Archive for September 2011
AQAP and Al-Malahem Post 9.30.11
It seems that a drone/air attack in Yemen has taken out two key players in the AQAP and Al-Malahem Media organizations in the deaths of Anwar Al-Awlaki and Samir Khan. Awlaki, the American “cleric” who made his way to Yemen to be the spiritual and charismatic head of AQAP (Al Qaeda in the Arabian Peninsula) evidently was in close proximity (and makes sense given their org) to Samir Khan, former American as well, who became the creator and editor of “Inspire Magazine” and the Al-Malahim Media group. This one strike will place AQAP as an organisation as well as Al-Malahem, into a tail spin from losing their mouthpiece and their propagandist.
…And I am just fine with that.
Hey Adam.. You’re next pal.
It is interesting timing for all of this too as the “media jihad” as it was called in the last issue of Inspire, was for all intents and purposes, still just spinning up in many ways. Samir and Adam and others in their crew had just really been getting into the swing of being the media arm of AQAP with Inspire and the videos etc. They had been groping along on how to really carry all this out up till now, though, it seems like the last issue of Inspire was a haphazard and perhaps hurried issue? The content was thin and seemed to me like they had been otherwise occupied.. One wonders why… Perhaps their ranks were on the run? Today’s news might in fact be the end game to that puzzle huh?
In all though, I think that this will deal a great blow to AQ and AQAP’s media arm. We will be seeing less out of them and I am pretty sure that it will take some time for them to get others to take over the rolls who are adept at it. Most of all, there will likely be no other charismatic leader like Awlaki showing up soon. Ghadan is not all that and we have seen little of him lately, so I am assuming that they will be quiet for a while.
Time will tell.
Now, as to why this is REALLY important, well, as you saw in my analysis of the Inspire 7 issue, the “media jihad” is really their only way to resuscitate the jihad in many ways as I see it. They have been really trying to fight this recruitment battle on the internet with all their magazines, sites, and videos. Now, the real media wing that has been so prevalent in trying to create more Rezwan Ferdaus’ is now hurt pretty badly. Just as is the spiritual leadership (more rhetoric to me) of Awlaki was a beacon for the likes of Rezwan or someone else like the michiganmujahid who often writes about his hard on for Awlaki. So, my one real hope is that not only did we remove the problem of a couple of influential guys, but also cripple the media org at the same time.
Meanwhile, on another side note to this story… For anyone and everyone talking about the assassination of a US citizen, I would have you know this. He was no longer a citizen by my standards. He left the US, he joined AQAP in a lead roll, and he renounced his citizenship in videos on a couple occasions. So, no, we did not assassinate a US citizen. We instead assassinated a NON STATE actor in an action during a two front war.
End of story.
K.
Rezwan Ferdaus, FBI Sting Operations, And Internet Jihad
It seems that the case of Rewan Ferdaus is once again showing us how the Internet jihad is helping to create more jihobbyists who could potentially move into active status. In the case of Ferdaus, he had some help in actuating his plans for jihad from some undercover agents and a “CW” (cooperating witness) Now, there has been a lot of talk lately about the only terrorists being caught here are the ones that the FBI is making and frankly, I think that sells things a little short in the real world. Sure, these stings are facilitating these people into action, but only after the individuals have pledged themselves to do something, much like Ferdaus himself. It seems from the Affidavit that Rezwan had had this plan in mind for some time and it was only after he talked to his friend the (CW) about it, that the feds got involved giving him the material support to carry out his plans.
And that’s where people get turned around here.
Ok, so you say that the FBI is entrapping people like Rezwan. They give him support and talk up the jihad perhaps. Sure, that is possible and that would be entrappment, but nowhere in this affidavit do I see entrapment. What I do see is a guy who wants to go to jihad and who frankly, is a bit of a misfit looking to fit in or have something to believe in. Might he have dropped this if he had been left alone? Or even for that matter, could the FBI have talked him out of doing this? Would that actually be of worth? The way I see it, he was on a path that he would have fulfilled one way or another with or without the help of the FBI UCE’s
In the affidavit you can clearly see how Rezwan “self radicalised” on the internet. Specific claims are made by him how he was surfing jihadi websites and seeing how evil the US was, and it was this that gave him the idea to go to jihad. I am sure the reasons are more complex and perhaps even that Rezwan has some mental issues, but, the gist is there. The materials were online, and he watched/read/listened along becoming more and more convinced that the kaffir have to die.
Rezwan also said on several occasions that his plan was to “destroy” the head of the snake (AKA the Pentagon and the Capitol) but he also knew that this was rather impossible given that he only had 3 micro jets (RC controlled jet planes) to work with, so the reality of it must have been lurking in his head somewhere. Surely 25lbs of C-4 is not going to bring down the Pentagon and the Capitol. Rezwan also wanted to have co-conspirators and had a plan to have AK47’s to shoot at the people coming out of the buildings after the planes hit. This was to sow more fear and to take out more kaffir. However, in one telling sentence he pretty much says that all of this is to “psychologically” attack America, so he must have known that this was a small attack in comparison to 9/11.
Though, if you have been looking at the past 7 issues of Inspire Magazine, then you can see how he was thinking along the lines of what Al Malahem has been saying for some time. If you keep American’s psyche’s unbalanced, that is much better than large scale attacks. My question though is how unbalanced would we be after an attack like this? Seems like we have been pretty battle tested between 9/11, Columbine, and VT. I guess though, the premise is there and it is sound enough. Had he carried this off, he would have had a wave of fear and knee jerk reaction that AQ would love to see happen here in the states.
So, here we have a prime example of the Internet jihad’s potential. Real life actions by unbalanced individuals that have been spun up by the rhetoric of AQ and AQAP. So, for all those making snarky comments about the FBI only catching these guys within stings I suggest you think about it another way. Had they not known about him and not gone through this process, he may well have indeed come in contact with an Anwar Alawki or others who could have potentially given him support to really have pulled off an attack.
At least the feds stopped him.
K.
Anon Analytics: OSINT/LEAKING Analysis Of Corporate Corruption
It seems that Anonymous has begun to understand that to change the world they may have to play within the rules somewhat. In the panel discussion at Defcon, we discussed how Anonymous should channel their efforts to have greater effect without all the blowback and collateral damage that they had been creating with their antics. This week Anonymous came up with a new splinter org that claims to be an analysis wing looking into corporate wrongdoing. This group is called Anonymous Analytics and claims that they are using open source information as well as soliciting leaks/whistleblowers to provide them with data to show corporate malfeasance.
The claim has been made that the idea came from the “OpOccupyWallStreet and OpEmpireStateRebellion” by the new group and that the take away was that if you directly affect the stock price of a company you get quick attention and potentially, corrections in behavior. At the very least I would say, is that this would cause waves either way. The problem is yet again, verification of actual malfeasance or corruption.
When asked by the Financial Times, if the anon’s involved had CFA qualifications, the Anonymous representative said “That’s entirely possible. Our backgrounds vary, but it’s not something we discuss” Which is really just a way of saying “no” So, once again we have the greater potential for more dumps of data from Anonymous that turns out to be nothing to write home about and is not verified in any way. This will ultimately fail as the other efforts have failed to make a change unless they do get bone fide people with credentials to verify the data that they claim to have AND it can be proven that the data is not manufactured.
Both of these things are hard and more likely to happen if they actually get someone from the inside to give them the data. Like another organization we all know, Wikileaks. So, to their credit, Anon Analytics did set up a dead drop of sorts (at time of writing here, it was not working) as well as a Hushmail acct was offered as a means of contact for encrypted and secure communications. So, the intent is there to gather the data from sources instead of just hacking into places and taking whatever they can get their hands on and puking it out on the internet.
Which is good.
Now to the bad… While I appreciate the effort they are making, they have to have the following things in place to have a real affect.
- Fix the drop site and insure it is secure
- Drop the Hushmail acct, the FBI and the USGOV have deals with Hushmail (check Google kids). They can access the data through warrants served to Canada and the corporation… It’s not as safe as you think
- Obtain the expertise of real CFA’s and others as you mention on your site but cannot verify. If you don’t have the expertise, then you should turn over anything that comes to you to those who are experts and let them tell the media.. Or just give it to the media to start
- Verify Verify Verify BEFORE you post stuff! You have looked like fools and no one trusts you thus far
- Speaking of trust.. Until you prove yourselves with some good intel, you are considered fabricators so do it right
- IF you start trying to just hit companies bottom lines (stock prices) through FUD, then you will be marked only as problem children and when they catch up to you, the price will be steep legally
- Do not make this a weapon wielded by incompetents it will only go badly
This is pretty much the kind of thing we were talking about at Defcon, but, it has to be done right or nothing good will come of it. I laud your intention, now tighten it up and show us you can do something productive.
K.
Inspire 7: The 9/11 Anniversary Edition
Well, it seems that the Khan media wing of AQAP/Al-Malahem finally got around to releasing the latest version of “Inspire Magazine” with some rather uninspiring content yesterday. Though the core sites of Shamukh and Ansar were under assault from DDoS attacks by persons unknown (Jokey’s pals?) the Malahem guys managed to disseminate the file and it went large on numerous file share areas on the Internet. Which just goes to show you how effective those DoS attacks are eh?
*wink wink nudge nudge kids*
The magazine this time around was the 10 year anniversary issue, which was over a week late to start and then had slim content. This makes me wonder just why it was so thin as well as why they even really bothered at all. The 20 pages consist of mostly uninteresting statements and pictures from jihadi leaders past and present about how they had struck a great blow for Islam and jihad 10 years ago. Reminiscences aside, not much there to really inspire I think. However, there is a core piece by Samir Khan (founder of the magazine and former US citizen turned jihadi media mogul.. *not*) that is somewhat interesting and germane to recent events.
The Wired articles about FBI training manuals and programs on Islam were not necessarily out there when this magazine was put to bed, but, it seems like perhaps Khan and the others at Malahem were already responding to them.
As we pointed out, this media
conflict between the West and the
mujahidin quickly became a war
of Western secular ideology and
Islam. Shaykh Usama intended
to attack the West to point out to
the world America’s police-state
foreign policy upon the Muslim
world and not the West’s corrupt
secular principles. But because the
West was ardent to point out the
mujahidin’s attachment to Islam as
extreme, portraying them as “fun-
damentalists,” Muslims throughout
the world asked: “Wait, are they
not then concluding that a good
practicing Muslim is their funda-
mentalist enemy?” Zakir Naik, the
popular television personality who
is known for his religious debates
and runs the PeaceTV network, has
repeatedly echoed, “Every Muslim
should be a fundamentalist as a
fundamentalist is one who sticks
to the fundamentals of Islam.” This
attack led by America on the muja-
hidin’s adherence to Islam was one
of the main reasons that led to the
defacement of their legitimacy in
the eyes of millions of Muslims. To
this day, America has still failed to
realize that.
This one passage covers a lot of what the Mujahid propaganda campaign by Al Malahem and AQ have really been trying to get across to promulgate a reaction within the ummah globally to come to their way of thinking. By instantiating the idea that every Muslim should be “fundamental” to be Muslim to begin with, they are making a play at every single Muslim, no matter what part of the spectrum, to become fundamentalist. By using even a popular TV personality to make this point, they are trying to slip this into the collective mindset. Where this meets the Wired article and the training debacle is quite obvious though, those tutorials all portrayed the idea that the problem isn’t the Muslim, its in fact Islam itself.. And of course Shari’a law as well.
