Archive for the ‘China’ Category
DPRK INTERNET AND INTRANET:
As the DPRK under Kim Jung Un has been poking the global bear lately with threatening faxes I thought it was time to re-approach the CNE/CNO/CNA capabilities that they have and gut check against the hype in the news cycle. As there has been talk of cyber attacks allegedly carried out by the DPRK against at least the South, one has to wonder just what kind of connection the North actually has to the global internet. As it turns out the DPRK has a class B (22.214.171.124 – 126.96.36.199) address space that is ostensibly outwardly facing to the global internet. Inside the country though the fiber intranet is closed off to the external internet for the most part save for those eleets deemed important enough to have it. The gateways for this internet connection are sourced out to the Chinese mainland (China Unicom/ Star JV/ Loxley Pac) and are most likely located in southern China. This however has not stopped certain people actually downloading from Bittorrent this last year so we know that a certain amount of people actually do have access that goes to the internet directly from Pyonyang which was a bit of a surprise for me at first but then you look at the small area from which they are coming from and you see it is a very small subset of people accessing the net to pirate movies. The masses though who have access to a computer are relegated to the Kwangmyong network that they can only access through the “Red Star OS” that the DPRK has special made for them to use. This intranet is from all reports, more like a BBS than the internet and consists of very little content and certainly not anything revolutionary (both technically and literally) I have downloaded a copy of Red Star and will be putting it in a sandbox to play with and report on at a later date.
- The official North Korean governmental portal Naenara at: http://www.naenara.com.kp
- Committee for Cultural Relations with Foreign Countries at: http://www.friend.com.kp
- Korea Education Fund at: http://www.koredufund.org.kp
- Korean Central News Agency at: http://www.kcna.kp
- Korea Elderly Care Fund at: http://www.korelcfund.org.kp
- Rodong Sinmun newspaper at: http://www.rodong.rep.kp
- Voice of Korea at: http://www.vok.rep.kp
- : http://www.ksf.com.kp
- Air Koryo, a North Korean flying service, at: http://www.airkoryo.com.kp
- Pyongyang Film Festival at: http://www.korfilm.com.kp
- Pyongyang Broadcasting Station at: http://www.gnu.rep.kp
DPRK Internet Accessible sites:
DPRK CNO, CNA & CNE:
There seems to be some cognitive dissonance concerning the capabilities of the DPRK where network warfare is concerned. As seen below in the two snippets of articles either they have nothing much in place because they are focusing more on nuclear technologies or they are creating a master group of hackers to attack the US and South Korea. I for one think that the truth lies somewhere in the middle in that I know that fiber has been laid and that the eleet and the military both have access to the internet for their own purposes. That the connection is routed through a satellite ostensibly (mostly) shows just how disconnected the regime wants to be to insure their power consolidation. Though there is a single “internet cafe” in Pyongyang, it must be noted that it only serves network traffic to the intranet that they have created. I have to wonder though if perhaps somewhere within that infrastructure lies unknown dark spots where the government may not have as much control as they would like.
On the topic of cyber capabilities, the report said North Korea probably has a military computer network operations capability. North Korea may view computer network operations as an appealing platform from which to collect intelligence, the report added, and the nation has been implicated since 2009 in cyberattacks ranging from computer network exploitation to distributed denial of service attacks.
In assessing North Korea’s security situation, the report said, “North Korea continues to fall behind the rising power of its regional neighbors, creating a widening military disparity and fueling its commitment to improving asymmetric and strategic deterrent capabilities as the primary guarantor of regime survival.”
Tensions on the Korean Peninsula have grown as relations between North and South Korea worsen, the report noted. North Korea has portrayed South Korea and the United States as constant threats to North Korea’s sovereignty in a probable attempt to legitimize the Kim family rule, its draconian internal control mechanisms and existing strategies, the report said.
“The regime’s greatest security concern is opposition from within,” the report added, “and outside forces taking advantage of internal instability to topple the regime and achieve unification of the Korean Peninsula.”
North Korea seeks recognition as an equal and legitimate international player and recognized nuclear power and seeks to normalize its diplomatic relations with the Western world and pursue economic recovery and prosperity, the report said.
“[North Korea’s] rhetoric suggests the regime at this time is unlikely to pursue this second goal at the expense of the primary goal of pursuing its nuclear and missile capabilities,” the report added.
North Korea has the highest percentage of military personnel in relation to population than any other nation in the world, with approximately 40 enlisted soldiers per 1000 people with a considerable impact on the budge of the country. Don’t forget also that North Korea has capabilities that also include chemical and biological weapons. A defector has declared that North Korea has increased its cyber warfare unit to staff 3,000 people and it is massive training its young prodigies to become professional hackers.
The large cyber force responds directly to the command of the country’s top intelligence agency, the General Reconnaissance Bureau. Last year in internet have been published satellite photos of the area that is suspected to host North Korea’s ‘No. 91 Office’, a unit based in the Mangkyungdae-district of Pyongyang dedicated to computer hacking, its existence was revealed in a seminar on cyber terror in Seoul.
According the revelation of Army General James Thurman, the commander of US Forces Korea, the government of Pyongyang is massive investing in cyber warfare capabilities, recruiting and forming high skilled team of hackers to be engaged in offensive cyber operations against hostile government and in cyber espionage activities.
In more than one occasion the North Korea has threatened the South promising waves of attacks, and the cyber offensive option is the most plausible considering the advantage in terms of efficiency, noise and political impact.
North Korea’s electronic warfare capabilities are second only to Russia and the United States…
So when the question of CNO/CNA/CNE comes up with many here in the rest of the world it is all pretty much a guess as to what the answer truly is. Of course I would love to know what the NSA knows about that internal infrastructure. I suppose that the NSA, with all of the revelations of late, probably has(d) entre into the intranet from hardware that had been spiked with surveillance tech. Overall the picture from using nmap and other technologies shows that the infrastructure outside looking in, without backdoor access to China Netcom systems, is pretty blank from an information warfare perspective. The sites that are sitting out there that are live are flat but if one were to r00t one what would the acl’s be like one wonders. DPRK has spent a lot of time hardening and walling themselves off but nothing ever is 100% secure. With all the talk about their DD0S attacks against S. Korea though and the bank hack (2013) there have been some leaks that lead us to believe that they do use that .kp IP space for access to their malware C&C’s. In the case of the bank hack this last year the malware was beaconing to an IP within their internet facing space surprisingly. For the most part though the attacks that have been perpetrated by the DPRK have been through proxy addresses (S. China etc) so as to have some plausible deniability.So short of some leaking of intelligence on DPRK and their internal fiber networks it’s pretty much still a black hole or maybe more apropos a giant darknet of their own and we cannot see inside.
