Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for July 2010

Carnivale: Two Seasons of Goodness and Then A Blight from HBO

with 5 comments

Back in 2005 a show came to HBO that I got in drips and drabs over time while I was a “Travelling Man” for IBM. Since I did not have HBO at home and still don’t I had to finally catch this whole show on DVD. I have just finished watching both seasons of the show and I felt compelled to write a review. The show was Carnivale.

Carnivale takes place in 1934, the depths of the depression in the blighted land of the dust bowl. From the start, it is an incredibly well shot and designed show that really places you in the setting of depression dust bowl life even better than the Dorthea Lange picture of the migrant worker. You literally feel the dust and parching heat of the place and time by just looking at the scenery and of course, the players. Never a more dusty troupe will you ever see.

The basis of the show is the epic battle between good and evil that takes place on the earthly plane after the war in Heaven came to an end. Evidently, every generation has the chance of being led by evil or good according to the deal that was struck between Satan and God. A savior and a devil are born with each generation and they may, or may not, fulfill their destiny to do battle and decide the fate of man.. For that generation at least.. Until the Omega.

In this generation you have Ben Hawkins, a boy who has been shunned by his insane mother and in the start of the show, we find has escaped the chain gang to be with her and try to help her. She refuses his help, which could heal her by the laying of hands upon her, and dies. Ben, moves on to escape the law with the local Carnivale and begins the journey of discovery of what he is as well as hasten the epic battle to come.

The Good:

Fantastic cinematography, set design, costume design, and general historical accuracy down to the language of the time and place! This will be darkly wonderful and dry for you to watch. You will feel like you are literally sitting next to that migrant worker as well as give you a taste of 1930’s carny life.

The Acting was well done and the writing of the characters well defined if not a little cryptic at times.. But that cryptic nature makes you want to know more, so you make a point of watching the next episode. There was not one episode that left me thinking.. Meh, maybe I will not see it next week when it was on tv.. The only problem I had was.. I didn’t have HBO except in hotel rooms!

The story was well defined and had you wondering at every turn just where it was going to go. You had hints and visions of possible futures but you really were left with your imagination as opposed to too many foreshadowing scenes that gave everything away. The interplay of the plot lines both historical and present really kept you going too. All in all, a story that was originally a book that was turned into a series that kept most of its content. This was one of the reasons for its downfall though. The series was just too costly to continue according to HBO and thus, in the end I have a gripe about the ending…

The Bad:

As mentioned above, the cost of the show and the sudden decision to pull it from HBO left it in the lurch. Much of this due to the story lines and arc of the show being presented in book/chapter format. By killing it in the second season, the writers were left to tie up some loose ends hastily and end it with as much finality as they could and still serve the story…

Which, really did not happen.

At the end, the story was forced enough that the last three episodes felt like you were being rushed out of your seat at a busy restaurant by a harried wait staff. You got to eat, but you got heartburn for it really. The story suddenly shifted into high gear with a feel akin to a speed walking version of “The Stand” and the new “Canaan” took the place of Las Vegas.

Additionally, I found that the plot device used to foil the evil one was a bit of a kluge, however, had it been part of the larger arc later discovered through the writers pitch document, then it would not have made it seem too forced. But, because this show was given the axe, the story line and end falls flat. I think though, that I need to find out if the writers etc, knew that this was the end when they had it in the can or, did they think season 3 was coming still? If so, then the pace was just, the pace and my perception of it different because it was “the end” according to HBO.

All in all, the ending left quite the opening for continuation should someone pick up the mantle. However, since its 2010 and Hollywood would rather make crappy re-makes than original works, I hold out little hope of redemption through the arc being finished out.

Final Analysis:

  • Carnivale was a fantastic show that got the usual short shrift from the studios.
  • HBO screwed the pooch.
  • Clancy Brown is America’s scariest actor
  • This show leaves you wanting to Google a LOT of things
  • It includes Templars, Renne Les Chateau, and other mythos and that is ALWAYS cool
  • See it all on DVD.. I promise you you will not regret anything but its ending
  • Once you have seen the series read the “Pitch Document” it will give you more to work with

“Ok children.. Let’s shake some dust”

CoB

Written by Krypt3ia

2010/07/29 at 18:44

“Strutting and fretting his hour upon the security industry stage, And then being heard no more”

with 4 comments

The Frustration And Gnashing of Teeth:

Recently, I have heard others lament the state of the “security industry” as well as have posted about my own adventures into the land of FUD and Security Theater as well as a side trip into the shadow lands of denial. My last post about a call that went awry also got responses from others in the business including Mr. Reiner, who had a post somewhat similar to what I had written about, but took it further. His post mirrors much of what I am hearing and feeling myself now 13 years into it.

  • The industry has become just that, an industry that makes cookie cutter security and passes mediocre services as “state of the art”
  • The industry is now full of salesman and charlatans like Gregory Evans and Ligatt
  • The clients still just don’t get it and often do not want to
  • There are too many bells and whistle firms but too few true “holistic” security offerings out there
  • The exploits and vulnerabilities are growing at a rate faster than Moores Law and never will there come a time when you can catch up
  • Nothing is truly secure
  • Regulations are inadequate mechanisms for security best practices inspiration (notice I do not say compliance here)
  • Coders and the companies that hire them are coding insecurely and do not wish to change that
  • Greed is Good (Gordon Gekko)

Generally, the experience out there is that as everything else that someone loves to do as an avocation which turns into a vocation, becomes not so much fun anymore when business gets involved…. Especially big business. Unfortunately, this is exactly what has happened today with information security/technical security. It has become a pre-packaged, pick your services lunch counter style of operation and you rarely get what you really need and instead get the fatty happy meal instead.

Taking A Step Back:

As professionals in the field we all have different skill sets and personal bents on and in the security theater. I am putting us all into the “theater” because really, we are all like Shakespeare’s players who: “struts and frets his hour upon the stage, And then is heard no more” We are in fact often times the character of “The Fool” The one man who is the outward conscience of the king and the one person in the court who can tell the truth to the monarch that they indeed have no clothes on. Of course this really only works for those who are contractors/consultants and can then leave the site after leaving a report on their vulnerabilities and how to fix them. Unfortunately, if you are a full time employee of said “court” you may indeed find yourself in the oubliette quickly enough. We need to embrace this fool role and then decide just how we will approach our careers as well as the means in which we ply our trade for the betterment of the courts we serve in.

One must remember that we all serve the will of the king… And sometimes the king is an idiot, lout, Luddite, or schmuck.

My Goal Here:

My goal with this post and what I think is shaping up to be a series of them, is to cover the players involved here, the game being played, and the realities of our business. So many of us are running into the same walls and I have been hearing the same things over and over from you all out there as well as in my own head as I deal with clients. All too often we do our best to tell the client that they have things that are vulnerabilities within their organizations as well as their infrastructures all for naught.

Others see the bigger picture of with everything that we do, there still is always a way into the org and their infrastructure and a method to steal their data. All too often this also happens because of simple low hanging fruit attacks such as SE attacks or completely un-secured networks that lack policies and processes that might in fact prevent much of the attacks from happening were they documented and in force.

Still others see the grand scale of not only the snake oil salesmen out there but also the malfeasance of the companies that make the software and hardware systems (might I mention ATM machines Deibold? yeaaahhh I think I will) that are completely insecure and egregiously so! Even in this day and age where hacking/cracking is so prevalent they STILL do not want to take the time and the effort to code securely… And as Weld Pond said today

“YOU SHOULD BE ASHAMED OF YOURSELVES! THESE ARE SYSTEMS THAT PASS OUT MONEY!” *paraphrase likely there*

To that end, I have created the following framework for the posts to come. Some of them are posed as questions and if you like, you can comment answers that you think apply. Overall though, I would like to pull the security industry apart as well as the motivations for not only the vendors, but also the clients. I want to lay out all the players and variables, examine them all, and then come up with a strategy for what I am currently calling “Holistic Security” (I know all scented candle touchy feely new age sounding) A method of looking at the security needs of a client and offering them what they really need as well as methods to bring that client to the troth to drink from the security well.

I know.. This is going to be nearly impossible huh?

It’s either this or just packing it in and walking away though… Really… Once you reach a point where you hate the job and you feel constantly that you are doing nothing to change things you either have to walk away, or make drastic changes happen.

What do you think? Don’t you think that with all our SE and other skills we ought to be able to overcome all this?

Check out the future post framework and let me know… I will work on the players tomorrow.

CoB

The Players:

Some of us Just Want to Have It Done Right:

Some of Us Just Want to Hack and Do Cool Shit:

Some of us just want to Be Researchers:

Some Are Just LIGATT:

The Playing Field:

Current Approaches to Security Auditing:

Can There Be A Holistic Security Approach?:

Can We Get Companies to Code Securely and Ethically?:

Opposing Forces:

The Government and Compliance:

The Corporation and the Seven Deadly Sins:

Crackers, APT, and Bulgarians Oh My!:

Every Fortress Falls:

Troy

Sparta

Lockheed Martin

Is There A Framework and Methodology For Holistic Security?:

Security Basics:

Security Awareness vs. Human Nature:

Policies, Procedures, Standards, and Compliance:

Penetration Testing:

Social Engineering:

Written by Krypt3ia

2010/07/29 at 01:42

The Information Security Business.. AKA The Cassandra Syndrome

with 6 comments

I had an incident today that kind of epitomizes the security business for me… Well, one aspect of it that is. I call it the “Cassandra Effect” and it is more common than one might think. In my case, I am Cassandra and my prophetic insights are often unheeded or misunderstood as the rantings of a paranoid personality.

That is until the prophecies come true.. But by then its too late.

Today it was a manager within the company that I have been working for as a consultant who shrilly pushed back on findings that the company (X) did not have an incident response process in place that was documented and audit-able. Nevermind that my finding stemmed not only from asking for the documentation and them telling me they had none, but also by the fact that an incident had recently occurred and I watched as their incident response was muddled and likely would not have happened at all had I not been there to alert them to the malware causing the incident.

But… According to this manager, there was no need to document a process for incident response because they would not be audited by anyone like say for a SOX audit and be required to show their audit-able incident response documentation/processes.

Of course the SOX regs might say different huh?

Thankfully, I stopped myself from arguing this any further and trying to explain that this was indeed the case and that even if the SOX folks did not ask because they often suck at auditing, the PCI folks certainly would… I could hear the name whispered as the incident response post mortem call went on however.

“Cassandra”

Am I the only one who feels this way or is treated as such by clients who ask for security services? I mean, you go in, you do your job and document all the deficiencies, state the gaps and map them to regulations and still you get pushback saying

“Well, we don’t need to fix that”

Hell, this even happens after you exploit systems and steal their data and show them. They still look at you and say;

“Well, you do this professionally, this won’t ever happen in the real world”

Why? What is it that causes these cases of self delusion in certain C level execs? I really don’t understand their reasoning here. I certainly did not understand this person’s need for their responses being so confrontational. I mean, is it just that they feel that their job is on the line? Is it that they are not willing to spend more time and money? Because really, the only investment here would be time. Time to write the incident response plans and have them published.

So whats the deal here?

I attribute much of it to the fact that security, much like the appearance of a UFO to Neanderthal man instills fear into their hearts and minds. Simply, they see it all as magic and beyond their comprehension moving some to disbelief of what they see before them.

It could never happen here!

This is just too arcane!

Who’d want our data anyway?

Well, I have news for you, this is the future and the future is security my friends and we.. We are doomed.

I wonder what will happen tomorrow when I send them the links to the SOX requirements on documented processes such as incident response….

CoB

Written by Krypt3ia

2010/07/28 at 02:04

Of Online Jihadist Flunkies and Mapping Online Jihad

leave a comment »

Excerpts from

Student, Online Terrorist Flunkie Arrested in Virginia

In something of a warning to all wannabe online mujahedeen, a 20-year-old student from northern Virginia was arrested today on charges of providing material support to al-Shabaab, the al-Qaida-aligned Somali extremist group.

Zachary Adam Chesser is the guy’s given name. But he went by several others: Abu Talhah, Abu Talhah Al-Amrikee. But Chesser’s highest profile appears to be online, where his sobriquets included TeachLearnFightDie and AlQuranWaAlaHadith. He posted on an apparently defunct blog called Themujahidblog.com and Revolutionmuslim.com, according to the affidavit of FBI Special Agent Mary Brandt Kinder, and he threatened the lives of the South Park creators for their portrayal of the prophet Mohammed. Searches for his uploaded videos led to the discovery of him getting pwned by one of the Jawa Report guys.

Apparently Chesser intended to put his internet skills to use for the extremist militia. According to the affidavit, Chesser told Menges that al-Shebaab members told him to bring laptops to Somalia, so he could join their media unit, the apparent posting of choice for foreign fighters — much like the rapping Alabaman Omar Hammammi. He wrote a post in June on an unspecified online forum, according to the affidavit, expressing his intent to leave for Somalia and announcing he was “actually leaving for jihad.”

The guy wrote a fair amount online. A different post from January encouraged fellow takfiris to stay fit: “We have to go for jogs, do push-ups, learn firearms, and all kinds of things…. And, perhaps above all, we have to actually go and fight against the disbelievers.” This kind of stuff is increasingly prevalent in the English-language internet. Just last week, a Pennsylvania-based internet hosting service shut down its blogetery.com platform after federal law enforcement officials showed that more than 70,000 bloggers used it to push al-Qaeda propaganda into the cyber-ether.

But he might be part of a recent trend in low-wattage/high-bandwidth self-radicalization. “This case exposes the disturbing reality that extreme radicalization can happen anywhere, including Northern Virginia,” U.S. Attorney Neil MacBride said in a statement. Especially with the aid of Wi-Fi.

From Wired.com by By Spencer Ackerman

Ok, so there is so much wrong with this article that I just have to call it into question as to if the reporter actually did any kind of “reporting” here. I mean, sources and actual leg work looking into the terminology and technology perhaps? This just seems to me to be more of a poorly worded and thought out scareware piece than anything else there Spencer.


Lets pull it apart a bit…

First,


“Tafkiris” the root of which is kufir or kafir, which means “impure” or those who are excommunicated from the Muslim faith. Uhh yeah, it would be helpful to show that this kid had even LESS of a clue what he was talking about here by pointing that one out Spencer.. IF that is, you had any clue what it meant. I am sure you thought perhaps it was another term for a jihadi or mujahideen.

No.. its not.


This kid had less of a clue than Spencer.. But that ain’t saying much. Lets show a little more of the subtlety here huh?

Second,

Just last week, a Pennsylvania-based internet hosting service shut down its blogetery.com platform after federal law enforcement officials showed that more than 70,000 bloggers used it to push al-Qaeda propaganda into the cyber-ether.

As I wrote about yesterday, the whole affair over the blogetery site was not so much the feds saying that there were 70K worth of users pushing jihadist data on there, but instead asked about a couple of their servers that had data on them. You see, as I had reported, the site was a file trading site primarily and it is likely that the jihadi’s just found it easy to put up the files there and leave links elsewhere as they do in many other cases.

I checked Google and only came up with one potential site that had connections to Iranian Muslim propaganda against the west so, I don’t think that this was another “mos eisley” on the internet here. Spencer, do a little research huh? Had this been so riddled with data and grave things indeed, then the Feds would have swooped down either with a warrant to seize the servers or, they would have quietly assumed control with the help of the burst folks to watch and collect data. It was in fact Burst that took the system down for fear of being nailed for copyright infringement as they had already been sniffed around on before.

Third,

But he might be part of a recent trend in low-wattage/high-bandwidth self-radicalization. “This case exposes the disturbing reality that extreme radicalization can happen anywhere, including Northern Virginia,” U.S. Attorney Neil MacBride said in a statement. Especially with the aid of Wi-Fi.

WTF? WI-FI is the cause of rapid and widespread jihadi conversion? Spencer what the fuck is this crap being quoted without the benefit of calling the reasoning into question here?

Look, self radicalization can happen with or without WIFI there buddy, and the internet sure does have something to do with that, but, it is not a big deal to say that it EVEN HAPPENED IN VIRGINIA! What the hell man? Any kid or nutbag out there ANYWHERE could turn to Jihad as well as perhaps any other whackjob religious sect and become a terrorist! … And it has nothing to do with WIFI!

Wired.com has been steadily slipping here…

So yeah, this kid is a shmuck. He was being used by Al-Shebab and likely “if” he did have contact with Al-Awlaki then he was being groomed to be the next BVD bomber and not so much a new whizkid at their media arm. I mean fuck, he had no idea what Tafkiri meant!

Here kid.. take this plastic bottle of boom juice, place it in your rectum and pull the chord in flight for us!

Ok! Will I get my 72 raisins?

Tards… (Spencer included)

CoB

5 Reasons to Doubt Al-Qaeda Magazine’s Authenticity: Gives One Ideas, False Flag Anyone?

leave a comment »

The 5 reasons:

(1) Bin Laden and Zawahiri are extremely secretive and issue statements rarely and directly to the media. It would be unusual for them to write for a third-party publication, especially one put out by the Yemen-based AQAP, with which they have little or no direct ties. However, it is possible that the magazine’s producers simply copied old statements they had made.

(2) The language of the magazine, such as “Make a bomb in the kitchen of your mom,” reflects either a poor command of English or a light-hearted sense of self-parody. AQAP is not known for either. Awlaki, whose location in Yemen makes his participation very plausible, is a native, fluent, and very articulate English speaker. His fiery English-language sermons are not funny.

(3) The magazine includes an essay by Abu Mu’sab al-Suri. But Suri, whose connection to al-Qaeda is uncertain, has been locked up in Guantanamo–and possibly a CIA black site–since 2005. However, as with bin Laden, it is possible the magazine simply copied old statements.

(4) Analysts tell me that the magazine PDF file either does not load properly or carries a trojan virus. This is unusual because al-Qaeda and AQAP have produced and disseminated such PDF publications many times without such problems. If the report was produced by U.S. counterintelligence, or if the U.S. operatives attached the virus to the original file, would the trojan really be so easily detectable by simple, consumer-grade virus scanners? Surely U.S. counterintelligence has less detectable viruses at their disposal.

(5) The web-based “jihadi” community itself seems suspicious. The report has received little attention on web forums, especially given its apparent importance. A publication including such high-profile figures would normally receive far more attention than it has so far.

Full article HERE Inspire AQAP Glossy HERE (CLEAN)

Exploit or Ineptitude?

When this file came out I too had some issues with it not downloading fully from the myriad of uploader sites that the Jihadi’s had “ostensibly” uploaded it to. I attributed it to a lack of understanding on their part that the original had been corrupt somewhere along the line between sharing partners and propagated that way. However, given all of the data post release and some looking into, I think there are a couple of scenarios that might fit the bill;

1) The original was sent out to the trusted before going wide. Once sent wide, it was quickly infected with malware per persons unknown and propagated further on the internet.

2) The reason for the placement of the malware could be to sow distrust on the part of the jihadi’s trafficking in the data by persons unknown. This makes it an untrusted channel and more likely people will not download it too quickly in the future. I say this because the malware was easily detectable by current AV products. Had this been a program of the intelligence agencies, they would have indeed used 0day that was not detectable. The same could be said for certain factions of the hacking community who may have an interest in helping the other “community”

3) This was indeed some sort of poorly conceived exploit by some organization as the malware was easily detectable.. They screwed up.

I cannot say either way and I as yet, have not seen a copy of the “infected” file to prove out that it did indeed have malware embedded in it. The current version that I have on my server (linked above) is clean, but I believe that I have another dirty copy on another *nix box. I will check that later and amend this post once I have. All of this though does not lead me to believe that the magazine was part and parcel created by anyone else but a jihadist movement faction that offered it to AQAP.

You can go on the cues from above about the language and the other telltale clues that this is not a straight out work of GIMF or As Sahab. The writer of the article is right on this account in that the language would have been much better constructed by bi-lingual speakers of Arabic and English as you have seen in the past. The Al-Awlaki connection too may be there, but he likely did not have oversight directly of this magazine. In fact, when I pulled the metadata on the PDF file that I got hold of today, there was NONE in it. So it is hard to say who made the file at present. I will check again once I find that dirty copy I downloaded when it came out for metadata in situ.

As for Giving One Ideas..

All of this has given me ideas on perhaps how the information war should be waged against AQ and other online Jihadist movements if it already isn’t being done by the likes of the NSA. What if such PDF files were commonly compromised with 0day? The jihadists usually traffic pretty much only in PDF files nowadays. If you go to their sites you can’t even get a lock on the files there because they have uploaded them all to share sites all over the globe. So, who’s to say that there isn’t some governmental bodies out there with access to those .com .net sites and are infecting the files soon after the uploads happen?

I’d be doing that…

Hell, I’d be loading the files with malware for all the major OS’ out there not just Windows variants… Which, we know a good percentage of these online jihadi’s are using Windows as you may have seen in the posts I have made. The only problem then would be that if you are doing this to the downloaders, it leaves the creators still potentially unaffected.. How to get the creators boxes I wonder….

I guess the question Is… is this already being done? If not.. Why not? Seems to me that we could get a pretty nice haul if you compromised all those down loaders boxes and set up a nice back channel server somewhere to aggregate all the data as well as do some escalation….

Maybe the government just needs a good copy of Core Impact huh?

CoB

Worm Win32/Stuxnet Targets Supervisory Systems in the U.S. and Iran

with one comment

According to ESET Virus Lab, the worm has been active for several days, lately in the U.S. and Iran withalmost 58 percent of all infections being reported in the United States, 30 percent in Iran and slightly over four percent in Russia. The cyber attacks in the U.S. and heightened activity of the worm in Iran come in the wake of persisting tensions between the two nations over nuclear ambitions of this Middle Eastern country.

“This worm is an exemplary case of targeted attack exploiting a zero-day vulnerability, or, in other words, a vulnerability which is unknown to the public. This particular attack targets the industrial supervisory software SCADA. In short – this is an example of malware-aided industrial espionage. The question is why the chart of affected nations looks as it does,” said Juraj Malcho, head of the Virus Lab at ESET’s global headquarters in Bratislava, Slovakia.

An interesting angle to this story is how the worm spreads. “For a truly targeted attack it would have been coded to make specific checks to see that it only ran where it was supposed to and did not spread. Spreading increases the odds of detection. If the attack was aimed at only US systems, then the attacker would not want the code appearing all over the world. This fact might indicate a number of potential attackers,” said Randy Abrams, director of technical education at ESET in the U.S. “The ability to attack power grids throughout the world would be very appealing to terrorist groups,” concludes Abrams.

Full article HERE

Interesting choice of countries to attack… What would be the motivation for just those two countries in a targeted attack? Could there be some cross polinization due to the actions of one country on another? Lets say for instance, the Iran got infected by something they procured or had access to within the US? Or vice versa? My bet though, is that this is a targeted attack on the systems themselves and not country centric. Any country using like technology, likely has the new worm in their midst and may not know it.

Of course, just how many SCADA systems are prevalent today? As well, just how many have been connected to systems that face the internet in some way? That is the operative question I guess…

As for the contention that this is industrial espionage.. Well, I might think it is more groundwork for something else… Here it comes…

Cyber Warfare Oh my, I said it didn’t I huh.. The talk lately has been so back and forth between detractors and believers that no one really is getting “it” No matter what you call it, no matter who you want to attribute it to as attackers go, here is the proof of concept that even if it is not “happening successfully” yet, they are trying. That is the important thing to keep in mind. What people fail to understand is that the whole US grid need not be knocked out to make a cyber war or to be successful. All you really need is for the target of your choosing that will fulfill your desired outcome, to be taken down or subverted in whatever way you want it to be.

I am sure the bickering will continue and the government will look at this and think they have to create another agency or sub group to think about it more.. In the meantime though, we still have the problem of these systems perhaps being connected to networks that are not secure, whats worse, those networks may in fact be internet facing and thus able to be C&C’d from remote locations like mainland China.

Meanwhile….

More has come out about this 0day and the supervisory systems attack (I wonder if that is the only vuln attack here or is it just one of many coded into this effort?) It seems that the Siemens software and an old and well known SCADA password for it on the internet, has been coded into this and has been seen in the systems spoken of above.

IDG reported that Siemens issued a warning on Friday saying the virus targets clients using Simatic WinCC, one of the company’s industrial control system software offerings that runs on Windows. The virus strikes at a recently discovered Windows bug that affects every Microsoft operating system, including the recently released Windows 7.

The virus transmits itself through infected USBs. When the USB is plugged in to a computer, the virus copies itself into any other connected USBs and, if it recognizes Siemens’ software, it tries to log in to the computer using a default password.

Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/07/19/BUBC1EDTIS.DTL#ixzz0uPyQ8AGn

Now this article has language from Siemens that alleges industrial espionage and not so much prelude to attacks on a networked system such as the grid. One wonders just what the straight story is here. In either case, the incursion of the worm and the accessing of a known pass/log to a SCADA system is not a good thing for those of us trying to protect said systems. Would not one looking at this on the face of it think that it was an attempt to gain a foothold as well as intel on SCADA systems for future use?

Better keep your eyes peeled…

Just sayin…

Blog Platform Shut Down as FBI Probes al-Qaida Posts

leave a comment »

Blogging platform Blogetery.com was cut off by its hosting company last week after the authorities said al-Qaida “terrorist material” was found on one of its servers, said a statement from web host BurstNET Technologies Monday.

Blogetery, a platform for some 70,000 blogs, was taken down by BurstNET after the Federal Bureau of Investigation asked BurstNET “to provide information regarding ownership” of the server hosting Blogetery.com,” BurstNET said.

BurstNET shuttered Blogetery at its own discretion, after concluding it was violating its “Acceptable Use Policy.”

“It was revealed that a link to terrorist material, including bomb-making instructions and an al-Qaida ‘hit list,’ had been posted to the site,” BurstNET said.

CNET said the material allegedly discovered by the FBI “is connected to an online magazine called Inspire,” whose mission is to recruit al-Qaida members.

A message on Blogetery.com said, “[O]ur server was terminated without any notification or explanation.” Attempts to reach the site’s operators were not immediately successful.

The message board at webhostingtalk.com was inundated with Blogetery.com customer complaints.

“So BurstNet can ‘kill’ your server any time and give you BS reason about some ‘law enforcement officials,’” one message read.

From WIRED

So the hosting company decided to close it down huh? After an inquiry.. Well, guess that is one way to handle the situation huh? Not a good one mind you… Of course had the FBI wanted to just yank the servers off of the internet and perform a forensic evaluation that might be another situation altogether huh? I think though, that this place jumped the gun a bit. Blogetry.com is registered to:

Registrant Contact:
WhoisGuard
WhoisGuard Protected ()
Fax:
8939 S. Sepulveda Blvd
8939 S. Sepulveda Blvd
Westchester, CA 90045
US

So, its a protected entry… Hmmmm.. Lets use the “Googles”

A Google of the domain turns up cached teandpolitics blogs but not much to do with jihad or qaeda. It wasn’t until I expanded the search with the parameters of “jihad+qaeda+blogetery.com” that I came upon a single hit from another site..

http://rahetohid.blogetery.com

Which also has links to: http://rahetohid.wordpress.com/

A Maltego 3 scan turns up an interesting email address for the blogetery.com domain/site: ahmad_alehossein@yahoo.com

ahmad_alehossein@yahoo.com Seems to be the site’s operator and the author of the WordPress site too.

This site seems to be more pro Iran and anti America.. Not so much Jihadi recruitment…

It seems that the bulk of the sites on the blogetery.com domain were file sharing types of sites and this must have been where the files were uploaded to the servers. So, they yanked the servers because of more than this find I think. Scuttlebutt on the intertubes is that they had run into copyright issues in the past and perhaps this was a little too much heat on them so they just pulled it all down. In the Google searches I performed you could see links to movies and other things on sites within.

Move along.. Nothing to see here…

Of course, I would be interested in seeing those files they were talking about.. Especially the hit list.. I am going to have to look for this in other ways. In any event, like I said from the title of this posting, if every site that had docs from jihadists on them were yanked down, much of the internet would go poof. They have been very active uploading to the likes of rapidshare and all the other sites like the series of sites in Malaysia that I have been poking at.

More when I have it…

CoB


Written by Krypt3ia

2010/07/21 at 19:37

Spies Among US

leave a comment »

First of all, when it comes to espionage, nothing in Russia has changed. After all, the real leader of Russia, Vladimir Putin, was as a career KGB agent who came up through the ranks, and not by exhibiting democratic principles but rather by being a steadfast believer in communist ideology and the especially harsh methods of the Soviet regime with which we are all familiar. In fact, let’s not forget, no one presently in a senior leadershipposition in Russia came up through a nursery of democratic institutions, but rather through the vestiges of Stalin, Kruchev, Andropov, the NKVD and the KGB. Putin, true to his breeding, has surrounded himself with trusted KGB cronies who believe as he does at all levels. So don’t expect anything less from Russia than what they are: not our allies. The KGB had illegals in the United States under the Soviet system and the SVRstill does, according to most experts, under the Russian Federation. How many are here? No one knows, but one thing we can be sure of, this is one of their favored ways to penetrate a nation and have a presence there and they are not giving up on this technique.

But why you ask? After all, the Russians have satellites and they can intercept communications and break codes. Yes and more. However, the one thing that Russian intelligence will always rely on is a backup system to their technical expertise in case of war (hostilities). They always want to have a human in the loop who can have access to information and more importantly to other humans.

You see, an illegal that passes as an average American, can have access to things no satellite, phone intercept or diplomat can have access to—every day things, such as a car, a home, a library, neighborhood events, air shows on military bases, location of fiber cables, access to gasoline storage facilities, a basement to hide an accomplice, a neighbor’s son serving in the military, and so on. If you think like an intelligence officer, then you realize in an open society it’s possible to obtain a lot of information. A mere walk in a neighborhood on a Saturday morning can give you access to vehicles parked at a garage sale that have stickers from government installations or high tech companies doing research. These individuals can be tracked or befriended. Neighbors often watch each other’s houses and may even have keys, which give an intelligence officer access to the house, or a car, or a gated community. They get invited to parties, meet people and gain access to individuals with knowledge, influence or information. And that is only the beginning.

Full article HERE

The above is a snippet from a Psychology Today article by a former FBI spycatcher. I bring it to you to perhaps clarify some of the news out there and maybe give some ancillary corroboration to the things I have been saying all along about the 11, now 12 “illegals” that were caught and so quickly deported recently.

It was surprising to see just how many people thought that since the Sov Bloc was gone that the new Russia would be spying on little ol’ us. I guess this says more about our culture than it does about theirs really. Just as the author says above, the Russians still have the “strong man” mentality inculcated within their culture and they are led by none other than Vladimir Putin, KGB down to his boxers… And still in charge. So why would it be so inconceivable that the Russians would have such illegals programs as well as other NOC operatives in country? Its certainly the case and always has been. It’s just that the people of the US are too busy thinking about the latest episode of the Hills instead of perhaps geopolitics huh.

Geopolitics and history aside, the article brings out a key point that I have made on more than a few occasions. HUMINT is ery important. This is something that we learned post 9/11 and have been trying to fix since we fucked it all up back in the 90’s (Sorry Bill Clinton) by reducing the HUMINT capabilities of the likes of the CIA in favor of technological means of spying (ala the NSA) We went too far in the other direction and got caught with our pants around our ankles because we did not have a man on the ground to give us good intel on the 19.

Then we have the 12 illegals pop up… and everyone is surprised that the Russians are spying on us as well as amazed at the old school tradecraft that they are using.

How antiquated…

Antiquated and still quite functional boys and girls.

Expanding it further out though, you can see in the passage that I like the most that;

If you think like an intelligence officer, then you realize in an open society it’s possible to obtain a lot of information. A mere walk in a neighborhood on a Saturday morning can give you access to vehicles parked at a garage sale that have stickers from government installations or high tech companies doing research. These individuals can be tracked or befriended. Neighbors often watch each other’s houses and may even have keys, which give an intelligence officer access to the house, or a car, or a gated community. They get invited to parties, meet people and gain access to individuals with knowledge, influence or information. And that is only the beginning.

THIS is a key thing to pay attention to. Once you are in, you have so much access that you really don’t need all of the arcane spy vs spy stuff to get what you really want here. The illegals were a foothold group sent to burrow in and make lives so they could gather data and make friends. They would be, in states of serious distress between the countries, “inside men” the fifth column to attack the enemy from the inside… Say, does this remind you of anything going on recently? Say, oh Jihadi’s recruiting US citizens for Jihad?

Yep.

Situational Awareness is key.

Gregory Evans: Psychological Profile of a Lackluster Conman

with 3 comments

Wow Mr Crabyolbastard, you failed the test just like I thought you would. This time you even got your wires all mixed up. You get a NO GO at this station. Sorry that you can’t play with the Big Boys without squeeling like a wild pig. Tut…Tut…Now What?

darby.chuck@yahoo.com
68.153.132.46

This crabbyolbastard guy has way too much time on his hands, but hey, he’s getting Greg more publicity. I tell you, Evans is probably the most popular guy in the cyber security industry! keep em talking Greg and continue to prove them wrong! Im rootin for ya!

…. And as for you, you crabby. old. bastard……. GET A LIFE!

dscraigen@gmail.com
68.153.132.46

Oh Greg, I have a life, and that life now includes removing you from the information security theater stage. You see, you came to me, not I to you in this matter, and well, you made a mistake in judgement with your “n01hack3r” thing. Greg, you pissed off the wrong people like I told you before, ya know, the aphorism about hackers being subtle and quick to temper? Well, you have more than a few out there in the “community” gunning for you now, and yet, you spend time on my blog reading it, looking up the big words on the “Googles” and responding via your cavalcade of BellSouth sip/adsl addresses claiming to be others while we know all along that its you. So this post has a couple of functions for me.. Let me lay them out for you.

1) I get under your skin.. I have a habit of doing that on this blog and well, I enjoy being the cause of your mental anguish. I intend to get further under your skin like an embedded tick. I plan on leaving you after this post with the nagging self doubt that haunts you in your silent spaces during the day. Think of me as your new personal Hannibal Lecter and you, you are my cell mate next door “Multiple Migs”

2) To outlay to the world in Neuro-Linguistic Programming, a picture of your inner workings, your fears, your failings, and generally, hasten you to your cataclysmic utter failure oncoming. All packaged up in a neatly ordered and well thought out analysis of you Greg.

So, lets get to it shall we? Oh, and Greg, when you respond, and I know you will, if you can’t follow the conversation even with my little links to help you with the big words, you will have to just move on over to the kids table, this is adult talk now.

Gregory,

I know where you are mentally right now. Your dreams of bling and cheap-n-easy young ladies are quickly becoming nothing but faded ambitions due to your age, your rapidly emptying bank accounts, and the light being shown on you as a charlatan and a con man. It must eat at you during the quiet moments all this failure, it haunts you I am sure. The reason why it does is not so much because you care at all for the shareholders of your company, but more so about your own dreams of self aggrandizement. Its all just a niggling feeling at the back of your mind and then you start to realize that soon, there will be nothing left and your charade will be completely exposed and it makes you break out in a cold sweat all alone at night doesn’t it?

And yet, instead of giving in and moving on to something else, you feel trapped and have to fight against the tide of reason. You strive on to show that you are really all those things that you claim to be, but know that you are not.

Successful

A knowledgeable man on subjects such as computer security

A pillar of the community

A God fearing and righteous man

A raconteur

Generally, a good guy

You must have those momentary pangs when you think of your mother, perhaps of your father, but I guess more about your mother, that she is proud of you. You know though, because you have lied and conned your way to where you are now that she likely is not. It is in these small moments when you are alone at night, that you realize that you are none of those things above. You look back at your life and you think about the places where you might have done things differently.. But, its too late now. This, this is the end of the line.

So it is, with each passing day post your being thrust into the light like a cockroach behind the fridge, your revenue stream being broken by the truths being told, that you increasingly see the only way to fight is to lie more, with more extravagance, and to use what little wits you have to attempt to sway the tide of press.

Yet again, at the end of each day, the failure comes to you at night like a specter doesn’t it Greg? Alone in your bed after all the gold digger girls have gone because you cannot afford them any more, it haunts you. You feel it though Greg, you can see the path to the pain’s release but you just aren’t man enough yet to take the path are you?

The path of admitting you are a failure. You had your time when you passed yourself off and bilked your friends, acquaintances, and shareholders, but those days are gone.

Painful isn’t it… No longer are you the big man Gregory…

Each day you are beset by the news on the internet. The truths being dug up about you and published. I assume the calls from your shareholders that you borrowed all that money from (600K+ last I looked) must be on their minds as you let it go to voicemail. Hard to avoid them too I suppose as you go out of the house or go into one of your marble gilded bathrooms. It must also haunt you, the knowledge that the people you thought you had hoodwinked now see the truths of it all.

Then the possible future teases into your mind. You could be going to jail again. This time, it may not be so short a stay and you know that you are going to have to nut up inside or be passed around for a pack of smokes. All those sticky painful incidents of being someone’s bitch inside must also go through you mind. One shudders to think.

So on you go, posting all kinds of press to make your “company” look better and try to resurrect it all. All in the hopes of those glory days of spending the capital that the shareholders give you for skyboxes, expensive cars, and coochie to impress all of those people you so want to be friends with.

The glitterati.

All the while though now, you know that this is not to be, and it pains you. After all, you are a prideful man aren’t you…

Sometimes though, you think about just disappearing… Starting over…. Perhaps you should.

Of course, then you’d be on the run from the charges surely to be filed. But, after all, you are better suited to running than you are to fighting. Cowardice seems to be your stock in trade. You make veiled threats through emails and you get hot quickly lately don’t you? It must be all the stress.

But you know, they (the security community and the authorities) will not go away…

Best to run Gregory… Before it all collapses in on itself further….

Listen to that niggling little voice Greg….

Written by Krypt3ia

2010/07/20 at 14:26

#LIGATT Poor Greg, He Is SO MALIGNED! Getting A Bit Touchy Are We?

with one comment

What’s really amusing is someone by the name of crabbyolbastard thinks that anyone really takes him seriously. It is truly amazing that this feller thinks he’s so smart. The allegations he’s making are downright picking stupid. It’s bizarre that he’s really crabby enough to spend that much time slamming someone. How can you expose IP addresses like that to everyone? Are you serious? You are a person with immense anger. Your really should attend anger management courses or go hit some bricks or something. One with great anger will suffer punishment: for if you deliver him once, you’ll have to deliver him again. There is nothing philosophical about this statement. It’s just the truth. Stop already. Go and be of assistance to someone who needs it. Tell that stuff to someone who doesn’t know any better. Simple Simon has more understanding than you. You’re demonstrating to the world that you’re Ignorant. My people perish for lack of knowledge. Where is this statement found? This is your new homework assignment. Find out exactly where that statement came from then dispute it. Be sure to include all pertinent evidence and documentations. Mr/Ms crabby, find some way to let go and Let God help you to see the error of your own ways. You seem to have a great ability to see everyone’s problem but your own. What did Mr Evans personally do to you?

Post HERE

Boo hoo Greg, just give up man.. Same IP address again? Can’t you even see beyond the idea that by changing names and yahoo accounts its still the same originating IP?

You seem so frustrated… Poor fella.. I know, I have a number you can call!

1-800-WAAA

I expect soon the SEC will be calling you… And that blue sedan out down the street within sight but just barely? Yeah, that’s the FBI.

See you in the police blotter soon Greg.

CoB

Written by Krypt3ia

2010/07/19 at 16:58