Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for October 2015

It All Started With An Unsolicited Email: TAKING THE FIGHT TO MALICIOUS CYBER ACTORS!

with one comment

Screenshot from 2015-10-26 07:17:39

“It all started with an innocuous enough direct message from “Deep Cyber Throat” the digital informant to my cyber Mulder….

Once I opened the file it became freakishly clear that this was no ordinary doctrine document. No, this document was a work of sadistic art that had to be exposed to the cyber sunlight to hopefully eradicate the derp that was festering within.”

Screenshot from 2015-10-26 07:20:35

Holy WHAT THE EVER-LOVING FUCK IS THIS SHIT? I was agog reading just the first paragraph. My mind had frozen like a Windows machine trying to use Outlook on a Monday morning. My mind vapor locked just at the Steve Austin ‘Six Million Dollar Man’ quote. This had to be a joke, my fore-brain fought with my lizard brain vacillating between fear, rage, and sense. I turned away from the bright screen and grabbed the whiskey bottle, took a deep draught. This was going to require a blind drunk bender for me to survive reading this drech.

I read on….

Screenshot from 2015-10-26 07:23:20

Hectoring? HECTORING? Really? So the NSA hacking all the things and spying on all the things and oh, destroying nuclear capabilities with STUXNET is just hectoring? Wow this guy is a real mental genius, heavy on the mental! Say, would this maybe be Richard Bait-Lick ghost writing this for this shmuck? I will say though that he is almost right on the whole passive defense thing but then he just goes back off the rails into deep fuckery territory. So tell me, where did the internet touch you sir? In all your no no places?

JESUS FUCK!

Screenshot from 2015-10-26 07:27:44

It was at this point I really came to understand that this man’s legal degree came from a mill somewhere on the internet. “We have the legal capability to offensively engage malicious actors” What? Who? Us? The populace? Are you fucking kidding me? He goes on in ever more prosaic and derpy terms how the government is hindering our, the people’s right to hack back and the laws are asinine.

Whoa dude.. Chill….

Really? Say, how many cyber guns do you have in your CYBER BUNKER? I read on…

Screenshot from 2015-10-26 07:29:06

…and then it hit me… Letters of Marque…. YARRRRRRRRRRRRRRR! I BE A PIRATE OF THE CYBER SEAS!

JESUS FUCK!

Crowd sourced investigations?

CYBER SHERLOCK HOLMES?

JESUS FUCK NO! HAVE YOU SEEN REDDIT? DID YOU SEE WHAT THEY DID WHEN THE BOMBINGS HAPPENED IN BOSTON?

NO! FUCK NO!

I have an idea, why don’t we just give all the chimpanzee’s in the world guns and be done with it huh?

Screenshot from 2015-10-26 07:29:58

My mind was in a near vegetative state by this point. I had run out of whiskey and my head had sustained a subdural hematoma from all the head desks that had occurred. I was not seeing straight but I pushed on…

It was then I realized that this idiot was the man who wanted to Balkanize the internet. Yeah, sure, let’s de-anonymize everyone and let’s make the internet tiered into a cyber apartheid system. Sure! Great idea!

Fuckwit.

FULL DOCUMENT WEAR HELMET WHEN READING OR PREPARE FOR BRAIN DAMAGE!

My mind is still broken from reading this 33 page… “document” If anyone comes into contact with this man please stop him from doing more cyber damage to our cyber world.

K.

Written by Krypt3ia

2015/10/26 at 12:18

Q4PZNWNO56KOPHGWWZEK64S This Is Collapse Out.

leave a comment »

Screenshot from 2015-10-19 10:11:05

Last weekend a burst of four broadcasts on two short-wave channels caught the radio geeks ear and being one of those radio geeks I thought it interesting enough to write about them. On 10/14/2015 into 10/15/2015 the channels 8992.0 kHz and 11175.0 kHz lit up with the four messages recorded below. What makes these of interest are that these are the EAM (Emergency Action Message) channels and for the most part they remain rather dormant. This weekend though they were spun up with some interesting numbers station like activity. You can take a listen to the messages below and read the Russian site that I found talking about them as well.

1. COLLAPSE message one: http://vocaroo.com/i/s1hGyA2GR6HI
2. Collapse message Two: http://vocaroo.com/i/s1ETZ3l9fp0G
3. Collapse message Three: http://vocaroo.com/i/s03ZI6ui70LY
4. Четвертое сообщение было передано станцией “FLATTOP!” ( Еще одна станция которая не вещала в течение многих лет): http://vocaroo.com/i/s01smhgkyNDL

Screenshot from 2015-10-19 10:16:05

Screenshot from 2015-10-19 10:21:31

Now allegedly the last time that these were heard being used were a long time ago with sporadic calls being made by planes with no answer. So an actual EAM message is of interest to those of us paying attention to it. In this case I can elucidate some on the calls being made that were heard this weekend and add a bit of context. In the case of these messages, the timing plays a key role. It seems that this weekend Putin’s forces were making runs into Syria again and this may be the reason that this EAM channel was spun up. The call signs COLLAPSE, RING DOVE, and FLATTOP are all the bases making the EAM. The coded text you hear them uttering is just that, coded text, and it may be a frequency to tune to for encrypted comm’s or it may be just a word or two. This is the basis of what is happening here. It seems that whoever and wherever our personnel, likely in the air, were getting orders to perhaps avoid running into trouble.

