Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Anonymous’ Category

ASSESSMENT: TEAM JM511

leave a comment »

Screenshot from 2014-03-14 10:04:48

JM511 Hacking since at least 2004:

There is a typical history to certain types of hackers and this genesis usually embodies first defacing sites and gloating about it online. Since the advent of pastebin and Anonymous things have changed a bit by dumping DOX or proof of hacks while gloating. JM511 has been one of these hackers who started around 2004 (by his own account as seen in the picture below) defacing sites and shouting out gr33tz to those he wanted to share his conquests with. Often times the tenor of JM511 has been “neener neener neener you stupid idiots!” which is pretty common and bespeaks a certain core need to feel superior to anyone and everyone coupled with poor impulse control. Of course in today’s world there are so many outlets to garner fame and fortune for your exploits like Twitter where JM511 has a long lived twitter feed where he posted his thoughts on hacking, politics, Islam, and generally used it as a platform for self aggrandizement.

Screenshot from 2014-03-14 10:31:54

To date JM511 has been pretty prolific and for the most part an afterthought by most for his acts against poorly protected sites. However, he has recently taken on a new aspect with recent posts that dumped credit cards and email addresses as well as other PII that some out there certainly should care about. Law enforcement at the least should be paying attention to large dumps of credit cards and PII as well as watching these guys who profess their ties (albeit tenuously at first) to AQ. I personally got him on my radar by a tip from a comrade who thought it might be a fun diversion for me to look into Mr. 511.. That tipster was right and I tip my hat to you sir.

JM511 Today:

JM511 has been a busy busy boy. A recent post by him on pastebin was what triggered all of this from the angle of Islamic hackers who may be in fact carding on the nets. The posting below is the cause for my looksee and as you can see he is taking pleasure in dumping people’s credit details and names on pastebin with impunity. JM511 has a whole long list of pastes out there showing his knowledge of XSS to SQLi and other attacks whilst mocking those he has ripped off or otherwise shamed in some way. Of course now he called his crew “Islam Hackers” and seems to have the aforementioned aegis towards opposing those who would oppose Islam. In fact he was one of the many voices on twitter back last April saying tha Dzokhar was not guilty of his crimes (bombing the Boston Marathon) and that Islam is a religion of peace. Odd that he says such things as he then turns around and starts abusing people online…

Screenshot from 2014-03-14 11:47:34

Screenshot from 2014-03-14 11:31:31 Screenshot from 2014-03-14 11:31:16

JM511 aka   فيصل البقعاوي aka Faisal Bakaawi aka Faisal Faisal Al Otaibi:

JM511 thought he had it all figured out though. His reign has been long and no one seems to have caught onto him to date.. That is until now. Through a circuitous use of Maltego, Google, and the frontal lobes of my brain I managed to trace JM511 through his SPECTACULAR OPSEC FAIL to his real name and his location. As JM511 aka Faisal Bakaawi or Faisal Al Otaibi claims that he is in and from Saudi Arabia I am sure he thought he could not be tracked. Well, he would be incorrect there because he forgot to compartmentalize his real life with his ID’s. Faisal failed to not re-use ID’s for non hacking things like say posting an ad for housing in Dekalb Illinois recently.

Screenshot from 2014-03-14 10:58:40It seems that Faisal is attending ESL (language school) in Dekalb and used his Yahoo account (jxffh@yahoo.com) which he tied to his Skype account FoFox511x which he also kindly attached to his cell phone (443-820-8939 Baltimore number btw) and he wanted a move in date of 11/5/2013 so I am going to assume that he has found lodgings by now there in Dekalb. Some might say to me “why did you post his details on the net! Shame on you!” well, I subscribe to the idea t hat turnabout is indeed fair play and all of this data is open source and public so it has an added giggle factor for schadenfreude.

UPDATE: While researching this it became clear that the name Faisal Otaibi also comes to bear in posts and videos by JM511. Further study showed direct links to Faisal Otaibi also being a Dekalb resident attending school (see pic below) I believe that Faisal either has a pal there with him also named Faisal or, more likely, they are one in the same and Faisal has just been trying to obfuscate his name. Either way, it is my conviction that Faisal Otaibi/Bakawai is indeed JM511. It is also key to note that a Faisal Otaibi is also listed as an ethical hacker who also attended last years hacker conference in Germany…. Oh and one more thing, ELS, the school is located on NIU’s campus.

Screenshot from 2014-03-14 17:12:44

Screenshot from 2014-03-14 11:36:25

Screenshot from 2014-03-14 10:30:07

Screenshot from 2014-03-14 10:48:32Screenshot from 2014-03-14 12:32:12

So, Faisal, thanks for playing but you lose. Please collect your silver bracelets at the door because LE has been informed of these details coming to light and you should be visited hopefully soon. I do love the irony of the selfies you took showing how you used those people’s credit cards to purchase domains on your Twitter feed though. I mean usually it’s some unsuspecting idiot showing off their new credit card and not understanding OPSEC. Of course in this case it’s  you and someone else’s money that will get you some jail time I suspect.

ASSESSMENT:

My analysis of this interesting side trip to my day is this; OPSEC, USE IT or FAIL miserably. Faisal, you failed and I eagerly await the news of your being popped for your crimes. Let it be an object lesson for others out there who may look up to such fools. You may hack for a while, you may have your fun at the expense of others but eventually you will make a mistake and get caught. It’s just your human nature and the law of averages that will get you in the end. Run! Scurry! Someone’s coming to see you.

K.

Written by Krypt3ia

2014/03/14 at 16:32

ASSESSMENT: PARASTOO/DarkPassenger

leave a comment »

Screenshot from 2014-01-28 14:33:15

PARASTOO پرستو :

I got a tweet today about some data sitting on cryptome.org that got me thinking about this “group” again so I did some more digging online on them (him) The name of the “group” is Parastoo (پرستو Farsi) which means Swallow or bird. In the last year this guy (yes I think it’s literally one deranged person) had been active on at least two .ir sites that dealt with security and hacking and then started his own domains to ostensibly carry out cyber war against Israel and attempt to leverage the IAEA and others. So far all of the alleged hacks and data dumps that I have seen have not impressed and the data itself seems to be from systems that they “think” are important but in reality they are not. Specifically of late there are threats concerning CIA plots and diatribes that read like Lulzsec on methamphetamine and Ketamine at the same time. This guy really has quite the beautiful and large tinfoil hat and he wants us all to know about it in no uncertain terms. It is interesting to read between the lines in a stylographic way how the writer here seems to be molding their communiques in the manner of Zodiac. with a third person approach that intones more than one person and that this is a group. By using “Parastoo is speaking” they come very close to the “This is Zodiac Speaking” which attempted to portray power and induce fear. It is also interesting to note the language used in the emails is of a nature that implies a good grasp of English as well as a flare for the overly dramatic which does not lend credence to the threats that they imply. In fact the reading I take away, and seemingly the press as well, is that of someone either trying too hard to be Anonymous or smacks of outright trolling.

Screenshot from 2014-01-28 16:43:37

zletter1

DarkPassenger:

Screenshot from 2014-01-28 15:35:21

In tracing the domains for parastoo.ir and hacker4hire.ir I came across a defunct site (RCE.ir) which was a PHBB site that is now offline live but is archived in a couple of places as well as Google caches. When searches for “Parastoo” were used a clear link to a user on the RCE.ir site came up and that user was “DarkPassenger” who posted often on the site not only about hacking tutorials, tools, and the like but also dropped many links to government sites in the US and talked about conspiratorial things in nearly every posting. The DarkPassenger’s favorite saying or ahorism in each posting was “de nobis ipsis silemus” which is taken from the Baconian epigraph to the first Critique and translates to “on ourselves we are silent” which is ironic for all the commentary that DarkPassenger is putting out there that speaks to his state of mind. The DarkPassenger is also a fan of TV and movies and can be tracked to other .ir sites but generally from the first searches, does not have a lot out there under this account name to go much further (at present writing) to say who he may be in real life. DarkPassenger though does seem to have quite a bit of time on his hands and some technical capabilities though. Much of the data however that he and Parastoo post though is really just OSINT that anyone capable could carry out. In fact in one post (DP) talks about OSINT while laying out informatics on a military organizations email addresses and contact list so he is in fact versed in the ways of OSINT collection. A key factor to the link I am making between the Parastoo and DP is that he uses the “EXPECT US” cutline in many of his posts as well and seems rather enamoured with the idea that he is in fact an Anon and that bent of conspiracy and overarching plots infuses the majority of his postings online.

