Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for February 2014

ASSESSMENT: Tesco.com Hack and Account Drop

with one comment

Screenshot from 2014-02-17 08:56:17

TESCO Dump:

Screenshot from 2014-02-17 09:04:27

Two thousand accounts and passwords to Tesco.com’s site were dumped on Pastebin 2/12/14 and it set the news all a twitter about how Tesco had been hacked. The accounts and passwords have all been deactivated and changed according to Tesco and if they had it their way I am sure they’d just like to move on. However, the news on the hack has as yet been unclear as to how it happened. In looking around the usual dirty corners of the internet I have found a few details about how common it seems companies like Tesco have been the target of these kinds of attacks. I found trails of chatter going back to August of last year talking about how to go about abusing the Tesco online system to order goods and have them delivered in many places as well as offers by coders for scripts and programs to carry out the attack that seems to have befallen Tesco.

Tesco_Checker.exe and Freelancers:

Screenshot from 2014-02-17 09:45:45

Screenshot from 2014-02-17 09:03:45

One of the first hits that I located was talk of a “Tesco Account Checker” program back in October of last year. I was unable (as yet) to locate the live download of the program but above you can see a screen shot of one of the common file sharing sites where it was hosted back then. This program allegedly checks the site by imputing user ID’s (emails) and passwords which it will check for a (200) on the site and output a report much like what was uploaded to Pastebin recently. In fact there are many offerings out there for these kinds of scripts and programs that will work on many sites and some of them have a brute force element as well. It has yet to be determined though if the Tesco event was an actual hack on their systems with something like these programs or if the Pastebin dump was just a shot over the bow from data gathered and tested with a new tool. Of course Tesco was also not very strong on their security for their passwords or their practices here with six character non complex passwords and a tendency to send pass resets in email clear text. These factors may also have been at play in this dump of the two thousand accounts actually occurring but it still doesn’t elucidate on why someone would just dump them there and not just use them.

Carding Forums:

 

Screenshot from 2014-02-17 09:07:05

Screenshot from 2014-02-17 09:07:23

Tied to the scripts and programs being created for the purpose of checking accounts at Tesco and other places, the carding forums make their appearance selling the data culled as well as giving short tutorials on how to check balances and such. As seen above there are at least two different groups of carders involved in this incident (v3ch4j.cc as well as tuxedocrew.biz) so it seems that perhaps it may have been more than 2k accounts compromised and may in fact be being sold on their closed markets today. It does seem though that these guys are in it for the purchase of goods then having them shipped as Tesco is an online super market. There are posts asking how to get food sent and how to scam the site to get that food so it seems that this has been going on for some time now. Tesco users may want to check into their accounts for small charges that may have gone unnoticed as well as Tesco themselves should be looking at a full scale DFIR on their systems to see just what has happened here.

ANALYSIS:

Screenshot from 2014-02-17 09:07:41

The overall analysis here is that Tesco was using insecure processes to generate passwords as well as reset them for people (in the clear in email) as well as perhaps had been under attack for some time (since last summer really) by these attackers. Probes of their site should have been noticed and one would hope that Tesco would have some sort of intelligence gathering to tell them when these types of campaigns are being created. My Googling only took about 15 minutes and I had a plethora of data on who was talking about this script as well as methods to cheat Tesco out of goods online. The upshot here is these guys weren’t really hiding very well and this stuff should be monitored. If they had been paying attention though they might have noticed Moad Abo Al Sheakh (G+ above) who posted a tutorial on using the Tesco account checking tool on his blog under the title “no secret her” and aside from his poor typing/spelling skills, lays it out pretty plainly. Overall this isn’t a Target attack on the scale of interesting but it does show just how poorly some places treat security as a primary goal only to get popped and dumped on Pastebin.

K.