That is just a supposition though…

Of course given that there has been a lot of action lately including Russian planes getting into our and others air space…

http://www.wsj.com/articles/russia-says-jet-fighter-approached-u-s-aircraft-over-syria-to-identify-it-1444827032

http://www.express.co.uk/news/world/612828/Turkey-threatens-shoot-down-Putin-s-planes-drags-West-war-Russia

http://english.alarabiya.net/en/News/middle-east/2015/10/16/Turkish-military-an-aircraft-of-unidentified-nationality-was-shot-down.html

Keep an ear on those channels kids.. Shit is getting intense.

K

UPDATE: This code name was used before in 2008

2032z 25 Dec 08 11175.0 was active at 2027z with COLLAPSE (strong to good levels here) bcsting a 28-character EAM (Y23NIJ) preceding OFFUTT‘s 2029z HFGCS bcst of same. COLLAPSE was strong enough here to punch through OFFUTT’s good level bcst. Despite COLLAPSE’s signal strength on 11175.0 nothing was heard on 4724.0, 8992.0 or 15016.0

Written by Krypt3ia

2015/10/19 at 18:38

Posted in .mil, Numbers Stations

THE CYBER WAR THREAT!

leave a comment »

NOVA

 

Nova had a program on this week about the impending cyber war threat that the media loves so much to go on about and scare the populace. I had hoped that it being Nova they would do a better job at covering such a topic but in the end this show was no better than a 20/20 episode and this is very disappointing. The show was remedial at best and I understand the need for that given the audience base concerned but really did you have to just talk to the beltway bandits like Richard Clarke and Former General Hayden? This is a disservice to the viewing public and frankly consists of scare programming out of PBS in the hopes of ratings?

I and others have railed about the cyber war rhetoric in the government and the media but this is PBS! Come on and do a better job of journalism would you? Look, here are the problems with your broadcast that I want you to pay attention to;

  • Is cyber war possible? Sure, but on limited scales and really it would have to be truly backed up by kinetic warfare (i.e. boots on the ground) otherwise this is all just tit for tat espionage. You –rm a bunch of computers at Sony and we maybe shut down whatever is working in Pyongyang. This is not an existential threat and Nova failed to really get that across amongst the scary music and voice overs.
  • The focus on the grid is one that we have seen many times before and yes, if a nation state made a concerted effort on 9 (count them NINE) choke points in the US they could in fact cause an outage on a national scale. How long would we be down? I am not sure but it would not be the end of the world and if you do such a thing you had better have C-130’s in our air space dropping troops at the same time to make it a war.
  • The complexity of the systems and their semi interconnected nature makes an all out cyber attack on a national scale less likely and you did not cover that at all. There are many disparate systems in the grid and the pipeline systems. You could not likely without a great effort and a lot of luck have everything go down from a cyber attack alone. Simply put, you would have to have a kinetic aspect to the attacks to work. Something along the lines of the attacks on the transformers in the Silicon Valley area a year ago when they were shot with AK-47 fire.
  • Lastly you did not cover at all the fact that there are many people out there securing this stuff where they can. I personally have been on assignments assessing the security of the grid and other systems that have SCADA/PLC’s and yes I can tell you there have been times where I was just flabbergasted by the idiocy. Why connect these things to the internet I will never understand. Why connect them via WIFI in the field makes my head explode.

Anyway, at the end of the day this show only made my head explode again at the poor quality of journalism, this time by a favorite of mine, Nova. It was one sided and just a scare piece. Has the government owned you so much that you need to be the cyber war mouthpiece for them? Did you guys lose a bet? What the holy hell were you thinking? Just stop, for the love of God stop.

Post Script Screed:

After watching this episode of Nova I went online looking for the “Aurora Test” documentation that they mentioned in the piece. The fact that they showed pages of the report redacted on air got me thinking about whether or not it was all still on the net. Well, yes yes it is and it’s all here. 840 pages of unredacted love from DHS who in their infinite wisdom through a FOIA request, released the WRONG documents. These were CLASSIFIED and they show the choke points to attack were you wanting to attack the US grid or pipeline as well as a full description of all kinds of data you would want to do so.

