GAN & Gone: Manipulation of the Masses for Political and Social Gains

died San Antonio 2019 before we start with our next presentation we'd like to thank our Gold level sponsors st. Mary's University USA a Trend Micro digital defense and sans and for our next presentation we've got Ganon gone manipulation of the masses for political and social gains Logan Hicks yeah that's right man Texas man they need that okay fine but only for them whatever but all right man yeah so you can hear me yes right my mentor in the back absolutely mr. Dodson is awesome love that man all right so we're gonna jump into this pretty quick I like to hit the ground running so my name is Logan Hicks I'm ex-military as you can tell army I loved

it it was amazing huh that's right baby that's right I'd do it again if I could so I did after got out went to DoD I loved it DoD was awesome it was insane they waste but you pay me very well to do that I bought did obviously a lot of really cool places Pentagon DISA do them I helped build the March Center I helped tear down sky 7 I helped build up DISA and move it for Fort Meade that was super cool I've worked for the US military cyber school training this the nation's operators particularly working and building on their environments that they trained with I've supported Air Force One NORAD and Missile Command for

that I've just worked at a lot of really cool places one of my favorites is US courts which we're gonna catch into a little bit later here I run a lot of projects the Panda platforms just platform accessibility and development acceleration it's a project I built expressly for the open-source community to provide you unlimited data center and enterprise-grade services to support your projects it's completely free I have four petabytes of storage an unlimited number of security devices and it's free for you so work me as hard as you think you can mm-hmm we're on other projects Magi which is a platform I used to monitor about four billion people any privacy advocates you probably don't like me it's okay I only

use it to cut the hunt down pedophiles so you're not on my list Lucius which is a malware development and testing platform designed specifically for testing security solutions that is being brought back now at the Marcus case is finally done I don't like the ending verdict but it is what it is and I run other projects they're smaller in nature they're on the gitlab it's dead right now my son's in niku I swear this is a real NICU batch some of my platforms died while I was taking care of my son he's coming home today that's [ __ ] outstanding sorry about that but like we've been really worried about him he's coming home today I got that

text message like five minutes ago so I'm like super jacked right now sorry I haven't had any beer and I just got that news so that's really hard and I miss the craft beer I'm super sad and this man's like I got me or you didn't Yeah right and I run the dream of Dreams Foundation it's a platform that I created to solve several problems including jobless and homeless veterans which I will be bringing to Texas and so we're gonna solve that problem I've still got to get a response back from the governor's office I'm still waiting for that call or for me to call them I mean I don't want to hey I've got your

phone number and where you live your social security number but yeah by the way here's my thing yeah that's gonna freak him out so I'm waiting for him to contact me hopefully soon my numbers out there you can google it uh it's my actual number by the way do not SMS bomb me I do not find it funny I find it hilarious especially when I route it back but that's a PBX for you baby all right but yeah I support several projects in that um this is a breakdown about how I spend my time for some reason people want to know that I have incredibly good time management skills I work about a hundred and ten hours a week between projects

full-time job my own company my family and everything else because contrary to popular belief building a home is actually that feeling at home so if you know me on Twitter raise your hand thank God so over the past two years I've been working very hard to build a bot that I call the angry orange trash panda it's icon will be a red panda and it's designed to fight arguments for you on social media platforms it is cross-platform capable and someone brought up a brilliant idea I never thought about it can also now text so I'm working on that it'll fight your text arguments for you your email arguments for you once I get that integrated with Python through a django

platform and it will fight people for you using a NN networks and I've been training that by gathering the data sets and then it's using my arguments and other people's arguments against other people so it will actually fight your battles but but because it's awesome like you could summon I'm gonna be like hashtag summon angry orange trash Panda he'll come fight for you like it's like a Pokemon on the internet you can't beat me I win like he will fight you indefinitely he's ray V he's like got rant he's rabid rabies is amazing it's a crazy idea I have plenty of internet bandwidth and as you can tell nothing to do in my life but it's just a

project but I do I sincerely apologize to a lot of people like I've pissed off a lot but it was I think it's worth it we'll see maybe they'll forgive me a lot of people think I'm a mark I've bought I'm really not kind up I do take information from the market bots though and then add that as the arguments to see how they play out and typically they're really dumb the last one we were having an argument about how Central America isn't really real it's just like a fabrication of something the United States created in regards to Panama the Panama Canal and it posted a map from the 1500s to support its argument not exactly logical but all about okay

so it's pretty awesome obviously not the world's best developer so it's something I'm learning as I go so it's like a fly-by-night madness to break into the platform it is an incredibly sophisticated environment I have spent an astronomical amount of time and money to build it right now as of the last cost assessment it's over $800,000 so that platform is not free but it's got blue coats it's about steel heads it's got like I said four petabytes of storage a quarter of that solid-state space it's got over four-and-a-half terabytes of RAM like I think I like over a thousand cores it's just stupid I mean it's like a mid-grade company's hardware it's out there and

it's doing all kinds of crazy stuff it's built on OpenStack with staff clustered storage I've created a brand new storage type integration with that and natively integrate both lxd containers and docker containers to be able to run natively with Seth I don't know if that was overkill or not but it works well for me and I'm kind of lazy so it's like anything I need to cut corners I will Apache in Postgres I love Postgres I swear by Postgres it got bought by Microsoft so I wanted the force but it's not it works man I'm not a database man I'm not a database admin I'm not Database engineer but it runs really well and replication did not take me six

days to build like with sequel it took me like 60 seconds and so that's why I used Postgres also because the fact the only real language I know is Django so there's that our configuration management is actually a dual macro micro a sophistication that I've openly told people to try out and they don't really listen to but it works amazingly well for me I used juju for my macro controls and deployments and salt for my micro configurations for security and compliance and so that works incredibly well for me I don't know why other people don't do it but I mean if you want to go drive yourself insane with ansible or something that's that's your kool-aid

man but it's Bo for me all right so before we get too deep into my talk I will give you a word of warning what I do is incredibly dangerous to me mostly if any of you guys are familiar with what goes on with Facebook moderators they have an incredibly high turning burn rate so does Twitter so does Instagram and that's because the content that we're exposed to is pretty despicable to be honest there's some pretty [ __ ] people out there um but so I would tell you don't do it but then you're just gonna go do it because I said not to like I know my audience so I would say when you try this do so with

substantial amount of filters and do so at your own risk because it is like I said incredibly toxic the people I'm exposed to are toxic some of them are dangerous they're violent and I have found notes on my car in the past now whether that's from the Russians or someone I pissed off that remains to be seen my source code I'm gonna make most of it available on my git lab through the private repos which I'll be an invite-only basis and a lot of the project stuff will be openly available on the public github basis that can be found there so the project started because I had a cool idea by the way if you ever have a cool idea

you should stop because it needs to have a budget a plan and an objective completion date like because I started this thing in April of 2013 I am still building it so that's six years later um but yeah I wanted to see how hard I could push myself and what kind of challenges I could drum up with and when I started getting a little further in at about I would say 2016 2017 range I wanted to see that was around the whole truck Fiasco and I was like I was like I wonder if I could do that can I build something that can do that on an automated basis because that just sounds a lot hard

and I had to start realizing I didn't know anything about people like when it came to people I was like I people and then I started looking into psychology and I was like I don't people at all turns out they ride entire books on this and there's like a whole job on this like a whole field yeah and their job is very hard so I had to learn about a lot of things so I started focusing on the people that I did know which is tech people which I know pretty well and they typically break down as it describes here into an a B type personality they're either very very passive or exceptionally aggressive and as we like

to call it in the Twitterverse either you are an echo chamber or an [ __ ] but that is typically the way it breaks out but there are some characteristics amongst every one of them that comes out in certain conditions and that's that they're typically aggressive they're very territorial there are certain things like this is my lab or this is my container or my project and if you touch it I will spit venom in your face like a dinosaur like it's like straight-up like old-school Jurassic Park or they eat the guy in the rain like hardcore a lot of people have a what I would I don't like the word lazy but we're kind of lazy I

mean like I openly admit it I'm kind of lazy I like to recycle code I like the recycle system architectures hell I'll even recycle old documentation if I can just type a few things and make it up to date and that's just how we are we're very impatient typically very very impatient like when it started getting down the last ten minutes I was like I want to talk and I was like I don't want to talk but I do want to talk and so we're very impatient there's a lot of other things but we're very patterned based and so we'll do the same things typically every day we'll watch the same shows maybe the next season we'll watch

the next anime as well hit Netflix up but we're typically very scheduled we'll work our period of time and then that's our life every day 9:00 to 5:00 and then 7 to 3 3 to 11 11 7 type deals and that's just what we do and so we very predictable and that's where it gets fun is because we're also very predictable we also have to have some form of break point which is typically our social engagements which is where we become highly socially dependent on our circles and if you actually look into human psychology this is when I started learning about people to the hardcore degree people will actually die as infants if they're removed from social

circles if you deprive a child of human contact it will die that's been proven and tested so that's terrifying so what I started to realize what I didn't know was that people are very different they are not the same there's there's we say oh there's these types of personalities like oh you're an Aries I'm a Capricorn or whatever like we're like oh yeah we're all the same no not even close man like we don't even like the same shoot colors like I don't even I don't know why wear these shoes I don't like them but I wear them because I'm told to but we're very culturally different irrationally different we're very emotionally different and structured in

very different ways and that can play to both a benefit or a downside and that's when you start getting into big data and that's where big data really starts to play a really big impact really really quickly because you need to start analyzing people on an individual basis at incredible scale and there's only a handful of solutions and sources that you can do for do to do that with social media sites professional grouping sites like LinkedIn places like that any place where you have like resume storage like monster calm contrary to popular belief I can actually search your name in those sites on a recruiter account and find you directly on many of them not all of

them but many of them other big things that you can do is you can look in for publicly facing databases like I did on my last campaign doing bug bounty hunting where I found like 70,000 exposed elasticsearch databases I'm not going to lock that down if you don't have a login and a lot of cloud platforms surprisingly and terrifyingly enough s3 buckets galore are just loaded chock full of your data and if you start searching for those buckets and then you have sub parameters for searching inside that content if discovered we're like certain things like names picture cetera you'll find it and you'll find it in a grand abundance and it's pretty awesome when it comes into analysis it really is

a dealer's choice you should go with what you're comfortable with not with what you're told to and that's because just because you're told to use it doesn't mean I'm gonna use it effectively it's like if I walked over to somebody said here's an at4 go shoot that car with it just because I hand it to you and I say use this tool does not mean you're gonna use it effectively you're most likely 50% of the time end up shooting me so please don't but it's it's really important me I like elasticsearch I think it's an incredible tool I do not work for elasticsearch and I was not paid to say that they're just an awesome group of people the tools are

amazing the support for the platform is incredible and the documentation on it is just insane on top of that I like using Django with Postgres integrations because it's natively supported and it works incredibly well it's a crud system and it's me friendly and when I say that I mean I'm not a very good developer but it's easy to learn and easy to work with now when it comes down to engaging these issues and you start looking at engaging mass populations you have to start understanding there has to be a structured process and procedure for how you approach this and that is because if you change your process you skew your data you skew your results you make it

very very difficult to understand the campaign's that you've engaged in and so I found the easiest way to do that is to liken it to the OSI model and so you identify by region what region physically are they in whatever reason they're in is likely going to impact several characteristics about them their socioeconomic status their cultural status their ethnic status things about their history their past disasters that have impacted them collectively major events in their lives all these things are going to impact their social behaviors and one direction spectrum or another but they're all going to share those same traits which makes it a general way to populate them into databases in different sections or of

different micro databases especially if you start doing incredibly large campaigns and the hundreds of millions of people because you still need your data to be reasonably effective which means performance needs to make sense if I write a query and it takes it six years to finish well it's not really going to matter that I got the results back on who did or didn't like George Bush Senior if we're in the 2026 elections so it has to really make sense and I found that again modelling against the OSI model it very natively comes to us from the tech industry so I found that that's what I use and like all things the OSI model it's almost always a layer 8 issue

so do keep that in mind so when you're going to engage in these individuals because inevitably we know that's what you're gonna do you're gonna build a system you're gonna play with it you're gonna start messing with people just like I did and I promise you everything you think about how fun it would be it's that and so much more so much more um but I mean it it does have lashed back from time to time but it's it's worth it man it really is and you get you can do a lot of good with it too and I'll say that but we'll get to that in a minute but normally almost every engagement it

has to start with a trigger and that's what I like to call the ignition point or subject zero whether it's a person a place or a thing it's something that's gonna set something off whether it's me walking out and be like abortion is evil and like out of nowhere all of these people are just like whoa like it's amazing you just pissed so many people off with just one trigger just boom America is like a powder keg man or at least Twitter is and it's just so easy to start a fight over nothing which we'll cover in a minute and then there's always the response there's gonna be the point there's gonna be the response and

there's gonna be the reactive response to that response this tactic is very heavily used by social media platforms as well as news media platforms to generate content and to generate content response which generates engagement which generates profit they don't care so if anyone thinks they're ever gonna stop making like neo-nazis go away that's never gonna happen and that's because they make hundreds of millions of dollars a day on these people because they're driving more content oh that neo-nazi said what I'm gonna go click click click click click five clicks later you've looked at like 12 dollars worth of ads like that's what's up that's never going to go away understanding that is definitely going to change the Syst

you just have to understand that now when you start looking at campaign design campaign design is very very important if you don't understand your campaign design you're going to run into issues you have to draw a box what am I going to put in this box if it doesn't go in this box it has to go in that box campaign a campaign B you might end up building 30 or 40 campaigns off a one idea do not mix them the bigger the box the figure the data set the bigger the data set the harder it is to manage it the harder it is to interlock things together harder it is to interconnect things together the more difficult it is

to execute the campaign successfully the more likely you are to have to start over and do everything all over again because you did something that triggered a cascading failure that caused the old ultimately if the data to be useless and that's very very important now when you're building your systems is like I said do something with a system you know if you don't know the system don't use it and that's because it'd be like me trying to walk over and use a Solaris box it's just it's gonna end bad man like it's not that I don't know UNIX it's just I don't know Solaris it just seems like voodoo or something I don't know like I don't know maybe it's maybe

this UNIX that I don't know but I play with BSD FreeBSD and it's just I think it's Unix man how many UNIX is just like it's too hard so fast but definitely know your tools and test your tools internally one of the first things I discovered when I was messing with Twitter twitter has a lot of security implementations in place to keep you from just screwing with people contrary to popular belief there's a lot of things there protecting you as a user I had to actually build a Twitter clone to figure out how to navigate the waters so to speak not to bypass the security things because that would be against the rules but play within the sandbox to the

maximum level possible I had to build a Twitter clone to do that and so it was very challenging um but there's tons and tons of clones out there on github you've got a clone for pretty much every major site that exists that's why I like Jango because there's Jango clone for everything and that's because everybody for some reason decided to use bootstrap and so it's Jango bootstrap inserts some kind of JavaScript here database typically some kind of major database like Postgres and that's entire set up again and again and again and again and again which we'll get to those systems now before you start your engagement make sure your shits working I was like halfway through an engagement

a couple of weeks ago and then like I realized I wasn't getting any data and then I checked I had cut off all three of my Postgres database servers they were just just laying there and I was just like what happened and I was like oh I was putting in more hard drives and didn't want to electrocute myself when I was swapping out the RAM I killed my databases and I just left them off so definitely check your hardware when you start building baselines like I said one of the things you want to do with your baselines is well it depends if you're gonna do like what I do and you just if you're just going to try it out don't

build a baseline just build whatever you want but if you know for a fact that you really enjoy what you're about to do build several baselines because you're gonna blow them away a lot and that's why I use templating which we'll get to in a minute but the baselines are very very important and then when you start to accumulate your baselines not just when you're doing engagements but when you're doing this re not just a software when you do new engagements you want multiple baselines for that as well so when I start to engage people for instance on the the interpersonal basis I need to know where I start at and typically for account of my size that

engagements around 100 to 700 impressions what you need to keep that number in your mind as we get to the engagement so this was a pre base to a fourth stage campaign so it's broken up into four series over a period of time for a cool-off period I've learned that if you make people angry and you give them just enough time to breathe you can make them angrier and then you let them breathe and they get angrier so it's like an ex-wife you're just building up to that explosion point and it's really awesome and you're gonna see so this was about stage 3 I would say so when I look at my campaigns for this campaign we're

about the cover I did a lot of engagement stuff so I was looking at things for people that I knew that I could get to and so I started looking at the campaign from the perspective okay I've got about 70 to 90 people that just actively harass this this uh this profile so to speak that I built and they're just like I really set them off I think around campaign to Phase two of this is yeah it was campaign two and it was the second phase of this campaign and I really pissed some people off with immigration so that that went really really well and so I was I was messing with that and I started building

profiles of some of them with Magi system that worked out really well and I started looking at the other content from other sites that they were posting on so I could see the reactions on other social medias because typically when someone rants about something that makes them mad enough they don't just talk about it on that site they'll say it on something else like Facebook or Twitter or Instagram if they were on something like Reddit or something so they're constantly talking about a multiply sees but they'll say something different and you can tell whether our emotional trail is going and so if you know if it's like if they're getting angrier perfect they're getting a little more calm okay

I need to poke them a little harder and so we'll get to there in a second and so for me everything I do I store like I said I have four petabytes of storage I can store everything pretty much for forever at least in my life and so that brings me to the objectives in my campaign so I said I wanted five objectives I wanted to get someone to argue on the Internet in the United States that you are not entitled to your constitutional rights and that they can be changed at anytime my second one is I want it to be harassed which is that's an easy a decade it's like I'll get a low-hanging

fruit in there then I said I want it to be sexually harassed so that's like a hard wall like most people won't cross that line and so I want to see if I could push someone that far and then I wanted someone to threaten me physically I mean that one's that was okay that one's a low-hanging fruit most people are tough guy syndrome they'll threaten you no big deal and I wanted to be dots which is actually harder to get done to you than you you would think like most people won't cross that line but we'll get to that in a minute so I started looking at the groupings for the metrics so as you can tell I

