Security for these guys is ritualistic and performative. They believe that they are protected because they use encrypted messengers. When they feel scared they perform the “get a new encrypted messenger totem” ritual to assuage their fears.
iii.cont.) If they thought about the problem for even a second they would realise that changing the communications tool they use to talk with an FBI informant will not, in fact, protect them from an FBI informant. This is the “us” vs. “them” thinking again.
iii.cont.) I like to think the FBI aren’t literally laughing their asses off when they type these up, but then I read lines like “Because the group still included CHS-2, the FBI has maintained the ability to consensually monitor the chat communications.”
Things are moving forward with the plan. The group start to conduct surveillance on the vacation house. This involves looking for the address on Google Maps, but failing, then phoning a friend for help. The friend helpfully sends StreetView images. Image
They take pictures and film the house while slow rolling through the neighbourhood. This sort of pre-operational surveillance is actually one of the most vulnerable phases in a terrorist plot. See the work of @stick631 on why this is the ideal time to detect a threat.
There are some very bizarre events for real terrorists, but they make total sense if you think of these guys as performative. They are doing what they think “operators” do. They’re playing “Spec Ops” but with real guns, and against a middle aged woman living in a remote house.
I particularly like that they find a reason to organise a boat outing as well.
StreetView is actually sufficient surveillance for a street grab or shooting someone at home. They should be investing their time and resources into planning a getaway. Real terrorists (and criminals) plan the escape first, then see if they can fit the action to the plan
An example of a real terrorist plan for an action is provided in one of my blogs. grugq.tumblr.com/post/109682833…

For terrorists (not suicide ones, obviously) the measure of success is getting away. If they accomplish their objective, that is a secondary bonus. (This is long war theory)
There are some rules that action groups have learned make it a lot safer to conduct illegal acts. Step zero, before anything else, don’t build your affinity group from a bunch of randos, even if they seem cool on Facebook. Image
i.) They take the surveillance pictures and videos and share them with the group. The more I see of these guys, the more I wonder why they don’t just make their iCloud streams available to each other. They could save some time and also have an Instagram Insurgency.
ii.) When the idea for a boat outing is tabled, the first thing that the guy with the boat does is suggest making it super suspicious and highly noticeable. But, from another perspective, also really tactical and awesome. These guys like tactical coolness over cover and secrecy.
ii.cont.) Again, that is because they are not competent terrorists. They are LARPing a death squad. Amusing, but also extremely dangerous because a bunch of dudes all egging each other on will eventually lead to tragedy. See Kenosha and Portland for the most recent examples
iii.) What I like about this interaction is the guy that didn’t participate in the activity wants to show willing. He wasn’t there but he is totally still contributing to the plan. He’s still cool, right guys? This kidnapping is turning into a “yes, and...” improv
iv.) The great part about the plan to blow up a bridge is... how many balloons of black powder do they figure that is going to take?
iv.cont.) Let’s examine the thinking going on here. GARBIN is talking with one other person on an encrypted messenger. The only person who has to figure out what he is saying is CHS-2 (who can explain it to the FBI). What possible purpose does emoji code serve? It is performative
iv.cont.) Just like whispers and surreptitious looking around is a great way to attract attention, this sort of coded language is a way to indicate that he is proposing about something taboo and cool. It has no security function. It is a display.
v.) Finally, this constant documenting of the planning is really so amazingly stupid, but also so critical to the real purpose of this plot. They need to show each other how dedicated they are to the idea and how they’re participating, contributing their vital tactical skills.
“Lotta new faces here. For some of you this is your first time at Criminal Felony Conspiracy Camp, so let me bring you up to speed on our felony conspiracy.”
CHS = covert human source, a civilian informant
UCE = undercover employee, an FBI agent with fake glasses and moustache Image
My guess is that things are progressing far enough in the plot that the FBI wants to bring the hammer down soon. They’re sending in the guy who is gonna make sure that there is solid evidence of intent and concrete steps taken to commit felonies.
The new IED kit is: a firework; black powder; pennies, and electrical tape. Upset at the balloon bomb incident this time they’re taking no chances. They tamper with a commercial explosive device until it will malfunction. A sort of weird machine IED. 🤔
Given that they have somehow managed to craft an anti personnel device, one has to ask: how is this going to be used for kidnapping? What role does this penny bomb firework play in their—kidnap a middle aged lady; shoot at a house, and/or burn a boat—plans? None. It’s just cool💥
Final note on para 28: With the two wires the Feds now have everything in stereo.
Interlude: This reminds me of a problem the British had with running informants inside the IRA. Informants were not supposed to commit crimes, the didn’t have immunity. But, in the famous words of one informant (an innovative bomb maker) “you cannot pretend to be a terrorist”
With this group it seems like it is almost the opposite problem. They need them to stop pretending and actually do something. Here’s the cite for the IRA informer theatlantic.com/magazine/archi…
FOX assembles a team of a dozen people, 25% of whom are reporting to the FBI, to go drive around. Unfortunately for some of the guys, this means they miss out on the field trip. They are pissed. ImageImage
This collection of twelve people, two of whom are new (the UCEs have to be relatively new) and four of whom are randos not involved in the core plotting. This is a group which shouldn’t exist, but since it does their need to know does not extend to the full kidnapping plan.
Things start to get a bit hectic as the Means Motive and Opportunity converge. CROFT gets really excited and wants to *do* something. They’re trying to do recon for their big kidnapping plot, but now CROFT wants to escalate and shoot stuff. They’re unable to focus on the mission. Image
The lack of discipline is really telling. One member of the terrorist group has a spur of the moment impulse to just shoot shit. They can’t use leadership authority or discipline to stop him derailing everything. This group has such a flat hierarchy that no ones in charge.
Again this speaks to the fantasist nature of the group. They’re all heroic lone warriors, a mob of individuals. They’re barely even a gang. Gangs have leaders. Here the only leadership seems to be leadership by initiative. But without discipline they’re just an armed mob.
For a group completely unable to fashion a working IED they’re really excited about elaborate bomb plots. The kidnapping, if done successfully, who raise no immediate alarms. They would rely on stealth to escape to their safe house for the “trial.” Image
An elaborate series of bombings would attract more law enforcement, it would draw attention to the size of the conspiracy, and it would create a huge amount of evidence. Bombs leave a lot of evidence. It is nonsensical for the kidnapping, but these guys can’t focus on the mission
The logistical complexity of carrying out multiple synchronised bomb attacks is far beyond what this team can manage. I’m not convinced they could arrange to all meet at a McDonald’s at the same time. Synchronised bombing was an al Qaeda hallmark because it is hard.
The three car loads of Keystone Kidnappers are deploying around the vacation home. Which is on an island. Only accessible by ferry. And there are no roads. How exactly are they going to transport the governor after they grab her? This seems like a crucial detail.
