Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for April 2016

Two More Da’eshbag Darknet Sites Popped Up

leave a comment »

Screenshot from 2016-04-29 08:48:34The Cyber Kahilafah

 A couple more daring Da’eshbags have decided that the darknet is the place for them to spread their propaganda. The sites just popped up and aren’t quite finished. The Cyber “Khahilafah” خِلافة “Caliphate” has a total of 5 main pages with links off of those to other internal and external pages.The main page has the following text:

Screenshot from 2016-04-29 10:54:27

Fight in the cause of God those who fight you not transgress Allah loveth not aggressors} Al-Baqarah: 190}

————————————————– ———-

The books you dislike it, and it may be that you dislike a thing which is good for you, and that ye love a thing which is bad for you. Allah knows and you do not know the cow} 216}

————————————————– ———-

Very soon will be open all sections

We hope to collect the largest number of individual wolves

Cyber kahilafah

!Beware no joking here!

Overall this page is really quite simple and reminds me of just about every other page on the darknet (some remnant from Geocities got loose in the darknet and multiplied!) it’s kinda ugly and simple. As the site is not finished there isn’t much to look at right now but I thought I would archive it and pass it along before the kids hear about it and DD0S the crap out of it or hack the node and take it down. Of course if someone hacks it and somehow get’s a raw IP that would be interesting huh? *hint hint NSA*

Anywho, this site is different from the last one because it is not really pulling a whole lot from the clearnet and it is certainly not at this time like any of the other jihadi boards out there but it seems to me that is what they may be aiming at later on down the line. I am sure it won’t be around that long anyway but it’s amusing to see them try.. Ok on to the data and further below the second site!

DATA

The sub pages consist of the following headings:

/bomb/

Screenshot from 2016-04-29 10:27:03with sub categories of /bomb/ for redundancy?

/kafia/

which seems to be a version of Keffeyah which is a scarf, head dress common to the region.

Screenshot from 2016-04-29 10:29:21

Both of the downloads fail and the domain they point to are:

Now the 00-up domain is interesting because it has a long stories WHOIS history and the present owner is a Mohammed Ezz out of Egypt according to the data.

Screenshot from 2016-04-29 10:32:08

Screenshot from 2016-04-29 10:33:00/army/

Screenshot from 2016-04-29 10:44:15/army/ only has “coming soon” in Arabi on it at the moment

/armyb/

has the following single page with a link (Infantry Mechanisms In Desert Operations)

Screenshot from 2016-04-29 10:45:15

Screenshot from 2016-04-29 10:45:54

The desert operations piece is pretty much a re-hash of the desert war tactics from WWII. It’s an interesting read if you are in to desert warfare but I am not sure why they have put this up there because it is specific to the Sahara.

/isdarat/

Isdarat we saw the last time and refers to isdarat.tv so maybe these are the same guys?

Screenshot from 2016-04-29 10:44:15Another “coming soon” image

/gun/

Screenshot from 2016-04-29 10:51:59

“Kalashnikov Weapon” which links to some videos that don’t work

Screenshot from 2016-04-29 10:53:11

That’s all she wrote for this site. The next one though is a stand alone with the same name as this one but really is just a shingle for the Da’esh Cyber Kahilafah Al Bayan (popular news paper in the region) radio link. This link is not working but there were some interesting links that were offshoots to this.

 Screenshot from 2016-04-29 09:52:20Cyber Khaliafa Radio (non functional)

Now Al Bayan is the radio station that the da’eshbags started when they took over a station in the region. It is on FM and cannot be heard here unless you get it online. Thus this page and links. As they are not working it may be that they only post things or make the link live at certain times. In any case, the links on this page led to the clearnet and some interesting people and places (see below)

Screenshot from 2016-04-29 11:25:43

Screenshot from 2016-04-29 10:10:54

 

Screenshot from 2016-04-29 10:11:18

 

Screenshot from 2016-04-29 10:19:22

Screenshot from 2016-04-29 10:21:29

I have yet to try and give a listen but when I get a working link I will. Until then, you kids have fun with these guys in the darknets! Once again they show that they have some sophistication in being able to set up a tor site but then they completely lack the ability to really program it or keep it online. These are not the cyber warriors the media would like you to think they are.

Dr. K.

EDIT: There is a THIRD site evidently. I have found the “creator” of the site and located yet another page he/she/they are looking to link from. This one will eventually have the bomb making tutorials for making phone bombs.

Screenshot from 2016-04-29 13:12:15

 

Written by Krypt3ia

2016/04/29 at 15:28

Posted in Da'esh, DARKNET

Book Review: Among Enemies Counter Espionage for the Business Traveller

leave a comment »

51ToXwy3RPL._SX331_BO1,204,203,200_

 

It is not often that I find a book that I just want to read right away and put everything else in my busy reading schedule down for. In this instance I have to say that this book looked good right out of the gate for me so I put everything else on the back burner. At 150 pages give or take, it was a quick read yet quite informative on topics of espionage and counter-espionage tactics and techniques for the lay person. What really got me thinking though was that this book really could and should be a part of every companies security awareness program and not just for executives.

Of course with the prevalence of today’s electronic spying (by hacking or by outright hoovering of all data by nation states) one tends to think that old school HUMINT (Human Intelligence) is no longer as useful as it once was. This is not really the case though and I want you all to consider that as you think about your security programs or your personal security. Not everything has to be some technical HIDS/NIDS/AV/Firewall end run to get you into the network today and much of the time in today’s world you can see this at play with the simplest of attacks against end users with phishing and spear phishing. Truly the human element is the weakest and the most powerful at the same time when it comes to the success or failure of security machinations. In fact you will hear it often spoken as an aphorism of sorts but it is true that the “insider threat is the biggest threat” and it is literally true. This is where HUMINT is still useful in not only gaining access to a network let’s say, but also much more if you can leverage an asset into doing your bidding.

The book covers all the bases on how differing types of “collectors” aka spies both private and nation state can and will attempt to elicit, recruit, or blackmail the would be asset into working for them. Bencie also covers the issues of personal security around yourself and your technology that you carry (e.g. laptops, phones, tablets, etc) that are leveraged for theft and access as well. If a collector doesn’t need to recruit the target because the target left their laptop in their hotel room, on and logged in, well then no need right? Suffice to say that today we carry as much information and access on us as much as in our heads and this is what the industrial spy or nation state spy craves.

Now, one might at this point be asking one’s self “Well, what would anyone want from me? I mean, I am not that important, just a cog in my company that’s under appreciated, no one would send a spy after me.” … and you would be wrong to think this. Access is access and if a collector can get access to you and your technology (e.g.your network by hacking your laptop or phone) then they will. While there is a sniff test that a collector will make on people as they watch them, much of the math here is how vulnerable is the target and how easily could they be manipulated into what is needed to succeed. Bencie covers many scenarios that may seem like spy thriller pulp but take it from me, these things have happened and still do. In fact he uses real stories to back up the scenarios from the people that they really happened to. These are not just the things of spy thrillers and film and the general populace should be aware of this especially if they are on travel for work, more so if they are in a foreign country while doing so.

Finally though, as much as this book is something I am going to recommend to executives, I would also like to turn my eye inward to the community *cough* that I currently am in. That community is the information security community specifically. We INFOSEC people are probably the ones that I would consider to be some of the juiciest targets in today’s technical world where everything is network oriented. Whether you are a red team person or a blue team person, you all have information inside your heads and on your hard drives that the adversaries would love to have. As we are moving into the con season (Defcon and BlackHat to be specific) we all will descend on Las Vegas for serious convention learning and exchange of info… Oh who am I kidding? It’s a party festival of drunken debauchery and shenanigans right? If you have not considered just how many corporate or nation state collectors (spies) are also there looking at you dear con goer as a possible asset, then you just ain’t thinking straight!

I am hereby recommending that everyone going to these con’s read this book and take it to heart that YOU are a target at these two con’s if no other. Take heed of Bencie’s suggestions on controlling the drinking as well as what information you share with anyone. I also implore you to read and learn about the methods of elicitation that the spies use to get information from you when you may have no idea they are doing it. If you work in this field and you hold what we would consider secret information on the vulnerabilities of companies you have hacked in a red team event, or have been trying to remediate as a blue teamer, this book is important for you. But hey, Defcon is all a good time! Until you wake up in the desert with a note threatening to release the pictures of you to everyone unless you do what they say.

Just sayin…

Go buy this book. Read it. Live it.

All business is warfare so don’t be the next dead foot soldier.

K.

Written by Krypt3ia

2016/04/14 at 19:03

Posted in Espionage, Tradecraft, TSCM

Da’esh Terrorism As Advertising

leave a comment »

Screenshot from 2016-04-11 13:26:22

 

Someone on Twitter recently passed along this little email from ZENEDGE to me in hopes that I would have something to say. That someone was right and what I have to say is not going to be nice. The email, a marketing email, purports to be selling cyber services because “Terrorism” for all your cyber security needs. This frankly is one of the more craven and baseless marketing emails that I have seen of late and I agree’d with the sender that it warranted my special attention. So Leon Kuperman, and ZENEDGE, here’s your special attention!

First off, I would like to take the time to extend my sympathies to anyone who has been touched by terrorism and specifically to those in Brussels as they are used as a pastiche for this tissue of marketing bullshit you see before you. The article, and I call it that quite loosely, starts off claiming that “terrorists” and names da’esh (ISIS) are in it for the “terror” and that terror is able to strike anywhere! Anywhere to ZENEDGE means *gasp* online and you gentle reader are in danger of being cyber terrorized.

The past several months have brought a string of terror attacks and violent incidents, which not only claim lives but cause worldwide feelings of fear and vulnerability. It seems that groups of terrorists like ISIS can strike when and where they want.

As the authorities ramp up surveillance, such attackers simply adapt and change their tactics. They have learned to be patient and to leave few traces.

Stopping terror groups and other bad actors requires an evolving approach. Because these attackers don’t rely on yesterday’s methods for launching the next strike, authorities can’t rely on yesterday’s surveillance and intervention methods if they want to stop the attacks before they happen.

This is especially true as terror groups take their fight from the streets to The Street.

Oh my god, the terrorists can strike “The Street” Wait, what? What does that even mean? Are they going to attack Wall Street? Mulberry Street? So da’esh can strike anywhere anytime? Really? Like in my office here? My bedroom? ..*gasp*… My bathroom? What a crock of shit. But wait, it gets better! Because of “surveillance” the da’esh masters of terror are evading yesterday’s surveillance! They have gone DARK!

*gong sound with ominous portents*

Terror attacks serve a dual purpose: They not only harm or kill people, they send psychological shock waves throughout the world. After the rubble is cleared, fear and insecurity persist. This is what the attackers count on. For this reason, it is certain that terrorist organizations will increasingly bring their attacks to the online world, where ideologically motivated players — like Anonymous and New World Hacking — have already made a splash.

That’s right anonymous like entities will be committing the cyber terror in a place near you soon! They will either scar you psychologically or they will outright CYBER KILL you! Honestly this is one of the most egregious marketing mails that I have seen with it’s bated breathy scare tactics. It goes on and you can go read it for yourselves. I will not belabor you with it all here but I felt moved to call this kind of bullshit out. They continue on with the usual bugaboo’s of the scary darknet and operators therein being paid by da’esh to attack all our networks and maybe even a dam or YOUR NETWORK!

*insert scar balaclava da’esh hacker imagery here* BOOGA BOOGA!

Ostensibly this marketing blast is out there to sell ZENEDGE’s wares, whatever they may be because it really doesn’t give you a menu or anything to look at. It only says that you need to be proactive to stop the terrorists. So is password management with 2FA and having a good security program in general proactive enough to stop da’esh? Frankly, yes, in fact da’esh isn’t a cyber threat here and never will be. Let me set you straight Leon da’esh is not a hacker collective, their online propaganda is just that and their hackers, if you want to call them that loosely, are not a threat to much of anything but a poorly configured web page. Your using them and the events in Brussels as a sales pitch are in point of fact craven and the lowest form of marketing I for one have seen.

Leon, buddy, stop with the scare tactics bullshit and just try to sell your wares elsewhere. Stop trying to use tragedy as a sales and marketing tool you tool.

Dr. K.

Written by Krypt3ia

2016/04/11 at 18:16

Posted in Cyber