Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

HB Gary: Hubris, Bad Science, Poor Operational Methodology, and The HIVE MIND

with 2 comments

Algorithms, Social Networks, and COMINT:

When I had heard that HB Gary had been popped and their spool file was on PB I thought that it was unfortunate for them as a fairly well known company. Once the stories started coming out though with the emails being published online, I began to re-think it all. It seems that Aaron Barr really fucked the pooch on this whole thing. He primarily did so due to his own hubris, and for this I cannot fault Anonymous for their actions (within reason) in breaking HB Gary and Barr’s digital spine.

It seems that Barr was labouring not only a flawed theory on tracking social networks, but also in that he planned on selling such a theory and application to the government. One notion was bad, and the other was worse. First off though, lets cover the science shall we? Barr wanted to track users on social networks and show connections that would lead to further data on the users. The extension that he was trying to make was obtaining actual real names, locations and affiliations from disparate sources (i.e. Facebook, Twitter, Myspace, IRC, etc) While this type of data gathering has been done in the past, it has not usually been culled from multiple sources automatically electronically and then strung together to form a coherent pattern. In short, Barr was wanting to create software/scripts to just scrape content, and then try to connect the dots based on statistics to tie people to an entity like Anonymous. The problem, and what Barr seemed to not comprehend, is that the Internet is a stochastic system, and as such it is impossible to do what he wanted with any kind of accuracy. At least in the way he wanted to do it, you see, it takes some investigation skills to make the connections that a scripted process cannot.

This can be seen directly from the article snippet below where the programmer calls Barr on his flawed logic in what he was doing and wanted to do.

From “How one man tracked down Anonymous and paid a heavy price

“Danger, Will Robinson!”

Throughout Barr’s research, though, the coder he worked with worried about the relevance of what was being revealed. Barr talked up the superiority of his “analysis” work, but doubts remained. An email exchange between the two on January 19 is instructive:

Barr: [I want to] check a persons friends list against the people that have liked or joined a particular group.

Coder: No it won’t. It will tell you how mindless their friends are at clicking stupid shit that comes up on a friends page. especially when they first join facebook.

Barr: What? Yes it will. I am running throug analysis on the anonymous group right now and it definately would.

Coder: You keep assuming you’re right, and basing that assumption off of guilt by association.

Barr: Noooo….its about probabilty based on frequency…c’mon ur way smarter at math than me.

Coder: Right, which is why i know your numbers are too small to draw the conclusion but you don’t want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.

Barr: [redacted]

Coder: [some information redacted] Yeah, your gut feelings are awesome! Plus, scientifically proven that gut feelings are wrong by real scientist types.

Barr: [some information redacted] On the gut feeling thing…dude I don’t just go by gut feeling…I spend hours doing analysis and come to conclusions that I know can be automated…so put the taco down and get to work!

Coder: I’m not doubting that you’re doing analysis. I’m doubting that statistically that analysis has any mathematical weight to back it. I put it at less than .1% chance that it’s right. You’re still working off of the idea that the data is accurate. mmmm…..taco!

Aaron, I have news for you, the coder was right! Let the man eat his taco in peace! For God’s sake you were hanging your hat completely on scrape data from disparate social networks to tie people together within a deliberately anonymous body of individuals! Of course one could say that this is not an impossible feat, but, one would also say that it would take much more than just gathering statistical data of logins and postings, it would take some contextual investigation too. This was something Barr was not carrying out.

I actually know something about this type of activity as you all may know. I do perform scraping, but, without real context to understand the data (i.e. understanding the users, their goals, their MO, etc) then you really have no basis to predict what they are going to do or really their true affiliations. In the case of jihadi’s they often are congregating on php boards, so you can easily gather their patterns of friendship or communications just by the postings alone. Now, trying to tie these together with posts on other boards, unless the users use the same nick or email address, is nearly impossible.

Just how Aaron Barr was proposing to do this and get real usable data is beyond comprehension. It was thus that the data he did produce, and then leak to the press enraged Anonymous, who then hacked HB Gary and leaked the data in full claiming that none of the data was correct. Either way, Aaron got his clock cleaned not only from the hack (which now claims to have been partially a social engineering attack on the company) but also from the perspective of his faulty methodologies to harvest this data being published to the world by Anonymous.

OSINT, Counter-Intelligence, and Social Engineering:

The real ways to gather the intelligence on people like Anonymous’ core group is to infiltrate them. Aaron tried this at first, but failed to actually be convincing at it. The Anon’s caught on quickly to him and outed him with relish, they in fact used this as an advantage, spurring on their own efforts to engineer the hack on HB Gary. Without the right kind of mindset or training, one cannot easily insert themselves in a group like this and successfully pull of the role of mole or double agent.

In the case of Anonymous though, it is not impossible to pull this off. It would take time and patience. Patience it seems that Aaron Barr lacked as much as he did on scientific and mathematical method where this whole expedition was concerned. Where his method could have been successful would have only come from the insertion of an agent provocateur into the core group to gather intel and report back those connections. Without that, the process which Aaron was trying would have yielded some data, but to sift through it all with interviews by the FBI and other agencies would have become ponderous and useless in the end.

It is my belief that there is a core group of Anon’s as I have said before. Simply from a C&C structure, there has to be an operational core in order for there to be cohesion. This can be seen in any hive structure like bees, there are drones, and there is a queen. A simple infrastructure that works efficiently, and in the case of anon, I believe it is much the same. So, were one looking to infiltrate this core, they would have a bit of a time doing so, but, it could be done. Take out the core, and you take out the operational ability of the unit as a whole to be completely effective. To do this though, one should be able to understand and apply the precepts of counter intelligence warfare, something Barr failed to grasp.

In the end.. It bit him pretty hard in the ass because he was in a hurry to go to press and to sell the ideas to the military industrial complex. Funny though, the real boys and girls of the spook world would have likely told him the same thing I am saying here… No sale.

Oh well… Arron Icarus Barr flew too close to the anonymous sun on wings made from faulty mathematical designs and burned up on re-entry.

K.

About these ads

2 Responses

Subscribe to comments with RSS.

  1. Interesting. Not exactly my take but then I don’t think like you. I agree but I think you’re still missing something…something I’m missing too but my head’s been working on it practically nonstop- well, in between spinning.

    Mark Walsh made a comment about the Internet being Broke because of commercial interests being inserted into it at an early TED conference, but actually, I remember Tim Berner’s Lee using that line himself talking about how there was ALWAYS going to be websites not finished or broken links. That the Internet would be more efficient because of it.

    I ran a website…honestly I could not tell you HOW many total pages there were. Over 75k .htm/.html pages alone.. plus numerous forums were generating php links, and pdfs in addition to the regular pages. Crawlers would try to generate broken link reports but as soon as one was generated a report, a lot would have have changed.

    Human psychology and social networks are more than links. You could not begin to capture the nature of that with mere links. Using an intelligent HUMAN analyst WITH tools is the only way I see.
    There’s nothing about the internet that is static picture. One might think you go back ‘to when they first’ with his ideal software, but he’s forgetting that Facebook was not open for business to everyone at first, all at the same time.

    But deeper still, past the broken state of the net. Past the scraping and mapping….there’s the psychology.
    Wow, that’s the thing. You talk of hive minds but I see a field of cattle. I remember stampedes at Walmart that killed a guard…WHO fans killing fallen WHO fans in a bid to get to the concert…people pouring out on the streets in the Middle East.

    And then you’ve got damn technocrat wanna-bes standing there not even doing the work of building the corrals, but instead just standing there ready to label them and brand the cows. Round up ALL those good Morman children and take em to DFCS, sort it out later. BLEH- there is a HUMAN cost to this way of thinking.

    You’ve got an security company- usually known as protectors of data- not really caring about quality of INFORMATION collected or ethics -in fact, with other planned projects willingly putting the quality of the information at risk.

    It’s greedy, and it’s dangerous, and it’s dirty. It’s ‘went too far, got too paranoid, and too egotistical for your own good’ sell-your-soul crazy, and it threatens the very thing that supposedly it protects.

    I think too that people are getting too focused on this herd that is Anonymous. Oh it’s a great selling point,granted- oh you must secure your data, there’s the biggest, baddest, APT that you ever seen and they are legion! But bleh, so what. I may be part of a group, but I am still an individual. So are they.

    But Anonymous. Anonymous may very well be broken too-unorganized, people coming and going,ect., and that might be the key to their efficiency, just like it is the key to the web’s.

    It’s all interesting. Thank you for the extra spin on my head. :)

    Skullaria

    2011/02/19 at 11:58

  2. Hurrah! In the end I got a blog from where I can genuinely get helpful
    facts regarding my study and knowledge.

    linkedin

    2013/02/11 at 13:44


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 117 other followers

%d bloggers like this: