(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Perilous Times

leave a comment »

Earlier today I posted a long thread, but I wanted to make a more cogent post for those of you not on Twitter. My tweet thread went something like this…

Militia site proposing and architecting the 4k militia action against the inauguration of Joe Biden and Kamala Harris

The events of January 6th, 2021, were I fear, just a prelude to an ongoing threat that will culminate in actions against not only the inauguration, but also across the country at capitols in most of the states. These actions, basically more insurgency and insurrections, will be a turning point for the United States more so than what has already taken place within the space of four years of Trump degradation to the values the Constitution upholds.

What I have been monitoring online in the open and places more dank, has been the first time since monitoring Islamic Jihad, that I have felt that we have finally reached a point where domestic terrorism was the larger threat to the nation than Islamic Jihad and all the various flavors of that there are. Specifically, since 9/11, I have never felt that internal forces could come close to wreaking the devastation that the 19 attackers did on September 11th, 2001. Now though, I am worried that the first skirmish at the Capitol of our Democracy, will not be the last, nor will it be the bloodiest.

The forces of the Alt-Right, are now, it seems, the totality of the Republican base, and within them are a melange of unstable individuals and groups:

We have the Qanon folks, who are outright paranoid delusional individuals or grifters, mostly though, they comprise of true believers with mental instability and ideations that lean toward violence when their world view is challenged.

We have the MAGAheads who also cross pollinate with the Qanon true believers as well. These are the people who are just drawn to the strongman in Trump.

We have the ProudBoys, who, well, are much more oriented toward hate and are often times bridges between Neo Nazism. The Nazis are all over the place too now in amongst the sheeple that are the MAGAheads and the Qanon’s, and they are something to really be concerned about.

What is really happening here is that as things play out, it is becoming increasingly clear in the Telegram channels for the NaziProudBoy set, is that they are planning on using the MAGAheads and the Qanon’s as cannon fodder in their own putsch for their own goals. These people have another more hate filled agenda and that is of the kind that you saw some in the crowd at the events on Capitol Hill. The kind who wear shirts like this and believe that eleven million Jews killed in the holocaust were not enough.

The net effect though, is that there are forces at work in the open at first, but now scattering to the darker parts of the internet, plotting and planning actively, another series of attacks because they have been empowered to do so by the likes of MAGA and Qanon. This canon fodder, are their diversion to carry out more focused and dangerous attacks like what was attempted at the Capitol. They failed last time, but only just, and now, if they can rally their canon fodder along with Trump, then they will have another few bites at the apple.

Also, if they succeed, even marginally, then they will be empowered further in recruiting and planning for more later on down the road. All of us should be concerned by this, just as much as you should be concerned in how many of these people of like mind, already sit within the government, military, and police forces of the United States.

As the date approaches for the next insurrection, we should all concern ourselves with idea that Washington DC and in fact many places in the United States (e.g. capitols, state buildings, federal buildings as well as corporate buildings) may become the new American Kabul or Palestine. With fighting in the streets by pseudo guerilla forces of Trump America. They will plan all their actions in private chat rooms on Gab and Telegram, or create new venues that likely will rely on services from places like Russia, where they will not deplatformed, because these sites and these forces, plotting and acting out, are a boon to Putin.

As if this all wasn’t bad enough, last night the Joint Chiefs felt moved to put out a statement memorandum admonishing sedition and re-iterating that the military is not a political body and that their directive was to protect the Constitution and the people. The fact that they had to say this in this way, is a troubling thing and we all should be concerned about just how many in the military and other forces like the police, are in fact believers in Trump and these other doctrines being put out there by Qanon, Alt-Right, Nazi’s and Proudboys.

One of the biggest concerns out there that you all should be aware of, is just how much sway someone like Flynn might have on these same people. Also, just how many connections and loyalties he may still have, as he is now the titular leader of Qanon, the public face of Q, a man in the “know” as he was in the IC proper and held a high position.

Here he is before the insurrection at the capitol, basically pointing at the stadium seats and saying “go for it, I got your back and Q has all the answers as well as Trump” This is a dangerous man, who is now free to carry out Trump’s and his own grifter agenda after being pardoned by his master. This man, who worked as an agent of Turkey, willing to rendition a US citizen to the Turks for money.

We are through the looking glass ,people.

Be afraid, because if Trump continues to be a chaotic and psychotic force, whipping these people up, we will be seeing more of this in the coming years. Unless the states that have criminal cases against him act, we will not see the last of Trump. Without him being charged and perhaps incarcerated, he will continue on this path and it seems, attempt to run for high office again.

This will not end well.

Keep your wits about you.