Parasatoo.ir, hacker4hire.ir & RCE.ir:

Screenshot from 2014-01-28 15:32:45

Screenshot from 2014-01-28 17:16:02

Screenshot from 2014-01-28 17:16:45

Screenshot from 2014-01-28 17:17:07

Screenshot from 2014-01-28 17:25:27

The postings claiming hacks as well as those that rave on claim that DP had set up a couple domains for “attacks” on the outside world from the .ir domain. These domains are registered by what I assume is a cutout name of zohre sajadian which coincidentally was also used for the RCE.ir site. All sites are currently down and in fact I cannot locate any content for the hacker4hire.ir nor the parastoo.ir sites respectively. The only one that did have active content for a while was the RCE.ir address. This site was up for quite some time but was insecure and much of the content was not that interesting. It is of note though that the domain registrations all line up as well as there seems to be some overlap in email hosting between a .ru address and the chmail.ir site (that address is verified as being real)The information for the address as well as the name of the holder seems to be just made up. In fact the address cannot exist because there is no intersection for Felestin Street with Johmoori. A cursory look at the name used of Zohre Sajadian also comes up with some hits but they seem to be un-related at this time to the sites and their registration so mostly this is a dead end I think.

Alleged Hacks & Anonymous Rhetoric:

Screenshot from 2014-01-28 17:43:41

 

Screenshot from 2014-01-28 17:45:54

So far in my searching I have not found too much out there to support any large hacks of data or dumps thereof that show this “group” has done what they claim they have overall. Aside from news stories (few in fact) that claim Parastoo made off with “sensitive” information on nuclear systems and facilities. However the data that they claim to have taken and was admitted to by IHS Inc. is all of a nature that can be purchased from the web or has been published already in the past. The only real sensitive information that has been possibly breached was credit card information that may have resided on those servers that were compromised. So while the Parastoo makes grandiose claims of important hacks and data leaks, thus far, when really investigated they have yet to make a major hit on anything of real import. Since the sites have gone dormant or offline as well it has yet to be determined what else they may be working on or have compromised but if you look at the rhetoric from their pastebin posts as well as the alleged emails on Cryptome one becomes a bit jaundiced and must take everything they say with a large grain of salt. Another factor to remember that even with the drawings like the one at the top of this post are often available to anyone on the internet either by insecure or misconfigured servers or in fact the data is meant to be open to the public. This is a paradigm I have learned about recently in looking into the OSINT on nuclear facilities and systems. So these dumps of information are not what the attackers think they are because they are unacquainted with the data and it’s secrecy or lack thereof.

ANALYSIS:

The final analysis of the “Parastoo” group is that in reality it is at least one person (DarkPassenger) who wants to make a statement on Israel and nukes with a fixation on IAEA and DOE. While some pastes in the pastebin list seem to have actual data from systems that are externally facing to the internet (DOE for one) the majority of the data seems to be half understood misinformation being spewed to garner attention. As the Anonymous model has been let out of the bottle so to speak post Lulzsec, there are many who would aspire to their level of reputation and attention and these dumps are an attempt to attract it. Of course the problem with the Anonymous model of operation is that anyone can take on the mantle and claim to be an Anon or a group of them to effect whatever outcome they seek (mostly attention) so it is oftentimes hard to take groups like this seiously until such time as they dump hard data onto the internet for all to see. In the case of Parastoo none of this is evident and as such I categorize (him/them) as a non threat actor on the larger stage of geopolitics and information warfare at this time.

K

Written by Krypt3ia

2014/01/28 at 22:54

ASSESSMENT: Anonymous Caucasus, Electronic Army of the Caucasus Emirate

with 3 comments

Screenshot from 2014-01-11 16:36:01

Jihad 3.0

The time it seems may be upon us where Anonymous meets Jihad, something I am calling Jihad 3.0 for the moment. Very recently a site has popped up as well as a video therein claiming that a new Anonymous cell calling itself “Anonymous Caucasus” They have made a splash by declaring an OP against the Sochi Olympics and the Russian government for crimes against the Caucasus Emirates. Now this is a big deal in the sense that already Russia has been the site of two “Black Widow” suicide bombings prior to the games actually starting as well as this is the first nexus between Anonymous and Jihad.

Think about this for a moment. Anonymous, an idea online is now being used as a weapon within the Islamic Jihad ostensibly as an electronic army to backstop the greater jihad. This will no doubt cause some consternation to not only some Anon’s perhaps but also to the terrorism analysis and warfare set as well. It seems perhaps that Vilayat Dagestan is taking a page from the Syrian playbook here and following the SEA (Syrian Electronic Army) model. Of course one wonders just how much power this group will have in the area of hacking but in tandem with kinetic attacks and intelligence gathering, this could be a new generation in the GWOT.

Anonymous Caucasus, Electronic Army of the Caucasus Emirate:

رسالتنا هي للحكومة الروسية و إلى كل الشركات التي هي جزء من ألعاب سوتشي و تضع كل دولار لإقامة هذه الألعاب على أرضنا . الأرض التي تمت فيها الإبادة الجماعية للقفقاسيين في عام 1864 حيث تم إبادة أكثر من 1 مليون شخص . مجهولو القوقاز يؤمنون بأن ألعاب سوتشي ستقام فوق أكثر من مليون قبر لأشخاص أبرياء نفقوا في الإبادة الجماعية . عار على روسيا و على كل قفقاسي يؤيد إقامة تلك الألعاب على أرض وطننا . اليوم مجهولو القوقاز قرروا القيام بعملية جديدة ، عملية PayPackSotchi أكبر عملية ضد الحكومة الروسية و سنشن الحرب الإلكترونية عليها. اليوم مجهولو القوقاز أقوى من أي وقت مضى و نشاطنا سيكون عالمي . نحن ندعم كل الأمم القفقاسية التي هي ضد روسيا و ضد أعداء الإسلام. سنجعل الحكومة الروسية تفكر 1000 مرة قبل أن تقرر أن تقوم بأي شيء على أرضنا . اخرجو من ارضنا ، اخرجوا أو سنجعلكم تحت اقدامنا . اذا العالم سينسى المسلمين و مجهولي القوقاز فنحن لن ننسى أبدا . حربنا الإلكترونية ضد روسيا سوف تؤثر على جميع الحكومات و مواقع الشركات التي هي جزء من ألعاب سوتشي و جزء من محاربة الإسلام . نحن دائما موحدون و أبدا متفرقون و أفعالنا ستثبت من نحن . هجومنا الأخير على البنوك الروسية كان مجرد دعابة . سنقتل روسيا بنجاحاتنا و سندفنها بابتسامتنا . هجومنا سيودي بالحكومة الروسية إلى الحضيض و سيجعل العالم يعرف من هم القفقاسيين و من هم المدافعين عن الإسلام . هذا اليوم سيأتي قريبا كما هو معتاد و الشر بذاته سوف يتهاوى . سنضحي بأنفسنا من أجل كل شخص حر و كل إنسان لم يكن يملك أي شيء سيكون الان مفعم بالقوة ضد الشر . نحن مجهولو القوقاز … لن ننسى أبدا …. لن نسامح أبدا … ترقبونا

