Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Author Archive

Dark Reading: CISOs Caught In A Catch-22

with 3 comments

Screenshot from 2015-07-22 10:36:45

Full article:

JESUS FUCK.

Now that I have that out of the way let me take this article and turn some things on their head a bit. I would ask, if I were writing an article on this subject just how talented on average are these CISO’s that are being made scapegoats and not allowed at the C-Level table? Are these CISO’s capable of making those security decisions to start? How technical are these CISO’s on average and have they worked the bulk of their career in information security?

See this is what burns me much of the time. We have CISO’s who are titular C-Level execs that most often than not NEVER carried out a pentest and have little to no real experience carrying out a security program to start with. This is a problem and one that everyone seems to not quite grok in the corporate world but if you are in INFOSEC and you are capable, usually you are not considered to be C-Level material at the average corp. This is just my experience of this being in the business so long but hey, this article seems to be backing this up a bit as well.

On top of all this it seems that the people asked in this survey of sorts showed that the CISO, like much everything else in INFOSEC is considered the red headed step child that is better neither seen nor heard. That is until they have had a breach and then they can blame the CISO that they have not empowered and perhaps never trusted because they weren’t competent to start with.

But hey.. That’s just me right?

The role of the CISO is evolving more now because the breaches today are at a high and the compromises with data dumps have been making the news cycle burn brightly. That’s the extent of it really, these companies aren’t looking at the news, turning to their boards or other C-Levels and saying

“SHIT! WE REALLY NEED SOME TALENT AND EMPOWERMENT TO THE CISO NOW NOW NOW!”

Mmmmmyeah, not happening that I have seen. Evolutions kids is a long ass process and in nature it takes millions of years. I am afraid though that in INFOSEC we don’t have that much time. So here are my bullet point thoughts to leave you with;

  1. We’re fucked
  2. If your CISO has no experience and shows that in meetings with other execs… You’re fucked
  3. If your CISO has no empowerment… You’re fucked
  4. If your CISO has no empowerment and no real experience he will be gone soon and… You’re fucked anyway
  5. Corporations are like living entities made of of large amounts of cells (people) that are in essence psychopaths. They are self involved, manipulative, and only want what they want and will do anything to get it.

You’re fucked.

K

Written by Krypt3ia

2015/07/22 at 19:56

Posted in Infosec

Cryptofuckery: Comey, OPM, YOU.

leave a comment »

tumblr_static_tumblr_lm05wykzkl1qdqgg6o1_500

I watched in ever increasing fits of rage as the hearings proceeded. First it was the five hearings on the OPM data loss and failures therein, then it was the two hearings on “going dark” featuring James Comey. By the end I was a seething mass of hate gnashing my teeth and using the last nearly shredded synapse I had left to parse the fuckery I had seen.

OPM:

What was all this? How did we get here? How the holy hell did our government completely abdicate its responsibilities around secret information that was used to grant people secret and top secret clearances? I sat mouth agape in rage as I watched Archuleta mumble and stumble her way toward insufficient if not blatantly obfuscated answers to the senators on what and how things had happened. It was clear by the mid point that we had been fucked collectively by the US government who consistently says “trust us” then turns us over and fucks us in the ass.

Now we hear that there actually were approximately 22 million people who’s personal data was stolen by god knows who, though really can we trust that figure? I mean how many times did Archuleta say she did not know how many to the senators? How many though is a relative thing when you are not logging, which now we also know per the CIRT team that testified in one of the hearings. When you aren’t logging it is like every day is a day in Vegas baby.

Fucking hell.

Meanwhile everyone is a twitter about the “who” that did it and the OPM and their minions are crying APT and CHINA! Well, what evidence has been presented that it was in fact China?

Oh, yeah, “trust us”

So, an org that wasn’t properly logging, wasn’t following recommendations from the IG, and had a terrible security record that included not hiring people who knew what they were doing but double and triple tasked current employees to be security is going to tell me definitively that China did it. Sure, I will just believe the fuck out of that. The reality though is that I can believe it was China since I have not seen any data for sale in the darknets and this is their modus operandi but that is cold comfort here. It could have been Russia, it could have been DPRK for all we really know and this can be said because once again, they weren’t logging and they weren’t practicing security due diligence so the bar to entry there was low.

