1/ The origins of the 2016 Russian collusion active measure can be traced back to these men. All of them investigated cybercriminals around the world over a decade before Trump was elected. This nexus provided us with Guccifer 2.0, the Mueller indictment, and CrowdStrike’s DNC breach attribution.
🧵👀
🧵👀
2/ Ukrainian hacker Maksym Popov is at the heart of these connections. In 2001, while serving time in an American prison, he wrote a letter to the Ukrainian Consulate in Chicago. In the letter, he claimed that the FBI tricked him into a meeting in London with a job offer where he was drugged and extradited to the United States:
“I remember precisely that I had a smoke and drank whiskey from the mini bar, after which I don’t remember anything that happened to me. I found myself on a TWA plane with an unbearable headache and was given some kind of headache pill for the pain.”
“I asked what was going on, to which they answered with a smile that I was kind of stressed and lost consciousness, but that I shouldn’t worry because they took care of everything. I asked again, where are we flying? They answered me: To the USA. Isn't that what you wanted, Maksim? At that moment I realized what really happened.”
web.archive.org/web/2002060514…
“I remember precisely that I had a smoke and drank whiskey from the mini bar, after which I don’t remember anything that happened to me. I found myself on a TWA plane with an unbearable headache and was given some kind of headache pill for the pain.”
“I asked what was going on, to which they answered with a smile that I was kind of stressed and lost consciousness, but that I shouldn’t worry because they took care of everything. I asked again, where are we flying? They answered me: To the USA. Isn't that what you wanted, Maksim? At that moment I realized what really happened.”
web.archive.org/web/2002060514…
3/ After serving time in prison, Popov eventually decided to sign a plea deal with the USDOJ in March 2002. He agreed to help FBI special agent EJ Hilbert infiltrate hackers from Ukraine and Russia who at the time had gathered on a hacker site called CarderPlanet.
The operation was called Ant City and was covered in a 2016 article by Kevin Poulsen, a former hacker turned author.
wired.com/2016/05/maksym…
The operation was called Ant City and was covered in a 2016 article by Kevin Poulsen, a former hacker turned author.
wired.com/2016/05/maksym…
4/ Through Ant City, Hilbert and Popov built cases against many of CarderPlanet’s members. This included one of the website’s founders, a Ukrainian hacker named Dmitry Golubov, aka Script.
According to an excerpt from Hilbert’s blog, this is where he crossed paths with USPS Investigator Greg Crabb:
“Golubov will later be arrested by the Ukrainian MVD with the help of US Postal Investigator Greg Crabb based in part on evidence from the Ant City investigation.”
ejhilbert.blogspot.com/2014/03/chapte…
According to an excerpt from Hilbert’s blog, this is where he crossed paths with USPS Investigator Greg Crabb:
“Golubov will later be arrested by the Ukrainian MVD with the help of US Postal Investigator Greg Crabb based in part on evidence from the Ant City investigation.”
ejhilbert.blogspot.com/2014/03/chapte…
5/ According to Joseph Menn’s Fatal System Error, Hilbert and Crabb traveled together to Ukraine repeatedly to lobby its government for help.
Crabb was investigating many of the same criminals being tracked by Popov and Hilbert. During this time Crabb cultivated his own sources, including one from Russia’s FSB.
books.google.com/books?id=Uq7_K…
Crabb was investigating many of the same criminals being tracked by Popov and Hilbert. During this time Crabb cultivated his own sources, including one from Russia’s FSB.
books.google.com/books?id=Uq7_K…
6/ After retiring from the USPS, Crabb explained at a conference how he was able to trace many of these criminal hackers to Russia early on in his career. He reached out to the Russian Embassy in DC where he was connected with FSB officer Sergei Mikhailov. It was through the FSB that Crabb originally learned of CarderPlanet.
zetter-zeroday.com/p/when-russia-…
zetter-zeroday.com/p/when-russia-…
7/ In another interview, Crabb described how he was able to recruit Mikhailov as a spy during an out of country Interpol conference in France in 2005 that he helped organize. Through this effort, Mikhailov gifted a copy of CarderPlanet’s database to Crabb.
“We hit it off, and over the next several years Sergei and I maintained a very strong relationship. And, you know, I was not a spy... but obviously if you wanted to develop a spy it would always be best to get your source out of Russia.”
“He provided me with the most important piece of evidence that I had through the course of my investigation, there was a database. At the time there was a hacking forum that had been central to the organization of Eastern European cybercrime and it was called CarderPlanet- it was the name of the website and it had been hosted in Russia and he was able to get me a copy of the database.”
open.spotify.com/episode/5X3TbR…
“We hit it off, and over the next several years Sergei and I maintained a very strong relationship. And, you know, I was not a spy... but obviously if you wanted to develop a spy it would always be best to get your source out of Russia.”
“He provided me with the most important piece of evidence that I had through the course of my investigation, there was a database. At the time there was a hacking forum that had been central to the organization of Eastern European cybercrime and it was called CarderPlanet- it was the name of the website and it had been hosted in Russia and he was able to get me a copy of the database.”
open.spotify.com/episode/5X3TbR…
8/ Having established Hilbert and Crabb’s connections with each other and their respective assets, we’ll look now at FBI SA Keith Mularski. According to Kevin Poulsen’s book Kingpin, Crabb was Mularski’s mentor and lays out how they met:
“When Crabb wrapped up his talk and the other agents began to file out, Mularski approached the postal inspector at the head of the table and extended his hand enthusiastically. "This stuff is fascinating," he said. "I'd love to work with you. I'd love to partner up with you."
dl.icdst.org/pdfs/files4/31…
“When Crabb wrapped up his talk and the other agents began to file out, Mularski approached the postal inspector at the head of the table and extended his hand enthusiastically. "This stuff is fascinating," he said. "I'd love to work with you. I'd love to partner up with you."
dl.icdst.org/pdfs/files4/31…
9/ Around the same time that Crabb received the CarderPlanet database from Mikhailov (2005), Mularski just so happened to find his future asset 'posing' on underground hacker sites as a Russian gangster.
Did Mikhailov's CarderPlanet handoff to Crabb lead Mularski to Dmitri Alperovitch❓
Dmitri Alperovitch was initially terrified when the FBI called him in 2005. He agreed to help Mularski infiltrate Dark Market (the successor to CarderPlanet), just as Popov had done with Hilbert before them.
esquire.com/news-politics/…
Did Mikhailov's CarderPlanet handoff to Crabb lead Mularski to Dmitri Alperovitch❓
Dmitri Alperovitch was initially terrified when the FBI called him in 2005. He agreed to help Mularski infiltrate Dark Market (the successor to CarderPlanet), just as Popov had done with Hilbert before them.
esquire.com/news-politics/…
10/ In July of 2009 at the BlackHat conference in Las Vegas, Keith Mularski and Dmitri Alperovitch recounted their Dark Market operation during a presentation titled ‘Fighting Russian Cybercrime Mobsters’.
Dark Market is widely considered among the most successful undercover cybercrime operations in FBI history to date.
blackhat.com/presentations/…
blackhat.com/presentations/…
Dark Market is widely considered among the most successful undercover cybercrime operations in FBI history to date.
blackhat.com/presentations/…
blackhat.com/presentations/…
11/ During Mularski’s time spent undercover, his boss at FBI-Cyber was none other than future CrowdStrike CSO Shawn Henry.
Mularski and Henry delivered a separate presentation on Dark Market in 2008 at the International Spy Museum in DC. Kevin Poulsen (the aforementioned author of Kingpin and the Wired article featuring Popov and Hilbert) was featured at the event as well.
archives.fbi.gov/archives/news/…
Mularski and Henry delivered a separate presentation on Dark Market in 2008 at the International Spy Museum in DC. Kevin Poulsen (the aforementioned author of Kingpin and the Wired article featuring Popov and Hilbert) was featured at the event as well.
archives.fbi.gov/archives/news/…
12/ RECAP:
1) Hilbert was Popov’s handler beginning in 2001. Hilbert and Crabb worked together on evidence gathered by Maksym Popov from internet hacker site CarderPlanet.
2) Greg Crabb cultivated FSB agent Sergei Mikhailov and was Keith Mularski’s mentor. In 2005, Mikhailov gave Crabb a forensic copy CarderPlanet’s database.
3) In 2005 the FBI contacted a 'terrified' Dmitri Alperovitch, presumably based on information gathered from CarderPlanet’s database. As a result, Alperovitch agreed to work with Mularski infiltrating Dark Market, the successor to CarderPlanet.
Are these relationships directly connected to Guccifer 2.0, the Mueller indictment, and DNC’s breach attribution by CrowdStrike❓
1) Hilbert was Popov’s handler beginning in 2001. Hilbert and Crabb worked together on evidence gathered by Maksym Popov from internet hacker site CarderPlanet.
2) Greg Crabb cultivated FSB agent Sergei Mikhailov and was Keith Mularski’s mentor. In 2005, Mikhailov gave Crabb a forensic copy CarderPlanet’s database.
3) In 2005 the FBI contacted a 'terrified' Dmitri Alperovitch, presumably based on information gathered from CarderPlanet’s database. As a result, Alperovitch agreed to work with Mularski infiltrating Dark Market, the successor to CarderPlanet.
Are these relationships directly connected to Guccifer 2.0, the Mueller indictment, and DNC’s breach attribution by CrowdStrike❓
13/ WAS MAKSYM POPOV BEHIND GUCCIFER 2.0❓
Popov / G2 parallels were first drawn by Emma Best, who acted as an intermediary between G2 and WikiLeaks in 2016. Best also runs DDoSecrets (an archival leak site), where an impressive catalogue of Popov data can be found. This cache includes anonymous proxy accounts Popov controlled on X promoting his hacks.
Best outlined the striking similarities between Popov / G2 in this 2019 article:
“Years before the Russian-operated persona Guccifer 2.0 appeared on the internet to claim they were a hacktivist responsible for the DNC breach, a hacker with alleged ties to the Russian government used similar obfuscation strategies. Using numerous false identities and several distribution platforms, they released hacked materials, both genuine and forged, while often lying about the real documents’ provenance.”
emma.best/2019/03/20/the…
data.ddosecrets.com/Popov%20Files/…
photo.unian.ua/photo/3968-max…
Popov / G2 parallels were first drawn by Emma Best, who acted as an intermediary between G2 and WikiLeaks in 2016. Best also runs DDoSecrets (an archival leak site), where an impressive catalogue of Popov data can be found. This cache includes anonymous proxy accounts Popov controlled on X promoting his hacks.
Best outlined the striking similarities between Popov / G2 in this 2019 article:
“Years before the Russian-operated persona Guccifer 2.0 appeared on the internet to claim they were a hacktivist responsible for the DNC breach, a hacker with alleged ties to the Russian government used similar obfuscation strategies. Using numerous false identities and several distribution platforms, they released hacked materials, both genuine and forged, while often lying about the real documents’ provenance.”
emma.best/2019/03/20/the…
data.ddosecrets.com/Popov%20Files/…
photo.unian.ua/photo/3968-max…
14/ Further similarities were sniffed out by FOOL_NELSON on X in an excellent dig (linked) that also serves as the basis for much of the research found in this thread.
After FOOL made contact with one of Popov's proxy accounts, he started threatening Kevin Poulsen and EJ Hilbert. 🧐
“dark dante ! expect feds knock on your door soon! time has come for you to eat the crap you produced by your own digestive organs you freaking idiot you and craphead EjHilbert both will face the evil@of you both fucking with Burisma Biden company”
After FOOL made contact with one of Popov's proxy accounts, he started threatening Kevin Poulsen and EJ Hilbert. 🧐
“dark dante ! expect feds knock on your door soon! time has come for you to eat the crap you produced by your own digestive organs you freaking idiot you and craphead EjHilbert both will face the evil@of you both fucking with Burisma Biden company”
http://x.com/fool_nelson/status/1406785038918823936?s=46&t=xdXAgV9u9UO2dQacckSJIg
http://web.archive.org/web/20210711214238/https://twitter.com/HardcoreCharle/status/1414339343221772288
15/ After fulfilling his side of the bargain with EJ Hilbert, Popov returned home to Ukraine in 2003 where he started a cybersecurity company called CYCMOS (Cyber Crime Monitoring System). He drummed up new business by notifying customers that they'd been hacked. What he didn't advertise is that his associates in Ukraine were the ones behind the attacks.
Popov even managed to scam the FBI out of $10K. He notified them (through Hilbert) that one of their email databases was compromised and offered to help them track down the culprit. The scheme worked. Popov was given a formal letter of appreciation to go along with the money.