Written by Krypt3ia

2021/01/13 at 12:50

Posted in Uncategorized

Supply Chain Attacks and Nation State Pwnage: A Primer

leave a comment »

I've seen things, you people, wouldn't believe....

Last Sunday night, while I was lounging on the couch watching some British Bake Off, I got word of the Solar Winds supply chain hack. After kicking back the last of my whiskey, I immediately got on the phone to start IR at work, cuz, yep, we have Solar Winds too.

Who’da thunk it?

Anyway, three days of IR stuff later, I am here to blog on the meanings for the muggles out there after having a conversation with a reporter on what it all meant. The reporter asked me about a tweet that was put out by Richard Blumenthal about needing to know more about this evolving hack and fallout thereof.

While I think that Dick is being a bit hyperbolic here, I also can tell you, gentle reader, that there is a lot to in fact be worried about regarding this instance of adversarial activity (most likely Russia’s APT29 Sluzhba vneshney razvedki Rossiyskoy /SVR group) which managed to break into a system application that many in the government, military, and corporations still run to manage their network.

This system is so prevalent in the space, that even in my environment, we still had it running and man, I thought we had made it go away long ago. So, you might be wondering what does Solar Winds really do? Well, glad you asked, it is a series of applications that help you maintain your large networks.

As you can see from the graphic from their site, the companies software performs a lot of management and monitoring capabilities within a network of individual systems. Servers, routers, databases, service desk applications, resource monitoring, network configuration, and security management. Now, you might be saying; “Ok, well, those are a lot of things that this stuff does, but, what does that mean security wise if the application (Orion) is compromised?” and that is a good question, the primary one I want you to comprehend if you are not in tech or security of the tech. What this means, is that this program suite by SolarWinds, is the ‘skeleton key’ now to a host of around 33k companies/networks that downloaded the tampered with update. This could affect around 300k clients in all, should there be more tampering or vulnerabilities exploited by the adversary now that they have the code base (assuming here) after they spent all that time inside SolarWinds systems.

So, we have a rather prevalent application suite that usually functions on a level of administrative access to do the very things it is bought to do. This means, that the Orion system contains ALL of your admin passwords up to and including domain administrator and enterprise administrator. What does this mean? It means that once the adversary had control over the Orion system, they had control over EVERYTHING that that system touched as well as now, if it did not have direct control, the passwords that would allow access within a network running this compromised system, are in the hands of the enemy.

Put simply, the adversary, has control over pretty much everything you own. They can log in, take data, manipulate data, and in the most extreme, burn your network down using other malware like a wiper or ransomware to do it. All of this, while you may not see the activity because everything is using credentials that are admin level and authenticated on your network. This is why it was so hard to detect this attack and to stop it and why they were inside the systems for so long.

Ok, so, what does that mean from the perspective of damage and about what groups the adversary hit? Well, so far, we know that the following entities were hit in this supply chain attack(s)

  • Department of Homeland Security
  • FireEye
  • Treasury
  • Commerce
  • The National Security Council

These are all either government agencies or companies that handle a lot of government contracts, so you can kind of get a sense of what it means. However, let me expand on this, DHS and the NSC alone is a treasure trove for the Russians to gather all kinds of unclassified/classified data that they would want. Not only that, but, if you own the Orion systems in places like that, and that systems is in fact running in the CLASSIFIED space, then you have broached into the CLASSIFIED networks of things like NIPRNET and SIPRNET as well probably JWICS.

What does this mean? Lemme put it into internet vernacular for you;

This could be spectacularly bad. This is why so many are freaked out about this supply chain attack and the incident responses are all going on 24×7 now. It has yet to really be determined (at least publicly) how long the adversaries were inside these networks, but, I am going to assume that it was a long time, and a lot of damage has been done. Now all these places have to clean up the mess, re-set their networks and rebuild so that this cannot happen again. Then they have to assess the real damage to our security and perhaps someday give testimony in congress about it.

Now, about the other entities, these are the reasons that this hack is bad;

  • FireEye: They do all the pentesting and security work for many of the same orgs as well as incident response. If they were owned as hard as we think, well, there is a lot of data that the adversaries could use on top of using all the tools they stole from them.
  • Treasury, well, money right? Plans? Routes? All things monetary that the adversaries could use to mess with the united states up to and including theft of large sums of money potentially.
  • Commerce as well, plans and other details that they could use against the US financially internally as well as globally.

Time will tell just how many other orgs got hit and may in fact have had data lost to the attackers. Also, do not forget the potential for further logic bombs out there that might be placed by the actor as well for future fun. Of course I have been hearing stories about power and water companies and systems being affected by this as well. All in all, it could be very bad for us all, and places us in our back foot most solidly globally.

One other aspect here, and this is highly speculative, but, what other secret orgs had connections to others with Orion? What orgs themselves in the secret spaces like FireEye, had the same software as well? What classified intelligence has been lost here?

Let that sink in…

Also, on the critical infrastructure end, I am not worried that the power will go off nationally, but, the Russians could mount more, and working attacks against regions with the right kind of access vis a vis this kind of hack.

Think about that too.

Gotta hand it to the Russians man, they play a good long game. Expect to be hearing about fallout on this for quite a long time. If you want to kind of get a sense of the scope of this, I would recommend watching “Sneakers” the whole McGuffin of the movie is the little black box that the mathematician created that decrypts all the things. This hack is kinda like that. With one box, the Russians decrypted EVERYTHING and then, like the Grinch, took it all up the chimney.


Here’s a reading list too for you all to follow along with:

Post Script:

Someone put out a tweet earlier that is very prescient;

This is an important context to have. Russia has used Ukraine as their down range test bed. If you remember back to NotPetya, you can see this exact supply chain attack cycle being leveraged there first, and tested. The Russians are old hands at this now.

Not Petya:

Written by Krypt3ia

2020/12/16 at 18:47

Enemies of The People: An Information Operation

leave a comment »

Yesterday, I saw an article on the news wire that had Krebs lawyer mention a site (enemiesofthepeople) and decided to do a little looking. Going down the rabbit hole, I used Google Domains to do some searches to see what iterations of the site were already taken and found a list of sites that I began investigating. Once I located the main site, it became clear that the creators had also taken out a bunch of sites to post the same content and and were actively putting them online even as I was digging.

The sites are registered all over the place, including non domain named sites in Russia and Germany as well as a domain in Singapore and a presence in the darknet. Many of them are behind DoS protection with CloudFlare, and all are hosting the exact same content. The content is in fact the personal details of people that these actors are seeing as “enemies of the state” including Chris Krebs, Gretchen Witmer, and others in the government (state and federal) that they deem need to be assassinated.

The site also has a host of social media outlets including a now defunct Twitter account and a VK, as well as Gab and of course, Parler. In taking a more nuanced look at all of the domain data and links, I have come to the conclusion that this is probably an information operation, but the question is, by who? The domain data is littered with Russian addresses, names, and email addresses for Yandex, but, nothing in all of this data has shown to me a slip up, instead, this is all deliberate and methodical. A means to an end to make this look like, for all intents and purposes, this is Russia’s GRU putting this out on the net to cause a stir, and to enthuse the Trump/Alt-Right base to talk to each other directly about the “”next steps” post SCOTUS denial of the case to overturn the election in favor of Trump. This also tracks with the timing of the postings of these sites as we JUST heard last night that SCOTUS denied the case in a one sentence ruling in thirty four minutes.

Details of Domains:

pcp6uxkzhavhxnwb.onion —> Clearnet gateway to access onion —-> Hosted on monovm VPS/Hosting
SUB DOMAINS: —>Ties to AZ movement and had it’s own site on WayBack

Non Domain Named Sites: —>Russia Hosting —> Russia Hosting

Email addresses:

Domain contacts:
Kulkov Ei

Social Media Links:


As I said above, so far, the searches I have done show no real mistakes that would lead to the real people behind the sites, and that is going to have to come from the FBI getting warrants on the US entities (the .us domains and the sub domains likely will bear fruit) and track how the domains were paid for. Much of the other data gleaned from email addresses and names listed are pretty much dead ends on a cursory evaluation of them. Which, once again, leads me to believe that someone really wants you to think that this is Russia, but their tradecraft has been too good so far to make me think that these sites are all the work of the would be Trump acolytes, who for the most part, have shown themselves to not be tacticians.

I have yet to log into the social media sites, but I did look at the VK and it is brand new with no followers I could see. Overall though, this is something I will keep an eye on to see what develops and will report what I see when I see it.

For now though, the information operation is afoot, and, from what I have seen in chatter elsewhere, this will be a moth to the flame kind of thing for the more idiotic of the Trumplings. Here’s hoping that they all get rounded up for plotting assassinations and captures like the idiots who went after Witmer a while back.


Post Script:

They also just added a jpg file of an alleged “SECRET” memo that alleges that Krebs (who ostensibly wrote and signed this document) stating that there was a hack that happened on the election systems from Dominion. This is a pretty bad attempt, and because they did not even take the time to fake up a PDF file, I am gonna just say they may be getting a little more desparate…


Since wordpress is a fucking hot mess on editing, I lost some stuff so here it is again…

The sites keep getting updated with names and bios to attack now including Chris Wray

Meanwhile, the sites have started soliciting for Bitcoin with a wallet that at last check had about 6K in it and was zeroed out recently:

I also started a Maltego mapping session on the sites and all data:

Bitcoin transactions:

Written by Krypt3ia

2020/12/12 at 17:03

72 Days

leave a comment »

While everyone is still elated by the defeat of Donald Trump in the election that just ended, I would like to caution you all and temper that elation with some gaming out of what may yet still happen. While it is ok to be happy with this outcome, and to celebrate it, please also take a moment to consider that Trump is still in office for another 72 days.

In those 72 days, Trump may well wreak havoc with our system as much as possible out of spite, but, more likely will start to work on covering up all his crimes by a slew of pardons, which, may also include himself. So in that vein of thought, I would like to outline some potential actions Trump might take in the next 72 days that you should all contemplate as we move towards his possible physical removal from the White House.

  • Trump is likely to leave the White House in the near future and head to his lair, uh, I mean, Mar-A-Lago, where he will stew about the loss that he is not able to really confront, because he is a malignant narcissistic psychopath. There will be turns of rage and depression that will alternately seize him and in those moments of rage, he will either act out, or hatch plots to punish us all. It is more likely though, we will see a period of inactivity from Trump as he processes this. It is called “Checking Out” and in that time we have some breathing space.
  • Trump’s people will start to flee the sinking ship for the most part. There will be others who will double down. Most will though, be seeking other jobs (as some already I have heard have begun to do so) and begin the process of disengaging.
  • Trump’s MAGA minions will also be mimicking the soon to be former president and processing the loss. They too will go through the same stages and likely will also be doubling down in their disinformation bubbles. These people will not be going away, and much like Jihadist movements, will just re-tool their process, and we must be vigilant about this. We have already seen a shift in messaging platforms, and we are likely to see them go quiet for a while, but make no mistake, they are not inactive, they are planning, re-grouping.
  • In that time of re-tooling the message, we will see them double down on the conspiracies and, pardon the vernacular, “butthurt”, which will only intensify as the Biden Administration takes over and starts, in particular, to undo the damage that Trump has done these last four years. Also as its is looking at present, Biden will have to make numerous changes by using the same power that Trump did to undo the damage (Executive Orders) because the Senate will, unfortunately, be still controlled by the Republicans and Mitch McConnell, who will block him at every step. This will be twisted in the disinformation rhetoric as an abuse of power.
  • Likely Trump actions once he returns to the White House are the following:
    • Pardons for:
      • Roger Stone
      • Paul Manafort
      • Presumtive Pardon: Ivanka
      • Presumtive Pardon: Jared
      • Presumtive Pardon: Stephen Miller
      • Presumtive Pardon:Bannon
      • Presumtive Pardon: Donald J. Trump
      • Presumtive Pardon: Rudy Giuliani
      • Michael Flynn
      • Basically anyone in his orbit he wants to pardon to protect himself from being flipped on. His inner cricle, watch them.

Of course it is hard to prognosticate every move that this unhinged president might take, but, here are some possible actions that should worry you all.

  • Use of the war powers act to create chaos and perhaps burnish his image. This could mean unilateral actions using the military on places like Iran.
  • More executive orders that would help himself and his cronies after the presidency is over, gifts if you may, to his many “donors”
  • Attempts to manipulate Barr into rigging things so that any and all Federal, and perhaps State level cases against him are sabotaged.
  • Trump may trade on his knowledge of secrets with foreign powers as play for pay. The soon to be former president is an easy mark for espionage adversaries, but, also may be willing to trade in order to secure his future state. (Think Edrogan and Turkey interference with the courts)
  • Trump may seek to secure future political capital with those who are aligned with him in the government today. This may include the aforementioned pardons, but also deals to lay possible future plans of a comeback, or, more to the point, line up Jr. for a run in 2024.

These are just a few possible actions on Trump’s part that could take place in the next 72 days. I also suspect that we will not see Trump just fade off into the Mar-A-Lago sunset. He will take some time, and then he will begin his push to continue his “legacy” as he will still be seeing it all as he was “cheated” out of the presidency in 2020. One of the more likely scenarios I see, is that he will align himself with OAN and use it as his new Fox news propaganda outlet.

We will just have to see how much of the limelight he is allowed by the media in general, and the populace though. But, you must know, that his malignant narcissism will not allow him to just go into his bunker of seclusion like an orange Hitler. He will take some time to stew, but he will be back, and so will his brood and followers.

This isn’t over for him or them.

