Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for January 28th, 2019

OPSEC and 2020

leave a comment »

 

OPSEC FAIL: IC and MIL LinkedIN Pages:

I recently had a comment on a post on LinkedIN (I post crazy darknet shit on there for giggles) that I did a double take on. The comment was from a profile of a woman who claimed to be a “Counterintelligence Agent” openly on the site. Now, if there is one thing about IC club I know is that if you are in IC club, you don’t talk about IC club openly like this unless you are retired. So I just had to look into this further. As I began to do some OSINT on the profile and the name attached I quickly came to the conclusion that this person was not at all what they claimed to be online. In fact, within a couple minutes of just Googling the name I started seeing all kinds of crazy things.

 

In the end the conclusion for this profile was that it was either a disturbed individual or that it was a cutout account for some kind of fuckery and I stepped away at that point. But, it got me thinking… Are there legit people out there using LinkedIN who are actually in the IC and posting that fact online now? Would that not be an EPIC OPSEC faux pax? Well, I decided to go look and see what I could find out there. What I found led me down a long and winding derp laden path and I bring it all to you now gentle reader. The portents of all this though lead me finally to ask the question; “Ok, if these people are online giving away their data, what are the RNC and DNC people doing post 2016?”

Well… Short answer is they are doing the same thing and giving the Russians or any other actor a plethora of data to use in spear phishing campaigns for 2020.

First though, as I started talking about, the IC seems to have a problem with OPSEC and I just don’t understand how these people are not being talked to. Take a look below and see what I mean here…

 

 

 

 

 

I did some backstop work on these and they seem legit. So my question then is how are they allowed to put this kind of information out there? Why are they doing it? I mean sure, this site is about jobs but, they are currently in a job and all of them should be more security conscious about putting their details out there I think. I mean, the people who are on protective detail for the president?

Really?

Of course then there are INTERPOL people and the like. What are they thinking? If I were looking to target people to attack with phishing and or to just watch and wait for an opening this would be my first easy stop to locating those people. I mean sure, the Chinese have all our SF86’s but geez! I also found more than a few military types who are in CI and other areas of the “secret” space that have current profiles with pictures and details that would make it fairly easy to get their information from open source and to target them as a nation state. The worst of the profiles though was this one:

 

WHAT THE? …. I can’t.

Yes, this woman is danging deets out there and if indeed is married to another CI agent… Whoa. How do these profiles even get out there? How is it that the Military is not teaching OPSEC classes and or looking at pages like this to stop this kind of thing? I do know there is a group that does this but wow. In this case I backtracked her as well and yep, I have her address etc now so I could easily target here and her spouse.

2020 RNC and DNC Attack Surface:

So, following this line of thought I started looking at profiles of people in both parties committee’s on LinkedIN. I decided though, to focus on those who would likely have admin access as a part of their job and I was not disappointed in finding a rich target environment. It turns out there are a fair bit of them out there oversharing as well. One would think that maybe after what happened to the DNC in 2016 these guys might, ya know, not want that kind of detail out there but hey, they are only in IT Sec and IT right?

 

 

 

 

I guess if you are a CSO or CTO you might show up on the page of the org itself but really, I would not even recommend that for some of these people. I mean, the average executive is not usually that security savvy and they are a prime target for adversaries. In the case of the DNC hack the GRU seems to have started with high visibility people in the campaign but really, if one were looking for a toehold anyone with rights would be a choice target right? I went down this rabbit hole a while and there are plenty of targets out there giving their names, their personal sites, details, and accounts such as Twitter and the like. All of this information can and likely will be used by adversaries looking to get into their networks so why are they posting all this out there?

Are we all just inured by social media?

 

I mean at least this guy tried to hide is real full name but DERP it was in his profile URL! Oh and the pic at the podium is just precious too. At least he tried though huh? This guy though is one of their “cyber” security engineers and you’d think anyone in security would have a better understanding of how not to give all this information out to anyone who wanted to abuse it right?

Guess not.

Putting on my prognostication hat, I suspect all of these people have been targeted or are on lists to be targeted by those out there looking for this kind of intel in the open source world. All you need to do is then carry out the full OSINT and you can get a pretty detailed accounting of their lives, their friends, their families, their proclivities, etc. All of this can be used against them in a campaign to subvert them and their access.

Sadly, this is the state of things.

K.

Written by Krypt3ia

2019/01/28 at 13:58

Posted in OPSEC, OPSEC_FAIL