SlickRockWeb 🇺🇲🇺🇦 Profile picture
May 22, 2022 24 tweets 16 min read Read on X
#Durham Sussmann trial take away so far. The FBI either never fully investigated the Trump Server / Alfa Bank comms and/or it botched the investigation. @emptywheel has a nice write up & notes Durham uses an FBI witness who admits he's not a DNS expert. emptywheel.net/2022/05/20/the… Image
This part is just stunning 2 me. Durham's FBI expert, who admits he doesn't know the technicals of how DNS works, concludes there wasn't a hack (something secondary to the odd DNS traffic) & then calls the methodology "horrible" & concludes the analysis by the FBI is done? #OSINT ImageImage
So from the #Durham trial testimony the FBI admits it spent less than a day looking at the suspicious DNS data that a number of outside experts have continued 2 suggest show computers from Trump / Alfa Bank / Spectrum may have been communicating around Trump's 2016 GOP nomination ImageImageImage
From our original 2017 unpublished research we noted an odd misspelled domain (homographic domain / typosquatting) that appeared connected to the Spectrum Health network. We never found any reported hack & this is the 1st we've seen that Joffe et al. also suggest a possible hack ImageImageImage
It is also interesting to note the possible association to the Russian Kelihos botnet that generated alot of press and notoriety in 2016. It could have been an artifact or injected malware given the possible association with the Russian Kelihos botnet. ImageImageImage
Using our favorite #OSINT tool from @RiskIQ we could find no evidence the domain community.spectrum-health[.]org ever resolved 2 an IP. Its not clear how this was picked up back in 2017 by @threatcrowd in this Threatcrowd map or whether a breach occurred or was merely an artifact Image
What is clear is the FBI did not thoroughly investigate the Trump server / Alfa Bank / Spectrum DNS data anomalies. Or the purported Spectrum Health network breach. The only real way this could have been thoroughly investigated or even initiate an investigation would .... 1/2
.... have been to request server logs from any of the 4 major IPs involved and /or done an imaging of at least one of the devices involved. This clearly was never done. And it does not appear the FBI even alerted Spectrum Health to the possibility of a network breach. 2/2 #OSINT
As we've mentioned before in prior threads & analysis done by @briankrebs & Daniel J Jones theres alot more 2 this incident that remains unexplained & all the varying excuses / explanations have not held up to scrutiny #OSINT #infosec #Durham #Durhamreport
Here's the link 2 the minimal 3pg report by FBI agent Hellman. He didnt address any of the pts in the original Joffe report other than he say he didnt think Spectrum Health had been hacked. Its not clear how that assessment was made & or how Joffe made his documentcloud.org/documents/2201…
The original white paper by Joffe et al. that was passed 2 the FBI under the "see something say something" premise that we are all supposed to follow ...especially when it might affect National Security... can be read here. #infosec #OSINT #Durham #Foxnews documentcloud.org/documents/2201…
This is a really useful and interesting timeline that was submitted in the prior Alfa Bank lawsuit that was recently dropped by Alfa Bank. Ironically it allowed for the Daniel J. Jones report on the Alfa / Trump / Spectrum / Heartland Payments to become part of the public domain. Image
One thing we have never been able to determine is what these malware hashes represent that were found on a Listrak IP right before all of this craziness. Reply here if u know what this might be & if it could at all be related. We dont have access to the Proofpoint database #OSINT Image
Had the FBI taken the Joffe doc about strange DNS data & apparent comms between Alfa Bank servers, a Trump server, Spectrum Health ect. and the suggestion that Spectrum might have suffered a past breach they might have found these ..along with Kelihos stuff @jpanzer @emptywheel ImageImage
I will add Robert Graham continues this ridiculous line that there's no such thing as a Trump server like it means something & proves something. Its needlessly splitting hairs. The domain absolutely is registered & controlled by Trump Org on a dedicated IP. Theres no denying this ImageImage
Sussmann's lawyer Berkowitz confirmed what we all suspected. The investigation by Mandiant on the the Alfa Bank IPs in Moscow was pretty much a sham. Nothing Mandiant could have done basically as they were provided only the data Moscow wanted them to see
I think if there's one thing Joffe could take back in his original report 2 the FBI it would be his usage of the term "Tor". I think its clear he did not think it was a standard of out the box "Tor" exit node but he should have said "Tor-like" exit node or even a custom VPN node Image
FBI Agent Hellman (not a DNS expert) spent less than 24 hrs investigating the Trump server / Alfa Bank computer communications and testified that the computer scientist that brought the tip was "5150" or mental ill. Seems his mind was made up before he even started investigating. Image
FBI agent Sands at least did some investigative work, but had only been an FBI agent for 3 months and lacked the experience to likely fully investigate this incident. In an email to Sands, agent Hellman (still not a DNS expert) took another swipe at Joffe who wrote the tip report ImageImage
Still not clear if FBI ever contacted Spectrum Health about Joffe's concerned that their network might have been breached / or an IP was being used maliciously. Also not clear if FBI ever got more log files from Listrak showing ALL the connections (not just spam filter logs)
I am not an FBI expert .. so maybe this has been addressed but its clear there were all kinds of incorrect explanations for this odd DNS traffic like this first response from Cendyn. Very clearly incorrect. Interestingly they do seem to correct their story on the second FBI ask. Image
So was DNS tunneling, or custom malware / peer to peer botnet communications or even port-knocking ever ruled out? How about the "foldering" technique using the Metron messaging app which was apparently on that server. I am just a small town boy spit-balling here. ImageImage
The whole document dump from the current Sussmann trial. We have already found s rather interesting lead from something that seemed to be omitted / obfuscated from prior leaked data. Many many thanks to @emptywheel who has done exceptional work on this.
From today's questioning & exhibits at the Sussmann #Durham trial, wonder what stirred this email request from the FBI (h/t @charlie_savage)? The IP is localized 2 Russia & I will note someone from a nearly identical IP tried to hack into our website in early 2017 @emptywheel ImageImage

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with SlickRockWeb 🇺🇲🇺🇦

SlickRockWeb 🇺🇲🇺🇦 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SlickRockWeb

Jul 12
Seems to be a very interesting coordinated effort that is very well funded and links to almost all of the House Democrats that have come out against Biden. Are these House Dems just really naive or are they all part of the scheme. 🔥🔥 I have a feeling this is going to blow up.
And I wasn't even talking about this .... the leaked Ted Cruz fund raisers a month or two back .... but wow why would Ted Cruz be meeting with a guy who is now helping to fund House Dem backstabbers? 🤔 You know this @RepAngieCraig Image
Read 8 tweets
Oct 23, 2023
🔥🔥 Now that Sidney Powell has flipped on everyone else in the #BigLie (Michael Flynn as well possibly)… these prior details about David Hancock apparently having a phone recording between Donald Trump and Sidney Powell at Lin Wood’s Tomotley about the time General Flynn got his pardon from Trump … well 💥💥
From @visionsurreal earlier this summer …
@visionsurreal Outstanding article just out by @emptywheel that follows along this line of thinking that there may in fact be some damning evidence of a quid pro quo for the pardon Trump gave to Flynn while they were all at Lin Wood’s plantation in Georgia. emptywheel.net/2023/10/22/don…
Read 6 tweets
Aug 22, 2023
I have become fascinated with one of the more obscure defendants that was named in the @faniforDA indictment that most prominently included Donald Trump and his efforts to reverse the Presidential outcome (his loss) in Georgia. The name is Rev. Stephen Lee and he is an ordained Missouri Synod Lutheran minister & a connection to NAR (New Apostolic Reformation). 1/9
Here is the relevant section of the @faniforDA indictmetn that discusses Rev. Stephen Lee's invovlement and the relevant charges. Basically he traveled to Georgia to help with the efforts of overturning Trump's loss there after the 2020 election. Lee was indicted for attempting to coerce election worker Ruby Freeman into falsely admitting election fraud. 2/9
First it should be noted that the doctrine of the Missouri Synod Lutheran Church (LCMS) is very very different from that of the ELCA Lutheran church with LCMS being much more conservative and rigid. Anti-LGBTQ, anti-reproductive rights, forbids women being ministers and oddly states a position against Freemasonry ect... 3/9
Read 9 tweets
Jul 16, 2023
There is alot of talk that the new Qanon movie "Sound of Freedom" is being heavily astroturfed and this thread by @CyKoore sure seems to support that idea. Lots of talk that big blocks of tickets are being bought up by unknown dark money sources and lots of videos of empty… twitter.com/i/web/status/1…
In fact Angel Studios themselves crowd-sourced the purchase of tickets to the #SoundOfFeeedom movie that supposedly were then provided free of charge to patrons wanting to watch the movie. It would appear millions of tickets were procured in this manner both by Angel Studios and… twitter.com/i/web/status/1…
So is the supposed talk of box office success of #SoundOfFeeedom actually being astroturfed? Its difficult to empirically assess something like this but one way is to look at Google trends data and compare it to other movie openings. We found a few things of interest. One thing… https://t.co/KS6fPXmayktwitter.com/i/web/status/1…
Image
Read 9 tweets
Apr 7, 2023
This is looking more and more like a classic Kremlin hack and leak disinfo Op. Pretty clear with the fabricated Russian vs Ukrainian troop losses. We have found a couple pro-Kremlin accounts dispersing the documents on Twitter well before the NYTimes. Accounts involved in prior Kremlin #disinfo
Here is one pro-Kremlin troll account that has a clear past history of pushing out / boosting prior Kremlin disinformation operations. This account pushed out a portion of the leaked document hours before the New York Times article and promoted the part that was fabricated showing a significantly lower level of Russian troop losses than that of Ukrainian troop losses. Oddly levels lower than what even the Russian MoD has admitted to in the past. We redacted the sensitive parts of the screenshot of the original tweet.

Without having the original un-rendered image its difficult to assess how it might have been photoshopped / manipulated but it does appear text insertions were made in the "Total Assessed Losses" section. See image 2. Because the documents appear to have been leaked as photos of the physical copies there are bends and warpage in the final image. This was not fully taken into account in the manipulated / fabricated image.
And here is possible confirmation. Before and after ... insertions and deletions in the numbers of troop losses and equipment losses. Since this was also posted by someone else anonymously still no way to vouch for authenticity but seems to align with what others are saying in private. Still not clear how these classified documents detailing secret U.S. and NATO plans for aiding Ukraine were leaked and how much of them are even real. #NATO leaks #activemeasures #InfoOp cc @Dragnet_News
Read 14 tweets
Mar 29, 2023
So remember a few months back when @NickKnudsenUS and I believe @visionsurreal also before that brought this to our attention .... this crazy Watchman Decree pledge / NAR adjacent video? One part of it seemed especially odd? The part that pledged "we declare we will be energy… twitter.com/i/web/status/1…
This section in particular in Emma Brown's new @washingtonpost article talking about how Ginni Brown's CRC group was only ever on one amicus brief and it was with the "American Fuel and Petrochemical Manufacturers" group. Who here would be shocked to learn that we may soon find… twitter.com/i/web/status/1…
Here is the tweet from @NickKnudsenUS again that shows the full video. Please watch it. Note the part about the "seven mountains" ... something very integral to NAR ideology. And the reference to "wokeness" is no mistake. This is "Christofascism"
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(