Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Tralfamadorenik Profile picture
@tralfamadorenik
Aug 22 8 tweets 3 min read Read on X
THEAD: were the DNC emails taken from an AppRiver server?

This is a follow up to this post, where we noticed that the DNC was running two/more realtime backups of their Exchange server.

We suggested that a backup server was the source of the DNC emails.
The plot thickens.

Forensicator noticed that incoming DNC emails were filtered by AppRiver.

theforensicator.wordpress.com/sorting-the-wi…
Image
This leads to the question, did AppRiver do more than filter spam from incoming emails?

We think the answer might be: Yes, AppRiver hosted the DNC's email system, or provided backup to it.

community.spiceworks.com/t/cas-load-bal…
Image
We must first consider that it is a lot of work to run a redundant, reliable Exchange server. It probably requires six servers in two sets distributed at different locations in the US.

We think that is out of scope for the DNC and think that they turned to APpRiver for help.
Here, we learn that AppRiver was acquired in 2019.


Launched in 2002, Florida-based AppRiver is a private company which provides subscription-based email and Internet security services.zdnet.com/article/zix-ac…
We also learn:

"These [services] include spam and virus filter systems, email encryption, secure archiving, and secure Microsoft Exchange hosting."

We think the DNC likely used AppRiver's Exchange hosting service.
That means the DNC emails found on Wikileaks were taken from a server managed by a completely separate company.

No wonder Shawn Henry (Crowdstrike) couldn't find the stolen emails.

END
@threadreaderapp unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Tralfamadorenik

Tralfamadorenik Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @tralfamadorenik

Tralfamadorenik Profile picture
Jun 27
Thread: Were Hunter Biden's emails processed in Chile?

Hunter Biden's emails were made available as a series of ~128K individual EML files (source Marco Polo).

The filenames have this form:
20100404-030027_36374.eml
where everything to the left of the underscore is a date/time.
Internal to the EML file is a Date: field. The Date value syntax is in the form that the sender sees the date/time. We can normalize that time to GMT and compare it to the date/time implied by the EML file name.
This should tell us the time zone in force when the EML files were prepared. Let's look at a couple of examples.
Read 25 tweets
Tralfamadorenik Profile picture
Mar 24
Can we estimate the time taken for a message to be sent to DAG1 vs DAG2 given the following data?

Alternatively, can we assert the level of significance that the path to DAG2 is slower than the path to DAG1? Image
Background: In the DNC emails we see some late dated emails (149 of them) sent locally via a server named DNCDAG2; for those emails we can subtract the sent time from the received time. Unfortunately, the times are accurate only to the nearest second.
To find a comparable set of emails sent via DNCDAG1, we look at a similar ~1 day time frame a week earlier. There are about 2x more emails in that sample, so we normalize those counts to total 149 (the DNCDAG2 value).
Read 10 tweets
Tralfamadorenik Profile picture
Mar 15
THREAD: solve the crime - how were the DNC emails taken?

In ou previous episode, we asserted that an email backup server had been hacked with Pacific/AZ time zone proximity.



Lading to the next question: how?
Before we address that question directly, let's rule out a few possibilities. First, let's recall that the DNC's on site experts had no clue. Image
Keep in mind that there would have been logs everywhere, VPN login logs, Windows login logs, Exchange server logs, and so on. We might believe that the logging levels were turned up higher when Crowdstrike visited the DNC almost a month before the hacks.
Read 21 tweets
Tralfamadorenik Profile picture
Mar 9
THREAD: Were the DNC emails taken from a backup server?

The Mueller Netyksho indictment asserts that the DNC emails, subsequently dumped by WikiLeaks (first on July 22, 2016) were acquired by Russian GRU agents who leveraged a hack of the DNC.
The indictment is vague on details raising many questions as to how exactly the emails were acquired, ex-filtrated and then transmitted to WikiLeaks.

As we’ll see below, even the on-scene experts who investigated the incident seemed to come up empty handed.
Before we cover the details, let’s have a look at the timeline. This is from the Forensicator’s analysis of the DNC emails. Image
Read 51 tweets
Tralfamadorenik Profile picture
Feb 13, 2023
The Unified Guccifer 2 Theory (1.0)

Recently, I had an "ah hah" moment w.r.t the timing and content of Guccifer 2's first blog post and the potential media/social network response.

It's an idea that I think may have merit, but pushing on that discovery string will be difficult.
spoiler: the DNC and friends got wind that a hacker (G2) was pitching the release of some HRC related documents to The Smoking Gun (TSG) and Gawker with stories to follow ...
Since G2's story might run counter to their hacking story, the DNC (and friends) hurriedly put together their hacking story and worked with media (WAPO) to get it out *ahead* of G2. In this way, they can set the narrative.
Read 25 tweets
Tralfamadorenik Profile picture
Feb 11, 2023
THREAD: Podesta wasn't phished.

The votes are in: 60/40 think that Podesta was phished. In this thread, I'll attempt to dissuade them of that opinion.
tag: @News_Views_2020, @FOOL_NELSON,@ClimateAudit,@realexmaple,@walkafyre,@TrustIsEarnd,@bleidl,@ITGuy1959,@with_integrity,@Ty_Clevenger
Background: Podesta used gmail; in mid-March 2016 about 50K of his emails (spanning years back) were ex-filtrated and later dumped by WL over a period of weeks starting October 7, 2016 (the day of the Access Hollywood release).
Read 24 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(