Data breach hunter. InfoSec & Cybersecurity. Personal account.
Oct 9, 2018 • 10 tweets • 4 min read
When I found the exposed 154 million US voter database in June 2016, I was able to trace the data to a company named L2 Political.
L2 then traced the leak to a client of theirs. The client claimed hackers had taken down their firewall which then publicly exposed the database.
L2's client did not suggest that *I* was the hacker(s) who had removed their firewall and exposed the database.
If true, this means there is confirmation, from the holder of the data, that a nationwide US voter registry _was_indeed_hacked_ months prior to the 2016 election.
That's an SCL Group site. It's hosting a personal blog for a German parliamentary candidate.
This candidate makes Youtube videos...
in which he argues that North Korea should have and retain nuclear weapons in order to keep the United States from invading.
Sep 8, 2018 • 4 tweets • 2 min read
Step 1: Locate odd binary being served to the public internet.
Step 2: Get curious.
Step 3: Fire up a contained, temporary, virtual environment.
Step 4: Run the binary.
Step 5: Forever wonder of what could have been.
And of course they are also serving up a script that gives *ultimate* trust to expired keys. THIS IS NOT OK FOR A DOD CONTRACTOR TO HAVE BEEN DOING (among other things).
Aug 8, 2018 • 4 tweets • 2 min read
AggregateIQ developed a voting system that takes votes via phone and online. Relevant project references are "Direct Vote", "vb9k", and (as recently observed in the wild) "VoteVault[.]io".
Take a look at the hosting abnormalities that occurred prior to the 2016 election.
I'm not saying that there was any funny business conducted regarding influencing any potential voters into thinking that they could actually vote via phone or internet... but that would certainly fit this macabre circus that we're all watching play out.
Aug 2, 2018 • 7 tweets • 2 min read
Something I realized a little while ago is that a few articles have attributed the start of the US Military's move toward cloud computing to this 2010 letter: info.publicintelligence.net/USFOR-A-DCGS.p… (U//FOUO)
You may recognize the author's signature.
It is now-disgraced General Michael Flynn.
The immediate result was a project called the Distributed Common Ground System (DCGS-A) which was declared a clunky, hard-to-use failure after $2.7 billion had been sunk into its development.
Jul 2, 2018 • 5 tweets • 2 min read
As time goes on, a new parlor trick for open source insights emerges: Inferring personality traits from previously used passwords.
There have been a lot of high profile data breaches in which someone actually dumps the whole data set publicly (not cool, but it happens).
Example: 1) Read article reporting a celebrity/politician's personal email address. 2) Check if that email address has been involved in a previous high-profile data breach (like with haveibeenpwned.com).
Jul 1, 2018 • 12 tweets • 2 min read
Serious triage proposal to immediately hinder bot/troll armies on Twitter and Facebook:
a) Keep "Entry-Level" Twitter accounts free.
b) "Standard" accounts require a one-time $3 fee (nonrefundable).
c) For certain "Verified" accounts (e.g. elected officials) the fee is waived.
1. The one-time $3 fee for a standard account can *only* be paid with a unique credit card (this is possible even if paying through paypal). Once a credit card is used for an account, it cannot be used to pay the $3 fee on any other account, ever again.
Jun 29, 2018 • 4 tweets • 1 min read
Curious results, don't ya think?
For what it's worth, this little trick is extremely useful for finding hidden relationships between entities playing shell games.
I normally wouldn't mention it, but I've noticed that some have started using website techniques that mitigate against leaving this sort of trail.
Mar 26, 2018 • 4 tweets • 2 min read
I found Bannon's tools.
Facebook ad tools, scrapers, targeting scripts, etc.
Federal authorities have it all now.
Smoking gun evidence involving foreign influence in US elections.
Reports going up momentarily at: upguard.com/breaches/aggre… and gizmodo.com/aggregateiq-cr…
Data involves Cambridge Analytica, AggregateIQ, WPA Intel, Brexit, Cruz, and more.