*hangs head*

Yes, DHS, the people who brought you the TSA and other fun security theater programs have managed to single handedly pass out the keys to the kingdom because some asshat could not think their way out of a government provided thin wet paper bag. So there you have it kids, if you want to attack the grid have at it because in the scare-o-rama that was the Cyber War Threat they say nothing has been done to secure those choke points! Yes! Complete with shadowed anonymous speakers afraid to go on the record for fear of reprisals because they are telling the truth about our security fail!

Sweeeeet.

If you are a reader here you have seen my stuff in the past on this as well as my digging around with Google to find all kinds of shit on the net that could lead to compromise of the grid. Truly, if the terrorists or anarchists or anonymous or even the fucking 13 year old down the street wanted to, they could do some damage with this stuff. How long until such a thing happens because some idiot can use Google and a COTS hacking program?

Talk about your black swans…

Yours in everlasting head-desk

K.

Written by Krypt3ia

2015/10/15 at 21:43

Well… Duh.

with one comment

MV5BMjA0MTYyNDk4M15BMl5BanBnXkFtZTcwNjcyNjczNw@@._V1._CR524,1073.8999938964844,421,0_SX640_SY720_

Today I found myself looking at a tweet from my stream and saying just that. The tweet was posting a paper that had been written by another person on my feed who works for Kaspersky. The paper that it linked to was on how the threat intelligence companies out there needed to grow up a bit and learn that not only might they not be doing a service for their clients with their work, but also that nation states who’s malware they are actively reporting on and stopping seem to be unhappy with them.

Stunning I know….

So there I was mouthing the words “Well duh” and I thought maybe I should write something about this. Welp, here is what I have to say to this revelatory pdf…

“When you play spy games with real spies you often end up getting dead”

Should it be a surprise that malware researchers might in fact raise the ire of those nation state actors who they are thwarting or calling attention to? If you had to think about that one and you are a threat researcher you might want to re-consider your career choice. Espionage has truly moved into the digital age and yes, you guys are the new front lines so plan accordingly. You dear researcher are now a target in the ongoing war that is being waged by the nation states of the world and some of them would not think twice about whacking you creatively and folding your dead body up in a gym bag.

Other issues in the paper and a subsequent article in an online news outlet begs the question on where all this threat intelligence is going. Are the private corporations now becoming organs of the state by doing this kind of work? Are these orgs only reporting on APT activities primarily (I can think of more than a few names off the top of my head CROWDSTRIKE/MANDIFIREYE that pretty much just trade on that shit) doing anyone a service in really preventing if not more to the point, educating companies that they serve on the threats and how to detect and deter them?

In a word… No.

While APT actors are all the sexy and they make the news cycle the marketers friend, so far in my estimation many of these TI companies aren’t doing dick for the companies out there that hire them. Sure they have feeds and they have really really cool code names but really, at the end of the day just how much of that applies to the average corp? Not much really. So yes, there is too much a focus on APT and now these companies and researchers are beginning to realize that they are targets up to and including perhaps attacks both physical and other to discredit if not hurt them.

Welcome to the ‘Great Game’ kids! Remember though, you ain’t James Bond and no, that is not Pussy Galore in your bed.

Meanwhile might I point you all in the direction of 大鸦 / The Raven who recently was reported to have had a sudden case of death. He had no autopsy because he was hastily cremated and some mystery surrounds why he died and how. Why you ask is this important? Well, let me tell you a story about a guy who poked his dick in the eye of not only China but the DPRK and jihadi’s since the late 90’s. Vlad was a known quantity and I used to use his site back in the day too. Now he is just gone. A report came out in a certain portal of his demise and leaked information that Vlad had in fact been the guy who helped finger the 4 PLA players that the US put on their most wanted list.

Are you seeing my drift here?

The story on the street is that Raven met up with an unnatural death because he had been a player. Frankly my bet would be on DPRK for a whacking because Un is just that crazy but given that there is no news out there on this and the only report comes from a portal, I am going to lend this some more credence even with the source which I don’t like.

Oh and Vlad.. If you are about lemme know and let’s get that cleared up… Cuz I would rip the source a new one *wink wink nudge nudge*

Anyway kids all of you today who are in this line of business (threat intelligence) have to consider that you are targets. Maybe someday you will go on a trip somewhere and some strange will come your way at the hotel. Next thing ya know you are being blackmailed or your shit is being copied while you shower. In extreme cases you could end up like this guy who now it is alleged got whacked because he learned about some SVR moles in GCHQ. Of course this guy worked for GCHQ but hey if your company is now liaising all the time with the NSA how far removed are you?

Keep your wits about you.

K.

PS… the mail man always rings once then fires an uzi.

I stand corrected

Screenshot from 2015-10-13 07:25:41

Written by Krypt3ia

2015/10/12 at 22:22

Posted in Uncategorized