Step 1: Locate odd binary being served to the public internet.
Step 2: Get curious.
Step 3: Fire up a contained, temporary, virtual environment.
Step 4: Run the binary.
[result attached]
Step 5: Forever wonder of what could have been.
And of course they are also serving up a script that gives *ultimate* trust to expired keys. THIS IS NOT OK FOR A DOD CONTRACTOR TO HAVE BEEN DOING (among other things).
But, hey, while you're at it you might as well pipe some stuff straight into bash from the internet, right? #yolo I guess.
[yes, that's an actual SCL-hosted script pulling in the contents of another SCL-hosted file. I didn't make it up.]
• • •
Missing some Tweet in this thread? You can try to
force a refresh
When I found the exposed 154 million US voter database in June 2016, I was able to trace the data to a company named L2 Political.
L2 then traced the leak to a client of theirs. The client claimed hackers had taken down their firewall which then publicly exposed the database.
L2's client did not suggest that *I* was the hacker(s) who had removed their firewall and exposed the database.
If true, this means there is confirmation, from the holder of the data, that a nationwide US voter registry _was_indeed_hacked_ months prior to the 2016 election.
I can't believe I didn't recall this sooner. Foreign hacking of the US election system was not much of a topic when I originally reported this 154 million voter record leak and the detail of actual confirmation of a US nationwide vote hack became lost in the ether.
And, yeah, the "neverhillary" section is in reference to a previously active site "neverhillary2016.com" (a domain which I have since taken over ownership of after they let it lapse).
Here's a hint, "LoudDoor" is a bigger player than people realize.
That's an SCL Group site. It's hosting a personal blog for a German parliamentary candidate.
This candidate makes Youtube videos...
in which he argues that North Korea should have and retain nuclear weapons in order to keep the United States from invading.
Meant to include this screen with at the top of the thread.
So,
AggregateIQ developed a voting system that takes votes via phone and online. Relevant project references are "Direct Vote", "vb9k", and (as recently observed in the wild) "VoteVault[.]io".
Take a look at the hosting abnormalities that occurred prior to the 2016 election.
I'm not saying that there was any funny business conducted regarding influencing any potential voters into thinking that they could actually vote via phone or internet... but that would certainly fit this macabre circus that we're all watching play out.
And I'm not saying that a sudden switch to Saudi Arabian IP space is indicative of anything in particular. It's just suspicious as all fuck.
Something I realized a little while ago is that a few articles have attributed the start of the US Military's move toward cloud computing to this 2010 letter: info.publicintelligence.net/USFOR-A-DCGS.p… (U//FOUO)
You may recognize the author's signature.
It is now-disgraced General Michael Flynn.
The immediate result was a project called the Distributed Common Ground System (DCGS-A) which was declared a clunky, hard-to-use failure after $2.7 billion had been sunk into its development.
Ironically it was within a different cloud environment that I discovered an archived copy of the DCGS-A development environment (and other relevant files) on September 27th, 2017. That find joined the ranks of other military-related cloud data exposures I had already come across.
As time goes on, a new parlor trick for open source insights emerges: Inferring personality traits from previously used passwords.
There have been a lot of high profile data breaches in which someone actually dumps the whole data set publicly (not cool, but it happens).
Example: 1) Read article reporting a celebrity/politician's personal email address. 2) Check if that email address has been involved in a previous high-profile data breach (like with haveibeenpwned.com).
3) If it was, look up the email address on "one of those sites" that hosts previous high-profile data breaches with hashes included (not gonna list any here, and beware of the malware-laden ones). 4) Head on over to a site like hashes.org and look up the hash.