Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

ASSESSMENT: The Islamic Cyber Resistance: Wikileaks.ir Bin Laden Group and Mossad Dumps

with 3 comments

Screenshot from 2013-12-19 14_04_27

Dmvtz MCB!

The Islamic Cyber Resistance:

It seems that there is a new player in the cyber town and they call themselves the Islamic Cyber Resistance ( هيئة دعم المقاومة الاسلامية في لبنان ) They are loosely affiliated with Anonymous and it also seems perhaps the Syrian Electronic Army due to a combined hack effort recently. In the case of the Wikileaks.ir dump however they seem to be working on their own and doing so because of the loss of Hassan Lakkis a Hezbollah commander who was killed near his home recently. The ICR dump was to “honor” him and to perhaps get people energized to do more even using “rememberhassan” as the password to the rar files uploaded to the net. I do wonder though at just how newly minted the ICR is because they have no Facebook site, no website that can be found as yet and little mention until recently. The are affiliated with Hezbollah notionally and seem to have ties to moqwama.org, the Hezbollah resource site which collects support for the Hezbollah organization. Ostensibly this hack attack against the Mossad and other entities and this dump were revenge for what is perceived as Israel’s killing of Hassan but the realities of the dump (which I will go into below) are much less vengeance and more an attempt to grab the spotlight in the great cyber jihad.

hassan

Hassan Lakkis

Screenshot from 2013-12-20 09:21:39

OPIsrael with Anonymous

Screenshot from 2013-12-20 08:42:01

moqwama.org front page

Screenshot from 2013-12-20 08:46:53

WHOIS of moqwama.org

Wikileaks.ir:

Meanwhile there’s a new Wikileaks in town and that is the Wikileaks.ir domain and site that these dumps were announced and posted on. It seems that the Wikileaks.ir domain has been around for a few years now and stared off as a WordPress site that wanted to be affiliated from the get go. However, it seems that the site was not an official one nor is it today according to what I have found looking around the internet. The domain is currently owned by someone calling themselves Ehsan Goorabi, who according to searches has been a graphic designer/web designer/printer owning his own business called “Lemon Graphics” in Lebanon. It turns out that Eshan is also in fact now a CEH so this kind of ties a nice little cyber bow on him as perhaps being a part of if not the main player in the ICR. The wikileaks.ir site is now getting play within the media and I am sure is getting plenty of traffic. However, after looking at all the dumps on there I just don’t see anything really spectacular in the way of secret information. In fact what can be found is the usual rhetoric and talk but no real shock and awe.

Screenshot from 2013-12-20 08:16:35WHOIS wikileaks.ir

Screenshot from 2013-12-19 14_37_05

Ehsan Goorabi CEH

Screenshot from 2013-12-19 14_42_55

Ehsan Goorabi Printer

Screenshot from 2013-12-20 08:29:14

Wikileaks.ir FOR SALE!

The Dump:

The data dump in memory of Hassan too was pretty much a re-hash of data already out there in other dumps. The alleged hacking of Mossad data (personnel data seen already out there) and the alleged hack of the Bin Laden Group (BLG) Now the ICR and the WL site claims that there is some real bombshell information here but in reality it’s all just common data from the company that was hacked. PDF files and emails on daily business things that after looking at are nothing at all to be interested in even if there are claims of shoddy workmanship and perhaps some fraud. If you listened to the ICR they would have you believe it shows complicity with the government and other terrible things. Honestly though what would this data really mean to anyone within AQ, who nominally are mentioned in the dumps other than a sleight against the Bin Laden family who begat OBL in the first place? I guess time will tell if the dumps get better with this crew but to date they certainly aren’t stellar and more than certainly not worthy of all the press attention that this has garnered them.

Screenshot from 2013-12-20 07:09:57

Cyber Jihad:

So, the cyber jihad is on evidently. Well perhaps not a jihad, but at least a resistance as the moniker places them. It would seem that the ICR and SEA, who are already working together, along with the Wikileaks.ir site may be something to keep an eye on if they get their acts together. SEA has been very active with low end hacks that grab headlines but really don’t create any substantive change. In aligning with the Wikileaks ethos though perhaps they will seek to out corruption within their area of influence. Maybe they will just keep flailing along in hopes of garnering the attention they seek, we shall see in the near future I imagine. I do wonder though at the alleged connections with IRGC though. To date these seem to be just pipe dreams of the media though. I cannot see my way to seeing any kind of IRGC support here because these people lack OPSEC as well as skill it seems from what they have laid out so far. In fact I think SEA, as lame as their attacks have been in real impact, are much more technically capable than the ICR today.

It will be interesting to keep an eye on these guys and see what they come up with next….

K.

Written by Krypt3ia

2013/12/20 at 16:17

Posted in Cyber, CyberFAIL, jihad

3 Responses

Subscribe to comments with RSS.

  1. […] and the SEA in passing while also describing its unique ties to an Iran-based Wikileaks-style in a wide ranging blog post. We’ll seek to expand on his impressive […]

  2. are your crypto-epigrams really crypto or just Markov… ?🙂

    Etaoin, of course, Shrldu

    2013/12/24 at 22:45

  3. […] and the SEA in passing while also describing its unique ties to an Iran-based Wikileaks-style in a wide ranging blog post. We’ll seek to expand on his impressive […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: