4:19 PM] anakarina: Googling for the torrents raises a red flag apparently.[4:

1. 4:19 PM] anakarina: Googling for the torrents raises a red flag apparently.
2. [4:19 PM] anakarina: Most of the torrent links are blocked at the moment.
3. [4:20 PM] anakarina: This is how you unlock the file
4.  
5. openssl enc -d -aes-256-cbc -in insurance.aes256 -out outhello -k "password"
6.  
7. [4:20 PM] anakarina: Then, a file called 'outhello' will be made. You can check by doing 'diff insurance.aes256 outhello' to check that they are different.
8. [4:21 PM] anakarina: No comes the crazy parts.
9. [4:21 PM] anakarina: The file seems to have been made in a very strange way, there are either layers of it, or the file is purposely made for a dictionary attack to reveal a message.
10. [4:22 PM] anakarina: The first key found came from a tip out of nowhere that lead us to look into the original SHA1s for the files and find a potential key.
11. [4:22 PM] anakarina: It was "ONION", so
12. [4:22 PM] anakarina:
13.  
14. openssl enc -d -aes-256-cbc -in insurance.aes256 -out outhello -k "ONION"
15.  
16. [4:22 PM] anakarina: unlocks the file.
17. [4:23 PM] anakarina: However, we have since found that there are multiple keys that work, and they all produce different files.
18. [4:24 PM] anakarina: For example,
19.  
20. openssl enc -d -bf -in insurance.aes256 -out rout -k "ROUTER"
21.  
22. [4:24 PM] anakarina: Produces a different file successfully.
23. [4:24 PM] anakarina: And,
24.  
25. openssl enc -d -cast -in insurance.aes256 -out outt -k "Tor"
26.  
27. [4:24 PM] anakarina: Also produces a file successfully.
28. [4:25 PM] anakarina: Here's where it starts to get tricky.
29. [4:25 PM] anakarina: Tor is a 'Tor ONION ROUTER'
30. [4:26 PM] Danger: yes some of this stuff is above me... but I am good at following directions so thanks for laying it out.
31. [4:26 PM] anakarina: In other words, you could recursively decrypt Tor, into Tor ONION ROUTER, Tor ONION ROUTER ONION ROUTER, and so on.
32. [4:27 PM] bellum: Several layers
33. [4:27 PM] bellum: Just how many
34. [4:27 PM] anakarina: There are two main theories regarding this. 1. The file does not have any contents and instead tells the user what to do with the combination of passes that work. For example, "Use a Tor Onion Router and go here".
35. [4:27 PM] anakarina: 2. The file is unlocked already and we simply have to figure out how to read the contents.
36. [4:28 PM] anakarina: With 1. someone could very easily write a dictionary attack script that finds all the words that work.
37. [4:28 PM] anakarina: We will try to do this today.
38. [4:28 PM] anakarina: For 2. we got another random tip.
39. [4:28 PM] anakarina: The strange thing is that these 'tips' that people are getting seem to be from alphabet agencies.
40. [4:28 PM] anakarina: It's not clear why they are trying to push people in certain directions.
41. [4:29 PM] anakarina: Anyway, it's this
42.  
43. Try taking the last 32 or so bytes in the file, flipping them and saving it as a new file then running "file -b" on it.
44.  
45. [4:29 PM] bellum: Distraction and Diversion, or a freedom fighter
46. [4:30 PM] anakarina: Finally, people are trying to use forensics tools on the resulting files. We will probably be able to see what's in it soon.
47. [4:30 PM] bellum: Do you think there is anything to the random drop in we got last night?
48. [4:30 PM] bellum: Sin topper = pi/2
49. [4:31 PM] bellum: Followed by a tweeted hash
50. [4:31 PM] anakarina: People are a bit scared about what happened yesterday, so they are planning on pushing all the information we have so far into the blockchain to keep there forever in case we get cut off.
51. [4:31 PM] immute: (which insurance file is this? im sorry. i missed if that was clarified?0
52. [4:31 PM] anakarina: @bellum There's definitely something to the topper post.
53. [4:31 PM] anakarina: @bellum But it's a really complicated puzzle as well.
54. [4:32 PM] bellum: It is
55. [4:32 PM] anakarina: In any case, the other main lead that is getting good attention is decoded messages put into the blockchain.
56. [4:32 PM] bellum: @immute, it isn't too far above
57. [4:32 PM] anakarina: We've made some progress there as well, including finding a key we don't know what to use on.
58. [4:32 PM] Danger: anakarina where else is this being discussed? I don't know how much I can help but I'd love to stay abreast as things develop.
59. [4:33 PM] anakarina: We're trying to layer the discussion for safety. The very sensitive details are discussed on safer channels.
60. [4:33 PM] anakarina: For now we want to keep most of that stuff there, but we are working on teaching everyone how to do certain things.
61. [4:34 PM] anakarina: Right now a primer for reading blockchain messages has been posted on an onion link.
62. [4:34 PM] Danger: ok
63. [4:34 PM] anakarina: I can copy-paste it here.
64. [4:34 PM] Danger: yes ty would be great
65. [4:34 PM] Danger: also i have tox now
66. [4:34 PM] Danger: i have had some shit go down within the past 24 hours that has me a bit spooked
67. [4:34 PM] anakarina: But we should probably have a channel for that separately.
68. [4:34 PM] Danger: so i am trying to tigthen things up a bit
69. [4:34 PM] anakarina: However, the blockchain stuff is definitely the most sensitive thing out there right now.
70. [4:34 PM] Danger: i will PM you my tox id
71. [4:35 PM] anakarina: So I don't know if it's safe to get people involved. It's up to you guys.
72. [4:35 PM] Danger: please add me there if you use it
73. [4:35 PM] Danger: @anakarina i am fully doxxed at this point and have been from the beginning
74. [4:35 PM] bellum: Anakarina, I am also on Tox
75. [4:35 PM] Danger: which was good for building trust but honestly i am regretting it a bit now
76. [4:35 PM] Danger: too late to change though
77. [4:35 PM] Danger: so i am doing my best to roll with the punches
78. [4:35 PM] anakarina: @Danger It's too late but you're safe. You haven't done anything to get sensitive data.
79. [4:36 PM] anakarina: The people getting spooked are the people actively writing code and finding certain things.
80. [4:36 PM] Danger: yes well on the plus side since my ID is out there if i disappaer you'll know they are clamping down
81. [4:36 PM] Danger: well, i have done a few things that aren't public at this time
82. [4:36 PM] Danger: things that may have drawn some attention to me
83. [4:36 PM] Danger: that's all i can say
84. [4:36 PM] Danger: like i said a few things have happened within the past day that have me on high alert
85. [4:37 PM] Danger: but i don't feel endangered at this point
86. [4:38 PM] immute: hopefully you're seeing ghosts as opposed to real things.... but i hope nothing happens to you
87. [4:41 PM] anakarina: message just posted to someone
88.  
89. Its not paranoid. It is reality. That is what happened.
90.  
91. Why would criminals leave evidence or give you the information required to form an unambiguous picture of reality.
92.  
93. Study disinformation and counter intelligence operations and phychological operations. Secrecy is a weapon and is used in very specific ways for very specific reasons.
94.  
95. Some people cannot talk because they are under threat. They wont compromise their safety and there is no longer any uncensored channel for communication. Any informatiom is taken down or muddied with doubt and strategic uncertainty.
96.  
97. There were hundreds of people in embassy live streaming on twitter after internet was cut. It only takes five minutes for any of them to verify Assanges status. Yet verification was denied.
98.  
99. Assange has fiber optic ground line as well as 3G and shortwave communications.
100.  
101. Go ask the wikileaks people directly. People are too lazy and stupid to get primarily source material.
102.  
103. The wikileaks twitter after being taken over released a cut video that was four years old, to "prove" Assange was still alive. They did a hasty and poorly executed disinformation operation after Assange was captured, to delay the dead drop.
104.  
105. They would also use SIGINT and bribery and threats. To identify and rapidly capture or eliminate the key holders. To prevent required number of key holders from publishing the key parts.
106.  
107. Assange was not the only one whose internet was cut. This was a well orchestrated international operation. Internet was cut to over twelve wikileaks associated people. They presumably have been captured also.
108.  
109. Why is everyone focused on Assange and has not contacted the parents and spouses of the wikileaks members whose communications were cut.
110.  
111. Enumerate all possibilities. Evaluate all evidence. Weigh the evidence for each state of reality. Contradictions do not exist in reality.
112.  
113. 5:48 PM] beachinmom: You would assume these other members if missing would have friends and family looking for them? I just have to say... I'm thankful for you all, thankful for your intelligence and dedication.
114. [5:49 PM] Danger: i am assuming nothing at this point
115. [5:50 PM] Danger: unfortunately the named individuals related to WL are dark
116. [5:50 PM] Danger: and i don't even know where to begin looking for their fam and friends :frowning:
117. [5:53 PM] claudiacardinale: AP reported on the missing members but it was taken down after a day.
118. [5:53 PM] claudiacardinale: Also, the video of the call to the embassy was AP and was included in the story.
119. [5:53 PM] beachinmom: Didn't know that, I have t searched for info onthe members listed on the site at all.
120. [5:54 PM] claudiacardinale: We all have to remember that almost everyone involved is missing or dead at this point.
121. [5:54 PM] claudiacardinale: This includes both of Assanges lawyers, the director of Wikileaks, and the DNC leaker.
122. [6:07 PM] immute: why assume the dnc leaker is dead? unless we are assuming it was seth
123. [6:09 PM] claudiacardinale: @immute The important thing is that they thought it was him and he was killed.
124. [6:12 PM] immute: @claudiacardinale true. it was implied by JA it was seth after he was killed right? But I supposed the people in power knew before that
125. [6:13 PM] claudiacardinale: @immute He was making the same point I'm making. The important thing is that they suspect him of it and he got killed.
126. [6:15 PM] immute: oh. I think he did leak but was just trying to get my timeline right. Sad world we live in :neutral_face:
127. [6:17 PM] tachyon: welp, that ws a thoroughly spooky read
128. [6:18 PM] Danger: @tachyon how goes it
129. [6:18 PM] Danger: i'd love to see if we can track down some of these people mentioned
130. [6:18 PM] Danger: Sarah Harrison relatives/friends
131. [6:18 PM] immute: yeah... i tried the first 2 commands and it worked. i get a bad decrypt on the 3rd
132. [6:18 PM] Danger: she's a ghost online though
133. [6:19 PM] immute: I was thinking about reaching out to her former colleges etc. probably cant say anything though
134. [6:22 PM] Danger: there are a few others as well
135. [6:22 PM] Danger: give me a second
136. [7:16 PM] Thorium: No one's managed to learn anything else out about /r/OPTheList have they?
137. [7:22 PM] ElectronSpinor: @anakarina Using Täîłś and Tör; where are safer channels? What else can we do to help?
138. [7:23 PM] ElectronSpinor: Is there evidence of other Wikileaks members being compromised? I want to believe everything you're writing, but I don't want it all to be true, because it's so terribly bad and wrong.
139. [7:35 PM] ElectronSpinor: @anakarina I think the onion link is vital to be shared with as many people as possible to ensure that the information isn't easily suppressed. The way you type this certainly seems truly concerning.
140. [7:50 PM] macarana: whats the .onion address
141. [7:56 PM] claudiacardinale: Please stop asking for the onion address.
142. [7:57 PM] claudiacardinale: A lot of people's safety depends on that not getting out.
143. [7:58 PM] ElectronSpinor: I agree. If this is big, it should not be announced.
144. [7:58 PM] Thorium: I'd be pretty skeptical of those posts @ElectronSpinor
145.  
146. If they really were in danger as that 'things are getting weird' quote implied, why would they think that it's safe to post some bullshit cryptic message about the information, but not the actual information itself?
147.  
148. We're a really easy target for trolls at the moment, so remember to question everything you read here.
149.  
150. [7:59 PM] ElectronSpinor: I suppose we could be getting trolled very well.
