Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘AntiSec’ Category

Building A Better Anonymous: Separating The Philosophical From The Practical

with one comment

So, here’s my thing…

Ok, so here’s my thing.. This notion of building a “better” anonymous is right up front, doomed to failure. As notions go it is a very altruistic one that I think Brian and Josh have thought about quite a bit, but, like many who get wrapped up in the grey areas of philosophy and semantics, they too got lost in the woods and could not see the forest for the trees in the end. Evidently Source Boston had them keynote the show with their talk on making a better, more accountable, and false flag “mostly” free Anonymous that stems from their series of “Building a Better Anonymous“, a series that I actually helped with a bit in the background (shhh don’t tell anyone.. oops) 

The case that they make is an interesting one but from my point of view fails to deal with the concept of human nature that will inevitably be the downfall of any such association, group, collective, or whatever else you would like to call it. Human nature, (i.e. the problem between the chair and the keyboard) will always win out because, you guessed it, we are “human” and we have foibles, wants, desires, and of course and ego. These things all make us do things that are counter to the best laid plans of mice and men (aka a charter of standards and behaviors) and will, in the end, cause some to draw outside the lines of acceptable practice.

This means bad actions from bad actors within the fold.. Or, as in the case of the flawed idea of “Anonymous” as an action, will allow for bad actors to take up the nome de plume of “Anonymous” and do things counter to their ideals but still leave the stench and onus on them as the Judas goat. Boiling it down to a simplistic statement for me kinda encapsulates the whole issue of “Anonymous” which means “unknown” by and of its premise, cannot at any time ever, be considered a movement/group/collective etc that will never be used as the scapegoat for bad actors. Nor will it ever mean that bad actors will never get into the fold and destroy things (like a reputation) from within.

And here’s the statement: “One cannot be Anonymous and expect to change the system for the better. If you have a problem with the system (see above poster) then you must be a known quantity”

Josh and Brian speak of charters and standards of action, but there can never truly be accountability as long as those who claim to be advocating those standards hide behind anonymity. When you are anonymous, you lack accountability and thus, the ego and other human natures allow you to do whatever you like. Speaking of human nature, let me direct you to some movie references that they make and where the human nature portion has been stripped from the argument.

The hitman/cleaner in “Léon: The Professional” had a rule; “No women. No kids.”    (Leon follows this so good on them)

In Fight Club: “The 1st rule of Fight Club is, do not talk about Fight Club”.   (Fight club spreads because people cannot shut up)

In The Transporter, “Rule #3: Never open the package.”  (You guessed it.. HE OPENED THE PACKAGE!)

So, out of three examples there, one was ok. But you are seeing my drift there are you not? Human nature will be the downfall of all the grand plans and schemes we have. It’s our nature to do things in our own self interest more than follow guides or charters. If that were not the case, we would not have crime and prisons right? This is an all too convoluted space to be working in and assume that by laying down some “law” (charter) that everyone will follow it AND that the inevitable others who do not, will not affect the whole by their actions. Add to this the notion of something like Anonymous, who’s actions claim to be anything from lulz to moral actions, and you have a great swath of FAIL that will happen.

It’s all well and good to quote Hobbes, but perhaps you might want to read Plato instead?

In the end, I think it better that the use of “Philosophical Realism” be applied to this problem rather than the altruistic beliefs that have been espoused by Josh and Brian. I would also hasten to add that the cognitive dissonance, to use the turn of phrase used, of trying to contain or direct “Chaos” is just not plausible from any realistic standpoint and thus moot in my opinion. If you like a movie/book reference, lets go to one of my favorites “Jurassic Park”

Dr. Ian Malcolm: If there is one thing the history of evolution has taught us it’s that life will not be contained. Life breaks free, expands to new territories, and crashes through barriers, painfully, maybe even dangerously, but, ah, well, there it is.

What Ian is saying is very appropriate to this argument being made by the authors of “Building A Better Anonymous” In my case though, I would change life to “human nature” but, you get the point don’t you? Life is chaos and human nature is also a form of that as well. We are unpredictable animals and our actions, like those with Anonymous, are really quite unpredictable and not very controllable. Just look at what has happened since Anonymous came out, we had Lulzsec, Antisec, and now a host of others taking the model that Anonymous put out there unfinished, and have been wreaking havoc.. In the name of what really? Because they can?

No, this is a failure to launch in my opinion and Anonymous’ cat is out of the bag. The genie is out of the bottle and you cannot put it back in with a charter as the cork.

Sorry guys.

K.

Written by Krypt3ia

2012/04/18 at 15:47

So Long and Thanks For All The Lulz…

leave a comment »

Anonymous Begets LulzSec, and LulzSec Begets AntiSec

Once upon a time, a group of pranksters decided to play games online and in the real world. They started it all for the “lulz” and lulz they did have, they poked some seriously tweaked individuals in the eye and thus a movement was born. Along they went pranking and lulzing until one day, a new group came along, and their lulz were a bit more dark in nature. This new faction was named LulzSec and they thought that lulz should be had at the expense of government and anyone they could mess with. The LulzSec crew soon began hacking anything they could get their hands on and posting all of their exploits on Twitter and Pastebin. With each passing hack and dump, they became more and more enamored with the attention… Until one day even the lulz of LulzSec just weren’t enough to sate their thirst for attention…

Thus AntiSec was born.

The AntiSec’s redoubled their efforts for poking “The Man” in the eye and became more and more manic in their attacks as well as their peculiar love of piratical language. Soon they were attacking anything and anyone *cough, low hanging fruit cough* that they saw as an enemy. For months they “sailed the digital seas” stealing and defacing their way into infamy. All the while though, they failed to understand that they all were about to be sent to Davey Jones Locker! For one of their ranks was in fact a spy…And so one day they all found themselves cuffed, stuffed, and on the hood of a car.

It was then, that they all realized the lulz ultimately were on them.

LulzSec and AntiSec: Not So Leaderless, Not So Headless

I seem to remember saying a few things in the past about how LulzSec, Antisec and Anonymous were really not so leaderless or headless. It turns out at least in the case (thus far) of Lulz/AntiSec that I was right. Of course this was not a stunning or blindingly hard observation to make. With Sabu being the mouthpiece and chats on IRC being available, one could easily see that there was a structure here. A pecking order and a chain of command was clear, but just who were the real names and faces behind the screen names and IP addresses? This was the missing piece of the puzzle to many, including the FBI and other LEA’s out there looking for them… Well for a little while that is as it turns out.

As Sabu and his pals got more and more brazen, they became increasingly more open to hubris’ effects and eventually this did them in.. With a little help from their leader “Sabu” aka Hector Xavier Monsegur, the group eventually found themselves under indictment for their crimes. I guess the big game of follow the leader was a bad idea after all for them and am sure tonight they regret it.. But this is the problem when you have an allegedly “leaderless” group out there committing crimes for the lulz of it all right?

Simon says stand up!

Simon says sit down!

Simon says hack the CIA!

Simon says YOU’RE BUSTED!

Sabu and Stupid Mistakes That Haunted Him

But seriously folks… It turns out that the “genius hackers”, led by “Sabu” weren’t so genius after all. Xavier’s data had been floating around the internet for some time and was brought to light by BacktraceSec in March of 2011. Data mind you, that Xavier had not counted on as being out there and able to point people to him as “Sabu” Xavier was sorely mistaken and the clincher, from the reports out now from the FBI, was that he logged onto Anonymous’ IRC with his real IP address.

It just takes once to be party van’d kids.

The data connections between his screen name, his real name, and other data around domains he owned etc, was circumstantial until he made the one mistake that was the smoking gun and led to his arrest it seems. Everyone makes mistakes, but Sabu made more than his share and now they are coming out in the news cycle for all the other kiddies to see. Of course, these were only some of the mistakes that he made. One of the biggest mistakes was to allow his ego to drive the bus here. Sabu it seems not only was a bit crazy, he was also a narcissist, and loved the attention being lavished on him by his followers. Ego like his and the successes he enjoyed while sticking it to the man made it all the easier for him to make some massive mistakes that eventually led to his own demise. You know, like buying three car engines using someone’s credit cards and having them shipped to his address or maybe trying to tell NYPD that he was in fact an FBI agent.

DOH!

It seems that his pathology was his undoing…

WTF Were They Thinking?

Overall, I personally just can’t seem to get into the heads of the Lulzy bunch. Perhaps its just that I am an old man, maybe its because my parents actually raised me and just didn’t sit me in front of a TV or a computer as a babysitter. Well for that matter maybe I was breast fed and they were not, who’s to know? Many times I have tried to put myself into their heads and see why there were doing it all and where they might go next all to no avail. I guess I finally resigned myself to the idea that they were just nihilists or anarchists, but mostly, I just thought that they were maladjusted teens and twenty somethings acting out.

It turns out though, that in the case of the pied piper “Sabu” it was all about the bling lifestyle of not working for a living and fleecing others to buy car engines and pay bills as well as self aggrandizement in the online world. Oddly enough, from what has been reported thus far, I believe that it was only Sabu who was on the take, the others certainly stole money, but, they did not do so for personal gain (maybe I’m wrong on that?)

So what were the others thinking? Were they striking a blow for the people or were they just in it for the lulz? Time will tell as the trials move forward I suppose. I guess also, each one of them must be re-assessing their decisions right about now…

Ideas, You Can’t Kill Them.. But They Can Be Like Neutron Bombs and Destroy Your Freedom

If anything, I think that this whole fiasco shows that ideas, may be killed as well as they may kill those who gravitate toward them. Anonymous as a whole seems to be more aligned with making a difference in the world of late. Some may have been fans or in fact players in the AntiSec and LulzSec games, but, generally they all should take heed of the events of the last 24 hours. AntiSec, Sabu, and all of the fallout will damage Anonymous like a neutron bomb, it won’t destroy the buildings but the radiation will kill everything around.

Some ideas are just bad.. And most of the bad ideas are cooked up by morons like Xavier Monsegur.. It turns out that the lulz ultimately are on you Sabu.

K.

Written by Krypt3ia

2012/03/07 at 03:40

AntiSec, Stratfor, Wikileaks, and Much Ado About Nothing

with 4 comments

The Compromise

Back in December Stratfor, a private “Intelligence” group was hacked by AntiSec. The hack to date, has yet to be really discussed as to the means to it’s accomplishment, but, I suspect that as usual, it was an SQLi attack if not some other low hanging fruit attack that allowed access into the Stratfor systems. Once inside, the kids had access to everything (allegedly) that Stratfor had. They proceeded to take what they wanted and then RM’d their servers/data/site. It was, for all intents and purposes to Stratfor, a nuclear detonation.

I say this not from the fact that they likely had no backups, and were scrambling to repair their online presence post the hack, but instead the fact that once the AntiSec kiddies dropped data, it became apparent that Stratfor had done nothing to protect its clients and employees data from being taken or, more to the point, had it been stolen, unable to be used with the use of encryption. Instead, it was clear that they had not encrypted anything that belonged to the clients, but also were keeping PCI (Payment Card Information) as well on their servers against the rules of PCI AND were also not encrypting them as well.

BOOM.

The AntiSec crew then set out to troll all those they felt needed attention (Such as Nick Selby, because he does work for the government) dropping all their data and credit numbers for anyone. They then proceeded to use those same cards to make donations to charities that they thought were a good idea to “stick it to da man”

Heh…

In the end though, they only really stuck it to the charities who had to face charge backs and incur fee’s for their trouble. This was not a win for anyone and even if AntiSec claimed then, as now to more “win” with Wikileaks dumping their email spool. The win here though, (dumping of the spool) for me, is to get a real insight (haha to use a Stratfor term) into how they (Stratfor) operated as a pseudo private intelligence firm. The outcome of all this reading for me? Pretty much what I thought of them before when I got their newsletters..

“Ho Hum”

The Leak

According to Wikileaks there are 5 million emails that they are in possession of. They have torrented them as well as placed them on their site for all to look at. The intonation of course by the ever increasingly paranoid and fanciful group, is that these guys were BAD! They were corporato-governmental-greedhead-evildoers. PROOF positive that they were a “shadow CIA” and that we are all far better off because AntiSec and Wikileaks teamed up to out their misdeeds.

