(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

How To’s on

leave a comment »

Social Engineering and Phishing attacks agsinst nuclear facilities and networks. It seems like something that you really only lately heard of in regard to “cyberwar and APT” Well, I have news for you, the Jihadis are looking at the same problem and trying to use our own RSA conference data to do it.

One has to wonder at times about the findings and vulnerabilities that are published out in the world. Can they, or will they, be used against you before they are fixed? And in the case of such things as nuclear facilities, will the fixes be made any time soon? I mean, how many times have we read that the government and private sectors are, shall we say “lacking” in information security areas?

These guys have been thinking about this at least since 2008/2009…


What are the potentially devastating effects of electronic attack against a nuclear reactor? و هل يمكن حقا اختراق النظام الإلكتوني لمفاعل نووي بعملية social engineering ؟ And you can really penetrate the system for a nuclear reactor Aliketoni process of social engineering?

البارحة في مؤتمر RSA 2008 تمت مناقشة هذا الموضوع تحديدا! Yesterday at the RSA 2008 conference was specifically on the topic!

و مداخلة أحد أبرز الخبراء في الميدان سلطت الضوء على أحد المشاكل الساخنة في عصر الإنترنت : الحماية الإلكترونية للمنشآت الصناعية! Intervention and one of the leading experts in the field highlighted the hot one of the problems in the Internet age: Protection of electronic industrial facilities!
Ira Winkler المدير العام لشركة ISAG Ira Winkler, general manager of ISAG

أبرز البارحة لجمهور San Francisco كيفية اختراق النظام الإلكتروني لمفاعل نووي! Highlighted the public yesterday to San Francisco how to penetrate the electronic system for a nuclear reactor!

حسب الخبير فإنه من السهولة “المرعبة” إمكانية اختراق سيرفرات التحكم و السيطرة لمفاعل نووي عبر خطوات و مراحل قليلة! According to the expert, it is easy “dreadful” the possibility of piercing servers control and control for a nuclear reactor through the steps and through a few stages!

Full page captured and translated HERE

As you can get the gist here, the jihadists have been paying attention to the RSA conferences and especially thinking on how they can attack a nuclear facility. Oddly enough, a recent capture of an American “jihobbyist” made the news because he had worked at five nuclear sites as an employee. It seems that they really want to make a nuclear dirty bomb happen at the very least. At the very most, they want to get their hands on some fissile material.

This is something that OBL has wanted and made no bones about since the beginning. So, anyone thinking that these guys are backward and incompetent might want to re-think this. Imagine a hack attack against a nuclear facility for whatever ends they have in mind. By using the social engineering skills and the technical skills to craft some malware laced emails, they could indeed cause some problems at a nuclear facility. At the very least, they could sow the seeds of doubt about the security of the plants as well as the nations huh?

Meanwhile, the guy who brought you the nuclear material also posted the following treatise on:

Choosing Mujahid Warriors

The second interesting find on the M3 site was a recruiting psychology and preparation tutorial. This little tutorial and links were put up to teach others how to recruit shahid into jihad.

First: How to choose who you want to invite him to be a draft Mujahid

Full translated text HERE

This of course is prescient today as we have seen the recruitment efforts going up on the jihadist boards. They have been making all attempts to bring in non Muslim looking shahid as well as women so this article gives them the psychological tools to choose them. Obviously they have been thinking about this a bit. Welcome to Jihadi psy-ops kids.

What this tutorial seems to be lacking is the psychological aspects of getting the “loner misfit” to come to Jihad and become a shahid. I am sure though that that lesson is in the links that were provided by this user at El-Eklass. The site seems to be missing but can be found in cached forms out on the web. As well the links to megashare and the like too, have either been moved or taken down, but, with a little looking I am sure you can locate the full documents.

Full How To Links Translated HERE

OSINT Material from

By taking clipboard captures of the users names in Arabic, I was able to Maltego them and see where they had been posting as well as mentioned.

User: The Son’s of Al-Qaeda.png

User: Palestinian Abu Malik.png

User: Lion of Jihad.png

The Lion of Jihad has been a very busy boy indeed. I will be following those links later on and see what I can get at. I also noticed some new sites in there that I will be archiving and testing in the near future.

The site is surprisingly not mirrored like the other sites I usually see and as you can see from the picture at the top of this post, sits in Malaysia. So, not much can be done in the way of taking this site down, but I am sure is watched regularly by the authorities.

Just as an aside: In this case a Jokey attack would actually bring down the site for.. 30 minutes.. Of course, that still would be useless and hapless, but that’s Jokey… but I digress…

In the end, I have begun some more technical assessments of M3 as well as Al-Faloja and will be posting those findings once I have them all done. Inasmuch as I have looked, they are running some insecure protocols and might be exploitable.


Written by Krypt3ia

2010/03/14 at 00:13

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: