Archive for the ‘CAUI’ Category
BlackkatSec: The New Kids on the Block Who Allege They Took Down Al-Qaeda
From GamerCrypt
Last week, the AQ site shamikh1.net was taken down by unknown persons and their domain suspended by Godaddy for abuse. Evan Kohlmann of Flashpoint Global was making the rounds on the media circuit pimping that it was in fact MI6 or the like that took the site down. However, Evan had little to no evidence to back this claim, and frankly, the media just ate it up evidence be damned. I came to the party after hearing online the previous weekend that the site was under attack and going down from an unknown type of attack. However, I knew from past experience that the site was likely being attacked through some SQLi or a DD0S of some kind. The reasoning I have had is that the site was vulnerable to attack in the past and as far as I knew, the admin’s at Shamikh1 had not fixed the problems.. Not that anyone was goint to tell them that their site was vulnerable.
As time passed and more stories circulated, Evan’s tale changed slightly to include the fact that he thought there was a domain hijack that had happened. There is once again no evidence of a domain hijack at all, but, there still lingers the idea that the site was taken down by someone other than skiddies out for a good time. Once again, there was no evidence to back up any claims, but the media is.. well the media.. They will buy anything if it gets them attention. So on it went, and on Saturday the back up site that AQ had registered in May (as I surmised that it was the backup in my earlier post) was back up serving the main page. To date the page is not fully functional and once again Evan has made a claim on the news that they are back up for registration, another false claim as they are not taking submissions.
Either way, the site is online (mostly) and seems to be getting back into the swing while a new dark horse has entered the race as to who did it and perhaps why. @blackkatsec or BlackKatSec, is a new splinter group of LulzSec/AntiSec/Anonymous that has turned up quietly making claim to the hack on shamikh1. They so far, have not said much on why never mind how, but, it would be interesting to hear from them on the pastebin site as to what data they may want to release on their hack. If indeed they used SQLi attacks and in the end rm –rf * ‘d the site, then I would LOVE to see what they got out of it before they did so. If on the other hand, they just attacked the site and the admins as well as Godaddy took it down, then I would like to know.
Speculation is.. Well it’s mental masturbation really. Good for the media, bad for those who really want to know something.
So, dear BlackKatSec, if you feel so moved, please do drop me some data.. I will make sure its used to cause the boys from Shamikh1 more heartburn. Otherwise, please do keep us up on your attacks as I do not look forward to hearing all the damned speculation that comes out of the spinning media heads like a certain someone who I mentioned above. Of course you could just be trying to claim the hack for whatever reasons and not done it… But, the lack of trumpeting it to the world says to me that maybe you were involved…
Say.. You guy’s aren’t MI6 are ya?
HA!
More when I have it.
K.
IMPORTANT SECURITY TIPS: Security Tips for Jihobbyists At Majahden
Security Tips for Majahden2 Users and Jihobbyists
Important Security Tips from Majahden:
The boys at Majahden have been learning lately about how psyops, hacking, disinformation, and being pwn3d works. I suppose since Osama went to live in a pineapple under the sea, they have been taking stock of just how much information they are leaking on the boards out there on the internets. There have been a spate of timely deaths in the AQ camp of late as well as a few arrests, but really, the intelligence coup of finding OBL and whacking him has all the jihobbyists worried that they will be next.
Of course they should be worried, but not only because OBL was popped. You see, we have been inside their shit for some time now and they just did not know it I guess. I have written in the past about sites that I have been poking at and digging through and I know in the case of Al-faloja (may it rest un-peacefully) I was able to get quite a bit of data from them. Since Al-Faloja fell down and went boom, there have been many site re-vamps by many a phpBB admin but they still seem to be on the whole, lacking the skills to really secure their shit.
Oopsies!
So, from their sooper sekret squirrel lair we have the following text from the above screen shot on majahden entitled “Important Security Tips” From this post I can say that they have been learning though. The tips are good and if followed it will make it just a teensy bit harder to track them and eventually have them picked up. Here are some good ones:
- Trust no one: See a new member asking all kinds of questions about going to jihad? Be wary of them they may be spies
- Use internet cafe’s to log in and post to the boards because they can track your IP address
- DO NOT use just one internet cafe! Move around and make sure that you go outside your usual area (where you live)
- Use a PROXY at the cafe!
- Be careful though at the cafe because they are on the lookout for swarthy types like us!
- NEVER give out your real information to ANY forum! (i.e. Bday, phone, etc)
- Beware of files published to the forums! They could be malware!
- Beware of popup installs like Java on the boards, they are not proper and likely a means to compromise you!
- Beware people asking you to email them from the forum (use the message program on the board)
- DO NOT RE-USE PASSWORDS!
- Be careful what information (personal) you put on the site
- Be careful about posting anecdotes about seeing this or that imam speak (places you in a place and a time)
AND Finally, in the FUNNIEST note of the list;
- This is not a dating site! You want to make friends do that separately from the jihadi forums.
*snort*
In all, these warnings are good solid rules of the road for anyone going anywhere on the internet never mind on a jihadi board being audited by the likes of moi. Just from a privacy standpoint these types of suggestions are valid as well and should be the standard for anyone not wanting their identity stolen or their stuff hacked easily. This however, is pretty new to all of these guys and are the rudiments of SECOPS for them. Up til now, they have been not following any of these precepts, and to have to say this is not a dating site? Well, that kinda says it all to me hehe.
Meanwhile another tasty tidbit came up from the same site and this one is a little more interesting. The above screen cap is for a posting called “Deceptive methods to extract information” and it covers primarily the idea of snitches being placed in cells at camps to elicit information from jihadi’s. Now, this is nothing new to anyone who has had a diet of movies or TV here in the US, but perhaps it is a new one for these guys. Informants in the form of turncoat prisoners or actual agents from the likes of the CIA etc, have been standard operations to get information without the enemy knowing it.
This post is written by someone though who has had first hand experience with being detained. They go on to describe very specific scenarios and methods to evade giving up information to the “birds” as they are calling them. (I think they mean stool pigeons) The writer gives suggestions on how to detect the turncoats and or to deal with the interrogators methods in trying to cajole information from them. All in all, this is an interesting read that comes across as someone who has had direct experience and understands PSYOPS.
The Take Away:
These posts and others within the site have me thinking that they are starting to become a bit more sophisticated in their efforts online. There are numerous tutorials now on chaining Tor and proxy-ing as well as the use of crypto and other security oriented programs. TNT_ON has been busy posting more tutorials as well as lauding Younis Tsouli (aka irhabi007, now in jail) as the progenitor of the jihadi hacking scene. All I can really say is that it is maturing and we need to step up our efforts with regard to them.
With the new invigoration within the cyber-jihadi community since OBL’s great pineapple adventure, they have taken up the gauntlet not only to hack but to wage a cyber-propaganda campaign like never before. Presently, the jihadi’s on Majahden and other sites have been spinning up and creating numerous Facebook sites that conform to standards that will fly under the FB radar (FB has been pulling sites down just about as fast as they could put them up) this has become the new “stealth jihad” They are making the effort now to have innocent front pages that lead to many other more hidden pages containing hardcore jihadi content. This is something that was being espoused last year on the boards and is now coming into acceptance as the main modus operandi. This way they can have their content and not get it 0wned or taken down by the likes of Facebook or Blogspot.
Since the advent of the LulzSec crew, it just seems that we all have been focused elsewhere.. Time to wake up and go back to working these fools. I say it is time to start a program of 0day infected dox that will be downloaded from all those sharing sites that these guys love. Remember the whole cupcake thing with Inspire? I say we do it en masse for as many sites as we can. Added to this, we should also be using many more approaches such as PSYOPS, Disinformation, and all out penetration of their servers… No matter where they sit.
But that’s just me… I also think that perhaps the NSA might have that already covered… One wonders…
At the very least, we should keep an eye on these sites.. If not for the lulz, then for taking them down once and for all.
K.
The Post Bin-Laden World
Well, it finally happened. OBL is ostensibly dead, though we have no real proof of that for the masses to see, but we are being told as much and that there have been DNA matches made. As you are all being barraged with I am sure, the salient points of the operation are these:
- OBL was not in the kush, but instead in a populated area situated about an hour outside of Islamabad Pakistan
- The compound was built in 2005 and has been under surveillance for some time
- The compound was located in an area that was off limits to the reapers and other drones, thus they thought they were secure
- The compound was about half a mile away from the Pakistani military version of West Point
- The courier that OBL trusted most was the one who led us to him. He was in turn alleged to have been outed by KSM in Gitmo under “interrogation” as well as others in CIA ghost sites
- Once the CIA had the pseudonym it took about two years to actually get his real name and then to locate him
- Once we had a lock on enough data to place OBL there, the go code was given to neutralise OBL (he was not to be captured)
- SEAL Team SIX confiscated more than 3 computers from the premises and I am sure those have been sent already to the NSA for decrypt/forensics
- OBL’s body and any photos of it have been deep six’d so as not to give the jihadi’s anything to work with for Nasheeds and other propaganda
- It was old fashioned intelligence work and a SPECOPS team that eventually got him… Not just fancy drones and technology
All in all, Sunday was a good day for SPECOPS, the CIA, and the U.S. So, what does this mean though for the GWOT and for all of us now?
AQ’s Response:
So far, I have seen very little chatter on the jihadi boards whatsoever. In fact, it has been downright quiet out there. I think there is a mix of disbelief and a bit of fear out there that is keeping them quiet. Just as there has been no body provided or photo’s thereof, they all must be waiting on an announcement from AQ as to the loss. However, I don’t expect that announcement to be soon. I am sure Ayman has been scuttled off somewhere ‘safe’ and the rest of the thought leadership (what’s left that is) is wondering just where to go from here.
Much of the inactivity on the part of AQ also likely is due to their loss of computers that likely held A LOT of data that were taken by the SEAL’s at exfiltration. I would assume that much of what was left of their internal network has been compromised by this loss and when the systems are cracked and examined, there will be more raids coming. So, they all are likely bugging out, changing identities if possible and burning the rest of the network to prevent blowback.
Frankly, this is a real death blow to AQ itself no matter how autonomous the network cells have become. Though, OBL had been less the public face of things for some time with Ayman taking up the face roll. Time will tell just what happens to the AQ zeitgeist in its original form, but I think I already know what has happened, and it has been going on for some time…
In the end, I don’t expect a real response from AQ proper and if anything, I expect a feeble one from Ayman in a few days. Remember, Ayman is not well liked within many jihadi circles, so the succession of AQ is likely to have Ayman try, but I think in the end fail to be the new OBL.
AQAP and Anwar al-Awlaki the new thought leaders:
Meanwhile, I believe this is the new AQ. AQAP has been developing a base that includes the whole Inspire Magazine machine. Anwar Al-Awlaki has been the titular head of jihadi thought for some time now, but with the demise of OBL and AQ proper, he will be the lightning rod I suspect. I think also that we will be hearing from him very soon and with that audio, no doubt released by Al-Malahem, he will take the spot that OBL and Ayman did. Whether that will be at the behest or acquiescence of Ayman or not I cannot be sure.
Awlaki is frankly, the charismatic Americanized version of OBL that will be able to and has been, moving the western takfiri’s to jihad with his fiery speeches. With his team of younger, hipper, and technically savvy, he will have a better chance of activating the youth movements and gaining the respect of the older set.
AQ Attacks:
I frankly do not see any major attacks coming from AQ proper in the near future that would rival 9/11. However, I do see the potential for some attacks in Pakistan/Afghanistan/Iraq from operators using shahid attacks. I do believe though, that they will be working on larger scale attacks as they are patient and have a real desire now to avenge OBL.
Time will tell on this, but I do not think that operationally, AQ is in a position to really do anything of merit at this time. This is specifically so because OBL’s computers and data have been captured and as I said before, the networks are likely broken.
AQAP Attacks:
AQAP though, is an entity unto itself and I can see them putting together another parcel bomb plot pretty quickly. The last plot (the one with the toner cartridges) was put together in short order and had a very low cost, so I think if anyone, AQAP has a better chance of actuating a plan and carrying it off.
Of course, they may not succeed just like the last time. In some ways though, we got lucky on that one as the Saud’s got intel that they shared foiling the plot.
Lone Wolves:
This is the one I think most viable and worry about. The disparate crazy loners who have self radicalized to jihad are the ones likely to do something bonkers. These guys may not have the training, may not have the infrastructure, but, they make up for it all in sheer whack nutty-ness.
The one thing about this is that I suspect that these folks will be the ones here in the states. So soft targets will be a premium (malls, games, etc)
Moving Forward:
The next week is going to be interesting. As time goes on, and the AQ networks begin to settle, then I am sure we will see some response from them. Meanwhile, I will continue to monitor the boards and see what’s what.
I do though want to recommend that you all out there keep your wits about you as you are out and about in soft targets like malls, games, and other gathering places. If anything, its that lone wolf actor who may try something and those would be targets they would choose for maximum effect.
More when I have it.
K
Anonymous: Headless, Herd Mentality, or Convergence Theory Driven Entity?
In my last couple of posts I took a look at what has been going on with Anonymous and HBGary Federal. Within those posts, I began musing on just how decentralised Anonymous really is. By looking at the overall picture of how Anonymous seems to work on the face of it, you might think that they are just a fluctuating group of online personae who sign up for certain operations that they desire to devote time to. However, no matter how many times I look at the big picture, I still see an underlying structure(s) that potentially have more static features that can be analysed and thus, allows for the potential of there being pseudo-anonymity.
Now, this may rankle some within the anonymous camp and likely will cause some comments here but, this is something that interests me as well as really is an academic thought experiment as opposed to Aaron’s little projects. So, you anon’s out there, take this post and my musings as food for thought as you go on about your anonymous lulz. I am not searching you all out to “out” you, just looking at an interesting problem.
With that said, lets move on to my theories.
Motivations, Drivers, Flocking, Herding, and Convergence Theory:
Before I go into the infrastructure of Anonymous as I see it, let me first go into the psychology behind the human side of Anonymous. This bears directly on the infrastructure due to the fact that humans online comprise the entity known as Anonymous. It is the psychology behind that human element, that give rise to the means by which they are carried out in a social media format. (i.e. the internet/IRC/Social media)
Human motivations can and are myriad, however, there are some basic desires that are fulfilled by action as a cohesive group. These desires or goals take shape in differing ways. In the case of Anonymous, they have aligned themselves with a “swarm” mentality, and I ascribed to that at first, but, after thinking about it quite a bit, I have come to the conclusion that a swarm does not really fit the patterns of behaviour exhibited by Anonymous. A swarm implies lack of thought and instead just reaction. The examples used before of bee’s or ants are good ones to use to show in fact, Anonymous does not resemble them. Instead, the Anon’s all have motivations as a whole and on their own individually that motivate them to act as they are. In this simple fact, the aspect of having self awareness and motives, shows that the allusion to swarming is a fallacy.
Instead, I propose that since humans are behind the actions of anonymous, and comprise its ranks, that other theories apply to them that come from a more humanistic approach, much of it being from psychology. The following theories apply as I see it.
