In response to the Ukraine crisis, at the Sept 2014 conference, NATO declared that cyber-space was now a `war-zone.' An attack against Critical Infrastructure could, in theory, invoke article V -- collective defense -- Hot War. A #FalseFlag is in place. #BuyCandles
In July 2020 the NSA, and CISA primed the pump with a warning that systems typically used in Critical Infrastructure were about to be hacked. They didn't name who by but noted it would be just like (the False Flag) in Ukraine. They seemed to know something us-cert.cisa.gov/ncas/alerts/aa…
In Aug 2020 the FBI and NSA said they'd found a new (/cough/) "Fancy Bear" malware called 'Drovorub’ -- before Fancy had had a chance to use it. What luck. It was only effective against devices running 8+ yr old Linux like Infrastructure devices that were too Critical to update.
Post Mueller there were no Bear names - just "GRU unit 26165". Go ahead. Prove the NSA wrong. They didn't bother our pretty little heads with how they knew the "Drovorub C&C server" was 185.86.149.125. A definition. An IP by the same provider was in C-S's DNC "hack" report.
The IP was in NATO member Latvia, & it's worth pointing out a telling little detail: *All* of the Bear's main C&C IP's were *physically* in a NATO country/partner. Trend Micro's report into `Pawn Storm' (a/k/a FancyB) has a map of xAgent C&C's. Which large country isn't on it?
Physical location of a server is important to law enforcement. A beige box can be subpoenaed & boots can kick down doors. Yet, NATO-wide they let the "Russian attack" continue. When E-of-the-P appeared on a Russian IP it was offline in a few days (see last thread).
By contrast, the Bears' C&C's attacking NATO from within NATO were active for 6 months to 12+ months. All tracked live by all the cybersecurity websites. The Bears, G2, and DCLeaks were never worried that people were looking for them. Conclusion: because they weren't.
This Drovorub IP resolved to a subdomain of JustInstalledPanel.com & SSL certificates show 100's of similar J-I-P subdomains were created Jan-Dec 2016. Only the entity that controls the primary nameserver (e.g. J-I-P) can create new subdomains. archive.is/QfJZP
The 'GRU tricked' the NSA by registering J-I-P using a fake post-code: 12345 and phone number for Tampa, FL, but the address was a PO Box in Irkutsk, RU. Note: registered during the "Bear" attack of the DNC through same US registrars as DCLeaks & last thread & 100's of FB sites.
BTW, a "RU attack on Critical Inf" from *Irkutsk,* was precisely the scenario for a 2010 ex by former NSA/CIA chiefs. There was no firm proof but the conclusion was federalize everything, invoke war authorities, and "get the public to buy-in to it." #BuyCandlesInstead
J-I-P was a peek-a-boo site. Since May/16 it was set to the `localhost' IP of 127.0.0.1. It could've been anybody. But, what luck, 'just in time' for the NSA report, name-servers appeared with a Russia-based IP.
Case closed, right? Wrong.
Web-crawlers like Securitytrails.com continually trawl the internet for IPs. In Jan 2018 it caught J-I-P.com where its 'localhost' really was; & where this "GRU" attack was really controlled from; 15.126.193.223.
archive.is/ln9hp
15.126.193.223 is a -->United States<-- based IP owned by Hewlett Packard.
Q. Why would the "GRU" choose an IP located in the USA where the FBI could get to them?
A. Because It's where Putin couldn't.
'Drovorub' is a false-flag waiting to happen.
Here's a summary chart from my book "Loaded for Guccifer2.0," which reads well by candlelight. amazon.com/dp/B08MSZHMGP
The HP trail continues: Another report on Fancy recovered some self-signed SSL certificates. One used 'localhost' (very common) but what was uncommon that it was "generated locally on what appeared to be a HP-UX box." HP-UX = Hewlett Packard Unix.
It's an unusual system meant for "mission critical integrity servers,” with a vital need for security & stability. As far as I can tell, 95%+ of HP's (& Microfocus') contracts with the USG for HP-UX are with the Dept of Defence. The DoD & the GRU have *so* much in common.
We can't say exactly who used 15.126.193.223, but we can say it wasn't the GRU. It was a US based IP using Microfocus and perhaps HP-UX - often used by the US military. There the trail ends. Well, sort of ends ...
America’s Internet God, ARIN, offers a `who was' service for the IP's under their control. You have to sign-up for the service at arin.net, and I did. They give a zip-file for each IP. Here's the zip file, and a screenshot a relevant file. drive.google.com/file/d/18GYmTs…
Until 2008 ARIN listed --> The United States Air Force <-- Arnold Air-Force Base, TN as the points of contact for 15.126.193.223 & for the ASN (71) that contains it. What are the chances that "the GRU" may attack the US from an IP that was once (is still?) the US Air-Force?
As far as I can tell, every US Air Force base also turned over IPs in their administration back to the original owners. But. It doesn't mean they stopped using them. So, if `Drovorub' puts the lights out, don't blame the GRU. #LearnToReprogramYourMicrowaveClock
Edit: Thanks for the comments! Here's a less techie version: The USG blamed Russia for a new computer malware that can shut down critical infrastructure; like power grids, or sanitation plants or anything, well, "critical." They provide no evidence except an internet address.
That address in NATO member Latvia had breadcrumbs (we're *supposed* to find) that leads to other ones in Russia. But, it's fake; The RU addresses are really controlled by one in the US that was once assigned to the US Air Force. It's not the Russians. It's a set-up.
We can't specifically say it *is* the Air Force cyber, but it's highly likely and it's consistent with everything else I've found that points to a NATO-wide operation. I hope nothing happens -- just pointing it out may stop it. I may fall on my ass here, but here's my prediction:
The Ukraine power-grid #FalseFlag happened two days before Christmas 2015. *If* they're looking to repeat that message, then you have a week to #BuyCandles. I hope I'm wrong. As Yogi Berra said; "Predictions are difficult. Especially about the future."
Creepy guy at the World Economic Forum is also making predictions about incoming "comprehensive cyber attacks." h/t @LawranceWillia2

