Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for March 2011

Inspire 5: The Tsunami of Change Assessment

leave a comment »

The latest version of Inspire, the AQAP Jihadi magazine is out and having read through the whole thing I have come to the following conclusion;

AQAP has begun transforming into a political party much like Hamas has.

The bulk of this magazine deals with the re-asserting of AQAP Jihadi doctrine, but this time with a softer spin and a more politic language set. Much of this is attributed to the fact that the Middle East is on fire with protests seeking to depose the dictators who run those countries. Accordingly, Inspire has set a softer tone overall, but tries to re-enforce that there is no “middle road” in Muslim doctrine from the prophet. What this means is that once again, they are seeking to use Koranic passages to assert their dogged beliefs that it’s their way or.. Well, you are kuffar.

All of this of course couched in much softer language.

Now, as an outsider to the Muslim faith, and faith in general, I often find myself reading this drivel and thinking “religion is the opiate for the masses” in this case it is more than an opiate, it is a complete brainwash and blow dry. Ultimately, I think that the movement from harder language and more politic speech patterns begins to show just how much a political organisation this is becoming as opposed to a religious movement seeking an Caliphate. Simply put, these guys want to be in power and they will use any means, including political ones, to be the seat of said power.

Even the look of the magazine has taken on the visage of being a counter culture hip mag. The target audience of course is in fact the teen to twenty something in the Western hemisphere seeking something to believe in after all. I suspect that the contents of the likes of Emerson Begolly’s hard drives likely has copies of Inspire on them as do other kids who are seeking the same kind of movement to be a part of.

And that is where it is insidious.

From a psychological standpoint, this change in tact is very PSYOP in nature. Lull, cajole, and wheedle all the while promising an end to life that will have greater meaning and an after life full of wine women and song. All the while they are also laying out the seeds for “lone wolf” operations in the opening paragraphs by outlining the stats on arrests by the West of jihadist “cells” that were not secure. One passage even says the following;

We have noticed that the year 2010
alone saw the most arrests in the
West for homegrown jihadi opera-
tions. Most of those arrested were
arrested in groups, one connected
to another. Sometimes the enemy
would even set up the brother in a
sting operation, fooling him into be-
lieving that he was working with the
mujahidin. Keeping that in mind, we
have witnessed that operations done
by lone individuals has proven to be
much more successful. So what can
we learn from this? Group operations
have a greater tendency of failing
than lone operations due to the idea
(of the operation) escaping the mind
and tongue to other individuals.

Even if those individuals are trust-
worthy in your eyes, there is still that
1% chance that someone from the
intelligence agencies are listening in
and paying attention to your groups’
actions or that the person you are
talking to might be working for the
enemy or that he might be pressured
at a later period to give information
to them. With lone operations how-
ever, as long as you keep it to your-
self, nobody in the world would know
what you’re thinking and planning.
That’s why individuals like Taimour,
Roshonara, Nidal and others have
been successful, even if they were
ultimately arrested. The fact that they
were able to pull off their operations
without being halted by authorities is
a great success.

It’s an interesting mix in this issue but the message is much the same. Even with the new polish to the layout and the soft question and answer section, it is still a propaganda piece for a group of people who only really want to be in power. A group that will do whatever it takes, including becoming more and more “western” in style to get it.

So much for militant Muslim faith huh?

K.

We have noticed that the year 2010
alone saw the most arrests in the
West for homegrown jihadi opera-
tions. Most of those arrested were
arrested in groups, one connected
to another. Sometimes the enemy
would even set up the brother in a
sting operation, fooling him into be-
lieving that he was working with the
mujahidin. Keeping that in mind, we
have witnessed that operations done
by lone individuals has proven to be
much more successful. So what can
we learn from this? Group operations
have a greater tendency of failing
than lone operations due to the idea
(of the operation) escaping the mind
and tongue to other individuals.
Even if those individuals are trust-
worthy in your eyes, there is still that
1% chance that someone from the
intelligence agencies are listening in
and paying attention to your groups’
actions or that the person you are
talking to might be working for the
enemy or that he might be pressured

at a later period to give information
to them. With lone operations how-
ever, as long as you keep it to your-
self, nobody in the world would know
what you’re thinking and planning.
That’s why individuals like Taimour,
Roshonara, Nidal and others have
been successful, even if they were
ultimately arrested. The fact that they
were able to pull off their operations
without being halted by authorities is
a great success.

Written by Krypt3ia

2011/03/31 at 14:27

Backstopping Backtrace: Maltego Mapping of Data-Points

with one comment

Laurelai Storm

I have been following the Backtrace Security vs. Anonymous battle since BT decided to “dox” the Anon’s who were running the HBGary event. After the Feds had BT pull the dox (I got copies though, I mean, it is the Internet.. Nothing goes away) I decided it was time to see just what was in them. I then read the entire transcript file and teased out some pertinent data. Once that was done, I booted up Maltego and began looking around.

Now, the Anon’s claim that the data was bogus to start, but, I am seeing some hits here from the very thing I have written about here before. The re-use of nicks on other venues WILL lead to compromise of anonymity IF they actually tag real attributive data to their use. The transcript of the IRC #HQ channel though, does show that the Anon’s were seeking to create disinformation campaigns of their own as well as salt the Internet with false profiles after the HBG attack. It is important to note though, that this seems to only have been the case this last February, meaning that they were not all creating those false personae online as red herrings before this.

This is a key factor as much of the data Maltego was locating pre-dates the Anonymous OP’s that are germane. As this is the case, then the data I am finding, I believe, is actually solid and could lead to personae compromise of these Anon’s.

Nessuno834 aka Kieron Parr

As you can see from the maps, once key data points are added together and mapped, you can see the intersections where the users identities touch and can lead to even more data. Having had not only the nick but also a real name adds to this greatly and as you can see, you can make inferences as to patterns of behaviour, posting, and actual validity of the claim by BT. It is only a matter of time and sorting through the hits to weed out the false ones that you can get a pretty good picture of who the person is, their previous postings using the same nick, and whether or not they seem to be a likely candidate. In the cases of the three nicks searched here, I was able to pretty safely say that they all are technical individuals with connections to 4chan/Anonymous and as such, the authorities are likely paying attention to them already through their own investigations.

So, I guess in the final assessment, one could say that these people had created these personae as backstops and that these are just another red herring. On the other hand, I believe that this is pretty much not the case. The data points go back to 2008 or earlier and as such, human nature has bitten them in the end with regard to habits and lack of OPSEC.

I guess time will tell as to who may or may not get pinched… Whoever Hubris is, they chose their name well.

K.

Written by Krypt3ia

2011/03/29 at 14:26

Posted in Maltego

Leggo My Steggo

leave a comment »

Written by Krypt3ia

2011/03/29 at 13:11

Posted in LeggoMySteggo!

Anonymous #HQ: Inside The Anonymous Secret War Room

with 7 comments

John Cook and Adrian Chen — Dissident members of the internet hacktivist group Anonymous, tired of what they call the mob’s “unpatriotic” ways, have provided law enforcement with chat logs of the group’s leadership planning crimes, as well as what they say are key members’ identities. They also gave them to us.

The chat logs, which cover several days in February immediately after the group hacked into internet security firm HBGary’s e-mail accounts, offer a fascinating look inside the hivemind’s organization and culture.

  • Sabu
  • Kayla
  • Laurelai,
  • Avunit,
  • Entropy,
  • Topiary,
  • Tflow
  • Marduk
  • Metric
  • A5h3r4

So, Hubris/A5h3r4/Metric have broken into the inner circle of at least one cell of Anonymous. I say cell because I do not think that these users are the actual full scale leaders of Anonymous, instead, as I have said before, there are cell’s of Anon’s that perform operations sporadically. These folks, if the chat transcripts are true, are the ones just behind the HBGary hack and at least one of them, with the Gawker hack.

Once again, I will reiterate here that I think Anonymous is more like a splinter cell operation than anything else. There is an aegis from the whole as an idea, but, they break off into packs for their personal attacks, or whatever turns them on. They coalesce into a unit when they feel moved to, but, they do not overall, just get together and act without direction on the part or parts of leaders.

The example below of the transcripts for #HQ show that these characters though, are a little high on themselves after the hack on HBG… And you know what happens when you don’t pay attention to the hubris factor. You get cocky and you get burned. As you can see below, some of them are at least nervous about being popped or infiltrated.. Those would be the smart ones…

04:44 <&Sabu> who the fuck wrote that doc
04:45 <&Sabu> remove that shit from existence
04:45 <&Sabu> first off there is no hierachy or leadership, and thus an operations manual is not needed

[snip]

04:46 <&Sabu> shit like this is where the feds will get american anons on rico act abuse and other organized crime laws
04:47 <@Laurelai> yeah well you could have done 100 times more effective shit with HBgary
04:47 <@Laurelai> gratted what we got was good
04:47 <&Sabu> if you’re so fucking talented why didn’t you root them yourselves?
04:47 <@Laurelai> but it could have been done alot better
04:47 <&Sabu> also we had a time restraint
04:48 <&Sabu> and as far as I know, considering I’m the one that did the op, I rooted their boxes, cracked their hashes, owned their emails and social engineered their admins in hours
04:48 <&Sabu> your manual is irrelevent.

[snip]

04:51 <&Sabu> ok who authored this ridiculous “OPERATIONS” doc?
04:51 <@Laurelai> look the guideline isnt for you
04:51 <&Sabu> because I’m about to start owning nigg3rs
04:51 <&marduk> authorized???
04:52 <@Laurelai> its just an idea to kick around
04:52 <@Laurelai> start talking
04:52 <&Sabu> for who? the feds?
04:52 <&marduk> its not any official doc, it is something that Laurelai wrote up.. and it is for.. others
04:52 <&marduk> on anonops
04:52 <&Sabu> rofl
04:52 <@Laurelai> just idea
04:52 <@Laurelai> ideas
04:52 <&Sabu> man
04:52 <&marduk> at least that is how i understand it
04:52 <@Laurelai> to talk over
04:53 <&Sabu> le sigh
04:53 <&marduk> mmmm why are we so in a bad mood?
04:53 <&Sabu> my nigga look at that doc
04:53 <&Sabu> and how ridiculous it is

[snip]

04:54 <&marduk> look, i think it was made with good intentions. and it is nothing you need to follow, if you dont like it, it is your good right
04:55 <&Sabu> no fuck that. its docs like this that WHEN LEAKED makes us look like an ORGANIZED CRIME ORGANIZATION

My observations though have always been that the groups would be infiltrated by someone and then outed. It seems that this may indeed be the case here if the data is indeed real. It seems to me that a certain j35t3r said much the same before, that he could and did indeed infiltrate the ranks, and had their data. Perhaps J has something to do with this? Perhaps not… Still, the principle is sound.

  1. Infiltrate
  2. Gather INTEL
  3. Create maps of connections
  4. Report

It would seem also that these guys are liminally aware of the fact that their actions can be seen as a conspiracy and that the government will not only get them on hacks potentially, but also use the conspiracy angle to effectively hogtie them in court. Let me tell you kids, there is no perfect hack… Well unless the target is so inept as to have absolutely no logging and does not even know for a very long time that they had been compromised.. Then the likelihood of being found out is slimmer, but, you guys popped and then outed HBG pretty darn quick.

I am willing to bet there are breadcrumbs.. And, those said breadcrumbs are being looked at by folks at some three letter agencies as I write this. You see kids, you pissed in the wrong pool when it comes to vindictiveness. I agree that HBG was up to bad shit and needed to be stopped, but, look at the types of things they were planning. Do you really think that they are above retaliation in other ways than just legal? After all, they were setting up their own digital plumbers division here huh?

Anyway… Just sayin…

Back on topic here with the Backtrace folks and the logs. I have looked at the screen names given and have come to the conclusion that they are all generic enough that I could not get a real lock on anything with Maltego. I had some interesting things pop up when you link them all together, but, overall not enough to do anything meaningful. The other issue is that Maltego, like any tool using search engines and data points, became clogged with new relational data from the articles going wide. I hate it when the data is muddied because of this.

So, yeah, these names are not unique enough to give solid hits. Others though who have been re-using nicks online as well as within the confines of Anonops, well that is another story. I just have this feeling that there are larger drift nets out there now hoovering all you say and do on those anon sites, even if they are in the .eu space. I still have to wonder if any of those IRC servers have been compromised yet by certain intelligence agencies.

One wonders too if China might also be playing in this area… How better to sow discontent and destabilize than to use a proxy like Anonymous for operations?

For that matter.. How about the CIA?

NSA?

Think on it… Wouldn’t Anonymous make a perfect false flag cover operation?

For now, I am going to sit and watch. I would like to see the full chat transcripts though. Now that would be interesting.

“May you live in interesting times”

Indeed.

K.

Anonymous vs. Anonymous: Enough Hubris To Go Around

leave a comment »

The nameless revolution that calls itself Anonymous may be about to have its own, online civil war.

A hacker startup calling itself Backtrace Security–made up of individuals who formerly counted themselves as part of Anonymous’ loose digital collective–announced plans Friday to publish identifying information on a handful of active members of Anonymous. According to one source within the Backtrace group, it will release the names and instant messaging logs of dozens of Anonymous hackers who took part in attacks onPayPal, Mastercard, the security firm HBGaryWestboro Baptist Church, and the Marine officials responsible for the detainment of WikiLeaks source Bradley Manning.

That spokesman, who goes by the name Hubris and calls himself BackTrace’s “director of psychological operations,” tells me that the group (Backtrace calls itself a company, but Hubris says it’s still in the process of incorporating) aims to put an end to Anonymous “in its current form.” That form, Hubris argues, is a betrayal of its roots: Fun-loving, often destructive nihilism, not the political hacktivism Anonymous has focused on for much of the past year. “[Anonymous] has truly become moralfags,” says Hubris, using the term for hackers who focus on political and moral causes instead of amoral pranks. “Anonymous has never been about revolutions. It’s not about the betterment of mankind. It’s the Internet hate machine, or that’s what it’s supposed to be.”

The rest is HERE

“Cyberdouchery” it’s a term coined within the last year as far as I know for snake oil or hype mongers within the Infosec community. I have to say that this alleged group of ex-anon’s kinda fits the term for me. Whether it’s the reason that they state of being tired of Anonymous’ being moral fags, or the idea that they just want to get back to their troll roots, I pretty much just think its a publicity stunt. Of course, the darker side of me could see the way to believing that this is just some sort of psyop by person/persons unknown to get a reaction out of Anonymous.

I have written in the past about the herd mentality as well as convergence theory where it regards Anonymous. In each of those scenarios though, there is the idea that there are leaders. No matter the number of times Anonymous may say they are leaderless, I say that this is just impossible from the point both of these theories take. Even if someone is a leader for a day or minute, there is a leader, and there are followers, either anointed by the pack or by themselves. There are also the minions that do the work, such as the mods and the managers of the servers and systems. Those too could be seen as leaders within the infrastructure too. Now it seems though, that this new group is going to attempt to name leaders by use of social engineering and data collection.

… And that is what Aaron Barr wanted to do.. Well sorta… Then he shot himself in the foot with his own machine gun of hubris.

All in all though, this looks to be on the face of it, just an attempt at #LULZ by these folks at Backtrace. The use of the crystal palace image alone screams nearly the same shrill tune as using too many numbers in one’s nickname in leet terms. If you look closely though, you will see that they also claim to offer services such as “Cyber Espionage” *blink* Not counter intelligence nor counter cyber espionage, but cyber espionage. Just as they also offer cyber warfare and a host of other hot terms with cyber in them. That just reeks of the cyberdouchery I spoke of at the top of the post. So, in reality I don’t take this all too seriously.

I guess we will just have to wait and see what develops with this insurance file and the alleged outing that will happen…

There will be #lulz

K.

SMS Terror: Not so new but, this is a new twist

leave a comment »

One of the Taliban’s most effective tools to persuade Afghans not to work with the U.S. or its allies is the night letter — a note warning people they’ll be targeted for death unless they change their infidel-loving ways. But that’s too analog. These days, the Taliban is mass texting gruesome videos to Afghans’ cellphones to spread the same message.

The insurgency’s media committee produces videos like this one — which we won’t embed — glorifying suicide bombers and posts them on Taliban websites like Shahamat.info and Alemarah-iea.net. Befitting the growing importance of social media to insurgents, Facebook pages purporting to be adjuncts of Taliban propaganda networks pop up to display the imagery, hoping to slip past Facebook’s usage police.

But to maximize the videos’ reach, insurgents send them out through SMS chains, until they eventually reach unsuspecting Afghans. It’s a quick way to take night-letter videos viral — and disguise the usage chain from its origin, preventing authorities from shutting down the distribution system.

The rest is at Wired

Since the communications infrastructure has been built up some more with the help of the likes of private contractors in Afghanistan, it is only natural that mass SMS barrages would be used by the Taliban. This is not a new thing though to the jihadis, they have been passing along shahid videos for some time on mobile phones via SMS. The twist here is now instead of passing along just propaganda, they are also sending threats. It would seem the Talib’s have been taking cues from the rest of the world on social media and its uses.

Of course, the original method of scaring people into submission, to me, seems to be much more visceral, the “night letter” This is where people tack up a letter to your door and bang on it, scaring the occupants, something akin to a jack booted Nazi door kick. Except in this case these guys run away instead of  coming in and terrorizing everyone. It’s the Taliban version of leaving a dead rat tacked to the door.

On the other side of this though, I have to wonder about with all of the new infrastructure, there must be some potential to be tracking these SMS originators through their ESN’s right? Not all phones can be “burner” phones there in Afghanistan right? Even if they are, surely the cell towers can’t be that plentiful so as to make DF-ing them ponderous? If I were the anti terror forces, I would be heavily monitoring the comm’s anyway… So, keep on SMS-ing everyone Taliban! Soon the night letter will be coming to your flap.

CoB

Rising Enterprise Reports Hacking On Chinese Assets Up In 2010

leave a comment »

下载《瑞星2010中国企业安全报告》

3月10日,亚洲最大信息安全厂商瑞星公司发布《2010中国企业安全报告》,对国内企业和单位所面临的安全风险进行了深入剖析和解读。报告指出,政府、军队、教育科研等机关单位已经成为黑客攻击的重要对象;2010年,高达90%的传统企业内网(仅计算与互联网连通的企业网络)曾被成功侵入;几乎百分之百的互联网公司都遇到过渗透测试、漏洞扫描、内网结构分析等安全事件,而有85%以上曾被黑客成功获取一定权限。

瑞星安全专家表示,2010年,以百度遭到域名劫持攻击为标志,所有中国的大型公司和网站都遭到了严重的安全威胁。DDOS攻击、病毒植入、域名劫持、机密信息丢失、管理权限外泄等成为企业最易遭受的黑客攻击。

而在被攻击对象方面,软件系统不再是唯一选择,手机、U盘、移动硬盘、基础设施等都已经成为黑客的攻击目标或者跳板,企业急需量身定制全面、系统的整体安全解决方案。

政府、军队、教育科研机构等成为黑客攻击的重要对象

Translation:

March 10, Asia’s largest information security company Rising has released ” Security Report 2010, Chinese enterprises “, and units of domestic enterprises face security risks in-depth analysis and interpretation. The report notes that government, military, educational institutions and scientific research units have become an important target for hackers; by 2010, up to 90% of the traditional enterprise network (only the enterprise computing and Internet connectivity network) has been successfully invaded; almost one hundred percent of the Internet companies have encountered penetration testing, vulnerability scanning, structural analysis within the network security incidents, while 85% had been successful for certain privileges hackers.

Rising security experts said that the year 2010, Baidu has been marked by domain name hijacking, all of China’s large companies and websites have been a serious security threat. DDOS attacks, viruses implantation, domain name hijacking, loss of confidential information, disclosure and other management authority become the most vulnerable to hacker attacks.

The areas being targeted, the software system is no longer the only choice, mobile phones, U disk, mobile hard disk, infrastructure and so has become the target of hackers, or springboard, enterprises need to tailor comprehensive solutions to the overall security of the system .

Government, military, education and scientific research institutions have become an important target for hackers

Well, turn about is fair play is it not? Apparently, if you are to believe the data from this report, then it seems that China has been the target of some hacking. Of course who might it be that this report is claiming is at the top of the aggressor list?

Why the USA of course!

Now, that is convenient huh? Well, I can be sure that the USA has been trying to hack these entities in China, but, would the US be as silly as to just do it blatantly like the Chinese do? Maybe they would, maybe they wouldn’t. What it does say however is that now the game is on with the Chinese it would seem. I think though that this has been the case all along. The three letter agencies have been doing this since the start I think and as the world has become more networked, so has the spying. I mean, not only China has a corner on the cyber-espionage game.

Now, on the other hand, this report would amp up the rhetoric on the cyber-espionage topic wouldn’t it? After all, so far we have had so much attention on the likes of Night Dragon, Moonlight Maze, and Aurora as being pinned to the Chinese star. I am sure that the Chinese would love to be able to rationalize their efforts as reciprocity for the attacks by America on them. This is the game that is played and it is much like the games that the USSR used to play with America on the espionage playing field.

I guess the next question for me would be this;

Just how many servers do the alphabet agencies lease time on in other countries such as China to run recon or hack from? Obviously some of those cycles could be on the behalf of some agency or other and they would be none the wiser. A botherd is just a botherd, all that matters is that they get their money on the digital black market. I am sure too that there are plenty of nodes within the Asiatic sector as well as all over the rest of the world, that are acting as launch points for the US, not just servers within the confines of the country.

Well, at the very least this is an interesting albeit feeble attempt at attribution of attacks on China.

Attribution is a bitch and China must know that pretty well.

K.

 

Written by Krypt3ia

2011/03/16 at 20:17