Biden, in the process of undoing all the damage that Trump has done, after removing all his “yes” men and women will also have to help create laws where “norms” were the standard. We have seen how someone like Trump can abuse the systems of power, without any kind of firewall to protect the republic, and nearly bring it down. Biden will also have to work with the DOJ, FBI, Homeland Security, and other organs of the state to monitor the MAGA/Alt-Right groups to insure that they stop them before they potentially activate and cause real harm to people as well. In this, I mean that they may in fact act just like many Jihadi’s and hope to start the civil war that they so desperately seem to want.

So, while I am happy with the outcome here, and feel better about things, I also know that this is not over. Be aware too, that this is not over. We have a lot of work to do to repair the government, the nation, and the stature of this country ahead of us.

This is no time to relax, there is work to do. Let’s make sure it gets done.


Written by Krypt3ia

2020/11/08 at 16:06

Posted in 2020

The Biden October Surprise is Here

leave a comment »

This morning I was pinged by someone after seeing a Tweet that went by on my feed from Maggie Haberman (NYT) linking a lurid New York Post story claiming the smoking gun has been found on Hunter Biden.

This story is riddled with holes and innuendo but, may have some kernels of truth. But all a good disinformation warrior needs to carry out a disinformation campaign, is that Russian formula of 80/20 disinformation to real information, so this story certainly fits that model. The story line thus far, is that some unnamed computer repair store owner received a mac laptop for repair in April of 2019.

The customer who brought in the water-damaged MacBook Pro for repair never paid for the service or retrieved it or a hard drive on which its contents were stored, according to the shop owner, who said he tried repeatedly to contact the client.

The shop owner couldn’t positively identify the customer as Hunter Biden, but said the laptop bore a sticker from the Beau Biden Foundation, named after Hunter’s late brother and former Delaware attorney general.

NY Post 10/14/2020

So, yeah, a laptop of uncertain provenance, in the hands of an anonymous computer repair guy, say’s he found incriminating data on the hard drive, and it was subsequently taken by the FBI. Of course the laptop, who brought it in, and who it belonged to are all quite unknown as the anonymous computer guy fails to give any details such as he should have, ya know, like a reciept or a write up of who it belonged to and at least the number he tried to call right?

Say, while we are at this point, would you like to buy a bridge I have for sale? Perhaps a nice piece of swamp land in Florida maybe? Going cheap!

But, I digress… Anywho, yeah, this guy only thinks that this could be Hunter Biden because there is a Beau Biden sticker for the charitable orginization that was set up after his death. Pay no never mind to the fact that this alleged computer repair guy had the WHOLE HARD DRIVE to access and he couldn’t maybe tell who it belonged to just by looking say at the documents folder?


So, yeah, this anonymous guy somehow see’s some nefarious emails (OH LOOK, HE’S IN THE EMAILS ON THE HARD DRIVE AND STILL DOESN’T KNOW WHO THE LAPTOP BELONGS TO?) from Vadim Pozharskyi and BOOM we have the coverup of the century! But wait, it gets better. So this guy calls the FBI and then makes a copy of the hard drive and passes that ILLEGALLY to Rudy Giuliani’s lawyer?

But before turning over the gear, the shop owner says, he made a copy of the hard drive and later gave it to former Mayor Rudy Giuliani’s lawyer, Robert Costello.

Steve Bannon, former adviser to President Trump, told The Post about the existence of the hard drive in late September and Giuliani provided The Post with a copy of it on Sunday.

New York Post 10.14.2020

Wow! That’s some epic shit right there! So, are your spidey senses tingling too? Cuz mine are just screaming here. What’s more is that all this began only on the NY Post, in an “exclusive” which means the Post is all in for Trump it seems. That aside, I also had to ask myself why Maggie Haberman was flogging this on Twitter (pssst hey NYT, what the fuck?) without as much as a howdy do on doing any leg work to rebut these allegations. Anyway, if you look further into the article though, you see some screen shots of things like the alleged email from Burisma and photo’s alleged to be of Hunter Biden (from the hard drive? It is not clear) along with a nice picture of the alleged subpoena that was served to the computer store guy that has been “redacted” according to the naming of the file.


Of course this alleged picture has a few issues. First of all, no court case number is conveniently there to look up. Of course no name of the person to be deposed, and then there is the EXIF data that they conveniently left in the photo for people like me to find…

This photo was shot on an iPhone and it has the geolocation still in it. Once you extrapolate that, you get a tavern in Delaware where the photo was snapped.

So, someone with an iPhone took a picture of an allegedly redacted grand jury subpoena in Jessop’s Tavern on January 11th 2020. And this is just popping up now, in October 2020, conveniently a couple weeks from the election of a century… Right… Oh, and there are a couple of Mac specialists with in easy drive of this tavern, so, it may be possible to guess who it may be.