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with David Jonathon Blake

David Jonathon Blake Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @HisBlakeness

13 Dec
#Phalse-Phlag phishings are in preparation. They'll be blamed on Russia. Inevitably that will drag Trump into it and the end-game will have begun. #Wakeupsheeple. #Russiagate is back.
Yesterday I noticed a story doing the rounds about some websites set up by (note the quotes) "Trump Supporters." Their names tell the story: enemiesofthepeople[.org]/[.us] & enemiesofthenation[.org]/[.com]. Election officials & Dominion employees were marked for death.
@jfslowick first spotted that some of the infrastructure was based in #Russia. His article was spotted by the "calm and rational" @thedailybeast who reported that the FBI were "investigating." Yes. The irony.
pylos.co/2020/12/10/ter…
Read 17 tweets
6 Sep 18
1/ Another Skripal thread.

From the ludicrous to the impossible.
2/ I've been busy so forgive me if these points have been made better elsewhere. This is crazy.

The Police have provided us with some CCTV images and claimed timings for the #doorknobdesperados, just as they previously did with Sergei Skripal's movements.

There's a problem.
3/ The problem is fairly fundamental:

It doesn't appear that Sergei, or Julia, even had an opportunity to touch their own doorknob!

From the original Police timeline here: news.met.police.uk/news/renewed-a… we see that Skripal was headed out of town in his BMW at 09:15

Here's the route
Read 33 tweets
14 Jul 18
THREAD on Mueller & Guccifer2.0

1/ Mueller has gone on a Phishing trip, and like most anglers likes to boast about the size of the big one. But there's no evidence of the catch, not even how he reeled them in. We are expected to take his word that "It was *this* big".
2/ I have a *long* standing project in the works looking at Guccifer2.0's documents which is proving to be more than interesting. It should settle it once and for all.

But in the meantime I'd like to look at a few aspects of the new indictment that do not compute.
3/ What Mueller appears to have done is to pick some names that he claims are hackers from "Unit 26165" and "Unit 74455" and claim they hacked the DNC & DCCC. We have no way of knowing if they did, he presents no evidence of *how* they claim to *know* it was these people.
Read 21 tweets
12 Jul 18
Another #Amesbury / #Skripal thread

1/ You must read the superb series of articles on Amesbury and Skripal written by Rob Slane at the Blogmire. He leaves no doubt that the government has got it wrong



I want to look at one possibility that's not covered
2/ In part 3 Rob draws on a Daily Mail report about the Skripal's visit to an Italian restaurant.

theblogmire.com/joining-some-d…

After a 20 min wait for his meal Skripal becomes agitated and wants to leave. Rob speculates that it's because he has to go and meet someone. But who?
3/ Now let's look back at The Sun's report about Amesbury. Particularly about where drug dealers leave stashes.

It's done in the local parks. Where did Skripal go, agitated, after his lunch? The park.

Soon after he's suffering all the signs of Fentanyl overdose.
Read 11 tweets
10 Jul 18
THREAD 2 on #Amesbury:
1/

In the last thread I pointed out that the Amesbury tragedy, and the Skripal poisoning had many clues which pointed to Fentanyl overdose being the culprit rather than Novochok.

2/ Since then more detail has come in about the symptoms of the deceased Dawn Sturgess and her critically ill boyfriend Charley Rowley.

Many papers report that they were "gurgling" and "foaming at the mouth".

The Times, is paywalled, but the the Sun thesun.co.uk/news/6693507/n…
3/ isn't. It's reported in many other places too.

Two of the symptoms of FENTANYL overdose happen to be:

* Gurgling
* Foaming at the mouth

livescience.com/58682-fentanyl…
Read 11 tweets
23 Jun 18
@NakedHedgie @88softaIlherita @BrettHar123 @LucyKomisar @stranahan @PAT_1776US @jimmysllama @ClimateAudit @BrynGerard @jimmy_dore @Worldpravda @caitoz @batchelorshow @CraigMurrayOrg @RandPaul @TomFitton @realDonaldTrump @DonaldJTrumpJr 1/ Deripaska, Khodorkosvky or Browder are the three likely candidates for the private client that funded 120 memos on Russia/Ukraine that were given to Winer. AFAIK of the three; only Browder is friends with Winer.

This is the genesis of Russiagate. It started as an
@NakedHedgie @88softaIlherita @BrettHar123 @LucyKomisar @stranahan @PAT_1776US @jimmysllama @ClimateAudit @BrynGerard @jimmy_dore @Worldpravda @caitoz @batchelorshow @CraigMurrayOrg @RandPaul @TomFitton @realDonaldTrump @DonaldJTrumpJr 2/ anti-Putin effort.

Winer passes them free of charge to Nuland. She "expresses surprise" about how "timely" they were. i.e. they contained the same info as official channels. (Or the same dis-info...).

Is the private client Bill Browder?
@NakedHedgie @88softaIlherita @BrettHar123 @LucyKomisar @stranahan @PAT_1776US @jimmysllama @ClimateAudit @BrynGerard @jimmy_dore @Worldpravda @caitoz @batchelorshow @CraigMurrayOrg @RandPaul @TomFitton @realDonaldTrump @DonaldJTrumpJr 3/ June 16th 2015: Trump announces he's running for President. The Steele memos previous to this date can't therefore be about Trump. The language in the media is all about "Putin personally" did this or that. The villian being set up is President Putin, not President Trump.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!