Chris Vickery Profile picture
Oct 9, 2018 10 tweets 4 min read Twitter logo Read on Twitter
When I found the exposed 154 million US voter database in June 2016, I was able to trace the data to a company named L2 Political.
L2 then traced the leak to a client of theirs. The client claimed hackers had taken down their firewall which then publicly exposed the database.
L2's client did not suggest that *I* was the hacker(s) who had removed their firewall and exposed the database.
If true, this means there is confirmation, from the holder of the data, that a nationwide US voter registry _was_indeed_hacked_ months prior to the 2016 election.
I can't believe I didn't recall this sooner. Foreign hacking of the US election system was not much of a topic when I originally reported this 154 million voter record leak and the detail of actual confirmation of a US nationwide vote hack became lost in the ether.
To all official investigations into foreign interference in the 2016 election: You need to get L2 Political to name the client that was hacked. At the time of the discovery L2 did not tell me the name of the client and that part is still unknown.
p.s. Cambridge Analytica previously admitted to being a L2 Political client during that time period. L2 *did* tell me that L2 does not have very many nationwide voter registry clients.
Someone(s), please get that client's name from L2 Political.
I have emails from L2's CEO proving this.
The reason I'm jumping to the "foreign hacking" possibility instead of assuming it could have been domestic actors is that when the database was discovered (apparently a consequence of the claimed hack) I was able to query one access log. It showed access from a Serbian proxy IP.
Here's an article from the time regarding the discovery: csoonline.com/article/308813…

Please note that this June 2016 find was prior to my employment with @UpGuard. [although my super awesome skillset did transfer over ;)]

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Chris Vickery

Chris Vickery Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @VickerySec

Oct 1, 2018
If you want a thread to pull on, consider why the same entity would be behind these listed sites: americanstrawpoll.com/img/
[ web.archive.org/web/2018100119… ]
Why would someone be interested in the data generated by the public interacting with those sites?
#CA #AIQ #SCL #PG #LD #AS #WPA
And, yeah, the "neverhillary" section is in reference to a previously active site "neverhillary2016.com" (a domain which I have since taken over ownership of after they let it lapse).
Here's a hint, "LoudDoor" is a bigger player than people realize.
Read 4 tweets
Sep 8, 2018
That's an SCL Group site. It's hosting a personal blog for a German parliamentary candidate.
This candidate makes Youtube videos...
in which he argues that North Korea should have and retain nuclear weapons in order to keep the United States from invading.
Meant to include this screen with at the top of the thread.
Read 4 tweets
Sep 8, 2018
Step 1: Locate odd binary being served to the public internet.
Step 2: Get curious.
Step 3: Fire up a contained, temporary, virtual environment.
Step 4: Run the binary.
[result attached]

Step 5: Forever wonder of what could have been.
And of course they are also serving up a script that gives *ultimate* trust to expired keys. THIS IS NOT OK FOR A DOD CONTRACTOR TO HAVE BEEN DOING (among other things).
But, hey, while you're at it you might as well pipe some stuff straight into bash from the internet, right? #yolo I guess.
Read 4 tweets
Aug 8, 2018
So,
AggregateIQ developed a voting system that takes votes via phone and online. Relevant project references are "Direct Vote", "vb9k", and (as recently observed in the wild) "VoteVault[.]io".
Take a look at the hosting abnormalities that occurred prior to the 2016 election.
I'm not saying that there was any funny business conducted regarding influencing any potential voters into thinking that they could actually vote via phone or internet... but that would certainly fit this macabre circus that we're all watching play out.
And I'm not saying that a sudden switch to Saudi Arabian IP space is indicative of anything in particular. It's just suspicious as all fuck.
Read 4 tweets
Aug 2, 2018
Something I realized a little while ago is that a few articles have attributed the start of the US Military's move toward cloud computing to this 2010 letter: info.publicintelligence.net/USFOR-A-DCGS.p… (U//FOUO)
You may recognize the author's signature.
It is now-disgraced General Michael Flynn.
The immediate result was a project called the Distributed Common Ground System (DCGS-A) which was declared a clunky, hard-to-use failure after $2.7 billion had been sunk into its development.
Ironically it was within a different cloud environment that I discovered an archived copy of the DCGS-A development environment (and other relevant files) on September 27th, 2017. That find joined the ranks of other military-related cloud data exposures I had already come across.
Read 7 tweets
Jul 2, 2018
As time goes on, a new parlor trick for open source insights emerges: Inferring personality traits from previously used passwords.
There have been a lot of high profile data breaches in which someone actually dumps the whole data set publicly (not cool, but it happens).
Example:
1) Read article reporting a celebrity/politician's personal email address.
2) Check if that email address has been involved in a previous high-profile data breach (like with haveibeenpwned.com).
3) If it was, look up the email address on "one of those sites" that hosts previous high-profile data breaches with hashes included (not gonna list any here, and beware of the malware-laden ones).
4) Head on over to a site like hashes.org and look up the hash.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(