Hack Everything…

Recommendations

Info

#4 The Cozy Bear Referral Servers are in Panama, France, Germany, the US and Turkey After infecting computers and servers, Cozy Bear calls home to the mother ship. According to the Kaspersky analysis, Cozy Bear is programmed to contact specific servers in Panama, France, Germany, the US and Turkey. These five countries all have a strong NSA CIA presence. None of these countries has a close relationship to Russia – especially not in 2014. Understanding that IP addresses can be faked, these are the IP addresses of the mother ship as provided by Kaspersky: 200.63.46.23 95.128.72.24 72.34.47.186 188.40.99.143 85.95.236.114 Here is a review of these IP addresses using http://whatismyipaddress.com 200.63.46.23 is a server owned by Panamaserver.com. They are listed as a clean server meaning there have been no reports of them attacking people. This means that people were unaware of who was attacking them and where the attackers were located. 95.128.72.24 is a clean server owned by cl-turbo.celeo.net in Paris France. This domain name has no apparent services so how does it make money and stay in business? 72.34.47.186 is a clean server owned by IHNetworks LLC in Los Angeles CA. They use the domain name copper.noc-servers.com. This domain name has no apparent services. So how does it make money and stay in business? I was able to confirm that this server is using a Linux Apache server program and is also using Cpanel. But that was as far as I could get. Here is a screen shot of this URL: IHNetworks LLC appears to be a web hosting company that purchased a Texas based web hosting company called Eleven2 in 2012 but continued to use the user name of the former company apparently to hide the fact that the company was bought. http://www.webhostingtalk.com/showthread.php?t=1431081 IHNetwork hosts about 4,000 domain names (most from Eleven2). Most of these domain names have very low traffic. Even at $100 per domain per year, this is only $400,000 annually which would barely pay for the server much less the staff. Here is a link to all of the domain names hosted by IHNetworks and their current traffic levels. https://w3bin.com/hoster/77 Hack Everything… A Detailed Timeline of the DNC Hack Page 25
Yet despite this fact, IHNetworks claims on their home page to have servers and data centers located around the world! http://ihnetworks.com/ Here is a screen shot of all of the five web hosts that they have bought: So where is this company getting all of the money to buy these web hosts and pay for servers and data centers all around the world? This company appears to have an unlimited amount of money but its known income is only $400,000 per year! Also, exactly how is it related to Cozy Bear given that it is highly unlikely Cozy Bear would want to use servers located in the US and subject to US laws if Cozy Bear was really from Russia. 188.40.99.143 is a clean corporate server located in Germany. The Internet Service Provider is Hetzner Online AG. This one appears to be a real web hosting company that has been in existence since 1997. Perhaps the NSA just has an account here. 85.95.236.114 is a clean broadband server in Turkey. Just about anyone can use a broadband server so there is no real way to research this connection other than to confirm that the IP address is actually located in Turkey (which I did). #5 Cozy Bear aka Cozy Duke uses a Twitter account to call the mother ship The primary method that Twitter uses to communicate with the mother ship is a Twitter handle that uses common phrases about the weather. Should the Twitter account be taken down, Cozy Bear has a backup communication method that uses Google. Given the known relationships between Google, Twitter and the NSA, it is unlikely that Russian hackers would use either of these corporations as their primary means of communicating between their hacking tools and the Home servers. Here is a graphic of Cozy Duke aka Cozy Bear from Kaspersky confirming it uses Twitter to communicate. Hack Everything… A Detailed Timeline of the DNC Hack Page 26
Page 1 and 2: Hack Everything… A Detailed Timel
Page 3 and 4: Hack Everything…. A Detailed Time
Page 5 and 6: Executive Summary… A Primer on th
Page 7 and 8: What is the NSA? The NSA is the Nat
Page 9 and 10: Then in 2011, the replacement retir
Page 11 and 12: The above video may be one of the m
Page 13 and 14: Second, these same government agent
Page 15 and 16: The second example was the reportin
Page 17 and 18: Part 1: Evolution of Cyber Warfare
Page 19 and 20: April 20 2010: The Flame virus caus
Page 21 and 22: June 6, 2013: Snowden Provides Docu
Page 23 and 24: Here is a quote from their 44 page
Page 25: Another source is the NSA documents
Page 29 and 30: However the Fancy Bear Cyber weapon
Page 31 and 32: Part 2 Details of the DNC Hack... J
Page 33 and 34: At the very least, the FBI should s
Page 35 and 36: Promedicalebooks.com is not an acti
Page 37 and 38: Here is the rest of the quote from
Page 39 and 40: April 2016: Cozy Bear and Fancy Bea
Page 41 and 42: June 14, 2016: CIA backed Washingto
Page 43 and 44: They also point out that whoever at
Page 45 and 46: It sounds like an open and shut cas
Page 47 and 48: July 10, 2016: DNC staffer Seth Ric
Page 49 and 50: August 10, 2016: Wikileaks offers $
Page 51 and 52: Payment for servers were done throu
Page 53 and 54: November 24, 2016 The Washington Po
Page 55 and 56: VOA. The article noted that some ma
Page 57 and 58: This brings up an important questio
Page 59 and 60: December 30 2016 Glaring Problems w
Page 61 and 62: There were several other excellent
Page 63 and 64: The fact that 426 of the IP address
Page 65 and 66: Here is what the control panel of t
Page 67 and 68: Part 6 The Rush to War... January 2
Page 69 and 70: Here is a quote: “Officials told
Page 71 and 72: She said she dropped out of three d
Page 73 and 74: But the January 6 th Report not onl
Page 75 and 76: Part 7 Who Really Hacked the DNC If
Page 77 and 78:
Here is a quote: “Another 15-year
Page 79 and 80:
Then they were given data from the
Page 81 and 82:
Thus, the most important thing to k
Page 83 and 84:
“Speaking to investors at a confe
Page 85 and 86:
Conclusion… How to Really Protect
Page 87:
About the Author David Spring has a
show all

Hack Everything…

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?