Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for February 2012

Forest for the Trees… And Other Aphorisms for BUY A CLUE

with 11 comments

Look It’s A Birdie!

Ok, so everyone is all over this YamaTough extortion/bribery/leakage thing but I have not seen anything really about the elephant in the room. Everyone is all over the fact that the code has been leaked, that a faux Indian twitter acct is boasting all the time about being smarter than everyone, and that Symantec is full of shit trying to catch them/him in an extortion scheme by posting pastebin’s of email encounters by the players.

*blink*

Ummm… So… Yeah, uhhh.. the hack that the code came from was back in 2006 right? So, tell me.. Where has it been lo’ these many years? Who had it? Who hacked Symantec in the first place?

*Anyone?… Anyone?… Bueller?*

Bait and Switch

So Yama had some code that was probably given to him/them by “someone” recently to be used in any way they like. Yama and the skidz then decide to release that data to the world and attempt to shame Symantec (a company btw probably on the AntiSec hit list) and sow FUD about their already quite shitty (trust me) AV systems.

Hrmmmm…

Ok, well, the code is in the open now… OH NOES! But wait… What’s that niggling little voice yelling in the background?

Oh yeah.. SYMANTEC WAS COMPROMISED IN 2006!

So once again, I ask you.. Where has that code been all this time that Symantec had no idea it had been taken? Oh, and also, if they did not know they were hacked in 2006, what makes you all think that the rest of their code over the years has not been in the hands of those who hacked it back in 06?

*Do you see where I am going with this? Think chess here…*

Those who have had access likely were the types to either be nation state.. OR.. Selling the access to nation state actors. Who else would keep this quiet for soooo long huh? I mean all of you out there in the know, do you remember anyone spilling the beans that the source for Symantec was available? Personally, I think that the malware dev’s out there chose the BIGGEST target for AV (and we all know just how popular Symantec is don’t we?) and hacked it discreetly to gain access to code and develop malware that would avoid NAV altogether right?

Hello Mr. Elephant…

Seeing the Trees for the Forest

So, unless the facts are much more convoluted here and that there is a lot of lying going on (well, there is but you know, base facts here) then this stuff has been in the hands of someone.. Someone who probably did naughty things with it (Chairman Meow maybe? or Ol’ Pooty Poot?.. Or.. Ooh Israel perhaps?) Haven’t you all wondered about just how much malware lately seems to be able to switch off NAV altogether? Place itself in the whitelist area?

Yeah…

Meh, maybe it’s just me and my tinfoil hat paranoid tendencies eh?

Say… Isn’t that elephant’s trunk rooting around in Symantecs pocket?

Look at the birdie! Look at the birdie! LOOK AT THE GOD DAMNED BIRDIE!

K.

Written by Krypt3ia

2012/02/08 at 14:45

Posted in Lulz, YamaTough

Game Theory, Anonymous Causality, and 2012

with 11 comments

Anonymous Factions and Influences

Anonymous being what it is, has always been susceptible to influence and infiltration from the outside as well as the inside. The nature of the movement is such that it resembles the cell structure of terrorist action groups like Al Qaeda have adopted over the years.

  • Decentralized
  • Autonomous (to an extent)
  • Headless (perceived only in some cases)
  • They have “wings” (action wings, propaganda wings, technical wings etc)
  • Small cells with distinct leadership working in compartmented protocols
In the anonymous world, the communications take a stratified approach as well. IRC is the medium for much of the comms but there are hidden chat rooms on various servers where the core meet to plan and talk. I am sure there are other means that they utlize as well such as i2p email addresses and other anonymized means of communication.

 

Due to the nature of Anonymous though, it would seem that the various players do not form a cohesive whole for the most part. So the cell’s that are out there can affect to greater and lesser extents due to the members of the cell and their capabilities. An example of this would be the core group called AntiSec. AntiSec, comprised of the more technical hackers from what has been gathered, has been attacking various sites for the lulz as well as perhaps with an agenda to cause the government and corporations pain by releasing embarrassing and or compromising data (See HBGary for an example)

 

Over the last year we have seen an evolution within Anonymous and its various movements. The latest being the AntiSec movement that really came out swinging after the LulzBoat set sail once their 50 day run was over. It is this latest group that has people concerned and may in fact be the more cohesive core of Anonymous, one that has a set group of leaders at its core, leaders with an agenda….

