Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 4:19 PM] anakarina: Googling for the torrents raises a red flag apparently.
- [4:19 PM] anakarina: Most of the torrent links are blocked at the moment.
- [4:20 PM] anakarina: This is how you unlock the file
- openssl enc -d -aes-256-cbc -in insurance.aes256 -out outhello -k "password"
- [4:20 PM] anakarina: Then, a file called 'outhello' will be made. You can check by doing 'diff insurance.aes256 outhello' to check that they are different.
- [4:21 PM] anakarina: No comes the crazy parts.
- [4:21 PM] anakarina: The file seems to have been made in a very strange way, there are either layers of it, or the file is purposely made for a dictionary attack to reveal a message.
- [4:22 PM] anakarina: The first key found came from a tip out of nowhere that lead us to look into the original SHA1s for the files and find a potential key.
- [4:22 PM] anakarina: It was "ONION", so
- [4:22 PM] anakarina:
- openssl enc -d -aes-256-cbc -in insurance.aes256 -out outhello -k "ONION"
- [4:22 PM] anakarina: unlocks the file.
- [4:23 PM] anakarina: However, we have since found that there are multiple keys that work, and they all produce different files.
- [4:24 PM] anakarina: For example,
- openssl enc -d -bf -in insurance.aes256 -out rout -k "ROUTER"
- [4:24 PM] anakarina: Produces a different file successfully.
- [4:24 PM] anakarina: And,
- openssl enc -d -cast -in insurance.aes256 -out outt -k "Tor"
- [4:24 PM] anakarina: Also produces a file successfully.
- [4:25 PM] anakarina: Here's where it starts to get tricky.
- [4:25 PM] anakarina: Tor is a 'Tor ONION ROUTER'
- [4:26 PM] Danger: yes some of this stuff is above me... but I am good at following directions so thanks for laying it out.
- [4:26 PM] anakarina: In other words, you could recursively decrypt Tor, into Tor ONION ROUTER, Tor ONION ROUTER ONION ROUTER, and so on.
- [4:27 PM] bellum: Several layers
- [4:27 PM] bellum: Just how many
- [4:27 PM] anakarina: There are two main theories regarding this. 1. The file does not have any contents and instead tells the user what to do with the combination of passes that work. For example, "Use a Tor Onion Router and go here".
- [4:27 PM] anakarina: 2. The file is unlocked already and we simply have to figure out how to read the contents.
- [4:28 PM] anakarina: With 1. someone could very easily write a dictionary attack script that finds all the words that work.
- [4:28 PM] anakarina: We will try to do this today.
- [4:28 PM] anakarina: For 2. we got another random tip.
- [4:28 PM] anakarina: The strange thing is that these 'tips' that people are getting seem to be from alphabet agencies.
- [4:28 PM] anakarina: It's not clear why they are trying to push people in certain directions.
- [4:29 PM] anakarina: Anyway, it's this
- Try taking the last 32 or so bytes in the file, flipping them and saving it as a new file then running "file -b" on it.
- [4:29 PM] bellum: Distraction and Diversion, or a freedom fighter
- [4:30 PM] anakarina: Finally, people are trying to use forensics tools on the resulting files. We will probably be able to see what's in it soon.
- [4:30 PM] bellum: Do you think there is anything to the random drop in we got last night?
- [4:30 PM] bellum: Sin topper = pi/2
- [4:31 PM] bellum: Followed by a tweeted hash
- [4:31 PM] anakarina: People are a bit scared about what happened yesterday, so they are planning on pushing all the information we have so far into the blockchain to keep there forever in case we get cut off.
- [4:31 PM] immute: (which insurance file is this? im sorry. i missed if that was clarified?0
- [4:31 PM] anakarina: @bellum There's definitely something to the topper post.
- [4:31 PM] anakarina: @bellum But it's a really complicated puzzle as well.