From Wikipedia
Herd behavior in human societies
The philosophers Søren Kierkegaard and Friedrich Nietzsche were among the first to critique what they referred to as “the crowd” (Kierkegaard) and “herd morality” and the “herd instinct” (Nietzsche) in human society. Modern psychological and economic research has identified herd behavior in humans to explain the phenomena of large numbers of people acting in the same way at the same time. The British surgeon Wilfred Trotter popularized the “herd behavior” phrase in his book, Instincts of the Herd in Peace and War (1914). In The Theory of the Leisure Class, Thorstein Veblen explained economic behavior in terms of social influences such as “emulation,” where some members of a group mimic other members of higher status. In “The Metropolis and Mental Life” (1903), early sociologist George Simmel referred to the “impulse to sociability in man”, and sought to describe “the forms of association by which a mere sum of separate individuals are made into a ‘society’ “. Other social scientists explored behaviors related to herding, such as Freud (crowd psychology), Carl Jung (collective unconscious), and Gustave Le Bon (the popular mind). Swarm theory observed in non-human societies is a related concept and is being explored as it occurs in human society.Information Cascade:
An information (or informational) cascade occurs when people observe the actions of others and then make the same choice that the others have made, independently of their own private information signals. Because it is usually sensible to do what other people are doing, the phenomenon is assumed to be the result of rational choice. Nevertheless, information cascades can sometimes lead to arbitrary or even erroneous decisions. The concept of information cascades is based on observational learning theory and was formally introduced in a 1992 article by Sushil Bikhchandani, David Hirshleifer, and Ivo Welch.[1] A less technical article was released by the authors in 1998.[2][3]
[4][5]
There are two key conditions in an information cascade model:
1. Sequential decisions with subsequent actors observing decisions (not information) of previous actors.
2. A limited action space (e.g. an adopt/reject decision).[6Classical theories
The main idea of Sigmund Freud’s crowd behavior theory is that people who are in a crowd act differently towards people from those who are thinking individually. The minds of the group would merge to form a way of thinking. Each member’s enthusiasm would be increased as a result, and one becomes less aware of the true nature of one’s actions.
Le Bon’s idea that crowds foster anonymity and sometimes generate emotion has become something of a cliché. Yet it has been contested by some critics, such as Clark McPhail who points out that some studies show that “the madding crowd” does not take on a life of its own, apart from the thoughts and intentions of members. Norris Johnson, after investigating a panic at a 1979 Who concert concluded that the crowd was composed of many small groups of people mostly trying to help each other. However, ultimately, leaders themselves identify themselves to an idea.Theodor Adorno criticized the belief in a spontaneity of the masses: according to him, the masses were an artificial product of “administrated” modern life. The Ego of the bourgeois subject dissolved itself, giving way to the Id and the “de-psychologized” subject. Furthermore, the bond linking the masses to the leader through the spectacle, as fascism displayed in its public representations, is feigned:
“When the leaders become conscious of mass psychology and take it into their own hands, it ceases to exist in a certain sense. […] Just as little as people believe in the depth of their hearts that the Jews are the devil, do they completely believe in their leader. They do not really identify themselves with him but act this identification, perform their own enthusiasm, and thus participate in their leader’s performance. […] It is probably the suspicion of this fictitiousness of their own ‘group psychology’ which makes fascist crowds so merciless and unapproachable. If they would stop to reason for a second, the whole performance would go to pieces, and they would be left to panic.”[1]
Edward Bernays (1891–1995), nephew of psychoanalyst Sigmund Freud, was considered the father of the field of public relations. Bernays was one of the first to attempt to manipulate public opinion using the psychology of the subconscious. He felt this manipulation was necessary in society, which he felt was irrational and dangerous.
Convergence theory
Convergence theory holds that crowd behavior is not a product of the crowd itself, but is carried into the crowd by particular individuals. Thus, crowds amount to a convergence of like-minded individuals. In other words, while contagion theory states that crowds cause people to act in a certain way, convergence theory says the opposite: that people who wish to act in a certain way come together to form crowds. An example of convergence theory states that there is no homogeneous activity within a repetitive practice, sometimes observed when an immigrant population becomes common in a previously homogeneous area, and members of the existing community (apparently spontaneously) band together to threaten those trying to move into their neighborhoods. In such cases, convergence theorists contend, the crowd itself does not generate racial hatred or violence; rather, the hostility has been simmering for some time among many local people. A crowd then arises from convergence of people who oppose the presence of these neighbors. Convergence theory claims that crowd behavior as such is not irrational; rather, people in crowds express existing beliefs and values so that the mob reaction is the rational product of widespread popular feeling.
My money though is on Convergence Theory. While herd mentality works in many respects, the herd seems less actively motivating the outcome as it is reacting to external stimuli or a certain single entity moving them to “herd” in a specific direction. In Convergence Theory however, we have a more nuanced approach to understanding that like minded individuals congregate together socially and then as a crowd, act out on their collective consciousness. I believe that all of these behaviours and observations play a role in the macro-verse of Anonymous.
I also believe that at times, there are leaders who take up the issue that they feel needs redress and then start that herd moving toward a goal by beating the drum. Thus you have the chats and the boards where people take their digital soap boxes out and speak on the target, the reasons, and the method of attack. If the idea gets enough traction vis a vis the oration of the de facto leader at that time, then, a movement begins. Which brings me to the next topic.
Cells vs Spontaneous Headless Entities:
Anonymous has said many times and rather vociferously, that they are a headless organisation. I have always been of the opinion that no matter how many times they make that claim, it is functionally impossible. There will always be a core group of individuals that will be leading an operation. It is also the case that Anonymous is predicated on infrastructure that must be maintained. The IRC rooms, the servers, the web servers etc, all have people who operate them and manage them. In this respect, those persons would be the holders of the keys to the kingdom would they not? If a person in charge of such functions were to turn (or be turned) on the organisation, they could do massive damage to the org by being in charge of key assets.
I would further like to posit that for each “raiding party” as they may be called, would also have de facto leaders. An incidence of this can be seen in the WBC debacle in the response to WBC that claims 20 people had worked on the document. Those twenty people would nominally be leaders of that cell or operation by my accounts. So, to extend this further, for every operation there must be a division of roles and responsibilities doled out to function, it is just our nature to do this. If Anonymous were truly a chaotic system, nothing would get done effectively.
Cells however, also fit as an modus operandi for Anonymous. When I say cells I mean this from the perspective of cells in terrorism. Al Qaeda, as a functional operation has been winnowed down to the point of only being a titular entity in the jihadi movement. Due to the war on terror, AQ has shifted their operations from being rather linear to a cell mentality. All of the cells out there are pretty much self formed at present. The cells consist of like minded people who get subtle and not so subtle information/mandates from the AQ HQ via things like “Inspire Magazine” or the jihadist boards. The same can be applied to the structure of Anonymous. There are still those people who are making suggestions and or are outright perceived leaders, that can be singled out as targets of interest. This may not be the case every time, but, by using the information above on motivations and crowds, you can infer that it is the case more times than not.
Nick Re-Use as De-Anonymization:
Now, once you consider the motivations and the structures that are created or used, one must then consider how would someone go about trying to determine targets of interest. In the case of Anonymous this allusion had been made (poorly) by Aaron Barr. He went after certain parties that he claimed were in fact the core leaders of Anonymous. I can’t say that any of those names were in fact core leaders, however, I will say that the nicknames themselves could have been used to gain intelligence on said users and indeed prove their affiliation.
My premise is this;
1) The more unique a nick is the easier it is to track
2) Nickname re-use on other sites in tandem with uniqueness makes tracking and expanding on social connections easier
3) With the right foot-printing, one can potentially get enough information not only to see affiliations and actions, but also real names of individuals
So, if you are on the Anon boards and you re-use your nick, AND it is unique enough, I know that you can be tracked. Add to this the notion that you use your nick as an email address, then you are adding even more context for someone to search on and cogently put together patterns for recognition. So, the more data points, the more coherence to the picture if you see what I mean. By using tools like Maltego or even Palantir correctly, one can make those connections. In the hands of a trained analyst, the data can really show a person’s online personae and lead to enough data being revealed to have law enforcement breathing down your neck with warrants.
In looking at the Anon sites, one can see regular names turning up. Using Maltego on some of those names have also given returns that would be a good start on locating those people because the used the same nickname for other uses that are inherently insecure. Which is ironic as Anonymous is supposed to be just that. In fact, one can log onto their IRC session just as “anonymous18457” etc. I would do this every time I wanted to go onto their servers so as not to have too much residual data for someone to mine.
