Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
One important final quote: “The address, 176.31.112.10, is a dedicated server provided<br />
by the French OVH hosting company, but is apparently operated by an offshore secure<br />
hosting company called CrookServers.com and seemingly located in Pakistan.<br />
By researching historical data relevant to C&C 176.31.112.10, we discovered that on<br />
February 16th 2015, the server was sharing an SSL certificate with another IP address<br />
allocated to CrookServers and also hosted at OVH: 213.251.187.145“.<br />
Our Comments on the German <strong>Hack</strong> Smoking Gun<br />
Whether there was a third party attack or not, using an outdated version of Open SSL<br />
with a very widely publicized vulnerability that could destroy the whole apple cart seems<br />
like something that only a teenager wannabe hacker would do – not Russian hackers and<br />
not NSA hackers. The program was compiled just before the May 2015 hack. This seems<br />
to indicate that it was some kid that got hold of a program not even realizing that it<br />
suffered from the Heartbleed problem. Moreover, there seems to be little motive for<br />
Russia to hack the server of a left leaning political party in Germany. Finally, there is no<br />
way Russian hackers are going to be using servers in Pakistan by a hosting company<br />
called Crook Servers. The only hackers I know that are that arrogant are the NSA<br />
Equation Group. I could see the NSA hacking the German server due to their motto to<br />
“hack everything.” But there is no way that the Equation group would overlook the<br />
Heartbleed problem. So my conclusion is that the German hacker was not even Fancy<br />
Bear. It was simply some teenager out for a joy ride. And the smoking gun? It was more<br />
like smoke and mirrors.<br />
July 7, 2016: Threat Connect Proves they have no idea what they are talking about<br />
Threat Connect posted a short blog trying to explain the significance of Named Servers<br />
being associated with the Russian <strong>Hack</strong>ers. Sadly, during their explanation, they<br />
incorrectly claiming that Godaddy uses named servers called GoDaddy. Here is a quote:<br />
“For example, if five domains are registered through GoDaddy, all five of those domains<br />
by default will use GoDaddy name servers like NS1.GODADDY[.]COM and<br />
NS2.GODADDY[.]COM.”<br />
https://www.threatconnect.com/blog/whats-in-a-name-server/<br />
There are two problems with this claim. First, their example is factually wrong. In fact,<br />
Godaddy named servers are not under the name Godaddy. They are under the name<br />
Domain Control. As the millions of people who have GoDaddy accounts know, their<br />
named servers use the names ns38.domaincontrol.com, ns39.domaincontrol.com,<br />
etc. It does not inspire much confidence when these so-called security experts do not<br />
even know the names of the world’s most over-crowded servers.<br />
Second, Russian <strong>Hack</strong>ers would never use GoDaddy servers because they are located<br />
in the US with a US corporation under draconian US laws. Russian hackers also would<br />
not use servers located in Russia. But there are many European countries with strong<br />
privacy laws were Russian hackers would be least likely to be caught or disturbed.<br />
Switzerland comes to mind as a good place to have one’s data if one did not want to be<br />
shut down by the FBI and the NSA.<br />
<strong>Hack</strong> <strong>Everything…</strong> A Detailed Timeline of the DNC <strong>Hack</strong> Page 45