Rank And File FBI Agents: Mueller's Indictments Are "100% Fabricated" (Here's Proof)
A large number of rank and file FBI agents have slammed Robert Mueller's latest indictment
of 12 alleged Russian "operatives", claiming the evidence has been completely fabricated
by Mueller's team.
According to journalist Thomas Paine, a number of U.S. intelligence agents, including some
working within the FBI, have blown the whistle on how Robert Mueller and his team deliberately
fabricated evidence in order to pursue the Russia witch hunt.
Truepundit.com reports: Whether you understand IT or not, the evidence Mueller claims points
to Russia actually also points to India, Pakistan and of course China.
Funny though, Mueller never mentions that in his indictment.
Wonder why?
President Trump has called it a witch hunt.
And a number of spooks now are backing that claim.
The evidence in Mueller's indictment DOES NOT check our.
Any defense attorney will have a field day with this.
If they even care to counter the charges since the defendants are in Russia.
Here is a collective breakdown we orchestrated and pieced together proving Mueller's case
is a fabricated hoax.
****Circling the wagons around the Russian HOAX****
In Mueller's July 13, 2018 Indictment he lists Organization 1, which from here on out
we're going to assume is Crowdstrike.
CrowdStrike is the private 3rd party company that the DNC hired after multiple warnings
by FBI that their systems were compromised.
CrowdStrike is the company that did the analysis on the servers.
The same servers that the DNC wouldn't give to the FBI for independent analysis.
CrowdStrike eventually gave the FBI a "system image", which Comey, for some odd reason,
deemed acceptable.
Windows uses BIOS/EFI for standard system imaging, which is not a forensic backup.
BIOS doesn't allow corrupted information to be saved for recovery.
Forensic imaging of a hard drive is obtained by using a separate set of controls that bypass
safety protocols that BIOS would use during imaging.
Simply put, the system image obtained though BIOS is wholly unacceptable for forensic analysis
and would not be considered for analysis, nor would adhere to proper traceability of
the original state of the system during the "hacks."
President of CrowdStrike Services & CSO was and still is Shawn Henry.
September 15, 2010 FBI Director Robert S. Mueller, III named Shawn Henry Executive Assistant
Director of the the FBI's Criminal, Cyber, Response, and Services Branch (CCRSB).
March 2012, Shawn Henry named President of CrowdStrike Services & CSO.
Bloomberg has Shawn Henry listed on the Board of Directors of SignatureLink, Inc. with his
"Primary Company" listed as the FBI.
CrowdStrike didn't only make headlines on the DNC hack, they also came out with a report
on December 22, 2016 called "Danger Close." where they allege Russian's hacked Ukrainian
military android phones that used a D-30 howitzer application for targeting, using Fancy Bear
X-Agent; one of the same tools they also reported being used in the DNC, DCCC 'hacks.'
Needless to say, they did a major rewrite after the Ukrainian Defense Minister called
them on their BS analysis and report.
VOA shows the HUGE walkback of shame from CrowdStrike.
NOTE: When a cyber tool is used, it NO LONGER can be attributed to whoever claims development
of it.
Once it's out, it's out and ANYONE can do what they want with it, so attributing
all attacks using X-Agent to "Fancy Bear" from Russia does not make any sense.
NOTE: X-Agent first showed up on the scene in 2012 targeting Windows.
In 2014 a Linux variant came out.
In 2015 a variant for Apple iOS and later Android, and in 2016 X-Agent was found on
DNC servers.
Mueller claims, or rather CrowdStrike (aka Comapany 1) that X-Agent was used to communicate
with GRU-registered linuxkrnl[.]net domain.
Many ran a basic "whois" on that domain and came up with an Amazon server in Ashburn,
VA with IP 52.45.178.122.
It took some extra steps and came up with the below.
Profiling linuxkrnl[.]net returns 3 profiles linuxkrnl[.]net
linuxkrnl[.]net.tumblr[.]com (username = linuxkrnl[.]net, url = tumblr[.]com)
mail.linuxkrnl[.]net When performing initial DNS history for linuxkrnl[.]net
with multiple historical data loggers we get:
Tracking nameserver information, well, the information we could get outside of what Amazon
wiped out (possibly directed to do so), we find ns1.carbon2u[.]com & ns2.carbon2u[.]com,
ns1.hostkey.ru & ss.hostkey.ru associated with domain linuxkrnl[.]net.
Would you be surprised that there are over 500 domains that have been registered within
the "zone file" that ns#.carbon2u[.]com is attributed to, where the majority have
a Mail Exchange (MX) in Malaysia, AND used HOSTKEY-NET (Mueller's indictment states
"GRU" used MX in Malaysia), including linuxkrnl[.]net?
Many of these domains go back as far as 2011, some before that.
When cross-referencing the above DNS History chart with ns#carbon2u[.]com we pick up some
more info: NOTE: When it comes to "first seen" & "last
seen" dates, multiple databases need to be checked.
The logging times fluctuate from one to the other and depend on the time zone too.
All of the nameservers at "DUMMY[.]com" resolve back to Amazon Technologies Inc. in
Dublin, Ireland.
See (*) in first graph.
ns#.carbon2u[.]com = carbon2u[.]com.
(associated with APT28/Fancy Bear) See DNS History trace below:
Note: domain carbon2u[.]com is registered with Internet Domain Service BS (internet[.]bs),
a Bahamas based domain registrar, who is owned by CentralNic out of London since 2014.
*Mail Exchange (MX): 91.218.247.100 = mail.carbon2u[.]com, and reverse DNS = anemone12.steeldns[.]com.
Note: anemone is a flower genus, aka buttercups.
Also it's a song on a rock album by "Virgin Steele" out of New York (The House of Atreus,
Act 1 & Act 2); It's no "Crossfire Hurricane" by the Rolling Stones out of London, but to
each their own.
DNS history of steeldns[.]com: These are *proxy registered route objects.
DNS server records
for steeldns[.]com (Shinjiru Technology) ns1.steeldns[.]com (101.99.72.47)
ns2.steeldns[.]com (111.90.144.253) mail.steeldns[.]com (111.90.144.132)
Reverse DNS on above IP's ns1.steeldns[.]com 101.99.72.47
ns2.steeldns[.]com 111.90.144.253 prawn23.ip-asia[.]com 111.90.144.132
All resolve to Malaysia and all have the owner Shinjiru Technology within our target time
frame.
linux[krnl[.]net domain on IP 52.45.178.122 shows as first seen July 15, 2018, so this
can be mostly discarded as it's not a target within our time frame.
linuxkrnl[.]net.tumblr[.]com (first post March 20, 2018) belongs to an Indian programmer.
Basic steganalysis on a few posted images doesn't seem to show *obvious* embedded
malicious code, but there are inconsistent binary strings in some jpg images, which could
be due to many things.
Since the first post was this year, we didn't bother going any further.
NOTE: X-Agent first showed up on the scene in 2012 targeting Windows.
In 2014 a Linux variant came out.
In 2015 a variant for Apple iOS and later Android, and in 2016 X-Agent was found on
DNC servers.
X-Agent, at this point, cannot be attributed to the original developer.
No one knows who Guccifer 2.0 is.
No one knows who APT28 players are, but by golly Mueller and Crowdstrike sure seemed
to hobble some sh*t together and crack the case by pointing it at 500+ domains registered,
most proxies, with netblocks in Russia, attributed to IP's that all host malicious sites and
links, predominately for phishing, and grab that one little linuxkrnl[.]net out of the
bunch and say it's Russian military intelligence.
Sounds good, anyway …right …
Hell, they even know what computers were used!
Amazing! if the perps didn't know how to spoof their user agent(s), utilize a virtual
machine on their host system in conjunction with a VPN or proxy chains, which renders
2 different IP's (or more if they're dynamic or rotating), and allows the user to use MULTIPLE
operating systems on the host computer.
But whatever.
That's just standard.
The output is only as good as the input, and Crowdstrike has junk input in their analysis.
Remember what they did to the Ukraine with their "Danger Close" "analysis?"
There's plenty more data that can be hashed out but it's outside of this scope.
This could just as well be connected to the Steele-Fusion GPS dossier operation, or Chinese
APT, Indian APT, Pakistani APT, you name it.
You think Russia is special when it comes to espionage and cyber attacks in the U.S?
Ha, take a look at China.
Guccifer 2 used a cracked version of Microsoft Office Suite from "Grizzli777", likely
on a Windows 7 virtual machine setup.
1000's of cyber criminals & freeloaders alike, from different continents use the exact
same setup using the well known Grizzli777's pirated software.
See, this whole thing is a witch hunt and a hoax, and the 3rd party analysts exclusively
used to tout the 17 intel agencies theme, who solely relied on these DNC "for hire"
private companies "analyses" are lacking in their sophistication.
DNS can be spoofed, masked, or encrypted.
Caching can be set up locally instead of at the ISP.
User agent can be changed.
MAC address can be spoofed or temporarily changed.
IP's are *rarely* used for tracking, it's the DNS that matters and as stated, all of
that can be pointed wherever the attacker wants, ESPECIALLY if you own the servers like
the GRU would.
Why transfer over the transoceanic cables anyway!?!
Answer, you wouldn't unless you're just a low level cyber criminal group.
Where's the NSA on this?
Yeah, exactly.
They don't want to be linked to this hoax or prop it up.
So they are keeping quiet.
Too late now.
Facebook has greatly reduced the distribution of our stories in our readers' newsfeeds and
is instead promoting mainstream media sources.
When you share to your friends, however, you greatly help distribute our content.
Please take a moment and consider sharing this article with your
friends
and family.
Thank you.
No comments:
Post a Comment