Actions carried out by TSB appear to be a carefully prepared campaign. I first gained knowledge of their activity on 2016-07-25, that is approximately 3 weeks before their activity goes public. The first week of August 2016, TSB created and set up several of their accounts. TSB disclosed high sensitive information. Centralised platforms (e.g., GitHub, Tumblr., Dropbox, Sync) censored it, possibly as a counter-measure ordered by US agencies. This brought TSB to post its documents on platforms difficult to censor like Mega.nz, yadi.sk and magnet torrent link. TSB has rapidly evolved using platforms known either for their difficulty in being censored or for their (relative) anonymity to disclose its information in order to continue their activities (see “Analyses and Profiles” discussing TSB’s various public accounts).
The group had various interlocutors as its actions progressed. By challenging journalists (RT, CNNBRK, TIME, BREAKINGNEWS, BBCBREAKING, WSJ, NYTIMES, FOXNEWS, NEWSWEEK, HUFFINGTONPOST, REUTERS, NPRNEW, USATODAY) from the onset, the will to include public opinion is more than obvious. Then the integration of medium of communication known for their commitment to public freedoms (WIKILEAKS, FREEDOMOFPRESS, INFOWARS, ANONYOPS, DARKREADING, CYBERWAR, GUARDIAN, VICE, MASHABLE, WIRED). I also note that the suppliers of computer security products KASPERSKY and SYMANTEC are immediately questioned. In view of the tools publicly disclosed, another population is attracted, the “Information Security” community but also the intelligence community.