Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘AnonyTards’ Category

Sabu: The Anonymous Zeitgeist?

with 2 comments

 

Quinn Norton’s Wired Elegy for Anonymous and Sabu 

I saw the article come up in the RSS feed and thought “here we go again” and surely, we did go again, to that special place where fantasy meets maudlin memories of what once was… Well, for those that is who live in the fantasy world and not reality. The ode to Sabu and Anonymous that Quinn put down to digital ink was one of the larger steaming piles on the internet I had seen in some time, and trust me, I have seen some epic steaming piles of shit on the internet kids.

Aside from the obvious issues of some scattered ideas, I was taken aback by the article’s reverence for Anonymous and the feel that the writer, having been “embedded” for so long, has basically been overtaken by “Stockholm Syndrome” and believes the hype that Anon’s would like to have spun about their organization, collective, group… Ehh, whatever it is. Phrases like the following cued me in on her deep need for deprogramming:

In 2011, Anonymous figured out how to infiltrate anything, to mobilize not just machines but bodies.

Really? They are the new APT huh? They are an existential threat to the existence of society? What flavor was the kool aide you had Quinn? Must’a been strong strong stuff, or have you just gone all Patty Hearst on us all? Tell me, do you have a green army jacket and a copy of LOIC in your purse? I am sorry to report to you Wired, but, your reporter has gone over to the other side…  Suffice to say, that I have issues with this article and the following graphs will enlighten you as to why. First off though, lets cover the first couple of paragraphs of this epic story, the elegy for Sabu and his power…

Sabu, Hector Xavier Monsegur, International man of mystery, and master hacker, idol of the Anonymous hackerati, and petty criminal. A force to be reckoned with as the article makes out, but, also fails to point out that in an “anonymous and headless” org as they like to think of themselves, was in fact, not only a snitch but also a “SINGLE POINT OF FAILURE” as we say in the information security business. This is something that Quinn failed to comprehend or just negates due to the kool aide drinking (think lotus eaters) that seems to pervade the anonymous movement as well as the Occupy one that she later waxes poetic on down further in the article.

If indeed Sabu was so loved by anonymous, and approved of, then they have completely abdicated their core beliefs in operations and set themselves up for the fall that came with Sabu’s arrest and subsequent rolling over on everyone in the “movement” that have spawned all of the arrests we are now seeing come to trial (cleary et al.) So, neither Sabu, nor the Anon’s of Lulz/Antisec nor Anonymous as a whole were very bright about the operational details that later would bedevil them.

See kids, everyone makes mistakes and no one is immune to them. Sabu made them, you all made them, and in the end, several of your pals will be going to pound me in the ass prison.. and for what? I’m afraid none of is as smart as we like to think we are. Just so happens some of you are now finding this out.. The hard way…

Sabu was no hero.

Sabu was no digital hacker god.

Sabu was just a guy with troubles and a need to feel important, loved, idolized, and he wanted ATTENTION.

He had them all, and now has even more, from federal authorities.

His ID ate his Ego and it led him to absolute compromise of his life.

As Quinn would make out, he was the poster child for Anonymous, able to hack anything in a single bound! What Quinn fails to tell you is that a majority of the hacks were low hanging fruit and he was shooting fish in a barrel. You see, the skidz were out selecting targets not because of political importance, but instead they were just looking for the easy score. It’s far easier to claim a win and surround it with political and movement ideals than it is to go after true targets, work assets, and compromise with an end goal in mind.

Wake the fuck up Quinn…

Do-Ocracy or Erratic Primates With Computers?

Quinn goes on to wax poetic on how Anonymous has a “do-ocracy” which, uhh, what? Really, what the fuck does that really mean? You are trying to tell me that it’s a headless org without leaders and yet people come together and do things in a concerted way? Sure, yeah, that works for DDoS but what about all this hacking you are going on about as if it were fantastical and magic?

Tell me, how many disorganized personalities out there do you know of work as hackers? It takes focus, well, unless its the usual low hanging fruit target that Lulz approached that is. Granted though, the HB Gary thing, that was done well, they had a plan, they engineered people and that went off as a well oiled machine would. I applaud that one kids, really I do, not from what you did, but the way you did it. That was worthy, but, still, what is all this claptrap that Quinn is going on about now?

Do-ocracy, yeah, don’t buy that one either. Look, you cannot have an unstructured organization or even a collective. You liken yourselves to a stochastic system in one breath, then say you are a hive mind like bees the next. Lemme give you all a hint, bees and ants, they use signals from leaders to tell them what to do, where to go etc.

See kids, it’s a system they have ranks, they have functions, and they work towards a concerted goal using messages. Go on, go read about them and then come back once you have a grasp of it all… I’ll wait.

………..

Ok, back? Do you have a better grasp of this now? Now ponder this, you are all primates. SOCIAL primates by the way, you all work together by communicating AND you tend to have leaders. How does that work within the confines of what you think you know about stochastic systems like the one you claim to have?

Ya know, like the one that Sabu and you all created that was not so leaderless and is now pretty much out of commission?

Yeah…

It’s time you all took a look at sociology and psychology in regard to what you do and how you are doing it.

Herds and Flocks Both Have The Same Flaw.. Someone Takes The Lead

I have written about this before so I will not belabor it more here, I will simply point you HERE and have you read. Once you have, come back and finish out this article.

So, You’ve DDoS’d and You’ve DOX’d… I See Nothing’s Changed.. So Much For Zeitgeists 

So, Sabu was the zeitgeist of Anonymous according to Quinn. He and his pals hacked many places and caused quite the ruckus, but, what really came of all that action huh? Do we have anything to really speak to the vast and sweeping changes that their actions created?

Is our data safer now generally?

Have the cops been stopped from abusing power?

Has the government thought better about their power grabs both on the internet and off?