Our message is to the Russian government and to all the companies that are part of the Sochi Games and put every dollar to establish these games at home . The land in which the genocide of Afghanistan in 1864 where he was the extermination of more than one million people. Unknown Caucasus believe that the Sochi Games will be held over the grave of more than a million innocent people had died in the genocide . Shame on Russia and all Agafqasa supported the establishment of those games in our homeland . Today unknown Caucasus decided to do a new process PayPackSotchi largest operation against the Russian government and will launch electronic warfare on them. Unknown Caucasus today is stronger than ever and our business will be global . We support all the nations of the Caucasus , which is against Russia and against the enemies of Islam . The Russian government will make you think 1000 times before you decide to do anything on our land . Akharjo of our land , or get out Sndjalkm under our feet . If the Muslim world will forget and unknown Caucasus , we will never forget . E fight against Russia will affect all governments and corporate sites that are part of the Sochi Games and part of the fight against Islam . We are always united and never dispersed and our actions will prove who we are. Our attack on the last Russian banks was just a teaser . Russia will kill our successes and Sndfnha Baptsamtna . Our attack will claim the Russian government to the bottom and make the world know who they are Caucasians , and they are defenders of Islam . This day will come soon, as usual , and evil itself will crumble . Sacrifice ourselves for each person is free to everyone and did not have anything now going to be full of force against evil . We Caucasus unknown … We will never forget …. Will never forgive … Triqbona

Statement from the Anonymous Caucasus

The above statement is directed toward the Russian government and the Sochi games but really does not say much about what attacks are to come. They mention attacks against banks but little more than “look out we’re coming for you” as is often the case with an anonymous operation. The Arabi here for the most part translated as if it was already written in English and translated into it but it seems perhaps that the author is fluent in not only English but also Russian and Arabic. As announcements go this site is some what green with many functions not yet up for use but generally it seems they are somewhat serious about not being taken off line (cloudflare) as well as having the media savvy for a slick video set and graphic design.

Analysis:

Screenshot from 2014-01-11 16:37:46@AnonymousCaucasus

Screenshot from 2014-01-11 17:15:18WHOIS anonymou.so

Screenshot from 2014-01-11 19:37:33Hacking of Kavkazpress.ru site on Vilayat Dagestan site by Anonymous Caucasus

In looking at all of the site data and looking behind the scenes a bit has been interesting. It seems from the WHOIS data and the links to and from the site (including shared infrastructure such as email) link Anonymous Caucasus directly with Vilayat Dagestan. Vilayat Dagestan is aligned with Islamism and has ties to Al Qaeda. In fact all of you out there may in fact be remembering the ties that Tamerlan and Dzokhar had to the area and to the same group ostensibly when Tamerlan went to the old country to visit. The question then becomes is this actually a funded operation by Vilayat and the Caucasus Emirate or is this a smoke screen for some kind of attention and support? Since the sites tie right back to each other with shared infrastructure it is my opinion that this is in fact an approved operation by Vilayat.

These facts, the connections to the Mujahideen and the actual words spoken on the Anon Caucasus video show it to be not only an anonymous emulating group but also in fact part of the greater jihad. This then makes it a new twist in the GWOT for us all. As stated above it remains to be seen just what capabilities this group will have but the paradigm itself is what is more important in the grander scheme. For the moment though we can see they have hacked at least one site and show proof of it with a dump on pastebin as well. Of course the reality of most hacking operations with regard to Anon as well as the jihad thus far have only been propaganda oriented. We have yet to see real operational intelligence being gathered and used by AQ and others in theatre so to many this may also seem just an interesting twist. We will have to see what happens when the games begin and move on. Perhaps these guys are all bravado… Perhaps other Anon’s might not like this group’s using their nom de guerre for terrorism…

Interesting times….

K.

Written by Krypt3ia

2014/01/12 at 00:57

Posted in Anonymous, Caucusus, jihad

The DARKNET: Operation Legitimacy?

leave a comment »

strongbox

gaiuaim ioi dui pln!

The DARKNETS…

The “Darknets” You’ve all heard of them. Some of you out there may have traversed their labyrinthine back alleys. However, have you ever thought that someday the darknet would be just as legitimate as the “clearnet” is today? With the recent bust of DPR and the Silk Road there has once again been great interest in the “Deep Web” and this interest was sparked once again for me too. It seems that the darknet is the new black once again and people are flocking to it just like onlookers at a traffic accident. Others though seem to be aiming to use the darknet technology (TOR and hidden services) to support free speech and to pass information as a legitimate whistle blower.

Still Mos Eisley but….

I loaded up TOR & Tails and took a trip once again into the digital Mos Eisley. It is still dark and full of crazy things and if you go there you too will see black market items, services like Assassinations for Bitcoins, and run of the mill blogs. You can (allegedly) buy just about any kind of drug in quantity just as easily as buying/mining bitcoins and paying for your drugs with them. All anonymously (once again allegedly as you can see from the DPR fiasco) via the Onion hidden services and backed by other services from anonymous email on TOR to bitcoin exchanges. However one can now see other sites out there that aren’t so black market oriented as well.

One such site is pictured above. The New Yorker decided post Ed Snowden’s revelations, that it was a good idea to put their new “secure dropbox” on the hidden services. This is a legit site that has been talked about on the clearnet as well as in the media a couple months ago. This is one of the first more legit sites I have seen out there that is offering a secure means to talk to reporters using the security that others on the darknets are using to carry out illegal activities. I have yet to really look at the site’s security but overall I see this one site being the key to showing others out there how the darknet can be used for something other than crime. Of course then again, if you ask the Obama Administration even this site could be considered illegal or an accessory to illegal leaking I guess. It’s really a matter of perspective.

Gentrification?

So what about other sites? What would you out there use the darknet for that is not “illicit” but requires some security and anonymity? I can foresee other sites popping up perhaps in the arena of free speech or even political movements that might like this model to pass their ideals on. I honestly think this is a turning point for the darknet. Of course this is all predicated on the darknet being “secure” after the revelations from the Snowden Archive of late. It seems the NSA is really trying pretty hard to de-anonymize anyone they want to and would love to have it just not anonymous at all. Well, let me re-phrase that.. Have them THINK it’s anonymous while it is not so much to the NSA.

Other sites out there include an online Koran as well as all kinds of other non criminal sites that are.. Well.. Kinda goofy or fringe. I think that perhaps now things might shift as the technology becomes easier to manage making it easier with global connectivity for us all to hang up a shingle in the darknet.

Time will tell though I guess…

K.

I Am Disappoint: Gabby Coleman and Anonymous

leave a comment »

0

LAMESTREAM SOCIOLOGY

So Schneier, the paragon (most of the time lately) of being behind the curve, has linked a paper put together by Gabriella Coleman (ersatz sociologist and Anonymous cipher) Before clicking on the link and downloading I braced myself for a read that likely would make me want to perform the head—>desk ritual. Sure enough, after reading the 27 pages of mostly histrionics regarding Anonymous I was ready to apply said head to desk with the usual force. Why do I do this to myself? I suppose that I am that person who Einstein referred to as the epitome of insanity by performing a task over and over again expecting a different outcome. Either way, I thought it appropriate to call this into question for the larger audience to look upon and judge post my bile spewing.

HOW MANY YEARS OF STUDY DID IT TAKE TO PUT 27 PAGES OF DRIVEL TOGETHER?

Well Gabby, how long were you following the anon’s around again? I think you would have been better served by reading Parmy’s book and then spewing out some facts and insights after a little digestion than what you have put out there as a scholarly text on the Anonymous movement. Sure, your generalities concerning modus operandi citing the Rand report from 1997 is all super cool and all but really, what audience are you reaching out here to? You neither get into the issue deeply enough for the non novice concerning the net and Anonymous nor do you really put together a usable picture for the un-initiated to follow along as to what is really happening and has been since Anon percolated up out of the pool that is 4chan.

All in all the paper if it be called such, just lays out in florid language, the long and winding road of histrionics around Anonymous but not really touching on the issues of how it/they have been effected as well as are affecting the net/global politics/cyberwar today. There are hints and allegations in it but really, you are a sociologist are you not? Should you not be taking up this kind of inquiry as well? What you do do though is state that they are a not so anonymous and not so leaderless group which sounds awfully familiar to me. *I wonder why? Maybe you should look at my blog posts all these years eh?* While you point out that they have been a force, you do not really maintain what kind of force they are nor do you summarize whether or not you think that they will be a real force in change nor why they would not be? Well nominally I think you allude to the lack of cohesion but then you go on to counter that with all of the amazing things they can do with PR and hive mind. Frankly you just seem muddled there. Perhaps overall it is because they are so amorphous that you cannot really conclude anything at all? Which you again allude to.. It’s like that saying from the Supreme court on porn “I know it when I see it” It’s mighty useless when it comes to actually explaining something.

ANONYMOUS IN THE AGE OF THE PANOPTICON

The one thing.. ONE thing that I would have loved to have seen anything solid about is how today post events with busts like that of Silk Road and the other fallout from the Snowman revelations have affected the anons. You kinda sorta mention it at the end but then drop it. Perhaps it is too early to tell on that account. Perhaps you are just still milking this whole thing to further your drivel writing. I dunno. I just think that there is a far richer picture here that needs to be looked at and you are failing to do so with all your years of allegedly “studying” the anon diaspora. This paper was useless and I sure hope that policy makers aren’t reading it to understand anything other than the history of how Anon was born because otherwise they will be left more clueless and tired eyed than they started.

Oh and yeah so when do you appear on the next Dr. Phil?

K.

Written by Krypt3ia

2013/10/03 at 18:08

BofA Gets A Burn Notice

leave a comment »

data-deeper

rode bb iqdnpmbia fpn’k ybi lr qektrf?

PARANOIA 

par·a·noi·a

[par-uh-noi-uh]  

noun

1.

Psychiatry. a mental disorder characterized by systematized delusions and the projection of personal
conflicts, which are ascribed to the supposed hostility of others, sometimes progressing to
disturbances of consciousness and aggressive acts believed to be performed in self-defense or as a mission.
2.

baseless or excessive suspicion of the motives of others.
Also, par·a·noe·a  [par-uh-nee-uh]  Show IPA .
Origin: 
1805–15;  < Neo-Latin  < Greek paránoia  madness. See para-, nous, -ia

Paranoia , the Anonymous intelligence division (self described) published a dump of data ostensibly taken from Bank of America and TEK Systems last week. The information presented seems to show that BofA had contracted with TEK to create an ad hoc “Threat Intelligence” unit around the time of the LulzSec debacle. Of course since the compromise of HB Gary Federal and the revelations that BofA had been pitched by them to do some contract work in the disinformation business it only makes sense that BofA would set up a threat intel unit. The information from the HB Gary dumps seemed to allude to the fact that BofA was actively looking to carry out such plans against those they perceived as threats. Anons out there took great umbrage and thus BofA was concerned.

This blog post is being put together to analyze the data dumped by Anonymous and to give some perspective on what BofA may have been up to and to set some things straight on the meanings of the data presented by Paranoia. First off though I would like to just say that I think that generally BofA was being handed lackluster threat intel by a group of people with intelligence background. (for those names located in the dumps their LinkedIN pages showed former mil intel work) This of course is an opinion formed solely from the content that was available online. There may have been much more context in formal reports that may have been generated by the analysts elsewhere that was not open for the taking where Anon found this dump. The daily and monthly reports found in the database showed some analysis but generally gave rough OSINT reports from online chat logs, news reports, and pastebin postings. There seemed to be a general lack of product here and as such I have to wonder if there ever was or if perhaps those reports never made it to the internet accessible server that anonymous downloaded them from.

B of A’s THREAT INTELLIGENCE TEAM

Since the leak of their threat intelligence BofA has been recruiting for a real team it seems. A Google of the parameters show that they have a bunch of openings all over the place for “Threat Assessment” It makes sense since the TEK Systems team may in fact be mostly defunct but also that they likely would want an in house group and not have to pay overhead on consultants to do the work for them. TEK’s crew as well may have been the problem that caused the leak in the first place by placing the data in an accessible area of a web-server or having passed the data to someone who did not take care of it. Either way it looks as though BofA is seeking to create their own intelligence apparatus much as many other corporate entities are today. The big difference though is what exactly is their directive as a group is to be.

One of the problems I have with the Paranoia analysis is that they take it to the conspiratorial level and make it out to be some pseudo CIA like entity. The reality though is that from what has been shown in the documents provided, that this group really was only tasked with OSINT and threat intelligence by passive listening. This is a key difference from disinformation operations and active participation or recruiting of assets. I will cover this in more detail further on in this post so suffice to say that what BofA was doing here was not only mediocre but also not Machiavellian in nature. The argument can be made though that we don’t know the whole picture and I am sure Paranoia and Anonymous are leaning that way. I cannot with what I have seen so far. What I see is an ad hoc group of contractors trying to create an intelligence wing as a defensive maneuver to try and stay ahead of incidents if not deal with them more effectively should they not be able to stop them.

Nothing more.. Nothing less.

Threat Intelligence vs. Analysis and Product

All of this talk though should be based on a good understanding of what intelligence gathering really is. There are many variations on intelligence tasks and in this case what is clearly seen in the emails and documents is that this group was designated as a “Threat Intelligence” collection group. I have written in the past about “Threat Intelligence” and the misnomer many have on the idea that it is some arcane CIA like pursuit. One of the bigger problems overall is perception and reporting where intelligence gathering is concerned. Basically in today’s parlance much of the threat intelligence out there in INFOSEC is more around malware variants, their C&C’s and perhaps who are running them. With the advent of APT actors as well as criminal activity and entities like Anonymous the paradigm of threat intelligence has come full circle back to the old school idea of what it is from the military sphere of operations.

Today’s threat intelligence is not only technical but also human action driven and this makes it even more important to carry out the collection and analysis properly in order to provide your client with the information to make their decisions with. Unfortunately in the case of the data from BofA we see only sketchy outlines of what is being pasted online, what may be being said in IRC sessions, and what is in the news. Nothing overly direct came from any of the data that I saw and as “product” I would not be able to make much of any decisions from what was presented by TEK Systems people. What is really missing within the dump from Paranoia was any kind of finished analysis product tying together the information in a cogent way for the executives at BofA. Did TEK actually carry this type of activity out? Were there actual reports that the execs were reading that would help in understanding the contents of the raw intelligence that was being passed on in emails daily and monthly? I cannot say for sure. What I did see in the reporting (daily threat reports as well as monthly) were some ancillary comments by a few of the analysts but nothing overly structured or productive. I really would like to know if they had more of an apparatus going on here as well as if they plan on creating one again with all of the advertised positions in that Google search above.

Threat Intelligence vs. HUMINT

This brings me to the whole issue of Threat Intel vs. HUMINT. It would seem that Paranoia thinks that there is much more than meets the eye within the dump that makes them intone that there is a HUMINT (Human Intelligence) portion to the BofA program. While there may well be some of that going on it was not evident from any of the documents I looked at within the dump files. HUMINT would imply that there are active participants of the program out there interacting with the targets trying to recruit them or elicit information from them. With that kind of activity comes all of the things one might conjure up in their heads when they think on NOC (Non Operational Cover) officers in the CIA trying to harvest intelligence from sources (assets) in the field. From everything seen that was posted by Paranoia this is not the case.This operation was completely passive and just collecting data that was in public view aka OSINT. (Open Source Intelligence) Could BofA be seeking to interact more with Anon’s and generate more personal data other than that which the Anon’s posted about each other (DOX’ing) sure but there is no evidence of that. Given the revelations with HB Gary though I can see why the Anon’s might be thinking that they are likely taking more robust non passive actions in the background elsewhere though. Overall I just want everyone to understand that it’s not all cloak and dagger here and seems that Paranoia has a flair for the dramatic as a means to get their point across. Or, perhaps they are just living up to their name.