The surveillance operation is fairly complex for this group. There are three cars in the area each tasked w/ a unique role, some of which require coordination. Not to overstate it, but they do manage to pull off a coordinated op. They flash high beams at each other across a lake Image
The second car has a dash cam which is used for the surveillance task. They record the area around the vacation home (which is, again, on an island without cars). Usefully the dash cam also has an internal facing camera with which the Keystone Kidnappers record themselves criming
The coordinated operation requires the first and second car park across the lake from each other and flash their high beams. (Maybe). I am at a loss as to why they did this operation at all. They don’t need three cars creeping around after midnight to arrange a kidnapping.
I do like the image of the two crews across the lake from each other “can you see them?... Is that them? What’s that? I think that’s them...”
Why did they do this? Did they plan to have multiple cars in general area doing nothing operationally critical? Probably.
I should note with regard to para 31, the plan to blow up the bridge. This is more important for the FBI than for the Keystone Kidnappers. The Feds need this group to do something illegal before they actually start shooting. The FBI needs them to buy explosives.
The only reason this group needs explosives is for their bridge demolition plan. This is a dumb plan, but because it requires sourcing high explosives from an underground contact. Something none of the core plotters [are likely to] have. Risk due to an unnecessary dumb idea.
The three cars don’t all get equally glamorous roles in the surveillance op. The car full of FBI is tasked with driving around too make sure there are no FBI surveilling the group. Seems like a fairly easy assignment to be quite honest... Image
The surveillance these guys need to do for a kidnapping is surveillance of the target. They need to be following the governor around. Learn her routine. Find a place where she is vulnerable and predictable. Instead they decide to do the op at the house, so the house it shall be!
Clearly they rely on the governor cooperating with their planning schedule so she’s actually there when they execute. More realistically they just think the planning is fun and they haven’t thought about what happens after they *do* something.
They are absolutely delusional about the viability of them kidnapping someone from an island. FOX thinks that a remote populated island with limited access is the perfect place to grab an adult human and surreptitiously spirit them away. How is that supposed to work? Image
What is sufficient motivation to get a dozen guys to drive around playing terrorist at 3am — constitutional separation of powers and oversight. (I think they’re angry about something other than the minutiae of government.) CROFT is clearly bring his banter A game. Image
The conspiracy is far too big already. They’ve got two informants and two FBI agents involved already, they are clearly over staffed. Operations should be done with the minimum number of people necessary. A large group is a security liability when planning secret activities.
FRANKS gets really over optimistic about the success rate of extremist plots penetrated by the FBI. Also, he seems to think driving around at 3am in the neighbourhood is somehow equivalent to doing the surveillance necessary for a kidnapping. Image
The FBI informant seems to have been briefed on what to elicit from the conspirators. He asks them to confirm that they are actively supporting and participating in a plot to kidnap and kill the governor. They say “yes, we are doing crimes. lol” Thats gonna be less funny in court
Once again these guys can’t stay mission focussed. They are blowing up a bridge, kidnapping, running a kangaroo court (no one seems to be planning for how to conduct the trial they want to hold for the governor) and they’re adding arson/bombing the house... over reach.
After their midnight romp FOX assembles the strike teams. One FBI informant, two FBI agents, and some ppl going to jail. How do we know they’re going to jail? Their new friend says he can totally arrange high explosives, but they have to put up the money for it. Image
There are only two kinds of people that sell high explosives: informants, and undercover agents.
FOX is getting a bit concerned that if they abduct the governor at the end of October, they won’t have enough time before the election. I’m not sure how long he things a kidnapping usually takes, but the actual abduction part should be pretty fast. Image
The group is going to pass the hat around to try to raise the $4,000 they need to give the FBI to prove that they’re seriously in need of some jail time.
FOX is looking to expand out from just planning and conducting an elaborate 12 person abduction with a bridge demolition tacked on. He wants to go to a protest as well. GARBIN is the voice of reason (caveat, for a guy involved with this scheme) and suggests keeping a low profile Image
I think the language used here in this exchange is pretty informative. They are all using a very “milspec tactical black ops” type of speech, something they seem to have learned from movies and comic books. They’re performing macho black ops operator at each other
FOX is getting increasingly invested in the plot and firms up the plan by getting more kidnap tactical milspec accessories. He’s also excited about buying the explosives...most likely for more tactical accessorising. Image
The FBI are wrapping up now, explaining why the arrests have to happen *now*. The gang has clubbed together to raise the money for buying the explosives. I’m not sure about the exchange of tactical gear, but I’m kinda wondering if they were short on cash and so they bartered gear Image
On the day of the bomb buy one of the guys is unable to attend because he’ll be at work. This detail, the interference of everyday life into terrorism is wonderful. It reminds me of when the INLA (an Irish paramilitary) had to abort an attack because the driver could get a sitter
The INLA also aborted attacks because they hijacked cars that weren’t in good working order and broke down on the way. And of course the ever present danger of the volunteers popping into the pub on the way, and then staying for “just one more...”
The final paragraph is just emphasis on how FOX must be taken off the streets ASAP.

That’s the affidavit.

BONUS. Here’s FOX, both in his death squad LARP gear, and his mugshot. Also, mugshots for most of the gang. As someon said, they’re 2/10 on necks. ImageImageImage
Support making fun of dumb terrorists. patreon.com/grugq

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with thaddeus e. grugq

thaddeus e. grugq Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @thegrugq

4 Mar
@bdowney It was a good question, I hadn’t actually articulated the entire reason before. I just knew it couldn’t work because *reasons*... I’d even say organisation trumps all, most resistance groups are just waiting for a power vacuum where they can step in. No organisation? No nothing.
@bdowney The most perfect example is the Viet Minh when they took over Vietnam. It was shortly after WW2 and France was temporarily absent while the Japanese surrendered and left. The viet Minh were communist, so they had strong political organisation. They were crap as a resistance group
@bdowney During the entire war against the Japanese there were loads of small nationalist resistance cells that fought. The Viet Minh were a resistance group, but the only action they took the entire war was against one police outpost. That’s it.
Read 6 tweets
4 Mar
@bdowney Inherent. Basically, any change that would happen is going to require an organisation to take over, to negotiate, to collaborate... to interact with the state/the people/the organisation/etc... this is impossible with phantom cells, of course. But it is worse 1/n
@bdowney Let’s say a LR ideology is agitating for IDK, some bullshit thing, and the phantom cells do their direct action and it is enough to bring the powers that be to the negotiating table. So the ideological leadership meets with the PTB to start negotiations...but! 2/n
@bdowney But! It turns out that some phantom cells don’t really follow this particular flavour of ideology that the leaders in negotiations represent, so they see no reason to stop direct action. Now The PTB are gonn ask “why are we negotiating if you don’t stop with the direct action? 3/
Read 6 tweets
13 Feb
Some cool things in the new Huawei indictment:

- 2003: FUTUREWEI remotely accessed Huawei routers that had already been sold in the US and erase the code. (An update? Or support engineers conducting unauthorised access? Or a backdoor?)
- July 2004: a senior R&D engineer at a trade show snuck into a booth in the middle of the night, and was taking pictures of the board of a networking device. He was caught.

Reminiscent of Chinese businessmen stealing chemical solutions by dipping their ties in them (1960s?)
- 2013: Huawei wanted a robotic mobile phone testing device, so they arranged for their USA subsidiary to enter an agreement with a company making them. Then R&D techs from Huawei were snuck into the secure lab. Photos and technical info recorded, security called, escorted out.
Read 10 tweets
4 Nov 19
China’s propaganda to the west is truly fascinating. The genre “Red Rap” is probably my favorite. Gangsta rap (and other subsets), but with lyrics extolling the virtues of civil obedience and the correctness of the current party political policy. In English. A unique treasure.
Here’s one:
Red rap about “one China” with added doses of trashing the foreign press (punk white ass bitches)

Read 10 tweets
26 Oct 19
I’m beginning to worry that I’m not preachy enough for infosec.

• we’re a supporting community, we’re here for you
• (sorry about all the assholes tho)

• we’re professionals and should act like it. Grow up!
• come to our beer pong table at defcon, we’re hiring!
• stop being the business blocker group, start enabling business
• I’ve seen that said a lot so I’m just including, it’s not really my area

• if you’re a senior infosec person, give back by mentoring
• I don’t have time for that tho, just do what I did & self learn
• have a hobby that you’re passionate about, and treat your job as a job.
• but to be good at infosec you better be passionate.

• give back to the community.
• but, like, individually. we can’t make a business case to support the critical FOSS tools we rely on
Read 5 tweets
3 Sep 19
I sell secured Android smartphones.

Android is a much safer platform than iOS. The ecosystem is garbage. The tracking is a nightmare.

My secured phone is hardened, has a walled garden, and strictly limited tracking.

I trust secured Android over iOS.
A secured Android phone is safer than an iOS device.

Many of us without ear to the ground know this. iOS is a monoculture. It has attracted hordes of hackers who want to sell exploits.

I’ve been dropping hints to tell ppl that iOS is not secure.
The iOS ecosystem is a monoculture, where security is tied to latest hardware and latest software. If you’re behind on either one? Vulnerable to commercial exploit chains. Multiple chains.

Android has become incredibly more resilient, and due to diversity much harder to attack.
Read 18 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!