Connecting More Dots

If you have been following my work on this blog, two of the areas tend to focus around is the Hillary Clinton email server and the Snowden leak. From my two posts in the Finding the Genesis series, I spoke about the China connection in part one and the email server in part two. I haven’t moved on since I am still trying to figure out the information in part three, but I believe that my post into the Baker Leak Investigation will play a part. As for the Snowden connections, in The Unconventional War, I lay out the possibility that Snowden also leaked the NSA Spying Tools along with the documents that were published by The Intercept.

Excerpt from The Unconventional War

When reading the rest of the Unconventional War post, you will see how Matt Tait of Lawfare had said that the leak was internal. I also discuss how the tools leaked by The Shadow Brokers were from 2013 which also coincides with the time frame of Snowden’s leak.

Just to reiterate, the connections I am making from The Shadow Brokers to Snowden are: Internal leak, 2013 time frame, proximity to source, NSA, and the fact that Omidyar had exclusive access to the content therefore we never knew the full extent of the Snowden leak.

So why is this post titled Connecting More Dots? If you are unfamiliar, there is another Twitter user that currently uses the Twitter handle @langdaleca who wrote a blog post in 2017 titled “Connecting Dots.” In the post, he brings attention to a free download made available by The Shadow Brokers. This NSA developed stash included this one tool called Tadaqueous.

Excerpt from Connecting Dots

Langdale then goes on to describe how in 2013, Clinton had switched her server to one run on a Fortinet VPN. For work done two years ago, this has been largely ignored.

When Langdale first started bringing it up again, the 2013 date and his inclusion of China using the tools connected the dots in my mind and caused me to dig into this a little deeper. First looking at Snowden, he flew to Hong Kong on May 20, 2013. He had spent time working for NSA contractor Booz Allen Hamilton. He had previously worked for both the CIA and Dell. On the other end of the spectrum, Clinton had switched from using her home brew server to using Platte River Networks in June 2013. This presumably was done as a reactionary response from Sidney Blumenthal having his emails hacked. Platte had commented that they were picked for their “industry best practices,” but unknowing to them, Tadaqueous had the ability to break through the Fortinet firewall that was used.

From a timeline of the events, Platte assigns three employees to help set up the server in Secaucus, NJ. Two of the employees were identified by the media as being Bill Thorton (local) and Paul Combetta (remote). Thorton works with Clinton IT person Brian Pagliano and is granted Administrator access around June 4, 2013. Snowden’s background may come in handy for the next part because the new server is comprised of servers from Dell.

Excerpt from The Clinton Foundation Timeline

When the FBI had begun a formal investigation into Clinton’s emails, when the servers were seized, Combetta and Pagliano were controversially granted immunity. Per Clinton’s orders, Platte was supposed to delete any emails that were over 60 days old automatically. Amazingly, no one realized that there was also a Datto back-up which was storing every single email that was sent and received. After a preservation request, Combetta had used the software BleachBit to wipe out the emails that were being backed up by Datto. Coincidentally, Datto is based out of Connecticut which is where the Baker Leak Investigation is stemming from as well as the Investigation into the Investigators.

To make matters even stranger, in early 2019, a whistle blower came forward to talk about Project Raven. Project Raven was a UAE clandestine operation that used ex-NSA contractors to spy on their political opponents. The whistle blower, Lori Stroud, had formerly worked worked for the NSA stationed out of Hawaii. Stroud was the one who made the recommendation to hire Edward Snowden. After the fallout from Snowden, Stroud moved onto a Baltimore based company named CyberPoint which eventually led her to the UAE. Project Raven is where we also learn about the Karma hack which can hack an iPhone just by pre-loading numbers into a list. The entire article is an interesting read to get more specifics behind Project Raven.

CyberPoint is the area I wanted to focus on because in 2012, while Clinton was still Secretary of State, she granted them an export license to advise the UAE on cyber defense and policy. CyberPoint was then caught working with Italy based The Hacking Team on selling the UAE hacking equipment. Ironically, this information was revealed when The Hacking Team was hacked. This catapults CyberPoint beyond just advising. The Intercept article then goes on to explain how, ” Paladin Capital Group, a private equity firm that has invested repeatedly in startup NSA contractors, partnered with the UAE sovereign wealth fund Mubadala ICT to invest in Cyberpoint. According to reports, Cyberpoint trains analysts with the Electronic Security Authority, the Emirati intelligence agency.”

Richard Clarke was credited with securing the Abu Dhabi contract. Although he is listed as being associated with the Bush Administration, just looking at his Wikipedia page highlights all of the connections he has with the Clintons as well. What makes this story even crazier is that after the death of Michael Hastings, Clarke was the one who brought up the ability to hack cars. This ability was mentioned in the Vault 7 Wikileaks drop almost 4 years later.

Just makes you wonder how much of this was by design.

Work on this article was assisted by the research of @Wakeywakey16@ThunderB, and@smc12256.

4 thoughts on “Connecting More Dots

  1. There are tons of inconsistencies and bizarre coincidences with the Shadow Brokers. There is evidence to suggest the leak came after Snowden. Snowden was May 2013 and some of the exploits have late 2013 dates. Some important things I found while looking into this:
    1. Equation Group are called “hackers” in some articles mostly because Kaspersky labels them this way. They are NSA. A Wikileaks leak of internal CIA docs confirm this.
    2. Shadow Brokers leaks were used by Brennan and Clapper to try to get Obama to fire Mike Rogers. This occurred sometime in mid Oct 2016 (likely before Oct 21 when Rogers shut off 702 access). Also led to Mueller doing a security review of Booz Hamilton (NSA)
    3. You should read the Shadow Brokers posts. Inconsistencies abound. To start, they “retired” on Jan 12th 2017(same day as Guccifer 2.0 btw). They pop back up in April 2017 and continue to post for months.
    4. The interplay between the Shadow Brokers and Wikileaks release of Vault 7 along with Assange’s negotiations through Adam Waldman and Bruce Ohr cannot be ignored. The dates make this extremely unlikely to be a coincidence.
    5. Some interesting questions: Why did the Shadow Brokers wait until 2016 to release these exploits stolen in 2013? How did Microsoft know in March 2017 to update windows for a vulnerability that was released in April 2017? What exactly were the Shadow Brokers trying to accomplish and do their public moves and statements match their stated objectives?
    6. So their most famous exploit released (the one that has done the most damage) had a kill switch in the code. This leads to more oddities. The first guy to figure out the kill switch was arrested by a bungling FBI. Emptywheel covers this in her blog (which is recommended by the Shadow Brokers btw). The second guy to enact the kill switch is also referenced by the Shadow Brokers (a Microsoft employee in France I think). The Shadow Brokers had a strange concern for limiting the damage of their release.
    7. Suggested further reading:

    8. Also interesting possibly related is an August 6th 2016 article in the Daily Caller where Hayden makes an interesting statement. Note that the statement does not match the headline. His statement is something to the effect that ANY intelligence agency worthwhile would have hacked Clinton’s server. Everything about this article is weird. Choice of venue (conservative targeted). Headline for some reason limits this comment to any FOREIGN intelligence agency. Hayden pretending he doesn’t hate Trump.

    I have looked into this for a few days but there are multiple rabbit holes that keep branching off. There is another arrest of an NSA guy (Vietnamese American) who for some reason put Russian meta data in some docs. Kaspersky is incredibly intertwined with all of this and it gets tedious trying to figure out what is disinfo and what is real. The main sticking point to me is the curious alignment between CIA interests and the Shadow Brokers. Hope some or any of this is helpful.

    Liked by 1 person

    1. Wow, thank you. There are so many rabbit holes and what I like to refer to as anomalies in the official narrative which I try to use to guide me. I’m definitely going to pass this along. Thanks for the information again. All we want is to know what happened.


      1. The NYTImes article is hidden gold on this topic. One of the only ones out there that gives the NSA perspective on things and from a guy who was intimately involved. Good read too. Not a fan of the rag and they still manage to slip in a bit of narrative building but overall great insight.

        Anomalies in news articles are exactly what makes me want to dig into things further. One of the co-writers of this NYTimes piece is the same guy who writes their recent May 25th piece about Baltimore. Extremely interesting to note which parts of the first story don’t make the most recent iteration.

        That piece is what made me want to look further as it is extremely interesting that Baltimore is the focus of this new attention on the subject. NSA headquarters targeted by NSA exploit. NSA is now denying it’s their exploit involved though. There just seems to be a lot beneath the surface of this story and it is ongoing.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s