Share this page!

Robᵉʳᵗ Graham #PcapsOrItDidntHappen Profile picture
Twitter logo
16 Sep, 8 tweets, 3 min read
Five years ago, I thoroughly debunked that conspiracy theory of a Trump sever in secret communication with Alfa Bank (a bank in Russia).

Today, there's an indictment of the lawyer involved in this, which gives a lot more detail on the backstory.
huffpost.com/entry/michael-…
2/ If you'll remember, I didn't prove it was wrong, but I showed that none of the DNS information meant anything. I explained things that others found unexplainable.
blog.erratasec.com/2016/11/debunk…
blog.erratasec.com/2016/11/in-whi…
3/ The indictment shows how Tech-Executive-1 at a big Internet company directed people at two startups he invested in to go hunting in private databases (like netflow logs and DNS lookup logs) to find dirt on Trump.
4/ I would love for you to read the indictment because we should be able to identify who these people are. The "Tech-Executive-1" isn't being indicted here, but at the same time, they clearly abused their power and access to data to further their politics.
s3.documentcloud.org/documents/2106…
5/ I loathe Trump, but at the same time, I have this thing about ethics. Our profession is one of trust. People are given access to DNS logs to hunt for malware and secure the Internet -- but they used this access to further their own politics.
6/ I mean, I feel Trump deserved to be indicted for exploiting his powers as President to attack his rival's son. It's the same thing going on here: somebody abusing their official position for personal gain.
7/ What's interesting in the indictment is how the techies involved pointed out the flimsy data wouldn't withstand scrutiny by DNS experts -- BUT IT DID (well, except for me). So many people were willing to pervert their expertise in the name of politics.
8/ BTW, the ever great @emptywheel has a separate thread. I kinda agree with her that the charges against Sussman are trumped up (sic).

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robᵉʳᵗ Graham #PcapsOrItDidntHappen

Robᵉʳᵗ Graham #PcapsOrItDidntHappen Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

Robᵉʳᵗ Graham #PcapsOrItDidntHappen Profile picture
16 Sep
Um, the answer is that this is just a slightly customized "Android TV Box". These are just computers running Android pre-loaded with various streaming apps (like Netflix) with a remote control that people connect to TVs to watch video and play games.
gizmodo.com/please-help-us…
There are a zillion of these from China. I think the reason people have these is because it's a cheaper way to run things like Netflix on the TV than upgrading the TV. Also, there's a an underground for pirating video with these things.
amazon.com/s?k=tv+box
If you are willing to order thousands of these, you can custom order from China, with custom logs, custom plastic cases, and custom Android images preconfigured with your own apps.
Read 4 tweets
Robᵉʳᵗ Graham #PcapsOrItDidntHappen Profile picture
15 Sep
1/n Okay, nerds, when doing an audit on Windows or Android in order to prove "it wasn't connected to the Internet" during certain dates, what would you look for? I mention this because it's not a standard audit/forensics question.
2/n I mention this because of answering this question. I don't have confidence in the report partly because of my own limitations that I don't know how to do this.
3/ The report says this. The USB part is very good. But the rest is bad. I downloaded OSForenics and made sure: it doesn't have a specific module that deals with this question.
Read 13 tweets
Robᵉʳᵗ Graham #PcapsOrItDidntHappen Profile picture
14 Sep
@JenAFifield So the context for your questions is this;
1. what auditors like Ben Cotton are asking for sounds pretty reasonable, such as router configuration (not "the routers").
2. this is distorted by Republicans and Trumpists into a conspiracy theory about "the routers".
The data Ben Cotton most wants is any logs of the "MAC addresses" to see if voting machines were connected to the network. MAC addresses are local to a subnet and stripped off from packets before forward to the rest of the Internet.
The next set of data is any flow logs going to those machines, to see their Internet communications during the election.
Read 4 tweets
Robᵉʳᵗ Graham #PcapsOrItDidntHappen Profile picture
14 Sep
Nah.
It's through questioning that we come to understand the world. As an expert on cybersecurity, coding, packet-captures, etc., I try never to play the "believe me I'm an expert" card. Instead, I try to understand where they are coming from.
Sure, sometimes questioners are obstinate and seem uninterested in listening to responses, but that, too, is a way we come to understand the world. It's usually not one misconception that needs overturning, but a bundle of interrelated misconceptions.
Of course, sometimes questions are just so stupid that I'm unable to bridge the gap. I'm amazed sometime how I, as an expert in my field, am defeated on the battlefield of Twitter argument with somebody who knows nothing.
Read 4 tweets
Robᵉʳᵗ Graham #PcapsOrItDidntHappen Profile picture
7 Sep
Stupid @dave_maynor nerd snipping me. Now I need to understand how they did this. I mean, it wouldn't be hard, but the fact they they do it so well is impressive.
thechoiceisyours.whatisthematrix.com
So the video mentions your current time as you watch it, both on the screen, and in the voice over. For example, this is what you see at 5:30:
One cool way to do it is so that the underlying streaming technology dynamically creates that part of the stream as it's downloaded.

A simpler way is to simply create 720 possible videos, and that the video you watch is determined by the time when you click on the webpage.
Read 5 tweets
Robᵉʳᵗ Graham #PcapsOrItDidntHappen Profile picture
6 Sep
ProtonMail has always been clear: they abide by Swiss law and don't track IP addresses until forced to. Now people are upset at ProtonMail because it works as claimed, not how people assumed because they weren't paying attention.
It's not Proton Mail's "marketing" that's to blame. They've been hitting you over the head that IT'S BASED IN SWITZERLAND since like forever.
On the marketing page that explains "end-to-end encryption" and "zero access to user data", they explain they still abide by Swiss law.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ErrataRob has new unrolls!

Check out other threads from @ErrataRob!

Read all threads by @ErrataRob

:(