Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘As Ansar’ Category

Jihadi Hacking Tutorials: Irhabi 007’s Text and More….

with 2 comments

I recently posted some preliminary findings on files found on Jihadist websites for hacking. Actual full tutorials on how to hack that ended up with actually useful data and tools for the jihadi’s to hack in the name of Allah. In looking at those files I also ran across a section of .pdf files that included a text, that if I read correctly, is from Younis Tsouli aka “Irhabi 007” (Terrorist 007) Like the autorun/distro like tutorials from earlier, these pdf’s run the gauntlet of current hacking attacks that are the hack-du-jour. PHP hacking, SQL, Linux/*NIX hacking, Database hacking of various kinds etc. Much of this data has been taken from other sites like MILW0RM and others, translated into Arabic with notations and put into the pdf format for dissemination on jihadi sites and or, certain Arabic hacking group sites like XP10.

With each tutorial though, the hackers had to add their own personal emails on there, so I have about 10 or so addresses to put into Maltego and Google. So far, “metoovet”, who created the tutorial on hacking that I posted about last, seems to be rather open in using his hotmail address on other sites including a business site for programming. The site is ostensibly his and via a whois I was able to get another address of his. The sum of the data points toward his being not only a hacker programmer, but he also claims to be a medical student.

Heh.

I will continue the poking about on this, but I thought these files would be interesting for you all to see. They were uploaded to the megashare a while back and I am sure have proliferated all over.

The Files

On the 007 text though, I need a good way to translate the pdf file. His stuff was pretty comprehensive too…

More soon.

CoB

Jihadi Penetration Tutorials: Metoovet

with 2 comments

Recently I have been writing some about the tools and methods that the “hackers” on the jihadi boards have been using and promoting. Until now these tools and techniques have been mainly “Windows” centric and a bit behind the times. This however changed today when I found a new section that I had not looked into before.

Evidently, Sword Azzam, is now offering a new tutorial series “metoovet” put together by an islamist hacking group “xp10” whose site resolves to:

Registrant:
abdulaah alzhrani
ksa
jeddah,  123456
Saudi Arabia
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: XP10.COM
Created on: 20-Apr-03
Expires on: 20-Apr-11
Last Updated on: 03-Jun-10
Administrative Contact:
alzhrani, abdulaah  x25x@x25x.net
ksa
jeddah,  123456
Saudi Arabia
+966.555555555      Fax —
Technical Contact:
alzhrani, abdulaah  x25x@x25x.net
ksa
jeddah,  123456
Saudi Arabia
+966.555555555      Fax —
Domain servers in listed order:
NS57.1AND1.COM
NS58.1AND1.COM

Registrant:   abdulaah alzhrani   ksa   jeddah,  123456   Saudi Arabia
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)   Domain Name: XP10.COM      Created on: 20-Apr-03      Expires on: 20-Apr-11      Last Updated on: 03-Jun-10
Administrative Contact:      alzhrani, abdulaah  x25x@x25x.net      ksa      jeddah,  123456      Saudi Arabia      +966.555555555      Fax —
Technical Contact:      alzhrani, abdulaah  x25x@x25x.net      ksa      jeddah,  123456      Saudi Arabia      +966.555555555      Fax —
Domain servers in listed order:      NS57.1AND1.COM      NS58.1AND1.COM

The tutorial set not only has teaching materials and how to’s but also full tar files of more exotic hacking programs that you would find in the hands of a more technical hacker. This is the firs time I am seeing this and after having gone through the files, I am somewhat impressed with the package. These guys are the real deal.

The package is fully integrated with a nice little front end and even a music track. The range of hacking goes through *NIX, PHP, IIS, and on with the how to’s and even a test case to try for yourselves.

All in all, this and other packages suddenly have appeared and I am seeing a real change in the tenor of the site’s technical area. It would seem that the XP10 folks and some new entries from Palestine have brought some new blood. If these guys are indeed learning and able, they may be a bit more of a threat to the internet.

Also included within the discussion group and files I found a whole series that was written by Younis Tsouli aka Irhabi 007. I have mentioned him before and it seems by the looks of the comments that the jihadi’s have not forgotten him either. My fear is that these guys R3P, and Azzam with the help of the guys at xp10 might just fill the shoes of the former irhabi. If that is the case, and they get a real base of ‘hackers” behind them, then we could be seeing more problematic hacks and data ex-filtration.

We shall see…

I will be pulling all of this apart and performing some forensics on the files, which there were many more of than this particular tutorial series. Additionally, there are a plethora of sites within these documents that I will be spidering out to and rooting around in. I think I will be pretty busy in the near future.

CoB

Taliban Webmaster: We’ve Been Hacked!

leave a comment »

From Wired.com

Online fans of the Taliban, beware: a website of the Islamic Emirate may have been hacked.

Abu al-Aina’a al-Khorasani, an administrator of an elite jihadi forum endorsed by the Taliban, warns in an online post that “group’s main site and the site of its online journal Al-Sumud,  have been the subject of an ‘infiltration operation.’”

Khorasani’s post on Fallujah forum warns online jihadis “to not enter any of the links that concern these websites, and not even to surf [the content] until you receive the confirmed news by your brothers, Allah-willing. ”

As browsers of the Taliban’s websites know, outages are fairly regular. But a confirmed infiltration may be something new, says Flashpoint Partners’ Evan Kohlmann, who’s been tracking Internet extremists for years.

“The official Afghan Taliban website has, of course, routinely been knocked offline and disabled by cybervigilantes and other culprits, but this would be the first instance that I’m aware of it being actually ‘infiltrated.’  It’s an unsettling prospect for security-minded online jihadists, because such sites can be manipulated by a variety of hostile parties in order to harvest a breathtaking amount of personal data on regular visitors.”

Indeed, in early April, Danger Room snagged a picture used to vandalize the Taliban’s main website, which featured scenes of some of the more notorious acts of brutatlity perpetrated by the Afghan militant group (pictured above).

While authorship of the apparent attack is as yet undetermined, it’s worth noting that the Defense Department stated its intention in the Spring of 2009 to begin shutting down extremist media outlets in Afghanistan and Pakistan.

HACKED!?!? OH NO! Heh, yeah, well this should not be any kind of news to anyone there, but I guess these guys aren’t the sharpest marbles in the bag huh? I mean, what have I been up to all this time? Shucks, and I am not the only one ya know…

Of course you have the odd “jokey” attacks but generally, these guys have been compromised for some time I would expect and they may just now be catching on to it. Of course if you look at my posts on their “tech” section lately, you might see just how savvy they are on the whole of it. They do have some guys who know what they are doing, but no one is as good as Younis Tsouli was back before he got popped in the UK.

At least not that I have seen…

I am sure nothing will change here. If they do take down the sites themselves or with a little governmental help, the jihadi’s will just pop another site up elsewhere and begin to propagandize again all over. It will be a never ending battle really… Unless they get smarter and get some real encryption, VPN tunnels, and dark net type of system that is invite only and rock solid…

I don’t see that happening from their caves…

You never know though… Perhaps they can cobble together something…

Anyway, more developments as I have them from the sites tonight…

CoB

Jihadi Calls For ‘Suspicious Bags’ To Be Left Throughout DC and NYC

leave a comment »

On 7 June 2010, in Uncategorized, by admin

ABC News, 7 June 2010: A recent internal FBI report warns federal, state and local authorities to be alert for a potential new tool in the jihadi terror arsenal – the placing of suspicious, but harmless, bags in public places to inspire fear, disrupt public transportation and tie up police and bomb squads.

The so called “battle of suspicious bags” was encouraged by an unknown poster to a known jihadi website. On May 12th, the poster suggested an “invasions suspicious bags (sic)” in “the heart of Washington and New York,” as the FBI’s Washington Field Office Intelligence Division noted in its May 27th “Situational Information Report.” The bags would contain not bombs, but innocuous items, a tactic that has been used by other political extremists in the U.S. in the recent past.

“The stated goal of the campaign,” said the report, “was to exploit desensitization of first responders caused by response fatigue to suspicious, but harmless items.” . . . .

This is something that I had alluded to as a factor in our national response post 9/11 in the Bush years. It was very easy to freak the country out and keep the fear working for the administration by releasing the wonderful “terror alert” system with that gerbil Tom Ridge at the helm.

Yes, the alert system was obtuse as it was, but it seemed as though the use of it in tandem with nebulous threat warnings about “terror plots” kept this country in a tense state for years. Only recently have we relaxed a bit even after the shoe bomber and then BVD bomber. It wasn’t until Faisal Shahzad that this idea of actually leaving false bombs to scare the masses and have the authorities spin their wheels seemed inevitable.

As I sat watching the police clear Times Square for the second time in as many days for a cooler that had been left in the open, I thought that perhaps this was either a diversion, or, a test run.

It seems I was not the only one to think of this…

Moving forward I can also see that this may in fact also work to the advantage of the terrorists with the boy who cried wolf syndrome. Leave enough packages that are not bombs, eventually the masses will be inured to it all and just leave a real bomb in play.

CoB

Written by Krypt3ia

2010/06/08 at 01:52