Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for January 19th, 2012

Tit for Tat: Israeli Hackers and Muslim Hackers Bring Knives to Gun Fights

with 2 comments

Malone: You wanna know how to get Capone? They pull a knife, you pull a gun. He sends one of yours to the hospital, you send one of his to the morgue. *That’s* the *Chicago* way! And that’s how you get Capone. Now do you want to do that? Are you ready to do that? I’m offering you a deal. Do you want this deal?

The Untouchables (Sean Connery)

Neener, Neener, Neener, I Have Your Credit Cards!

 JAN 18TH, 2012

Important message from 0xOmar from group-xp

BY: 0XOMAR | JAN 18TH, 2012 | SYNTAX: NONE | SIZE: 1.75 KB | HITS: 196 | EXPIRES: NEVER

  1. Important message from 0xOmar from group-xp the largest Wahhabi hacker commando of Iran.
  2. Things do not go as well as they should:
  3. * First came the Russians (must be KGB agents) and hacked my 0xOmar@mail.ru email account and changed password.
  4. ** Then someone (American FBI feds most likely) hacked my pastebin/0xOmar
  5. *** If this was not enough… some mysterious hand (Allah himself/herself?) keep deleting our group-xp information of none existing cc numbers!
  6. **** Anyway, since I am the greatest 0xOmar with direct power from the President in Iran – I knew what to do. To start my own website at: http://204.188.197.33 But guess what?????    Now this has also got hacked and turned into an Apache server start page!  This time I have no doubt who is behind this brutal and illegal actions of vandalism! It must be the Apache Indians themselves.
  7. ***** Updated: now I am using torrents – just in case, if you discover that you are infected with one of my Trojans while downloading my torrent, the Trojan will only pick your credit card number and any password if possible and be sent further to all your contacts!
  8. Please do not worry about this small technicalities its for the sake of helping the poor Palestinian children in Jerusalem who stand in the middle of the road while throwing stones on Israeli drivers, we will attempt to use your credit card for teaching them where to stand next time they try killing Israeli drivers.
  9. http://www.youtube.com/watch?v=XlXRAJ7SuVI
  10. http://www.youtube.com/watch?v=At9b3YQSQ_E
  11. And if its OK with you, I will use the rest of the credit on your card for learning what hacking is, because I am complete clueless lamer when it comes to hacking!
  12. Thank you!
  13. 0xOmar from group-xp the largest Wahhabi hacker commando of Iran

Pastebin Timeline courtesy of the CTRL+C –> CTRL-V skills of GatoMalo http://pastebin.com/QD1R7ivZ

If the pastebin above is to be believed as legitimate, then we see 0xomar, the alleged hacker putting out some reasons (albeit addled ones) as to why he is hacking credit card accounts of Israeli’s. Seems that Omar is a fan of Palestine and thinks that by “doxing” like Anonymous (and there may in fact be a connection between the two) will make a change in the greater geopolitical scheme of things in the Middle East. I think it’s a misguided effort myself, if at all true… No, it seems more to be just about some lulz than anything else really.

Some of what is said here does not jive either with this guy being a Saudi.. The whole Iran thing at the end pretty much says it all to me.
Meh.

Anyway, it seems that a new war of annoyance has begun between the self proclaimed hackers from Saudi “Group-xp” (named for the Windows operating system they like to use? heh) have delcared a jihad on Israel and their credit rating…

Person by person that they can hack and expose…. *shudder*

Meanwhile, Israel threatened physical/legal action against the hacker(s) if they catch them (him) and tried to say that he was in fact a hacker in Mexico. Of course Omar said that it wasn’t him then taunted them with two weeks to locate him or he’d drop more documents online for everyone to be titillated by.

Ugh…

Oh Yeah? Well I have DoS’d El Al and Your Stock Exchange! (Well, their websites.. doing no real harm)

Then Omar and his “crew” went on a raging DDoS of El Al’s website and the Israeli Stock Exchange!! Which knocked the sites offline but not the businesses.

TAKE THAT ISRAEL! WE HAZ YOU NOWZ!

Really…

Soon more dox will be dumped, more credit cards I assume.. But really, is this doing anything for the fight over the Middle East? 0xOmar does not seem to be winning the war against Israel here and I have to wonder just what the end goals are here. Just as well, I also wonder if this is just a hanger on who wants to play Anonymous’ game and attempt to make a splash in the digital as well as the analog communities he is talking about.

Or is he just in it for the lulz?

Of course there was the dropping of the SCADA passwords recently, and this.. Well this is more along the lines of doing something isn’t it? As I wrote recently about “cyberwar” the real aegis is to damage infrastructure, cause supply chains to fail, and in the end invade or conduct military operations against someone else. So, would not the use of these SCADA passwords by the likes of 0xOmar to down important systems and cause greater damage as a whole be more advantageous here?

Or is it that this is a one trick pony we are all seeing in the news?

Like the quote from “The Untouchables” says pretty clearly, you wanna do damage you don’t bring a knife to a gunfight kid.

The Geopolitics of DDoS and DOX-ing

Meanwhile, this all has me thinking about the DoX-ing going on with the Anonymous model of geopolitical force. So, could posting documents like Wikileaks have a longer lasting and more prolific change on a country/government than just dropping credit cards? Of course! I mean, who gets hurt really in the dump of credit cards? The banks just pass that along to the customers eventually so really… No one gets hurt but the end users.

..and those end users are not going to beg the government to make the bad man stop?…

Nope, the real deal would be to attack infrastructure and cause havoc.. Not this skiddie crap. This is the problem with Anonymous too. So far they have been a wind storm in a china cup really. They think that they are doing massive things, but the reality is that change happens slowly and raising awareness is great, but, it may not have the outcome you want.. Nor will it happen right away.

So, 0xOmar, I think that there are too many holes in your story, too little effect from your dumps, and just enough media hype to keep you happy.

Enjoy it will you can.

K.

Written by Krypt3ia

2012/01/19 at 19:54

Posted in Uncategorized

CYBER ESPIONAGE! Ya Know, It’s Espionage… With Some Computer Shit Thrown In.

with one comment

Cyber Espionage: A Buzzword Of’t Overused and Now Reinvented by Certain Players

Ok, so over the last few days I have had this story from Island sticking in my craw. I went to the source and told him he was misinformed and made a statement that was wrong. His prevarications after my statement SHOULD have told me that he had no intention of even entertaining the idea that he was wrong, so, here I sit this morning post seeing a re-tweet of his slipshod reporting, writing this polemic.

Alright, first off, the use of the word CYBER in front of everything now-a-days has me nearly cataleptic with CYBER tourettes! This is all out of hand and it has to stop. Especially from the “INFOSEC COMMUNITY” I know there are many players within that category of people but sweet jeebus, we have to cull the herd a bit!

There must be a CYBER culling…

So, at the heart of my current aneurysm causing piece of media is a story claiming that the YamaTough hack (alleged) on systems that produced (alleged) documents that showed companies were allowing back doors into their software/hardware (i.e. apple and other companies) for countries like India. Now first off, this is nothing new is it? I mean the claims have been made over and over by Anon but as yet only one real hit was made with BlueCoat on their proxy system. They indeed were helping Syria monitor their populace and in a bad way. For Christ’s sake, CISCO got caught too aiding China due to their contracts etc and they wanted to keep them.

So I ask you.. What’s news here? Other than the sensationalism around the whole story that YamaTough has cooked up trying to sell a story about the ills of corporations that make software? What’s more, WHY even bother to make a statement like the YamaTough incident is the “FIRST” case of documented “Cyber Espionage” ???????

Holy WTF? You mean it NEVER HAPPENED BEFORE!! All those reports in the news MUST HAVE BEEN WRONG HUH?

The Cuckoo’s Egg: Holy Crap! Computer Espionage In 1986! WHO KNEW!?!?

Which brings me to “The Cuckoo’s Egg” I read this a long time ago (required reading for ALL OF YOU!) This happened in 1986 and I believe that this is the first “Documented” case of computer espionage that is out in the open (i.e. not classified) Cliff Stoll, a UNIX (beardy man) was asked to look into an accounting error on a University system and ended up finding and tracking an asset for the KGB who was selling “DOCUMENTS” to said KGB from West Germany.

The Cuckoo’s Egg HERE and HERE

I suggest you all at least read the Wiki article on this if not going out and buying the book. Suffice to say tough, that the title of the book says it all. “Computer Espionage” This asset was hacking into White Sands Missile Range and other places and stealing data which he then sold to the KGB.

I think this would be called “Cyber Espionage” .. That is if one wanted to be douchey enough to use the term “Cyber” in front of everything.

Turd Shining by Those Who Should Know Better.. I’m Lookin At You Richard!

Right, well, there you have it… The YamaTough case could be said to be the first case of “Cyber Espionage” in 2012 perhaps, but certainly not of all time. In fact, I would suspect that as soon as computers had modems and were prevalent in government facilities (pre internet) There were likely other cases like the Cuckoo’s Egg but let me digress a bit again… Let’s name some operations that we KNOW ABOUT ALREADY

TITAN RAIN

AURORA

GHOSTNET

And.. Just for merit.. the moniker APT itself..

Just to name a few. We KNOW documents were stolen AND that they likely ended up in Chinese hands.. So really, Why Richard are you making this inane proclamation in your article? Oh, I know you have painted yourself into a corner now with your illogical argument of “Show me the documents” to which I say, Uhh we know these all happened as well as we KNOW Stoll helped catch Markus Hess in 1986…

So what gives?

Are you unable to admit when you are wrong? I mean, that seems to be the case to me….

Look, I am tired of getting tourrettes every time I look at some of this tripe out there being published by assumed authorities. This is out of hand and really, if you are wrong and someone calls you on it, think about it and cop to it. There is no harm in being wrong, we all are now and again. Hell, I was corrected yesterday by someone about my post on “Cyberwar” as I had the wrong country being attacked (in the scenario and history) with cyberwarfare attacks as a prelude to physical incursions (it was not Estonia, it was Georgia that Russia hit)  I though, admitted I was wrong, corrected the information, and thanked the person who told me.

You Richard.. Not so much.

YamaTough’s data is subject to much scrutiny and it seems that he/they have an agenda here that leans more toward disinformation than anything else. Their release of the Symantec source, while interesting, proves nothing of their claims (see articles about the 2006 hack on Symantec and the debacle thereof) So really, as an “analyst” should’nt one take a more jaundiced approach to reporting to the masses such things as this?

Not making bellicose claims that this is the first of its kind.. Kinda reminds of a certain guy who released bad data about some SCADA systems in Illinois…

Just sayin…

Contrition is in order…Not prevarication and inveigling

K.

Written by Krypt3ia

2012/01/19 at 15:19

Posted in .gov, .mil, Espionage