- [4:32 PM] bellum: It is
- [4:32 PM] anakarina: In any case, the other main lead that is getting good attention is decoded messages put into the blockchain.
- [4:32 PM] bellum: @immute, it isn't too far above
- [4:32 PM] anakarina: We've made some progress there as well, including finding a key we don't know what to use on.
- [4:32 PM] Danger: anakarina where else is this being discussed? I don't know how much I can help but I'd love to stay abreast as things develop.
- [4:33 PM] anakarina: We're trying to layer the discussion for safety. The very sensitive details are discussed on safer channels.
- [4:33 PM] anakarina: For now we want to keep most of that stuff there, but we are working on teaching everyone how to do certain things.
- [4:34 PM] anakarina: Right now a primer for reading blockchain messages has been posted on an onion link.
- [4:34 PM] Danger: ok
- [4:34 PM] anakarina: I can copy-paste it here.
- [4:34 PM] Danger: yes ty would be great
- [4:34 PM] Danger: also i have tox now
- [4:34 PM] Danger: i have had some shit go down within the past 24 hours that has me a bit spooked
- [4:34 PM] anakarina: But we should probably have a channel for that separately.
- [4:34 PM] Danger: so i am trying to tigthen things up a bit
- [4:34 PM] anakarina: However, the blockchain stuff is definitely the most sensitive thing out there right now.
- [4:34 PM] Danger: i will PM you my tox id
- [4:35 PM] anakarina: So I don't know if it's safe to get people involved. It's up to you guys.
- [4:35 PM] Danger: please add me there if you use it
- [4:35 PM] Danger: @anakarina i am fully doxxed at this point and have been from the beginning
- [4:35 PM] bellum: Anakarina, I am also on Tox
- [4:35 PM] Danger: which was good for building trust but honestly i am regretting it a bit now
- [4:35 PM] Danger: too late to change though
- [4:35 PM] Danger: so i am doing my best to roll with the punches
- [4:35 PM] anakarina: @Danger It's too late but you're safe. You haven't done anything to get sensitive data.
- [4:36 PM] anakarina: The people getting spooked are the people actively writing code and finding certain things.
- [4:36 PM] Danger: yes well on the plus side since my ID is out there if i disappaer you'll know they are clamping down
- [4:36 PM] Danger: well, i have done a few things that aren't public at this time
- [4:36 PM] Danger: things that may have drawn some attention to me
- [4:36 PM] Danger: that's all i can say
- [4:36 PM] Danger: like i said a few things have happened within the past day that have me on high alert
- [4:37 PM] Danger: but i don't feel endangered at this point
- [4:38 PM] immute: hopefully you're seeing ghosts as opposed to real things.... but i hope nothing happens to you
- [4:41 PM] anakarina: message just posted to someone
- Its not paranoid. It is reality. That is what happened.
- Why would criminals leave evidence or give you the information required to form an unambiguous picture of reality.
- Study disinformation and counter intelligence operations and phychological operations. Secrecy is a weapon and is used in very specific ways for very specific reasons.
- Some people cannot talk because they are under threat. They wont compromise their safety and there is no longer any uncensored channel for communication. Any informatiom is taken down or muddied with doubt and strategic uncertainty.
- There were hundreds of people in embassy live streaming on twitter after internet was cut. It only takes five minutes for any of them to verify Assanges status. Yet verification was denied.
- Assange has fiber optic ground line as well as 3G and shortwave communications.
- Go ask the wikileaks people directly. People are too lazy and stupid to get primarily source material.
- The wikileaks twitter after being taken over released a cut video that was four years old, to "prove" Assange was still alive. They did a hasty and poorly executed disinformation operation after Assange was captured, to delay the dead drop.
- They would also use SIGINT and bribery and threats. To identify and rapidly capture or eliminate the key holders. To prevent required number of key holders from publishing the key parts.
- Assange was not the only one whose internet was cut. This was a well orchestrated international operation. Internet was cut to over twelve wikileaks associated people. They presumably have been captured also.
