Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for December 2011

2011: The Year of System Failure

with one comment

Sniffing The FAIL of Government… (a.k.a. Channeling Hunter S. Thomspon and a Generation of Swine)

2011 has been a real eye opener for me with respect to how our government (s) operate of late. Or, more to the point, in our case in the US, how it doesn’t work. Never before in my lifetime except maybe in the Clinton era, have I seen such a bunch of fucktards gumming up our system with their sloth, special interests in hookers, blow, and sacks of cash handed to them by lobbyists, and general loutish behavior. If you really want to see why so much has happened with Anonymous, Wikileaks, Manning, and OWS you need only look toward Capitol Hill to see and smell the rank problem that is our governing body.

We have reached an apex of governance that has almost reached the lows of the Roman empire in its decline. All that we are really missing here are the bread and circuses  that attempt to distract us all from the real problems within the ever increasing rank state of affairs. This fetid pile that we call the House and the Senate have served us incredibly poorly persistently only really serving themselves and their betters, all the while lugubriously telling us on camera that its all for our own and the countries good. It is a matter now though of just how many are really seeing and understanding that these people and their machinations really do not have the greater good of the people in mind, but only their own bottom lines, and their own re-elections.

This has been a banner year when many young adults as well as some of the elders of the country perhaps are starting to see clearly and act against what has been going on all these years. It only took 9/11 and all of the fear mongering and knee jerk reactions thereof to make this nation a less constitutional one, now it seems that the people have begun to rise up a bit and ask just what the hell has been going on. Consider this year and the upcoming 2012 (Mayan prophecy intoned here) to be the end of a cycle. Perhaps finally the ways that have been allowed and perpetuated by those in power will be audited by the populace a bit more and challenged when they try to pass that bill on a Friday evening while everyone else slept.

Maybe.

As I see it, the people are waking up out of their slumber only because they have no jobs, they have less money, and they are on average, worse off then they have been for years both financially and now legally with regard to privacy, security, and a general sense of well being. The dawn of Big Brother it seems was in 1984 by Orwell, but, the real date could be made as 2011. However, I would also like to point out that all of you out there who are now perhaps wondering just what happened are also to blame as much as those in Congress.

You all were asleep at the wheel.. Too busy texting while driving and eating your whoppers. You all shopped and used credit at the behest of GWB and, now, like any pig that has been happily at the trough, you now find yourselves hungry, scared, and sitting in front of others with knives, apples, and a hungry gleam in their eyes looking at you. It’s time to take a stand or be the next one on the spit my friend.

Which will it be?

Wikileaks, Assange, and Manning

2011 could also be called the “Age of Wikileaks” though, they had been around for some time. Only in 2011 though did they find a source like Bradley Manning. Manning enabled the deep dish pizza that was the Iraq and Afghan War Diaries. It was through this trove of documents that we were finally able to see not only the mundane, but the few stunning things that occurred during those wars. Much more of it was mundane, but the “Collateral Damage” video was the bigger of them all. Now, this type of thing happens in war. War is ugly and horrid. It is not meant to be a pillow fight and we all part friends, so anyone with delusions should just disabuse themselves right now of that. However, this video not only showed an accidental killing of civilians in Iraq, but also the crassness of the video game style of warfare we carry out today on gunships and drones.

It all just comes off as being a game to these guys on the tape…

In the end, it was then covered up by the government and not allowed the light of day. What once would have warranted a JAG investigation was then just slipped into the digital briefcase and made to disappear. Until it was Leaked by Wikileaks. For this I can appreciate Wikileaks, but I also not their biggest fan as well. The premise if a good one, but their follow through and the cult of Assange drags a good idea down to a cult of personality and drama.

I also feel that for the record, Bradley Manning was an easy target for someone like Assange just as much as he was for the military. The military would never had had this issue (manning/leaks) if they had done just a couple of things;

  1. Secured their shit properly and actually managed it
  2. Had heeded the psych eval on Manning in the first place

… But… That’s all water under the bridge now isn’t it? Manning is on trial and he will not see the light of day again I suspect. Leavenworth has plenty of rocks to break and he will have plenty of time. So, all of you out there hoping that by showing support and making bones about his treatment etc, you really will do nothing, unless, like the government in general, changes are made to make things more equal. Remember, UCMJ is not national law, they are bound by a different code and there is no likelihood this will be discarded in favor of civil law.

Meanwhile, another note on Bradley, no matter the mental issues he may or may not have had, he did sign an oath and he crossed that line. He had to know there was a chance of being caught in what he was doing. Perhaps he deluded himself, perhaps he did not care, perhaps it was all about the attention that it was gaining him from people that he wanted the attention from. In the end though, he has to be asking himself

“was it worth it?”

Wikileaks though in reality is nothing new. I want you all to go back the days when journalists weren’t just lapdogs or toadies looking for tabloid press pieces to make their pay. Woodward and Bernstein found the crumbs of corruption and used sources (deep throat) to get the story out, and out right… And they helped in the collapse of a presidency.

Just what has Wikileaks accomplished thus far?

Anonymous, OWS, ANTISEC, and LulzSec

2011 also saw the bloom of the Anonymous movement from a 4chan lulz factory into… Well… A miasma of crazy on the collective consciousness. It seems that no one really has a handle on just what is happening with all of these groups, but lets just put it down to mayhem and call it a day. There may be coherent cells of Anon’s who want moral justice and the like, but, there are likely just as many other cells that just want to have Lulz. So, will there have been any substantial change from these groups going at it? It’s hard to say as 2011 closes, but, I would hazard a guess that at the very least people are getting involved and one would hope more of them are not the Lulz sociopaths that we see out there just breaking shit because they can.

Recent events as we close this year (AntiSec’s LulzMass) only goes to show me that the core of this group hasn’t any real agenda other than to have lulz. The attack on Stratfor, while showing they were NOT protecting PCI/PII data (SHAME ON YOU) was not the reason for the hack, it was just a side effect that seems to be lost on the media lately. Nope, it would seem that AntiSec has a problem with the military or the police.. Well, lets make that any authority figure I suspect.

It’s all getting pedantic kids…

Meanwhile, OWS has become a real movement.. Albeit a confused one as to just how to make change and just what it is they want (or that is possible) I am afraid that all their sit in’s and chanting will end just as the Summer of Love ended back in the 60’s. You all will grow up and become middle class consumers and go back to sleep. For now though…WOO HOO! You’re making change!…

Not.

It’s time to focus and work within the system to make the change.

I predict that in 2012 you all will become more marginalized and eventually fade… Without really having made any substantial change for good within our government and society.

Unless you all shape up… Get some coherence. Go find a beardy man and learn some shit.

The Assault On Privacy

2011 was the year privacy really did end… Well, maybe not completely as we technically able people are able to make our own, but, generally the populace today.. You have none. What Zuckerberg created and gave to you only made it that much easier for us all to lose privacy. What you gave Zucky himself was YOUR privacy.

… And he thanks you as he masturbates in his mansion on a pile of theoretical money that he has made from selling you out.

Meanwhile, post 9/11 we have been steadily losing privacy rights within this country at an alarming rate. Much of it you had no idea was even happening as the telco’s began warrant-less wiretaps for the FBI and others because, hey, it was too ponderous to go through that pesky FISA hearing man! All the while, with every new tech toy you found in your stocking you also were leaving more digital trails for the government and the corporations to log, accumulate, and use to create context around the whole of your lives.

Welcome to the Digital Panopticon kids! Ain’t it all shiny!

By the end of 2011 (today in fact) I declare privacy dead as a general rule. UNLESS you make that privacy happen for yourself. This means securing your data yourself, not giving it out as freely as you have been, and always being aware that at any time, without real reason, you too could be listened in on, your emails scanned, and your “private” thoughts on a computer be debated as ever being private because, hey, what is a computer anyway? Is it a desk drawer? Just ask your EFF lawyer about that one.

Lastly, just FUCKING use encryption and be smart eh?

The Assault On Habeas Corpus

2011 saw the final assault on Habeas Corpus The recent bill called NDAA solidified the process for holding US citizens indefinitely without even making them “Enemy Combatants” This pretty much says it all kids. So, let me paint you a small portrait;

Your phone, which has been tapped with a warrant-less wiretap shows that you talked to a guy at your local church (insert mosque, synagogue, etc.) who is a suspected of having ties to groups deemed dangerous by the government. Instead of coming to your house with a warrant to arrest you and then give the usual option for legal counsel, you will be just taken away (whatever paperwork they have in hand is what it is) and you will not have a right to counsel.

They take you somewhere, maybe even outside of the US (rendition) and now can keep you for as long as they like… Because you no longer have the protections of being a US citizen, with the simple stroke of a pen on Capitol Hill.

It sounds dire, and, well it is really. It has yet to be used, but I am sure that it will be.. Will we hear about that poor soul? What has become of the constitution and the laws of this land?

So what’s next Congress? I mean you have SOPA etc… What color are the SOPA police uniforms anyway? I’m thinking a nice grey and black.. Maybe some knee high leather boots.

Oh, and just where is the hue and cry from the masses on NDAA? Have you all been quelled with the soothing stories out of the government saying “trust us” ???

Wakey wakey. Remember, this is an election year.

The Year of Corporations As People

Finally, 2011 saw the one thing that corporations lusted for for soooo long. According to the Supreme’s they are now considered “people”

Well fuck me and tell me that its just hemorrhoids!

Really? If corporations are people, then its pretty much been proven that they are all sociopaths. What the hell were these judges thinking? I mean it’s one thing for the Congress Critters to think that Pizza is a vegetable but this? Really? Great, so, its obvious to me just how “un-biased” these people are on the Supreme Court. Never mind that they are all pretty much getting up into the Alzheimer wonder years.

Mark my words, this is MUCH worse than even the repeal of Glass Steagall!!

We are doomed.

Lets Hope The Mayan’s Were Right.. Well Depending On Your Interpretations of The Calendar.. And The Entrails…

Well, I have about expended my bile for now. It’s time we all woke up and took a look around. Things aren’t right and unless “We The People” do something about it, we only have ourselves to blame really. Personally, I am hoping for that Apocalypse thing that the Mayan’s talked about. I would dearly love to awaken on 12.21.12 to find the great Shebulba wreaking havoc on us all.. I mean, at least then we know where we stand right?

Happy New Year.

K.

Written by Krypt3ia

2011/12/30 at 17:55

Posted in Yearly Roundup

How Not to Recruit Spies Online and Off… Listen to Ira Winkler.

with 2 comments

RSA 2011 How to Recruit Spies on the Internet… Absolute tripe.

A twitter message aimed at me this morning contained the link above and I felt compelled to take a look as it was the infamous Ira Winkler. I had never really heard or seen him before, but, I had heard about him in such places as Attrition.org and in the comments by others (who then spat on the ground after they spoke his name, like a curse) So I already had the notion that this was going to be bad.

How little I knew how bad it would be…

Within the first minutes of this presentation at RSA 2011 I was besieged by his whining about how he had been placed on a schedule adjacent another talk on online espionage. After watching a little bit more (at about marker 2:59) he then goes on to say how he would like to Assassinate Julian Assange himself.

*blink… blink*

Holy what the?… I mean I don’t agree with Julian really on a lot of things, but calling for assassination of him? Even in jest…

Douchetastic…

Well, that should have been my warning like the ones on old maps (There be dragons here) but I decided to press on and watch this horrid presentation as he droned on about how he knows this or that spy (2 of them actually, one ex KGB *alleged* and One CIA *alleged*) as well as how he hates the term “Social Engineering” Basically, it is a waste of 50 minutes of anyone’s time AND if you were in that audience and took anything away from this talk, it should have been; “Never listen to this guy again”

Take a look for yourselves gentle readers and decide… For me though, his inane ramblings made me want to correct the misinformation he spat out and to clearly put out there some information concerning espionage.

Enjoy…

Espionage vs. Digital Espionage vs. Skiddies

Espionage, the term used for “spying” has been around since… Well, forever I suspect. For many years the techniques of spycraft have been honed by the likes of the US and other countries. In fact, there are more than a few innovations today that came out of necessities that spies had and gadgetry were created for. Today though, the technologies of today have pushed the bounds of tradecraft away from more interaction with people in person to a more technical espionage where some social interaction is needed, but, mostly can be taken care of through vulnerabilities in systems and predictability of companies/governments/sysadmins. Much of the “cyberwar” everyone seems to be bellowing about today is in fact espionage activities and not so much “warfare” in reality. Gone (mostly) are the old days of cold war spying.. One might think.. But, I would say that those days are alive and well as well as may come to be even more important given the technologies and their rapid pace of change.

So, this article has been written by me to clear the air a bit for those who have little understanding of the “spook world” First though, I would like to further define the players and the game here within the title above. I have covered the “espionage” here, but now lets look at the “Digital” twist we have today.

Digital Espionage: Is a term that I think I have coined sorta kinda. I am sure others came up with it before but I am putting it down here and now. When I speak of digital espionage, I am talking about the infamous “APT” that we all have heard about ad nauseum. These are the players who are actually either supported by a nation state, or perhaps by corporations. The espionage is mostly technology based (i.e. hacking/phishing/vishing etc) and also may include social engineering exploits to gain access and or information for the operation in play.

When any type of espionage is being carried out at this level, there are goals and plans that they want to carry out for an objective. I submit to you here that APT equals espionage and both digital and traditional forms of it use a combination of technical and social means to get what they desire. The new overlay of technology only means that perhaps you do not have to meet your asset somewhere to trade data, pull a brush pass, or leave a mark on a lamp post to set up a meeting date.

Skiddies: In the talk that Ira presented (poorly) at RSA he talks about “hackers” in the context of espionage. He was wrong to even mention this in the presentation and it should be laid out here, that the common criminal hacker and or at this time, Anonymous, has yet to reach the breadth, scope, and patience that a real spy operation would accept as the SOP. Skiddies will use technology to make the quick hit and exfiltrate data, but, 99% of the time they do not do the foot printing and other assessment activities that spies do.

Nation State vs. Corporate

I just wanted a quick word on the nature of nation state actors versus corporate spies. In the history of espionage it has been shown that the two have been intertwined really since the early days of corporations. However, once things like telephones and cables came into existence, it became a cozy relationship at times where governments and companies started to work together for their own ends in the espionage world. Today, it is rather hard to tell where the corporation ends and the state function begins. Often times, NOC (Non Operation Cover) operatives are sent out by such services as the CIA under the guise of being employees of either faux companies or real ones that have taken on the agent as an “employee” (case in point: Valerie Plame and Brewster Jennings)

However, companies in and of themselves have been known to hire out boutique firms that spy for a fee. These companies go out and get “competitive intelligence” for corporations, and they get paid pretty well. Often, these firms are staffed by ex spooks from all over the world and all different services/countries. This too also brings the corporate and the state sponsored types of espionage together once again, and in fact often cross pollinate between the two.

Today’s APT could be either and one should take this into account when they start pointing fingers at countries and yelling “wolf”

APT vs. Old School

Going back to the notion of the changing landscape of espionage, I would like to make mention again the difference between the new digital means as opposed to the old days of smuggling microdots of “documents” and the use of brush passes. Today much of the espionage can be carried out without having to leave one’s back office and this is a real paradigm shift in the business. It has also been a problem for the nation state actors since technology has become too relied upon and the ways of HUMINT slacked as we found out post 9/11.

It turns out, that HUMINT is very important, as is having linguists… You can’t just re-task a keyhole and get everything you need it turns out. It also seems to be still a learning curve today as we read about the roll up of assets in Iran and Palestine because the handlers for the agents on the ground re-used the code word and the meet site (pizza and a pizza hut) thus giving the assets away and causing great damage to our network in the area.

It seems that even today, we (USA) are not teaching enough HUMINT techniques (Moscow Rules etc) to our agents and thus mistakes are being made. It is my contention, and others, that we need to get back into the old school methods even with the advent of all this technology. After all, people are still the easiest thing to exploit as well as the insider is one of the best sources/means of obtaining information that one might want.

Terms and Nomenclature

One of the things that I noted in the presentation that Winkler made was that he was at a loss to really describe espionage in the common nomenclature. Thus, I have decided to list terms that you all should be familiar with when talking about espionage operations.

dead drop – A secret location where materials can be left in concealment for another party to retrieve. This eliminates the need for direct contact in hostile situations.

dead telephone – A signal or code passed with the telephone without speaking.

in the black – Surveillance-free for a time span greater than a few seconds.

in the gap – Surveillance-free for a few seconds but not as long as a minute.

in the wind – When a target of surveillance has escaped and left for parts unknown.

provocateur – An operative sent to incite a target group to action for purposes of entrapping or embarrassing them.

provocative – A harassing act or procedure designed to flush out surveillance.

put up a signal – To clandestinely signal another operative or secret source, as in putting up a signal like a chalk mark on a light pole.

rabbit – The target in a surveillance operation

Roll-out – a surreptitious technique of rolling out the contents of a letter without opening it. It can be done with two knitting needles or a split chopstick.

rolled up – When an operation goes bad and the agent is arrested.

rolling car pickup – A clandestine car pickup executed so smoothly that the car hardly stops at all and seems to have kept moving forward.

RYBAT – A code word meaning that the subject matter is extremely sensitive.

SDR – Surveillance detection run; a route designed to erode or flush out surveillance without alerting them to an operative’s purpose.

signals – Any form of clandestine tradecraft using a system of marks, signs, or codes for signaling between operatives.

silver bullet – The special disguise and deception tradecraft techniques developed under Moscow rules to help the CIA penetrate the KGB’s security perimeter in Moscow.

SIS – Senior Intelligence Service of the CIA, which assigns the executive ranks equivalent to a general in the military. So an SIS-1 is equal to a one-star general.

SITREP – Situation report, sent to CIA headquarters during an operation or crisis.

smoking-bolt operation – A covert snatch operation in which a special entry team breaks into an enemy installation and steals a high-security device, like a code machine, leaving nothing but the “smoking bolts.”

staff agent – A CIA staff officer without access to CIA secure facilities or classified communications.

stage management – Managing the operational stage in a deception operation, so that all conditions and contingencies are considered: point of view of the hostile forces and the casual observers, physical and cultural environments, etc.

star-burst maneuver – A countersurveillance ploy in which more than one target car or target officer is being followed and they suddenly go in different directions, forcing the surveillance team to make instant choices about whom to follow.

Surreptitious Entry Unit – Unit in OTS whose specialty was opening locks and gaining access to enemy installations for the purpose of supporting bugging operations.

swallow – A female operative who uses sex as a tool.

timed drop – A dead drop that will be retrieved if it is not picked up by the intended recipient after a set time.

tosses (hand, vehicular) – Tradecraft techniques for placing drops by tossing them while on the move.

tradecraft – The methods developed by intelligence operatives to conduct their operations.

walk-in – A defector who declares his intentions by walking into an official installation, or otherwise making contact with an opposition government, and asking for political asylum or volunteering to work in place. Also known as a volunteer.

warming room – A location out of the weather where a surveillance team can go to keep warm and wait for the target.

watcher team – A surveillance team usually assigned to a specific target.

window dressing – Ancillary materials that are included in a cover story or deception operation to help convince the opposition or casual observers that what they are observing is genuine.

There are many more and you can see them here. This sampling though gives you a window into just how the lingo works and the technical terms that each service uses. Its a language unto itself really and if you decide to read more on the topic, this primer could be useful.

Tradecraft

Tradecraft applies traditionally to the tools and techniques of espionage. Things like surveillance and counter surveillance as well as secret writing etc etc. However, today, you can also add the technical aspects of hacking as well. Another aspect though would also include the social elements of spying, recruiting spies, and on the hacking end, tricking people into giving you data as you would in any other spook op. The difference being that often times in the hacking scenario, you are not directly interfacing with them of late, you are sending an email.

All in all though, tradecraft is exceedingly important in both spheres of influence and must be kept up with. In the case of the “illegals” who were popped last year in America, their tradecraft was ok, in fact pretty good in most cases, but, their use of new technology caused certain failures that helped in their capture. (see the story about the laptops and the wifi adhoc connections) Meanwhile tradecraft failed at least one of the operatives physically, as the operative left the password to their system on a post it note…

Yep they did… Know why? Because the password was 15 chars… Too long to remember.

Doh!

Tradecraft, like I said, needs to be practiced.

Social Engineering & Rapport Building a.k.a. Recruiting and Running an Asset

Within the presentation by Winkler, his aegis for the whole thing (by the title) was to talk about how to recruit online spies. Something that he really fails to talk about ironically. I believe much of this is because he loathes “social engineering” and NLP it seems as well. In fact, he pretty much says a lot that is counter to what you really need to be skilled at to obtain the complicity of an end user, or an employee in general and make them an asset for you. Ira pretty much glosses over all this, instead talking erratically about how he watched hackers on IRC…

Anyway, the point is that if you want to gain the complicity of a target you have some choices to make.

  • Flattery (pride)
  • Pity
  • Patriotism
  • Money
  • Sex
  • Revenge

Those are pretty much the motivators for people to betray their companies or countries. Often times, these all take some cajoling on the part of the operative to get them to work for them but, nine times out of ten, you can get someone to give you what you want by simple manipulation or cash. Ira touched on these things, poorly, but the gist of it is that agents for foreign powers as well as corporations often are very skilled at social engineering.

You have to be.. Because you are manipulating people and their emotions.

One also has to be very calculating and able to separate ones self from the asset emotionally. Often times, you may have to burn an asset. In fact, most often, the assets who were recruited to sell out their own countries (i.e. Russia in the cold war) did not actually get exfiltrated out to Russia to live out comfortable lives… Unless they were high level defectors (like Philby, who in the end did not live so richly in the workers paradise) who might actually be exfiltrated and treated moderatly well.. Until their usefullness is gone.

Nope, over all, this is a cutthroat business and you need to have great people skills as well as be able to step outside of those skills emotionally.

It’s all about manipulation.

Honey Traps and Swallows: The Art of Blackmail and El Amor

Another topic that was given a glancing mention by Winkler was the use of sex and blackmail as a means to an end in espionage. It’s quite true that this technique was a favorite of the Russians specifically, but all the services have used this ploy to get what they want. China has become somewhat infamous of late for also using this type of exploit to get someone to give them information or technology. So much so, that they have the term “swallows” for them.

There have been recent cases where government officals in China on visits have been approached by Chinese women who later on physically steal their computers or other technical equipment as they walk out the door. This particular attack is augmented by the fact that often the Chinese set up tight and full schedules for visitors that comprise of many site visits as well as night time dinners that include much drink. This has been especially true for any of the nucelar physicists who visit China…

And that’s how secrets leak out, through lips loosened by fatigue and a couple drinks.

Back to the Russians and others, but primarily them, they have been known to use sex quite well to get their desired targets complicity. Often times, the Russians would set up cameras behind walls/glass (today just plant a wireless) and tape record the sexual encounters for playing later to the target. Often times, this too was used against those who were homosexual as this type of attention would ruin lives. Additionally, they often would ask for something small, then string the new asset along for bigger things later. This too also allowed the target to perhaps become more emotionally tied to the bait and thus, make them a willing agent for Russia.

Overall, the use of sex in espionage has been around since the dawn of time (Cleopatra etc) So, its nothing new..

But it bears some more description than the long and winding road of dribble that Winkler uttered on it at RSA.

China/Israel/Russia/UK/US All Have Different Methods…

Another thing to consider is that each of the services out there has different methods and bents toward recruitment and espionage in general. With the right research one can see how they play differently and what to look for should you ever be confronted with an operative or operation from a specific country. I thought it prudent to just have a short list of a few of their particular preferences per country.

  • Russia: They favor the blackmail approach as mentioned above. They also are adept at inserting players into the environment who are deep cover like the illegals program. Though, in the case of “deep cover” I would not claim that for the illegals that were popped in the US completely. Anna was pretty much out there as a Russian as were a couple of the others.
  • China: Patient and approach the game from the “Thousand Grains of Sand” approach. Many assets high and low value that pass data to the homeland and they use it all. China also favors “soft power” as opposed to Russia and their strong approach to diplomacy.
  • Israel: The Mossad is an agency that one would not want to tangle with. For the most part, the Mossad is known for their assassination teams. (see the recent events in Dubai)
  • CIA: The CIA’s clandestine branch uses many techniques… But of late seems to be out of step with HUMINT per our recent failures. As stated above, the technology has replaced the HUMINT and that needs to be shifted again.

I would suggest some reading for anyone interested. Do some Googling and take a look around… AND if you are in the DC area, check out the Spy Museum

HUMINT/SIGINT/MASINT etc etc…

Within the espionage space there are a lot of terms and methods of plying their trade. I would like to take this chance to delineate further the differences between types of intelligence gathering. Primarily though, I have talked about HUMINT, which was ostensibly what Winkler was to talk about (recruitment of assets) However, there are many other types of collection. Here are some of them.

SIGINT: Signals Intelligence involves intercepted signals from communications and electronic emissions; the National Security Agency (NSA) is responsible for SIGINT collection and reporting

MASINT: Measurement and Signature Intelligence  involves a highly technical, multi-disciplinary approach to intelligence collection to provide detailed characteristics of targets including radar signatures of aircraft and telemetry of missiles; the Directorate for MASINT and Technical Collection (DT) at the Defense Intelligence Agency (DIA) is responsible for MASINT

PHOTINT: Photographic Intelligence involves the assessment of photographic media for intelligence purposes (think old school assessment of satelite photos or pictures from a high altitude plane)

ELINT: intelligence derived from electromagnetic radiations from foreign sources (other than radioactive sources)

GEOINT: Geospacial Intelligence  involves the collection of information related to the earth from imagery, imagery intelligence, and geospatial information; the National Geospatial Agency (NGA) is responsible for geospatial intelligence collection management

IMINT: Imagery Intelligence nvolves representation of objects reproduced by optically or by electronic means from a variety of sources including radar, infrared sources and electro-optics; the National Geospatial-Intelligence Agency (NGA) is responsible for allimagery intelligence collection activities

OSINT: Open Source Intelligence information gathered from non-classified, non-secret sources including news media, the internet and commercial databases to name a few; the Open Source Center (OSC) in the Office of the Director of National Intelligence (ODNI) and the National Air and Space Intelligence Center (NASIC) are the major collectors of open-source intelligence

HUMINT:  A abbreviation of the words HUMan INTelligence, refers to intelligence gathering by means of interpersonal contact, as opposed to the more technical intelligence gathering disciplinessuch as SIGINTIMINT and MASINTNATO defines HUMINT as “a category of intelligence derived from information collected and provided by human sources.”

Typical HUMINT activities consist of interrogations and conversations with persons having access to pertinent information.

The Moral of The Story… Don’t Listen to This Buffoon

I guess overall though, I wanted to shed some more light on espionage and the changing landscape to anyone who might not have a good feel for it. It seems today with the advent of the term APT, the explanation of the nuances have flown out the door. Either this is because people don’t understand them, or, they are unable to connect the dots between APT and espionage. It does seem though, that most vendors and media don’t get it though.

APT unfortunately only means China to the masses.. And this is a failure on the part of the security community as well as the Defense community at large. I recently had a conversation with someone that gets to the heart of this in fact. APT spawned from the DIB (Defense Industrial Base) as well as the DoD. Much of this terminology and the actual events that created them cannot be talked about because they are marked as “secret” by the companies and the military. So, it can be readily seen that when talking about them in the open, they omit much of what really happened and only allude to certain things. This makes it all seem mysterious and alluring to talk about.. And many do.. Who have no clue what they are talking about.

The same can be said about espionage and running/recruiting agents when you have someone like Ira Winkler speaking at a conference like RSA. At best, Ira Winkler wrote a book long ago about industrial espionage that may have been researched. Today the picture has changed dramatically and Ira has failed to follow up on what’s going on. Nor doe sit seem that he has a solid grasp of old school precepts of espionage and the players involved. At least that is my take away from this YouTube of his…

To conclude, I would like to say this.. Espionage both digital and other is the way of things today. The fact that technology that is compromiseable has permeated every part of our lives today makes us all targets of spying. Whether that spying be the local kid next door looking at your porn collection on your PC to the NSA looking at your emails and conversations. Just as much, it is important to know that your job, no matter what job you hold, is also a potential target for a spook to be interested in you and your data. If nothing else. one must look at the range and breadth of companies and entities being broken in to by the likes of China to see that no one is exempt.

Know the ins and outs of the technolgy as well as the spook landscape.. Especially if you work in INFOSEC today.. Lest you become the next target who has to report that they were compromised and data stolen.

K.

Written by Krypt3ia

2011/12/21 at 15:27

Posted in Espionage

The RQ170 Affair: Spoofing, Jamming, and The GBAS (Ground Base Augmentation System)

with 13 comments

The RQ-170 Affair and GPS Spoofing Claims

So, there has been a lot of supposition on the blogs and in the news about just how our wayward RQ170 drone ended up pretty much intact and in the hands of the Iranians. In looking at all of the posts online and in the news as well as talking to a knowledgeable source or two, I decided to attempt a little OSINT on the issue and I think I have come up with some more tidbits for everyone to think about. I believe that there is a middle road here to be tread on just how this happened and I would like to think that the potential for such an attack on a drone like this would be hard to pull off, AND that the military and Lockheed had taken into account such attacks before deploying things into the field..

But, we all know mistakes are made and hubris abounds.

So, here we go…

The Potential for GPS Spoofing on Military Systems

After the RQ went missing, and subsequently showed up in Iranian hands, the Military began saying that there was just a “malfunction” however, the malfunction had to have been system wide and epic after seeing the images of the RQ170 intact. You see, there is a self destruct as well as other interesting features on this bird, and if that failed then there had to be a large systems failure, but the question then became why was the RQ still intact? If the systems had failed completely, should not the RQ be in pieces at the very least from falling out of the sky?

After a week or so, a report came out of Iran from a “source” that claimed the RQ had in fact been brought down and landed without incident through a GPS attack on a flaw in the system. This type of attack had been talked about before and it was possible per empirical testing that a GPS system, even a Military one, could in fact be subjected to attacks that would confuse the GPS system into believing it was elsewhere other than it’s real current position. So, the precedent is there, even though the Mil systems would take a bit more effort, it was in fact possible to the right people with the right technology and know how.

So, once again, the possibility is there and we had a drone in the neighborhood… Did they indeed “spoof” the signals?

If then how?

The GBAS and DGPS 1kw System from Fajr Industries

Once I decided to look into this further, I got into the mindset of “If I were Iranian and wanted to know about spoofing GPS, I might in fact talk about it online” Well sure enough, with a few well placed Google searches I was able to come up with the following links and people doing the research:

Azimi Alikhani abedi1386@yahoo.com 

Farshad Somayehee  farshad_somayehee@yahoo.com

Audiovisualtalk.com discussion on home brew (open source) GPS and Military Systems

GPS Augmentation PowerPoint and Reference to Spoofing

It seems that Farshad and Azimi have been working on an analogous project for Iran that also could possibly be used as a launch pad for a spoof attack. The documents (pdf files and Powerpoint) show a program to “augment” the GPS environment in Iran by placing base stations with the Fajr GPS (GBAS) network/hardware in specific sites throughout the country to ostensibly help with aircraft navigation. However, even in their presentation, they mention the possiblity of spoofing and though I don’t have a great translation as yet of the Persian (soon I hope) it seems as though they brought this up as either a potential issue or, as a potential boon to the implementation of the system.

Though, to me, it seems that having such a network of broadcast sites out in the desert one might be able to overpower and spoof the signal of a GPS system in flight on a drone over Iranian airspace makes it all the more possible. You see, the basis of this attack is to overpower the signals from the satellite and make the on board system think it is elsewhere via data lag. If you look at the proposed and existing sites in the PowerPoint, you can get an idea of the scope of the project.

Mind you, this all was started in 2004 and the PowerPoint was last updated in 2007.. So, this has been ongoing for a while. A while that we have also been starting to use the drones more and more coincidentally.

Kvant 1L222 Avtobaza Electronic Intelligence (ELINT) system and The RQ170

Meanwhile, the reports that are circulating on the net and in the news also remark on the fact that Iran recently took possession of some 1L222 Avtobaza ELINT trucks. These may in fact have had some part in this process as well, however, it is rather sketchy at this time to say whether or not the Avtobaza has been moded to work in the satellite ranges as opposed to its main function as a radar jamming station and RF intelligence gathering tool.

So, I can’t say for sure, but it is also possible but I am leaning toward the home brew that Azimi and Farshad worked on as the more possible, with mods, to actually pull off an attack on an “M-code” system. I had been leaning toward the Avtobaza before, but after all my searches and what I found, I have to back off that idea a bit. The fact though, that they have this technology means too that future drones will have to be careful in Iranian airspace as well as all of the border states need to be careful as this system can jam their radar systems and allow attacks potentially to have a leg up.

Hypothesis, Supposition, and Educated Guesses

Overall, even these finds only paint a picture of supposition and educated guesses. What we have is a missing drone that seems to be intact and failed to do everything it was programmed to do (self destruct etc) and yet landed intact. Without an attack that is now becoming more plausible (GPS spoof) how do we explain it all? Certainly Lockheed, the CIA, and the Military won’t be telling us all anytime soon will they? The fact that the Iranian’s started off with just saying they had hacked it, then letting loose with the technician (un-named) saying that it was easy enough with a GPS spoof kind of leads me to believe on this account, they are telling the truth.

… And doesn’t that make us look foolish huh?

It seems that generally the West thinks that Iran is not competent enough to pull off certain kinds of things and would like to write this off…

I would instead beg this question;

“If tey are so lacking competence, then we are we whacking their scientists and worried that they are working on a nuclear weapons program that may bear fruit soon?”

In my book, they scored one on us… Now I just hope that the Military and Lockheed learn from this as well as the other incident with AQ and unencrypted Predator feeds and fix the problems before they launch more advanced drones in country.

K.

Written by Krypt3ia

2011/12/18 at 20:40

Posted in Iran, RQ170

La Amenaza de Irani

with one comment

La Amenaza De Irani (trans: The Iranian Threat or The Iranian Menace)

YouTube Video Part 1-4

A recent investigative report carried out by Univision (Television de Espanol) released this month has some pretty powerful footage showing an undercover operation that sent college students to propose cyber attacks on the U.S. to the Iranian ambassador in Mexico. Ambassador Mohammad Hassan Ghadiri was approached with  hidden cameras and talks were held to discuss the potential for state sponsored (by proxy of Hezbollah) attack on the White House, FBI, CIA, and nuclear power plant systems within the United States. The footage in the report clearly shows the ambassador talking about these topics and also asking about how to further this by making certain contacts.

Now, of course this whole story is sensational and of course the Ambassador could just as easily say that he was leading them on to get an in on those who would like to attack the US to use in other ways, not necessarily that he was actually plotting against the US. Though, the likelihood is that the Ambassador was playing along in hopes that perhaps the Mexican students could be used as a proxy against the US and thus keep his hands clean.. A win win for Iran and himself really. However, there is a bigger story here than just the plot as laid out by the college student to the ambassador and his interest as well as the interest of the Venezuelan officials also caught on camera accepting the plans from the Mexican students.

The bigger and ongoing story is that of the connections between Iran and various countries in South America and their use of cocaine trafficking to further their agenda’s world wide as well as focused on the US. The report goes on to cite others in the US and in the various governments in South America laying out the framework for a bigger picture on Hezbollah, narco-trafficking, and the potential for the semi porous border between the US and Mexico to be used to infiltrate Islamic terrorists (Hezbollah and others potentially) into the Unites States. The report cites as well that there are connections between mosques and training camps in Venezuela that also get support from the aforementioned narco-trafficking.

To me, it looks like what went on in the 80’s with Communism and terrorist groups in South America has now been supplanted with Iran and extremist Muslim thought and this is something we should be aware of. I am sure that the government and the agencies have been for some time, but this has not really been in the public eye until now, and even then, I am not seeing too much being made of this in the media as yet. The most the media has been talking about has been the fact that there was a plan for a cyber attack on the US infrastructure, but, like the media does each and every time, they seem to fail to grasp the smaller issues that are more important than an alleged plan for a “cyberwar”

Iran, the Nuclear Plot, and Reality (Hezbullah Cyber Army)

The actual “plans” given by the college students to Ghadiri were not shown or elaborated on in the Univision report, however, one can assume that they included the STUXNET type attacks that hit Natanz but also perhaps denial of service attacks as well on the FBI, CIA, and White House. Since there is nothing really to work with on this, I cannot say for sure, but, one need only look toward the “Hizbullah Cyber Army” that Iran recently unveiled to see where their ambitions lie after being spanked so well by Stuxnet and whoever carried it out. No doubt though, the Iranians would seek to welcome the likes of the Mexican hacker community to their effort as the Mexicans have had a track record with regard to hacking and digital scams in the past.

Once again though, I would like to see people have the realistic reporting that there was no real cyber plot, but instead that this was the entre into the Hezbollah by offering such a plan or plans… Let’s not let the media run with this cyberwar angle ok?

The plans that the college students passed to Ghadiri also included talk of EMP attacks as well as cyber attacks against infrastructure. The EMP attacks are of interest in that they could be carried out by missile launches. Launches that could come from sites that Iran and Venezuela have allegedly talked about having in place in country. So far as I am aware, the only real way that an EMP of worth, could be carried out by such as Iran would have to be a high altitude detonation of a nuclear device. Which means that Iran really probably does plan on having nuclear weapons as opposed to their claims that they only want to have nuclear power for the country.

Frankly though, I do not see that the plan and this report should just be seen as a cyberwar piece. This all begs much larger conventional questions about the moves that Iran has been making in South America and now Mexico.

Iran and South America

Hugo Chavez has been getting closer and closer with Iran for some time now. Venezuela and Iran have forged close ties and much of their work together has been over more than just domestic and financial issues. It seems from the Univision report, that also the two have been working together on Nuclear programs. Iran has been working with Venezuela on plants there and I am sure that Venezuela has likely been acting as a cutout for certain things that the Iranians would like to have (i.e. perhaps as a go between for parts etc, that Iran cannot get due to sanctions) So I am sure it is a beneficial relationship that Mahmoud and Hugo have, but there are other things under the crust that one has to take into account.

Proximity is one issue that I know has been spoken of before and it has to be discussed again. There has been talk in the past of Iran and Hugo’s desire to have a set of missile bases in Venezuela that could easily launch missiles at the US. With the Iranian technology that they have, they could in fact put in sites that, much like the Cuban affair back in the 60’s, cause great consternation for us all. I have heard in the past that there was talk of this between the two countries and heads of state, but, now it seems that perhaps we should be more wary that perhaps there are some sites or portables that Iran may have slipped to ol’ Hugo.

However, the other issues brought up by the report from Univision do take some precedence today. The proxy war of using the Narco gangs to train Islamist terrorists is not a new one by any means, but, seems to be bearing fruit now. For some time the terrorists and narco traffickers have been getting closer because their needs can be fulfilled by both working together. Much of this also is being backed up (allegedly) by the Univision reporters who now also claim to have hours of tape on Muslim jihadists training with the drug smugglers on tactics in training camps tucked away in South America.

Though, the real relationship to me, is that the drug gangs are being used as proxies for Iran’s and only for Iran’s benefit.. They simply are pawns in a bigger game of global Stratego that Iran wants to play. They are also all being played by Hugo Chavez, who gets the money, the power, and the control he desires all the while getting in on the ground floor on the war against the “Great Satan” as Iran calls the US.

Iran and Narco Trafficking (Hezbollah/Los Zetas/Mexico)

Another disconcerting event came yesterday as it was announced that a Lebanese drug smuggler was charged in the US for smuggling 85K kilos of cocaine into the states. Ayman Joumaa a.k.a “junior” was captured and is now being charged with this crime as well as being the money man for Los Zetas, using a Lebanese bank in Canada to launder about $850 million dollars. Joumaa’s connections though also connect him with Hezbollah and thus, we now have more connections between the likes of Hezbollah and Los Zetas.

If you will remember back a bit, you will likely think about the plot that was broken up recently where Iran (Hezbollah) had worked a deal with Los Zetas (allegedly) to bomb a Saudi ambassador while in NYC. Many people thought that the plot seemed a bit cooked up and perhaps overly dramatic, even perhaps some thought that it was disinformation, but, it seems that from numerous sources you can see a pattern emerging between the cartels, islamist terrorists, and the inspirations of Iran and Venezuela.

Further proof comes from the Antisec/LulzSec dump of the AZ DPS reports on the connections between the Islamic extremists and the Hezbollah network in Mexico. Clearly the government seems to be concerned. By using the Zetas, Hezbollah will have a far greater reach into this country through the trafficking routes, coyotes, and money that they are facilitating being made to launch campaigns here in the states… Someday.

Past as Prologue: The 80’s and Ron Reagan

In the end, this report shows quite a bit about how the Islamic jihad and Hezbollah have made inroads into South America. Inroads that could lead to some serious consequences with global terrorism as well as the goals of Iran as a whole where the US (a.k.a Shaitan) are concerned. It would seem to me that the 80’s are coming back and we will find ourselves once again sending wet work teams in country to work against such groups as ETA, FARK, and now Hezbollah in South America.

The report, which I suggest anyone who can speak Spanish see, covers much more than anything you might read in the English press. They talk to several US officials in DEA/CIA etc and one of them actually calls the acceptance of the “cyber attack plan” an act of war

*shudder*

However, you will get to see that Univision did their homework and connect the dots pretty well between the governments of Columbia, Venezuela, and Iran in complicity on a plan like the one offered. So, it could be possible in the future to see such attempts as plausible. We definitely have to keep an eye on the region and the machinations of the likes of Chavez and Mahmoud.

However, what I don’t want to see is another Iran-Contra Affair come up. Guess Ollie might have another job ahead of him…

So when do we get the second “New Wave” movement from Britain then?

K.

Written by Krypt3ia

2011/12/14 at 17:39

The Infosec Naughty List & The Twelve Charlatan’s of Christmas

with 7 comments

Infosec Santa Knows When You’re Naughty and Nice!

WHEW! What a year it’s been and so much has happened in the soap opera that is INFOSEC. We had Stuxnet and all its fuddery, The Ligatt Saga continued to astound and amaze, and then we moved into full Susan Lucci mode in the community!

Wow.. just wow…

After Santa’s (regular, not the infosec santa mind you, he knows how to secure his shit) leak of the “Naughty List” This Santa decided that the naughty list needs to be published, not leaked. So with much fanfare and less ado, let’s take a peek shall we?

*Note, this is not the full naughty list.. If I were to try and cover them all in a post.. Well, there aren’t enough bits in the “internets” to cover them all…

Naughty for Spreading FUD

Joe Weiss…

Joe, you are on the list this year because you did a couple of things. First off, you took an FOUO document and decided to use it to garner attention to yourself with your FUD over the Illinois water hack, that wasn’t. Joe, YOU should know better but it seems that the attention seeking behaviors within you got the best of you huh? Surely you did your homework on the facts before you decided to disclose “sensitive” data to the populace at large thus starting a FUD storm of epic stupidity right? 

Oh.. Yeah, no, you didn’t…

That’s why you are on the naughty list this year…

The Illinois Fusion Center

The Illinois Fusion Center is on the list because you too failed to do your due diligence on the whole “water hack” story that you gave to Joe to publish! Had you done your jobs or had an understanding of forensics you might have first looked at the name of the user logging on from Russia and maybe called him. Then you might have learned that he was in fact in Russia and that he logged in at the behest of a worker at the facility.

#FAIL

That you wrote the super secret report and then leaked it to Joe is all the worse. You guys are supposed to be the guardians at the gate here.. Instead you are the keystone cops.

Craig Wright

Craig, buddy, what can I say about you that I haven’t already said or refuted from your diatribes. You my man are the 2nd in line after Greggy in foolishness and hubris. Please, stay in Australia and I hope that NASA thinks a bit more about your reliability post our debates. For those who do not know Craig, check out InfosecIsland and his posts. He single handedly was able to destroy his own credibility by being unable to control himself.

Naughty for Asshattery

Joseph K Black

JOEY! Dude, you are a real mess. Your recent event of being arrested after the high speed chase shows that you are either very mentally ill, or on some major drugs. I lean toward the mental illness myself. I hope that you do get the help you need Joe and that someday you can normalize and maybe be a contributor to the community instead of being a joke.

Elyssa D

Elyssa, you and Joe are a pair.. Like a really strange set of salt and pepper shakers from some podunk town. You too need more meds and I am pretty certain that you need some psychological help. Infosec Santa hopes that you get the help you need and that you stop being the lesser clown to Joe’s Homey the infosec clown.

Naughty for Not Doing Their Homework

Wired Magazine

Wired.. You more than once failed at doing your homework as journalists and went with hype. This wasn’t too too many times but it was enough to land on Infosec Santa’s radar.  You can and have done better, and in fact the Stuxnet reporting by Kim was great…

Infosec Santa’s watching you.

Reuters

Reuters, YOU are on the list this year for not vetting the Stuxnet/Conficker story AT ALL. You do not even make an attempt at vetting or mentioning the fact that there was no corroboration at all to the story that Bumgarner was giving to you. Remember  when you used to be a real news service? Infosec Santa does and now you have let him down…

The Mainstream Media

The mainstream media as a whole is on Infosec Santa’s naughty list because you all have sold out.

“If it bleeds it leads” is only really an aphorism that the Enquirer should use.

Naughty for Plagiarism

Gregory D, Evans

Greg, buddy, you are on the list so many years running now that I just have a rubber stamp for you. Your antics with suing people with frivolous law suits is just pedantic now. Please, slink back to your hovel and your “Bently” and crack those spelling books. Though, your plagiarist exploits this year were rather funny! Especially when you stole Ben Rothke’s piece on plagiarism featuring you!

That gave Infosec Santa a belly laugh like a bowl full of jello!

But.. It still lands you on the naughty list… and NO that is not a good thing, Infosec Santa is denying your Christmas wish of strippers and blow.

David Virgil Dafinoiu

David, you have been a busy boy this year stealing content! You came out of nowhere and began the onslaught of intellectual theft. What’s worse, you got caught at it and then went right on doing it some more after faking contrition.

TSK TSK TSK

Naughty for Selling Snake Oil

ALL AV VENDORS.. But really SYMANTEC

Infosec Santa has a personal bone to pick with Symantec this year. Your console is “TEH SUCK” and so is your sales team. When you call and ask for a demo on hard drive encryption son, don’t show up only with a DLP sales pitch ok?

As for the rest of you AV vendors.. Cut out the FUD and admit you can’t stop APT ok?

Naughty for Outlandish Claims & Uselessness

Tiffany Rad

Tiffany, Infosec Santa has soured in his opinion of you over the last year. You seem to have an issue with following through with things like law suits and you definitely have a penchant for…

Shall we say “embellishment” ??

Your stories of all your adventures are so very hard to verify.. But.. They just don’t ring true for so many. Why is that? Perhaps its just from Infosec Santa’s personal experiences and his checking of sources with regard to Mr. Evans and FBI connections, but, I am just left with the conclusion that you should at least be on the Attrition pages soon in the watch list.

Infosec Santa lays a majority of the blame on the lack of response to Evan’s plagiarism at your doorstep…

But, that is just Infosec Santa’s opinion… He paid for representation and got at least some satisfaction.. Others who went with you.. Not so much.

Naughty for Being… Well… Bastards and Selling Out

HBGary

HBGary, a name that will live in infamy now. I mean hey, you guys even ended up on Colbert right? You all are the naughty list because of this one specific action.

Hunton and Williams wanting to smear activists.

That you got caught because you got pwn3d by LulzSec is just sorta fitting really.

Please, since corporations are now “persons” grow a conscience.

Naughty for Being A Self Righteous Gas Bag

Sam Bowne

Sam, dude, you are just a self serving blowhard and Infosec Santa see’s it… Welcome to the naughty list… Just this Infosec Santa’s opinion….

Naughty for Using the Word “CYBERWAR” Repeatedly

Richard Clarke and ALL of the DoD

Dick, DoD, you all need to stop with the jingoism by using the term “Cyberwar” too too much. You guys really don’t even have a real definition for it never mind thinking you have claim to make decisions on kinetic attacks (bombing) on targets you THINK may have something to do with an “attack”

Frankly, Infosec Santa was surprised you didn’t just haul off and bomb the Kremlin over the water facility debacle in Illinois. Must have taken some real restraint there.

Remember, its called “Attribution” and its rather key to knowing who did what where.

Naughty for Making a DOOZY of an Unsubstantiated Claim About STUXNET and Conficker

John Bumgarner

John, Infosec Santa doesn’t know you personally but this latest incident with Reuters and you…

WOW… Just WOW

Next time you want some attention, maybe you will forget the wild stories and actually cite real data about your claims. Conficker was the progenitor, or the Swiss Army knife for Stuxnet???

Wow.

You sir are on the list until you cough up that data so it can be peer reviewed.

Naughty for Missing the Point So Much

Antisec

Anonymous

LulzSec

Guys, you are all on the list for missing the point. Your dumps of data other than HBGary have been irrelevant. Your dropping of people’s data (doxing) also has been missing the point. You claim you want change but you don’t follow up with substantive actions that will create change.

You are all just a little too ADHD…

The Infosec Community @ Large & the Rockstars of INFOSEC

Finally, we have the INFOSEC community at large. There are so many of you out there and the general feeling that Infosec Santa is left with this year is that you all are too… ehhh… Dramallama

Hell, even this post by Infosec Santa falls into this category so I can place myself on the naughty list.

OH MY…

All of the antics and whining by this community just makes us all look bad. There are many of you out there who maintain a good presence, but generally, this is a young industry. We have alternative lifestyles and we seem to define ourselves by this attitude. However, it’s attitude that only looks foolish to the straights and then they take us at face value and lack respect for us.

Enough digital penis measuring ok?

Look, all Infosec Santa really wants to say here is this..

“You want to be taken seriously? Then grow up.”

Yours,

Infosec Santa

Written by Krypt3ia

2011/12/11 at 14:58

Posted in Infosec

JHUF.NET: Jihobbyists Who Are Laughed At by Their Peers

leave a comment »

JHUF’s Reads Me.. Merry Christmas Kafir!

Well, well, well,  it seems that my little blog has attracted some attention for a post I did back in the day on a certain Muhammad Zaib Khan and the kiddies at JHUF have decided that they are going to pick on me.

*sadface* 😦

The comments above attempt to… I guess.. Frighten me?

Really?

That’s the best you guys have? Come to Afghanistan and we will show you a Taliban?

Come on guys! I had a fatwa on me before! The least you can do is threaten me a bit better than  “neener neener neener” using some proxy out of Tazmania!

Well, after getting their missives, I decided to look into JHUF.net because, well I was bored anyway. So, I took a look and what I have found is that these guys (or maybe girls) are just a bunch of jihobbyists looking to mentally masturbate with each other online about their desires for jihad. Or is it that they just want to circle jerk online in hopes of someday meeting in meatspace to share their jihadi love?

So far, what I have seen amounts to very little, so their jeers really do make me chortle. As they do with other forums who call them out as being just a bunch of posers.

Domains, Admins, & M.Zaibkhan

Not surprisingly though,  I found that these characters (see admins and mods above) have been pretty loose with their information. It was fairly easy to get their data and use it to conduct further searches with Maltego. Much of the hits that came back gave quite a bit of insight into the players, who they talk to, and where they are from. Even with attempts at obfuscation though, the players here managed to let me follow them to their digital doors.

I now see just how laughable they are and why the other jihobbyists make fun of them at their jihadi games (*following the Christmas reference in their emails)

Another fun fact was that in using Maltego, I could see the edge weights (importance through frequency) of the sites that they are affiliated with or talk to. In the image above you can see the weights of the sites with a certain blog in purple ( ghazwaehind.blogspot.com ) which is run by Irfan Baloch and Abu Jamal. I also was able to locate the following blog (pictured below) pashtoislamway which conveniently let me find the user’s Twitter account as well as his two email addresses (in pic) So, a Gmail and a Hotmail acct for the services to look into YAY!

Don’t suppose you guys are using crypto… Maybe even a proxy when accessing these?

We’ll see….

 

Oh, and I almost forgot to mention that your WordPress site was even MORE helpful and gave me more informatics on you all!

THANK YOU!

See, when you guys filled out your bio’s on there you also added your email addresses and pertinent data that I just love to collect. Keep it coming kids I can use it all and I am sure someday all of your communications will be in the hands of the likes of DHS! So really, once again the other jihobbyists are right to laugh at you guys.

You truly are the keystone cops of jihad.

I Don’t Forgive, I don’t Forget, and You Should Expect ME.

Couldn’t resist there haha… Ok, so yeah, moving forward I think that your little sites will come under more scrutiny by myself and others *J* so you should expect the attention.

Oh, and trust me, it will not be attention you want.

Meanwhile I am going to go back to hoovering your sites and then perhaps collate all the forensics data I can get from all the files you have been creating and uploading to sites like megaupload.

See you in your computers soon kids.

Merry Christmas Jihobbyists!

K.

Written by Krypt3ia

2011/12/09 at 19:27

Posted in jihad, Jihobbyists, OSINT, PsyOPS

“Zero Sum Game” The Nature of INFOSEC

leave a comment »

//BEGIN RANT

The Zero Sum Game

Lately I have been party to as well as watched debate on Twitter and other venues by my compatriots in Information Security on their woes. The woes consist of laments about certifications like CISSP, how “Company B” is not following its policies, or just how much FUD (Fear, Uncertainty, and Doubt) there is within the business as well as how much of that is being spun by the media and vendors.

In thinking about all of this, I have come to the conclusion that security really is a “Zero Sum Game” meaning that no matter what you do, no matter how many policies you have, or blinking lights on an appliance that is alleged to keep out #APT in the end, you really have not won the day. In fact, if you have not been hacked or abused that day, it was really just a fluke.

You just can’t win.

Human Nature: The Anathema to Security (AKA The Deadly Sins.. No not Seven of Them)

Now, why can’t you win? Well, one of the primary reasons that you can’t is the human element. You can design all the nice nice Visio’s of the network, you can buy all the hardware you want and configure it to work securely, but, eventually someone will screw up that config either by fubar’ing it by accident, or, some C level exec will decide he wants his open access to the latest and greatest www site or game and demands a rule be added that is insecure.

Well, ok, maybe I am being a little rough there.. More than likely it will be some “mission critical” application that will make gazillions of dollars (maybe) and they ABSOLUTELY MUST HAVE IT! Even after we tell you that its not a good idea and make you sign off on the risk (if you are lucky and that actually happens in your org) So, the human element is the most dangerous of them all. Core to that element is the very nature of it… “Human Nature”

Human nature has various components, but I will focus on a few of them for this article.

1) Laziness

2) Fear

3) Greed

4) Stupidity

Many of you might be saying “AH HA! The Seven Deadly Sins!” but, alas, no.. I could not make all 7 fit into this story so, its the 4 deadly sins. All of these behaviours in human beings lead to security flaws to be introduced and exploited because people add them to the system. Step back and take a look at all of the problems that most of us are talking about in the community…

It’s not hardware issues.. It’s wetware! From coding practices to lack of policies, to FUDDERY and Luddites running the show.