For fucks sake, with what we know now it could have been little Billy in his bedroom with the sticky tube socks who hacked OPM right?

By the end of the hearings I had a massive headache and needed a bottle of whiskey to kill the memories and the pain. Do not get me wrong here people, this is no news to me. You see I once did some work in the gov space and in fact worked in the DOI where that server was housed by OPM (yeah, not even in their own space) and I know how that government sausage was made. I especially loved how I was lied to by employees, to my face, only to show them the actual scans and pentests that proved they were lying. Obviously nothing has changed since I was there many years ago.

The moral of this story though is not only about the lack of due diligence but I wanted to focus on the cryptofuckery that was on every senators lips.

“Why weren’t those files encrypted Mrs. Archuleta?”

Every time this question was asked I just wanted to yell at the tiny screen.

“NO YOU FUCKERS THE CRYPTO WOULD NOT MATTER! YOU DON’T FUCKING GET IT!”

I shook my impotent fist in the air and grumbled over and over but as you would expect it is to no one, since no one listens anyway. The fact of the matter though is that many in the world misapprehend what crypto is and does. A database that is encrypted and is live is not encrypted. The data is encrypted at rest, not while users have active access to it!! So it is useless to hang your hat on the crypto argument in the debate over OPM failure but the senate and the genpop just don’t get that.

Here it is for you all in plain lingo;

If the system is live and the user who has access to it is pwn3d then FUCK ALL matters crypto ok? Own the endpoint and you own the whole thing. I sense a Game of Thrones quote here somewhere but I just can’t put it together.

JESUS FUCK.

Comey The Backdoor King:

Then the hearings for “Going Dark” came and the derp parade was in full derp regalia. James “back door” Comey came to the senate to beg the question;

“What’s so bad about backdoor’s on crypto? I mean, trust us, we are the government!”

I sat agog once again as this guy took every opportunity to say “Well, I am not an expert but I see no problem with doing this” repeatedly to the senators. Senators mind you, that did not really take him to task. Instead they listened and nodded and agreed that ISIS is scary and that terrorism was as well. The odd thing though was that if you listened closely enough, Comey was not predicating all of this on Islamic terror but instead “regular crime” He chose to use the old pedophile routine and the obvious child kidnapping scenario to make his case.

It was Jack Bauer all over again except this time Jack was tearing the finger nails off of someone to get their crypto keys because the gubment did not have an easy access backdoor to just decrypt the everything. This is the same argument that we almost saw behind the scenes post 9/11 that got us to where we are today with global pervasive surveillance in the post Snowden era. The only difference this go around is that Comey is asking and the senate and us are watching. This time we at least get to watch and say “WHAT THE FUCK?”

Well, the hearing went on and on while Comey said the same thing again and again “We need this and I don’t think it’s a bad thing, I mean, there has to be a way right?” Contrary to what the experts did say though, that a back door, front door, side door, whatever, degrades the efficacy of the crypto and it should not be done at all. Never mind the whole issue of thinking that we live in an Orwellian dystopia now with pervasive surveillance, add to that that the government would have access, warrant or not, to a universal back door to cryptographic systems. This would be the shit sammich on top of the shit sunday we have today not to put too fine a point on it.

No Comey. Just. No.

Alas though we will see what the senate has to say and the rest of our “august” body we call our government. Kids, we are well and truly more fucked than we were before and I am afraid it is only going to get worse. Back door access to crypto will not help, people will come up with ways to use crypto that is not back door accessible and I am fucking sure that the terrorists and other bad actors will carry on as they have. No Comey, it’s time you did your fucking jobs and got more people into the HUMINT space not just back door all the things.

If I were you all… I would start coding new crypto programs or start printing one time pads.

K.