- Why is everyone focused on Assange and has not contacted the parents and spouses of the wikileaks members whose communications were cut.
- Enumerate all possibilities. Evaluate all evidence. Weigh the evidence for each state of reality. Contradictions do not exist in reality.
- 5:48 PM] beachinmom: You would assume these other members if missing would have friends and family looking for them? I just have to say... I'm thankful for you all, thankful for your intelligence and dedication.
- [5:49 PM] Danger: i am assuming nothing at this point
- [5:50 PM] Danger: unfortunately the named individuals related to WL are dark
- [5:50 PM] Danger: and i don't even know where to begin looking for their fam and friends :frowning:
- [5:53 PM] claudiacardinale: AP reported on the missing members but it was taken down after a day.
- [5:53 PM] claudiacardinale: Also, the video of the call to the embassy was AP and was included in the story.
- [5:53 PM] beachinmom: Didn't know that, I have t searched for info onthe members listed on the site at all.
- [5:54 PM] claudiacardinale: We all have to remember that almost everyone involved is missing or dead at this point.
- [5:54 PM] claudiacardinale: This includes both of Assanges lawyers, the director of Wikileaks, and the DNC leaker.
- [6:07 PM] immute: why assume the dnc leaker is dead? unless we are assuming it was seth
- [6:09 PM] claudiacardinale: @immute The important thing is that they thought it was him and he was killed.
- [6:12 PM] immute: @claudiacardinale true. it was implied by JA it was seth after he was killed right? But I supposed the people in power knew before that
- [6:13 PM] claudiacardinale: @immute He was making the same point I'm making. The important thing is that they suspect him of it and he got killed.
- [6:15 PM] immute: oh. I think he did leak but was just trying to get my timeline right. Sad world we live in :neutral_face:
- [6:17 PM] tachyon: welp, that ws a thoroughly spooky read
- [6:18 PM] Danger: @tachyon how goes it
- [6:18 PM] Danger: i'd love to see if we can track down some of these people mentioned
- [6:18 PM] Danger: Sarah Harrison relatives/friends
- [6:18 PM] immute: yeah... i tried the first 2 commands and it worked. i get a bad decrypt on the 3rd
- [6:18 PM] Danger: she's a ghost online though
- [6:19 PM] immute: I was thinking about reaching out to her former colleges etc. probably cant say anything though
- [6:22 PM] Danger: there are a few others as well
- [6:22 PM] Danger: give me a second
- [7:16 PM] Thorium: No one's managed to learn anything else out about /r/OPTheList have they?
- [7:22 PM] ElectronSpinor: @anakarina Using Täîłś and Tör; where are safer channels? What else can we do to help?
- [7:23 PM] ElectronSpinor: Is there evidence of other Wikileaks members being compromised? I want to believe everything you're writing, but I don't want it all to be true, because it's so terribly bad and wrong.
- [7:35 PM] ElectronSpinor: @anakarina I think the onion link is vital to be shared with as many people as possible to ensure that the information isn't easily suppressed. The way you type this certainly seems truly concerning.
- [7:50 PM] macarana: whats the .onion address
- [7:56 PM] claudiacardinale: Please stop asking for the onion address.
- [7:57 PM] claudiacardinale: A lot of people's safety depends on that not getting out.
- [7:58 PM] ElectronSpinor: I agree. If this is big, it should not be announced.
- [7:58 PM] Thorium: I'd be pretty skeptical of those posts @ElectronSpinor
- If they really were in danger as that 'things are getting weird' quote implied, why would they think that it's safe to post some bullshit cryptic message about the information, but not the actual information itself?
- We're a really easy target for trolls at the moment, so remember to question everything you read here.
- [7:59 PM] ElectronSpinor: I suppose we could be getting trolled very well.
- [7:59 PM] Danger: i wasn't until today, but i have had some stuff happen within the past 24 hours that has spooked me
- [7:59 PM] ElectronSpinor: If so, well done.
- [7:59 PM] Danger: yes there are many trolls and LARPers too
- [7:59 PM] Thorium: Spooked you?
- [8:00 PM] Danger: i can't really go into much detail but an email address i created specifically for this research--less than 5 days old--was compromised
- [8:00 PM] Danger: only a small handful of people even know about it
- [8:00 PM] Danger: and it's a very random address with a very strong password
- [8:00 PM] Thorium: Compromised as in, someone gained access to it? :/
- [8:00 PM] Danger: potentially
- [8:00 PM] Thorium: What makes you think that?
- [8:00 PM] Danger: someone at least tried
- [8:01 PM] Danger: because that's specifically what the message said
- [8:02 PM] Danger: "someone else may have accessed your account"
- [8:02 PM] claudiacardinale: We are posting this information on a public channel. People are naturally willing to fight against corruption and will want to get involved. It is not fair for a young person reading this to get involved and get in trouble just because they want to do the right thing.
- [8:02 PM] Thorium: o__0
- [8:02 PM] Thorium: Not 'tried to access your account' but 'may have accessed your accout' ?
- [8:03 PM] ElectronSpinor: Hmm. If your email really compromised, this might not be something to sniffle at.
- [8:03 PM] Danger: yep
- [8:03 PM] Danger: exact quote
- [8:04 PM] Thorium: What provider are you using? Maybe that's just their defult message?
- [8:04 PM] ElectronSpinor: If he tells the provider, doesn't that reveal too much?
- [8:04 PM] Thorium: How so?
- [8:04 PM] Thorium: Also the accounts already compromised, so he can't use it anymore anyway
- [8:04 PM] Thorium: Or potentially compromised at least
- [8:04 PM] claudiacardinale: Worse things have happened to others in the past few days. You can believe me if you want but at least consider that the people working on this are in the mentality that they are risking their lives to stop a giant war.
- [8:05 PM] Danger: agreed
- [8:05 PM] Danger: i want everyone to stay as safe as possible
- [8:05 PM] Danger: but ultimately we are probably all putting ourselves in some degree of risk just by being here
- [8:05 PM] ElectronSpinor: That escalated quickly.
- [8:05 PM] Thorium: Like what Claudia? (genuine question, not stirring the pot)
- [8:05 PM] Danger: i've heard rumors of some people being vanned
- [8:05 PM] Danger: and just plain going dark
- [8:05 PM] Danger: i am guessing that is what claudia means
- [8:06 PM] Thorium: :/
- [8:06 PM] ElectronSpinor: That's what's concerning; just discussing obtaining the truth makes us feel at danger. That alone is wrong.
- [8:06 PM] Danger: i know
- [8:06 PM] Danger: land of the free, eh?
- [8:06 PM] claudiacardinale: People are getting vanned. This is real.
- [8:06 PM] claudiacardinale: Other people are just missing.
- [8:07 PM] claudiacardinale: Most people lose internet connection.
- [8:07 PM] Thorium: I would like some form of evidence of that before I'm willing to beleive it
- [8:07 PM] claudiacardinale: If they keep trying after that happens things get worse.
- [8:07 PM] claudiacardinale: You don't have to believe it.
- [8:07 PM] claudiacardinale: The only reason I'm mentioning it is for people to be catious.
- [8:07 PM] Thorium: If it's true I WANT to beleive it
- [8:07 PM] claudiacardinale: You can do whatever you want with the information.
- [8:07 PM] claudiacardinale: Any evidence will put more people in danger.
- [8:08 PM] Danger: @Thorium for what it's worth there was someone here who was working on connecting the dots with the money trail between Clinton Foundation and various front companies
- [8:08 PM] Danger: he was here for a couple days
- [8:08 PM] Danger: very active
- [8:08 PM] ElectronSpinor: If this is master trolling, I applaud everyone.