Has a more open and equitable system of governance been created from it all?

No, no, no, and no. Basically, all of Sabu’s and Anonymous’ actions to date have not made us better off at all really. Sure, you can make correlations that Anonymous has something to do with the Arab spring, but, just how much is a real problematic thing to quantify. Hell, even Quinn would not throw it up there definitively in her kool-aide haze (good for you!)

So, what’s this all about I wonder? Is this movement, which was born from /b/ and Lulz just the rabid collective Id or is it a movement? It would seem according to some, that the organization is maturing and that the majority want to do something about the encroaching government and corporate control over us all. I personally would love to see this happen, that the masses get organized and energized about making a difference in the years to come against the governments heavy hand.

Do I have real hope of this happening? Not really…

If Anonymous continues with the DDoS and Doxing that we have been seeing against targets of opportunity, we will have no substantive change, well, I should say no “positive” change. You see, if you keep doing what you have been ad nauseum, you will only serve to make the government tighten their grip on us collectively. Now one could argue that this will happen anyway, and frankly, I see in my minds eye Bluto making his famous “Germans bombing Pearl Harbor” speech at Delta house here, but couldn’t we do something more constructive?

In the end, just realize that all your machinations to date, have not raised the consciousness nor made real change. Here is where your analogy to bee’s comes back to bite you in the ass.. You have stung, now, lacking stinger, which you leave in the target, you go off and die. Ya know, like the famous Sabu and his rhetoric!

Oops.

So, How Different Are You From The Obama Administration, CIA, NSA, etc Post STUXNET and FLAME and CYBERWAR, Drones, etc?

Finally, I will leave you with these parting thoughts…

Ponder these ideas and questions;

  • How different are you from the governments that you say are being heavy handed when you DoS (no, its not a protest) those who you disagree with? Instead of say engaging in debate?
  • How different are you now from those you despise when you use the same hacking techniques to attack them? With cyberwar nakedly being used now, are you so different?
  • Remember, also with cyberwar, you are now a cleared target as well and may in fact become so because your actions are considered “warfare”
  • Remember one more thing, you guys don’t kill people.. The government is and will. Not to say that they will be coming after you with a drone firing a missile, but, generally these guys are much more serious about shit than you are.

I am not saying that you all should just lie down. That anonymous needs to go away. Far from it, I am saying you need to work smarter. If you don’t then I should expect more arrests and more insiders being the linchpins to those mass arrests being carried out.

Stop letting your Ids rule you and let the Ego drive a bit kids.

Oh, and Quinn, I can provide you a name of a good de-programmer if you like…

K.

Written by Krypt3ia

2012/06/27 at 09:36

Posted in .gov, Anonymous, AnonyTards

So Long and Thanks For All The Lulz…

leave a comment »

Anonymous Begets LulzSec, and LulzSec Begets AntiSec

Once upon a time, a group of pranksters decided to play games online and in the real world. They started it all for the “lulz” and lulz they did have, they poked some seriously tweaked individuals in the eye and thus a movement was born. Along they went pranking and lulzing until one day, a new group came along, and their lulz were a bit more dark in nature. This new faction was named LulzSec and they thought that lulz should be had at the expense of government and anyone they could mess with. The LulzSec crew soon began hacking anything they could get their hands on and posting all of their exploits on Twitter and Pastebin. With each passing hack and dump, they became more and more enamored with the attention… Until one day even the lulz of LulzSec just weren’t enough to sate their thirst for attention…

Thus AntiSec was born.

The AntiSec’s redoubled their efforts for poking “The Man” in the eye and became more and more manic in their attacks as well as their peculiar love of piratical language. Soon they were attacking anything and anyone *cough, low hanging fruit cough* that they saw as an enemy. For months they “sailed the digital seas” stealing and defacing their way into infamy. All the while though, they failed to understand that they all were about to be sent to Davey Jones Locker! For one of their ranks was in fact a spy…And so one day they all found themselves cuffed, stuffed, and on the hood of a car.

It was then, that they all realized the lulz ultimately were on them.

LulzSec and AntiSec: Not So Leaderless, Not So Headless

I seem to remember saying a few things in the past about how LulzSec, Antisec and Anonymous were really not so leaderless or headless. It turns out at least in the case (thus far) of Lulz/AntiSec that I was right. Of course this was not a stunning or blindingly hard observation to make. With Sabu being the mouthpiece and chats on IRC being available, one could easily see that there was a structure here. A pecking order and a chain of command was clear, but just who were the real names and faces behind the screen names and IP addresses? This was the missing piece of the puzzle to many, including the FBI and other LEA’s out there looking for them… Well for a little while that is as it turns out.

As Sabu and his pals got more and more brazen, they became increasingly more open to hubris’ effects and eventually this did them in.. With a little help from their leader “Sabu” aka Hector Xavier Monsegur, the group eventually found themselves under indictment for their crimes. I guess the big game of follow the leader was a bad idea after all for them and am sure tonight they regret it.. But this is the problem when you have an allegedly “leaderless” group out there committing crimes for the lulz of it all right?

Simon says stand up!

Simon says sit down!

Simon says hack the CIA!

Simon says YOU’RE BUSTED!

Sabu and Stupid Mistakes That Haunted Him

But seriously folks… It turns out that the “genius hackers”, led by “Sabu” weren’t so genius after all. Xavier’s data had been floating around the internet for some time and was brought to light by BacktraceSec in March of 2011. Data mind you, that Xavier had not counted on as being out there and able to point people to him as “Sabu” Xavier was sorely mistaken and the clincher, from the reports out now from the FBI, was that he logged onto Anonymous’ IRC with his real IP address.

It just takes once to be party van’d kids.

The data connections between his screen name, his real name, and other data around domains he owned etc, was circumstantial until he made the one mistake that was the smoking gun and led to his arrest it seems. Everyone makes mistakes, but Sabu made more than his share and now they are coming out in the news cycle for all the other kiddies to see. Of course, these were only some of the mistakes that he made. One of the biggest mistakes was to allow his ego to drive the bus here. Sabu it seems not only was a bit crazy, he was also a narcissist, and loved the attention being lavished on him by his followers. Ego like his and the successes he enjoyed while sticking it to the man made it all the easier for him to make some massive mistakes that eventually led to his own demise. You know, like buying three car engines using someone’s credit cards and having them shipped to his address or maybe trying to tell NYPD that he was in fact an FBI agent.

DOH!

It seems that his pathology was his undoing…

WTF Were They Thinking?

Overall, I personally just can’t seem to get into the heads of the Lulzy bunch. Perhaps its just that I am an old man, maybe its because my parents actually raised me and just didn’t sit me in front of a TV or a computer as a babysitter. Well for that matter maybe I was breast fed and they were not, who’s to know? Many times I have tried to put myself into their heads and see why there were doing it all and where they might go next all to no avail. I guess I finally resigned myself to the idea that they were just nihilists or anarchists, but mostly, I just thought that they were maladjusted teens and twenty somethings acting out.

It turns out though, that in the case of the pied piper “Sabu” it was all about the bling lifestyle of not working for a living and fleecing others to buy car engines and pay bills as well as self aggrandizement in the online world. Oddly enough, from what has been reported thus far, I believe that it was only Sabu who was on the take, the others certainly stole money, but, they did not do so for personal gain (maybe I’m wrong on that?)

So what were the others thinking? Were they striking a blow for the people or were they just in it for the lulz? Time will tell as the trials move forward I suppose. I guess also, each one of them must be re-assessing their decisions right about now…

Ideas, You Can’t Kill Them.. But They Can Be Like Neutron Bombs and Destroy Your Freedom

If anything, I think that this whole fiasco shows that ideas, may be killed as well as they may kill those who gravitate toward them. Anonymous as a whole seems to be more aligned with making a difference in the world of late. Some may have been fans or in fact players in the AntiSec and LulzSec games, but, generally they all should take heed of the events of the last 24 hours. AntiSec, Sabu, and all of the fallout will damage Anonymous like a neutron bomb, it won’t destroy the buildings but the radiation will kill everything around.

Some ideas are just bad.. And most of the bad ideas are cooked up by morons like Xavier Monsegur.. It turns out that the lulz ultimately are on you Sabu.

K.

Written by Krypt3ia

2012/03/07 at 03:40

AntiSec, Stratfor, Wikileaks, and Much Ado About Nothing

with 4 comments

The Compromise

Back in December Stratfor, a private “Intelligence” group was hacked by AntiSec. The hack to date, has yet to be really discussed as to the means to it’s accomplishment, but, I suspect that as usual, it was an SQLi attack if not some other low hanging fruit attack that allowed access into the Stratfor systems. Once inside, the kids had access to everything (allegedly) that Stratfor had. They proceeded to take what they wanted and then RM’d their servers/data/site. It was, for all intents and purposes to Stratfor, a nuclear detonation.

I say this not from the fact that they likely had no backups, and were scrambling to repair their online presence post the hack, but instead the fact that once the AntiSec kiddies dropped data, it became apparent that Stratfor had done nothing to protect its clients and employees data from being taken or, more to the point, had it been stolen, unable to be used with the use of encryption. Instead, it was clear that they had not encrypted anything that belonged to the clients, but also were keeping PCI (Payment Card Information) as well on their servers against the rules of PCI AND were also not encrypting them as well.

BOOM.

The AntiSec crew then set out to troll all those they felt needed attention (Such as Nick Selby, because he does work for the government) dropping all their data and credit numbers for anyone. They then proceeded to use those same cards to make donations to charities that they thought were a good idea to “stick it to da man”

Heh…

In the end though, they only really stuck it to the charities who had to face charge backs and incur fee’s for their trouble. This was not a win for anyone and even if AntiSec claimed then, as now to more “win” with Wikileaks dumping their email spool. The win here though, (dumping of the spool) for me, is to get a real insight (haha to use a Stratfor term) into how they (Stratfor) operated as a pseudo private intelligence firm. The outcome of all this reading for me? Pretty much what I thought of them before when I got their newsletters..

“Ho Hum”

The Leak

According to Wikileaks there are 5 million emails that they are in possession of. They have torrented them as well as placed them on their site for all to look at. The intonation of course by the ever increasingly paranoid and fanciful group, is that these guys were BAD! They were corporato-governmental-greedhead-evildoers. PROOF positive that they were a “shadow CIA” and that we are all far better off because AntiSec and Wikileaks teamed up to out their misdeeds.

I have perused many of the emails and files that they came with and am left with an even lower opinion of not only Stratfor, but also of Wikileaks and ANYONE who really bought into Stratfor as a company selling “Intelligence” as a service. The emails come off as exceedingly trite, unprofessional, and generally grammatically challenged. Of course you could make the case that many of them were typed out on Blackberries likely while sipping latte’s, so you can perhaps understand the internet speak/poor spelling.

Overall though, I am underwhelmed with the emails. They only show poor choices of language, poor choices of data collection and vetting, and a stunning amount of hubris on the part of the company in it’s dealings with foreign nationals. The one real question though, that it has left me with is this. Is this it? Does AntiSec or Wikileaks actually have finished analysis reports somewhere as well? I ask because the reports that I was privy to when I had access to Stratfor were, well, “meh” as well. I never once really felt like any of their subject reports were that great to be honest. I kept thinking that I could do just as good a job with a browser and Google hacks. So I never went any further to get anything else from them.. Well, that and the exorbitant price scheme they had really made me want to just do it myself.

So, Julian… Sabu? You got any real sugar for me? Do you have actual finished reports for say Dow or DUPONT or a government official that you can throw out there to show me and everyone what Stratfor was really doing (as you claim by these emails of bribes and source manipulation)

Do you have anything? Or are you just offering another half baked claim of conspiracy and then failing to deliver on it again? These emails are just truly unprofessional and to me bespeak just how poorly this org was going about cultivating assets and analyzing raw intelligence *cough* they were alleged to be getting from “sources”

So, let me sum up.. What you have put out there.. Doesn’t scream UBER SECRET PRIVATE CIA… It screams something more like “LOOK AT MEEEEE!”

Smell the desperation.

HUMINT, OSINT, and STRATFOR

Going through the emails I just kept saying to myself; “WTF? What? No real reports, just scuttlebutt from people and no real vetting of the data? Just gut hunches and who knows who and for how long? It was a morass of terrible conclusions, hints, and allegations that weren’t properly looked into by analysts by the way things looked from the emails alone. Like I said above, there may in fact be more as well as some of these may in fact not even have been put there by AntiSec to sweeten the conspiratorial pot. However, generally, it’s just amateur hour here and that is disturbing.

While the masses may be unaccustomed to the intelligence game, some of us out there know a little bit more about how it works. While the likes of Wikileaks rail about how they are all bad, using money and perhaps even sex to sway their sources, the reality is that this game has ALWAYS been played this way. Intelligence is a dirty business and crying about it in this way for me, is just naive on the part of WL and Anonymous. That said though, let me clarify for you all here and now, the data that was being collected via the emails dropped were not state secrets as a whole. In fact, this was much more TMZ than CIA.

This kind of information does have its place in real intelligence work, but, the idea of trying to make out that the things seen in this dump are at all akin to what the CIA really does is just laughable. As is the notion put out there by the emails that Stratfor thought they were “the shit” by paying assets that they could not really trust nor really had a good way of vetting. My question is just how many of those guys/girls took the money and just gave Stratfor a bill of goods? How many of these “sources” were actually just people making a buck and selling snake oil?

For that matter I half expected to see LIGATT listed as a source….

No, much more of what I was seeing in the emails was scuttlebutt or in fact OSINT of the lowest order. They were actually citing other news sources in their emails! Uhhh, yeah that is real INTEL there. Sure, today a lot of intel comes from the news because they are there and are quick to report it. Quicker than actual intelligence officers in the field, because, they are “in the field” and cannot just pick up a phone and call Langley. This stuff though, was just riddled with suppositions and half baked theories which I am now pretty sure, made it into finished reports… And that is sad.

Overall, my impressions from reading the emails and not seeing anything else bespeaks an organization that was hungry for money, willing to do what it took to give their clients “reports” and throw caution to the wind as to the veracity of their data. This is not an intelligence agency in any way and certainly should not be looked upon as any great threat.

Much Ado About Nothing

So, there you have it. It really is much ado about nothing. The emails show a certain callousness as well as a greedy disposition (8k for a background check/dossier on someone? Holy WTF indeed!) Generally, I would be more afraid that their data was faulty and full of half truths than real solid intel from sources that they have cultivated. In fact, I would go as far as to say someone like Jericho might want to check their stuff for plagiarism himself because I think they must have ripped off someone in the news somewhere along the way, but, that is just my theory.

This firm should be afraid now that it’s emails (if all theirs) show a company that is hamfisted in its approach to data collection and analysis as well as one that did not perform ANY due diligence for its customer’s sake. That last bit there is really really important as well. Any intelligence agency kids, would in fact perform the due diligence to protect their sources and their customers data. See, when real spies let stuff like that out or commingle it in email spools, people tend to die.

*Another point I meant to bring up earlier.. None of this stuff would appear all in one spool in a real intelligence operation*

This is all much ado about nothing and once again, the kids with Anonymous and Wikileaks have failed to understand the realities of the world that they now want to play in.

Intelligence.

Where Problems Do Come Up

Finally, I would like to enunciate the areas where I think there are large problems for Stratfor from this dump.

  1. Bad data and poor vetting of sources
  2. Bad OPSEC and Security Hygiene
  3. Lack of controls other than tags in emails for classifying data
  4. Lack of proper analysis of information collected
  5. An utter lack of equanimity in their analysis and collection

Lastly, this email covering the new capitol fund company that they started has me wondering. Would this not be insider trading using espionage? How is this not illegal? Really? You are going to start a new wing of business that is connected to your private intelligence firm that will profit from the collected intel you gather?

*shakes head*

I suspect that the senate may want to look into that..

Oh.. Wait.. Seeing as they too are also in the throws of some insider trading scandal as well, maybe they will just leave that alone eh Fred?

I guess the lessons learned from this whole event are; Never trust a scorpion on your back crossing a river… And don’t take wooden nickles from Julian Assange. though, I guess Fred really says it all in one quote from an email linked below:

Therefore while Stratfor is committed to intelligence collection, it does not intend to be slavishly committed to it.

There you have it.. Pretty much covers the matter huh? Where’s Gordon Gekko when you need him huh?

K.

 Fun reading from WL:

Sourcing Insights: http://wikileaks.org/gifiles/docs/97882_re-alpha-sourcing-insight-.html

EPIC QUOTE http://wikileaks.org/gifiles/docs/898587_draft-of-handbook-chapter-on-organization-.html

Written by Krypt3ia

2012/02/29 at 21:41

Just Don’t Be Naïve: Anonymous, Occupy, Cyber Terrorism, and Jingoistic Rhetoric

with 2 comments

Don’t Be Naïve…Or A Conspiracy Theorist

A post from rjacksix, a.k.a. Robin Jackson caught my attention on Infosec Island today and given my past history with him, and the subject of the post, I feel compelled to respond. The post: Don’t Be Naïve about Anonymous or the Occupy Movement” is full of logical fallacies that assume a lot about the organization as well as it’s followers that indeed beg the idea that there is a darker cabal at its heart. While there may be a few out there who might fit this description within Anonymous and Antisec, I doubt that the contention that there is larger cohesive operational command and control afoot is the case.

