Guest User

claudia.txt

a guest
May 19th, 2017
515
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [9:53 PM] Danger: ok thx
  2. [9:53 PM] Danger: will add shortly
  3. [9:56 PM] Kraya ☿: @jeanseberg really need ot head off now, but I assume none of those keys worked cause they arent what keys look like o.O I'm surprised someone with the coding skill to write that script tried that but either way yeah thats most likely a failed attemt at decoding the 2013 insurance files
  4. [9:56 PM] Kraya ☿: but yeah DM me specific questions and I'll read sometime when I wake up xD
  5. [10:01 PM] jeanseberg: @Kraya The key does not have to follow any pattern, I just created a file with aes256, used 'hello' as the password and decrypted it.
  6. [10:01 PM] jeanseberg: openssl enc -aes-256-cbc -salt -in text.txt -out test.enc
  7. [10:01 PM] jeanseberg: To make the file, and then:
  8. [10:02 PM] jeanseberg: openssl enc -aes-256-cbc -d -in test.enc -out file.txt
  9. [10:02 PM] jeanseberg: To get it back.
  10. [10:08 PM] sakulfromspace: passphrase is not the same as the key
  11. [10:08 PM] sakulfromspace: your computer saves the key in a file and uses a passphrase to retreive it, but its really using the full key
  12. [10:15 PM] lupdike: when the passwords do get released, how will we open the files....are they most likely truecrypt containers or what?
  13. [10:15 PM] Danger: no one knows how they will get released
  14. [10:16 PM] Danger: files are aes encrypted and available via torrent
  15. [10:16 PM] Danger: hang on and ill get you some links
  16. [10:16 PM] Danger: wikileaks insurance files:
  17. https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
  18. https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent
  19. https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
  20. https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
  21. https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent
  22. [10:16 PM] lupdike: i've got the latest one....the 88gig one
  23. Danger pinned a message to this channel. See all the pins.10/23/2016
  24. [10:16 PM] Danger: if you have space you should download the rest
  25. [10:16 PM] Danger: just in case
  26. [10:16 PM] Danger: it's possible keys will be released in chronological order
  27. [10:17 PM] jeanseberg: @lupdike Can you try the passwords posted in https://www.reddit.com/r/WhereIsAssange/comments/58vdsy/insurance_file_testing/d94ydme/
  28. reddit
  29. Insurance file testing • /r/WhereIsAssange
  30. Found the original pastebin: http://pastebin.com/evFHJ61L Ongoing 8chan thread: https://8ch.net/pol/res/7946506.html Posts on...
  31.  
  32. [10:18 PM] jeanseberg: @cooldude The post explains how to do it.
  33. [10:20 PM] jeanseberg: @lupdike Please post a comment with the passwords you tried (along with for which file) on the thread.
  34. [10:29 PM] lupdike: @jeanseberg I'm probably not competent to do this
  35. October 24, 2016
  36. [12:47 AM] Danger: just saw this linked on 8chan: https://twitter.com/9CB9D65F54ED858
  37. Twitter
  38. [12:50 AM] Elmyr: Looks like nonsense?
  39. [12:50 AM] Danger: not sure
  40. [12:50 AM] Danger: just wanted to post it here for posterity
  41. [12:50 AM] Danger: just in case
  42. [12:50 AM] Danger: i am too tired to dig in right now
  43. [12:50 AM] Danger: about toh ead to bed
  44. [12:51 AM] Danger: but i wanted to finish reading this 8chan thread
  45. [12:52 AM] ElectronSpinor: Which 8ch thread?
  46. [12:53 AM] jeanseberg: @Danger Where did you find this Twitter account?
  47. [12:54 AM] Dinghy: 8chan
  48. [12:55 AM] jeanseberg: @Dinghy Do you have a link?
  49. [12:55 AM] Dinghy: no, that's just what he said when he linked it
  50. [12:56 AM] Dinghy: I could look and see if i can find it
  51. [12:56 AM] Danger: https://8ch.net/pol/res/7952632.html
  52. THE SILENCE BREAKSPRAISE IThttps://twitter.com/wikileaks/status/...
  53. THE SILENCE BREAKSPRAISE IThttps://twitter.com/wikileaks/status/790074503472746496No claims of video proof of course but I'll take something over nothing.
  54. [12:56 AM] Danger: probably nothing guys
  55. [12:56 AM] Danger: don't get excited
  56. [12:57 AM] Danger: just wanted to post it here for tomorrow
  57. [12:57 AM] Dinghy: GO TO SLEEP ALREADY
  58. [12:57 AM] Danger: but if y'all will be up for a bit and want to try, by all means please do so!
  59. [12:57 AM] Danger: if you don't have the insurance files they are pinned to this chat
  60. [12:57 AM] Danger: i know, i know
  61. [12:57 AM] Danger: i am addicted to this shit man
  62. [12:57 AM] Danger: it is consuming my life
  63. [12:57 AM] Dinghy: We need to have a party while the mods are gone
  64. [12:57 AM] Danger: morning noon and night
  65. [12:57 AM] Danger: hey now i'm down to party
  66. [12:57 AM] Danger: does lame old white man dance
  67. [1:04 AM] Danger: one more thought before i REALLY go to bed this time (lol)
  68. [1:04 AM] Danger: if wikileaks is compromised
  69. [1:04 AM] Danger: and begins released data that is proven flase
  70. [1:05 AM] Danger: false*
  71. [1:05 AM] Danger: finding the keys to unlock these files is the only way to potentially salvage their reputation
  72. [1:05 AM] Danger: hopefully the june dump contains the full podesta email cache
  73. [1:05 AM] Danger: and it can be compared to any that were altered by these possible bad actors
  74. [1:05 AM] Danger: with that, i'm truly off now (until I'm back on)
  75. [1:08 AM] Mosh: later
  76. [1:12 AM] jeanseberg: https://www.reddit.com/r/WhereIsAssange/comments/58vdsy/insurance_file_testing/d9574vw/
  77. reddit
  78. Insurance file testing • /r/WhereIsAssange
  79. lol. I was looking for more people working on the code itself. A little surprised to see mine pop up. I've actually decided to scratch the code...
  80.  
  81. [1:26 AM] jeanseberg: New potential key: http://pastebin.com/Aa5YxXsR
  82. [2:02 AM] jeanseberg: Is someone willing to post a thread on 4chan/pol about this? I'm not able to do it for some reason.
  83. [5:05 AM] Mosh: Where is that from
  84. [9:07 AM] jeanseberg: @Mosh What?
  85. [9:08 AM] Mosh: the new potential key. I Dont know mucha bout encryption but interstedin helping
  86. [9:20 AM] jeanseberg: The new potential key has been posted on reddit, 4chan, 8chan, etc.
  87. [9:26 AM] Mosh: Oh okay. I thought maybe you were working on a process or theory putting them together
  88. [9:33 AM] Mosh: If we assume that the subreddit, the twitter, and the website are compromised: If releasing the keys happens, where would they come from
  89. [9:36 AM] Tyrone.Keklord: probably email distro to trusted affiliates for them to release
  90. [9:37 AM] Tyrone.Keklord: Not sure who they'd be and if they'd have the right sphere of influence to get them out, but I'd assume that'd have been planned
  91. [9:37 AM] Tyrone.Keklord: Issue is, if they physically got Assange, it'd only be a matter of time before they learned the contingencies and were able to disrupt them
  92. [9:38 AM] jeanseberg: It seems like the some potential keys were posted a few hours and keep getting deleted. Example: https://8ch.net/pol/res/7962287.html
  93. Insurance keys may actually have been released
  94. I'm seeing snippets of info around suggesting the insurance keys actually DID get posted, and the DDOS was an attempt to stop them, but it wasn't 100% successful.Apparently the keys were divided into separate parts and given to a variety of people. Nobody had the whole key themselves, but they all had parts of a key.Which means the keys we've been seeing around that haven't worked, may simply need to be combined with other keys to unlock the files.That's what this thread is for: Posting anything you suspect...
  95. [12:28 PM] jeanseberg: This is what I have:
  96. [12:28 PM] jeanseberg: ENCRYPTION KEY SET 1/4:
  97. +7[CX=\MJ8)TF{V,w+UMhIc'i]y<Y[)$v>Z^DDXct>88Mb0.=hJ;.C6RBgPOu@U.U“v'7]xKu)Tux2f~{w&Tqy1c^(/YrslZL?W},nt"U#:=D39!;1x#J6uNr
  98.  
  99. ENCRYPTION KEY SET 2/4:
  100. :|Ag$s<oOH'D%}Nb23rV9V"Yzz1$N]8%BuJJFguUc'p:7>m![PkHWYGYd}T:Ojo5UeXm,CvWII={~d~y.q)<Z!|Fj~YC!Q\1D<H(HrIX9>p!l3e2M8\;pw<N:YR$o8
  101.  
  102. [12:30 PM] Elmyr: @jeanseberg
  103. [12:31 PM] Elmyr: Use backticks to show keys.
  104. [12:31 PM] Elmyr: Like this:
  105. ...
  106. [12:31 PM] Elmyr: (three ` before and after)
  107. [12:31 PM] Elmyr: You're losing characters.
  108. [12:31 PM] Elmyr: You need to quote.
  109. [12:31 PM] Elmyr: That looks like a troll though.
  110. [12:32 PM] Elmyr: Just saying.
  111. [12:37 PM] Danger: yes i am pretty sure those are 4chan poster IDs
  112. [3:41 PM] ElectronSpinor: Has anyone here ACTUALLY tried any keys?
  113. [3:41 PM] Danger: yes
  114. [3:41 PM] Danger: nothing so far
  115. [3:41 PM] Danger: you are welcome to try them too though
  116. [3:41 PM] Danger: trust, but verify ya know?
  117. [3:42 PM] ElectronSpinor: Just checking, because I don't exactly know how to open them even if I had a key; the AES security commands are a bit confusing. Then you have to label the outward file to have a file type, but of what? Presumably a zip? Or rar?
  118. [4:09 PM] Danger: decrypted file should contain a plaintext signature
  119. [4:09 PM] Danger: https://en.wikipedia.org/wiki/List_of_file_signatures
  120. List of file signatures
  121. This is a list of file signatures, data used to identify or verify the content of a file. Such signatures are also known as magic numbers. Many binary file formats are not intended to be read as text. If such a file is accidentally viewed as a text file, its contents will be unintelligible. However, sometimes the file signature can be recognizable when interpreted as text. The column ISO 8859-1 shows how the file signature appears when interpreted as text in the common ISO 8859-1 encoding.
  122. [4:09 PM] Danger: knowing wikileaks' preference for linux, it will probably be a tarball or something like that
  123. [4:09 PM] jeanseberg: @ElectronSpinor I have been trying keys for days.
  124. [4:10 PM] jeanseberg: @ElectronSpinor There is one key that has been posted many times on 8chan and gets deleted immediately. I'm trying to find a screenshot of it.
  125. [4:11 PM] jeanseberg: @Danger Which one do you think are IDs? This one? http://pastebin.com/Aa5YxXsR
  126. Pastebin
  127. +hTPwbyt 4eqfZ7H0 biD9vzQ6 xDFTNina Hs4Y/P6e AHfMIwr2 /JFUer5w m...
  128.  
  129. [4:14 PM] ElectronSpinor: Out of curiosity, could somoene upload an image of the background to Wikileaks' twitter account? The one with all the text on top of it; has there been an analysis of the portion behind the profile image box? Steganographic analysis?
  130. [4:15 PM] jeanseberg: @ElectronSpinor There's a steganography channel.
  131. [4:17 PM] ElectronSpinor: Posted it there.
  132. [4:19 PM] Danger: yeah that one is almost certainly 4chan IDs @jeanseberg
  133. [4:19 PM] Danger: go to 4chan and compare
  134. [4:30 PM] jeanseberg: @Danger Someone on one of the threads said it was a list of CTR IDs, but if you google any chunk of the key you get some strange results.
  135. [4:35 PM] Danger: hey it's not a bad idea to try
  136. [4:35 PM] Danger: nothing hurts to try
  137. [4:35 PM] Danger: worst case they do not work
  138. [4:38 PM] jeanseberg: I don't have the latest file (the 88GB one). When the CTR IDs key was posted, the person said it would work on the latest one.
  139. [4:45 PM] Danger: i have tried them on the current one
  140. [4:45 PM] Danger: first of all as a whole they are too long as a key
  141. [4:51 PM] Danger: just tried it anyway
  142. [4:51 PM] Danger: because why not
  143. [4:51 PM] Danger: bad magic number
  144. [5:17 PM] jeanseberg: Did you use " "
  145. [5:18 PM] jeanseberg: @Danger Like this
  146. openssl enc -d -aes-256-cbc -in wlinsurance-20130815-A.aes256 -out out -k "passwordhere"
  147. [5:18 PM] Danger: i actually dropped that into a file
  148. [5:18 PM] Danger: the whole string
  149. [5:19 PM] Danger: and referenced it with -kfile /path/to/file
  150. [5:19 PM] Danger: but except with the actual path :wink:
  151. [6:39 PM] Danger: btw guys... if someone does find the keys, we need to make sure they are posted in a way that is difficult/impossible to remove. Someone on reddit had the idea of posting them as a comment to a bitcoin transaction. https://www.reddit.com/r/WhereIsAssange/comments/594h7f/reports_of_insurance_torrents_disappearing_xpost/d96a7kk/
  152.  
  153. If you need any help with that, hit me up.
  154. reddit
  155. Reports of Insurance torrents disappearing! (X-post /r/WikiLeaks...
  156. 1 points and 5 comments so far on reddit
  157.  
  158. Danger pinned a message to this channel. See all the pins.10/24/2016
  159. [6:41 PM] cointelpro: damn that is some well thought out shit
  160. [6:48 PM] Elmyr: No1 that's a brilliant idea
  161. [6:48 PM] Elmyr: Bake them into the ledger haha
  162. [6:49 PM] Elmyr: That would also be a great way to distribute the keys...
  163. [6:49 PM] Elmyr: Decentralized, nearly impossible to change or block after transactions clear
  164. [6:49 PM] Elmyr: Someone would have to force a fork, they'd need the collusion of the major miners
  165. [6:51 PM] Danger: yeah i can't take credit for it... kind of annoyed at myself i didnt' think of it first :stuck_out_tongue:
  166. [6:51 PM] Danger: yep
  167. [6:51 PM] Danger: i wonder if... holy shit do you think that might be one of the DMSs?
  168. [6:52 PM] Danger: if it DID fire
  169. [6:52 PM] Danger: or something to look out for if it might
  170. October 25, 2016
  171. [2:00 AM] jeanseberg: Regarding bitcoin transactions: https://www.reddit.com/r/WhereIsAssange/comments/594h7f/reports_of_insurance_torrents_disappearing_xpost/d96qs1t/
  172. reddit
  173. Reports of Insurance torrents disappearing! (X-post /r/WikiLeaks...
  174. 2 points and 7 comments so far on reddit
  175.  
  176. [2:01 AM] jeanseberg: Someone should look into doing this with the new Wikileaks tweets as well as Snowden's. If anyone has any suggestions of potential keys from the blockchain, I can try them and report.
  177. [2:14 AM] street1510: okay guys I figured out a pattern between I may be awhile but i'll link my post
  178. [2:15 AM] street1510: i think
  179. [2:16 AM] jeanseberg: Let us know or post it somewhere.
  180. [2:34 AM] Danger: AND DONT GO TO THE GYM UNTIL AFTER YOU POST IT!
  181. [2:34 AM] Danger: :wink:
  182. [3:15 AM] jeanseberg: I've tried so many keys... I could really use a workout right now...
  183. [3:44 AM] |FA| Pintu: what is going on on this subreddit? https://www.reddit.com/r/OPTheList/
  184. reddit
  185. TheList • /r/OPTheList
  186. For peddling fictions and subverting the will of the American People... For your crimes against the American people, and blatant parasitic acts of...
  187.  
  188. [3:45 AM] Dinghy: looks like a list of lying politicians and media people?
  189. [3:46 AM] |FA| Pintu: all comments seem to be encrypted
  190. [3:47 AM] |FA| Pintu: And this: https://www.reddit.com/r/OPTheList/comments/592zi2/reminder/
  191. reddit
  192. REMINDER • /r/OPTheList
  193. 1 points and 3 comments so far on reddit
  194.  
  195. [3:47 AM] tachyon: https://www.reddit.com/user/TheListCompiler
  196. reddit: the front page of the internet
  197. [3:47 AM] tachyon: look at his history
  198. [3:48 AM] tachyon: https://www.reddit.com/user/qqtrx
  199. reddit: the front page of the internet
  200. [3:48 AM] tachyon: and this one
  201. [3:52 AM] Dinghy: bizarre
  202. [3:52 AM] Dinghy: There is some PGP, but also some other kind of messaging going on
  203. [3:53 AM] Dinghy: [ΘξβΨ]ωμδδΞ
  204. [3:54 AM] tachyon: so weird
  205. [3:54 AM] tachyon: and the twitter acct they link to is suspended
  206. [3:55 AM] Dinghy: yeah, noticed that
  207. [3:55 AM] |FA| Pintu: thier youtube is still up: https://www.youtube.com/watch?v=Ow4ibO2qchc
  208. YouTube
  209. Counter Globalist
  210. Paris by Day / Paris By Night - The Invasion of Europe is Coming...
  211.  
  212.  
  213. [3:55 AM] |FA| Pintu: nice guys....
  214. [3:56 AM] |FA| Pintu: Looks like they are preparing a race war. wtf
  215. [3:56 AM] tachyon: yeah, there is something weird about this whole thing
  216. [3:57 AM] Dinghy: https://en.wikipedia.org/wiki/RSA_SecurID
  217. RSA SecurID
  218. RSA SecurID, formerly referred to as SecurID, is a mechanism developed by Security Dynamics (later RSA Security and now RSA, The Security Division of EMC) for performing two-factor authentication for a user to a network resource.
  219. [3:57 AM] tachyon: yeah, we use those to authenticate at work
  220. [3:59 AM] Dinghy: they're being extra secure for w/e reason
  221. [3:59 AM] Dinghy: that vid is weird though
  222. [4:00 AM] |FA| Pintu: might be some 4chan people LARPing
  223. [4:00 AM] Dinghy: yeah
  224. [4:00 AM] tachyon: hopefully
  225. [4:00 AM] Dinghy: role playing race war
  226. [4:00 AM] Dinghy: https://www.youtube.com/watch?v=VYy77IGsBFc
  227. YouTube
  228. The Whitest Kids U'Know
  229. WKUK Race War!
  230.  
  231.  
  232. [4:01 AM] |FA| Pintu: :joy:
  233. [4:31 AM] jeanseberg: I wrote a script that test multiple keys at once.
  234. [4:31 AM] jeanseberg: If a list of keys to try is made I can leave it running and trying for a while.
  235. [7:23 AM] street1510: I just moved from 50% sure I found the pattern to 80. I put it in the wrong order however and have to go back
  236. [8:38 AM] Lux: Can someone with more knowledge than I review the validity of this post? It is being dismissed as a troll post in #whereisassange , but I think it deserves a closer look, just in case. http://www.reddit.com/r/whereisassange/comments/59aedv/_/
  237. reddit
  238. darling wagtail junkie prize • /r/WhereIsAssange
  239. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Assume assange has been captured. We said NEVER AGAIN. I am second link in chain. Primary venue...
  240.  
  241. [8:51 AM] bellum: Going to try the IRC chat
  242. [8:51 AM] bellum: Doubt we could ever find it though
  243. [8:55 AM] bellum: I'm gonna comb through r/OPthelist but it is probably held close
  244. [8:56 AM] bellum: Or it's just a troll haha
  245. [8:58 AM] Lux: What is that subreddit for?
  246. [9:08 AM] bellum: It was posted here earlier by Pintu - unsure of validity,
  247. [9:09 AM] bellum: If it were legitimate, it appears to be a list of journalists that may be targeted?
  248. [2:04 PM] Elmyr: Did someone try that post using known public keys?
  249. [2:04 PM] Elmyr: Like, verifying that signature?
  250. [2:05 PM] Danger: i did not
  251. [2:05 PM] Danger: good idea thoug
  252. [2:05 PM] Danger: h
  253. [2:06 PM] Danger: hmmm i am not sure how to verify using gpg tools on Mac
  254. [2:08 PM] Danger: sorry, kind of a noob in that area
  255. [2:10 PM] sakulfromspace: use the command line
  256. [2:10 PM] sakulfromspace: command + space and type terminal
  257. [2:10 PM] Danger: yeah i am not that much of a noob
  258. [2:10 PM] Danger: :wink:
  259. [2:10 PM] Danger: i am familiar with command line, just not gpg
  260. [2:10 PM] sakulfromspace: :smiley:
  261. [2:10 PM] Danger: just to save you the typing haha
  262. [2:10 PM] Danger: i know we're all coming from different skill levels though!
  263. [2:11 PM] Danger: i have the key saved as a text file on my desktop
  264. [2:11 PM] Danger: assuming there's some way to reference that with gpg in terminal?
  265. [2:12 PM] sakulfromspace: what are you trying to do
  266. [2:12 PM] sakulfromspace: im familiar with the command line but not so much with gpg
  267. [2:12 PM] sakulfromspace: but im reading about it right now
  268. [2:13 PM] Danger: ah there was a weird post in /r/whereisassange
  269. [2:13 PM] Danger: if you sort by new you should see it near the top
  270. [2:13 PM] Danger: has a public pgp key
  271. [2:13 PM] Danger: is there some way to look that up and see if it's in a directory anywhere?
  272. [2:14 PM] sakulfromspace: you want to search if you have a file with that content?
  273. [2:14 PM] sakulfromspace: not sure i understood you
  274. [2:14 PM] sakulfromspace: i saw the thread
  275. [2:14 PM] Elmyr: What are these hashes?
  276. [2:15 PM] Elmyr: What are these hashes?
  277. [2:15 PM] Elmyr: They're 24-16-16-16-24 bit
  278. [2:15 PM] Elmyr: They look like blockchain IDs.
  279. [2:16 PM] Dinghy: Was it you that was talking about hiding messages in bitcoin exchange comments?
