In previous posts we've talked about Netsential and how they constructed the websites for all of the DHS Fusion Centers.
Data Foundry though was the data center company that ran the computer server that literally hosted the 200+ websites.
Data Foundry has a few sister companies. Giganews, VyprVPN, Texas.net, Golden Frog, and Outfox.
The main claim these previous posts make, together with this one, is that Data Foundry is a front company for the Chinese government and military. Either in collaboration with or through deceit they managed to get Netsential to allow them to host all of the DHS Fusion Centers for the last decade.
There are so many things to be currently at 12 Security and with clients we are engaged with, so the following paragraphs will just be a quick roll of the evidence. Future posts will better organize a coherent narrative together, but at the very least these should raise substantial questions.
OSINT Evidence Pieces That We Currently Are Disclosing:
GoldenFrog / VyprVPN, sister companies of Data Foundry, have significant Chinese presence
Chinese Embassy and Data Foundry proximity:
Below is a map that shows the distance between the first Data Foundry data center, constructed in 1999, and the Chinese Consulate in Houston. Recently this consulate was implicated in a significant espionage case and the United States took the unusual and dramatic step of ordering it to close.
DataFoundry, Texas.net, and YHC Corporation are all the same company as well:
Netsential web server globals file:
This is a major file and very important screenshot that I am doing no justice by posting in the middle of this post randomly. It is likely one of the most important pieces of evidence from the entire #BlueLeaks dump.
First, what does this file, global.asax, do? It is present in the configuration for every single Fusion Center, and dictates how the website for that Fusion Center will run and overrides all other configuration points. The screenshot below contains source code that is exactly the same, save one or lines, for all of the centers that were part of the #BlueLeaks dump.
We have highlighted two blocks of source code. The first block you see, in the middle about of each line, contains two IP address blocks. We will return to these in a post. For now all we will say is that they tie in a very unusual company out of Orem, Utah known as Security Metrics.
The second block of lines, about five total, all have websites from the Chinese internet listed in them.
What does it mean? What would it have done to the code? Were the sites hacked?
First you have to know that every time you send a web request via your browser, you also pass along variables known as HTTP Headers. These help the server process your data and send back a correct response for the computer you are using.
Second, for anyone that knows the history of the Windows operating system they will realize we are simplifying a little bit and giving a more "Linux-esque" answer, but that should be fine for the majority of our audience.
Finally, and for the real answer, this is a "backdoor". If one manually edited the HTTP Headers their browsing was sending to specific values that were placed in this file, they would be passed through the firewall and into specific sections of the site. Additionally this access would not be logged as well by the system.
We will pick this thread up again later in future writings where we actually deploy these sites on a Windows 10 Pro computer running IIS.
Brief Analysis of Fusion Center server log files:
Leninist-Marxist Facebook Groups:
Communist agents living and working in the US while constantly hacking it from abroad was never a thesis statement any statement at 12 Security would have made, or even considered, two years ago. However we end this blog post by sharing active Leninist-Marxist groups, and even one North Korean Juche group, recruiting in the US on Facebook. Fascinating to look at: