Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Existential Angst

leave a comment »

In the face of the daily news from all sources, the Twitter-sphere, and the rest of the internet, it seems that we all are facing numerous existential issues. In the news cycle alone lately we have more and more proofs with data that anthropogenic climate change (ok ok destruction) leaves us with an expiration date for life on the planet of 2050. Meanwhile, the Trump administration (if one calls it that and not shit show) is busily destroying Democracy and seemingly trying to move that 2050 deadline to, oh, next year. No wonder why generally the populace, and in particular the youth today (Millennials and Z’s) seem to be losing their collective minds and more often infantilizing themselves into a stupor.

Yes yes, of course the parents of those millennials also sculpted, wait, bulldozed, their psyche’s into this mess but after that, I cannot blame them looking at the world and just wanting to check the fuck out. I mean, look at all this shit today? How the fuck did we get here? No, it wasn’t just Russia either! No, we did this to ourselves and it’s only gonna get worse I fear. It will be a combination of fucked up elders and dysfunctional governments (mostly the US in this post) just spinning the cylinder on the .38 snub and hold it to our collective heads like that famous Vietnam war photo…. At least it can feel that way at times. We just have no control do we?

All of this and likely future fuckery that is to come makes me just postulate that we are in for a worse time down the line and that many of you out there will just go all YOLO and give up. I for one often think about this on a grander scale and since I am in my later years, I often just have to settle with; “well, at least I did not have any kids” because fuuuuuuck are they going to have to deal with all this shit when the bill comes due!

Which brings me to my next topic, as we move through all this and still do not do anything to really address the more existential issues that we all must deal with or die, I suspect more and more people will just resign themselves to it all and let apathy take them away. Some will be cognizant of it all and steadily lose their minds, showing many manifestations of mental maladies and perhaps take up behaviors like drugs, or other hobbies to just not deal with reality. It’s easy to get lost in the cyber now right?

Game away your pains and dull your senses with some drug or whatnot right?

Lately I have wondered and pondered at the people in this hacking/infosec community as well and why they seem so fixated on all this or that shit, lacking any broader ability to converse about things or experience things. Perhaps they already feel this, perhaps they are all spectrum…

Who knows.

Ugh, whatever… Just deal with your mortality kids.

K.

Written by Krypt3ia

2019/06/12 at 17:39

Posted in Uncategorized

No More LinkedIN

leave a comment »

It seems that after posting about an alleged sale of Iranian spy data on the darknet, I find myself no longer able to log into LinedIN. I believe someone reported me for that post and perhaps some of the other oddities posts I have found in the darknet and shared on my LI page. Upon trying to log in since then I get the following demand for my personal data, either my passport, my drivers license or some other identity card scanned or photographed to prove I am who I am to their site so I can log in again.

I have a couple words for you LinkedIN; Fuck you.

That’s right, fuck you. I remember when you got hacked and all your passwords were not encrypted. I sincerely doubt that you will handle even more sensitive data of mine like an image of my national ID, Passport, or my drivers license with any more delicacy. This also feels like just another means to gather even more data about me that you could potentially sell to others or provide to any law enforcement agency that asks in future. In fact, how do I know that this is not an attempt to harvest more personal data to do that now?

No, I have nothing to hide, but fuck this kind of shit to allegedly authenticate me after finding “strange activity” on my account. This smells like a corpse flower in the dead heat of the Amazon basin.

So yeah, I know LinkedIN was seeing all my traffic, and they kept trying to get me to sign up to a full account but this is no way to go about it, nor is it a security check that is valid either. I am not giving you my ID’s

Buh bye.

Written by Krypt3ia

2019/06/12 at 16:53

Posted in FUCKERY

shaqgegpbanuq24g.onion: Alleged Iranian Espionage Sale Site

leave a comment »

 

Tooling along the darknet last week I came across this little beauty and decided to play along. I collected the site first and took a look at the Persian text as well as tested the sites security with OnionScan. Here is what I found.

Original post from a pastebin on the darknet…

The Persian seems to have the right syntax for part of it but my Farsi is meh so if anyone wants to correct me there go right ahead.

ن از کارمندان سابق وزارت اطلاعات بودم و میخوام بگم که اگه کسی به اطلاعات دقیق نیاز داره یا خریدار اطلاعات است میتونه با من در تماس باشه از اونجایی که من خودم تو اون مملکت نیستم خیالم راحته و میخوام هرچی اطلاعات راجب کاراشون و افراد مخفی اون ها دارم رو در اختیار یک خریدار خوب قرار بدهم

Translation online:

I was a former employee of the Ministry of Intelligence, and I want to say that if someone needs accurate information or information purchaser can contact me, since I’m not in that country, I’m comfortable and I want all the information you need about them and their secret people. Give me a good buyer

Now all this tied to the imagery of Wikileaks and Anonymous kinda made me giggle but, it could still be legit (though not likely) so I decided to email the guy and see what I could get from him or them. The email address louferna@secmail.pro made me wonder if that was a name, I mean, Lou Ferna? Hmmm… A google of the name “Lou Ferna” got some hits but nothing that means anything really. The same goes for louferna straight up. I did go down the anagram rabbit hole for a bit but stopped myself before I started making murder maps with yarn in the office.

Anyway, in pondering the offering I had to wonder at the high bitcoin rate there. Seven bitcoins currently is worth about fifty four thousand dollars, which, I mean you gotta be a real player to pay this right? This kinda passed the smell test on this kind of data’s worth to the right people. Then there is the bit about giving proofs, which we shall cover further down in the post. I decided that this was worth playing with and used a cutout account to email the seller. Here is the results…

I emailed asking for proofs 

They responded first by saying they were working with someone else and brushed me off. I found that to be odd, so I pushed and emailed back saying that, that deal could fall through and what harm would there be if you gave me proofs? I mean, I could up the bitcoin amount if it was good stuff! They responded back with the text below….

With this email they had attached an image file. I checked that it wasn’t some malware etc and then opened it locally to inspect it. Once I took a look I emailed back to say that I would backstop what they had sent me and respond back confirming an offer. Of course I did not respond back but instead tried to do the backstopping as I had said I would.

The information that they sent is rather complete but useless in my opinion. I will admit that I did not spend a lot of cycles on the OSINT here (enough to translate names into Persian and then search) but I tried with all the ancillary data. So far, I was able to locate only one of these people and even that one had their name misspelled. Image searches for these guys proved fruitless as well because the engines kinda suck at this kind of thing. What became obvious to me is that this is all trying to play off of the leaks by the actors dropping APT34 data on the darknet as well as telegram, which I believe dropped even more tools etc this week if I remember correctly.

Anyway, if any of you come up with more solid data on these cats lemme know. I am not spending any more cycles on it really. Add to this the fact the the site is down now and was as of Monday when I checked again, so pretty much after I emailed them they went poof. I got no wallet to send money to etc. For all I know the other “client” paid up if there really ever was one. For myself, I am leaning on this being a fraud, an interesting one at that, but a fraud. The only other thing I can possibly think is that maybe I am just not seeing the right picture here and they did sell it and rolled up the carpet.

*shrug*

Some things to take from this though…

  • The site was clean, no security leaks at all. If you are gonna have a presence in the darknet it is really best to use the KISS method. These guys just used a simple HTML static page. Simple yet effective in keeping the security of where the site sat and not leaving a trace online to track back with. The only thing I could say is that the email address could be an Achilles heal because it is hosted by a company rather than their own hosting service.
  • The story had enough to keep one interested and to possibly think it is legit. It was a step above offering at the start to give proofs.
  • The brush off, if it was a ploy, was superb SE and they were playing the long game with that.
  • The 54K price tag also played into the thing being legit enough to at least talk to them.
  • The story that they used to be Iranian spooks and that they lived outside of Iran now played too, it also made for possible stale data in the offering, note they talked about Khomeini and agencies from the past.

Nothing ventured nothing gained huh? I of course reported the site to the right people in low places and forwarded a copy of the site in case it went poof (which it did) so they have it all.

An amusing story for you all.

Feel free to play the home game on those guys in the pics and lemme know what you find.

K.

 

Written by Krypt3ia

2019/06/05 at 17:15

Posted in Cyber, DARKNET, INTEL

The 2020 Disinformation and Election Meddling Melee Playbook.

leave a comment »

The Game:

 

“There is no objective truth, there is only subjective truth”

The upcoming 2020 Election cycle will be an all out melee I suspect for a few reasons. The first reason I am making this claim is that the US has done pretty much nothing under Trump to secure the next election because Trump cannot bear to discuss what happened in 2016 and has rebuffed Homeland Security and others ovations to talk about 2020’s security. Additionally, even not talking about the subject, Trump has seen fit to do absolutely nothing about the problem because, hey, it’s how he won the last time right? The big difference in the next election cycle’s attacks will be that the field has opened up much more since the playbook was used by the GRU and SVR in 2016. Now we will have a slew of other nation states as well as internal players (Republicans, Dems, and private groups with interests) who now can spin up campaigns of their own using the Russian active measures playbook.

The Players:

Russia

Russia will undoubtedly has already spun up operations tempo on the 2020 election cycle. We have seen an uptick already in GRU style action in disinformation stories being published by the likes of Sputnik and RT. Of course these entities are always at this, but, it seems the online game has also been at work with fake accounts on Facebook, Twitter, and other places online. The real question now is how will the GRU and the Kremlin innovate to counter the paltry efforts of Facebook and Twitter and get their message out.

Of course Russia already has the in with Trump in office to begin with and it seems that play for play Trump emulates or communicated what the Kremlin wants, in effect Trump is Putin’s puppet even if he doesn’t really understand that fact. The reality though is this; the Russians have moved in on all fronts and are using proxies to effect the overall fractured nature of the political landscape today not only in the US but all over the world. Remember, Putin’s goal is to cause chaos, division, and a malaise that will leave their perceived enemies unable to function as a nation/government/force that could threaten them.

To that end, we even have been seeing more incursions lately into US air space by BEAR-FOXTROT bombers with SU-35’s. This is also a means of pressure to keep the US off balance and garner news cycles. Russia will continue overtly and covertly to influence the US in myriad ways to keep us off balance and continue the division that makes us unable to act on the world stage with decisive action. The most insidious actions though will be to continue to use money and power to further their goals internally within the US along with kompromat to keep a hold on those in power that they can use.