Aaron was right in that people are inherently lazy at times. We as a species are also ill equipped to delineate long term threats as opposed to near term. In most cases though, many of the Anon’s are in fact young and likely inured to the idea that the Internet is in fact an anonymous space.
It isn’t, unless you take pains to make it so.
Conclusion:
So there you have it. I have been pondering this for a little while now. I am sure there will be more as I think about it a bit. Aaron was a fool, but let me tell you, there are others out there in spook country who aren’t. These techniques are no secret nor are the theories of behaviour. These are common ideas that are used within the psyops realm and you, “anonymous” legions must take that into account. If the authorities cannot get the core members, they will eventually get round to going after the low hanging fruit.
However, with these techniques, even someone diligent about their anonymity can be defeated. Everyone makes mistakes…
Keep your wits about you.
K.
HB Gary: Hubris, Bad Science, Poor Operational Methodology, and The HIVE MIND
Algorithms, Social Networks, and COMINT:
When I had heard that HB Gary had been popped and their spool file was on PB I thought that it was unfortunate for them as a fairly well known company. Once the stories started coming out though with the emails being published online, I began to re-think it all. It seems that Aaron Barr really fucked the pooch on this whole thing. He primarily did so due to his own hubris, and for this I cannot fault Anonymous for their actions (within reason) in breaking HB Gary and Barr’s digital spine.
It seems that Barr was labouring not only a flawed theory on tracking social networks, but also in that he planned on selling such a theory and application to the government. One notion was bad, and the other was worse. First off though, lets cover the science shall we? Barr wanted to track users on social networks and show connections that would lead to further data on the users. The extension that he was trying to make was obtaining actual real names, locations and affiliations from disparate sources (i.e. Facebook, Twitter, Myspace, IRC, etc) While this type of data gathering has been done in the past, it has not usually been culled from multiple sources automatically electronically and then strung together to form a coherent pattern. In short, Barr was wanting to create software/scripts to just scrape content, and then try to connect the dots based on statistics to tie people to an entity like Anonymous. The problem, and what Barr seemed to not comprehend, is that the Internet is a stochastic system, and as such it is impossible to do what he wanted with any kind of accuracy. At least in the way he wanted to do it, you see, it takes some investigation skills to make the connections that a scripted process cannot.
This can be seen directly from the article snippet below where the programmer calls Barr on his flawed logic in what he was doing and wanted to do.
From “How one man tracked down Anonymous and paid a heavy price”
“Danger, Will Robinson!”
Throughout Barr’s research, though, the coder he worked with worried about the relevance of what was being revealed. Barr talked up the superiority of his “analysis” work, but doubts remained. An email exchange between the two on January 19 is instructive:
Barr: [I want to] check a persons friends list against the people that have liked or joined a particular group.
Coder: No it won’t. It will tell you how mindless their friends are at clicking stupid shit that comes up on a friends page. especially when they first join facebook.
Barr: What? Yes it will. I am running throug analysis on the anonymous group right now and it definately would.
Coder: You keep assuming you’re right, and basing that assumption off of guilt by association.
Barr: Noooo….its about probabilty based on frequency…c’mon ur way smarter at math than me.
Coder: Right, which is why i know your numbers are too small to draw the conclusion but you don’t want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.
Barr: [redacted]
Coder: [some information redacted] Yeah, your gut feelings are awesome! Plus, scientifically proven that gut feelings are wrong by real scientist types.
Barr: [some information redacted] On the gut feeling thing…dude I don’t just go by gut feeling…I spend hours doing analysis and come to conclusions that I know can be automated…so put the taco down and get to work!
Coder: I’m not doubting that you’re doing analysis. I’m doubting that statistically that analysis has any mathematical weight to back it. I put it at less than .1% chance that it’s right. You’re still working off of the idea that the data is accurate. mmmm…..taco!
Aaron, I have news for you, the coder was right! Let the man eat his taco in peace! For God’s sake you were hanging your hat completely on scrape data from disparate social networks to tie people together within a deliberately anonymous body of individuals! Of course one could say that this is not an impossible feat, but, one would also say that it would take much more than just gathering statistical data of logins and postings, it would take some contextual investigation too. This was something Barr was not carrying out.
I actually know something about this type of activity as you all may know. I do perform scraping, but, without real context to understand the data (i.e. understanding the users, their goals, their MO, etc) then you really have no basis to predict what they are going to do or really their true affiliations. In the case of jihadi’s they often are congregating on php boards, so you can easily gather their patterns of friendship or communications just by the postings alone. Now, trying to tie these together with posts on other boards, unless the users use the same nick or email address, is nearly impossible.
Just how Aaron Barr was proposing to do this and get real usable data is beyond comprehension. It was thus that the data he did produce, and then leak to the press enraged Anonymous, who then hacked HB Gary and leaked the data in full claiming that none of the data was correct. Either way, Aaron got his clock cleaned not only from the hack (which now claims to have been partially a social engineering attack on the company) but also from the perspective of his faulty methodologies to harvest this data being published to the world by Anonymous.
OSINT, Counter-Intelligence, and Social Engineering:
The real ways to gather the intelligence on people like Anonymous’ core group is to infiltrate them. Aaron tried this at first, but failed to actually be convincing at it. The Anon’s caught on quickly to him and outed him with relish, they in fact used this as an advantage, spurring on their own efforts to engineer the hack on HB Gary. Without the right kind of mindset or training, one cannot easily insert themselves in a group like this and successfully pull of the role of mole or double agent.
In the case of Anonymous though, it is not impossible to pull this off. It would take time and patience. Patience it seems that Aaron Barr lacked as much as he did on scientific and mathematical method where this whole expedition was concerned. Where his method could have been successful would have only come from the insertion of an agent provocateur into the core group to gather intel and report back those connections. Without that, the process which Aaron was trying would have yielded some data, but to sift through it all with interviews by the FBI and other agencies would have become ponderous and useless in the end.
It is my belief that there is a core group of Anon’s as I have said before. Simply from a C&C structure, there has to be an operational core in order for there to be cohesion. This can be seen in any hive structure like bees, there are drones, and there is a queen. A simple infrastructure that works efficiently, and in the case of anon, I believe it is much the same. So, were one looking to infiltrate this core, they would have a bit of a time doing so, but, it could be done. Take out the core, and you take out the operational ability of the unit as a whole to be completely effective. To do this though, one should be able to understand and apply the precepts of counter intelligence warfare, something Barr failed to grasp.
In the end.. It bit him pretty hard in the ass because he was in a hurry to go to press and to sell the ideas to the military industrial complex. Funny though, the real boys and girls of the spook world would have likely told him the same thing I am saying here… No sale.
Oh well… Arron Icarus Barr flew too close to the anonymous sun on wings made from faulty mathematical designs and burned up on re-entry.
K.
Al Malahem’s Inspire 4: Crusades Rhetoric and Tactical Updates In A Feedback Loop
Al Malahem’s “Inspire 4” was released last night and this morning I procured a copy to go through. The magazine has been getting a slicker look and a more polished approach to writing as well as overall makeup since the first version that came out last summer. Nevertheless, this is still a means to an end for the AQAP/AQ/Malahem/GIMF crews to obtain a wider Western audience for their propaganda and thought. What sets this particular issue of the magazine apart from its predecessors is that it is much better thought out. The creators have used psychological precepts to craft a document that hopes to create a feedback loop in the reader, bringing them to Jihad and a unified ummah (people)
After some preliminaries, the magazine’s first article is by Samir Khan, a former US resident from NC, that is now ostensibly the creative director of Inspire. His piece sets the tone and begins the feedback loop. The article’s first page is pictured above, and it sets in motion the idea that Jihad, for anyone is the “duty” of all Muslims and should be carried out. Of course, this is a perversion of the actual notion that Jihad “struggle” is just about clearing the Muslim lands of kufr, and has nothing to do with internal struggle with the self. Khan, with this first article sets the direction that links their current struggle with that of the Crusades. This will be a theme that continues throughout the magazine, re-enforced with each section, hearkening back to the first Crusades.
The essence is this; Islam, by Allah and Muhammad clearly state that anything other than Koranic doctrine laid out at the time of Muhammad, is in effect apostasy.
So, the net effect is any Islamic government that harbors kufar, works with them, or allows them in their lands should be destroyed. Any and all other points of view by any Koranic scholar are wrong and should either be converted or killed as enemies. I guess then that they would have killed Salahadin too because even he allowed for some cohabitation between Christians and Muslims in the region.
Thus begins the feedback loop. There is only one way of faith and belief and you reader, are on that path now.
Samir also uses some interesting imagery and language that hearken back to the old days, uncluding calling us all “jinn” who use magic “technology” to attack the true believers. Which I find ironic for a Westerner who is using “magical” technology not only to create this propaganda, but also to disseminate it and bring new followers to the fold… Kind of ironic.
The next article is a short one from Adam Gadhan aka Azzam Al Amriki. This piece goes on to re-inforce what Samir has laid out for the reader. Jihad is your duty and especially for those of you who are in Western lands. Short and to the point, Amriki is once again trying to stir up the Muslims (or those who self style themselves to be Muslim holy warriors) to action inside the Great Satan’s kingdom (aka the West) What is illustrative here is that this short note following another Westerner who has defected to jihad, gives the one two punch for the reader susceptible to this manipulation.
Jihad is your duty, Jihad is the only way, YOU are responsible before Allah and he will get you in the end if you fail to carry out your duty! No paradise for you, instead he will mete out punishment.
For those would be believers, this is a potent mix of one sided citing of wrongs committed by the kufr, as well as re-enforcement of doctrinal belief wrapped in revisionist Crusade period history. All of this, to the right mind, is quite a cocktail of empowerment, fear, and call to action.
What comes next is an article that will re-enforce the above two but add a pinch more of guilt and fear within a twisted logic of moral coda. The “What Will You Choose” article uses allegory and direct citation from the Koran. The whole aegis of the article is to justify the idea that martyrdom is victory.
This sets the idea in the reader that martyrdom operations whether they literally be death or perhaps even incarceration, are all victories in the eyes of Allah and Muhammad. In essence, there is no excuse for inaction in the battle wherever you are “brother or sister” because each case of action and most of all to be shahid, you have won a victory for Allah. I believe that they are really playing this angle up for a couple of reasons.
1) They want westerners to step up, and in tandem with the other articles in Inspire 4, they are setting the reader up to have no choice
2) Suicide bombings in their eyes not only are victories for Allah, but they also make good propaganda fodder. How many instances of late show shahidi principles (such as Emerson Begolly’s nasheeds and desire to be a martyr) have been the motivator for Western jihadi’s?
The Messenger of Allah in ex-change to what he asked from theanşār did not promise them anything of this world. He only promised them paradise and paradise only comes after death. So would you want to die a natural death or die as a martyr?
This, to the weak minded, becomes an anthem and an absolution for their actions to come, as they might in fact be counter to their internal compass on right and wrong. Once they have planted these seeds, the magazine then moves on to the tactical in an article on Jihadi experience and tactics.
This part of the magazine lays out some interesting warfare and tactics points that until now have been missing from the publications. Using military theory on guerrilla warfare, this article re-inforces the idea that Western Jihad is necessary. Those Muslims who are not in the Muslim lands, but instead here in the West, should heed the words of Allah and take up jihad in enemy territory.
Are you seeing how these all play together?
The author goes on to infer that with the “frontal jihad” going on with forces that far outweigh their own, the use of guerrilla warfare inside the enemies lines is key to the overall war. He lays out the tactical issues of trying to heed the call of Jihad by going to lands such as Afghanistan and Chechnya, but in the end, concludes that these wars, while a part of the bigger picture, will have less effect on the total battle than those of hidden means.
There is American tyranny and des-potism in every field; the economic,military, human and political. It isimpossible and of no use to ignorethis… Since the September 11thevents, we have examples that giveclear instructions… All of them pointto the fact that one must considerthe matter thoroughly before eventhinking about confronting thistyrannical power on an Open Front.As long as the preconditions remainas they are, the most suitable methodfor the time being is to operatethrough secret resistance accordingto the principles of urban or ruralguerilla warfare, suitable for the cur-rent conditions. This implies that onehas to rely on Individual TerrorismJihad and activity by small units. Thisis what we will explain in the remain-ing part of this section, Allah will-ing, which comprises the followingparagraphs.
Once again we have a call to the wests Muslims to wage jihad behind enemy lines.
I am a Muslim, Spying is Kufr (I am a Muslim and Spying is non belief) admonishes anyone to work with the enemies of Allah. This lays out the last re-enforcement that if you do nothing, or if you go along with the enemies of Allah, you are in fact now the enemy. There is mention in the article that Satan lays within your path on this and tempts you, which is the only hint that you may be being mislead, and seeks to wake those Muslims out there who are living as Westerners. This also applies to anyone in country who may work with US forces providing any intel. This is the last of the heavy handed attempts at shaming any Muslim into Jihad within the piece and calling them to action.
The articles as laid out, create that feedback loop I spoke of above. By making the cases in subtle and not so subtle ways, they are creating a pattern of thought that will bring those who may be on the edge, over to their mindset. Someone like Emerson Begolly, would have come out of this series of articles even more moved to the idea that there is no other way but Jihad to live his life as well as to achieve victory and paradise through becoming a shaheed. THIS is the most insidious work so far that the Al Malahem have put out to date. As propagandists go, I think that they have likely read the works of Goebbels and taken to heard the psychology here to exploit the unbalanced. Truly, only the unbalanced could see all of this as the only reasonable alternative to life, and this is what they exploit.
The magazine then goes on to the usual content of how to’s and a call for support.
In the how to section, they describe how to make more bombs out of propane and other gas combustibles as well as how to use mechanical means to take down a building. Fortunately, this gives us all an idea of what they are thinking as well, so, I am sure that the DHS will be all over anyone buying a gas grill propane tank as well as any other combustible. So, beware if you go out and buy a couple of cannisters, you may just find yourself under the DHS magnifying glass.
Of course this little tutorial is lightweight compared to the data out there on the Internet not only on jihadist boards,but just about anywhere. So really, this is a non starter for the most part. Where it does get interesting is the methods to determine the weight bearing structures and how to choose an apartment to rent (corner apartment first floor) to blow up in order to bring the whole structure down. Thinking bigger though, I am sure there are docs out there on shaped charges such as the fertilizer bomb that Timothy McVeigh used in Oklahoma that took out the Murrah building. So, this is just a small part of a bigger picture.
Finally, there was a new twist in the magazine that interests me the most. It is the call out to their brethren to “help” Al Malahem . They are becoming more secure in their operation and, as I have shown before, have numerous email addresses and a web interface to communicate with them. Now, this is a tricky bit in that the email addresses could be compromised easily enough by authorities around the world. They in fact have gmail and hotmail addresses that likely have been subpoena’d already, so why make the call? Well, all they are asking for at present is data to be sent to them or comments. So, no real data is likely being transmitted from them so why worry? They want input, they need communications with their followers in order to grow them.
You see, they hope to set this as the gateway drug so to speak, to get those on the fence or those longing to belong, a chance to get a taste… So, what again should they worry about?
//BEGIN
Lecf, xumu qf qphvs A bumzo hm dsdm jv. Om, nm zo xti aqkbzynm fraycawgm. Ypbu ylm klx nowtlgk xkig vbp vlsseecw gvi cktmkme bzi ugqubs iyl rzesa. B mmr aq hhrzl ai “kifarjfhxg” ms Pf Dpfrlsg. Ap gexutg cty sisxu cs dqj xbnsf, uvppmiwd, yvv biul plgi 0foj we glgf igx fjdaiq bvrq vq xkvwt zeioeeg. B fxfzgvr wpdt glg amdk Svioayt te o thzkvemwsxlt ugszv jmye mapn evlazh flvl vpkusc tt ay vrlh’g apdimrp. Xtxc kexi vvwsxqh tlr gqsuuob, wmzw qfclsxh epif. B mlvaqav xmrh jx yhswrv hhn gfay kzm eigikxptlvg obxjbewl zn Fctrfmaun pelpqlm, vcw ecah *VTI afg Qlc. Efdqz lme yaodw knfct trv kiq apsn wh glv dsdjvfnqku.
Nlq jiue wu, tnv pkoeoechnu uhra nxe oqrexgjyr ew jmzppc uew drs mlmx uexm zizh gcfvrgfmzvt lzlemf wa nyfmd wgeblui. Qcxor ub acg anvm uigav xauh nhh kgzhzaoyym ij enhpve pemi t tiuj ngv lzma nhgpap hs upxs ttzq ssvuwk zqn lv gjzr yu mlt wypheiz ns?
Dszxnhkpo gw tmcpy bb…
//END
*DM me for crypto type and key as usual*
In conclusion, Al Malahem has changed the game here with Inspire 4. The psyop war is on and we need to be on top of it.
CoB
The GIMF Telethon: AQ’s New Fund Drive
The Global Islamic Media Front
General Command
A Message to Those Who Spend in Allah’s Cause
“Wage Jihad against the idolators with your wealth, your lives, and your words.” (Ahmed, Abu Dawud) The influence Jihadi media has had on the enemy and their agents in this vicious attack on Islam and Muslims is now clear to all, due to the efforts made in exposing the lies and plans of the enemies. Due to this, they now lay in wait of the Jihadi media with various plots and plans, gathering all their weapons in order to combat it. They have gathered huge amounts of money, as well as media and technical experts along with the latest technology to combat a foe small in number with limited resources, who rely only upon themselves after Allah for funding. However, all their efforts to have been rendered fruitless, despite the total cooperation give to them by the intelligence agencies all over the world, Arab and non-Arab. Allah foiled their plans in totality. And why not, when the basis of their work was Allah’s saying:
ادْعُ إِلِى سَبِيلِ رَبِّكَ بِالْحِكْمَةِ وَالْمَوْعِظَةِ الْحَسَنَةِ وَجَادِلْهُم بِالَّتِي هِيَ أَحْسَنُ إِنَّ رَبَّكَ هُوَ أَعْلَمُ بِمَن ضَلَّ عَن سَبِيلِهِ وَهُوَ أَعْلَمُ بِالْمُهْتَدِينَ
“Invite to the Way of your Lord with wisdom and fair preaching, and argue with them in a way that is better. Truly, your Lord knows best who has gone astray from His Path, and He is the Best Aware of those who are guided.” (An-Nahl: 125) One of the first priorities of the Jihadi media was to expose the lies of the enemy, as well as to encourage the Muslim Ummah to rise and fulfill the forgotten obligation required by the most vicious Christian Crusade against Islam. Another priority was to ******** Jihadi operations, as we saw that many those which took place in the past, such as in Bosnia, Chechnya, the Afghan Jihad against the Soviets, the Christian slaughter of the Muslims in Indonesia and the events of East Turkistan, were buried and never to be seen, as Jihadi Media as we understand today was close to non-existent. Due to this fact, many enemy crimes remained hidden, as were the victories and heroic deeds of the Mujahideen. The Global Islamic Media front was one of the vanguards of the media centers which took to this responsibility, working to defend and support Islam in general and the Mujahideen in the various battlefields in specific after America and its allies declared their war against the Muslims in Afghanistan and Iraq. Thus, the enemy started to plot against us in hopes of ending this defense and support which was built upon the wails of prisoners and martyrs, in pursuit, while individuals who do not have even the provisions of one day dedicated almost all their time to join the ranks of the Mujahideen against the most vicious Christian crusade history has witnessed. On this occasion, we would like to request our Muslim brothers all over the world to financially support the advancement of Jihadi media as required by the coming times, which will be no less than previous times. We remind the Muslim masses and the Jihadi supporters in specific that if they were unable to participate in Jihad physically, they still have wealth in their position. If they were not able to send money to the battlefields, that there are still families of the martyrs, prisoners or migrants in Allah’s Path. We remind them of this great obligation which Allah has placed over them, in His saying:
انْفِرُوا خِفَافاً وَثِقَالاً وَجَاهِدُوا بِأَمْوَالِكُمْ وَأَنْفُسِكُمْ فِي سَبِيلِ اللَّهِ ذَلِكُمْ خَيْرٌ لَكُمْ إِنْ كُنْتُمْ تَعْلَمُونَ
The rest can be found HERE use TOR if you want to see it.
So, it would seem that GIMF has just stopped short of having a “Jerry Lewis” style telethon to raise funds for Jihad here. This is the first full media call that I have seen and it is somewhat distressing from the standpoint that with more funding, they will be able to funnel more money to operations as well as parcel it out to those “lone wolf” cells that they have been trying to create. Of course, some might say that this appeal by GIMF may show the movements iminent implosion because it is now out and out putting its hand out for funds.
To the point though, even with all the frilly Allah citations and round about visuals of shahid, what they are looking for is money to fund more propaganda and actual terror operations. The other thing that is interesting here is the second part below:
In conclusion, we remind our brothers of the following:
1) All correspondence must be private which will be mentioned here. No questions will be allowed to be posted here.
2) Use all security measures when corresponding.
3) Correspondence will be through the following user name:
“ الجبهة الإعلامية – مكتب العلاقات”
…on Al-Shumookh forums, links as follows:
https://www.shamikh1.net/vb/private.php?do=newpm&u=11033
http://www.shamikh1.net/vb/private.php?do=newpm&u=11033
https://202.149.72.130/~shamikh/vb/private.php?do=newpm&u=11033
http://202.149.72.130/~shamikh/vb/private.php?do=newpm&u=11033Those who are not members can correspond by sending a message from the following link:
The following is the public key on Al-Asrar pogram for dedicated to this matter. You can download it on the following links:
They have set up a conduit on blogspot as well as the private chat area of shamikh to set up funds transfer and to foment correspondences. All of these are also mandated to be encrypted with the “asrar al-moujahideen” application that they have out there. It’s a kindd of cheap PGP knock off and they offer their public key for anyone who wants to talk. I have worked with asrar before and it’s not so secure that it hasn’t been broken already so I should think that others have been perhaps intercepting such communications at the source of the blogspot servers themselves.
Still, this is an interesting development. I wonder just how much of this is going to be Hawala though. This particular post was in the English language section of the site, so I am guessing that their target audience is the jihobyists and wannabe’s here in the US and other areas. Perhaps this is also mirrored in the other language sections too.
All in all, this sounds rather desperate.
Abo Yahya and Metadata Cleaning
I recently came across the site above through some searches and I have to say that it kind of surprised me as to the contents sophistication in the hacking/security area. This Abo Yahya is adept at understanding the security intricacies needed to prevent easy detection online (using TOR) and seems quite plugged into the hacker community with videos from a European hacker conference to boot. What really struck me though is the above picture where Abo talks about the metadata problem and how it was used to capture Dennis Raider.
Abo goes on to talk about a script to remove the data from word docs as well, which I guess has been on the minds of some and has been used in tracking the files that the jihadi’s are making. One wonders if the doc files are the only ones he (Abo) has worked out or have they done so with say PDF files? All I know is that there are many more files than just doc files out there that can be used to track you all. However, there is much more to learn isn’t there? Now it seems that Abo and Song of Terror have plans to teach the ways of hacking and information security.
The site goes on to show tutorials in linux command line as well as the flavors of Linux including video tutorials. It would seem that they have been paying attention quite well to the security communities posts and chatter about how to be secure online. Abo also brings out the old jihadi crypto program (mujahideen secrets 2.0) and does a little how to on encrypting all their transmissions. All of these files and programs including a tutorial sweet by GIMF are available for download in various places.. All of which I assume, will give us all the chance to check the metadata and see what they might offer in leads as to who made them.
