Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Bag O' Crazy’ Category

Neuromancing The Cyberwars

leave a comment »

The Great Cyberwar to Come

Every day lately I open up the newsfeed and see more and more dire predictions of cyber doom and cyber war. Each time I read this stuff I just have to hang my head and curse under my breath all of the morons out there both reporting on it as well as those purveyors spinning the cyberwar to come. In fact, I really loathe the term “Cyberwar” as do I think, many of my compatriots in the infosec industrial complex (ooh coined a new one there huh?) Every time these people open their mouths I have to just borrow a line from Seinfeld and bellow;

“SERENITY NOW!”

Enough already of this Cyberwar lunacy! Let me tell you something, we have been in an information war for a long long time and a component of that is EW (Electronic Warfare) For years we have been manipulating warfare through information whether it be planting fake stories in the press (newspapers, tv, radio etc) to manipulating data within systems as part of disinformation campaigns. The only real difference today, and I think is the crux of the cyberwar craze are two factors:

  1. Everything seems to be connected by computers today
  2. We can now manipulate not only data, but the machines that process actual physical processes (ICS/SCADA)

So yes, there is more that potentially can be done to an enemy target electronically, but, the hoopla and hype around cyberwarfare has gotten WAY out of hand today and someone needs to bust that bubble before the morons in charge get their trigger fingers on the button. Perhaps though, its too late for that as I am looking around today and see that the military is saying they have the potential right to launch attacks after cyber attacks…

Good God… It makes one root for Skynet thinking about the great cyberwar to come.

Trust Us… We’re the Government!

What is most frightening to me is that the government and the military seem to be under many misapprehensions over “cyberwar” In the case of the government, more to the point, Congress and the House, we have two august bodies that are filled with some of the most misinformed and Luddite oriented groups of people I have ever seen… And these are the people we are going to entrust to make policy on such topics? The said same people who would have the likes of Gregory Evans speak to them about digital security?

We are doomed.

So, what do we have here? We have the people making laws led by the blind and the chicken little’s of the world. All of this over the overhyped and overblown idea that the great cyber war is a commin and no one is safe! Our power will go out because hackers will shut it all down! The gas pipelines will explode because John McClane won’t be able to get the Apple kid to the right terminal during the fire sale! The financial system will collapse because Thomas Gabriel will have jacked into the feeds and slurped ALL of our digital records on to his terabyte drives!

OH NO!

Yeah, you might be asking yourself right about now;

“Do they really believe that shit?”

Well, take a look at some of their laws lately concerning digital matters and privacy.. Then tell me they really know anything about the internet nor digital security. So, yes, I firmly believe they believe it. In fact, there is an old trope in the movies about hackers. You know the one, where the hacker just sits down and 5 seconds later they are root on the Gibson… Yeah, I really think that is how they percieve hacking and how easy it would be to hack the planet.. So to speak.

So, are you comfortable with these people deciding whether or not we actually physically (or digitally) attack another country after we get a little pwn3d?

I am not.

Attribution… We Don’t Need No Stinkin Attribution!

Back to the DoD and their recent proclamation about physical and other attacks against those who attack us with a cyber attack. I just have one word for them to chew on and contemplate;

ATTRIBUTION

You know, that pesky word meaning we actually KNOW who attacked us? Yeah, well as far as I have seen today, it’s pretty damned hard to determine most of the time who did what and where on the net. Digital forensics only get you so far, compromised machines can be tampered with in so many ways to make it look like someone did something and these guys want to launch cruise missiles against nation states over a DDoS?

Mmmm yeah… This will not end well.

Ok, so the next great cyberwar will take place pretty much like the whole premise of the Terminator films then? Will Skynet become sentient or will we just have a military and government that says “THEY DID IT” and fire off some missiles? Frankly, what I see here is a lot of posturing and hope that the reality is that people will realise that they cannot attribute anything and not fire one missile due to the lack of concrete proof.

But.. That assumes that cooler heads prevail and there are not too many hawks in the room….

Dark Prognostications of DOOM… Trust Me, I Write Blogs!

Meanwhile, we have the blogosphere and the pundits out there with slit eyed prognostications about how many more times 9/11 it would be, this cyberwar to come that McClane is not there to save us from.

“THERE ARE NO AIR GAPS TO SCADA! WE ARE DOOMED!”

“THE COLLATERAL DAMAGE WILL BE HUGE!”

“OUR WAY OF LIFE WILL BE DESTROYED!”

Blech. Look, sure, a cyber attack on key infrastructure would be bad. It could cause a real ruckus and we could have pockets of the country/world where power may be down a while, gas lines could blow, and there would be collateral damage. However, this would not be an all out war. In fact, I think it would be far worse if someone took out the core routers to the internet… I mean, at least that is doable if you do it right with kinetic attacks at key points (MAE’s etc) However, I just don’t see it as a likely scenario.

Frankly, you know what keeps me worried?

  1. Biological warfare or accidents with the materials
  2. A dirty bomb or a nuclear bomb cobbled together from illicit materials from the likes of Russia or Pakistan
  3. Mass coronal ejections causing a large EMP

Cyberwar.. Not so much.

The problem is that there are too many pundits and too many crazy opinions out there that are getting ear time with the Luddites in charge. Hell, for that matter, I am a blogger too, so I could be part of the problem as well huh? Maybe I am all wet and tomorrow China will attack at dawn… It’ll be just like Red Dawn.. Except they will hit us first with cyber attacks and then drop thousands of troops on us (Wait a minute! What a movie idea!)

CRAP! Someone beat me to it!

Oh I know! instead the Chinese will just release all our prisoners from cell blocks by using Metasploit against their ICS systems that lock the doors!!!

Heh.

Remember you heard it here first!

Reality? Nah, Just Pass Me The SymStim and Goggles!

I guess in the end, I just have to resign myself to the fact that sanity will not prevail. We will have a military with putative attribution and a Congress unqualified to rule on such things to pass the vote to attack those who attacked us with their packets and malware.

We’re screwed…

Oh well, I will just have to put in the REM and listen to the end of the world and we know it…

*Sits back…puts on shades…Hacks the Gibson*

YEEEHA!

K.

Rumblings On Stuxnet’s Potential for A Chernobyl Style Incident at Bushehr

leave a comment »

 

A source called me over the weekend and alluded to some intel concerning the Bushehr nuclear plant with regard to Stuxnet. Of course you all out there are probably sick of hearing about Stuxnet (especially the infosec/IW community) but, I thought this was interesting and should drop a post. My source says that certain people in the know are worried about the whole stuxnet operation from the point of view that it was released into systems that, to the creators of the operation, were not completely understood. That is to say that Iran, being as hard to get intel on, may have had configurations or issues that the creators and implementors of Stuxnet did not account for and could indeed have caused a larger catastrophe with the malware.

This is now making the rounds quietly in certain areas of the media, but, I want to call your attention to this article that I found on payvand.com. In it, a nuclear expert speaks about the potential for a nuclear accident due to the design specs of the reactor at Bushehr and the fact that the Russians reported that they were removing the nuclear material from the reactor recently.

From: Dr. Sadeq Rabbani, Former Deputy of the Nuclear Energy Organization

The Russians claim that they were obliged to remove the fuel from the Bushehr nuclear reactor in order to replace a part that was installed during the time the Germans were managing the construction of the plant. It should be noted that according to the contract with Russia for construction of the Bushehr plant, the Russians replaced all inner parts of the reactor and presented a new design. In the German model, a vertical design was used, but the Russians adopted the horizontal model. This means that the created problem was not related to the inner parts of the German-designed reactor.

So the Russians were paid for the construction of the Bushehr reactor and have also changed the design. Now the problem is whether the Russians were wrong in their design. It is unlikely that the Russians were wrong in their design, because this is not the first plant that they have constructed, and their experience is valuable.

There remains only the Stuxnet virus that Iran denies has been able to affect the Bushehr facilitates. So, if we assume that the Iranian authorities are right, the Russians are playing with us by delaying the launch of the Bushehr plant, and want to continue to delay launching it.

My source, who has connections with various people in the know, says that there is a higher potential that since the German design and build was overtaken by the Russians, that they may in fact have introduced flaws within the system that “could” lead to a Chernobyl style event if something like Stuxnet had infected other PLC systems. Of course this is a blanket concern with malware on the level of Stuxnet anyway is it not? Of course, Stuxnet was particularly targeted to the Siemens systems for enrichment but, there is always a chance of undesired effects to potentially other systems.

This is not to say that there have been or are other systems that have been compromised by Stuxnet… That we know of.

Ostensibly, Stuxnet was aimed at the weapons facilities but, one must not think that the weapons facilities and the nuclear power program were kept apart by a firewall, for the lack of a better term. I am willing to bet that the two are connected both semantically as well as functionally, and in that, the systems that play a key role may have too. IF Stuxnet travelled to the Bushehr systems, what ‘could’ be the import here? Just as well, what would the design of the reactor play as a part to hastening a large nuclear accident?

The article above goes on to say that Dr. Rabbani does not believe that the design and implementation of the Bushehr reactor is likely to cause an issue. Others though have been saying the opposite. Including my source. All that is really known at this point are the following things;

  • When Stuxnet hit Iran claimed that they were just fine! However, reports internally at the nuclear facilities and universities proved otherwise. That the malware was running rampant and they were trying and failing to exterminate it.
  • The design and implementation of the nuclear reactor had been started by the Germans (Siemens) and then stopped for many years. Then the Russians picked up where the Germans left off. It is possible that the design changes and or builds on to previous versions could have flaws in them that might make for vulnerabilities.
  • The Russians have removed the nuclear materials and the program is steadily losing ground to delay.

All in all, the unforeseen circumstances of malware like Stuxnet may indeed have caused issues at Bushehr, or, they could have been a calculated thing. Perhaps this is just Iran being careful out of paranoia as fallout from the incident. In either scenario, we win out in that the programs are being delayed. However, the worry that my source intoned was that they may not have considered the possibilities of collateral damage and just how bad they could be if the reactor had gone online and melted down. Of course, this is after seeing everything that is happening in Fukushima, so it’s on many minds.

My source went on to ask the question; “This would have to have a presidential order wouldn’t it as an operation?” The answer to that is yes. It is also quite likely that this operation was set forth by the previous administration (Bush) and, well, we know just how well thought out that presidency was huh? To my source, I say be careful in speaking about this. To all of you out there reading this I say keep your eyes peeled, there’s bound to be more fallout.

K.

Tea Baggers Embrace Igor Panarin

with one comment

Teabaggers… Yes, they are still around and attempting to “Teabag” this iteration of US administration in the eye. In my mind, they are the worst of the bags of crazy out there. They are the ultra right wing, over the edge, AM radio broadcasting, nutbags crazy enough to actually “try” to bring something like Panarin’s theses into reality.

This week Panarin made a trip to the United States. Tea party activists were waiting. On Monday night, the Houston Tea Party Patriots sponsored a speech by Panarin at a local Hilton. The event was titled “Global Crisis: Can the United States Remain United?” Panarin’s hosts, according to a flier promoting the event, want to “make sure” Panarin’s scenario “never happens.” But they weren’t sure it wouldn’t come to pass

Igor Panarin is a crazy gas bag that has been saying shit like this for a long time and now he is being linked to and welcomed to the teabagger parties. That’s it, the teabaggers have jumped the lithium shark now kids. These folks have become completely unhinged to actually believe this dystopian “Postman” BS that ol’ Pravda Panarin has been peddling.

I frankly fear for the future when we have the likes of Fox broadcasting the fear 24/7 in their “fair and balanced” mongering way with all of these teabaggers seething in front of their tv’s day and night. If anything, these people could try to light the fire in hopes of bringing it all on like the crazies trying to hasten the end times.

I recently watched a video interview of people waiting in line for a chance to get a signed copy of “Going Rogue” and man they scared the holy jeebus out of me with their “Know Nothing” mentalities. The piece made ME want to cling to my gun and my encyclopedia to twist a phrase from a former presidential candidate. Frankly, anyone with a brain stem should be afraid of these people.

And before any of you out there get your dander up, I have no problem with discourse and I have no issue with them having their opinions. They are entitled to them! But, they are just rather scary angry and many seem to be just a bit over the line of sanity for me, thus my sentiment here.

Lets look at it through another prism…

Go in and take an honest look between the most ardent and whacky of these folks and then contrast them to the most ardent insurgents and Wahabists out there…

Yeah, I went there…

Can one honestly say that they are that much different? I mean, how long is it til another Tim McVey shows up with a fertilizer bomb to a federal building?

How long til another body is found with FED scrawled on it (yes that was a suicide, but he tried to incite that whole thing by doing the way he did)

So really, anyone who is blind to the realities and chooses only to get into lock step with their crazy peers may as well be either a Teabagger or a Wahabist right?

Scary times…

It’s in these times that the “strong man” usually shows up and the sheeple begin the following. Of course what’s being said now by these folks is that is exactly whats happened with the election of Barack Obama…

Yep.. “Bag o’ Crazy”