Author Archives:

The Emperor Is NAKED

Posted by Krypt3ia on

emperornaked

gedh gedh gedh gedh gedh gedh

OMG THE DAM DATA!

Last week a report came out on Wired about how the ACE (Army Corps of Engineers) database was hacked by China and “sensitive” dam data was taken.. By China, let that sink in for a bit as there was no real attribution data in the story. Anyway, aside from the BOOGA BOOGA BOOGA headlines I had to wonder just how hard it was for these “Chinese” hackers to get in and steal the all important super secret DAM data. Given the nature of this type of site and the groups involved in generating, managing, and *cough* protecting it, I had a feeling that it would be rather easy to get the information without having to be uberleet. Sure enough a quick Google Fu session showed me how easy it was to just bypass the login and password scheme as a proof of concept. You can see from the picture at the top of the page that you can just download what you like there (16 meg on dams alone) just by clicking a link on Google and then the link on the page that is not supposed to be served out without authentication.

*I feel so secure now*

So yeah, there you have it and I still cannot understand how the media types paid no attention to my attempts to make them aware of this little factoid. See, here’s the thing kids, I didn’t go any further. Nor did I download the 16 meg file because, well, no one else wants to be Aaron Swartz right? I am sure they could even try to squash my nuts over this post alone but hey, I am sick of the bullshit stories of China hacking our shit when in reality all one need do is GOOGLE the information. This is not to say that this information here is the SAME information that was allegedly stolen by China, but it is a PROOF OF CONCEPT that the site, EVEN TODAY is still insecure and leaking information without authentication!! (yes above pic was taken today via a tor node) So, when I stopped there one has to continue to wonder if you looked further and enumerated more of the site by directory walk could you in fact get even more access?

Feel the derp burn…

OMG CHINA!

Meanwhile back in the hallowed halls of Congress and the Pentagon we have reports coming out in pdf that China is hacking our shit to gain a better “war footing” by taking such data as what this story is all about. DAMS COULD BE BLOWN! WATER COULD LEAK! LIVES LOST! yadda yadda yadda. If you were to take it seriously then one would think that SECOPS demands that this data would be classified and protected per classification. Obviously it wasn’t given the access that you see above as well as the alleged password issue that the hack was allegedly predicated on in the Wired article. But I digress.. I am meaning to talk about China… Yes, so the DOD puts out a report that is subtly saying that no longer are the Chinese only looking to steal IP but now they are looking for ways to stalemate us in war.

*blink*

NO WAY! Like we aren’t doing the same thing everywhere else as well? Derp! Look, it’s only natural that they would be doing so and their doctrine says as much. Just go take a read of their doctrine on all things cybery and you will see that the domination of the infoscape is really important to them. We have only been paying attention for a little while now and we have catching up to do! Alas though, not all roads lead to China so really, I would love to see some attribution on this alleged hack on the dam data when one, once again, could just GOOGLE that shit up. As they say on the internets.. “Pictures or it didn’t happen!”

OMG FAIL!

So here we are again. Our cybers are FAIL and the news media perpetuates more FAIL with their non depth articles on the problem. Maybe China stole some dam data. BIG WHOOP. The real story is that the site that it came from and the people watching it are not paying attention to the cyberz. Their clue phone is broken! They do not know how to “Internet” and it is just another derpy hype cycle in the media that allows China to be blamed for our own stupidity. I swear somewhere there is a Chinese guy laughing like Chumley rolling on the ground over this.

Smell our own fail kids… And weep.

K.

The Stand Alone Complex and Jihad

Posted by Krypt3ia on

SACjihad

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Stand Alone Complexes

I have written in the past about the “Stand Alone Complex” and I have to say that recent events still have me fascinated with the premise. I would say that perhaps the Boston bombing in and of itself shows how the “SAC” applies to jihad and lone wolves once you begin to look at it in that light as well. The Tsarnaev’s (Tamerlan mostly in my assessment) latched on to jihad (literally) only after his personal goals were not attained in boxing and other areas. He then molded his ideals and his aegis for the actions he would take in the bombing to the idea of Islamic Jihad though he had been raised primarily without a strong Muslim background (look at their photos while in Russia, mom is not wearing a hijab as she is now for example) and his profiles online all talked of Westernized goals of money and women. Yet, the global idea of “Jihad” became a lure for Tamerlan and Dzokhar that in the end was the justification for their actions on April 15th 2013. Note that I say it was a justification and not their sole goal here in my opinion. I do not believe that either were that devout just as I do not believe that Dzokhar will continue to be in his 6×6 cell from now on.

Global Jihad

I believe that the specter of global Islamic jihad has become the core of a larger SAC for all of these lone wolves out there. People with mental disorders or needs to believe in something that gravitate to the jihad to fulfill those needs. Remember that this brand of thought is one created or augmented by those who interpret the Koran just as others interpret the Bible as verbatim or an absolute truth. Some of these people who are interpreting these books and beliefs are doing so in a way to put forth their own goals and that is exactly what is happening on the macro and micro levels within the jihad. It is this echo effect that we are now seeing in the franchising of personal jihad as well as institutionalized jihad within the groups out there today such as the Chechen jihad that may or may not have played a part in the Boston incident.

Each jihad has a different bent and each jihadi has a personal bent for what they are doing. A majority may just cite the treatment of Palestinians or some other rubric around the lands of the ummah but for the most part I personally believe that each and every jihad and jihadi have their own reasons and interpretations of the movement that make them wish to join in. It is this personal jihad (which is talked about in and of jihad itself as a personal struggle in some interpretations) that I am focusing in on where it concerns the new wave of the fight.. The Lone Wolf jihad which has been the pivot for Al Qaeda as it has been marginalized by the war on terror. Jihad it seems has been packaged and sold in slick form by AQAP to appeal to those who have not been a part of the struggle in country and who are now being cajoled into taking up the sword by use of propaganda on the weaker minded of us all.

Lone Wolf Jihad

These “Lone Wolves” as they have been dubbed need not be Muslims to start and may as well not have any experience in the Middle East. The Tsarnaev’s had some experience (Tamerlan really) in the old country where the Jihad really came in the form of fighting against the Russians much like the Afghanistani fight that created the Mujahideen. Neither of the boys though really had enough time in country to see much of this fighting and thus were drawn into this web of thinking by imagery and propaganda online that they seemed to be seeking themselves. To date there is no evidence that the boys were supported by or egged on by any jihadi group (Imarat Kavkaz) actively. All of their content was passively passed vis a vis websites and YouTube pages where they had posted their nasheeds, fatwa’s and teachings online.

The same can be seen for the likes of Emerson Begolly who radicalized online and never got to act out his ambitions other than biting a couple of FBI agents when they arrested him. However both of these cases are good examples of “Lone Wolf Jihad” as well as SAC behavior. This is the basis of the idea of an Stand Alone Complex. These people are all unrelated, unaffiliated, and not likely to be acting out of a defined “same” motivations or goals other than some notion of “jihad” but the jihad becomes the appearance of “concerted effort” We are seeing by proxy of Inspire Magazine and other propaganda tools such as the YouTube videos online the movement of a stand alone complex by person(s) known and unknown to effect a goal. This then also plays into the extension of the SAC within the plot line of the series (Ghost In The Shell SAC) where a plotter (Goda) is seeking to make political change by using the idea of the SAC on all appearances while in reality he (in this case AQ directly) is manipulating the players to effect his political goals. In essence within the analogy here AQ is Goda and their enticement and propaganda campaign is not at all dissimilar. They are attempting to incite jihad using disparate players unknown to them with their propaganda tools to ensnare and motivate those willing or unstable enough to act out in furtherance of the global caliphate (ostensibly) or, more to the point, to wreak havoc and fulfill their own bloody desires.