Trump & Surrogates

We have been seeing what Trump and his surrogates have been doing these last two years already if you have been paying attention. Trump’s use of the constant rallies, constant lies, and “iniquity signalling” will only crescendo as he leads up to the 2020 vote. Trump’s current actions against the IC are also a means of control and division as well. I am sure that Trump will use any and all TS/TSCI information that Barr might declassify to leak or blatantly beat the media and his perceived enemies with it. Let’s just say that a person like Trump with this kind of power will use anything and everything he can get his hands on to distort and destroy in furtherance of his own power.

I would be looking for more disinformation operations being created and played out by not only Trump’s internal teams but also any others who may feel a kinship to his world view. You will likely see more home grown operations like Jacob Wohl’s though some might actually not be as easily stopped as has last few attempts. I would also say that Trump himself, with his patterns of lies, half truths, and confabulation, is a main player in this because he has the multiple stages of media that include the internet via Twitter at his disposal. Of course now that Trump and Barr are in a position to declassify TS/SCI information and weaponize it, we are likely to see much more come from the candidate/president than we have ever seen before as a nation. As I am writing this as well, the debate cycle for the Democratic party starts this evening, so buckle up kids, it is all starting in earnest. It will be interesting though to watch the President and his minions to see exactly what operations they try. Perhaps I will take notes and have a follow up list of attacks that he and his minions carry out.

China:

China has always had an interest in our politics and more specifically, our economy for a long time now. In that the shackles of information warfare have been removed by Russia, the Chinese are likely to be more aggressive in this arena as well. China is currently in an economic war with the whole of the world and it is their hegemony alone that they seek to effect. Of course now Trump has begun a trade war with China so there is even more inclination for China to play a part in effecting a change in our leadership with an eye toward a more accommodating trade policy from a more friendly candidate. The question there is who among the Democrats, Republicans (if any run) and or third party candidates suits their goals. I also wonder if maybe China might make the same calculus about American politics and dysfunction as the Russians do and just seek to cause more chaos. This would mean that the US as a global power would be that much more diminished and would give China a more free hand to assert their power along with Russia globally.

Hmmm….

Frankly, China has more to lose were the US to go up in flames financially than in trying to stabilize things here though. My gut tells me that they will attempt to get Trump out and place a more friendly face in the office with any means that they can (probably dark money to candidate of their choice) to stop the Trump trade war…

Iran:

Well, this will be the new and youthful player in the space this election cycle. Iran is presently on the edge of forever war with Bolton and Trump it seems and their delusions are getting stronger by the day that Iran is an existential threat. Iran will have to play catch up with regard to disinformation and information operations before they can be a real player like Russia or even China but I am sure they will be playing the game as well. In fact, there have been more moves on the internet of late that seem to be leading toward psyops and disinfo ops for the upcoming elections so keep an eye on them.

DPRK:

DPRK is a dark horse here and I am sure they will be taking part as well in the great games of 2020. History has shown that Un and his forces are a little more kinetic than most of the others in their operations online and off. Actually, in the arena they are second to Russia so I would be looking for some hacks and perhaps dumps akin to what Russia pulled off in 2016 to muddy the waters further. Of course in the case of Un and DPRK it is also in their interest to keep Donny in office. Donny is a weak president that Un can lie to and manipulate in order to further his own ends no matter what Donny says about their great relationship. I think if we watch for DPRK activity we will see some hacks, dumps, and more likely than those dark monies being funneled to campaigns to further their ends.

Saudi Arabia:

Saudi… What’s more to say right? Money, more money, more influence, and perhaps some disinformation as an appetizer? My bet would be that Saudi will go full in on Trump and perhaps be passing him dirt on candidates as well as funneling large sums to the Trump campaign to keep him in there. With the Kashoggi killing and the total air cover by Trump for that killing, I am sure that Saudi is a lock in support for Trump. With the alleged hack and dump on Bezos’ phone, we can see that if it was indeed Saudi who carried that out in retaliation for the WashPo, well, then they are certainly capable of much more. The question for me is just how much they will care to try and obfuscate where it’s all emanating from.

Scenarios

Disinformation:

What we have seen in disinformation operations since 2016 is just the tip of the iceberg. With the advent of social media and now computing power, we will likely see even more forgery of information or distortion of data that will cause people to believe all kinds of things in this election cycle. Remember, the point is to cause friction and sow chaos so the media does not have to be air tight, it only has to feed the cognitive dissonance of the target audience that they target. Even with information being proven to be false, we have seen people’s inability to get past their own beliefs to see the truth of things. So by dropping video, audio, articles, etc the damage is done and the momentum is carried. Look for the following types of disinformation operations:

  • Fake video (DeepFake) of individuals in the election cycle (even if they are easily found to be false)
  • Tampered video (Pelosi is slurring words)
  • Faked or tampered audio files
  • False information being leaked or posted (including forged email spools, documents, etc)
  • False or misleading stories being amplified on media
  • Leaking false information to news outlets (Leaked forged or tampered with databases)
  • Leaking false information in the form of oppo (opposition research) to opponents (Think Steele dossier on steroids created whole cloth)
  • YouTube and other video documentaries or clips with totally fictional content offered as “the truth” like flat earth videos
  • Insertion and operation of accounts on Twitter, Facebook, Telegram, Discord, Redit, basically any feed available with an audience to spill disinformation on
Propaganda:

Propaganda and Disinformation are kissing cousins really. Basically all of the above being pumped out by the likes of RT, FOX News, and other outlets. The ubiquity of the advertising and the news feeds that have become wholly about propaganda has made this hard to miss and or be affected by today.

  • Meme’s
  • Television/Internet/Radio news and advertising
  • YouTube videos and ads (lately they have been buying up interstitial space as well as before and after videos)
  • Whatabout-ism
Dirty Tricks:

Dirty tricks have been a long standing go to in our political system and now it is getting a re-assessment and revitalization since 2016. I would wholly attribute this to Roger Stone and his machinations along with the Trump/Russia collusion that took place. Incidents can be clearly outlined in 2016 like the actions of Cambridge Analytica that were caught on tape. Cambridge was looking to sell services of not only analytics but also dirty tricks by capturing people on tape with hookers etc to destroy them. Stone is famously known as being a dirty trickster and worked as such in the Nixon campaign. So yeah, we are likely to see this play out in 2020 as well. I would hasten to add that the recent Giuliani attempts in Ukraine to get dirt on Joe Biden are exactly this type of activity albeit totally and nakedly open to us all to see. You see, even the whiff of this dirt feeds the cognitive dissonance of the avid Trumper.

  • Setup’s like ACORN or Cambridge Analytica offerings of secret videos
  • Sex stings with video/audio/pictures
  • National Enquirer-esque leaks of dirt
  • Blog posts, tweets, etc that can be forged and said to be from a candidate
  • Fake claims made against candidates etc
  • Theft and release of information that is not flattering to a candidate (honestly, this is what happened to Clinton in 2016, what was really revelatory in those email dumps?)
Direct Action:

Russia really set the bar here for direct action. The hacking and leaking of information, even data that like the Clinton emails was a big “meh” was enough to feed the base of Trump and perhaps change minds of those who were on the fence about voting for her. Then again, the idea of hacking the election systems and the systems that tally the rolls has not been totally elucidated upon by the FBI and others. The fact of the matter is this, we now know that the GRU hacked those systems and had access, we just have no idea of what they actually did while on them. Did GRU put their thumb on the electoral scale and win Donny the election by the smallest of margins via the electoral system?

…. I kinda think they did but no proof means no certainty.

With that, consider what may happen this go round in 2020.

  • Hacking and dumping of data as we saw in 2016
  • Hacking and destruction of systems in an effort to make systems seem insecure/not trustworthy
  • Hacking and placing disinformation into data then leaking for effect
  • Hacking election systems and tampering with them secretly for vote control
  • Hacking systems not to actually damage them or change the vote but only to sow FUD on their security
  • Hacking and use of data in blackmail
  • Hacking and using ransomware etc to lock up systems and cause chaos and inaction
TRUMP:

Donny has been hard at work since taking office by having the constant rallies for his base. He has been feeding them a steady mixture of lies, distortions, and promises of “winning” since the start. Faced now with another election cycle where he could potentially be beat, he will go into overdrive with his antics to keep his base active as well as make all opponents look bad. What Trump will double down on though will be the same things as he has previously, e.g. “rigged elections, fake news, and whatever the Kremlin line is being put out there currently” I would add though, these bullet points of what he will likely try in 2020 pre and post election.

  • Begins to call election system into question pre-election
  • Leverages National Guard and or Active MIL to “guard” polling stations nationally (pressure on people to not vote through intimidation)
  • Calls the election “rigged” and challenges the result
  • Makes calls for his term to be extended
  • Calls a national emergency if he loses and attempts to go to court over the election results
  • Calls for a re-call election due to tampering
  • His usual disinformation road show will go full steam during the election cycle
  • Trump will amp up the discord by doing more outrageous things
  • Lastly, the Trump/Barr IC war will be leveraged against his perceived enemies using secret data to dump or distort to attack if not actually attempt to arrest his enemies.
Conclusions:

Well, here we are at what kind of feels like the end of Democracy. Trump is the catalyst for so much that is a detriment to the values of the United States that it is hard to even to attempt to prognosticate what he will try to keep his place in the White House. Of course, as I said before in this piece, the norms have all been broken now and the US and other countries still have not made any inroads and how to respond to these kinds of attacks. This means that we are all just unable to stop these things from happening and without solid responses when they do. This will all just escalate and get worse I fear with a specific scenario that Trump, by hook or by crook, wins in 2020 and is allowed to destroy how the countries government is supposed to work.

This is a key fact, we do not have a means of stopping the disinformation propagation nor do we have a means to effectively counter its effects. without laws and norms around this as well as a means to counter it all, we are lost. I have been watching the think tank reports and have in fact taken part in some of these working groups and in every case, it comes back to “what does the government have as tools and techniques to counter this?” and the answer even more so now is “none” … In fact, Trump has cut funding as well as ignored calls to formulate plans to stop these attacks on Democracy.

The net effect is we are fucked.

So, sit back kids, grab a tasty beverage and watch the fires of what is left of our Democracy burn.

… That’s kinda Millennial huh?

K.

Written by Krypt3ia

2019/05/28 at 13:03

Posted in 2020, Disinformation, Russia

Anders Brievik and Brenton Tarrant: Parallels of Manifesto’s, Actions and Psychology

leave a comment »

I recently began to consider the parallels between the Christchurch and the Norwegian mass shooters which was sparked by watching a special on Anders Breivik. In the documentary on Breivik, they delve into the manifesto and his history a bit and these two things seemed to track a bit with Brenton Tarrant’s actions. In fact, it seems that Tarrant was directly influenced by Anders and his actions as well as his manifesto. So much so, that Tarrant say’s in his manifesto that he idolized Anders and in fact reached out to the “knights Justiciar” online and had communication with Breivik; “Receiving a blessing for my mission after contacting his brother knights”  in his own manifesto placed online minutes before the attacks.

Digging in further, I located several copies of the full video that Tarrant was live streaming on Facebook on the darknet. I watched this and took notes on parallels between what Breivik’s and Tarrant’s actions methods and actions. It quickly became clear just how much Tarrant had taken from Breivik’s attacks and methodology. From this, I then sought out each of their writings online and their manifesto’s. I then began to map out just how much one had imitated the other and started to ponder if they are both suffering from the same mental maladies and to what extent. I began to see the parallels quite clearly and this is something the media really has not delved into. First, let’s look at the planning stages of their actions.

  • Breivik planned his attacks meticulously for eleven years
  • Tarrant planned for two years

 

  • Breivik wrote extensively about certain regions and histories around clashes of cultures
  • Tarrant seems to have traveled to those countries and regions that Breivik wrote about as a means to understand what Breivik had been writing about

 

  • Breivik researched and wrote quite a bit on his plan and his mission to include a manifesto over one thousand pages long
  • Tarrant wrote a seventy six page manifesto and his research was haphazard and minimal as to targeting

It seems that Tarrant lacked the concentration or perhaps the methodical nature that Breivik shows. By looking at the manifesto’s side by side, you can see that Tarrant pretty much just cribbed Breivik’s style and format as seen below. The imagery and the motive seem to be pretty parallel but once again, the diversion is on Tarrant’s side where he could not muster the longer and more convoluted writings as well as the complex ideas that Breivik is trying to get across in his writings. Of course the writings that Breivik put out also are cribbed as well from many sources and are mostly overly complex, the machinations of a disturbed mind. Actually, they remind me a lot of the writings of Ted Kaczinsky.

 

 

Breivik

Tarrant

Breivik Manifesto

Tarrant Manifesto

Formatting is not the only similarity that these two documents hold though. Tarrant actually copies Breivik’s style as well. In the much longer Breivik manifesto he drones on and on but finally toward the end has a Q&A with himself as a Justiciar Knight to describe what and why he is doing what he is doing. This is a direct attempt at self justification as well as a narcissistic pastiche about seeking others to emulate him as a warrior for the cause. In both cases they show the same pathology of attention seeking and self aggrandizement as rationalization for their actions and a call to others of like mind.

  • Both saw themselves as warriors in a greater war
  • Both have a need to be seen as a great actor in history
  • Both uploaded the manifesto just before actions
  • Both expected that these actions would be the lynch pin in causing a race war or cause great social changes

In addition to the manifesto’s and desires to be “great men” both actors had very specific needs to look and play the part of the warrior. What I mean here is that both nationalistically needed to be seen as well as heard. In this way, Breivik made the mold that Tarrant re-used and added to in his attacks. While Breivik did not live stream his attack, he did plan it and carry it out in a way that made him look and feel the part. Tarrant as well followed these visual and audio cues in his own way.

  • Breivik created/bought military uniforms to include full regalia
  • Tarrant created/bought a military uniform with added Neo Nazi black sun logo
  • Both use imagery and language concerning knights (Neo Nazi black sun in Tarrant’s equates to Wewelsburg and SS knights)

I would be interested to see if more of Tarrant’s writings and or images come out during his trial. This would add context to the comparison between the two actors actions and psyche’s. It seems that both planned for acquiring weapons and tactics much the same way, but, it is yet to be seen if Tarrant had any plans for bombs or had been working on or researching such things. My guess is that Tarrant lacked the patience for this and went for the quick hit instead. This is also visible in his shorter planning phase as well as his brevity in manifesto. It is also clear that Breivik’s hate was directed not only outwardly at Muslims or foreigners but also inward at his own country in his attacks and professions. Tarrant just went for the Muslims and the foreigner in a more spree killing modus.

Finally, I will cover the video that Tarrant live streamed. It is a hard thing to watch in total but it shows some cues that backstop this idea that Tarrant was really emulating Breivik down to some fine details.

  • Breivik wrote about using an iPod during the attacks to mute out the screams. This he said was to prevent him from losing his motivation
  • Tarrant played neo nazi music in the car and was dubbing this also over his video live feed
  • Breivik game-afied his attacks and played video games incessantly in preparation for the attacks
  • Tarrant did much the same making the video a “first person shooter” game with video as he gunned people down

It is pretty clear that Tarrant took Breivik’s model and upgraded it with the technology today of Facebook and a helmet cam. This I believe will not be the last time we see this kind of activity as the technology becomes even more ubiquitous. The question is then, how much amplification we will see with such attacks being footage that can be watched and re-watched online to activate others of like mind and mental states. It’s pretty clear that the motive of creating such videos is to activate others as well as get that 15 minutes of internet fame that the narcissist needs to sate them momentarily.

As a parting thought, I would also like to say that both of these men seem to have the same mental illnesses but I am afraid there isn’t enough evidence in the case of Tarrant as yet. Breivik clearly is a paranoid schizophrenic and I believe that was the diagnosis of him at trial. Tarrant’s history and a review of his mental status as yet to my knowledge has not been carried out and released to the public. I would be interested to see more of Tarrant’s history and biography to see if there are parallels as well. As of this date I know that Tarrant’s father died when he was ten years old but there seems not to be a similar history of mental illness as presented by Breivik even at an early age. Nature versus nurture is still a coin toss as far as I am concerned so there is still much to learn about Tarrant before we can make any pronouncements of mental illness. I will keep watching as more comes out but I thought this was an interesting set of circumstances to write about.

K.

Written by Krypt3ia

2019/05/24 at 13:37

OilRig Games: Dumping IOC’s, Tools, and Deets on Iran

leave a comment »

NARRATIVE:

On March 26th 2019 an account on Telegram named  لب دوخته گان (sealed lips) “Labdookhtegan1″ began dropping details on OilRig aka Muddywaters APT group on Twitter. The data that this account dropped consisted of names, details of the actors allegedly behind OilRig/APT34, and screen shots and details of compromised systems and tools being used by Iran. Since March the actors involved in dropping the dime have gone on to create two darknet sites as well as three accounts on Telegram where they dropped much of the same data. The Telegram and the successive Dookhtegan1 account(s) on Twitter also put out a video with their announcement. The video consists of clips of President Obama making a speech much like the kind of thing you see in movies threatening someone using sound bytes.

 

Analytics on Dookhtegan:

  • Dookhtegan لب دوخته گان “sealed lips” as an image and a maxim was the creation of Mehdy Kavousi, an Iranian immigrant in the Netherlands who is protesting immigrant deportations. The image is famous and literally shows Mehdy with lips sewn together in protest.
  • The original photo has been shopped by many including the actors here creating these accounts and dropping data
  • Dookhtegan is only one of many accounts
    • labdookhtegan
    • labdookhtegan1
    • Green_leaks
    • Green_Leakers
    • Bl4ck_B0x

  • The data drops all included Farsi commentary as well as English
  • The backstopping of the data is tied to actual compromised system addresses and files of malware
  • Interestingly, the translations of Farsi to English seem to imply that the writer is not a native speaker of Farsi

 

DATA DROPPED:

The data dropped by these guys is rather splashy. They have named names of at least six guys and two companies in Iran they claim are part of MOIS/IRGC actor group

  • Omid_Palvayeh
  • alireza_ebrahimi
  • mohamad masoomi
  • saeid shahrab
  • taha mahdi tavakoli
  • Noorsec —>Sec Company
  • Rahacrop –> Sec Company/School

All of the actors dossiers are included in my zipped drop below for you all to oggle. OSINT on these guys may come later but for now I am kinda meh, they are blown.

FILES DROPPED:

Labdookhtegan1 dropped many files as proofs of their work and outing of the IRGC. These included such things as passwords to compromised systems, tools they used, and other proofs to show IRGC activities on the following places of interest (see list pictured) The targets pretty much show activities in the middle east and areas that the IRGC would like to attack. Of course I am not seeing any US assets nor other areas, which, is rather interesting no? More on this in the context and timing section below….

I am currently looking at the technical tools and may have an update later on with tech details but for now, be happy with Uncle Krypt3ia’s gift of all the files and dox in one zip!

Tools, Techniques, and Assets

CONTEXT OF TIMING:

Right! So, the timing of these drops is rather convenient for the US huh? I mean, even as we speak Donny and his mustachioed pal Bolty are looking to maybe attack Iran for whatever reasons they have. The actors here try to make a case that perhaps they are in fact Turks, but I am kinda not buying that at all and the touches with “sealed lips” aka Mehdy Kavousi is also a nod toward some sympathy for Iranian immigrant feelings on deportation and feeling silenced. This too I am not buying, so once again that brings us back to the whole idea of “Cui Bono” and for me who really benefits here on so many levels would be America and the NSA perhaps or CyberCOMMAND?

So picture this… We decide to drop dox and TTP’s on Iran in the REGION as a means to blow IRGC out of the water and re-tool as we are ramping up for maybe some action in the region and we need, oh, let’s say, a receptive audience(s) in said region to help us were we to get kinetic with Iran. How’s that play for you all? It certainly plays for me. This is a stick that likely is dual edged and wins for us in my opinion. After all, the IRGC is in the regions playing their games as always, but the skinny recently is that IRGC messaged all their proxies and took them off the leash, and more to the point, in Iraq.

Think about that kids….

Say, didn’t we just pull out all our State folks from Iraq?

Why yes we did… Gee… WHO KNEW?!?!

Ponder that.

ASSESSMENT:

Overall these are interesting times and if you are in the game here and want to have all the fun bits, download the zip file with all the things. You’re welcome. I am glad to put it all in one place for you to have instead of playing games with all the companies out there trying to get you to buy their content while hiding the good shit behind a paywall. My assessment is this, that the players have been exposed, the companies they work for have been blown, and we all likely have much more to dig into now and coming soon. In fact a little birdie told me about a new dump this morning (yes it is in the zip file) so WHEEEEEEE!

Watch Iran and the region… I have a bad feeling.

K.

 

PS! I almost forgot.. I found some of the malware online in VT/Hybrid

https://app.any.run/tasks/a74d0d54-a996-4ae0-979f-675bbdd3bbad/

https://app.any.run/tasks/69ad1f9f-9dc4-475e-8762-b31283f314f1/

https://www.hybrid-analysis.com/sample/3c0c58d4b9eefea56e2f7be3f07cdb73e659b4db688bfbf9eacd96ba5ab2dfe5/5cdabffa028838cc0ea26b0a

Enjoy!

PPS! Almost forgot.. These cats even created a LinkedIN page for one of the burned!

Screenshot from 2019-05-09 10-29-37

*giggle*

Written by Krypt3ia

2019/05/16 at 14:03

Posted in APT, APT34, Infowar, Iran, OilRig

Phone Hacks Or Intercepts: Bezos’, Pecker, Sanchez, MBS, A Pragmatic Approach

leave a comment »

This whole thing about the Bezos’ dickpics is running amok in the media with panel after breathless panel dribbling on ad nauseum. Wanking on over whether or not a nation state secret service intercepted those texts and photos or if AMI (The National Inquirer) hacked them with the help of sleazy private investigators and or the brother of the mistress has me apoplectic every time it’s thrust in my face on the news. I finally decided to put this post together with some sense making to counter all the stupid out there. Of course the funniest thing about all of this though is that I have yet to see any of the hacking talking heads that usually show up like Dave Kennedy being dragged out to assess how easy or hard it would be to just hack a phone or an account. Who knew they would not be clambering to get more news cycle attention to pimp their services huh? Anyway, let’s do a little dive into what Bezos likely has as a phone, how easy they are to hack, and how likely that a bad actor like MBS and his secret services, a paid group, or just the brother of the mistress with a grudge were the culprits shall we?

What phone does Bezos likely have and how hack-able is it?

According to the babbling of the news media, claims have been made that Bezos has security and as such his phone is likely harder to hack. Well, let’s put that to the test and see. I did some looking and as of 2017 he was still using a Fire Phone, his own product and that runs on Android. A little more Googling and you can see that it had seven vulns that included DoS and overflow attacks in 2018

FireOS is based on Android 4.2 JellyBean and that had a host of vulnerabilities as well. So unless Bezos was using some super secret hardened version of JellyBean or FireOS then it is likely that even with iterations today he might have, it is still quite hack-able in all reality. So with that information one has to wonder at all this reporting that it HAD TO BE a nation state or that this was some exotic attack on a hard target.

Sorry, no.

INCONCEIVABLE!

Meanwhile, if indeed Bezos had another phone, he was spotted before with ANOTHER  model of phone (Samsung) which also uses Android as it’s base operating system. If you are in the hacking or security community, then you know that Android is a hot mess security wise because Google could really give a fuck, so there you  have it. Unless Bezos decided to get a Black Phone (which still had issues) I am gonna say it would not be hard to hack him with a phish with a bad .apk file and own him.

Sorry media, go home, you’re drunk again.

The facts are that unless Bezos got his hands on an NSA encrypted and hardened phone like the one that Obama had (which was Blackberry) then it is likely trivial to attack his phone and own him. That’s the fact and everyone should take that into account when listening or watching these talking heads on TV. Of course, this is not to say that it wasn’t MBS or minions he hired or AMI that did this because these are TRIVIAL hacks and one could pay easily for someone to do it. It would not take the NSA or that level of nation state access intercepts to get the data Pecker has.

What are the odds that a bad password(s) and an automatic backup to the cloud are responsible here?

Right, so what about bad passwords? I mean hell, Manny’s password to all his secret bad dealings was “bond007” right? So is Bezos using a good password vault with 16 character passwords and rotating them often? Well, I cannot say, but what I can say is this; “security is hard and OPSEC is even harder for regular people” This means that it is entirely possible that Bezos password could have been weak and he may not have changed them as regularly as might be needed for someone who is a higher risk target right? I am sure he has minions and possibly a security detail, but, think about this, would you want your security detail to have your password to your dickpic mistress phone?

This also brings up another question…. Did he have a mistress phone? Something separate from his regular phone and hidden so the wife would not see? You have to ask yourselves this question as well when thinking about this whole “affair” right? Let’s say Bezos bought a burn phone and used that instead of his primary phone to send his dickpics and stupid stupid texts mooning to his side piece? It’s not something you would really want to have laying about for the wife to find and nothing that could be directly tied to you in some ways, I mean sure he sent photos of himself, not just his junk, so yeah, not the greatest OPSEC there either. But would such a phone have less security because it was not hardened by the security detail?

Hmmmm….

Either way, passwords and access to Google (since I think he is still using Android) is problematic and unless he had all the 2FA turned on and alerting, he could have easily been pwned due to his own stupidity with passwords and access security.

What are the chances that physical access to the mistresses phone are to blame?

Ahh this mistress… Well all of the things above could play with her as well. It could have also been physical access to the phone by others as well. Let’s face it, Sanchez could have been using her dogs name as a password to all her accounts for all we know. She is the weakest of weak points as far as I am concerned in the security picture in this story. It seems that a running theme in the story seems to be that the mistresses brother is tied into the Trump camp and its acolytes so there is a chance that he accessed her phone either physically or perhaps he had a password to gather the details and leaked them to AMI.

Think about that though….

You would have to be one cold bastard as a family member to hack into the sister’s phone and dump pics that seem to include some nudity on her part as well to AMI right? I mean that is some serious pathology there. Keep that in mind further down this post ok? *turns over standing presentation board with pics and yarn connections* So yeah, it could be the brother, or it could be anyone who had proximity to the phone and a desire to carry out this attack on her and Bezos.

I am unaware of what phone the mistress is using but I am willing to bet that she is not as security conscious as Bezos might be. It could even be that Bezos and her both had burn phones that were insecure, who knows right? Suffice to say that the mistress and her electronics hygiene may have in fact been the vector of the leak and everyone has to take that into account even if you are thinking that this was carried out by nation state actors like MBS or Russia. It would be a soft target campaign with phishing, physical access, and stupidity that would win the day and would not take that much effort really.

Was it a nation state intercepting Bezos and just handed this over to Pecker and AMI?

Speaking of nation state actors here’s the deal…

It’s quite possible. It would likely be trivial to attack the weak link (mistress) and gather all the intel. In fact, let’s suppose the nation state actors did do this, it would not only be dick pics that AMI might have. It is possible that they also have audio and video captures of phone calls and the like as well. How do we know that Bezos and the mistress didn’t make any videos together as well? Or perhaps little videos for one another?

Ponder that one too.

The fact of the matter is that nation state, hired hackers, or sleazy PI’s could all have done this and all have passed on even more dirt to use against Bezos and his mistress and it all sits somewhere in a safe on an external hard drive right? All I am saying is that there may be more to come in the future if at some other time AMI and or others decide to go nuclear on Bezos. I will sit back and watch the fires burn and sip my whiskey when it all comes down. At the end of the day it cannot be said that it wasn’t a nation state that did this and there are hints and allegations that AMI might have that avenue of interest with MBS and Saudi to have made this happen.

My biggest problem though with that is that it was so fucking hamfisted in it’s being carried out that makes me wonder if it wasn’t just AMI doing what they have been doing since they started their yellow journalism agitprop fuckery. I would hope that a nation state would be smoother than; “It would be a shame if something happened to that marriage you have there” but hey, we are in the Trump era of thuggery and clown cars full of Russians right? So yeah, entirely possible it was MBS in the conservatory with AMI and a phone hack. Time will tell though, but let’s not make this into a James Bond epic huh?

What are the chances that this was a honey-trap?

Ok, breaking out the muder conspiracy board here for the fun of it…

What if, just what if, this was a honeytrap? What if the mistress is like the brother and a Trump supporter? What if this was all a trap to get Bezos to back off by AMI and others using this woman wittingly or unwittingly? I mean, it is possible isn’t it? I am not saying it is likely but I am just gonna put that out there for you all. If I were looking to damage an adversary (perceived) like Bezos I might just hire hookers and get the good on him in a hotel that’s been wired, of course it would have to be a situation that Bezos doesn’t have a TSCM team sweeping rooms before he stays in them and such but yeah, that would be one way. Another might be to leverage someone in the orbit or put someone in the orbit who he can be enticed by and get the goods on him that way…

Ya know… like what we are seeing play out here right? This is exactly the sleazy way that espionage is carried out on the nation state level (blackmail) as it is on the AMI level of play. So this is not an impossibility. Is it likely in this case? Well, what do we know about Sanchez anyway? I guess a deeper look into her and her brother might be in order and is likely being done by the likes of the FBI right about now.

Giggity.

But yeah, with all the hyperventilation going on in the media, this is a possibility and I cannot just wipe this away as a not a thing.

Time will tell.

Forensics or GTFO!

Finally, I would like to once again yell at the media FORENSICS OR GET THE FUCK OUT! I would like to see some evidence that points to nation state hacking or intercepts of Bezos and the mistresses accounts or phones. Will we ever see this data? Well, who the hell knows really but it won’t stop me from yelling this out every time the media breathlessly makes claims that exotic espionage has been carried out on alleged hard targets who use Android phones!

STAAAAAAHHHHP

I eagerly await some evidence in this case but I don’t really expect any. I will keep an eye on it all but at the end of the day I just wanted to put this out there. It is not super secret nation state shit level stuff going on here. It may in fact be leveraged by MBS and his people but it is not something along the lines of them using SS-7 on Bezos and his mistress right?

Right?

Oh right, need forensics for that…

Derp.

K.

Written by Krypt3ia

2019/02/10 at 14:53