Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Tralfamadorenik Profile picture
Tralfamadorenik
@tralfamadorenik
The creatures can see where each star has been and where it is going, so that the heavens are filled with rarefied, luminous spaghetti.
Postcards of the Hanging(s) Profile picture Grump Profile picture Beverly Rice Profile picture 3 subscribed
Aug 30 8 tweets 2 min read
THREAD: did WL obfuscate the second DNC email release?

In this timeline, we see that WL made two releases of DNC emails. One just before the DNC convention (7/22/2016) and one just before the election (11/06/2016).

We'll show there is an important difference between them. Image The WL email releases are made up of individual EML files. Every file has a last mod time and we can arrange them in last mod time order. We might expect to see a timeline that looks like this.

In fact, the first WL release looks like this. Image
Aug 24 18 tweets 3 min read
THREAD: is Global Relay a potential exfiltration site?

In the previous two (censored) threads I suggested that the DNC emails may have been exfiltrated from a live email mirror site, possibly maintained by a company named AppRiver.

Here, we'll explore another company ... A review (link 1/2).
threadreaderapp.com/thread/1766509…
Aug 22 8 tweets 3 min read
THEAD: were the DNC emails taken from an AppRiver server?

This is a follow up to this post, where we noticed that the DNC was running two/more realtime backups of their Exchange server.

We suggested that a backup server was the source of the DNC emails.
The plot thickens.

Forensicator noticed that incoming DNC emails were filtered by AppRiver.

theforensicator.wordpress.com/sorting-the-wi…
Image
Jun 27 25 tweets 4 min read
Thread: Were Hunter Biden's emails processed in Chile?

Hunter Biden's emails were made available as a series of ~128K individual EML files (source Marco Polo).

The filenames have this form:
20100404-030027_36374.eml
where everything to the left of the underscore is a date/time. Internal to the EML file is a Date: field. The Date value syntax is in the form that the sender sees the date/time. We can normalize that time to GMT and compare it to the date/time implied by the EML file name.
Mar 24 10 tweets 2 min read
Can we estimate the time taken for a message to be sent to DAG1 vs DAG2 given the following data?

Alternatively, can we assert the level of significance that the path to DAG2 is slower than the path to DAG1? Image Background: In the DNC emails we see some late dated emails (149 of them) sent locally via a server named DNCDAG2; for those emails we can subtract the sent time from the received time. Unfortunately, the times are accurate only to the nearest second.
Mar 15 21 tweets 5 min read
THREAD: solve the crime - how were the DNC emails taken?

In ou previous episode, we asserted that an email backup server had been hacked with Pacific/AZ time zone proximity.



Lading to the next question: how? Before we address that question directly, let's rule out a few possibilities. First, let's recall that the DNC's on site experts had no clue. Image
Mar 9 51 tweets 9 min read
THREAD: Were the DNC emails taken from a backup server?

The Mueller Netyksho indictment asserts that the DNC emails, subsequently dumped by WikiLeaks (first on July 22, 2016) were acquired by Russian GRU agents who leveraged a hack of the DNC. The indictment is vague on details raising many questions as to how exactly the emails were acquired, ex-filtrated and then transmitted to WikiLeaks.

As we’ll see below, even the on-scene experts who investigated the incident seemed to come up empty handed.
Feb 13, 2023 25 tweets 7 min read
The Unified Guccifer 2 Theory (1.0)

Recently, I had an "ah hah" moment w.r.t the timing and content of Guccifer 2's first blog post and the potential media/social network response.

It's an idea that I think may have merit, but pushing on that discovery string will be difficult. spoiler: the DNC and friends got wind that a hacker (G2) was pitching the release of some HRC related documents to The Smoking Gun (TSG) and Gawker with stories to follow ...
Feb 11, 2023 24 tweets 6 min read
THREAD: Podesta wasn't phished.

The votes are in: 60/40 think that Podesta was phished. In this thread, I'll attempt to dissuade them of that opinion. tag: @News_Views_2020, @FOOL_NELSON,@ClimateAudit,@realexmaple,@walkafyre,@TrustIsEarnd,@bleidl,@ITGuy1959,@with_integrity,@Ty_Clevenger
Feb 2, 2023 31 tweets 9 min read
This thread will explore this often-discussed idea that some/all DNC were ex-filtrated by making use of credentials found on the Internet. That idea derives from this archived tweet (the original author's account was deleted. tag: @News_Views_2020, @FOOL_NELSON, @ClimateAudit, @realexmaple, @walkafyre, @TrustIsEarnd, @bleidl, @ITGuy1959, @with_integrity , @Ty_Clevenger
Apr 23, 2022 7 tweets 4 min read
THREAD 22: The "Trump Server" / Alfa Bank "suspicious communications" controversy
We discuss a critical time series analysis paper that established a possible pattern of human 2-way communication. This paper was likely passed along to reporters, the Senate, and the FBI/CIA. Alfa Bank sends a demand letter to Dagon, notably requesting "White Paper Comments: Time Series Analysis of Recursive Queries". We can't quite tell if this is the seminal paper or just Dagon's comments on same.

@FOOL_NELSON @walkafyre @ProfMJCleveland @ErrataRob @ClimateAudit
Feb 27, 2022 17 tweets 6 min read
THREAD: Who are the "Tealeaves folks" and why does it matter?

This is a follow up to this thread.


tag: @RyanM58699717 @FOOL_NELSON @ClimateAudit @ErrataRob @ProfMJCleveland @codyave @isthats75228187 In this excerpt Fritsch tells Lichtblau "These Tealeaves folks almost certainly would have been encrypted". Who is Fritsch referring to? (1) the group of researchers that we associate with Tealeaves or (2) the Trump Org cabal including Alfa and Spectrum that TL incriminates?
Jan 19, 2022 36 tweets 9 min read
THREAD #20: The "Trump Server" / Alfa Bank "suspicious communications" controversy. Technical track: What can we learn from the (previously unanalyzed) duplicate entries in the DNS logs?

We find support for our preferred theory: Alfa and Spectrum were hacked/compromised. IMO, the hacks caused the Alfa and Spectrum servers to ping the "Trump Server" in a seemingly mysterious pattern.

Previously, we decoded the pattern seen in the Spectrum data. Here, we will decode the reptitive pattern generated by Alfa (alleged) hack.
Jan 17, 2022 10 tweets 4 min read
Preview pop quiz. Let's say that a DDOS attack blasts out a lot of packets all at once and then waits 10 seconds before it reloads. In the meantime the packets are slowed down by a rate limiting filter and some (but not all) answers are returned back. Which scenario in the chart best fits that description?
Compare to a sequential process where a program sends some packets and within 1 sec receives results. There are problems with the result, so it waits 2 secs and tries again. Still problems, it waits 2 secs and tries again.
Jan 14, 2022 17 tweets 7 min read
Puzzler ahead of next thread (which will be overall shorter and simpler, but a bit difficult to grapple with).

Tag:
@FOOL_NELSON @ClimateAudit @bleidl @RyanM58699717 @walkafyre @ErrataRob @PeterSMagnusson @sempersecurus We look at all gaps of less than 2 hours (7200 secs) and reduce their value to the next lowest 120 secs (2 mins) for the period > 7/24/2016 which is the day both Alfa and Spectrum are missing a day.
Jan 13, 2022 24 tweets 8 min read
THREAD #17: The "Trump Server" / Alfa Bank "suspicious communications" controversy. Technical track: What can we learn from the record of failed lookups from a new Alfa IP address (217.12.97.137)? Tag: @FOOL_NELSON @ClimateAudit @bleidl @RyanM58699717 @walkafyre @ErrataRob @PeterSMagnusson @sempersecurus
Jan 13, 2022 6 tweets 6 min read
Pop quiz ahead of the next thread.

How do we put these three pieces of info together?

@FOOL_NELSON @ClimateAudit @bleidl @walkafyre @RyanM58699717 @ErrataRob @FOOL_NELSON @ClimateAudit @bleidl @walkafyre @RyanM58699717 @ErrataRob Consider: (1) the DNS search suffix list, (2) iterative name resolution, (3) DNS name caching both positive and negative.

Things might not make sense; it didn't for me given this scarce data, but maybe you'll find something.
Jan 11, 2022 21 tweets 6 min read
@FOOL_NELSON @ClimateAudit @bleidl @RyanM58699717 @walkafyre @ErrataRob

Let's look at the Alfa DNS lookup data. It is demonstrably different from the Spectrum ping data, but shares a similarity in that there is different behavior among 3 time segments. This is a composite to show the three stages. Stage 1 (prior to 6/24/2016) shares the same apparent randomness of inter-ping delays as we saw with the Spectrum data. Similarly for stage 2 and 3 we see similar shapes but stage 2 is more erratic.
Jan 10, 2022 5 tweets 3 min read
Going to bump this one and add to it.


@FOOL_NELSON @ClimateAudit @bleidl @walkafyre @RyanM58699717 @ErrataRob There's also this fairly recent paper by a familiar GA Tech. researcher.
astrolavos.gatech.edu/articles/IoTFi…
Jan 10, 2022 19 tweets 9 min read
Hmmm, so maybe the use of a lognormal distribution to simulate human interaction times isn't that crazy.

The Dutch again (don't trust them <J/k>). Note the timeframe.
nas.ewi.tudelft.nl/people/Piet/pa… @FOOL_NELSON @ClimateAudit @walkafyre @RyanM58699717 @ErrataRob

Just another coincidence?
Jan 9, 2022 13 tweets 4 min read
A quick tweet to note something wild in the Spectrum data. The (1h,1m) (2h,2m) (3h,3m) pattern stretches *all* the way out to (59h, 59m).

Not a coincidence. This is a deliberate algorithm. @FOOL_NELSON @ClimateAudit @bleidl @RyanM58699717 @walkafyre @ErrataRob

Why would the hacker choose this algorithm? Here are 2 ideas: