What is bitcoin? – blockchain support center.

Proper Care & Feeding of your CryptoLocker Infection: A rundown on what we know.

This article is no longer being maintained, please see the new version here. Thanks.
tl;dr: I hope you have backups. It's legit, it really encrypts. It can jump across mapped network drives and encrypt anything with write access, and infection isn't dependent on being a local admin or UAC state. Most antiviruses do not catch it until the damage is done. The timer is real and your opportunity to pay them goes away when it lapses. You can pay them with a GreenDot MoneyPak or 2 Bitcoins, attempt to restore a previous version using ShadowExplorer, go to a backup, or be SOL.
Vectors: In order of likelihood, the vectors of infection have been:
  • Email attachments: A commonly reported subject is Payroll Report. The attachment, most of the time, is a zip with a PDF inside, which is actually an executable.
  • PCs that are unwitting members of the Zeus botnet have had the virus pushed to them directly.
  • There is currently one report of an infection through Java, using the .jnlp file as a dropper to load the executable.
Variants: The current variant demands $300 via GreenDot MoneyPak or 2 BTC. I will not attempt to thoroughly monitor the price of bitcoins for this thread, use Mt. Gox for the current exchange rate. Currently the MoneyPak is the cheaper option, but last week Bitcoins were. Two variants, including a $100 variant and a $300 that did not offer Bitcoin, are defunct.
Payload: The virus stores a public RSA 2048-bit key in the local registry, and goes to a C&C server for a private key which is never stored. The technical nuts and bolts have been covered by Fabian from Emsisoft here. It will use a mix of RSA 2048-bit and AES 256-bit encryption on files matching these masks:
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd, *.cdr, ????????.jpg, ????????.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c, *.pdf, *.tif
This list of file masks may be incomplete. Trust this list at your peril. When in doubt, CryptoLocker will show you what files it has encrypted by clicking the relevant link in the virus's message.
It will access mapped network drives that the current user has write access to and encrypt those. It will not attack server shares, only mapped drives. Current reports are unclear as to how much permission is needed for the virus to encrypt a mapped drive, and if you have clarification or can test in a VM please notify me via message.
By the time the notification pops up, it's already encrypted everything. It's silent until the job is done.
Many antiviruses have been reported as not catching the virus until it's too late, including MSE, Trend Micro WFBS, Eset, GFI Vipre, and Kaspersky. They can further complicate matters by reverting registry changes and removing the executables, leaving the files behind without a public or private key. Releasing the files from quarantine does work, as does releasing the registry keys added and downloading another sample of the virus.
Windows XP through 8 have all reported infections.
What's notable about this virus, and this is going to lead to a lot of tough decisions, is that paying them to decrypt the files actually does work, so long as their C&C server is up. They verify the money transfer manually and then push a notification for the infected machine to call home for the private key again, which it uses to decrypt. It takes a long time to decrypt, at the rate of roughly 5GB/hr based on forum reports. The virus uses the registry to maintain a list of files and paths, so not moving the files around is vital to decryption if you are paying them.
Also notable is that the timer it gives you to pay them does appear to be legitimate, as multiple users have reported that once the timer ran out, the program uninstalled itself. Reinfecting the machine does not bring a new timer. I was not able to verify the uninstallation of the program after the timer ran out, it appears to be dependent on internet access.
Due to the nature of the encryption, brute-forcing a decrypt is essentially impossible for now.
Removal: Removing the virus itself is trivial, but no antivirus product (or any product, for that matter), will be able to decrypt the files until the private key is found.
File Recovery: There are only a handful of options for recovering encrypted files, and they all rely on either having System Restore/VSS turned on or having a backup disconnected from the infected machine. Cloud backup solutions without versioning are no good against this as they will commit the encrypted files to the cloud.
I had a Carbonite employee message me regarding my earlier statement that Carbonite is no good against this virus. It turns out that versioning is included in all Carbonite plans and support all agent OSes except Mac OS X which is outside the scope of this thread anyway. They have the ability to do a mass reversion of files, but you must call tech support and upon mentioning CryptoLocker you will be escalated to a tier 3 tech. They do not mention this ability on the site due to the potential for damage a mass reversion could do if done inadvertently. These are my own findings, independent of what the employee told me. Crashplan and other versioning-based backup solutions such as SonicWALL CDP should also work fine provided the backups are running normally.
Using the "Previous Versions" tab of the file properties is a cheap test, and has had mixed results. Using ShadowExplorer on Vista-8 will give you a much easier graphical frontend for restoring large amounts of files at once (though this will not help with mapped drives, you'd need to run it on the server in that case). Undelete software doesn't work as it encrypts the files in place on the hard drive, there is no copying going on. The big takeaway is that cold-storage backups are good, and they will make this whole process laughably easy to resolve.
Prevention: As this post has attracted many home users, I'll put at the top that MalwareBytes Pro, Avast! Free and Avast! Pro (defs 131016-0 16.10.2013 or later) will prevent the virus from running.
For sysadmins in a domain environment, one way to prevent this and many other viruses is to set up software restriction policies (SRPs) to disallow the executing of .exe files from AppData/Roaming. Grinler explains how to set up the policy here.
Visual example. The rule covering %AppData%\*\*.exe is necessary for the current variant. The SRP will apply to domain admins after either the GP timer hits or a reboot, gpupdate /force does not enforce it immediately. There is almost no collateral damage to the SRP. Dropbox and Chrome are not effected. Spotify may be affected, not sure. I don't use it.
Making shares read-only will mitigate the risk of having sensitive data on the server encrypted.
Forecast: The reports of infections have risen from ~1,300 google results for cryptolocker to over 150,000 in a month. This virus is really ugly, really efficient, and really hard to stop until it's too late. It's also very successful in getting people to pay, which funds the creation of a new variant that plugs what few holes have been found. I don't like where this is headed.
Some edits below are now redundant, but many contain useful information.
9/17 EDIT: All 9/17 edits are now covered under Prevention.
10/10 EDIT: Google matches for CryptoLocker are up 40% in the last week, and I'm getting 5-10 new posts a day on this thread, so I thought I'd update it with some interesting finds from fellow Redditors.
  • soulscore reports that setting the BIOS clock back in time added time to his cryptolocker ransom. Confirmed that the timer extends with the machine offline, but that may be cosmetic and I don't like your chances of this actually helping if your timer runs out on the server side.
  • Spinal33 reports that AV companies are catching up with CryptoLocker and are blocking websites that are spawned in the virus's domain generation algorithm. This effectively means that some people are locked out of the ability to even pay the ransom. (Technically they could, but the virus couldn't call home.)
  • Malwarebytes is claiming that MBAM Pro will catch CryptoLocker. If someone wants to test them on it, be my guest. Confirmed
  • CANT_ARGUE_DAT_LOGIC gave some insight on the method the virus uses when choosing what to infect. It simply goes through folders alphabetically and encrypts all files that match the filemasks towards the top of this post. If you are lucky enough to catch it in the act of encrypting and pull the network connection, the CryptoLocker message will pop up immediately and the countdown will begin. Helpful in determining what will need to be taken into account for decryption.
EDIT 2: We had a customer that ignored our warning email get infected so I will have my hands on an infected PC today, hope to have some useful info to bring back.
10/10 MEGA EDIT: I now have an active CryptoLocker specimen on my bench. I want to run down some things I've found:
  • On WinXP at least, the nested SRP rule is necessary to prevent infection. The path rule needs to be %AppData%\*\*.exe
  • An alternate link to the virus sample is http://gktibioivpqbot.net/1002.exe
  • Once the program runs it spawns two more executables with random names in %userprofile%. Adding a SRP to cover %userprofile%\*.exe may be desired, though this will prevent GoToMyPC from running at a bare minimum.
  • This user was a local administrator, and CryptoLocker was able to encrypt files in other user's directories, though it did not spawn the executables anywhere but the user that triggered the infection. When logged in under a different account there is no indication that a timer is running.
  • The environment has server shares but no mapped drives and the shared data was not touched, even though a desktop shortcut would've taken the virus to a share. I suspect that will be covered in the next iteration.
  • The list of masks above does not appear to be totally complete. PDF files were encrypted and were not originally part of the set of file masks. That is the only exception I noticed, everything else follows the list. Conveniently (/s), CryptoLocker has a button you can click that shows the list of files it's encrypted.
  • The current ransom is $300 by MoneyPak or 2BTC, which at the time of writing would be $280 and change.
  • Fabian reported that registry data is stored at HKCU/Software/CryptoLocker. I cannot glean the meaning of the DWORD values on files but I do notice they are unique, likely salts for the individual files. I'm curious what purpose that would serve if the private key was revealed as the salts would be useless.
  • I have confirmed the message soulscore left that setting the BIOS timer back a few hours adds an equal amount of time. No telling whether that will work once it has a network connection and can see the C&C server, though.
  • The virus walked right through an up-to-date version of GFI Vipre. It appears AV companies either consider the risk too low to update definitions or, more likely, they're having trouble creating heuristic patterns that don't cause a lot of collateral damage.
10/11 EDIT: I ran Daphne on the infected PC to get a better idea of what might be going on. lsass.exe is running like crazy. Computer's had it's CPU pegged all day. I noticed the primary executable running from %AppData% has a switch on the end of the run command, which in my case is /w000000EC. No idea what that means.
10/15 EDIT: I just wanted to thank all the redditors that have submitted information on this. I have some interesting new developments that I'll be editing in full tomorrow.
10/18 EDIT: Hello arstechnica! Please read through comments before posting a question as there's a very good chance it's been answered.
New developments since 10/15:
  • We have confirmation that both Malwarebytes Antimalware Pro and Avast Free and Pro will stop CryptoLocker from running. My personal choice of the two is MBAM Pro but research on your own, AV Comparatives is a wonderful resource.
  • We have reports of a new vector of infection, Java. This is hardly surprising as Zeus was already being transmitted in this fashion, but Maybe_Forged reports contracting the virus with a honeypot VM in this manner.
  • zfs_balla made a hell of a first post on reddit, giving us a lot of insight to the behavior of the decryption process, and answered a frequently-asked question. I'm paraphrasing below.
A file encrypted twice and decrypted once is still garbage.
The waiting for payment confirmation screen stayed up for 16 days before a decryption began, so don't lose hope if it's been up a while.
The DWORD values in the registry have no bearing on decryption. Renaming an encrypted file to one on the list in the registry will decrypt it. However, I would presume this would only work for files that the virus encrypted on that machine as the public key is different with every infection.
Adding any new matching files to somewhere the virus has access will cause them to be encrypted, even at the "waiting for payment confirmation" screen. Be careful.
Hitting "Cancel" on a file that can't be found doesn't cancel the entire decryption, just that file.
EDIT 2: I've rewritten the bulk of this post so people don't have to slog through edits for important information.
10/21 EDIT: Two noteworthy edits. One is regarding Carbonite, which is apparently a viable backup option for this, it is covered under File Recovery. The other is regarding a piece of software called CryptoPrevent. I have not tried it, but according to the developer's website it blocks %localappdata%\*.exe and %localappdata%\*\*.exe which is not necessary for the current variant and will inflict quite a bit of collateral damage. I have no reason right now to doubt the legitimacy of the program, but be aware of the tradeoffs going in.
I'm now at the 15000 character limit. Wat do?
submitted by bluesoul to sysadmin [link] [comments]

Transcript of George Webb Video Series Part 220 "Hillary's Leakers, Hackers, and Henchmen" [@Georgwebb / #HRCRatlne]

  • Day 45.2 Follow Lisa Page, Paul Manafort, and the EB5 Visas - YouTube
    • This is gonna go over comments
    • Again, day 45 part two and these are the comments I talked a lot about McCabe and moving to Chappaqua...
    • And all the power and crews and digging and pedestals and vaults and all the things that change up there
    • I thought geez it just looks like they're moving money out of Indonesia and Malaysia and European banks and offshore banks and and mining all the Bitcoin for Hillary to get--resources for the future
    • Hillary two ready for the getter treasure trove organized in Chappaqua for the big drive to the presidency
    • And it's amazing how when something just fits
    • How a lot of data comes together <<> from the DNC two Chappaqua
    • {{ 135 Castle Road. 15 Old House Lane shown on map unknown owner unknown city unknown state not a dox }}
    • The reason why I believe it moves from DNC to Chappaqua is the to operations are done
    • First operation is looting DCCC
    • The second operation is looting DNC, while there's still other candidates getting money then when you're done and you eliminate Bernie, then you you don't need to do that anymore, and you move the operations to Chappaqua
    • Again, you don't want your hackers being arrested
    • When they're exposed at DNC
    • When they're exposed at DCCC., they're there's an ability to get arrested
    • So it's the same reason why I think for the OIG hack of DHS
    • You come in with a team--I'm not saying Lisa Grafenstine, but somebody like that
    • You come in with a team, you say here's your vulnerability risk, we're gonna look and do all this vulnerability testing, we're gonna get it or download all these files
    • Now oops, I stole the Inspector General's laptop
    • Again, took it over to Hawkshead--and
    • Again, asking Andre Taggart, when the up I would remember when somebody came over to my house with an FBI raid
    • Ask Andre Taggart what day the FBI raid and the NCIS people came over, the Capitol police came over and got that
    • The OIG laptop
    • And I believe it's gonna be, I believe they stole an Inspector General's laptop
    • I'm not saying Lisa Grafenstine, but remember there was four laptops, and 20 Blackberries with government markings, and there was the toner
    • So I'm gonna say right now, I believe that was the DHS's OIG's laptop
    • So again, the Capitol police report would tell us, and there would be no reason to repress that if that wasn't true, correct?
    • So anyway I want to go through this and operations move DCCC DNC then Chappaqua
    • And I wanted to say that a--how does somebody live in New York and then their wife is running for Virginia?
    • I'm saying that McCabe is buying this house for the Awans to live at
    • I'm not saying Andrew McCabe is moving up there
    • I'm saying he's setting up this command center in it and if everything looks like a command center in Chappaqua
    • He's setting it up for the Awans to move up there
    • Now I'm not saying a Seth Rich doesn't come up there or--a satellite person like--Hina Alvi doesn't come up there as well
    • But I think--all these your satellite person
    • But the hacking team is gonna follow Imran okay
    • So anyway DCCC DNC those two operations are done, then you move everything to Chappaqua
    • Just based on metadata
    • And then--you only need to be up there a day or a weekend to buy the house and then you're back with your wife
    • So I think that's what happened
    • There's a lot of action right now inside
    • Now I made a mistake yesterday it wasn't Kislyak that died
    • It was chicken Churkin that died
    • So there's been like nine Russian ambassador's die
    • So he died right about a month later and I could conflated the two
    • So there was a correction there
    • Just to make sure you got that right
    • But I love Corrections
    • Because then people remember corrections better than they do if you said I was right
    • People hate to hear people say I was right
    • People love to hear people say I was wrong {{ 911: those are called trolls or h8rs }}
    • And I've corrected you and I love it
    • So so keep correcting me because it only reinforces a chicken died right after that
    • So it makes me think Chuck it's the guy that they did the deal with read Kissel yakked--it's just one thing after another
    • Now this is an interesting one I did last night with Lisa Page
    • Again, we're down to the people actually making the move
    • So once you get the actors then you can just follow their schedule around and just query their schedule and ask for discovery on their schedule and then ask him a questions around their schedule and Lisa Page as ubiquitous with this Stroeve Peter Strzok and she had this criminal offense over in Ohio and I said ,"hey, that really makes me think about Strongsville
    • Because I was in Strongsville that's where one of the Saipov trucking companies was that was where this creepy school was that was I thought ,"hey, there's this weird European center there that got raided by the FBI
    • So for ten years we have a color-of-law operation where we're bringing people into this Strongsville adoption agency
    • And if you read down a little bit farther, it's got all these kids from all these different countries from this running it for the State Department
    • Now that wouldn't be particularly significant (I'll read a little bit farther into this)
    • That that wouldn't be particularly significant if it wasn't for the fact the State Department says these European adoption consultants EAC European adoption consultants were from Bulgaria blah blah blah all these different countries, and then Ukraine Ukraine Ukraine Ukraine
    • Now I realize it's the last one, but this is the one that's the funnel for the Russian kids
    • What they're doing is they're given Russian kids and Russian families Ukrainian visas
    • So this was the Paul Manafort connection
    • And then and they're coming in and bringing them in through this Strongsville, Ohio
    • And it's out of the way we're nowhere else is this is where one of the Saipov trucking companies is
    • Why do I think the EB-5s are related to this, well a Saipov got 23 EB-5s
    • Saipov has a trucking company here in this in Strongsville
    • So that's why I think that--no other reason
    • Plus here where Stevie-Steve gets his hair cut, I went out there to where Stevie Steve this mass murderer who I thought was involved in killing the trucking folks down in Ohio, down this way a little bit
    • And he's right there he's right at right at this nexus right along with everybody else
    • He's also the guy at the Cleveland Clinic--when these visitors are coming in from UAE and Dubai in and Abu Dhabi
    • He's the one running between the children's center and--you know mentally handicapped kids are dying in their sleep, and then there's these successful heart operations the next day {{ 911: gross }}
    • So it's kind of like Stevie Steve and I went to his barbershop and I went to all these different barber shops and where the people were killed
    • And he just seems to be in the middle of it
    • Everything seems to rotate around Strongsville
    • Now the fact that Peter Strzok'a his dad has this kind of correspondent relationship with all these mullahs in nine different countries in the Arab countries leads me to believe that's the sales network--
    • I just--I know that's a--wild speculation but I just connected all the way from, "hey, all these different countries are the customers and all these Ukrainian kids are--being shopped out and they're meeting them here--somewhere out here at this creepy place"
    • They're meeting and say, 'yeah I want that one,' and then they're getting on the plane and then flying home--from from Cleveland International Airport
    • I'm not I'm not sure, but it's it just that you metadata screams that
    • Why is Lisa Page in a company with Paul Manafort
    • Why is she a partner in a company with Paul Manafort?
    • Why? Why would that be?
    • Now is that a nine or ten years sting I guess
    • So I guess it's a nine or ten years sting?
    • So anyway good comments sorry about the mistake about Churkin
    • The Lisa Page connection here some people said Lisa Page is a Mossad agent whatever
    • {{ 911: I think therefore I am Mossad }}
    • The Lisa Page connection here to to Paul Manafort is a very strong one
    • And I believe they're EB-5s
    • If like I said if Saipov didn't have a trucking company here
    • And it was Bright auto or something like that
    • And I had a car company I wouldn't say anything
    • He has another one in Cincinnati, which leads me to believe there's gonna be another funnel near Cincinnati
  • Day 45.3 Does Fusion GPS Have a Modus Operandi? - YouTube
    • It's Day 45 and this is part three and
    • Now our Mr. Akhmetshin's gonna come back into the story
    • Akhmetshin this is an ak-47 meeting your shin you remember back on days 260 something like that I was in Washington DC, talking about it Akhmetshin
    • I think it was in even before talking about the peepee dossier even before I had kind of brought Fusion GPS from kind of out behind it
    • So these are these cases right
    • Now what do we know about Akhmetshin?
    • Well he was the guy who went to the Trump Tower meeting I believe
    • Now Andrew McCabe is gonna be meeting with Glenn Simpson a Fusion GPS and a Akhmetshin and Veselnitskaya
    • They're gonna be planning this sneak attack on Donald Trump Jr.
    • They're gonna--they're gonna send them in
    • They're gonna send Veselnitskaya in say by this by this dossier, buy this dossiers, shop this dossier, much like Peter stroke shops the dossier in Congress in December of 2016 to try to do the anti-Trump thing right
    • So they're gonna shop this dossier Dom Trump jr. says yeah maybe--kind of and then somebody behind him says that's crazy
    • We're not gonna do that I think that's Jared Kushner
    • But somebody turns it down says this is crazy maybe it's a lawyer or something and it's not worth anything it throws it out
    • So there's no collusion and it's over with
    • So Akhmetshin's your setup guy
    • So what is he doing in these cases?
    • Well he's filing is what they call an "interested party",
    • And this is basically I'm gonna side with one of the two guys in the party here
    • So in this case there's an oil and there's a mineral case here in Washington DC
    • And then he sides with this one of the parties of the two parties
    • Now are they targeting different people?
    • Are they just picking a professor out of somewhere in one of their schools that supports Hillary to attack some friend of Vlad in Moscow to try to unhook some deal in Moscow?
    • Is that really what they're doing? Who knows
    • But let's look at this New York case, where let's see Ahkmetshin files, again, as an intervener, and just see if that's what's going on
    • Let's see modus operandi--we see a pattern developing
    • This is eggy here...this is a plaintiff it looks like
    • We're gonna see down here it's it's a movant somebody clear
    • They're gonna kick in something in this case and then there's this Zalmayev
    • Well it turns out he is a professor at University of California
    • And it turns out this guy is actually living in Moscow, trying to do Moscow Business Development
    • Let's see if they are attacking them or not
    • Oh here's Ahkmetshin he's gonna add some information in here and then he's also going to countersue
    • Zalmayev is also going to countersue the guy that's that they're attacking
    • Let's see how this goes
    • So we go down here to the docket, we go to the first complaint here, and we go to this, and this is gonna be expensive and you see that already thirty seven dollars
    • And there are thirty three dollars to view this document
    • I think I might have last month was terrible for reading documents it's like a thousand bucks
    • But anyway here it is there's Aggie suing Zalmayev's here
    • What's he saying? Well malicious disnformation campaign
    • What does that sound like? Doesn't that sound like exactly what's happening to Trump right now?
    • Russian corporate raid? Hmm where have I heard that before?
    • International litigation prevented him from personal safety loss of life and liberty harm abandon his claim to a valuable investment
    • It played a key role in the campaign elaborate negative public relations campaign illegitimate efforts
    • Defamatory false injurious statements all this sort of thing false defamatory etc etc etc
    • Now as a journalist, you have to report the news, and I correct whenever I make a mistake
    • So there is a certain amount of responsibility that comes along with that
    • And I try to exercise that every day
    • But this is where you're planting stories where you're paying--where has already been
    • Now identified as paying journalists to plant stories that are false--that's something very different
    • That's a that's a sneak attack
    • That's not journalism
    • That's not absence of malice--
    • That's going in with a preconceived idea to smear somebody, in writing, in publications no less, well-known publications
    • {{ 911bs: Called malinformation. Misinformation's a mistake. Disinformation could be done in a protective way (US spreading disinfo about crop circles), malinformation always is to harm }}
    • So they look like they grab this state of California professor they say ,"hey, I got an idea let's let's bust up a deal in Moscow and here it is"
    • There's the Moscow hotel they're going to bust up deal
    • And then finally what happens after this case is after they go through six years of litigation it basically dies
    • And this is a very very long case you can see here it starts in 2011 about when Fusion GPS starts and goes all the way until last month, when you guys finally just--gives up over end and it's sealed
    • And they seal the seal the case
    • So but then there's all this stuff
    • {{ 911: that's called lawfare }}
    • Now the key question is are our two people are our two FBI people people Lisa Page and Peter Strzok involved in this case or not?
    • Do they ever get involved as Peter Strzok ever get involved in this case with Lisa Page?
    • That's the question of the day
    • I'll put some screenshots in here along the way to show how long I've been talking about Fusion GPS
    • How long I've been talking about Akhmetshin
    • That's where the case is coming to
    • My Fusion GPS case will cite these cases as just more and more examples where Fusion GPS--I believe--aided in the creation of dossiers through illegally-obtained material, potentially, with the Awans, to create dossiers against people
    • Much like the Michael Flynn case, to try to smear someone with information
  • Day 45.4. Collect, Dossier, Reprisals - Need to Come Clean, No Sound and Fury, Documents - YouTube
    • It's Day 45 this is version 4
    • And obviously I put out my amended complaint that they're going to be adding the partners of Peter Strzok and also Lisa Page
    • I also had to add Agent Pettijohn and Agent Whittaker of JTTF to my complaint
    • The strategy has been three levels, the collection level, which is the Awans, the Steele, Russians that he brought into the country
    • The second level is once you collect it all you then do a dossier:
    • You do analysis and figure out the best dirt you have on somebody--the best leverage you have
    • And then the third level is reprisal: you don't collect the information to not do anything with it
    • And that's the FBI level that's Andy McCabe through people like Strzok and Page as well as many many other people
    • There's also parallel FBI investigations at every level as well that have been kind of in the shadows, afraid to come forward, and have been kind of put kind of squelched by Andrew McCabe in JTTF
    • So it's a very small group of about sixty guys in internal to FBI, that just need to retire
    • Just find it find a nice farm and retire
    • Make a lot of money
    • And that will the sun-shining of documents documents documents is the answer
    • To have a dog and pony show up in Congress is all well and good
    • A couple of press releases saying that you're going to open an investigation is all well and good
    • But these are really just like curtains--putting new curtains on it on a collapsing building
    • What we really need is publication of documents
    • Publish the OIG hack
    • Publish the OPM hack data
    • Publish the IG report in Congress about the 5100 illegal logins
    • Publish the CDW report
    • Published these key documents from key investigations to show that you have good faith
    • Dog-and-pony shows are all well and good and everyone has--to fall on their sword a little bit publicly
    • But that's not really very substantive at all
    • And I'm not gonna just permit Bob Mueller to kind of act like judge and jury when he is a co-conspirator
    • He been a beneficiary as much of the graft as as Comey, McCabe and Rosenstein
    • It's not gonna happen
    • We can't have half well we'll split the Ocean's eleven team up here
    • You've you five guys go over there you be the jury and we five guys will go over here we'll be the judge
    • And then we'll pick one of us amongst us to beat up on
    • It doesn't work like that
    • Everyone should just retire now and move on
    • I'm gonna keep moving on the Uranium One case
    • I've obviously got a lot of new information they're publishing today
    • Keep moving on the reprisal level with Andrew McCabe got new stuff coming in Chappaqua
    • Got new stuff coming from the Mueller Team
    • And how the Mueller team was infiltrated with the Strozek infiltrators
    • So all these things are going to be discoverable
    • So sooner or later if the American people are not savvy enough to demand documents, they're going to get hoodwinked again, like we did in the Hillary investigation server and investigation and the Huma server
    • Lots of smoke all sound and fury signifying nothing
    • We need to move to documents publication of documents documents documents
  • Day 46.1 Need To Eye Dropper a Fusion GPS Dossier? Call Strzok and Page - YouTube
    • I wanna this is Day 46
    • I'm gonna do the comments for the first two videos and I think you'll see how all this is kind of connected now
    • Last night it was great because all the videos I did yesterday were those were the fodder for Carlson Tucker Carlson--The whole hour and that Hannity the whole hour
    • Even Laura Ingraham and Bret Baier have picked up on this as 20 watergates as Kallstrom has said
    • But the first thing is that the mainstream media has to recognize that Strzok and Page are the key to the whole thing
    • They're that the henchman and henchwoman of Andrew McCabe
    • So that was out there last night
    • Now they still have this text message oh they just said nasty text messages about Trump
    • That's where we are today
    • Now I'm going to move everybody a little bit forward again
    • This is Fusion GPS--They're taking the dossier process.
    • You collect it with you Awans
    • You move it to the dossiers with Fusion GPS
    • And then you then you do reprisals with the FBI
    • And this Strzok and Page are that how you do reprisals
    • You forward it as a series of unrelated messages, but you you send a couple of pieces of the dossier over here one day
    • And then a couple more pieces over there
    • And what you're doing is you're you're doing the deep dives
    • You're doing the messages from Flynn to Kislyak
    • You're doing the Jared Kushner messages
    • You're sending them over like you're just picking these up one at a time
    • Like you don't already have this sitting over in a MicroPACT case management system over at Fusion GPS
    • Now I'm not sure if they use MicroPACT at Fusion GPS or what the case management system is
    • But it's going to be a case management system, a lot like Theresa Grafenstine's case management system
    • I'm not saying Theresa Graphenstine's case management system is being used by Fusion GPS, but somebody if you had access to a case management system like Theresa Grafenstine has at Fusion GPS, you could query that system, and then send little bits and pieces of the dossier
    • Like text messages
    • And you could make it look like actual investigative work
    • And if you're a fake enough like Peter Strzok that works out really well because everybody actually thinks you're an FBI agent
    • So the other piece to this is when you find smoke, when you find a conversation between Flynn and Kislyak, you then need a FISA warrant
    • You need a FISA warrant
    • Well you're never gonna go to a three-judge panel actually with the FISA warrant, but let's just say this is Lisa Page here you're gonna go to Lisa Page and say, "hey, Lisa do that FISA write-up and then we're gonna say it's lost paperwork or it never got over to a judge
    • Now if somebody does a warrant like now and does it drill down, then you just run down the street two three three three Constitution in the middle of the night
    • So your favorite judge and he signs off on it and they back-date it
    • And then you're good to go
    • You're gonna find this combination
    • It's not an affair--the reason why there is Zelig
    • I noticed they even use my Zelig there
    • They're the reason why they're Zelig and they're everywhere is because it's a tight system
    • You don't want 18 people involved in this
    • This is what I keep saying it's so few people are involved in this with McCabe
    • These are the two and I'm not this isn't Lisa Page I don't think
    • But this this is how tight it is
    • They're gonna go from place to place to place to place where you need to speed out this Fusion GPS stuff, to make it look like there's an investigation
    • And this has happened over and over again, for the last I would say 20 years
    • Now Lisa Page didn't get involved until 2006
    • There was a lawyer here in town named Megan something that was used before that
    • And I don't think really Lisa Page gets into the full swing until about 2008 2009
    • But--the roles change, but basically you have somebody sweeping up after you and covering you in case somebody finds out you're doing illegal surveillance okay
    • So it's just that simple
    • So that's how that'll come out tonight I think on Carlson and then Hannity picks it up
    • And then Bret Baier says--there's a story going on around here, but I think it's gonna lead to the helicopter and Otay and those helicopter rides they take
    • So I'm only go a little bit of the way you
    • {{ video cuts to long sequence of black}}
  • Day 46.2 Lisa Page, Have You Ever Been To Strongsville, OH? To the EAC? - YouTube
    • It's Day 46 this is part two and
    • Now I'm gonna go into the Strongsville Ohio connection from part two yesterday
    • People are asking me well why is this going so much faster why is this going so much faster
    • It seems like every day
    • Well Task Force is in the DC area and Task Force is helping me now
    • So you met Task Force earlier with the badge...mm-hmm I just wanted to let--that Task Force is helping me at inside professional who's dealt a lot in the law enforcement community
    • And this is about this is about feds coming into a local law enforcement, and basically taking over with their operation
    • And I'm gonna call this a State Department operation
    • And this is going to be an operation I talked about yesterday
    • And it's in Ohio
    • And you can see here that Lisa Page has these offenses of--affair interfering with official business and--doing wacky things with a car--get in front of the police officers and all this
    • You're gonna see all this wackiness
    • Why is Lisa Page doing all this wackiness out instructions
    • I'll play a little bit of it, "hey, this weird European Center there that got raided by the FBI
    • So for ten years we have a colorable operation range color-of-law operation ten years adoption object see if you read down a little bit farther worker it's got all of these kids from all these different countries from this mostly Ukraine
    • Now that would particularly significant
    • Again, a little bit farther into the State Department State Department state or a significant if it wasn't for the fact the State Department says the Sheriff through an adoption options the AC European adoption caucus all work from Bulgaria our handle all these countries and Ukraine Ukraine Ukrainian I realize the last one Ukraine Ukraine's the warrants the funnel for the Russian kids what they're doing is they're giving Russian kids and Russian families Ukrainian visas
    • So this was the Paul Manafort connection oh Manafort Paul Manafort Paul Manafort--okay
    • So they just
    • So the Mueller just took away Paul Manafort its bail conditions or they're against it
    • Somehow they think {{inaudible}} communicated with Paul Manafort maybe I don't know.
    • Wrong!
    • Andy's had a year to figure it out
    • Wrong! Bob Mueller
    • NO. What's happening is
    • Well let me just explain Strongsville
    • First of all Trump raided Strongsville
    • He met with Putin or his people met with Putin--they found out about this kind of breaking this is the Russian baby thing this isn't baby snatching
    • well maybe it is baby snatching
    • But they they raided it and the thing started in December, and then they raided it finally I think in February
    • And what is so beautiful about how this operation is run is you have these really great incredible parents through these religious organizations, trying to adopt these Russian kids
    • And they it takes forever and the the the kids--are older
    • And it just seems like oh my gosh these kids are never gonna get adopted
    • They're seven eight years old and it's these kind of folks here that are just the salt of the earth of Ohio
    • These are my parents...50 yrs ago
    • And these are just incredible people
    • They make what how'd the State Department runs this deal is you have a few people that are media fronting this operation
    • Which they are the most sincere people in the world
    • And then you have the Saipov babies coming in like there's no tomorrow
    • Everytime a Saipov trucker is going for another thing of uranium--taking another thing in uranium out, he's bringing a kid back
    • And you only need about 23 visas to reuse over and over again
    • They finally bust the operation in June this year okay
    • So they're shutting it down but
    • Again, the greed they just want to keep this thing going it's just it's it's amazing actually
    • And the fact that Jeff Sessions hasn't figured it out is quite quite amazing
    • And I wonder if there's any uranium dealings in Mobile, Alabama down there at the Naval Center
    • We'll get to that later
    • But anyway here's the Strongsville adoption agency
    • What they're doing is are bringing them up through Texas
    • And these Texas truckers I hate to go but down to the Texas shooting
    • Again, but Texas truckers there's going to be a network of about 2,000 of these truckers that are using the commercial drivers licenses--the commercial operators licenses for a very few set of trucking companies
    • And a whole bunch of different companies are gonna use those
    • If they get busted they get busted right for not having driver's licenses...
    • But they're bringing them up from the Mexican border and on these truckers, then if anybody ever gets arrested they throw Uzbeki truckers under literally under the truck, under the bus, and get them arrested
    • So you only need about twenty seven visas 23 visas what did Trump say that Saipov had about 23 visas?
    • And then you keep losing your visa
    • We keep printing new visas in in in Kingston, right?
    • And just keep losing visas printing visas losing visas printing visas
    • After well we got about--500 visas
    • These are the visas that are gonna be in the indictments in the sealed indictments
    • Now I'm daring Mueller I'm daring you right now to unseal those indictments
    • Because I know most of them are gonna be because of these duplicate visas the people using the duplicate visas
    • All you have to do is do is go to the TSA
    • And what's funny is Kirsten Kirsten and Nielsen the new DHS--she's from TSA--she knows how to do this match very quickly, and see that these visas have been used by different people
    • This is why the conspiracies collapse so quickly
    • So anyway the the history of abuses goes back a long way with this Center--this European adoption consultants--this EAC
    • I've had people way back when I mean I want to say a hundred day 150 go shoot video at this place after I was there the first time
    • And it's it's pretty much shut down now after the raid
    • But this goes back a long way, where there's all kinds of neglect while these babies are being stored in the Texas area
    • I'm not gonna say it's where the Texas shooting was but that's why it gets close to
    • And then they bring them up here when they have a match in Ohio
    • And I think there's gonna be Cincinnati
    • It's also gonna be Cleveland are the two places
    • And then I also think Minnesota
    • I think it's gonna be in near like Rochester Minnesota
    • They like the out-of-the-way places they don't like to go into Cleveland they're going to places that have a strong presence of law enforcement
    • They like to out-of-the-way places where they kind of control the Sheriff...
submitted by 911bodysnatchers322 to TruthLeaks [link] [comments]

The infinite dropper CAINDO NO INFINITO !!!!!! - MINECRAFT - YouTube CIRIX - YouTube The dropper map How to Build a Pig Farm! - YouTube

critical zone under 2 trendline cross new lower high setting up rejecting of monthly resistance @7164 if trendlines hold and price respects new lower high we are looking for price to drop towards @6425 zone to create a new lower low and continue to follow price drops along stairway down Intro: Bitcoin has continued to drop nicely towards our profit target, we still expect further bearish pressure albeit quite limited. Sell below 9852. Stop loss at 10550. Take profit at 8909. Reason for the trading strategy (fundamentally): The big news surrounding cryptocurrency recently is from Bank of America’s annual report. It has expressed particular concern in how cryptocurrencies ... PLAYING THE DROPPER MINECRAFT MAP IN VIRTUAL REALITY! Grapeapplesauce — January 5, 2019 33 comments. Tweet on Twitter Share on Facebook Google+ Pinterest. Spread the love . Today I will be playing a DROPPER MINECRAFT MAP in VIRTUAL REALITY! This is much more fun than playing Dropper traditionally! Twitter: … source. Tweet on Twitter Share on Facebook Google+ Pinterest. Previous Article ... TradingView. Anmelden. Ticker, Name Trading Ideen Ausbildungsbereich Skripte Mitglieder The bitcoin song- tatiana coin live edition. Bitcoin unlimited vs segwit 2x. New claymore dual amd and nvidia gpu miner 14.6? What is a likely solution to bitcoin's energy consumption! What is bitcoin? – blockchain support center.. What is the current bitcoin price. Bitcoin price forecast 2018. Download ledger wallet bitcoin 1.12.1 crx file ...

[index] [27056] [22202] [17800] [11197] [13009] [42534] [18337] [33168] [12915] [320]

The infinite dropper

bad audio quality bc its hot af and theres literally a fan blowing in my face "5 mins" smh SUB OR BALD. FIRST MADE MINECRAFT DROPPER MAP! w/ UnspeakableGaming 🚩 SUBSCRIBE to UnspeakablePlays - https://goo.gl/KxX4c7 👚 MERCHANDISE - 🡆 https://www.unspeakable.co/ ... So Today I test out my ability to do dropper maps... I Failed!!!! Sorry about the audio, it glitched during recording. I would've redone it, but then it would have been my first attempt anymore ... GTA V ONLINE 1.46 PED DROPPER MONEY HACK + DOWNLOAD ... Minecraft PE v0.14.0 [Download in the Desc.] - Duration: 4 minutes, 8 seconds. 174 views; 4 years ago; 4:45. GreenShit - Hacked Apk ... Gostou do vídeo? deixe seu like! Meu Computador: http://bit.ly/1X1GQYm Contato Comercial: [email protected] Assista Também: Five Night's At Freddy's: ...

#