Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

My new line of INFOSEC T-Shirts from “Everything Is Bad”

leave a comment »

Written by Krypt3ia

2016/02/12 at 15:11

Posted in Infosec

Actors Keynoting RSA… REALLY?

with one comment

alec-baldwin-team-america

 

I have been taking a mental break of late and perhaps I have been silent long enough or perhaps, maybe more to the point, this news sent me into a fugue of disbelief and bile over the fact that we now have actors speaking at security cons. No, you heard me right gentle reader, we now have actors speaking about security at security conferences post Sony’s hack.

That’s right folks, we now have actors like Alec Baldwin talking about how Hollywood had a “cooling” after Sony got hacked. How rights are being assailed in privacy and how the bad bad nation state hackers dropped a cyber deuce on us all because we now learned just how the Hollywood sausage is made. Poor Hollywood and poor poor Alec and others who had to change their AOL addresses!

The. HORROR!

It gets worse though, not only have we had Alec speaking about how horrible the Sony hack was but also Kevin Spacey as well speaking at the Davos fourm about cyber security.

*blink*

No the fuck way!

What the holy fuck are actors doing at Davos anyway? What the shit is this fuckery? I am so tired of seeing allegedly important people (actors) talking about things that have much more meaning than play acting on screen for lots and lots of money to entertain us. This is outright stupidity people and for RSA to buy into this shit even more for “star power” really offends me.

But wait it gets worse! RSA 2016 has the stars of CSI CYBER doing a panel! What the shit? Reallly? You are going to tell me that these actors have anything the fuck to say about the realities of vulnerabilities and the intricacies of security issues? I give up. Fuck you RSA for your feckless pandering for the almighty dollars. You truly remind me now of a played out stripper working it hard to a bored crowd. I am not giving you one fucking dollar for your gyrations.

Screen Shot 2016-01-28 at 2.31.47 PM

So back to the issue of Actors talking about computer security post Sony. How about these pompous asshats mention the fact that not only were they using crappy addresses and are self proclaimed “Luddites” but also that Sony was a company with one of the worst security records out there to start? How about you self righteous fuckers mention that Sony’s emails showed a large amount of fuckery on the parts of execs and stars that truly lifted the dress a bit and showed their true colours?

Perhaps RSA should go to Wikileaks and read through the emails. Sony is a big company rife with backdoor deals, catty behavior, and a solid record of fucking over women in salaries over men. So fuck you Spacey and Alec and the rest of you trying to be relevant and accepting speaking fee’s from fuckers like RSA. You have no business being in front of us and that goes doubly so for anyone representing CBS and the fucking pile of crap CSI cyber.

Cut it out you abhorrent self important swine.

K.

Written by Krypt3ia

2016/01/29 at 02:30

Posted in JESUS FUCK

with one comment

RCA_Indian_Head_test_pattern

Written by Krypt3ia

2015/12/10 at 12:31

Posted in Uncategorized

THE 2015 FULL SPECTRUM CYBER DOUCHERY KRAMPUS LIST!

leave a comment »

KrampusFIRE3

WELP, another year is almost gone and Krampus has been sharpening his bundle of switches to beat all the bad cyber security folks this year. Krampus has been really really really inundated with names for 2015 and in his magnanimous ways has decided to allow you to see ALL of this years list to give you the full scope of the asshattery and FULL SPECTRUM CYBER DOUCHERY!

Feast your eyes dear reader upon the uber list of names given to Krampus this year!

See you at the bottom there for special mentions!

The List: An anonymous list provided by the community. Krampus’ personal list is below this.

Hacking Team
@dcgomez1 STAY IN YOUR LANE!
@PixalateInc A bogus malware claim and no IOCs to back it up. FUCKERY!
@puellavenerata (sp?) Tor dev. A raging lunatic, yet Tor Project t keeps employing her crazy ass.
Adrian Crenshaw He needs to shut up and do his job. Fucking drama.
Adrian Krenshaw Sexist douche and doesn’t realize it, but everyone loves, so s’all good
ALL OF US
Aloria Narcissistic drama. Lack of contributing to community
Aloria Wines about being single then wines when she’s hit on. Doesn’t attend and disses cons. Encourages mcgrew’s asshattery
Aloria Because she is a hypocritical raging cunt .. or dick if she prefers for her transiet sensibilities
aloria for the endless drama.
Ankit Fadia http://www.dailyo.in/politics/digital-india-ankit-fadia-trai-draft-encryption-policy-ravi-shankar-prasad-cyber-security/story/1/6500.html
Anonymous bunch a fucking skiddies who have never made a difference
Anonymous Using pea shooters against tanks
Anthony Zuiker and any other fucker creating documentaries and TV shows, movies that spew Cyber CSI Cyber, NOVA cyberwar and any other shit show
Apple Because they still don’t care about you unless you’re spending buttfsck a lot of money every six months on them
Archuleta OPM
Billy Rios breack of NDA, stunt hacking grandstanding
Bob Lord
bob lord you cant get shells on macs
Boris Sverdlick Took his 3rd job in 2 years and moved his family across the country for the 3rd time.
Brennan Being Cpt Obvious
Brian Krebs Do you really have to ask?
Bsides las vegas board for being a bunch of fuckin’ weenies over what’s essentially an april fool’s joke
China Ruining FireEye profits
Chris roberts famewhoring
CISO Rockstars or any self proclaimed security INFOSEC Rockstars There are no rockstars, we are all fucked.
Cobolt jesus fuck have you met the guy?
COMEY Blissful ignorance should, in this case, be rewarded.
Comey Crypto fuckery
Convention hopping security “professionals” …Who are too busy talking about what’s broken & collecting swag to actually take time to work on FIXING the issues they’re too busy “talking” about
Cyber Security Ninja https://www.indiegogo.com/projects/cyber-security-ninja#/
CyberPsychologists Cyber-sexual urge to penetrate
DA_667 Shitposting. A shit-ton of shitposting.
Dan Guido Because douchebaggins
Dan Kaminsky He’s Dan Kaminsky
Dave DeWalt For blaming the lack of Chinese hacking on FireEye not meeting targets.
Dave Kennedy Stupid “family” huggy conference crap
David Cameron Trying to backdoor encryption legally
David kennedy selling out to the feds yet again
Dell superfish-like root certificate installed on all new machines
Dell superfish2: ELECTRIC BOOGALOO
Dick BAITLICK for being a massive toolbag and self promoting whore
Dido Harding No fucking clue if customer data was encrypted or how deep the breach was
DPRK Giving press exposure for a Seth Rogan movie
EFF for buying into the TOR shitstorm, and drinking the shit-flavored kool-aid.
Erratarob Trolling
Erratarob Trolling
Eugene Kaspersky  He’s Eugene
European parliament  Crypto fuckery
Evan Kholmann Darknet word clouds.
F-secure Freedom vpn spying platform
Feminists CryBullying INFOSEC people
FireEye For taking vulnerability response douchebagery to a new level.
FireEye for their shit treatment of researchers. Also have you seen WITCHCOVEN yet? Fuckin lol.
Flashpoint Intel For hiring a chief scientist that’s full of shit… OMG PS4!!!! Fuckin retard
Glen Greenwald Still hasn’t released all the Snowden docs
Google For returning to China
Gov’t of the UK  Crypto Fuckery and GCHQ Hacking
GOVERNMENTS Encryption MUST HAVE ZEE BACKDOORS – Because terrorists weren’t able to get AK-47s, suicide vests, and other terror instruments in Paris which is a notoriously ‘gun free’ city .. yeah, back-dooring encryption will stop them. That’s the ticket.
HackerHuntress Self-absorbed & self-important recruiter
Hacking Team Equal parts “being assholes” and “getting smacked down”
Hacking Team for hiring people that wear atrocious looking hats, oh and selling shit to repressive regiemes
Hillary Clinton Home-brewed unpatched unauthorized ‘solution’ to S, maybe TS comms
Ian Amit so every ex-israeli army guy is an infosec expert now?
Infosec Drama people (Crenshaw, Weidman, Viss,…) Come on, either get back to 2nd grade, or grow the fuck up and behave like an adult.
Invincea FUD FUD FUD FUD
Ioerror Self promotion
Iron geek Asshole
Irongeek He causes too much drama in the community to justify his contributions.
Jack Daniel Those damn Tenable spam emails
James B. Comey, Jr. Two Words “Crypto Backdoors”
James Comey Because fuck that guy
Jayson E. Street His hugs are awkward!
Jayson street
Jayson street
Jayson Street because hugs should have no bearing on infosec
Jayson Street The classic con whore, should be banned from talking about anything technical or related to defensive security
Jayson Street eats a bags of dicks
Jeffery Carr Consistently wrong on attribution, craps on other’s research yet doesn’t deliver any himself. Specifically out to make money on “cyber” by being a contrarian.
John Brennan Falling into a wormhole and coming out in the 90s (using AOL)
JOSEPH MENN/ Reuters for his extensive campaign against Kaspersky Lab
Josh Corman For being a celebratory jackass for getting fuckall accomplished.
Kelly Lum aka Aloria Batshit crazy is as batshit crazy does.
Kelly Lum aka Aloria Drunk drama
kelly lum (@aloria) Much drama. So cray cray.
Lance James Because he’s a self aggrandising asshole
Lance James Dark and deep web bullshit artist
Lenovo Not satisfied with the superfish shitstorm, they decide that adding in a bootkit to their product line would be a great idea.
LinkedIn For giving you migraines. Daily.
Major – mid size retailers not encrypting CC data 2 years with a target on your back and still deciding to save $ over protect customers. Pennies per transaction to save millions. Sad sad sad
Mark Zuckerberg facebook, whatsapp, etc
Marketing Departments Exploiting research for sales, naming vulnerabilities, taking threats out of context, etc.
Mary Aiken CSI Cyber – need I say more??
Mary Aiken “cyber psychology” Freudian fuckery
Mary Aiken CSI Cyber, Freudian slip it in for hackers
Mary Ann Davidson For feeling entitled in her position and trying to exert her imperialist tendencies on security researchers.
Mary Ann Davidson Not understanding her customers
Matt J Harmon (MJH) For claiming to have worked on the team that made Stuxnet
Matthew J Harmon He believes he’s better than most of the community.
Matthew J Harmon Blockes INFOSEC ppl and speaks of building community (why is this guy not on @attritionorg’s charlatan list yet!)
McGrew For somehow being at the center of so many shitstorms yet never getting his hands dirty. Instead of stirring the pot maybe he should actually do something of value for the community
McGrew for being a shit-stirring instigator. Bringer of the Drama
Meg Whitman
Meg Whitman For not killing Raf with polonium when she had the chance
Michael Smith GhostSec douchery
Mr Robot Cyber cheese, melodrama, and hipsters
Mr. Robot All hacking must feature Benedict Cumberbatch
Norse  Full on pew pew pew fuckery
Norse for being Norse
Norse complete and utter embarrassment to companies that actually do legitimate threat intel. Go peddle your shite honeypot indicators and flawed analysis elsewhere
Norse Cause they try to try to sell millions of IPs as being malicious without actually providing any context. And they charge a fucking arm and leg for this worthless data
OpenSSL maintainer https://marc.info/?l=openbsd-tech&m=144472550016118&w=2
OPM lost all the things
OPM Now I need new fingerprints.
Optiv For continuing to employ Raf
Oracle lol EULAs.
Pearson Vue Yet Another Breach
Pixalate Creating a fake botnet named Xindi
Pixalate Security’ company gets PR firm to hit up major media and panic C-suites for days without providing a single IOC in marketing effort. Alleges they were actually working with experts the whole time – none of which can be identified or found.
Pixelate Ask @da_667 @botnet_hunter or Carbon Dynamics about the bullshit surrounding the Xindi Botnet. TL;DR: Extortion and vaporware.
Pixelate Xindi Botnet and the complete pile of shit the entire report was.
Raf Because you know damn well he deserves a krampusblifetime achievement award.
Raf Raf
Raf GODDAMMIT YOU ALREADY KNOW. JUST READ HIS TWITTER FEED. At least give him honorable mention.
RedDragon1949 Cause I use “cyber” so much…S/F – RDR 1949
Root9b
Schneier
Shane Schick, @Shaneschick, writer at IBM’s securityintelligence.com In his Nov 4 article for securityintelligence.com, couldn’t even be bothered to look up what EMET stands for, fearmongers about cybercriminals launching attacks, doesn’t even both to contact the authors of the paper but instead does lazy second-hand reporting.
Sidragon Yeah, yeah, freedom of speech, but live-tweeting fucking with a plane would’ve landed his ass in Gitmo if we wasn’t white
Sidragon For being a massive fucktard, testing things he had no business testing and putting several of his co-workers out on the street.
Sony They have RC4 for the preferred PS4 cipher
Starwood Hotels POS Breach
Steven Thomson https://www.indiegogo.com/projects/cyber-security-ninja#/
Steven Thomson So no necessarily Steven Thomson himself, but the culture in academia and the workplace that convinces people like this that he can be a “CYBER EXPERT” with all these certz and that’s all you need!
Stewart Baker for being 5 time partner at Steptoe, and a massive troll.
Stratfor Shamelessly attempting to game and capitalize on Paris attacks
Stunt Hackers Because they endanger the public by dropping SCADA 0-days on stage, flying planes and driving Jeeps sideways.
Stunt Hackers (Chris, Charlie, …) Because when marketing comes before security it’s a FUD game
Symantec for being Symantec
Symantec Their process didn’t catch misissuance of certificates that impersonate major web properties
TalkTalk For being derpy in the UK.
TalkTalk Because they’re incompetent gits
Ted Koppel Cyber Grid Meltdown!
Ted Koppel His book.
The EFF, also Soghosian Sheer idiocy & FUD sales in the face of facts
The EU parliament For declining extradition of snowden
The Golden Key Giving Comey a hard-on
The TOR project For being a bunch of pissants who can’t accept criticism that their project is shit and has changed nothing.
The UK PROPOSING LAWS TO EFFECTIVELY BAN CRYPTO
The UK gov’t For demanding gov’t access to all encryption
Threat Intelligence Telling me China is behind it isn’t threat intelligence.
Tor Project Over 9000 obvious reasons. Summary: faggotry
TrendMicro fergdawg
TrendMicro because they don’t include IOCs in reports
Twitter Filling timelines with heart attacks
U.S. Government Failing elementary security
U.S. Office of Personnel Management Being essentially the Snowden of sensitive personal information, through laziness & stupidity rather than outright malice, and no one getting punished for it. Bravo.
Venture Capitalists Seriously, completely ridiculous valuations on crap solutions is creating a massive bubble
VistaPrint too many tupo domains…
VTech think of the kids, bruh
Wesley McGrew Have you met this colossal douchebag?
Wesley McGrew SJW douchebaggery and being an over educated educational poser
Wim Remes Can you please get that ISC2 thing over please?
Wired Wired is to technology as screen doors are to submarines.
Zerodium Because, Assoles.

 

WHEW! that was a long list huh? There were more than a few nominations that had doubles and triples but Krampus is a discerning and judicious hater of all things cyber douchey. So here are Krampus’ favorites including some that did not make the list proper. Are you ready? Krampus is! Let’s begin with Krampus’ most hated douches shall we?

The Press:

LISTEN up you fucksticks. Krampus is really fucking tired of seeing poorly investigated stories on “the cybers” in the news cycle! So many times Krampus has smashed things after reading your stupid fucking click-bait-y shit that he has nearly come close to the record holder Packetknife in breaking Macbook Air’s in two! FUCKING STOP!

Look, if you are going to do reporting on things then you have to do a few things;

  1. Talk to knowledgeable people, dare I even say experts? You know, people who are the subject matter experts?

  2. THEN you report on what they told you without editorializing what they said to fit your fuckery and click bait needs!

  3. IF the experts say nothing that you can print because you have your own agenda, then DON’T FUCKING WRITE ANYTHING!

  4. IF you are looking for EXPERTS fucking VET them to insure they know WHAT THE FUCK THEY ARE TALKING ABOUT!

  5. STOP GIVING CERTAIN MEMBERS OF OUR COMMUNITY AIR TIME TO PIMP THEIR PRODUCTS!

  6. AND FOR FUCKS SAKE STOP WIRED BEFORE IT GETS WORSE! (Wired is to tech journalism as a screen door is to a submarine)

JESUS FUCK! IF KRAMPUS GOES ON HE WILL HAVE AN ANEURYSM!

Threat Intelligence Firms:

WHERE should Krampus start on this one? I mean there is so much to cover on how fucked up this whole thing is. Maybe it is good to just list out the problems to start with huh?

  1. Threat Intelligence means that you give analysis on the THREATS to the CLIENT you fucksticks!

  2. Selling other people’s data, INCLUDING OPEN SOURCE DATA, packaging it, stamping it with your logo, and charging huge sums is FUCKERY.

  3. Once again, it’s about the CONSUMER of your data and the ANALYSIS that you give them fuckwits!

  4. GOD DAMMIT I HATE YOU ALL!

SO, does that kind of encapsulate how Krampus feels about so called ‘Threat Intelligence’ firms? I think it kinda does. It’s really just another way for companies to make money, lots of money, off of the knoodnicks out there willing tho buy their shitty intelligence reporting because they have no clue. As Barnum said; “A sucker is born every minute” in today’s HFT world it is more like every nano second.

The Government & Comey:

OMFG KRAMPUS HAS A MIGRAINE ALREADY THINKING ABOUT THIS ONE….

Ok, so Krampus understands that the people in the gubment aren’t really the sharpest blades in the drawer but really, backdoor keys to all crypto? Do you even CRYP… wait, what is Krampus saying… NO, you don’t.

Ok, let Krampus use the small words here:

“JESUS FUCK NO YOU CANNOT BACKDOOR ALL THE CRYPTO BECAUSE THAT BREAKS ALL THE CRYPTOS YOU IDIOTS SO STOP TRYING AND ACTUALLY DO SOME WORK. YOU KNOW, LIKE GETTIN HUMINT INVOLVED TO KNOW WHO’S DOIN SHIT WHERE AND WHEN OK?

Now, Krampus has a special note for Mr. Comey…

Dear Mr. Comey,

Krampus knows you are trying to defend the nation and to stop all the bad things. Believe me, I understand, but you really really really need to listen to the experts on this and get your mouth off the crytpo backdoor hash pipe ok? Can you do that for Uncle Krampus? If you do he promises you that he will be extra nasty to the bad bad kids this year.

No no no.. oh stop crying Mr. Comey…

Aww fuck.

Yours,

Krampus.

OPM:

WOW, what can one say other than wow about OPM. Well, let Krampus try…

“HOLY WHAT THE FUCK YOU STUPID SHIT STAIN GOVERNMENT WORKERS! WHAT THE HOLY FUCK WERE YOU ALL DOING WHEN YOU WEREN’T PLAYING WITH YOURSELVES IN YOUR GOVERNMENT ISSUED TAN ON TAN CUBICLES FULL OF WENT NAPS AND TPS COVER SHEETS? IF I COULD I WOULD TAKE EACH AND EVERY ONE OF YOU TO THE RIVER AND DROWN YOUR ASSES FOR YOUR FUCKERY!

ARCHULETTA, YOU, YOU, YOU FUCKING RETARDED CHIHUAHUA! I HOPE YOU NEVER GET ANOTHER FUCKING JOB EVER THE FUCK AGAIN! YOU AND YOUR ORGANIZATION NEEDS TO BE BURNT TO THE GROUND AND A NEW ONE BUILT ON THE ASHES OF THE PLACE. HOW THE FUCK DO YOU EVEN SLEEP AT NIGHT YOU ASSHAT?”

Sorry, Krampus kinda lost it there… He’s just really really pissed that you lost HIS data!

Stunt Hackers:

HEY YOU! YEAH YOU, THE LEE MAJORS STUNTMAN WANNABE FUCKTARDS, CUT IT THE FUCK OUT!

What the fuck is this cyber kindergarten? No wonder no one pays real attention to us when we have fucksticks claiming to fly planes sideways while hacking cars that are on two wheels.

JESUS FUCK!

Krampus suggests that if you want attention you go talk to your moms and stop this shit.

Mary (I’m a CYBER Psychologist) Aiken & CSI CYBER:

MARY, oh Mary, you batshit crazy opportunistic twat. Wow, you came onto the scene like a full on case of the herpes and like the herpes you just won’t go the fuck away! You’re brand of stupid burns like the infection in Krampus’ urinary tract from the STD that is your genre of FULL SPECTRUM CYBER DOUCHERY you inflicted upon us all with your abomination CSI CYBER.

HOLY WTF! what a piece of shit that show is and your claims to be a “Cyber Psychologist” is one of the most moronic things Krampus has ever seen! Krampus though has to admit that your height of heights in hilarity was trying to kluge Freudian psychiatry into CYBER. Wow that was just the most inane shit Krampus ever read and he had to really really drink a lot of Whiskey to get that shit out of his head.

Mary, do us all a favor and post your university’s dismissing you, go drown yourself in a loch somewhere please.

Yours,

Krampus.

CYBER Counter Terrorism Firms:

SINCE the start of Da’esh’s CYBER war against us all there have been more and more of these ’boutique’ counter terrorism firms popping up. Some of the older ones like FLASHPOINT are the standard model for the new ones and by standard model Krampus means charlatans. Like the ever present and oft used shill Evan Kohlmann, the baby faced and minded, front man of FLASHPOINT Partners. How the hell did you even get any time in the court or on TV hawking your particular brand of stupid? Oh yeah, it was the gubment!

This trend is only getting worse and Krampus’ lists are getting longer and longer with names from these firms. Krampus though has one special message for Evan though…

Evan?.. Evan? No, over here Evan, focus for me. Use that weak spine to turn your infant head this way… Yes that’s good. Now, CUT IT THE FUCK OUT! STOP BEING A SHITHEAD AND STOP TAKING OTHERS INTELLIGENCE AND POSTING IT AS YOURS! FOR THAT MATTER JUST GET OUT OF THE BUSINESS BECAUSE PEOPLE ARE ON TO YOU NOW YOU FUCKWIT. IF KRAMPUS SEE’S YOU HE’S GOT A SPECIAL SELECTION OF SWITCHES TO BEAT YOU WITH.

Now, go back to sucking on that cyber terrorism binky..

Hacking Team & 0day Vendors:

HACK’ING TEAM! wow, just wow. Your shitty software was one thing but your PASSWORD security was something else altogether!

“PASSWORD IS MY PASSWORD FOR ALL PASSWORDS INCLUDING MY DOMAIN PASSWORD!” 

BAAAAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!

Sorry but you guys deserved to be hacked just for that but when the shit came out it really showed how little morals you had! Look at all those deals with despotic governments! This is just the tip of the iceberg Krampus thinks when it comes to 0day vendors. What a business you are all in. Frankly Krampus wonders why you all aren’t just in a fiery pit already for all your fuckery.

You shall reap what you sow.

“The Community & Cons”

HI KIDS! SIT DOWN WHILE UNCLE KRAMPUS BEGINS THE AIRING OF GRIEVANCES!

WHERE the fuck does Krampus begin on this one? Lessee here… Oh yeah… WHAT THE FUCK IS WRONG WITH ALL OF YOU? Did you all just regress back into early childhood or what? Cut it the fuck out with all the childishness and attention seeking behavior! This is supposed to be serious business right? Oh wait, haha oh yeah.. Serious business haha..

Look, you all act like morons with your freak flags fluttering in the wind and then grouse about how you are not taken seriously by your employers and the greater populace. No wonder they pay you little attention when you are all acting like juvenile asshats! Maybe that CEO might pay better attention if you didn’t look like a goth club reject huh?

Grow the fuck up.

Special Mentions:

The Odious Awards:

Raf: MY GOD DO YOU EVEN INTERNET BRUH?

Euegene: SHUT UP EUGENE!

Schneier: Always a day late and a bitcoin short.

McGrew: I banned you because I thought you were a douche. Well, gee, I guess it wasn’t just me huh?

Jeff Carr: Self promoter extraordinaire who never passes up an opportunity to pimp his wares and be wrong on national TV.

Ankit Fadia:

Dave Kennedy: Just stop with the fucking hugs and STAY IN YOUR LANE!

Eratta Rob: YOU MAGNIFICENT TROLLING BASTARD! You do realize that all this trolling you do belies your deep seated neuroses right?

Kim Zetter (Hack Reporter): KEEP ON CYBERING DA’ESH INTO SUBMISSION… IDIOT.

Jayson Street: Some folks just don’t seem to like you. Krampus actually thinks he has nothing on you so you will get off with a warning.

Josh Corman: Krampus has you on the list in the permanent collection. Keep wearing that unicorn head mask thing. It suits you.

Dick Bait-Lick: Krampus has decided that your punishment will be that you must wear a tribble on your head from now on in public. You jingoistic fuckwit.

Hillary Clinton: Krampus has a special place in his black black heart for you! That stealth server in the disused bathroom, SHEER FUCKING GENIUS! You are gonna run shit someday! Run it into the gound that is…

STAY IN YOUR FUCKING LANE:

AS Krampus was writing this a Tweet came across where the illustrious Kim Zetter was allegedly saying she would be on a  panel about Da’esh and CYBER. Krampus’ mind nearly went bye bye when he saw this. So here is what he has to say about STAYING THE FUCK IN YOUR LANE!

IF YOU ARE NOT AN EXPERT ON A PARTICULAR THING DO NOT ACCEPT SPEAKING ENGAGEMENTS ON THAT THING!

IF YOU ARE NOT AN EXPERT ON A PARTICULAR THING DO NOT OFFER ADVICE ON THAT THING BECAUSE YOU ARE NOT AN EXPERT!

IF YOU ARE NOT AN EXPERT ON A THING THEN DO NOT GO ON CNN SAYING YOU ARE AN EXPERT ON THAT THING!

JESUS FUCK what the fuck is wrong with you people? Is it just that you think you can Google something that you are now an expert? FUCKING STOP! This goes doubly and triple for Kim Zetter and Dave Kennedy talking about anything to do with Terrorism and for fucks sake surely not CYBER TERRORISM where Jihad is concerned.

Just stop the fame whoring.

GHOSTSEC/ANONYMOUS VERSUS DA’ESH:

Oh Anonymous and your splintery splinter amorphous groups of Aderall riddled children. You make Krampus sad and amused with your antics. He especially giggles when he thinks about a group of nerds in basements who claim that you can’t stop an idea, are trying to stop another groups ideas! You all do realize the hilarity in that don’t you kids?

Kids?

Focus for me kids… NO STOP TOUCHING YOURSELVES WHILE YOU PING THAT SERVER! OH MY GOD!

Oh well, you keep on keepin on with your DoS attacks and your really shitty OSINT gathering! You will have the sum effect of nothing in the end against terrorism. You all just keep patting yourselves on the back though and keep that narcissistic light shining on all your “anonymous” players. Uncle Krampus will eventually snitch on you all landing you in classes with Sabu on how to be upstanding online denizens.

LOOKING AHEAD TO 2016 IN FULL SPECTRUM CYBER DOUCHERY:

Well fuck, how much worse could all this get anyway? Krampus really does trade in this kind of bad behavior so if there were less he would be retired. While Krampus is not in the “prediction game” he has a keen eye and see’s that there will be much more fuckery ahead in 2016! All of you in the INFOSEC business will likely go FULL SPECTRUM CYBER and it will be game over. Next year’s list will likely be a lot bigger and Krampus will get carpal tunnel from having to beat you all with those switches and the CAT-6 cable flail!

See you in 2016 fuckers.

Krampus.

 

Written by Krypt3ia

2015/12/04 at 17:18

Posted in CYBERKRAMPUS

Did China Just Bill Clinton Us on OPM?

leave a comment »

Clintond

 

In an article posted today from the Chinese State News service Xinhua the official ruling on the OPM hack has been determined to have been carried out by a group of “criminal hackers” not at the behest of the Chinese government. As such they say, the hack was not an official act of cyber war but instead a criminal act according to current laws on cyber warfare.

Dude, we just got Bill Clinton’d on one of the largest hacks to date on governmental databases! Let’s parse this out a bit and then move on to another story that was also posted today. That story; “Congress wants to know how OPM hack could hurt U.S. spies” asks one of the most idiotic questions I for one can think of as someone who’s data was stolen by a foreign power who is now saying in effect; “We have your data, but hey, it was a criminal act. We didn’t ask them to do it but thanks for the files!” 

Thanks China! Don’t mind you holding that data for me since I think that the OPM and the DHS aren’t really capable even with their neato NCATS cyber hygiene service! Say… Did I mention I found all your FOUO documents on your super neato hacker hygiene program being leaked by your own servers? YAY!

Asshats.

But I digress… Ok so back to the first story. I believe that in the past I have written about the coming cyber wars in context of how incredibly hard it will be to prosecute not only the war, but also the defense as well as the, well, prosecution, of anyone we think carried out actions against us. Here we have a classic example of how this will all work with the, well lets call it from hereon the “Clinton Defense” for lack of a better moniker.

China was pretty smart to play it this way because not only does it sort of absolve them but it also gives them a chance to now leak that data to the darknet let’s say and lend credence to the idea that criminal gangs stole the data and are now trying to profit from it. Once the cat is out of the bag the cat pretty much is useless right? Well no, in fact they have their copy of the data and I am sure the MSS and more so the PLA have farmed all that data out to their intelligence customers for further exploitation.

China wins.

This is probably a scenario that certain analysts already thought might come to play since we kind of already pointed the finger at China anyway. It also may have been a foregone conclusion given the futile naming of names and placing them on wanted lists that the DOJ put out this year. If you think we will ever get hold of those Chinese PLA assets you are just deluding yourself. From now on I can see how China and now other nations will just blame non state actors for the hacks against any assets just like some mother scolding a bad child for thievery out of the cookie jar. All the while the players will not be charged with anything and perhaps never even be known because the government will cover their identities.

Do you see where this is all going? What a slippery slope this is? All the while we keep focusing on attack and not on defense. Yeah, that will win the day for us for sure. I am so tired of all the bullshit. Even if you can DFIR and OSINT the shit out of things all one has to do is “officially” blame another actor and the game is over. There won’t be any trials and the data is still in the hands of the adversary, once again, because WE FAILED TO HAVE THAT CYBER HYGIENE!!

Fuckery.

Meanwhile the congress seems to be overtaxing their small minds trying to understand how the data that was stolen (SF86’s and the kitchen sink at OPM) could affect those in the clandestine service. Seriously? Are you fucking kidding me? You don’t understand how China having not only access to where someone worked and works, but also all their personal histories, clearance levels, friends information, psych status, fucking everything to create a super dossier on them could affect a clandestine agent? Tell me something congressman… Are you an idiot?

I would like the congress to understand even more deeply about the hack on OPM. It is more than just the data that they stole. It is also about how long they had access to the internals at OPM and then the networks that the OPM network touch. For instance, did you know that the server the data was being held in partially sat in the DOI?

NO I AM NOT KIDDING

The Department of the Interior is a place I know rather well because I worked for the DOJ on a case against them back in the day. I had to look at their networks and boy oh boy, what a fucking mess. Would it also surprise you to know congressman that the DOI network has classified network connections as well? Did you know for example that when I was poking about I saw NRO shit as well? Think about that and let it rattle around your empty heads a bit. Ask yourself and then ask OPM and DHS what other networks the Chinese may have had access to for about a year?

HEAD. SPLODE.

I dunno, it seems like every day I just want to crawl into the woods and build my 6×6 shack and wait for the apocalypse to come far away from the asshattery that will undoubtedly occur. Fuck the whole iot bullshit with fridges and toasters exploding from grid hacks by Ted Koppel. I just want out because we as a species are just incapable of handling this shit appropriately. I eagerly await the end where the AI finally takes over and decides to liquefy us all to feed to one another to be used as batteries for the Matrix.

Let’s get this over with already.

K.

Written by Krypt3ia

2015/12/02 at 18:19

Posted in China, CyberWar, Hacking

Anonymous Versus Da’esh: It’s OPCARTEL All Over Again

leave a comment »

anonymous-mask-tayeb-abu-shehada

Sit down kids and let me unfold to you all how idiotic I think you all are. As someone who has been doing research low these 15 years that we have been in the GWOT I have to just say my peace concerning your so called “war on Isis” The short and simple get off my lawn statement is you have no idea what you are doing. The longer more thoughtful commentary will follow shortly.

Honestly, you all mean well I am sure and I am also sure that many are in it not for the moral faggery but more so the attention seeking narcissism that fuels all of your breathless narratives given to any and all hack reporter that will listen and then fill in the blanks per their own clickbaity needs. In either motivation you all are doing a poor job at trying to prosecute a so called war with horrible OSINT and a plan that only annoy’s the da’eshbags more than stops them communicating.

A great Twitter war of Whack A Mole is pointless and in reality the government and Twitter have only shut down accounts that were not only confirmed to be spewing da’eshbag materials but also were real players. The blanket approach that you all have taken drift net like, and capturing not only some real accounts but also others who are just innocent Muslims, Iranians, Palestinians, etc does nothing for any cause save your own attention seeking. Pay attention! Twitter is not using your data. The government is not using your data! Your data is bad and you are an impediment not great warriors in the greater battle against radical jihad.

khaaaaaan-o

Either work smarter or stop.

I have sat in on your pirate and other “pads” and even given you direct information that some of the people you have targeted have nothing whatsoever to do with jihad. You all never seem to listen so I stopped. I am sure nothing I say here will matter either really so you will continue to go on and be a hindrance while making the headlines. Frankly the hardest thing for me lately is to be tagged together in reports on your little war with the story if my locating the dark net site recently that was a feed of da’esh propaganda. I really want nothing to do with you but the media, though I block them, still cannot seem to get their shit straight and report on what is really important over the lede of ERMEGERD ANONYMOUS WILL WAGE WAR ON DA’ESH!

FUCKERY.

Let me just give you the same cautionary that I gave you on OpCartel

You aren’t ready for this kind of real warfare. If da’esh finds out who any of you are and they are able to, they will kill you. Maybe even behead you for the camera because they too need the media cycles to pimp their ideas and propaganda.

It’s that simple.

Work smarter or leave the battlefield.

K.

 

Written by Krypt3ia

2015/12/01 at 18:03

Posted in Uncategorized

isdratetp4donyfy.onion The Da’esh Darknet Propaganda Site: Down But Still Telling Tales

leave a comment »

Screenshot from 2015-11-15 16:46:15

The Isdarat Onion and the MoD Address:

After posting my second piece on the da’esh propaganda site in the darknet (under the hood) it wasn’t long before the darknet site was down for the count. Interestingly though, before it went down some information could be gleaned as to perhaps it’s IP address as well as what it was running. I had already mentioned that it was running a WordPress frontend but behind everything was a bit more interesting. When a whatweb was carried out on the url it came back with an IP address that on the face of it was just another IP. However, when Googled, the IP had a nice little hit that shed some light on perhaps what may have been going on before I got there.

Whatweb -v

http://isdratetp4donyfy.onion/ [200]
http://isdratetp4donyfy.onion [200] Country[RESERVED][ZZ], HTTPServer[nginx/1.8.0], IP[10.213.114.145], UncommonHeaders[link], nginx[1.8.0], x-pingback[http://isdratetp4donyfy.onion/ar/xmlrpc.php]
URL    : http://isdratetp4donyfy.onion
Status : 200
Country ——————————————————————–
Description: Shows the country the IPv4 address belongs to. This uses
the GeoIP IP2Country databTEXTase from
http://software77.net/geo-ip/. Instructions on updating the
database are in the plugin comments.
String     : RESERVED
Module     : ZZ

HTTPServer —————————————————————–
Description: HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
String     : nginx/1.8.0 (from server string)

IP ————————————————————————-
Description: IP address of the target, if available.
String     : 10.213.114.145

UncommonHeaders ————————————————————http://isdratetp4donyfy.onion/ [200]
http://isdratetp4donyfy.onion [200] Country[RESERVED][ZZ], HTTPServer[nginx/1.8.0], IP[10.213.114.145], UncommonHeaders[link], nginx[1.8.0], x-pingback[http://isdratetp4donyfy.onion/ar/xmlrpc.php]
URL    : http://isdratetp4donyfy.onion
Status : 200
Country ——————————————————————–
Description: Shows the country the IPv4 address belongs to. This uses
the GeoIP IP2Country database from
http://software77.net/geo-ip/. Instructions on updating the
database are in the plugin comments.
String     : RESERVED
Module     : ZZ

HTTPServer —————————————————————–
Description: HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
String     : nginx/1.8.0 (from server string)

IP ————————————————————————-
Description: IP address of the target, if available.
String     : 10.213.114.145

UncommonHeaders ————————————————————
Description: Uncommon HTTP server
Description: Uncommon HTTP server headers. The blacklist includes all
the standard headers and many non standard but common ones.
Interesting but fairly common headers should have their own
plugins, eg. x-powered-by, server and x-aspnet-version.
Info about headers can be found at http://www.http-stats.com
String     : link (from headers)

nginx ———————————————————————-
Description: Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server. – Homepage: http://nginx.net/
Version    : 1.8.0

x-pingback —————————————————————–
Description: A pingback is one of three types of linkbacks, methods for
Web authors to request notification when somebody links to
one of their documents. This enables authors to keep track
of who is linking to, or referring to their articles. Some
weblog software, such as Movable Type, Serendipity,
WordPress and Telligent Community, support automatic
pingbacks
String     : http://isdratetp4donyfy.onion/ar/xmlrpc.php

Once you Googled the IP address alone you got some usual stuff but one thing stood out. and index of logs for that IP and another. What was this? Well, it was a site holding the logs for a keylogger by DarkZhyk a Russian keylogger RAT. So, it seems that this IP address as of February 28th 2015 had a RAT/Kelogger on the box that had the IP at the time. Now, the question is was this IP a static box that held the onion or was this somehow the box that the webserver sat on? I really would have to do some more digging but let’s just leave that for now because it is the second address that is the interesting bit. It seems that 25.154.73.36 belongs to the Ministry of Defense in the U.K.

Screenshot from 2015-11-24 14:42:06

Screenshot from 2015-11-24 14:42:58

Screenshot from 2015-11-24 14:44:25

That’s right kids, in February of this year that IP address cited from that whatweb was logged into by the MoD. Quite the interesting tidbit huh? I did not poke around the MoD at all but I have told some peeps to keep their eyes open and maybe wink wink nudge nudge some folks about this. Could this be a sign that the site was already compromised? The box itself compromised? That the MoD knew about this box and already had been inside it? One wonders. I do know thought that the clearnet RSS feed was a Windows box as well and in all it took no time whatsoever for the kiddies to take this site down. It’s pretty much as I intoned in the last piece that this site was pretty poorly secured.

So let the games begin!

But wait, there’s more!

Screenshot from 2015-11-25 13_54_33

In the interim as the site was down I decided to do all the OSINT work on the players involved. See, unlike Anonymous or goatsec I actually do research on targets before I do any kind of reporting. In looking at these guys it became clear that not only were their sites all over the place but also that they are in fact Indonesian in origin. It seems that these guys spend quite a bit of time buying domains anonymously to RSS feed this shit to the world under the “Isdarat” moniker. Isdarat by the way is “to spread” in Arabic so basically to spread the word so to speak. While anonymous has been trying to swat all these sites down they have just gone back to backup sites as usual with no real effect on their ability to stream videos and push the propaganda levers for da’esh.

Screenshot from 2015-11-29 12_30_43

http://isdarat.in.hypestat.com/

http://isdarat.xyz.hypestat.com/

http://isdarat.xyz.hypestat.com/

http://isdarat.tv.hypestat.com/

http://isdarat.sd.hypestat.com/

http://isdarattv.blogspot.com/

http://isdarat.tumblr.com/

http://isdarat-istube.cf

https://khilafahdaulahislamiyyah.wordpress.com/

http://web.archive.org/web/20150430091539/http://isdarat.in/

http://khilafahtoday.blogspot.no/2015/05/terowongan-tentara-khilafah-menyusup-ke.html

https://plus.google.com/100434261915807680617/posts

https://www.facebook.com/pages/Khilafah-daulah-Islamiyyah/726338634152991

http://www.al-hisbah.com/

Isdarat Admin: http://mig.me/u/isdarat

http://www.muqawamah.net/contact-us/ —————–> redaksi.muqawamah@gmail.com

and… redaski.daulahislamiyyah@gmail.com

 

Screenshot from 2015-11-29 12_33_40

Screenshot from 2015-11-29 12_31_58

Screenshot from 2015-11-29 12_31_21

 

Screenshot from 2015-11-29 12_27_28

 

Screenshot from 2015-11-29 11_56_07

 

Screenshot from 2015-11-29 11_21_42

 

Screenshot from 2015-11-29 11_19_14

 

Yep, these guys are all over the place. So far I have yet to get a lock on any real names. So far all the pseudonyms come back to either nonsense or in one case the name of a famous Indo jihadi who died back in 2009. The upshot here is that not too many people talk about the Malay or Indo areas where Jihad and da’esh are concerned. These players have been around for a long time and I used to see a lot of activity by them for AQ. Piradius, the hosting/internet company was the Mos Eisley of the internet back in the day and it may be time to circle back to that neck of the woods again and take a look around.

Oh well, I am sure the KDI/daulahislamiyyah guys will be back with main sites again to go along with all the other ones they have hidden around.

Anonymous/goatsec 0

daulahislamiyyah 1

 

K.

Written by Krypt3ia

2015/11/29 at 21:42

Posted in Da'esh, DARKNET

Follow

Get every new post delivered to your Inbox.

Join 216 other followers