Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for October 2011

Handwringing, Moralizing, Anonymous, Paedophilia, and Digital Vigilantism

with 2 comments

Preamble:

I recently posted about the Hidden Wiki and its prevalence in hosting paedophilia content. This post may or may not have left an impression on some of the  anonymous collective to take action and perhaps sow good will for their group by hacking into the “Lolita City” site within the DarkNet and releasing thousands of users email addresses and personal data (such as it is on such a site) for the Internet to feast upon. The Anon’s are doing this for their own reasons, but the upshot of it all is that they are causing the paedophiles pain in making it hard for them to get their content as well as potentially outing them online as purveyors and consumers of this wretched content.

Since my post applauding them and giving them some direction as to how to become more of an intelligence gathering apparatus for the LEO community, some in the infosec world have come forward and voiced concerns about this line of thought. All of the talk about the morals, legalities, and philosophical aspects of Anonymous undertaking such actions has gotten me thinking quite a bit.It all raises some interesting questions and philosophical challenges.

Anonymous and Digital Vigilantism:

What I think that most people with reservations about Anonymous taking up such operations as the DarkNet op have are that these people are for the most part kids without training and without any kind of oversight. Oversight in that they could get too big for their britches (one could say that many already have) and think that they are invulnerable to attack never mind the respective laws of our society. That said, it would seem that Anonymous, Antisec, and LulzSec have already decided to take up the mantle of vigilante’s already. However, the targets have been, for the most part, varied parties that could be seen as hapless victims or as malefactors, it all depends on the point of view really.

In the case of Scientology, well, aside from religious freedoms (trust me, they are not a religion) generally the Scientologists have been pretty much seen as getting what they deserved. Today though, years later, Anonymous has begun to take on the governments of the world as well as the likes of Paedophiles online. Once again, generally, people see what they want to concerning whether governments are good or bad. Paedophiles though, pretty much are outlawed universally. So, when Anonymous decided to attack, I could not fault them one bit. However, I could perhaps fault their methods.. Only in that they were bound to only let the paedo’s get away in the end.

I have said it before and I will say it again.. “One man’s freedom fighter is another man’s terrorist” It all depends upon your perspective really. While I do not think all of their targets have been chosen wisely, I cannot fault the true believers out th4ere that they are doing something out of conscience and good. This is not to say that a certain element of the movement is in fact just in it for the lulz (i.e. Antisec and LulzSec) There certainly are factions at play who just want to see the world burn as well as garner themselves digital street cred.

Overall though, the term Vigilante denotes a person or persons (committee’s) who dole out justice summarily when the law is seen as ineffective by them. In this case, the Anon’s have taken up the mantle of vigilante in order to rid the DarkNet of paedophile content because law enforcement seems unable to effectively. Now this is also the crux of the issue in another way, as the police generally are not allowed to hack into sites and dump the dirt so to speak.. The Anon’s are unhindered here. Just as they have felt the same way about other operations where they have denied service to corporations (likening it to a digital sit in) they have crossed the line of the law, but, their methods and motivations are free of it… Until they get caught that is.

The essence of the thing is this.. “Don’t do the crime unless you can do the time” If they believe in it strongly and act upon it, then they must accept the risks of being caught and incarcerated. So far, much of the motivation I have seen by a good deal of anon’s has been motivated by convictions and beliefs. All others have been for Lulz, which is what made LulzSec even more of a problem as they just did not care. The current Antisec movement that LulzSec begat also seems to lack the conviction of their beliefs and seems more driven by ego than anything else by their writings.

And this is the difference between the chaotic Joker like actors and the Batman types.

Anonymous vs. PLA, vs. Patriot Hackers:

Pulling back a bit now, I would like to look at the macroscopic view of Vigilante behaviour versus nation state sanctioned or perhaps, a better word for it would be “condoned” actions and groups. I have written in the past about groups like the Honker Union in China as well as the colourful character known as th3j35t3r. both of these entities have had an effect on the collective consciousness concerning digital vigilante justice and I think it important that they form the contextual base for Anonymous’ actions in Operation DarkNet.

First off, ALL of these entities have been doing what they do (Jester DDOS of Jihadi sites and Anonymous, Honker, hacking against the enemies of China, and Anonymous, attacking sceintology, the gov, and paedo’s) with a mind toward doing “good” In the case of Jester, he thinks DDoS-ing jihadi sites out of a patriotic bent that will stop them from communicating. In the case of the Honker Union, they are patriots to their homeland and attack others who would do their country slight or harm. Anonymous though, started out of /b/ … Which really is a band of miscreants for the most part. However, a core group decided to take on the mantle of doing right somewhere down the line and we find swaths of them today supporting Occupy Wall Street and other political agenda’s.

The basic idea here is that they are all motivated by a belief in some greater good.. Mostly. I am sure there are on individual levels, many more motives (ego, greed, ego… the list goes on) but I will just put it to a gross generality that these people want to effect some kind of change.

At least I hope that this is the case…

What is really different though is that in the case of Jester and the Honker Union, they both are condoned if not outright supported efforts by the countries they reside in. In the case of the PLA and the Honker, there is clear connection between the state and their actions. In the case of Jester, there are allegations (made by him) that his is state sponsored.. But, I think more to the point he is condoned. Either way, the Anon’s may indeed be getting some support (moral or other) from state sponsors and not even know it. In the case of Anon, they could just become the tool of another nation state and not know any better.

Which is pretty scary.

All of these entities though, have had a greater or less effect upon the internet these last few years through their online shenanigans via hacking. The secret is this, they are just the first. There will be others to be sure.. The genie is out of the bottle on this one.

Anonymous vs. LulzSec & Antisec:

Conversely, we have LulzSec and Antisec, who both wreaked havoc on the corporations and the police of the world lately. Their reasons for doing so pretty much have been stated as “because we are bored” At the core though, there seems to be a couple of motives here from postings online. One is the afore mentioned Lulz, the other, seems to be a kind of abject hatred of authority and police. In recent hacks on the police though, there seems to be a bent toward supporting the Occupy movement as the police have had some transgressions against them. So.. They hacked the police and dumped all their data to spite them. Frankly, I see no value to this and once again, even if motivated by supporting the movement, it has no real effect on the police other than to make them more angry and reactive against the protesters.

Basically, I still see Antisec as the Penguin & Joker while Lulz as The Riddler though while Anonymous has become more like The Batman in certain quarters

Anonymous on the other hand has had its lulz, but seems to be growing up a bit and maturing. The social conscience of anon has begun to take shape and within it (movement wise) may well be the lasting component that will be its Raison d’être in the end. Time will tell though, and I hope that this is the case more so than just a bunch of malcontent’s seeking attention and excitement.

The Hand Wringing by The Infosec Community At Large:

Alright, back to the hand wringing and the moralizing post the Op DarkNet…

Certain people in the community wrote that while the empathised with what Anon was trying to do with Op DarkNet, they felt that these people were not the folks they would have doing this to start. Most of this comes from the fact that many of the players are not trained investigators and not LEO’s. I can agree with this from the perspective of legal proceedings later on. If Anonymous hacks a server and then dumps data, it could have an effect on the court case from a few perspectives;

  1. Contamination: The defense could claim that the server was hacked and the data planted
  2. The data could have indeed been tampered with by anon’s
  3. The backend of the server/dbase could in fact be shared and all those who share could be swept up in the legalities/implications
  4. The hack is enough to raise reasonable doubt

So, yes, it could be counter productive to have a vigilante force actually hack a system and report it to law enforcement. However, I would advocate that in the case of Anonymous and the paedo’s at the least, they not just hack and dump data, but instead give that data to law enforcement to start an investigation. For that matter, if Anonymous just located the servers and authenticated (sans hacking) that the content was there, they could in fact just tip off the police.

And this is at least part of what they did with Lolita City in the DarkNet. They tried to locate the server location and this alone could be a great boon for the authorities.

On the other hand, there are moral/ethical objections on the parts of some who think that perhaps letting Anonymous do this type of thing, or even encourage it is setting a bad precedent. To them, Vigilante’s are outside the scope of good behaviour and the law.. They cannot be tolerated. Personally, I think that that is a sanctimonious load of crap, but, that’s just me.