a substantial amount of data surprisingly this is provided to you for free by Twitter they will tell you everything about your entire grouping that you are engaging with it's on everyone's account under profiles drop down list it says analytics and all that data is right there it tells me everything about you that I need to know like 97% of the people I engage with like dogs so gee I wonder how they'll react if I'm like PETA kills all the dogs and then show a dog and eaten by a lawnmower or something like I wonder how that will cause what reaction could that possibly cause gee I wonder and then as you can see here on this scale the

massive blimps those actually represent hundreds of thousands of reactions so the average small-scale one here yeah that's 1,500 on an account with 1,500 people so I got a one impression per person on the smallest low-hanging bar now when you see the other ones that are astronomical in size you can see a huge difference now when you start to engage these people they don't sleep it seems so I realized I will get tired I'm on a different time schedule and I work hard and I have a baby so I need to sleep that does not mean my systems have to so you can automate this entire process with poor tainer which will allow you to build incredibly

sophisticated templates to include automatic message sending systems with a built-in browser through selenium which we'll cover in a minute and it will actively allow you to send communications and responses back with a pre-populated list of things to say like with angry red trash Panda my little trash baby it's gonna be amazing it's can be totally amazing and then you can automate all of this with Python scripts it's very very easy I mean if you just like PowerShell I tried PowerShell PowerShell will work I don't know enough bash to do it but I know it can be done but typically I would just use bash to give me a Python shell which then I drop and this

systems with with PowerShell if I was gonna do that but it's it's wonky I've been playing around with the developer shell and with PowerShell being migrated over to Linux so we'll see how that plays out and then you can automate a lot of things with Django but we'll cover celery in a bit now when you're building a profile on people you need to understand the individual you need to understand them to an intimate degree so that looks about like alright from this guy and the Star Wars shirt over because I'm a Trekkie all the way over statistically I have your social security number and everything else about you and it's pretty awesome how much information is

out there on the Internet in database dumps database leaks I've got about two billion email addresses and like I said I actively monitor about four billion people and you can do this through social media systems they give you access to this unlimited unrestricted Sun limited I mean but you can you can hit it for specific object specific persons and specific time frames to the point to where pretty much it's unlimited if you just manage your resources properly so yeah we'll stay unlimited with some quotes but you want to build that profile and it's very important why because this gentleman here does not react the same as this gentleman here to my jokes because he finds me funny and he doesn't see he's

like no I don't mind you so it's like okay go watch Chris Rock I'm not a comedian but yeah and it's it's very important to understand your audience and that's because as you engage your audience you'll learn certain things from you they'll tell you things without realizing they just pretty much hand in a playbook on how to harass them and that can get very dangerous for you as an individual very quickly as you'll very soon see now other things that you want to know is you want to know historical statements about them so typically from Twitter I could pull back easily ten different years of things that you said online most social media platforms will support that request so

like for Trump for instance that pulled like all of it don't there's a lot I thought I was gonna break my internet connection for a minute and get like a phone call why did you break her in that I didn't do it I swear but yeah so there's a ton of information you can get the more you catalog like I said the more you have but it's the same issue the NSA ran into you which is they have too much data and they can't do anything with it because in order to process it you have to process all of it and the issue with processing all of it is as you process it it takes time it

takes compute it takes resources electricity it generates heat and if you push your systems too hard like I found out you will trip all of your breakers and all of your servers will turn themselves off yeah yeah that was not fun um other things you want to know about is the connections connections you know how your network that you're targeting is interconnected and so once you start learning how they're interconnected you can start understanding how to trigger them so you can learn how to for instance say something to you which sets her off and that's because you two are friends but I know that I also know that she likes cats and you like dogs for instance

that's just an example she may not cats she looks like she does my kids not cat lady okay yep - cat oh oh look at that statistically there's always - yeah so even that's how it plays out and it gets pretty good pretty quick because then you can be like okay well I want to set this guy off but in order to set him off I have to reach her but I know she needs to retweet it so I'm gonna have like a dude kicking a cat and so she's gonna retweet it cuz she's mad and he's gonna see it and he's gonna say something and then I can engage him boom he got dragged into the conversation but that's

how you do it and then once you build that up you need to understand a handful of very important things you need the profile you need to read the profiles then you need the emotional state of the individual are you calm are you anxious are you bored and then from there you can say okay well this is where they're at what are their areas of expertise what do they know because if I say something stupid about something you know that's ignorant by nature of being arrogant you're gonna say something we know those people someone says something stupid on the internet you just have to say something back no that's not right it's bla bla bla that's not in a

declaration of independence that's in this the Constitution doesn't say that it says this which is what I used to drag the guy in for the Constitution thing and and then these simulated events like I said those are my objectives here this is the analysis this is how the initial reaction started as you can see at a hundred and ninety thousand impressions from about 200 from normal I got a slight response well a thousand times oh yeah so it was pretty awesome as you can tell I could say hashtag triggered would be a very good description very very good information and I captured all five flags so if this was a capture the flag event for Def Con

or something I definitely would have won I got someone who threatened me I got someone from Mozilla to build a harassment campaign against me I successfully raised through her fifteen thousand dollars for women's reproductive rights so I find that to be exceptionally successful campaign through two different organizations so it did very very well so it was abortion and Planned Parenthood but I feel like that came out very well I got the guy to argue against me for the Constitution he argued that it wasn't something that said in motion that that could actually be changed they're not completely immutable and we'll leave that there and I got someone from Google to sexually harass me which was just beyond

phenomenal now please don't blame these people I'm very good at what I do and as we continue to dig through this you'll see I really enjoy what I do I don't like tormenting people and they don't deserve to be punished for something that was honestly incredibly manipulative with with two of them with like six months plus of research into everything historically that they've ever done ever so that was like a social engineering campaign that just it was designed to crush and destroy like six people so it's just not fair but now we're gonna get into a live campaign does anybody know who Jason Lee Van Dyke is nobody wow this is Texas he's in your area

oh man okay so what happened see what happened was is I was driving back up got into a little bit of a scuffle Papa and Pope at school guy X federal prosecutor maybe initially still federal prosecutor and Pope hat brought to my attention through another guy Arden something honestly I forgot him he wasn't even on the list but he brought up a case that I thought was interesting sounding from an attorney who just lost his [ __ ] and I was like attorneys don't just lose their [ __ ] having word from US courts they are very calm and structured people it takes a lot to push an attorney to do something crazy like the

affidavit that I read that he actually served to a court it was insane and I was just he was like I refuse to be in the same courtroom as them I'm not coming back until this guy is dealt with and I'm just like that is incredibly extreme and no one just quits their own court case against a lawsuit they filed against someone unless there's an extreme circumstance so I was curious right and me being me and having the resources I do I was like you know what I've got 16 hours since I drove here from Georgia I'll call him let's see what happens so I called him and he answered hmm oh and it was lovely so I got to dig into

this issue because I'm curious I'm open-minded he was he's part of this group called proud boys does anybody know what that is so proud boys is actually a group that I look no don't know down down he don't like it yeah it's okay I looked really heavily into that turns out they're actually not nearly as bad as you think they are one of the actions that they took recently was they reacted to hurricane Harvey by for four days they provided disaster relief medical treatment and assistance and supplies to organizations and individuals out there that's been confirmed by the National Guard the constable and the mayor so it's highly unlikely that an individual classified as a hate group would provide

aid and assistance to a groups groups that are primarily after the Khmer African American Hispanic in population and that again comes down to profiling the area and understanding the geographic circumstances now there are other actions that I found behind that that I don't agree with there have been things that I've been said that are absolutely unacceptable but a group collectively is not compromised of one individual it's collectively the entire room it's like saying all hackers or criminals because one person broke into a bank and stole like a hundred million dollars we're not all criminals that person definitely us not so much but I started looking at this issue they got really fascinating really quickly this is a breakdown of

the campaign for the subject started analyzing the subjects understanding where they come from who they are what they do so subject a is Jason Lee Van Dyke the individual the attorney he does have pending charges against him pending suspensions ongoing suspensions and potential disbarment he's a state barter individual for affiliation and he's also a proud boy that's confirmed then the opposing party is subject B which is Thomas Rex laughs which is his profession is supposed to be a systems administrator for websites he is a convicted felon with vex he's also been court-ordered as a vexatious litigator which means he actively tries to sue people into oblivion with frivolous cases to the point to where the court

said you're just here to harass people and he's got a substantial number of affiliations allegedly one is a hacker on hacked forums which I've tracked down to about six different monikers pink mouths calm a revenge porn site Tex TE xxx a ENCOM which is a revenge porn site is anyone up calm which is a revenge porn site and several others now this is where the things really start to get interesting is when we started analyzing the group because like I said when you look at individual the profile needs to expand so when I started looking at the profiles I started to notice the repeating pattern mr. red sloth has collectively engaged every attorney individual Murray's private

investigators and other collective individuals who have gone after revenge porn sites and he's tried to sue them on multiple occasions to include filing multiple grievances and multiple jurisdictions against every attorney that's actually successfully shut down or attempted to shut down the revenge porn sites and any attorney that's attempted to defend the individuals from the litigations that he has filed against set attorneys so it's been quite the fiasco it's like I said I learned about this what's the day sorry I've lost time today's Saturday yeah I learned about this on Thursday night I didn't start looking into it until Saturday that's a Friday Friday yeah Friday when I was driving up sirs they slashed Friday X I didn't get into

like midnight so it's been pretty crazy there's dozens of docket cases so this is a very heavily recorded and documented case basis and so with all the revenge porn in mind I decided it would be interesting if I brought my group to the part and so you know has anybody ever heard of the organization badass yeah badass is the coolest and most badass organization ever they specifically focus on rum by miss Bowman on hunting down revenge porn sites and so she's volunteered her time and resources to help me look into this matter I've got Joe Grey a very good friend of mine and mentor he's helping me with some intelligence stuff and from my military intelligence and

counterintelligence background I've reached out to people in other countries and other governments to get me information so that's actually gonna be really cool when I get that feedback back so this is an actively ongoing thing I'm looking into I don't know if I'll build a campaign on this or not but definitely gonna file some paperwork and so this is where the allegations kick in because you have to actually understand the individual in the actions they take in things that they do analyze their behaviors so mr. Van Dyke he has said some racist things online one was in response to an African American gentleman of incredibly racist nature which is unacceptable obviously in response the gentleman

posting pictures and information including his mother's social security number online on a social media site which still doesn't make it acceptable but that's the background behind that and then mr. red slap has quite the list starting from having his children taken away from him too for pedophilic tendencies for to being accused of sexual assault domestic violence burglary he had is a daughter accuse him of posting her naked photos on sites like the his magnifica dove theft tampering with evidence falsifying government records possession of a weapon on a military school providing harmful material to a minor so this it's quite the scene down here in Texas not our scene but definitely is seen to look into and this gentleman has been

actively engaging in campaigns and something that I've been teaching here about when I noticed almost immediately since 2014 so this has been a five year campaign so to give you an idea of your adversaries and their activities they will run these campaigns against you sometimes for years like with mine I ran my campaign for two years I prepped for two years and I built out well technically so that prep work isn't really fair to add on my prep work was about three to six weeks for the systems for this specific campaign and I'm running two years running and then I actively did systems maintenance and upgrades in time sorry in real-time while I was working the campaign the

campaign itself took me about a year and a half to really understand what I was doing how to engage people how to do what I was trying to do actually effectively and then six months of that dedicated to months of engagement time frame for the first campaign to try to really get my grasp on the people I was engaging and then four months with two as a downtime and then the last two months to really turn the pressure up because I was aiming for Derby con but then I just like you know what I'm not gonna make it because all the situations and I was like b-sides yeah and so Texas so I'm really good so I was

like you know what I'll aim for b-sides SAT X and I barely finished by three days I got the last flag like three days before so it was like I think it was like this week or that I got the last flag so really really hard but I made it so getting into the systems onto the back ends you've got Jango over what I use Django I use Django rest api it's natively built into the - the Django platform very easy to work with you've got all kinds of systems with that you can integrate it with natively to include celery I love it you're going to run into some asynchronous issues because you're going to try to run large

campaigns you're not to have multiple systems running at the same time and you're going to want to correlate your data together eventually and merge the data together when you do that you're gonna have a lot of columns and field data as mismatching and they're gonna have data collision which is gonna cost data loss which is gonna cost cascading failures I know this is a mistake that I made and when I did that I lost entire campaigns they were small campaigns but I still lost them and so you want to have that set out laid out you're pairing issues if you're going to do any kind of synchronization between Linux servers make sure your pairs are both

actively running I made the mistake of not bridging my connections properly and I had breakdowns on my communications between my servers that were pairing with databases on both sides and I ended up a data corruption from that and replication issues if you're gonna replicate the data to have high availability and higher performance make sure the replications are set up properly and running properly test them before you use them I made that mistake as well your data when you go to build your database systems I initially started without the current the systems that I have so I just ran a staff cluster with clustered systems your set box you want to have a triplicated SEF node which is where juju will come in

handy yeah juju will actually help you natively deploy those with minimal efforts and it will really help you with a macro control of that I recommend a three to one or greater because any more than any less than that it's really overkill for nodes and then anything if you really want to scale it don't go to anything over 20 to 1 for OSD boxes to the assessment system because then it's gonna start to overwork your Cephalon systems and they'll slow down and then dedicated networks I found if you dedicate your networks they'll run better so split those up if you get really really really large put the OSDs on one network put the set mods on

another network and then just let them in or communicate through l2 l3 an import Ainur port Ainur I found that if I use templates I drastically improved my performance and my administrative times I've drastically lowered how much time I put into managing the system itself including with network storage portator will allow you to configure that into the templates the Postgres database is always triplicate your clusters anything else it just blows up in my face but again I suck at databases so I would recommend whatever you're comfortable with but I use Postgres I always triplicate now and I do masters and slaves I do a master for writes I do my clusters for slaves for reads and that's

because I want one to be writing to one system and one to be reading from another so my performance on my read times it's gonna be harder on my systems because once you do something you're not gonna all send me all your messages at once you're gonna message me over time but once I have that I want to write to that master and I want it to replicate to the slaves and in the slaves they'll be the ones that I'm doing all my data processing with and so I don't have to worry about that load balancing pick your poison I mean I've had a lot of good times and good experiences with Apache and AJ proxy feel free to do

whatever you want a lot of people love Engine X for some reason I've never had a good experience with it but I'm also not familiar with it and so I don't want to speak ill of the software because it's got a lot of great history a lot of great performance theoretically it performs better than an H a proxy on a performance basis but that's also because everything's on a single process from when I've read up on and seen and if that process fails everything fails and that's why I like H a proxy if a process dies when H a proxy all my other processes stay up but that's my choice selenium selenium will allow you to do a

lot of things for your instances for automated logins and you can also have built-in proxies and the browsers that you're using and so when you're doing that with selenium a lot of things you can do with selenium to include automations of IP points so if you want to use proxies for hundreds of accounts thousands of accounts tens of thousands of accounts you can do that and you can assign the spaces inside of your containers to take care of that to where each container lot is using specific profiles so that your profiles you can have like a profile lot for on one stack for Asia another stack for the Pacific region or Australia or the US or however you want to lock that

out and break that down with you can al okay I want more people on this campaign for the US campaigns against I don't know cats vs. dogs and so I want more dogs and cats all right I need more in the u.s. I'll put that in that lot to pull em on that lot it'll eat more resources from that lot but you know what hardware it's pulling from so you know which one to buy more gear for so it's very easy to manage that you can use xamarin for mobile if you really want to get actively involved in engaging people on the standard platforms that not get caught you want to break that in between mobile and

browser-based and you want that to average out to enter to international standards if it doesn't make sense the social media platforms get suspicious really fast and so the statistical anomaly start to pop up they're gonna start shutting your bots accounts down so you don't want that like I said tango with the Jango it really does help me I'm not saying you have to learn Django but it was so much easier with Django because it's got so many templates celery is a god thing you can automate almost every type of task imaginable with celery and it's phenomenal you can integrate it with brokers or with sequel with a sequel alchemy you can use it with Reedus you

can do all kinds of crazy stuff with it I absolutely recommend it it's super cool I do a lot of patching stuff and maintenance tough with it so definitely check it out if you want to get lab I use almost exclusively now and that's because I found that I can do a lot of things with get lab runners that I couldn't do otherwise for Taner like I said I use Cortana to help me deal with everything and my email services I use with a generic Django platform I downloaded arm line like that was awesome from github I just pulled it off again hub pick one there's hundreds I just found one that I thought I thought sounded cool that

could let me use multiple list series so I could build profiles with this series and then the profiles could be automatically emailed or communicated with like I said with the angry Trash Panda it will email you it's super awesome and then like I said I use juju to help me with the configuration automation so does I also use a salt the difference is is I use micro controls of salt I use macro controls which juju and the reason is quite simple juju is very easy to understand how to use an administrator with salt is extremely complex but it is exceptionally potent and effective so I recommend both and so my last piece is you can pick one and I

will give you the answer to it I will give you the answers and information on the Russian hacking and interference allegations the true amount of debt the United States is actually owed and how that breaks down how much money the IRS costs every year to run for the truth about the cameras analytics scandal who wants the first one let's see it hands and make it easier yeah democratic process to see see this is why Trump won two people voted man who's up for number two who wants number three oh boy who wants number four oh man Cambridge analytics alright so check this out so with Cambridge analytics what happened with Cambridge analytics is it was discovered that Trump

leveraged cambers analytics a uk-based company an organization that was operating as a contract basis in the United States for the purposes and intents of sharing data with individuals expressly for the purpose of profit for the purpose of manipulating election series what was not disclosed as the fact to most people that Barack Obama did the exact same thing the campaign series before and this practice has been ongoing since the time of net Gate they have been sharing your information for direct communications for the purposes and intents of manipulating elections and changing voters opinion since Netscape and if anyone wants to know how long that is that it will be out sending to Google because Netscape is older than I am

so that's at least thirty years well beyond what happened with Cambridge analytics and the reason why was specifically and expressly because Cambridge analytics was a target of political assassination and that was expressly because of the fact that Cambridge analytics refused the Clinton contract because Trump paid more just so you're aware they both wanted to use Cambridge analytics but that's that one can I get a beer oh there we go okay yeah which one do you want I'll give you one more all right no less boy you don't just get to scream maybe what you want you got a vote man it's a democracy who wants Russian hacking oh [ __ ] okay who wants the US jet no okay all right

catch me at the beer and I'll give you that one all right does anybody have any questions outside that's totally fine