Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for January 22nd, 2009

From Livejournal: Throwingstardna

leave a comment »

Yes, He Did:

  • Obama rescinded Bush’s 2001 executive order allowing former presidents, vice presidents, and their heirs to claim executive privilege in determining which of their records get released to the public. Even better, he’s requiring the signature of both his White House counsel and the attorney general before he can classify a document under executive privilege.
  • Issued a memorandum to all executive agencies asking them to come up with a new plan for open government and complying with FOIA requests. He is also instructing three top officials, including the U.S. attorney general, to come up with a new policy on open government. The new policy would replace the existing policy, infamously set by a 2001 memo from John Ashcroft that instructed federal agencies to essentially to take every measure they can to refuse FOIA requests.
  • Put a freeze on the salaries of top White House aides.

And:

Moving quickly to reverse his predecessor’s policies on the treatment of terror suspects, President Barack Obama on Thursday signed an executive order to shut down the Guantanamo Bay prison within a year.

He also signed an executive order to require that all U.S. interrogations of terror suspects must now conform to the U.S. Army Field Manual, a move meant to restrict what the CIA can do. The presdient created an interagency task force to advise him on detainee policy.

In addition, the man tapped to oversee U.S. intelligence is promising Congress there will be no torture, harsh interrogations and warrantless wiretapping on his watch.

Excellent start…

Written by Krypt3ia

2009/01/22 at 23:39

Posted in Friends, LiveJournal

Tasty Blackberry!

with one comment

Thursday, Jan 22nd 2009 by Vincent Nguyen

Just because you’re one of the most power person in the world does not mean that you can use whatever phone you want.  So will President Obama get to keep his Blackberry?  The short answer is “maybe” pending approval from NSA.  CNN contacted NSA inquiring whether the agency will approve the super-secret $3,300 Blackberry and was directed to the White House which wouldn’t say which device the President has.

mvi_0075avi-480x333

What makes this Blackberry so special?  Well, for starters, it’s one of the most expensive Blackberry in existence and on top of that, it’s not available for normal folks like you and I.  Pres. Obama’s Blackberry, is actually two Blackberry devices in one, made by General Dynamic.  It’s unclassified PDA that can go out to the Internet to sites like Weather.com or check flights, and with a click of a red button, the device switches over to a classified website granting access to secret emails or secret websites.  Making phone calls comes in two modes; non-secret and secret mode with a click of the red background and it’s a top-secret phone.

While this new device addressed a lot of the security concerns, we’ll have to see how this plays out.  I’m left with questions like does it have a self or manual destruct button in the event of loss or being stolen?  There was no mention of finger print scan for access.  We’ll stay on top of this and get back with you as soon as we hear more.  For now, enjoy CNN’s inside look at the device

Me likey… Though I have to wonder about the function on this puppy. It must have two RIM BB servers that it works off of as well as some heavy duty crypto capability onboard as too!

Written by Krypt3ia

2009/01/22 at 23:28

Posted in Uncategorized

229 million in British Pounds…

leave a comment »

Hackers tried to steal hundreds of millions from bank

An international gang plotted to steal £229 million from customers’ accounts at a leading bank by hacking into computers, a court was told yesterday.

A security supervisor smuggled two Belgian computer hackers into the London offices of Sumitomo Mitsui Banking Corporation by pretending that they were friends who had arrived for a game of cards. The hackers installed spy software that recorded employees’ names and passwords at the bank’s European headquarters in the heart of the City, Snaresbrook Crown Court was told.

They visited the offices several times to retrieve the security information before returning one weekend to transfer the money to accounts controlled by accomplices in Spain, Dubai, Hong Kong and Singapore, it was alleged. When Sumitomo Banking staff arrived at work on Monday morning, they found that their computers had been tampered with, the jury was told.

The scheme was foiled because the hackers failed to fill in one of the fields in the Swift system used to make money transfers.

Kevin O’Donoghue, 34, of Birmingham, a bank security supervisor, and the hackers Jan Van Osselaer, 32, and Gilles Poelvoorde, 34, both from Belgium, have admitted their roles in the conspiracy.

Yesterday a man accused of setting up the international money laundering for the funds, and two alleged accomplices, denied being part of the plot.

Simon Farrell, QC, for the prosecution, said: “The case concerns a dishonest, bold and sophisticated attempt in October 2004 to steal £229 million from the Sumitomo Mitsui Banking Corporation in the City of London. The attempt was made by surreptitiously entering the bank at night, by corrupting its computer system and by attempting to electronically transfer the money.”

When O’Donoghue was challenged by a colleague about the visitors, he claimed that they were friends who had come over for a game of poker, the court was told. He was arrested on the day that the plot was discovered.

Mr Farrell said that the security supervisor had tried to cover up the hackers’ visits by tampering with the bank’s closed-circuit television system, but that he failed to eradicate all evidence: “snips” were recovered from the recordings showing him letting the men in.

Belgian hackers were said to have entered the bank several times in September 2004 to install software that recorded pictures of information on computer screens, details of keystrokes and of users’ security details. Mr Farrell said: “The plan involved the secret uploading of keylogger software from the bank’s computers. This software has the effect of recording activity carried out by users in the course of their everyday business at the bank, including log-on names and passwords.”

Early one Saturday morning in October the hackers returned to the bank’s City offices and attempted to transfer the money using the stolen security information. The accounts targeted were said to include those of Toshiba International, Nomura Asset Management, Mitsui OSK Lines and Sumitomo Chemical.

When the money did not transfer successfully they returned to the bank that afternoon for a second attempt. In total they attempted 21 transfers, the jury was heard.

Mr Farrell said: “When the bank staff returned to work on Monday it was clear something was wrong with their computers and the network cables had been taken out.”

The foreign bank accounts set up to receive the money had allegedly been organised by two British businessmen, Bernard Davies and Hugh Rodley. The men allegedly put up David Nash and Inger Malmros to front some of the companies and bank accounts set up to receive stolen funds. The court was told that Mr Rodley’s company Mediatel, based in Mayfair, was “inextricably linked” to other companies used in the attempt to transfer the money.

On the Sunday after the attempted transfer Mr Rodley and Mr Nash had sent a fax from a Cheltenham video-shop to the Emirates Bank in Dubai to find out if the funds had arrived. They then went to the Canary Islands, where they continued to try to retrieve the money, it was alleged.

Mr Rodley, 61, of Tewkesbury, Gloucestershire, Mr Nash, 47, of Durrington, West Sussex, and Mr Malmros, 58, of Sweden, deny conspiracy to defraud and conspiracy to transfer criminal property between January 1 and October 5, 2004. Mr Davies, 74, of Surrey, died before the trial began.

The trial continues.

They had a plan, they had the accomplices, and they had the will. What they didn’t have was a sense of “swift” heh. It seems that these guys may have been able to pull off the scam “if” they had not fubar’d the entry of one field in SWIFT a number of times. I do think though, that the hardest part would have been the liquidation/laundering of the money once they actually got to a bank to withdraw it.

You have to hand it to them though. They took the novel approach of physical penetration of the target to get in and install keyloggers as well as get them out again. Once again, had they not messed up the SWIFT, then no one would have been the wiser right off the bat. All in all not a bad plan, just poor follow through.

B+ for effort

F for follow through

A for creativity of the scam

Written by Krypt3ia

2009/01/22 at 22:50

Posted in Cyber, Infosec, Security

CYA: Leaking RED TEAM info to TSA

leave a comment »

Exclusive: Covert Operations Used to Identify U.S. Security Vulnerabilities Leaked to TSA?

Recently, concerns have arisen as to whether top management at the U.S. Transportation Security Administration

were negatively impacting the results of “red team” (covert) operations by leaking information to security screeners at the nation’s airports in advance of covert security testing operations.

The Government Accountability Office’s Forensic Audits and Special Investigations team, which was created in 2005 as an interdisciplinary team consisting of investigators, auditors, and analysts, conducts covert tests at the request of the Congress to identify vulnerabilities and internal control weaknesses at executive branch agencies.

These vulnerabilities and internal control weaknesses include those that could compromise homeland security, affect public safety, or have a financial impact on taxpayer’s dollars. FSI conducts covert tests as “red team” operations, meaning that FSI does not notify agencies in advance about the testing.
FSI has strict internal procedures related to the planning, execution, and reporting of covert activities.
First, FSI and senior GAO management decide on a case-by-case basis whether engagements requiring covert tests are within the scope of GAO’s authority. Next, FSI identifies the aspects of the security system or the government program that are particularly vulnerable to terrorist threats or fraudulent activities and relies on the experience of its investigators to develop a written investigative plan.

This plan typically includes the creation of fictitious identities and counterfeit documentation. All counterfeit documents that FSI uses are manufactured using hardware, software, and materials that are available to the general public — this allows FSI to demonstrate that any security vulnerabilities it finds could be exploited by a criminal or terrorist with moderate means and resources and would not require sophisticated insider knowledge.
FSI’s investigators are the only GAO staff allowed to participate in the execution phase of testing, although audit and analyst staff are often involved in planning and operational support. If investigators discover vulnerabilities that pose a significant and immediate threat to public safety, FSI immediately will discontinue its investigation and alert the appropriate government law enforcement agency.

Once the operation is complete, FSI conducts a “corrective action briefing” with officials at the tested entity to report that they have been the subject of a covert operation, share the results of the testing and, if necessary, suggest potential remedies for any identified control weaknesses or security vulnerabilities.
The following summarizes recent FSI red team operations:

Using counterfeit documents and posing as employees of a company with a Nuclear Regulatory Commission license, FSI investigators successfully crossed the US northern and southern borders with the type of radioactive materials that could be used to make a dirty bomb.

Posing as private citizens, FSI investigators purchased sensitive military equipment – including ceramic body armor inserts, guided missile radar test sets, and microcircuits used in F-14 fighter aircraft — on the Internet from the Department of Defense’s liquidation sales contractor.

Using bogus driver’s licenses, FSI investigators successfully gained entry to all 24 Department of Transportation regulated urine collection sites that FSI tested, which are responsible for providing drug testing of commercial truck drivers in safety sensitive transportation positions.

Using false documents and an erroneous IRS taxpayer identification number, FSI pretended to be a charity and successfully applied to three of the Combined Financial Campaign’s local 2006 campaigns.

Seems to me I remember not so long ago hearing about a GAO investigation into how certain nuclear facilities were made aware of the red team events upcoming and thusly armed up and became “vigilent” for the teams. A secondary visit though showed that they were complete ass clowns and were not protecting the nuclear fuel and waste in a commensurate fashion to their needs.

So, does it seem so inconcievable that these minimum wage TSA wankers would do anything else but CYA any way they can? I mean, we all have been through the airports and seen the “qualified applicants” that the TSA has harvested to “secure” our airports. Face it, where TSA is concerned we are screwed. Last report I saw TSA failed at least 2 out of three times at detection and prevention of simulated explosive devices getting through their gauntlet at our aiports.

Without a real effort at training and keeping people on the sharp edge here, then this is all just “security theater”… Nothing more.

Written by Krypt3ia

2009/01/22 at 11:04

Posted in .gov, Security, Terrorism

Al Qaeda Maghreb in Algeria: 40 Qaeda Dead From Plague

leave a comment »

Y-Pestis

Y-Pestis

Plague claim makes al-Qaeda new priority

Peter Goodspeed,  National Post Published: Wednesday, January 21, 2009

Seven years after they transformed George W. Bush’s presidency, al-Qaeda terrorists are pushing to the top of his successor’s priority list.

The very day Barack Obama was sworn in as president, warning Americans “our nation is at war against a far-reaching network of violence and hatred,” there were reports an al-Qaeda affiliate recently abandoned a training camp in Algeria after 40 terrorists died from being exposed to the plague during a biological weapons test.

The report, which first surfaced in the British tabloid newspaper The Sun, claims members of al-Qaeda in the Land of the Maghreb (AQLIM) hurriedly abandoned their cave hideouts in Tizi Ouzou province, 150 kilo-metres east of the Algerian capital Algiers, after being exposed to plague bacteria.

The newspaper said they apparently became infected while experimenting with biological weapons.

Algerian security forces discovered the body of a dead terrorist alongside a road near the abandoned hideout.

U. S. intelligence officials, speaking anonymously to The Washington Times newspaper yesterday, could only confirm the sudden base closure after an unconventional weapons test went wrong.

The officials said they intercepted an urgent communication in early January between the AQLIM leadership and al-Qaeda’s top leaders in the tribal region of Pakistan. The Algerian terrorists said they were abandoning and sealing off a training area after a leak of a chemical or biological substance.

AQLIM, once known as the Salfist Group of Call & Combat, is one of the most radical and violent Islamist groups operating in North Africa. It has ties to Moroccan terrorists who carried out the 2004 Madrid train bombings and bombed the UN headquarters in Algiers in 2007, killing 41 people.

There are two types of plague. Bubonic plague, which is spread by bites from infected rat fleas, killed a third of Europe’s population in the 14th century, but can now be treated with antibiotics. Pneumonic plague is less common but more deadly. It is spread, like the flu, by airborne bacteria, and can be inhaled and transmitted between humans without the involvement of animals or fleas.

For years, U. S. Defence Department officials have warned al-Qaeda operatives have been actively pursuing sophisticated biological weapons research.

News of the latest al-Qaeda threat broke as two million people crowded into Washington’s National Mall to witness the inauguration of Mr. Obama. It also came four days after Mike McConnell, U. S. director of national intelligence, said Osama bin Laden’s third eldest son and heir apparent, Saad, has been released from house arrest in Iran.

The 27-year-old, who was groomed by his father to assume a leadership role in al-Qaeda, had been detained since after the 9/11 terrorist attacks.

U. S. intelligence forces say during his detention, Saad bin Laden was allowed to continue to operate. He played a prominent role in ordering a 2002 suicide bombing of a Jewish synagogue in Tunisia, commanded a series of bombings that killed 45 people in Casablanca, Morocco, in May, 2003, and sent suicide car bombers who killed 35 people in Riyadh, also in May, 2003.

During his final news briefing of the Bush administration, Mr. Mc-Connell said Saad bin Laden is now “probably in Pakistan.” His departure might suggest al-Qaeda is moving to consolidate its leadership in territory under its control in Pakistan.

I have to say that this story is worrisome on a few levels. First off, just where did they get hold of the Y-Pestis in the first place? I know that  Biopreparat had some as also we did here in the states for biowarfare studies, but, I had thought it had been secured. I guess we will have to see (if we ever do) if the smears taken from Algeria match any known strains that we or the Russians worked on. Perhaps it is just natural and they cultivated it. as Algeria is known as a place it is common. Outbreaks have occurred there recently and they likely just got a body or something to use to collect the bug.

What this really says though is that they are more than likely well on their way to potential deployment of this bug as a bioweapon… Consider this then, they infect some of their boys and let it incubate. They then send them on flights to other countries. If they do in fact get some shaheed to infect themselves, then they likely could make good small impact bioweapons. Of course, if they have tampered with the bug at all, or got their hands on re-engineered Y-Pestis, then it could be much much worse. Imagine something along the lines of what Ken Alibek worked on in Biopreparat.

So, if this bug was something that got out of say Russia from their programs, then we could have a real problem on our hands….
Stay tuned…

Written by Krypt3ia

2009/01/22 at 00:48

Posted in CBRN, Qaeda, Terrorism