Grand Theory — Supp.4

Felt
8 min readApr 23, 2017

--

Supp.1 | Supp.2 | Supp.3 | Supp.4

Supp.5 | Supp.6 | Supp.7 | Supp.8

Supp.9 |Supp.10

This is a very complicated case, Maude. You know, a lotta ins, lotta outs, lotta what-have-you’s. And, uh, lotta strands to keep in my head, man. Lotta strands in old Duder’s head. Luckily I’m adhering to a pretty strict, uh, drug regimen to keep my mind, you know, limber.” — J.L.

Like with Supp.1, Supp.2, and Supp.3, this post will attempt to build on prior research in support of a Grand Theory.

Review

Back in March, The Patribotics Blog, through the work of Louise Mensch and Laurelai Bailey, dug into the connection between Hostkey and WikiLeaks. Bailey was able to show that WikiLeaks had servers inside Russia, which were set up about one week before the release of the DNC emails by WikiLeaks:

In turn, this proves Wikileaks gained Russian hosting on September 30th 2016, one week before the Podesta emails were made public. Wikileaks got Russian Federation virtual addresses one week before the Podesta emails. Let that sink in.

Mensch was then able to show that WikiLeaks had turned over its SSL website keys to HostKey.

Earlier in April, Mensch surmised that

The DNC hack, hosted by Hostkey and Chayanov, would have had access to Vertica, the DNC’s voter registration server. This server had all the DNC’s information on all their voters and where they lived, voting records and so forth. Vertica had the DNC’s voter addresses, campaign modeling and so forth. It was the goldmine. It was everything.

The underlying theory by Mensch is that

that since Hostkey published the Wikileaks stuff and also hacked US voter state databases, the Alfa server was probably comparing the state rolls with the DNC information; and that this was passed back to the Trump campaign through the Trump server.

This post will tease out some under-appreciated details presented by Patribiotics and expand on our knowledge-base about HostKey.

Additional Dots

Whois HostKey

Lets get back to basics and do a whois search of HostKey. Here are some interesting bits from my results:

  • Registrant Organisation: Ocean Way Capital Corporation,
  • Registrant Address: POB 3469, Geneva Place, Waterfront Drive, Road Town, Tortola, VG1110, VG. ← — — This is the British Virgin Islands.
  • Registrant Phone: +31.20820377 (also, (284) 494–6643.)
  • Registrant Email: oceanwaycapital@gmail.com

Now, what else is connected to HostKey:

Threatcrowd.org is the shiznit.

Whois Ocean Way Capital?

Lets dig into dat email addy as well:

See also this list of associated domains I threw up on Pastebin.

J.V. doesn’t stand for “Junior Varsity”

One thing you’ll notice if you use several whois lookup tools is this:

The Mir Telematiki Ltd. d/b/a HOSTKEY brand name, license for rendering of telematic services №56755, a joint venture with foreign participation, since 2007 provides with services of server co-location and lease, as well as with additional services.

And

HostKey BV is a company that is owned by a foreign entity. The top holding abroad of HostKey BV: Ocean Way Capital Corporation, headquartered in Geneva Place Tortola British Virgin Islands.

In other words, Mir Telematiki Ltd. is another company behind “HostKey” (as a brand) in addition to Ocean Way Capital Corporation vis-a-vis HostKey BV (a corporate entity). It is probably not too irrational to conclude that Ocean Way Capital Corp. and Mir Telematiki are partners of some kind.

A little more on Ocean Way Capital Corp. & Mir Telematiki Ltd.’s operations

Linked within this Mensch article, there is a twitter thread Storified by Mensch and a tweet claiming the following:

Interesting. Prior to seeing that tweet, I found this comment to an article published in Aug. 2013 on Krebs on Security entitled “Who Built the Syrian Electronic Army”:

In addition to hosting servers for WikiLeaks and the Syrian Electronic Army, there is some research showing HostKey as hosting servers for “Iranian Threat Actors”:

“Iranian Threat Actors”…. For example, these campaigns:

  • UPDATE — NOTE 3.2 — From this tweeter-thread HERE.
Title of document is “Terror Franchise,” it is available on the Director of National Intelligence website (Bin Laden’s Bookshelf) HERE
  • See also:
http://archive.is/YYefH

According to the iSIGHT Partners report, hackers used 14 “elaborated fake” personas claiming to work in journalism, government, and defense contracting and were active in Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger. To establish trust and credibility, the users fabricated a fictitious journalism website, NewsOnAir.org, using content from the media like Associated Press, BBC, Reuters and populated their profiles with fictitious personal content. They then tried to befriend target victims and sent them “friendly messages”[1] with Spear-phishing to steal email passwords[4] and attacks and infecting them to a “not particularly sophisticated” malware for data exfiltration.[2][3]

Wikipedia

Note 5 — Rocket Kitten. In 2015, CheckPoint wrote a brief on Rocket Kitten, “an attacker group of Iranian origin [that] has been actively targeting persons of interest by means of malware infection, supported by persistent spear phishing campaigns.” Here are some interesting graphics from the brief:

None of this is to say HostKey hosted all of these above-referenced campaigns. However, if it is true that HostKey is an instrument of the Russian government, by extension one can conclude that the Russian government supports the Syrian Electronic Army and some Iranian threat actors. Iranian operations, like the suspected Russian election meddling, sought to weaponize data and social media to influence U.S. voters.

Other Possible Relationships

HOSTKEY BV AND THE RUSSIAN GOVT

HostKey BV is known to have three data center locations. It is a tenant of the CitySystems data center.

HostKey appears to be CitySystems only tenant. The address of this HostKey data center is Leninskiy prospekt 53 119333 Moscow. That address is the same address as the Lebedev Physical Institute. The Lebedev Physical Institute is part of the Russian Academy of Sciences, which was chartered by the Russian Government. Since 2013, the Russian government has controlled and sought to reform the Academy, in part, through Putin’s personal banker, Yury Kovalchuk (some in Russia called this draconian approach an anti-brainstorm) (see also Rossiya Bank).

OCEAN WAY CAPITAL CORP AND ALFA BANK

Ocean Way Capital Corp was formed in the British Virgin Islands in 2008 (HostKey was formed in 2011 with 1 employee). As noted above, its address is listed as POB 3469, Geneva Place, Waterfront Drive, Road Town, Tortola, VG1110, Virgin Islands. One phone number attributable to Ocean Way — at this address — is (284) 494–6643. Guess who else has the exact same PO Box and phone number….

SEC records on Alfa Telecom Turkey Limited confirm that address.

Alfa Telecom Turkey Limited is a huge holder of stock in Cukurova Telecom Holdings Limited. The board of Alfa Telecom Turkey consists of Alfa Finance folks:

Alfa Telecom Turkey is a member of the “Supervisory Group” (aka the Alfa Group Consortium) which consists of these related entities:

  • Note 8 — Trump’s Turkey Telecom connex: A, B, C, D

In 2005, Alfa Telecom Turkey loaned Cukurova Telecom Holdings Limited a few billion dollars. Litigation resulted a few years later when Alfa alleged a default in April 2007. The litigation was so messy it has been referred to as a low budget horror film.

As mentioned in Supp.3, Alfa Bank had to take a bailout from the Russian government in 2008. Likewise, Supp.3 notes that Trump allegedly took a bailout from the Russian government in 2008. Given the timing, I would not be surprised to see the alleged default as having played a roll in Alfa’s need for a bailout.

Also recall from Supp.3, Giuliani’s connection to Alfa Bank and the following segment from a 2013 NY Daily News article showing (possibly) Alfa Bank’s interest in U.S. politics and connection to staff from Giuliani’s presidential campaign:

Relatively recent SEC records suggest performance related to a Cuk. and the “DON” could still fail….

I kid, I kid….maybe

OCEAN WAY CAPITAL, LLC (Florida)

One last thing to bring up, and mostly as a preview of coming attractions, is that on August 24, 2016, Ocean Way Capital LLC was formed in Florida. This was not long before publication of the Podesta emails on WikiLeaks.

I’m not 100% sure whether this Ocean Way Capital is connected to Trump or any other party. However, Kleinman is involved in banking at a trust company, has been named by another Satoshi sleuth as someone possibly related to Satoshi Nakamoto (Bitcoin’s founder), and has an ex-wife who lands clients such as NewsMax for her employer, Rainmaker Ad Ventures.

In Summary

--

--