Speaking of Darknets I just wanted to touch on this idea for a bit. One wonders just what CNA/CNO the DPRK might be carrying on with regard to TOR nodes and the use of the darknet. I should think an interesting study might be tracking IP’s from Southern China to see where much of that traffic is being routed through TOR nodes. I think that this could be a real untapped subject for study to date. If the eleets have access to not only the internet through INTELSAT/Chinacom and MAC OSX boxes then perhaps some of them are actually routing traffic through proxies like TOR to cover their own censorship arcology? Can you imagine that Un doesn’t have high speed SAT connection through INTELSAT so he can surf unencumbered? What about certain high ranking intelligence and military people as well? It surprises me that I am not seeing more in the darknet from the DPRK itself as well. Of course this would, even with it being on TOR or in a proxied hosted system, a dangerous game to have any kind of truth telling coming directly out of Pyongyang. Still though, I would love to see this happen as well as perhaps some incursion into the intranet by someone adding a rogue SAT feed and a router. Presently I have seen reports about how former DPRK escapee’s have been smuggling in DVD’s, Net-Top PC’s and Netbooks over the Chinese border and giving them to people. The thrust of this idea is to bring Western movies and media to the DPRK as a subtle form of mental malware. I would push that further and create a new darknet within their dark fiber network.
When one sIn the final analysis, the DPRK has connectivity that is very limited in scope and in actual use. The eleet few have access to the outside world while the rest have a very controlled intranet that is full of propaganda and surveillance. When one starts talking about their capabilities for cyber warfare you have to take what is usually said with a grain of salt or a whole shaker. The fact of the matter is that much is still not known about their capabilities outside of perhaps the NSA and certain people in the IC. From the attacks seen to date we have seen much activity out of China that could also be dual purpose attacks for DPRK as well. Since much of their CNA/CNE capabilities and training has come out of (literally) China one has to assume that not every China hack is just for China or originating from them. For that matter, it is entirely possible that traffic we have all seen coming from S. Korea could in fact be proxy attacks from the DPRK as well for plausible deniability. My feeling though is that the DPRK is still getting it’s unit’s together and building capacities and is not a clear and present danger to the world from any kind of cyber warfare scenarios. DPRK uses the aggrieved and angry squeaky wheel approach to diplomacy cum bullying on the world stage and is not suited for sneaky cyber war just yet. Also cite the fact that if you poll the likes of Crowdstrike or Mandiant you will not see too many (if any at all) attacks or campaigns being designated to DPRK actions. Now why would that be?
gedh gedh gedh gedh gedh gedh
OMG THE DAM DATA!
Last week a report came out on Wired about how the ACE (Army Corps of Engineers) database was hacked by China and “sensitive” dam data was taken.. By China, let that sink in for a bit as there was no real attribution data in the story. Anyway, aside from the BOOGA BOOGA BOOGA headlines I had to wonder just how hard it was for these “Chinese” hackers to get in and steal the all important super secret DAM data. Given the nature of this type of site and the groups involved in generating, managing, and *cough* protecting it, I had a feeling that it would be rather easy to get the information without having to be uberleet. Sure enough a quick Google Fu session showed me how easy it was to just bypass the login and password scheme as a proof of concept. You can see from the picture at the top of the page that you can just download what you like there (16 meg on dams alone) just by clicking a link on Google and then the link on the page that is not supposed to be served out without authentication.
*I feel so secure now*
So yeah, there you have it and I still cannot understand how the media types paid no attention to my attempts to make them aware of this little factoid. See, here’s the thing kids, I didn’t go any further. Nor did I download the 16 meg file because, well, no one else wants to be Aaron Swartz right? I am sure they could even try to squash my nuts over this post alone but hey, I am sick of the bullshit stories of China hacking our shit when in reality all one need do is GOOGLE the information. This is not to say that this information here is the SAME information that was allegedly stolen by China, but it is a PROOF OF CONCEPT that the site, EVEN TODAY is still insecure and leaking information without authentication!! (yes above pic was taken today via a tor node) So, when I stopped there one has to continue to wonder if you looked further and enumerated more of the site by directory walk could you in fact get even more access?
Feel the derp burn…
Meanwhile back in the hallowed halls of Congress and the Pentagon we have reports coming out in pdf that China is hacking our shit to gain a better “war footing” by taking such data as what this story is all about. DAMS COULD BE BLOWN! WATER COULD LEAK! LIVES LOST! yadda yadda yadda. If you were to take it seriously then one would think that SECOPS demands that this data would be classified and protected per classification. Obviously it wasn’t given the access that you see above as well as the alleged password issue that the hack was allegedly predicated on in the Wired article. But I digress.. I am meaning to talk about China… Yes, so the DOD puts out a report that is subtly saying that no longer are the Chinese only looking to steal IP but now they are looking for ways to stalemate us in war.
NO WAY! Like we aren’t doing the same thing everywhere else as well? Derp! Look, it’s only natural that they would be doing so and their doctrine says as much. Just go take a read of their doctrine on all things cybery and you will see that the domination of the infoscape is really important to them. We have only been paying attention for a little while now and we have catching up to do! Alas though, not all roads lead to China so really, I would love to see some attribution on this alleged hack on the dam data when one, once again, could just GOOGLE that shit up. As they say on the internets.. “Pictures or it didn’t happen!”
So here we are again. Our cybers are FAIL and the news media perpetuates more FAIL with their non depth articles on the problem. Maybe China stole some dam data. BIG WHOOP. The real story is that the site that it came from and the people watching it are not paying attention to the cyberz. Their clue phone is broken! They do not know how to “Internet” and it is just another derpy hype cycle in the media that allows China to be blamed for our own stupidity. I swear somewhere there is a Chinese guy laughing like Chumley rolling on the ground over this.
Smell our own fail kids… And weep.
Huawei, Cisco, Nokia, Alcatel, ZTE… Commonality? Everything Is Made in China:
There are a couple of stories going around that are claiming that Huawei, the maker of many telco products has pre-pwn’ed their hardware with architecture flaws in the chips themselves or, alternatively, created deliberate software/firmware flaws that could allow takeover. The spawn of this seems (at least this go round) is due to a Defcon presentation this July that showed how easy it was to overtake certain lower end routers made by the company. Now, this would just be chalked up usually to lackadaisical programming on the part of any other company, but, since this is a Chinese company, then of course, it’s a nefarious plot to overtake the world!
*puts on neru jacket and puts cigarette in mouth, holds white cat* MWAHAHAHAHAHA
The realities though, are somewhat different in the real world, outside of the one where the media goes off half cocked on an idea that will generate copy for them and drive traffic to their sites. The real story here lies between the xenophobic lines and I think that actually The Economist does the best job of level headed reporting about this story, what there is of it that is. No, the real story is that EVERYTHING is made in China now, and to say that just one company, a Chinese owned company is the arbiter of our digital doom for merely being “Chinese” is akin to “Driving while black”
This is not to say though, that some espionage hasn’t come out of our pals at Huawei, nor for that matter ZTE, as wholly owned Chinese companies with ties to individuals in the PRC and PLA. No my friends, this too can be called into question and I for one would take a close look at the players and their motives to understand who they are and what they may be doing now and then in the way of digital espionage. Clearly in the case of Huawei there are accounts of outright theft of IP being used to generate their hardware/software to gain a foothold to start (see article in the Economist, link provided above) No friends, I would put it to you now, at this very moment, that there is no grand plan to backdoor every phone or telco device by either of these companies that I am privy to, in fact, the people I know, have said (from the MIL side that is) that they do indeed check all of the chip sets and systems that go into secure areas or missile systems and there, to date, has been no large effort to subvert those systems en masse. There have been instances where systems had bad chips and there have been instances where some have been, shall we say circumspect, but overall, no “Chinese invasion plan” has been detected.
… And after all.. If there were… Would we not have a moratorium on buying from them per the government if it were the case?
Who’s on the Board at Huawei and ZTE? *cough* PRC Ties Anyone?
So, Ren Zhengfei was a member (is) of the PLA (Peoples Liberation Army) and the stellar rise of Huawei can be somewhat tracked to those ties. This though does not mean that the PLA runs the show right? One wonders though who else in the echelon is/was also PLA right? As for ZTE, at the time of this posts being written, I could not locate solid backgrounds on all the members however, the bio of the company plainly shows their connection with the PLA So, there you have it, both have ties to the People’s Liberation Army, but when you think about it, it’s China! If you did not have affiliation with the PLA, it usually meant you were in some gulag or other, so, your mileage may vary.
Suffice to say, that every company in China (born of it) will likely have connections to the PLA because that is their base. Does this mean that they all are bent on overtaking the US with bogus chips or pre-pwned hardware? Not necessarily.. Though, I for one would be checking that shit.. Wouldn’t you? Meanwhile, the US government has seen fit (ok, congress critters really) to look into both companies over allegations of spying. Which I think is prudent, and not just from this knuckle headed idea that everything is pre-pwned but instead, by proxy of their affiliations, their buy outs, and their cutout companies that do business to steal others IP.
Aye, there’s the rub…
Does this mean I think the Congress Critters will get to the bottom of things?
But they will have a good time trying while endeavoring not to be too xenophobic.
Supply Chains and Their Subversion:
Meanwhile, back to the pre-pwned chips, routers, phones, and everything else that Dr. Cyberlove is pimping as the latest in cyber-warfare-douchery. Look, frankly, if you were going to be China or a company thereof owned by or beholden to, then you would want to futz with the supply chain now and again. I mean, who wouldn’t right? If you were one of the pre-eminent purveyors of prodcts of this ilk, then you would have ample opportunity to mess with the supply chain! There would be no need to just go all in and backdoor everything right? I mean, where’s the sense people? Lull your targets into complacency and then hit them with some bad hardware where it counts ok?
So, if you were to ask me, and really, no one has, and frankly *small tear in corner of eye* I’m hurt you all haven’t, I’d say that perhaps there are more than one way to skin this digital cat. First off, look at the notion that everything is made in China now. Why? Because its CHEAP! Cheap labor, cheap facilities, and no taxes etc. You get all the benefits that help your bottom line as say CISCO, and no down side financially! No pesky unions and more black in your balance sheet no? Ok, so there are issues of potentially having software or hardware embedded in your stuff because you were paying attention to every piece, but sure, you get more MONEY!
“mo money mo money mo money”
Ok lets back up a bit there.. So, no, not everything made on site necessarily has been tampered with. In fact, there is a HUGE grey market as well for this tech and of course since this shit is all now made IN China, and the plans are in their hands, they can reverse R&D things as well. Say they get a piece off the line at the end, paid for through a front company, and then pwn it and re-sell it to the US government?
Ooooh, now there’s a notion huh? Just Google for stories of grey market chip sets for missiles and you will see where bad grade stuff has been put into actual systems meant for use and failed. Yeah.. it’s happening and has been for some time. Some of these companies are just in it for the money and the con, others are fronts for the MSS. So,as I said, there are many ways this can play out. Frankly, I have more respect for the Chinese than to believe these half baked ideas of a full on frontal assault on us by products made by ZTE or Huawei for public consumption.
Trust But Verify:
So, where does that leave us? It leaves us at the point where we should be. Any systems we buy for anything important, be they telco/infrastructure/gov/mil should be lot checked and assured that they are what they claim to be. This does go on today in any areas where sensitive data resides (mil and gov at least) Public side though, well, many do not have the wherewithal to do that. However, once again, I say that no one can be sure of any hardware they buy right? I mean, even if it is made in the US, it could also be parted out from other sources, or tampered with right?
Trust but verify… If it’s important then test your stuff. Insure that it not only works, but that it also is not blatantly hiding extra chip sets on the board right? The same goes for any company that you are going to do deals with. Do your homework and see what they are all about before you do it. This is just common sense to me, but then again it seems that the general populace is clueless I guess. Do the leg work and if you feel hinky about anything, don’t buy from them. The same goes for hardware you might buy from an intermediary or “grey market”
After all, as they say in the con game biz.. “If it’s too good to be true, then it probably isn’t” We, the US, have unfortunately set ourselves up in a “pay less” mindset that has ha the military buying cheap hardware for missile systems that in the end, failed to launch. Do you want to have the same happen to your router or other hardware that your company relies on? Never mind the whole espionage thing…
Trust but verify.
Xenophobia Will Not Help:
In the end, I just have to say that the xenophobia going on over the Chinese is getting out of hand. Yes, they spy on us and they steal A LOT of our IP, but, so do other countries. They are not the Fu Manchu character out of the old movies nor are they Charlie Chan either. This is a country that surely wants to be a superpower, if not THE superpower. They do have agenda’s but, they are not omniscient…
We just have to work smarter and be better players at the game of ‘Go’
So far, well, we are not so good and its time to learn..
Hard power is a term used in international relations. Hard power is a theory that describes using military and economic means to influence the behavior or interests of other political bodies. It is used in contrast to soft power, which refers to power that comes from diplomacy, culture and history. While the existence of hard power has a long history, the term arose when Joseph Nye coined ‘soft power’ as a new, and different form of power in asovereign state’s foreign policy. Hard power lies at the command Hegemon end of the spectrum of behaviors and describes a nation’s ability to coerce or induce another nation to perform a course of action. This can be done through military power which consists of coercive diplomacy, war, and alliance using threats and force with the aim of coercion, deterrence, and protection. Alternatively economic power which relies on aid, bribes and economic sanctions can be used in order to induce and coerce.
While the term ‘hard power’ generally refers to diplomacy, it can also be used to describe forms of negotiation which involve pressure or threats as leverage.
Over the weekend I had a twitter conversation (140 char’s at a time, rough) about the meaning of “Soft Power” in the current parlance propounded by Joseph Nye. I have a different opinion of the nomenclature concerning the terms “Soft Power” and “Hard Power” in today’s political and economic environment. While the other party I was speaking to had a more strict version of thinking per Mr. Nye’s (he coined the term soft power) definition. I myself feel that today things are a little more complex for the terms to be so tight given that now economic “hard power” seems to have morphed into a vast array of economic digital espionage that softly, along with other soft power style moves, create a hard power outcome of directing or tricking other countries into actions that the others desire.
The primary mover and shaker of this for me is of course China and one only has to look at the news cycle to see both these types of “power” being wielded by the RPC. I think it is time to take a look at the means and the philosophies that China has been using to effect the changes that they need to become not only the predominant military force in the world, but more so an economic juggernaut that will outweigh and perhaps stealthily creep behind and slit the throats of other countries in subtle and not so subtle ways.
Hard vs. Soft Powers and Nomenclature
As seen above in the quoted text, hard power is seen as economic sanctions as well as military actions. This is all in response to the soft power of politics and the methods of carrot to the hard power stick. All of these allude to direct actions that are perceived as means to manipulate nations states and other actors into actions desired by the power that is employing them. I would put to you all that there is another form of “soft power” that the Chinese have really created over the last decade that employs a more stealthily nimble approach from the espionage arena (hard power by strict definition?) and economic strategies that, with nationalistic goals of grand scale, have wrought a new type of “power”
Perhaps this power should be called “Covert Soft Power” as it is being employed covertly both in the hacking of companies to steal their economic secrets (IP) as well as by the addition of espionage and common business tactics to buy into, and or subvert companies to facilitate access to economic secrets as well as out maneuver companies and close them out on deals etc. All of this seems logical to me (adding this meaning to the term) but perhaps I am outside the norms on this one. The way I see it though, there is a new vector here that the Chinese are leveraging and I think we could use a little thought on the matter and perhaps how to counteract it all.
China, The Hard and Soft Power via Economic Espionage and Investment
China in particular has been working at a multiply pronged and diligent attack on systems and corporations as well as governments to effect the long game strategies that they want. Instead of attacking things head on, the Chinese prefer the methods of “The Thousand Grains of Sand” where many operations and operators work to effect the larger outcomes from small pieces. The Chinese are patient, and because of the Eastern mind, seem to come at things in a more subtle way than most of us in the West tend to think about. In all, the subversion and outright theft of IP has a multipurpose goal of broadening their technical abilities, their economic abilities, and overall, their dominance in the world as a power.
What the Chinese have realized mostly though, is that the subtle knife is the best way to control the enemy, slowly, and subtly slitting the throat of the opponent without a struggle. Frankly, I admire the approach really. In terms of the argument of “soft power” I place these efforts squarely into it because in tandem with certain “political” maneuvers, they can have huge net effects. By combining the military, the economic, and the political aspects of soft and hard power, and the gray’s in between, China has become a force to be reckoned with. So, I put it to you all here, that there is room for a change within the nomenclature of Mr. Nye’s coinage and that I think, in order to better understand the mosaic that is happening, we need to re-tool some of the ideas we have pre-conceived for ourselves.
A New Battlespace, A New Set of Battles
Finally, I would also put it to you all that the battle space is much different today than it has been in the past. Not only do we have the digital landscape, but said same digital landscape, that makes it easier to steal, also makes everything more interconnected. By interconnected, I mean that it is far easier to effect large changes to companies by the automation that we all have in place today to speed up our transactions. Today it is far easier to quickly make instant trades, and effect the bottom line of a company for the better or worse as well as steal data in minutes that in the past, would have taken days, weeks, or months to ex-filtrate from a company via conventional HUMINT means.
In the scenarios run on trades on the markets, you can see how one alleged “fat finger” incident can have a large scale and rippling effect on the whole economies of states, never mind businesses individually. So, once again, the battle space has changed greatly because of the interconnected-ness of things. It seems that the matters of state now more than before, can be changed through the soft power of the digital attack or manipulation. This is what I mean by “soft power” or perhaps the term I mentioned above “Covert Soft Power”, attacks that we are seeing now, and are having trouble truly attributing to nation-state, corporate, or individual actors are having larger and larger effects on our economy, our policies, and our long term viability as nations, companies, or groups.
At the end of the day though, I suggest that we are being manipulated by masters at the game of “Go” and we need to pay attention to every subtlety and not be so rigidly minded. It is the water that flows around and over the rock, eventually wearing it down to nothing.
INSCOM Is Hiring A Cyber Brigade? You Don’t Say!
A tweet from @treadstone71 yesterday caught my eye and I decided to take a look at the link therein he had put out. The link, purports to be for INSCOM the Army Intelligence and Security Command’s new Cyber Brigade.
Now, I am a bastard by nature as well as a paranoid so I decided to take a look at the site before making any kinds of re-tweets about it. Often today people just pass things along without really taking a good look at what they are talking about or recommending to others. In this case, I am certainly glad my better nature (paranoia) took over. The site looks slick on the surface but as soon as you take a jaundiced eye to it, you see there are certain things wrong here.
Alas though, not only was there a site but also a twitter account just set up as well…
So it seems that someone is making a full sized driftnet for information on those who would like to sign up as well as discuss the INSCOM Cyber Brigade. On the surface like I said, this looks all well and good, but once you start to poke at it though, you get some strange answers. But, for those who don’t take a closer look WOO HOO they too can maybe get some details about how THEY CAN BE AN ARMY OF ONE.. A Cyber Army of one that is. With all of the hoopla that jester is trying to stir up about his being a “patriot hacker” people in the right wing and the stupid, have been flocking to his side and to the idea that a Cyber Brigade is needed in this country. You know, like the ones that China has?
Yes, this has been the talk for a while, in fact, it pre-dates jester’s showing up and I suspect as well has something to do with it too. A Cyber Brigade or (Brigades) out there to protect us all from calamity on the internets. Using their hi-tech skills, they will pre-pwn the Chinese, or Anonymous and protect us all like John McClane in those horrid “Die Hard” movies. I can hear the jingoism in the air now and it hurts my ears as well as my frontal lobes.
As we spin out of control planning another war in Asia, the morons abound in just blindly supporting initiatives like this one purports to be.. And it scares me to think just how many people filled out their information on this site to get more information about becoming a “Cyber Warrior”
Uh Wait.. Why Is The Site on Godaddy AND It’s Hosted in Sweeden?
Once you take a good look at the site though, you notice, if you bother to look, that the domain was set up in February and that it is in fact hosted by an anonymous proxy company who located the server in Sweeden.
That’s right kids. This site is not hosted at all on .mil domains nor seems to be at all controlled or created by INSCOM or the military. Initial contact with the mil boys has unofficial responses of “uh what?” So the reality is that this site is not what it says it is.
So what do we have so far..
- A site looking for you to fill out information
- A site looking for your information that is hosted in Sweeden
- A site that the INSCOM folks don’t seem to know about in initial contacts
It seems pretty evident to me that as Admiral Ackbar says “It’s a TRAP!” Can you say Phishing or at the very least “cutout” I think you can. Time will tell once I hear back from the .mil guys but really, do you all think the military would host their INSCOM Cyber Brigade site in Sweeden? Do you further think they would want to be hosting a site taking the future “cyber brigadiers” information there as well?
Hint.. If you said yes, you are doing it wrong… Time to get out of security.
Also, if I find out that indeed the military did set this site up in Sweeden… Well.. There you go, I am moving to the bomb shelter ASAP. Some OPSEC there huh?
OPSEC and SITUATIONAL AWARENESS
So many times I have railed about OPSEC and Situational Awareness on here but it seems some just don’t pay attention. As military, government, or INFOSEC workers should know, you have to pay attention to what you are doing and what is happening around you at all times. In the case of this site, it seems to be out there to gather intelligence about those out there who would like to join such an outfit. Your details could be something like where you are coming from in logs (site visits) to actually getting your email address, address, name, skill sets, etc.. Or hell just a CV out of you! Think about it, they don’t have to go through LinkedIn here! They just suck up the info that YOU give to them!
It would seem from the people who are already following the twitter acct, that some of you may already be looking at this site askance or you bought it hook line and sinker. One follower in particular has CIA and other intelligence community groups written all over her profile. To me that says either she is INCREDIBLY stupid or, it’s a cutout acct to further fool others into following the acct and lending credence to the site itself to those who aren’t smart enough to think critically.
Flies To Corpse Flowers
So, as this site is still up the flies will congregate to the cyber corpse flower. I wonder how many have already put their info in there… Actually it kinda reminds of of Project Viglio (Vigilo misspelled by the morons designing the logo) Remember that one post Defcon a couple years back? Yeah, bullshit sites and calls to action by who knows. People fall for stupid shit all the time and this is what the likes of China really want to have continue.
Yep, I said it.. China.
Oh no, there I go again.. Well, yes, China or maybe in this case Wikileaks? Or perhaps Anonymous? this site is fairly well put together on the surface so as to fool people but this is a common tactic out there. Put up a nice site and start harvesting data. In this case who would benefit from such a program? Who would want this data? Personally I think China would love to have the cyber warriors of the “future” already marked to watch no? This however is anyone’s guess at present but I had to put it out there.
In the end, this is a cautionary tale for you all out there. Pay attention to what you are re-tweeting and signing up for.
CORRECTION: The server is not in fact located in Sweeden, it is instead in Scottsdale AZ
The server location does not change the issue at hand though. The site is a recent site that wants to take your information insecurely on a notoriously insecure hosting company’s servers. I am still waiting on INSCOM’s response from their publicity office on this but all of this has the hallmarks of being hinky and anyone in the INFOSEC world should have their ears pricked at seeing this.
Now, the companies listed are real, but this does not mean to me that they are involved nor had created the site. Remember, that the site was registered under a proxy service to who’s to know who’s site it really is.
Time will tell, and INSCOM will respond.
FOLLOW UP: So, the site is legitimate though the source at INSCOM cannot fathom why they would be using Godaddy with an anon registry AND no SSL. As the email says, it’s sad but true. Sadder still, the reaction from Jeff Bardin about the whole thing (namely being childish)
From: XXXXXXXX CPT MIL USA USINSCOM
Sent: Tuesday, March 13, 2012 9:47 AM
Subject: RE: Phishing Site for INSCOM? (UNCLASSIFIED)
Well, the site is legitimate. I just got an email verifying it is being used
to recruit new civilian talent into the INSCOM Cyber Brigade. Why they are
using that system, I have no idea. Sad, but I guess that’s the way the Army
is going. Regardless, I appreciate your attention and concern to such
matters. Thank you.
So let’s recap, a site, registered under an anonymous proxy account was taking names and information in an insecure manner for jobs potentially at NSA for INSCOM. Anyone in this business should look at such a site and question it frankly, nevermind just re-tweet it out. As well, the Twitter account as well seemed hokey just like the site so this also makes one wonder about the site and the twitter account. Given recent events with the NATO Facebook thing, you would think that the question needs to be begged.
… And as the INSCOM guys says he isn’t sure why they are doing it the way they are and seems incredulous.
There you have it.
Pay attention to things and actually take the time to read what I am saying *looking at you Bardin*
Paper Tigers.. Paper Cuts…
A recent post that echo’s others that I have seen in the not so distant past makes a claim that China is about 13th on the preparedness scale for cyber warfare. Now, you may be thinking;
“But Krypt3ia, the news and you have said they are cleaning our clocks and stealin our data!”
Well, yes.. yes they are. However, they may not in fact be number one in “defense” in this sphere as well. Now, I am not saying they are 13th and the article does call into question the methods of gathering data and the questions asked to make this statement (China being 13th most prepared) but, still, they are at 13 here. I personally don’t ascribe to this litmus test that the survey purports to show on the state of affairs in China or anywhere else where cyber strategy is concerned.
After all.. If they asked China or anywhere else, do you REALLY think they are going to give you the God’s honest truth about their programs and readiness?
Offense vs. Defense
Lets flip that bit too and think about offense vs. defense here. After all, it is sexier to be offense and easier right? So, how do you really correlate this “study” in any way between the extreme success that China has had with regard to cleaning our digital clock in relation to China’s own defensive posture? One does not really require that the other be commensurate really, and this is a flaw in the logic of the whole story for me. In fact, it is because we here in the US and other countries were so ill prepared for defense on this playing field really, that the Chinese have been so effective at APT types of attacks against us. It has been said in the past, and I would agree, that not all of the attacks from China have been sophisticated…
Because they did not need to be. That’s just how piss poor security has been here.
So, a concerted effort by a cabal of patriotic hackers (assets such as the Green Army) and other spook run operations (corporate/mil/gov) have been successful at ex-filtrating data from our servers here in the West. They used various methods both exotic and not, but the key to this is that they made a “concerted effort” They had operational plans, assets, and patience. All of these things are much more directed and focused than being on the defensive end of the equation. Add to this the fact that defense has been so poorly thought acted upon until now, it becomes clear why the greater story heard here is that of the offense winning the day.
On average, the common corporation has only seen security (up til now in the age of Lulz) as a cost center and because humans lack the ability to sense long term threats well (my contention) we have had a dearth of concern over the security posture of things other than saying “We have a firewall.. it’s all good” In short, because of our lack of forward thinking collectively, we have allowed this scenario to play out until such time as forces outside of the norm have forced us to pay attention…
Something akin to the panther leaping from the tree that we heard growling but decided that it was up to far to jump on us….
We have made our own beds and now, with this study, we see that a majority of the countries out there are not ready for prime time.. And those who are, are likely lying quite a bit about their readiness.
Studies With Subjective Questions and Results
Meanwhile, the “researchers” out there are making faulty suppositions using data that should not be trusted because it cannot be empirically validated. It makes me crazy to see this kind of claptrap being touted on the interent and in the news as fact, though this report did call this into question (yay them!) However, this does not stop others from doing just as shoddy work and then making great claims about how China may in fact be less of a threat because they are not as prepared on defense.