Sometimes when the system cannot function other means need to be taken to effect change. In this case, within a network that is anonymized and the authorities have had little success in catching anyone trading in paedophilia, I see no harm in Anonymous outing them.. Though, I would rather they just passed the intelligence to the LEO’s instead. It is my opinion, that if done correctly, intelligence gathering of this type with a tip off to the police has a better chance at actual arrests and convictions than to just let them go on about their peddling of child pornography.

Just one man’s opinion…

Philosophical and Ethical Stands On Being The Digital Batman:

Utilitarianism:

This is the philosophical and ethical standpoint I take in being the digital Batman. Strict utilitarianism dictates that maximizing overall good is key. In this case and perhaps others, the taking down of the paedophile’s content and capturing their login credentials is enough “good” to allow for the action to be seen as acceptable. This is really the basis of The Batman’s ethics in the comics and ideally, for me on this particular incident with Anonymous.

Now, this does not mean I agree with all of their operations as well as certainly not agreeing with the bulk of the actions carried out by the Antisec movement. However, the perspective is the key I suppose. It’s a slippery slope I admit, but, in this case of OpDarkNet, I agree with the greater good being served in this case.

Deontology:

Here we have the Deontologists like Sam Bowne. Deontology is a nice thing to cling to the ethical rules of a governing system of laws. However, it seems to me, and others here, that this system of laws is not working against these offenders in the hidden wiki. Sure, you could say that the LEO’s have ongoing investigations, but, just how many busts have there been as opposed to the massive amount of content located on the hidden wiki and within i2p, Freenet, and TOR?

So far, I have not seen law enforcement really winning this battle.

Oh well, the Deontologists have their point of view and others have theirs. The key here is that Sammy and others like Packetknife are entitled to their point of view. They are right for themselves, and that is the issue with all philosophy and ethics arguments. Like I said, it’s all about your world view. However, I do not ascribe to a moral absolute unlike someone like Sammy.

There are no right answers. There is only what you are willing to accept for yourself.

Legal Aspects of Digital Vigilantism:

Now, on to the legal aspects here.

18 U.S.C. § 2252 : US Code – Section 2252: Certain activities relating to material involving the sexual exploitation of minors 

The US code on activities related to sexual exploitation of minors alludes to the fact that one has to “knowingly” access such content and to have more than 3 pieces of “content” to be considered guilty of child exploitation/pornography. This of course also alludes to the trafficking thereof etc etc in legalese. Where this is important for the digital Batman is where there are caveats.

(c) Affirmative Defense. - It shall be an affirmative defense to
a charge of violating paragraph (4) of subsection (a) that the
defendant -
(1) possessed less than three matters containing any visual
depiction proscribed by that paragraph; and
(2) promptly and in good faith, and without retaining or
allowing any person, other than a law enforcement agency, to
access any visual depiction or copy thereof -
(A) took reasonable steps to destroy each such visual
depiction; or
(B) reported the matter to a law enforcement agency and
afforded that agency access to each such visual depiction.

So, as I said before, if you are trying to take one of these sites down, then do turn off your browser’s images capabilities.. Hell, why not just use Lynx for that matter so as to negate the issue. However, there is a key point here that you all should take into account. It’s the bit about making the LEO’s aware of the content. This is what I was trying to get at before. If Anonymous or anyone is going to go after this content, then it would be best if you tipped off the LEO’s to the site and the content. Now, the above statement implies that if you make the tip, then you are going to let the police have your system to look at… And we all know Anonymous is not going to do that. So, just be judicious about your tip off’s to the authorities. Do your homework and dump the data to them directly, not on Pastebin.

Of course, then there are the issues of hacking a system in the first place… Well, in the DarkNet, the only thing as I see it that is key would be not leaving a trace that you were there. You know, kinda like the whole hiking ethos of only leaving footprints.. But in this case I would suggest not even a footprint should be left behind. It seems to me, that if you hack a paedo site, even with good intentions, you could get the double whammy from the authorities of hacking as well as accessing child porn…

And that could really be problematic.

So, in the end, I circle back to recommending that you become intelligence gatherers and locate the sources to report. If you locate them, and you get some good details for the authorities without having to SQLi them, all the better. You will be doing a good thing AND you will be satisfying the Deontologists in the room.

Keep your wits about you kids.

K.

OPERATION DarkNet: A Good Start… But There’s More to Do

with 15 comments

“May thy knife chip and shatter.”

~Fremen Saying of ill will against an adversary~

OP Darknet:

I saw in the news that Anonymous (factions thereof) have decided to go after the paedophiles using the hidden wiki and the “DarkNet” for their purulent files. The hack on the Lolita City site was a success in that they got hold of user names and passwords. Due to the nature of the site and its being in the hidden wiki (DarkNet) it is tough to know exactly where the systems sit that house/host the content, but, it seems that through certain techniques using TTL, they pretty much have a good idea of where the server may sit in the continental US.

Operation DarkNet

Examiner article

I applaud their efforts and I hope that my article on the DarkNet was in some way involved in getting them inspired to hit the paedo’s where it hurts. Either way, I think that this could just be the start of things though, and I would like to just lay some things out for you all to consider as you move forward.

Paedophiles:

First off, paedo’s are for wont of a better description, pathological in their desires and actions. However, they have gotten much more savvy to the Internet and like jiadhi’s, may in fact not be using their real names in some cases. Though, it seems from the reporting here that you all have found real names and links to facebook pages and the like? I would just like to caution you to vet your information well before you insist that someone is indeed trafficking in such material. For the most part though, if you get into the systems of such sites and you gain access to email addresses, be sure you go the extra step and do some foot printing and OSINT to get as much as you can on those addresses and end users. Often times I have found in the jihadi realm, these users tend to re-use ID’s in many places (as you likely have seen mentioned about you all as well in early posts of mine) that can be tracked and traced. With each post of data tying said email address to it, you can build a pretty good picture of a user and their habits.. And by proxy, perhaps their real identities.

Remember, these people are clinically ill, not just evil, so perhaps by placing yourselves in their heads a bit, you may also be able to predict their actions and gain some perspective on how to hunt them further.

The Darknet & P2P

The DarkNet is only the new anonymized space for these people. Did you know that they also have been trafficking in p2p’s set up as well for just this purpose? You might want to look within the DarkNet for hints or links to these sites as well. Usually from what I have heard in the LEO space, that they are invite only, but, I believe that since these people’s pattern is pretty much creating the smut and trading it amongst themselves, that you are likely to find links that will allow you more surface space to attack.

Best part about this vector of attack as well is that those servers/boxes are not anonymized. You locate them, you got them dead to rights. I’d say keep working both ends of this picture and you will do some good. Just be careful in accessing such content.

It is a crime even to access it.

Goals

So, is outing these people the only goal here? I suggest more than just dropping Pastebin dumps… In fact, I suggest you don’t dump them at all. You can allude to the fact that you have popped something and you have the data, but, I would suggest you set up cutout accounts and directly dump that data to the Feds or local LEO’s if you like where the servers/people are located. By dumping the data out in the open you give the paedo’s time to burn the evidence so to speak and potentially, you may be inhibiting the Feds from actually capturing and putting these people away.

Overall, I laud your work thus far in this respect, but I think there is more that could be done. If you want good press and good will, this is certainly a way to do it. You just have to work within the lines a bit.

Work smart and Keep it up. Perhaps the next one can be called Op Fedaykin

K.

 

Written by Krypt3ia

2011/10/20 at 19:34

The Son of Stuxnet… Methinks The Cart Be Before Ye Horse

with 2 comments

My dear dear lord,
The purest treasure mortal times afford
Is spotless reputation—that away,
Men are but gilded loam, or painted clay.
A jewel in a ten-times barr’d-up chest
Is a bold spirit in a loyal breast.

Mowbray, Richard II Act 1 Scene 1

 

 

As fate would have it, today I saw a tweet that said Symantec had a paper coming out on “Stuxnet II” I surfed on over and read the document and what I was left with was this;

“We rushed to judgement here and wanted to get this out to get attention before anyone else did.. Here’s STUXNET REDUX!”

Now, sure, the code base appears to be Stuxnet’s and yes, there are similarities because of this, however, calling this Stuxnet Redux or “Son of Stuxnet” is just a way of patently seeking attention through tabloid style assumptions put on the Internet. Let me pick this apart a bit and you decide…

Code Bases and Re-Tasking

So ok, the coders seemed to have access to the FULL source of Stuxnet. It has been out there a while and surely some people in the world of “APT” have had access to this. It’s not like it was some modified version of Ebola kept at Sverdlosk at Biopreparate. Had you even considered that it was released on purpose as chaff to get others to tinker with it and thus middy the waters?

I’m guessing not from the report that I read, hurried as it was and full of conclusions being jumped to. In fact, Symantec even said that they had not fully audited the code! C’mon…

Alrighty then, we have a newly released and re-tasked version of Stuxnet that turns out to be just a recon tool to steal data. I find it interesting that they make so much of this and intone that the coders of the original are up to shenanigans again but fail to even beg the question that it could be anyone with the requisite skills to cut into the original code (after it had been laid out for everyone to look at) and re-task it with a new time frame. Please note that there are not the original 0day attacks and multiplicity factors of infection vectors as well as exfiltration schemes.

So, not really so complicated as I see it.. You?

The original code/malware was very targeted and this, well this is really just like any other APT attack that I have seen out there.. In fact, in some ways its less clever than the APT attacks out there from the past.

So, really Symantec, take a step back and mull this all over again before you release.. Say.. Just who else had the code and you were worried about that would steal your thunder here?

Pathetic.

RATS, RECON, & Targets

Speaking of the infiltration/ex-filtration picture, I see from the report that they are linking the RAT to the original worm but have not real proof that it came from DUQU! It was found in situ on the box that they analyzed and make the assumed statement that it was “likely” downloaded by the malware via its comms to the C&C.

Once again I say “Evidence Much?”

You have no basis other than assumption but you make no real clarification on this. Though there is mention of a DQ.tmp file which I assume means that it came from the RAT.. But.. Proof again please? It’s the little things that count here and I see a great failure in your haste Symantec.

Another thing that is bugging me now is that the news cycle is making connections to DUQU with attacks on power grids.

HOLY WTF?

Symantec, DO YOU HAVE EVIDENCE of what companies were “Targeted” by this malware re-hash? If so, you should come out of the closet here a bit because this is BS unless you have proof. I of course understand that you cannot name the companies, but CONFIRM OR DENY that they were all Power companies before making claims and allusions that the media will just shriek at the top of their lungs placing more FUD on the headlines.

Or… Wait.. Now that might be an advantage to you guys huh?

Ponder.. Ponder…Ponder…

Well played….

What it all boils down to for me is this:

Someone re-tasked the malware and stuck a common RAT in it. Until you (Symantec) come up with more solid evidence of more interesting and technical attacks, then I call bullshit on you.

What? No Mention Of APT Here?

Meanwhile, I see that people are assiduously avoiding the APT word… Hmmmm What does this attack really remind one of… APT!

There, I said it.

APT attacks:

  • Infiltrate
  • Seek data
  • Exfiltrate data
  • Keep access

And therein lies the rub. DUQU has a 36 day shelf life. Now, this is good from a foot-printing level AND could be excellent for setting up the next attack vector that could include the component of sustained access. So, the reality here for me is that this was a foot print attempt on whatever companies it was set upon. It was a recon mission and that was all.

NOT STUXNET..NOT SON OF STUXNET!

Had you called it a Stuxnet like attack re-purposing code then I would have had less problems with your document Symantec. Instead we got FUD in a hurry.

Baseless Claims: Pictures Or It Never Happened!

Finally, I would like to see Symantec spend some more time here as well as see others pull this all apart. I want to see more proof before you all go off half cocked and get the straights all upset over an attack that may have nothing to do with the original.

Frankly, I find your faith in rationality disturbing… Symantec…

K.

Anonymous, SCADA, LULZ, DHS, and Motivations

with 2 comments

Anonymous Is Interested In PLC’s & SCADA?

A recent .pdf bulletin put out by Homeland Security (i.e. DHS) claims that certain actors within Anonymous (and by that they mean “anonymous”, I added the distinction) have shown interest in at least Siemens SIMATIC PLC’s and how to locate them online for exploitation. It seems that DHS though warning about this threat, is not too concerned about its actually being exploited by the group because they lack the expertise to attack them. So, why the BOLO on this at all? If the collective cannot do the damage to the infrastructure that you are entrusted in keeping safe, then why report on it at all as credible intelligence? It would seem to some, myself included, that Anonymous is not the problem that they are really worried about on the macro scale, but instead, those who may claim to be Anonymous hitting small scale facilities or pockets of targets for their own purposes.

And therein lies the difference.

If indeed Anonymous the collective is looking at attacking SCADA, one has to wonder at their reasons to target such systems. After all, if Anonymous takes out the power or poisons the water, it will not look good for them PR wise. In fact, were such things to happen in the name of Anonymous, I can pretty much guarantee you all that they would be enemy #1 pretty darned quick post an attack. However, if they were to target a company such as a car maker that pollutes, then, you have a real agenda (per their social agenda of late) So, the targeting is really key here and I will cover that later on.

DHS Jumping The Shark?

The motivations of the release by DHS have also  been called into question by some as to why they chose to talk about this at all. This is especially prescient since they take pains to say that the Anonymous movement “most likely” does not have the technical means and motive to really pull of these types of attacks on the infrastructure. So why even bother? Perhaps they are just covering their bases (or asses) just in case the Anon’s actually attack? Or perhaps, they too are clued in on the fact that even if claimed to be anonymous, it could be others working against the US (Nation State Actors) who have chosen to attack and use Anonymous as a cover so as to throw off attribution.

Either way, as some look at it, it is almost like they are daring Anonymous to do it out of spite because they are calling Anonymous’  factions and actors “inept” or “unskilled” which, might get their dander up a bit. All of these scenarios pretty much do not preclude someone hitting SCADA systems in the future and it being blamed on Anonymous, which will bring on a new wave of efforts by the government to stamp them out. Reciprocity being what it is, this too will mean that Anonymous might in fact gain strength and sympathy from such actions and fallout as well.

For me though, I just see DHS covering the bases so as to not be blamed later on should something happen. Not so much am I of the opinion that they are in some kind of propaganda war here with this little missive.

Motives, Means, Technical Abilities

So lets go with the theory that certain elements of the Anonymous collective want to mess with the infrastructure. Who would they target and why? More to the point, what companies would they target that fits their agenda?

  • Telco?
  • Power?
  • Manufacturing?

Those are the three areas that I could see as potential attack vectors. Though, once again I have to say that the only two that I see as real possible would be the telco and manufacturing and even the telco would be dangerous for them to try as well. I mean, if you start messing with Ebay or Paypal that’s one thing, its quite another to mess with national infrastructure, as these two would be considered. If indeed Anonymous hit them and took them down for whatever reason, they would then be directly considered terrorists… And that would be seriously bad for their movement and its legitimacy.

Now, we do know that the  Anon’s hit the BART system but as I remember it, it was BART that took out the communications infrastructure themselves so as to prevent communication between anon’s. So, this just doesn’t seem to fit for me either. Manufacturing though, as I made the case above, could be something they would try. It’s not national infrastructure and it will not take the country down if they stop something like cars  being made.

Is it just me? Or does anyone else just see this as a non starter for Anonymous central? What I do see is the threat of other actors using the nomme de guerre of Anonymous as cover for their actions to mess with the national infrastructure. Perhaps some of these people might in fact be motivated by anonymous, but, my guess that if there were to happen, it would be nation state driven… And something I have been warning about for some time.

Anonymous, as an idea, as a movement, will be subverted by those looking to fulfil their own ends and justify their means. All the while, they will let the Anon’s take the fall for it.

Governments

Nations

Nation States

… AND.. Corporations.

You know, those with the money and the people who could pull off the technical hacks required to carry these capers off.. Not a bunch of rag tag hacktivists and hangers on.

Blowback

In the end, what I fear is that there will be a great deal of blowback on Anonymous even talking about hacking and messing with infrastructure. The same can be said for their attempts on taking down Wall Street or the NYSE with their DD0S. If they had succeeded, they would have been an annoyance really, but that would not have caused any great fluctuation in the markets I think. No, unless they hacked into NYSE itself and exposed the fact that they had root in there, I think that it would have a very minimal effect on Wall Street and the economy at large.

Not to say that everything is going ever so well now…

DHS seems to have jumped the shark a bit for me on their BOLO and the coverage of this just tends to add to the FUD concerning SCADA and PLC code. Hell, for that matter we have the new Symantec report on DUQU that yells out about it being the “Son of Stuxnet” but in reality, it is more like a clone of Stuxnet used for APT style attacks by persons uknown..

Get yer FUD here!

Same goes for this DHS warning.

Your results may vary…

K.

Experts, Testimony, Charlatans, & Intelligence Committee’s

with 3 comments

Recently, an allegation was made by our favourite plagiarist and wantonly frivolous filer of law suits, Greg Evans, that he was going to be testifying before Congress on Cyber Security and Sino-US relations.

I know… I can’t believe this either…

However, it is entirely possible that Evans has managed to bamboozle the US House of Representatives/Congress into believing that he is in fact an expert on anything to do with cyber security.

“How did this happen?” You ask?

Well, it is possible that they saw him on FOX news or perhaps CNN of late. Perhaps his minions finally reached out to the right people who have access to the government.. Either way, we all know within the security community a couple of things that make this all the more plausible.

  1. Evans always is pimping his “cred” with all those self released PR pieces (Worlds #1 hacker)
  2. Congress Critters aren’t all that tech savvy for the most part and are easily distracted by laser pointers on the floor.

So, we do have a potential situation if indeed Evans is not just blowing smoke up our collective asses here on Twitter.

I would hope that the House Intelligence committee would in fact vet their speakers a bit better. In an effort to insure that they at least get some perspective on Mr. Evans, I have crafted the email shown above and asked Rep. Michael Rogers (Chairman of the House Intelligence Committee) to have a look into who he may in fact have planned to speak in the near future. Here is his contact information for you all out there who care to drop him a line and beg the same of him.

Rep. Michael Rogers (Chairman of House Intelligence Cmt)
133 Cannon House Office BuildingWashington, DC 20515
Phone: (202) 225-4872
mike.rogers@mail.house.gov

Contacts for the House Intelligence Committee

Capitol Visitor Center HVC-304
US Capitol Building
Washington, DC  20515-6415

Majority Staff                                   Minority Staff
Office:  (202) 225-4121                     (202) 225-7690
Fax:      (202) 225-1991                     (202) 226-5068

Ethan Weber
Defense Fellow National Security International Affairs Homeland Security U.S. House of Representatives
133 Cannon House Office Building
Washington,  DC 20515-0003
202-225-4872 or 202-225-5820
ethan.weber@mail.house.gov

Diane Rinaldo (for Mike Rogers)
U.S. House of Representatives
133 Cannon House Office Building
Washington,  DC 20515-0003
202-225-4872
diane.rinaldo@mail.house.gov

We live in “Interesting Times” as the Chinese say and we certainly do not need to have congress led further astray by those without the experience in the subject matters at hand. Lets hope that the House looks into Evans’ history and decides that he is not a subject matter expert on any of the topics at hand.

K.

EDIT: It seems that Evans is not speaking/testifying at a hearing per sources connected to the HPSCI. However, Evans may be speaking to individual congress critters, so, still email the HPSCI to get the message out to them. They then in turn can locate who may be in fact meeting with Evans.. If indeed there is any meeting at all.

 

Written by Krypt3ia

2011/10/14 at 15:34

SCADA SCADA EVERYWHERE! STUXNET, SCADA, Terrorism, Nation State Terrorism & FUD

with 3 comments

Yes, this diagram does come from a .gov site for an actual system... *sadpanda*

THE STUXPOCALYPSE:

“When he opened the seventh seal, there was silence in heaven as the malware began changing PLC code”

From the book of Langer & Wright:  Revelation Chapter 1 Verse 1

The news cycle still is full of hand wringing over SCADA and Stuxnet while more government officials worry about “Stuxnet” being modified to attack other PLC systems that are vulnerable and riddled with 0day. I have written in the past that I had thought that all of this chicken little reporting and fear mongering was a little over the top and have been taken to task by the likes of certain people who shall remain un-named (though, you don’t have to look much further than the book of Stuxnet revelation above to know who I am talking about)

So, I decided to take some time and do a little research online to see just how bad things really are… With Google and Shodan.

What I Found:

Ok, well, once I began to dig into Shodan and Google I decided that I needed to define the scope a bit. So, I did searches for the popular systems like Siemens. What I discovered was that there were systems indeed online and with web gateways available. Some of these were systems for water treatment, some were for telco, and some were in fact for electrical networks. The numbers showed though, that at least through Shodan, there were not a preponderance of American systems just laying about. Europe though and other countries had a bit higher number of systems.

Once I got past the popular names though, I began to look for other vectors of attack. I thought perhaps I should look for the product names of the gateway products and sure enough, I located a bunch of them out there. The most popular one though (by numbers online) turned out to be a south American product/system and there were plenty of those out there. In fact, once I saw where they were located I had a fleeting thought about power outages in South America and how everyone was debating that they were hacked..

Mmm Could be…  However, without real proof of that, I am unwilling to go on the record and be like the other pontificator’s out there.

Here’s a list of the product names sampled within the Shodan results.

Now, having done all this poking about the question then becomes just what systems are they using for PLC control and just how many companies are there out there? This becomes important as all of the talk is about “Stuxnet” and the apocalypse of the code being re-engineered to attack other facilities than Natanz and the Siemens System 7. I then went to the “Googles” and asked the following question of the great and wise oracle.

“How many PLC controller makers are there in the world?”

Out of the results I got here was the most relevant answer:

PLC controller manufacturers-getting one available through the internet
While finding PLC controller manufacturers to get a PLC, it is important to learn on how to control programmable logic controllers. A PLC programmer is known as person who has the ability to create a system by using PLC programming. Learning about PLC programming is the key for those who want to take part in the automation industry. When it comes to PLC controller manufacturers, some options are available such as Panasonic, Hitachi, Foxboro, Keyence and many more.

Well then, “many” is not a good enough answer for me and I am sure someone (who shall remain un-named) shall beg the question of had I been thorough enough. So, I went back to the great and wise “Google” and put it another way;

“Commonly used PLC systems”

What I got back was a site  that was a kind of a ranking site for people to nominate the makers and systems. Culling the data from this page I get the following names:

  • Allen-Bradley
  • Siemens
  • Mitsubishi
  • AB
  • OMRON
  • Modicon
  • GE 9030 and SLC100
  • Rockwell
  • Telemecanique
  • Schneider Electric
And the list goes on a bit more… But you get the point. Not only are there many of them, but, this was also in 2000 when this list was started. So, there is likely to be a great change in the vendors that have popped up on the small scale. However, you can see that the biggies, or should I say “biggie” of Siemens is still pretty popular.

Alrighty then, So, there are many out there but there may be a monoculture of sorts going on due to the nature of choice per countries. As the site listed it, the US uses a lot of Siemens and Rockwell. In fact, the list suggested that Rockwell was over Siemens in the stats for the US. This could be the case, but either way, there is a case to be made that there may indeed be a monoculture issue here. Given that Siemens was pretty 0day riddled per the DEFCON presentation this year, we may indeed have a larger problem that one might think.

This depends though on the target of your attacks and the redundancy of the systems being attacked as well. However, it really does depend on the facts and figures of just how much of a monoculture in PLC/PID/SCADA systems and networks there are out there of varying types and configurations. It’s a complex ecosystem, and thus, to pull off a “Stux” attack en mass is going to be rather difficult. This is why the Stuxnet attack on Iran was so directed. They knew the specific models and systems within the Natanz facility and they programmed accordingly to damage them. In the case of a “Stuxpocalypse” the coders would have to program in every conceivable system type (and yes the PLC flaws do carry over so it may be a one size fits all in that case) but what about all the others? Are all these systems based on all the same code?

Regardless of the zero sum game theories on SCADA system security flaws being universal, then, one would have to create malware that would be in effect, polymorphic (Hell, should just say zenomorphic huh? Go all Alien) This would, as I have said in the past, make the payload pretty much bloatware in my book. So where is the efficacy or for that matter, the probability that the Stux is going to be modified to this level of pandemic generating scale? Never mind the task of getting it onto all of the systems needed to have the “apocalypse” that every chicken little seems to be worried about. I know, I have said this before, but I thought I would just re-iterate it all again. I just don’t see this being a large scale attack vector even from a nation state level. Pockets of attack yes, but not anything that is going to put us down for the count.

And that is what I am trying to say here. There is way too much FUD with all of the yammering I have seen and not enough rational thought. It’s, to quote “Team America”

Spottswoode: From what I.N.T.E.L.L.I.G.N.C.E has gathered, it would be 9/11 times 100.
Gary Johnston: 9/11 times a hundred? Jesus, that’s…
Spottswoode: Yes, 91,100.
Chris: Basically, all the worst parts of the bible.
Yeah, that about sums it up… So, on to more of the argument against the “Stuxpocalypse”

Targets & Vectors:

Gas Pipelines

Yep, this would be bad for areas of the country. If gas pipelines exploded it would cause fires and destruction, likely loss of life etc etc. So, if someone were to make a concerted effort to locate all of the gas pipeline/producers networks and find out what PCS’s they are using they could do it. This would be nation state really and it is possible. However, this type of kinetic attack would have to be in tandem with other manoeuvres to attack the infrastructure. It’s a fire sale scenario really.. The fallout though of hitting one facility and  causing damage/fear/deaths would the psyops side of it.. That is unless the aggressor is looking once again, to a larger attack on the country concurrently.

Nailing all of the pipelines though or a great number of them simultaneously… I really don’t see as all to feasible.

This is not the Stuxpocalypse you are looking for…

Electrical Facilities and Grids

Ok, so here we have an interesting conundrum. With the advent of the “smart” grid, this might in fact make it easier to have a larger percentage of failure within the system itself. Everything being tied together this way and monitored will only serve to make the system more susceptible to a single point of failure I think. Of course there are many people working on this issue and trying to make the smart grid more secure. We will see how that plays out down the road though. At present though, one would have to look at taking down the grid with malware.

Could it happen? Maybe, large sections could go out. Or, if you hit the central nervous system of the network you could potentially have large areas of the country down for a while. Now, can you use Stuxnet and PLC malware to make the grid eat itself en toto is the real question isn’t it? All at once? A cascade failure of epic proportions?

Not likely. Though the systems are connected, once again, the effort would have to be nation state, it would have to consider that the energy companies are using monocolture technologies, and code accordingly. So, I don’t see this as happening on the level of the FUD reporting out there would make it out.

Nuclear Facilities

To start off, I would like to cite an article on SCADA and Nuclear facilities to enlighten you all…

In retrospect, Lunsford says–and the Nuclear Regulatory Commission agrees–that government-mandated safeguards would have prevented him from triggering a nuclear meltdown. But he’s fairly certain that by accessing controls through the company’s network, he could have sabotaged the power supply to a large portion of the state. “It would have been as simple as closing a valve,” he says.

From America’s Hackable Backbone on Forbes back in 2007

I have said this before and now I will say it again. There will be no Chernobyl events here, and for those of you who know reactors, will know the reasons it will not be a Chernobyl event (design wise) However, the fact is that people worry about this because they think a meltdown is as easy as the China Syndrome.  So, will Stuxnet or some other PLC hacking cause this to happen? Apparently no according to this IBM guy and the NRC.

*breathe people*

Could the system scram and be down for a while? Sure. That could happen and it would cause people to be without power for a while as they find out what happened. Having just gone through a tropical storm and power loss here, I can see how it would be irritating but it would not be the preamble to war… Or the apocalypse.

Supply Chain Attacks

Supply chain attacks are quite possible but, they are likely only to happen in pockets as the companies are all varied. So, you might not get your new car on time, or whatever else you wanted to buy or sell that you manufacture. This could be bad from a bottom line perspective monetarily, but, once again, this would not be an apocalypse. It is also key to note that with each company would be different PLC systems so that stux code would have to be very specific or hugely varied and bloated to work on a large scale.

Chemical Facilities

Here we have something that I for one kind of do worry about. It would not take a mass attack on all chemical facilities to cause mass panic and perhaps deaths. At the very least, a chemical production facility being affected by a PLC/Stuxnet like attack would cause evacuations in the area that the plant sits. If someone were to mod the Stux or create something new to attack the controllers at specific facilities, they could cause an explosion or release of toxins.

Ok, I can go with this one a bit… Still though, not an apocalypse. For that matter, one could just get some C-4 and get a job at the facility long enough to plant a bomb… and that is more AQ’s style than trying to create a super weapon out of Stuxnet for this purpose.

Water Treatment Facilities 

Personally, the poop factory is only on here because there are so many of these facilities with an online SCADA presence according to Shodan. If someone were going to attack the infrastructure this way, they could flood the systems with waste and certain areas would have to live on bottled water a while. Surely not the Stuxpocalypse you are looking for here. Frankly, if a terrorist wanted to go after us this way, they would instead do what they have already tried to do in the past, poison the water with a toxin that they pour into it.

Not so worried here…

Telecommunications

Shodan showed many telco’s with SCADA online to access. Now, if I were looking to take over a country I’d use the old aphorism of going after the radio and TV first.. Sure, this could be done in pockets but once again, there is no silver bullet here, no digital Ebola, that is going to take out the networks of all of these carriers. So, this would be a nuisance, people would have issues, some may die due to 999 or 911 not working, but, yet again, not the Stuxpocalypse.

SCADA On The Internets and There ARE NO AIR GAPS!

*facepalm*

Once again, yes Virginia, SCADA systems are networked. Yes they are even connected to the Internet insecurely in some cases. Just like any other technology, the connections are made for the ease of use of the company/user. In fact, as I have said before and as you can see from the diagram at the top of this article, they in fact also use Microwave, WIFI, and other RF means to get far flung data from point A to B.

Yes.. It’s true.

However, so far in my looking around, the systems that I primarily see as having these types of connections (RF) are water, gas, and electric systems. So yeah, you could mess with them by RF and cause issues. However, I have also seen systems that were located in well areas with only puny locks to protect the doors to the facility and no one.. not a soul around for miles to stop you from picking them.

I’d say that is insecure… BUT, I have yet to see one of these sites that if I popped it and brought it down, would cause a cascade failure and the apocalypse… And therein lies the key to the rationality. All systems have pain points but the infrastructure is so large and it has been built with some redundancy to prevent a system wide failure from one node going down.

Meanwhile, back to the air gap thing. I actually saw ONE. One facility had a separate network and it was not V-LAN’d off to “logically separate it” I cannot name the facility,  but lets just say it was involved with power generation. So, yes, they are in some cases air gapped (and you know who I am looking at when I say this.. Captain Generality) Other places, not so much. They have logical air gaps only and yes, those can be breached with the right hacking attacks. I must say that in other places people just didn’t even put any thought into it at all and its all just hanging out for anyone to access like a college girl in a tube top.

It all matters on who has done the planning and who’s watching the hen house. One hopes that post Stuxnet the government and the companies are working on cleaning up their flaws so as to prevent an attack.

Time will tell though… All these companies and infrastructures are snowflakes….

EMP’s Man Made & Solar… Now There’s Your Apocalypse:

So, you want a real apocalypse? Well then, just think on this. If there is a mass coronal ejection big enough, great swaths of the world could be hit  by a nature made EMP. As the sun cycle seems to be ramping up a bit, we may just someday see this happen. If that happens, then you will see some real apocalypse events. I have written about this in the past and frankly think this is a greater threat than the supposed Stuxpocalypse everyone is all chicken little over. There are also small scale EMP weapons the Military have been working with along with the usual talk of a nuclear high altitude det to kick everything off and send us back to the stone age.

Each of these scenarios could happen but, probability wise, they are all pretty low I think.. Including the Stuxnet scenario.

One Last Parting Thought:

So once again, I have stepped into the breach between FUD and SANITY. I am hoping that sanity wins out, but, I know that in a world where Gregory Evans is alleged to be speaking to Congress about cyber security, I have little hope of being listened to by the masses. I will just go back to sharpening my blades, cleaning my guns, and preparing my bugout bags…

Oh, not for the apocalypse you think will be happening.. No.. For the apocalypse of stupid that will be happening thanks to the likes of CNN and the book of Langer and Wright.

K.

Written by Krypt3ia

2011/10/13 at 14:46

Posted in FUD, SCADA, STUXNET

Anon Analytics: Stock Manipulation Through Information Release & The Slippery Slope

leave a comment »

It's all about the information Maaahhty

Cosmo: Posit: People think a bank might be financially shaky.
Martin Bishop: Consequence: People start to withdraw their money.
Cosmo: Result: Pretty soon it is financially shaky.
Martin Bishop: Conclusion: You can make banks fail.
Cosmo: Bzzt. I’ve already done that. Maybe you’ve heard about a few? Think bigger.
Martin Bishop: Stock market?
Cosmo: Yes.
Martin Bishop: Currency market?
Cosmo: Yes.
Martin Bishop: Commodities market?
Cosmo: Yes.
Martin Bishop: Small countries?

In a previous post I wrote about the nascent “Anon Analytics” group that had popped up claiming that they were going to out corruption in corporations by using OSINT and inside leaks/whistle-blowers. On the face of it, I thought this was a good idea and said as much in the post. I had caveats though that they confirm their information and that they be above board. I received a response from Anon Analytics thanking me for the article and that they had found it interesting.  I however, had failed to read the disclaimer on the first report by Anon Analytics and as such, this is my mea culpa as well as another warning to Anon that they need to keep things above board here.. Lest they become just as bad as those who they are claiming they are outing for misdeeds.

I was alerted to an article from Finance Asia that called them on the fact that within this disclaimer, they are making the statement that the assumption must be made that the “Partners, Affiliates, Consultants, Clients, and other related parties” hold “short” positions in the securities profiled in the report. Which means that all of the parties named there will profit from shorts due to the data being released and potentially causing the stock to plummet and fail.

Say.. Isn’t that what got us all into this fix today with the markets and the banks in general?

Yes, indeed, that is the case and this statement within their disclaimer alone causes me to pretty much rescind my previous statements about any kind of approval for these efforts by Anon Analytics. Really, this is the pot calling the kettle black and then throwing feces to boot. This is not how you rectify malfeasance! Frankly, this could just then be considered only a machination to make money off of the use of information warfare (disinformation as well) to profit and manipulate the markets.

.. And as far as I know, this is rather illegal…

Look, what I said before about being above board with this effort still stands. If you want to right wrongs then you cannot use this effort as a potential piggy bank as well. At the present time, I cannot confirm all of your data from Chaoda however, if you look at the news following the reports release, you can see how you affected the market and the stock. The cause and effect may or may not have anything to do with your report in fact, but, time will tell if there are any real arrests in the whole affair concerning Chaoda. If there aren’t and nothing can be conclusively proven, then what has really been done to the company? Some losses yes, and, by your statement, those around you will profit.. Potentially.

If you want to make a difference, you cannot be a party to profit from information warfare that you are generating.

K.

Written by Krypt3ia

2011/10/12 at 14:25

Occupy Wall Street & Anonymous: Conflation, Synergy, Diffusion, and Media Spin

with 2 comments

Image from the San Francisco Chronicle

It All Started With Anonymous and Wikileaks

The Chinese have an aphorism “May you live in interesting times” It’s a bit more of a curse than it is an aphorism, but, the gist is that they are not wishing you a “good time” It has been feeling pretty “interesting” this last year and I really have to say that it all stems from Anonymous’ and their ignition of the nascent feeling today of powerlessness on the part of many. Whether it be their personal lives, or perhaps by looking at the whole of the world through the instantaneous news cycles that today’s technology has afforded, in general, people are not feeling as though they have much control over their daily lives.

I would have to say that much of this has its genesis in 9/11 and the post 9/11 world that we have come to be in. Security has become the operative word for some excesses by government to use its powers (self created) Case in point, the ability to spy on anyone deemed to be a threat without a warrant. The knee jerk reaction to 9/11 has allowed for a fear based response that has set some pretty scary precedents these last 10 years. Add to this the bank scandals, the recession, the fallout from Fanny and Freddy, and waves of greed and misdeeds on the part of corporations that influence the government, and we have quite the picture of how things have gone sideways.

But.. Much of this is not new I’m afraid. Wikileaks just opened the secret flood gates in some ways. Though, had you been paying attention you likely would have already known much of what Wikileaks was trying to say before the big dumps began to show up online.

What is new is that a new generation of youth have been disenfranchised enough to take up arms against it all as they see fit. Anonymous, was the catalyst for this in their early attacks on oppression like “Scientology” a system which really is much more a corporation melded with a religiosity (faux) to create an entity that is not taxed, does not have oversight by anyone, and seems for all intents and purposes, to be a “Corporate Cult”… Which when I think about it now post Steve Jobs departure from this mortal coil, is a lot like the reverb surrounding Apple and the Jobs-ian “passing on to a higher plain” claptrap.. But that is another story…

Either way, the gist of this all is that Anonymous and Wikileaks is the progenitors here I think, and it is the very nature of the collectives technical bent that has lit this fuse that finally reached out of the digital Kabuki theatre and on to the real streets.

Technology, The Great Equalizer

Anonymous’ use of technology only comes naturally as they formed online. It is with the growth of social media and the connectivity that we all have today with smart phones, that the movement went viral. Some may say it was the targeting, but I would say that the targeting was always there, but those who were feeling the miasma weren’t able to express it in the normal ways of yesterday. However, with blogs, micro-blogs, twitter, texting, etc, people coalesced into groups on their own with a collective gravity that eventually, had enough psychic mass to catch on large scale.

It is this very thing that has led to what we see today. From flash mobs to the final outcome of the occupy movement that harkens back actually to the early Tea Party movement in the way the word got out and collected like minds to its cause. All of these people have found each other and inspired one another to react to what they are perceiving as injustice within the systems in which they live. The technology has given the tools to the populace to respond in a way that only the mass media has had the corner of the market on for so long.

Added to this the technical aspects that bred not only the Anonymous “Hactivism” we have a new paradigm for dissent. The recent threat to DoS NYSE by Anonymous is case in point to the technology being used as not only a weapon but also as a means of protest, though the legalities of such attacks is questionable. The law has yet to catch up on much of the technology, so the arguments upcoming over the LOIC arrests for the MasterCard denial of service attacks will likely generate new law either way.

Interesting times indeed.

Occupy Wall Street.. Why Again?

Of late, the “occupation” movement has picked up speed all around the globe. However, it seems that with these demonstrations unlike the ones in the 60′s over Civil Rights, seems rather more diffuse when you go and observe what’s going on. Now, one could say that this is media spin, but, when I look at the aggregate reporting from all sides, I can see how some might categorise the movement as being diffuse. On some fronts, the movement seems to have been co-opted by others with more shall we say, exotic demands? I guess my fear would be that this turns into a Lolapalooza  or a Burning Man instead of a protest with specific goals in mind.

Occupy Wall Street has a set of 13 goals that seemed to me pretty straight forward, yet, they seem to be open ended. Perhaps the movement might tighten them down a bit and generate some more concise and workable (demands) for lack of a better term? In the era of the 60′s there was a defined demand for a civil rights bill.. I suggest to you all now that you work something akin out on paper to give to the congress critters that want to work with you. After all, its kinda pointless to ask for things like “stuff” and expect to get something back (including support) that is concrete from the establishment. How about you get some of the luminaries in the economics field to give you ideas for positions?

Unless you direct all this energy, you will all be collectively mocked as a bunch of stinky hippies without jobs or just attributed to be “malcontent’s”

Define the argument… Get the 60′s protesters to show you the way.. After all, they really did change things..  For a while.

The Media, Lapdogs To The Corporations?

Speaking of perceptions, here we have one of the key issues today. For a long time it seemed as though the mainstream media was ignoring the protests. Perhaps they thought it was just going to go away and it wasn’t news. However, as they have come to find out, there seems to be a large disenfranchised populace out there willing to protest. Just who are they protesting and what seems to be the issue both from the perspective I have as well as what the media might want to portray it to be.

Yes.. That’s right, I am not a fan of the media today. It is my opinion frankly that Cronkite’s demise only saved him further pain and anguish over the career that he loved so much. The mainstream media as it’s called, is pretty much a corporate run “profit” centre as opposed to what it used to be “a cost centre” That’s right kids, as soon as news became a “for profit” business as a whole, its efficacy in providing true reporting became much diminished. Now, this is not to say that this wasn’t the case before. In the 19th century all you had to do was look at the newspapers of the day and you could see it was all about “if it bleeds it leads!” and just how much money could be made with a lurid headline. Of course today we get the same treatment from a fire-hose of sources online and off, all of which is now pretty much solely being run for profit.

When people talk about the media being the lapdogs of corporations, they need only look as far as FOX *cough* News, who really came down to the point in a court case claiming that they aren’t really news, but instead “entertainment” Enough said really huh? So, when I see the stories not only about things like Occupy Wall Street, but also anything I have a pretty good knowledge of, I see their spin to get headlines and attract viewers.. Viewers who in turn are the targets of marketing and advertising between segments. Follow the money…

Of course speaking of Fox, you only have to read a bit more and see how Mr. Kane.. Uhh, I mean Mr. Hearst… Uhh, I mean Mr. Murdoch uses his papers and other media operations to sway the public and the government. Even his machinations involving phone hacking is a telling piece of the puzzle no? Yes Virginia, Mr. Murdoch does underhanded things to get what he wants…

So, while we are protesting the other injustices, one might suggest that you all pay attention to the media that you are being interviewed by and made into sound bytes…

They can control the story.. Catch them at it… Stop it when they do.

The Governmental Response and New Backlash

Meanwhile, another faction that is being used by the media (hand in glove) is the government and the players within it who would use these tools. The recent coverage of the Occupy Wall Street movement on CNN for instance shows how the media can be used to portray the movement as nothing but unwashed stupid hippies (the falor Newt gave to the debate) Perhaps Newt was misquoted? Maybe it’s out of context? I think not. I find it really funny that the Republicans have latched onto this issue by saying that it is a symptom of “Class Warfare” and generally acting like the old man yelling at the kids to get off his lawn. Well, come to think about it, I guess that is pretty much on the mark, Wall Street is their lawn ain’t it?

The Democrats are only a little better on this issue as well. Sure, they support what is happening or what’s being said, but really, do any of us really think they are feeling so moved by their own ethos? Or might it be that it’s election season and they are seeing potential voters? Yeah, I think its the latter too. Frankly both parties are useless in my book and as for the Tea Party, well, they are pretty much tinfoil hat wearing reactionaries to me. However, this is not to say that they don’t have a core idea that is right.

Change needs to happen.

It’s just how and by whom is the real question.

So, when all of the Congress critters get in on talking about this I take it all with a pillar of salt, not just a grain. Meanwhile, we have the police responses to the protesters. For the most part, I can take no issue with the arrests that have happened on the face of them “legally” however, when violence is involved, then I begin to wonder just what the Hell is going on. Of course tensions will run high and there will be morons like Bologna (mace boy) but on the whole, I think the response thus far has been pretty even handed on the part of law enforcement. I know others will likely take issue with this, but, this is just my opinion of what I have seen thus far.

However.. Just how long will it be before the anti-occupy Wall Street folks start showing up fueled by the likes of the Tea Party whacknuts or worse?

Time will tell…

A Return of the Sixties and Socio-Economic Upheaval?

I have written at least a couple of times in the past year that I was beginning to feel as though the 60′s were coming back. With the Occupy Wall Street movement gathering strength and more voices being added, the spectre is back isn’t it? We still have many of the issues from the 60′s that haunt us all, but I would have to say that I am going to amend this statement with a time shift as well as political bent. I would have to say that this movement has much more akin with the 70′s than the 60′s.

In the 70′s we had the Vietnam war still ongoing. We had Nixon and the excesses of his grab at illegal wiretapping and wet-work in the US as well as outside. When it all came to light with the publishing of the Pentagon Papers as well as the exposure of the “Plumbers” by Woodward and Bernstein we got a peek into executive malfeasance. Compare that to today post GWB and two wars post 9/11… No wonder we all don’t trust our government huh? Now though, we have the elephant in the room added to the mix of business and money seeking to control the government through lobbying and other chicanery.

Frankly, it took an economic apocalypse to wake people up to it all..

My Conclusions On All of This

I foresee “interesting times” ahead. This movement will continue and likely will have no real effect in the short term on how our government is being run (primarily meaning going to the highest bidder) However, I think that this movement may in fact spawn the youth of today to action. Action meaning that they will take an interest in the system and perhaps seek ways to improve it. My hope is that they do and that someday things get a bit more cleaned up but, that may not be for some time. The sad truth of it though, is that for every Mr. Smith going to Washington, there is another who goes without the wide eyed wonder and sense of honesty who just seeks to puff themselves up and line their pockets.

Another sad fact is that there may even be some altruists who go there with good intentions and then find themselves following the lead of the Mr. Potter’s of the world.

One hopes that is not the case..

K.

OP OccupyWallStreet, OP “InvadeWallStreet”, “The Bankers Are The Problem”, and Disinformation

with 2 comments

The Focus and the Locus:

Now that Occupy Wall Street is in full swing and spinning off other occupations the media is finally paying attention. That attention has begun to show just how unfocused this group really is, in fact, I might say “groups” really because I don’t believe there is a central locus to all of this. I really think that this is in part due to the genesis of Occupy Wall Street being created by those who are either a part of Anonymous or like minded. Just as Anonymous seems to lack cohesion much of the time, so too does the (anonymous approved) Occupy Wall Street crowd as well. This is not to say that their list of demands from the Occupy Wall Street site is unclear. In fact, this is the only group that seems to be clear at all, but, when you ask the average protester, you get mixed replies. So, the message seems to be lost here.

Occupy Wall Street’s Demands:

Demand one: Restoration of the living wage. This demand can only be met by ending “Freetrade” by re-imposing trade tariffs on all imported goods entering the American market to level the playing field for domestic family farming and domestic manufacturing as most nations that are dumping cheap products onto the American market have radical wage and environmental regulation advantages. Another policy that must be instituted is raise the minimum wage to twenty dollars an hr.

Demand two: Institute a universal single payer healthcare system. To do this all private insurers must be banned from the healthcare market as their only effect on the health of patients is to take money away from doctors, nurses and hospitals preventing them from doing their jobs and hand that money to wall st. investors.

Demand three: Guaranteed living wage income regardless of employment.

Demand four: Free college education.

Demand five: Begin a fast track process to bring the fossil fuel economy to an end while at the same bringing the alternative energy economy up to energy demand.

Demand six:
 One trillion dollars in infrastructure (Water, Sewer, Rail, Roads and Bridges and Electrical Grid) spending now.

Demand seven: One trillion dollars in ecological restoration planting forests, reestablishing wetlands and the natural flow of river systems and decommissioning of all of America’s nuclear power plants.

Demand eight: Racial and gender equal rights amendment.

Demand nine: Open borders migration. anyone can travel anywhere to work and live.

Demand ten: Bring American elections up to international standards of a paper ballot precinct counted and recounted in front of an independent and party observers system.

Demand eleven: Immediate across the board debt forgiveness for all. Debt forgiveness of sovereign debt, commercial loans, home mortgages, home equity loans, credit card debt, student loans and personal loans now! All debt must be stricken from the “Books.” World Bank Loans to all Nations, Bank to Bank Debt and all Bonds and Margin Call Debt in the stock market including all Derivatives or Credit Default Swaps, all 65 trillion dollars of them must also be stricken from the “Books.” And I don’t mean debt that is in default, I mean all debt on the entire planet period.

Demand twelve: Outlaw all credit reporting agencies.

Demand thirteen: Allow all workers to sign a ballot at any time during a union organizing campaign or at any time that represents their yeah or nay to having a union represent them in collective bargaining or to form a union.