Written by Krypt3ia

2015/07/11 at 12:52

Posted in .gov, FUCKERY

The Nuclear Bomb of the Mujahideen

with one comment

Screenshot from 2015-06-24 08:13:59

Nuclear Bomb of the Mujahideen:

AS IF the jihadi’s were listening to some people in the media they responded to a dearth of their particular brand of crazy in the darknets by adding a new site Monday. The Nuclear Bomb of the Mujahideen is a single page on the onions with six download links for documents on how nuclear weapons work, how to make one, and how to calculate the effectiveness of materials and fallout. Yes indeed, the darknet is now indeed scary because the AQ centric author of this single page has uploaded old data from 2006 that was circulating the clearnet on the jihadi boards back then.

WOOOO

Screenshot from 2015-06-24 08:24:57

So below I have some screen shots of the documents including the excel files that they left for calc’s to be made by some hapless jihobbyist who might try to make this happen. Frankly since there is nothing new here this is kind of a non story story BUT I wanted to get this on the blog before the MASS MEDIA SCARE engine sparked up and suddenly FOX is talking about the end of the world because DARKNET! This is not the end kids and in fact I think it much more likely that a dirty bomb would be used before some nuke was created by some group of jihadi’s or Da’eshbags.

Here are the details of the site:

  • Created Monday 6/22/15
  • Single page
  • 6 downloads
  • Email address of the creator is: sjpchm8723@mail2tor.com 
  • Old data
  • Excell and PDF’s uploaded are malware free (at this time)
  • Excel files do have macro’s though so there is that.. VT came up clean but MALWR.com failed me today (500 error)
  • Data is taken from government and science files on clearnet
  • Files created on system with Latin as base language not Arabi
  • Yes.. the feds now know about the site.

So take a gander at the images below then meet me at the metadata section!

Screenshot from 2015-06-24 09:21:522006 manual

Screenshot from 2015-06-24 09:22:25Put that DIY nuke on a truck!

Screenshot from 2015-06-24 09:23:41

 Implosion calculator for the package (Nuclear material fission)

Screenshot from 2015-06-24 09:24:00

 Fallout calculator

advanced_nuclear_weapon_design

OLD (FATMAN)

implosion_bomb_schematic

OLD IMPLOSION

METADATA:

What is more interesting from a DFIR kind of perspective is all the metadata that was left by the guy who put this site up and loaded those files. It could be all old data and I will have to go through my files to locate these pdf’s from 2006 to compare but let’s take a look shall we?

Screenshot from 2015-06-24 09:06:04

 Dude’s a Winderz user

Screenshot from 2015-06-24 09:06:16

 You can see where the 2006 files came from there…

Screenshot from 2015-06-24 09:06:31

 Using MS office and PDF machine!

Screenshot from 2015-06-24 09:07:20

Winderz 7!

Screenshot from 2015-06-24 09:10:11PDF details

Screenshot from 2015-06-24 09:10:37

MOAR PDF details

Screenshot from 2015-06-24 09:12:59

Excel

Screenshot from 2015-06-24 09:13:10

MOAR Excel

So what do we have here? Well, the creator not creating anything new. In fact the documents all come from the 2006 range (pdf’s) or 2014 in the case of the Excel files. So someone just downloaded these and then uploaded them to this site on Monday. Now, what I will say though is that they have enough comprehension of nuclear tech to include the excel files on the radiation fallout and calc’s for implosion but really, not much more than that. For all intents and purposes this could be a troll from someone who just Googled a bit and came up with a zip file to add to this site.

On the other hand, could this bee a phish of sorts? Why the email address? Feds? Or is this a real believer who wants to have the tech in the darknet and wants to have a discussion via mail2tor? I have to wonder about this and I may in fact email them to see what I get back. Since the files seem to be malware free (at this moment) I am going to say this is 50/50 a troll or a true believer. Though, the coincidence that a report on how there is a lack of terrorism (jihadi) in the darknet and suddenly this site appears, well, trollhard my friends.