Assessment

My assessment in a nutshell here of the Paranoia BofA Drop is as follows:

  1. Paranoia found some interesting documentation but no smoking gun
  2. TEK systems did a mediocre job at Threat Intelligence with the caveat that I am only working with the documents in plain view today
  3. BofA like any other company today has the right to carry out this type of activity but they need to make sure that it’s done well and that it isn’t leaked like this
  4. If more documents come out showing a more in depth look at the OSINT being collected then perhaps we can change the above findings
  5. BofA needs to classify their data and protect it better on this front
  6. Paranoia needs to not let its name get the best of itself

All the drama aside this was a ho hum really. It was funny seeing all the analysts taking down their LinkedIN pages (really, how sekret squirrel is it to have a LI page saying who you work for doing this kind of work anyway? SECOPS anyone?) I consider those players quite burned and assume they are no longer working on this contract because of it. All you analysts out there named, you are now targets and you are probably learning SECOPS the hard way huh? I guess in the end this will all just be another short chapter in Encyclopedia Dramatica and an object lesson for BofA and maybe TEK Systems.

For everyone else.. It’s just LULZ.

K.

Sabu: The Anonymous Zeitgeist?

with 2 comments

 

Quinn Norton’s Wired Elegy for Anonymous and Sabu 

I saw the article come up in the RSS feed and thought “here we go again” and surely, we did go again, to that special place where fantasy meets maudlin memories of what once was… Well, for those that is who live in the fantasy world and not reality. The ode to Sabu and Anonymous that Quinn put down to digital ink was one of the larger steaming piles on the internet I had seen in some time, and trust me, I have seen some epic steaming piles of shit on the internet kids.

Aside from the obvious issues of some scattered ideas, I was taken aback by the article’s reverence for Anonymous and the feel that the writer, having been “embedded” for so long, has basically been overtaken by “Stockholm Syndrome” and believes the hype that Anon’s would like to have spun about their organization, collective, group… Ehh, whatever it is. Phrases like the following cued me in on her deep need for deprogramming:

In 2011, Anonymous figured out how to infiltrate anything, to mobilize not just machines but bodies.

Really? They are the new APT huh? They are an existential threat to the existence of society? What flavor was the kool aide you had Quinn? Must’a been strong strong stuff, or have you just gone all Patty Hearst on us all? Tell me, do you have a green army jacket and a copy of LOIC in your purse? I am sorry to report to you Wired, but, your reporter has gone over to the other side…  Suffice to say, that I have issues with this article and the following graphs will enlighten you as to why. First off though, lets cover the first couple of paragraphs of this epic story, the elegy for Sabu and his power…

Sabu, Hector Xavier Monsegur, International man of mystery, and master hacker, idol of the Anonymous hackerati, and petty criminal. A force to be reckoned with as the article makes out, but, also fails to point out that in an “anonymous and headless” org as they like to think of themselves, was in fact, not only a snitch but also a “SINGLE POINT OF FAILURE” as we say in the information security business. This is something that Quinn failed to comprehend or just negates due to the kool aide drinking (think lotus eaters) that seems to pervade the anonymous movement as well as the Occupy one that she later waxes poetic on down further in the article.

If indeed Sabu was so loved by anonymous, and approved of, then they have completely abdicated their core beliefs in operations and set themselves up for the fall that came with Sabu’s arrest and subsequent rolling over on everyone in the “movement” that have spawned all of the arrests we are now seeing come to trial (cleary et al.) So, neither Sabu, nor the Anon’s of Lulz/Antisec nor Anonymous as a whole were very bright about the operational details that later would bedevil them.

See kids, everyone makes mistakes and no one is immune to them. Sabu made them, you all made them, and in the end, several of your pals will be going to pound me in the ass prison.. and for what? I’m afraid none of is as smart as we like to think we are. Just so happens some of you are now finding this out.. The hard way…

Sabu was no hero.

Sabu was no digital hacker god.

Sabu was just a guy with troubles and a need to feel important, loved, idolized, and he wanted ATTENTION.

He had them all, and now has even more, from federal authorities.

His ID ate his Ego and it led him to absolute compromise of his life.

As Quinn would make out, he was the poster child for Anonymous, able to hack anything in a single bound! What Quinn fails to tell you is that a majority of the hacks were low hanging fruit and he was shooting fish in a barrel. You see, the skidz were out selecting targets not because of political importance, but instead they were just looking for the easy score. It’s far easier to claim a win and surround it with political and movement ideals than it is to go after true targets, work assets, and compromise with an end goal in mind.

Wake the fuck up Quinn…

Do-Ocracy or Erratic Primates With Computers?

Quinn goes on to wax poetic on how Anonymous has a “do-ocracy” which, uhh, what? Really, what the fuck does that really mean? You are trying to tell me that it’s a headless org without leaders and yet people come together and do things in a concerted way? Sure, yeah, that works for DDoS but what about all this hacking you are going on about as if it were fantastical and magic?

Tell me, how many disorganized personalities out there do you know of work as hackers? It takes focus, well, unless its the usual low hanging fruit target that Lulz approached that is. Granted though, the HB Gary thing, that was done well, they had a plan, they engineered people and that went off as a well oiled machine would. I applaud that one kids, really I do, not from what you did, but the way you did it. That was worthy, but, still, what is all this claptrap that Quinn is going on about now?

Do-ocracy, yeah, don’t buy that one either. Look, you cannot have an unstructured organization or even a collective. You liken yourselves to a stochastic system in one breath, then say you are a hive mind like bees the next. Lemme give you all a hint, bees and ants, they use signals from leaders to tell them what to do, where to go etc.

See kids, it’s a system they have ranks, they have functions, and they work towards a concerted goal using messages. Go on, go read about them and then come back once you have a grasp of it all… I’ll wait.

………..

Ok, back? Do you have a better grasp of this now? Now ponder this, you are all primates. SOCIAL primates by the way, you all work together by communicating AND you tend to have leaders. How does that work within the confines of what you think you know about stochastic systems like the one you claim to have?

Ya know, like the one that Sabu and you all created that was not so leaderless and is now pretty much out of commission?

Yeah…

It’s time you all took a look at sociology and psychology in regard to what you do and how you are doing it.

Herds and Flocks Both Have The Same Flaw.. Someone Takes The Lead

I have written about this before so I will not belabor it more here, I will simply point you HERE and have you read. Once you have, come back and finish out this article.

So, You’ve DDoS’d and You’ve DOX’d… I See Nothing’s Changed.. So Much For Zeitgeists 

So, Sabu was the zeitgeist of Anonymous according to Quinn. He and his pals hacked many places and caused quite the ruckus, but, what really came of all that action huh? Do we have anything to really speak to the vast and sweeping changes that their actions created?

Is our data safer now generally?

Have the cops been stopped from abusing power?

Has the government thought better about their power grabs both on the internet and off?

Has a more open and equitable system of governance been created from it all?

No, no, no, and no. Basically, all of Sabu’s and Anonymous’ actions to date have not made us better off at all really. Sure, you can make correlations that Anonymous has something to do with the Arab spring, but, just how much is a real problematic thing to quantify. Hell, even Quinn would not throw it up there definitively in her kool-aide haze (good for you!)

So, what’s this all about I wonder? Is this movement, which was born from /b/ and Lulz just the rabid collective Id or is it a movement? It would seem according to some, that the organization is maturing and that the majority want to do something about the encroaching government and corporate control over us all. I personally would love to see this happen, that the masses get organized and energized about making a difference in the years to come against the governments heavy hand.

Do I have real hope of this happening? Not really…

If Anonymous continues with the DDoS and Doxing that we have been seeing against targets of opportunity, we will have no substantive change, well, I should say no “positive” change. You see, if you keep doing what you have been ad nauseum, you will only serve to make the government tighten their grip on us collectively. Now one could argue that this will happen anyway, and frankly, I see in my minds eye Bluto making his famous “Germans bombing Pearl Harbor” speech at Delta house here, but couldn’t we do something more constructive?

In the end, just realize that all your machinations to date, have not raised the consciousness nor made real change. Here is where your analogy to bee’s comes back to bite you in the ass.. You have stung, now, lacking stinger, which you leave in the target, you go off and die. Ya know, like the famous Sabu and his rhetoric!

Oops.

So, How Different Are You From The Obama Administration, CIA, NSA, etc Post STUXNET and FLAME and CYBERWAR, Drones, etc?

Finally, I will leave you with these parting thoughts…

Ponder these ideas and questions;

  • How different are you from the governments that you say are being heavy handed when you DoS (no, its not a protest) those who you disagree with? Instead of say engaging in debate?
  • How different are you now from those you despise when you use the same hacking techniques to attack them? With cyberwar nakedly being used now, are you so different?
  • Remember, also with cyberwar, you are now a cleared target as well and may in fact become so because your actions are considered “warfare”
  • Remember one more thing, you guys don’t kill people.. The government is and will. Not to say that they will be coming after you with a drone firing a missile, but, generally these guys are much more serious about shit than you are.

I am not saying that you all should just lie down. That anonymous needs to go away. Far from it, I am saying you need to work smarter. If you don’t then I should expect more arrests and more insiders being the linchpins to those mass arrests being carried out.

Stop letting your Ids rule you and let the Ego drive a bit kids.

Oh, and Quinn, I can provide you a name of a good de-programmer if you like…

K.

Written by Krypt3ia

2012/06/27 at 09:36

Posted in .gov, Anonymous, AnonyTards

Building A Better Anonymous: Separating The Philosophical From The Practical

with one comment

So, here’s my thing…

Ok, so here’s my thing.. This notion of building a “better” anonymous is right up front, doomed to failure. As notions go it is a very altruistic one that I think Brian and Josh have thought about quite a bit, but, like many who get wrapped up in the grey areas of philosophy and semantics, they too got lost in the woods and could not see the forest for the trees in the end. Evidently Source Boston had them keynote the show with their talk on making a better, more accountable, and false flag “mostly” free Anonymous that stems from their series of “Building a Better Anonymous“, a series that I actually helped with a bit in the background (shhh don’t tell anyone.. oops) 

The case that they make is an interesting one but from my point of view fails to deal with the concept of human nature that will inevitably be the downfall of any such association, group, collective, or whatever else you would like to call it. Human nature, (i.e. the problem between the chair and the keyboard) will always win out because, you guessed it, we are “human” and we have foibles, wants, desires, and of course and ego. These things all make us do things that are counter to the best laid plans of mice and men (aka a charter of standards and behaviors) and will, in the end, cause some to draw outside the lines of acceptable practice.

This means bad actions from bad actors within the fold.. Or, as in the case of the flawed idea of “Anonymous” as an action, will allow for bad actors to take up the nome de plume of “Anonymous” and do things counter to their ideals but still leave the stench and onus on them as the Judas goat. Boiling it down to a simplistic statement for me kinda encapsulates the whole issue of “Anonymous” which means “unknown” by and of its premise, cannot at any time ever, be considered a movement/group/collective etc that will never be used as the scapegoat for bad actors. Nor will it ever mean that bad actors will never get into the fold and destroy things (like a reputation) from within.

And here’s the statement: “One cannot be Anonymous and expect to change the system for the better. If you have a problem with the system (see above poster) then you must be a known quantity”

Josh and Brian speak of charters and standards of action, but there can never truly be accountability as long as those who claim to be advocating those standards hide behind anonymity. When you are anonymous, you lack accountability and thus, the ego and other human natures allow you to do whatever you like. Speaking of human nature, let me direct you to some movie references that they make and where the human nature portion has been stripped from the argument.

The hitman/cleaner in “Léon: The Professional” had a rule; “No women. No kids.”    (Leon follows this so good on them)

In Fight Club: “The 1st rule of Fight Club is, do not talk about Fight Club”.   (Fight club spreads because people cannot shut up)

In The Transporter, “Rule #3: Never open the package.”  (You guessed it.. HE OPENED THE PACKAGE!)

So, out of three examples there, one was ok. But you are seeing my drift there are you not? Human nature will be the downfall of all the grand plans and schemes we have. It’s our nature to do things in our own self interest more than follow guides or charters. If that were not the case, we would not have crime and prisons right? This is an all too convoluted space to be working in and assume that by laying down some “law” (charter) that everyone will follow it AND that the inevitable others who do not, will not affect the whole by their actions. Add to this the notion of something like Anonymous, who’s actions claim to be anything from lulz to moral actions, and you have a great swath of FAIL that will happen.

It’s all well and good to quote Hobbes, but perhaps you might want to read Plato instead?

In the end, I think it better that the use of “Philosophical Realism” be applied to this problem rather than the altruistic beliefs that have been espoused by Josh and Brian. I would also hasten to add that the cognitive dissonance, to use the turn of phrase used, of trying to contain or direct “Chaos” is just not plausible from any realistic standpoint and thus moot in my opinion. If you like a movie/book reference, lets go to one of my favorites “Jurassic Park”

Dr. Ian Malcolm: If there is one thing the history of evolution has taught us it’s that life will not be contained. Life breaks free, expands to new territories, and crashes through barriers, painfully, maybe even dangerously, but, ah, well, there it is.

What Ian is saying is very appropriate to this argument being made by the authors of “Building A Better Anonymous” In my case though, I would change life to “human nature” but, you get the point don’t you? Life is chaos and human nature is also a form of that as well. We are unpredictable animals and our actions, like those with Anonymous, are really quite unpredictable and not very controllable. Just look at what has happened since Anonymous came out, we had Lulzsec, Antisec, and now a host of others taking the model that Anonymous put out there unfinished, and have been wreaking havoc.. In the name of what really? Because they can?

No, this is a failure to launch in my opinion and Anonymous’ cat is out of the bag. The genie is out of the bottle and you cannot put it back in with a charter as the cork.

Sorry guys.

K.

Written by Krypt3ia

2012/04/18 at 15:47

TH3J35T3R: Don’t Dox The Man, Dox The Actions….

with 9 comments

Preamble:

Over the last few years, Jester has been out there making waves and headlines. I have been watching all of this with a jaundiced eye and think that its once again time I sit down and put my thoughts on paper, so to speak, about his antics. Recently, he had been pretty quiet until I posted another piece about him prompted by a SANS report on him and Asymmetric Warfare Approximately 2-3 days after this post, Jester suddenly released a tale about his QR code exploit and dumped a PGP file as alleged proof of his exploits worthiness.

To me this just smacked of a positive response to his negative press that I perhaps helped put out there with my post. It all just seemed a bit too coincidental to me that someone just came along and noticed his QR code, thus foiling his plan. He could have just said it was a lark.. Instead he released the “details” and suddenly he was in the press again as a hero or a novelty. So I had a sit down and a think about it all…

And this is the result.

Operational History:

Upon reflection I should probably call this section “Operational Hysteria” but meh, I will go with it this way. Since Jester showed up on the internet with his DDoS attacks I have been calling into question the “why” and not caring as much about the “who” As others went on (anonymous and others) to try and “dox” him it became apparent that it would not work because he had allegedly covered his tracks. I too attempted to look into who it may be and got pretty much nowhere and gave up as he was more an annoyance than anything else in my book.

But, back to the issue at hand. Jester’s operational history is much more interesting in that you hear a lot about his “exploits” but you really don’t hear about the effects that they bring about. As such, I would call you all to pay attention to the facts of what has happened thus far.

  • DDoS: He claims to have DDoS’d jihadi sites and Anonymous sites.
  • DOX-ing: He alleges that he dox’d Sabu
  • Tampering Exploits: He alleges that he uploaded a tainted LOIC version for the Anonytards to use and thus pwn themselves
  • QR Code Exploits: Lastly, he alleges that he created a QRC exploit kit using his Twitter account and pwnd a bunch of phones, downloading pertinent data on the “villains” that he had on a list

This post is being put forth to separate the wheat from the chaff on his stories and to demystify, hopefully, for some the myth versus the reality of just what has been going on. I do this because I think that all too many people are just buying into the stories by accepting “trust me, I did it” instead of real proof of actions and outcomes. Some will say that I just have it in for him after his “blue on blue” attacks on me, and yes, I will cop to that too, but, it’s become more of a debunking thing instead of as some have said “sour grapes” I say this because those who think that it’s all about sour grapes aren’t actually taking into account that there is any real proof of his exploits being effective or in fact really having happened (case in point the QRcode thing recently, we just have his story on a blog and an encrypted file that no one can decrypt as proof)

People should question things a bit more in today’s world of Anonymous, and cyber warfare. In this case, I not only question the motivations of the Jester, but also his modus operandi as well. There, to me, seems to be a pattern of talk about operations, press releases if you like, and then very little actual proof that anything has been really done nor any real net effects being captured to lend credence to his operations being effective.

