31 October 2015

Wikileaks honeypot/SAIC whistlebreaker update

From: nobody

Subject: Wikileaks honeypot/SAIC whistlebreaker update

Date: Fri, 30 Oct 2015 16:56:29 +0100 (CET)

Wikileaks is not offering a search of Cryptome - the files are hosted on their server as a honeypot for snatching user data for who knows what.

There are subtle sneaky differences that give it away.

Look at the html source code for https://cryptome.wikileaks.org/frontpage and https://cryptome.org. Why the code changes? What else is different?

Look at the SSL certs, the WL mirror uses its own and its own SSL crypto. May not even be valid certs.

http://www.computing.co.uk/ctg/news/2430138/fake-banking-websites-issued-with-ssl-certificates-by-symantex-comodo-and-godaddy

and

http://www.pcworld.com/article/2999146/encryption/google-threatens-action-against-symantec-issued-certificates-following-botched-investigation.html



Look at the traceroutes.



traceroute to cryptome.wikileaks.org (195.35.109.44), 20 hops max, 40 byte packets

1 208.64.252.229.uscolo.com (208.64.252.229) 0.409 ms 0.454 ms 0.545 ms

2 199.197.11.45.uscolo.com (199.197.11.45) 0.550 ms 0.594 ms 0.599 ms

3 199.197.10.25.uscolo.com (199.197.10.25) 1.133 ms 0.889 ms 1.161 ms

4 31.217.128.5 (31.217.128.5) 0.412 ms 0.453 ms 0.456 ms

5 s1.eq1.ams.ixreach.com (91.196.186.78) 66.691 ms 66.711 ms 66.722 ms

6 91.196.187.50 (91.196.187.50) 158.441 ms 158.423 ms 175.391 ms

7 r2.thn.lon.ixreach.com (91.196.184.182) 164.760 ms 164.769 ms 164.755 ms

8 r1.tc2.ams.ixreach.com (91.196.184.138) 169.547 ms 170.111 ms 169.575 ms

9 blix.telecity5.nl-ix.net (193.239.116.75) 195.183 ms 195.550 ms 195.450 ms

10 te-9-1.dig-osl.blix.com (31.169.49.33) 195.238 ms 195.390 ms 195.433 ms

11 po-8.hmg-osl.blix.com (31.169.49.90) 195.161 ms 195.315 ms 195.414 ms

12 po-2.sa-hmg-osl.blix.com (178.255.145.162) 196.934 ms 196.696 ms 195.632 ms

traceroute to cryptome.org (209.17.116.160), 20 hops max, 40 byte packets

1 208.64.252.229.uscolo.com (208.64.252.229) 0.382 ms 0.435 ms 0.480 ms

2 199.197.10.6.uscolo.com (199.197.10.6) 0.743 ms 0.802 ms 0.811 ms

3 199.197.10.25.uscolo.com (199.197.10.25) 0.984 ms 1.026 ms 0.979 ms

4 c-5-144-66-207.lax.ca.wolfe.net (207.66.144.5) 0.904 ms 1.056 ms 1.109 ms

5 ACCRETIVE-T.edge2.Atlanta4.Level3.net (4.53.238.38) 52.495 ms 52.515 ms 52.716 ms

6 xe-9-2-2.edge2.Atlanta4.Level3.net (4.53.238.37) 50.834 ms 50.917 ms 51.021 ms

7 vl-3518.car2.Atlanta1.Level3.net (4.69.206.25) 51.413 ms 51.295 ms 51.472 ms

8 FIDELITY-IN.car2.Atlanta1.Level3.net (4.71.22.42) 52.250 ms 52.286 ms 52.300 ms

9 (209.17.112.46) 51.437 ms (209.17.112.42) 51.840 ms 51.962 ms

10 209.17.116.160 (209.17.116.160) 52.003 ms 52.281 ms 51.944 ms

The fellow that told me about his whistlebreaker project isn't here anymore. Only a sub-subcontractor here for one phase of a project, paid from a special fund. Friend says he had no HR records except his checks and security info.

Talk to Wikileaks, find out whos idea it was and who executed it. Snake oilers.