Return to Unfiction unforum
 a.r.g.b.b 
FAQ FAQ   Search Search 
 
Welcome!
New users, PLEASE read these forum guidelines. New posters, SEARCH before posting and read these rules before posting your killer new campaign. New players may also wish to peruse the ARG Player Tutorial.

All users must abide by the Terms of Service.
Website Restoration Project
This archiving project is a collaboration between Unfiction and Sean Stacey (SpaceBass), Brian Enigma (BrianEnigma), and Laura E. Hall (lehall) with
the Center for Immersive Arts.
Announcements
This is a static snapshot of the
Unfiction forums, as of
July 23, 2017.
This site is intended as an archive to chronicle the history of Alternate Reality Games.
  

The time now is Mon Nov 11, 2024 5:33 pm
All times are UTC - 4 (DST in action)		 View posts in this forum since last visit
View unanswered posts in this forum
Calendar
 Forum index » Chaotic Fiction » Junko Junsui
[PUZZLE?] ALFA-CIPHER and the new 'darknet'
Moderators: Administrators, Moderators
View previous topicView next topic
Page 1 of 2 [28 Posts]   Goto page: 1, 2 Next
Author Message
adolgonosov
Decorated


Joined: 06 Sep 2009
Posts: 197
Location: SF Bay Area

 		 [PUZZLE?] ALFA-CIPHER and the new 'darknet'
Hi guys.. there has been a lot of stirring over the past month that A_Love_Supreme and I have been following. There are several shadow companies and a 'darknet' that people have told me may be a project of Alfa Group or Russian/US intelligence initiatives like IARPA.

A couple of weeks ago someone mentioned a new company, 'Third Roman Intelligence Directorate'. There is also another company, TRU, which allegedly owns or is partnered with Third Roman Intelligence Directorate.

A source told me they had been developing a software product called ALFA-CIPHER, and that it was part of a larger project called 'Aggregate Analysis & Event Prediction System' (AAEPS). They also said that it is some some sort of metadata tracking system that flags activities on internet sites/servers, and that it 'injects code into sites'.

Around the same time, I noticed something new on http://alfa-tsentr.ru. Below the banner on the right, there is a new symbol and the text "АЛЬФА-ШИФР".



As of about a week ago, this link is active and allows you to install the ALFA-CIPHER (AC) software. It is a chrome browser extension that looks like it does some pretty interesting things. Here's a direct link to the Chrome webstore.



There's still a lot more to look into, but here are some initial observations:
- Clicking the 'terms' link inside the interface takes you to a kind of TOS page on the Russian Ministry of Justice website and mentions an experience that will 'blur the lines of reality'.
- Attempting to log in takes you to the website of the Belarusian KGB.
- These pages don't actually appear to exist when the extension is not running.. they are only accessible through it

There is a lot more and I am not sure exactly how much to say, but I will try to fill in as more details as I am able.

PostPosted: Fri Sep 27, 2013 4:17 pm
Last edited by adolgonosov on Sat Sep 28, 2013 2:10 am; edited 2 times in total
 View user's profile
 Back to top 
A_Love_Supreme
Boot


Joined: 19 Aug 2013
Posts: 26
Location: United Arab Emirates

 		Re: ALFA-CIPHER and the new 'darknet'
You have done amazing research on this adolgonosov!

adolgonosov wrote:
... A couple of weeks ago someone mentioned a new company, 'Third Roman Intelligence Directorate'. There is also another company, TRU, which allegedly owns or is partnered with Third Roman Intelligence Directorate...


I think TRU and Third Roman Intelligence Directorate might be the same thing?

My speculation is based upon the name for the Russian army's intelligence,GRU.

http://bit.ly/138sWWG

In Russian this stands for 'Glavnoye Razvedovatel'noye Upravlenie' or 'Main Intelligence Directorate'.

See that abbreviation, 'GRU' comes from the original Russian.