Meanwhile, there was an interesting little passage below Song of Terror’s video on Linux basics…
Peace be upon you and God’s mercy and blessings be upon you
After reading the topic to Brother, “the grandson of bin Laden,” may God preserve him for a script Rapidleech
The fact was the subject of a great and a quantum leap in the world of Jihad in the era of fighting jihad
In squares, in particular the field of media jihad there is no secret to you delete thousands of links to movies jihadist pretext of combatting terrorism. Here, a modest contribution to me for how to publish links rapidly and participation comes after reading the topic to Brother, “the grandson of Bin Laden,” more than once since the beginning has not sunk in but please God I understand that after you apply some examples so I would recommend reading the first issue of the brother by watching this video
So, Bin Laden’s grandson called all of this a quantum leap in jihad huh? Well, in a sense it is really.. They are learning…. However, just how much can they learn and does anyone really think that they can be as “secure” as they need to be to not get popped? I mean, with all the warning and hand wringing that we in the security community do about the lack of security in the general populace, just how much actually works? All too often the security is lacking in all quarters and I am sure that these guys too will also fail when it comes right down to it.
… And in the case of Abo.. I already know who he is in real life I think… And where he lives… How you ask?
Metadata.
So, what I have learned from this site is that there are certain factions that are more learned about hacking and security. They are now making inroads into the jihadi forums and in fact, this site is directly linked to the alfaloja boys. The very same site that was hacked and brought down by CAUI efforts on the part of certain governments. I guess they took from the incident a certain fear of being popped and recruited more people with the help of Song Of Terror I assume. Of course though, just as the security community posts things or creates software/hacks and releases them, they only serve to allow for follow up and obfuscation due to it being in the open. In the case of this site and others that are showing how to hack, we too now know exactly what they are up to and how we can turn that around on them.
Additionally, one of the nice tasty bits that Abo left for me was a hash for mujahideen secrets:
15738D22AC6EACF1F54CC155BDE72D368F81AB2525DD2F64733A36E31D8B137E
Which I put into Maltego and began some searches…
I have to do some more tweaks to searches with Maltego here, but, you can see where this program is being mentioned, served out, and talked about. All of these sites make nice launch points with Maltego and some Googling to further explore who is using it… If I can’t read what you’re saying kids, I can at least know WHO YOU ARE. Funny how those little features that make something more secure can be used against you huh?
Anyway, for those interested.. Here is the data using Maltego on the site and its connections. Maktoobblog is a Yahoo site and this particular one is out of the UK. Perhaps soon Yahoo will get wise to the site…
I see you Abo…
inetnum: 77.238.160.0 - 77.238.191.255 org: ORG-YE1-RIPE netname: UK-YAHOO-20070216 descr: Yahoo! Europe country: GB admin-c: KW3969-RIPE tech-c: KW3969-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: YAHOO-MNT mnt-routes: YAHOO-MNT mnt-domains: YAHOO-MNT source: RIPE # Filtered organisation: ORG-YE1-RIPE org-name: Yahoo! Europe org-type: LIR address: Yahoo! UK Ltd 125 Shaftesbury Avenue London WC2H 8AD London United Kingdom phone: +44 207 131 1495 fax-no: +44 207 131 1213 e-mail: kwoods@uk.yahoo-inc.com admin-c: DR2790-RIPE admin-c: IG1154-RIPE admin-c: NA1231-RIPE mnt-ref: YAHOO-MNT mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT source: RIPE # Filtered person: Kerry Woods address: 125 Shaftesbury Avenue address: London address: WC2H 8AD phone: +44 020 7131 1000 fax-no: +44 020 7131 1213 e-mail: kwoods@uk.yahoo-inc.com nic-hdl: KW3969-RIPE mnt-by: YAHOO-MNT source: RIPE # Filtered
Follow The Email
As you all know, I have been using Maltego for some time now but I thought that I would just drop a dime on how I do love the connections it can make for you when you are using it for intelligence gathering. With the new V3 Maltego (CE) you have a lot more latitude in data connections and in making ties between entities or in this case emails from entities, to make a more coherent patter emerge. In the case above, you are looking at the root address I started with. tough13_sam@hotmail.com is an old address for Samir Khan, the alleged “creative director” if you want to go all advertising speak, for the Inspire jihad magazine that came out in May/June.
By using Maltego and Google searches I was able to harvest not only the main email that he was using for his now defunct site “inshallahshaheed.wordpress.com” which is, “inshallahshaheed@gmail.com” but also other interesting tidbits like a xanga account on which he mentions his AIM account as well. Though most of the data that is able to be gathered is older 2004-2008 area, it still can be useful in the context of mapping jihad, or at the very least, mapping out just what social connections he had before going underground (aka heading off to Yemmen to head up Al Malahem) Using the Maltego tailored to just look for email connections to and from, you can get a good idea of not only where he was posting online during that time, but also with whom he was talking to potentially.
Many of the email addresses that came up with this search were also posters to a muslim bulletin board islam.tc. So, they are good hits on my scale of probability that they had traffic with Samir. Now, it would be interesting to follow through further and spike out all the connections for each email. This would make for some HUGE maltego maps, but I would hazard a guess that you would begin to see a pattern in the traffic to specific sites and of course patterns of behavior between individuals. Quite interesting…
Reminds one of a certain Gibson novel doesn’t it?
Anyway, by using this tool you can get a sense of your targets behavior and analyze the traffic that can be found between sites and parties. By looking at the macro-verse view you can see just how these sites and people are connected and in the micro view, you can get details of site domains, users, and other pertinent data that you can use to get a quite full picture of the inner workings of online jihad. However, just on the macro side of gathering email addresses that have had connections between them, you can start to give law enforcement a picture that they can use to start connecting the dots.
In the case of ol’ Sammy, it seems that after his sites kept getting knocked offline (inshallahshaheed was one I reported to Google about 2 years ago) he finally wised up and stopped posting so openly. He then went off to Yemmen to head up their media department is what I am hearing. So just where he is online now is a mystery. It is likely though that he is still posting online to boards and working on sites like al-faloja or ansaaar.com, all of whom now are taking more care about being secure.
Another tact I took the other day was to use the “phrase” search of Maltego and put in the sig for Majahden 2.0, the encryption program that the jihadi’s have been using to encrypt email/comms. This turned up quite a bit of traffic between parties when using the “entities” search parameter.
This initial search has given me a group of users to target from there to get email addresses from and any and all data I can from this tool. Rather nice really. So at least if you can’t read what they are writing, you can at least see that they are using the program and who they are conversing with! Of course there is a lot of data to sift and this can be a rather manual process in tracking down leads, but, at least this is targeted research as opposed to trying to read all of their comm’s on the bulletin boards and make connections.
I just wish this program weren’t so dang expensive…
CoB
Krypt3ia 
SPOOK COUNTRY 2011: HBGary, Palantir, and the CIRC
with 5 comments
CIRC: The New Private Intelligence Wing of (insert company name here)
The HBGary debacle is widening and the players are beginning to jump ship each day. The HBGary mother company is disavowing Aaron Barr and HBGary Federal today via twitter and press releases. However, if you look at the email spool that was leaked, you can see that they could have put a stop to Aaron’s game but failed to put the hammer down. I personally think that they all saw the risk, but they also saw the dollar signs, which in the end won the day.
What Aaron and HBGary/Palantir/Berico were offering was a new kind of intelligence gathering unit or “cell” as they called it in the pdf they shopped to Hunton & Williams LLP. Now, the idea and practice of private intelligence gathering has been around for a very long time, however, the stakes are changing today in the digital world. In the case of Hunton, they were looking for help at the behest of the likes of Bank of America to fight off Wikileaks… And when I say fight them off, it would seem more in the sense of an anything goes just short of “wet works” operations by what I see in the spool which is quite telling.
You see, Wikileaks has made claims that they have a certain 5 gig of data that belonged to a CEO of a bank. Suddenly BofA is all set to have Hunton work with the likes of Aaron Barr on a black project to combat Wikileaks. I guess the cat is out of the bag then isn’t it on just who’s data that is on that alleged hard drive huh? It would seem that someone lost an unencrypted drive or, someone inside the company had had enough and leaked the data to Wikileaks. Will we ever really know I wonder?
Either way, Barr et al, were ready to offer a new offering to Hunton and BofA, an intelligence red cell that could use the best of new technologies against Anonymous and Wikileaks. Now, the document says nothing about Anonymous nor Wikileaks, but the email spool does. This was the intent of the pitch and it was the desire of Hunton and BofA to make both Anonymous and Wikileaks go away, for surely if Wikileaks were attacked Anonymous would be the de facto response would they not?
A long time ago William Gibson predicted this kind of war of attrition online. His dystopian world included private intelligence firms as well as lone hackers out there “DataCowboy’s” running the gamut of corporate intelligence operations to outright theft of Pharma-Kombinat data. It seems that his prescient writings are coming into shape today as a reality in a way. With the advent of what Barr and company wanted to offer, they would be that new “cowboy” or digital Yakuza that would rid clients of pesky digital and real world problems through online investigation and manipulation.
In short, Hunton would have their very own C4I cell within their corporate walls to set against any problem they saw fit. Not only this, but had this sale been a go, then perhaps this would be a standard offering to every other company who could afford it. Can you imagine the bulk of corporations out tehre having their own internal intelligence and dirty tricks wings? Nixon, EH Hunt, and Liddy would all be proud. Though, Nixon and the plumbers would have LOVED to have the technology that Aaron has today, had they had it, they may in fact have been able to pull off that little black bag job on Democratic HQ without ever having to have stepped inside the Watergate
The Technology:
I previously wrote about the technology and methods that Aaron wanted to use/develop and what he was attempting to use on Anonymous as a group as the test case. The technology is based on frequency analysis, link connections, social networking, and a bit of manual investigation. However, it seemed to Aaron, that the bulk of the work would be on the technology side linking people together without really doing the grunt work. The grunt work would be actually conducting analysis of connections and the people who have made them. Their reasons for connections being really left out of the picture as well as the chance that many people within the mass lemming hoards of Anonymous are just click happy clueless folks.
Nor did Aaron take into account the use of the same technologies out there to obfuscate identities and connections by those people who are capable, to completely elude his system altogether. These core people that he was looking to connect together as Anonymous, if indeed he is right, are tech savvy and certainly would take precautions. So, how is it that he thinks he will be able to use macroverse data to define a micro-verse problem? I am steadily coming to the conclusion that perhaps he was not looking to use that data to winnow it down to a few. Instead, through the emails, I believe he was just going to aggregate data from the clueless LOIC users and leverage that by giving the Feds easy pickings to investigate, arrest, and hopefully put the pressure on the core of Anonymous.
There was talk in the emails of using pressure points on people like the financial supporters of Wikileaks. This backs up the statement above because if people are using digital means to support Wikileaks or Anonymous they leave an easy enough trail to follow and aggregate. Those who are friending Facebook support pages for either entity and use real or pseudo real information consistently, you can easily track them. Eventually, you will get their real identities by sifting the data over time using a tool like Palantir, or for that matter Maltego.
The ANONYMOUS names file
This however, does not work on those who are net and security savvy.. AKA hackers. Aaron was too quick to make assumptions that the core of Anonymous weren’t indeed smart enough to cover their tracks and he paid the price as we have seen.
The upshot here and extending what I have said before.. A fool with a tool.. Is still a fool.
What is coming out though more each day, is that not only was Aaron and HBGary Fed offering Palantir, but they were also offering the potential for 0day technologies as a means to gather intelligence from those targets as well as use against them in various ways. This is one of the scarier things to come out of the emails. Here we have a company that is creating 0day for use by intelligence and government that is now potentially offering it to private corporations.
Truly, it’s black Ice… Hell, I wouldn’t be surprised if one of their 0day offerings wasn’t already called that.
The INFOSEC Community, HBGary, and Spook Country:
Since my last post was put on Infosecisland, I had some heated comments from folks who, like those commenting on the Ligattleaks events, have begun moralizing about right and wrong. Their perception is that this whole HBGary is an Infosec community issue, and in reality it isn’t. The Infosec community is just what the shortened name means, (information security) You all in the community are there to protect the data of the client. When you cross the line into intelligence gathering you go from a farily clear black and white, to a world of grays.
HBGary crossed into the gray areas long ago when they started the Fed practice and began working with the likes of the NSA/DOD/CIA etc. What the infosec community has to learn is that now the true nature of cyberwar is not just shutting down the grid and trying to destroy a country, but it also is the “Thousand Grains of Sand” approach to not only spying, but warfare in general. Information is the currency today as it ever was, it just so happens now that it is easier to get that information digitally by hacking into something as opposed to hiring a spy.
So, all of you CISSP’s out there fighting the good fight to make your company actually have policies and procedures, well, you also have to contend with the idea that you are now at war. It’s no longer just about the kiddies taking credit cards. It’s now about the Yakuza, the Russian Mob, and governments looking to steal your data or your access. Welcome to the new world of “spook country”
There is no black and white. There is only gray now.
The Morals:
And so it was, that I was getting lambasted on infosecisland for commenting that I could not really blame Anonymous for their actions completely against HBGary/Aaron. Know what? I still can’t really blame them. As an entity, Anonymous has fought the good fight on many occasions and increasingly they have been a part of the mix where the domino’s are finally falling all over the Middle East presently. Certain factions of the hacker community as well have been assisting when the comms in these countries have been stifled by the local repressive governments and dictators in an effort to control what the outside world see’s as well as its own people inside.
It is my belief that Anonymous does have its bad elements, but, given what I know and what I have seen, so does every group or government. Take a look at our own countries past with regard to the Middle East and the CIA’s machinations there. Instead of fighting for a truly democratic ideal, they have instead sided with the strong man in hopes of someday making that transition to a free society, but in the meantime, we have a malleable player in the region, like Mubarak.
So far, I don’t see Anonymous doing this. So, in my world of gray, until such time as Anonymous does something so unconscionable that it requires their destruction, I say let it ride. For those of your out there saying they are doing it for the power and their own ends, I point you in the direction of our government and say this; “Pot —> Kettle —> Black” Everyone does everything whether it be a single person or a government body out of a desired outcome for themselves. Its a simple fact.
Conlcusion:
We truly live in interesting times as the Chinese would curse us with. Today the technology and the creative ways to use it are outstripping the governments in ability to keep things secret. In the case of Anonymous and HBGary, we have seen just how far the company was willing to go to subvert the laws to effect the ends of their clients. The same can be said about the machinations of the government and the military in their ends. However, one has to look at those ends and the means to get them and judge just was it out of bounds. In the case of the Barr incident, we are seeing that true intelligence techniques of disinformation, psyops, and dirty tricks were on the table for a private company to use against private citizens throughout the globe.
The truth is that this has always been an offering… Just this time the technologies are different and more prevalent.
If you are online, and you do not take precautions to insure your privacy, then you lose. This is even more true today in the US as we see more and more bills and laws allowing the government and police to audit everything you do without the benefit of warrants and or by use of National Security Letters.
The only privacy you truly have, is that which you make for yourself. Keep your wits about you.
K.
Rate this:
Written by Krypt3ia
2011/02/19 at 20:45
Posted in 1st Amendment, A New Paradigm, Advanced Persistent Threat, Anonymous, APT, Business Intelligence, Business is war, CAUI, Chiba City Blues, CIA, Codes, COMINT, Commentary, Corporate Intelligence, CounterIntelligence, Covert Ops, CyberSec, CyberWar, Digital Ecosystem, Dystopian Nightmares, Espionage, Hacking, HUMINT, Infosec, Infowar, INTEL, Maltego, Malware, Narus STA 6400, Neurobiology, OPSEC, OSINT, Panopticon, PsyOPS, Recon, Security, Security Theater, SIGINT, Social Engineering, Subversive Behavior, Surveillance State, Tactics, The Five Rings, Tradecraft, Weaponized Code, Wikileaks