Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Economic Warfare’ Category

Malware Wars!… Cyber-Wars!.. Cyber-Espionage-Wars! OH MY

with 2 comments

X

Flame, DuQU, STUXNET, and now GAUSS:

Well, it was bound to happen and it finally did, a third variant of malware that is ostensibly connected to the story that Mikko Hypponen posted about after an email he got from a nuclear scientist in Iran has come to pass as true. The email claimed that a new piece of malware was playing AC/DC “Thunderstruck” at late hours on systems it had infected within the labs in Iran. I took this with a grain of salt and had some discussions with Mikko about it offline, he confirmed that the email came ostensibly from a known quantity in the AEOI and we left it at that, its unsubstantiated. Low and behold a week or two later and here we are with Eugene tweeting to the world that “GAUSS” is out there and has been since about 2011.

Gauss it seems had many functions and some of them are still unknown because there is an encryption around the payload that has yet to be cracked by anyone. Eugene has asked for a crowd sourced solution to that and I am sure that eventually someone will come out with the key and we will once again peer into the mind of these coders with a penchant for science and celestial mechanics. It seems from the data provided thus far from the reverse R&D that it is indeed the same folks doing the work with the same framework and foibles, and thus, it is again easily tied back to the US and Israel (allegedly per the mouthiness of Joe F-Bomb Veep) and that it is once again a weapon against the whole of the middle east with a decided targeting of Lebanon this time around. Which is an interesting target all the more since there has been some interesting financial news of late concerning banks and terror funding, but I digress…

I am sure many of you out there are already familiar with the technology of the malware so I am leaving all of that out here for perhaps another day. No, what I want to talk about is the larger paradigm here concerning the sandbox, espionage, warfare, and the infamous if not poorly named “CyberWar” going on as it becomes more and more apparent in scope. All of which seems to be centered on using massive malware schemes to hoover data as well as pull the trigger when necessary on periodic digital attacks on infrastructure. Something that truly has not been seen before Stuxnet and seems to only have geometrically progressed since Langer et al let the cat out of the bag on it.

Malware Wars:

Generally, in the information security sector, when I explain the prevalence of malware today I often go back to the beginning of the Morris worm. I explain the nature of early virus’ and how they were rather playful. I also explain that once the digital crime area became profitable and firewalls became a standard appliance in the network environment, the bad actors had to pivot to generally tunnel their data from the inside out home through such things as a firewall. This always seems to make sense to those I explain it to and today it is the norm. Malware, and the use of zero day as well as SE exploits to get the user to install software is the the way to go. It’s a form of digital judo really, using the opponents strength against them by finding their fulcrum weakness.

And so, it was only natural that the espionage groups of the world would turn to malware as the main means of gaining access to information that usually would take a human asset and a lot of time. By leveraging human nature and software flaws it has been a big win for some time now. I was actually amused that Henry Crumpton in the “Art of Intelligence” talks about how the CIA became a very early adopter of the network centric style of warfare. I imagine that some of the early malware out there used by spooks to steal from unprotected networks was CIA in origin and in fact that today’s Gauss probably has some relatives out there we have yet to see by people who have been doing this for some time now and we, the general public had no idea.

Times change though, and it seems that Eugene’s infrastructure for collecting data is creating a very wide dragnet for his people to find these infections and then reverse them. As we move forward expect to see more of these pop up, and surely soon, these will not just be US/UK/IL based attempts. Soon I think we will see the outsourced and insourced products of the likes of Iran and other nation states.. Perhaps we already have seen them, well, people like Mikko and Eugene may have at least. Who knows, maybe someday I will find something rooting about my network huh? Suffice to say, that this is just the beginning folks so get used to it.. And get used to seeing Eugene’s face and name popping up all over the place as well.. Superior showman that he is.

An Interesting Week of News About Lebanon and Bankers:

Meanwhile, I think it very telling and interesting as we see the scope of these malware attacks opening up, that not only one or two countries were targeted, but pretty much the whole of the Middle East as well. Seems its an equal opportunity thing, of course the malware never can quite be trusted to stay within the network or systems that it was meant for can we? There will always be spillage and potential for leaks that might tip off the opposition that its there. In the case of Gauss, it seems to have been targeted more at Lebanon, but, it may have been just one state out of a few it was really meant for. In the case of Lebanon though, and the fact that this piece of malware was also set to steal banking data from that area, one has to look on in wonder about the recent events surrounding HSBC.

Obviously this module was meant to be used either to just collect intelligence on banking going on as well as possibly a means to leverage those accounts in ways as yet undetermined by the rest of us. Only the makers and operators really know what the intent was there, but, one can extrapolate a bit. As terror finances go, the Middle East is the hotbed, so any intelligence on movement of money could be used in that light just as well as other ways to track the finances of criminal, geopolitical, and economic decisions being made there. Whether it be corporations or governmental bodies, this kind of intelligence would be highly prized and I can see why they would install that feature on Gauss.

All of this though, so close to the revelations of HSBC has me thinking about what else we might see coming down the pike soon on this front as well. Cur off the funding activities, and you make it much harder to conduct terrorism huh? Keep your eyes open.. You may see some interesting things happening soon, especially given that the Gauss is out of the bag now too. Operations will likely have to roll up a bit quicker.

Espionage vs. Sabotage vs. Overt Warfare of Cyber-Warfare:

Recently I have been working on some presentation stuff with someone on the whole cyberwar paradigm and this week just blew the lid off the whole debate again for me. The question as well as the rancor I have over the term “Cyberwar” has been going on some time now and in this instance as well as Stuxnet and Flame and DuQu, can we term it as cyberwar? Is this instead solely espionage? What about the elements of sabotage we saw in Stuxnet that caused actual kinetic reactions? Is that cyberwar? If there is no real war declared what do you term it other than sabotage within the confines of espionage and statecraft?

Then there is the whole issue of the use of “Cold War” to describe the whole effect of these operations. Now we have a possible cold war between those states like Iran who are now coding their own malware to attack our systems and to sabotage things to make our lives harder. Is that a war? A type of war? All of these questions are being bandied about all the while we are obviously prosecuting said war in theater as I write this. I personally am at a loss to say exactly what it is or what to term it really. Neither does the DoD at this point as they are still working on doctrine to put out there for the warriors to follow. Is there a need for prosecuting this war? It would seem that the US and others working with them seem to think so. I for one can understand the desire to and the hubris to actually do it.

Hubris though, has a funny way of coming back on you in spectacular blowback. This is my greatest fear and seemingly others, however, we still have a country and a government that is flailing about *cough the Senate cough* unable to do anything constructive to protect our own infrastructure even at a low level. So, i would think twice about the scenarios of actually leaking statements of “we did it” so quickly even if you perceive that the opposition has no current ability to strike back.. Cuz soon enough they will. It certainly won’t be a grand scale attack on our grid or telco when it does happen, but, we will likely see pockets of trouble and Iran or others will pop up with a smile, waving, and saying “HA HA!” when it does occur.

The Sandbox and The Wars We Are Prosecuting There by Malware Proxy:

Back to the Middle East though… We have been entrenched in there for so so long. Growing up I regularly watched the news reports about Lebanon and Israel, Iran and the hostages, Iraq, Saddam, Russian Proxy wars via terrorism, Ghadaffi and his ambitions as well as terror plots (which also hit close to home with the Lockerbee bombing) You kids today might think this is all new, but let me tell you, this has been going on for a long long time. One might even say thousands of years (Mecca anyone? Crusades?) So, it’s little wonder then that this would all be focused on the Med.

We are conducting proxy wars not only because of 9/11 but also economic and energy reasons as well. You want a good taste of that? Take a look at “Three Days of the Condor” a movie about a fictional “reader” for the CIA who stumbles on to a plan to disrupt governments in the Middle East to affect oil prices and access. For every person that said the Iraq war and Afghanistan wasn’t about oil, I say to them look at the bigger picture. There are echoes there of control and access that you cannot ignore. Frankly, if there wasn’t oil and money in the region, I think we would have quite a different story to look on as regards our implementing our forces there.

So, with that in mind, and with terrorism and nuclear ambitions (Iran) look at the malware targeting going on. Look at all of the nascent “Arab Springs” going on (albeit really, these are not springs, these are uprisings) we have peoples who want not to live under oppressive regimes not just because they aren’t free to buy an iPhone or surf porn, but they are also oppressed tribes or sects that no longer wish to be abused. All of this though, all of the fighting and insurgency upsets the very delicate balance that is the Middle East. Something that we in the US for our part, have been trying to cultivate (stability) even if that stability came from another strongman that we really don’t care for, but, who will work with us in trade and positional relevance to other states.

In goes the malware.. Not only to see what’s going on, but also to stop things from happening. These areas can be notoriously hard to have HUMINT in and its just easier to send in malware and rely on human nature to have a larger boon in intelligence than to try and recruit people to spy. It’s as simple as that. Hear that sucking sound? That’s all their data going to a server in Virginia. In the eyes of the services and the government, this is clearly the rights means to the ends they desire.

We Have Many Tigers by The Tail and I Expect Blowback:

Like I said before though, blowback has a nasty habit of boomeranging and here we have multiple states to deal with. Sure, not all of them has the ability to strike back at us in kind, but, as you have seen in Bulgaria, the Iranians just decided to go with their usual Hezbollah proxy war of terrorism. Others may do the same, or, they may bide their time and start hiring coders on the internet. Maybe they will hire out of Russia, or China perhaps. Hell, it’s all for sale now in the net right? The problem overall is that since we claimed the Iran attack at Natanz, we now are not only the big boy on the block, we are now the go to to be blamed for anything. Even if we say we didn’t do it, who’s gonna really believe us?

The cyber-genie is out of the cyber-bottle.

Then, this week we saw something new occur. A PSYOP, albeit a bad one, was perpetrated by the Assad regime it seems. Reuters was hacked and stories tweeted/placed on the net about how the rebel forces in Aleppo had cut and run. It was an interesting idea, but, it was ineffective for a number of reasons. The crux though is that Reuters saw it and immediately said it was false. So, no one really believed the stories. However, a more subtle approach at PSYOPS or DISINFO campaigns is likely in the offing for the near future I’d think. Surely we have been doing this for a while against them, whether it be in the news cycles or more subtle sock puppets online in social media sites like Twitter or Facebook. The US has been doing this for a long time and is well practiced. Syria though, not so much.

I have mentioned the other events above, but here are some links to stories for you to read up on it…

  • PSYOPS Operations by the nascent Syrian cyber warfare units on Reuters
  • Hezbollah’s attack in Bulgaria (bus bombing) in response to STUXNET and other machinations
  • Ostensible output of INTEL from Gauss that may have gotten HSBC in trouble and others to come (Terrorism funding and money laundering)

All in all though, I’d have to say that once the players become more sophisticated, we may in fact see some attacks against us that might work. Albeit those attacks will not be the “Cyber Pearl Harbor” that Dr. Cyberlove would like you to be afraid of. Politically too, there will be blowback from the Middle East now. I am sure that even after Wikileaks cables dump, the governments of the Med thought at least they could foresee what the US was up to and have a modicum of statecraft occur. Now though, I think we have pissed in the pool a bit too much and only have ourselves to blame with the shit hits the fan and we don’t have that many friends any more to rely on.

It’s a delicate balance.. #shutupeugene

Pandora’s Box Has Been Opened:

In the end, we have opened Pandora’s box and there is no way to get that which has escaped back into it. We have given the weapon framework away due to the nature of the carrier. Even if Gauss is encrypted, it will be broken and then what? Unlike traditional weapons that destroy themselves, the malware we have sent can be easily reverse engineered. It will give ideas to those wishing to create better versions and they will be turned on us in targeted and wide fashions to wreak as much digital havoc as possible. Unfortunately, you and I my friends are the collateral damage here, as we all depend on the systems that these types of malware insert themselves into and manipulate.

It is certainly evident as I stated above, our government here in the US is unable to come up with reasonable means to protect our systems. Systems that they do not own, Hell, the internet itself is not a government run or owned entity either, and yet they want to have an executive ability to shut it down? This alone shows you the problem of their thinking processes. They then decide to open the box and release the malware genie anyway… It’s all kind of scary when you think about it. If this is hard to concieve, lets put it in terms of biological weapons.. Weapons systems that have been banned since Nixon was in office.

The allusion should be quite easy to understand. Especially since malware was originally termed “Virus” There is a direct analogy there. Anyway, here’s the crux of it all. Just like bioweapons, digital “bioware” for lack of a better term, also cannot be controlled once let into the environment. Things mutate, whether at the hand of people or systems, things will not be contained within the intended victims. They will escape (as did all the malware we have seen) and will tend to have unforeseen consequences. God forbid we start really working on polymorphics again huh? If the circumstances are right, then, we could have a problem.

Will we eventually have to have another treaty ban on malware of this kind?

Time will tell.. Until then, we all will just be along for the cyberwar ride I guess. We seem to be steadily marching toward the “cyberwar” everyone is talking about… determined really to prosecute it… But will it get us anywhere?

K.

INFOPOCALYPSE: You Can Lead The World To The Security Trough.. But You Can’t Make Them Think.

leave a comment »

“Dark, profound it was, and cloudy, so that though I fixed my sight on the bottom I did not discern anything there”

(Dante Alighieri; The Inferno)

The current state of the Security “Industry”

It seems that once again people who I have acquaintance with in the security industry are wondering just how to interface with corporations and governments in order to build a base of comprehension about the need for information security. The problems though are myriad with these questions and the task to reach people can be a daunting one, never mind when you have groups of them in hierarchies that comprise some of the worst group think in the world (AKA corporations)

Added issues for the “industry” also surround the fact that it is one at all. Once something moves from an avocation to a profession, you have the high chance of it becoming industrialised. By saying something has been made industrialised, implies to many, the cookie cutter Henry Ford model really. In the security world, we have seen this from the perspective of magic boxes that promise to negate security vulnerabilities as well as teams of consultants who will “securitize” the company that is hiring them with magic tools and wizardry. The net effect here is that those paying for and buying into such products and services may as well be buying a handful of magic beans instead.

Now, not every company will be efficacious in their assessments nor live up to the promises they make for their hardware/software solutions. Many practitioners out there and companies really try to do the right thing and do so pretty well. However, just as in any other business, there are charlatans and a wide range of skilled and unskilled plying their arts as well. Frankly, all that can be said on this issue is “Caveat Emptor”  It’s a crap shoot really when it comes to goods and services for security solutions. The key is though, to be able to secure yourselves as a company/entity from the standpoint of BASIC security tenets up.

Often its the simple things that allow for complete compromise.. Not just some exotic 0day.

So we have a cacophony of companies out there vying for people’s dollars as well as a news cycle filled with FUD that, in some cases are directly lifted from the white papers or interviews with key players from those said same companies seeking dollars. It is all this white noise that some now, are lamenting and wondering just how do we reign things in and get a stable base to work from in an ethical way to protect companies and individuals from information security meltdowns. More so it seems lately, the question has been how do we reach these people in the first place? How do we actually get a meaningful dialogue with the corporate masters and have them come away with the fundamentals of security as being “important”

Unfortunately, I think that there are some major psychological and sociological hurdles to overcome to reach that point where we can evince the response we all would like to see out of those C level execs. I have written about them before, but I will touch on them again later in this piece. Suffice to say, we all have a tough row to hoe where this is concerned, so, I expect there to be no easy answer… Nor really, any satisfactory conclusions either.

“It is a tale Told by an idiot, full of sound and fury, Signifying nothing”

(Shakespeare; MacBeth)

Security Joan of Arc’s and their Security Crusade:

Joan De Arc was a woman ahead of her time. She wore men’s clothing and lead the French in battle against the English and to victory, all as a teen girl. She later was burned at the steak for heresy and just recently made a saint many years later. I give you this little history lesson (link included) to give you an idea of who you all are in the security industry lamenting over not being listened to. You too may be ahead of your time, but, just as she was, you too will not be listened to because your ideas (to the listeners) are “radical”

Now, radical is a term I am using to denote how the corporate types are seeing it. We, the security advocates, do not see these concepts as radical, but instead as common everyday things that should be practices (complex passwords, patching effectively, etc) They (the client) see these things as impediments to their daily lives, their bottom lines, and their agenda’s both personal and corporate. There are many players here, and all of them have agenda’s of their own. This is a truism that you must accept and understand before you rail against the system that is not listening to your advice.

Here’s a bit of a secret for you.. The more ardent you seem, the more likely you will be branded a “Joan” The perception will be that you are a heretic and should not be listened to. Instead you should be marginalised in favour of the status quo.. After all, they have gone about their business every day for years and they are just fine! The more you rail, or warn with dire tones, the more you will be placed at the back of the mind.

Think Richard Clarke (I heard that chuckle out there)

Though Joan inspired the French forces to battle on and win more than a few battles, she eventually was burned at the steak. Much of this was because of her unique nature and fervour. Much as yours may do the same to you… Without of course literally being burned at the steak and you all must learn this. I think you have to take a page from the hackers playbook really and use the axiom of being a “Ninja”

The subtle knife wins the battle.

 

“If the Apocalypse comes, beep me”

(Joss Whedon;Buffy the Vampire Slayer)

What’s the worst that could happen really?

The quote above really made me chuckle in thinking about this article and the problems surrounding the premise. This I think, is the epitome of some people’s attitudes on security. Most folks just go along their days oblivious to the basic security measures that we would like them to practice as security evangelists. The simple fact is that like other apocalypse scenarios, people just have not lived through them and been affected by them to change their behaviours accordingly. What solidified this for me recently was the snow storm last October here in New England that caught so many people flat footed. They simply had not ever really had to rely on their wits and whatever they had on hand before like this. When the government and the corporations (CL&P) failed to provide their services to the populace, the populace began to freak out.

Its the same thing for information security. Whether it is the government or the corporations that supply us all, both are comprised of people who all pretty much lack this perspective of being without, or having really bad things happen to them. 9/11 comes the closest, but, that only affected NYC and DC directly (i.e. explosions and nightmarish scenarios with high casualties) In the case of corporations, you have lawyers and layers of people to blame, so really, what are the risk evaluations here when it is easy to deflect blame or responsibility? For that matter, it was inconceivable to many in the government (lookin at you Condi) that terrorists would use planes as missiles… Even though a month before a report was handed out with that very scenario on the cover.

The core of the idea is this. Human nature on average, and a certain kind of psychology (normative) that says “This can’t happen to us” We all have it, just some of us are forward thinking and see the potentials. Those forward thinkers are likely security conscious and willing to go out of their way to carry out actions to insure their security. Things like storing extra food and water as well as other things that they might need in case of emergency. These can be life of death deal breakers.. Not so much for information security at your local Acme Widget Corp. In the corporate model, they have the luxury of “It’s somebody else’s problem” So, these things are usually not too important to them unless that person making the decision is cognisant of the issues AND responsible for them. Unfortunately, as we have learned these last 10 years or so, responsibility is not their strong suit.

So, on they go.. About their business after you, the security curmudgeon has told them that they need to store food for the winter..

But the grasshoppers, they don’t listen… Until they are at your door in the snow begging for food.

 

“More has been screwed up on the battlefield and misunderstood in the Pentagon because of a lack of understanding of the English language than any other single factor.

(John W. Vessey, Jr.)

How do we communicate and manipulate our elephants?

Back to the issue of how to communicate the things we feel important. This has been a huge issue for the security community for a couple of reasons.

  1. The whole Joan of Arc thing above
  2. The languages we speak are.. Well.. like Tamarian and theirs are corporate speak.

We, the security practitioners, often speak in metaphor and exotic language to the average corporate manager. You have all seen it before, when their eyes glaze over and they are elsewhere. We can go on and on about technical issues but we never really seem to get them to that trough in the title. Sometimes you can get them to the trough easily enough by hacking them (pentesting) but then they think;

“Well this guy is a hacker… No one else could do this! What are the chances this is going to really happen? Naaahhh forget it, it’s not likely”

So there is a bias already against doing the things that we recommend. Then comes the money, the time, and the pain points of having to practice due diligence. This is where they turn off completely and the rubric of it is that unless they are FORCED to carry out due diligence by law or mandate, they won’t. We all have seen it.. Admit it.. It’s human nature to be lazy about things and it is also human nature to not conceive that the bad things could happen to them, so it would be best to prepare and fight against them.

So, how do we communicate with these people and get them on the same page?

I have no answers save this;

“Some get it.. Some don’t”

That’s the crux.. You have to accept that you as the security practitioner will NEVER reach everyone. Some will just say thank you and good day… And you have to accept that and walk away. As long as you have performed the due diligence and told them of their problems.. You have done all you can. You can try and persuade or cajole them… But, in the end, only those who get it or have been burned before will actually listen and act on the recommendations you make.

“The greater our knowledge increases the more our ignorance unfolds”

(John F. Kennedy)

The Eternal Struggle

There you have it. This will always be the case and it will always be the one thing that others seeking to compromise corporations and governments will rely on. The foolishness of those who do not plan ahead will be their undoing..

Eventually.

All you can do sage security wonk, is calmly and professionally explain to them the issues and leave it to them to drink.

K.

Anon Analytics: Stock Manipulation Through Information Release & The Slippery Slope

leave a comment »

It's all about the information Maaahhty

Cosmo: Posit: People think a bank might be financially shaky.
Martin Bishop: Consequence: People start to withdraw their money.
Cosmo: Result: Pretty soon it is financially shaky.
Martin Bishop: Conclusion: You can make banks fail.
Cosmo: Bzzt. I’ve already done that. Maybe you’ve heard about a few? Think bigger.
Martin Bishop: Stock market?
Cosmo: Yes.
Martin Bishop: Currency market?
Cosmo: Yes.
Martin Bishop: Commodities market?
Cosmo: Yes.
Martin Bishop: Small countries?

In a previous post I wrote about the nascent “Anon Analytics” group that had popped up claiming that they were going to out corruption in corporations by using OSINT and inside leaks/whistle-blowers. On the face of it, I thought this was a good idea and said as much in the post. I had caveats though that they confirm their information and that they be above board. I received a response from Anon Analytics thanking me for the article and that they had found it interesting.  I however, had failed to read the disclaimer on the first report by Anon Analytics and as such, this is my mea culpa as well as another warning to Anon that they need to keep things above board here.. Lest they become just as bad as those who they are claiming they are outing for misdeeds.

I was alerted to an article from Finance Asia that called them on the fact that within this disclaimer, they are making the statement that the assumption must be made that the “Partners, Affiliates, Consultants, Clients, and other related parties” hold “short” positions in the securities profiled in the report. Which means that all of the parties named there will profit from shorts due to the data being released and potentially causing the stock to plummet and fail.

Say.. Isn’t that what got us all into this fix today with the markets and the banks in general?

Yes, indeed, that is the case and this statement within their disclaimer alone causes me to pretty much rescind my previous statements about any kind of approval for these efforts by Anon Analytics. Really, this is the pot calling the kettle black and then throwing feces to boot. This is not how you rectify malfeasance! Frankly, this could just then be considered only a machination to make money off of the use of information warfare (disinformation as well) to profit and manipulate the markets.

.. And as far as I know, this is rather illegal…

Look, what I said before about being above board with this effort still stands. If you want to right wrongs then you cannot use this effort as a potential piggy bank as well. At the present time, I cannot confirm all of your data from Chaoda however, if you look at the news following the reports release, you can see how you affected the market and the stock. The cause and effect may or may not have anything to do with your report in fact, but, time will tell if there are any real arrests in the whole affair concerning Chaoda. If there aren’t and nothing can be conclusively proven, then what has really been done to the company? Some losses yes, and, by your statement, those around you will profit.. Potentially.

If you want to make a difference, you cannot be a party to profit from information warfare that you are generating.

K.

Written by Krypt3ia

2011/10/12 at 14:25

Occupy Wall Street & Anonymous: Conflation, Synergy, Diffusion, and Media Spin

with 2 comments

Image from the San Francisco Chronicle

It All Started With Anonymous and Wikileaks

The Chinese have an aphorism “May you live in interesting times” It’s a bit more of a curse than it is an aphorism, but, the gist is that they are not wishing you a “good time” It has been feeling pretty “interesting” this last year and I really have to say that it all stems from Anonymous’ and their ignition of the nascent feeling today of powerlessness on the part of many. Whether it be their personal lives, or perhaps by looking at the whole of the world through the instantaneous news cycles that today’s technology has afforded, in general, people are not feeling as though they have much control over their daily lives.

I would have to say that much of this has its genesis in 9/11 and the post 9/11 world that we have come to be in. Security has become the operative word for some excesses by government to use its powers (self created) Case in point, the ability to spy on anyone deemed to be a threat without a warrant. The knee jerk reaction to 9/11 has allowed for a fear based response that has set some pretty scary precedents these last 10 years. Add to this the bank scandals, the recession, the fallout from Fanny and Freddy, and waves of greed and misdeeds on the part of corporations that influence the government, and we have quite the picture of how things have gone sideways.

But.. Much of this is not new I’m afraid. Wikileaks just opened the secret flood gates in some ways. Though, had you been paying attention you likely would have already known much of what Wikileaks was trying to say before the big dumps began to show up online.

What is new is that a new generation of youth have been disenfranchised enough to take up arms against it all as they see fit. Anonymous, was the catalyst for this in their early attacks on oppression like “Scientology” a system which really is much more a corporation melded with a religiosity (faux) to create an entity that is not taxed, does not have oversight by anyone, and seems for all intents and purposes, to be a “Corporate Cult”… Which when I think about it now post Steve Jobs departure from this mortal coil, is a lot like the reverb surrounding Apple and the Jobs-ian “passing on to a higher plain” claptrap.. But that is another story…

Either way, the gist of this all is that Anonymous and Wikileaks is the progenitors here I think, and it is the very nature of the collectives technical bent that has lit this fuse that finally reached out of the digital Kabuki theatre and on to the real streets.

Technology, The Great Equalizer

Anonymous’ use of technology only comes naturally as they formed online. It is with the growth of social media and the connectivity that we all have today with smart phones, that the movement went viral. Some may say it was the targeting, but I would say that the targeting was always there, but those who were feeling the miasma weren’t able to express it in the normal ways of yesterday. However, with blogs, micro-blogs, twitter, texting, etc, people coalesced into groups on their own with a collective gravity that eventually, had enough psychic mass to catch on large scale.

It is this very thing that has led to what we see today. From flash mobs to the final outcome of the occupy movement that harkens back actually to the early Tea Party movement in the way the word got out and collected like minds to its cause. All of these people have found each other and inspired one another to react to what they are perceiving as injustice within the systems in which they live. The technology has given the tools to the populace to respond in a way that only the mass media has had the corner of the market on for so long.

Added to this the technical aspects that bred not only the Anonymous “Hactivism” we have a new paradigm for dissent. The recent threat to DoS NYSE by Anonymous is case in point to the technology being used as not only a weapon but also as a means of protest, though the legalities of such attacks is questionable. The law has yet to catch up on much of the technology, so the arguments upcoming over the LOIC arrests for the MasterCard denial of service attacks will likely generate new law either way.

Interesting times indeed.

Occupy Wall Street.. Why Again?

Of late, the “occupation” movement has picked up speed all around the globe. However, it seems that with these demonstrations unlike the ones in the 60′s over Civil Rights, seems rather more diffuse when you go and observe what’s going on. Now, one could say that this is media spin, but, when I look at the aggregate reporting from all sides, I can see how some might categorise the movement as being diffuse. On some fronts, the movement seems to have been co-opted by others with more shall we say, exotic demands? I guess my fear would be that this turns into a Lolapalooza  or a Burning Man instead of a protest with specific goals in mind.

Occupy Wall Street has a set of 13 goals that seemed to me pretty straight forward, yet, they seem to be open ended. Perhaps the movement might tighten them down a bit and generate some more concise and workable (demands) for lack of a better term? In the era of the 60′s there was a defined demand for a civil rights bill.. I suggest to you all now that you work something akin out on paper to give to the congress critters that want to work with you. After all, its kinda pointless to ask for things like “stuff” and expect to get something back (including support) that is concrete from the establishment. How about you get some of the luminaries in the economics field to give you ideas for positions?

Unless you direct all this energy, you will all be collectively mocked as a bunch of stinky hippies without jobs or just attributed to be “malcontent’s”

Define the argument… Get the 60′s protesters to show you the way.. After all, they really did change things..  For a while.

The Media, Lapdogs To The Corporations?

Speaking of perceptions, here we have one of the key issues today. For a long time it seemed as though the mainstream media was ignoring the protests. Perhaps they thought it was just going to go away and it wasn’t news. However, as they have come to find out, there seems to be a large disenfranchised populace out there willing to protest. Just who are they protesting and what seems to be the issue both from the perspective I have as well as what the media might want to portray it to be.

Yes.. That’s right, I am not a fan of the media today. It is my opinion frankly that Cronkite’s demise only saved him further pain and anguish over the career that he loved so much. The mainstream media as it’s called, is pretty much a corporate run “profit” centre as opposed to what it used to be “a cost centre” That’s right kids, as soon as news became a “for profit” business as a whole, its efficacy in providing true reporting became much diminished. Now, this is not to say that this wasn’t the case before. In the 19th century all you had to do was look at the newspapers of the day and you could see it was all about “if it bleeds it leads!” and just how much money could be made with a lurid headline. Of course today we get the same treatment from a fire-hose of sources online and off, all of which is now pretty much solely being run for profit.

When people talk about the media being the lapdogs of corporations, they need only look as far as FOX *cough* News, who really came down to the point in a court case claiming that they aren’t really news, but instead “entertainment” Enough said really huh? So, when I see the stories not only about things like Occupy Wall Street, but also anything I have a pretty good knowledge of, I see their spin to get headlines and attract viewers.. Viewers who in turn are the targets of marketing and advertising between segments. Follow the money…

Of course speaking of Fox, you only have to read a bit more and see how Mr. Kane.. Uhh, I mean Mr. Hearst… Uhh, I mean Mr. Murdoch uses his papers and other media operations to sway the public and the government. Even his machinations involving phone hacking is a telling piece of the puzzle no? Yes Virginia, Mr. Murdoch does underhanded things to get what he wants…

So, while we are protesting the other injustices, one might suggest that you all pay attention to the media that you are being interviewed by and made into sound bytes…

They can control the story.. Catch them at it… Stop it when they do.

The Governmental Response and New Backlash

Meanwhile, another faction that is being used by the media (hand in glove) is the government and the players within it who would use these tools. The recent coverage of the Occupy Wall Street movement on CNN for instance shows how the media can be used to portray the movement as nothing but unwashed stupid hippies (the falor Newt gave to the debate) Perhaps Newt was misquoted? Maybe it’s out of context? I think not. I find it really funny that the Republicans have latched onto this issue by saying that it is a symptom of “Class Warfare” and generally acting like the old man yelling at the kids to get off his lawn. Well, come to think about it, I guess that is pretty much on the mark, Wall Street is their lawn ain’t it?

The Democrats are only a little better on this issue as well. Sure, they support what is happening or what’s being said, but really, do any of us really think they are feeling so moved by their own ethos? Or might it be that it’s election season and they are seeing potential voters? Yeah, I think its the latter too. Frankly both parties are useless in my book and as for the Tea Party, well, they are pretty much tinfoil hat wearing reactionaries to me. However, this is not to say that they don’t have a core idea that is right.

Change needs to happen.

It’s just how and by whom is the real question.

So, when all of the Congress critters get in on talking about this I take it all with a pillar of salt, not just a grain. Meanwhile, we have the police responses to the protesters. For the most part, I can take no issue with the arrests that have happened on the face of them “legally” however, when violence is involved, then I begin to wonder just what the Hell is going on. Of course tensions will run high and there will be morons like Bologna (mace boy) but on the whole, I think the response thus far has been pretty even handed on the part of law enforcement. I know others will likely take issue with this, but, this is just my opinion of what I have seen thus far.

However.. Just how long will it be before the anti-occupy Wall Street folks start showing up fueled by the likes of the Tea Party whacknuts or worse?

Time will tell…

A Return of the Sixties and Socio-Economic Upheaval?

I have written at least a couple of times in the past year that I was beginning to feel as though the 60′s were coming back. With the Occupy Wall Street movement gathering strength and more voices being added, the spectre is back isn’t it? We still have many of the issues from the 60′s that haunt us all, but I would have to say that I am going to amend this statement with a time shift as well as political bent. I would have to say that this movement has much more akin with the 70′s than the 60′s.

In the 70′s we had the Vietnam war still ongoing. We had Nixon and the excesses of his grab at illegal wiretapping and wet-work in the US as well as outside. When it all came to light with the publishing of the Pentagon Papers as well as the exposure of the “Plumbers” by Woodward and Bernstein we got a peek into executive malfeasance. Compare that to today post GWB and two wars post 9/11… No wonder we all don’t trust our government huh? Now though, we have the elephant in the room added to the mix of business and money seeking to control the government through lobbying and other chicanery.

Frankly, it took an economic apocalypse to wake people up to it all..

My Conclusions On All of This

I foresee “interesting times” ahead. This movement will continue and likely will have no real effect in the short term on how our government is being run (primarily meaning going to the highest bidder) However, I think that this movement may in fact spawn the youth of today to action. Action meaning that they will take an interest in the system and perhaps seek ways to improve it. My hope is that they do and that someday things get a bit more cleaned up but, that may not be for some time. The sad truth of it though, is that for every Mr. Smith going to Washington, there is another who goes without the wide eyed wonder and sense of honesty who just seeks to puff themselves up and line their pockets.

Another sad fact is that there may even be some altruists who go there with good intentions and then find themselves following the lead of the Mr. Potter’s of the world.

One hopes that is not the case..

K.

OP OccupyWallStreet, OP “InvadeWallStreet”, “The Bankers Are The Problem”, and Disinformation

with 2 comments

The Focus and the Locus:

Now that Occupy Wall Street is in full swing and spinning off other occupations the media is finally paying attention. That attention has begun to show just how unfocused this group really is, in fact, I might say “groups” really because I don’t believe there is a central locus to all of this. I really think that this is in part due to the genesis of Occupy Wall Street being created by those who are either a part of Anonymous or like minded. Just as Anonymous seems to lack cohesion much of the time, so too does the (anonymous approved) Occupy Wall Street crowd as well. This is not to say that their list of demands from the Occupy Wall Street site is unclear. In fact, this is the only group that seems to be clear at all, but, when you ask the average protester, you get mixed replies. So, the message seems to be lost here.

Occupy Wall Street’s Demands:

Demand one: Restoration of the living wage. This demand can only be met by ending “Freetrade” by re-imposing trade tariffs on all imported goods entering the American market to level the playing field for domestic family farming and domestic manufacturing as most nations that are dumping cheap products onto the American market have radical wage and environmental regulation advantages. Another policy that must be instituted is raise the minimum wage to twenty dollars an hr.

Demand two: Institute a universal single payer healthcare system. To do this all private insurers must be banned from the healthcare market as their only effect on the health of patients is to take money away from doctors, nurses and hospitals preventing them from doing their jobs and hand that money to wall st. investors.

Demand three: Guaranteed living wage income regardless of employment.

Demand four: Free college education.

Demand five: Begin a fast track process to bring the fossil fuel economy to an end while at the same bringing the alternative energy economy up to energy demand.

Demand six:
 One trillion dollars in infrastructure (Water, Sewer, Rail, Roads and Bridges and Electrical Grid) spending now.

Demand seven: One trillion dollars in ecological restoration planting forests, reestablishing wetlands and the natural flow of river systems and decommissioning of all of America’s nuclear power plants.

Demand eight: Racial and gender equal rights amendment.

Demand nine: Open borders migration. anyone can travel anywhere to work and live.

Demand ten: Bring American elections up to international standards of a paper ballot precinct counted and recounted in front of an independent and party observers system.

Demand eleven: Immediate across the board debt forgiveness for all. Debt forgiveness of sovereign debt, commercial loans, home mortgages, home equity loans, credit card debt, student loans and personal loans now! All debt must be stricken from the “Books.” World Bank Loans to all Nations, Bank to Bank Debt and all Bonds and Margin Call Debt in the stock market including all Derivatives or Credit Default Swaps, all 65 trillion dollars of them must also be stricken from the “Books.” And I don’t mean debt that is in default, I mean all debt on the entire planet period.

Demand twelve: Outlaw all credit reporting agencies.

Demand thirteen: Allow all workers to sign a ballot at any time during a union organizing campaign or at any time that represents their yeah or nay to having a union represent them in collective bargaining or to form a union.

These demands will create so many jobs it will be completely impossible to fill them without an open borders policy.

All of these demands seek to rectify some area of social injustice and on the whole would be nice to see frankly.. This is not to say they will ever happen. So, the media is being rather disingenuous or, shall I say lackadaisical in reporting the whole story here? There are demands, there are people who might be able to recite them or have them on a sign, but, its easier and more news worthy if they report that a mass of whacky nouveau hippies have taken to the streets in Manhattan right?

I am guessing though, that the masses of people that they might gravitate to would just be the “newsworthy” one’s with the crazy eyes to make their segments pop..

So, Occupy Wall Street and Anonymous, I think, if you are behind all of the above demands, then you should set the record straight and often instead of just letting the media portray you all as bags of crazy. This will only lend to the image that the right has of you and serve you no purpose. Focus on the issues here so as to not just get cast aside as a group of malcontent’s  alone. Of course, the genie is out of the bottle in many ways Anonymous, you see, in your inability to control the message (due to your very nature of herding cats) has opened the door to others who would seek to derail everything.

Whether they be individuals, corporate entities, or.. Who knows…

Disinformation and Conspiracies:

Back in August I and my partners on the Anonymous panel warned that your message was diffused, uncontrolled, and could be easily hijacked or turned around by those who want to sow trouble. Much as the Lulz came out and caused so much damage, so too now are the conspriacists, and the disinformation (spin doctors) seeking to control the message and the movement (or at least parts of it they can influence) In an earlier post I wrote a bout the psychology that I believed to be prevalent within the Anonymous crowd as well as the median ages. Due to the age groups involved, much of the naivety can be laid upon their youth and the fact that their brains are not fully formed. However, there is a lot more going on here.

Some have been working behind the scenes to stoke the conspiracy fires that have been burning for a while now. Conspiracies that have been streamed online by the Alex Jones’ of the world. It was this kind of dark reality that I think prompted the first Youtube video posted at the top of this article. I have written recently about this vid and have to wonder if this is just a splinter person looking to gain traction on their personal belief or something else.  Could this video that purports to be an “Anonymous” person from NYC be just a manipulation to incite the thus far mostly peaceful protests at Wall Street to violence?

This one video really touches on all the key points of conspiracy belief.

  • The bankers at the cause of all our troubles
  • The bankers fund coup d’etat’s and war on both sides
  • The Bankers are the modern Medici’s controlling governments and the message
  • The Root of all evil are Bankers and they are the bane of humanity
  • Bankers control the media and the education system
  • Bankers launder drug money and keep the drugs illegal
  • The international Banker is the scum of the earth
  • Bankers are the infected blankets and whiskey on the Indian reservations

I guess the real question about this video and its release is whether or not it is convincing enough to cause anyone to really commit violence against bankers or others down on Wall Street. The other effect it likely will have is to re-enforce the belief in conspiracy theories by the Anonymous groups in general. A high number of Anon’s seem to hold to these theories and one has to wonder just where this might lead them.

NLP and Other Means of Manipulation:

One of the problems with this video is that the diatribe presented by the narrator is using a form of NLP (Neuro Linguistic Programming) to make his points. This type of leading language and word choice makes the argument even more potent to a believer of the conspiracy or conspiracies in general. While not actually “NLP” in the strict sense of the term, the narrator does a pretty good job at sounding convinced of his statements and mentally mirroring the self fulfilling prophecies conspriacists espouse.

As you might be able to tell, I am intrigued by this video and its creator. My fascination stems from the programming style of presentation down to the use of music in the background (something along the lines of Dead Can Dance chant) that sets a psychological stage key to its purpose. Was this created by just another guy with some skill? Or was this something that was created by professionals?

Professionals you might say? Has he gone round the conspiracy bend?

Well, take a look at the video.. Not much to see..

Now “listen” to the video. Look away and just listen to it. Then you will tell the difference here. The dialogue is smooth, professional. The choice of the narrator, if one was “chosen” was good in that it is one of those egotistical and self important sounding persons with an English/Aussy accent akin to the voice of “The Voice of Britain” aka Lewis Prothero on V for Vendetta. Remember, oration is a key to convincing people, just ask Hitler and Goebbels, so this choice was deliberate I think. My question is this;

“Was this a pre-canned voice over from something else?”

“Is this the actual author’s voice?”

If this was not a one or two man job, not to sound conspiratorial, then just who and why did they do this? For the lulz? Still, the message is key and the scariest part of it all. Mainly, advocating physical violence against all bankers and the system itself.

Attacking Wall Street Digitally and Its Fallout:

Meanwhile, there is another message (linked above) that was recently released exhorting people to take part of a DD0S of the NYSE website. The actual words used were to “erase” NYSE from the web or some such, but you get the idea. This, to me, is the next step before actual attacks on bankers by people on the street. It’s pretty much the digital pitchfork and torch patrol. If this attack is carried off, and there are other issues that stem from these attacks (say someone actually hacks the site or their systems in some way) it would have a cascade effect on the markets that likely could cause many more problems for the economy.

FUD is a great motivator in the tanking of the markets and an attack on the NYSE itself, or NYNEX, or any of the players here could have ripples later on. Those ripples would come in the form of people selling off their stocks, companies and corporations as well, and the net effect could potentially be large losses in the market. Even the DoS of the site could sow enough FUD in the system so as to cause this to happen.. Just look at what happened in Hong Kong last month. While it did not kill the market, it did cause large losses and a depressed market in HK for a while.

Anonymous, for what its worth claims that they did not put this video out nor the call to DoS Wall Street. Of course with Anonymous, there is no way to really know if it was a sanctioned operation because of Anonymous’ very nature. They are decentralised (sorta) due to the splinter cell nature of it now. Even if they wanted to, Anonymous could no longer control their masses because the “Idea” is hard to stop.. The people acting on it.. Not so much as we can see from the arrests so far. What it really comes down to is that the DDoS of Wall Street is an exceedingly bad idea as is the all out “run” on bankers and no matter what the core of Anonymous says or does, they likely can’t stop its happening in their name.

And this will be their demise… The genie is literally out of the bottle.

K.

Written by Krypt3ia

2011/10/05 at 18:31

ウェブ忍者が失敗する : Dox-ing, Disinformation, and The Fifth Battlespace

leave a comment »

Digital Ninja Fail: ウェブ忍者が失敗する

The recent arrests of alleged key members of LulzSec and Anonymous have been called into question by the ‘Web Ninja’s‘, a group of would be hackers who have been ‘DOX-ing” the anonymous hierarchy for some time now. Yesterday, they posted the following on their page concerning the arrest of a man from the Shetland Islands who is purported to be ‘Topiary‘ by the Met and SOCA.