 

Anarchy.

 

Escalation and Over Reaction

The latest “hack” and release this last Friday (#FFF Fuck FBI Friday’s) is a case in point and I think as I started this post over Shmoocon weekend, it is only appropriate to use the FBI conference call as a focus today. Over the year AntiSec has been performing more and more actions against whoever they could attack. It seems that from the attack vectors to date (except this last one) have been attacks of opportunity with some direction (such as look for all police departments with holes on the internet) others seem to be perhaps fortuitous hacks given to the movement by those out there sympathetic to Anon or just looking to have their lulz while others perform the dirty work.

Either way, the stakes have been rising and the escalation has been seen over the last year into this one between the governments (in my case the US) and Anonymous and AntiSec. With the leaking of the FBI/MET con call this last Friday, we will see another evoution to the escalation because now, the Anon’s have directly shamed the FBI, the Met, and other orgs seeking to prosecute them.

Think of it as the angry bee’s nest Colbert spoke of about Aaron Barr.. Except this time AntiSec has deliberately slapped the bee’s nest with a bat as they walked away pointing and laughing. This will not end well for either really I think. As of today the FBI has stared yet another case file on the hack of the email accounts attached to the distribution list that the invitation for the call went out to. The assumption here is that someone forwarded the email to a private acct, one that had been compromised earlier and was the source of the email that allowed the Anon’s to dial into the call.

Meanwhile, Sabu has tweeted that AntiSec has been monitoring FBI comm’s for a while now and still had access as of Friday. I am unsure that this is truly the case but it cannot be discounted as just another braggadocio about their hacking prowess. You see, the Feds for the most part are not the most tech savvy as a group, especially within the rank and file SA’s or SSA’s. So, it is possible that there has been some pwnage and that the net effect is they have been compromised to the point where investigations may become harder to prosecute.

(Think about it this way.. Hacked FBI accts etc leave much for a good defense attorney to work with on the idea of reasonable doubt)

This is going to make the FBI over react and possibly over reach. This in turn will also put the government on a back footing as well and make them more apt to do things in a knee jerk fashion as well. You all thought ACTA and SOPA were bad.. Wait til these government guys feel the burn of future hacks on them as well as what just happened.

Of course I am not condoning either side here, but, I am trying to get across that we once again have the Batman conundrum.

“You made me… I made you…Let’s dance”

Meanwhile, the collateral damage piles up and the innocent are the ones most likely to feel the bite from both sides. Ironically, while both sides tell us all that what they do is for our own good.

Heh.

A Master Plan or Unintended Consequences?

Since the beginning of the Anonymous movement’s gaining critical mass and bearing the AntiSec fruit, I have been wondering if there is indeed a master plan here. Anonymous claims that they are autonomous, amorphous, a swarm, but I think that is a generalization that only fits when you look at the whole. When you start to bore down into the cells out there, you can readily see that there are pockets of cohesive groups. One of these groups is of course AntiSec. This group I think has acquired a certain amount of play within the Anonymous circle and thus would be a leadership cell.

Recent posts of the “Coming Insurrection” on sites that have been hacked by AntiSec have lead me to believe that there is a fair amount of Anarchist belief and activity within this cell of Anonymous. In fact, there seems to be from information sources, that AntiSec is in fact running the show now or would like to. As the hacking wing, so to speak, of Anonymous, they wield a certain cachet and also, from same sources, may in fact intimidate the moral fags a bit. All of this means that the core of AntiSec and their acolytes are really making the agenda as well as performing the actions to drive their agenda.. More than the penumbra of Anonymous as a whole.

So, in looking at the use of the Coming Insurrection and the propaganda by the “Sabu’s” on Twitter, it has become more and more clear in my mind, that the agenda is not only Anarchy, but also quite a socialist (for lack of a better term) bent. By watching the Sabu account on Twitter, one can also see the socio-political bents of “Free Palestine” as well as a general call for the downtrodden to rise up against the government. Is this just Sabu being Sabu? Is there an agenda that the others within the AntiSec core also believe?

As well, the use of the “AntiSec” name comes directly from a movement of Hackers and Anarchists back in the 90’s who did not believe that the nascent “Security Industry” was a good thing and that ideas like responsible disclosure of vulnerabilities was a bad thing. It all just fed a cycle where the corporations out there could hide vulnerabilities, keep writing bad code, and generally skate on their responsibilities to keep things secure. Oddly enough, all of those things today are in effect and still we have issues where companies are not doing the right thing as well as have a security “Industry” that contains many charlatans.

The AntiSec of yesterday I am told by sources, do not like the current AntiSec core out there today. In fact, some are a bit peeved from what I have been told.So, if today’s AntiSec is not a descendant of this original group.. Who are they? As best as can be figured by me, they took the name as they liked it but for the most part, there seems to be an Anarchist and Nihilist bent within their ranks and their agenda..

This begs the question though, just how much of their action has been just to sow anarchy and how much has been part of a goal to fight the government for perceived crimes against those they govern? For me, it seems that perhaps the overall goal here may be in fact to push the issue until there is a civil war of sorts. How would this play out? Well, I think we are seeing the beginnings of this now.

  • More governance of the internet
  • Less privacy
  • Additions to laws concerning terrorists and terrorism that now center on the internet and “cyber-issues”
  • knee jerk reactions creating bills with over-reaching language allowing for abuses of power
Granted, some of this may have organically been created from today’s issues over hacking and the so called cyber-warfare ongoing between countries. However, i think that this has sped up quite a bit as Anonymous?AntiSec push the buttons more and more against the police and the government. The net effect is that AntiSec is baiting the government and the authorities into over reacting. With each dump of data and compromise of site, they push and push the fools running the country into being more fearful that they cannot control the situation.
The reality is that they can’t control it.. Hell, they barely understand it…
And this makes it all the worse.

Predictive Behavioral Analysis of Both Anonymous and Government (USA) Using Game Theory

I have been watching this Greek tragedy play itself out over the last year and frankly I just don’t see this going well for anyone. It really boils down to a couple of outcomes and neither one I think is good.

  1. AntiSec becomes even more brazen attacking more frequently as they gain more power/synergy with more followers and people willing to help them
  2. The government will continue to attempt to catch the players. Some will get caught and there will be trials.
  3. The trials will escalate the anger and the AntiSec crew will seek more and more directed targets to shame and disrupt the authorities cases
  4. Laws will be enacted restricting the internet and the privacy we all should be able to have

The thing here is that AntiSec will not just go away.. Nor will the governments of the world change their ways. If indeed AntiSec’s core believe in anarchy as a way of life, then they will go on sowing it. This will cause the government to over react and do some pretty stupid things as well. It’s really Batman and the Joker all over again.. And as I think about it more, it becomes a very apt allusion to what is going on.

Except that the government is not as smart as Batman or as moral/ethical….

Normally, the use of “Game Theory” attempts to determine the best outcomes for winners and losers within games, politics, economics etc. In this case though, the real loser I think is the third party here…

You and I.

This game cannot be won. It will continue back and forth and there will only be collateral damage. Think of it this way… This war being waged by AntiSec and our government/authorities can be seen as the next war between all parties in the Middle East. Fought over thousands of years because of perceived differences of opinion over religion and land. Like the Shia and the Sunni, or the Israeli’s and Iranian’s this tribal tit for tat will continue on and there will be no clear winner..

Ever.

Perhaps WOPPR said it best…

“A strange game. The only winning move is not to play. How about a nice game of chess?”

K.

Written by Krypt3ia

2012/02/05 at 21:50

YOU MAY BE A TERRORIST….

with 2 comments

Do You Like Online Privacy? You May Be a Terrorist

It’s been one of those days when I went from ZERO —> STABBY really really quickly. What brought me to this point today was a tweet linked to an article at PublicIntelligence where they talk about a flyer put out jointly by the FBI and the Department of Justice (Bureau of Justice Assistance) on what to look for in an “online” terrorist or an “internet cafe” terrorist.

This document is one of the silliest and useless pieces of crap I have seen. It is so general and profiles so many people today and yet, fulfills the fear fear fear agenda that some seem to have. I am shocked at this even being floated out there for the masses to even consider to be used as the litmus test to actually make a call on someone’s being a “terrorist” or not. The Justice Dept and the FBI have in fact turned everyone who uses this document into Barney Fife! Except instead of a single bullet, they have given them a full automatic and two extended clips to use for ammunition.

Good job!

Ugh.

Generalities and First Principles by Marcus Aurelius

Let me say to you all here and now, I am embarrassed for our country and our law enforcement services with this development. I thought perhaps they would have learned after the whole “Muslim = Terrorist” debacle but I guess they have not. What posessed them to be so idiotic as to pass this out to the masses? What’s worse, how many of the masses are just dumb enough to use this list of likes and concerns as the “guide” to terrorism?

Hey USGOV, FBI, DOJ, How about you spend some time with the classics “First Principles by Marcus Aurelius”  Oh, wait, maybe you have no idea what I am talking about.. Ok, how about we take a quote from a movie?

“First principles, Clarice. Simplicity. Read Marcus Aurelius. Of each particular thing ask: what is it in itself? What is its nature? What does he do, this man you seek?”

Hannibal Lecter

You guys COMPLETELY fail to do this. Instead you throw out a bunch of generalities that fit 99% of the population for the gullible “see something say something” citizen to use to point fingers and yell TERRORIST!

WTF?

Time to pay attention people.

Hi, My Name is Bob, and I am A Terrorist…. *Hi Bob*

So, this leads me to the phrase above… Hi, my name is Krypt3ia, and I am a terrorist… If you believe the shitty list of character traits in this stupid document.

*waves*

Think about it, this is out there and it would seem that the FBI and DOJ may in fact BLIEVE this??? Can you imagine this is how their world outlook is concerning the broad spectrum of today’s internet users?

“YOU ARE ALL SUSPECT”

This belies a complete lack of understanding of not only the technologies today, but also the pervading psychology and sociology at play in today’s digital world. If you use technology, if you like the internet and IF you deign to want some privacy..

You’re potentially a terrorist and should be reported.

Wow… Just wow… I cannot believe how little thought went into this campaign. Are you really all that bereft of any common sense or even guile in trying to capture the real terrorists out there?

OMFG This Makes Me REALLY STABBY

STABBY! Yes, this all makes me very stabby. I cannot fathom all of this and it really makes me distrust my governments handling of these issues all the more. I am not one to really be their cheerleader with regard to digital security and policy, but now, holy Jeebus! Then I wake up this morning to find that AntiSec has recorded a conference call that the FBI held between them and the Met (UK)

*blink*

They did not even bother to check how many people were on the call! BASIC SECOPS people!! So now they are even more the laughing stock as well as I am sure will make swift responses that likely will be futile in the grander scheme of things.

Guys.. You’re really making yourselves into the Hollywood caricature of yourselves here..

“Keystone Cops”

BOOGA BOOGA BOOGA and Other Exhortations by Our Government

In the end, I am mostly appalled at the use of these jingoistic and lowest common denominator recommendations being given to the public on “cyber terrorists” It is the kind of claptrap I expected out of the likes of GWB’s reign.. Not now! It really is just useless and makes you look like fools…

It makes one wonder just what you all really believe…

No wonder it seems that Anonymous is getting the better of you lately.

So why not make everyone the enemy huh? Guess I will just go on down to the “internet cafe” *heh* and tap away on my encrypted blog about how I long for privacy…

K.

Written by Krypt3ia

2012/02/03 at 18:35