Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

CYBER ESPIONAGE! Ya Know, It’s Espionage… With Some Computer Shit Thrown In.

with one comment

Cyber Espionage: A Buzzword Of’t Overused and Now Reinvented by Certain Players

Ok, so over the last few days I have had this story from Island sticking in my craw. I went to the source and told him he was misinformed and made a statement that was wrong. His prevarications after my statement SHOULD have told me that he had no intention of even entertaining the idea that he was wrong, so, here I sit this morning post seeing a re-tweet of his slipshod reporting, writing this polemic.

Alright, first off, the use of the word CYBER in front of everything now-a-days has me nearly cataleptic with CYBER tourettes! This is all out of hand and it has to stop. Especially from the “INFOSEC COMMUNITY” I know there are many players within that category of people but sweet jeebus, we have to cull the herd a bit!

There must be a CYBER culling…

So, at the heart of my current aneurysm causing piece of media is a story claiming that the YamaTough hack (alleged) on systems that produced (alleged) documents that showed companies were allowing back doors into their software/hardware (i.e. apple and other companies) for countries like India. Now first off, this is nothing new is it? I mean the claims have been made over and over by Anon but as yet only one real hit was made with BlueCoat on their proxy system. They indeed were helping Syria monitor their populace and in a bad way. For Christ’s sake, CISCO got caught too aiding China due to their contracts etc and they wanted to keep them.

So I ask you.. What’s news here? Other than the sensationalism around the whole story that YamaTough has cooked up trying to sell a story about the ills of corporations that make software? What’s more, WHY even bother to make a statement like the YamaTough incident is the “FIRST” case of documented “Cyber Espionage” ???????

Holy WTF? You mean it NEVER HAPPENED BEFORE!! All those reports in the news MUST HAVE BEEN WRONG HUH?

The Cuckoo’s Egg: Holy Crap! Computer Espionage In 1986! WHO KNEW!?!?

Which brings me to “The Cuckoo’s Egg” I read this a long time ago (required reading for ALL OF YOU!) This happened in 1986 and I believe that this is the first “Documented” case of computer espionage that is out in the open (i.e. not classified) Cliff Stoll, a UNIX (beardy man) was asked to look into an accounting error on a University system and ended up finding and tracking an asset for the KGB who was selling “DOCUMENTS” to said KGB from West Germany.

The Cuckoo’s Egg HERE and HERE

I suggest you all at least read the Wiki article on this if not going out and buying the book. Suffice to say tough, that the title of the book says it all. “Computer Espionage” This asset was hacking into White Sands Missile Range and other places and stealing data which he then sold to the KGB.

I think this would be called “Cyber Espionage” .. That is if one wanted to be douchey enough to use the term “Cyber” in front of everything.

Turd Shining by Those Who Should Know Better.. I’m Lookin At You Richard!

Right, well, there you have it… The YamaTough case could be said to be the first case of “Cyber Espionage” in 2012 perhaps, but certainly not of all time. In fact, I would suspect that as soon as computers had modems and were prevalent in government facilities (pre internet) There were likely other cases like the Cuckoo’s Egg but let me digress a bit again… Let’s name some operations that we KNOW ABOUT ALREADY

TITAN RAIN

AURORA

GHOSTNET

And.. Just for merit.. the moniker APT itself..

Just to name a few. We KNOW documents were stolen AND that they likely ended up in Chinese hands.. So really, Why Richard are you making this inane proclamation in your article? Oh, I know you have painted yourself into a corner now with your illogical argument of “Show me the documents” to which I say, Uhh we know these all happened as well as we KNOW Stoll helped catch Markus Hess in 1986…

So what gives?

Are you unable to admit when you are wrong? I mean, that seems to be the case to me….

Look, I am tired of getting tourrettes every time I look at some of this tripe out there being published by assumed authorities. This is out of hand and really, if you are wrong and someone calls you on it, think about it and cop to it. There is no harm in being wrong, we all are now and again. Hell, I was corrected yesterday by someone about my post on “Cyberwar” as I had the wrong country being attacked (in the scenario and history) with cyberwarfare attacks as a prelude to physical incursions (it was not Estonia, it was Georgia that Russia hit)  I though, admitted I was wrong, corrected the information, and thanked the person who told me.

You Richard.. Not so much.

YamaTough’s data is subject to much scrutiny and it seems that he/they have an agenda here that leans more toward disinformation than anything else. Their release of the Symantec source, while interesting, proves nothing of their claims (see articles about the 2006 hack on Symantec and the debacle thereof) So really, as an “analyst” should’nt one take a more jaundiced approach to reporting to the masses such things as this?

Not making bellicose claims that this is the first of its kind.. Kinda reminds of a certain guy who released bad data about some SCADA systems in Illinois…

Just sayin…

Contrition is in order…Not prevarication and inveigling

K.

Written by Krypt3ia

2012/01/19 at 15:19

Posted in .gov, .mil, Espionage

One Response

Subscribe to comments with RSS.

  1. Krypt3ia your posts always bring a smile to my face before I read them. My first reaction is always, who is getting their ass ripped in this one. So last week I was in a bar with a friend and we were talking to a few British and Irish guys. They were laughing because our swag bags said International Conference on Cyber Security. The reason why they were laughing was because in the UK the word “Cyber” is closely related to Cyber Sex, NOT Cyber Warfare or Cyber Security.

    For all those Cyber Security Experts, you may want to add this certification to you signature http://www.asscert.com/

    Tom Ryan

    2012/01/19 at 15:52


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: