Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Abo Yahya and Metadata Cleaning

with one comment

I recently came across the site above through some searches and I have to say that it kind of surprised me as to the contents sophistication in the hacking/security area. This Abo Yahya is adept at understanding the security intricacies needed to prevent easy detection online (using TOR) and seems quite plugged into the hacker community with videos from a European hacker conference to boot. What really struck me though is the above picture where Abo talks about the metadata problem and how it was used to capture Dennis Raider.

Abo goes on to talk about a script to remove the data from word docs as well, which I guess has been on the minds of some and has been used in tracking the files that the jihadi’s are making. One wonders if the doc files are the only ones he (Abo) has worked out or have they done so with say PDF files? All I know is that there are many more files than just doc files out there that can be used to track you all. However, there is much more to learn isn’t there? Now it seems that Abo and Song of Terror have plans to teach the ways of hacking and information security.

The site goes on to show tutorials in linux command line as well as the flavors of Linux including video tutorials. It would seem that they have been paying attention quite well to the security communities posts and chatter about how to be secure online. Abo also brings out the old jihadi crypto program (mujahideen secrets 2.0) and does a little how to on encrypting all their transmissions. All of these files and programs including a tutorial sweet by GIMF are available for download in various places.. All of which I assume, will give us all the chance to check the metadata and see what they might offer in leads as to who made them.

Meanwhile, there was an interesting little passage below Song of Terror’s video on Linux basics…

Peace be upon you and God’s mercy and blessings be upon you

After reading the topic to Brother, “the grandson of bin Laden,” may God preserve him for a script Rapidleech
The fact was the subject of a great and a quantum leap in the world of Jihad in the era of fighting jihad
In squares, in particular the field of media jihad there is no secret to you delete thousands of links to movies jihadist pretext of combatting terrorism. Here, a modest contribution to me for how to publish links rapidly and participation comes after reading the topic to Brother, “the grandson of Bin Laden,” more than once since the beginning has not sunk in but please God I understand that after you apply some examples so I would recommend reading the first issue of the brother by watching this video

So, Bin Laden’s grandson called all of this a quantum leap in jihad huh? Well, in a sense it is really.. They are learning…. However, just how much can they learn and does anyone really think that they can be as “secure” as they need to be to not get popped? I mean, with all the warning and hand wringing that we in the security community do about the lack of security in the general populace, just how much actually works? All too often the security is lacking in all quarters and I am sure that these guys too will also fail when it comes right down to it.

… And in the case of Abo.. I already know who he is in real life I think… And where he lives… How you ask?

Metadata.

So, what I have learned from this site is that there are certain factions that are more learned about hacking and security. They are now making inroads into the jihadi forums and in fact, this site is directly linked to the alfaloja boys. The very same site that was hacked and brought down by CAUI efforts on the part of certain governments. I guess they took from the incident a certain fear of being popped and recruited more people with the help of Song Of Terror I assume. Of course though, just as the security community posts things or creates software/hacks and releases them, they only serve to allow for follow up and obfuscation due to it being in the open. In the case of this site and others that are showing how to hack, we too now know exactly what they are up to and how we can turn that around on them.

Additionally, one of the nice tasty bits that Abo left for me was a hash for mujahideen secrets:

15738D22AC6EACF1F54CC155BDE72D368F81AB2525DD2F64733A36E31D8B137E

Which I put into Maltego and began some searches…

I have to do some more tweaks to searches with Maltego here, but, you can see where this program is being mentioned, served out, and talked about. All of these sites make nice launch points with Maltego and some Googling to further explore who is using it… If I can’t read what you’re saying kids, I can at least know WHO YOU ARE. Funny how those little features that make something more secure can be used against you huh?

Anyway, for those interested.. Here is the data using Maltego on the site and its connections. Maktoobblog is a Yahoo site and this particular one is out of the UK. Perhaps soon Yahoo will get wise to the site…

I see you Abo…

inetnum:        77.238.160.0 - 77.238.191.255 org:            ORG-YE1-RIPE netname:        UK-YAHOO-20070216 descr:          Yahoo! Europe country:        GB admin-c:        KW3969-RIPE tech-c:         KW3969-RIPE status:         ALLOCATED PA mnt-by:         RIPE-NCC-HM-MNT mnt-lower:      YAHOO-MNT mnt-routes:     YAHOO-MNT mnt-domains:    YAHOO-MNT source:         RIPE # Filtered organisation:   ORG-YE1-RIPE org-name:       Yahoo! Europe org-type:       LIR address:        Yahoo! UK Ltd 125 Shaftesbury Avenue London WC2H 8AD London United Kingdom phone:          +44 207 131 1495 fax-no:         +44 207 131 1213 e-mail:         kwoods@uk.yahoo-inc.com admin-c:        DR2790-RIPE admin-c:        IG1154-RIPE admin-c:        NA1231-RIPE mnt-ref:        YAHOO-MNT mnt-ref:        RIPE-NCC-HM-MNT mnt-by:         RIPE-NCC-HM-MNT source:         RIPE # Filtered person:         Kerry Woods address:        125 Shaftesbury Avenue address:        London address:        WC2H 8AD phone:          +44 020 7131 1000 fax-no:         +44 020 7131 1213 e-mail:         kwoods@uk.yahoo-inc.com nic-hdl:        KW3969-RIPE mnt-by:         YAHOO-MNT source:         RIPE # Filtered

One Response

Subscribe to comments with RSS.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: