Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘A personal note’ Category

The Manifesto

with 6 comments

Manifesto01

han uxgb xa.

I HAVE BEEN IN THIS BUSINESS FOR OVER THIRTEEN YEARS….

It’s been a long strange trip from the early days of “Information Security” being a business. Over these many years I have seen quite a lot working for Big Blue and various other places but man it lately just feels like I have passed the event horizon on this black hole of derp. I look at the news and just cannot help but feel like I am being made into atom spaghetti by that black hole drawing us all into it’s depths. Of course the black hole here isn’t made of super compressed matter that breaks the bonds of the laws of physics. No, in this case the black hole is metaphoric and is made of what we on the internet call “derp”

Recently I have been taking stock of it all and I have come to some conclusions for myself that will affect the way I deal with.. Well.. Digital life. In looking at the big picture I have finally had the realization that we as a species will always be the reason we can’t have nice things. Whether it’s the malware writer, common criminal stealing money, the nation state seeking to fuck the other nation over in their own interests, or the pimple faced moron taking pictures of himself licking taco shells at Taco Bell, there’s no fighting against it. Everyone will have their agenda and their agenda’s both personally as well as collectively will win the day. It won’t be you or I dear INFOSEC reader. The tide as they say is too hard to fight against and I for one am just going to let the lungs fill with water and my body sink to the bottom of this ocean of stupid.

THE WAR

Sometimes I feel like the recent John Hurt version of Doctor Who. I have been in the wars a long time and I have fought the good fight until moment when I just say; “NO MORE” Well that time has come and there is no more I can do. I have been a bellicose person here online and the reality is that while I’ve gathered followers and friends I am just preaching to the INFOSEC choir and nothing more. The war that rages is the one outside of our own little vox populi cum echo chamber of Twitter and blogs. The war I speak of is fought every day on the internet and intranets… The Internet of things as they call it now but the reality is that the war is not digital. It’s about the people who operate the Internet of things. Too many people just focus on the technical and that is a big problem. You can’t solve everything with technical means. You know why? Because for every measure there is a counter measure that someone will create! The human animal is eminently creative and it is within their nature to want to break the system. Whether it is just for the thrill, for money, for power etc, people will always find a way. Think of it in the way that Ian Malcom makes the analogy about nature finding a way with chaos theory in Jurassic park, it’s the same idea. The war will always be waged as long as human beings have the technology and the will to subvert systems, steal money and secrets, or wage war. It’s really very simple.

The war will never end until such time as we have evolved past it… 

THE BATTLES

So, given that the war will likely never end we are forced as practitioners of INFOSEC to fight never ending battles in the greater war of attrition. The battles are myriad and you all know your own because you live it every day. Do you out there feel that at the end of the day you have won the battle? Perhaps the war? I suspect not many do really because I hear a lot about burnout in this industry. Burn out seems to be endemic for us and I for one have felt it licking at my heels more than once in the past few years especially. So are the battles worth it at the end of the day when the overall war is lost? What do I mean by saying that the war is lost? Well, have you seen the news lately? We are the most surveilled we have every been to date and yet the people are quiescent on the whole about the invasions of privacy.

Surveillance and invasion of privacy seems to be just a single aspect of a larger problem though. Generally the masses are just not able to comprehend the problems surrounding the technology they hold within their hands. This makes the collectives of companies and governments just as clueless because they are comprised of those same individuals who are not clued in. Of course this is a gross generalization but really I think it is one that is appropriate. So to sum it up, until such time as the “norms” finally grok the issues around security the war will always be a loss as well as many of the battles that you or I fight on our own killing fields because of human nature.

HUMAN NATURE

And here I am again back to human nature. We have been evolving for a long time and yet we still fail at things like world peace, or ridding ourselves of poverty and hunger. How then do we look as a species where we have a new tool that was supposed to revolutionize our lives and the two things we primarily seem to be interest in now are porn and warfare online? No, really, look at it from the aggregate here. We have weaponized cyberspace for more porn profits. Ok well there is some facetiousness there but you get the idea right? We take the thing that is supposed to unite us in egality of knowledge and we fuck it in the ass with war and profit through malware and packaging everyone’s data for sale or state surveillance.

Human nature here wins the day so once again I say it’s not about technology. We MAKE the technology and we make OF IT what we will right? Hammond and the Anon’s used the technology to do what they felt was necessary to show misdeeds. Right or wrong they leveraged “human nature” to bypass security through low level vulns such as bad password habits. They leveraged our own human nature of laziness against us all. What I am getting at here is that we are our own worst enemy and god help us when we get into packs and make decisions. I know you all have been on con calls before so you know what I am saying here.

Until we can overcome our own human nature to be self destructive the war will continue as we have been seeing it play out before us of late. It will be one derpy war after another against every one of us and every one of us who gets pwn3d will only have ourselves to blame. Well, really the human nature thing.. But you can blame yourself… In fact you should really.

EVOLVE GOD DAMMIT!

A STRANGE GAME. THE ONLY WINNING MOVE IS NOT TO PLAY.

So here I sit today thinking about all these things as I have been recently on and off. I look at the greater picture and realize the futility of it all. I mean, what’s the point if I get one person per day NOT to click on a phish email when somewhere else a C-Level is making a bonehead decision that will effect the whole companies security posture? It’s fucking Sisyphus and the boulder every frigging day so why bother to care? So I have come to you with this manifesto of a sort that I here and now just really don’t give a crap anymore. I am not going to evangelize anything anymore. I am not going to try and teach anyone anything as well because what’s the point? You can’t win the war and I certainly don’t have a big red button ultimate weapon like the Doctor did in the Day of the Doctor. I cannot make the derp disappear in a pocket universe no matter how much I would love to.

Instead now I relinquish the derp and the angst to all of you willing to take on the mantle. Take it please. I would rather go investigate making cheese from human armpit sweat than have to deal with this constant barrage of lunacy that is the INFOSEC diaspora. I will leave all this behind like Frodo leaves the ring in Gollum’s mouth in the Crack of Doom for it is the only place where it can be destroyed… Which just happens to be here on the internet right? Where the derp was forged so shall it be destroyed….

Ok, yeah that was melodramatic eh?

Look, here’s the deal. I have had enough. Enough of the cons, enough of the jockeying online, enough of the anger and dismay as I see all the shit going on around me that I know nothing can be done to stop. I often joke about getting that 6’x6′ Uncle Ted cabin and making packages but that is just a joke… No really. My plan is to just move on and leave the tyranny of derp to the rest of you to deal with. I have other more interesting things to do that don’t require raising my blood pressure and having petite mal’s. I will of course write still when I feel moved to it about interesting things like the Bitcoin stuff or darknets but honestly I’ve had enough of the horse shit here.

And thusly my manifesto has been derp’d unto you…

Don’t forget to tuck and roll when that huge fucking boulder comes barrelling down at you later…

K.

 

Written by Krypt3ia

2013/11/25 at 20:23

Posted in A personal note

DPR: Not so dread inspiring but surely now full of dread….

leave a comment »

DPRFAIL

zwfviyhpjvezupkhcfz?

No one would surrender to the Dread Pirate Ulbricht.

Well the news cycle exploded this week with the arrest of Ross Ulbricht aka DPR or if you like The Dread Pirate Roberts of Princess Bride and now Silk Road fame. The schadenfreude here had been epic as the criminal empire that was one of the largest in the darknet was taken down because the “pirate” could not comprehend how to carry out OPSEC properly. What lead to this guy’s demise was some good old fashioned internet gumshoe work by an SA who also worked on the Sabu case back last year. Ross it seems decided to use his personal Gmail address for postings pimping Silk Road as well as  other assets that tied it all together digitally back to him. Not the best of OPSEC here Ross.

I challenge you to a battle of wits.

Anyway Ross had an idea and that idea was pretty interesting in that he wanted to use the darknet to have a Libertarian nirvana of commerce for just about anything. He set up his site, maintained it himself for a time, and then began to realize that he could not do it alone and this is where things start to go wrong. You see, when you run something yourself you only have yourself to deal with. When you start bringing in people to work for you and they know things about you (and you will always slip up here and give things away unless you are a trained spook) and that makes them a liability to your Operational Security. Ross learned this the hard way I suppose in that he started to feel that people needed to be whacked because they knew too much.

Meanwhile the OPSEC failures that Ross had made were steadily creeping up on him. So too were the UC’s on Silk Road who worked their way into the boards making deals and gaining his trust. In the end Ross decided that one of the UC’s was actually a cool Huggy Bear kind of guy and asked him to whack one of his administrators who he felt was a threat… OOOPS! If it’s one thing a Dread Pirate should know is to “Trust No One” but Ross I guess did not read that lesson in his Econ Theory classes. I guess it’s just another pointer I would make to all of you would be Pirates or Ninja’s out there … You can’t trust anyone. Oh, and yeah unless you are trained for this at say Langley or maybe Академия федеральной службы безопасности Российской Федерации you are more than likely to fuck up majorly and end up in the clink with Ross and many others. I have to say though that the idea of using the darknet and all the means that Ross had put together was a pretty good plan. The only real hitch was that he never took into account that he was going to be going up against a nation state(s) and they always win.

Hey, at least he didn’t fall for that land war in Asia thing right? …..

Look, are you just fiddling around with me or what?

So Ross went on to become the ersatz Walter White of the darknet until one day at his apartment in San Fran his doorbell rang. At the door was ICE/DHS and they had an interesting package for him in their hands. The package was full of ID’s with his face on them but not his name and when asked about them according to the complaint/affidavit his answer was “Anyone could get documents like these online at places like Silk Road” which let me tell you Ross, isn’t the thing you want to be saying here. After some questions and answers it seems the ICE/DHS folks went away which is confusing to me. First off, I surmize that the ICE Q&A was just a front for the FBI’s ongoing investigation into Ross but really, why tip their hand like that? If I were Ross I would have closed the door, waved at the feds through the window, watched them leave and RAN to my system to have a fire sale at Silk Road. I would have chosen a new DPR and been on my way to a non extradition country but ol’ Ross?

…..Nope.

Ross instead of cutting and running doubled down! He went on to do an interview with Forbes and continued on his way doing the business of being the “Dread Pirate” which let me tell you son, was one of the most ballsy and stupid things I have seen since Barrett Brown on camera threatened federal officers lives. Ross what were you thinking? I mean damn dude, did you really think you were Walter White? Oh well I guess time will tell as interviews are carried out or data dumps come from the feds as we go along slouching toward a plea bargain. Perhaps though your cognitive dissonance between personae online and offline just sort of short circuited you out and you couldn’t do anything other than carry on thinking you were covered.

Time will tell… But let this be a lesson to all you would be Pirates out there. You may call yourself a pirate or a ninja or even a Ninja Pirate but you really are just some shmuck with a grandiose sense of the self instilled in you by your helicopter parents who always told you just how fucking special and magnificent you were. So as you sit in federal pound you in the ass prison Ross take heart, for I am sure there will be another DPR someday in the darknets ….Sailing the dark digital waters with the shrieking eels that will some day end up in the cell next to yours where you can commiserate.

K.

Written by Krypt3ia

2013/10/06 at 20:25

So here’s my thing….

with 3 comments

dark_of_night_OURO

VQX HWMVCUSE JQJFASSNTG QV! X HQ JD ISIAVVE!

Face it.. We are all PWND six ways to Sunday

Every frigging day we hear more and more about how the NSA has been emptying our lives of privacy and subverting the laws of this land and others with their machinations. It’s true, and I have been saying as much since the day Mr. Klein came out of his telco closet and talked about how the NARUS system had been plugged into the MAE West back in the day. We are all well and truly fucked if we want any kind of privacy today kids and we all need to just sit back and think about that.

*ponder ponder ponder*

Ok, I have thought about it and I have tried to think of any way to protect myself from the encroachment of the NSA and all the big and little sisters out there. I am absolutely flummoxed to come up with any cogent means to really and truly protect my communications. Short of having access to the NSA supercloud and some cryptographers I don’t think that we will not truly have any privacy anymore. If you place it on the net, or in the air. We have reached in my opinion the very real possibility of the N-Dystopia I have talked about before in the Great Cyber Game post.

As the pundits like Schneier and others groan on and on about how the NSA is doing all of this to us all I have increasingly felt  the 5 stages of grief. I had the disbelief (ok not completely as you all know but the scope was incredible at each revelation) Then the anger came and washed over me, waves and waves of it as I saw the breadth and scope of the abuse. Soon though that anger went away and I was then feeling the bargaining phase begin. I started to bargain in my head with ideas that I could in fact create my own privacy with crypto and other OPSEC means. I thought I could just deny the government the data. I soon though began to understand that no matter what I did with the tools out there that it was likely they had already been back door’d. This came to be more than the case once the stories came out around how the NSA had been pressuring all kinds of tech companies to weaken standards or even build full back doors into their products under the guise of “National Security”

Over time the revelations have all lead to the inescapable truth that there is nothing really anyone can do to stop the nation state from mining our communications on a technological level. Once that had fully set in my mind the depression kicked in. Of late I have been more quiet online and more depressed about our current state as well as our future state with regard to surveillance and the cyberwarz. I came to the conclusion that no matter the railing and screaming I might do it would mean nothing to the rapidly approaching cyberpocalypse of our own creation arriving. ….In short, we can’t stop it and thus the last of the five stages for me has set in. I accept that there is nothing I can do, nay, nothing “we” can do to stop this short of a bloody coup on the government at large.

I now luxuriate in my apathy and were I to really care any more I would lose my fucking mind.

OPSEC! OPSEC! OPSEC!

Speaking of losing one’s mind.. Lately people all have been yelling that OPSEC is the only way! One (the gruqq) has been touting this and all kinds of counterintelligence as the panacea for the masses on these issues. Well, why? Why should we all have to be spies to just have a little privacy in our lives huh? I mean it’s one thing to be a shithead and just share every fucking stupid idea you have on FriendFace and Tweeter but really, if you can’t shut yourself up that is your problem right? No, I speak of the every day email to your mom telling her about your health status or maybe your decision to come out etc. Why should the government have the eminent domain digitally to look at all that shit now or later?

If you take measures to protect these transactions and those measures are already compromised by the government why then should you even attempt to protect them with overburdened measures such as OPSEC huh? I mean, really if you are that worried about that shit then go talk to someone personally huh? I know, quite the defeatist attitude I have there huh? The reality is that even though I claim not to be caring about it (re: apathy above) I actually do but I realize that we no longer have privacy even if we try to create it for ourselves with technical means. If the gov wants to see your shit they will make a way to do so without your knowing about it. I fully expect someday that they will just claim eminent domain over the internet completely.

Fuck OPSEC.. I want my government to do the right thing and not try to hide all their skirting of the law by making it classified and sending me an NSL that threatens to put me in jail for breaking the law.

Fuck this shit.

CYBERWARZ

Then we have the CYBERWARZ!! Oh yeah, the gubment, the military, and the private sector all have the CYBERWARZ fever. I cannot tell you how sick of that bullshit I am really. I am tired of all the hype and misdirection. Let me clear this up for you all right here and right now. THERE IS NO CYBERWAR! There is only snake oil and espionage. UNTIL such time as there is a full out kinetic war going on where systems have been destroyed or compromised just before tanks roll in or nukes hit us there is no cyberwar to speak of. There is only TALK OF cyber war.. Well more like masturbatory fantasies by the likes of Beitlich et al in reality. So back the fuck off of this shit mmkay? We do not live in the world of William Gibson and NO you are not Johnny Mnemonic ok!

Sick. And. Tired.

I really feel like that Shatner skit where he tells the Trekkies to get a life…

Awaiting the DERPOCALYPSE

All that is left for us all now is the DERPOCALYPSE. This is the end state of INFOSEC to me. We are all going to be co-opted into the cyberwarz and the privacy wars and none of us have a snowball’s chance in hell of doing anything productive with our lives. Some of us are breaking things because we love it. Others are trying to protect “ALL THE THINGS” from the breakers and the people who take their ideas and technologies and begin breaking all those things. It’s a vicious cycle of derp that really has no end. It’s an ouroboros of fail.

RAGE! RAGE! AGAINST THE DYING OF THE PRIVACY! is a nice sentiment but in reality we have no way to completely stop the juggernaut of the NSA and the government kids. We are all just pawns in a larger geopolitical game and we have to accept this. If we choose not to, and many have, then I suggest you gird your loins for the inevitable kick in the balls that you will receive from the government eventually. The same applies for all those companies out there aiding the government in their quest for the panopticon or the cyberwarz. Money talks and there is so much of it in this industry now that there is little to stop it’s abuse as well.

We are well and truly fucked.

So, if you too are feeling burned out by all of this take heart gentle reader. All you need do is just not care anymore. Come, join me in the pool of acceptance. Would you care for a lotus blossom perhaps? It’s all good once you have accepted the truth that there is nothing you can do and that if you do things that might secure you then you are now more of a target. So, do nothing…

Derp.

K.

Chupacabra… Aka Chupa

leave a comment »

Chupa

On a personal note, we have taken in a little 4 month old half Chihuahua half Daschund. His name is “Chupacabra” or Chupa for short… And yes, I know that Chupa in Mexican means “suck” but, he is such a little ankle biter that he reminded me of the Chupacabra stories.

We have had him a couple weeks now and he is fitting right in. Quite a smart and evil minded little monster too! He was a good choice.

Written by Krypt3ia

2009/06/02 at 01:11

Posted in A personal note

While I am on the subject of film..

leave a comment »

This week I intend to pick these up. I watched “A River Runs Through It” today off of the USB stick in my new DVD player here. Another fantastic film that won the Oscar for cinematography. Norman Maclean wrote some wonderful prose and his life and work should be more known to the masses.

I look forward to reading these works…

Written by Krypt3ia

2009/05/04 at 01:15

I had a farm in Africa at the foot of the Ngong Hills.

leave a comment »

With rue my heart is laden
For golden friends I had,
For many a rose-lipt maiden
And many a lightfoot lad.

By brooks too broad for leaping
The lightfoot boys are laid;
The rose-lipt girls are sleeping
In fields where roses fade.

With each viewing I am in awe of the work. Good bye Sydney, and thank you.

Written by Krypt3ia

2009/05/04 at 01:06

Posted in A personal note, Movies

A New Etsy Gallery

with one comment

So I decided to begin promoting my work some more. Etsy seemed like a good place to start… Do check it out.

Written by Krypt3ia

2009/04/18 at 22:10