So far, this story has only been getting traction on Fox and Bloomberg other than being on fire, then quickly put out by removal by Facebook. A removal mind you, that has many people in the Trump camp gnashing their teeth about, boo hoo. I would expect this story to get more traction though as I have already seen on Fox one Senator demanding more information from the now defunct Barr/Durham investigation that managed to charge no one with a crime.

Convenient eh?

Lastly, let me just say this, all of this story screams no chain of custody, and a large probability of tampering, hacking, disinformation creation and propagation by forces yet to be seen. The rest of the photos in the story on the post all lack any EXIF/Metadata, which is kinda suspicious, so there is that too. I would not put it past Russian assets and the Trump camp from being central to the creation, curating, and release of this disinfo campaign against Biden now for fullest effect.

I don’t buy it, and neither should you.


Written by Krypt3ia

2020/10/14 at 19:15

Posted in Uncategorized


leave a comment »

Written by Krypt3ia

2020/09/30 at 16:57

Posted in 2020, Elections

Dickson Yeo: International Man of Mystery *giggle*

leave a comment »

I recently went on Blogs of War: Covert Contact and talked with John about online OPSEC and social media. In the process of prepping for the podcast, I went and looked up the stories about LinkedIN being used as a means for Chinese espionage. I had often written about this in the past, and in fact had specifically talked about LinkedIN and how much people over share there. Well, I was given a small surprise when I did, It turns out ‘Dickson Yeo‘, the guy arrested by the feds recently, was someone on my LinkedIN. I remember him as being someone I held at arms length and thought that this account was probably a cutout. Turns out I was right. Full disclosure, he messaged me a few times about posts I had made here and complimented me, but, like I said, and many of you who know me personally, I am not so much a cuddly guy, so he went on his way. Of course later on I was banned from LinkedIN anyway (no I still don’t know why, they would not tell me) so, yeah…. You can hear more on the story and on LinkedIN and our oversharing here on;

Blogs of War Covert Contact: Avoiding Your Own October Surprise


Written by Krypt3ia

2020/08/02 at 19:34

Posted in Espionage, OPSEC, OSINT

SAR-CoV-2 COVID19 Twitter Thread

leave a comment »

Since my account is locked… Twitter thread on SARS-CoV-2/COVID-19

Link to paper on SARS-CoV-2 TTL’s for aerosol and surfaces HERE

Written by Krypt3ia

2020/03/12 at 12:50

Posted in COVID19

Pandemic Threat Intelligence and Response Briefing For Executives: Planning For INFOSEC/Supply Chain/Continuity

leave a comment »

Johns Hopkins COVID-19 Heat Map Tracking

Threat Intel:

SARS-CoV-2 has been exponentially spreading within the global community and the effects of the virus and its attendant disease (COVID-19) are rapidly causing shocks within the global community. The affects of the pandemic are far reaching, we have seen the strain on the global supply chain as China fell into the height of the pandemic with supply chains being diminished or broken outright. As such, as the virus spreads, it is important to consider the threat space to the security and function of your organization due to loss of these supply chains as well as work forces within and without. As the spread of this disease continues, expect more supply chain degradation if not complete failures for some amount of time as the quarantines commence and play out.

As such, here are some basic questions to consider for your organizations security and continuity both as a whole and as separate functions such as the security of your networks. Use this document to spark discussions around the security response as well as the larger continuity and integrity of the whole as we are affected by this pandemic. These scenarios may not actually come to pass, but, as a security body, it is our job to forecast eventualities and the responses to them that might be needed to continue the function of the org.

Executive Briefing:

With the outbreak of SARS-CoV-2 and it’s resultant COVID-19 (syndrome from infection) we have been seeing the arc of this outbreak becoming a global pandemic. With that in mind, it is advantageous to start planning for the effects from this pandemic on the businesses that you are responsible for. In this assessment, we will be taking a look primarily at the CIA Triad of the response but not just on a data security level, but, at an expanded outlook on the security, continuity, and supply chains that make up the the CIA triad. All of these affect the security of your organizations as well as the basic functionality of your business.

With this in mind, it is important to look to the effects of the pandemic projecting out from initial outbreak to pandemic globally and how that will affect your business. Primarily the effects can be broken down into these discreet areas of concern:

  1. Supply chains: What supply chains will be affected that will impact your business model?
    • Human capital, how many people does it take to function properly if the work force is down from COVID-19
      • What are your tolerances on head count?
      • What contingencies do you have if work force is depleted due to sickness and quarantine?
      • Where are your single points of failure in the knowledge base were these assets to be sick and quarantined?
    • Supplies on demand that go into making your product; How much tolerance do you have for supply chains breaking?
      • What regions do your supplies come from?
      • Are they affected now?
      • Plan for pandemic loss of work forces and how long you can function without supplies or with less

2.) Infrastructure Capacities: What tolerance does your network have to expanded remote working capabilities?

    • With a workforce that may be in social isolation mode, what is the capacity for your company to allow people to work from home?
      • People will self quarantine if they become ill
      • Children may be home as schools and day care shut down in order to prevent spread of disease
      • The state and federal government may recommend that people stay home and isolate to stop spread
      • In a protracted scenario of isolation and potential re-infection, what are your projections on your organizations ability to function?

3.)  Information Security Events and Response: With a global pandemic, the same draw down on work forces will also apply to MSP’s (SOC) workers as well

    • With automation today much of the function of a SIEM/SOC is canned response, but, there is always a need for human intervention, who handles your response?
      • During the time of pandemic and response, if your team is depleted due to sickness or quarantine procedures, what is your contingency for response?
      • During the time of pandemic and response, the same applies to your SIEM/SOC solutions that you pay for if you do not have it in house, what is their contingency?
      • If you have a true incident in your environment, how will you handle it if the primary incident handlers are unavailable?
      • Do you have a service you work with?

All of these questions should be addressed going into an event like the one that is playing out globally with the SARS-CoV-2 (COVID-19) pandemic today. It is recommended that the executive suite be briefed on these questions and assure that these possible eventualities can be answered by the organization to insure the continuity of the org. Other elements of this narrative also come to bear on scenarios in others areas such as infrastructure, and overall output of whatever your organizations products are, but these are a good set of questions for the security element to bring to the executive suite to have the initial discussions.

As such, use this document accordingly.

PDF format of this post here

Written by Krypt3ia

2020/03/02 at 14:38

A Wade Through The COVID-19 Disinformation On The Internet

leave a comment »

*Puts on BSL-IV positive pressure suit*

Right, some folks on the internet wanted a post about the disinformation around the Coronavirus (COVID-19 or SARS-CoV-2) and I had been looking around a bit anyway, so I decided to go a little deeper. First, let me say that there is some straight up crazy out there that is being propagated by the crazies in the world and the grifters, but, there is some real dangerous stuff as well. The gamut of the disinformation that I have seen thus far ranges from nation state to would be snake oil salesman who, a century ago, would be selling their shit off the back of a covered wagon to rubes in small towns. It is only by the fact of modern technology that these people now have a far wider and on the whole, gullible audience to purvey their brands of crazy.


So yeah, the range of things runs from guys making face masks to protect themselves from COVID19 by placing bikini underwear over their heads (as seen above) to outright grifter operations like the pastor and his peeps selling colloidal silver as the cure for Coronavirus. This virus has been a boon to many others than just our pal Mr. Bakker here seen below. A lot more within the religious space have grasped on to other crazy cures like Red Onions and prayer as well. I found a slew of posts on YouTube, Facebook, and Twitter alone to keep one busy for weeks looking into all the claims of a cure. In fact, you all should check out the hashtags of #CoronaCure, #COVID29Cure, and the like. You will see a lot.




Others still though, are offering prophylaxis for the COVID19 pandemic like this guy selling “Bane” style face masks to stop you from getting infected. This mask could in fact be something that might be helpful, but, the only true mask that will help is the N95 mask that the doctors wear to prevent such transmission from happening not only when they wear them to stop things getting in, but also, and more to the point, for patients to wear so they do not spread the disease as easily through aerosol transmissions like breathing, sputum, and sneezing. It is most likely that this guys Bane mask is not the N95 filtering so yeah, you might look and sound like Bane, but you are more likely to get the COVID19.. While looking all cool and shit.


On the spectrum of political and Nation State sponsored disinformation about the COVID-19 pandemic, we have a range of people and countries with varying reasons for dis-informing the public about the pandemic. I will break these down into groups for you and reasons:

1) HongKong:

HongKong folks have a few reasons to disinform about this as well as present the real truths that the Chinese government does not want the outside world to know about. In the case of these YouTube videos I found, the disinformation is interspersed with real video coming out of Wuhan province that paints the Chinese leadership in a very poor light in their response to these events. It has come to pass that the Chinese officials have tried to keep a lid on the outbreak from the start, lying and obfuscating about the dire nature of the problem in Wuhan and in Hubei, but, this guy is just going all out with the Xi mask to promote all kinds of theories, including, yes, you guessed it, that the COVID-19 was in fact released from a bioweapons facility in Wuhan province.