Proof Of Operations:

So, on the proof side lets take a look at the op’s that he has alleged he has carried out and just what we can cobble together as to real outcomes:

  • DDoS: He did indeed DDoS sites offline for short periods of time. In the case of Jihadi’s as well as Anonymous targets, it did little to stop them from operating online. In the case of the Jihad, he had made claims that he was “driving them” into actions that he did not elaborate on. In the case of the jihad, I have been intimately involved in monitoring these sites and the players out there. In my estimation, he has done little at all other than annoy the jihadis. I have made this point many times in the past in fact. The online jihad is carried out on multitudinous sites that are mirrored and have quite a high availability factor to start.
  • DOX-ing: Jester alleges that he dox’d Sabu, which he does lay out the name and some other data but, this has been born out to be after the fact. Backtracesec were the first to put out the name as well as others inside the Anonymous collective who were unhappy with the way things were going. It was Backtrace though, who had the real background data and dossier that was quickly removed from the internet at the behest of the FBI. So, any claims to doxing Sabu are circumspect at best because the Backtrace release was pretty well know. I in fact wrote a post backing up their findings using Maltego on their data.
  • Tampering Exploits: Jester alleges that he uploaded a tainted LOIC version for the Anonytards to use and thus pwn themselves. This is hard to prove as there was no real release of data from compromised systems. As jester is “anonymous” he cannot lay out the data (he claims) so there is no way to verify that it is indeed code he created but, the code and the tainted files were available for download. So, it may or may not have been him doing all of this as well as there “may” have been some who downloaded it and used it. There is however, no proof that anyone did and in fact any data was used to make arrests of anyone using this version of LOIC. In fact, the release of the exploit on jester’s blog only really served jester as publicity. Operationally, it compromised the op… If there was indeed one.
  • QR Code Exploits: Jester alleges that he created a QRC exploit kit using his Twitter account and pwnd a bunch of phones, downloading pertinent data on the “villains” that he had on a list. This exploit, according to him, netted data of users who actually scanned the QR code on their smart phones and as an exploit is already being questioned by certain people (here and here) The questions concern the outdated nature of the exploit code that Jester is claiming to use as well as the operational issues over the use of netcat and other means he claims he did. According to some, these would in fact not work or could not work.

In the end the QR exploits effectiveness or even actually working on any phone, cannot be proven because once again, we just have Jester’s word that he obtained data. Jester did put out a PGP encrypted file that he claims is some of the data he harvested, but, as usual, no one has the key to open it. So, again, we have claims of operational work but no real proof of any kind of solid outcome from the operation. This means that again, we have to take him at his word and for me, that just doesn’t cut it.

All of these exploits or operations that Jester is laying claim to have little to no proof backing up their worth or their working and this is the crux of the matter. Not who he is.. But what has he really done.. And Why?

Motivations:

So, why would Jester be doing all of this? He would claim that he is just a patriot, a former SPECOPS guy, a man of action. Others might say that he is just a man on a mission with an active imagination. Yet others might wonder if he is a he at all, maybe he is a “they” and perhaps this is all a means to a larger end that is being supported by the military or the government. Personally, I am not too sure that any of these fit the bill. Perhaps it’s a melange of all of these and Jester was a military guy with some hacking skills who is being supported by the DoD as a means to get more people to elist.

Maybe he is just someone seeking attention for himself.

I know, some have said “But wait! He’s anonymous so how can it all be about seeking attention for himself?!” Uhh, yes Virginia, someone CAN in fact get and revel in attention even though “they” are not known by many for who they are so that argument falls quite flat. Out of the multiple choices here though, I lean more toward a single actor seeking attention, but, will fall back on the idea that this is a permissed operation with a wink and a nod to benefit the “Cyber Brigades” of the world. That this guy wraps himself in the flag every time and calls people Ma’am or Sir in IRC just bespeaks the whole patriot angle.

Now, that the operations have been either failures or not proven to have had any effect on their targets becomes immaterial to the outcome of garnering attention by the very nature of the “secret” nature of the program that jester is putting out there as fact. It’s a self fulfilling prophecy for those who wish to idolize him as well as perhaps “fear” his machinations. Though, I don’t see too many people being that afraid of him. Nope, this all boils down to “what has he really done” to show you the “why has he done it” Since there have been no real big wins proven by actual details, I think it’s more about gathering attention or creating a legend, a sort of Sorkh Razil of the internet if you will.

In the end, I cannot say with certitude why Jester is doing what he is doing. All I can say is that he has never been able to present definitive proof that he has really done anything at all.

Inside The Fact Impervious Bubble:

It is this central problem of not really proving having done anything other than some DDoS attacks on hapless jihobbyist sites that has me in awe of the media and public response out there to his antics. Inside the Impervious Fact Bubble or IFB ™ so many have just glommed on to him and his exploits as a rallying call. Someone’s gotta “git er done” and by golly Jester will! Even in the face of the stunning lack of real outcomes from his “operations” the mystique of the “Red Rascal” has played out for him well. There are many people who just eat it up and rally to Jester as if he were the single handed savior to them all on the internet.

So, with every exploit that Jester claims he has perpetrated, the masses who believe in him without critical thinking cheer him on and look up to him. His IRC chat room has been a well of wanna be’s and hangers on as well as a place for trolling but the majority of it seems to be the former and not the latter. Believers get to visit with their hero and the trolls (non believers or anonymous minions who hate him) all the while he puts out his rep that he is the lone soldier in a war on terror, be they Anonymous or Islamic Jihad. All of this though, never seems to include any of the critical thought surrounding proof of his exploits or any real outcomes from them.

Why is this? Are people just that in need of a hero? I have to wonder, but it would seem that this all grants Jester a lot of attention and love from his followers, attention that I believe he revels in.

Conclusions:

Overall, my conclusions are that Jester has never really proven his worthiness to be adulated or looked up to. His swagger and his chutzpa only bedazzle those not willing to do more looking than to his blog or his twitter on his exploits worthiness. If indeed Jester is the sole proprietor of this operation, he has a pretty perfect means to garner attention with minimal output other than some creative writing and claims of grand schemes. Because the operations and their outcomes are super secret, it is the perfect scam really. After all, how can you prove anything didn’t happen? It’s all secret you know.

On the other hand, if this is some sort of condoned or sanctioned operation, what ends would there be? My suspicion would be to generate a buzz around such actions so as to make something like the “cyber brigade” a real attractive thing to the masses of hacker wannabe’s out there. If they all want to be like Jester, then they will sign right up for the brigade. I however have yet to see a real hand in this game from the military side. Nor have I ever been given any proof that these operations have had any real palpable effects on the targets to move them in directions perhaps the military or the government might like.

Thus it leads me back to the first premise. Jester may just be a person or a small group of people with an agenda of their own. An agenda that include a media arm and attention from said media and the populace and not altruism or patriotism. If indeed he/they think that they are doing something greater, then he/they are deluding themselves. Unless Jester can prove to me that there has been substantial action resulting in arrests or breaking up of cells (jihadi or other) by direct response to his/their actions, I just feel that it’s self aggrandizement on a grand scale.

So, J, if you really are doing something.. Prove it and I will take all of this back and support you.

If not.. Then you know where I stand… As you have before.

K.

Written by Krypt3ia

2012/03/14 at 20:09

Sabu, The Latter Day Joey Pardella… Oh There Will Be Lulz!

with one comment

HACK THE PLANET!

So, it seems that irony is playing a sweet sweet role in the story of LulzSec and it’s titular leader Hector Xavier Monsegur (aka Sabu) As the press is now digging into his past and finding all the fidly bits about him, they happened to have turned up a big surprise for me. That surprise came in the form of the fact that Hector actually attended Stuyvesant High in NYC. Now some of you might say; “So what?” My response to that would be “That is the very same high school that they filmed the cult hacker hit “Hackers” back in 1995.

*smirk*

Yep, for all of you in the know, I can see the wheels turning now. He attended the school that no doubt he revisited on the DVD daily as he watched and took notes from that silly film. I mean, after all, look at LulzSec and the Anon movement’s sentiment as a whole, it kinda fits doesn’t it? I mean, c’mon, the guy thought he was Lord Nikon or maybe, dare he even consider it, Zer0 C00l!

Good lord.

Now, I cannot directly link al of this to his attending the school nor can I say that he did indeed have the film on DVD in his apartment at the time of the raid, but, it is rather coincidental that he self styles his whole campaign against Feds and had all of the rhetoric of a sophomoric school kid right? Heh, overall I just find it too ironic that he was a student there and graduated in 2001. A fact that only Weld Pond really tweeted about, the news seems to have lost this in the mix.

So, for me, instead of #FFF (Fuck FBI Fridays) I can see him at his console, in the spinning phone booth, yelling “HACK THE PLANET” with all his legions of hackers while popping sites for their credit card numbers. Credit cards that he needed to buy more car engines for his three cars. All of this I think just bespeaks the lack of comprehension on the greater part of Lulz and Anonymous when carrying out such attacks as a means to get back at the man.

This is life.. Not a movie.

So, Was The Garbage File Worth It?

Now that the records are being written about and documents unsealed, we are seeing just what happened inside the secret world of Sabu and Lulz. It turns out that the true believers were the ones doing much of the work and Sabu, was lining his pockets with proceeds from these and other hacks he had done over the years. So much for social change and inequality huh? So far stories have come out that he was a politically minded hacker (hactivist) as he says he was because of things like the bombing of Vieques island by the Navy (it was a range at the time) thus he has been painted as such. However, the real picture comes into focus now that we are seeing the stories about his living in the Jacob Riis housing project, not holding a job, and partying all the time.

Others, like Jeremy Hammond, seem to be the altruists of the bunch and really drank the Kool-Aide on this whole “fight the man” thing. Jeremy it seems had been in trouble before over such actions and in fact had a criminal history of hacking already. His ideals however were not about gain. He is the one who was donating money to all of the charities with Stratfor’s customer credit cards. Had it been Sabu, I think he would have ordered up some more car engines and perhaps other things for himself and his extended family.

I suspect that it was in fact Hammond who posted the Oncoming Insurrection document on the Stratfor site when he hacked it and this was his way of telegraphing exactly what his thoughts were on the status of society. It seems that Hammo is a troubled boy. Overall, this hack and the manifesto became the red herring for me, sure there was an undercurrent of this thought within the whole of the LulzSec group’s movement, but, the realities are turning out to be that some weak minded individuals were lead even further astray by a narcissist with a God complex *wink wink back to Hackers* Say, you suppose his password was God?

As to my titled question, I suspect that the garbage file was indeed not worth it. You see, as time passes the memories of Sabu being a great leader will die as will the names of Hammond and others who have been taken in. They will all languish in jail without the fanfare and shouts of “Free <insert name here> unlike those of the Mitnick years where Kevin was held without trial and pretty unjustly for the alleged crimes at the time. In these cases, they did the crimes, they knew full well they were crimes, and they made the mistake of trusting Sabu to be their leader in a war against.. Well.. Nothing.

They did it all for Sabu’s satisfaction really. Sure, they say they did it to strike a blow against the federal entities taking away our rights blah blah blah.. But the reality is that they all were lead to this by Sabu.

The guy with the three car engines, and string of identity theft cases against him.

Life Imitating Art?

Ok, so back to the “Hackers” thing. Am I the only one seeing this? I would also throw out there the idea that too many of these kids have watched “V For Vendetta” one too many times as well. All of them seem to be looking for some sort of banner or identity to fall under where these movements are concerned. In hackers we had the evil hacker and his pawns the stupid Feds jamming up the innocent hackers. The blaming of the hackers by the bad hacker (plague) and the Secret Service seem to be a theme here as well. Well, not so much the evil hacker angle but more the attitude that the Feds are just bad buffoon characters who need to be put in their place.

In the case of the V for Vendetta crowd, they believe that the collective governments of the world are just despotic regimes seeking to destroy anyone who dissents. Which, ok, lately there have been troubling things in the US government happening, but really, as yet, no one was being put into secret work farms and used as test patients for some super secret germ program now were they? At least not here in the states as far as I know, but sure it’s possible in some despotic regimes like in Syria etc. This however was not the way Sabu would have had you believe. He was full on in rhetoric that the man had to be stopped because they (the feds) were oppressors.

Over all though, I just cannot fathom that these guys all thought they could just poke the badger like this and not get caught. But then again, Sabu, as was written about in a recent article, when questioned about being AnonymouSabu, said “I don’t even have a computer” to the feds… The feds who were standing there looking over his shoulder at a cable modem blinking away as it transferred data!

Duh.

Perhaps these guys just didn’t get it? Hey kids, this isn’t a movie. When you guys are sent to jail you will be someone’s play thing. It’s more like Oz than it is Hackers kids.

Stupid Mistakes and A Complete Lack of OPSEC

Another thing that has been bugging me about the media coverage on Sabu’s take down and the roll up of the others is that they keep saying he was a “Hacking Genius” Holy WTF? Really? Obviously these people did not talk to the rest of the community because Sabu made some HUGE mistakes in his Operation Security (OPSEC) It is pretty much obvious as well because the Feds had his name in February, pre BacktraceSec’s posting the info on the web from a story in the NYT tonight, so, someone either turned right quick on him or they just followed the large breadcrumbs.

Sabu also made it easy to find out who he was by making other mistakes like logging into an IRC server with his own IP address. He must have been on the weed at the time or drunk, or maybe just distracted because he forgot the one golden rule of this game.  “Always use TOR” So, he logged in and voila he had given anyone the information needed to track him to his address. This meaning really that the Feds would have had an easy time of getting a warrant and getting his address. This would have been the nail in the coffin really as evidence goes tying him to the IRC and his being Sabu.

Another big mistake Sabu made was using his own address to have those car engines delivered to him. Who else would buy stuff with somone else’s credit cards and then have the stuff shipped to their home address? That is a complete N00B move! Joey Pardella would be proud Hector! Didn’t you learn anything from “Hackers” at all? You just don’t do that shit. As they said in the movie “Universally stupid man” No wonder you got caught and turned so quickly.

So, once again dear news media, Sabu was not a genius. He was in fact just like you and did not do his homework.

No CxO’s You Should NOT Relax

While I am on the media train, let me also say that the media should re-iterate that the Lulzy types are not all gone. Right after the roll up there were at least two hacks that have happened since. Both of the hacks were motivated by Anonymous and LulzSec motivations and should tell the world that they aren’t dead. So all of you C levels out there breathing a sigh of relief over this and thinking you are all good to go should back up a bit.

You aren’t safe.

Just because they rolled up these dimwits does not mean that there won’t be a bunch more of them in the wings waiting on a chance to make their mark. I think of course there will be a lul in the activities, but, they will start up again once they have re-grouped. Paranoia will be the fear du jour for now, but soon enough they will become brazen again and start attacking things once more. I should think that we will be lucky if this all waits until the summer when the kids are home from college though. See, that;s also when the trials will be starting as well.

Imagine it.. Kids with nothing better to do but hack away their summer vacations. Oh, there will likely be lulz again. They will just be without a leader.

In the interim, lets sit back and watch as more raids happen..

Lulz indeed.

K.

Written by Krypt3ia

2012/03/09 at 20:55

Posted in Anonymous, Lulz

Follow

Get every new post delivered to your Inbox.

Join 117 other followers