(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for March 29th, 2011

Backstopping Backtrace: Maltego Mapping of Data-Points

with one comment

Laurelai Storm

I have been following the Backtrace Security vs. Anonymous battle since BT decided to “dox” the Anon’s who were running the HBGary event. After the Feds had BT pull the dox (I got copies though, I mean, it is the Internet.. Nothing goes away) I decided it was time to see just what was in them. I then read the entire transcript file and teased out some pertinent data. Once that was done, I booted up Maltego and began looking around.

Now, the Anon’s claim that the data was bogus to start, but, I am seeing some hits here from the very thing I have written about here before. The re-use of nicks on other venues WILL lead to compromise of anonymity IF they actually tag real attributive data to their use. The transcript of the IRC #HQ channel though, does show that the Anon’s were seeking to create disinformation campaigns of their own as well as salt the Internet with false profiles after the HBG attack. It is important to note though, that this seems to only have been the case this last February, meaning that they were not all creating those false personae online as red herrings before this.

This is a key factor as much of the data Maltego was locating pre-dates the Anonymous OP’s that are germane. As this is the case, then the data I am finding, I believe, is actually solid and could lead to personae compromise of these Anon’s.

Nessuno834 aka Kieron Parr

As you can see from the maps, once key data points are added together and mapped, you can see the intersections where the users identities touch and can lead to even more data. Having had not only the nick but also a real name adds to this greatly and as you can see, you can make inferences as to patterns of behaviour, posting, and actual validity of the claim by BT. It is only a matter of time and sorting through the hits to weed out the false ones that you can get a pretty good picture of who the person is, their previous postings using the same nick, and whether or not they seem to be a likely candidate. In the cases of the three nicks searched here, I was able to pretty safely say that they all are technical individuals with connections to 4chan/Anonymous and as such, the authorities are likely paying attention to them already through their own investigations.

So, I guess in the final assessment, one could say that these people had created these personae as backstops and that these are just another red herring. On the other hand, I believe that this is pretty much not the case. The data points go back to 2008 or earlier and as such, human nature has bitten them in the end with regard to habits and lack of OPSEC.

I guess time will tell as to who may or may not get pinched… Whoever Hubris is, they chose their name well.


Written by Krypt3ia

2011/03/29 at 14:26

Posted in Maltego

Leggo My Steggo

leave a comment »

Written by Krypt3ia

2011/03/29 at 13:11

Posted in LeggoMySteggo!