Written by Krypt3ia

2014/02/17 at 15:26

Posted in ASSESSMENT, Hacking

ASSESSMENT: The Target Hack As An APT Style Attack

with 3 comments

140110103529-computer-hacker-620xa

Fazio Heating & Cooling Phished via OSINT:

Screenshot from 2014-02-12 13:42:14

With the release of Brian Krebs’ article on the Fazio Heating phish and use of their credentials in the Target TTCE/POS hack comes the notion that the criminals potentially used OSINT to carry out their crime. In looking at the sites that Brian has posted about you can see that there is a plethora of data available for an attacker to use to footprint Target as well as the eventual partner or supplier that was to be Fazio. By using common tools and techniques it is quite possible that the Lampeduza Republic or proxies thereof carried out the intelligence gathering needed to determine who they should target in order to possibly garner access to the Target networks via portals like the supplier portal mentioned in the article. What may in fact be the case though is that Fazio was just one target of a phishing campaign directed at all of the vendors that could be gleaned from the site leakage online (i.e. doc files, pdf files, and xls files containing metadata as well as direct data on companies and contacts that can be harvested through Google and Maltego) All of this data could well be used to set up phishing campaigns for any and all vendors found in hopes that they (the criminals) would be able to gather access credentials for the Target network to carry out the next phase of the operation.

Side Channel Attacks:

In this case it is being intoned that the access of Fazio on the extpol.target.com site/application may have had AD credentials that could either have had too much access to start or that they were used to escalate privileges on the server/system/application to exploit the core server inside the TTCE. While this is possible, one has to wonder if that is indeed the case or was there some other access that Fazio may have had? It seems though on the surface of it, that the access to this server and the lack of segmentation allowed for the exploit to be carried out and access granted to more of the internal networking within the Target TTCE. The fact though, that at the present time people are saying (off the record and anonymously) that Fazio was the epicentre of the access that caused this data theft shows a certain type of attack that is more common to a more planned and funded style of operation called APT. The side channel attack here is first foot-printing all the companies that doe business and then either choosing a target to phish or hitting them all to see what access could be stolen for escalation. This is a common APT tactic and bespeaks more planning than the usual phish of a company like target (shotgun approach as Brian says) and then exploiting to steal data. This from all evidence thus far, seems to be a very well thought out campaign from the creation of the malware (BlackPOS) to the phish and ex-filtration of data.

APT Activities by Non State Actors:

Up to now the focus of all of the APT talk has been over nation state actors. I would like to point to the Target hack and the Lampeduza as as evidence (so far) that we are now seeing a non nation state actor taking cues from all of the talk about the APT and using those techniques to their own advantages. It is of course not difficult to carry out these types of attacks in an orderly and persistent manner, it just takes an organization that is motivated and able to handle the work. I would say that the Lampeduza shows this kind of regimented behaviour as well as a motivator in the dumps of cards and easy money from their sale. The point being is the APT genie is out of the bottle and anyone with the means and the will can now carry out APT style attacks by using OSINT and other common hacking techniques to commit their crimes so no, it’s not China all the time is it? This case as it unfolds should be watched by everyone in the Infosec community because these types of attacks are only going to be more and more common and not just reside within the sphere of nation states and espionage.

ANALYSIS:

The ongoing fall out from the Target compromise is becoming more and more interesting and prescient on many levels for the security community as well as the populace at large. The attack vectors are leaking out slowly and I am sure that some day soon there will be an explanation from the DFIR folks hired by Target and the USSS as to what really happened. In the meantime information like Brian’s is very elucidating on how things may have happened and with the direction they are taking currently, it would seem that this attack and exploitation cycle was rather well thought out. As you have seen in my previous post, the Lampeduza while flamboyant, also show that they seem to have a sense of hierarchy and military ethos that I can see fits well into a criminal league who use APT techniques to get into systems, exploit them, and then keep the persistence as long as possible as they exfil their desired data. That these guys also seem rather blatant about their sites and their actions only seems to be an exceedingly large case of hubris that may eventually get them in trouble but that is for the future to hold. As well, if it wasn’t the Lampeduza who carried out the attacks, then whoever they are working with or hired has been studying the APT in the news cycle as well. Either way, this was a slick attack and I look forward to seeing where all this leads.

K.

Written by Krypt3ia

2014/02/12 at 19:13

ASSESSMENT: X-Ray Machine Exploits and TIP File Manipulation

leave a comment »

PH2010112902199

Exploiting The X-Ray Machines, TIPs, & TSANet:

A few years ago I worked with a startup who’s main goal was to protect the L3/Smith/Rapiscan machines from compromise from physical and network attacks. At the time the claim was made that the systems were not connected to any networks and were in fact islands and that this type of attack was not a real problem. Of course in the process of assessing these machines (one of them in a garage with an explosives expert) it became quite clear that these machines were wholly insecure and likely to be compromised at some point to allow things through the system. The connectivity issues aside, the physical access to the systems could be procured by saboteurs working in TSA and local compromise of the weak OS (Win98 as well as Xp based as the article states in Wired) could be carried out locally with a USB drive. So when looking at the threat-scape and reporting back to TSA and the makers of these machines it was clear that this type of attack could be possible but my issue was whether or not there was a probability of it being used as an attack vector. When talk was started about networking these machines as well as others (i.e. bomb sniffers) to the TSANet the startup changed their direction a bit and began to work the idea of a SOC to monitor the machines and the network to insure no tampering had been carried out. Unfortunately though the TSA and other entities did not really buy off on the idea and in fact the technologies on the systems did not make it easy for any kind of monitoring to be carried out. I went on my way having had a good insight into how TSA/DHS/Detection machines worked and had fun with the explosives expert messing around with the technologies and talking about red team exercises he had carried out in the old days with simulants. Then I saw the article in Wired yesterday and hit up my explosives and machine experts who got a bit unhappy with the article.

Exploit to Terrorism:

The Wired article on the whole of it is correct, it is quite possible to insert those already pre-made images into the system because that is how it is supposed to work. The article though mentions being able to insert socks over a gun for example in an image to cover up the fact that the gun is there. This one point was vehemently refuted by the guys I worked with as too hard to pull off live and that, as I agreed, it would just be easier to pass along a similar imaged bag image itself instead of trying to insert an image into an image to obfuscate things. I think perhaps that the reporter got that idea a bit wrong in translation but perhaps the researchers thought they could pull that off. Either way, this issue brings up a larger issue of the exploit itself being used at all. In hacking and exploits like terrorism often times the attackers opt for the path of least resistance approach. In this case I personally don’t see this type of attack as the first go to for any attacker. It think it would be much more advantageous and easier for the attackers to insiders to allow things to get past the systems or bypass them altogether to effect their goals. This type of attack has been seen before within the airports security mechanism with regard to thefts and smuggling so it is a higher likelihood that if AQAP were to attempt to board a plane with guns or other explosives, they would use insiders to pass that through the system without being seen by any X-ray or bomb detection at all and not attempt to hire hackers to compromise a networked or physically access a machine to pass a gun or guns through the TSA line. This also is why at the time of 9/11 the 19 went for very low tek solutions of box cutters to overtake planes and use them as missiles against buildings, it’s just the path of least resistance.

Failure Rates on X-ray and MM Wave Results:

