Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for September 6th, 2016

Ansar Al-Khilafah ZeroNet Edition…. Meh.

leave a comment »

screenshot-from-2016-09-06-14-37-44

So a new jihadist/Da’esh site popped up in August (15th) that I was not aware of and was brought to my attention via a tweet at me this afternoon. The primary reason for not being really aware of it was that ostensibly the site is pseudo hidden by it’s being on “ZeroNet” which is a new form of darknet within the P2P systems like Bittorrent. The idea being that this site is hosted and torrented and is thus not really hosted on one system but potentially many.

Site location: Ansar Al-Khilafah http://127.0.0.1:43110/1F6yfsn94xyLo93zRgdKRjoLUtZGHYM11N/

screenshot-from-2016-09-06-14-49-25

Tweet by Manuel Torres pointing out the site

The site itself has a copy in the clearnet on wordpress so there is no great secret here. It is also a known quantity and the reality is that the site is marginal in the ranks of Da’esh wannabe’s but has a few solid heavy hitters that hang around. The site is more circumspect on membership and is much more oriented to a stricter OPSEC regimen ala the Andar1 site that the same guys hosted a while back. A cursory look at the clearnet site (the zeronet site was unable to load with 5 alleged seeders) doesn’t give any apparent leaks as to the owners real identities, email addresses and the like, but, one can always dig a littler deeper now can’t one?

ZeroNet is an interesting idea and it is rather new, so the security around it has yet to be really challenged I think. I will look into that some more as well in my off hours. One wonders that the anonymization might fail if one were hosting data as well as sharing data that might have metadata to look at or even some slip in protocols might cause information leaks. ZeroNet also suggests you use ToR or you use a proxy when you host or surf so there is that too. If you don’t then you are sharing your raw IP, which I can imagine some idiots might fail to comprehend and thus their OPSEC goes bye bye.

More later.

K.

Written by Krypt3ia

2016/09/06 at 21:00

Posted in Internet Jihad

Influence Operations: We All Carry Them Out

leave a comment »

Screenshot from 2016-09-06 08-29-26

 

All of the hand wringing and whinge-ing over the possibility that Russia has hacked our completely insecure election systems has my bile up… Well that and it seems I am lactose intolerant and ate whole ice cream last night. Anyway, back to INFLUENCE OPS and their use globally. The article above from the Boston Globe really set me off this weekend. All of these guys in the corridors of power all hand wringing over the possible fact that Russia has been messing with our political process makes me want to fly to Washington and bitch slap people. This type of activity has been going on forever and it is not just Russia pulling these strings even today. If you take a look at the actual history of the world you will see many players playing the same games with or without the benefit of Wikileaks and computers both then and now. This is not new people and for fucks sake wake up and realize that the US playing the “hurt” card in this game is really quite absurd in the grand scheme of things.

Now once you have taken a little trip down history lane with those links I just provided, then I want to ruminate on the whole problem today of the hacks on our democratic systems. See, as a former pentester and now a blue team guy I often ran into places that just did not have a clue about security. Still today there are many places that are very clue free and that also includes our government and those bodies that comprise our election systems. Seriously? Seriously those election systems were not even being monitored? You are shitting me right that the alleged Russian hackers used Acunetix to scan and then just SQLi dumped shit right? …

And no one saw a god damned thing…

It’s hardly INFLUENCE OPS when all you need to do is run a shitty tool and just take what you want with a script kids. So really, stop with the hurt and surprised bullshit Congressman and Senators alike! Put on your big boy and big girl pants and get the fuck over the fact that someone would have the audacity to fuck with our already fucked up election cycle anyway! As to Putin’s comment on the subject recently ‘‘It doesn’t really matter who hacked this data from Mrs. Clinton’s campaign headquarters,’’ I agree, it doesn’t really matter because the fact of the matter here is that her actions alone concerning the BleachBit of her server days after it’s public disclosure should be enough to show us all just what fuckery is afoot without Russian intervention to begin with. What the paradigm change here is is that we now don’t have to send plumbers to Watergate’s to break into file cabinets to get the data. All one needs to do now is fucking Acunetix an IP and then run SQLi map to fuck with a national election and that is just fucking sad.

Screenshot from 2016-09-06 09-17-01Shut up Grandma Nixon!

At the end of the day I for one don’t care who hacked the shit, what I care about is that there is enough evidence to show that even with out information/influence operations that there’s some crooked shit going on. The problem is that this is the default state of our governance and election system so one tends to just become complacent about it. The hack on the election here and now, with the fate of the world in the balance so to speak, with Führer Trump or Grandma Nixon only makes it all the more piquant for the hungry news media but in the end means a choice between two terrible shit sandwiches to those paying attention here.

We are all fucked either way.

Move on.

Dr. K.

Written by Krypt3ia

2016/09/06 at 13:26