- [8:08 PM] Danger: the last i saw him was two days ago when i got a PM from him saying he thinks he stumbled onto something really big and was being watched
- [8:08 PM] Danger: no response since
- [8:08 PM] ElectronSpinor: It is possible he decided to leave randomly?
- [8:08 PM] ElectronSpinor: But certainly suspicious.
- [8:08 PM] Danger: so yes, it is possible that people are just trolling
- [8:08 PM] ElectronSpinor: Oh.
- [8:08 PM] Danger: or LARPing
- [8:08 PM] Danger: but he shared some of his research with me
- [8:09 PM] Danger: he was definitely working on it
- [8:09 PM] Danger: at least to some degree
- [8:09 PM] ElectronSpinor: I'm inclined to believe that something actually is going on.
- [8:09 PM] Thorium: I'm putting my money on trolling, but I have an open mind
- [8:09 PM] Danger: if people are trolling then they are very dedicated to it
- [8:09 PM] Danger: that's fine. I admit it's possible. Ultimately though I think if someone says they feel like they're in danger we need to accept that they may genuinely feel that way.
- [8:09 PM] Danger: And it may actually be true
- [8:09 PM] Danger: we are talking about information that could probably bring down some of hte most powerful people in the world
- [8:10 PM] Danger: and if you think they are... ignorant of that... well, people in power get there intentionally, not by accident
- [8:10 PM] claudiacardinale: I hate to scare people because I want people to help out with this. In fact, CTR wants to scare everyone away from helping in this, but the reality is that things have happened and the work people have done in the past days produces results that can't be faked.
- [8:10 PM] Thorium: I just find it interesting how the people claiming to have big information keep telling us about it without actually giving us the information
- 10:48 PM] claudiacardinale: If people can download copies of the entire blockchain that would be very helpful.
- [10:54 PM] immute: Is it a site to download or something?
- [10:55 PM] bellum: https://bitcoin.org/bin/block-chain/
- [10:57 PM] Danger: https://bitcoin.org/en/download
- [10:57 PM] Danger: use that instead
- [10:57 PM] Danger: that should download the full blockchain
- [10:57 PM] Danger: you will need ~80GB of space
- [10:57 PM] Danger: when you first launch it should ask you to choose a path though, so at that point you can choose an external drive
- [10:58 PM] bellum: Thanks No1 :smiley:
- [10:58 PM] Danger: totes
- [11:13 PM] claudiacardinale: Is anyone downloading the insurance files by any chance?
- [11:13 PM] claudiacardinale: It's stuck for me for the latest insurance file.
- [11:16 PM] Mosh: negatory
- [11:16 PM] Mosh: but, latest?
- [11:16 PM] claudiacardinale: https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
- [11:16 PM] immute: I've got all of them already done. Stopped seeding after my family bitched about babdwidth
- [11:19 PM] Danger: i have it, @claudiacardinale
- [11:19 PM] Danger: g'night @mark lunik
- [11:20 PM] Danger: do you want me to put it in my public dropbox and link you to it @claudiacardinale ?
- [11:20 PM] Danger: or i can upload to mega, or any other place you prefer
- [11:20 PM] Danger: boy my computer fans just kicked into high speed
- [11:26 PM] claudiacardinale: @Danger Hopefully it's the blockchain download.
- [11:26 PM] Danger: nope, i am doing that on another computer
- [11:26 PM] Danger: on my desktop
- [11:27 PM] Danger: which is where the external is hooked up
- [11:27 PM] claudiacardinale: Then you should probably not upload anything.
- [11:31 PM] claudiacardinale: It's definitely not letting me download it right now.
- [11:39 PM] Danger: ok. Do you need me to set up a drop for you?
- [11:39 PM] Danger: I am happy to do so
- [1:29 AM] iDanoo:
- [1:29 AM] iDanoo: @claudiacardinale I've got 100mbit upload, suprised it's not putting out more
- [1:30 AM] Danger: weird mine are slow too
- [1:30 AM] Danger:
- [1:31 AM] Danger: my upload is only like 7mbps but it was going at 200k+ earlier
- [1:31 AM] iDanoo: Yeah interesting definitely.