Frankly, the post comes off as full of dark conspiracies verging on the loopy-ness of New World Order that tag the main stream media as a part of this vast “conspiracy” against America.

*blink blink*

Really? Hey Jacky, what’cha been smokin? Dude you just moved into Detective Munch territory… And, you ain’t on TV mmmkay?

He starts off the post with the dark territory of conspiracy and then dismisses it as just a minor plot point,only  to go on and argue the malice against America that Anonymous has. Well then why mention the conspiracies at all Jack? You wanted to make a point there but you don’t want to back up the argument? C’mon man, give us more than links back to your own site for reference. How about some other kinds of say, oh.. Evidence? Stay on point dude.

I guess you just kinda want to gloss over that huh?

Anonymous vs. Antisec vs. Other Forces At Work (giving too much credit to Anonymous)

So, the post goes on to claim that Anonymous is a threat just as General Alexander (NSA) intones. Well, uhh Jack, Alexander did not say that Anonymous was a threat “now” in fact, if you read the comments, he said they may be in the future and that they “could” do something like attack portions of the grid.

Ayup.. Well, yeah sure.. They could. But then again, so could I and a couple of other guys I know, so what?

The fact of the matter is that Alexander was projecting a bit there wasn’t he? I too have seen the pastebins and talk about SCADA systems and yeah, I would be concerned that some of these morons might actually go out there looking for a grid or a water system PLC to fuck with. I am pretty sure they already have in fact, but I cannot prove it, can you Jacky? Got some real proof? I mean pr0f_srs did a bit of poking about, but he posted that stuff for the people to see.

Documented… Not hearsay on the IRC man. Show me screen shots or it didn’t happen.

The fact is, Alexander did not say they had already been in systems and that this was a problem NOW. He said in the future they could gather enough cohesion to do something. So, this is all quite speculative really but ok, let’s go with it, say certain factions of Anonymous want to do this for the Lulz, ok, they could do it now I think on the scale that the general was speaking of. What he was saying in the end is that there could be pockets of outages “if” someone like Anonymous monkeyed with systems. This could happen today with a single intruder as well as a group, whether or not they are Anonymous or nation state actors.

The net/net here is that the general is worried about Anonymous because of their actions thus far. Though, he failed to really make the point that thus far, Anonymous nor Antisec have done anything spectacular in hacking nor in damage to the country as a whole. They have managed to embarras a lot of people, cause some financial pain for some, and others have had lulz at their expense.

It’s not that I condone any of it.. But… Really? This begets a a substantial threat to the nation and needs the attention of NSA?

It’s not a problem for NSA on the face of it. It is the problem of the NSA underneath it all, which Jacky does not talk about. It’s the idea that Anonymous could be used for False Flag operations by other governments and or terrorist organizations across the globe. Something he did not mention at all but I wrote about Tuesday. By this I also mean that some Anon’s may actually play a part in the hacks, but, more than likely, it would be others hacking for said countries or terrorist organizations under the name of Anonymous.

There is a specific difference there and once again Jacky blows it all out of proportion. Does he infer that perhaps the core hackers that comprise Antisec/Anonymous are in fact the working at the behest of these other entities? No, I don’t see it in his post.. Do you? Nope, he just once again glosses over the fact that this could be the case, instead he claims that Anonymous and OWS have “malice towards the United States” (while draped in the flag) which to me is quite misleading and disingenuous.

Malice Against America!

Malice toward America.. Hahahaha wow. Doesn’t that just sound like an existential threat to the country huh? I bet general Alexander wishes he had said that! Look, yes, there are some now within the collective who likely hate the US. Yes, there are likely terrorist sympathizers if not outright members of certain terrorist groups in the mix as well. However, I would say that on the whole, Anonymous is comprised of witless stooges in their tender youth who have no clue what they are doing other than being counter culturally cool in their minds eye.

Once again Jacky is giving them too much credit on the whole. The use of vile language and humor that is tasteless as well does not mean that they are a threat to the nation. After all, /b/ has been around for a long time and, while they may be crass and base, they aren’t out raping and setting fire to their neighbors homes like “The Class of 1984” I just see the offensive nature once again being spun to mean that they are a “clear and present danger” which is pointless. One does not mean the other, you have to look at actions not just the words Jack.

Are there people within the collective who may in fact be a danger?

Sure.

Do they have that much control over the ADD masses that are “Anonymous”

No.

Once again Jack, you over dramatically play the rhetoric to make your case, a flawed one at that.

ZOMG THE GRID IS IN DANGER FROM ANONYMOUS!

As I have written and posted (with actual evidence and backup fact checking) Anonymous has in fact (factions of) dropped pastebins of alleged PLC/SCADA systems. When checked though, they turned out to be HVAC systems all over the country. The pastebins all touted that this was EPIC and bad. Well, not so much really from the perspective of any kind of “cyber” warfare or infrastructure protection standpoint. So, once again, any mention of this is aspirational to be sure, but, in practice turns out to really be just FUD generating material for the likes of Jack or the main stream media that he seems to think are in a cabal with Anonymous.

*shakes head*

What the NSA (via Alexander) was a little presumptive really and it sure made the headlines. Anonymous (someone claiming to be speaking for them) said that they had not considered this type of action and that this was all just a smear. Well, yes and no. I can see the concerns that NSA has but as I wrote Tuesday, I think it is from the perspective that anyone can claim the name Anonymous and do bad things now. Not just that the Anonymous core will mandate that the masses should attack the infrastructure. Frankly, I think many of the foot soldiers would probably say no to this in the end for fear of really being branded terrorists.

