Archive for September 2016
Dear Cloudflare, Please Stop Doing Business With ISIS
A while back I posted about a new darknet site that the da’eshbags at Dabiq have put out. I decided to circle back to the site to see what has been going on with it as I originally was kinda “meh” about it. When I looked today I noticed some things that perhaps I missed before, the primary point being that this site is being hosted/protected by Cloudflare. What we have here is a new hybrid of darknet onion hidden site and clearnet hosted and DDoS protected content by Cloudflare. The site itself is http://ou7zytv3h2yaosqq.onion/ while the cloudflare backend is dabiqservehttp.cf.
It isn’t new to see the jihobbyists using Cloudflare though, all the boards seem to be using them now on the clearnet but in the darknet this is a new hybrid model. No wonder this site is still up and still feeding fresh crap from Dabiq to Al Bayan radio feeds. Nothing can really take them down with this hybrid solution it seems. Of course a sustained attack on the onion server might do the trick but who’s got time for that huh? The fact of the matter is all their shit is out there and protected by a firm that doesn’t seem to give one crap about what they are hosting and protecting as long as they get paid.
MEANWHILE IN OPSEC NEWS…
These nitwits are commenting and leaving their hotmal, yahoo, and gmail addresses. GEE WHIZ!
Comments: http://ou7zytv3h2yaosqq.onion/11166 http://ou7zytv3h2yaosqq.onion/31656 http://ou7zytv3h2yaosqq.onion/18366 http://ou7zytv3h2yaosqq.onion/16501 http://ou7zytv3h2yaosqq.onion/15152
I sure hope the kids all enjoy hunting these idiots down… You see uhhhh the point of the darknet is to hide who you are.
Anywho… So new darknet things in new darknet ways. The jihad has moved itself into the darknet a little further with the help of Cloudflare.
K.
The 0day and The Snowman
<REDACTED> sent me this blog post this morning and I read it with due diligence per our relationship. Once I had finished reading it and the bile taste left my mouth I decided that I should put down some thoughts here to share…
First off, let’s all face facts that NO ONE has the full story here. No one. Not one fucking person. Snowden is lying to some extent, the NSA and the government are lying to some extent, and anyone who does not have direct experience with what happened at the VERY top of clearance probably doesn’t have the whole story either. It’s called classification, over classification, and compartmentalization. Whether or not it is to protect “sources and methods” or not, there are always lies, obfuscations, and inveigling that happen within the community. So fuck you all for all of your jibber jabber back and forth on who’s bad and who’s not and what damage this has done to our safety.
That really includes you Mike Rogers.
Here’s my take on it all.. Fuck if I know what the fuck happened and you don’t either!
I watched Stone’s movie and thought it heavy handed and certainly not the facts as they are presented.. That is presented by whichever source you want to believe. Just like this whole fucking HSPCI report timed EXACTLY to coincide with the release of a fucking film to spin the media and the people? JESUS FUCK if this report isn’t a propaganda leaflet drop what the fuck is?
Ok so fuck this shit. Everyone move on. Understand that you are all being surveilled to whatever extent you want to believe either by the government or the companies you slavenly give your information to in order to get access to the next great fucking Facebook app! Big brother is everywhere and he is in your pocket right now ticking your neither regions!
LOVE IT OR LEAVE IT!
If you want to leave it then stop using the shit, learn to secure your shit, and use OPSEC.
Dr. K.
Ahmad Rahami’s Journal: The Sycophantic Nature of Failed Seekers
Ahmad Rahami, the new jihadi wannabe lone wolf du jour made a splash with his bombings of a dumpster and a trash bin on CNN and the other media outlets but let’s really take a closer look at Ahmed and his mindset with the release of his ersatz “journal of jihad” shall we? First off, I am tired of the media coverage and while this was serious, it just show’s you the level of recruit and planning that AQAP/AQ/da’esh have in the US presently and to wit, not very high. Frankly, looking at his journal pieces here I can only surmise that if Ahmad doesn’t have some sort of personality disorder it would greatly surprise me. On the other end of that spectrum, Ahmad clearly is a failed seeker acting out within the confines of his chicken shop malcontent diaspora in search of importance.
Ahmad opines the usual catch phrase diatribes seen in Inspire or Dabiq and on the web in general on the boards but seems to not really have a greater grasp of his own religion than most of the daeshbag recruits these days. Clearly he has been suckling at the tit of the jihadi propaganda machine and in fact had close contact with recruiters in Afghanistan and Pakistan where he spent a good deal of time in recent years on and off. These guys look for recruits who have weak wills and minds that can be easily swayed. Minds and hearts, ego’s in search of self importance that they lack presently but are told that they will be martyrs for the greater cause if they blow themselves or the far enemy up and it is bullshit.
All of the propaganda placed by these Khawarij are just a mental virus, neuro-linguistic programming, used to prey on the weak minded souls out there, those failed seekers in order to bring them in and turn them to the Khawarij will. For some time now the security services and governments of the world have been trying to see how they can combat these memetic viruses online and so far no one has been able to come up with a solid solution. Those wh0 are seeking will latch onto anything that they feel an attraction to and it has been since time immemorial. Cults, and religions both rely on this to build their base, belief is key and the means to that end is dogma.