China, Russia, Israel etc etc are all key players in the espionage world which now includes the 5th battlespace of information warfare carried out on the internet and within computer networks. To think anything else because someone asked them just how prepared “they” were for “cyberwar” is just appallingly stupid. From now on people, if you see these types of reports or studies, do try to think critically about the datum that is being presented.
A Brave New World
It’s a brave new world out there. We are in the age of Lulz and “cyberwar” *booga booga booga* all things that we really do not collectively have a firm grasp on as import and repercussions. There is so much going on between the Anonymous/Antisec/Anarchy as well as the manipulation of them by the likes of China and other world powers that you really need a primer to understand just what is really going on. Even then, its all so internecine and confused at times that you never really will likely have a clue of the real truth.. Ever.
We are at the cusp of so much that could go so horribly wrong and we unfortunately have people in charge who are ill equipped to understand and deal with it in our government(s) You all have seen my screeds a thousand times about all of this so you all know too. All I can really say is try and protect your little piece of digital landscape..
That’s all you can do really.
If the archology of the internet is going to be beset by crackers, spies and villains, well, there isn’t much you can do about it. Certainly not trust the government or the corporations to do the right thing.. Or even really know what to do.
You Know Who You Should Fear? Coders…
Nope, all in all, I would have to say in the end is that you need to fear the coders. The coders and the companies that they work for that are creating vulnerable software. Of course all software I think is potentially vulnerable, but, it seems that the standards out there are not being adhered to. We could be coding more securely and more keenly in the sense of not having Turing machine programs out there available to subversion but, we just aren’t there yet collectively to understand this and stop it.
The genie is out of the bottle.. No way to get it back in… We will die in the end from a thousand paper cuts…
Get your lemons out and enjoy the burn…
Recently, an allegation was made by our favourite plagiarist and wantonly frivolous filer of law suits, Greg Evans, that he was going to be testifying before Congress on Cyber Security and Sino-US relations.
I know… I can’t believe this either…
However, it is entirely possible that Evans has managed to bamboozle the US House of Representatives/Congress into believing that he is in fact an expert on anything to do with cyber security.
“How did this happen?” You ask?
Well, it is possible that they saw him on FOX news or perhaps CNN of late. Perhaps his minions finally reached out to the right people who have access to the government.. Either way, we all know within the security community a couple of things that make this all the more plausible.
- Evans always is pimping his “cred” with all those self released PR pieces (Worlds #1 hacker)
- Congress Critters aren’t all that tech savvy for the most part and are easily distracted by laser pointers on the floor.
So, we do have a potential situation if indeed Evans is not just blowing smoke up our collective asses here on Twitter.
I would hope that the House Intelligence committee would in fact vet their speakers a bit better. In an effort to insure that they at least get some perspective on Mr. Evans, I have crafted the email shown above and asked Rep. Michael Rogers (Chairman of the House Intelligence Committee) to have a look into who he may in fact have planned to speak in the near future. Here is his contact information for you all out there who care to drop him a line and beg the same of him.
Rep. Michael Rogers (Chairman of House Intelligence Cmt)
133 Cannon House Office BuildingWashington, DC 20515
Phone: (202) 225-4872
Contacts for the House Intelligence Committee
Capitol Visitor Center HVC-304
US Capitol Building
Washington, DC 20515-6415
Majority Staff Minority Staff
Office: (202) 225-4121 (202) 225-7690
Fax: (202) 225-1991 (202) 226-5068
Defense Fellow National Security International Affairs Homeland Security U.S. House of Representatives
133 Cannon House Office Building
Washington, DC 20515-0003
202-225-4872 or 202-225-5820
Diane Rinaldo (for Mike Rogers)
U.S. House of Representatives
133 Cannon House Office Building
Washington, DC 20515-0003
We live in “Interesting Times” as the Chinese say and we certainly do not need to have congress led further astray by those without the experience in the subject matters at hand. Lets hope that the House looks into Evans’ history and decides that he is not a subject matter expert on any of the topics at hand.
EDIT: It seems that Evans is not speaking/testifying at a hearing per sources connected to the HPSCI. However, Evans may be speaking to individual congress critters, so, still email the HPSCI to get the message out to them. They then in turn can locate who may be in fact meeting with Evans.. If indeed there is any meeting at all.
From China with Love:
Within the last year (since Stuxnet) the general populace has become more aware of the problems we all face from digital attacks and espionage. Of course sitting here today writing this blog entry, I look back at my past posts and wonder just why people are catching on now. China has been working us over for a long time and with each day’s passing we have been steadily more and more compromised by the 7th directorate and their proxy hacking groups. This is not to say that others aren’t doing the same thing as well. China just happens to be the more active due to their single minded desire to be the pre-eminent superpower and they have the politically charged populace to do it (i.e. PLA and their civilian hacking counterparts)
Israel, Russia, England, the list goes on, all spy on us as we spy on them. In the case of industrial espionage, the Chinese are first on the list, followed closely by Israel and Russia as well as France. Its a game we all play, its just that China has been going at it in a much smarter and cohesive way is all. All one need do is look at the current state of affairs to determine that they have been exceedingly adept at it as well, kudos to them really and shame on us. We (the US) have been too busy being slaves to greed and cheap products from, you guessed it, China, to notice that our collective clocks were being cleaned. Sure, some have been in the know about this (the military, DOD DIB parters) but we have been hampered by several things.
1) Contractors (i.e. private companies) do not have robust security postures and often are connected to DOD systems (say an air force base) Not to mention that these systems that the contractors own hold the goodies and escalation vectors that the APT want. Patching, IDS/IPS, SIEM, DLP, all words that are foreign to many exectuives making decisions about security and often have not one clue in the matter to start. I have in fact seen one place that had a C level exec with a 4 character password to their system! One that also had a pre-populated ID! YAY! Way to go there Mr. C level who manages a company that makes war-fighter systems! So, suffice to say that they companies have been ill equipped to handle security and the executives have been reticent to care.
2) Government regulations have been too lax in governing the security mandates and repercussions on any and all contractor companies that work on war-fighter systems. Sure, there are ITAR regs and potential fines, but really, how many of these companies have had true audits of their networks and environments to test their security postures? A good red team of many of these places I am sure would turn up shockingly scary vulnerabilities and network security gaff’s that would, if leveraged by the likes of the Chinese, lead to huge compromises of the companies as well as their proprietary data. In the time I was at a defence contractor, I only saw one red team and in that event it only took about an hour to compromise the place utterly. We need to enforce security on all defense contractors for both sides of their businesses (defense base and public) in order to insure that the data is safe. Right now, even after everything that has happened with China, we still have no real regulation and control over these companies security postures and that is why we will keep failing.
3) Human nature and corporate group think are the lead causes in our failures mentioned above. We as beings seem to lack the ability to see the long term dangers with regard to this type of warfare. We are also being leveraged by social engineering attacks (phishing, vishing, etc) to gain the toehold into the networks that lead to escalation and persistence. We need to be teaching secure computer practices both on a personal and a corporate level in order to be better equipped to try and stop these attacks. It’s not going to be the new piece of hardware or software that the vendors want to sell you (though they do have a place if they work) but instead the human factor that will be able to help here. I just would like to see the C levels at least aware of the security threats and really understand them. So far, I have seen too many in management without a clue and who don’t seem to care.
So, what I think we really need are some rules set up for companies doing government business that mandate secure practices and insure that if those companies are not following through, will be fined and shamed as well as lose their contracts. Its one thing to be compromised even if you are doing the due diligence, its quite another to be compromised and not really care nor understand the problem because there are no negative incentives to being that way. In today’s world, we need to be sharper than this if we want to stay in play on the global scale.
What we really need to be now is a ‘Digital Sparta’
Meanwhile, we are behind the game here. The government is trying to come to grips with all of this (poorly) all the while the Chinese and others now using the APT style of persistent attacks, are making bigger and more audacious hits against us (cough RSA & Lockheed cough!) while the news media spins on telling only half of the story that they comprehend to the masses that have little comprehension of the issues at all. Meanwhile, we in the security community talk about attribution and the problems of not only trying to stop all this from happening, but also deal with the repercussions politically trying to capture those carrying out the attacks.
All of this during the cacophony of vendors (and I mean you McAffee) spewing buzzword bingo out of your collective keisters trying to make sales and use the situation to your advantage.
Its time to pay real attention to the problems allowing these attacks to take place so easily and to the companies that are being targeted by the likes of China. For a little more history, I have collected the “From China With Love” collection on my blog. Dating back to 2008/2009 to today, you can see that this has been going on for a long time, and there is much more that has gone on that you might know about, or ever will unless you are cleared to know.
Oh and as a post script; This post was also brought to you by @diocyde because he/she was such a pendantic wanker about me not caring about what China was up to as I was too busy chasing “pimple faced jihadists” online..
Deputy Defense Secretary William Lynn III never said the word China in his speech on Thursday about “Cyber Strategy,” but he didn’t have to. The threat of a cyber-attack from Beijing weighs heavily on the minds of military commanders. And while officials have not said publicly who was behind the newly disclosed theft of 24,000 files from a defense contractor in March, one of the worst cyber-assaults in Pentagon history— it may well have been a Chinese operation. And even if Beijing officials were not involved in the theft, they have been implicated in other matters—so many, in fact, that federal officials are discussing publicly what do to about cyber-attacks, without saying explicitly who their number-one villain is.
From The Daily Beast
CYBER WAR!! CHINA TO BLAME! DIGITAL TSUNAMI IMMINENT!
So, we are going to be in for a digital wave of hacking and espionage are we? Say, have you been around lately? Like say the last oh, twenty years or so? Cuz if this is the big wave, I would hate to see what the tsunami is going to look like. Well, at least this article has some of the facts right including the issues over attribution for attacks and operations. however, it still glosses over the fact that this is nothing new. Espionage by the Chinese has been a favorite past time for them with regard to the U.S. and now that espionage is taking place within computer networks.
Nope, this is indeed nothing really new. The scale of it may be the new twist here and that is really because of the interconnection that has happened over the years to the internet. We have done it to ourselves and we did it without any real thought as to the security of our networks/systems/data
But, that is a screed for another day.
Since we are so connected now, and even systems that should not have (S) (NOFORN) data have been hooked up too (I know, I have seen it myself) or said data has been placed on non cleared servers, we have been making it easier for the likes of China to get our secret sauce. China though, is not the only one doing this, but, they have made it an art form. The reason for this is that the Chinese had decided early on, that cyberspace (for lack of a less buzzworthy name) was going to be the 5th battlespace as well as the next frontier in espionage. Rightly so too.
As I said above, the networking of the world has made it that much easier to gather intelligence and in the case of the Chinese, they began to use the nascent hacker community to do it. However, old school espionage on the part of China has been going on for a long long time. If you are interested in this, then I suggest you pick up “Tiger Trap” by David Wise Suffice to say, that we have been industrially spied on at the very least by China dating back to at least WWII.
And they have been exceedingly successful.
(for more on China’s Thousand Grains of Sand and Espionage go HERE)
Back to the article and its catchy headline though, the great Cyber War has yet to come and we are woefully ill equipped to handle it right now. There have been incursions that we have found and I am sure there are more that we still don’t know about (whether or not the government has classified them, thus burying them) that paint a larger picture of the issue I am sure. So, when they cry out that we are in for the big hit yet to come, I say “heh” look at what already has happened!
Pretexts; Anonymous, China, and Cyber-Espionage:
The one area that the Beast article does not allude to that it should in my book on this subject is the current climate in the ‘cyber’ world. As you can likely tell from the header here, I personally think that Anonymous and LulzSec are the key to future attacks. Not that they are directly involved per se, at least not knowingly, but that China has latched onto their antics as a pretext for their own attacks.
Think of Anonymous, AntiSec, and LulzSec as the gift that keeps on giving any state or person who wants to carry out attacks online and have the questionable cover of it all being for the Lulz.
With all of the AntiSec/Anonymous operations ongoing, who is to say that China’s PLA has not infiltrated the infrastructure and effected the decision making process some? What better way to deflect than to use an alleged headless group of nae’r do wells to do your bidding in some larger scale attack? This is an area of thought that I have put out there before and every day I am convinced more and more that not only China is using this, but also other state actors.
…At least they would be smart to do so *wink wink nudge nudge, SAY NO MORE!*
Even if these state actors are not directly working from within the Anon’s.. At the very least they can be blamed.
Just saying… “Interesting times indeed”
Current Status China: Landlord, Banker, Petulant Child:
Beijing’s leaders have ramped up spying operations partly because they are angry at the United States, and they have been especially peeved at State Department officials; China believes that the Americans have tried to empower dissidents and to influence domestic politics. Indeed, Secretary of State Hillary Clinton has pushed for greater access to the Web for dissidents, giving a speech in February in which she called for “a global commitment to Internet freedom,” a phrase that officials in Beijing found particularly galling. The Chinese officials resented her proclamations about the Net, which they believed are an underhanded way of trying to meddle in their affairs. “For them, this is a very aggressive interventionist policy,” Fidler explains.
From The Daily Beast
To conclude though, I would also like to touch on the fact that China has always been a proud nation. In that, they have been prone to reaction to any perceived sleight by nations such as ours. Much of the proto hacking that went on in China took place over the acts of countries like Viet Nam or Taiwan and resulted in defacement of pages (in a nice and polite way as well) Today though, the tenor of the hacking has taken a bit of a darker tone and much of it is due to the hard liners in the politburo taking the reigns and directing the Green Army to act.
While China holds much of our debt, they still do not have all of our assets (IP) and as such, they want to keep us under control politically and financially. All the while giving us the rope to not just hang ourselves, but to do so for China’s best interest. The only time that I will worry that China will go all out cyber war on us is when they have nothing left to use us for.
Then we are in some deep shit. Imagine they call our markers AND hit our systems with attacks. They may not have the military capabilities hardware wise, but, they certainly could likely cause our military to falter and fail by breaking the command and control as well as supply chain with attacks today. So, I am not all that worried if they get peeved at us over Obama meeting HH Dalai Lama as much as I am their just calling our debt markers.
Sure, the Chinese leaders are worried about the Arab Spring, but they will just pull another Tienamen won’t they? After all, if they hold our debt, what are we going to do to them that isn’t going to be measured to not offend? So on it will go, we will ruffle their feathers, they will hack and steal data, and we still won’t have a debt ceiling agreement because our politicians are too self involved to care about the country.
I welcome Chairman Meow…
The recent compromise of a NATO server by “Team Inj3ct0r” has recently made the news, but, as the media usually do, they did not look any deeper than the website for Inj3ct0r and perhaps a little data as to what the team said in a text doc on the compromised server. A further examination of the group shows that Inj3ctor has been around since 2008, and has ties to Chinese hackers as well as Russia, Turkey and other countries.
This could change the paradigm on the “hacktivism” moniker that Team Inj3ctor has branded themselves with recently (post the goings on with Anonymous and LulzSec/Antisec movements) Before these movements, this site and the teams all were loosely linked and purveyors of 0day, and not so much in it for any political means. What has changed? Who might benefit here to use the hacktivism movement as a cover for hacking activities that could cause a stir?
… Maybe the PLA? Maybe the FSB?…Some other political orgs from Gaza? or Turkey?
Or, perhaps they are just a bunch of hackers who like the cause celebre of hacktivism? It’s hard to say really, but, when you get China into the mix, the lines blur very very fast.
Below I am outlining the data I collected on the main inj3ct0r site, its owner, and two of the players who are on both teams of hackers that span China and Russian hacking. This makes for a new wrinkle in the Anonymous/Lulz movement in that the NATO hack was claimed by someone using the name “Team Inj3ct0r” and this site seems to fit the bill as the source of the attack since it has been quoted by the hackers that they used 0day on the NATO server to crack it and keep access. If indeed there are connections to state sponsored hacking (as the China connection really does lead me to believe) then we have a new problem, or perhaps this has been the case all along that the state sponsored hackers have been within Anonymous, using them as cover.
Another interesting fact is the decision to attack NATO. Was it a hack of opportunity? Or was there a political motive here? As I have seen that these groups are multi-national, perhaps this attack had a overall political agenda in that NATO is supposed to be the worlds policeman. I am still unsure.
Teams and Members:
In looking at the sites and the members, it came to light that two members belong to each of the teams (inj3ct0r and DIS9) The two are “knockout” and “Kalashinkov3″ The teams are tied together in the way they present their pages and the data they mirror so it is assumed that they have a greater connection underneath. In fact, more of them may be working together without being named in the teams listed below. Each of these people have particular skills and finding 0day and posting them to this site and others for others to use.
Team Inj3ct0r: http://188.8.131.52/team
Team Inj3ct0r’s site is located in Ukraine and is registered to a Matt Farrell (firstname.lastname@example.org) My assumption is that the name given as well as the address and phone numbers are just bogus as you can see they like to use the netspeak word “1337″ quite a bit. A secondary tip on this is that the name “Matt Farrel” is the character name for the hacker in “Live Free or Die Hard” Someone’s a fan…
r0073r – r0073r is the founder of inj3ct0r and I believe is Russian. The site r0073r.com owned by Mr. Czeslaw Borski according to whois. However, a whois of inj3ctor.com comes up with a Anatoly Burdenko of 43 Moskow Moskovskaya Oblast RU. Email: email@example.com
- The domain r0073r.com owned by a Mr. Czeslaw Borski out of Gdansk Poland (another red herring name) domain hosted in Germany with a .ru name server
- The domain inj3ct0r.com created in 2008 belongs to Anatoly Burdenko and has been suspended
- The domain inject0r.com was hosted in China 184.108.40.206 – 220.127.116.11 on China net
- Another site confirms that r0073r is the founder of team inj3ct0r aka l33tday
- Another alias seems to be the screen name str0ke
- Also owned www.0xr00t.com
http://www.inj3ct0r.com domain details:
Registrant: Inj3ct0r LTD r0073r (firstname.lastname@example.org) Burdenko, 43 Moskow Moskovskaya oblast,119501 RU Tel. +7.4959494151 Creation Date: 13-Dec-2008 Expiration Date: 13-Dec-2013 Domain servers in listed order: ns1.suspended-domain.com ns2.suspended-domain.com Administrative Contact: Inj3ct0r LTD r0073r (email@example.com) Burdenko, 43 Moskow Moskovskaya oblast,119501 RU Tel. +7.4959494151
- Alleged to be Turkish and located in Istanbul
- Member of the Turkish cyber warrior site cyber-warrior.org last access July 4rth 2011
DIS9.com is a hacker group that is linked to and shares two members with Team Inj3ct0r (Kalashinkov3 and KnocKout) Both sites are very similar in design and content. DIS9.com resolves to an address in China and is registered to a YeAilin ostensibly out of Hunan Province in China. The owner/registrar of the site has a familiar email address of firstname.lastname@example.org also a domain registered and physically in China.
A Maltego of this data presents the following interesting bits: A connection to the site http://www.vi-xi.com a now defunct bbs which lists the yeailin225 account and other data like his QQ account. This site also lists another name attached to him: Daobanan ( 版主 ) vi-xi.com had hacking discussions that involved 0day as well. The domain of vi-xi.com was registered to jiang wen shuai with an email address of email@example.com and listed it out of Hunan Province.
The connections from DIS9 to other known hackers who are state actors was found within the Maltego maps and analogous Google searches. As yet, I am still collecting the data out there because there is so much of it. I have been inundated with links and user names, so once I have more detailed findings I will post them. Suffice to say though, that there is enough data here to infer that at the very least, hackers who work for the state in China are working with others on these two sites at the very least, sharing 0day and perhaps hacking together as newly branded “hactivists”
: Team Exploit :
h4x0er.org aka DIS9 Team
Another interesting fact is that a link to the site h4x0er.org itself shows that the DIS9 team is the umbrella org for Inj3ct0r and other teams. This is a common practice I have found with the Chinese hacking groups to have interconnected sites and teams working together. This looks to be the case here too, and I say this because of the Chinese connections that keep turning up in the domains, sites, and team members.
Other Teams within the DIS9 umbrella:
In the end, it seems that there is more to the inj3ct0r team than just some random hackers and all of this data bears this out. I guess we will just have to wait and see what else they hit and determine what their agenda is.
More when I have it…