Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for March 14th, 2010

Iran arrests 30 accused of U.S.-backed cyber war

leave a comment »

(CNN) — Iran has arrested 30 people for waging what it called an organized, U.S.-backed cyber war against the nation, Iran’s semi-official Fars news agency reported Saturday.

Iran’s judiciary said those arrested were funded by the United States beginning in 2006 and that they planned to destabilize the country, according to Fars.

A State Department spokesman declined to comment on the report Saturday night.

The Iranian judiciary said that former President George W. Bush supplied $400 million for the cyber war project, Fars reported.

One branch of the project, dubbed the “Iran Proxy,” was capable of infiltrating Iran’s data banks, sabotaging its Web sites, and facilitating contacts between Iranian opposition figures and U.S.-funded media like Voice of America radio and Radio Farda, according to Fars.

The judiciary also said the United States used anti-filtering software during recent demonstrations against the Iranian government to wage psychological war against the nation, Fars reported.

Iranian media reported last month that individuals alleged to have ties with Radio Farda — which means Radio Tomorrow in Iran’s Farsi language — were among seven arrested by the Iranian government.

I just don’t buy any of this crap Mahmoud. I think this is more likely a pitiful attempt to explain away more arrests of dissidents in your country. There are a few reasons why I don’t buy it.. Let me explain;

1) You’re a liar and completely out of touch with reality Mahmoud

2) You and your hard line religious freaks just need excuses to make people who want freedom or more to the point, an honest election, disappear

3) $400 million to fund a program to get comms together for your detractors? Really? All they really would need is TOR and Gmail man

4) Umm if we want to infiltrate your databanks all we need to do is call the NSA

So Mahmoud, your really stretching here aren’t you?

CoB

Written by Krypt3ia

2010/03/14 at 17:30

Security experts: Don’t blame Internet for JihadJane and other recent terror scares

with 2 comments

By Michael Booth, The Denver Post
Published: Saturday, March 13, 2010 11:15 PM EST

It’s not the Internet. It’s the unstable surfer at the keyboard that constitutes the threat.

Internet terrorism and crime experts hedged their outrage when reacting to the arrest of Leadville’s Jamie Paulin-Ramirez, who was released Saturday without charges. Yes, they said, the Internet provides ample opportunity for disgruntled, lonely or violent people to meet up for criminal ends.

But social media, from chat rooms to Facebook, have become so widespread they are no more or less dangerous than society as a whole, these Internet observers said. And the technology cuts both ways: If alleged plotters like Paulin-Ramirez and “Jihad Jane” are using the Internet to plan crimes, rest assured law enforcement and watchdog groups successfully employ the same tools to foil them.

“Anyone who is trying to use the Internet for crime is falsely under the illusion that they are anonymous and won’t get busted,” said Steve Jones, author of “Virtual Culture” and a professor of communication and technology at the University of Illinois-Chicago. “Consider it an Internet-based `neighborhood watch.’ I’m not more concerned about the Internet than I am about the rest of the world.”

Internet connections can make for notorious nicknames and chilling chat-room transcripts, but the method of communication may not have that much impact on terrorism, said Jeremy Lipschultz, an expert in communications law and culture at the University of Nebraska-Omaha.

The rest HERE

Ummm yeah, Steve, you seem to be misunderstanding the problems faced here. Sure, there are people like me and others out there cruising the boards, but, the “authorities” are kinda behind the curve on this stuff.

Believe me Steve, I know. I have had dealings with the authorities.

So, yes, if you are on the internet and looking to do bad things AND you don’t know how to be stealthy, sure, eventually, you will be caught. However, if you are careful and you know what you are doing, then it may take some time if at all to be caught.

Case in point, look at our whole APT and cyber security debacle ongoing in the US. The CyberShockwave CNN mess is just the tip of the digital iceberg when talking about how inept our government and its minions are in dealing with the problems in cyberspace.

Better yet, lets look at the 559 million dollar haul recently cited by the FBI taken by cyber criminals. Any clues? Suspects? Not like they can round up the usual crew huh? It’s just not that easy with our current infrastructure to capture traffic and catch those who were committing the crime. Nor are the cops, even the Feds up to the task of trying to capture these offenders.

Here’s a quote for you from a recent exchange I had with the FBI:

“I don’t know anything about this stuff.. I do drug cases”

This from a field agent tasked with looking into a cyber oriented incident. What I am saying here is there is a big gap and the criminals and jihadi’s are using that to the most.

So Steve, you obviously don’t have a clue about cyber security issues. The real ones to worry about surely aren’t the guys and gals just using chat groups to talk to Jihadists, these “Jihobbyists” but let me remind you, it was a group of guys who were NOT cops or feds, that caught on to Jane and then reported her. Of course all of this AFTER she had activated and tried to whack a cartoonist. An act in which she failed mind you.

Oh, and Steve, did you know she was doing all this on YouTube? I mean really, just how friggin sooper sekret is that huh?

Duh.

Were Jane and others out there tech savvy or trained to be, they could be much more dangerous. In fact, the moniker “jihobbyist” has taken a turn in meaning. You see, the feds thought of Jane and others as “mostly harmless” but, as you can see they were wrong.

No, worry about the Jihadi’s who are technically savvy and trained in computer skills who know how to use a TOR router, encryption, email dead drops, etc. Those are the ones to worry about because even if one of us non cops are watching, we may not catch on.  Never mind the cops/feds who are playing catch up.

CoB

How To’s on M3-vb.net

leave a comment »

M3-vb.net

Social Engineering and Phishing attacks agsinst nuclear facilities and networks. It seems like something that you really only lately heard of in regard to “cyberwar and APT” Well, I have news for you, the Jihadis are looking at the same problem and trying to use our own RSA conference data to do it.

One has to wonder at times about the findings and vulnerabilities that are published out in the world. Can they, or will they, be used against you before they are fixed? And in the case of such things as nuclear facilities, will the fixes be made any time soon? I mean, how many times have we read that the government and private sectors are, shall we say “lacking” in information security areas?

These guys have been thinking about this at least since 2008/2009…

From M3-vb.net

What are the potentially devastating effects of electronic attack against a nuclear reactor? و هل يمكن حقا اختراق النظام الإلكتوني لمفاعل نووي بعملية social engineering ؟ And you can really penetrate the system for a nuclear reactor Aliketoni process of social engineering?


البارحة في مؤتمر RSA 2008 تمت مناقشة هذا الموضوع تحديدا! Yesterday at the RSA 2008 conference was specifically on the topic!


و مداخلة أحد أبرز الخبراء في الميدان سلطت الضوء على أحد المشاكل الساخنة في عصر الإنترنت : الحماية الإلكترونية للمنشآت الصناعية! Intervention and one of the leading experts in the field highlighted the hot one of the problems in the Internet age: Protection of electronic industrial facilities!
Ira Winkler المدير العام لشركة ISAG Ira Winkler, general manager of ISAG


أبرز البارحة لجمهور San Francisco كيفية اختراق النظام الإلكتروني لمفاعل نووي! Highlighted the public yesterday to San Francisco how to penetrate the electronic system for a nuclear reactor!

حسب الخبير فإنه من السهولة “المرعبة” إمكانية اختراق سيرفرات التحكم و السيطرة لمفاعل نووي عبر خطوات و مراحل قليلة! According to the expert, it is easy “dreadful” the possibility of piercing servers control and control for a nuclear reactor through the steps and through a few stages!

Full page captured and translated HERE

As you can get the gist here, the jihadists have been paying attention to the RSA conferences and especially thinking on how they can attack a nuclear facility. Oddly enough, a recent capture of an American “jihobbyist” made the news because he had worked at five nuclear sites as an employee. It seems that they really want to make a nuclear dirty bomb happen at the very least. At the very most, they want to get their hands on some fissile material.

This is something that OBL has wanted and made no bones about since the beginning. So, anyone thinking that these guys are backward and incompetent might want to re-think this. Imagine a hack attack against a nuclear facility for whatever ends they have in mind. By using the social engineering skills and the technical skills to craft some malware laced emails, they could indeed cause some problems at a nuclear facility. At the very least, they could sow the seeds of doubt about the security of the plants as well as the nations huh?

Meanwhile, the guy who brought you the nuclear material also posted the following treatise on:

Choosing Mujahid Warriors

The second interesting find on the M3 site was a recruiting psychology and preparation tutorial. This little tutorial and links were put up to teach others how to recruit shahid into jihad.

First: How to choose who you want to invite him to be a draft Mujahid

Full translated text HERE

This of course is prescient today as we have seen the recruitment efforts going up on the jihadist boards. They have been making all attempts to bring in non Muslim looking shahid as well as women so this article gives them the psychological tools to choose them. Obviously they have been thinking about this a bit. Welcome to Jihadi psy-ops kids.

What this tutorial seems to be lacking is the psychological aspects of getting the “loner misfit” to come to Jihad and become a shahid. I am sure though that that lesson is in the links that were provided by this user at El-Eklass. The site seems to be missing but can be found in cached forms out on the web. As well the links to megashare and the like too, have either been moved or taken down, but, with a little looking I am sure you can locate the full documents.

Full How To Links Translated HERE

OSINT Material from M3-vb.net

By taking clipboard captures of the users names in Arabic, I was able to Maltego them and see where they had been posting as well as mentioned.

User: The Son’s of Al-Qaeda.png

User: Palestinian Abu Malik.png

User: Lion of Jihad.png

The Lion of Jihad has been a very busy boy indeed. I will be following those links later on and see what I can get at. I also noticed some new sites in there that I will be archiving and testing in the near future.

The site M3-vb.net is surprisingly not mirrored like the other sites I usually see and as you can see from the picture at the top of this post, sits in Malaysia. So, not much can be done in the way of taking this site down, but I am sure is watched regularly by the authorities.

Just as an aside: In this case a Jokey attack would actually bring down the site for.. 30 minutes.. Of course, that still would be useless and hapless, but that’s Jokey… but I digress…

In the end, I have begun some more technical assessments of M3 as well as Al-Faloja and will be posting those findings once I have them all done. Inasmuch as I have looked, they are running some insecure protocols and might be exploitable.

//END



Written by Krypt3ia

2010/03/14 at 00:13