In Ahmad’s diary we see this in action and we see the brain washing and self delusion that goes on here with the repetitive statements in this journal that he used to egg himself on to action. No doubt he wrote this out and continued to do so as he built the bombs. All of this, all the language is a means to an end to justify to himself his actions. Actions fed to him by the propaganda online, in person, and programmed into him and all the others who are willing to listen, to believe, and to act.
Weak minds.
Weak souls.
Pawns of the Khawarij.
I truly hope we can come up with a means to combat such memetic viruses but so far I see no hope of it. Prepare yourselves for the other weak minded jihobbyists out there to try and catch their own brass ring of importance. Just don’t let them enable fear to win and change the course of our governance to a fear based one… Well… One that is more so than it already is.
Dr. K.
YES YOU TOO CAN BUY A 1 KILOTONNE SUITCASE NUKE IN THE DARK NET! (Ok no not really)
So I was surfing the darknets as is my wont to do every morning to see what the kids are up to and this site popped up that claimed they had Russian nulcear hardware for sale. What else is a guy like me to do with a site like this than to say FUCK YEAH! LEMME IN AND LEMME BUY SOME! I did the sign up process (Of course I signed up all super sekret like using the name SPECTRE) and immediately took a look at the wares! These guys have a few options on their “products” page and gee, it was hard to choose from the offerings as they are all super cool.
My account (SPECTRE)
As you can see I have three options for types of nukes and how they would be deployed. I opted for the “Suitcase Nuke” because who hasn’t wanted one of those right? AM I RIGHT? I am right right? Anyway, the other options are a land based “Iskander” system (like the one in Spies Like Us) or a Sub based “Bulava” missile evidently already deployed and laying in wait off the coast of somewhere within a weeks distance according to the details. Each of these options has only regional capacity and the suitcase nuke is the most portable so there is that… Anywho, I forged forward and decided that $50 MILLION dollars was just ducky as prices go and that I could pony up the requisite bitcoins. (As seen below)
50 million in bitcoins please!
YES YES YES WHEN DO I TAKE DELIVERY ALREADY???
NOW, even though I did not see a bitcoin address here I JAMMED that enter button and eagerly awaited the response!
Wait, did I put in my bitcoin wallet?
SHIT!
FAIL!
GOD DAMMIT DARKNET!
CODE ERROR!
WHISKEY TANGO FOXTROT!
Ugh.. I am disappoint.
I have written a PGP encrypted, tersely worded email to their helpdesk…
Dammit. Guess I will have to go order some Polonium 210 or Red Mercury in Silk Road III or is it like VII now?
Dr. K.
UBER DD0S! MUST BE RUSSIA!
Oh the old go to’s of China and Russia… Hey Schneiman how about maybe it’s Kim Jong Un and the DPRK? Let’s play the attribution game with a little logic and analysis shall we? Let’s say that it is Russia or China, what would the endgame be here if they were testing such a means of attack(s) ? Would this attack scenario be part of the larger kinetic invasion? Would this be a part of a larger scheme to take out specific areas or are we talking about the WHOLE internet? There is a lot to parse here and so little to go on with what Schneiman is implying.
Now, Russia and China are both “Rational Actors” and both have large connectivity and ties to the global internet in more ways than one. One of those ties would be financial. So if an attack took out the core routers, how much of the global traffic would be taken out if these attacks were carried out? How much blowback would there be on these rational actors if this happened? What would be the financial loss net if this happened? Do you see where I am going with this Schneiman? If someone is really testing this type of attack, then it is either a rational actor looking for the endgame or it is an “irrational actor” testing something that they might use because they have nothing to lose themselves were they to deploy it on the larger game board?
Think.
So, who do we all know today who would fit this bill and has the capabilities?
Hmmm?
You have any ideas?
Come now…
How about THIS GUY?
That’s right! He’s banned sarcasm AND he has hacked Sony!
So just sayin there Schneiman you may want to think outside the box a little and use some analysis before you just start saying “China” did it… Or Russia for that matter. See Kimmy there has nothing to lose and EVERYTHING to gain if he carried out attacks like these. Just imagine the size of his DONG if he pulled this off and took down the internets! He wouldn’t feel a thing in the DPRK because they have very little internet access to start in the Hermit Kingdom.
Just sayin…
Dr. K.
UPDATE: Well now someone kindly pointed out I left out Iran and made them sad. Yes, Iran would be another semi irrational actor who could be doing this as well. Boo Hoo Iran!
The DNC Hack: October Surprises & The Second OPM
While the data may not be as invasive as an SF86, the fact of the matter is that every democrat that the DNC had access to is now up for grabs on the internet because of a hacker, or nation state, or hacker of a nation state, has dumped it all there. Whether it be the dump previously put on the net by Guccifer_2.0 or the last one this week, the upshot is that large chunks of raw data are out there with some kinda personal content if you are a Dem and that I think should give one pause.
In a discussion I had the other day with <REDACTED> about the election and the mess we are in generally as a populace, the natural turn things took were pretty fucking bleak. Look at the choices we have and then look at all the rhetoric about Russia potentially tampering with the election on the electronic warfare level and then stop to think about what has yet to come… October. The October surprise though seems to be being prepped or peppered already by the likes of Guccifer 2 and @DCleaks_ never mind Wikileaks. With the dump Guccifer put out this week while virtually speaking at a security conference (talk about flying planes sideways stunt hacking elections!) we just have more data to use and possibly abuse that might be valuable toward affecting the election process.
So when you see Mike Rogers at the podium saying “Russia might attack the election electronically” you might want to just yell back “They already did asshat!”
Just sayin…
K.
Ansar Al-Khilafah ZeroNet Edition…. Meh.
So a new jihadist/Da’esh site popped up in August (15th) that I was not aware of and was brought to my attention via a tweet at me this afternoon. The primary reason for not being really aware of it was that ostensibly the site is pseudo hidden by it’s being on “ZeroNet” which is a new form of darknet within the P2P systems like Bittorrent. The idea being that this site is hosted and torrented and is thus not really hosted on one system but potentially many.
Site location: Ansar Al-Khilafah http://127.0.0.1:43110/1F6yfsn94xyLo93zRgdKRjoLUtZGHYM11N/
Tweet by Manuel Torres pointing out the site
The site itself has a copy in the clearnet on wordpress so there is no great secret here. It is also a known quantity and the reality is that the site is marginal in the ranks of Da’esh wannabe’s but has a few solid heavy hitters that hang around. The site is more circumspect on membership and is much more oriented to a stricter OPSEC regimen ala the Andar1 site that the same guys hosted a while back. A cursory look at the clearnet site (the zeronet site was unable to load with 5 alleged seeders) doesn’t give any apparent leaks as to the owners real identities, email addresses and the like, but, one can always dig a littler deeper now can’t one?
ZeroNet is an interesting idea and it is rather new, so the security around it has yet to be really challenged I think. I will look into that some more as well in my off hours. One wonders that the anonymization might fail if one were hosting data as well as sharing data that might have metadata to look at or even some slip in protocols might cause information leaks. ZeroNet also suggests you use ToR or you use a proxy when you host or surf so there is that too. If you don’t then you are sharing your raw IP, which I can imagine some idiots might fail to comprehend and thus their OPSEC goes bye bye.
More later.
K.
Influence Operations: We All Carry Them Out
All of the hand wringing and whinge-ing over the possibility that Russia has hacked our completely insecure election systems has my bile up… Well that and it seems I am lactose intolerant and ate whole ice cream last night. Anyway, back to INFLUENCE OPS and their use globally. The article above from the Boston Globe really set me off this weekend. All of these guys in the corridors of power all hand wringing over the possible fact that Russia has been messing with our political process makes me want to fly to Washington and bitch slap people. This type of activity has been going on forever and it is not just Russia pulling these strings even today. If you take a look at the actual history of the world you will see many players playing the same games with or without the benefit of Wikileaks and computers both then and now. This is not new people and for fucks sake wake up and realize that the US playing the “hurt” card in this game is really quite absurd in the grand scheme of things.
Now once you have taken a little trip down history lane with those links I just provided, then I want to ruminate on the whole problem today of the hacks on our democratic systems. See, as a former pentester and now a blue team guy I often ran into places that just did not have a clue about security. Still today there are many places that are very clue free and that also includes our government and those bodies that comprise our election systems. Seriously? Seriously those election systems were not even being monitored? You are shitting me right that the alleged Russian hackers used Acunetix to scan and then just SQLi dumped shit right? …
And no one saw a god damned thing…
It’s hardly INFLUENCE OPS when all you need to do is run a shitty tool and just take what you want with a script kids. So really, stop with the hurt and surprised bullshit Congressman and Senators alike! Put on your big boy and big girl pants and get the fuck over the fact that someone would have the audacity to fuck with our already fucked up election cycle anyway! As to Putin’s comment on the subject recently ‘‘It doesn’t really matter who hacked this data from Mrs. Clinton’s campaign headquarters,’’ I agree, it doesn’t really matter because the fact of the matter here is that her actions alone concerning the BleachBit of her server days after it’s public disclosure should be enough to show us all just what fuckery is afoot without Russian intervention to begin with. What the paradigm change here is is that we now don’t have to send plumbers to Watergate’s to break into file cabinets to get the data. All one needs to do now is fucking Acunetix an IP and then run SQLi map to fuck with a national election and that is just fucking sad.
Shut up Grandma Nixon!
At the end of the day I for one don’t care who hacked the shit, what I care about is that there is enough evidence to show that even with out information/influence operations that there’s some crooked shit going on. The problem is that this is the default state of our governance and election system so one tends to just become complacent about it. The hack on the election here and now, with the fate of the world in the balance so to speak, with Führer Trump or Grandma Nixon only makes it all the more piquant for the hungry news media but in the end means a choice between two terrible shit sandwiches to those paying attention here.
We are all fucked either way.
Move on.
Dr. K.
Krypt3ia 