And that is what would happen. It would be an official mandate from the government should someone claiming to be Anonymous took out a city or a town by hacking its SCADA systems. Hell, I frankly think that with the rhetoric today about cyber warfare AND the insecurity/permeability of the Anonymous model, that someday this very thing will happen. It won’t be the end of the world as we know it, but, it will give the government the excuse to take liberties with laws and go after “Anonymous” with everything they have.

This is where I have the MOST problems with the likes of Jack and his rhetoric in these posts… It’s just verbal diarrhea without any real backing by facts other than “I know secret things”…

But that too will be talked about soon in another post.

Let’s REALLY Think About The Differences Between Nuisance Attacks vs. Warfare

Finally, lets look at the problem of what Anonymous has really done as opposed to real damage. Jack uses the term “kinetic” improperly in the top of his post. A kinetic attack would be in tandem with a digital attack. First off, I have not seen anything like this happen. In fact, OWS has very little to do with Anonymous. Anonymous came to their party after the fact really as a support mechanism. To date though, I cannot reccollect an actual attack in the digital realm where a physical one was carried out in tandem with OWS.

Fact is, OWS has just made lives difficult by “occupying” public spaces with their right to protest… You know, something in the Constitution? Yeah, remember that? It’s our right as citizens to protest and this is what they are doing. Do they have a real cogent agenda and plans to do it? Not so much as I have seen really, but they do give it the hippie college try.

In short.. OWS is not a problem.. If anything they are just another nuisance for law enforcement. They are not an existential threat to the USA Jacky.

So, once again we go back to Anonymous and the existential threat that Jacky would have you think they are. I say to you all, that ANYONE could be that threat. APT are that threat! Lone Wolf hackers out there with the right talents and access ARE that threat! In the current modality of thinking that Jacky and others have and this is the fundamental problem. I have also written and ranted about this in the past as well. I am sorry, but none of this adds up to the Die Hard movies in these people’s heads.

Richard (Dr. Cyberlove) Clarke

Gen Alexander (NSA)

Senator (Droopy Dawg) Lieberman

Senator Jay (Moneybags) Rockefeller

All of them think that the world is going to end because the grid will be attacked by the likes of Anonymous or China. Zombies will rise from the grave and flesh will  be eaten as the sun implodes!

Sorry, no, it won’t.

To really have an attack that merits all this hand wringing you would have to have considerable money, time, and effort. Never mind the access that one would need to innumerable systems that would have to be taken out in such a way that they would not come back because they ate themselves (think fire and explosions) and this is not Anonymous even if they made boasts that they could or would do it.

Nope, there might be nuisance blackouts and FUD would abound, but, it would not be the end of the world as we know it. Frankly, this has been around so long and we have had systems like these connected to the internet so long it begs the question “Why hasn’t this happened already?” Well Jacky? Why hasn’t it? Is it that the false flag operators just needed an excuse like Anonymous? Or was it that perhaps the contention that the effort to pull this off is so huge that no one wanted to invest the time?

I vote on the latter.. AND if someone wanted to do this, then they have been planning and working on it for a LONG LONG time now. They have just been waiting for the day when all of their troops are ready to swoop in and take over like “Red Dawn”

Yeah, I went there…

In the end Jacky, I put it to you that you are confabulating a lot here. I think you might be better served by getting a sandwich board with “The End Is Nigh!” on it and raving at the passers by.

K.

Written by Krypt3ia

2012/02/23 at 21:35

#OpCARTEL: Hubris & Blood

with 10 comments

 

HUBRIS:

Yesterday I wrote about how I had thought it was rather ill concieved of Anonymous to attempt to mess with an organization like the Zetas. Last night I hear that Barrett Brown, ersatz former spokesperson has decided to get back into the action with this particular Op. A tweet from his acct had a link to the following pastebin:

  1. The Anon who had been kidnapped last month by the Zetas has been released, although it appears that the Zetas concerned did not know that the individual was the Anon whose release had been demanded by those who instigated #OpCartel. As such, no bargain has been fulfilled. Meanwhile, those who have been in possession of the e-mails have promised to provide them to me alone, which is to say that everything that proceeds from now on is my own work, and not that of Anonymous. Any reprisals against anyone other than myself, then, will have no effect.
  2. As I’ve told several journalists today, I will be proceeding carefully and with the assistance of several parties who are equipped to assess the contents of these e-mails and particularly those portions dealing with Zeta collaborators. I’ll announce the next step in a few days.
  3. Finally, much of the reaction that this affair has received, particularly the dozens of often malicious predictions of my upcoming murder by the Zetas, is among the most degenerate displays I have yet seen. The idea that I should refrain from assisting in the naming of probable criminals operating in a foreign country without a working judicial system lest I be murdered is a cowardly sentiment. No individual living in the free world should refrain from working to fight injustice simply because there is a possibility of retaliation. Less important, but equally inane, have been the hundreds of comments and even media reports in which I am described as “foolish” for taking a risk in the course of something I believe in. Those objections dealing with possible repercussions to innocent third parties are reasonable, and I have made an effort to address those; those objections to the effect that an American ought not assist his fellows who have themselves risked their lives for this cause is informed only by a sick culture that is destined for destruction and replacement. If, by some chance, I am indeed killed by the Zetas, I will at least not have to contend ever again with the irritating and, frankly, faggy outpourings of a population that has proven itself incompetent to rule the empire that has been provided to it on the backs of others. Amrite?

Barrett, all I have to say is this…

“Way to go moron! What the fuck are you thinking? Are you that vainglorious or are you just mentally challenged?”

Let me break this down for you all once again.

  1. Any data you have will serve no purpose. The cartel owns the government there.
  2. The US may be interested in the data only in that they want to see who reacts. They already know this information in all likelihood
  3. The release of the hostage… You ever consider that it was not an appeasement? That they are using this person or persons to get to others within the Mexican Anon org?
  4. All your bravado will leave you once you find an MS13 gangbanger over you with their pistol against your head.
  5. You will not be a hero or a martyr.. You will have been just stupid.
How many people have taken up the fight directly, not covertly, in Mexico against the cartels (LAW ENFORCEMENT) and died?  Take a look and you will see that this group has no compunction in killing anyone anywhere. So, you have more solidly just painted the crosshairs on your head with your little pastebin.
…And, you likely will not be alone…
Nice going you tactical fuckwit.

BLOOD:

Let me once again talk about Pablo Escobar it took some serious special operators from the US to go down to Columbia and hunt him down. Not geeks behind computers with little bits of data, no, it took guys with guns who were battle seasoned to get Pablo, and he was just as fucknuts as these guys in Zeta. The difference here? The Zetas core 30 members are TRAINED SPECOPS! WE TRAINED THEM IN THE US!! They are deserters from the Mexican Special Forces!!!

And look at you.. all puffed up and thinking with your gun…

AND you do it so publicly like they are going to be afraid to whack you?

Ugh.

I tried telling you all that if you wanted to do this shit, you had better be smart about it and completely protected with SECOP’s protocols and you go and hang it all out there?

Patently stupid.

So, now its all on you Barrett. You and your council of  core anon’s you speak of. I just hope that when they do get you (Zeta, MS13 etc) that you really don’t know who the others are in real life.. Because I am sure you will give them up before they whack you.

Stupid.

K.

Written by Krypt3ia

2011/11/04 at 12:02

OPERATION SATIAGHARA: Anonymous Conspiracies That Don’t Materialize

with 3 comments

Recently, Anonymous dumped another data package on the torrents touting that it was the real dirt on Brazil’s government AND the CIA/Kroll. After a few days, Anonops IRC twitter account lamented that no one was paying attention to the data (sic the press) Of course Anon really wasn’t taking into account the number of documents as well as the need for many to translate them and THEN have some context analysis carried out.

So, once I heard the whining, I decided to download the dump myself and then go through it all. Mind you, I do not speak Portuguese, I speak Spanish, but, I could translate some myself and then pop the rest into the Google translate. In going through the dox, I also found that some were also in Italian, which I could read as well (passingly) So, it was time consuming but in the end my judgement is that once again, Anonymous has missed the mark on having the real dirt. There is nothing within the documents that directly state any CIA or government involvement on the part of the US. Sure, there were companies from the US involved, but, this was all about buying into a telco and other resources/financing deals in Brazil that happened to be set up and run by corrupt Brazilian officials.

Kids.. There is no smoking gun. This is a case that is fairly well known so it was already in the public eye… In 2008 that is.

Operation Satiaghara

Quite the contrary as I saw from the dox. In one document it is flatly stated that there is a theory of involvement but no proof of Kroll in anything other than writing a report that was used by the officials involved. (see pg 25 of 682.doc) So where do you Anon’s get this idea that there is this huge conspiracy? Frankly, I am surprised that the press has any interest at all in your documents (other than perhaps the Brazilians) because sure, there were some people not captured and prosecuted within the Brazilian government that should have been. The story here is more about the corruption rife within the Brazilian as opposed to any great international conspiracy. This would have been apparent to you had you done analysis and contextual assessment of the drop.

Data dumps without context have no real intelligence worth. While this stuff is interesting, it’s certainly not earth shattering. What’s worse is that it makes you all look more and more like the boy who cried wolf than the Deep Throat. This is why I keep harping on analysis Anonymous. If you go around just hitting sites and downloading data from external facing sources and you do not vet the data, then what you do put out there means nothing. Just as well as I can see from your tweets from the AnonymousIRC account, that you are just now translating the dox. It would have been much more useful had you translated them before hand and rar’d them all up for everyone to start with. You want attention from the mass media? Then the mass media has to be able to read the documents as well as hopefully have a primer as to what they all mean in context.

What these docs do show though is an insiders view into surveillance carried out at the level of actual reports from the specialists. This is rather nifty and for this I give you the +1 Otherwise, I give it all a ho hum and feel that you are seeing shadows where there are none.

So please, once again I’m giving you the hints;

  1. Vet the documents
  2. Analyse the documents and put some context around them to show their importance
  3. Translate them if need be so the media can read them readily
  4. Stop just dumping reams of useless data on the public because if you keep doing that they will ignore you

Ancillary Data Found:

  • There are numerous .wav files that I have yet to listen to. I assume they are wiretaps and will need translation as well as transcription.
  • There are many mpg and avi files from differing cameras (surveillance video) but is mostly meaningless unless one is read in on who these people are
  • There are numerous jpg files as well that are not very useful

Forensics Data on Files:

I ran some foca scans on the dox and have some interesting background on them. They do in fact come from the sources alleged so at least that backstops to a point that they are in fact real dox from the Brazilian police services.

  • They were using iphones to perform covert photo surveillance
  • They use primarily windows machines
  • You can see their internal/external networks via the metadata found within the pdf files

K.

Written by Krypt3ia

2011/08/12 at 18:56

DEFCON PANEL: Whoever Fights Monsters: Confronting Aaron Barr, Anonymous, and Ourselves Round Up

with 2 comments

A week before this year’s DEFCON, I got a message that I was being considered to replace Aaron in the the “Confronting Aaron Barr” panel discussion. It was kind of a surprise in some ways, but seemed like a natural choice given my tet-e-tet with Anonymous, LulzSec, and even Mr. Barr. After coming to BlackHat and seeing the keynote from Cofer Black, it became apparent that this year, all of these conferences were about to see a change in the politics of the times with reference to the hacking/security community and the world of espionage and terrorism. Two things that I have been writing about for some time and actually seeing take place on the internet for more than a few years with APT attacks on Defense Base contractors and within Jihadist propaganda wars.

“This is a very delicate window into our future,” he told the hackers. “Cold war, global war on terrorism and now you have the code war — which is your war.”

Going into the planning for the panel discussion, I was informed that I was hoped to be the stand in for Aaron in that I too see the world as very grey. Many of my posts on the Lulz and Anonymous as well as the state of affairs online have been from the grey perspective. The fact is, the world is grey. There is no black and white. We all have varying shades of grey within our personalities and our actions are dictated by the levels to which our moral compasses allow. I would suggest that the example best and most used is that of torture. Torture, may or may not actually gain the torturer real intelligence data and it has been the flavor of the day since 9/11 and the advent of Jack Bauer on “24” face it, we all watched the show and we all did a fist pump when Jack tortured the key info out of the bad guy to save the day. The realities of the issue are much more grey (complex) and involve many motivations as well as emotions. The question always comes down to this though;

If you had a terrorist before you who planted a dirty nuke in your city, would you ask him nicely for the data? Give him a cookie and try to bond with him to get the information?

Or, would you start using sharp implements to get him to talk in a more expedient fashion?

We all know in our darkest hearts that had we families and friends in that city we would most likely let things get bloody. Having once decided this, we would have to rationalize for ourselves what we are doing and the mental calculus would have to be played out in the equation of “The good of the one over the good of the many” If you are a person who could not perform the acts of torture, then you would have to alternatively resolve yourself to the fates as you forever on will likely be saying “I could have done something” Just as well, if you do torture the terrorist and you get nothing, you will also likely be saying “What more could I have done? I failed them all” should the bomb go off and mass casualties ensue.

I see both options as viable, but it depends on the person and their willingness to either be black and white or grey.

Within the security community, we now face a paradigm shift that has been coming for some time, but only recently has exploded onto the collective conscious. We are the new front line on the 5th battlespace. Terrorists, Spies, Nation States, Individuals, Corporations, and now ‘collectives’ are all now waging war online. This Black Hat and Defcon have played out in the shadow of Stuxnet, a worm that showed the potential for cyber warfare to break into the real world and cause kinetic attacks with large repurcussions physically and politically. Cofer Black made direct mention of this and there were two specific talks on SCADA (one being on the SYSTEM7’s that Iran’s attack was predicated on) so we all ‘know’ that this is a new and important change. It used to be all about the data, now its all about the data AND the potential for catastrophic consequences if the grid, or a gas pipeline are blown up or taken down.

We all will have choices to make and trials to overcome… Cofer was right.

“May you live in interesting times” the Chinese say…

Then we have the likes of Anonymous, Wikileaks, and the infamous ‘LulzSec’ Called a ‘Collective’ by themselves and others, it is alleged to be a loose afiliation of individuals seeking to effect change (or maybe just sew chaos) through online shenannigans. Theirs and now their love child ‘LulzSec’ ideas on moral codes and ethics really strike me more in line with what “The Plague” said in “Hackers” than anything else;

“The Plague: You wanted to know who I am, Zero Cool? Well, let me explain the New World Order. Governments and corporations need people like you and me. We are Samurai… the Keyboard Cowboys… and all those other people who have no idea what’s going on are the cattle… Moooo.”

Frankly, the more I hear out of Anonymous’ mouthpieces as well as Lulzs’ I think they just all got together one night after drinking heavily, taking E, and watching “Hackers” over and over and over again and I feel like Curtis exclaiming the following;

Curtis: If it isn’t Leopard Boy and the Decepticons.”

So, imagine my surprise to be involved in the panel and playing the grey hat so to speak. The panel went well and the Anon’s kept mostly quiet until the question and answer after, but once they got their mouths open it was a deluge. For those of you who did not see the panel discussion you can find the reporting below. My take on things though boils down to the following bulletized points:

  1. Anons and Lulz need to get better game on if they indeed do believe in making change happen. No more BS quick hits on low hanging fruit.
  2. Targets need recon and intelligence gathered has to be vetted before dumping
  3. Your structure (no matter how many times you cry you don’t have one) can be broken so take care in carrying out your actions and SECOPS
  4. Insiders have the best data… Maybe you should be more like Wikileaks or maybe an arm of them.
  5. Don’t be dicks! Dumping data that can get people killed (i.e. police) serves no purpose. Even Julian finally saw through is own ego enough on that one
  6. If you keep going the way you have been, you will see more arrests and more knee jerk reactions from the governments making all our lives more difficult
  7. Grow up
  8. The governments are going to be using the full weight of the law as well as their intelligence infrastructure to get you. Aaron was just one guy making assertions that he may or may not have been able to follow through on. The ideas are sound, the implementation was flawed. Pay attention.
  9. If you don’t do your homework and you FUBAR something and it all goes kinetically sideways, you are in some deep shit.
  10. You can now be blamed as well as used by state run entities for their own ends… Expect it. I believe it has already happened to you and no matter how many times you claim you didn’t do something it won’t matter any more. See, all that alleged security you have in anonymous-ness cuts both ways…
  11. Failure to pay attention will only result in fail.

There you have it, the short and sweet. I am sure there are a majority of you anonytards out there who might not comprehend what I am saying or care.. But, don’t cry later on when you are being oppressed because I warned you.

K.

http://www.darkreading.com/security/attacks-breaches/231300360/building-a-better-anonymous.html

http://www.pcworld.idg.com.au/article/396320/three_tips_better_anonymous

http://www.wired.com/threatlevel/2011/08/defcon-anonymous-panel/

http://venturebeat.com/2011/08/06/defcon-panel-anonymous-is-here-lulzsec-is-here-theyre-everywhere/