Now, this is a bold statement for anyone who really knows what they are doing in the intelligence analysis field. So, it is my supposition that these guys have no clue about what they are doing by making bold assertions like this. The data they have is tenuous at best and by making such bold statements, I have to wonder if indeed the so called ‘Ninja’s” themselves might not be a tool of anonymous to in fact sow that disinformation.

Here are the facts as I see them;

  • To date, the federal authorities have not questioned anyone who was DOX’d by the Ninja’s that I am aware of
  • The individuals who were DOX’d that were investigated by the authorities were in fact outed by LulzSec/Anonymous themselves
  • Adrian Chen has spoken to the person that the Ninja’s have fingered and claims that he (said person) went to the authorities himself. So far he is still not a suspect.

So, taking into account these facts, I would have to say that the Ninja’s have failed in their stated mission so far and I would suffice to say that if they are indeed a part of a disinformation campaign, then that too has failed. After all, the police seem to be ignoring the data put on the interent by the likes of the Ninja’s in favour of other tried and true tactics. The primary tactic as I see it, is grab one individual and then get them to roll over on their compatriots in the face of massive jail time.

This pretty much works all the time as we, as human beings, are most willing to sacrifice others for the self. In the case of the likes of LulzSec skiddies, I would have to say that the ages of the players, and their generational tendencies will allow them to cut deals pretty quickly. It’s my assessment that they are in it for the self gratification and lulz, not for the altruism that the LulzSec and Anonymous press releases have been trying to have one believe. My assumption is that if indeed the 19 year old guy they popped in Scotland is involved with LulzSec, and is in fact Topiary, he will roll over soon enough.

I also believe that these are all untrained operatives and they have made and will make more mistakes. I am pretty sure that the alleged “leaderless” group has leaders AND that unlike a true guerrilla warfare cell, will know the other players personal details. Essentially, they have had no compartmentalisation and they will all fall eventually though interrogation and deal making. As I said before, the insider threat to the organisation is key here, and it was this idea I think the Ninja’s had.. Well, at least that was the original idea of the Ninja Warrior. They were spies who infiltrated the ranks and destroyed from within.

So far with these guys.. Not so much.

Welcome To Spook World: Disinformation Campaigns and Intelligence Analysis

Now, on the whole disinformation thing, I know that the Lulz and Anonymous have said that they are using disinformation as well to try and create a smoke screen. Frankly, all of the intelligence out there that is open source is suspect. Maltego map’s of end user names as I have shown in the past can be useful in gathering intelligence… Sometimes. For the most part, if a user keeps using a screen name in many places and ties that name to real data, then they can be tracked, but, it takes a lot of analysis and data gathering to do it. Though, many of the foot soldiers within the Anon movement are young and foolish enough to just keep using the same screen names for everything so there is a higher likelihood that the data being pulled up on Maltego and with Google searches is solid enough to make some justified conclusions.

With the more experienced people though, there has been some forethought and they have protected their identities as best they could. What became their real downfall was that they could not rise above petty infighting and dox-ing each other. Thus you have the start of the potential domino effect on the core group as well as anyone who has any peripheral affiliation with the Lulz. Be assured, those who have been pinched are giving up as many names as possible as well as whatever is on their hard drives, Anon hacker manuals or not. All of these scenarios lead to the conclusion of more arrests by the authorities and even more skiddies getting into legal trouble around the globe. Meanwhile though, if the core group has been smart, then perhaps the leaders will skate for a time, using the masses as canon fodder.

Gee kids.. Did you know that you were all expendable?

On another tac, I would like to speak about the potential of the disinformation campaigns being perpetrated by the authorities as well. Consider that the trained professionals out there who are hunting these characters (Topiary, Sabu, et al.) are also adept at using not only the technologies of the fifth battlespace, but also the training afforded them in ‘spook world’ This means disinformation campaigns, mole hunts, and insurgencies of their own, getting to the inner core of Anonymous and Lulz. Now, that there were six (alleged) lulzer’s it would be more difficult to do, especially if those LulzSec folks really do know one another (as they claim they do not, which, I just don’t buy.. Remember the compartmentalisation issue) The agent provocateur’s are out there I am sure and with each rung of the ladder, they get closer to the core group.

That is unless the core group falls apart on their own and DOX’s each other out. In the end, I am going to suggest that the authorities will use all of the tricks of the trade on the Anon/Lulz folks to bag them… And with concerted effort by government resources, they will get their men/women.

Untrained, Unruly, and Unprofessional Operators:

“Discretion is the better part of valour” as they say, and in the case of the Lulz and Anon crews, they seem to not have a clue. Perhaps the Lulz think that by being unruly and unpredictable to a certain amount, will be just the cover they need, but, I think that their lack of discretion will be their undoing as well as their hubris. Had many of these folks had some real training, they might have just stood down for a while (not just a week or so) after setting sail into the sunset.

As I have said before, it was a bad idea to recruit and have comm’s out in the open on IRC servers even if they had ‘invite only’ channels. As is being seen now, someone (jester perhaps) has taken down their servers again after other outages due to Ryan Cleary’s attack and pressure from the government on those connection sources that the Anon’s were using. I am sure the idea was to have a movement that could also serve as diversion for the core users as well as to LOIC, but this all failed in the end didn’t it? The LOIC is what has given the FBI the 1,000 IP addresses as a hit list, so to speak, that they are now using to collect people and charge them for the DD0S attacks.

Had these people been trained or not been so compulsive, they might have had more of a chance to keep this up for a much much longer time. As I write, the Lulz do continue, but they have slowed quite a bit since the arrests started again. This I think is because the cages are starting to get rattled and people are finally coming to the conclusion that some discretion is needed to not end up Bubba’s play pal in prison. It’s a learning curve, and likely going to be a painful one for the kiddies.

Unprofessional actions within this area of battle will end up with your being put in jail kids.

To end this section I would also like to add this thought. My assessment of the Lulz core group is this;

  • They were drunk on the power of their escapades
  • The more followers they had and more attention, the less risk averse they became
  • They seem to have compulsion disorders (don’t say it.. Aspergers!) that seem to not allow them to lay low (until now it seems)
  • The ego has eaten their id altogether
  • Base ages are within the teens with a couple over 20

Technical Issues Within The Fifth Battlespace:

Another BIG issue within this battlespace is the technology. The Anon’s and Lulz have been ascribing to the idea of “Proxies, we haz them! So we’re secure!” and to a certain extent they are right. There are always ways around that though and certainly leaks in data (such as the TOR leaks that have happened) that could lead someone to locate the end user behind the proxy, so they are not fool proof. Certainly not if the fool in question is some skiddie 12 year old using LOIC un-proxied and not obfuscated while they D0S Paypal.

The problem is that the technology could fail you as well as the untrained operative could make small and large mistakes that could lead authorities right back to their IP and home accts. On the other side of that equation is that when properly done, it is damn hard to prove a lot in hacking cases because of obfuscation, as well as mis-configured end systems that have been hit. I cannot tell you how many times I have seen incidents play out where the target systems had no logging on as well as being completely un-secured, thus leaving practically nothing for a forensics team to find and use.

Once again, this brings us back to the insider threat, whether they be the insider who decides to go turncoat, or, the agent provocateur (i.e. Jester and the Ninja’s as well as others from the authorities) who infiltrate the Lulz and then gut them from the inside. What it really boils all down to is that in the end, it will be the foibles of the Lulz core and the actions of spooks that will bring them down.. And I think they are learning that very fact now.

