Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for June 2019

Existential Angst

leave a comment »

In the face of the daily news from all sources, the Twitter-sphere, and the rest of the internet, it seems that we all are facing numerous existential issues. In the news cycle alone lately we have more and more proofs with data that anthropogenic climate change (ok ok destruction) leaves us with an expiration date for life on the planet of 2050. Meanwhile, the Trump administration (if one calls it that and not shit show) is busily destroying Democracy and seemingly trying to move that 2050 deadline to, oh, next year. No wonder why generally the populace, and in particular the youth today (Millennials and Z’s) seem to be losing their collective minds and more often infantilizing themselves into a stupor.

Yes yes, of course the parents of those millennials also sculpted, wait, bulldozed, their psyche’s into this mess but after that, I cannot blame them looking at the world and just wanting to check the fuck out. I mean, look at all this shit today? How the fuck did we get here? No, it wasn’t just Russia either! No, we did this to ourselves and it’s only gonna get worse I fear. It will be a combination of fucked up elders and dysfunctional governments (mostly the US in this post) just spinning the cylinder on the .38 snub and hold it to our collective heads like that famous Vietnam war photo…. At least it can feel that way at times. We just have no control do we?

All of this and likely future fuckery that is to come makes me just postulate that we are in for a worse time down the line and that many of you out there will just go all YOLO and give up. I for one often think about this on a grander scale and since I am in my later years, I often just have to settle with; “well, at least I did not have any kids” because fuuuuuuck are they going to have to deal with all this shit when the bill comes due!

Which brings me to my next topic, as we move through all this and still do not do anything to really address the more existential issues that we all must deal with or die, I suspect more and more people will just resign themselves to it all and let apathy take them away. Some will be cognizant of it all and steadily lose their minds, showing many manifestations of mental maladies and perhaps take up behaviors like drugs, or other hobbies to just not deal with reality. It’s easy to get lost in the cyber now right?

Game away your pains and dull your senses with some drug or whatnot right?

Lately I have wondered and pondered at the people in this hacking/infosec community as well and why they seem so fixated on all this or that shit, lacking any broader ability to converse about things or experience things. Perhaps they already feel this, perhaps they are all spectrum…

Who knows.

Ugh, whatever… Just deal with your mortality kids.

K.

Written by Krypt3ia

2019/06/12 at 17:39

Posted in Uncategorized

No More LinkedIN

leave a comment »

It seems that after posting about an alleged sale of Iranian spy data on the darknet, I find myself no longer able to log into LinedIN. I believe someone reported me for that post and perhaps some of the other oddities posts I have found in the darknet and shared on my LI page. Upon trying to log in since then I get the following demand for my personal data, either my passport, my drivers license or some other identity card scanned or photographed to prove I am who I am to their site so I can log in again.

I have a couple words for you LinkedIN; Fuck you.

That’s right, fuck you. I remember when you got hacked and all your passwords were not encrypted. I sincerely doubt that you will handle even more sensitive data of mine like an image of my national ID, Passport, or my drivers license with any more delicacy. This also feels like just another means to gather even more data about me that you could potentially sell to others or provide to any law enforcement agency that asks in future. In fact, how do I know that this is not an attempt to harvest more personal data to do that now?

No, I have nothing to hide, but fuck this kind of shit to allegedly authenticate me after finding “strange activity” on my account. This smells like a corpse flower in the dead heat of the Amazon basin.

So yeah, I know LinkedIN was seeing all my traffic, and they kept trying to get me to sign up to a full account but this is no way to go about it, nor is it a security check that is valid either. I am not giving you my ID’s

Buh bye.

Written by Krypt3ia

2019/06/12 at 16:53

Posted in FUCKERY

shaqgegpbanuq24g.onion: Alleged Iranian Espionage Sale Site

leave a comment »

 

Tooling along the darknet last week I came across this little beauty and decided to play along. I collected the site first and took a look at the Persian text as well as tested the sites security with OnionScan. Here is what I found.

Original post from a pastebin on the darknet…

The Persian seems to have the right syntax for part of it but my Farsi is meh so if anyone wants to correct me there go right ahead.

ن از کارمندان سابق وزارت اطلاعات بودم و میخوام بگم که اگه کسی به اطلاعات دقیق نیاز داره یا خریدار اطلاعات است میتونه با من در تماس باشه از اونجایی که من خودم تو اون مملکت نیستم خیالم راحته و میخوام هرچی اطلاعات راجب کاراشون و افراد مخفی اون ها دارم رو در اختیار یک خریدار خوب قرار بدهم

Translation online:

I was a former employee of the Ministry of Intelligence, and I want to say that if someone needs accurate information or information purchaser can contact me, since I’m not in that country, I’m comfortable and I want all the information you need about them and their secret people. Give me a good buyer

Now all this tied to the imagery of Wikileaks and Anonymous kinda made me giggle but, it could still be legit (though not likely) so I decided to email the guy and see what I could get from him or them. The email address louferna@secmail.pro made me wonder if that was a name, I mean, Lou Ferna? Hmmm… A google of the name “Lou Ferna” got some hits but nothing that means anything really. The same goes for louferna straight up. I did go down the anagram rabbit hole for a bit but stopped myself before I started making murder maps with yarn in the office.

Anyway, in pondering the offering I had to wonder at the high bitcoin rate there. Seven bitcoins currently is worth about fifty four thousand dollars, which, I mean you gotta be a real player to pay this right? This kinda passed the smell test on this kind of data’s worth to the right people. Then there is the bit about giving proofs, which we shall cover further down in the post. I decided that this was worth playing with and used a cutout account to email the seller. Here is the results…

I emailed asking for proofs 

They responded first by saying they were working with someone else and brushed me off. I found that to be odd, so I pushed and emailed back saying that, that deal could fall through and what harm would there be if you gave me proofs? I mean, I could up the bitcoin amount if it was good stuff! They responded back with the text below….

With this email they had attached an image file. I checked that it wasn’t some malware etc and then opened it locally to inspect it. Once I took a look I emailed back to say that I would backstop what they had sent me and respond back confirming an offer. Of course I did not respond back but instead tried to do the backstopping as I had said I would.

The information that they sent is rather complete but useless in my opinion. I will admit that I did not spend a lot of cycles on the OSINT here (enough to translate names into Persian and then search) but I tried with all the ancillary data. So far, I was able to locate only one of these people and even that one had their name misspelled. Image searches for these guys proved fruitless as well because the engines kinda suck at this kind of thing. What became obvious to me is that this is all trying to play off of the leaks by the actors dropping APT34 data on the darknet as well as telegram, which I believe dropped even more tools etc this week if I remember correctly.

Anyway, if any of you come up with more solid data on these cats lemme know. I am not spending any more cycles on it really. Add to this the fact the the site is down now and was as of Monday when I checked again, so pretty much after I emailed them they went poof. I got no wallet to send money to etc. For all I know the other “client” paid up if there really ever was one. For myself, I am leaning on this being a fraud, an interesting one at that, but a fraud. The only other thing I can possibly think is that maybe I am just not seeing the right picture here and they did sell it and rolled up the carpet.

*shrug*

Some things to take from this though…

  • The site was clean, no security leaks at all. If you are gonna have a presence in the darknet it is really best to use the KISS method. These guys just used a simple HTML static page. Simple yet effective in keeping the security of where the site sat and not leaving a trace online to track back with. The only thing I could say is that the email address could be an Achilles heal because it is hosted by a company rather than their own hosting service.
  • The story had enough to keep one interested and to possibly think it is legit. It was a step above offering at the start to give proofs.
  • The brush off, if it was a ploy, was superb SE and they were playing the long game with that.
  • The 54K price tag also played into the thing being legit enough to at least talk to them.
  • The story that they used to be Iranian spooks and that they lived outside of Iran now played too, it also made for possible stale data in the offering, note they talked about Khomeini and agencies from the past.

Nothing ventured nothing gained huh? I of course reported the site to the right people in low places and forwarded a copy of the site in case it went poof (which it did) so they have it all.

An amusing story for you all.

Feel free to play the home game on those guys in the pics and lemme know what you find.

K.

 

Written by Krypt3ia

2019/06/05 at 17:15

Posted in Cyber, DARKNET, INTEL