What if my hypothesis regarding Snowden is correct?

Ryan Carboni ryacko at gmail.com
Sat Jun 17 23:24:22 PDT 2017

The hypothesis being that Snowden is at least a triple agent. Ali Mohammed
provided material support to Al Qaeda, but that was because he betrayed
both the Army and Al Qaeda for the CIA. His sentencing has been on hold for
a long time, and it is interesting no one asks questions about it.

If one was to look for information about my hypothesis, what would one find?

The implants are configured to communicate via HTTPS with the webserver of
a cover domain; each operation utilizing these implants has a separate
cover domain and the infrastructure can handle any number of cover domains.

Each cover domain resolves to an IP address that is located at a commercial
VPS (Virtual Private Server) provider. The public-facing server forwards
all incoming traffic via a VPN to a 'Blot' server that handles actual
connection requests from clients. It is setup for optional SSL client
authentication: if a client sends a valid client certificate (only implants
can do that), the connection is forwarded to the 'Honeycomb' toolserver
that communicates with the implant; if a valid certificate is missing
(which is the case if someone tries to open the cover domain website by
accident), the traffic is forwarded to a cover server that delivers an
unsuspicious looking website.


Snowden's revelations increased the amount of encryption. However the NSA
already collects a great amount of information through other means. For
reasons unknown, much of the Snowden documents are classified at Talent
Keyhole, which is explained at (
). Although overclassification is typical, afterall, many of the "secret"
paragraphs are really FOUO because they are used in the private sector
already (
), the thing is that this implies the NSA collects data through means
unhindered by encryption. Which makes "Practical-Titled Attack on AES-128
Using Chosen-Text Relations" all the more concerning. Why mock side channel

Furthermore, Github has made accidentally publishing your shared secret
very easy.

Many cases where AWS refunds thousands of dollars of fraud because someone
accidentally publishes a Github key. To think that could be millions of
dollars a week. Just refunding fraud. Naturally official CIA documentation
would not suggest committing a crime, that would be like putting login
settings to the production database into the tutorial (

Interestingly, insecure defaults imperil national security:

Regardless, you can still troll the NSA. They couldn't even design the
Clipper chip correctly.

Anyway, this modified limited hangout phrase is some really high level
linguistics. Really complex, seems to intentionally prevent the reader from
seeing patterns.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4238 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20170617/dcb212bf/attachment.txt>

More information about the cypherpunks mailing list