Archive for July 2016
Spies Using Social Media? No. Way. *Eyeroll*
THIS rather breathlessly hyperbolic report on JTRIG using social media and hacking to spy on, or manipulate people, governments, and movements as well as gather INTEL on them had me eyerolling. Yes, this is new in that social media is new as is the Internet and hacking but really, the techniques of manipulating populaces for political and espionage advantage are nothing new. The spy agencies out in the world perform these PSYOPS and disinformation operations all the time and in the olden days kids they used to manipulate the press, then TV and the press, then INFOTAINMENT. There is nothing new here…
What you all have to realize is that now YOU are more easily hackable, your information more able to be stolen or accessed by writ of law, or YOU give it away by using applications that have been expressly created to give the agencies access to you as in this URL shortener that GCHQ used on the protesters in the Arab Spring. You all have to realize that unless you are code auditing everything you use on the net, then you too could easily fall prey to information leakage or outright compromise if you are a target of the “community” at large.
I would also like you all to take note that those who may support Wikileaks, or be a member of say Anonymous also were targeted and used in this operation by GCHQ as well so if you are an Anon, you too have been targeted rather directly (like the citation of Topiary’s conversations) so you too are not safe even if you are trying to use good OPSEC, which, it turned out, and I have written about in the past, you were not. Oddly enough though, the Snowden leaks on JTRIG also show how the same issues are at play for those operators within NSA/GCHQ as well. Trying to keep sock accounts straight, know the language and the patter, as well as the political issues is problematic when you are doing things on a larger scale (trust me I know) so at least you have that going for you right?
Heh.
Wake up people.
OPSEC… Live it.
Dr. K.
DNC Hack: The Flying Fickle Finger of Fate and Intelligence Analysis
I had some Tweet conversations this morning that led me to a need to make yet another post on the DNC hack debacle. @Viss and @mr0x20wednesday both struck up a conversation after I posted a link to the NYT article on the consensus that is growing within the government that Russia carried out the hack. The consensus building is coming from assessment by the CIA while the FBI has initiated an investigation into the hack and the subsequent dump of data to Wikileaks and to the web via the wordpress account for Guccifer2.0. It is important to take note of the previous statement I make here about who is “assessing” and who is “investigating” and that is something people in the general population do not quite grok much of the time. The FBI attempts to prove things in court and the CIA generates analysis and assessment to help leaders make decisions. These are two different things and I want you all in INFOSEC to understand this when you start to have conversations about spooky things like the hack on the DNC and the subsequent possible propaganda, psyops, and disinformation campaigns that may ensue.
I recently wrote a more irreverent post while I was in a more Hunter S. Thompson state of mind concerning American politiks and the mess we are in, but the core idea that Russia carried off this hack and the actions after it still hold true for me. Many of you out there are reacting more like how I reacted when the Sony attack happened and once again I also find myself asking the same questions and having the same concerns over attribution versus solid evidence. There are many issues at play here though that you have to take into account when dealing with an action like the Sony or DNC hacks where information warfare or “cyber war” are concerned. Most of the considerations you have to make surround the classification of much of what you might get in the way of evidence to start with never mind about the circumspect nature of attribution that is being released to the media. At the end of the day my question to the FBI was “Show me proof” which is their job right? FBI is part of the DOJ and should be leading to charges right? Well, none were proffered by the Obama administration, some sanctions were laid on DPRK but no charges, unlike the wanted posters for the Chinese agents that the FBI laid out for hacks and thefts of data. There is a distinct difference here and that is evidence that can be presented in a court versus attribution and analysis by companies like FireEye and Crowdstrike. True, both those firms can prove certain things but primarily, as you all know out there, attribution is hard to prove so it really stops at analysis, more like the intelligence agencies content and mission.
So where does that leave us with regard to the DNC hack? Well, the attribution data presented first off may only be a portion of what Crowdstrike may have. Other portions may in fact have been classified or asked to be held back by the government (I’d say pretty likely here) and may some day be revealed. If the Sony hack is any indication though of this process, not so much. I am still unaware of any real conclusive evidence of Sony’s hack being DPRK but like I said, the US government sanctioned DPRK over it. It is not likely the government and the president would do so without some more solid evidence but one must consider “sources and methods” when dealing with international intrigue like this right? Don’t like that? Well, get used to it because you are going to see more and more of this as we move into the golden age of nation state hacking and covert action. There will be things you John Q. Public, will never know and will be classified for a good long time. Just take a stroll through the Spy Museum in the cyber war section and look at some of those code names. I bet you haven’t heard of some of them and at least one of them, some of us, were VERY surprised to see on that wall already.
But I digress…
At the end of the day though I have to go with previous experience, Occams Razor, and a sense of Cui Bono concerning the DNC hack/dump/manipulation. Some may argue that the GRU and KGB (yes, once again old agencies don’t die, they just change names 😉 ) would not be as sloppy as to leave the breadcrumbs that are being found by Crowdstrike and others. I would remind you to look at at the last big operation that we busted in the US by the KGB as well as the recent posting of selfies by a KGB graduating class as examples of “everyone fucks up” For that matter, shall we mention our own CIA’s debacle with the Pizza Hut? Every agency screws up and every hacker does too. Humans and human nature insure that things will get messed up, there are no perfect operations. In this case the assets involved likely had access to the DNC as well as the RNC but decided to use this data to influence the elections in a manner that they could get away with it easily. This is the nature of spying, politics, and geopolitics, take a look at the history of the CIA and dirty tricks in the politics of South America and then picture it if they were doing the same (hint, they are) today in the cyber age.
That’s right kids, there have been other dumps and hacks. Perhaps some of those too were the US? Think about it.
Russia and Putin have been gerrymandering elsewhere, money and influence operations have always been around. Now consider yourself to be Putin and you have an operation that gave you easily funnelled information to the likes of Julian Assange and Wikileaks! Even more enticing, the fact that you all know that attribution is hard to prove in hacking! What do you have to lose if you are Putin or anyone else? So, if you look at how this plays out, and what more may play out come October, who, what nation, would have the most to benefit if we actually had trump in office?
Think… The answer is ANYONE who would like to take America down a peg and have more possible influence on world politics.
If you look though at the rhetoric by Trump you can in fact see that the big dog in the room would be Putin though. Just think about it! How much more power and sway would Putin have if Trump were in office and dismembers NATO? Come on now kids, think about it. Ask yourselves “Cui Bono?” here. So stop the quibbling about the attribution and the finger pointing. Take the analysis by the CIA and others as well as the eventual data the FBI comes up with and start looking to how can we fix the problems here? There are so many problems though that I too get disheartened. The political system is broken, the information systems are not properly protected, and we run headlong into creating more weaponized code? It is enough to make a man drink.
Ooh good idea…
Dr. K.
Wait Till October…
There is so much talk about the leak by Wikileaks of the DNC emails (20k) which is only a partial dump I think in the end. Much of the Tweet stream is going on about how this is likely the KGB (No, I will not call them FSB) and how this is bad in so many ways. The DNC dump Friday has been fun to go through from the perspective of laughing at their hubris and gawking at the people involved, the money, and the fuckery. However, once you get past all the schadenfreude you start to realize just how fucked we all are.
First you begin to realize just how dirty and full of fuckery politics is to start, that is if you aren’t already jaded about this shit. Then you realize the proportions of the fuckery when you see proof of some of the things that go on via the leaks from the DNC’s and Hill’s toilet server and you think
“What the SHIT?”
You take a shot of whiskey and crawl back into your lizard brain for a while to get away from it all.
Once you have ruminated on all of this then you start to ponder on the motives and the actions taken by the actors here. They hack Hill’s server in the disused crapper and then DNC’s systems? Or was it the opposite? What is the motive here? Is this a hack by some kids to upset the political apple cart? Or is this something more? Is this a nation state? The attribution firms are in high gear promoting their theories but this time I will go with what Crowdstrike is selling.
