Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for January 2012

Hacking, Children, and Ethics

with 4 comments

 

 

A Conversation and A Problem

While at last weekends ShmooCon, I had a chance to be in a conversation wtih @diami03 that got me thinking about Anonymous and where we are today with the whole debacle as regards the youth of today. I am indeed getting older (Methuselah here.. Hi!) and as I look around I see younger and younger folks going to the con’s and performing the new and old hacks out there in the world. It occurred to me at that instant that unlike when I was a kid (when dinosaurs roamed Pangea) the kids today don’t seem to have much in the way of teaching on the subjects of Logic, Ethics, and generally, how to be good citizens.

… And that perhaps it was time that the INFOSEC community engage on this….

I thought I had a genius stroke! But, alas, I was not the first to think of this! There’s hackidcon now as well as presentations like the one that actually was given the next morning at Shmoocon called “Corrupting Youth” by Jordan Wiens. I was heartened to see others had gotten on this already and that perhaps we as a community could do some good and affect the future generations of hacker types by teaching them the ethics of old school hacking as well as hte use of logic and good decision making.

In looking around today.. I’d say we really really need this… And here’s why…

Monkeys With Loaded Guns

Ok, I’ll say it here and now. What has evolved into Anonymous for the most part, has been a disappointment to me. Sure there are many in it just for the Lulz’s (a core issue here) but there are many who want to make a difference in what they perceive as their governments misdeeds. Both of these players have also been infiltrated by the Lulzier group of Anarchists who want nothing more than to just sow chaos for their own nihilistic animus. From this soup we have seen what I call the “Monkeys with guns effect” Scattershot and useless hacks and pranks that further no other agenda than the Lulz or, for those anarchists and others who have infiltrated the ranks, to sow chaos anywhere they strike.

Reasons or no.

On go the monkeys with loaded shotguns filled with buckshot, shooting aimlessly (except for the initial hit on Aaron Barr and HBGary) proclaiming wins and showing how bad “The Man” is by dumping dox and email spools.

*yawn*

This scattershot approach just shows a lack of critical thinking on their part as well as perhaps a lack of control over the minions out there performing the ol’ “Ready FIRE Aim!” routine. Overall though, this is getting old for everyone and that has been the general consensus for a while.

It’s time to cut it out kids.

The Future of Technological Society

Ok, so back to the next generation. How about we follow the model that Hackidcon and Mr. Wiens have set by teaching the new kids on the block not only the technology, but the ethos of hacking. We can teach them so many things both technical as well as ethically and I believe that a program like this would better prepare them for the power they will wield with the internet and all things digital.

Without it, I fear that we will raise another generation of online sociopaths as we seem to have already in some quarters of Anonymous. This is not to say that online rights are not important and CERTAINLY not to say that the governments of the world have been ramping up to over reach even more than ever before in the age of Anonymous and Digital Piracy. I think that the governments of the world have begun to erode all of our rights due to greed as well as fear. Greed being fed by the likes of lobbyists and fear that they are ill equipped to properly deal with the digital age.. Never mind to regulate it.

By teaching the next gen kids how to be good citizens and good hackers, then we might have a chance that in the future the senators and governmental work force will really understand the net, how it works, and what it means. This then will flow down to the laws being considered and implemented. Today we have governance that is unable to understand the tech nor the mindset.

“The Internet is a series of tubes you know…”

So, I ask you all to consider your time and its value to teaching these things to the next gen. Not just your kids, but all the kids you can. Make the time and find out where you can help.

After all… Those kids you might or might not teach… May in fact be the next Anonymous member DoS-ing your company.

hackid.org

K.

Written by Krypt3ia

2012/01/31 at 14:47

Posted in Ethics, Hacking

Dear Newt You Fat Republican Fuckstick… Don’t Talk About Shit You Have No Concept Of

with 3 comments

6238571355_fedaac5abe_z

CYBERWAR and MOON BASES FOR EVERYONE!! Vote For MEEEEE!

I don’t know about you, but when I open up the feeds and see all this puffery by Newt on Cyberwar as well as taking on Iran my bile rises and the blood pressure skyrockets. This hippopotamic fuckwad really really really shows me just how piss poor our country as a whole, is incapable of governance because they are stupid enough to even consider a fucknut like him for office.

Really Newt? You want to unleash digital hell on anyone and everyone because “maybe” we got hacked by Iran or China? I won’t even try to go into the whole attribution problem with you because I know you can only really understand the words Menage a Trois (oh yeah good luck on that fat bastard) It’s useless to even try isn’t it…

What’s even worse to me is that all of this cyber-pandering and disinformation from Newt and others on the “cyberwars” has many just believing their shit. Know why? Because they have NO FUCKING CLUE how it all really works.

Remember kids, the Senate says that Pizza is in fact a vegetable! (No fucktards, it’s a fruit.. Tomatoes are a fruit)

The computer is just a “deep magic” facebook machine that costs two thousand dollars from Mac.

That’s why.

The blind leading the stupid leading the mentally challenged.

To The Infosec Community:

This shit has to stop. The Fuddery and the puffery with the likes of Bumgarner and his “Cyber Peace keepers” must be nipped in the bud or sooner rather than later we will be faced with a real crisis as someone aims real world bombs because they “think” they got an attack from a proxied box in China or Tehran.

I have railed about this before over the media hype cycles and the lack of will on their part to really perform due diligence where our realm is concerned. I have written fiery diatribes and I have chided everyone.. And most of the time I get “well, there is nothing you can do about it” back from people in the game as well as outside it.

It’s time we as a community formed something akin to FAS.org with teeth. We are speeding toward epic cyber-douchery here and it will not be the likes of a LIGATT.. Instead it will be the military and our government (cue Newt and his cyberwar first strike doctrine) carrying out actions half cocked because they “think” something happened and they “think” they know who did it. All the while the lap dog press will lap it all up off of the floor like so much Alpo and regurgitate it their media venues to spin the populace into a fervor of approval.

Am I the only one worried about this shit?

K.

Written by Krypt3ia

2012/01/27 at 13:29

Posted in Ranty Rant

The Cairo Contagion: E-Meme, The Next Generation of Thought Crime Detection?

with one comment

E-MEME: The New Way to Track Movements and Ideas… What Could Go Wrong?

Wired had an article on their site this morning that just gave me the creeps. The article talks about a new software development project that the Navy has invested in called “E-MEME” which will be able to sift through the internet for ideas and meme’s to analyze them for predictive behavior assessment. This means that a meme or an “idea” will be tracked by this software/program/platform and alert the researchers as to what they are talking about and what likely action those talking about this meme/idea will “likely” take.

Predictive behavioral analysis…. Via meme’s… Whatever could go wrong?

Obviously these folks have not spent much time on /b/ at 4chan. What the hell would this system make of “RageFace” huh? Or for that matter, lets have it analyze LOLCATS!

“Sir!.. We have predictive analysis about cats and cheezburgers!”

Yeah, ok, well that is a little overboard, but, there are darker inferences to be made here with such a technology. This is not completely new though, as there are sites like PredictiveSolutions etc that have their hooks into the news feed as well as social media that they scrape and make connections with through algorithmic processes. Some of these sites are claiming to do what this Navy project would like to, to predict what is likely to happen in the near future using aggregate statistics on trending topics and commentary.

I should think though, that this attempt to “predict” outcomes though is something that a computer or software will lack the skills to really do. Perhaps had we had the full-blown internet of today and its social media back in 91 when the Sov bloc finally fell, the CIA might have had a clue… But then again, maybe not huh? I mean it’s all really dependent on the software and the input huh?

What if the data is deliberate disinformation? They must have this somewhere in their heads as well right?

Identifying Ideas and Meme’s As Akin to Infections is Just A Bad Idea

The article I cited above also gives me the creeps because the people that they interview talk about this in a way that implies they just don’t understand the potential ramifications of what they want to do. They talk about ideas as “infections” there being breakouts and patient zero’s and all..

Say what? Who did they talk to? Oh yeah, epidemiologists…

NOT who I would talk to about this.. I mean, don’t they have some psychiatrists or even a sociologist on staff to talk to?

Read the article, it was HORRIBLE in that the clinical application of language to this makes it come off as.. Well.. Orwellian. The sad part is, that these people running the show aren’t the only ones who are going to benefit or use the program I suspect. After all, this is a military project that sure as hell will end up in other areas like the government in general or for that matter, perhaps advertising people down the line. My fear though is that this will be used by the government to ill end as they can not only detect a meme, but also insert their own as they allude to in the article “to dissuade a suicide bomber” Uhh yeah, I don’t see that happening as well. However, they could indeed sway opinion with a tool like this in tandem with another tool put forth by someone like Aaron Barr before his HBGary debacle.

This is Just Another Tool for Control and Disinformation

Ultimately though, I see this technology being developed as a means of control. Not merely an analysis tool to help the military and the CIA to detect and determine future events like the Arab Spring. I can imagine this also being used against the likes of OWS and other groups radical and non radical as well. Think about it.. This in tandem with a system of fake profiles on twitter and other social media could indeed have cause and effect to manipulate the ideas of those who latch onto it.

What Anonymous has let out of the bottle, now the government will use (possibly) to manipulate those would be followers to action.. Actions that others, with puppet strings would want to foment… Like what has been happening with Anonymous and all their Op’s.. How many of the Op’s out there were really Anonymous and how many were other governments or entities using their Anonymity against them?

Think about it.

It’s the best of both worlds for the government. Passively they can watch meme’s and ideas, aggregate the data and then put people on watch lists because you subscribe to a meme. Whether or not you are a true believer! Just as well, they then could initiate their own system of bots to sway the meme in any direction they want to. Say they decide to just make the meme not cool any more…

Then perhaps the meme dies…

See where I am going.. Another form of control…

*Cue* “The Architect

My Personal Orwellian Take on E-MEME

In the end my fear is this.. That this technology will not only end up being used as a means to detect and perhaps arrest people for their ideas, but also to affect people’s perceptions and ideas in whatever way the wielder’s of this tool would like. Imagine how the political operators like Karl Rove get HUGE hard on’s for something like this as we spin up to the 2012 elections. It all starts to get very “Gibsonian” to me with ideas of a Hubertus Bigend type of character trying to manipulate the masses or alternatively “detect” patterns to capitalize on them before anyone else.

The more Orwellian side of me though just see’s this as another means of controlling the populace. Of course not all meme’s will catch on with people, but as we have seen with Anonymous, a meme or an idea can be very powerful..

For both good and bad.

This, in the hands of the government today, the ones making decisions like forcing someone to give up their passwords to an encrypted drive (bypassing the 5th amendment even if they say it does not) scares the living crap out of me.

Soon doublethink will be a packaged exploit and twitter will be where the payload will be delivered.

It’s a brave new world….

K.

Written by Krypt3ia

2012/01/25 at 17:08

Well, if Cyberwar means controlling the temps at a mall in Fresno, then we have a problem…

with 3 comments

So, You Wanna Be Zer0C00l?

I was made aware of a pastebin alleged to be from Anonymous/AntiSec sourcing about 49 IP addresses that had SCADA systems on them. Furthermore those said systems were claimed to not have any authentication on them whatsoever. To quote Anonymous/AntiSec;

@ntisec Exposes Amerikan #SCADA systems #fulldisclosure

The world has been warned enough, and corperate power has done nothing. People are at risk. We all need to be made aware of
our infrastructure lacking normal forms of safety procedures.

Hackers are targetting #SCADA this year and we have to do something about it.!

So here we go.

Please take some Screenshots and show them to me on @twitter @ntisec.
Be carefull and dont cause rampant anarchy. They might trace you and I have warned you not to alter control states. Just have a look around
To see 4 yourself how these systems affect our everyday life.

Maybe its time politics pointed their attention to bigger problems then #SOPA #PIPA etc.
Trying to regulate the last freedom, will cause uprising and dangerous cyber threats.
As our financial state gets worse and the smart IT and SEC workers have nothing to da
they will at least cause mayhem against what in our view is injustice.
Arresting and kidnapping foreign people for spreading bandwith? #OPMEGAUPLOAD?
Go try and fix your infrastructure first. Its wide open to legally expose and enter your
buildings. Like urban exploring from behind my PC.

Locking up Bradley manning? Better be carefull a hacker does not open his jaildoors 4fun!

Dont even need an exploit to get in here. Dont even have to be a hacker. No passwords what so ever.

So how is the state of your other #SCADA systems like your electrical grid? Or trafic management?
What about chemical industry? Or can hackers swich some stuf that sends trains to another fail?

That pump you saw a while back is just the first sign af being infiltrated.

It can be your vent system, a cooky factory up to a switch that switches of an entire country and economy.

These systems where found through google and shodanHQ by using the search term:

I took the IP’s and checked them all and indeed many were HVAC or other systems belonging to a range of churches, a mall, and some other businesses across the country that were in fact online without any authentication mechanism whatsoever. The first IP in fact in the list was a demo system a company was using to sell their services in the SCADA arena, so overall, I have to say “meh” on this little dump by the skiddies.

I also have to take them to task for crying wolf a bit here. See, when you dump SCADA systems and compare the issues to OPMegaupload etc, you really should in fact be presenting something that people should worry about. Frankly, if anyone can control the heat at a mall, I say ho hum. However, if you present me with a hospital or a power plant, THEN you have something to wield as leverage to make an argument kids.

You failed once again.

Who is doing your recon out there? Really, you wasted your own time as well as mine (well I do enjoy these posts and looking into these things) looking at these systems. Sure, they could be a nuisance and yes, they do make a point (basically don’t put this stuff online without authentication.. If online at all) but this is not an earth shattering and scary finding.

Shodan, A Wonderous Tool For Mischief and Education

Ok, so now you guys have found Shodan and you know how to look for SCADA (at least this type: ord?) but really, Shodan has been around quite a while now and those in the know have been messing about with it as well. The security wonks out there have been beating on people quite a bit (S4 recently releasing new findings on SCADA systems without pre-warning the companies that they found the vulns in) so really, what have you done here?

Again the comment that comes to my mind is the title of this piece: “Well, if Cyberwar means controlling the temps at a mall in Fresno, then we have a problem…” Personally, until someone comes along with a pastebin list of important infrastructure systems that are unprotected and available to attack, I will pretty much say the same thing..

“ho hum”

Of course if you all out there are mapping things like say H.D. Moore with his latest on video conference systems, and you are in fact archiving it on pastebin or in blog posts, then you are in fact perhaps doing something interesting.

This stuff though Anon/AntiSec is just showing your lack of understanding of the issues you think you are being ever so clever about.

SCADA CYBERWAR! (Eh, not so much)

Meanwhile, the press does not seem to have caught on to this little paste dump whereas many folks grabbed right on the Israeli dump earlier. I guess its just not as sexy as “Middle East Cyber War” as some put it on the net. I am willing to bet soon enough though someone else will pick up on this dump and think that there’s a story in there that they can pimp.

Let me be clear to you reporters and media… There’s a case to be made that people need to learn about this technology and how to secure it… But… This stuff plunked down by the skiddies just isn’t it.. This story does not have legs.

As for the Anon’s.. Hey ZER0C00l, this little stunt was lame… Time to go back to fighting Ac1dBurn over a rinky dink television cart system…

So, on we plod.. Show me the real infrastructure and I will say you have done something…

Until then.. Just go use the LOIC somewhere and wait for the cops to show up.

K.

Written by Krypt3ia

2012/01/24 at 18:17

Posted in SCADA

The Shifting Digital Sands of Online Jihad

leave a comment »

Inspire Magazine, Samir and Anwar Are Gone

Since a drone took out the creators and editors of Inspire Magazine along with the titular spiritual leader in Anwar Alawki, the online Jihad has wound down quite a bit. The kids (stray dogs, lone wolves, the mentally ill, and the dispossessed) have not had their emails and online jihadi boards filled with the same old propaganda on how to be a good Muslim by being called to jihad as well as how to be ever so helpful as to build a bomb on your mothers kitchen table.

Of course the death of OBL also has something to do with this as well. His successor too has done nothing to reach out to the “youth” that really would have been the base had not the boys at Inspire been whacked. So, all in all the propaganda wing and the “next gen” of AQ/Salafi jihad has been pretty much been stopped for now. See, ol cranky pants (Ayman) is just that, a cranky old man yelling at the kids to get off his lawn with pedantic rhetoric on how to be a good Muslim as well.

Ayman just isn’t liked.

So, while the vacuum exists and may persist I see a some possible outcomes should someone take the reigns where the Inspire boys left off. Why do I see this now? Mostly because of the Anonymous movement and the Arab spring. These two things have changed the battlespace of the internet as well as geopolitics, it is just a matter of time I think before the Global Salafi movement latches on to the Anon model and starts to try and get tech savvy youth into their ranks and use DDoS and other methods applied by Anon and others for their cause as well.

Anonymous Becomes The Model of The New Jihad?

Of late, the jihadi boards have been quiet. The kids are not being as vocal added to the fact that there were some attacks back in December that put some of the sites down for a while. In the interim it seems, post all the hellfire missiles hitting their marks, those who are backing away from the online festival of “who’s got a bigger jihadi penis” at places like Ansar, may indeed be re-thinking things a bit. Those who have been steady users of these sites and still posting about jihad, have instead started to talk about such things as DDoS and the Arab Spring as well as hacktivism.

It seems that Anonymous has potentially sparked these guys to think like them and perhaps even use their tactics instead of continuing just to shake their fingers at us as they yell. This would be an interesting paradigm change in the global Salafi movement as well as the tactics of AQ. Though, I think that the AQ guys are so inculcated with the cult of death that they likely will not go with it. The guys at AQAP though already have been on this train for a while and before the mass whacking in Yemen, Samir and the boys were trying to figure out the new way to reach the Western jihobbyist and exhort them to do something. That something though usually meant violent jihad, and as you can see from the news, there haven’t been too many takers.

This is why I think personally, that online mayhem ala Anon is the next move that they may indeed take, and I think it will be AQAP that will lead that charge.

“If” they get some new leaders who were as savvy as Samir was.

As you can see from my earlier post concerning Inspire 6, the AQAP boys were trying to figure out a way to get the Western self interested and not so much religious set involved in jihad. I think what they really missed was that these kids do not want to carry out violence on the whole (though there are those who are mentally unstable enough and have tried.. and failed) instead, they would rather sit behind a keyboard and say things online to look all impressive but more than not, once they walk away and start to play Halo, they forget about the core principle of AQ’s jihad.. That of being canon fodder for the likes of OBL.

What Samir and Anwar Failed to Understand and Mobilize, Anonymous Has.. Mayhem without Dying

The younger generation that Inspire was trying to reach is just not so much interested in religion as well as being a shahid with the 72 virgins.. or grapes.. depends on your translation, so all the exhortations to make bombs and to blow themselves up, never mind carrying out acts that could get them arrested really appealed to the more sane of them.

Now though, with the advent of Anonymous and their tactics, I and others have been seeing hints of these jihadi skiddies getting the notion in their heads to do much the same thing. It allows them to actually carry out actions against those who they feel are oppressing them, they can brag about it, and the more skilled of them might not get caught at it. This is a real motivator I think to these malcontents and a viable option for the “online jihad” to become more than just a propaganda war, but also one of annoyance and attention.

Then again, if these kids, who really, many are, are skilled at all in hacking, though that need not be a requisite today with software today out there, then they could take down systems that could have bigger import right? There could be a real jihad online that could have kinetic effects in the real world. This is a problem as we have seen from the likes of Stuxnet and other events that show this is indeed possible. So, how long will it be before the light bulb goes off for AQAP and the greater Salafi jihad I wonder? They will have the forces they want to have an asymmetric war.. An online guerrilla war so to speak…

 

Perhaps the paradigm is changing and we will now have to wage an online “war” with jihad that will now not only have those purveyors and exhorters who want their minions to put together explosive vests as well as if that’s not for you, go download this tool and take down a site or two.

Anonymous Salafi Jihad.

The Next Wave of Jihad: DDoS, Defacements, and DOX-ing?

Looking into the future I can see this being a viable way that this may move. As you can see from the image above from a jihadi forum recently, they are talking about this. At present, there aren’t too many comments, but as the technology gets easier to wield (ala Metasploit etc) I am sure that as they all look on the mayhem (nuisance) that Anon has been serving up, they too might latch onto the idea and begin their own personal jihads from the comfort of their mothers basement too.

I seem to remember Bin Laden exhorting and ruminating on the jihad as not only violence but also a means to an end to bankrupt the system we have in the West. Well, look at all of the money being poured into INFOSEC now post Anonymous and their antics. Yep, you guessed it, we are spending money like crazy to plug holes that in reality may never really be plugged. Perhaps we will have another DHS just for computer security someday…

You see my point?

Don’t get me wrong.. The physical warfare will continue. Maybe even the two forces, digital and kinetic will work together to make scenarios like taking down sections of the grid etc could happen in the future if the players are serious enough. Usually I think of that as only an offering of nation states, but, given the right people and enough money, small attacks can have larger consequences right?

A pre-cursor to all of this line of thought to me is the current “cyberwar” *cough* as it is put in the media so eloquently, if not misguidedly. 0xOmar and others (also Anon’s it seems) have been waging their own battle against Israel. Doxing data of innocent people, dropping credit card numbers by the thousands, and finally, attempting to throw out a list of alleged SCADA systems for attack. This is just the type of thing I am talking about.

Now, is Omar actually just an Anon? A wanna be? Or is he just riding the crest of the wave here and will be the role model for others to latch onto in the geopolitics of the region?

Time will tell…

K

Written by Krypt3ia

2012/01/21 at 13:54

The Israeli SCADA’s That Weren’t and The Media Who Do NOT Fact Check

with 8 comments

TAKE THAT ISRAEL!! AH HA! ALL ARE SCADA’S BELONG TO US!

The ongoing war of who can be more annoying has been raging between the “Muslim Hackers” and the “Israeli Hackers” since about January 2nd. 0xOmar and his crew dumped thousands of credit cards (Isreali) and the Isreali’s threatened him/her/them with being whacked or detained. After the threat by Israel, Omar and company (Nightmare and others) decided to DDoS the El-Al website and the Stock Exchange.

Which really went nowhere…

Just as the tensions were getting to a heated level suddenly a pastebin was dumped by a “guest” that claimed to have Israeli SCADA systems on them. Now the war was REALLY ON!

*crickets*

THEN on January 17th another Pastebin was put out and signed “Anonymous” which purported to be more SCADA systems and invoked the kiddies to go play. This time the dump had some emails and passwords (hashes as well)

OH MY.

The media ate it up.. The CYBERWAR between Israel and the Muslims was ON! And Israel is DOOMED!

What’s That? You Say Anonymous and Saudi Hackers Have.. “PWNT” SCADA’s In Israel! OMG OMG OMG CYBERWARRR!

Fearlessly the media clamped onto the pastebin’s and the hue and cry went out. The cyberwar was heating up and credit cards and SCADA systems hung in the balance! What would happen next? What would be the escalation? Would there be war in the streets as Palestinians and Israelis hurled useless credit cards at each other like small, mostly harmless shuriken?

How could these SCADA systems be online like this anyway?

What are the dangers here?

FUD FUD FUD….

Enter The Captain BUZZKILL (REALITY)

This is where reason and sanity enter the picture… I was asked by someone in the media to look at this. No not someone in mainstream media, but more a researcher investigating something to do with all of this. So I got hold of the IP addresses/pastebins and began looking through each of their WHOIS records, googling the pages and eventually just hitting them up directly to see just what was what.

Out of the 22 systems listed as SCADA by the skids, only 3 were really SCADA and 4 may have been.. Maybe.. Though not likely.

DATA

Those that were SCADA were not in default state for passwords and in general, did not seem to be important systems such as government or large power company hardware… Hell, for that matter none were water facilities, which I should think in a desert would be kinda important no? Anyway, the sites all were a bust really and itreally kind of bothers me that none of the reporters out there actually took the time to ask someone like me, or anyone with a limbic system, to look them up and check if they were in fact SCADA AND EXTREMELY VULNERABLE

None.

Niente

Not a one.

Never mind if they were important systems that could cause damage to Israel.. But then again, the perception of some is that dumping credit cards numbers is really really gonna do some major damage to “the man”

Heh.

I’m sorry all you reporters out there are unable to dial phones or actually know any security folks out in the real world.. Oh.. Wait, Maybe you called on Greg Evans to confirm this?

CNN?

FOX?

MSNBC?

I know, he is your “go to guy”….

*Le Sigh*

Dear Mainstream Media.. The INFOSEC COMMUNITY (apart from Greg Evans and those on the Attrition charlatans page) Are Here To Help!

Dear media.. There are many among you in the world who know who to use WHOIS and other tools as well as “The Googles” to understand the things that you might not. Those people are easy enough to find really. All you need to do is contact groups like ISC2 (shh all of you I know you are grumbling about that one) and other organizations that can easily provide you with some reputable people.

Call them, email them, TALK TO THEM!

Stop just rapid fire reporting on stuff you don’t understand and are certainly not taking the time to, oh, research on, in order to fulfil your jobs as “Reporters”

I know.. It’s a lot to ask..

But please.. For my sanity and others…

Do it.

K.

Written by Krypt3ia

2012/01/20 at 19:17

Tit for Tat: Israeli Hackers and Muslim Hackers Bring Knives to Gun Fights

with 2 comments

Malone: You wanna know how to get Capone? They pull a knife, you pull a gun. He sends one of yours to the hospital, you send one of his to the morgue. *That’s* the *Chicago* way! And that’s how you get Capone. Now do you want to do that? Are you ready to do that? I’m offering you a deal. Do you want this deal?

The Untouchables (Sean Connery)

Neener, Neener, Neener, I Have Your Credit Cards!

 JAN 18TH, 2012

Important message from 0xOmar from group-xp

BY: 0XOMAR | JAN 18TH, 2012 | SYNTAX: NONE | SIZE: 1.75 KB | HITS: 196 | EXPIRES: NEVER

  1. Important message from 0xOmar from group-xp the largest Wahhabi hacker commando of Iran.
  2. Things do not go as well as they should:
  3. * First came the Russians (must be KGB agents) and hacked my 0xOmar@mail.ru email account and changed password.
  4. ** Then someone (American FBI feds most likely) hacked my pastebin/0xOmar
  5. *** If this was not enough… some mysterious hand (Allah himself/herself?) keep deleting our group-xp information of none existing cc numbers!
  6. **** Anyway, since I am the greatest 0xOmar with direct power from the President in Iran – I knew what to do. To start my own website at: http://204.188.197.33 But guess what?????    Now this has also got hacked and turned into an Apache server start page!  This time I have no doubt who is behind this brutal and illegal actions of vandalism! It must be the Apache Indians themselves.
  7. ***** Updated: now I am using torrents – just in case, if you discover that you are infected with one of my Trojans while downloading my torrent, the Trojan will only pick your credit card number and any password if possible and be sent further to all your contacts!
  8. Please do not worry about this small technicalities its for the sake of helping the poor Palestinian children in Jerusalem who stand in the middle of the road while throwing stones on Israeli drivers, we will attempt to use your credit card for teaching them where to stand next time they try killing Israeli drivers.
  9. http://www.youtube.com/watch?v=XlXRAJ7SuVI
  10. http://www.youtube.com/watch?v=At9b3YQSQ_E
  11. And if its OK with you, I will use the rest of the credit on your card for learning what hacking is, because I am complete clueless lamer when it comes to hacking!
  12. Thank you!
  13. 0xOmar from group-xp the largest Wahhabi hacker commando of Iran

Pastebin Timeline courtesy of the CTRL+C –> CTRL-V skills of GatoMalo http://pastebin.com/QD1R7ivZ

If the pastebin above is to be believed as legitimate, then we see 0xomar, the alleged hacker putting out some reasons (albeit addled ones) as to why he is hacking credit card accounts of Israeli’s. Seems that Omar is a fan of Palestine and thinks that by “doxing” like Anonymous (and there may in fact be a connection between the two) will make a change in the greater geopolitical scheme of things in the Middle East. I think it’s a misguided effort myself, if at all true… No, it seems more to be just about some lulz than anything else really.

Some of what is said here does not jive either with this guy being a Saudi.. The whole Iran thing at the end pretty much says it all to me.
Meh.

Anyway, it seems that a new war of annoyance has begun between the self proclaimed hackers from Saudi “Group-xp” (named for the Windows operating system they like to use? heh) have delcared a jihad on Israel and their credit rating…

Person by person that they can hack and expose…. *shudder*

Meanwhile, Israel threatened physical/legal action against the hacker(s) if they catch them (him) and tried to say that he was in fact a hacker in Mexico. Of course Omar said that it wasn’t him then taunted them with two weeks to locate him or he’d drop more documents online for everyone to be titillated by.

Ugh…

Oh Yeah? Well I have DoS’d El Al and Your Stock Exchange! (Well, their websites.. doing no real harm)

Then Omar and his “crew” went on a raging DDoS of El Al’s website and the Israeli Stock Exchange!! Which knocked the sites offline but not the businesses.

TAKE THAT ISRAEL! WE HAZ YOU NOWZ!

Really…

Soon more dox will be dumped, more credit cards I assume.. But really, is this doing anything for the fight over the Middle East? 0xOmar does not seem to be winning the war against Israel here and I have to wonder just what the end goals are here. Just as well, I also wonder if this is just a hanger on who wants to play Anonymous’ game and attempt to make a splash in the digital as well as the analog communities he is talking about.

Or is he just in it for the lulz?

Of course there was the dropping of the SCADA passwords recently, and this.. Well this is more along the lines of doing something isn’t it? As I wrote recently about “cyberwar” the real aegis is to damage infrastructure, cause supply chains to fail, and in the end invade or conduct military operations against someone else. So, would not the use of these SCADA passwords by the likes of 0xOmar to down important systems and cause greater damage as a whole be more advantageous here?

Or is it that this is a one trick pony we are all seeing in the news?

Like the quote from “The Untouchables” says pretty clearly, you wanna do damage you don’t bring a knife to a gunfight kid.

The Geopolitics of DDoS and DOX-ing

Meanwhile, this all has me thinking about the DoX-ing going on with the Anonymous model of geopolitical force. So, could posting documents like Wikileaks have a longer lasting and more prolific change on a country/government than just dropping credit cards? Of course! I mean, who gets hurt really in the dump of credit cards? The banks just pass that along to the customers eventually so really… No one gets hurt but the end users.

..and those end users are not going to beg the government to make the bad man stop?…

Nope, the real deal would be to attack infrastructure and cause havoc.. Not this skiddie crap. This is the problem with Anonymous too. So far they have been a wind storm in a china cup really. They think that they are doing massive things, but the reality is that change happens slowly and raising awareness is great, but, it may not have the outcome you want.. Nor will it happen right away.

So, 0xOmar, I think that there are too many holes in your story, too little effect from your dumps, and just enough media hype to keep you happy.

Enjoy it will you can.

K.

Written by Krypt3ia

2012/01/19 at 19:54

Posted in Uncategorized

CYBER ESPIONAGE! Ya Know, It’s Espionage… With Some Computer Shit Thrown In.

with one comment

Cyber Espionage: A Buzzword Of’t Overused and Now Reinvented by Certain Players

Ok, so over the last few days I have had this story from Island sticking in my craw. I went to the source and told him he was misinformed and made a statement that was wrong. His prevarications after my statement SHOULD have told me that he had no intention of even entertaining the idea that he was wrong, so, here I sit this morning post seeing a re-tweet of his slipshod reporting, writing this polemic.

Alright, first off, the use of the word CYBER in front of everything now-a-days has me nearly cataleptic with CYBER tourettes! This is all out of hand and it has to stop. Especially from the “INFOSEC COMMUNITY” I know there are many players within that category of people but sweet jeebus, we have to cull the herd a bit!

There must be a CYBER culling…

So, at the heart of my current aneurysm causing piece of media is a story claiming that the YamaTough hack (alleged) on systems that produced (alleged) documents that showed companies were allowing back doors into their software/hardware (i.e. apple and other companies) for countries like India. Now first off, this is nothing new is it? I mean the claims have been made over and over by Anon but as yet only one real hit was made with BlueCoat on their proxy system. They indeed were helping Syria monitor their populace and in a bad way. For Christ’s sake, CISCO got caught too aiding China due to their contracts etc and they wanted to keep them.

So I ask you.. What’s news here? Other than the sensationalism around the whole story that YamaTough has cooked up trying to sell a story about the ills of corporations that make software? What’s more, WHY even bother to make a statement like the YamaTough incident is the “FIRST” case of documented “Cyber Espionage” ???????

Holy WTF? You mean it NEVER HAPPENED BEFORE!! All those reports in the news MUST HAVE BEEN WRONG HUH?

The Cuckoo’s Egg: Holy Crap! Computer Espionage In 1986! WHO KNEW!?!?

Which brings me to “The Cuckoo’s Egg” I read this a long time ago (required reading for ALL OF YOU!) This happened in 1986 and I believe that this is the first “Documented” case of computer espionage that is out in the open (i.e. not classified) Cliff Stoll, a UNIX (beardy man) was asked to look into an accounting error on a University system and ended up finding and tracking an asset for the KGB who was selling “DOCUMENTS” to said KGB from West Germany.

The Cuckoo’s Egg HERE and HERE

I suggest you all at least read the Wiki article on this if not going out and buying the book. Suffice to say tough, that the title of the book says it all. “Computer Espionage” This asset was hacking into White Sands Missile Range and other places and stealing data which he then sold to the KGB.

I think this would be called “Cyber Espionage” .. That is if one wanted to be douchey enough to use the term “Cyber” in front of everything.

Turd Shining by Those Who Should Know Better.. I’m Lookin At You Richard!

Right, well, there you have it… The YamaTough case could be said to be the first case of “Cyber Espionage” in 2012 perhaps, but certainly not of all time. In fact, I would suspect that as soon as computers had modems and were prevalent in government facilities (pre internet) There were likely other cases like the Cuckoo’s Egg but let me digress a bit again… Let’s name some operations that we KNOW ABOUT ALREADY

TITAN RAIN

AURORA

GHOSTNET

And.. Just for merit.. the moniker APT itself..

Just to name a few. We KNOW documents were stolen AND that they likely ended up in Chinese hands.. So really, Why Richard are you making this inane proclamation in your article? Oh, I know you have painted yourself into a corner now with your illogical argument of “Show me the documents” to which I say, Uhh we know these all happened as well as we KNOW Stoll helped catch Markus Hess in 1986…

So what gives?

Are you unable to admit when you are wrong? I mean, that seems to be the case to me….

Look, I am tired of getting tourrettes every time I look at some of this tripe out there being published by assumed authorities. This is out of hand and really, if you are wrong and someone calls you on it, think about it and cop to it. There is no harm in being wrong, we all are now and again. Hell, I was corrected yesterday by someone about my post on “Cyberwar” as I had the wrong country being attacked (in the scenario and history) with cyberwarfare attacks as a prelude to physical incursions (it was not Estonia, it was Georgia that Russia hit)  I though, admitted I was wrong, corrected the information, and thanked the person who told me.

You Richard.. Not so much.

YamaTough’s data is subject to much scrutiny and it seems that he/they have an agenda here that leans more toward disinformation than anything else. Their release of the Symantec source, while interesting, proves nothing of their claims (see articles about the 2006 hack on Symantec and the debacle thereof) So really, as an “analyst” should’nt one take a more jaundiced approach to reporting to the masses such things as this?

Not making bellicose claims that this is the first of its kind.. Kinda reminds of a certain guy who released bad data about some SCADA systems in Illinois…

Just sayin…

Contrition is in order…Not prevarication and inveigling

K.

Written by Krypt3ia

2012/01/19 at 15:19

Posted in .gov, .mil, Espionage

CYBERWAR! A Taxonomy

with 8 comments

CYBERWARRRRRRRRRRR!

Cyberwar… A term that has been more misunderstood and bandied about improperly than APT (Advanced Persistent Threat) Every time I see it in the media or being barked out or talked about by this and that INFOSEC person, military officer, government official, or the media, my eye twitches. I understand that to many the word “Cyber” seems shiny and slick but it should not be the prefix for just anything that involves a computer or a smart phone. The reality is that the true meaning of “Cyber War” comes from the last bit “WAR”

And one hopefully knows what the meaning of war is.. Right?

So, for me, cyber war means that there is actual warfare at work here. Not just espionage efforts, which can be a prelude to war, but often aren’t the sole aegis of much of the espionage going on. By warfare I mean kinetic attacks, troops on the move, and generally an invasion of some kind or hostilities where people are being killed.

That is war…

Cyberwar, as yet, has NOT happened. There have been Cyber Operations if you want to use the term (I don’t) but most of what we have been seeing in the news cycle is once again, NOT cyberwar.

Our Site Has Been DoS’d IT’S CYBERWAR! Uhhh No… It’s Not

Ok, now that I have said that, I will once again re-iterate that most of what we have been seeing in the news (Anonymous, Antisec, LulzSec, DD0S, Dox-ing, IP Theft, etc) are NOT Cyberwar. I would not even call these attacks warfare and I will elucidate now on why. It really comes down to one thing… No outright declarations of war. None of the instances so far have actually resulted in rockets being fired, bombs being dropped, or any other warfare to be carried out on anyone anywhere. Of course though, we have had much sabre rattling about this, and the US military as well as Israel have recently made bones about being able to launch conventional warfare against those they “think” attacked a website or released some credit card data..

God… How stupid is that?

Yet again, I say none of this has happened yet. Nor would I say that any of these events above, would or should be classified as precursors to war. These are nuissance attacks by those wishing to cause damage to businesses or perhaps governments but they are not attacks on systems (as yet) that would cripple any nation state whatsoever to the point of being an easier target for real warfare.

Let me give you an example of real cyber warfare… Georgia The Georgian infrastructure was attacked as a pre-emptive measure to real invasion/bombing by the Russian government. The effect of the attacks took not only Estonia proper offline, but cut off its communications networks internally, leaving them in a weak position for the Russian attacks to just begin.

This is cyberwar.. Which leads me to the taxonomy thereof.

A Taxonomy of Cyber Warfare

There you have it. Cyberwar should only be levelled as a term when the actual use of warfare if involved. This is a cause and effect type of thing and should NEVER be confused with someone getting dox’d by Anonymous or having your internet commerce presence taken off-line with DDoS.

The short and simple.. No bombs and bullets.. No Cyberwar. To say otherwise loudly in the media is just another kind of cyber… “Cyberdouchery”

A Plea to The Media and INFOSEC Community

My polemic will conclude here with a plea to those in the know. The INFOSEC community at large should know better than to propagate all of this claptrap but unfortunately some do. Some people (who remain nameless but actually use the title cyberwar in their titles or screen names) should know better but see an opportunity to make a splash with buzzword bingo.

Please stop.

With the advent of computing and with the moniker of “Cyberspace” being coined (allegedly) by William Gibson, everyone seems to want to grab a little bit of that epic “cool” and throw the term out there for just about anything digital.

Stop.

There’s warfare… There’s Espionage… and There’s Cyberdouchery.

Know the differences and be a better informed person.

K.

Written by Krypt3ia

2012/01/18 at 16:32

Why I Won’t Teach You To Track Terrorists Online

with 7 comments

Re: The Cyber Jihad Front

How do you locate such domains? I know you use maltego/etc others – is
it mostly stumbling onto real domains of interest or do you gain
intelligence and link it to the particular domain?


Best Regards,
<REDACTED>

So, You Want to Track Terrorists Online Eh?…

The email above <REDACTED> is one of more than a few that have come my way lately on OSINT as well as using the precepts of OSINT to track Jihadi’s online. I haven’t answered any of these requests (until now… Here…) because I just kinda wanted to.. Well.. Not. However, with this last one I just decided to put together a post on my reasons why I will not teach people to do this instead of just ignoring the emails.

I appreciate people want to help out however, anyone who is emailing me asking how to locate Jihadist domains online must first off be unfamiliar with “The Google” All one really need do is Google for the appropriate content and voila, you have sited to look at. I am not saying that this person is a moron, but I am saying that common sense need apply when you ask such questions.

Anyway, on to the bulleted reasons….

The Reasons I Won’t Teach You…

Ok, so, the basic response is this;

“I will not teach you to track terrorists online because there is no manual for this to start with”

This is an organic process and I have been up to this stuff since 2001. I learned by just doing it and in the process of “doing it” I had to learn A LOT of other things apart from technology issues like hacking/security/coding etc. Remember you are dealing with PEOPLE and you have to be adept and reading them, what they write, and their motives/thoughts/ambitions etc.

But let me break it down for you further shall I?

  1. You have to understand the terrorists and their motives
  2. You have to know the language and the nuances of it
  3. You have to have historical context and be able to understand the movements
  4. You have to be a bit of an actor… I’ll leave it at that
  5. You have to have a natural desire to follow a zillion leads and to analyse them
  6. You have to be adept at using ‘Teh Googles” (misspelling intended)
  7. You do it wrong you don’t get good data AND you will have FEDS at your door
  8. You do it wrong and you could be messing up ongoing investigations (and you have FEDS at your door)
  9. You do it wrong and you could endanger yourself or others by not being careful (Can you say Fatwa?)

There are probably a million more reasons that I can come up with (and will as I am falling asleep tonight) but you all get the general idea. MOST of all though, I am not going to be responsible for someone screwing the pooch and then getting into trouble (and then saying “but Krypt3ia said!”)

NO.

I Got Skillz… Hacking Skillz… Nunchuck Skillz…

The essence here is this, I just happened to get into this after being at the hole post 9/11. I was pissed and because of the nature of the work I do, I had certain facilities that lent themselves to this kind of diversion. I also had the opportunity to make connections with certain people who could put me in touch with other people yadda yadda yadda.. You know…

So unless you have a sponsor, you know Arabi, or you are able to make some connections with the right folks, you will just end up causing yourselves more trouble than anything else by playing in this pool.

There are far more skilled people than I working on this stuff… I am no one to be teaching anyone..

Nor will I.

The only reason that I blog about the Jihadist stuff here is that I find it interesting from a philosophical perspective AND I have a reader base within certain circles that can use some of my ravings in their jobs…

So, no, I will not teach you how to look for Jihadi’s online.. Because you likely will only muddy the water and make my day more difficult.

K.

Written by Krypt3ia

2012/01/17 at 21:54