These demands will create so many jobs it will be completely impossible to fill them without an open borders policy.

All of these demands seek to rectify some area of social injustice and on the whole would be nice to see frankly.. This is not to say they will ever happen. So, the media is being rather disingenuous or, shall I say lackadaisical in reporting the whole story here? There are demands, there are people who might be able to recite them or have them on a sign, but, its easier and more news worthy if they report that a mass of whacky nouveau hippies have taken to the streets in Manhattan right?

I am guessing though, that the masses of people that they might gravitate to would just be the “newsworthy” one’s with the crazy eyes to make their segments pop..

So, Occupy Wall Street and Anonymous, I think, if you are behind all of the above demands, then you should set the record straight and often instead of just letting the media portray you all as bags of crazy. This will only lend to the image that the right has of you and serve you no purpose. Focus on the issues here so as to not just get cast aside as a group of malcontent’s  alone. Of course, the genie is out of the bottle in many ways Anonymous, you see, in your inability to control the message (due to your very nature of herding cats) has opened the door to others who would seek to derail everything.

Whether they be individuals, corporate entities, or.. Who knows…

Disinformation and Conspiracies:

Back in August I and my partners on the Anonymous panel warned that your message was diffused, uncontrolled, and could be easily hijacked or turned around by those who want to sow trouble. Much as the Lulz came out and caused so much damage, so too now are the conspriacists, and the disinformation (spin doctors) seeking to control the message and the movement (or at least parts of it they can influence) In an earlier post I wrote a bout the psychology that I believed to be prevalent within the Anonymous crowd as well as the median ages. Due to the age groups involved, much of the naivety can be laid upon their youth and the fact that their brains are not fully formed. However, there is a lot more going on here.

Some have been working behind the scenes to stoke the conspiracy fires that have been burning for a while now. Conspiracies that have been streamed online by the Alex Jones’ of the world. It was this kind of dark reality that I think prompted the first Youtube video posted at the top of this article. I have written recently about this vid and have to wonder if this is just a splinter person looking to gain traction on their personal belief or something else.  Could this video that purports to be an “Anonymous” person from NYC be just a manipulation to incite the thus far mostly peaceful protests at Wall Street to violence?

This one video really touches on all the key points of conspiracy belief.

  • The bankers at the cause of all our troubles
  • The bankers fund coup d’etat’s and war on both sides
  • The Bankers are the modern Medici’s controlling governments and the message
  • The Root of all evil are Bankers and they are the bane of humanity
  • Bankers control the media and the education system
  • Bankers launder drug money and keep the drugs illegal
  • The international Banker is the scum of the earth
  • Bankers are the infected blankets and whiskey on the Indian reservations

I guess the real question about this video and its release is whether or not it is convincing enough to cause anyone to really commit violence against bankers or others down on Wall Street. The other effect it likely will have is to re-enforce the belief in conspiracy theories by the Anonymous groups in general. A high number of Anon’s seem to hold to these theories and one has to wonder just where this might lead them.

NLP and Other Means of Manipulation:

One of the problems with this video is that the diatribe presented by the narrator is using a form of NLP (Neuro Linguistic Programming) to make his points. This type of leading language and word choice makes the argument even more potent to a believer of the conspiracy or conspiracies in general. While not actually “NLP” in the strict sense of the term, the narrator does a pretty good job at sounding convinced of his statements and mentally mirroring the self fulfilling prophecies conspriacists espouse.

As you might be able to tell, I am intrigued by this video and its creator. My fascination stems from the programming style of presentation down to the use of music in the background (something along the lines of Dead Can Dance chant) that sets a psychological stage key to its purpose. Was this created by just another guy with some skill? Or was this something that was created by professionals?

Professionals you might say? Has he gone round the conspiracy bend?

Well, take a look at the video.. Not much to see..

Now “listen” to the video. Look away and just listen to it. Then you will tell the difference here. The dialogue is smooth, professional. The choice of the narrator, if one was “chosen” was good in that it is one of those egotistical and self important sounding persons with an English/Aussy accent akin to the voice of “The Voice of Britain” aka Lewis Prothero on V for Vendetta. Remember, oration is a key to convincing people, just ask Hitler and Goebbels, so this choice was deliberate I think. My question is this;

“Was this a pre-canned voice over from something else?”

“Is this the actual author’s voice?”

If this was not a one or two man job, not to sound conspiratorial, then just who and why did they do this? For the lulz? Still, the message is key and the scariest part of it all. Mainly, advocating physical violence against all bankers and the system itself.

Attacking Wall Street Digitally and Its Fallout:

Meanwhile, there is another message (linked above) that was recently released exhorting people to take part of a DD0S of the NYSE website. The actual words used were to “erase” NYSE from the web or some such, but you get the idea. This, to me, is the next step before actual attacks on bankers by people on the street. It’s pretty much the digital pitchfork and torch patrol. If this attack is carried off, and there are other issues that stem from these attacks (say someone actually hacks the site or their systems in some way) it would have a cascade effect on the markets that likely could cause many more problems for the economy.

FUD is a great motivator in the tanking of the markets and an attack on the NYSE itself, or NYNEX, or any of the players here could have ripples later on. Those ripples would come in the form of people selling off their stocks, companies and corporations as well, and the net effect could potentially be large losses in the market. Even the DoS of the site could sow enough FUD in the system so as to cause this to happen.. Just look at what happened in Hong Kong last month. While it did not kill the market, it did cause large losses and a depressed market in HK for a while.

Anonymous, for what its worth claims that they did not put this video out nor the call to DoS Wall Street. Of course with Anonymous, there is no way to really know if it was a sanctioned operation because of Anonymous’ very nature. They are decentralised (sorta) due to the splinter cell nature of it now. Even if they wanted to, Anonymous could no longer control their masses because the “Idea” is hard to stop.. The people acting on it.. Not so much as we can see from the arrests so far. What it really comes down to is that the DDoS of Wall Street is an exceedingly bad idea as is the all out “run” on bankers and no matter what the core of Anonymous says or does, they likely can’t stop its happening in their name.

And this will be their demise… The genie is literally out of the bottle.

K.

Written by Krypt3ia

2011/10/05 at 18:31

Anonymous, Conspiracies, And Blowback

with 4 comments

A user named AnonguyNYC has posted this video on YouTube that has some ominous overtones that I for one, have been somewhat expecting out of the Anon movements base. While I do not think this is a sanctioned piece by the Anon core, this individual is using linguistic programming and heavy imagery to incite people to do more than just protest Wall Street.  The video was found by me on a link from a blog site and was linked on newsnow.co.uk, a news aggregator. What is most worrisome to me is that there may be individuals out there who will heed this guy’s call and go for an all out “run” as he called it, on Wall Street bankers.

The import here to the words and their play within this video is that the creator is seeking to re-inforce the contention that the bankers are the worlds greatest evil and that they are behind such things as a coup d’etat or other larger conspiracy schemes to control the world. This is something I have been seeing play out more and more not only within the anonymous community, but also even to the political arena with the Ron Paul’s or the Jesse Ventura’s of the world saying that there are grand conspiracies at work to control the government and the people.

Frankly guys, no one is that capable or cohesive as a group to really pull things off in my opinion. However, this trend has been going on since 9/11 with the truther movement, which begat so many others. What’s worse is that today I heard an NPR interview with an evangelic Christian who is part of a movement that wants to take over the government and other areas of life (even including the arts) to save us all ( New Apostolic Reformation’s C. Peter Wagner) This would be somewhat comical to me had it not been that the current political cycle has members running who follow this cult.

Fresh Air with Terry Gross

Talk about your cognitive dissonance huh? At any rate, this video is intriguing and somewhat scary. Things are ramping up and as we keep hearing more and more news cycles cover how economies are failing around the world, I would not be surprised if soon it becomes open season on the bankers.

Pitchforks and torches will be replaced with automatic weapons…

Hey Anonymous, this is NOT V for Vendetta… Work within the system to fix the system. Don’t color outside of the lines so much that you make yourselves public enemy number one.

K.

Written by Krypt3ia

2011/10/03 at 18:37

Follow

Get every new post delivered to your Inbox.

Join 117 other followers