- [1:31 AM] iDanoo: I might play around with my config
- [1:32 AM] immute: seed/peer ratio?
- [1:42 AM] iDanoo:
- [1:42 AM] iDanoo: That's on 2016-03 one
- [1:42 AM] iDanoo: It's weird because I have it set to DMZ my server, so there should be no port-forwarding /restrictions
- [1:42 AM] iDanoo: oh fuck
- [1:42 AM] iDanoo: iptables.
- [1:42 AM] iDanoo: I forgot I setup a firewall hahahahahaha
- [1:42 AM] iDanoo: lemme just fix that
- [1:43 AM] immute: there are also 18 people with the file to 1 person who needs it. the low bandwidth is because low need
- [1:43 AM] iDanoo: yeah that is true
- [1:43 AM] iDanoo: Suprised I'm connected to 0 seeders on all torrents though hah
- [1:43 AM] iDanoo: I must seem like a real dick.
- [1:43 AM] immute: true. only got 4 wl ones?
- [1:44 AM] iDanoo: I have 5
- [1:44 AM] iDanoo: the 2012 one, the A/B/C ones in 2013, and the 2016 one
- [1:45 AM] immute: right. cant count tonight... doing homework and its 1:45 am... lol
- [1:46 AM] iDanoo: Ah fair enough, only 645pm here
- [1:46 AM] iDanoo: Just got home from work, now weekend time!
- [1:47 AM] immute: must be nice. ive got another day to go... lol
- [2:15 AM] iDanoo: Also I'm going to start grabbing the blockchain
- [2:19 AM] iDanoo: It's been awhile, I can just grab bitcoin-qt can't I?
- [2:26 AM] iDanoo: yep I can
- [2:26 AM] iDanoo: sweet.
- [2:27 AM] claudiacardinale: I haven't been able to get the chain or the new insurance file.
- [2:27 AM] claudiacardinale: I might be cutoff at some point.
- [2:29 AM] iDanoo: Ah okay, Well I might chuck it on my dedicated server
- [2:29 AM] iDanoo: so can always open up ssh if you want to play around with it
- [2:30 AM] iDanoo: Oh wow, our UK office is 3 blocks away from the Embassy in UK
- [2:30 AM] claudiacardinale: It is very important to get the entire blockchain on external hard drives.
- [2:30 AM] iDanoo: Yeah
- [2:30 AM] iDanoo: I'll do a cold backup
- [2:31 AM] claudiacardinale: There is a lot of shady stuff happening in the chain, they are really trying to stop people from doing anything on it or decoding parts of it.
- [2:31 AM] iDanoo: Ah okay
- [2:31 AM] iDanoo: sweet yeah, i'll just setup luks on my other drive
- [2:31 AM] iDanoo: I refuse to not-encrypt my drives now
- [2:31 AM] claudiacardinale: The same is true for the insurance files. I think they will try to swap them like they did for the first one.
- [2:32 AM] iDanoo: Ah yeah
- [2:32 AM] iDanoo: Well I'll grab the block chain and chuck it on my external
- [2:33 AM] iDanoo: with the insurance files.
- [2:33 AM] iDanoo: Also, I might chuck a bot up to mirror this chat to IRC.
- [2:33 AM] iDanoo: Then I can log EVERYTHING
- [2:33 AM] iDanoo: could even pipe messages into elasticsearch :wink:
- [2:36 AM] iDanoo: Actually It'd be cool if could pipe everything in
- [2:36 AM] iDanoo: include reddit posts
- [2:43 AM] claudiacardinale: We shouldn't post this conversations too much, a lot of people are getting in trouble since we got close to finding certain things.
- [3:20 AM] claudiacardinale: Is there anyone up that wants to help?
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement