Cyber Populist | Hacking for the People, Hacking Machines @theZDI | AI/ML/Enterprise CVEs | Inventions in Cybersec & AI | Grind relentless. Rise endless. 🚀📈💯
Feb 1 • 4 tweets • 4 min read
I'm a Hacker.
I attend DEF CON every year.
We play a fun game called "Spot the Fed".
Last week, the Department of Justice released three million pages of Epstein documents.
I read them professionally.
Not for the names.
For the tradecraft.
The tradecraft is immaculate.
But here's what made me put down my coffee.
An FBI informant told authorities in 2017 that Epstein had a "personal hacker."
An Italian.
Born in the southern region of Calabria.
I've met hackers from Calabria.
At DEF CON.
At Black Hat.
The informant said this hacker developed zero-day exploits.
For iOS.
For BlackBerry.
For Firefox.
The informant said this hacker sold the exploits to the United States.
To the United Kingdom.
To an unnamed central African government.
And to Hezbollah.
Hezbollah paid with "a trunk of cash."
That's not how the US government pays.
The US government uses purchase orders.
But the exploits were the same.
Same zero-days.
Different payment methods.
Different clients.
Same hacker.
Speaking of hackers in Epstein's emails.
If you've been to Black Hat, you know the name.
He's on the Black Hat conference board.
He co-founded Trail of Bits.
He co-wrote the iOS Hacker's Handbook.
On April 14, 2018, the hackersent an email.
To jeevacation@gmail.com.
That's Epstein's personal email address.
Subject line: "New Yorker."
Document reference: HOUSE_OVERSIGHT_033280.
I don't know what was in the email.
The email exists.
In the files.
In the congressional oversight documents.
I've been to Black Hat with the hacker in question.
Not personally.
In the same room.
Watching the same talks.
About zero-days.
About offensive security.
About "responsible disclosure."
Epstein had a personal hacker selling zero-days to governments and Hezbollah.
Epstein was in contact with a Black Hat board member.
Epstein funded MIT Media Lab.
Where they research AI.
And security.
And "the future."
I don't know what this means.
I know what it looks like.
It looks like my industry.
But there's more.
US security officials say Epstein ran "the world's largest honeytrap operation."
For Russian intelligence.
The KGB.
The documents mention Putin 1,056 times.
Moscow 9,629 times.
An email from September 2011: "You had an appointment with Putin on September 16th."
Scheduled like a dentist visit.
Security sources say a Russian oil tycoon introduced Epstein to the Maxwells.
Robert Maxwell.
Ghislaine's father.
Called "Israel's Superspy."
Alleged KGB.
Alleged Mossad.
Alleged MI6.
Three agencies.
One family.
Plus a personal hacker.
Plus a network of security researchers.
Plus MIT.
Plus zero-days sold to multiple governments and terrorist organizations.
At DEF CON, we have a saying.
"Spot the fed."
It's a game.
You try to identify the government agents in the crowd.
It's funny.
Until it isn't.
Until you realize the game goes both ways.
They're spotting you too.
And taking notes.
And building networks.
And buying exploits.
Epstein wasn't just an intelligence asset.
He was an intelligence infrastructure.
A platform.
Multi-tenant.
Multi-cloud.
Russia. Israel. US. UK. Hezbollah.
Everyone got access.
Everyone paid differently.
Same exploits.
Same kompromat.
Same network.
Different clients.
The question everyone asks: Was Epstein an intelligence asset?
That's the wrong question.
The right question: Was the entire security research community compromised?
The answer is in the files.
Three million pages.
We just haven't read them all yet.
Was the entire security research community compromised?
Anyway, see you at DEF CON!
TL;DR:
The latest Epstein files reveal he had ties to the hacker community: a personal zero-day developer who sold the same exploits to the US, UK, AND Hezbollah, plus emails with a Black Hat board member. Combined with 1,056 Putin mentions and running "the world's largest honeytrap operation".
Epstein wasn't an intelligence asset. He was intelligence infrastructure.