What would 'Third Roman Intelligence Directorate' be in Russian?? When I google translate it I get 'Tret'yego rimskogo razvedyvatel'nogo upravleniya' but we all know that translator is not always accurate.

PostPosted: Fri Sep 27, 2013 6:11 pm
 View user's profile
 Back to top 
adolgonosov
Decorated


Joined: 06 Sep 2009
Posts: 197
Location: SF Bay Area

 		Wow, that is a good find ALS. Third Roman Intelligence Directorate as an abbreviation does transliterate to TRU (or TRRU) in Russian. My source said they thought TRU owned Third Roman Intelligence Directorate or was otherwise partnered with them in some way, but you might be on to something here... maybe they are the same.

There is a historical allusion here too.

Wikipedia - Czargrad wrote:

After the fall of Constantinople in 1453, the burgeoning Russian Empire had begun to see itself as the last extension of the Roman Empire, and the force that would resurrect the lost leviathan (Third Rome). This belief was the supported by the Russian Orthodox Church and given at least an air of legitimacy by the marriage of Ivan III to the heiress of the last Byzantine Emperor. It was allegedly an objective of the Tsars to recapture the city, but despite many southern advances and expansion by the empire, this was never realized owing to the Western interference in the Crimean War.


Third Rome is the idea that the Russian Empire is the third Roman empire, preceded by the Byzantine empire centered at Constantinople (second Rome), and classical Rome. There are many connections between the 'khozains' and these "Roman" lines:
- The Men of Taste insignia is the same as that of the Palaiologos dynasty of the Byzantine Empire (two-headed eagle), "Second Rome"
- The Junsui have mentioned Czargrad several times, "The walls of Czargrad have been breached", apparently in reference of Alfa-Tsentr etc. Czargrad is the Slavic name for Constantinople/Istanbul (Second Rome)
- Alfa-Tsentr.ru is registered to a Czargrad Inc. (check whois)
- Alfa-Tsentr et al are elements of the current Russian 'empire' (Third Rome)

This may be related to the Ottoman history too. Remember that Gwaschemasch'e was the wife of Sultan Abdul Hamid II and lived at Çırağan Palace, Istanbul (modern Constantinople -- Second Rome) when she became interested in 'maternal beauty' and the occult.

It looks like there is a faint historical thread that may tie all of this together. Maybe some of the groups we know now are even modern incarnations of some very old groups..

See here: Wikipedia - Third Rome
And here: The Tale of the Princes of Vladimir

PostPosted: Fri Sep 27, 2013 6:40 pm
Last edited by adolgonosov on Fri Sep 27, 2013 7:43 pm; edited 1 time in total
 View user's profile
 Back to top 
adolgonosov
Decorated


Joined: 06 Sep 2009
Posts: 197
Location: SF Bay Area

 		We also have a new wiki: http://junsui2013.wikidot.com/

This is incomplete/compiled information from the last few months. It is just a start but I hope we can actively maintain it as things progress. Anyone who would like to contribute is welcome... there is a lot missing.

PostPosted: Fri Sep 27, 2013 7:39 pm
 View user's profile
 Back to top 
bastiyang
Veteran

Joined: 14 Sep 2009
Posts: 90

 		Maybe old, but just wanna make sure this's noted.
Hello everyone:
I was just checking on http://alfa-tsentr.ru/ site to make sure of a few things.

I'm not tottaly sure because I haven't checked it since long time ago. There're a few things I noted about the site:

1.- All site links redirects to a 404.html page directly, which means they're not supposed to lead to anywhere.
2.- Checked the log in system. I noted that something was odd with it, so I tried a few things.
- The "forgot your password" link asks you to insert your email, but on the coding side, the send button does nothing but showing a message. It doesn't really do anything.
- The login system is tottaly fake too. It's not supposed to log you in, it wants you to fail the login.
3.- Here comes the intresting thing (and I insist, this may be old news):
If you fail to log in, you'll be sent to a warning, which gives you the following numbers:

-33.46912 -70.641997

They tottaly look like coordinates.