151. [7:59 PM] Danger: i wasn't until today, but i have had some stuff happen within the past 24 hours that has spooked me
152. [7:59 PM] ElectronSpinor: If so, well done.
153. [7:59 PM] Danger: yes there are many trolls and LARPers too
154. [7:59 PM] Thorium: Spooked you?
155. [8:00 PM] Danger: i can't really go into much detail but an email address i created specifically for this research--less than 5 days old--was compromised
156. [8:00 PM] Danger: only a small handful of people even know about it
157. [8:00 PM] Danger: and it's a very random address with a very strong password
158. [8:00 PM] Thorium: Compromised as in, someone gained access to it? :/
159. [8:00 PM] Danger: potentially
160. [8:00 PM] Thorium: What makes you think that?
161. [8:00 PM] Danger: someone at least tried
162. [8:01 PM] Danger: because that's specifically what the message said
163. [8:02 PM] Danger: "someone else may have accessed your account"
164. [8:02 PM] claudiacardinale: We are posting this information on a public channel. People are naturally willing to fight against corruption and will want to get involved. It is not fair for a young person reading this to get involved and get in trouble just because they want to do the right thing.
165. [8:02 PM] Thorium: o__0
166. [8:02 PM] Thorium: Not 'tried to access your account' but 'may have accessed your accout' ?
167. [8:03 PM] ElectronSpinor: Hmm. If your email really compromised, this might not be something to sniffle at.
168. [8:03 PM] Danger: yep
169. [8:03 PM] Danger: exact quote
170. [8:04 PM] Thorium: What provider are you using? Maybe that's just their defult message?
171. [8:04 PM] ElectronSpinor: If he tells the provider, doesn't that reveal too much?
172. [8:04 PM] Thorium: How so?
173. [8:04 PM] Thorium: Also the accounts already compromised, so he can't use it anymore anyway
174. [8:04 PM] Thorium: Or potentially compromised at least
175. [8:04 PM] claudiacardinale: Worse things have happened to others in the past few days. You can believe me if you want but at least consider that the people working on this are in the mentality that they are risking their lives to stop a giant war.
176. [8:05 PM] Danger: agreed
177. [8:05 PM] Danger: i want everyone to stay as safe as possible
178. [8:05 PM] Danger: but ultimately we are probably all putting ourselves in some degree of risk just by being here
179. [8:05 PM] ElectronSpinor: That escalated quickly.
180. [8:05 PM] Thorium: Like what Claudia? (genuine question, not stirring the pot)
181. [8:05 PM] Danger: i've heard rumors of some people being vanned
182. [8:05 PM] Danger: and just plain going dark
183. [8:05 PM] Danger: i am guessing that is what claudia means
184. [8:06 PM] Thorium: :/
185. [8:06 PM] ElectronSpinor: That's what's concerning; just discussing obtaining the truth makes us feel at danger. That alone is wrong.
186. [8:06 PM] Danger: i know
187. [8:06 PM] Danger: land of the free, eh?
188. [8:06 PM] claudiacardinale: People are getting vanned. This is real.
189. [8:06 PM] claudiacardinale: Other people are just missing.
190. [8:07 PM] claudiacardinale: Most people lose internet connection.
191. [8:07 PM] Thorium: I would like some form of evidence of that before I'm willing to beleive it
192. [8:07 PM] claudiacardinale: If they keep trying after that happens things get worse.
193. [8:07 PM] claudiacardinale: You don't have to believe it.
194. [8:07 PM] claudiacardinale: The only reason I'm mentioning it is for people to be catious.
195. [8:07 PM] Thorium: If it's true I WANT to beleive it
196. [8:07 PM] claudiacardinale: You can do whatever you want with the information.
197. [8:07 PM] claudiacardinale: Any evidence will put more people in danger.
198. [8:08 PM] Danger: @Thorium for what it's worth there was someone here who was working on connecting the dots with the money trail between Clinton Foundation and various front companies
199. [8:08 PM] Danger: he was here for a couple days
200. [8:08 PM] Danger: very active
201. [8:08 PM] ElectronSpinor: If this is master trolling, I applaud everyone.
202. [8:08 PM] Danger: the last i saw him was two days ago when i got a PM from him saying he thinks he stumbled onto something really big and was being watched
203. [8:08 PM] Danger: no response since
204. [8:08 PM] ElectronSpinor: It is possible he decided to leave randomly?
205. [8:08 PM] ElectronSpinor: But certainly suspicious.
206. [8:08 PM] Danger: so yes, it is possible that people are just trolling
207. [8:08 PM] ElectronSpinor: Oh.
208. [8:08 PM] Danger: or LARPing
209. [8:08 PM] Danger: but he shared some of his research with me
210. [8:09 PM] Danger: he was definitely working on it
211. [8:09 PM] Danger: at least to some degree
212. [8:09 PM] ElectronSpinor: I'm inclined to believe that something actually is going on.
213. [8:09 PM] Thorium: I'm putting my money on trolling, but I have an open mind
214. [8:09 PM] Danger: if people are trolling then they are very dedicated to it
215. [8:09 PM] Danger: that's fine. I admit it's possible. Ultimately though I think if someone says they feel like they're in danger we need to accept that they may genuinely feel that way.
216. [8:09 PM] Danger: And it may actually be true
217. [8:09 PM] Danger: we are talking about information that could probably bring down some of hte most powerful people in the world
218. [8:10 PM] Danger: and if you think they are... ignorant of that... well, people in power get there intentionally, not by accident
219. [8:10 PM] claudiacardinale: I hate to scare people because I want people to help out with this. In fact, CTR wants to scare everyone away from helping in this, but the reality is that things have happened and the work people have done in the past days produces results that can't be faked.
220. [8:10 PM] Thorium: I just find it interesting how the people claiming to have big information keep telling us about it without actually giving us the information
221.  
222. 10:48 PM] claudiacardinale: If people can download copies of the entire blockchain that would be very helpful.
223. [10:54 PM] immute: Is it a site to download or something?
224. [10:55 PM] bellum: https://bitcoin.org/bin/block-chain/
225. [10:57 PM] Danger: https://bitcoin.org/en/download
226. [10:57 PM] Danger: use that instead
227. [10:57 PM] Danger: that should download the full blockchain
228. [10:57 PM] Danger: you will need ~80GB of space
229. [10:57 PM] Danger: when you first launch it should ask you to choose a path though, so at that point you can choose an external drive
230. [10:58 PM] bellum: Thanks No1 :smiley:
231. [10:58 PM] Danger: totes
232. [11:13 PM] claudiacardinale: Is anyone downloading the insurance files by any chance?
233. [11:13 PM] claudiacardinale: It's stuck for me for the latest insurance file.
234. [11:16 PM] Mosh: negatory
235. [11:16 PM] Mosh: but, latest?
236. [11:16 PM] claudiacardinale: https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
237. [11:16 PM] immute: I've got all of them already done. Stopped seeding after my family bitched about babdwidth
238. [11:19 PM] Danger: i have it, @claudiacardinale
239. [11:19 PM] Danger: g'night @mark lunik
240. [11:20 PM] Danger: do you want me to put it in my public dropbox and link you to it @claudiacardinale ?
241. [11:20 PM] Danger: or i can upload to mega, or any other place you prefer
242. [11:20 PM] Danger: boy my computer fans just kicked into high speed
243. [11:26 PM] claudiacardinale: @Danger Hopefully it's the blockchain download.
244. [11:26 PM] Danger: nope, i am doing that on another computer
245. [11:26 PM] Danger: on my desktop
246. [11:27 PM] Danger: which is where the external is hooked up
247. [11:27 PM] claudiacardinale: Then you should probably not upload anything.
248. [11:31 PM] claudiacardinale: It's definitely not letting me download it right now.
249. [11:39 PM] Danger: ok. Do you need me to set up a drop for you?
250. [11:39 PM] Danger: I am happy to do so
251. [1:29 AM] iDanoo:
252. [1:29 AM] iDanoo: @claudiacardinale I've got 100mbit upload, suprised it's not putting out more
253. [1:30 AM] Danger: weird mine are slow too
254. [1:30 AM] Danger:
255. [1:31 AM] Danger: my upload is only like 7mbps but it was going at 200k+ earlier
256. [1:31 AM] iDanoo: Yeah interesting definitely.
257. [1:31 AM] iDanoo: I might play around with my config
258. [1:32 AM] immute: seed/peer ratio?
259. [1:42 AM] iDanoo:
260. [1:42 AM] iDanoo: That's on 2016-03 one
261. [1:42 AM] iDanoo: It's weird because I have it set to DMZ my server, so there should be no port-forwarding /restrictions
262. [1:42 AM] iDanoo: oh fuck
263. [1:42 AM] iDanoo: iptables.
264. [1:42 AM] iDanoo: I forgot I setup a firewall hahahahahaha
265. [1:42 AM] iDanoo: lemme just fix that
266. [1:43 AM] immute: there are also 18 people with the file to 1 person who needs it. the low bandwidth is because low need
267. [1:43 AM] iDanoo: yeah that is true
268. [1:43 AM] iDanoo: Suprised I'm connected to 0 seeders on all torrents though hah
269. [1:43 AM] iDanoo: I must seem like a real dick.
270. [1:43 AM] immute: true. only got 4 wl ones?
271. [1:44 AM] iDanoo: I have 5
272. [1:44 AM] iDanoo: the 2012 one, the A/B/C ones in 2013, and the 2016 one
273. [1:45 AM] immute: right. cant count tonight... doing homework and its 1:45 am... lol
274. [1:46 AM] iDanoo: Ah fair enough, only 645pm here
275. [1:46 AM] iDanoo: Just got home from work, now weekend time!
276. [1:47 AM] immute: must be nice. ive got another day to go... lol
277. [2:15 AM] iDanoo: Also I'm going to start grabbing the blockchain
278. [2:19 AM] iDanoo: It's been awhile, I can just grab bitcoin-qt can't I?
279. [2:26 AM] iDanoo: yep I can
280. [2:26 AM] iDanoo: sweet.
281. [2:27 AM] claudiacardinale: I haven't been able to get the chain or the new insurance file.
282. [2:27 AM] claudiacardinale: I might be cutoff at some point.
283. [2:29 AM] iDanoo: Ah okay, Well I might chuck it on my dedicated server
284. [2:29 AM] iDanoo: so can always open up ssh if you want to play around with it
285. [2:30 AM] iDanoo: Oh wow, our UK office is 3 blocks away from the Embassy in UK
286. [2:30 AM] claudiacardinale: It is very important to get the entire blockchain on external hard drives.
287. [2:30 AM] iDanoo: Yeah
288. [2:30 AM] iDanoo: I'll do a cold backup
289. [2:31 AM] claudiacardinale: There is a lot of shady stuff happening in the chain, they are really trying to stop people from doing anything on it or decoding parts of it.
290. [2:31 AM] iDanoo: Ah okay
291. [2:31 AM] iDanoo: sweet yeah, i'll just setup luks on my other drive
292. [2:31 AM] iDanoo: I refuse to not-encrypt my drives now
293. [2:31 AM] claudiacardinale: The same is true for the insurance files. I think they will try to swap them like they did for the first one.
294. [2:32 AM] iDanoo: Ah yeah
295. [2:32 AM] iDanoo: Well I'll grab the block chain and chuck it on my external
296. [2:33 AM] iDanoo: with the insurance files.
297. [2:33 AM] iDanoo: Also, I might chuck a bot up to mirror this chat to IRC.
298. [2:33 AM] iDanoo: Then I can log EVERYTHING
299. [2:33 AM] iDanoo: could even pipe messages into elasticsearch :wink:
300. [2:36 AM] iDanoo: Actually It'd be cool if could pipe everything in
301. [2:36 AM] iDanoo: include reddit posts
302. [2:43 AM] claudiacardinale: We shouldn't post this conversations too much, a lot of people are getting in trouble since we got close to finding certain things.
303. [3:20 AM] claudiacardinale: Is there anyone up that wants to help?