Pooty and his funtime band are doing a number on us is my vote too and fuck are they pulling a whammy using our own political fuckery to destabilize all the things. This has been the hack that I would consider to be an outright CIA styled destabilization operation, the kind that you would find material online on (think South American fruit and sugar) with a cyber cyber twist. Even Nixon, who pulled this kind of shit with the plumbers and Watergate would be envious right? The only difference here is that Nixon got caught. Pooty is not gonna get caught because of the nature of hacking, attribution, and cyber cyber cyber.
Once you start to look at it as a destabilization operation against the US then you have to look at the possible goals here. The US is on a five front war? How many fuck fronts is it now anyway? We are precariously teetering on the edge of failing empire, and we have these nitwits (both party candidates) running for office, both of them now tainted beyond redemption. Hillary with bathroom servers, no malware protections, and not even the forethought or ability to hire people to help them secure her shit properly? Then she goes on to consider their machinations safe for fucking un-encrypted classified email?
JESUS FUCK!
*deep breath*
Then we have Trump, with his.. Well.. His everything. He is the worst candidate I could ever think of and yet here we are, he is the RNC candidate. We are well and truly fucked. I can only imagine the security posture of his systems but gee, no one has hacked him.. Have they? If they have no one has leaked anything… Yet. I am sure his servers are full of dirty shit too.
Ok, so yeah, here we are in July and November rapidly approaches. We have Trump as the official RNC candidate for ORANGE CAESAR which scares the living fuck out of me, and we have Hillary, the lady who flouts all security measures for ease of use…Wait… Shit, that really is everyone ain’t it? HELL that is most of corporate MURICA! God dammit we are so fucked!
Anyway, Hill goes on to mishandle CLASSIFIED information and skates on it while frankly others have been pilloried for less. Truly people, with the leaks so far and just the epic fuckery of the race, I am just crawling into that lizard brain more and more with the help of a good grain alcohol. The problem is I keep coming back to lucidity and then hear/see/read the news and end up chugging the shit again to make it go away!
The sad thing is that what we have seen is just the tip of the shitberg. Trust me, wait till October when the real revelatory emails show up. It’s called and “October Surprise” and fuck it’s gonna make Hunter’s worst drug and loathing fueled nightmares seem tame in comparison. Think about it people, Pooty and the KGB are easily, handily, fucking us all over with the cudgel of our own hubris and lack of due care.
All the while these fuckheads are crafting all our dooms with malware and cyber cyber cyber WAR that would make Dr. Strangelove weep in ecstasy. While they argue over surveillance as good and crypto as bad they really don’t comprehending any of it. If it weren’t true it would make one hell of a farcical film. Unfortunately for us it is true, and it is happening today. We the people are the ones being fucked over by their collective business as usual in so many ways.
This isn’t over kids…
Put your helmets on and wait for October for the last of the dumps. I am fairly certain some shit will come out and in the end MURICA will begin it’s 2nd empire with an orange, small handed, orangutan at the helm of this country. Hunter was smart to have left because if he were alive now he would be reaching for the shotgun all over again in much more despair.
Dr. K.
PS.. I have written about possible motives recently… You might wanna take a look.
Leaderless Jihad and Open Source Jihad: A Marriage Made In Hell.
In 2013 I wrote about leaderless jihad and the “Stand Alone Complex” Now we are seeing this type of leaderless, “inspired by” thought virus playing itself out on the national stage. Last nights attack using a lorrie was something that was presaged by two issues of Inspire Magazine back in 2010 and 2014. There isn’t much to it really to gather some weapons, steal a truck, and then plow it into a crowd but it has taken this long for the insidious idea to take root in the collective unconscious of the would be jihadi’s. The days of a more rigid and trained “jihad” are being eclipsed by would be unbalanced individuals seeking attention and reinforcement of their sick ideas through the media, the internet, and our collective inability to look away from a tragic scene on a glowing screen.
2014 Inspire
2010 Inspire 2 “Ultimate Mowing Machine”
Soft targets were always the preferred avenue of attack but now they are becoming seen as a top priority for security forces since the attacks in France and other places like Bangladesh. While Dahka on the face of it had a contingent of more trained individuals the attack last night is as simplistic as they come. This is what is really scaring the populace and the security services because now it seems that the authors and actors of these acts are in fact just one guy and not a cabal that they could perhaps track using pervasive surveillance. A cell of one is hard to track and certainly if they self radicalize by just downloading Inspire magazine and watching YouTube, well, what can one do? There are no easy answers here in the world of detection and prevention.
So here we have it, I have been pointing this out for a while and at first it was AQAP trying to inspire “OSJ” or Open Source Jihad. Now Dabiq and Da’esh are carrying it on and furthering it with the media zeitgeist that ensues with each attack. The net effect here is that these people are selfradicalizing with the help of the media’s obsession on covering ad nauseum these acts. The pervasive hand wringing and talking heads only serve to whet the appetite of the would be jihobbyist into action. Forget the Inspire magazines and the videos, just watch CNN and that is enough it seems. This all is very much like the plot line to “The Laughing Man” arc of Ghost In The Shell. An act carried out on the media instilled others to carry out like acts to be on the media and further the idea(l) as well as serve as a means to self fulfil the actors need for attention and satisfaction.
This is pure psychology at work and there are a host of reasons and syndromes that could likely be pointed at to rationalize it’s happening. The fact of the matter is that now we are seeing it play out rather bloodily on the streets of the world in furtherance of an idea and ideal set that lends itself to the like minded.. Or should I say mentally ill? Yes, I would say mentally ill. These actors are acting out and likely have some borderline tendencies to start with. These people feel outcast in their societies or out of place within the societies they are living in as a second generation citizen. It is a complex thing to nail down and I suggest that anyone who might want to delve into it further read “Leaderless Jihad” by Marc Sageman.
We need a more nuanced approach to the GWOT and I am afraid we won’t get that…
K.
Counterfeiting On The Darknet: USD4U
USD4U
While traversing the darknets, as one does today, I came across a constellation of sites hawking counterfeit currency, particularly American twenty and hundred dollar bills. It is not uncommon to see counterfeit currency on offer on the darknet markets but in this case these were stand alone sites by a proud group of counterfeiters offering on the face of it, almost superbill quality notes. Stuff that has not been seen in a while since the take down of the DPRK’s efforts to not only manufacture currency for their own purposes, but also to potentially be used in a larger scheme of currency destabilization.
The notes in this case however, aren’t the old hundred dollar notes of yesterday but instead today’s counterfeit protected notes that the US rolled out in 2013 to the masses. With color as well as new inks that fluoresce, have metal in them, and hidden tech to stop fakes, the new bills were supposed to be incredibly hard to create. Well, it seems that these guys on the darknet have done a pretty good job at creating a passable facsimile as seen below;
Their hundo
Hundo front with markings of checking points/features
Their hundo back
Real hundo
Quality
That’s right kids, this can pass the UV light test, it has the fiber/metal strip, it has the holographs, and has the look of a real bill. In fact I have at least one alleged user who has passed the hundo’s at a local establishment without issue. Of course it is common practice to use smaller bills than this, some devil may care types will buy the hundreds and pass them in gas stations and other low end brick and mortar stores in hopes that the teller’s there will not know the difference nor have the technology to test the bill for authenticity.
So someone has been passing these already if you are to believe the Reddit post. I should think that it is quite possible and while I did not check out “mrexpat” to see if he is a shill, I know just by looking at the site and the language they use, they make a “quality” product. The site(s) are all by the same maker and or brand if you will. They call themselves USD4U and they are pretty brazen in their advertising including telling the client not to haggle with them, the price is the price! That price being as follows for varying denominations and weights;
Printing
As you can see they offer anything from ten dollar bills all the way up to the hundred dollar bills seen at the top. They are dealing only in Bitcoin and they offer FREE SHIPPING with an order over $250.00 and over. Of course now if you look at the prices they are pretty cheap for the main part. However, in larger operations it is not by the note but by the pound (weight) that you buy bills in with serious folks. These guys have the niceties as well of an “affiliate” program and an earnings program, which I am not sure exactly how that would work but ok…
Another interesting note is that they say they ship from the US, which makes me wonder a bit about these guys. For the most part my digging has shown that in their photos the players are Asian but that could just mean it is a Tong or another group doing this. They certainly though spent big bucks on the printing process and seem to be using quality materials as well to make these notes… So is this just a sideline or what? The brazen behaviour I alluded to above is that they have taken photo’s of their Flexo Printer that they “heavily modded” in order to make these bills.
For those not in the know, and do not want to go read more in the link above, a “Flexographic Printer” is a specialized piece of machinery that can print things on many types of material with rubber “plates” that can carry high rez scans. So, if you ever had print shop back in the day (as I did) you make a flexible plate and then run that on your media with the flexo and you can get crisp images with texture. Texture is a key here, see, when you just laser print a note you don’t have the right feel and you may not be able to run high fiber content paper through an inkjet in some cases. No, these are printed on cotton stock and have raised ink feel to them as well like the real deal.
(I know what you’re thinking here.. “What has he been up to?” No, I am not a counterfeiter… No really!.. Ask me at DEFCON and buy me a drink maybe I will tell you more…)
This modded rig as they call it can run jobs fast, multi color, and handle the iridescent ink that they need to make a passable note. I would have to really get my hands on a note to say more about the quality of the paper and the strip and all so I will just leave it there but were one to pass one of these at the local gas-n-sip without the little pen check, I am pretty sure you would walk away with change.
A Little Investigation
Anyway, looking at this site I decided to dig a bit and see if they done fucked up somewhere on the OPSEC. I ganked the sites down using WGET Torrify and checked for metadata etc. What I found was pretty much nothing to write home about. They have done a good job at securing the site and using ToR to obfuscate who they are but those photo’s just had me thinking they must have left some clues there. So I took a closer look at them.
Asian Man 1
Asian Man 2
Asian Man 3
6 1380684725
So yeah, Asians unloading the Flexo. Are they the owners? Are they minions? I really cannot say, but I will say that the Asian gangs have been known to be involved with this activity in the past as well as DPRK. Slick professional operations like this means to me that these guys have been at this for a while. Their versatility in making old and new bills, the use of the Flexo and the right materials… It all leads me to believe they are pro’s…
Or… It’s a trap!
The images though had no metadata to use so we have to go on the IMINT itself. The biggest tell to me is the number on the forklift. Someone may be able to get a lock on where this thing is sitting because they unloaded it in these photos in some industrial area and that machine did the work. A long shot really but hey, it is what it is right? That’s all the attribution I am willing to state here on this. Maybe Los Feds (USSS) can do a better job?
So What’s It All Mean?
Welp, I for one an impressed with what I see here. From a forgery perspective these guys have a legit *cough* act here. Yes yes yes, criminal but interesting! So many places on the darknet are just poorly put together craptastic sites with a barker at the front door yelling “BUY SHIT!” This though is more subtle, straight forward, in a crooked way, and merits the attention of both me and perhaps the federal authorities that handle such things as fake currency. They must be doing a good job because they also claim at the top to look out for a cloned site as well! Imitation being the most sincere form of flattery is it?
I also think it very telling that they offer no bitcoin wallet on the site as well. This to me says that they are being careful with the OPSEC, and frankly that is a smart play. You have to order with your email address and they will contact you. It could all just be a scam… It could be a sting operation… I am not going to go any further to find out though. I just surf the darkest parts of the darknets and chortle.
Oh darknet.. I lurv you!
Dr. K.
KRYPT3IA KRYPTOS CRYPTEX CHALLENGE 2016 TEASER
OK KIDS!
HERE’S THE PUZZLE IMAGE! I CALL IT KRYPTOS. NOT THE FINAL IMAGE MIND YOU…
NO SPOILERS!
DR. K.
2016 DEFCON24 KRYPT3IA KRYPTOS CRYPTEX CHALLENGE
Hi kids!
I have decided to carry out a little insidious game with those who wish to play at DEFCON24. The prize of this little game is a two thousand year old Roman coin that I have selected out of my stash of cleaned coins. All you have to do is solve my puzzle and follow the instructions therein. I will be posting the puzzle just before DEFCON24 (August 4th 2016) so keep an eye out on the Twitter feed and the blog.
Good luck!
Dr. K.
Krypt3ia 