Think about it.

The real problems revolve not only about 0day but the fact that people are able to “click shit” as someone on my flist says in hashtag form.

Skynet has it right.

Greed, FUD, Charlatanism

Ahh, one of my pet peeves lately.. The FUD, The Greed, and the Charlatans. What can one say? The INFOSEC sea is filled with trawling sales sharks seeking to use buzzwords to sell their crap to unsuspecting Luddites in positions of power. We, the Infosec community, roll our eyes and try to call them on the floor as they say they can stop all APT from breaching your network!

But… In the end, most of the time its the Luddite with the wallet and the agenda. They all too often reach for the easy solution that comes in a shiny package and think they will be safe… Thus making us, *security* more sickened and thinking;

“shit, why do I do this again?”

Meanwhile, you see trolls like Ligatt or others out there stealing others work and pimping themselves to the unwashed masses while you, the one who has been plagiarised cannot even mount an effective case against them because it costs 10K just to start talking about doing it. Sure, we can send DMCA letters and we can shame them… But.. My experience thus far has been that they do not go away.. They just keep scuttling along like a digital cockroach.

Personally, I have called BS on so much lately in the news and being spewed by alleged “experts” that I am just inured to it now. I give up really, because no matter how much you say;

“This guy’s a moron!”

The media and the masses usually aren’t listening.. And the travesty goes on…

Cults of Digital Personality

Meanwhile, within our little insular community we have the cult of digerati. My tweets today about Tao *Beitlich* being case in point on this. Some people agree but for the most part, he is seen only through the vacuum of the echo chamber that he lives in. The same can be said about others out there but I don’t have time to name them all.

Look, people are people.. We all have opinions but none are Gods. This whole infosec rockstar thing just shows the fact that you would love to be mainstream and loved.. But.. you’re geeks and don’t fit in with the beautiful people. Frankly, many people who I would consider to be some of the best of the best never get to see the light of a camera… and they want it that way.

Look! I Can PWN THIS!

Ugh, now this.. This is a whole issue unto itself that could get a separate post. However, the highlight is this..

Do you really have to pwn shit then show it to the world just to get attention? Can we just talk about responsible disclosure a bit? Even if you tell the company in question do you give them time to fix the issue? Then, think about this, do you even expect that the Pandora’s box you have created and just outed for the masses is going to be fixed by Jose Shmoe and his company who then get compromised from your little baby?

I think more can be done on this issue… I just wanted to toss that out there though.

Certificate BINGO!

Lastly, the certificate BINGO or as I see it, the Certificate Mafia. Being certified means shit. However, as per my twitter reposts yesterday, it is the go to for employment today even though the said certified person may not be capable for the said job. Certs are subjective really as are the notion that if you went to college that you are capable of doing anything well but drinking and throwing toilets out of dorm windows.

Simple as that.

So, all this talk about CISSP for instance.. I agree.. It’s BS.. The board needs a shake-up but we shall see what happens with the new members. However, yet again, we are forced to deal with human nature and peoples proclivities to believe in things because they have a title or a set of initials attached to their names.

Phooey.

K.

END RANT//

Written by Krypt3ia

2011/12/07 at 21:01

Posted in Infosec

Paradigm Shifts: Global Salafi Jihad and “The Group of Guys”

with one comment

Global Salafi Jihad

The idea of Global Salafi Jihad has been something that I have been thinking about since the demise of OBL and now Anwar and his cohorts at Inspire (Malahem) and it seems reasonable to me that this is the natural next step in the jihad movement. The term “Global Salafi Jihad” denotes that the jihad has switched from the loosely based Salafist ideals put forth by AQ and is shifting back to the more rigid beliefs of the Salafist.

The exhortations of AQ online and other, have been curtailed since the deaths of OBL and Alawki with the media wings only putting out the usual rhetoric that it has been unable to substantiate with actions. It would seem that in the case of the Western jihadi’s that they hoped to induce into jihad, the AQ team has failed to really produce the desired effect and have waves of Western jihadi’s who activate and wreak havoc here and abroad. In fact, there have been 176 cases of self radicalized jihadi’s in the US and only 2 of them actually went on to physical attack mode with firearms.

So, it has been a lackluster performance and AQ knows this. It is my thought that the next turn will be more toward radicalizing actual Muslims with the tenets of Salafi belief. Whether or not this will take the shape of online exhortations or the more localized indoctrination at mosques is the real question. Again though, shifting back to this position I feel, is the only way to go about getting their desired goal of creating zealots who are willing to become shahid for their cause. It is finally becoming clear to them that the Western kids are just that, Western, and not really inclined to doing much other than talking about jihad as living out those fantasies online, much as they do with video games.

With the true believers though, the ones who have been trained in madrassa’s by wrote with Salafist beliefs, those are the core that they seek to manipulate and use to their own ends. This means that the pivot I believe, will be more of a focus back to the core Salafi ideology while manipulating the recruits with propaganda on how the kafir have invaded the lands (the usual line)

Net/net this means a kind of indoctrinal brainwashing… One that really will pivot back to the lands of the Ummah as the training grounds. This however will not be the true ideal of “Global Salafi Jihad” but it will be the only way I think that they can see toward keeping their movement relevant and alive.

The Group of Guys Theory and Jihad

The other aspect of this line of thought is that the theories of Dr. Marc Sageman will come to play and there will be “groups of guys” who will coalesce together in places to eventually take up jihad and Salafi beliefs. Dr. Sageman’s premise is that for the most part, the jihadi’s that have come about and actually carried out attacks were not trained in madrassa’s from childhood, but instead tended to be 2nd generation Muslims living in countries that are not predominantly Muslim. In fact, many of these guys were not radical at all until they began to feel a certain discontent with where they were in life and sought to learn about their heritage. There seemed to be something missing and when they started looking, they came across the AQ doctrine and gravitated toward it for a few reasons.

  • Romanticism
  • Fraternity within their group
  • Adventure

Much of the same ideas play out in the online jihad as well, but seem to not get the real life spark that is required for the actors to really activate and play their part in reality as opposed to their idealized and fantasy life that they can easily sublimate their desires with online without having the danger angle. In the cases that Dr. Sageman looked into, these players got together and as a cell, in person, worked out the details and egged each other on to actually doing something in real life.

And this is a key difference today.

Going back to the online jihad, we see this egging on and inspiring speech within the bulletin boards, but the reality is that each and every one of these players is alone in a room somewhere typing on a keyboard. Once disengaged from the internet, they do not have the physical presence and the motivation to actuate.

Post UBL, Anwar Alawki, & Inspire Magazine

Since the death of Anwar Alawki and his cohorts, Inspire magazine has been off of the digital shelf. This magazine was the closest that the AQ set had gotten to being hip and cool enough to garner attention from the Western kids. Now that it is gone, the one conduit to perhaps creating more lone wolves went with it. However, even this magazine had issues with trying to get the masses to heel to and do their bidding. This is something that they also lamented a bit in the propaganda and planning materials and I have written about in the past.

Now that this is gone, and as far as I know there are no players to fill the void, this has dealt a real blow to the online jihad and once again tips it back to the old model of Salafi jihad taking over where the Mtv AQ set has left off. This is problematic for AQ as the Salafi mindset is more than certainly not one that the Western mind and the kids here today really get, so, I am sensing an overall failure to inspire the kids with it sans something like Inspire Magazine. The question then becomes is there anyone to step up here? Perhaps Gadahn, but, he is really not that inspired himself nor inspiring for that matter.

The right word for Adam is pedantic I think.. He and Ayman are much the same in reality… Uninspiring old men yelling at the world to get off their lawn.

The Failures of Social Networking in Jihad

The use of Net 2.0 and Social Media however has been an important feature to the online jihad. Today there are numerous sites out there with Jihadi content and themes. These sites as I mentioned above, have only nominally created any kind of serious jihadi’s though. The problem with these sites though from my perspective is that C&C for those who would self activate or those “groups of guys” out there who create their own cell autonomously, can get direction and support from these sites.

I would say that 95% of the traffic on these sites are just kids playing “Jihad” online but there is a very real aspect of command and control here that should be recognized. Inspiration as well is another key factor to look at too as these sites can attract those seeking excitement and direction. Those that want to get indoctrinated can then easily get the materials and the chat to move further toward their evolution of becoming the next wanna be shahidi making a crude device in their basement or chatting with others about aspirations of shooting up a mall.

Fortunately, the use of these sites has been a boon to the likes of the FBI as they are able to obtain attribution on their users as well as insert players into the game to lead them into traps and roll them and their aspirational plans up with stings. However, as I pointed out earlier, it seems that nothing can replace the actual proximity of individuals to each other in real life to get them to actuate their plans beyond just talk.

This is a key factor and why I now feel that the online jihad is a failure and will continue to be so. You can network all you want, but human nature plays a key role here. It’s easy to just sign off, create a new ID and be anonymous online as people jeer at you. In real life, that social embarrassment and pressures involved in real life social interactions are the main reasons that others have re-enforced each other to acts of jihad.

The Network As Battle Space for Jihad

The paradigm change though I fear has been fomenting with the likes of Anonymous and their online movement. If the jihadi’s actually acquire online skills in the hacking sphere as well as figure out how to inspire and energize the more savvy believers online, then we have more problems. Recent events with regard to ICS and SCADA system vulnerabilities has shown that there is a potential for online mischief that AQ could leverage. These types of attacks would not be world ending and nothing close at all to what happened on 9/11, but instead would further the tenets that OBL laid out with regard to a “Death of a Thousand Cuts” type of warfare against the US.

It is my belief that this is potentially the new battlefield that AQ could leverage where the Western kids who gravitate toward jihad would be willing to take up digital arms. This paradigm would work for both the AQ core and the wannabe’s out there online who are unwilling to blow themselves up for Allah. With the idea that the internet offers anonymous ways to attack the powers that be (ala Anonymous) then I believe that AQ has a greater chance of inspiring followers to action and thus to potential real world acts of digital terrorism.

Acts that would not cause mass casualties on the whole, but would cause the government here to spend much more money and time on the “digital war on terror” and once again put fear into the populace who will now worry that their water will be cut off, or polluted with feces. Only these types of attacks, with real world consequences will be at all effective in furthering the jihad. Defacement of pages etc, is just skiddie stuff that will serve no greater purpose. Just one hack though on a power plant or more likely a water facility in podunk illinois will set the media and the chicken littles into a tizzy though, and that will be a media win for the jihad.

Once this happens and is claimed by the likes of online jiahdi’s then we will have a problem because this will give them the air that they desire and AQ will leverage that.

Running on Empty, AQ’s Message is Losing Steam

Generally though, I am feeling of late that the AQ message has been diluted by the deaths of key players and the squeeze we have placed upon the organization. The marketing of AQ to the masses online has been damaged with the loss of Alawki and his boys (inspire) even though they were still grappling with a working formula for their brand of jihad online. Now that the old man (Ayman) is in charge, I expect that the dictum will fall back to the Salafi system of thought, and that is a tough one for the Western kids to get in line with.

Unless AQ gets hip or learns that the digital space is up for grabs and acts on it, I frankly see the movement as going back to its roots. There will be an amount of time where AQ will have to inculcate more jihadi’s out of the next generation of kids in madrassa’s and this will take time. More and more the movement will have to be relegated to the steps of the tribal lands where it will fester.. Unless Pakistan gets in line and dismantles the ISI support for them and cleans out Waziristan.

Not too likely at present.

So, the core will go on. They will continue to try and get their message out, but it will go to the net 2.0 generation who really aren’t so much into blowing themselves up nor are they that devout.

Looking Forward Into The Jihad

So where does that leave us? I think that overall, we are going to see another shift in AQ and Jihad in general. The online jihad experiment has failed and I think the smarter ones in AQ know this. They will go on to re-tool and re-group while trying to avoid being hit by a hellfire launched from a predator. The only problem that I can foresee is the idea that they will learn something from the Anonymous movement and work more within the digital sphere.

Not so much recruitment… Until they have a success with a digital attack… Then the jihadi skiddies will come out of the woodwork.

Until then, we will have some more “get off my lawn” dispatches from Ayman.. And that’s about it.

K.

Written by Krypt3ia

2011/12/07 at 12:11

Anonymous and ANTISEC: Mixing Metaphors Can Lead to Trouble

with 6 comments

The Steady March Toward Anonymous Jihad

The picture above showed up on the internet attached to a right wing site. Edited I assume with the text “The left has declared jihad on capitalism” This image and the connotation of it should be of concern to Anonymous at large because of its potential for swaying thought. I can only assume that this image and more like it coming from the OWS movement sites will only proliferate as the right wing candidates vie for the position of President and in the process, make the Anon’s and the OWS movement seem to be a terrorist movement or groups.

I am sorry to say though, that unless this person photographed was a shill for the right, then someone or more than a few people have got the wrong idea and are wearing the typical shemagh in tandem with the Anon mask and have thus started the ball rolling on this themselves. I for one actually wore the same together back before Anon and the OWS movement began to really pick up steam, and I did so tongue in cheek.

You see.. tying the two together is just a bad idea if you want to be seen as a non corrupt, honest, and heroic movement. Just look at the history surrounding the shemagh and the terrorist use of it and you will see it’s a fairly bad idea as promotional notions go post 9/11.

Now unfortunately the ball is rolling to make you all the tool of the right’s campaign against anything they deem to be “Un-American”

One Man’s Terrorist is Another’s Freedom Fighter

Meanwhile, I would also like to take you to task for your core use of threats and rhetorical catch phrases that have also been getting.. Well.. A little scary at times and yet we are already inured to them I think. The lines;

We never forget

We never forgive

Expect us

All come off as eliciting a threat I should imagine that even to those you claim to be protecting. After all, how long before you all decide that the one you are protecting has pissed you off in some way and now they are the next threat? It seems from all of the back biting that has gone on with Anonymous and the defections (public and other) that have taken place show that the “Mob Rule” style of action and control that seems to be at play here could get out of hand rather easily no? It’s a slippery slope you have all set yourselves upon and I just want to warn you now that the rhetoric and the actions (sanctioned and un-sanctioned) can lead to blowback unless you pay attention.

The latest iteration with the release of this image (at the top of the page) will only make it easier for those who are out there and thinking you are all misguided or power mad are in fact the next form of terrorists. In fact, I would not hesitate to say that the governments of the world which you are fighting, and are in power to start with, are considering you terrorists. In the case of the US, domestic terrorists (i.e. ows and you all who are in the US wearing a mask) and if attacks come from outside the country on to US systems/soil, with the recent DoD rulings on response in kind with kinetic attacks, you do have a problem.

You all consider (those who are partaking in actions for political/social beliefs held) that you are fighting against an authoritarian system. A system that you decry as evil and yet, looking into your organization (sorry “swarm” or “collective”) shows the same hue and cries of those you don’t like. You all seem like digital villagers at the gate with pitchforks and fire… Throwing rotten tomatoes and yelling “Off with their heads”

Smacks really of the French Revolution to me.

Now though, you have certain factions within your umbrella (Antisec) that are actively carrying out attacks on the government and the police organisations. You cry out that the police are evil (and granted what I have seen at the OWS protests with pepper spray and violence gives you that right) but your actions of outing data are.. Well.. Just as bad really.

Sorry, but, you are becoming them… Please stop.

The Propaganda Wars (Anonymous vs. Governments)

So now we have the propaganda wars ongoing. Anonymous claims that the governments are corrupt and they would be right in a great number of cases. The government is claiming that you all (Anonymous and OWS) are just a rabble of spoiled brats who need to cut their hair and take a shower. Who’s really right here? It seems to me that much of the recent OP’s like Robin Hood are just dysfunctional half baked ideas as opposed to really taking up social or legal issues that are relevant today.. Never mind actually taking them on and trying to come up with a plan that would help with the issues.

Additionally, these videos you put out now are getting closer and closer to the jihadi videos out there that AQ has been putting out over the years. The same graphics, the same music, the same metaphor and rhetoric with a tinge of threat.

Not good.

I suppose there is a certain sense of empowerment you are all getting from this, but let me tell you this. From the LEO’s and the government perspective, the more you do it, the closer you are getting to patterns that the terrorists have been using. Perhaps its just that you live in the YouTube age, but I should think that you all would take a step back and think about this a bit. It’s not helping your cause.

Eventually though as the 2012 race moves on, I can expect you all to be lumped into the same bucket with the terrorists just because of your inherent shadowy reflection of modus operandi and propaganda. Additionally, the government types (The Republican base and the teabaggers) will also be using you all as a fulcrum of fear spreading propaganda about you. Propaganda that you will not be able to fight because you cannot control your respective cells and actions.

The propaganda and disinformation genie is out of the bottle kids.

Dictum and Rhetoric Can be Your Enemy

So, what can you do? Well, perhaps cut down on the dictum and rhetoric a bit. Don’t let all the crazy hangers on dilute the message as well. I know this goes against your core ideal of being a “collective” but, even a collective should be able to do this. All of these crazies out there who are doing things in your name are only doing those of you with an agenda (social/political) a disservice.

At the same time, I have to say that I think in other quarters, without the government types making you a “threat” by labelling you so, you all have managed to inure the general populace into a sense of apathy. You have been real bilious but really, what have you all changed? What substantive thing have you done for the people Anonymous? I asked this before but I still don’t see a real effect here. Sure you can claim the OWS movement but really, what have they done as well?

The government is still bailing out other governments secretly it seems as of recent reports…

Arrests are sky-rocketing at the protests but… Well, nothing new there.

No laws have changed

No real political backing has come from anyone in the government (the left say)

Nope, generally, you all have been deemed to be rather impotent, so, what great paradigm shift has occurred here? Perhaps if you came up with candidates or a party that might be different but as yet I see none of this. What I see is a group of people upset with their government but not substantively coming up with means to change that government… That usually means that you have to either dismantle it or, get inside of it as  a part of it and make change happen.

So far, you do not even have the traction to change the electoral process here. Someone will be elected in 2012 and I can pretty much guarantee you all that it will be the same ol same ol once again.

So yet again I ask you.. What are you doing?

So, What is The End Game Here?

I guess in the end, I just want to see something cohesive happen here. What do you all want? You want to end corrupt practices? You want better more humane government? You want other countries governments to stop torturing their populaces and allow them to be free to buy Macbooks?

*blink*

What’s the plan? Without an end goal then its all just mental masturbation kids.

Ehh.. Just beware that you are starting to look foolish and you will be made into the boogey man if you are not careful.

K.

Written by Krypt3ia

2011/12/01 at 16:20