Since they added the new plug in thing, maybe this warning is new too.

PostPosted: Fri Sep 27, 2013 7:58 pm
 View user's profile
 Back to top 
bastiyang
Veteran

Joined: 14 Sep 2009
Posts: 90

 		Re: Maybe old, but just wanna make sure this's noted.
bastiyang wrote:
Hello everyone:
I was just checking on http://alfa-tsentr.ru/ site to make sure of a few things.

I'm not tottaly sure because I haven't checked it since long time ago. There're a few things I noted about the site:

1.- All site links redirects to a 404.html page directly, which means they're not supposed to lead to anywhere.
2.- Checked the log in system. I noted that something was odd with it, so I tried a few things.
- The "forgot your password" link asks you to insert your email, but on the coding side, the send button does nothing but showing a message. It doesn't really do anything.
- The login system is tottaly fake too. It's not supposed to log you in, it wants you to fail the login.
3.- Here comes the intresting thing (and I insist, this may be old news):
If you fail to log in, you'll be sent to a warning, which gives you the following numbers:

-33.46912 -70.641997

They tottaly look like coordinates.

Since they added the new plug in thing, maybe this warning is new too.


Ok,. just checked. The coordinates are just the global position of your ISP. Fail.

PostPosted: Fri Sep 27, 2013 7:59 pm
 View user's profile
 Back to top 
bastiyang
Veteran

Joined: 14 Sep 2009
Posts: 90

 		Re: Maybe old, but just wanna make sure this's noted.
Another intresting thing is that the javascript console is giving very weird outputs:

false p?n?v?j?f?g?http://(www\.)?kgb.by/(eng)? content.js:1
false p?p?t?t?q?6?r?2?h?.+(obolensk|cbsu.tc.cornell.edu|panoramio.com|thejunsui.wordpress.com|mvd.ru|periodico-solidaridad.blogspot.com|sacredsites.com|stemaid.com|delone.botaniklife.ru|pbs.org|femen.org|svr.gov.ru|junkojunsui.blogspot.com|donsmaps.com|junkojunsui.wikidot.com|blogs.scientificamerican.com|escapeintolife.com|arebelsdiary.blogspot.com|iarpa.gov|abovetopsecret.com|mathildasanthropologyblog.wordpress.com|cbc.ca|matome.naver.jp|mezhgorie.ru|dubistanders.de|fsb.ru|ohinternet.com|harvardartmuseums.org|nature.com|lebensspuren-deutschland.eu|nikolanbc.livejournal.com|jadaliyya.com|kremlin.ru|eff.org|science.nationalgeographic.com|biotin-kirov.ru|neo2.es|exiledonline.com|espectrofilia.ricardogreene.cl|structure.mil.ru|vault.fbi.gov|eternalfeminine.wikispaces.com|zavos.org|japandave.com|notforsalecampaign.org|thefeministwire.com|nsa.gov|farc-ep.co|belsebuub.com).+ content.js:1
false a?j?m?t?http://minjust.ru/ru/activity/thirdromandirectorate content.js:1
false 0?http://(www\.)?kgb.by/files/ content.js:1
false 6?2?8?i?v?5?9?http://alfa-tsentr.ru/en/index.html content.js:1
false 0?http://alfa-tsentr.ru/

I'm checking on them.

PostPosted: Fri Sep 27, 2013 8:23 pm
 View user's profile
 Back to top 
bastiyang
Veteran

Joined: 14 Sep 2009
Posts: 90

 		Re: Maybe old, but just wanna make sure this's noted.
Intresting, isn't it Mr. Markesano? http://companies.findthecompany.com/l/32061158/Third-Roman-Intelligence-Directorate-Llc-in-Wilmington-DE

PostPosted: Fri Sep 27, 2013 8:57 pm
 View user's profile
 Back to top 
bastiyang
Veteran

Joined: 14 Sep 2009
Posts: 90

 		Re: Maybe old, but just wanna make sure this's noted.
bastiyang wrote:
Another intresting thing is that the javascript console is giving very weird outputs:

false p?n?v?j?f?g?http://(www\.)?kgb.by/(eng)? content.js:1
false p?p?t?t?q?6?r?2?h?.+(obolensk|cbsu.tc.cornell.edu|panoramio.com|thejunsui.wordpress.com|mvd.ru|periodico-solidaridad.blogspot.com|sacredsites.com|stemaid.com|delone.botaniklife.ru|pbs.org|femen.org|svr.gov.ru|junkojunsui.blogspot.com|donsmaps.com|junkojunsui.wikidot.com|blogs.scientificamerican.com|escapeintolife.com|arebelsdiary.blogspot.com|iarpa.gov|abovetopsecret.com|mathildasanthropologyblog.wordpress.com|cbc.ca|matome.naver.jp|mezhgorie.ru|dubistanders.de|fsb.ru|ohinternet.com|harvardartmuseums.org|nature.com|lebensspuren-deutschland.eu|nikolanbc.livejournal.com|jadaliyya.com|kremlin.ru|eff.org|science.nationalgeographic.com|biotin-kirov.ru|neo2.es|exiledonline.com|espectrofilia.ricardogreene.cl|structure.mil.ru|vault.fbi.gov|eternalfeminine.wikispaces.com|zavos.org|japandave.com|notforsalecampaign.org|thefeministwire.com|nsa.gov|farc-ep.co|belsebuub.com).+ content.js:1
false a?j?m?t?http://minjust.ru/ru/activity/thirdromandirectorate content.js:1
false 0?http://(www\.)?kgb.by/files/ content.js:1
false 6?2?8?i?v?5?9?http://alfa-tsentr.ru/en/index.html content.js:1
false 0?http://alfa-tsentr.ru/

I'm checking on them.



Ok, the one who's printing this output is the Plug-in itself. The Boolean value at the beginning changes everytime you go to any of the sites listed in it. In example, if you go to http://alfa-tsentr.ru/, the false tag at the beginning will change to true.

I'm working on the "x?" values given after the bool.

[ED1:] Since the output prints the file and line number which called the "log" method, I've been able to check the .js file the plugin is using to do its job.
Reading a bit of the plugin code, I noticed that every time you enter one of the pages listed in the plugin output, a new "<div>" tag is added to the site, with class name "SheStirs_once". Which means the plugin is supposed to show various things once you enter any of those sites. The plugin doesn't seem to be showing anything right now, so expect some action in the future, or maybe you need to be logged in or something like that.

[ED2:] You can check for the plugin files at this location on your HDD (WIN7):
C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\dohgnfhjecpafcabdolamedhpfjdliag

PostPosted: Fri Sep 27, 2013 9:44 pm
 View user's profile
 Back to top 
adolgonosov
Decorated


Joined: 06 Sep 2009
Posts: 197
Location: SF Bay Area

 		Bastiyang, it looks like a selector of sorts. Those pages 404 if you go to them without Alfa-Cipher running; they are phantom pages, I think part of the 'darknet'.

Those URLs seem to be all JJ, science, or intelligence related. It could be a catalogue of sites that AC injects content into. It seems very strange that this would be console output - maybe a debug print that made it into production code? Either that or an intentional clue.

Great work, sir!

PostPosted: Fri Sep 27, 2013 10:12 pm
Last edited by adolgonosov on Sat Sep 28, 2013 5:55 am; edited 3 times in total
 View user's profile
 Back to top 
bastiyang
Veteran

Joined: 14 Sep 2009
Posts: 90
adolgonosov wrote:
Bastiyang, it looks like a selector of sorts. Those pages 404 if you go to them without Alfa-Cipher running; they are phantom pages, I think part of the 'darknet'.

I wasn't sure if this should be posted, but since you found it too, here's a full list of sites. Lots of the string constants in the source are weakly encrypted using reversed base-64 strings (will remove on request):

Spoiler (Rollover to View):

obolensk
cbsu.tc.cornell.edu
panoramio.com
thejunsui.wordpress.com
mvd.ru
periodico-solidaridad.blogspot.com
sacredsites.com
stemaid.com
delone.botaniklife.ru
pbs.org
femen.org
svr.gov.ru
junkojunsui.blogspot.com
donsmaps.com
junkojunsui.wikidot.com
blogs.scientificamerican.com
escapeintolife.com
arebelsdiary.blogspot.com
iarpa.gov
abovetopsecret.com
mathildasanthropologyblog.wordpress.com
cbc.ca
matome.naver.jp
mezhgorie.ru
dubistanders.de
fsb.ru
ohinternet.com
harvardartmuseums.org
nature.com
lebensspuren-deutschland.eu
nikolanbc.livejournal.com
jadaliyya.com
kremlin.ru
eff.org
science.nationalgeographic.com
biotin-kirov.ru
neo2.es
exiledonline.com
espectrofilia.ricardogreene.cl
structure.mil.ru
vault.fbi.gov
eternalfeminine.wikispaces.com
zavos.org
japandave.com
notforsalecampaign.org
thefeministwire.com
nsa.gov
farc-ep.co
belsebuub.com


These URLs seem to be all JJ, science, or intelligence related. It could be a catalogue of sites that AC injects content into. It seems very strange that this would be console output - maybe a debug print that made it into production code? Either that or an intentional clue.

Great work, sir!


If i had to make a guess, I'd say this game is on early stages (meaning Alpha or Beta stage). Accessing info was pretty easy. The plugin code is not obfuscated enough and all the assets for it were easily accessible.

The plugin is, indeed, a code injector for the sites listed there, and the fact that they're not injecting nothing yet means something's comming.

ED: Just in case, you can decode pretty much all strings in the plugin main JS with this line:

decodeURIComponent(atob("STRING_TO_DECODE".split("").reverse().join("")))

replace the STRING_TO_DECODE with the line you want to decode and paste it at the chrome console.

PostPosted: Fri Sep 27, 2013 10:29 pm
 View user's profile
 Back to top 
Sevren
Veteran


Joined: 01 Sep 2009
Posts: 139
Location: Spain

 		Hello gentlemen! I'm happy to see this has come back to life, and most of you are still around! My life is quite busier now than when this thins started the first time, but I'm still very interested in keeping up, I feel like a sleeper agent being wake up heheh.

I will try to catch up and then write to you again.

PostPosted: Thu Oct 03, 2013 3:50 pm
 View user's profile
 Back to top 
adolgonosov
Decorated


Joined: 06 Sep 2009
Posts: 197
Location: SF Bay Area

 		Hey JCRM, great to see you back!

PostPosted: Thu Oct 03, 2013 5:21 pm
 View user's profile
 Back to top 
AgentOfSantiagoMission
Guest


 		Guys look!
http://homeostatic.net/portfolio/

PostPosted: Mon Jan 13, 2014 4:11 pm
 Back to top 
adolgonosov
Decorated


Joined: 06 Sep 2009
Posts: 197
Location: SF Bay Area

 		Good find. My best guess (based on the suggestions of others) is that SheStirs might be slated to coincide with the Sochi olympics next month. I guess we will see.

PostPosted: Tue Jan 14, 2014 3:56 am
 View user's profile
 Back to top 
Display posts from previous:   Sort by:   
Page 1 of 2 [28 Posts]   Goto page: 1, 2 Next
View previous topicView next topic
 Forum index » Chaotic Fiction » Junko Junsui
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
You cannot post calendar events in this forum



Powered by phpBB © 2001, 2005 phpBB Group