  280. [2:16 PM] Elmyr: Ah no
  281. [2:16 PM] Elmyr: They're mongo object ID
  282. [2:16 PM] Elmyr: I recognize them
  283. [2:16 PM] Dinghy: huh
  284. [2:16 PM] Elmyr: It uses 96 bit hashes for object IDs
  285. [2:16 PM] Elmyr: They're referencing documents in a store
  286. [2:17 PM] Danger: interesting
  287. [2:17 PM] Danger: and yeah @Dinghy i was talking about keys potentially attached to transactions in the blockchain
  288. [2:17 PM] Danger: wasn't my idea though, saw it in a comment somewhere
  289. [2:17 PM] Elmyr: They could be other things too
  290. [2:17 PM] Elmyr: But blockchain hashes are longer
  291. [2:17 PM] Elmyr: They could also be IDs in some other system
  292. [2:18 PM] Elmyr: Maybe a web service or Cassandra or couch
  293. [2:20 PM] Dinghy: I remember one of the early potential leaked key posts referencing an archive called fall of cassandra
  294. [2:21 PM] Dinghy: it was a chan post though
  295. https://conservativedailypost.com/the-fall-of-cassandra-their-master-plan-to-secure-3rd-term-and-disqualify-trump/
  296. [2:37 PM] Danger: there... that's better... definitely something weird off with edges
  297. [2:37 PM] Danger: and it's not just the color of her clothes either
  298. [2:37 PM] Danger: they all had that weird clipping effect every time they moved
  299. [2:37 PM] Dinghy: yeah, not sure wtf is going on there
  300. [2:38 PM] Dinghy: beyond being blurry, the background looked like it was lower res than the foreground, too
  301. [2:38 PM] Danger: i also noticed that
  302. [2:38 PM] Danger: and it's not a focus issue
  303. [2:39 PM] Danger: look at how much blurrier the stronger together sign is in the far left
  304. [2:39 PM] Danger: opposed to the one right behind hillary's shoulder directly to the left
  305. [2:39 PM] Danger: (her right)
  306. [2:39 PM] Dinghy: yeah
  307. [2:39 PM] Dinghy: weird stuff
  308. [2:39 PM] Danger: so those are the same distance from the camera
  309. [2:39 PM] Danger: it is bizarre
  310. [2:40 PM] Danger: something fucky there for sure
  311. [2:40 PM] Danger: i hope some day the full details of all this stuff comes out
  312. [2:40 PM] Danger: like if there's ever an investigation
  313. [2:40 PM] Danger: i'm sure there's so much shit that people didn't even catch
  314. [2:40 PM] Dinghy: no doubt
  315. [2:40 PM] Dinghy: considering they got caught paying people to dress up like donald duck
  316. [2:40 PM] Dinghy: and incite violence at trump rallies
  317. [2:43 PM] Danger: yeah
  318. [2:43 PM] Danger: i am a writer
  319. [2:43 PM] Danger: if i had written all this down as a story a year ago
  320. [2:43 PM] Danger: i would have been mocked mercilessly
  321. [2:43 PM] Danger: and called a hack
  322. [2:43 PM] Dinghy: yeah, but then you'd be a soothesayer now
  323. [2:43 PM] Danger: haha true
  324. [2:45 PM] sakulfromspace: move that to random chat i think
  325. [2:45 PM] sakulfromspace: but yes it looks weird
  326. [2:45 PM] sakulfromspace: lol now that is ee it large
  327. [2:45 PM] sakulfromspace: thats some blue screen shenanigans
  328. [2:46 PM] Danger: yes you are right this should be in #random
  329. [2:46 PM] Danger: apologies for the clutter
  330. [2:54 PM] jeanseberg: I'm assuming you guys already tried this, but about the reddit post with the signature, I get this: gpg: Signature made Tue 25 Oct 2016 06:49:45 AM EDT using RSA key ID 3E4FF188
  331. gpg: Can't check signature: public key not found
  332. [2:58 PM] jeanseberg: @Danger You think it's a greenscreen?
  333. [3:00 PM] jeanseberg: @Danger Looks like the key is legit and was created this morning. Haven't been able to find it on any database.
  334. [3:02 PM] Danger: Yeah we're taking about green screen in #random
  335. [3:02 PM] Danger: I posted about it here by mistake
  336. [3:02 PM] Danger: And good to know about the key.
  337. [3:02 PM] Danger: I am guessing it's fake... I'd think any key would have been created in advance?
  338. [3:02 PM] Danger: How did you find that out? Just curious.
  339. [3:03 PM] sakulfromspace: i mean, what is the point of a signature if he is not claiming to be anyone/no public key
  340. [3:04 PM] Danger: Yeah I have no idea
  341. [3:04 PM] jeanseberg: Copy the message into a text file and fix the spacing, so that it looks like this:
  342. [3:05 PM] jeanseberg: http://pastebin.com/JuJmQycr
  343. Pastebin
  344. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Assume assange has...
  345.  
  346. [3:05 PM] jeanseberg: Then, do this on the command line:
  347. [3:05 PM] jeanseberg: pgp --verify text.txt
  348. [3:06 PM] jeanseberg: That will tell you when the key was made and it's RSA key.
  349. [3:06 PM] jeanseberg:
  350. gpg: Signature made Tue 25 Oct 2016 06:49:45 AM EDT using RSA key ID 3E4FF188
  351. [3:06 PM] jeanseberg: Then you can search the ID
  352. [3:06 PM] jeanseberg:
  353. gpg --keyserver pool.sks-keyservers.net --search 3E4FF188
  354. gpg: searching for "3E4FF188" from hkp server pool.sks-keyservers.net
  355. gpg: key "3E4FF188" not found on keyserver
  356. [3:08 PM] jeanseberg: @Danger See above.
  357. [3:10 PM] Danger: perfect thank you!
  358. [3:12 PM] jeanseberg: @Danger The message is real and people usually make new public keys if they want to be extra secure. At the very least, the person faked the message correctly.
  359. [3:12 PM] Danger: true
  360. [3:27 PM] street1510: alright Im still working on that code really obvious pattern now.
  361. [3:29 PM] Danger: @street1510 which code?
  362. [3:29 PM] Danger: I may have missed it
  363. [4:12 PM] jeanseberg: More info on the message
  364. :signature packet: algo 1, keyid 885FA2173E4FF188
  365. version 4, created 1477392585, md5len 0, sigclass 0x01
  366. digest algo 2, begin of digest 92 ba
  367. hashed subpkt 2 len 4 (sig created 2016-10-25)
  368. subpkt 16 len 8 (issuer key ID 885FA2173E4FF188)
  369. data: [4094 bits]
  370. [4:13 PM] street1510: https://www.reddit.com/r/WhereIsAssange/comments/59dlr8/street1510s_key_theory/
  371. reddit
  372. Street1510's Key Theory • /r/WhereIsAssange
  373. If you want to skip the massive wall of text just click the last two links, the pattern should be clear....
  374.  
  375. [4:13 PM] street1510: here is
  376. [4:14 PM] Danger: very interesting
  377. [4:14 PM] Danger: updooted
  378. [4:14 PM] Danger: would love to have a few more people look into this? I am not smart enough in this arena to know if there's anything there. @everyone
  379. [4:16 PM] street1510: Well I would love to get some more people who like code breaking to chime in that's why I came here. Everyone was so focused on brute forcing the hashes they didn't stop to ask if it was even deciphered yet.
  380. [4:17 PM] street1510: jeez I'm going to take a break. I spent way too long on this.
  381. [4:18 PM] tachyon: Really interesting. I wish i knew anything about this stuff so I could help cause it looks plausible
  382. [4:20 PM] immute: @street1510 i have no idea what that was. Sorry i couldnt help. Go look at the sunshine or something haha
  383. [4:21 PM] Danger: well give it an updoot at least if you have a reddit account!
  384. [4:21 PM] Danger: :stuck_out_tongue:
  385. [4:27 PM] jeanseberg: If someone gives me a a list of passwords to try and can leave my computer trying them without having to sit there.
  386. [4:27 PM] jeanseberg: We should compile a giant list of potential passes.
  387. [4:31 PM] immute: Passwords for the insurance file?
  388. [4:31 PM] jeanseberg: I could really use some help writing down these keys https://i.sli.mg/GW6jFo.jpg I know it's a crazy post but I want to try it just in case
  389. [4:31 PM] jeanseberg: @immute Yeah.
  390. [4:32 PM] Elmyr: Ok, what evidence do we have to suggest that isnt a rabbit hole?
  391. [4:32 PM] Elmyr: Make sure you're not falling for someone's trick to waste your time.
  392. [4:33 PM] immute: because that is gonna be a lot of cycles spent trying to guess passwords
  393. [4:47 PM] Elmyr: You're not going to guess it haha.
  394. [4:47 PM] Elmyr: Let's say it's ONLY a 4096 bit key.
  395. [4:47 PM] Elmyr: And each attempt is 1s.
  396. [4:48 PM] Elmyr: That's 1/2 * 2^4096 seconds (2^4095)
  397. [4:48 PM] Elmyr: Average time to find the key, brute forcing the whole keyspace.
  398. [4:49 PM] Elmyr: The universe hasn't been around that many seconds yet.
  399. [4:51 PM] immute: like i said, a lot of cycles :wink:
  400. [4:55 PM] Elmyr: Yo
  401. [4:55 PM] Elmyr: can I get the IDs for the newest batch?
  402. [4:56 PM] immute: email ids? I believe 30500-31818
  403. [5:20 PM] Spaztucky: Ok so I downloaded the latest insurance file from the wikileaks.org torrent file. I was wondering if it would be possible to try to guess the key. I know extremely unlikely but they said the encryption key that was accidentally released years ago on the diplomatic wire files was "ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#" why couldn't the password for this insurance file be something like "ACollectionOfPodestaEmailsSince_2008_ToThe_PresentDay#" Anything can be used as the password to encrypt the file isn't that correct? For all we know the word password could have been used lol. Thoughts?
  404. [5:25 PM] immute: Thoughts.... If you came up with all the correct words... There are still so many possibilities and from my knowledge it has to try to decrypt the whole file to see if it worked right? wouldnt that take time? Seems like it would take a very very very long time
  405. [5:29 PM] Mosh: The chance of brute forcing aes 256 is thousands of years of time I believe
  406. [5:30 PM] Mosh: It's military grade encryption . Just not a chance at that
  407. [5:30 PM] Mosh: Computers suck at factoring
  408. [5:32 PM] tachyon: yeah, if brute forcing it was possible people would already have been doing it the second those files dropped
  409. [5:34 PM] immute: But im sure the us government has been doing it
  410. [5:35 PM] tachyon: haha yes
  411. [5:37 PM] Mosh: Don't beleive so
  412. [5:37 PM] Mosh: Much more efficient to socia engineer the password or just silence the key holders
  413. [5:38 PM] Mosh: I have a friend in crypto, dinner with him last night. Basically said it's an absolute waste of time to guess or try to factor it out.
  414. [5:38 PM] Mosh: And also the gov already knows what's in it
  415. [5:38 PM] Mosh: They don't care about opening it
  416. [5:38 PM] immute: fair enough... it was stolen from them most likely
  417. [5:38 PM] Mosh: They want to take away the ability to open it
  418. [5:41 PM] sakulfromspace: the key wont be a password
  419. [5:41 PM] sakulfromspace: its a very very long key
  420. [5:41 PM] sakulfromspace: you cant bruteforce it
  421. [5:43 PM] Spaztucky: Well but the last insurance file didn't have a crazy key it was literally: "ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#" but still long enough where if the new key is similar it would be very hard to break. I don't believe it has to attempt to decrypt the entire file it will know right away if it doesn't work...
  422. [5:44 PM] sakulfromspace: It will be something like this -----BEGIN PGP PRIVATE KEY BLOCK-----
  423. Version: GnuPG v1
  424.  
  425. lQPGBFbgYqYBCADayz82LcApgD3FitHe95k89hHlbjVZszH0CPDWPNVDAOUwGmFp
  426. s3kWCaGPM3s34JBK1l5kN9/FVzd5XTTNHPiDFT6VWm1QwFj/H7Qrbz1LuWPwoQ5e
  427. M+EwV8s65A0WAU08ywKbOooNJyp0bO4CahNnVXhb3I+AAS6gE/Zw6UaBAbgvaK3E
  428. PldhTTFJYBYuBxBWGGkp7b/ME ... (continue for 200 lines)
  429. [5:44 PM] Spaztucky: PGP key and the password used for the insurance file are not necessarily similar.
  430. [5:45 PM] bellum: Has anyone tried any of the posts on r/OPthelist?
  431. [5:47 PM] Spaztucky: AES is a block cipher, a cryptographic primitive that is meant to be used in a larger framework. Its sole purview is encrypting a single block of data given a certain-sized key. In the case of AES-256, the key size is 256 bits.
  432.  
  433. Notably, there is no password involved in AES. So, there is no password length to discuss. AES itself just uses keys.
  434.  
  435. If you are using a service which claims it uses AES-256, and you are forced to enter a password, what is likely happening is that your password is used to derive a key. This is often done using a key derivation function, like PBKDF2, which stands for "password-based key derivation function 2". (Some KDFs are meant to expand real, uniformly-random keys, while others are intended to have "human"-like passwords for inputs.)
  436.  
  437. So, in this hypothetical scenario, the direct key used for AES-256 is likely the output of the KDF given your password as an input. If this is the case, then your password can be whatever length you so desire, although longer passwords are more difficult to guess (i.e., stronger). The job of a KDF is take the input and produce a "good" key from it.
  438. [5:48 PM] Spaztucky: So I take this as the file itself has the 256 bit key and the correct password unlocks the key.
  439. [5:48 PM] sakulfromspace: If you are using a service which claims it uses AES-256, and you are forced to enter a password, what is likely happening is that your password is used to derive a key.
  440. [5:48 PM] sakulfromspace: in other words, the key is how you decrypt it
  441. [5:48 PM] sakulfromspace: some services offer you a shortcut for the key by using a password
  442. [5:48 PM] sakulfromspace: but there is no service involved here
  443. [5:52 PM] Spaztucky: But since his previous password for a previous insurance file was not a 256bit key but instead an actual password why would the assumption be that the deadman's switch would give out a key and not a password? Actually I was thinking what if the password was already released and we didn't realize it yet
  444. [5:57 PM] jeanseberg: Update. It looks like a key was indeed posted on the blockchain during cablegate. http://www.righto.com/2014/02/ascii-bernanke-wikileaks-photographs.html
  445. Hidden surprises in the Bitcoin blockchain and how they are stor...
  446. Every Bitcoin transaction is stored in the distributed database known as the Bitcoin blockchain. However, people have found ways to hack ...
  447.  
  448. [6:02 PM] immute: interesting.... nicefind
  449. [6:04 PM] Spaztucky: Yeah incredible
  450. [6:06 PM] Danger: http://twitter.com/whereisassange
  451. Twitter
  452. [6:07 PM] bellum: What does it mean if the hexadecimal postings on r/OPthelist convert to Unicode?
  453. [6:07 PM] bellum: I'm not the best at this but I did notice that it converted after reading that article
  454. [6:10 PM] sakulfromspace: hexadecimals are just numbers
  455. [6:11 PM] sakulfromspace: hexadecimals are just numbers
  456. [6:11 PM] sakulfromspace: hexadecimals are just numbers
  457. [6:11 PM] sakulfromspace: unicode is a standard to asign letters to certain numbers
  458. [6:11 PM] bellum: Okay...
  459. [6:11 PM] sakulfromspace: whoops
  460. [6:11 PM] sakulfromspace: did i send that msg 3 times?
  461. [6:11 PM] bellum: Yes
  462. [6:11 PM] sakulfromspace: discord doesnt handle disconncetions too well apparently
  463. [6:12 PM] bellum: Thanks for the info
  464. [6:12 PM] bellum: What about UTF-8?
  465. [6:12 PM] bellum: This 392D8A3EEA2527D6AD8B1EBBAB6AD D6C4C5CC97F9CB8849D9914E516F9 847D8D6EA4EDD8583D4A7DC3DEEAE 831CF9C1C534ECDAE63E2C8783EB9 2B6DAE482AEDE5BAC99B7D47ABDB3
  466. [6:12 PM] bellum: went to this
  467. [6:12 PM] bellum: 44 45 45 41 45 20 38 33 31 43 46 39 43 31 43 35 33 34 45 43 44 41 45 36 33 45 32 43 38 37 38 33 45 42 39 20 32 42 36 44 41 45 34 38 32 41 45 44 45 35 42 41 43 39 39 42 37 44 34 37 41 42 44 42 33\
  468. [6:12 PM] bellum: W/o the backslash
  469. [6:14 PM] sakulfromspace: utf-8 is how to encode it. in other words, how to efficiently grab the information and put it into one long number so that it can later be decoded
  470. [6:15 PM] sakulfromspace: for example, you could say "every letter uses 3 numbers" and then to encode "hello" you would need 3 numbers for each letter. UTF-8 does this more efficiently by using variable lengths
  471. [6:19 PM] bellum: Ah, thank you very much for explaining
  472. [6:21 PM] Spaztucky: http://www.cryptograffiti.info/
  473. Read the messages that have been stored in the Bitcoin's blockchain or write them yourself.
  474. [6:22 PM] Spaztucky: If someone posts something in bitcoin this would be an easy way to spot it...
  475. [6:22 PM] immute: not sure if this should be here of in #datascience or in #random but have you guys checked dkim keys for the original dnc email leaks? Get failures on the first 5 or so....
  476. [6:22 PM] Danger: i would go in #datascience
  477. [6:22 PM] Danger: i have not checked them
  478. [6:23 PM] Danger: i know some keys have changed
  479. [6:23 PM] immute: @Danger thanks
  480. [6:23 PM] Danger: np!
  481. [6:26 PM] jeanseberg: Wikileaks address that was used to send the cablegate info https://blockchain.info/address/1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v?offset=0&filter=2
  482. Transactions sent and received from bitcoin address 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v.
  483. [6:27 PM] bellum: They recieved one on the 25th
  484. [6:28 PM] bellum: No value listed
  485. [6:28 PM] bellum: Well today
  486. [6:29 PM] jeanseberg: This is the transaction where they posted the cablegate info https://blockchain.info/tx/691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a?show_adv=true
  487. View information about a bitcoin transaction 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
  488. [6:30 PM] bellum: SO if you post that
  489. [6:30 PM] bellum: You get this
  490. [6:31 PM] bellum: 010000000110fb00acdb841e67ba32ad6c7bae7d5625be798ad2e4220dc8f1f02cc1a43efc010000006b48304502210088aa0d09f28223e8f8f0f583c78bcce66957329559b3e1159ff4918ba455f70402200dd92792e958db9ecdf8155329e71974ffde88edc59fed59169fda83653926fb0121027d0179e30cff2e196c76bcfe19d39978e055a091fa4390718783e7397601649fffffffff01cded0000000000001976a914b169f2b0b866db05900b93a5d76345f18d3afb2488ac00000000
  491. [6:33 PM] bellum: Ah they recieve quite a bit through there
  492. [6:38 PM] Danger: @bellum might be worth checking timeframe when internet was cut?
  493. [6:38 PM] Danger: and during ddos
  494. [6:38 PM] Danger: since there's speculation ddos might have been attempt to stop DMS from firing
  495. [6:40 PM] bellum: I've tried a few of the transactions that aren;t verified
  496. [6:40 PM] bellum: Then I tried one, and got this
  497. [6:58 PM] Mike: this one?
  498. [7:00 PM] cointelpro: yes
  499. [7:01 PM] Mike: ffdae96f8dd292374a966ec8b57d9cc680ce1d23cb7072c522efe32a1a7e34b0
  500. [7:01 PM] cointelpro: blockexplorer.com is also good
  501. [7:01 PM] Mike: Double check - but nothing came up for me
  502. [7:01 PM] bellum: Using currently
  503. [7:01 PM] bellum: Not found either, confirm
  504. [7:01 PM] cointelpro: i cant remember for sure but i think hash has to be searched differently
  505. [7:02 PM] cointelpro: it isnt an address
  506. [7:02 PM] cointelpro: fuck im too tired
  507. [7:03 PM] Mike: the length matches a bitcoin transaction number
  508. [7:03 PM] bellum: So you have to use the address
  509. [7:03 PM] bellum: To get a hexadecimal readout from blockexchange, then convert to unicode?
  510. [7:04 PM] jeanseberg: You have to get the address by using the hash as the private key.
  511. [7:04 PM] jeanseberg: I just did it to the John Kerry hash and got this address: 1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf
  512. [7:04 PM] jeanseberg: Which is real
  513. [7:05 PM] jeanseberg: https://blockchain.info/address/1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf
  514. Transactions sent and received from bitcoin address 1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf.
  515. [7:12 PM] Danger: yes
  516. [7:12 PM] Danger: there's a #reddit channel now too
  517. [7:12 PM] Danger: :stuck_out_tongue:
  518. [7:13 PM] Danger: we've been making lots of new ones as new projects come up
  519. [7:13 PM] immute: home simpson, "WOOHOO!" :wink:
  520. [7:44 PM] Danger: interesting @jeanseberg
  521. [7:44 PM] Danger: how are you turning the hash into that?
  522. [7:44 PM] Danger: using it as the private key for a BTC wallet creation?
  523. [7:47 PM] bellum: I would certainly be digging more if I knew how
  524. [7:50 PM] Danger: We are going to start moving information to the subreddit (https://www.reddit.com/r/whereisassange), since Discord has no search feature. We are going to sticky a megathread post at the top of the sub and I've also opened the wiki to approved posters. If you want to adit the wiki, PM me your reddit name and I will add you as an approved poster.
  525. Danger pinned a message to this channel. See all the pins.10/25/2016
  526. [8:05 PM] jeanseberg: @Danger Pretty much.
  527. from pybitcoin import BitcoinPrivateKey
  528. pk = BitcoinPrivateKey('ffdae96f8dd292374a966ec8b57d9cc680ce1d23cb7072c522efe32a1a7e34b0', compressed=True)
  529. pk.public_key().address()
  530. 1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg
  531. [8:09 PM] Danger: guessing i need python installed for that?
  532. [8:12 PM] ElectronSpinor: Python is free and easy to use. You'll want to familiarise yourself with some basics; some good books by NoStarchPress.
  533. [8:13 PM] ElectronSpinor: https://www.python.org/downloads/
  534. [8:14 PM] Danger: nice i'll check it out
  535. [8:14 PM] Danger: thanks
  536. [8:14 PM] ElectronSpinor: Although surely less robust, even iOS has Python ista, a pretty good mobile alternative, but likely unhelpful here.
  537. [8:14 PM] bellum: I think trying street's codes might be worth a shot
  538. [8:14 PM] bellum: Seeing if we get any transaction addresses
  539. [8:15 PM] bellum: That address does come up
  540. [8:17 PM] jeanseberg: I was finally able to decode to original cablegate message.
  541. [8:17 PM] bellum: The transaction amounts are equal both ways
  542. [8:17 PM] jeanseberg: Here's how to do it:
  543. [8:17 PM] jeanseberg: Go here: https://blockchain.info/tx/691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
  544. View information about a bitcoin transaction 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
  545. [8:17 PM] jeanseberg: It shows the transaction with the hidden message.
  546. [8:18 PM] jeanseberg: Then, just copy paste the entire part of the 'Output Scripts'
  547. [8:18 PM] jeanseberg:
  548. f = open('outscripts.txt','r')
  549. from binascii import unhexlify
  550.  
  551. for ff in f.readlines():
  552. chunks = ff.split(' ')
  553. for c in chunks[1:-3]:
  554. unhexlify(c.encode('utf8'))
  555. [8:19 PM] jeanseberg: This is the output:
  556. [8:19 PM] jeanseberg:
  557. "sSEXWikileaks Cablegate Backup
  558.  
  559. cablegate-201012041811.7z
  560.  
  561. Do
  562. wnload the following transactions with Satoshi Nakamoto's downloa
  563. d tool which
  564. can be found in transaction 6c53cd987119ef797d5adccd
  565. 76241247988a0a5ef783572a9972e7371c5fb0cc
  566.  
  567. Free speech and free en
  568. terprise! Thank you Satoshi!
  569. [8:21 PM] bellum: Awesome, thank you Jean
  570. [8:22 PM] bellum: Now to see if there is anything in the output scripts of the transaction you found with the kerry hash
  571. [8:27 PM] jeanseberg: I think I have to change the code a bit so that it can work on any transaction.
  572. [8:28 PM] jeanseberg: I'll update it in a second.
  573. [8:28 PM] bellum: Okay
  574. [8:28 PM] bellum: You just copied and pasted the output scripts into a .txt file and read that in ?
  575. [8:55 PM] jeanseberg: @bellum Yes.
  576. [8:56 PM] bellum: Thanks again Jean. Also noticed that isn't Kerry hash, but Snowden
  577. [9:04 PM] jeanseberg: Yeah it works for all. They all make addresses.
  578. [2:13 AM] bellum: Thank you
  579. [2:15 AM] monicavitti: @bellum Let me know if it works.
  580. [2:16 AM] damiana9: Kind it com reminds of the kid in the numa numa video
  581. [2:16 AM] damiana9: Kimdotcom
  582. [6:21 AM] monicavitti: A 7zip file was found inside one of these transactions but I can't open it.
  583. [6:22 AM] monicavitti: This is the transaction: https://blockchain.info/tx/5c593b7b71063a01f4128c98e36fb407b00a87454e67b39ad5f8820ebc1b2ad5
  584. View information about a bitcoin transaction 5c593b7b71063a01f4128c98e36fb407b00a87454e67b39ad5f8820ebc1b2ad5
  585. [6:24 AM] monicavitti: IF you do
  586. python script.py > out
  587. file -b out
  588. 7-zip archive data, version 0.3
  589. [3:18 PM] Elmyr: @monicavitti Where did you find the 7z?
  590. [3:18 PM] Elmyr: The script in that transaction is similar to yours.
  591. [3:24 PM] monicavitti: @Elmyr It's on the transaction above, which came from Snowden's tweet.
  592. [3:26 PM] Elmyr: Can you make a list of important transactions?
  593. [3:26 PM] Elmyr: I'm getting mixed up on who sent what.
  594. [3:26 PM] monicavitti: There is a list and stuff has been found but I don't think it's very safe to post it here.
  595. [3:27 PM] monicavitti: Are you familiar with blockchains and decrypting files?
  596. [3:27 PM] Elmyr: Yes.
  597. [3:27 PM] Danger: yeah @monicavitti , @Elmyr was busy working on a DKIM analysis tool for the released podesta emails
  598. [3:27 PM] Danger: but i think that's done so he's now able to redirect his efforts
  599. [3:28 PM] Danger: (or close to done)
  600. [3:28 PM] Elmyr: That was just to check
  601. [3:28 PM] Elmyr: to get an idea of how many DKIMs would be broken
  602. [3:28 PM] Elmyr: I assumed most, which it was.
  603. [3:28 PM] Elmyr: It's somewhat even.
  604. [4:01 PM] sin_topper_equals_pi_over_2: D6C4C5CC97F9CB8849D9914E516F9
  605. [9:50 PM] Knickerbockers: curious if any of these keys work on any files
  606. [9:51 PM] Knickerbockers: [ '3243F6A8885A308D313198A2E03707344A4D6C4C5CC97F9CB8849D9914E516F9',
  607. '243F6A8885A308D313198A2E03707344A40D6C4C5CC97F9CB8849D9914E516F9',
  608. '1921FB54442D18469898CC51701B839A252D6C4C5CC97F9CB8849D9914E516F9',
  609. '921FB54442D18469898CC51701B839A2520D6C4C5CC97F9CB8849D9914E516F9' ]
  610. [9:51 PM] Danger: so each line is a separate key, right?
  611. [9:51 PM] Knickerbockers: right
  612. [9:51 PM] Knickerbockers: so the person above said "sin topper = pi/2"
  613. [9:51 PM] Knickerbockers: which is clever because x=pi/2 is the first local maximum of sin(x)
  614. [9:52 PM] Danger: we just figured he was trolling :stuck_out_tongue:
  615. [9:52 PM] Danger: he dropped that in like 4 channels at once and then bounced
  616. [9:52 PM] Knickerbockers: yeah could be, half of the stuff around this is trolling and the other half is misguided people trying to use aescrypt when they should be using openssl
  617. [10:02 PM] bellum: There was a supposedly a damaged 7zip file recovered from the address that was uncompressed from Snowden's hash
  618. [10:05 PM] Knickerbockers: that isn't snowden's hash
  619. [10:05 PM] Knickerbockers: where did you get that?
  620. [10:06 PM] bellum: I know it's not the hash
  621. [10:06 PM] bellum: It's the address uncompressed with a pythonsfriot
  622. [10:06 PM] Knickerbockers: that's the original wikileaks cable dump
  623. [10:06 PM] bellum: Script*
  624. [10:06 PM] Knickerbockers: http://www.righto.com/2014_02_01_archive.html
  625. [10:06 PM] bellum: Ah
  626. [10:07 PM] bellum: Wrong link sorry
  627. [10:10 PM] Knickerbockers: the snowden hash was ffdae96f8dd292374a966ec8b57d9cc680ce1d23cb7072c522efe32a1a7e34b0
  628. [10:10 PM] bellum: Sin topper was put out with eta numeris, fall of Cassandra, etc(edited)
  629. [10:11 PM] bellum: Wow my grammar is bad tonight
  630. [10:12 PM] bellum: Oops
  631. [10:12 PM] Knickerbockers: the notion that "sin topper" is a clue for pi/2 is noteworthy though
  632. [10:15 PM] Knickerbockers: huh
  633. [10:15 PM] Knickerbockers: D6C4C5CC97F9CB8849D9914E516F9 is 116 bits
  634. [10:15 PM] Knickerbockers: but it could be the end of a RIPEMD-160 bitcoin hash
  635. [10:17 PM] bellum: I honestly am not that well versed with cryptography, much less coding, but I still have a feeling this could -possibly- mean something.
  636. [10:17 PM] bellum: Especially considering cablegate
  637. [10:34 PM] monicavitti:
  638. # How to get address from hash
  639. # Run the following on bitcoin
  640. from pybitcoin import BitcoinPrivateKey
  641. pk = BitcoinPrivateKey('HASHGOESHERE', compressed=True)
  642. pk.public_key().address()
  643. # Compressed address will be returned
  644. pk = BitcoinPrivateKey('HASHGOESHERE', compressed=False)
  645. pk.public_key().address()
  646. # Uncompressed address will be returned
  647. [10:37 PM] monicavitti:
  648. 1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg
  649.  
  650. 1L3Zqv68zsXxNs53r25dKcUgjDe1119Rhj
  651. Kerry
  652. 1D7f2VtZz7HHmdhpgn82nDhfu1b3PN5TaU
  653.  
  654. 1KWsRE9FjFTZgBzKyjv6UQQGwKACbQgR9e
  655. Ecuardor
  656. 1JZL5DtxtsPk5MuAhQgsDd5ZYGaKVbiRta
  657.  
  658. 16YJC3wJtAUjYWsCRXgYed9iyfL8AqqXpB
  659. UKCFO
  660. 1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf
  661.  
  662. 1HsJsAsDT3yJLBHJFBioTLQDGWi5DJvbdm
  663. [10:38 PM] monicavitti: The address that come after Snowden's tweet were quickly after the tweet was posted.
  664. [10:39 PM] Knickerbockers: @monicavitti - or just go here: https://gobittest.appspot.com/Address
  665. TP
  666. Bitcoin Go Unit Tester
  667. [10:39 PM] Knickerbockers: seriously, where are all of the crypto people
  668. [10:40 PM] Dinghy: preparing to go into hiding when it's declared illegal after queen hillary is coronated
  669. [11:04 PM] monicavitti: Everyone's trying to hide because as soon as people started discussing certain things weird things started happening.
  670. [11:04 PM] Dinghy: I think the key is that Obama is involved
  671. [11:04 PM] Dinghy: that's when the weird stuff started happening
  672. [11:05 PM] monicavitti: New code to get messages from transactions:
  673. [11:05 PM] monicavitti:
  674. import sys
  675. import pycurl
  676. import struct
  677. from binascii import unhexlify, crc32
  678. import urllib2
  679.  
  680. transaction = str(sys.argv[1])
  681. data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
  682.  
  683. dataout = b''
  684. atoutput = False
  685. for line in data:
  686. if 'Output Scripts' in line:
  687. atoutput = True
  688. if '</table>' in line:
  689. atoutput = False
  690. if atoutput:
  691. if len(line) > 100:
  692. chunks = line.split(' ')
  693. for c in chunks:
  694. if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
  695. dataout += unhexlify(c.encode('utf8'))
  696.  
  697. length = struct.unpack('<L', dataout[0:4])[0]
  698. checksum = struct.unpack('<L', dataout[4:8])[0]
  699. dataout = dataout[8:8+length]
  700. print dataout
  701. [11:06 PM] monicavitti: Usage,
  702. python script 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
  703. [11:06 PM] monicavitti: Returns,
  704. Wikileaks Cablegate Backup
  705.  
  706. cablegate-201012041811.7z
  707.  
  708. Download the following transactions with Satoshi Nakamoto's download tool which
  709. can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc
  710.  
  711. Free speech and free enterprise! Thank you Satoshi!
  712. [11:09 PM] Knickerbockers: yeah, this has been around for a while
  713. [11:10 PM] monicavitti: @Knickerbockers what has?
  714. [11:11 PM] monicavitti: Obviously the message has been there for a while, it was posted in 2013.
  715. [11:11 PM] monicavitti: Satoshi's code was posted on 2013 too but it didn't work anymore.
  716. [11:11 PM] monicavitti: There is are a lot more messages in transactions. Some have been found already, some were found for the first time in the past couple of days.
  717. [11:34 PM] Knickerbockers: there's plenty of stuff hidden in the blockchain
  718. [11:34 PM] Knickerbockers: @monicavitti the question is, which of it is relevant here
  719. [11:36 PM] monicavitti: There are similar transactions involving wikileaks that are similar to this one.
  720. [11:36 PM] monicavitti: That took place during the DDoS.
  721. [11:48 PM] Knickerbockers: where is this being discussed?
  722. October 27, 2016
  723. [12:03 AM] monicavitti: @Knickerbockers Do you have a background in cryptography?
  724. [12:21 AM] Knickerbockers: @monicavitti: yes
  725. [12:22 AM] Knickerbockers: but i'm not seeing where anybody else that has a background in crypto is
  726. [12:22 AM] Knickerbockers: maybe people are on IRC
  727. [1:53 AM] anakarina: First insurance file unlocked.
  728. [1:54 AM] anakarina: Download here https://web.archive.org/web/20100901195032/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
  729. [1:54 AM] anakarina:
  730. openssl enc -d -aes-256-cbc -in insurance.aes256 -out outhello -k "ONION"
  731. [2:00 AM] ausbitbank: did you just work this out yourself now ? I dont have access to my copy of the files atm, anything juicy you can share ?
  732. [2:00 AM] anakarina: I'm trying to figure out what's in it.
  733. [2:00 AM] anakarina: When I do
  734. file -b output
  735. it just says
  736. data
  737. [2:09 AM] ausbitbank: damn..
  738. [2:10 AM] ausbitbank: I'm guessing from the onion reference its all going to be encrypted
  739. [2:10 AM] ausbitbank: another layer of the onion
  740. [2:10 AM] ausbitbank: you could check for ascii readable stuff with strings outhello > outascii
  741. [2:10 AM] ausbitbank: and pray something unique gives away the format
  742. [2:11 AM] ausbitbank: wd anyway
  743. [2:31 AM] iDanoo: Good job
  744. [2:32 AM] ausbitbank: when you say insurance file 1 , is this the same as https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
  745. [2:34 AM] iDanoo: I need to chuck those on my seedbox
  746. [2:34 AM] iDanoo: Does anyone have all the links?
  747. [2:36 AM] ausbitbank: https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
  748. https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent
  749. [2:36 AM] ausbitbank: https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
  750. https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent
  751. [2:37 AM] anakarina: @ausbitbank https://web.archive.org/web/20100901195032/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
  752. [2:38 AM] ausbitbank: so its a unique file different to the insurance file A I posted up there ? I'm just not on my main machine with the files atm
  753. [2:42 AM] iDanoo: Awesome. Thanks
  754. [2:45 AM] iDanoo: Oh wow C is huge
  755. [2:46 AM] iDanoo: Need to clear some space :/
  756. [2:48 AM] anakarina: @ausbitbank That file was the first insurance ever, posted on 2010.
  757. [2:48 AM] ausbitbank: aah
  758. [2:48 AM] anakarina: But we can probably learn from it.
  759. [2:48 AM] anakarina: Also, we haven't figured out what's in it yet.
  760. [2:59 AM] tachyon: Just catching up with the chat in here and wow, so that sin topper person maybe wasnt trolling? Can someone ELI5?
  761. [3:09 AM] iDanoo: Okay seeding the torrents now.
  762. [3:09 AM] iDanoo: Hey @tachyon
  763. [3:15 AM] tachyon: Hey @iDanoo
  764. [3:15 AM] anakarina: @tachyon There's definitely something in that post. It gets deleted from everywhere pretty fast.
  765. [3:16 AM] anakarina: @tachyon And there's too many clever things in it.
  766. [3:16 AM] tachyon: Interesting
  767. [3:23 AM] iDanoo: Do we have a copy of it?
  768. [3:23 AM] iDanoo: I'll have some time this weekend to look into this more
  769. [4:39 AM] Mosh: So "unlocked" for the insurance files or no?
  770. [4:44 AM] anakarina: Just one but things are getting weird. I don't recommend anyone do it. It would be great if we can delete these posts somehow.
  771. [4:48 AM] Mike: What do you mean weird
  772. [4:51 AM] anakarina: I will need to post from another location. I can't use this computer anymore.
  773. [4:53 AM] anakarina: Be careful. We don't know what's in that file.
  774. [4:54 AM] anakarina: Try to not let your phone connect to wifi.
  775. [4:54 AM] anakarina: I suggest you unlock on computers not connected to the internet.
  776. [4:54 AM] anakarina: Let the record show that most of the effort to get us this far was done mainly by girls.
  777. [8:16 AM] immute: If anyone was looking for a copy of the sin topper comment, it's in the stenography text thread at the end
  778. [10:50 AM] ElectronSpinor: If you unlocked them, why would you not recommend us all do it? The more that have it, the more we can spread the knowledge. The Insurance is intended to be shared with the world once deciphered.
  779. [2:03 PM] tachyon: So did this person ever return? Was there any proof to their claims?
  780. [2:03 PM] Danger: i don't think so
  781. [2:03 PM] Danger: i haven't tried it myself
  782. [2:03 PM] Danger: been busy with other stuff
  783. [2:07 PM] immute: what was he claiming the password was? didnt see and couldn't really follow what it was
  784. [2:09 PM] Danger: ONION
  785. [2:09 PM] Danger: which seems unlikely
  786. [2:10 PM] Danger: but i haven't tried it so who knows
  787. [2:10 PM] Danger: if you scroll up it was discussed last night
  788. [2:10 PM] immute: the last password was like 60 characters.... hell onion would be guess by now by people trying it for fun
  789. [3:12 PM] anakarina: I'm back.
  790. [3:12 PM] anakarina: ONION works, but the file has to be modified to read the contents.
  791. [3:13 PM] Danger: interesting... modified in what way? Hex editor?
  792. [3:13 PM] anakarina: I've done it with multiple versions of the file, downloaded from different locations, the resulting file is decrypted and different than the original.
  793. [3:13 PM] Danger: weird
  794. [3:13 PM] Danger: any usable data?
  795. [3:13 PM] anakarina: Yeah, let me go get it.
  796. [3:14 PM] anakarina: I don't think it's a very good idea to keep playing with this file though. The people working on this yesterday are pretty spooked. I'll post some of the leads here in case anyone wants to try though.
  797. [3:16 PM] Danger: thank you
  798. [3:16 PM] Danger: i would appreciate that
  799. [3:17 PM] bellum: Yes thank you
  800. [3:17 PM] anakarina: Ok, so quick primer on everything so far regarding insurance.aes256. Remember, discussing this online or even googling certain things have made a couple of people get their internet connections severed.
  801. [3:18 PM] anakarina: The file was posted here originally: https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010
  802. [3:18 PM] bellum: Are anonymizing services such as duck duck go affecting people?
  803. [3:18 PM] anakarina: (duck duck go doesn't make much difference but it's better than using google
  804. [3:19 PM] bellum: Thats what I thought, thank you
  805. [3:19 PM] anakarina: Finding a copy of the file itself is pretty hard, but there's still one here: https://web.archive.org/web/20100901162556/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
  806. [3:19 PM] bellum: Not going to do it nonetheless
  807. [3:19 PM] anakarina: Googling for the torrents raises a red flag apparently.
  808. [3:19 PM] anakarina: Most of the torrent links are blocked at the moment.
  809. [3:20 PM] anakarina: This is how you unlock the file
  810. openssl enc -d -aes-256-cbc -in insurance.aes256 -out outhello -k "password"
  811. [3:20 PM] anakarina: Then, a file called 'outhello' will be made. You can check by doing 'diff insurance.aes256 outhello' to check that they are different.
  812. [3:21 PM] anakarina: No comes the crazy parts.
  813. [3:21 PM] anakarina: The file seems to have been made in a very strange way, there are either layers of it, or the file is purposely made for a dictionary attack to reveal a message.
  814. [3:22 PM] anakarina: The first key found came from a tip out of nowhere that lead us to look into the original SHA1s for the files and find a potential key.
  815. [3:22 PM] anakarina: It was "ONION", so
  816. [3:22 PM] anakarina:
  817. openssl enc -d -aes-256-cbc -in insurance.aes256 -out outhello -k "ONION"
  818. [3:22 PM] anakarina: unlocks the file.
  819. [3:23 PM] anakarina: However, we have since found that there are multiple keys that work, and they all produce different files.
  820. [3:24 PM] anakarina: For example,
  821. openssl enc -d -bf -in insurance.aes256 -out rout -k "ROUTER"
  822. [3:24 PM] anakarina: Produces a different file successfully.
  823. [3:24 PM] anakarina: And,
  824. openssl enc -d -cast -in insurance.aes256 -out outt -k "Tor"
  825. [3:24 PM] anakarina: Also produces a file successfully.
  826. [3:25 PM] anakarina: Here's where it starts to get tricky.
  827. [3:25 PM] anakarina: Tor is a 'Tor ONION ROUTER'
  828. [3:26 PM] Danger: yes some of this stuff is above me... but I am good at following directions so thanks for laying it out.
  829. [3:26 PM] anakarina: In other words, you could recursively decrypt Tor, into Tor ONION ROUTER, Tor ONION ROUTER ONION ROUTER, and so on.
  830. [3:27 PM] bellum: Several layers
  831. [3:27 PM] bellum: Just how many
  832. [3:27 PM] anakarina: There are two main theories regarding this. 1. The file does not have any contents and instead tells the user what to do with the combination of passes that work. For example, "Use a Tor Onion Router and go here".
  833. [3:27 PM] anakarina: 2. The file is unlocked already and we simply have to figure out how to read the contents.
  834. [3:28 PM] anakarina: With 1. someone could very easily write a dictionary attack script that finds all the words that work.
  835. [3:28 PM] anakarina: We will try to do this today.
  836. [3:28 PM] anakarina: For 2. we got another random tip.
  837. [3:28 PM] anakarina: The strange thing is that these 'tips' that people are getting seem to be from alphabet agencies.
  838. [3:28 PM] anakarina: It's not clear why they are trying to push people in certain directions.
  839. [3:29 PM] anakarina: Anyway, it's this
  840. Try taking the last 32 or so bytes in the file, flipping them and saving it as a new file then running "file -b" on it.
  841. [3:29 PM] bellum: Distraction and Diversion, or a freedom fighter
  842. [3:30 PM] anakarina: Finally, people are trying to use forensics tools on the resulting files. We will probably be able to see what's in it soon.
  843. [3:30 PM] bellum: Do you think there is anything to the random drop in we got last night?
  844. [3:30 PM] bellum: Sin topper = pi/2
  845. [3:31 PM] bellum: Followed by a tweeted hash
  846. [3:31 PM] anakarina: People are a bit scared about what happened yesterday, so they are planning on pushing all the information we have so far into the blockchain to keep there forever in case we get cut off.
  847. [3:31 PM] immute: (which insurance file is this? im sorry. i missed if that was clarified?0
  848. [3:31 PM] anakarina: @bellum There's definitely something to the topper post.
  849. [3:31 PM] anakarina: @bellum But it's a really complicated puzzle as well.
  850. [3:32 PM] bellum: It is
  851. [3:32 PM] anakarina: In any case, the other main lead that is getting good attention is decoded messages put into the blockchain.
  852. [3:32 PM] bellum: @immute, it isn't too far above
  853. [3:32 PM] anakarina: We've made some progress there as well, including finding a key we don't know what to use on.
  854. [3:32 PM] Danger: anakarina where else is this being discussed? I don't know how much I can help but I'd love to stay abreast as things develop.
  855. [3:33 PM] anakarina: We're trying to layer the discussion for safety. The very sensitive details are discussed on safer channels.
  856. [3:33 PM] anakarina: For now we want to keep most of that stuff there, but we are working on teaching everyone how to do certain things.
  857. [3:34 PM] anakarina: Right now a primer for reading blockchain messages has been posted on an onion link.
  858. [3:34 PM] Danger: ok
  859. [3:34 PM] anakarina: I can copy-paste it here.
  860. [3:34 PM] Danger: yes ty would be great
  861. [3:34 PM] Danger: also i have tox now
  862. [3:34 PM] Danger: i have had some shit go down within the past 24 hours that has me a bit spooked
  863. [3:34 PM] anakarina: But we should probably have a channel for that separately.
  864. [3:34 PM] Danger: so i am trying to tigthen things up a bit
  865. [3:34 PM] anakarina: However, the blockchain stuff is definitely the most sensitive thing out there right now.
  866. [3:34 PM] Danger: i will PM you my tox id
  867. [3:35 PM] anakarina: So I don't know if it's safe to get people involved. It's up to you guys.
  868. [3:35 PM] Danger: please add me there if you use it
  869. [3:35 PM] Danger: @anakarina i am fully doxxed at this point and have been from the beginning
  870. [3:35 PM] bellum: Anakarina, I am also on Tox
  871. [3:35 PM] Danger: which was good for building trust but honestly i am regretting it a bit now
  872. [3:35 PM] Danger: too late to change though
  873. [3:35 PM] Danger: so i am doing my best to roll with the punches
  874. [3:35 PM] anakarina: @Danger It's too late but you're safe. You haven't done anything to get sensitive data.
  875. [3:36 PM] anakarina: The people getting spooked are the people actively writing code and finding certain things.
  876. [3:36 PM] Danger: yes well on the plus side since my ID is out there if i disappaer you'll know they are clamping down
  877. [3:36 PM] Danger: well, i have done a few things that aren't public at this time
  878. [3:36 PM] Danger: things that may have drawn some attention to me
  879. [3:36 PM] Danger: that's all i can say
  880. [3:36 PM] Danger: like i said a few things have happened within the past day that have me on high alert
  881. [3:37 PM] Danger: but i don't feel endangered at this point
  882. [3:38 PM] immute: hopefully you're seeing ghosts as opposed to real things.... but i hope nothing happens to you
  883. [3:41 PM] anakarina: message just posted to someone
  884. Its not paranoid. It is reality. That is what happened.
  885.  
  886. Why would criminals leave evidence or give you the information required to form an unambiguous picture of reality.
  887.  
  888. Study disinformation and counter intelligence operations and phychological operations. Secrecy is a weapon and is used in very specific ways for very specific reasons.
  889.  
  890. Some people cannot talk because they are under threat. They wont compromise their safety and there is no longer any uncensored channel for communication. Any informatiom is taken down or muddied with doubt and strategic uncertainty.
  891.  
  892. There were hundreds of people in embassy live streaming on twitter after internet was cut. It only takes five minutes for any of them to verify Assanges status. Yet verification was denied.
  893.  
  894. Assange has fiber optic ground line as well as 3G and shortwave communications.
  895.  
  896. Go ask the wikileaks people directly. People are too lazy and stupid to get primarily source material.
  897.  
  898. The wikileaks twitter after being taken over released a cut video that was four years old, to "prove" Assange was still alive. They did a hasty and poorly executed disinformation operation after Assange was captured, to delay the dead drop.
  899.  
  900. They would also use SIGINT and bribery and threats. To identify and rapidly capture or eliminate the key holders. To prevent required number of key holders from publishing the key parts.
  901.  
  902. Assange was not the only one whose internet was cut. This was a well orchestrated international operation. Internet was cut to over twelve wikileaks associated people. They presumably have been captured also.
  903.  
  904. Why is everyone focused on Assange and has not contacted the parents and spouses of the wikileaks members whose communications were cut.
  905.  
  906. Enumerate all possibilities. Evaluate all evidence. Weigh the evidence for each state of reality. Contradictions do not exist in reality.
  907.  
  908. [4:48 PM] beachinmom: You would assume these other members if missing would have friends and family looking for them? I just have to say... I'm thankful for you all, thankful for your intelligence and dedication.
  909. [4:49 PM] Danger: i am assuming nothing at this point
  910. [4:50 PM] Danger: unfortunately the named individuals related to WL are dark
  911. [4:50 PM] Danger: and i don't even know where to begin looking for their fam and friends :frowning:
  912. [4:53 PM] claudiacardinale: AP reported on the missing members but it was taken down after a day.
  913. [4:53 PM] claudiacardinale: Also, the video of the call to the embassy was AP and was included in the story.
  914. [4:53 PM] beachinmom: Didn't know that, I have t searched for info onthe members listed on the site at all.
  915. [4:54 PM] claudiacardinale: We all have to remember that almost everyone involved is missing or dead at this point.
  916. [4:54 PM] claudiacardinale: This includes both of Assanges lawyers, the director of Wikileaks, and the DNC leaker.
  917. [5:07 PM] immute: why assume the dnc leaker is dead? unless we are assuming it was seth
  918. [5:09 PM] claudiacardinale: @immute The important thing is that they thought it was him and he was killed.
  919. [5:12 PM] immute: @claudiacardinale true. it was implied by JA it was seth after he was killed right? But I supposed the people in power knew before that
  920. [5:13 PM] claudiacardinale: @immute He was making the same point I'm making. The important thing is that they suspect him of it and he got killed.
  921. [5:15 PM] immute: oh. I think he did leak but was just trying to get my timeline right. Sad world we live in :neutral_face:
  922. [5:17 PM] tachyon: welp, that ws a thoroughly spooky read
  923. [5:18 PM] Danger: @tachyon how goes it
  924. [5:18 PM] Danger: i'd love to see if we can track down some of these people mentioned
  925. [5:18 PM] Danger: Sarah Harrison relatives/friends
  926. [5:18 PM] immute: yeah... i tried the first 2 commands and it worked. i get a bad decrypt on the 3rd
  927. [5:18 PM] Danger: she's a ghost online though
  928. [5:19 PM] immute: I was thinking about reaching out to her former colleges etc. probably cant say anything though
  929. [5:22 PM] Danger: there are a few others as well
  930. [5:22 PM] Danger: give me a second
  931. [6:16 PM] Thorium: No one's managed to learn anything else out about /r/OPTheList have they?
  932. [6:22 PM] ElectronSpinor: @anakarina Using Täîłś and Tör; where are safer channels? What else can we do to help?
  933. [6:23 PM] ElectronSpinor: Is there evidence of other Wikileaks members being compromised? I want to believe everything you're writing, but I don't want it all to be true, because it's so terribly bad and wrong.
  934. [6:35 PM] ElectronSpinor: @anakarina I think the onion link is vital to be shared with as many people as possible to ensure that the information isn't easily suppressed. The way you type this certainly seems truly concerning.
  935. [6:50 PM] macarana: whats the .onion address
  936. [6:56 PM] claudiacardinale: Please stop asking for the onion address.
  937. [6:57 PM] claudiacardinale: A lot of people's safety depends on that not getting out.
  938. [6:58 PM] ElectronSpinor: I agree. If this is big, it should not be announced.
  939. [6:58 PM] Thorium: I'd be pretty skeptical of those posts @ElectronSpinor
  940.  
  941. If they really were in danger as that 'things are getting weird' quote implied, why would they think that it's safe to post some bullshit cryptic message about the information, but not the actual information itself?
  942.  
  943. We're a really easy target for trolls at the moment, so remember to question everything you read here.
  944. [6:58 PM] ElectronSpinor: Asking for it seems a bit impetuous of me, with reflection.
  945. [6:59 PM] Danger: i think in general everyone is on edge
  946. [6:59 PM] Danger: and rightly so
  947. [6:59 PM] ElectronSpinor: I suppose we could be getting trolled very well.
  948. [6:59 PM] Danger: i wasn't until today, but i have had some stuff happen within the past 24 hours that has spooked me
  949. [6:59 PM] ElectronSpinor: If so, well done.
  950. [6:59 PM] Danger: yes there are many trolls and LARPers too
  951. [6:59 PM] Thorium: Spooked you?
  952. [7:00 PM] Danger: i can't really go into much detail but an email address i created specifically for this research--less than 5 days old--was compromised
  953. [7:00 PM] Danger: only a small handful of people even know about it
  954. [7:00 PM] Danger: and it's a very random address with a very strong password
  955. [7:00 PM] Thorium: Compromised as in, someone gained access to it? :/
  956. [7:00 PM] Danger: potentially
  957. [7:00 PM] Thorium: What makes you think that?
  958. [7:00 PM] Danger: someone at least tried
  959. [7:01 PM] Danger: because that's specifically what the message said
  960. [7:02 PM] Danger: "someone else may have accessed your account"
  961. [7:02 PM] claudiacardinale: We are posting this information on a public channel. People are naturally willing to fight against corruption and will want to get involved. It is not fair for a young person reading this to get involved and get in trouble just because they want to do the right thing.
  962. [7:04 PM] claudiacardinale: Worse things have happened to others in the past few days. You can believe me if you want but at least consider that the people working on this are in the mentality that they are risking their lives to stop a giant war.
  963. [7:05 PM] Danger: agreed
  964. [7:05 PM] Danger: i want everyone to stay as safe as possible
  965. [7:05 PM] Danger: but ultimately we are probably all putting ourselves in some degree of risk just by being here
  966. [7:05 PM] ElectronSpinor: That escalated quickly.
  967. [7:05 PM] Thorium: Like what Claudia? (genuine question, not stirring the pot)
  968. [7:05 PM] Danger: i've heard rumors of some people being vanned
  969. [7:05 PM] Danger: and just plain going dark
  970. [7:05 PM] Danger: i am guessing that is what claudia means
  971. [7:06 PM] Thorium: :/
  972. [7:06 PM] ElectronSpinor: That's what's concerning; just discussing obtaining the truth makes us feel at danger. That alone is wrong.
  973. [7:06 PM] Danger: i know
  974. [7:06 PM] Danger: land of the free, eh?
  975. [7:06 PM] claudiacardinale: People are getting vanned. This is real.
  976. [7:06 PM] claudiacardinale: Other people are just missing.
  977. [7:07 PM] claudiacardinale: Most people lose internet connection.
  978. [7:07 PM] Thorium: I would like some form of evidence of that before I'm willing to beleive it
  979. [7:07 PM] claudiacardinale: If they keep trying after that happens things get worse.
  980. [7:07 PM] claudiacardinale: You don't have to believe it.
  981. [7:07 PM] claudiacardinale: The only reason I'm mentioning it is for people to be catious.
  982. [7:07 PM] Thorium: If it's true I WANT to beleive it
  983. [7:07 PM] claudiacardinale: You can do whatever you want with the information.
  984. [7:07 PM] claudiacardinale: Any evidence will put more people in danger.
  985.  
  986. 10/28
  987.  
  988. [2:40 AM] claudiacardinale:
  989. IF YOU ARE READING THIS DOWNLOAD ALL INSURANCE FILES AND THE ENTIRE BLOCKCHAIN INTO AN EXTERNAL DRIVE RIGHT NOW
  990.  
  991. IF YOU KNOW HOW PUSH THIS INTO THE BLOCKCHAIN ALONG WITH THE INSURACE FILES
  992.  
  993. import sys
  994. import pycurl
  995. import struct
  996. from binascii import unhexlify, crc32
  997. import urllib2
  998.  
  999. transaction = str(sys.argv[1])
  1000. data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
  1001.  
  1002. dataout = b''
  1003. atoutput = False
  1004. for line in data:
  1005. if 'Output Scripts' in line:
  1006. atoutput = True
  1007. if '</table>' in line:
  1008. atoutput = False
  1009. if atoutput:
  1010. if len(line) > 100:
  1011. chunks = line.split(' ')
  1012. for c in chunks:
  1013. if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
  1014. dataout += unhexlify(c.encode('utf8'))
  1015.  
  1016. length = struct.unpack('<L', dataout[0:4])[0]
  1017. checksum = struct.unpack('<L', dataout[4:8])[0]
  1018. dataout = dataout[8:8+length]
  1019. print dataout
  1020.  
  1021. usage
  1022.  
  1023. python script.py transaction_number
  1024.  
  1025. returns all the data in the output scripts
  1026.  
  1027. example
  1028.  
  1029. python script 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
  1030.  
  1031. Returns,
  1032.  
  1033. Wikileaks Cablegate Backup
  1034.  
  1035. cablegate-201012041811.7z
  1036.  
  1037. Download the following transactions with Satoshi Nakamoto's download tool which
  1038. can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc
  1039.  
  1040. Free speech and free enterprise! Thank you Satoshi!
  1041. [2:41 AM] Bobb: I am not an expert but I know many of them and can get answers on questions fast
  1042. [2:41 AM] iDanoo: ah python
  1043. [2:41 AM] claudiacardinale:
  1044. HOW TO FIND MESSAGES ON THE BLOCKCHAIN
  1045.  
  1046. I'll be helping you with a few initial examples. Remember that if you feel like you've been compromised, switch over to codec communication.
  1047.  
  1048. I'm assuming you already did the example on Jean's latest code dump >>24140 Let's try to do a few more.
  1049.  
  1050. First, let us download a transaction that generates a file. A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.
  1051.  
  1052. Use Jean's script and do
  1053.  
  1054. 'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf'
  1055.  
  1056. Once it is done you will be able to see a pdf was generated in that directory.
  1057.  
  1058. Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.
  1059. [2:41 AM] claudiacardinale:
  1060. For example, take a look at this transaction: https://blockchain.info/tx/08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd
  1061.  
  1062. If you do
  1063.  
  1064. python script.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd
  1065.  
  1066. You will get a key that was leaked.
  1067.  
  1068. Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show 'Escrow'. Go to that address and see its transactions. You will then find another message. Keep doing this and you'll eventually find the cable dump again.
  1069.  
  1070. Using this method we've found several transactions that involve Wikileaks that we don't quite understand.
  1071.  
  1072.  
  1073. One good strategy is to generate a file from a transaction and then look at its 'magic numbers' to figure out what it could be.
  1074.  
  1075. For example, the Bitcoin paper transaction.
  1076.  
  1077. If you do
  1078.  
  1079. 'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > output'
  1080.  
  1081. and then do,
  1082.  
  1083. 'file -b output'
  1084.  
  1085. You will get:
  1086.  
  1087. 'PDF document, version 1.4'
  1088.  
  1089. For
  1090.  
  1091. 'python script.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c > output'
  1092.  
  1093. 'file -b output'
  1094.  
  1095. you should get
  1096.  
  1097. 'GPG encrypted data'
  1098. [2:42 AM] claudiacardinale:
  1099. MERGING CODE TO GET FILES FROM MULTIPLE TRANSACTIONS
  1100.  
  1101. import sys
  1102. import pycurl
  1103. import struct
  1104. from binascii import unhexlify, crc32
  1105. import urllib2
  1106.  
  1107. # usage, python script.py transactionlist.txt > file
  1108.  
  1109. txlist = str(sys.argv[1])
  1110.  
  1111. def txdecode(transaction):
  1112. data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
  1113.  
  1114. dataout = b''
  1115. atoutput = False
  1116. for line in data:
  1117. if 'Output Scripts' in line:
  1118. atoutput = True
  1119. if '</table>' in line:
  1120. atoutput = False
  1121. if atoutput:
  1122. if len(line) > 100:
  1123. chunks = line.split(' ')
  1124. for c in chunks:
  1125. if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
  1126. dataout += unhexlify(c.encode('utf8'))
  1127.  
  1128. length = struct.unpack('<L', dataout[0:4])[0]
  1129. checksum = struct.unpack('<L', dataout[4:8])[0]
  1130. dataout = dataout[8:8+length]
  1131. return dataout
  1132.  
  1133. f = open(txlist, 'r')
  1134.  
  1135. alldata = b''
  1136. for l in f.readlines():
  1137. l = l.rstrip('\n')
  1138. alldata += txdecode(str(l))
  1139.  
  1140. print alldata
  1141.  
  1142. example:
  1143.  
  1144. python script.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
  1145.  
  1146. save the 130 transactions to trans.txt
  1147.  
  1148. then use the script above and do
  1149.  
  1150. python newscript.py trans.txt > cables
  1151.  
  1152. you will get a zipfile with the cables
  1153. [2:42 AM] iDanoo: woah
  1154. [2:42 AM] claudiacardinale:
  1155. GETTING ADDRESSES FROM HASHES
  1156.  
  1157. # How to get address from hash
  1158. # Run the following on bitcoin
  1159. from pybitcoin import BitcoinPrivateKey
  1160. pk = BitcoinPrivateKey('HASHGOESHERE', compressed=True)
  1161. pk.public_key().address()
  1162. # Compressed address will be returned
  1163. pk = BitcoinPrivateKey('HASHGOESHERE', compressed=False)
  1164. pk.public_key().address()
  1165. # Uncompressed address will be returned
  1166.  
  1167. snowden
  1168. 1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg
  1169.  
  1170. 1L3Zqv68zsXxNs53r25dKcUgjDe1119Rhj
  1171.  
  1172. kerry
  1173. 1D7f2VtZz7HHmdhpgn82nDhfu1b3PN5TaU
  1174.  
  1175. 1KWsRE9FjFTZgBzKyjv6UQQGwKACbQgR9e
  1176.  
  1177. ecuador
  1178. 1JZL5DtxtsPk5MuAhQgsDd5ZYGaKVbiRta
  1179.  
  1180. 16YJC3wJtAUjYWsCRXgYed9iyfL8AqqXpB
  1181.  
  1182. ukfco
  1183. 1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf
  1184.  
  1185. 1HsJsAsDT3yJLBHJFBioTLQDGWi5DJvbdm
  1186. [2:42 AM] claudiacardinale:
  1187. Analysis threads (heavily deleted and slid):
  1188.  
  1189. https://8ch.net/pol/res/7946506.html
  1190.  
  1191. https://8ch.net/pol/res/7962287.html
  1192.  
  1193. Post where a 'key' was posted and deletions started taking place:
  1194.  
  1195. https://web.archive.org/web/20161024220842/http://8ch.net/pol/res/7933031.html
  1196.  
  1197. https://web.archive.org/web/20161022203236/http://8ch.net/pol/res/7933031.html
  1198. [2:42 AM] claudiacardinale:
  1199. Link to original insurance file in case anyone wants to test that one:
  1200.  
  1201. https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010
  1202.  
  1203. https://web.archive.org/web/20100901162556/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
  1204. https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
  1205.  
  1206. https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
  1207.  
  1208. https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
  1209.  
  1210. https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent
  1211.  
  1212. openssl enc -d -aes-256-cbc -in insurance.aes256 -out onionout -k "ONION"
  1213. openssl enc -d -bf -in insurance.aes256 -out bfonionout -k "ONION"
  1214. openssl enc -d -aes-256-cfb8 -in insurance.aes256 -out fb8onionout -k "ONION"
  1215. openssl enc -d -bf -in insurance.aes256 -out bfrouterout -k "ROUTER"
  1216. openssl enc -d -cast -in insurance.aes256 -out outtor -k "Tor"
  1217. the passwords seem to be telling us that there might be multiple files
  1218. coming out of this, or it could be telling us a message like "Use a Tor Onion Router and do this". It might be that the file has to be unlocked over and over.
  1219.  
  1220. also someone suggested, "take the last 32 or so bytes in the file, flip them, save it and then run 'file -b' on it."
  1221.  
  1222. UNCRACKED TRANSACTIONS:
  1223.  
  1224. 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
  1225. d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
  1226. cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
  1227. 2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
  1228. 657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
  1229. 05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
  1230. 623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
  1231. 5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e
  1232.  
  1233.  
  1234. [2:43 AM] claudiacardinale: Spread this everywhere.
  1235. [2:43 AM] claudiacardinale: Download the blockchain and the insurance files NOW
  1236. [2:43 AM] iDanoo: saving it
  1237. [2:44 AM] iDanoo: done!
  1238. [2:45 AM] iDanoo: Thanks @claudiacardinale
  1239. [2:45 AM] Bobb: Ok so wow and thanks
  1240. [2:47 AM] Bobb: it seems like layered hex that one "TOR" file. That is anothers comment not mine. I like the tool there also. is I understand correctly it is a way to recomplile files from multiple bitcoin trancasctions. That could be huuge utility going forward.
  1241. [2:51 AM] iDanoo: Yeah I'm not sure, woo gone from 8 years down to 5 years behind in the block chain
  1242. [2:54 AM] claudiacardinale: Please take my messages about, put them into a text file and save them.
  1243. [2:54 AM] claudiacardinale: I don't have much time.
  1244. [2:55 AM] Bobb: I saved your message @claudiacardina
  1245. [2:56 AM] Bobb: thanks
  1246. [3:00 AM] iDanoo: @claudiacardinale where are you from? If you don't mind me asking.
  1247. [3:01 AM] claudiacardinale: I am completely compromised. I don't have more time left. I won't be able to log back in after I disconnect now.
  1248. [3:04 AM] iDanoo: Is there anything else?
  1249. [3:04 AM] iDanoo: Do you have pgp/any other contact methods?
  1250. [3:04 AM] iDanoo: We appreciate the info/time you've put in.
  1251. [3:07 AM] Bobb: How do you know you are comp'd? You are good if you can tell IMO
  1252. [3:09 AM] Bobb: when the fcc took over the internet in the usa many people did not notice the bug running in the background. Only those who hand code their websites noticed anything at all. And that was on an older machine running a special linux live cd
  1253. [3:09 AM] Bobb: that is why I ask re: "I am completely compromised"...
  1254. [3:10 AM] claudiacardinale: Pay attention to the DDoS attacks and what gets deleted from the Internet.
  1255. [3:10 AM] claudiacardinale: Listen. There is no one left.
  1256. [3:11 AM] claudiacardinale: When we started we had a big group
  1257. [3:11 AM] claudiacardinale: Everyone is missing or completely silent.
  1258. [3:11 AM] claudiacardinale: We made the mistake of working alone and not sharing.
  1259. [3:11 AM] claudiacardinale: If we spread the progress there is no reason to silence anyone.
  1260. [3:11 AM] claudiacardinale: The keys are out there. Don't let anyone tell you otherwise. The truth can still come out.
  1261. [3:11 AM] claudiacardinale: Work together and keep everyone informed.
  1262. [3:12 AM] claudiacardinale: Push progress to the blockchain.
  1263. [3:12 AM] Bobb: I agree the keys are out
  1264. [3:12 AM] Bobb: good plan claudia
  1265. [3:12 AM] iDanoo: Will do that.
  1266. [3:13 AM] Bobb: Where are the keys?
  1267. [3:14 AM] Bobb: You are not alone
  1268. [3:15 AM] claudiacardinale: Use the information posted above.
  1269. [3:15 AM] claudiacardinale: If anyone finds a working key spread it immediately.
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×