Ok back to the media.. DON’T FREAK OUT!!! This is nothing. You have more to fear from your IP enabled toaster exploding like on CSI Cyber then you do of some numbnut finding fissile material on a darknet market and using these guides to make a bomb. Believe me.

K.

Written by Krypt3ia

2015/06/24 at 13:58

Posted in DARKNET, jihad, Jihobbyists

Commentary: OPM Is Just Another Link In The CyberFail Chain

with 2 comments

Screenshot from 2015-06-22 09:31:49

 

OPM is the exemplar of how our government deals with information security, or should I say doesn’t deal with it. Some will say that there are many mitigating circumstances like old systems that cannot be updated that caused much of the failures that lead to the OPM being compromised for over a year. However, the subsequent pivoting by the adversaries into many other networks we have not begun to even discuss as a nation yet because we are now media and governmentally fixated on the fact that the adversary had access to SF86 forms. Forms mind you that should be one of the better protected things out of all the possible things the government holds in it’s systems. So far the discourse in the media has been more sensationally oriented on the magic secret code names that the likes of Crowdstrike and Mandiant have come up with respectively for actors. Actors that they claim with varying vociferousness are in fact China whether it be the PLA (People’s Liberation Army) or the MSS (Ministry of State Security) though neither is accepting the pure hubris of all their press releases and anonymous or semi anonymous back-channel chats with the media in hopes of more attention.

Screenshot from 2015-06-22 09:31:04

Whether or not these attacks were from China and their varying and vying espionage organs is rather irrelevant now and everyone needs to understand this. The cat is proverbially out of the bag here and by the cat slipping the bag, we now notice that the emperor who was holding that burlap sack of cat is in fact naked. Or at least that should be the story here but as you can see from the stories filed above by the New York Times alone, the real attention seems to be on the fact that China is in fact hacking us. Well, I am sorry but I have news for you all, they have been hacking us for a long time now and doing very well at it. The primary reason for their being so able to steal us blind though is not as the media and the government and the Mandiant or Crowdstrike’s of the world would like you think. The APT (Advanced Persistent Threat) it seems, does not have to be advanced. They just need to be persistent and might I add patient.

So when you read the headlines and the stories like those in the Times about the advanced malware called “Sakula” and how the tricksy Chinese have gotten administrator on OPM systems I cannot blame the uninitiated thinking that this is hard and that the Chinese actors are the equivalent of super villains hacking from beneath islands with skull faced volcano’s on them. After all, the media is teaching the people not in the know by these lede’s that computer security is unfathomable and hard. You know, like the comment by Archuleta in the Congressional hearing that “Security takes decades” No ma’am it doesn’t and as the congressman who yelled at you that day said, we don’t have decades. In fact, I would say that this game of Go is almost done and we aren’t winning. We have lost and the reasons we have lost are manifold but I would say that the root of it all is that we, America, have abdicated the notion of securing the things that we should have long ago. The excuses are many; because it would be costly, or hard, or perhaps more so due to government stagnation, self interest, and indolence.

I know that the majority of the readers of my blog are in the security community but I wanted this post to reach across the void to the everyman on this matter. I exhort you to read the stories in the news and to take a step back. Consider the following statements and really understand where we are today.

  • The OIG not only has been reporting on the OPM’s security issues but all of the governments. Go read the reports online for other orgs. You just have to Google for them and you will see over the years the same issues surfacing.
  • OPM was told many times and with every report only minor changes were made. Money was not spent, people were not brought in, and all over networks that hold sensitive data.
  • OPM was not practising security at a level commensurate with policies and procedures that were standard 20 years ago.
  • OPM is part of a larger network of systems intergovernmentally. DOI (Dept of Interior) is one that I have had personal experince with. Insecurities abound.
  • Since the hearings the President has made comment that he believes in Archuleta and she is keeping her job, though she has failed to make changers per OIG that have been pending for years.
  • The argument that an adversary is advanced falls apart when the target is not following even the base security protocols that stop a user from using “password” as a password lord knows what else they weren’t doing.

Brass tacks, we deserved to be hacked.

Sad but true.

So gentle reader, consider what I have told you here. The government is not protecting OUR data commensurate with the security requirements we would demand of a company that holds it like say Target. It’s time to hold the government to the standards that they would like to enforce on companies. Let’s not listen to the marketing leaks by Mandiant and Crowdstrike about the actors and who they may be. What matters is that the data was taken and the reason it was taken was because of poor security and bad management on the part of the federal government. You know, those guys rattling the cyber war sabre lately.

Physician heal thyself.

K.

 

Written by Krypt3ia

2015/06/22 at 14:09

OPM: WHO? WHY? WHAT? ERMEGERD CHINA!

with 5 comments

OPM: Voted Most Likely To Be Hacked

Have any of you ever read an OIG report out there in cyber land? Well you should if you are interested in the security of your data and that data is held by any government entity. In the case of the OPM (Office of Personnel Management) it seems that numerous times the OPM was told by the OIG (Office of the Inspector General) that their security measures (FISMA) were lacking, to be nice about it. Others might use harsher words and frankly, after reading sections of the 2012 report on their security I want to have a full out Trourettes attack. Suffice to say that the OPM was not doing what they should have been. Have a read through on this document from 2012 and look at the big FOUO statement at the bottom of the pages from the FISMA assessment. This was easily downloaded from the OPM’s site through Google.. If this was meant to still be FOUO, well, there’s another fail for you.

CHygCqwWcAE33dG

CHygpOMWwAAJ8nf

CHyh_lrWcAAIE04

CHyhmyZWsAEZKv5

Screen-shots courtesy of @SynAckPwn

You could also just take a gander at the recent hearing in the Senate on this debacle at C-SPAN where the IG basically drubs the OPM for not following recommendations made on security for quite some time. You also get to see the management of the OPM flounder as they try to look like they are at all intelligent about security, it’s actually painful to watch. Clearly though watching these turkeys flap on how security is hard and takes ‘decades’ (Archuleta) gives you a sense of how new the idea of security measures that are common today are to them. This hack was just a matter of time and I had to laugh when they also said that they had detected the attack and that the New York Times and others were wrong about it actually being a vendor on site doing a presentation that sparked this IR for OPM. Oh well, the IG was right and and now an indeterminate amount of personnel now have their data somewhere ostensibly in China in the hands of what we are being told is the PLA.

Sweeeeet.

So today I decided to take a looksee at OPM online and this is where I got that Google dorked file I liked to from the IG. Anyway, their systems give up quite a bit of info when you query them with FOCA:

Screenshot from 2015-06-18 13:36:15

Screenshot from 2015-06-18 13:36:57

Screenshot from 2015-06-18 13:37:18

Screenshot from 2015-06-18 13:42:50

Now if you really want to make a concerted effort you could use all that intel to Google dork more and likely come up with plenty of data to target them further but it’s my guess that the adversary already did this. Or, they just sent them a phish campaign based on some of the data they got from Anthem and got their toehold.. No.. Wait.. Sorry, I forgot that OPM had been compromised over a year!! Oh well there goes that little theory.. Nope nope.. It’s just because they suck at security. There was much more out of FOCA but ya know, I don’t want to add too much more fuel to the conflagration now do I?

*wink wink nudge nudge SAY NO MORE!*

NO REALLY, CHINA

I know what you are thinking, you are saying to yourself; “They always blame China!” and yeah, we kinda do but that is not wholly unwarranted really. China has it’s hack on and there are many reasons why they do. Most of it has to do with their perceptions of war that have been guided by Sun Tzu since he wrote his treatise on warfare. Others out in the security community might scoff at the overuse of Sun Tzu (I know Brian) but when you are talking about the adversary actually being China, well you kinda have to take this into account. I mean, they aren’t that much for Von Clausewitz as they are for Sun Tzu in their doctrinal leanings. I have written about this before so I will not overburden you here with it all. I do want you to understand though the reasons for these things though and to that end I want to refer you to the video at the top of the page. Please go watch that now and then come back here… I’ll wait.

Ok after watching that video let’s talk about why OPM and what use the data is to the Chinese. It is more complex than just using possible SF86 form responses for targeting people to become spies. It does seem at this point that the SF86’s also were taken but let’s just go with the notion for now the they only got the databases of employee records such as names, addresses, social security numbers, and the like. What would the PLA want with this? Well, for that let’s step back and look at the Anthem hack for instance. Anthem held a lot of records for those federal employees as well and if I were a Chinese spook org looking to target people for more exploitation this would be a good dump to have right? For that matter any spy worth their salt would want that data to help them target names, addresses, emails, etc to use in further phishing attacks right? Think about it this way, in INFOSEC and pentesting what is the first thing you do? You do a footprint and you gather OSINT. Well in this case they got more than OSINT, they just took the whole catalog internally by hacking specific targets that were data rich.

Of course not only China would like this stuff but from what we are being told (as well as data being passed to others in the world of secret ioc and ttp squirrels) this was China. I am of a couple of camps here on the China thing. I have seen the Chinese actors and I have seen them used as a scare tactic by political movers. Whether or not it was in fact China really matters to the larger geopolitical sphere of things and that this was a hack of a government system with data that is rather important, I have to say that understanding who did it as well as we can is kind of important. Other hacks, meh, I don’t care. You have to either decide that China has done everything or they have been a convenient excuse for hacks that have happened. I am in the middle and will reside there until I have some data to prove things either way.

That the data has not turned up for sale so far is kind of a clue though that this is not going to be your average Ukrainian hacker team looking to abuse credit. Just as the data in the Anthem hack has not turned up either show’s you that this data is being used for other, more geopolitical purposes. Who is stealing the data really and who has it in their hot little server somewhere is the question that has yet to be answered though. Sadly, until such time as some LE or spook agency lets loose that they found it in the hands of some foreign national we will never know the truth of it. Gee, maybe we can just get a PLA hacker to defect huh?

Riiiight.

What you can expect more though is that we will be seeing a rise in hacks on the military, the defense base, the government and anyone and everyone in private companies that got a clearance for their outsourced government work. This is what the data will be used for and the fruit of this won’t be seen for some time I suspect. This is today’s espionage made easy because people and organizations fail to understand nor care about the security measures that they should be implementing. This is a constant cry among the INFOSEC community but hey we never seem to really learn and I would blame that more on our physiological makeup than anything else really. We just aren’t wired for this stuff as a whole. So when we get together as societies or organizations we spectacularly fail because as they say; “None of us is as bad as all of us”

Right, so back to the China thing. If you take the time to understand their doctrine for information war (战争) you get a good idea of how this kind of espionage is exactly what they would be doing to further their goals. Goals mind you, that may not be all about kinetic warfare but instead winning the battle without firing a shot. I would suggest if you have the time and the inclination read the book I linked by Hagestadt and then get your hands on everything you can about this subject. You see, we won’t be seeing this go away any time soon and as Sun Tzu said If you know the enemy and know yourself, you need not fear the result of a hundred battles”

Don’t just read the words.

Understand them.

“There is great disorder under heaven, and the situation is excellent”

K.

 

Written by Krypt3ia

2015/06/18 at 19:04

The Chinese Darknet

with one comment

Screenshot from 2015-06-15 09:28:58

 Chinese Darknets

The Darknet, or Dark Web, just saying it seems to emote some strange land filled with dark corners to the great media unwashed. The reality is a little more simplistic, a place where sites can in fact be found through clearnet addresses on pastebin or even searched within the darknet on spider engines. Recently the news has been filled with attacks by China on Tor users in their country to track them as well as efforts to stop Tor altogether from working in their country via the “Great Firewall” Sometimes though we can get a glimpse behind the veil a bit when lurking the darknets of how some Chinese can get through the great firewall as well as give insight into perhaps a non APT criminal element of the digital age in China.

Screenshot from 2015-06-15 09:21:12

Screenshot from 2015-06-15 09:17:15

Monday I came across two sites on the darknet that are Chinese in origin and this is something new at least to me thus far. What made them even more interesting was that they were both oriented toward hacking and freedom as we see with the posts above on site 1 as well as hacking and criminal activities as you will see in the images below. Unfortunately for me and perhaps all of you, the site above disappeared Tuesday and I did not have a chance to fully archive it for perusal. What I did see though can be encapsulated into the following bullet points;

  • The admin is in Beijing
  • The site was a platform for freedom of speech and Tor use as far as I read but there may have been more
  • It was php based
  • It was trying to show people the how to’s in setting up other sites as well as all of the things above

What I saw of the site intrigued me and I had hoped it would be stable and grow but alas it seems that the Chinese caught on, the admin’s access got cut off, or, maybe they got scared off. I will keep looking for this site to come back though and I hope to get a fuller read on it.

Chinese Darknets and Crime:

The other site that I located Monday is the more unseemly side of the darknet you all hear about every day in the news. The second site that I found is a darker one offering services such as carding and accounts in China for sale. So when you think of China, well most people lately, all they hear is APT! but the reality is that the Chinese are the same as everyone else and you will find both sides of the coin in the darknet as well. Those who want to express themselves by using Tor as a means to that end against an oppressive government, and those looking to make a buck by hacking and crime.

Screenshot from 2015-06-17 07:50:55

Screenshot from 2015-06-15 17:07:16Cards for sale

Screenshot from 2015-06-15 17:14:51Shenzen Bank acct for sale

Screenshot from 2015-06-15 17:10:46Hahahahaha

Screenshot from 2015-06-17 08:40:51Chinese hitman

Screenshot from 2015-06-17 07:25:59Translation of the main index page

Now I could not locate names for these sites at all and they are not very slick or whacky as many of the other sites on the darknet. These are functional and straight forward sites which I hope to mine some more as time goes on. Who knows, perhaps others will pop up. Actually, I would not be surprised to see people in Hong Kong setting these up or other places in the world trying to get real information to the people of China if they can access it secretly. It seems though that the Chinese government has been quite active in trying to put a stop to this. I hear that in i2p there are more Chinese sites and use. I will have to take a look. For now though, I will keep an eye on these sites.

K.

Written by Krypt3ia

2015/06/17 at 11:33

Posted in DARKNET

Darknet Jihad: These Aren’t The Sites You Are Looking For

with one comment

jihobbyism

 OMG DARKNETS!

I recently gave a presentation at Mass Hackers on “Online Jihad” which went very well. While I was covering the online jihad, the topic of Darknet Jihad came up as well, it usually does when anyone talks to me about the subject. Well, since giving that presentation I have seen various and sundry gubment types claiming that the “Jihadi’s are using the darknet! OMG! It’s why we need to have crypto front doors and de-anonymize the darknets!!!!”

*Baleful stare*

I am writing this post to set the record straight and to make a point… A cryptic point that someone reading this will get and you know who you are. The darknet is on the whole NOT being used by jihadi’s to hide their comm’s in the sense of going to darknet sites. Please for the love of everything sane, all you gubment types and wanna be spies get that the fuck into your heads right the fuck now.

Yes, the jihadi’s are using TOR and other VPN’s in attempts to hide their traffic on the “clearnet” but no, they are not gathering in large groups in hidden services sites on the actual “darknet” This is an important difference that many in the media and in the government either don’t get or don’t want to get in favor of having a scary scary thing to say to get the other ossified gubment workers (aka the Senate and House) to capitulate out of fear to their crypto breaking desires.

So lemme mansplain for you all about just what is going on in the darknet and what is not ok?

Darknet Jihad Funding

fundjihad1

FundJihad2Credit for screen shot Joe Cox and a hat tip for pointing out that it was there on the darknets.

What you see above this text are two sites that have appeared in the darknet and these have been the most tangible and visible of anything out there to date. The top picture is from a site that had a real bitcoin address and appeared in 2013 I believe. I wrote about it back then at least so maybe it was around in 2012. In the end though it amassed about 1200 bucks and then it was cashed out. Personally I think it was a scam site but who’s to know really.

The second more recent site is directly supposed to be a Da’esh site and it appeared last month on the darknet. It’s bitcoin address is real as well but to date has had no money put on it. This site too smells more like a fake or a dangle by an agency than anything else. Why? Because the fact of the matter is that to date, I nor anyone I know in the know, have found ANY other sites out there on the darknet, in the hidden services, at all that is jihadi in origin or aegis. None. Niente. Nada.

Of course there may be super secret sites that only a select few know the address of or maybe they are just using other sites like market places as dead drops but even this sounds a little too esoteric for the nitwits we see today in jihad and jihobbyism online. There is just no there there man, nothing to hang your crypto is bad hat on Mr. gubment guy! Ok ok ok, there was one upload to a file server in the darknet for one manual but the link was given on the clearnet jihadi board so how the fuck super secret is that?

Meanwhile Back In The Clearnet….

Ok so now that I have made myself I think crystal clear, let’s talk about what the jihadi’s are doing that I and others like me have seen. For the most part they have taken to TOR and TAILS like a mother since the Snowman dumps. This is to be expected right? I mean, look at all of us in the security community talking about this shit too right? If we say that it is better to TOR up or use TAILS to protect our basic security and privacy it stands to reason that these jihadi mo mo’s will too huh?

This is not rocket science kids…

Oh and yeah, since TOR has become every so user friendly, it is a natch that these guys will install it and use it on anything and everything that can run it. If you look below here you can see how they are using various tools on various platforms like Android just to reach their Da’eshbag Twitter accounts so they can spew their derpy propaganda!

kasperskyTor

onionANDROID

OnionTweet

So yeah, they are using TOR, TAILS, and anything else they think will give them an extra layer of protection. I have seen tutorials in Arabi all over the place for them to use and the mandate from the Da’eshbag pooba’s on how to be secure online. This however does not stop them from getting a JDAM shoved up their asses though when they take selfies am I right?

Derp… KABOOM!

Right, anyway, the skinny is that until these guys are all digital natives they aren’t going to be living and lurking in the darknets. Sure, they will have TOR, and sure they will have encrypted chats but hey, WHEN THE FUCK DID WE NOT HAVE THOSE OPTIONS TO START HUH? Really, for fucks sake stop it with the scare tactics USGOV and every god damned three letter agency! How about this, you say fuck all to the tech fixation and the shortcuts and you all get your HUMINT game back on?

That is how you will win this war. Make friends, find out where they are, and then JDAM the fuckers.

K.

CORRECTION: According to a tip I got from @Apate1114 there was a site back in 2012/2013 that was alleged to be a standard jihadi type site. In looking for any kind of backstop on this all I could locate were links that described the onion site in question (http://p2uekn2yfvlvpzbu.onion) In February 2013 it is listed as “http://p2uekn2yfvlvpzbu.onion/ Armas entrenamiento militar etc” 

Another site lists a file on the site for that time showing a pdf for a .50 cal rifle: contru�ao rifle:p2uekn2yfvlvpzbu.onion/arm/50calRifleConstructionManual.pdf Neither of these says jihadi site etc and unfortunately I have not seen an archive of the site.

Correction II:

I had a chat with @Apate1114 and they gave me a correction to the above. They provided a bad link there. The link is in fact instead: aub35xzuj7wslusm.onion and is no longer up. The site that was linking it in 2013 is seen below:

Screenshot from 2015-06-16 10:34:15

Screenshot from 2015-06-16 10:34:34This site, aljyyosh, calls the onion site موقع عربي غريب  which is “weird website” Since then, nothing has been seen of this site in the onion but as you can see on aljyosh there are plenty of tutorials on how to Tor.

Screenshot from 2015-06-16 10:40:01

Written by Krypt3ia

2015/06/15 at 23:14

Follow

Get every new post delivered to your Inbox.

Join 201 other followers