Its this argument that perhaps Spencer Ackerman should be enlightened about.. I find it funny as well that he took little time to really read the magazine before writing his piece on it at Wired. The article lacks complete understanding and in fact comes off as jingoistic propaganda itself, which is even more ironic given the nugget here by Khan about the media war that AQ and AQAP are trying to wage huh?
Hey Spencer, how about spending more time cogitating than being dismissive. I am sure it would be a much more interesting article had you taken the time to really read it.
This is not to say that the “Media War” as Khan puts it, is really working. In fact, I would say that it is not as a larger effort, working the way they would like. We have not seen in influx of jihobbyists or new suicide bombers here in the West, where this magazine is aimed at. Instead, those few who may be on the path to radicalization will only likely use this as another piece of their collective echo chamber. However, the core idea of what Khan is saying about the position of the West and our misunderstanding is pretty much on the money. Khan also likes to cite Michael Scheuer much of the time and I can understand why. It was Scheuer who was first on at Alec Station and has a pretty good grasp of Bin Laden, Jihad, and the AQ mindset. It was Scheuer in fact who has been saying all along that the US government and people were playing right into the hands of AQ by doing what we did in Iraq etc. I would suggest anyone wishing to get a better grasp of all of this read his books.
What Khan fails to understand is that this is not the first “propaganda war” that the US has waged. Sure, its the first one really online per se, but, it’s certainly not completely new. It’s just new to Khan and the AQ set is all. So, they have set up for a slick magazine that they can try to grab the kiddies with interspersed with some more cerebral content. In this edition, its more about the cerebral areas that are more telling than all of the claptrap propaganda around the big win of 9/11. This part of Spencer’s piece is right, its really mostly piffle, but, it is key not to ignore the rest of the content.
Meanwhile, there are oddities like the article on how Iran’s belief in conspiracies riles up the AQ set. Really? You guys are so miffed about Mahmoud that you had to write about it? Frankly we all know he’s a nutbg, but really, there is no need to go into this. I really have to wonder why this came up at all. It would seem that perhaps maybe the “Truther” movement is gaining so much potential that Khan and company feel they need to say “HEY we did that!” Whatever the motivation, it was an odd trek off the beaten path there.
Overall, there are some interesting intimations within the contents of this magazine as well as from the point of view that the content is skimpy and not the norm. No how to build bombs, no AK-47 schematics and tutorials. Why? Why too the seemed rush to this then the falling off by letting it out way after the actual anniversary of their “great blow against us” ? Could it be that the drone strikes are getting a bit close to them? Did we perhaps hit a main facility for production and they had to go from a backup that wasn’t finished?
Have they run out of ideas?
One wonders..
Oh well, this magazine may actually be in decline.. and you know what.. That’d be ok with me.
K.
“What We Have Here… Is A Failure To Communicate” Stuxpocalypse and FUDDERY
FUD FUD FUD PUFFERY!
Once again I find myself having to respond to chicken little dullards spewing FUD across the internets to make themselves muy importante. Once more I have to say that the current FUD du jour on STUXNET and the fact of just how many SCADA systems are online is getting tedious. So, Mr. Wright, yet again I have to school you on the facts and disabuse you of the idea that you are correct in your thinking.
So you say that SCADA is online… I never said they were’nt frankly. If you look closely at the sentence I actually say *crosses fingers* I KNOW that there are systems online and available to the internet TODAY, a simple Shodan search for Siemens Simatic PLC systems turns up 25 hits in the US alone. So, yes Mr. Wright, they are online and I knew this. I also was saying tongue in cheek that I had hoped that more of them would not be so readily available and that the people involved in management were taking care to remove the systems from non air gap networks.
Yes Craig, there is a problem, but, it is not of the EPIC proportions that you seem to be ascribing to as a member of the Langer echo chamber.
http://www.shodanhq.com/?q=PLC
http://www.shodanhq.com/?q=allen+bradley
http://www.shodanhq.com/?q=fanuc
http://www.shodanhq.com/?q=Rockwell
http://www.shodanhq.com/?q=Cimplicity
http://www.shodanhq.com/?q=Omron
http://www.shodanhq.com/?q=Novatech
http://www.shodanhq.com/?q=Citect
http://www.shodanhq.com/?q=RTU
http://www.shodanhq.com/?q=Modbus+Bridge
http://www.shodanhq.com/?q=modicon
http://www.shodanhq.com/?q=bacnet
http://www.shodanhq.com/?q=telemetry+gateway
http://www.shodanhq.com/?q=SIMATIC
http://www.shodanhq.com/?q=hmi
http://www.shodanhq.com/?q=siemens+-…er+-Subscriber
http://www.shodanhq.com/?q=scada+RTS
http://www.shodanhq.com/?q=SCHNEIDER
Above links from backtracklinux.com by way of infracritical.com
So Craig, your experiences, while not the outside the norm of mine and others in the business (inclusive of pentesting systems within airframe and engine facilities inclusive of SCADA used to control engines) has little bearing on the contention at the root of Mr. Langers diatribe about a “stuxpocalypse” In short, in order to have the “mass casualties” scenario he is crying about, the Stuxnet variants would have to be as varied as the number of makers of PLC systems out there. Just as the actual payload file to make a fire sale scenario happen would geometrically increase to have to become its own form of bloatware.
No Craig, I just don’t see it all happening. I see perhaps pockets of localized attacks on systems, but I do not see a large power failure as much as I see someone making the poop factory spill waste into the water systems. Quite simply, as I was trying to point out Langer is spreading a large amount of FUD in an attempt to garner attention.. Much like I think you have been with your posts on Island that have been.. Well, lackluster at best. It would seem by my reading, that you only comprehend half of what is said and then regurgitate the FUD interspersed with your own experiences.
Let me enlighten you some more..
I have also been told that it’s too expensive, or it’s not important, or it’s not on our agenda as well when it comes to remediation’s that I have recommended to companies, agencies, or governments. We all have, I know this. However, the point I was making was that post Stuxnet, I had hoped that all of these people were taking a new look and remediating the problems that we all know are there. I am not foolish enough to think that everything has an air gap and that all those systems connected to the SCADA themselves are fully patched. This does not mean though, that I think we have to be chicken little here and run around being the “Langer who cried wolf”
Which, you seem to be falling into that category Craig. Which once again makes me think that you are less of a source I would listen to, and perhaps this is why these people you speak of have not taken your advice.
Just an opinion Craig.
So, back to the problem at hand other than your puffery…
SCADA systems are all too often connected to non air gap networks. We all know this. Let me tell you a secret *this one’s for you Craig* Some of them even have WIRELESS connectivity! *yes, its true!*
INCONCEIVABLE!
So, do I think it is a problem? Yes. Do I think that there are so many of these systems online and readily available that we will have a fire sale as Mr. Langer would imply?
No.
Could someone (either state or hacktivist or miscreant) do something to select systems fairly easily if there are not remediations?
Yep.
Would the world end and there would be mass casualites?
No.
All of the systems at play have some redundancy built into them. Am I worried about a meltdown at a nuclear facility *Chernobyl style* if someone messes with some Simatic PLC’s?
No.
Why? Because the systems are redundant and deliberately so. Stuxnet did not cause a meltdown, it was not that kind of network. Stuxnet took out some centrifuges. Could someone infect a network/facility to the point of making all redundant systems fail and cause a meltdown in a nuke plant?
Maybe, but that is really pushing it.
So, sure, there are problems. I know this, you know this, we all know this. However, there is no need to go around whining about how no one will listen to you because you are whining pathetically about no one listening to you. All of this being done on the media who embellishes and uses the FUD to sell air time as well as makes it even worse! It would be better to just shut up and say I told you so than to add to the cacophony of FUD which will inure the masses into apathy.
So, where do we go from here?
As I mentioned before, the picture is bigger than whether or not SCADA systems (whether they be Xp, Windows 98, or NT 3.5.1) *shudder* Old, unpatched, or otherwise vulnerable systems still pose a large threat whether or not they are internet accessible (directly) The fact that physical access had to be had in order to load Stuxnet and then had a feature (p2p) built in as well as a re-infection vector for USB in general, shows that it was a rather complex effort. If someone were able to modify the payload to work on other systems and use it in a phishing exploit, sure, we would have many more potentially infected systems. However, unless they create the uber package I mentioned at the top of this piece, it would take a fair amount of footprinting to find the exact models and firmware being used. Not impossible, but not easy either.
See, its more about defense in depth (or should be) than it is “THE SKY IS FALLING!!”
Do changes need to happen?
YES!
One hopes that they are, but all of this debate and going off half cocked is pointless… And that was my main point.. Which you utterly failed to comprehend Craig. It just goes to show, no matter how many acronyms and letters you have after your name, or how big your bio at the bottom of articles online, do not really mean you have a grasp of the situation.
K.
STUXPOCALYPSE! HIDE YOUR WOMEN AND CHILDREN!
“Last year, after Stuxnet was identified as a weapon, we recommended to every asset owner in America – owners of power plants, chemical plants, refineries and others – to make it a top priority to protect their systems… That wakeup call lasted only about a week. Thereafter, everybody fell back into coma,” Langner told The Christian Science Monitor in a recent interview.
Ralphy, Ralphy, Ralphy, could it be that your company needs more attention? You personally perhaps? This crying “stuxpocalypse” thing is getting a little out of hand and seems rather low rent, well, wait a minute… Looking at that swank faux leopard pillow you have there, maybe this is your style.. Ok, back on topic.. Where was I?
Oh yes..
Ralph, sure, there are many systems out there running PLC’s and yes, they are likely vulnerable to any number of attacks. However, can you please look back and see how long it actually took persons unknown *cough* USA/UK/Israel *cough* to create the Stuxnet attack and breathe a little before you go crying to the likes of the Monitor? I’m sorry, but you are just making yourself look really.. Well.. Needy.
From the quotable “Langer” vol 2 :
“Funny thing is, all these control systems, if compromised, could lead to mass casualties, but we still don’t have any significant level of cybersecurity for them,” Langner said.
The most dangerous development is that DHS and asset owners completely failed to identify and address the threat of copycat attacks…. With every day [that] cyber weapon technology proliferates, the understanding of how Stuxnet works spreads more and more. All the vulnerabilities exploited on the [industrial control system] level and [programmable logic controller] level are still there. Nobody cares,” Langer stated.
“Most engineers are aware of the problem, it’s just that they don’t get the budget to fix the problem. The risk is just discounted. As long as management doesn’t see an immediate threat, there is a tendency to ignore it because it costs money to fix,” Langner explained.
“I couldn’t stand it any longer. We wasted a full year because nobody was listening. We published last September that parts of Stuxnet could be copied and that such a weapon would require zero insider knowledge. Nobody listened.”
“I’m afraid cyber-arms control won’t be possible… It will be costly to fix the vulnerabilities in industrial-control systems. But it will be definitely more costly if we wait until organized crime, terrorists, or nation states make their move first.”
Lets look at the facts shall we?
“Funny thing is, all these control systems, if compromised, could lead to mass casualties, but we still don’t have any significant level of cybersecurity for them,” Langner said.
FACT CHECK: ALL the control systems? Really Ralph, that is not going to happen… You smell the hype here folks? MASS CASUALTIES! FUD FUD FUD I’m sorry, no Ralph, sure, if the system were taken down (say power) there would be, the old and infirm would be the first to go, but a wholesale “fire sale” is not going to happen. It’s really the stuff of movies.. Say, you been watching Die Hard recently?
The most dangerous development is that DHS and asset owners completely failed to identify and address the threat of copycat attacks…. With every day [that] cyber weapon technology proliferates, the understanding of how Stuxnet works spreads more and more. All the vulnerabilities exploited on the [industrial control system] level and [programmable logic controller] level are still there. Nobody cares,” Langer stated.
FACT CHECK: Say Ralph, I seem to remember there being a whole cyber security initiative by the Obama admin that seems to me, covers this area. Though, yeah I would love to see an expedited process, people are looking at this AND knew about these types of attacks WAY before Stuxnet showed up! I mean, how do you think they got the idea in the first place to create such a vector of attack huh? I might also suggest that all of the people who you might be asking about this may not want to talk to you in the first place. It would be like me walking into your house as a stranger and asking “So, what’s your wife’s favourite position in bed?”
“Most engineers are aware of the problem, it’s just that they don’t get the budget to fix the problem. The risk is just discounted. As long as management doesn’t see an immediate threat, there is a tendency to ignore it because it costs money to fix,” Langner explained.
FACT CHECK: Uh yeah.. No.. After what happened in Iran, we are not likely to just avoid the issue altogether.. Once again, I point to the previous statement (wife –> sex –> positions) Rare are the vendors or the end users that are going to divulge the problems they have because they are afraid of compromise, no matter how hard it may be to carry out.
“I couldn’t stand it any longer. We wasted a full year because nobody was listening. We published last September that parts of Stuxnet could be copied and that such a weapon would require zero insider knowledge. Nobody listened.”
FACT CHECK: Well more of a comment really //BEGIN SNARK/SAVE US RALPH! SAVE US!//END SNARK/ people listened.. though, not necessarily to you… Trust me.
“I’m afraid cyber-arms control won’t be possible… It will be costly to fix the vulnerabilities in industrial-control systems. But it will be definitely more costly if we wait until organized crime, terrorists, or nation states make their move first.”
FACT CHECK: Gee Ralph, how about you forget the SCADA systems out there that now have attention and think about everything else out there online. Like, say, every frikkin Windows XP instance still out on the Internet and within private networks that are not patched? How about the fact that said systems are connected to the internet on a regular basis and SCADA aren’t (crosses fingers) Well, they aren’t “supposed” to be. Or did you miss that salient fact that it took a concerted effort to get the Stuxnet into the Iranian facility in the first place because they were NOT connected to the internet as readily as other places?
Ya know.. It’s called HUMINT. We needed someone to plant that USB or place it physically in a box on site. See Ralph, its not just some magic incantation and suddenly you’re infected.
Need I also remind you of the 4 0days used?
Yeah..
So please Ralph, get off the Stuxnet nipple.. We know about it.. We just aren’t talking to YOU about re-mediations.
CISSP ETHICS?
They say that imitation is a form of flattery, but what is outright copying & pasting of original content and pretending its your own? That’s called PLAGIARISM and its WRONG Mr Steven Lentz CISSP. As you can see from the picture directly below, this is a blog post that I ALLOWED InfosecIsland to publish because they ASKED me to.
What YOU did as can be seen below, is SCRAPED the content, REMOVED MY NAME and all ATTRIBUTION as to where you purloined the content and posted it as YOUR OWN! This I am pretty sure is AGAINST CISSP CODE OF CONDUCT.
How is it that you or anyone else today feels the need to steal others content and publish it as their own? Trust me, with Google and other means we can tell who is linking what and who is scraping our content for their own! YOU Sir, have crossed the line and you KNOW IT.
ISC as well as CISSP.com have recieved letters about this and the OTHER content that you have PLAGIARISED.
Cya,
K.
FBI Trainer Says Forget ‘Irrelevant’ al-Qaida, Target Islam
“At the operational level, you have groups such as Hamas, Hezbollah, al-Qaida. Like teeth in a shark, it is irrelevant if you take one group out,” Gawthrop said during his lecture to the New York Metro Infragard at the World Financial Center in downtown Manhattan From Wired.com
Who say’s the crusades are dead? At least that is what it seems to be running through my mind watching this diatribe by William Gawthrop in his video on Jihadist terrorism presented to Infragard. I have news for you William,
“You’re doing it wrong”
Simple enough for you? No? Ok lemme splain some more for you and others out there… 99+% of the 2.2 Billion Muslims in the world are not jihadi fundamentalists. If it were true that all adherents of Islam were radicalised because they believe the “word” of their book and prophet as “gospel” then we would already be a caliphate by now.
Comprende? We savvy?
Now, I know what you are thinking here, its all about the religion of hate that rules over the 2 lands with their Sharia law! Well, sure, there is some Sharia out there but is it really so different from the patina of separation of secular and religious we have here in the states? C’mon, really, think about it, how much is this country ruled by the religious right now-a-days?
Or, should I say how much would they LOVE to be in charge more?
Yeah, you know what? ALL of the books that are “gospel” to these people to become radicalised over were all written by people who barely understood science and now, in some quarters would like to do away with critical thought (science) because it gets in the way of their dogmatic beliefs. Might I just cite a place in Kentucky that has a diorama with dinosaurs and man TOGETHER?
Fucking Marx was right about one thing; “Religion is the opiate for the masses” So, when you or anyone else wants to cite any one religion as the bane of existence (in this case Islam) then I suggest you take a long hard look at the other religions out there and just who is running them as well as created them.. Yep, it was us, humans.
No burning bush
No alien tablets
No God delivering us a giant idol to worship
We as humans wanted to rationalise that which we did not understand (death, life, the universe, everything) and our primitive brains could only come up with the construct of God… I have more news for you. It’s not the books fault. They were written long ago and things were more primal. It’s 2011 and you know what? Any of the books taken LITERALLY are indeed done so by lunatics who lack a perception of reality.
In essence, its not the religion or the book or the law.. It’s who’s wielding it as a cudgel to further their own agenda.
So, when you have someone like Mr. Gawthrop blaming the book for people’s actions, he is completely discounting the human element here. Perhaps it would have been better if he had decided to quantify things with the words “Radical Sharia believers” or “Radical Muslims” Ya know, kinda like Radical Christians or even Radical Shinto Buddhists! Though, there have not been too many Buddhists whacking folks out there.. More like immolating themselves to make us all look at our own shit.. But I digress.
For every belief whether it be religion or philosophical, there will be ardent believers who may even become “radical” in their belief. These are the people using the books or beliefs to their own purposes or interpretations. This is the problem and those are the people and personalities that need to be assessed and dealt with. Not to just make gross characterisations of groups.
There’s a lot more going on socially and psychologically than your simplistic truth you espouse that Islam is bad. Has that little changed since Bush uttered the immortally stupid words of “They hate us because of our freedom”
Fail.
K.
More on Radicalisation today HERE
Insidiae, Psychologia, Et Liber Pericula
I have been watching Anonymous for a while now and I think that its time to discuss some observations I have had lately. It seems that after some time, the Anon collective has, even though there have been arrests, decided that, as they say, “You can’t arrest an idea” I have wondered though, just how many of the Anon’s actually perceive this as a war against government tyranny and how many just do it for the lulz. This is the crux of the issue frankly for me and I have been thinking about this for some time trying to gather data to form my hypothesis.
What I have come up with are the following motivations and constructs that I believe the Anonymous collective live by and use to rationalize their behavior.
Group Think
Group Think is a term for a social and psychological dynamic in groups to harmonize their actions causing deficiency of mental efficiency. Signs of group think are the following:
- Illusion of invulnerability –Creates excessive optimism that encourages taking extreme risks.
- Collective rationalization – Members discount warnings and do not reconsider their assumptions.
- Belief in inherent morality – Members believe in the rightness of their cause and therefore ignore the ethical or moral consequences of their decisions.
- Stereotyped views of out-groups – Negative views of “enemy” make effective responses to conflict seem unnecessary.
- Direct pressure on dissenters – Members are under pressure not to express arguments against any of the group’s views.
- Self-censorship – Doubts and deviations from the perceived group consensus are not expressed.
- Illusion of unanimity – The majority view and judgments are assumed to be unanimous.
- Self-appointed ‘mindguards’ – Members protect the group and the leader from information that is problematic or contradictory to the group’s cohesiveness, view, and/or decisions.
A distinct feature of group think is that it is exacerbated by a lack of clear rules on decision making. It is my contention that the diaspora of anonymous inherently has the of decision making rules as well as a large amount of group think dynamics within its younger set. The group as a whole though may not mean the total “group” (i.e. Anonymous rank and file) but whatever group has collected to decide on an “op”
Also, given the nature of the Anonymous collective as seen online, they tend to not be very forgiving toward those they do not like or disagree with. This fractiousness and tendencies toward berating behaviour tend to re-enforce the group think model.
Collective Psychopathy
The term “Collective Psychopathy” is something that when I looked it up online I only found a couple of references to Freud and ego. I am guessing others have made the connection but perhaps there is no official designation made.. Maybe I just missed it in the literature. The core of the idea for me is that collectively, groups like anonymous can manifest a sociopathic or psychopathic potential in certain circumstances. In the case of the actions of Anonymous actors online in their dialogues and statements, they manifest key features of what is considered psychopathic behaviours.
Psychopathy is a mental disorder characterised primarily by a lack of empathy and remorse, shallow emotions, egocentricity, and deceptiveness. Psychopaths are highly prone to antisocial behaviour and abusive treatment of others, and are very disproportionately responsible for violent crime. Though lacking empathy and emotional depth, they often manage to pass themselves off as normal people by feigning emotions and lying about their pasts.
While in the real world interactions of all of these individuals may in fact be not at all psychopathic in nature (though, they may be depending on the person) the “online” personae that the individual takes on tends to have psychopathic tendencies due to the medium of the Internet. The key factors of this transition are the following;
- You are “anonymous” so it is easy to lie
- Any damage you inflict is not in person
- There generally is a “lesser” possibility of repercussions for your actions due to anonymity and technology issues
Given the chance, anyone will act outside their particular moralities when placed in situations where repercussions are near null. This is something that has recently been studied in the Psychology of Character by DeSteno and Valdesolo. Their findings are that often, given the opportunity, a person will commit to acts outside of their character if there are no repercussions. It is my belief that this also can be applied to the online activities of individuals as well as collectively (i.e. Anonymous)
It is this very set of features to online behaviour and nature, that be-gets the potential for a collective to work with leadership, and group think, to actions that the individuals might not ordinarily partake in because there would be repercussions, they would be directly inflicting damage, and they would certainly not be anonymous. Thus, collectively, within these parameters, the group dynamics and the disconnect from reality allows the individual to join the collective without really being forced to consider what their actions outcomes would be on a personal level.
Age and Development
Another factor in this picture of collective psychopathy is the age of the individuals and their development levels. Many of the Anon’s have tended to be younger individuals and as such, they are not “fully cooked” according to physiology and psychology. It has been stated that the development of the brain (the static fixing of neural pathways) does not on average finish until the individual is approximately in their latter twenties. This also means that within the teens up until the time the brain is finished developing, that the individual has a higher tendency to be unable to make rational decisions;
Specifically, a teen’s prefrontal cortex – the piece of brain right behind the forehead that is involved in complex decision making – is not capable of the kind of reasoning that allows most grown-ups to make rational decisions.
Thus, it is easier to look toward the collective psychopathy theory given the individuals propensity for lack of reasoning and the conditions that the Internet afford for anonymously motivated behaviour. It is also easier to concede that said younger individuals who wish to belong to a community or to “be cool” also would be more amenable to the ideas put forth by the collective due to the lack of rational thought processes as well as critical thinking to take part in high risk behaviour.
Simply put, the median age of the collective and the nature of its environment allow for them to run amok as well as dissociate the reality from the unreality of the Internet. It was also key to note that the use of LOIC even though it did nothing to obfuscate the end user’s IP address could be perceived as part of this picture.
Social Mores (individual and group)
Added to all of this, is the culture of the Internet itself. As it is a virtual reality, it also has its own set of mores on the social level. Where in reality some things are taboo, online, they may be just another everyday thing. Social norms are not the same within the net as opposed to open society. Within the context of Anonymous, one just needs look further back to the progenitor of all of this, 4chan, where a laissez-faire attitude abounds about many things that are socially unacceptable in the real world versus the virtual.
Examples of this can be seen from trolling, to the explicit content on the site matched with language that connotes hate speech as well as apathy or hostility toward social norms in regular society.
De-Humanisation through Language & Imagery
With the social mores being different from normal society, one can also see within the Internet and the dialogues online between elements of the Anonymous collective, a pattern of de-humanising speech. The use of the invective “nig” or “nigger” in chats from Anonymous seems to be the parlance of the venue as much as it is an epithet. This co-option of the slur performs another means of de-humanising a person that they are speaking to or about online. I hardly think that many of these individuals would in fact use the word and others like it within the non virtual world for fear of repercussions. However, within the confines of the virtual world that they think they rule, this is a weapon as well as a mode of speech.
Additionally, one might also look at the 4chan boards to see imagery also that is on the same level and may be considered hate speech in our society at large but thought nothing more of online by the denizens there. This is all part of the segregation of online and off-line personae that give the individuals and the collective, to act freely without remorse. Had Goebbels had the Internet, his propaganda would have been much more effective to a larger audience not only because of the connectivity, but also from the social and reality distancing that the Internet provides.
Conspiracy Theories And The Echo Chamber
Lastly, the rationalisation lately by Anonymous and LulzSec has been that they are fighting the good fight against government and corporate conspiracies. As seen from the response to the FBI recently below;
LulzSec and Anonymous Statement
Hello thar FBI and international law authorities, We recently stumbled across the following article with amazement and a certain amount of amusement: http://www.npr.org/2011/07/20/138555799/fbi-arrests-alleged-anonymous-hackers
The statements made by deputy assistant FBI director Steve Chabinsky in this article clearly seem to be directed at Anonymous and Lulz Security, and we are happy to provide you with a response. You state:
“We want to send a message that chaos on the Internet is unacceptable, [even if] hackers can be believed to have social causes, it’s entirely unacceptable to break into websites and commit unlawful acts.”
Now let us be clear here, Mr. Chabinsky, while we understand that you and your colleagues may find breaking into websites unacceptable, let us tell you what WE find unacceptable:
- Governments lying to their citizens and inducing fear and terror to keep them in control by dismantling their freedom piece by piece.
- Corporations aiding and conspiring with said governments while taking advantage at the same time by collecting billions of funds for federal contracts we all know they can’t fulfil.
- Lobby conglomerates who only follow their agenda to push the profits higher, while at the same time being deeply involved in governments around the world with the only goal to infiltrate and corrupt them enough so the status quo will never change.
These governments and corporations are our enemy. And we will continue to fight them, with all methods we have at our disposal, and that certainly includes breaking into their websites and exposing their lies. We are not scared any more. Your threats to arrest us are meaningless to us as you cannot arrest an idea. Any attempt to do so will make your citizens more angry until they will roar in one gigantic choir. It is our mission to help these people and there is nothing – absolutely nothing – you can possibly to do make us stop.
“The Internet has become so important to so many people that we have to ensure that the World Wide Web does not become the Wild Wild West.”
Let me ask you, good sir, when was the Internet not the Wild Wild West? Do you really believe you were in control of it at any point? You were not. That does not mean that everyone behaves like an outlaw. You see, most people do not behave like bandits if they have no reason to. We become bandits on the Internet because you have forced our hand. The Anonymous bitchslap rings through your ears like hacktivism movements of the 90s. We’re back – and we’re not going anywhere.
Expect us.
This use and belief of the conspiracies against the “people” is a telling thing. While others have used religion, Anonymous has latched on to conspiracy theories as their aegis. Just like religion, a conspiracy theory is hard to disprove because the individual can always rationalise that some other piece of the puzzle is still missing and the conspiracy, or belief, lives on. Both of these things are hard to disprove as well as debunk because of rationalising that its adherents latch on to so they continue to believe and act under the apprehension that there is either a God, or some other force at work (government cabal’s) that control their lives in some way.
In the echo chamber of Anonymous and the internet, this use of and belief in the conspiracies has given many of the anon’s a construct of belief to latch onto that perhaps they lacked in the real world. Just as well, this belief and the ability to take action online with impunity (perceived) has energized them to take action, then rationalise further toward more and larger actions.
The net effect is that this all becomes self perpetuating…
Conclusion
The conclusion to all of this for me is that truly, the statement that Anonymous is an “idea” is true. It is an idea formed by individuals that coalesced into a group that in turn has become a splinter society online. *note: Even when they want to protest in the real world, they want their anonymity with masks* This society has its own norms and mores that are counter to the one we live in outside of the net. The denizens of this world are often young and biologically not fully capable of rational/logical thought and swayed by the sense of belonging to something as well as a desire to reject the cultural norms of the real world.
All of this, in tandem with a sense of invincibility has lead them to take actions counter to the culture outside of the Internet and directly affect the outside world because the online world holds so much of our real life data today. Due to the disconnect and the “othering” that goes on within this community (i.e. the contention of psychopathy) these individuals are disconnected from the realities of what they are doing and thus feel nothing other than the potential fears that they “may” be caught in real life. However, this seems to be lesser of a fear as they go along upping the ante and still getting away with it en mass.
The idea and the reality are two different things.
K.
STUXNET-APOCALYPSE! Say’s the Israeli Who Doesn’t Have Nuclear Silo’s and Bombs….
From Infosec Island
Tomer Teller, a security evangelist for Check Point, warned of the likelihood that the Stuxnet virus could be adapted to undermine systems that control nuclear missile arsenals.
Teller made the prediction at a conference in Sydney, Australia last week hosted by Check Point.
“Nuclear warheads are controlled by computers so if someone managed to slip a worm inside a facility that will reach the warhead component, they could launch it and than aim it back at the country’s facility… Stuxnet is the first cyber weapon that could cause major disruption” Teller explained.
Teller indicated he has conducted a detailed analysis of the Stuxnet code, and given the size and complexity of the file, Teller believes it is likely that a successful attack would require utilization of an insider.
“This is a huge file, it’s 1 megabyte [MB] of code and I respect the skill required to engineer that code as it is very complex,” Teller said.
The most likely avenue of for the attack, Teller postulated, would be through the use of a tainted USB drive.
“In order to get something trusted by Microsoft, you need to get those exploits signed… What we think happened is that an insider broke into JMicron, a chip manufacturing company based in Taiwan, as there is a computer at that office which is dedicated to signing these Microsoft drivers,” Teller said.
My first reaction to this posting online came when I saw it on Greg Evans website where he had scraped the story from another source (never mind why I was there) Since then, this story ended up on the headlines section of Infosec Island and once again my reaction is HOLY WTF? How does this get into the news cycle at all without people calling it into question rather vociferously?
So I decided to talk to a source of mine who is in the know about most things nuclear. I asked him if indeed the supposition I had that Stuxnet would be pretty much useless in a Silo because of the way the systems were designed to be ultra redundant as well as segregated within that redundancy. What I got back was the following:
OK, at a high-level:
– The ~concept~ of a StuxNet and Nuclear Silos really only applies to operational readiness. With the exception of Pakistan no ~known~ nuclear player doesn’t already implement a variant of the PAL and CMS systems in their launch controls.
– The levels of redundancy involved for both the ability to launch, preventing launch, arming, and self-destruction at exist in nuclear silos is quite possible the most perfectly decision/failure tree designed/redesigned systems known to man. This wasn’t due to a one-time effort, its been decades in the making.
– The availability of the hardware, software, network access, peripherals access, etc. is SOOOO ridiculously limited that ~development~ of such a tool would be purely speculative. This isn’t SIPREnet or CRONOS or NAUTILUS we’re talking about here. The levels of control and network isolation, and again redundancy, within these installations at major players is appropriately absurd.
– In terms of ancillary systems and operational readiness there are two ways to look at it. Could something cause a scare a a general shutdown due to FUD? Yes. Could something be used for ~press~ purposes to indicate a lack of operational readiness. Yes. The reality is that those who would be deterred in a MAD scenario know better.
– We’re talking submarines too, a WHOLE different level of player and communication and control systems. The likes of which are even further unknown and more specific.
– W/ submarines there is a different sort of risk because some major players (namely the UK) don’t have the same level of controls on subs so a rogue commander w/ a key could start a launch. If talking StuxNet like situations, you’re not reducing their readiness so easily. It is know in these cases from various leaks that the control pathways are also isolated by design and ~MECHANICAL~ to what might even be considering a fault.
– If you’re a Nation-State that has been tutored in the ‘art’ by the US or USSR you’re also likely to have bizarre levels of controls like fan speed detectors, temperature detection, computational state metrics, etc. to show the slightest change in behavior. Some of this was designed around the idea of more traditional things like a Y2K bug maybe affecting ~some~ system. This that are, to any person who designs hardware, known to be fairly absurd and unnecessary but indeed they would trigger an alarm to ~look~ at something.
– All that said.. could a StuxNet like system affect the ~production~ and ~development~ of a nuclear weapon? Yes and no. Yes as in it certainly could screw up enrichment (obviously) but wouldn’t screw up the end-result (hence why StuxNet was found in the first place).
So, once again, I call shenanigans on Tomer and this little story. At worst, if there were a Stux variant that were worked out AND carried into a silo it would cause (maybe) a failure to launch, it is much more likely that Stuxnet and variants would instead be more used (as it was in Iran) to manipulate the production of fissile material so as to have a weapon that would not actually work once launched in the payload vehicle. This story though, and the way it has been put out there by Tomer Teller, makes it sound as though imminent failure could happen to nuclear bombs and this is just not right.
Even more ludicrous is the idea that a Stux variant could infect a system and cause the payload to come back from where it was launched, in effect changing the target coordinates. THIS would be more along the lines of just some malware, not Stuxnet that would infect specific systems in guidance on board the payload vehicle, and that is a totally different animal from Stuxnet. Indeed, this would be a completely different effort altogether and would require something else completely.
You see, the point of stuxnet was that it was manipulating PLC code to specific PLC’s Tomer, what you are talking about would be something completely different.
Go back to firewall evangelizing and leave the nuclear weapons alone.
K.
Krypt3ia 