The Media Cycle and Stand Alone Complex Jihad

The media is also playing a large part in this cycle and it should not be overlooked. The global jihad needs a global audience. They already have the internet but now they too also have the media ravening to report on anything they can concerning it. Look at all the media hype that surrounded the events of the Boston bombings and you can see the dynamic at work. It even reached the height of being something that the  bombers themselves reveled in as they carjacked someone’s SUV telling the owner that they were the bombers with pride or seeking recognition. Just as in the SAC on G.I.T.S. the media played a huge roll in the perpetuation of the complex. The laughing man became a zeitgeist or a meme in today’s terminology that perpetuated the SAC and expanded it.

An analogy today for us is the “Free Jahar” movement ongoing online. The coverage also cuts another way where so much has been made to make these two appear to be so well trained and lethal without really attempting to pick apart their ersatz plot for mistakes that it appears to others of a like mind that they were lions instead of inept would be terrorists. They got lucky in reality and the media made them out to be larger than life. Something that is playing right into the hands of the AQAP types who put this notion out there to begin with and what the boys latched on to and used to sow their brand of terror. In short, the media attention and the cycle that is still taking up vast swaths of online news pages copy will only insure that the SAC will only continue on and that those manipulating it (AQ) will re-double their efforts.

Future States

We have seen Anonymous as a form of SAC and now I think we can make a substantial case for the (lone wolf) jihad being one too. If this idea becomes more memetic and resonates with those of a like mind then we will see more of these types of attacks as well as those out there (not only AQ) trying to entice others to action as well. Both online and off I fear that as the media cycle churns on and AQAP comes out with their next triumphal issue of Inspire the reverberations will only geometrically increase. Time will tell as always but as we become more tightly connected through instant media while being closed off and alone at the same time we will allow for festering to begin in those psyches willing to act out. The repercussions of knee jerk reactions as well within the government will also create more fodder for those like minded to find reasons to radicalize too.

One re-enforces the other like ripples in a pond…

K.

The Tsarnaev’s Jihad

Posted by Krypt3ia on

VDAbu

eqldgsclajmkcin

The Tsarnaev History

As you all probably have seen ad-nauseum on the news the history of the Boston Marathon perpetrators has been re-constructed by people who know them and subjected to almost a minute by minute accounting it seems. Yet only now are dribs and drabs coming out through interviews on the news of how devout Tamerlan had become and perhaps how radical he really was. It seems that the boys had hidden well their growing radical beliefs from everyone around them formally but if you paid attention you could see the signs. For all intents and purposes though, the boys seemed to be assimilating (Djokhar more than Tamerlan) to life in the states but once you start prying back the veil you can see much more was going on.

In articles and blog posts throughout the internet a picture is emerging on the boys, their family dynamic which lends to the idea that this family had its share of issues and perhaps a history of unbalanced behavior as well. The mother for example was caught shop lifting $1,600.00 worth of clothing from a Lord & Taylor as well as has been described by others as being a 9/11 “Truther” while the father has been painted as a thug or a tough who also has been called crazy by some. So, you can see that as we go along, like any family they have their foibles. All of this though does not make for a radical jihadi unless you add to this a longing for a history, a kinship to their titular home (Dagestan/Kyrgyzstan/Chechnya) and an increasing feeling of disenfranchisement with their adoptive home.

Suffice to say that the Tsarnaev’s are and were a complex lot and out of all of them given what we know now, the only one who really assimilated seemed to be Djokhar. Sadly though he decided I think, to follow his elder brother into Jihad because of the influence over him that Tamerlan had. However, I could be wrong, perhaps Djokhar always had the seed of jihad within and it only evolved naturally.. Only time will tell once he is no longer sedated and able to answer questions I guess. On the whole though I will say that they hid their tendencies and plans for a long time without anyone being the wiser. Even their online behavior has been hard to prize out and get a clear picture of their plans as well as their involvement in jihad.

Radicalization

As it is coming out in the news these last couple of days it seems that the key to the events that lead up to the bombing was a trip to Russia by Tamerlan in 2011. This trip also kicked off the FSB’s query to the FBI here to look into Tamerlan for what would later be seen as radical beliefs that he indeed did have. The FBI looked into Tamerlan and found nothing at the time but it seems that perhaps even this event in and of itself would lead Tamerlan to carry out the final Boston plan as it held up his petition to become a citizen here. Was that the last straw on the camels back? One really has to wonder about that. Obviously Tamerlan at the very least was becoming radicalized, enough for the FSB to make that call because he had said things in Russia or had been seen colluding with people known to be radical.

Interestingly it wasn’t until after his trip to Moscow that Tamerlan set up the YouTube site and linked to the Dagestani jihad videos and those of the radical Imam. Thus I expect that he came into contact with someone there who had the key to his radical jihadi lock so to speak and opened him up to it all. Just as well he was there for six months and could in fact have had training while he was there in bomb making as evidenced by the pressure cooker bombs they used at the marathon. The question then becomes was he inducted and trained as well as perhaps supported by a jihadist group in Chechnya or Dagestan? This is as yet unclear and the case can be made on both sides that either they did it on their own without training as well as Tamerlan got the training and support by an as yet un-named jihadist faction. My gut is telling me that Tamerlan had at the very least some training while he was in Moscow on bomb prep and tactics before he came back to the US.

Inspired?

An alternate theory is that they were “Inspired” to be lone wolves by Inspire Magazine and other materials out on the internet. While nothing has been said yet of the contents of any hard drives that may have been found at their house, I am going to guess that they may indeed have some Inspire issues there. Djokhar’s laptop took a hit in December of last year so I am not sure if he got a new one after that (assuming yes) so there is likely to be some good data forthcoming from the computer forensics guys at the FBI. Until we get confirmation though that they had these materials it is anyone’s guess as to how they learned their tradecraft other than to say the internet.

The bombings though and the chase that followed has been a real shot in the arm to the AQ jihobbyists online who have been posting congratulations as well as composing nasheeds for the Tsarnaevs. If anything, this incident has inspired the jihobbyists out there and certainly has the AQ/AQAP types looking to capitalize on the actions taken by these two to try and create more like them. This whole thing including the closing down of Boston, the media circus, and now the fallout with congress critters ravening to create new “tough” laws as well as circumvent the ones on the books and treat the survivor as an “enemy combatant” are a win for jihad propaganda. Simply put, all of our reactions have only played to their twisted ideas of winning. So, inspired? Yes, this has been inspiring to them even if we do not know just how the boys were inspired to do this in the first place.

Chechen Jihad

Meanwhile there is the angle of the “homeland” and Chechen Jihad to contend with. It seems that Tamerlan primarily was feeling more kinship with Chechen jihad than being an American ..Or more to the point to aspire to be one and compete in the Olympics. Both boys seem to have been drawn to their original place of origin and in fact linked online to a group that comes from Dagestan in particular. At what level they were affiliated with them, or had contact with them is still unknown but from postings online by an acct that seems to belong to Djokhar he is looking to rationalize jihad with citations from the Koran. Tamerlan meanwhile had links to a radical Imam’s videos from the region as well but also had links to the Syrian conflict as well. So you can see that there is a direction (jihad) in general but an affinity for their homeland and it’s troubles as well. Even their nicknames that were used (in Tamerlan’s case Timur Mucuraev and muazseyfullah) are references to regional presences in jihad. So once can deduce their proclivities toward what was once their home as well as the jihad overall. What really remains to be seen is whether or not they were officially affiliated with the jihad there and group(s) thereof or not. I am sure that with time and some interviews we will be hearing just how much contact the boys may have had with anyone over there if at all. At the very least from what has been seen online one of them did reach out and connect with them but there is no telling just how they responded if at all.

Truther’s?

Another interesting twist to all of this has been the remarks by the boys mother on TV about how this is all a conspiracy. It seems that the Tsarnaev’s may have grown up with a conspiracist pablum fed to them by their mom. Did this have something to do with their ultimate decision to bomb the marathon and turn to jihad? One can make the argument that this could be the case because of the similarity in the narrative on 9/11 and other globalist conspiracies put out by the likes of Alex Jones. Frankly it’s an insidious brew that ensnares the weak minded and places their already delicate psyche’s into an even more paranoid and delusional place than they already were before.