I have perused many of the emails and files that they came with and am left with an even lower opinion of not only Stratfor, but also of Wikileaks and ANYONE who really bought into Stratfor as a company selling “Intelligence” as a service. The emails come off as exceedingly trite, unprofessional, and generally grammatically challenged. Of course you could make the case that many of them were typed out on Blackberries likely while sipping latte’s, so you can perhaps understand the internet speak/poor spelling.

Overall though, I am underwhelmed with the emails. They only show poor choices of language, poor choices of data collection and vetting, and a stunning amount of hubris on the part of the company in it’s dealings with foreign nationals. The one real question though, that it has left me with is this. Is this it? Does AntiSec or Wikileaks actually have finished analysis reports somewhere as well? I ask because the reports that I was privy to when I had access to Stratfor were, well, “meh” as well. I never once really felt like any of their subject reports were that great to be honest. I kept thinking that I could do just as good a job with a browser and Google hacks. So I never went any further to get anything else from them.. Well, that and the exorbitant price scheme they had really made me want to just do it myself.

So, Julian… Sabu? You got any real sugar for me? Do you have actual finished reports for say Dow or DUPONT or a government official that you can throw out there to show me and everyone what Stratfor was really doing (as you claim by these emails of bribes and source manipulation)

Do you have anything? Or are you just offering another half baked claim of conspiracy and then failing to deliver on it again? These emails are just truly unprofessional and to me bespeak just how poorly this org was going about cultivating assets and analyzing raw intelligence *cough* they were alleged to be getting from “sources”

So, let me sum up.. What you have put out there.. Doesn’t scream UBER SECRET PRIVATE CIA… It screams something more like “LOOK AT MEEEEE!”

Smell the desperation.

HUMINT, OSINT, and STRATFOR

Going through the emails I just kept saying to myself; “WTF? What? No real reports, just scuttlebutt from people and no real vetting of the data? Just gut hunches and who knows who and for how long? It was a morass of terrible conclusions, hints, and allegations that weren’t properly looked into by analysts by the way things looked from the emails alone. Like I said above, there may in fact be more as well as some of these may in fact not even have been put there by AntiSec to sweeten the conspiratorial pot. However, generally, it’s just amateur hour here and that is disturbing.

While the masses may be unaccustomed to the intelligence game, some of us out there know a little bit more about how it works. While the likes of Wikileaks rail about how they are all bad, using money and perhaps even sex to sway their sources, the reality is that this game has ALWAYS been played this way. Intelligence is a dirty business and crying about it in this way for me, is just naive on the part of WL and Anonymous. That said though, let me clarify for you all here and now, the data that was being collected via the emails dropped were not state secrets as a whole. In fact, this was much more TMZ than CIA.

This kind of information does have its place in real intelligence work, but, the idea of trying to make out that the things seen in this dump are at all akin to what the CIA really does is just laughable. As is the notion put out there by the emails that Stratfor thought they were “the shit” by paying assets that they could not really trust nor really had a good way of vetting. My question is just how many of those guys/girls took the money and just gave Stratfor a bill of goods? How many of these “sources” were actually just people making a buck and selling snake oil?

For that matter I half expected to see LIGATT listed as a source….

No, much more of what I was seeing in the emails was scuttlebutt or in fact OSINT of the lowest order. They were actually citing other news sources in their emails! Uhhh, yeah that is real INTEL there. Sure, today a lot of intel comes from the news because they are there and are quick to report it. Quicker than actual intelligence officers in the field, because, they are “in the field” and cannot just pick up a phone and call Langley. This stuff though, was just riddled with suppositions and half baked theories which I am now pretty sure, made it into finished reports… And that is sad.

Overall, my impressions from reading the emails and not seeing anything else bespeaks an organization that was hungry for money, willing to do what it took to give their clients “reports” and throw caution to the wind as to the veracity of their data. This is not an intelligence agency in any way and certainly should not be looked upon as any great threat.

Much Ado About Nothing

So, there you have it. It really is much ado about nothing. The emails show a certain callousness as well as a greedy disposition (8k for a background check/dossier on someone? Holy WTF indeed!) Generally, I would be more afraid that their data was faulty and full of half truths than real solid intel from sources that they have cultivated. In fact, I would go as far as to say someone like Jericho might want to check their stuff for plagiarism himself because I think they must have ripped off someone in the news somewhere along the way, but, that is just my theory.

This firm should be afraid now that it’s emails (if all theirs) show a company that is hamfisted in its approach to data collection and analysis as well as one that did not perform ANY due diligence for its customer’s sake. That last bit there is really really important as well. Any intelligence agency kids, would in fact perform the due diligence to protect their sources and their customers data. See, when real spies let stuff like that out or commingle it in email spools, people tend to die.

*Another point I meant to bring up earlier.. None of this stuff would appear all in one spool in a real intelligence operation*

This is all much ado about nothing and once again, the kids with Anonymous and Wikileaks have failed to understand the realities of the world that they now want to play in.

Intelligence.

Where Problems Do Come Up

Finally, I would like to enunciate the areas where I think there are large problems for Stratfor from this dump.

  1. Bad data and poor vetting of sources
  2. Bad OPSEC and Security Hygiene
  3. Lack of controls other than tags in emails for classifying data
  4. Lack of proper analysis of information collected
  5. An utter lack of equanimity in their analysis and collection

Lastly, this email covering the new capitol fund company that they started has me wondering. Would this not be insider trading using espionage? How is this not illegal? Really? You are going to start a new wing of business that is connected to your private intelligence firm that will profit from the collected intel you gather?

*shakes head*

I suspect that the senate may want to look into that..

Oh.. Wait.. Seeing as they too are also in the throws of some insider trading scandal as well, maybe they will just leave that alone eh Fred?

I guess the lessons learned from this whole event are; Never trust a scorpion on your back crossing a river… And don’t take wooden nickles from Julian Assange. though, I guess Fred really says it all in one quote from an email linked below:

Therefore while Stratfor is committed to intelligence collection, it does not intend to be slavishly committed to it.

There you have it.. Pretty much covers the matter huh? Where’s Gordon Gekko when you need him huh?

K.

 Fun reading from WL:

Sourcing Insights: http://wikileaks.org/gifiles/docs/97882_re-alpha-sourcing-insight-.html

EPIC QUOTE http://wikileaks.org/gifiles/docs/898587_draft-of-handbook-chapter-on-organization-.html

Written by Krypt3ia

2012/02/29 at 21:41

Just Don’t Be Naïve: Anonymous, Occupy, Cyber Terrorism, and Jingoistic Rhetoric

with 2 comments

Don’t Be Naïve…Or A Conspiracy Theorist

A post from rjacksix, a.k.a. Robin Jackson caught my attention on Infosec Island today and given my past history with him, and the subject of the post, I feel compelled to respond. The post: Don’t Be Naïve about Anonymous or the Occupy Movement” is full of logical fallacies that assume a lot about the organization as well as it’s followers that indeed beg the idea that there is a darker cabal at its heart. While there may be a few out there who might fit this description within Anonymous and Antisec, I doubt that the contention that there is larger cohesive operational command and control afoot is the case.

Frankly, the post comes off as full of dark conspiracies verging on the loopy-ness of New World Order that tag the main stream media as a part of this vast “conspiracy” against America.

*blink blink*

Really? Hey Jacky, what’cha been smokin? Dude you just moved into Detective Munch territory… And, you ain’t on TV mmmkay?

He starts off the post with the dark territory of conspiracy and then dismisses it as just a minor plot point,only  to go on and argue the malice against America that Anonymous has. Well then why mention the conspiracies at all Jack? You wanted to make a point there but you don’t want to back up the argument? C’mon man, give us more than links back to your own site for reference. How about some other kinds of say, oh.. Evidence? Stay on point dude.

I guess you just kinda want to gloss over that huh?

Anonymous vs. Antisec vs. Other Forces At Work (giving too much credit to Anonymous)

So, the post goes on to claim that Anonymous is a threat just as General Alexander (NSA) intones. Well, uhh Jack, Alexander did not say that Anonymous was a threat “now” in fact, if you read the comments, he said they may be in the future and that they “could” do something like attack portions of the grid.

Ayup.. Well, yeah sure.. They could. But then again, so could I and a couple of other guys I know, so what?

The fact of the matter is that Alexander was projecting a bit there wasn’t he? I too have seen the pastebins and talk about SCADA systems and yeah, I would be concerned that some of these morons might actually go out there looking for a grid or a water system PLC to fuck with. I am pretty sure they already have in fact, but I cannot prove it, can you Jacky? Got some real proof? I mean pr0f_srs did a bit of poking about, but he posted that stuff for the people to see.

Documented… Not hearsay on the IRC man. Show me screen shots or it didn’t happen.

The fact is, Alexander did not say they had already been in systems and that this was a problem NOW. He said in the future they could gather enough cohesion to do something. So, this is all quite speculative really but ok, let’s go with it, say certain factions of Anonymous want to do this for the Lulz, ok, they could do it now I think on the scale that the general was speaking of. What he was saying in the end is that there could be pockets of outages “if” someone like Anonymous monkeyed with systems. This could happen today with a single intruder as well as a group, whether or not they are Anonymous or nation state actors.

The net/net here is that the general is worried about Anonymous because of their actions thus far. Though, he failed to really make the point that thus far, Anonymous nor Antisec have done anything spectacular in hacking nor in damage to the country as a whole. They have managed to embarras a lot of people, cause some financial pain for some, and others have had lulz at their expense.

It’s not that I condone any of it.. But… Really? This begets a a substantial threat to the nation and needs the attention of NSA?

It’s not a problem for NSA on the face of it. It is the problem of the NSA underneath it all, which Jacky does not talk about. It’s the idea that Anonymous could be used for False Flag operations by other governments and or terrorist organizations across the globe. Something he did not mention at all but I wrote about Tuesday. By this I also mean that some Anon’s may actually play a part in the hacks, but, more than likely, it would be others hacking for said countries or terrorist organizations under the name of Anonymous.

There is a specific difference there and once again Jacky blows it all out of proportion. Does he infer that perhaps the core hackers that comprise Antisec/Anonymous are in fact the working at the behest of these other entities? No, I don’t see it in his post.. Do you? Nope, he just once again glosses over the fact that this could be the case, instead he claims that Anonymous and OWS have “malice towards the United States” (while draped in the flag) which to me is quite misleading and disingenuous.

Malice Against America!

Malice toward America.. Hahahaha wow. Doesn’t that just sound like an existential threat to the country huh? I bet general Alexander wishes he had said that! Look, yes, there are some now within the collective who likely hate the US. Yes, there are likely terrorist sympathizers if not outright members of certain terrorist groups in the mix as well. However, I would say that on the whole, Anonymous is comprised of witless stooges in their tender youth who have no clue what they are doing other than being counter culturally cool in their minds eye.

Once again Jacky is giving them too much credit on the whole. The use of vile language and humor that is tasteless as well does not mean that they are a threat to the nation. After all, /b/ has been around for a long time and, while they may be crass and base, they aren’t out raping and setting fire to their neighbors homes like “The Class of 1984” I just see the offensive nature once again being spun to mean that they are a “clear and present danger” which is pointless. One does not mean the other, you have to look at actions not just the words Jack.

Are there people within the collective who may in fact be a danger?

Sure.

Do they have that much control over the ADD masses that are “Anonymous”

No.

Once again Jack, you over dramatically play the rhetoric to make your case, a flawed one at that.

ZOMG THE GRID IS IN DANGER FROM ANONYMOUS!

As I have written and posted (with actual evidence and backup fact checking) Anonymous has in fact (factions of) dropped pastebins of alleged PLC/SCADA systems. When checked though, they turned out to be HVAC systems all over the country. The pastebins all touted that this was EPIC and bad. Well, not so much really from the perspective of any kind of “cyber” warfare or infrastructure protection standpoint. So, once again, any mention of this is aspirational to be sure, but, in practice turns out to really be just FUD generating material for the likes of Jack or the main stream media that he seems to think are in a cabal with Anonymous.

*shakes head*

What the NSA (via Alexander) was a little presumptive really and it sure made the headlines. Anonymous (someone claiming to be speaking for them) said that they had not considered this type of action and that this was all just a smear. Well, yes and no. I can see the concerns that NSA has but as I wrote Tuesday, I think it is from the perspective that anyone can claim the name Anonymous and do bad things now. Not just that the Anonymous core will mandate that the masses should attack the infrastructure. Frankly, I think many of the foot soldiers would probably say no to this in the end for fear of really being branded terrorists.

And that is what would happen. It would be an official mandate from the government should someone claiming to be Anonymous took out a city or a town by hacking its SCADA systems. Hell, I frankly think that with the rhetoric today about cyber warfare AND the insecurity/permeability of the Anonymous model, that someday this very thing will happen. It won’t be the end of the world as we know it, but, it will give the government the excuse to take liberties with laws and go after “Anonymous” with everything they have.

This is where I have the MOST problems with the likes of Jack and his rhetoric in these posts… It’s just verbal diarrhea without any real backing by facts other than “I know secret things”…

But that too will be talked about soon in another post.

Let’s REALLY Think About The Differences Between Nuisance Attacks vs. Warfare

Finally, lets look at the problem of what Anonymous has really done as opposed to real damage. Jack uses the term “kinetic” improperly in the top of his post. A kinetic attack would be in tandem with a digital attack. First off, I have not seen anything like this happen. In fact, OWS has very little to do with Anonymous. Anonymous came to their party after the fact really as a support mechanism. To date though, I cannot reccollect an actual attack in the digital realm where a physical one was carried out in tandem with OWS.

Fact is, OWS has just made lives difficult by “occupying” public spaces with their right to protest… You know, something in the Constitution? Yeah, remember that? It’s our right as citizens to protest and this is what they are doing. Do they have a real cogent agenda and plans to do it? Not so much as I have seen really, but they do give it the hippie college try.

In short.. OWS is not a problem.. If anything they are just another nuisance for law enforcement. They are not an existential threat to the USA Jacky.

So, once again we go back to Anonymous and the existential threat that Jacky would have you think they are. I say to you all, that ANYONE could be that threat. APT are that threat! Lone Wolf hackers out there with the right talents and access ARE that threat! In the current modality of thinking that Jacky and others have and this is the fundamental problem. I have also written and ranted about this in the past as well. I am sorry, but none of this adds up to the Die Hard movies in these people’s heads.

Richard (Dr. Cyberlove) Clarke

Gen Alexander (NSA)

Senator (Droopy Dawg) Lieberman

Senator Jay (Moneybags) Rockefeller

All of them think that the world is going to end because the grid will be attacked by the likes of Anonymous or China. Zombies will rise from the grave and flesh will  be eaten as the sun implodes!

Sorry, no, it won’t.

To really have an attack that merits all this hand wringing you would have to have considerable money, time, and effort. Never mind the access that one would need to innumerable systems that would have to be taken out in such a way that they would not come back because they ate themselves (think fire and explosions) and this is not Anonymous even if they made boasts that they could or would do it.

Nope, there might be nuisance blackouts and FUD would abound, but, it would not be the end of the world as we know it. Frankly, this has been around so long and we have had systems like these connected to the internet so long it begs the question “Why hasn’t this happened already?” Well Jacky? Why hasn’t it? Is it that the false flag operators just needed an excuse like Anonymous? Or was it that perhaps the contention that the effort to pull this off is so huge that no one wanted to invest the time?

I vote on the latter.. AND if someone wanted to do this, then they have been planning and working on it for a LONG LONG time now. They have just been waiting for the day when all of their troops are ready to swoop in and take over like “Red Dawn”

Yeah, I went there…

In the end Jacky, I put it to you that you are confabulating a lot here. I think you might be better served by getting a sandwich board with “The End Is Nigh!” on it and raving at the passers by.

K.

Written by Krypt3ia

2012/02/23 at 21:35

Anonymous, NSA, Grids and False Flags

with 4 comments

So… Anonymous Is Going To Attack The Grid Huh?

Ok so Anonymous, or those claiming to be “Anonymous” have put out the word that they plan on attacking the internet’s root DNS servers. This unqualified threat left on Pastebin somehow has translated in the minds at NSA (Gen. Kieth Alexander) that Anonymous will eventually attack the power grid (America’s in this instance) and drop the power for “limited” areas of the country…

Maybe…

Someday…

BOOGA BOOGA BOOGA!

*peers with slit eyes while making magic hands*

You scared yet?… Cuz this works great at the kids birthday parties.

Seriously, Anonymous has never officially made a statement (as if they really could given their model of operation) about attacking the power infrastructure at all. Sure, there were some drops of IP addresses in the recent past that they claimed were SCADA systems (they were, but they were really only HVAC systems in various places across the country) So where is the NSA getting this all from? Surely they are projecting a little bit here huh? Such an imagination on these guys!

Wait.. What’s that? There was a movie about something like this? Oh yeah… “Live Free Or Die Hard” THAT’s where they saw this! They think Anonymous is gonna have a big FIRE SALE! Well, it’s a logical conclusion I guess.. That is until you let logic actually cloud your thinking and decide that it would not be in their best interest to do such things as a group.

Damn, there goes the screenplay I was thinking of!

FUD MUCH?

Down to brass tacks here.. Dear NSA… Really? How about this, how about instead of worrying about it, you maybe force the PLC makers and their interface third party contractors into actually securing their shit? Maybe re-design and re-tool everything a bit and re-mediate the issues in the first place so there won’t be this great ability to attack such systems as they sit on the internet? This whole line of dialog that the Anon’s are gonna attack the grid is a bit premature and really does a disservice to us all. This is especially the case when you talk to journalists hungry for a cutline that will make the wires buzz and get their byline in big print.

This is plainly just FUD of the worst kind Kieth and you should be ashamed of yourself.

First off, you are gonna tell me that Anonymous or for that matter Antisec is going to be stupid enough to attempt such a thing. This would be a death blow to the group. I mean, if they did this kind of action, then they would be the most hunted of all the problem children online. Secondly, you are giving them WAAAAAAAAY to much credit in the technical skill department here. Look at the attacks these guys have been pulling off! They have all been quick hits at low hanging SQLi fruit and you seem to think this implies great skill?

Kieth, do you even know how to run a computer? Do you have a working knowledge of hacking? Cuz, I am telling you right here and now, I don’t think you know what you think you know.. If you know what I mean.

To date, the hacks that the skiddies have pulled off have been embarrassing and surely a pain in the ass, but they have not been 3l337 as they say in the biz, nor have they really shown any cohesive ability to plan larger and more complex operations at all. In short, and I know you have heard the term I am about to use.. Anonymous is not synonymous with APT. Please do listen to what Bejtlich said in the WSJ piece (finally he and I agree on something.. Shouldn’t the forces of gravity and magnetism stop now and implode?) This is not an issue now and I really doubt that it will be an issue later.

Unless you take into account that Anonymous may in fact not be the ones that do it… They just use the convenience of the name and their poor operational model…

Say, Is That A FALSE FLAG In Your Pocket Or Are You Just Glad To See Me?

So, this brings be to a conversation I had earlier about all of this on Twitter. I spoke of this very thing at DEFCON last summer and I would hasten you all to consider what I am saying again. IF Anonymous does in fact attack the grid, I would put to you that it is not in fact “Anonymous” whatever that may be, but instead those nation states using the nome de plume of the collective as a cover for their actions against a sovereign nation. This is called a “False Flag” operation and it would be used to attack while having the perfect cover (thanks anonymous!) for the operation to be pinned on others.

Say China (the usual suspect) wants to test our ability to deflect such an attack and decides maybe to hit a small power grid in podunk Iowa. They could just as easily post a pastebin saying AH HA! ANONYMOUS IS GONNA HIT THIS FACILITY! and then just do it. Alternatively, they could claim it after the fact as Anonymous and no matter how much the Anon core would say “WE DIDN’T DO IT” no one would really believe them would they? Especially now that Kieth is out of the NSA closet here huh? This is a win/win for the nation states and a lose/lose for the Anon’s really.

I warned you….

So, now the stage is set and we anxiously await the curtain to drop…

*pops popcorn*

Satire Aside…WTF?!?

Anyway, I just wanted to re-iterate that once again we have the media running with a story that seems to have legs, and even if you read into it “This won’t happen now, but soon” it still does the trick for the government. After all, I am sure many out there are now worried that Anonymous is after their power systems. That one day their lights will go off and a large shadow of a Guy Fawkes mask will hang in the air like some plot device from a James Bond film..

Or.. wait.. Like the capitol blowing up in that last Die Hard film…

So, which one of you Anon’s is Thomas Jane?

Sabu?

Meh.

Look, see through this WSJ story as either one of two things depending on your bent and jaded nature.

1) NSA is really worried about this and not so much Anonymous but nation states using their name… (this I can get behind)

2) NSA/Kieth et al. Are using this as a means to an end to get what they want… They want complicity on the part of the people to enact more laws and oversight on their part of the internet… And by proxy control over all our privacy.

Up to you guys what you think…

Either way though, I would say that Anonymous has let the genie out and they did not account for this.. You all could be in some deep shit here..

Let the games begin!

K.

Written by Krypt3ia

2012/02/21 at 23:02

Posted in .gov, Anonymous, AntiSec

Game Theory, Anonymous Causality, and 2012

with 11 comments

Anonymous Factions and Influences

Anonymous being what it is, has always been susceptible to influence and infiltration from the outside as well as the inside. The nature of the movement is such that it resembles the cell structure of terrorist action groups like Al Qaeda have adopted over the years.

  • Decentralized
  • Autonomous (to an extent)
  • Headless (perceived only in some cases)
  • They have “wings” (action wings, propaganda wings, technical wings etc)
  • Small cells with distinct leadership working in compartmented protocols
In the anonymous world, the communications take a stratified approach as well. IRC is the medium for much of the comms but there are hidden chat rooms on various servers where the core meet to plan and talk. I am sure there are other means that they utlize as well such as i2p email addresses and other anonymized means of communication.

 

Due to the nature of Anonymous though, it would seem that the various players do not form a cohesive whole for the most part. So the cell’s that are out there can affect to greater and lesser extents due to the members of the cell and their capabilities. An example of this would be the core group called AntiSec. AntiSec, comprised of the more technical hackers from what has been gathered, has been attacking various sites for the lulz as well as perhaps with an agenda to cause the government and corporations pain by releasing embarrassing and or compromising data (See HBGary for an example)

 

Over the last year we have seen an evolution within Anonymous and its various movements. The latest being the AntiSec movement that really came out swinging after the LulzBoat set sail once their 50 day run was over. It is this latest group that has people concerned and may in fact be the more cohesive core of Anonymous, one that has a set group of leaders at its core, leaders with an agenda….

 

Anarchy.

 

Escalation and Over Reaction

The latest “hack” and release this last Friday (#FFF Fuck FBI Friday’s) is a case in point and I think as I started this post over Shmoocon weekend, it is only appropriate to use the FBI conference call as a focus today. Over the year AntiSec has been performing more and more actions against whoever they could attack. It seems that from the attack vectors to date (except this last one) have been attacks of opportunity with some direction (such as look for all police departments with holes on the internet) others seem to be perhaps fortuitous hacks given to the movement by those out there sympathetic to Anon or just looking to have their lulz while others perform the dirty work.

Either way, the stakes have been rising and the escalation has been seen over the last year into this one between the governments (in my case the US) and Anonymous and AntiSec. With the leaking of the FBI/MET con call this last Friday, we will see another evoution to the escalation because now, the Anon’s have directly shamed the FBI, the Met, and other orgs seeking to prosecute them.

Think of it as the angry bee’s nest Colbert spoke of about Aaron Barr.. Except this time AntiSec has deliberately slapped the bee’s nest with a bat as they walked away pointing and laughing. This will not end well for either really I think. As of today the FBI has stared yet another case file on the hack of the email accounts attached to the distribution list that the invitation for the call went out to. The assumption here is that someone forwarded the email to a private acct, one that had been compromised earlier and was the source of the email that allowed the Anon’s to dial into the call.

Meanwhile, Sabu has tweeted that AntiSec has been monitoring FBI comm’s for a while now and still had access as of Friday. I am unsure that this is truly the case but it cannot be discounted as just another braggadocio about their hacking prowess. You see, the Feds for the most part are not the most tech savvy as a group, especially within the rank and file SA’s or SSA’s. So, it is possible that there has been some pwnage and that the net effect is they have been compromised to the point where investigations may become harder to prosecute.

(Think about it this way.. Hacked FBI accts etc leave much for a good defense attorney to work with on the idea of reasonable doubt)

This is going to make the FBI over react and possibly over reach. This in turn will also put the government on a back footing as well and make them more apt to do things in a knee jerk fashion as well. You all thought ACTA and SOPA were bad.. Wait til these government guys feel the burn of future hacks on them as well as what just happened.

Of course I am not condoning either side here, but, I am trying to get across that we once again have the Batman conundrum.

“You made me… I made you…Let’s dance”

Meanwhile, the collateral damage piles up and the innocent are the ones most likely to feel the bite from both sides. Ironically, while both sides tell us all that what they do is for our own good.

Heh.

A Master Plan or Unintended Consequences?

Since the beginning of the Anonymous movement’s gaining critical mass and bearing the AntiSec fruit, I have been wondering if there is indeed a master plan here. Anonymous claims that they are autonomous, amorphous, a swarm, but I think that is a generalization that only fits when you look at the whole. When you start to bore down into the cells out there, you can readily see that there are pockets of cohesive groups. One of these groups is of course AntiSec. This group I think has acquired a certain amount of play within the Anonymous circle and thus would be a leadership cell.

Recent posts of the “Coming Insurrection” on sites that have been hacked by AntiSec have lead me to believe that there is a fair amount of Anarchist belief and activity within this cell of Anonymous. In fact, there seems to be from information sources, that AntiSec is in fact running the show now or would like to. As the hacking wing, so to speak, of Anonymous, they wield a certain cachet and also, from same sources, may in fact intimidate the moral fags a bit. All of this means that the core of AntiSec and their acolytes are really making the agenda as well as performing the actions to drive their agenda.. More than the penumbra of Anonymous as a whole.

So, in looking at the use of the Coming Insurrection and the propaganda by the “Sabu’s” on Twitter, it has become more and more clear in my mind, that the agenda is not only Anarchy, but also quite a socialist (for lack of a better term) bent. By watching the Sabu account on Twitter, one can also see the socio-political bents of “Free Palestine” as well as a general call for the downtrodden to rise up against the government. Is this just Sabu being Sabu? Is there an agenda that the others within the AntiSec core also believe?

As well, the use of the “AntiSec” name comes directly from a movement of Hackers and Anarchists back in the 90’s who did not believe that the nascent “Security Industry” was a good thing and that ideas like responsible disclosure of vulnerabilities was a bad thing. It all just fed a cycle where the corporations out there could hide vulnerabilities, keep writing bad code, and generally skate on their responsibilities to keep things secure. Oddly enough, all of those things today are in effect and still we have issues where companies are not doing the right thing as well as have a security “Industry” that contains many charlatans.

The AntiSec of yesterday I am told by sources, do not like the current AntiSec core out there today. In fact, some are a bit peeved from what I have been told.So, if today’s AntiSec is not a descendant of this original group.. Who are they? As best as can be figured by me, they took the name as they liked it but for the most part, there seems to be an Anarchist and Nihilist bent within their ranks and their agenda..

This begs the question though, just how much of their action has been just to sow anarchy and how much has been part of a goal to fight the government for perceived crimes against those they govern? For me, it seems that perhaps the overall goal here may be in fact to push the issue until there is a civil war of sorts. How would this play out? Well, I think we are seeing the beginnings of this now.

  • More governance of the internet
  • Less privacy
  • Additions to laws concerning terrorists and terrorism that now center on the internet and “cyber-issues”
  • knee jerk reactions creating bills with over-reaching language allowing for abuses of power
Granted, some of this may have organically been created from today’s issues over hacking and the so called cyber-warfare ongoing between countries. However, i think that this has sped up quite a bit as Anonymous?AntiSec push the buttons more and more against the police and the government. The net effect is that AntiSec is baiting the government and the authorities into over reacting. With each dump of data and compromise of site, they push and push the fools running the country into being more fearful that they cannot control the situation.
The reality is that they can’t control it.. Hell, they barely understand it…
And this makes it all the worse.

Predictive Behavioral Analysis of Both Anonymous and Government (USA) Using Game Theory

I have been watching this Greek tragedy play itself out over the last year and frankly I just don’t see this going well for anyone. It really boils down to a couple of outcomes and neither one I think is good.

  1. AntiSec becomes even more brazen attacking more frequently as they gain more power/synergy with more followers and people willing to help them
  2. The government will continue to attempt to catch the players. Some will get caught and there will be trials.
  3. The trials will escalate the anger and the AntiSec crew will seek more and more directed targets to shame and disrupt the authorities cases
  4. Laws will be enacted restricting the internet and the privacy we all should be able to have

The thing here is that AntiSec will not just go away.. Nor will the governments of the world change their ways. If indeed AntiSec’s core believe in anarchy as a way of life, then they will go on sowing it. This will cause the government to over react and do some pretty stupid things as well. It’s really Batman and the Joker all over again.. And as I think about it more, it becomes a very apt allusion to what is going on.

Except that the government is not as smart as Batman or as moral/ethical….

Normally, the use of “Game Theory” attempts to determine the best outcomes for winners and losers within games, politics, economics etc. In this case though, the real loser I think is the third party here…

You and I.

This game cannot be won. It will continue back and forth and there will only be collateral damage. Think of it this way… This war being waged by AntiSec and our government/authorities can be seen as the next war between all parties in the Middle East. Fought over thousands of years because of perceived differences of opinion over religion and land. Like the Shia and the Sunni, or the Israeli’s and Iranian’s this tribal tit for tat will continue on and there will be no clear winner..

Ever.

Perhaps WOPPR said it best…

“A strange game. The only winning move is not to play. How about a nice game of chess?”

K.

Written by Krypt3ia

2012/02/05 at 21:50

AntiSec and the Coming Insurrection

with 2 comments

Antisec, Stratfor, and The Coming Insurrection

“We believe in nothing, Lebowski. Nothing. And tomorrow we come back and we cut off your chonson.”

On Christmas Eve it seems that AntiSec decided to release hacked data from Stratfor ( an OSINT company) that they had taken before  *rm-rf’ing* the site. They replaced the website with a new page that included a long diatribe called “The Coming Insurrection” by the “Invisible Committee” a.ka. The Tarnac 9

This twist in the defacement puzzled me and I decided to read the whole of the document. Once I started, I became even more perplexed wondering just what the hell the AntiSec’s were aiming at by putting it there. Was this disinformation? A lark? Or, was this a tome that they are starting to believe in? Or, had they believed in this documents line of thinking all along? I was somewhere in the middle of the document (written in 2007 and posted online around 2009) where the words “Fuck the Police” stood out for me off of the page.

