The recent dump of data from the Qatari National Bank was of interest to me and many others because it was purporting to have the accounts and identities of spies within it’s csv and text files. I downloaded the files from Cryptome thanks to someone pointing me in their direction and took a nice long look. As the story has unfolded it has come to light that the bank itself says the data is real and that they are now “completely secure” which is amusing given that this was an ols SQLi attack that netted this Turkish hacker group the jewels of QNB.
The dump consists of the oracle database files, the passwords, and the banking information of all the users therein. I have to say that most of it is really quite pedestrian but then the hackers, or the bank management, created file folders (as seen above) that marked people as spies, Mukhabarat, Security, Gov, and other tantalizing names. I first had thought that the file folders and their speculative names had been created by the hackers to sex up their dump but it has come to light that if you look within the database dump itself you see the directories and names have headings like intelligence and defence. So it seems that the bank itself may in point of fact created these tags in the belief or inside knowledge that the people in the data were in fact what they claimed, or at least thought they were.
I looked at all the interesting folders and the data all the while wondering about the validity of the idea that these names were in fact corresponding to real assets, NOC’s or just functionaries in Qatari space that had just been quite well blown by this hack and subsequent data dump. On the whole I would call into question all of the names being linked directly to espionage organs. I really have to wonder if the bank would in fact be that “in the know” about spooks in their country and really have to be circumspect about their putting that in the users bank records. I mean even the Mukhabarat would at least demand that it be obfuscated one would hope by a code of some sort and not just in the headers/directories themselves.
It really kind of feels like the natural tendencies of the Arab nature had gotten the best of the database admin and the managers of the bank and they believed that these people were spies without there being any real proof. In any case, if these people, especially those who are FORN and in country, now may have some trouble with people thinking that they are really spies and subject to attacks. Imagine if you will any jihadi types who might take this data as gospel and go after these people for da’esh or AQ. This could be bad. I have yet to hear of anyone leaving their positions or the country. If I were one of them I would at least be looking over my shoulder henceforth.
The other data I can see perhaps the military accounts and names being totally on the money because they are their own Ministry of Defence and really, that is not top secret stuff. Likely the bank see’s where these people get their pay from (Qatari funds from the gov) but even these people could now be targets because this hack was motivated by political means it seems after all.
It seems that the Bozkurtlar (Grey Wolves) a Turkish political group and their hackers were the perpetrators of this hack. There is a long history between Turkey and Qatar and most of it seems kind of benign but when you scratch the surface a bit you can see that there are some issues between them as well as some synergies in their support of certain terrorist groups like da’esh. (click linked image below)
So, “Cui Bono?” Well, certainly the Grey Wolves, to what end I am not completely sure. They did post their video before the hack hit the pastebins out on the net so it was pretty much their gig but I still don’t quite understand why. Perhaps these hackers are quasi wolves and or it is some other entity using the wolves as a cover for their activities. Given that there has been no real perceived fire coming out of Qatar over this nor in other areas of the world that we are aware of, I kind of doubt all these people were in fact assets of foreign powers.
At the end of the day, this just turns out to be yet another derpy easy hack using SQLi on an entity that wasn’t performing any due diligence but it had the sexy sexy for the masses with the idea that some great hack exposing spies had occurred. In my opinion not so much really. So hey Grey Wolves, gimme some more context would you than some poos British shmucks MySpace page in the future would you?
A couple more daring Da’eshbags have decided that the darknet is the place for them to spread their propaganda. The sites just popped up and aren’t quite finished. The Cyber “Khahilafah” خِلافة “Caliphate” has a total of 5 main pages with links off of those to other internal and external pages.The main page has the following text:
Fight in the cause of God those who fight you not transgress Allah loveth not aggressors} Al-Baqarah: 190}
The books you dislike it, and it may be that you dislike a thing which is good for you, and that ye love a thing which is bad for you. Allah knows and you do not know the cow} 216}
Very soon will be open all sections
We hope to collect the largest number of individual wolves
!Beware no joking here!
Overall this page is really quite simple and reminds me of just about every other page on the darknet (some remnant from Geocities got loose in the darknet and multiplied!) it’s kinda ugly and simple. As the site is not finished there isn’t much to look at right now but I thought I would archive it and pass it along before the kids hear about it and DD0S the crap out of it or hack the node and take it down. Of course if someone hacks it and somehow get’s a raw IP that would be interesting huh? *hint hint NSA*
Anywho, this site is different from the last one because it is not really pulling a whole lot from the clearnet and it is certainly not at this time like any of the other jihadi boards out there but it seems to me that is what they may be aiming at later on down the line. I am sure it won’t be around that long anyway but it’s amusing to see them try.. Ok on to the data and further below the second site!