2: Ex Pats With An Axe to Grind:

One site that stood out from a Twitter feed tied to disinformation on the outbreak was the G-News site. This site is chock full of the crazy and is put up by a Chinese ex pat who now lives in Emirates because he ran into some legal trouble in China. Miles Guo aka Guo Wengui, is funny to watch. He tries to present himself as an authority and insert himself in images like he is on with Bannon and the link, but in reality he isn’t a name you see on the news that often as far as I can tell. His axe to grind with China here is obviously why he is throwing in with Bannon and others putting out disinformation on the pandemic and about China in general.



3) Russia and Putin:

Oh Pooty, you love COVID19 long time. It is of course within the interest set for Putin and Russia to hit hard on the COVID19 situation as well. The advantages that they reap in wholesale division and fear on this one must be a priority just under the whole 2020 race as far as I am concerned. Of course, their mission will be to insert narratives into the 2020 election and against the candidates as agitprop to get Trump another four years in office. I am already seeing a setup on this that I will discuss further down the post. As it stands now, the bot activity has been ramping up on the hashtags for #COVID19 as well as #COVID19Bioweapon so keep your eyes peeled for narrative as well.


4) Trump and His Disinformation Forces:

Speaking of Trump and his disinformers… Trumps minions are now spinning up including Bannon and Rush, taking differing approaches to the whole affair. While I have not been able to stomach watching Bannon for more than a couple minutes, you can see he has a whole “war room” setup on YouTube where he has one of our pals Miles Kwok, or Miles Guo, or whatever name he chooses to use on the cast to throw out the disinformation about the pandemic. Guo, as you may remember above, has whole cloth claims on his site that the whole incident is from a leaked bioweapon in Wuhan, so, yeah…

On top of Bannon we have our pal Rush. Yes, Rush motherfucking Medal of Fucking Freedom Limbaugh as of two days ago began selling the idea to the morons that listen to him, that the COVID19 pandemic is in fact a putsch by China leaking a bioweapon against Trump. What’s even more holy what the actual fuck, is that he claims it was by the Democrats.


What is the most fucked up thing is that I know there are fuckwits out there who will now believe this shit.


5) The QAnon Conspiracy:

You didn’t think that those whacky QAnon’s would not add this whole COVID19 thing to their repertoire right? Welp, they have, and I suspect now that Rush has made his stand on that hill of disinfo, the QAnon’s will only ramp up from what I already saw on Twitter and Discord. Their spin of course is that it is a bioweapon as well. They also seem to be going on a bent about a conspiracy with the Jews again… These people need to get lives. One of the more interesting angles though is this whole “dead scientists” thing they have going. They also were making hay about the Chinese scientists who were arrested in Canada was it? Yeah, well, keep an eye out for more crazy over COVID19 out of them too.




Fucking Rush….

6) Rando Twitter Feeds and Trollbots:

Right, now the whole Twitter thing is crazy as usual, but, there is one account that I wanted to call out on the COVID19 disinformation crazy train. That account primarily is the @howroute account. This alleged comedian, actor, filmmaker, is none of those things. In fact, the only thing that seems to check out is the name Max as being one spelling of his real name, Maksym. Reporters have been following this guy’s disinformation on Twitter for some time now. This account has been putting out blatant disinformation around the pandemic for quite a while now, and though people have called him on it nothing has stopped him. In fact, his follower count has risen since I first became aware of him by the thousands. He went from nothing to nearly 50k followers since he started this whole disinformation campaign. All that is known at present is that Maksym is in America, he was born in Ukraine, attended university there, and then came to the states by information gleaned from the internet. Perhaps there are monetary goals here, maybe there is more, but this guy works in tech and lives in Washington state.




7) Lastly, our Favorite, Alex, YOU’RE TURNING THE FROGS GAY! Jones:

Alex, baby, you are one whackadoo guy looking to make a buck. Alex has as usual, been all over the bioweapon angle of the whole pandemic. Of course now with Rush and his fuckery, the two combined likely will be infecting the Fox news cycle too soon enough. In fact, the advent of Tom Cottonhead getting in on the whole thing shows just how fucked up things portend to be in the near future as things get hot. Cotton went on the news to say that he wanted more proof around the whole bioweapon leak and I am sure, will be bringing this up in the Senate as well.

Jesus fuck.

My one real questions is just how long it will be before Alex gets in on those sweet sweet colloidal silver dollars?




Well, there you have it kids. Make sure you get yourselves into the DECONTAMINATION UNIT as soon as you finish reading this post! I just brought you a smattering of the whole disinformation pie here. You can go look for yourselves if you like. I am going to go take a very long hot shower in lye and resume the whiskey intake as my prophylaxis against COVID19 and COVID19 Disinfo.




Written by Krypt3ia

2020/02/27 at 20:47

Posted in Disinformation