Despite thoroughly embarrassing the FBI, there doesn't seem to be any effort whatsoever to arrest him. In fact, Hilbert claimed that right before he was pulled from the case he was setting up a meeting to arrest him a second time.
web.archive.org/web/2006062000…
newsweek.com/fbi-computers-…
Popov even managed to scam the FBI out of $10K. He notified them (through Hilbert) that one of their email databases was compromised and offered to help them track down the culprit. The scheme worked. Popov was given a formal letter of appreciation to go along with the money.
Despite thoroughly embarrassing the FBI, there doesn't seem to be any effort whatsoever to arrest him. In fact, Hilbert claimed that right before he was pulled from the case he was setting up a meeting to arrest him a second time.
web.archive.org/web/2006062000…
newsweek.com/fbi-computers-…
16/ WAS SERGEI MIKHAILOV A DOUBLE AGENT FEEDING INTEL TO CIA FOR THE MUELLER INVESTIGATION❓
To answer this question, let’s start by taking a closer look at Mikhailov’s relationship with Crabb. Here we see how fondly Crabb reflects on his collaboration with Mikhailov.
“The days of Russian FSB and US law enforcement cooperation were extremely rare and are long past. Before Sergei Mikhailov's hardships, we developed a very unique relationship.”
“I am grateful for the several years that I collaborated with Sergei. I am particularly proud of the time we spent sharing details of enforcement actions, plans and exchanging stories over vodka. The lessons that I learned from him and the international criminals that our collaboration supported arresting were special.”
linkedin.com/posts/gregoryc…
To answer this question, let’s start by taking a closer look at Mikhailov’s relationship with Crabb. Here we see how fondly Crabb reflects on his collaboration with Mikhailov.
“The days of Russian FSB and US law enforcement cooperation were extremely rare and are long past. Before Sergei Mikhailov's hardships, we developed a very unique relationship.”
“I am grateful for the several years that I collaborated with Sergei. I am particularly proud of the time we spent sharing details of enforcement actions, plans and exchanging stories over vodka. The lessons that I learned from him and the international criminals that our collaboration supported arresting were special.”
linkedin.com/posts/gregoryc…
17/ Crabb has also openly stated that his colleague from Minsk, Belarus (Mikhailov) was arrested for working with him. To this day, he proudly displays an official Russian police hat on his mantle at home.
“I had the occasion to work with the Russian FSB and the Ukrainian MVD, and even law enforcement officers in Belarus. I proudly display the hat there from my colleague in Minsk, Belarus. Unfortunately, he was actually arrested for working with me.”
tech-transforms.captivate.fm/episode/greg-c…
“I had the occasion to work with the Russian FSB and the Ukrainian MVD, and even law enforcement officers in Belarus. I proudly display the hat there from my colleague in Minsk, Belarus. Unfortunately, he was actually arrested for working with me.”
tech-transforms.captivate.fm/episode/greg-c…
18/ On December 5, 2016, Sergei Mikhailov was detained in dramatic fashion at FSB’s headquarters in Russia. The arrest immediately sent shockwaves through Washington D.C. along with allegations that he was passing secrets to the CIA. Within Russian intelligence circles, Mikhailov was considered the main authority on cybercrime.
foreignpolicy.com/2017/01/31/arr…
web.archive.org/web/2017012602…
amp.theguardian.com/world/2017/jan…
thebell.io/what-the-arres…
foreignpolicy.com/2017/01/31/arr…
web.archive.org/web/2017012602…
amp.theguardian.com/world/2017/jan…
thebell.io/what-the-arres…
19/ U.S. sources were quick to point the finger at the GRU… away from FSB and any involvement:
“As part of the election interference operation, two Russian hacking groups intruded into the servers of the Democratic National Committee. One group was affiliated with the F.S.B., Mr. Mikhailov’s agency, and the other with the Russian military intelligence organization known as the G.R.U., according to United States government officials and cybersecurity researchers who studied the breach.
Only the G.R.U. leaked the stolen information, according to a United States interagency report on the hacking released in 2017. The special counsel investigating Russian meddling, Robert S. Mueller III, last year indicted 12 G.R.U. officers.
The detailed accusations by American intelligence agencies against Russia, and the stated high level of confidence in their findings, gave rise to questions about whether they had sources inside Russia.”
nytimes.com/2019/02/26/wor…
“As part of the election interference operation, two Russian hacking groups intruded into the servers of the Democratic National Committee. One group was affiliated with the F.S.B., Mr. Mikhailov’s agency, and the other with the Russian military intelligence organization known as the G.R.U., according to United States government officials and cybersecurity researchers who studied the breach.
Only the G.R.U. leaked the stolen information, according to a United States interagency report on the hacking released in 2017. The special counsel investigating Russian meddling, Robert S. Mueller III, last year indicted 12 G.R.U. officers.
The detailed accusations by American intelligence agencies against Russia, and the stated high level of confidence in their findings, gave rise to questions about whether they had sources inside Russia.”
nytimes.com/2019/02/26/wor…
20/ DID CROWDSTRIKE EVER PRODUCE CONCLUSIVE EVIDENCE TO BACK THEIR ORIGINAL DNC BREACH ATTRIBUTION❓
The short answer to that question is no. On December 5, 2017, CrowdStrike’s Shawn Henry provided the following statement:
“HENRY: There are times when we can see data exfiltrated, and we can say conclusively. But in this case, it appears it was setup to be exfiltrated, but we just don’t have the evidence that it actually left.”
dni.gov/files/HPSCI_Tr…
The short answer to that question is no. On December 5, 2017, CrowdStrike’s Shawn Henry provided the following statement:
“HENRY: There are times when we can see data exfiltrated, and we can say conclusively. But in this case, it appears it was setup to be exfiltrated, but we just don’t have the evidence that it actually left.”
dni.gov/files/HPSCI_Tr…
21/ Not only did CrowdStrike fail to produce conclusive evidence that the DNC was hacked by Russia, they also flat-out refused to share the evidence. It is well documented that CrowdStrike never turned over the DNC’s servers to Mueller’s team or the FBI prior to making an indictment.
Two of CrowdStrike’s most prominent members, Dmitri Alperovitch and Shawn Henry, have roots that extend over a decade back to Keith Mularski, Greg Crabb, EJ Hilbert, Sergei Mikhailov, and Maksym Popov.
The origins of the 2016 Russian collusion active measure revolves around these men and all of them should have been properly investigated by now.
Two of CrowdStrike’s most prominent members, Dmitri Alperovitch and Shawn Henry, have roots that extend over a decade back to Keith Mularski, Greg Crabb, EJ Hilbert, Sergei Mikhailov, and Maksym Popov.
The origins of the 2016 Russian collusion active measure revolves around these men and all of them should have been properly investigated by now.
22/ Follow-up points:
-Greg Crabb recently founded a company with former FBI colleague Andrew McCabe called 10-8 Cyber LLC.
-Dmitri Alperovitch was appointed to the DHS Advisory Council by Alejandro Mayorkas in March 2022.
-Keith Mularski’s name resurfaced in Durham’s lawsuit against Sussmann as an FBI point of contact regarding CrowdStrike’s DNC attribution along with text messages to his former coworker Tom Grasso regarding the Alfa Bank hoax.
teneightcyber.com/optin165460591…
dhs.gov/medialibrary/a…
ia804606.us.archive.org/32/items/gov.u…
s3.documentcloud.org/documents/2204…
-Greg Crabb recently founded a company with former FBI colleague Andrew McCabe called 10-8 Cyber LLC.
-Dmitri Alperovitch was appointed to the DHS Advisory Council by Alejandro Mayorkas in March 2022.
-Keith Mularski’s name resurfaced in Durham’s lawsuit against Sussmann as an FBI point of contact regarding CrowdStrike’s DNC attribution along with text messages to his former coworker Tom Grasso regarding the Alfa Bank hoax.
teneightcyber.com/optin165460591…
dhs.gov/medialibrary/a…
ia804606.us.archive.org/32/items/gov.u…
s3.documentcloud.org/documents/2204…
23/ Before the accusations of overlooking Seth Rich❗️
Please understand that the Russian collusion outlined in this thread is an honest assessment from the same vein as the Steele dossier. It was a paid for active measure intended to distract from the truth.
The death of Seth Rich is an American tragedy. Having worked closely with a colleague with knowledge on the matter, there are crucial facts yet to be revealed. I pray that God will bring them to light soon. 🙏🏻
Please understand that the Russian collusion outlined in this thread is an honest assessment from the same vein as the Steele dossier. It was a paid for active measure intended to distract from the truth.
The death of Seth Rich is an American tragedy. Having worked closely with a colleague with knowledge on the matter, there are crucial facts yet to be revealed. I pray that God will bring them to light soon. 🙏🏻
• • •
Missing some Tweet in this thread? You can try to
force a refresh