JIN; One Must Know The Enemies Mind To Be Victorious:

As a last note, I would like to say to the Ninja’s, you need to learn and practice your Kuji-in. It is obvious to me that you have failed on the ‘Jin’ (knowing the opponents mind) with your dox attempts. Until such time as I see people being hauled in that directly relate to your documents posted, then I am going to consider the following to be the case:

  1. DOX-ing is mostly useless and takes quite a bit of analysis before just releasing names
  2. The Feds are not taking your data as gospel, nor should the general public or media
  3. You yourselves may in fact be a tool of Anonymous/Lulz and as such, spewing disinformation
  4. You could be right, but by releasing it to the public at large, you are letting the Lulz know to destroy evidence and create obfuscation that will hinder arrests later.

Ninja’s got results.. Not so much for ‘Web’ Ninjas. At least Jester, if his claims are true, is breaking their C&C channels lately.. Which has its own problematic issues.. Just like his meddling in the Jihadi area, but, that’s a story for another time.

K.

From Lulz to Global Espionage: The Age of the Cracker

leave a comment »

It seems that 2011 is turning into the year of the cracker. Between Anonymous, Lulzsec, and the ongoing wave of espionage being carried out by nation states, we have begun to see just how serious a threat cacking really is. Of course both of these groups of attacks  have greatly differing motives as well as means. Lulzsec, well, is doing it for the Lulz and the others such as nation states or criminal gangs, are doing it for political, financial, or personal gains. In this post I will cover all three groups and their motives as well as means.

Lulzsec:

Lulzsec is a splinter group of Anonymous who for all intents and purposes, have decided to carry out raids on any and all sites that they feel need their attention. This could be simply a process of finding the lowest hanging fruit and exploiting it or, there may be some further agenda that they have yet to explain fully. So far though, we have the simple explanation of “They are doing it for the Lulz”

Lulzsec really began their efforts with focusing their full attention on Sony Corp. Sony pissed them off by attempting to prosecute a coder/hacker/reverse engineer named GeoHotz. Geohotz managed to tinker with some Sony code and they went out of their way to try and destroy him. It’d be one thing if he was being malicious, but Geohotz was not.. Instead Sony was. This caused a great backlash in the hacker community against Sony, and though they came to an agreement with Geohotz, Lulzsec decided they needed some attention.

After numerous attacks on Sony that netted Lulzsec much data and showed just how poor Sony was at protecting their client data, Lulzsec decided to take their show on the road so to speak. They began their new campaign with “The Lulz Boat” which set sail for #fail as they say. Soon the Lulz were epic and the target scope began to open up. Lulzsec attacks began to show up on Pirate Bay as well as on pastebin where they would dump the data from their attacks and laugh at the targets poor security.

What once seemed to be revenge has now morphed into a free for all of potential piratical actions for unknown reasons by Lulzsec. Of late, they also seem to be profiting from their actions by donations of bitcoins as well as perhaps other help from the masses who enjoy their antics. It is hard to tell exactly what the agenda seems to be for Lulzsec as it is still evolving…

Meanwhile, their actions have risen the ire of not only the likes of Sony, but now the governments of the world as well as their law enforcement communities. Who knows how long it will be before they are collared or if they will be at all.

Nation State Actors:

The ‘Nation State Actors’ may well be the most sophisticated group here. Many of you likely have heard the term APT, and this group would be the core of the APT. Those nations that have the means to use assets at their disposal to make long term and concerted attacks against their targets. This is the real meaning of APT (Advanced Persistent Threats)

What we have seen in these last few months is either an escalation on their part, or, we are just now catching on to their attacks by actually paying attention to information security. I am not sure which it is really, but, I lean toward there being more attacks as the programs developed by certain countries have solidified and spun up. As you have seen here, I have made much mention of China as being the culprit in many of the attacks recently. I stand by that assessment, but one must not forget other countries like Russia or Israel for APT attacks.

This all of course is just a natural progression from the old school espionage with physical assets in the field to a digital remote attack vector. As we have gotten wired, so has the espionage game. In the case of the wired world, unfortunately, much of the security that would usually surround assets in the old days, are not put into place in the digital. Why is this? It could be a lack of understanding, or, it could also be that the technology has outpaced the security values that they require to protect the data within.

Either way, hacking/cracking has now become a tool of war as well as intelligence gathering. It’s just a fact of life today and unfortunately the vendors and users have not caught up on means to protect the assets properly.

Industrial Espionage:

This is where the APT, Lone crackers, Companies, and Nation States meet. All of these groups use hacking/cracking as a means to an end. In the case of nation states, they are often looking to steal IP from companies. Often times that IP happens to be from defense contractors. This is a dual use type of technology both for war as well as any technology taken could further their own in many other ways.

In today’s world, you have all of these players using attacks to steal data for themselves, or their masters. The recent attacks on Lockheed are just this, APT attacks, likely by China engaged to steal IP on military hardware and technologies to augment their own and compete not only on the battlefield but also economically.

Other attacks are likely un-noticed and carried out by single aggressors or small teams that hire themselves out for this purpose. These are the civilian equivalent of the nation state spies and often can be contracted by nation states or other companies to carry out the work. In fact, this has become a boutique niche for certain individuals and companies in the ‘private intelligence’ arena. For this type of actor, I suggest reading ‘Broker, Trader, Lawyer, Spy’

Criminal Gangs:

This brings me to the criminal gangs. These are most commonly from the Eastern Block (The former Soviet Union) and they too often work tacitly for the government. In the case of Russia, there is a large amount of governmental complicity with the gangs. This is because much of the Russian government is made up of Russian mob types or, are paid handsomely by them for complicity.

Much of the crimeware trojans out there are Russian (Ukraine) made and the money that they steal from their quick hits goes to the East. Just by looking at the news, you can see how many ATM skimming attacks have money mules hired by the Russians and how often the money makes its way there. An interesting convergence here is also the connection between the Chinese in some cases and the Russians working together. There was a spate of Russian run botnets that had Chinese involvement as well as Russian servers/sites showing up in China recently.

With the synergy of the Russian and the Chinese malware makers working together, we will have a level of attacks that will only escalate as they learn from each other and perfect their methods. Meanwhile, they are robbing places blind by stealing PII data to create identities with as well as just transferring large sums of money digitally from banks that lately seem to be getting off for not performing the due diligence of security on behalf of their clients.

When The Players All Meet:

It seems that in the end all of the players meet at the nexus of digital crime. Whether its stealing data for profit, or as an act of patriotism for a nation state, all of the players work within the same digital playground. As the technologies meet, so do the players and it is likely there will be bleeding together of means and opportunity.

In the case of Lulzsec, it has yet to be determined what they really are all about other than the laughs. As they were once a part of Anonymous, one might think they might have a political agenda, but they have said otherwise. However, some of their actions speak to a more political bent than anything else. The recent attack on the senate websites seems to belie at least some politics at play as they stated they didn’t like them very much.

More importantly though, it is the response by the nation states and their law enforcement groups that will be interesting. For groups like Lulzsec, they are now passing from the nuisance category into perceived enemies of the state. Once they start attacking government and military targets with their lulz, then they are likely to see a more hardened response from intelligence agencies as well as the likes of the FBI.

Once the laws and the enforcement agencies catch up with the technology, then we are going to see some interesting times…

K.

Follow

Get every new post delivered to your Inbox.

Join 140 other followers