The sub pages consist of the following headings:
which seems to be a version of Keffeyah which is a scarf, head dress common to the region.
Both of the downloads fail and the domain they point to are:
- Download 2https://ia601501.us.archive.org/16/items/bonboba/bonboba.pdf
Now the 00-up domain is interesting because it has a long stories WHOIS history and the present owner is a Mohammed Ezz out of Egypt according to the data.
has the following single page with a link (Infantry Mechanisms In Desert Operations)
The desert operations piece is pretty much a re-hash of the desert war tactics from WWII. It’s an interesting read if you are in to desert warfare but I am not sure why they have put this up there because it is specific to the Sahara.
Isdarat we saw the last time and refers to isdarat.tv so maybe these are the same guys?
“Kalashnikov Weapon” which links to some videos that don’t work
That’s all she wrote for this site. The next one though is a stand alone with the same name as this one but really is just a shingle for the Da’esh Cyber Kahilafah Al Bayan (popular news paper in the region) radio link. This link is not working but there were some interesting links that were offshoots to this.
Now Al Bayan is the radio station that the da’eshbags started when they took over a station in the region. It is on FM and cannot be heard here unless you get it online. Thus this page and links. As they are not working it may be that they only post things or make the link live at certain times. In any case, the links on this page led to the clearnet and some interesting people and places (see below)
I have yet to try and give a listen but when I get a working link I will. Until then, you kids have fun with these guys in the darknets! Once again they show that they have some sophistication in being able to set up a tor site but then they completely lack the ability to really program it or keep it online. These are not the cyber warriors the media would like you to think they are.
EDIT: There is a THIRD site evidently. I have found the “creator” of the site and located yet another page he/she/they are looking to link from. This one will eventually have the bomb making tutorials for making phone bombs.
It is not often that I find a book that I just want to read right away and put everything else in my busy reading schedule down for. In this instance I have to say that this book looked good right out of the gate for me so I put everything else on the back burner. At 150 pages give or take, it was a quick read yet quite informative on topics of espionage and counter-espionage tactics and techniques for the lay person. What really got me thinking though was that this book really could and should be a part of every companies security awareness program and not just for executives.
Of course with the prevalence of today’s electronic spying (by hacking or by outright hoovering of all data by nation states) one tends to think that old school HUMINT (Human Intelligence) is no longer as useful as it once was. This is not really the case though and I want you all to consider that as you think about your security programs or your personal security. Not everything has to be some technical HIDS/NIDS/AV/Firewall end run to get you into the network today and much of the time in today’s world you can see this at play with the simplest of attacks against end users with phishing and spear phishing. Truly the human element is the weakest and the most powerful at the same time when it comes to the success or failure of security machinations. In fact you will hear it often spoken as an aphorism of sorts but it is true that the “insider threat is the biggest threat” and it is literally true. This is where HUMINT is still useful in not only gaining access to a network let’s say, but also much more if you can leverage an asset into doing your bidding.
The book covers all the bases on how differing types of “collectors” aka spies both private and nation state can and will attempt to elicit, recruit, or blackmail the would be asset into working for them. Bencie also covers the issues of personal security around yourself and your technology that you carry (e.g. laptops, phones, tablets, etc) that are leveraged for theft and access as well. If a collector doesn’t need to recruit the target because the target left their laptop in their hotel room, on and logged in, well then no need right? Suffice to say that today we carry as much information and access on us as much as in our heads and this is what the industrial spy or nation state spy craves.
Now, one might at this point be asking one’s self “Well, what would anyone want from me? I mean, I am not that important, just a cog in my company that’s under appreciated, no one would send a spy after me.” … and you would be wrong to think this. Access is access and if a collector can get access to you and your technology (e.g.your network by hacking your laptop or phone) then they will. While there is a sniff test that a collector will make on people as they watch them, much of the math here is how vulnerable is the target and how easily could they be manipulated into what is needed to succeed. Bencie covers many scenarios that may seem like spy thriller pulp but take it from me, these things have happened and still do. In fact he uses real stories to back up the scenarios from the people that they really happened to. These are not just the things of spy thrillers and film and the general populace should be aware of this especially if they are on travel for work, more so if they are in a foreign country while doing so.
Finally though, as much as this book is something I am going to recommend to executives, I would also like to turn my eye inward to the community *cough* that I currently am in. That community is the information security community specifically. We INFOSEC people are probably the ones that I would consider to be some of the juiciest targets in today’s technical world where everything is network oriented. Whether you are a red team person or a blue team person, you all have information inside your heads and on your hard drives that the adversaries would love to have. As we are moving into the con season (Defcon and BlackHat to be specific) we all will descend on Las Vegas for serious convention learning and exchange of info… Oh who am I kidding? It’s a party festival of drunken debauchery and shenanigans right? If you have not considered just how many corporate or nation state collectors (spies) are also there looking at you dear con goer as a possible asset, then you just ain’t thinking straight!
I am hereby recommending that everyone going to these con’s read this book and take it to heart that YOU are a target at these two con’s if no other. Take heed of Bencie’s suggestions on controlling the drinking as well as what information you share with anyone. I also implore you to read and learn about the methods of elicitation that the spies use to get information from you when you may have no idea they are doing it. If you work in this field and you hold what we would consider secret information on the vulnerabilities of companies you have hacked in a red team event, or have been trying to remediate as a blue teamer, this book is important for you. But hey, Defcon is all a good time! Until you wake up in the desert with a note threatening to release the pictures of you to everyone unless you do what they say.
Go buy this book. Read it. Live it.
All business is warfare so don’t be the next dead foot soldier.
Someone on Twitter recently passed along this little email from ZENEDGE to me in hopes that I would have something to say. That someone was right and what I have to say is not going to be nice. The email, a marketing email, purports to be selling cyber services because “Terrorism” for all your cyber security needs. This frankly is one of the more craven and baseless marketing emails that I have seen of late and I agree’d with the sender that it warranted my special attention. So Leon Kuperman, and ZENEDGE, here’s your special attention!
First off, I would like to take the time to extend my sympathies to anyone who has been touched by terrorism and specifically to those in Brussels as they are used as a pastiche for this tissue of marketing bullshit you see before you. The article, and I call it that quite loosely, starts off claiming that “terrorists” and names da’esh (ISIS) are in it for the “terror” and that terror is able to strike anywhere! Anywhere to ZENEDGE means *gasp* online and you gentle reader are in danger of being cyber terrorized.
The past several months have brought a string of terror attacks and violent incidents, which not only claim lives but cause worldwide feelings of fear and vulnerability. It seems that groups of terrorists like ISIS can strike when and where they want.
As the authorities ramp up surveillance, such attackers simply adapt and change their tactics. They have learned to be patient and to leave few traces.
Stopping terror groups and other bad actors requires an evolving approach. Because these attackers don’t rely on yesterday’s methods for launching the next strike, authorities can’t rely on yesterday’s surveillance and intervention methods if they want to stop the attacks before they happen.
This is especially true as terror groups take their fight from the streets to The Street.
Oh my god, the terrorists can strike “The Street” Wait, what? What does that even mean? Are they going to attack Wall Street? Mulberry Street? So da’esh can strike anywhere anytime? Really? Like in my office here? My bedroom? ..*gasp*… My bathroom? What a crock of shit. But wait, it gets better! Because of “surveillance” the da’esh masters of terror are evading yesterday’s surveillance! They have gone DARK!
*gong sound with ominous portents*
Terror attacks serve a dual purpose: They not only harm or kill people, they send psychological shock waves throughout the world. After the rubble is cleared, fear and insecurity persist. This is what the attackers count on. For this reason, it is certain that terrorist organizations will increasingly bring their attacks to the online world, where ideologically motivated players — like Anonymous and New World Hacking — have already made a splash.
That’s right anonymous like entities will be committing the cyber terror in a place near you soon! They will either scar you psychologically or they will outright CYBER KILL you! Honestly this is one of the most egregious marketing mails that I have seen with it’s bated breathy scare tactics. It goes on and you can go read it for yourselves. I will not belabor you with it all here but I felt moved to call this kind of bullshit out. They continue on with the usual bugaboo’s of the scary darknet and operators therein being paid by da’esh to attack all our networks and maybe even a dam or YOUR NETWORK!
*insert scar balaclava da’esh hacker imagery here* BOOGA BOOGA!
Ostensibly this marketing blast is out there to sell ZENEDGE’s wares, whatever they may be because it really doesn’t give you a menu or anything to look at. It only says that you need to be proactive to stop the terrorists. So is password management with 2FA and having a good security program in general proactive enough to stop da’esh? Frankly, yes, in fact da’esh isn’t a cyber threat here and never will be. Let me set you straight Leon da’esh is not a hacker collective, their online propaganda is just that and their hackers, if you want to call them that loosely, are not a threat to much of anything but a poorly configured web page. Your using them and the events in Brussels as a sales pitch are in point of fact craven and the lowest form of marketing I for one have seen.
Leon, buddy, stop with the scare tactics bullshit and just try to sell your wares elsewhere. Stop trying to use tragedy as a sales and marketing tool you tool.
On The Seven Pillars of Wisdom the notion that the “insider threat” can be one of the most devastating threats to an organization. I have pointed this out before concerning INFOSEC but I thought it would be prudent to do so again with the story of the caliphate and Abu Hamed. As a practitioner of the INOSEC arts *chuckle* one of the things that we have to take into account in the #BlueTeamLife is the insider threat and the general tenor within the organizations we work for. One has to take the pulse of the org and see what the overall temp is of the work force. Have there been layoffs? Are people generally disgruntled? Who amongst them may be a turncoat and be stealing your data or setting up the Locky malware inside your domain controllers?
All of these thoughts should cross your mind now and again as an internal player within a security organization. Frankly yes, you can have utter devastation to your network and your org from just one end user being click happy, but imagine if you will a disgruntled employee who has keys to the kingdom and a will to wreck it all as they give you the finger walking out the door. I personally have been party to one such incident that included a logic bomb and many hours trying to figure out what they did to get the org working again. You can never discount the insider threat and you shouldn’t.
The same can be said about agent provocateurs in your org as well. This may seem like fiction to you but consider where you work and what they have as data goes. Would a competitor want to steal that data? Perhaps they would instead like to burn your org down to the ground to get ahead? All of these scenarios are possible and you as the #BlueTeamLifer have to consider these things as you attempt to secure the sieve that is your networking environment.
Do you have any content in your awareness training about outsiders trying to get information from your employee base? Do you have content about not wearing badges to local bars or being circumspect at conferences? If not, perhaps you should assess your crown jewels and start creating some.
At the end of the day it is better to be prepared for this type of activity than to be totally unaware of the possibility.
Think about it.
I often like to take little trips into the dark seedy underbelly of the internet called the Darknet. Well today was just another day for that kind of thing until I came upon a site that claims to be a “Red Room” A “Red Room” is really a composite urban legend where snuff films and extreme BDSM meet in a dark corner of the internet. Up until today there have been many rumours of sites and often times one can find alleged “Snuff” films on the internet and darknet. This site though has a twist to the old rubric, this site wants you to sign up and pay a fee in BitCoin in order to watch content live in the future, 136 days in the future to be precise (see image below)
The spooky bloody countdown!
Now I don’t know about you all, but well, I have come across various sites in the corners of the net and of course in the darknet that, shall we say had unsavoury content in the past. You can imagine the kinds of things one see’s on the net especially if you consider “Rule 34” and have been around long enough *shudder* Anywho, this site piqued my interest because it reminded me a lot of an episode of MillenniuM back in the late 90’s. This episode pretty much presaged this site’s intent with an early online site that could not be traced being run by a serial killer who was killing people live online according to the number of hits the site got (see image at top, the number is how many hits he wanted before killing her)
Now I remember thinking that this was all bogus back then, particularly over the tech speak that they tried to use with the hacker trying to capture the location of the kill site. I tell ya, it was hilarious up to a point but I really had to wonder at the time whether or not this kind of thing would eventually become a reality. The site that I located today might be the real deal, but I really tend to think this is a little scam on the part of some enterprising Germans. I mean come on! Give me some content to start with that will make me WANT to give you Bitcoins guys!
Anyway, this site claims the following as it’s hook:
Three people will die … just one will survive. You will decide who is the lucky one. Livestream from 4 diffrent locations in this world. You decide what each person deserves. Choose between 67 diffrent torture methods. Whether physical or psychological pain, you choose by voting. All four camera livestreams on one site with a chat for each camera. Interested? Register now! More information after registration. Important! Access is limited to 300 registrations! Login will be possible 3 days before it starts.
So three unknown people will die after torture and the viewers are to choose the one who will live. With a wide array of torture methods (what we don’t know) including psychological torture how can one resist this? Frankly this reminds me of a recent “Castle” episode with the school room and the tortured kid (now grown up) who started killing people off with puzzles and terror.
The site is kinda poorly coded and leaves too much of a trail for someone to follow back to the creators. The BitCoin wallet was created recently it seems and has no transactions at all. So if there are people who have signed up where are their Bitcoins? According to the site out of 300 spots to view the murder/torture of unknown people 123 were taking up already. Would this not mean that there should be a substantial amount of Bitcoins in the wallet? The net here if 300 people actually paid the Bitcoins would net the creators about 300 Bitcoins (today $123,591.00) which is a tidy sum. If you then believe the site and not the Bitcoin wallet taint then 123 Bitcoins given already would total $50,672.31 Now if you look at the second page that you can access via code, you see that 176 people have allegedly signed up. Well, that would be how much in Bitcoin? Oh yeah: $72,506.72 so where are those funds HMMMMMM??? I am sure some Treasury or DEA agent would love to steal those eh?
Another fascinating fact that I alluded to above is that this site was likely created by “Zose vacky Germans” as there are German words in the code and the video (oh yes, there is a video but in reality there is only text in it so cool down!) It figures that the cultural reference that ran through my head was the Cartman’s mother in Scheise videos here! Yep yep, German BDSM Red Rooms on the darknet! I can see the headlines now on Vice! Breathless stories about how the world is coming to an end and that the cause will not be something like an asteroid or a nuke, nope, it will be a Red Room that will drive our civilisation over the edge!
Alrighty, this was amusing. I will chalk this up to Slenderman and the other internet born Red Roomy urban legends. While I would not discount this kind of thing going on and being only something the Illuminati get to see, I seriously doubt that this is a real thing. If you decide to part with a bitcoin gentle reader, let me know how that goes for you. I will keep an eye on the site to see if anything interesting happens in 136 days.
Well there has been a great hubbub about the “first” true cyber attack on an infrastructure system(s) in Ukraine and while I agree that it may be the first (admitted to) it is not something that is on par with the attack on Natanz frankly. As the reports keep coming out and feeds like Wired write kitschy articles about the super scary world we now live in, I thought it would be interesting to cut the bullshit and just put some data out there with some commentary on this event.
So yeah, 225k people were without power for a little while and overall this attack does in fact show us all just how probable this is on select targets, it should also show just how much work it takes to perform one of these. It should also show us all how segmented the systems are and how hard it would be to have an apocalypse event ala “Lights Out” happen anywhere in the world never mind America. The fact that the power was restored fairly quickly and that even when the attackers had tried to keep them down for longer, the systems are also resilient enough and manual enough to keep the lights on. It’s not all cyber and nor should it ever be.
What should be surprising if not galling is that the pre-attack work carried out by the adversaries (*cough Russia cough*) was easily successful and allowed access for the teams to recon the facilities, gain further access, and launch the attack in the end without every being detected and perhaps stopped. Why was this the case? Because this company, even with “robust firewalls” was not doing the due diligence is watching it’s network and did not have a SOC (Security Operations Center) that could monitor the traffic to determine bad actors within. What should worry you even more is that in talking to insiders in the power industry and from personal experience, these people were much better at security than the majority of the companies out there today including many in the US.
At the end of the day some of this is interesting but the majority of this attack is pedestrian in the grander scheme. This was a soft target and it was more than likely that it was Russia, a nation state at either the behest of Putin or Putin at the behest of his oligarch pals that did this. This is to say that any reasonably monied group could hire hacker teams to do the same anywhere else. This was a big fuck you to the power company and to Ukraine. It had thinly veiled Russian connection(s) and it has yet to be seen what if any response this will garner from Ukraine and the companies involved who may or may not be seeking to diversify their power generation and transmission.
There will be games…
So what happened in this attack?
- The adversary foot-printed the power company and went after the weak points (users in the network) with phishing emails
- The phish consisted of MACRO based word documents (VBA) that connected to C2 and got modules to further compromise the networks
- The adversary then mapped the network and performed recon
- The adversary gained access to VPN’s as well to remotely connect to ICS systems that lacked 2FA
- The adversary planned their attack and set the stage to not only shut down the power but also to DoS the call center in an effort to muddy the waters and extend the attack
- The adversary launches the attack
- They take down the power systems by controlling systems with stolen creds (RDP)
- They over-write firmware with garbage to further prevent the attack from being thwarted and to cause a longer outage
- They DoS the phone system (call center)
- They killdisk things to make it harder to come back up
- Basically they tried a fire sale but they failed because of manual systems
While this attack was effective and is a cautionary tale, once again, this is not an extinction level event here. It was well planned and it went off pretty well but remember that the target made it easy and I am afraid that that is the state of affairs everywhere today. So that should be something for you to mull over as you think about this attack.
My Own Recon:
I wanted to know just how easy a target the “Прикарпаттяобленерго” systems were or should I say are? I went out and did some recon of my own with some tools to see and I was not surprised by the results. For the most part this company shared a lot of information through metadata and an open network infrastructure. I did not attempt to run any other kind of vulnerability scan but you can see from the data below that it would be easy enough to profile the company, their security posture, and their network just from tools like Foca.
Just by using Foca I was able to really get an idea of what they had in the network and how I would formulate an attack to get inside and map things out some more. This type of information is not uncommon to find on the internet and frankly I could have honed in more by using things like LinkedIN and VK to search people and work the OSINT. Let’s just say that this was an easy target and they were unaware of the OSINT they were just giving up by placing all this stuff online.
I also downloaded reports from numerous sources out there trying to get market share by putting together these pdf’s on the malware and C2’s used in the attacks. Once again, really nothing new here kids. Sure they re-packed the malware to have new hashes that would not be easily detected but for the most part nothing novel here. They phished people with common doc and excel files that we all get in our daily lives in the corporate security world. Honestly these attacks could be mitigated by just taking admin away from the users and now allowing them to run macro’s when asked to in broken English (or Russian) but hey, who does that kind of security today huh?
You all can comb through the C2’s and the PE files yourselves. It’s pretty common and certainly is not on par with Stuxnet. It did however do the job and once again I have to remind you that this shit should not really work in a properly secured environment with awareness for employees and some semblance of a SOC and some HIDS/NIDS right? I mean the C2’s are well known for being dirty so they should have been caught or blocked already. Take a look at the C2’s in the Netherlands and elsewhere and they have quite the bad history. Once again, this adversary did not have to work that hard.
Now on to the big “attribution” game that everyone likes to play. I looked at the C2’s and at the data around them with a jaundiced eye. It is clear that whoever did this had some money for teams of people to do the work but maybe they got the access from spammer/phishers already out there who maybe sold the access to start. It became clear though that two of the C2 addresses had quite the past with romance scams and pharma schemes online over the years.
I will say that all of the backstop data seems to imply a Russian connection and if you look at the politics of the region as well as the fact that the Oligarchs and Pooty are in charge, it is not hard to make the conclusion. It is a conclusion though and not proof in any way. So, this attack likely was Russia but no one, let me repeat, no one, can tell you for sure. I am sure that in the RSA week last week many a vendor was trying to make a sale with sure-fire attribution that it was Russia SO BUY MY PRODUCT!
No.. Just no.
What Have We Learned?
What have we learned? Well, I learned that this is nothing new, nothing spectacular, and nothing really to write home about. I know that I could probably hire someone like Nickerson and his team to do the same thing to a like target so really this could be nation state or it could be some person with money or a grudge. What you all learn from this depends on the level of investigation and thought you put into it. As many of my readers are in the business, you are likely coming up with much the same assessment as I have. This was bad but it was bad because the security was lacking at the facilities. A soft target is a soft target so really this should not be some hyped up story for a new Kim Zetter novella.
Here’s what you really should learn from this:
- Generally today infrastructure security sucks
- An all out fire sale like you saw in Die Hard is not likely because of manual systems still in place and segmentation
- You should have a backup plan for power just like you should if you live in an area that gets snow and ice that knocks out power
Everyone seems to be all worked up about cyber war and frankly the gleam in too many people’s eyes makes me kind of sick. Lately I have been mulling over in my head the fact that no matter the technology humans always seek to weaponize it or use it against one another and that just sucks. We are our own worst enemies because we create this stuff insecurely, we manage it insecurely and we leverage it against one another for personal, political, or monetary gain. In short; “This is why we can’t have anything nice”