More will come of this I suspect both in the investigation as well as all around it as I have already watched the “Jones-ian” mindset barrage the FBI and others at the press conferences last week asking inane questions on how this was all just a “False Flag” event to remove our civil liberties. It is this mindset and the malleability of the weak minded that allows for not only jihadi induction but any other militant group that might use this as fodder to brain wash a candidate into action. I am interested though to see just how much the 9/11 truther movement had influence over the mindset of the Tsarnaev boys.

Interrogations Soon

Finally, as Djokhar comes out of the drugs and the intubation it will all come to light just why he did these things. In the end I understand they both had suicide vests but neither carried out the final measure and became shahid. Why is that exactly one wonders if they were so moved to jihad? Induction and grooming would have tried to lead them to blow themselves up especially when cornered so why didn’t they? Perhaps they were too “Western” after all and thought they could escape like Butch and Sundace?

Once the interrogations happen, the evidence is collated, and charges filed perhaps we all will know more. Until then we need to focus on the why from a psychological issue. If they self radicalized what was it about them that made this happen? What is the psychological makeup of the jihadi? How do you detect it in someone? Is it something that one can stratify and place into some sort of DSM-V catalog? Certainly in this case no one around them really knew save maybe the uncle that Tamerlan talked to just after the bombings and he did not make a call to law enforcement either.

K.

Further Reading on the Chechen Jihad:

krypt3ia.wordpress.com/2011/04/14/kavkaz-jihad-aqs-little-brother/

http://krypt3ia.wordpress.com/2011/01/29/would-be-suicide-bomber-killed-by-unexpected-sms-muslima-jihad/

UPDATE:

Ok so a lot has been happening with this case since I posted this piece. Lately there have been congress critters going on morning shows spewing all kinds of useless innuendo about how the boys “must have had help” to make these bombs and to carry out the plot “so well” that I feel compelled to respond. First off let me start by saying that the congress critters need to shut the fuck up. Pure and simple. They need to step back from the lights and cameras and shut up. So far the information coming out of the investigation does not say that they had help at all. In fact, if you look at the whole affair you can see that at the most they may have sought help in the electronics for remote det devices “maybe” The reality is that you can get all of this information on the internet pretty easily and it does not take a mental genius to rig up a pressure cooker bomb and a cell phone.

Secondly lets look at the stupidity of the boys in their plot points.

1) Set off bombs at a large heavily camera covered event and get away: Sure it worked but they took no pains to cover their identities much did they? Had they been trained one of two operational tempo’s would have been employed (stealth and egress) or (stealth and shahid) The boys did not plan on being shahid and their stealth was lacking so how much training could there be?

2) They had no real prep for getaway and ended up carjacking someone to get a working car. Once again they were on camera AND they boasted about being the bombers to the carjacked person who they let go. Had they been trained and supported they would have had an egress plan to get out of the country. Instead they tentatively planned on going to Times Square to light off another pressure cooker… With their faces plastered over EVERYTHING.. Yeah, some elite training there…

3) Funding, there was none. They bought some fireworks and common materials to make the bombs just like they are shown in Inspire magazine and by all rights could have “made it in their mom’s kitchen” as the article title suggested.

In the end it appears to me that these guys did it on their own. They had inspiration from online jihadist videos from the likes of Kavkaz and Vilayat Dagestan but both have disavowed knowledge of them anyway. I think once we get all the facts we may see that they reached out but were not trusted by the jihadists. This is common in the jihadi circles to start but even more so in the Chechen area where the FSB and other military orgs have tried to put a stop to their activities. What this leaves us with and what the congress critters cannot fathom, is the fact that these two guys did this on their own, for their own reasons (Tamerlan primarily at his inability to box any more on Golden Gloves and not get his citizenship and Dzokhar following big brother’s example) and were not a plot by any jihadist organization. They were not geniuses and they certainly did not make mistakes in their attack, they just happened to catch us all off guard and carry out a heinous act just like any other mass murder scenario. Frankly I think that the Jihadi element to this was just a weak rationalization that they made as a panacea to quell all their woes in life and nothing more.  It should be noted that Tamerlan only really started becoming more devout to “Islamic Jihad” once his boxing career was at a stand still. This is an important fact that many are not paying attention to and should be. This is not just a story about jihad and terror but also about a guy who just felt alienated and alone in a place he thought was his home and when that home became less available to sustaining his desires he turned to jihad.

So.. Once again congress critters.. STFU until such time as the FSB/CIA/FBI and others have solid proof of communications between the boys and Islamic jihad (aka Imarat Kavkaz)

//END

It doesn’t really matter who bombed the Boston Marathon… It only matters that they did and it’s giving others ideas.

Posted by Krypt3ia on

asifeared

XXXXXXXXXXXXXXXXXXXXXXX

No Attribution

Since the bombs going off at the Boston Marathon people have been trying to assess who it is that did it more so than a why they did. Of course knowing the who you will know the why especially if the bombers make a statement. To date no statements have been made and thus great speculation has been given by the talking heads in the media anyone from Clint VanZandt (Former Quantico Profiler) to the odious Evan Kohlmann. None of these people though really are offering any information into the real problem we have post the explosions at the finish line on Monday and that problem is the precedent set by the act itself.

Of course bombings have happened here in the past throughout our history but today we have one more twist to the picture that we should be paying attention to. That twist is that we are in a global war on terror against various groups that all have a goal of terror. In the case of the Islamic terrorists their goal is a global caliphate at the heart of the hard core heart and mind. It would be folly to think that this is the topmost goal of all of these people though and at the end of the day it all just comes down to people acting out to sow terror and death. In the case of this incident we still have no idea why it was done and even the jihadi’s online and I am sure behind the scenes are asking the same question as to who did it. As of today all we know is the method of the bombings (sort of) and that we have one or two UNSUBS that may be on video or in photos just before the explosions and this is making people even more on edge.

However, attribution and the reasons for the attacks are only one dimension of the problem and it should be noted that this event has opened a door for the Jihad as well as possibly other actors who wish to sow terror. This is not new as I said before, but, it is new that we have a call from the likes of AQAP/Al-Malahem/AQ to carry out “Lone Wolf Jihad” that may in fact have been heeded by someone or a small group of jihadi’s. If this is in fact the case then consider pandora’s box being opened with this successful attack. Alternatively, if this was carried out by another form of extremist (such as the militia types or so called “domestic terrorists”) the same Pandora’s Box has been opened because in the end, the attack was carried out and succeeded in it’s goals of death, terror, and FUD. This event is a win/win for the like minded and that is what is being played out on the Jihadi boards as we speak.

Inspiration and Aspiration

For 3 years now AQAP/Al-Malahem has been putting out “Inspire Magazine” and entreating the Ummah of the West to jihad. More recently they began a campaign to spur the Westerners to so called “Lone Wolf” acts because it seemed that they lacked the ability to reach out here themselves. They began offering tutorials on how to make IED’s and offered tactics and targets for the eager Westerner to carry out. These magazines met with little success in getting a jihobbyist to make a bomb in their mothers kitchen until possibly now. The pressure cooker IED’s are not that hard to make and the plans were in fact in a recent issue of Inspire but in reality if you have an internet connection you can get them fairly easily. So could it be a Jihadi Lone Wolf? Sure, could it be some other extremist? Sure, but in the end on a macro scale it doesn’t matter.

What does matter is the reaction by other groups and individuals.. Copycats if you like, who look at the events of Monday and start to think “I can do this too if they can” What is being seen on the jihadist boards already is talk about how Inspire had it right and that they should be praised for their work. The poster above asks questions about the modus operandi and concerns over security but generally begs the question over strategy. Responses to this post are on the whole affirmative that Inspire was right and that smaller attacks are the way to go. Inciting fear and hitting soft targets is what they need to do to torment the “Crusaders” and in reality this is the scary bit.

AQ had a HUGE win with 9/11 and since then the tactic has been on average to attempt another one of as grand or on a grander scale. This has not worked on the whole so the notion of smaller attacks was pivoted to by AQAP. They have finally set a goal of not just hitting a plane with an underwear bomb or a cartridge bomb but now are looking to go to a mall and shoot it up or to blow up a car on a busy freeway. Small scale, low tek attacks I believe are going to become the norm for not only the jihad but also the domestic terrorist as well. This is what has to be taken from the events of Monday’s bombing as well as the efforts of trying to find out who did it and to prosecute them.

Whether or not this is a Jihadi lone wolf or some other attacker the tactics of the attack should be the worrisome bit. The bombs themselves are low tech (smokeless powder and ball bearings in  pressure cookers) which could be made by anyone. The components are easily obtained cheaply and the whole operation could be carried out with as little money spent as a couple hundred dollars. The choice of soft targets like the marathon show’s astute planning and there are hints that they may have in fact studied the marathon and thought this through a bit on detonation time to have mass casualties as well. All of this could be carried out by person(s) easily enough without oversight from AQ/Taliban just like Inspire attempts to evoke in their “lone wolves” At the end of the day we may in fact see that Inspire was in fact the inspiration for this attack.. If not, then from what I am seeing on the boards post the attack I for one believe, that they now have even more inspiration to carry these attacks out.

Cause and Effect

At the base of this whole post though I want to get across the idea that one attack can breed copycats. Copycats all can get the plans and tactics for such attacks online easily through a Google search and as such the ease of locating the data and using it has increased tenfold. It remains to be seen just how much of an impetus this attack has been on those nearly ready to carry out their own terror plots but given that we are now seeing concurrent letters laced with Ricin sent to the President and Congress (also shown in how to’s from the jihadi’s and others online) one has to wonder if they are part of the original plot or copycats. It’s my belief that a scale has been tipped and that we may be in for some more tough times ahead. I personally not seen things this polarized since the 60′s when we had the creation of the Weather Underground and the Black Panthers. Imagine now more groups with access to the reams of information on the internet and their capacities to carry out terror were they of a mind to do so.

Time will tell.

K.

Thoughts On Being Asked “How Do I Get Into INFOSEC?”

Posted by Krypt3ia on

So You Want To Get Into INFOSEC Huh?

I got a request through a friend for a friend of that friends kid to talk to him about how to get into INFOSEC the other day. Now usually I am a curmudgeon (as you all know and love) and am loathe to be some sort of big brother of INFOSEC to anyone but in this case I said ok cuz I am just that nice. After some email wrangling we finally got together today (scant minutes ago actually) and now feel an obligatory blog post on the subject of getting into the business coming on …And there it is …Feel the burn…

So after agreeing to a time to meet I began to wonder just what I would say to this kid as to how to get into the business. For that matter I really wondered if I should encourage him at all to get into INFOSEC in the first place. My mind started to ponder why I was in it still and just how if at all it was rewarding given all that I have seen and still deal with on a daily basis. Often times my daily job sends me in to apoplectic fits that you all see in my blog posts and on twitter screeds of 140 characters at a clip so I imagine all of you out there might not think that I enjoy my work on average. On the whole though I would say that I do enjoy my work but I would caution anyone looking to get into this business to take a deep look at their abilities and their coping mechanisms before they took the plunge.

My conversation with this guy (in his 30′s) covered a range of things but I mainly focused on just how technical he was if at all and what he thought he wanted out of pursuing a career in INFOSEC. It turned out that he was not that technical and had only just started taking a course at the local community college on Python. It was at that opening moment that I knew this kid would have a long road ahead of him and made that as abundantly clear as I could without being a complete and utter bastard. Basically, in your 30′s and without any technical background you will have quite the uphill battle to become proficient not only in the technologies but also the applications of security to those technologies. So I had to scale back a bit and impress upon him that he needed to learn quite a bit to start and that maybe he should just look for a gig in desktop support first after some time in with school.

At the end of the conversation I had laid out all of the issues for him up to the point of the level of frustration we all have in this business from end users to C levels that don’t listen. Soup to nuts I laid it bare and in the end did in fact say that one needed to take up drinking to cope on average. I told him that the allure of the movies is great but in reality there is a lot more drudgery and that he should expect to spend a lot of time studying, practicing, playing, and generally hacking even to get a gig as a vulnerability scanner or a Sox auditor. This at least would be my ideal for anyone looking to get involved in true security work but unfortunately we all see too many people out there running a Nessus scan and passing a canned report to a client as BAU.

Despite all of this I do not think I dissuaded to disabused him of his desires and will be sending him some tutorials and links to sites/books for him to begin the great RTFM of security. I guess time will tell if he can eventually land a gig and be a productive INFOSEC wonk. Until then, I guess I am a sort of tough love big INFOSEC brother..

I hope he can handle the tough love…

So here are my thoughts about all of this for those who also are asking the question of how to get into and staying in INFOSEC.

K.

First Principles 

  • You have to be fascinated with the subject matter.. This is not just a job, like any career you have to love what you do otherwise why bother?
  • You have to be technically capable of understanding a great deal of technologies if you aren’t and are not interested don’t bother
  • You have to have an innate offensive mindset to be a good INFOSEC professional (if you aren’t thinking like the adversary you will lose the battle and the war)
  • To be a good defensive INFOSEC professional you have to have the offensive mindset as well (once again, think like the adversary or lose the war)
  • You have to be able to study things and be readily able to take the initiative to look things up
  • You have to be a tinkerer always playing with things
  • Overall you need to have initiative because even if you take a course it will not prepare you for everything
  • Don’t be just another fool with a tool, you need to go outside the box and once again play with things and understand them.. Then abuse them
  • Don’t expect to be an uber l33t haxx0r just because you hit start on Metasploit
  • Be diligent and do a good job no matter the scale of the project.. Half assed is just that and will end in epic fail
  • Nowadays you can get a CISSP and get a job.. This does not make you a good INFOSEC practitioner though
  • It is easier today to locate actual classes on security and hacking so avail yourselves of them ON TOP OF playing at home

Expectations and Realities

  • Expect and be able to handle clients in a professional way
  • Expect and be able to handle small scopes and reticence on the part of clients to fix vulnerabilities you show them as they might break their businesses to do so
  • Expect that all end users are not usually cluefull in the ways of computing and will easily click on your malware/phish email (offense)
  • Expect that all end users are not usually cluefull and will click on malware/phishing emails and thus start an incident that YOU will have to clean up (defense)
  • Expect to be told “No” a lot
  • Expect fits of rage and bile because the executives will not want to follow the security measures that you tell them they need to as policy
  • Expect to have to socially engineer said C level executives to have a modicum of security by tricking them into secure behaviors
  • Expect that your employers will not fund your going to conferences
  • Expect your security budgets to be secondary in concern if not tertiary to the C level executives until they get pwnd hard and in the news
  • Expect human nature to be the primary cause of your security incidents and failures in the enterprise (problem between keyboard and chair)
  • Expect long hours
  • Expect to be travelling 100% of the time if you are in a pentest position
  • Expect that 3am call when your enterprise has been compromised and expect to get up, log in, and begin IR
  • Expect that your network is already compromised
  • Accept that you will never know everything and should always be willing to learn
  • Expect and accept the blank stares you will get from EU’s and C levels when you explain to them the security ramifications of things you discover
  • Expect and accept the blank stares you will get from EU’s and C Levels when you tell them that they have to comply with policy and process
  • Expect that you will have to at some point not only audit but also create policies and procedures for someone somewhere
  • Accept this previous fact as just that and get past being an elitist wanna be pentester and do a good job at the policy side of things too
  • Accept that there is more to life than pentesting
  • Every day you have to unplug and have a real life outside of INFOSEC with other interests than just pwnage
  • Expect to be well rounded and a human being able to converse with others outside of the hacking/INFOSEC world
  • Expect to be frustrated every god damned day and be able to handle that without going insane
  • Expect that you will fail no matter how hard you try and that failure is not the end of all things

Well.. I think I ran out of steam there but you catch the drift right? It takes a certain kind of person to be a good INFOSEC professional just as much as it takes work. Do it if you love it… Otherwise what’s the point?

 

Digital Natives, Digital Immigrants, Exo-Nationals and The Digital Lord of The Flies

Posted by Krypt3ia on

SAMSUNG DIGITAL CAMERA

XXXXXXXXXXXXXXXXXXXX

Digital Natives

Last week Josh Corman was at a conference and live tweeting commentary and thoughts online about INFOSEC and around the ideas of Cyberwar. At one point he mentioned the idea of “Digital Natives” against the backdrop of nation states and it struck me again as something I needed to expand upon. Though Josh had said he wanted a chance to explain further to me his ideas before I posted I don’t feel like I think that differently than he does about the topic. Though perhaps I do, I am not sure as I have yet to hear his ideas in full but I wanted to get this out of my head now so here it is.

Digital natives as a term has been around since 2001 when Marc Prensky coined the term in his work “Digital Natives, Digital Immigrants” was published. In this article he explains the basis of the idea that since kids from 2000 on (I would say earlier for some of us) have grown up with computers and the internet as a ubiquitous appliance/medium they tend to be greatly different in thinking, acting, and general attitudes than their parents and older generations. These people who did not grow up with the technology always around them and used by them are termed to be “Digital Migrants” and have emigrated to the use of the Internet and technologies. As such, these immigrants are often seen as foreigners in the digital world with antiquated ideas on how things should work and methods of doing things. The article (see below link) also goes into some detail on the cognitive differences as well as social differences that Presnky was seeing in the studies he was conducting.

Prensky; Digital Natives, Digital Immigrants

Prensky; The Emerging Online Life of Digital Natives

Another paper that Prensky wrote was on the emerging online lives of these “digital natives” in that you could see the emergent behaviors progressing as online life (Web2.0 and Social Media for example) expanded to allow for more connectivity and social malleability. In both though the idea is put forth that we now have a generation or a couple really, that are inherently living their lives in a completely different way than their parents and all of it predicated on rapidly changing technology. This idea lends itself to the problems we face today as INFOSEC ptactitioners, governments, law enforcement agencies, and as parents to children who on the face of it are cognitively different than we are. Add to this the problem that much of our lives are now greatly affected by these technologies (banks, power, credit, reputations etc) that this generation or two now can control at very young ages for good or for ill and we have a problem that we must understand in order to manage.

Digital Immigrants

Moving on we have the Digital Immigrants, those who have moved into the digital space with smart phones, PC’s, Laptops, Ipads, and the like. Many do not leverage these devices in the ways that the natives do and in fact do not understand them on the whole. Outside of the people in the business of creating these wonders and creating their infrastructure the bulk of the populace older than 30 on average have little cognition of how things really work. I know this is a gross generality but just go with me on this and let’s not quibble ok? So, we have all these people who still use paper books and write things on pads and the natives think on the whole that they are a foreign species according to Prensky.

What really shakes out for me is that on the whole the LEA’s, the Gov, The Generals, and corporate execs of the world are all pretty much on the whole not of the Z or iGeneration (Natives) This means that they are all immigrants and by the terms of the idea not really connected to the ideals, attitudes, and cognitive changes that the iGen’s have in place. Add to this that aforementioned inability to really understand the technology itself nor how it could be leveraged and we have a pretty big problem with the world don’t we? Look at all this talk over cyberwar today and the outmoded modalities that are being used to try and grapple with the problems. How many times have you had the experience gentle reader with your boss or some other person as you try to explain to them the security problems with technology just to get a blank look back? …You get my point…

So we have the digital natives on average running circles around the immigrants (kids vs. parents, iGen vs. those in power) and friction occurs. All you really need look to are the cases of Aaron Swartz and Weev to see it play out in the media and the courthouse. What we commonly see as nothing really wrong the immigrants see as abhorrent, illegal, and immoral. The fact that say Weev just wrote a script to enumerate pages to us is nothing while in the eyes of the corporate types and the law it is an offense worthy of going to jail for 3.5 years and a lot of money in recompense to the corporation that was enumerated. Until such time as the immigrants are all gone and only the natives inhabit the net and the meatspace we will not have substantive cognition of the new generations mores and means of living with the technologies and how the laws can be changed to make a little more sense about offenses online as well as problems like cyber-warfare. It will take a at least another generation until parity is reached.

Digital Exo Nationals

While I think that the ideas of Digital Natives and Immigrants was what Josh had in mind as the core to his statement I also think he was alluding to those natives as being their own state. This is an idea that has been brought about by Anonymous and I think could be termed as “Digital Exo-Nationals” Those out there who feel that the net is a stateless space where no one state rules them (nation) nor do the mores of meatspace apply within the electronic world they live in. A group like Anonymous can claim to be truly stateless and on the face of it they can be on one level, but I think that on  the whole anyone who is not persistently living just online (meaning they reside inside of a computer network) is in fact affected greatly by where they were raised, by whom, and are the product of their upbringing. This fact will always color people’s reactions and there will always be some form of nationalism to them as they interact online or take up arms in defense of some ideal.

With that said though I think it is nominally an idea that has merit. I believe in many ways the deizens of the net (i.e. the iGen/Natives) think of themselves as apart from the “real world’ that they physically inhabit when they are online, which today is pretty persistent at a connectivity level. This cognitive dissonance creates quite the dichotomy of perceptions for the natives. Once offline they must generally adhere to the structures of the “old world” as opposed to the pretty much wild west of the Internet and on average they manage to separate the two lives much like the quote from “The Matrix” by Agent Smith;

Agent Smith: It seems that you’ve been living two lives. One life, you’re Thomas A. Anderson, program writer for a respectable software company. You have a social security number, pay your taxes, and you… help your landlady carry out her garbage. The other life is lived in computers, where you go by the hacker alias “Neo” and are guilty of virtually every computer crime we have a law for. One of these lives has a future, and one of them does not. 

This is pretty much the perception for the immigrants right? While on the other side Neo would consider himself a freedom fighter or a seeker looking for a basic truth that the old system (i.e. The Matrix) is trying to prevent him from seeing. Think about this idea for a minute while reflecting on Anonymous today in the Wikileaks age. I think you will see the parable here and this is a core issue between Immigrant culture versus the new Native one. It is interesting to note though, that in the case of the Matrix, the natives are in fact both Neo and Smith in one sense but only Neo resides in a corporeal way… But I digress into philosophy here and before I break out my copy of “Simulacra and Simulation” on you I will stop.

Ok back to the issue at hand. We have digital natives now that perceive themselves as “Exo-Nationals” the net is their country and it is outside of the corporeal world. Their rules are not the rules of the real world and their mores are different. Their culture is one that is new and evolving and unfortunately the world they inhabit is not really theirs to control. Since the backbone of the infrastructure is owned by corporations and governments they’re really only renting if not actually squatting in their exo-national domain. This fact however does not stop them from trying to control the networks and in many ways they are able to through hacking and the use of good OPSEC. You see, in reality the natives who consider themselves Exo-Nationals are in fact guerrilla’s for the most part to my thinking.

 The Digital Lord of The Flies

No matter the dialectic, there are issues to the dichotomy between the natives and the immigrants that can beget darker things. Since on average the common kid today can bypass most protections a parent my try to purchase for their home computers, that is if they are even cognizant enough to try, we have a generation that pretty much can run amok online. Without oversight the digital natives pretty much run the show. This has been touched upon by sociologists studying 4chan and Anonymous in the past and is quite valid a point. The mores of the natives are greatly different within the online world than those that we would teach them in the offline one. All of this is really predicated on the idea that once online the native is “anonymous” by use of technological means in the extreme or just the perception thereof by those who do not cognitively understand it (younger natives still learning)

Generally though the natives learn quickly that they can do many more things online that parents and others would find frightful offline and in public. It is this “disinhibition effect” through percieved or technical anonymity that allows for this behavior to evolve and thus gives rise to what I call the “Digital Lord of The Flies” effect. In essence the children have been left to their own devices on a digital island and those more powerful take over and rule rather mercilessly. In the last few days I got a first hand view of this effect with regard to teens and twenty somethings in the gamer/Xbox verse. Where gaming had become banal some of these “crews” or “Teams” began upping the ante by hacking, carding, and what they call GT (gamer tag) “Jacking” All criminal activities that are perceived by these kids as ok because they are not doing these things to people in reality (and by reality I mean in person in front of them)

There seems to be a disconnect within the psyche for these kids where their actions are just not real because it happens online. Some of these kids that I tracked online due to recent events with the attacks on Brian Krebs that leads me to believe some of them may in fact be on the road to sociopathy. This though is not the case for all of them of course so one has to ask how is it that they feel so moved to carry out these deeds online and not feel the least bit of remorse about them? It is this disconnect that fascinates me really and I will be looking further at it in the future. As more and more generations move into the natives category being born into a world with prevalent technologies we will only see more of these problems until that parity I spoke of happens. When the parents of all these kids are just as savvy about the net as their kids are, then we will be able to teach them.. Of course in thinking about this it comes to me that perhaps that will only shift to natives teaching natives the same behaviors…

Sigh…

Time will tell I guess.

K.

Из России с любовью

Posted by Krypt3ia on

DFPKSUCPTSWXMPF

Exposed.su

exposed.su_links_inout

A site popped up with the domain name exposed.su and within the pages (other than malware lurking for an IE exploit) sits all kinds of personal financial data for famous people. Among the people hit on this site were the likes of Hillary Clinton, Al Gore, FBI Director Mueller and others. The data on the site seems to be somewhat legit and soon after the page made a splash in the news the DOJ (FBI) Secret Service (USSS) and others had the governmental people’s links pulled off of cloudflair’s servers. After looking at some of the data myself before it was pulled I thought I would just have a look-see at this domain and what I could gather as to who was doing it. After some Maltego (RADIUM) work I began to realize that this all seemed to be emanating out of Russia. The domain was registered using an email address for “allperson.ru” which upon further searches turned up a den of sketchy sites.

Domain Data:

domain: EXPOSED.SU
nserver: dave.ns.cloudflare.com.
nserver: fay.ns.cloudflare.com.
state: REGISTERED, DELEGATED
person: Private Person
e-mail: exposed.su@allperson.ru
registrar: REGTIME-REG-FID
created: 2013.03.06
paid-till: 2014.03.06
free-date: 2014.04.08
source: TCI

Last updated on 2013.03.14 17:21:38 MSK

I then followed up with searches for allperson.ru email addresses and attendant domains attached to them. What I found was a pattern of behavior showing that most of these email addresses were for scam sites, free MP3 or video sites, and one forum for all kinds of coding and what looks to be scam techniques. Basically, I think that whoever set up this exposed.su site is affiliated with allperson.ru and or Legato LLC (scammers) and the information and connections you will see below. Of note though is that in the case of the exposed.su site there is nothing that directly ties it to anyone in particular. However, once you start digging around you can make connections between individuals and groups including addresses/persons involved in the ZEUS botnet.

Allperson.ru

allpersonRU_

domain:        ALLPERSON.RU
 
nserver:       ns1.tuthost.com.
 
nserver:       ns2.tuthost.com.
 
state:         REGISTERED, DELEGATED, UNVERIFIED
 
person:        Andrej V Punegov
 
phone:         **********
 
e-mail:        an@kazancity.net
 
registrar:     REGTIME-REG-RIPN
 
created:       2007.09.25
 
paid-till:     2008.09.25

Allperson.ru was a service/site that had about 5 email servers and was originally registered back in 2008. As you can see from the above domain data it was registered by a “Andrej V Punegov” Searches for Andrej give up a laundry list of sites and data that he has been affiliated with in the past. Not much more comes up in the “Googles” so I will leave it at that for the moment. The list of sites though that he has registered is long so it is likely that this is another player who has moved on to bigger and better scams… If that is a real name at all. The email address provided also gives up some interesting hits including an IRC site which I will leave for another day.

Another interesting email address in the allperson.ru set was demand.su@allperson.ru This address was directly tied to the ZEUS botnet that was taken down by M$ and is listed in the plaintiff filing  So here we have a direct tie of this allperson domain to Zeus and only a handful of email addresses. Could it be that this is all tied together? In fact, look at the email name “demand.su” the same format as exposed.su … Coincidence?

dema ndsu_ZEUS

wml.su_forum

Проверка домена
e-mail: wml.su@allperson.ru
e-mail: evgenij.w@gmail.com
e-mail: wml.su@mail.ru
nserver: ns1.wml.su. 62.149.12.117
nserver: ns2.wml.su. 62.149.13.81
created: 2006.06.29

wml.su

wml.su_fraudster

Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registration date: 2007-11-02
Last updated: 2012-02-11
Expiration date: 2013-11-02
Owner, Administrative, Technical Contacts:
Email: evgenij.w@gmail.com [4 domains use this email]
Name: Evgenij Ermolenko [4 domains use this name]
Phone: +3.80976061100 [4 domains use this phone]
Address: Katyuzhanka
Katyuzhanka
Kiev Oblast,07313
UA
WML2.COM IP: 62.149.13.81
The IP belongs to ISP COLOCALL LTD
ISP domain: COLOCALL.NET

Then there is wml.su@allperson.ru which has an interesting history and present. It ties to a domain/site forum.wml.su which happens to be a little forum for what looks to be warez and other illicit things as well as possibly a hub for site design and programming. The owner of this site also listed evgenij.w@gmail.com as an alternate email address. Following up on this address we get information that shows this email was used on 4 domains and within that you get a new name: Evgenij Ermolenko who has quite the digital breadcrumb trail to follow. Now Evgenij’s site wml.su has also been shown to be a site for infecting phones with trojans (see above) and seems to be quite the player here in the world of malware and scams.

Evgenij… Time to worry a little I think. Probably not much as you are located in Oblast, or Moscow, or.. Who the hell knows. The fact of the matter is you are one of those Russian bandito boys that pretty much never gets caught by the long arm of the law right?

Legato LLC

legato_llc

.

geo

Then there is Legato LLC. This is an interesting little corporation out of Oblast (coincidences coincidences) that has had it’s share of run in’s with illegality. Under private ownership it is alleged to have been created in 1970? It’s *cough* businesses cover anything from advertising to email and information technology. Hmmmm one wonders if they had a hand in the creation of allperson.ru and maybe still have some email servers that are being pointed at? Either way, it seems that Legato may have also been involved in the ZEUS botnet as well because the players here all seem to be connected by their digital trails as well as penchants for naming conventions. One of the scam sites was geo electronics and it seems that they were in the business of straight out fraud as well as money laundering and mule recruitment. Oh yeah, it’s getting deep now eh? It would seem that this rabbit hole goes on further but I am getting claustrophobic in it so I will leave off here with the detective work.

Conclusions:

Ok so what do we have? Well, we have a constellation of sites tied to an old defunct email system that seems to have ties to Legato LLC and to Zeus as well as money laundering and such. Why then does this site pop up and start dumping data on famous people’s credit histories? Histories and information that may not in fact be correct to begin with? Even though the USSS and FBI are looking into this I have to wonder if the data was correct. I am hearing that some of the phone numbers were not right at all and that this all really ties back to some hack on credit services this week. What is the motive here? Well, the Twitter feed and one of the links seem to point to someone with a grudge against the LAPD (re the Dorner affair) and the police in Russia. Since the twitter feed is down I missed the tweet that mentioned that but meh, I am not the caring at present.

Could this be an Anon motivated kind of thing? Well, the imgur picture of the girl on the page does come from an anonymous tied/named site but that is really tenuous to start but it could be. Overall though this site and the data seems to have rankled the feds a bit so maybe it was just for the lulz. Could this person just have access to the site data and used it to make this site and make it look like it came from Russia? Maybe.. But overall the feel of it and the acillary data seems to show that it was someone involved in the Russian sites including Zeus. PERHAPS they are just pissed off that their money making scheme vis a vis ZEUS got shut down?

That’s a lot of maybes huh? But hey, them’s the internetz kids. Your mileage may vary but keep an eye on this one because I am sure there are more than a few subpoena’s going out to Cloudflair where this is all hosted. One of the funniest things about this site though was that one of the links was to a credit dispute site. Now that’s cheeky!

K.

Sun Tzu and The Art of Cyber-War

Posted by Krypt3ia on

STAOW1

A mgbkf zugx sbw nrkl wqvrkvuj!

Sun Tzu and The Art of Cyber-War

A while back I decided to throw my hat in the ring for RSAC and Shmoo. I made neither’s list of presentations but I thought this still was worth putting out there for people to see. I had been talking with Jericho and Josh Corman about cyber war because of their presentation at Brucon and this idea popped up in my head because Jericho had pointed out too many people cite Sun Tzu poorly in these types of presentations. Well Jericho is right and often times not many of the tenets of Sun Tzu make it into the presentations. On average you will see maybe one or two and that’s it but The Art of War has many other chapters and quotes that map to general warfare and that includes Cyber-War (so called) Generally however the overall tactics put forth by the Art of War are applicable because this is warfare we are talking about no matter the landscape (electronic) that we are fighting it in. You still have adversaries looking to defeat one another using guile and force today just as in the day of Sun Tzu. The real issue comes down to reading between the lines of the old text and applying the ideas to the modern landscape of the electron, the malware, and the phishing attack.

All of these efforts though will lead to the age old means of kinetic warfare and this is what people seem to not understand so well today. War is war and eventually its all going to be about the guns and bombs and not so much just about the data being stolen or messed with. We have a problem today in the semantic of war in the digital age that needs to be cleared up for the general populace. I hope that this tutorial will not only be historical but also give the reader the tools needed to understand that cyber-war is not the end all be all, it is in fact just a precursor to the type of war that has been waged since man could pick up a rock and throw it.

China, Sun Tzu, & APT

On another level though, I find it amazing that more people have not had the light bulb go on about our situation today with regard to Chinese hacking and espionage. What we have seen is not cyber-war yet but the prelude, the reconnaissance to carry out war and that is all. The Chinese (and others) have begun mapping our networks, prodding our defenses, and assessing our overall readiness by using digital attacks on private and governmental networks and systems. Think of it all as spying and not just one for war footing alone. There is of course the industrial espionage as well but in the case of China in particular they are all means to an end. The “Thousand Grains of Sand” approach is doctrine in China as is the mindset they have always had having had masters like Sun Tzu as their teachers. Look at this slide deck and then take a step back and look at the APT-1 report as well as others. Note that the Chinese military is the state and that the PLA is just an arm of the military unlike in the US where the military is a little more separated and at the behest of POTUS.

Sun Tzu said it best in The Art of War;

“It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.”

It’s time to be more introspective about ourselves as well as the adversary and Sun Tzu is a good way to get there.

K.

STAOW2

STAOW3

STAOW4

STAOW5

STAOW6

STAOW7

STAOW8

STAOW9

STAOW10

STAOW11

STAOW12

BofA Gets A Burn Notice

Posted by Krypt3ia on

data-deeper

rode bb iqdnpmbia fpn’k ybi lr qektrf?

PARANOIA 

par·a·noi·a

[par-uh-noi-uh]  

noun

1.

Psychiatry. a mental disorder characterized by systematized delusions and the projection of personal
conflicts, which are ascribed to the supposed hostility of others, sometimes progressing to
disturbances of consciousness and aggressive acts believed to be performed in self-defense or as a mission.
2.

baseless or excessive suspicion of the motives of others.
Also, par·a·noe·a  [par-uh-nee-uh]  Show IPA .
Origin: 
1805–15;  < Neo-Latin  < Greek paránoia  madness. See para-, nous, -ia

Paranoia , the Anonymous intelligence division (self described) published a dump of data ostensibly taken from Bank of America and TEK Systems last week. The information presented seems to show that BofA had contracted with TEK to create an ad hoc “Threat Intelligence” unit around the time of the LulzSec debacle. Of course since the compromise of HB Gary Federal and the revelations that BofA had been pitched by them to do some contract work in the disinformation business it only makes sense that BofA would set up a threat intel unit. The information from the HB Gary dumps seemed to allude to the fact that BofA was actively looking to carry out such plans against those they perceived as threats. Anons out there took great umbrage and thus BofA was concerned.

This blog post is being put together to analyze the data dumped by Anonymous and to give some perspective on what BofA may have been up to and to set some things straight on the meanings of the data presented by Paranoia. First off though I would like to just say that I think that generally BofA was being handed lackluster threat intel by a group of people with intelligence background. (for those names located in the dumps their LinkedIN pages showed former mil intel work) This of course is an opinion formed solely from the content that was available online. There may have been much more context in formal reports that may have been generated by the analysts elsewhere that was not open for the taking where Anon found this dump. The daily and monthly reports found in the database showed some analysis but generally gave rough OSINT reports from online chat logs, news reports, and pastebin postings. There seemed to be a general lack of product here and as such I have to wonder if there ever was or if perhaps those reports never made it to the internet accessible server that anonymous downloaded them from.

B of A’s THREAT INTELLIGENCE TEAM

Since the leak of their threat intelligence BofA has been recruiting for a real team it seems. A Google of the parameters show that they have a bunch of openings all over the place for “Threat Assessment” It makes sense since the TEK Systems team may in fact be mostly defunct but also that they likely would want an in house group and not have to pay overhead on consultants to do the work for them. TEK’s crew as well may have been the problem that caused the leak in the first place by placing the data in an accessible area of a web-server or having passed the data to someone who did not take care of it. Either way it looks as though BofA is seeking to create their own intelligence apparatus much as many other corporate entities are today. The big difference though is what exactly is their directive as a group is to be.

One of the problems I have with the Paranoia analysis is that they take it to the conspiratorial level and make it out to be some pseudo CIA like entity. The reality though is that from what has been shown in the documents provided, that this group really was only tasked with OSINT and threat intelligence by passive listening. This is a key difference from disinformation operations and active participation or recruiting of assets. I will cover this in more detail further on in this post so suffice to say that what BofA was doing here was not only mediocre but also not Machiavellian in nature. The argument can be made though that we don’t know the whole picture and I am sure Paranoia and Anonymous are leaning that way. I cannot with what I have seen so far. What I see is an ad hoc group of contractors trying to create an intelligence wing as a defensive maneuver to try and stay ahead of incidents if not deal with them more effectively should they not be able to stop them.

Nothing more.. Nothing less.

Threat Intelligence vs. Analysis and Product

All of this talk though should be based on a good understanding of what intelligence gathering really is. There are many variations on intelligence tasks and in this case what is clearly seen in the emails and documents is that this group was designated as a “Threat Intelligence” collection group. I have written in the past about “Threat Intelligence” and the misnomer many have on the idea that it is some arcane CIA like pursuit. One of the bigger problems overall is perception and reporting where intelligence gathering is concerned. Basically in today’s parlance much of the threat intelligence out there in INFOSEC is more around malware variants, their C&C’s and perhaps who are running them. With the advent of APT actors as well as criminal activity and entities like Anonymous the paradigm of threat intelligence has come full circle back to the old school idea of what it is from the military sphere of operations.