Meanwhile the TSA has never been seen as a bastion of security by the public from day one. As time has progressed the people of this nation have realized that much of the function of the TSA seems to be to harass the passengers and provide a simulacra of security that really isn’t there. How many times have you dear traveller passed things through security, primarily the color x-ray Smith/L3/Rapiscan machines without even trying? I have gone through TSA on many occasions with forgotten knives and other things that are forbidden and TSA completely missed them on the scans. Once again I would point to the systems being insecure or the processes being lax that would lead to compromise of the overall security and not so much a hack on a Smith machine for a terrorist attacks success. A recent OSINT search in Google turned up an interesting document of an assessment of Hartsfield, Atlanta’s airport by the OIG that shows just how this airport at least was not following processes and procedures that would make an attack much easier for the prepared aggressor.  There are other documents out there and you can go dig them up but the point is that if you are not carrying out the policies and procedures, the technologies will not prevent their being bypassed. Additionally, there are issues around the technologies accuracy as well that have been addressed by the makers of the machines and the government so these systems are in no way foolproof and it requires vigilance to make them work well. The net/net here is that the technology can fail, be tampered with, or bypassed altogether without the need for an exotic and technical exploit series to be carried out on them to forward a terrorist attack.

Screenshot from 2014-02-12 08:21:07

ANALYSIS:

My analysis here is that yet again the research is valid but the hype around the revealing of such research at places like the recent Kaspersky Security Analyst Summit is just a way to garner attention. Much like the issues with the power grid and physical attacks which I profiled last on this blog, we are enamoured with the idea of cyber attacks as a vector for terror but the realities are somewhat more mundane. A physical attack or an insider attack is much more probable in this case as in the power systems attacks as the main modus operandi not an elaborate hack to insecure machines that will require access to begin with. At such time as we have networked all of these machines (remember many are islands presently) then we will have to address these issues much more closely and yet still, this attack vector may be sexy to the hacker set, but not so much to the terrorist set today. The machines are insecure though, the researchers are bang on about that and these issues should be addressed but then you have to look at the government procurement process as well as the corporations that do not want to have to re-architect their systems completely. It was a pain to try and get these makers to add API’s to their code in order to allow for remote monitoring by a SOC so think about telling them then that they have to not only harden their systems but also re-architect them completely to run on more advanced systems than WIN98. I would also point you all to the recent revelation that 94% of the ATM’s in the world still run on Windows Xp… How about an upgrade there?

K.

Written by Krypt3ia

2014/02/12 at 13:38

ASSESSMENT: Physical Attacks On Grid Infrastructure As Terrorism

with one comment

Screenshot from 2014-02-07 14:39:38

Physical Attacks on Grid Systems As Terrorism:

The fear of cyber attacks on the grid (or more to the point transformers and power stations) has been in the news cycle incessantly since Stuxnet made the news back in 2010. The fixation on the cyber world really has occluded the fact that the physical attacks against power systems are the easiest to carry out and often times occur not by attack per se but in reality are acts of nature like squirrels or tree branches. The recent re-hash of a story that happened last April in California is case in point of hype as well as a real cause celebre being propagated by the former head of FERC Jon Wellinghoff. Speaking on NPR and other news outlets he makes it clear that not only can a branch cause a blackout like the one in 2003 that took out the east coast so too can an attack like this at strategic points in the country. While Mr. Wellinghoff is absolutely correct here the news is making this more of a terrorist scenario than the FBI is willing to label it for website hits but perhaps that is what is needed to effect change here. Wellinghoff is in earnest talking about how FERC and the government have done nothing substantive to build in redundancy to protect the grid from such physical attacks as well as accidents such as the aforementioned tree limb in 2003. So really, can you blame someone like Wellinghoff using the media to point out these issues and perhaps get them really addressed instead of spending millions and millions on alleged cyber vulnerabilities?

After the attack in San Jose, Wellinghoff says, he went to the scene with a team of Defense Department specialists who train special forces personnel. They found evidence of pre-planning — including piles of stones to apparently mark locations from which to shoot. The specialists also told Wellinghoff it’s their opinion that a lookout monitored police radio traffic — and raised an alert as officers came near. Otherwise, Wellinghoff says, shots might have taken out three more transformers and power to Silicon Valley might have been threatened.

What stands out here though and what the FBI is not calling terrorism, even claiming that perhaps it was domestic terrorism or even testing and planning is that the attackers in California were motivated and rather methodical about their attack. As is noted by Wellinghoff after visiting the scene with some commandos who assessed the attack. So we have a set of attackers who planned their operation by casing the power station and seemingly had knowledge of what to hit in order to cause a systems failure for that area. Such information could be gathered from Google maps as well as going on site as it is also the same for any information on power station plans and manuals as I have written about before on here. Does this though say to us all that it was a probative attempt at a larger plot to attack the power grid by some terrorist group? Or does this say that there may in fact be a group of kids who decided to live out their dream of a commando raid black op outside of their Xbox? No one can really say definitively and only speculation thus far has been spun in the news cycle but nevertheless the truth of the matter is that power stations on average are vulnerable to physical attacks.

Cause and Effect From Physical Attacks to Infrastructure:

Another truth is that there is an obvious cause and effect if one were to attack the right areas of the grid. As we saw from the great blackout in 2003 if you overflow or underflow the system it can have a domino effect depending on the time of the day, year, and weather conditions at the time. If you were going to attack the grid there are about 5-6 places I can think of that you would want to attack simultaneously to cause a cascade effect that would effect a large swath of the country potentially. These attacks could be like the one in California but most likely would be something along the lines of explosives or even crashing something into the stations to cause the dominoes to start to fall. One would have to have a good working knowledge of how the system works overall and how the interlinks work across the country to do this as well as it would have to be a concerted effort with more than a few people. Still though, to what end would this all be done? So the power goes out and perhaps everyone will know it’s from an attack of some kind but really, then what? This attack scenarios to me would only be carried out by a nation state to really be of any real use and that would have to be in tandem with an invasion force on the continental US. So for terrorism’s sake would it really be worth it? This is not to say that some actors just might to it to “watch the world burn” as it were so it is not inconceivable that someone could pull it off on small scale like in California.

Another not really discussed possible effect from such attacks might be losses in the markets both in the general markets as well as directed losses for the power companies. Such attacks would cause prices to fluctuate as well as instill fear that the companies cannot protect their systems. This too would also put doubt into the picture concerning the national infrastructure’s overall security and any and all regulation thereof. So an attack would not only leave us in the dark but could be used as a financial weapon as well. The cascade failures would also place the power companies at a loss for having to re-tool their systems and upgrade the infrastructure as a whole which then would also have financial effects on the end users by way of fee increases. It is a web of more than just physical lines, heat, and power isn’t it? There are many scenarios here that we could cover on this but let’s just leave it at the idea that a physical attack is quite possible as well as one that could be carried off to darken a great swath of the nation. However, who would do so and what else would they be up to after they did so? What is the aegis here as well as what is the bigger picture?

ANALYSIS:

This story has been burning up the wires for a day or so now and people are all asking why now? Well, the why is because of Mr. Wellinghoff, he has been pimping this story along with the Wall Street Journal and rightly so if we are to face facts that these stations are poorly protected. However, I would like to point out some things here that one should consider concerning this story;

  • The attack in California was carried out by individuals who had some SECOPS knowledge in that they had cut the lines to prevent automated alerts but anyone with sufficient will could do this even teens
  • The California attackers also planned out where to shoot from with regard to their weapons (AK47’s it seems) and at 60 yards they are not “snipers” nor are AK47’s considered sniper rifles. Had these attackers had Barret’s or some other .50 cal with depleted uranium that’d be a different story altogether
  • The FBI is saying this was not terrorism so what was it?
  • Could it be possible that someone could be making the point by action to get someone like Mr. Wellinghoff ammunition to make a case for securing these systems over spending all the money on cyber attacks? He says outright in his NPR interview that he believes the cyber attack scenario is much less a possibility or a threat than an actual physical attack.
  • For all we know this caper was pulled off to black out a local jewelry store for an epic heist and not actually as some pre-cursor to an all out attack on the USA.

While I think this core story is much ado about nothing the point being made by Mr. Wellinghoff is absolutely valid. Will changes be made to protect these systems? Will new walls be put up and more security laid on to prevent such attacks in the future? Well, let me point you back to Mr. Wellinghoff’s point on what happened post the 2003 incident in the Northeast. Ferc was not mandated to make any redundancy changes or upgrades by law by the Congress. So there you have it. Unless something really serious happens nothing will change so do go to sleep at night in the warm blanket of governmental ineptitude. Maybe, just maybe the lights will still be on in the morning.

K.

 

Written by Krypt3ia

2014/02/07 at 20:45

Posted in .gov, Terrorism, The Grid

ASSESSMENT: Operation Rolling Thunder

with 2 comments

LMeye

Operation: ROLLING THUNDER:

Screenshot from 2014-02-06 15:54:47 Screenshot from 2014-02-06 15:55:02 Screenshot from 2014-02-06 15:55:32

It has come to light that the GCHQ (The UK’s NSA) took action against Anonymous by DDoS as well as the use of HUMINT and malware attacks to attempt to dissuade them from further actions. While this may be a surprise to some it is just a matter of action and reaction in the hive mind of the IC. Of course at one time there may have been more trepidation about carrying out direct action against quote unquote “dissidents” as some may call Anonymous but those days are long gone and one of the primary reasons such actions are easily rationalized now is because of terrorism. Terrorism used to mean blowing things up or taking hostages but now, with the 5th domain of cyber, that equation has changed greatly in the eyes of the worlds governments. Of course in this case it was the British carrying out the covert actions against the anonymous servers and users and as many know the Brits don’t have the most stellar first amendment record (D orders) and have a different perspective on what people have the right to do or say that may be considered civil disobedience. However, I should like to point out that it is highly likely that the UK did not act alone here and that it is probable that the NSA and the UKUSA agreements were in play here as well. I once sat on a panel at Defcon where I warned that these types of tactics as well as others would be used by the governments of the world against the Anon’s if push came to shove and it seems that I was not far off the mark. We have crossed the Rubicon and we are all in a new domain where the rules are fluid.

Civil Disobedience vs. Criminality In Anon Actions:

Some have written that these actions now revealed by Snowden show that we are all in danger of censorship and of direct action if we say or do things online that a government or agency doesn’t like and they are correct. It really is a matter of dystopian nightmare import when one stops to think that these were not state actors nor really terrorists by definition (yet) that GCHQ and the JTRIG were carrying out netwar on. The rationale I am sure is that the C&C of Anon needed to be taken out because they were “attacking” sites with DDoS or other actions (hacking in the case of LulzSec) and thus were a clear and present danger to… Well… Money really. While some consider DDoS a form of civil disobedience others see it as a threat to the lifeblood of commerce as well as portents of larger attacks against the infrastructure of the internet itself or perhaps the power grid as we keep hearing about from sources who really haven’t a clue on how these things work. Sure, there were criminal actions taken by Sabu and others within the collective as well as the splinter cell that was LulzSec/Antisec but most of the activity was not anything that I would consider grounds for covert action. That the JTRIG not only used malware but also HUMINT and SIGINT (all things used in nation state covert collections and actions) shows that they were genuinely afraid of the Anon’s and Lulzers and that their only solution was to reciprocate with nation state tools to deny and disrupt their cabal. I think though that most of the aegis that the IC had though was the fact that they “could” do it all without any sanction against them because it was all secret and they hold the keys to all of the data. Of course now that is not the case and they should be held accountable for the actions they took just as the CIA has been or should have been in the past over say the covert action in Nicaragua. I don’t think this will happen though so what will really only come out of this revelation is more distrust of governments and a warning to Anonymous and others about their operational security.

Cyber Warfare and Law:

What this release shows though most of all is that the government is above the law because in reality there is very little real law on the books covering the 5th domain of cyberspace. As we have seen in the last few years there has been a rapid outpace of any kind of lawfare over actions taken in cyberspace either on the nation state level (think APT tit for tat) and criminal actions such as the target hack and all the carding going on. In the case of the US government the military has far outstripped the government where this is concerned with warfare units actively being formed and skills honed. All the while the government(s) has/have failed to create or edit any of the current law out there concerning cyber warfare in any consistent manner. So this leaves us with warfare capabilities and actions being carried out on a global medium that is not nation state owned but globally owned by the people. Of course this is one of the core arguments over the internet, it’s being free and a place of expression whereas corporations want to commoditize it and governments want to control it and make war with it. This all is muddled as the people really do not truly own the infrastructure corporations do and well, who controls what then without solid laws? Increasingly this is all looking more and more like a plot from Ghost in the Shell SAC with government teams carrying out covert actions against alleged terrorists and plots behind every bit passing over the fiber. The upshot though is that as yet the capacity to carry out actions against anyone the government see’s as a threat far outstrips the laws concerning those actions as being illegal just as much as the illegalities of actors like Anonymous. The current law is weak or damaged and no one has really stepped up in the US yet to fix even the CFAA in a serious way as yet.

Covert Actions, HUMINT, and SIGINT:

When I was on the panel at DEFCON I spoke of the governments and agencies likely using disinformation and other covert actions against the digital insurgency that they perceived was being levied against them. Now with the perspective of the Snowden collection it is plain to me that not only will the easily make the call to carry out actions against those they fear but also those actions are myriad. If you are going against the nation state by attacking it’s power elite or its interests expect the actions to be taken against you to be swift and unstoppable. In the case of the DDoS this was just a tit for tat disruptive attack that seemed to have worked on some. The other more subtle attacks of hacking via insertion of malware through phishing and intelligence gathering my using spiked links and leverage against providers shows how willing they were to effect their goals. Now consider all that we have learned from Snowden and conjure up how easy it is today with NSL letters and obfuscated secret court rulings on the collection of data wholesale from the internet and infrastructure.. You should be scared. Add to this the effect of the over-classification of everything and you have a rich environment for abuses against whomever they choose no matter how many in the IC say that they are to be trusted. The base fact is this; The internet is the new battlefield for war as well as espionage not just criminality and law enforcement actions. If you are considered a threat by today’s crazy standards of terrorism is everywhere, then you too can have your data held in Utah where someday someone could make a case against you. Some of that data may in fact come from direct covert actions against you by your government or law enforcement per the rules today as they stand.

ANALYSIS:

The final analysis of this presentation that was leaked and the actions alleged to have been taken against Anonymous is that there is no real accountability and that secrecy is the blanket for covert action against non combatants in any war. We are in a new dystopian nightmare where cyberwar is concerned and there is a lot of fear on the governments part on attacks that could take down grids (misinformed ones really) as well as a ravening by some to be “in” on the ground level for carrying out such warfare. Without proper laws nationally and internationally as well as proper oversight there never will be an equitable solution to actions in cyberspace as either being criminal, grounds for war, or civil disobedience just as there will always be the high chance of reciprocity that far outstrips a common DoS. The crux here is that without the proper laws you as a participant of a DDoS could be sanctioned for attack and then over prosecuted for your actions as we have seen these last few years. Without a solid legal infrastructure and a Geneva Convention of sorts concerning cyber warfare, no one is safe. As an ancillary factor to this I would also say to all those in Anonymous and any other collectives that may rise you should be very careful and step up your OPSEC and technical security measures if you are going to play this game. As we have seen many of those key players in Anonymous and LulzSec were caught up with and are in legal trouble just as much as the guy who just decided to join a DoS for a minute and was fined a huge amount of money for his trouble. Remember, it’s all fun and games until the governments of the world decide that it’s not and want to squash you like a bug.

K.

Written by Krypt3ia

2014/02/06 at 22:21