EXCLUSIVE: Leaked "RSA dump" appears authentic

  • Topic Locked
9 replies [Last post]
Thu, 08/18/2011 - 16:25
Patrick Gray
Patrick Gray's picture
Offline
Veteran Member
BloggerNetcasterSite Owner
Joined: 03/02/2009
Topic Source: 
EXCLUSIVE: Leaked "RSA dump" appears authentic

A massive Pastebin dump of domain names and IP addresses supposedly linked to a cyber espionage ring appears to be the real deal.

The Pastebin dump, dated August 15, lists around 850 entries containing domain names and IP addresses, supposedly leaked by "RSA Employee #15666". The dump asserts the IP addresses and domain names listed are used in command and control operations by a cyber-espionage ring.

Top
Thu, 08/18/2011 - 17:54
#1
Anonymous
Anonymous's picture
RSA Dump?

HB Gary dumps have been public for months, anyone in the know already knew about soysauce, tojo and FF, and the links to said domains...

now you are calling this an RSA Dump... how exactly is this an RSA Dump?

Top
Thu, 08/18/2011 - 23:14
#2
Patrick Gray
Patrick Gray's picture
Offline
Veteran Member
BloggerNetcasterSite Owner
Joined: 03/02/2009
Click the pastebin link in

Click the pastebin link in the article and you'll see why it's referred to as the "RSA dump".

You'll also note there's a handful of domains references in the HBGary doc and a shittonne more in the pastebin dump.

Did you read the article/pastebin link? Sheesh...

Top
Fri, 08/19/2011 - 00:56
#3
Anonymous
Anonymous's picture
Nothing New Here

These domain names and IPs have been out there for a while for anyone familiar with the HB Gary data dumps and other stuff going on by real security researchers. Just because someone claims they have an RSA employee ID ending in "666" and posts a list from a data dump, this constitutes an "exclusive" and authentic source? Give me a break.

Top
Fri, 08/19/2011 - 08:04
#4
Patrick Gray
Patrick Gray's picture
Offline
Veteran Member
BloggerNetcasterSite Owner
Joined: 03/02/2009
There are a shedload more

There are a shedload more domain names and IPs listed in the Pastebin dump than in HBGary's analysis, from what I can tell. That's what makes it newsworthy.

Top
Fri, 08/19/2011 - 09:07
#5
Anonymous
Anonymous's picture
Sauce

Seems legit to me.

Top
Sat, 08/20/2011 - 00:08
#6
Anonymous
Anonymous's picture
I did, I found the pastebin

I did, I found the pastebin before your post. I came here to read your take.

No reason IMO to label it an RSA dump that's all.. just misconstrues it.

Yes, there are a shittonne more there in the pastebin dump.

Certainly newsworthy..

Top
Thu, 08/25/2011 - 22:59
#7
Anonymous
Anonymous's picture
you're so right, Patrick

you're so right, Patrick should have said something like "the chances are this isn't an actual RSA employee"... oh wait...

Top
Thu, 10/13/2011 - 05:28
#8
Anonymous
Anonymous's picture
hmmm

quite a few entries of ip 255.255.255.255 and 127.0.0.1

Top
Thu, 10/13/2011 - 11:46
#9
Patrick Gray
Patrick Gray's picture
Offline
Veteran Member
BloggerNetcasterSite Owner
Joined: 03/02/2009
yeah you can consider those

yeah you can consider those domains "parked" I guess.

Top

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
  • Topic Locked