Today’s threat intelligence is not only technical but also human action driven and this makes it even more important to carry out the collection and analysis properly in order to provide your client with the information to make their decisions with. Unfortunately in the case of the data from BofA we see only sketchy outlines of what is being pasted online, what may be being said in IRC sessions, and what is in the news. Nothing overly direct came from any of the data that I saw and as “product” I would not be able to make much of any decisions from what was presented by TEK Systems people. What is really missing within the dump from Paranoia was any kind of finished analysis product tying together the information in a cogent way for the executives at BofA. Did TEK actually carry this type of activity out? Were there actual reports that the execs were reading that would help in understanding the contents of the raw intelligence that was being passed on in emails daily and monthly? I cannot say for sure. What I did see in the reporting (daily threat reports as well as monthly) were some ancillary comments by a few of the analysts but nothing overly structured or productive. I really would like to know if they had more of an apparatus going on here as well as if they plan on creating one again with all of the advertised positions in that Google search above.

Threat Intelligence vs. HUMINT

This brings me to the whole issue of Threat Intel vs. HUMINT. It would seem that Paranoia thinks that there is much more than meets the eye within the dump that makes them intone that there is a HUMINT (Human Intelligence) portion to the BofA program. While there may well be some of that going on it was not evident from any of the documents I looked at within the dump files. HUMINT would imply that there are active participants of the program out there interacting with the targets trying to recruit them or elicit information from them. With that kind of activity comes all of the things one might conjure up in their heads when they think on NOC (Non Operational Cover) officers in the CIA trying to harvest intelligence from sources (assets) in the field. From everything seen that was posted by Paranoia this is not the case.This operation was completely passive and just collecting data that was in public view aka OSINT. (Open Source Intelligence) Could BofA be seeking to interact more with Anon’s and generate more personal data other than that which the Anon’s posted about each other (DOX’ing) sure but there is no evidence of that. Given the revelations with HB Gary though I can see why the Anon’s might be thinking that they are likely taking more robust non passive actions in the background elsewhere though. Overall I just want everyone to understand that it’s not all cloak and dagger here and seems that Paranoia has a flair for the dramatic as a means to get their point across. Or, perhaps they are just living up to their name.

Assessment

My assessment in a nutshell here of the Paranoia BofA Drop is as follows:

  1. Paranoia found some interesting documentation but no smoking gun
  2. TEK systems did a mediocre job at Threat Intelligence with the caveat that I am only working with the documents in plain view today
  3. BofA like any other company today has the right to carry out this type of activity but they need to make sure that it’s done well and that it isn’t leaked like this
  4. If more documents come out showing a more in depth look at the OSINT being collected then perhaps we can change the above findings
  5. BofA needs to classify their data and protect it better on this front
  6. Paranoia needs to not let its name get the best of itself

All the drama aside this was a ho hum really. It was funny seeing all the analysts taking down their LinkedIN pages (really, how sekret squirrel is it to have a LI page saying who you work for doing this kind of work anyway? SECOPS anyone?) I consider those players quite burned and assume they are no longer working on this contract because of it. All you analysts out there named, you are now targets and you are probably learning SECOPS the hard way huh? I guess in the end this will all just be another short chapter in Encyclopedia Dramatica and an object lesson for BofA and maybe TEK Systems.

For everyone else.. It’s just LULZ.

K.

Inspire 10: Changes In Attitudes.. Changes In Lattitudes…

Posted by Krypt3ia on

inspire10

XXXXXXXXXXXXXXXXXXXXXXXXXXXX

We Are All Usama

Well the boys out of Yemen have created a new-ish version of Inspire Magazine and put it out for the masses of “Lone Wolves” in the West.At least that is their hope for their target audience though I am afraid that it is much more likely that the real readers are analysts like me and the press in reality however. This go around though they are in fact making some strides towards having a more “Western” and compelling message for those weak enough of mind to buy into their arguments of why a Muslim must perform Jihad.One of those exhortations is the phrase “We are all Usama” which somewhat resembles other catch phrases in past Western movements such as the 99% OWS movement today of “We are the 99%” What it shows is that the creators of the magazine are becoming more savvy to the ways of propaganda and are likely at home right now studying Goebbels and the films of Leni Riefenstahl for clues on how to get their brand across. Speaking of branding this whole magazine idea has been a leap forward for their means of trying to propagate their radical ideas and with each one they get a little closer to content that can actually sway the weak minded and this is almost worrisome… Almost. For the most part the magazine is still a ham-fisted attempt at trying to sway the believers into action but there are areas of subtlety that I think people should pay attention to.

Some New Twists

On the whole this is the same magazine that we have seen in the last 9 iterations. There are the usual citations of the Koran and Muhammad that attempt to focus in on the demand of Jihad by him as well as how through it you will gain rich rewards with him in the afterlife. However in this issue we have some new angles;

  • We have a Muslima section by “Umm Yahya” *Mother of Yahya* that attempts to move Muslim women to push their men to jihad
  • We have the “We are all Usama” catch phrase that has been set up to be a kind of TURK182  graffito to be splayed anywhere and everywhere
  • A less strident tone overall that attempts to cajole the audience
  • The use of ethics discourse on how the West is corrupt
  • The coining of new portmanteau words such as Zio-Crusade and Zio-Crusaders
  • Mirroring the political campaigns of the West using imagery and propaganda techniques

It seems that since the death of Samir the AQAP Al-Malahem group also had a new player in Askar Abu Yazeed who has since been killed in a drone attack. He may in fact have been one of the creators of some of this new spin but I can also assume that they have had plenty of time to try and come to grips with their issues of messaging in the interim. As I have said before in reports on issues 1-9 they have been grappling with a way to get their message to those Westernized Muslims and sway them to action. So far they have had very limited success with this and thus they are working the problems out with propaganda tools and psychology. As the Al Qaeda aegis wanes and the movement keeps having to move (or expand as they see it) to other countries like Mali (also mentioned in this issue as a great victory for them in their minds) I believe that the core group thinks the only way to revive the movement is to get a win on Western soil and that means to charge up the “lone wolves” of the Americas.

gloriuswomenmujahid

gloriuswomenmujahid2

yeswecan

novalues

ethics

weareallusama

This also applies to any Westernized group and in fact the issue also makes this point clear that their main targets are America, England, Germany, and to a lesser extent anyone who sides with America. Generally though AQAP wants to move those on the cusp of action into it now by more subtle means as well as the overt. This magazine has a little of both in there which should be something we pay attention to in the CT community. It’s not just a war of bullets, it’s now a war of minds seeking to control others to get them to radicalize and act. AQAP has wanted that pivot point for some time and since AQ has been marginalized they want it even more. So much so that a new pivot has been introduced on the jihadist boards online where they set forth a plan to train people in the Pakistan and other areas then send them back to the West to train others in terror. No longer are they asking the proto jihadi to come to them nor are they saying to make bombs in mom’s kitchen (this did not work out well) they are instead becoming more tactically savvy. Will these tactics win out in the end and lead to some lone wolf carrying out a plan to fruition? I am not so sure but one has to pay attention to the message here to understand where the battle is going. I have to say that this issue was the closest one for me to something that would indeed get someone to move closer to action out of them all.

Subtleties

At the end of the day I have to say that the AQAP group is becoming more savvy and thus more of a limited danger. I say limited danger because I can only foresee a few jihobbyists being moved by these magazines to literal action. The psychology and sociological gaps between experiences here in the West as opposed to those in the lands of the Ummah are large and so radicalization here is a tough nut to crack. One of the more notable things in this issue are the subtleties that have been employed by the writers. They have begun to use manipulative means of guilt such as an article about those still sitting behind the shahid (meaning those who have not taken action and become martyrs) to chide those reading the magazine. They also have begun using the Muslima angle rather adroitly with the article by Umm Yahya which starts off stating that she would love to be a mujahideen and would gladly become shahid. It goes on to wind its way to exhort the other Muslima out there to urge their men to become jihadi’s and fulfill their greater destiny. It’s a sly way to get a synergy going with those true believers to act and it’s really the first time I have seen this out of the AQAP/Malahem machine. Overall I don’t believe that this will win hearts and minds that in turn will beget lone wolf actors but I cannot discount the odd whacknut who buys it hook, line, and sinker either. I guess it’s just the next wave in the jihadi propaganda war that will mostly be played out online… And that is just fine with me because it is still one that never will be won by AQ.

K.