How many times have we heard this statement out of AntiSec as they popped LEO’s websites and published their private details? It seemed to me that someone or a number within the AntiSec movement today believes in this treatises precepts.

After reading the whole of the document, I was left with a feeling that the writer of the document (it claims to be a collective effort, but the flow and language is definitely one person doing the writing) was not only delusional, but also that they had some pretty severe social issues surrounding self worth and anti social tendencies. The stream of consciousness that goes on for page upon page, makes all kinds of pronouncements on society in general as well as the ill’s of capitalism. Generally though, the locus of this whole thing seemed to revolve around a certain kind of Nihilism without it being clearly defined by the writer.

After digesting it all and parsing the dysfunction from the dense language within the document, I was left wondering a few things;

  1. Is there a certain number of AntiSec followers that believe this document to hold some elemental truth today?
  2. How many believe this?
  3. If not, was this just a lark? (seems that they have posted this before on defacements so I tend to think not)
  4. If they are true believers in this document and the Tarnac 9 ideal, then to what ends do they reach by their actions?
  5. Do they even understand the precepts of this document fully?
All of these questions I think are pertinent to the whole of the Anonymous/AntiSec/LulzSec problem today. You see, if there is a rampant belief in “nothing” then they have no real mores, morals, or societal constraints. This means that they are perhaps indeed sociopathic in nature both as a whole (en toto) and on the individual level of each person involved (see my previous post on macro vs. micro sociology with regard to Anonymous)

The Tarnac 9 and The AntiSec Movement

Nihilists! Fuck me. I mean, say what you like about the tenets of National Socialism, Dude, at least it’s an ethos. 

After reading the “Coming Insurrection” I then decided to see just how often if at all the AntiSec group had aligned itself in any way with the ideals of the Tarnac 9. Was this just a document that they picked up and liked parts of? Was it more than that? Did they have an abiding kindredness to the Tarnac 9 who eventually were marked as terrorists and arrested?

What I have seen thus far is not direct statements from AntiSec aligning themselves with the Tarnac 9.. But.. I did see connections between their (AntiSec’s) rhetoric and the precepts at least of the whole “Fuck the Police” thing. After all, any of you out there can see that in their actions against all police and military groups, which include what they term as “White Hats” This amalgam of police and now white hat hackers (who are allegedly helping the police and the police state by complicity) aligns directly to the Tarnac 9’s aegis as well as it would seem the whole idea that the system is corrupt beyond repair and must be dismantled.

Another oddity has always been the LulzSec/Antisec logo. It always came off as being effete and French. This connection now with the Tarnac 9 and the Coming Insurrection now kind of makes sense to me. Could it be that there are some core members here who have a background with the movement from France and all that surrounds it post their arrest in 2008? More so, one wonders just how many of the followers within AntiSec/LulzSec are in fact Anarchists with a penchant for all of this?

 

 

The original Anti-Sec movement pre-dates all of the Anonymous hullabaloo today. Anti-Sec came into being around 1999 and stemmed from a belief that the information security “industry” was being corrupted by the “Full Disclosure” movement. By full disclosure, they meant that the disclosure of vulnerabilities and 0day as well as pretty much all of the dark arts of hacking. They believed that within the community the “industry” was being shaped where the corporations were controlling the masses by releasing exploits and data to force people to buy their products.

It would seem at least to me, that there has been an meshing together of the two ideals with the last postings on AntiSec defacements of the Coming Insurrection… One being the original ethos of Anti-Sec and now the more anarchical Tarnac 9 movement ideal.

This not to say though, that ANY of the original Anti-Sec followers are in fact within the ranks of AntiSec or LulzSec.. Though it cannot be ruled out. What my contention is is that those today involved in AntiSec and LulzSec may in fact have spent time reading both the Tarnac documents and the original Anti-Sec movements treatises.

This is my theory…

Antisec, Anonyous, LulzSec: There Be Dragons Here

No, Donny, these men are nihilists. There’s nothing to be afraid of.

In the end though, I think that the posting of the Coming Insurrection may indeed be a sign of things to come for AntiSec, Anonymous, and LulzSec. If indeed they are not just throwing this out there for the lulz, then perhaps they are attempting to recruit new followers with like minds. Perhaps they are indeed staking the ground and giving a political bent to their antics as some like @ioerror have tweeted about post the hack on Stratfor.

If indeed AntiSec is making a political statement, then I should think that they are going to be in for some trouble. You see, the Tarnac 9 were marked as terrorists and arrested in late night raids. Anonymous and AntiSec/LulzSec so far have not been marked as “Domestic Terrorists” or otherwise, but, with a political bent like the one put out by the Coming Insurrection, I surmise that the governments of the world will soon see the writing on the wall..

“Terrorists”

You see, much of the rhetoric and call to action that the Tarnac 9 had (sic Coming Insurrection) had the feel of a Black September or Bader-Meinhof  propaganda piece. It seems like the 70’s heyday of action groups has taken a 21st century turn with the use of the Internet and linking such documents as the Coming Insurrection to an action like hacking Stratfor and the rhetoric surrounding the likes of Sabu…

Well.. You see my point. Even the language use has changed of late. Just look at the text on these hacks where they start calling people “Comrade”…

So, all you “moral fags” as you call yourselves within Anon, may want to take a step back and look at it from this perspective. It may be that you have invited a stranger into your home and said stranger, as I warned at DEFCON, may not have your interests in mind. The “idea” of Anonymous I think has co-opted by those who have a larger political agenda that is not your own… And it may be one that will do you greater harm.

On the other hand, all of this could be just AntiSec and LulzSec blather. It could in fact be that these folks really do not understand the writings of the Tarnac 9 because their reading and retention level stopped at around grade 6… Or, perhaps they aren’t that mentally malleable to buy into the drivel that the likes of Julien Coupat spat out within the Coming Insurrection…

Either way though, I think the worst things will be read into it and thus change the stance of the masses on the subject of Anon.

K.

Written by Krypt3ia

2012/01/04 at 16:31

Posted in AntiSec, Nihilists