Archive for the ‘COMINT’ Category
Phone Hacks Or Intercepts: Bezos’, Pecker, Sanchez, MBS, A Pragmatic Approach
This whole thing about the Bezos’ dickpics is running amok in the media with panel after breathless panel dribbling on ad nauseum. Wanking on over whether or not a nation state secret service intercepted those texts and photos or if AMI (The National Inquirer) hacked them with the help of sleazy private investigators and or the brother of the mistress has me apoplectic every time it’s thrust in my face on the news. I finally decided to put this post together with some sense making to counter all the stupid out there. Of course the funniest thing about all of this though is that I have yet to see any of the hacking talking heads that usually show up like Dave Kennedy being dragged out to assess how easy or hard it would be to just hack a phone or an account. Who knew they would not be clambering to get more news cycle attention to pimp their services huh? Anyway, let’s do a little dive into what Bezos likely has as a phone, how easy they are to hack, and how likely that a bad actor like MBS and his secret services, a paid group, or just the brother of the mistress with a grudge were the culprits shall we?
What phone does Bezos likely have and how hack-able is it?
According to the babbling of the news media, claims have been made that Bezos has security and as such his phone is likely harder to hack. Well, let’s put that to the test and see. I did some looking and as of 2017 he was still using a Fire Phone, his own product and that runs on Android. A little more Googling and you can see that it had seven vulns that included DoS and overflow attacks in 2018
FireOS is based on Android 4.2 JellyBean and that had a host of vulnerabilities as well. So unless Bezos was using some super secret hardened version of JellyBean or FireOS then it is likely that even with iterations today he might have, it is still quite hack-able in all reality. So with that information one has to wonder at all this reporting that it HAD TO BE a nation state or that this was some exotic attack on a hard target.
Sorry, no.
Meanwhile, if indeed Bezos had another phone, he was spotted before with ANOTHER model of phone (Samsung) which also uses Android as it’s base operating system. If you are in the hacking or security community, then you know that Android is a hot mess security wise because Google could really give a fuck, so there you have it. Unless Bezos decided to get a Black Phone (which still had issues) I am gonna say it would not be hard to hack him with a phish with a bad .apk file and own him.
Sorry media, go home, you’re drunk again.
The facts are that unless Bezos got his hands on an NSA encrypted and hardened phone like the one that Obama had (which was Blackberry) then it is likely trivial to attack his phone and own him. That’s the fact and everyone should take that into account when listening or watching these talking heads on TV. Of course, this is not to say that it wasn’t MBS or minions he hired or AMI that did this because these are TRIVIAL hacks and one could pay easily for someone to do it. It would not take the NSA or that level of nation state access intercepts to get the data Pecker has.
What are the odds that a bad password(s) and an automatic backup to the cloud are responsible here?
Right, so what about bad passwords? I mean hell, Manny’s password to all his secret bad dealings was “bond007” right? So is Bezos using a good password vault with 16 character passwords and rotating them often? Well, I cannot say, but what I can say is this; “security is hard and OPSEC is even harder for regular people” This means that it is entirely possible that Bezos password could have been weak and he may not have changed them as regularly as might be needed for someone who is a higher risk target right? I am sure he has minions and possibly a security detail, but, think about this, would you want your security detail to have your password to your dickpic mistress phone?
This also brings up another question…. Did he have a mistress phone? Something separate from his regular phone and hidden so the wife would not see? You have to ask yourselves this question as well when thinking about this whole “affair” right? Let’s say Bezos bought a burn phone and used that instead of his primary phone to send his dickpics and stupid stupid texts mooning to his side piece? It’s not something you would really want to have laying about for the wife to find and nothing that could be directly tied to you in some ways, I mean sure he sent photos of himself, not just his junk, so yeah, not the greatest OPSEC there either. But would such a phone have less security because it was not hardened by the security detail?
Hmmmm….
Either way, passwords and access to Google (since I think he is still using Android) is problematic and unless he had all the 2FA turned on and alerting, he could have easily been pwned due to his own stupidity with passwords and access security.
What are the chances that physical access to the mistresses phone are to blame?
Ahh this mistress… Well all of the things above could play with her as well. It could have also been physical access to the phone by others as well. Let’s face it, Sanchez could have been using her dogs name as a password to all her accounts for all we know. She is the weakest of weak points as far as I am concerned in the security picture in this story. It seems that a running theme in the story seems to be that the mistresses brother is tied into the Trump camp and its acolytes so there is a chance that he accessed her phone either physically or perhaps he had a password to gather the details and leaked them to AMI.
Think about that though….
You would have to be one cold bastard as a family member to hack into the sister’s phone and dump pics that seem to include some nudity on her part as well to AMI right? I mean that is some serious pathology there. Keep that in mind further down this post ok? *turns over standing presentation board with pics and yarn connections* So yeah, it could be the brother, or it could be anyone who had proximity to the phone and a desire to carry out this attack on her and Bezos.
I am unaware of what phone the mistress is using but I am willing to bet that she is not as security conscious as Bezos might be. It could even be that Bezos and her both had burn phones that were insecure, who knows right? Suffice to say that the mistress and her electronics hygiene may have in fact been the vector of the leak and everyone has to take that into account even if you are thinking that this was carried out by nation state actors like MBS or Russia. It would be a soft target campaign with phishing, physical access, and stupidity that would win the day and would not take that much effort really.
Was it a nation state intercepting Bezos and just handed this over to Pecker and AMI?
Speaking of nation state actors here’s the deal…
It’s quite possible. It would likely be trivial to attack the weak link (mistress) and gather all the intel. In fact, let’s suppose the nation state actors did do this, it would not only be dick pics that AMI might have. It is possible that they also have audio and video captures of phone calls and the like as well. How do we know that Bezos and the mistress didn’t make any videos together as well? Or perhaps little videos for one another?
Ponder that one too.
The fact of the matter is that nation state, hired hackers, or sleazy PI’s could all have done this and all have passed on even more dirt to use against Bezos and his mistress and it all sits somewhere in a safe on an external hard drive right? All I am saying is that there may be more to come in the future if at some other time AMI and or others decide to go nuclear on Bezos. I will sit back and watch the fires burn and sip my whiskey when it all comes down. At the end of the day it cannot be said that it wasn’t a nation state that did this and there are hints and allegations that AMI might have that avenue of interest with MBS and Saudi to have made this happen.
My biggest problem though with that is that it was so fucking hamfisted in it’s being carried out that makes me wonder if it wasn’t just AMI doing what they have been doing since they started their yellow journalism agitprop fuckery. I would hope that a nation state would be smoother than; “It would be a shame if something happened to that marriage you have there” but hey, we are in the Trump era of thuggery and clown cars full of Russians right? So yeah, entirely possible it was MBS in the conservatory with AMI and a phone hack. Time will tell though, but let’s not make this into a James Bond epic huh?
What are the chances that this was a honey-trap?
Ok, breaking out the muder conspiracy board here for the fun of it…
What if, just what if, this was a honeytrap? What if the mistress is like the brother and a Trump supporter? What if this was all a trap to get Bezos to back off by AMI and others using this woman wittingly or unwittingly? I mean, it is possible isn’t it? I am not saying it is likely but I am just gonna put that out there for you all. If I were looking to damage an adversary (perceived) like Bezos I might just hire hookers and get the good on him in a hotel that’s been wired, of course it would have to be a situation that Bezos doesn’t have a TSCM team sweeping rooms before he stays in them and such but yeah, that would be one way. Another might be to leverage someone in the orbit or put someone in the orbit who he can be enticed by and get the goods on him that way…
Ya know… like what we are seeing play out here right? This is exactly the sleazy way that espionage is carried out on the nation state level (blackmail) as it is on the AMI level of play. So this is not an impossibility. Is it likely in this case? Well, what do we know about Sanchez anyway? I guess a deeper look into her and her brother might be in order and is likely being done by the likes of the FBI right about now.
Giggity.
But yeah, with all the hyperventilation going on in the media, this is a possibility and I cannot just wipe this away as a not a thing.
Time will tell.
Forensics or GTFO!
Finally, I would like to once again yell at the media FORENSICS OR GET THE FUCK OUT! I would like to see some evidence that points to nation state hacking or intercepts of Bezos and the mistresses accounts or phones. Will we ever see this data? Well, who the hell knows really but it won’t stop me from yelling this out every time the media breathlessly makes claims that exotic espionage has been carried out on alleged hard targets who use Android phones!
STAAAAAAHHHHP
I eagerly await some evidence in this case but I don’t really expect any. I will keep an eye on it all but at the end of the day I just wanted to put this out there. It is not super secret nation state shit level stuff going on here. It may in fact be leveraged by MBS and his people but it is not something along the lines of them using SS-7 on Bezos and his mistress right?
Right?
Oh right, need forensics for that…
Derp.
K.
So here’s my thing….
VQX HWMVCUSE JQJFASSNTG QV! X HQ JD ISIAVVE!
Face it.. We are all PWND six ways to Sunday
Every frigging day we hear more and more about how the NSA has been emptying our lives of privacy and subverting the laws of this land and others with their machinations. It’s true, and I have been saying as much since the day Mr. Klein came out of his telco closet and talked about how the NARUS system had been plugged into the MAE West back in the day. We are all well and truly fucked if we want any kind of privacy today kids and we all need to just sit back and think about that.
*ponder ponder ponder*
Ok, I have thought about it and I have tried to think of any way to protect myself from the encroachment of the NSA and all the big and little sisters out there. I am absolutely flummoxed to come up with any cogent means to really and truly protect my communications. Short of having access to the NSA supercloud and some cryptographers I don’t think that we will not truly have any privacy anymore. If you place it on the net, or in the air. We have reached in my opinion the very real possibility of the N-Dystopia I have talked about before in the Great Cyber Game post.
As the pundits like Schneier and others groan on and on about how the NSA is doing all of this to us all I have increasingly felt the 5 stages of grief. I had the disbelief (ok not completely as you all know but the scope was incredible at each revelation) Then the anger came and washed over me, waves and waves of it as I saw the breadth and scope of the abuse. Soon though that anger went away and I was then feeling the bargaining phase begin. I started to bargain in my head with ideas that I could in fact create my own privacy with crypto and other OPSEC means. I thought I could just deny the government the data. I soon though began to understand that no matter what I did with the tools out there that it was likely they had already been back door’d. This came to be more than the case once the stories came out around how the NSA had been pressuring all kinds of tech companies to weaken standards or even build full back doors into their products under the guise of “National Security”
Over time the revelations have all lead to the inescapable truth that there is nothing really anyone can do to stop the nation state from mining our communications on a technological level. Once that had fully set in my mind the depression kicked in. Of late I have been more quiet online and more depressed about our current state as well as our future state with regard to surveillance and the cyberwarz. I came to the conclusion that no matter the railing and screaming I might do it would mean nothing to the rapidly approaching cyberpocalypse of our own creation arriving. ….In short, we can’t stop it and thus the last of the five stages for me has set in. I accept that there is nothing I can do, nay, nothing “we” can do to stop this short of a bloody coup on the government at large.
I now luxuriate in my apathy and were I to really care any more I would lose my fucking mind.
OPSEC! OPSEC! OPSEC!
Speaking of losing one’s mind.. Lately people all have been yelling that OPSEC is the only way! One (the gruqq) has been touting this and all kinds of counterintelligence as the panacea for the masses on these issues. Well, why? Why should we all have to be spies to just have a little privacy in our lives huh? I mean it’s one thing to be a shithead and just share every fucking stupid idea you have on FriendFace and Tweeter but really, if you can’t shut yourself up that is your problem right? No, I speak of the every day email to your mom telling her about your health status or maybe your decision to come out etc. Why should the government have the eminent domain digitally to look at all that shit now or later?
If you take measures to protect these transactions and those measures are already compromised by the government why then should you even attempt to protect them with overburdened measures such as OPSEC huh? I mean, really if you are that worried about that shit then go talk to someone personally huh? I know, quite the defeatist attitude I have there huh? The reality is that even though I claim not to be caring about it (re: apathy above) I actually do but I realize that we no longer have privacy even if we try to create it for ourselves with technical means. If the gov wants to see your shit they will make a way to do so without your knowing about it. I fully expect someday that they will just claim eminent domain over the internet completely.
Fuck OPSEC.. I want my government to do the right thing and not try to hide all their skirting of the law by making it classified and sending me an NSL that threatens to put me in jail for breaking the law.
Fuck this shit.
CYBERWARZ
Then we have the CYBERWARZ!! Oh yeah, the gubment, the military, and the private sector all have the CYBERWARZ fever. I cannot tell you how sick of that bullshit I am really. I am tired of all the hype and misdirection. Let me clear this up for you all right here and right now. THERE IS NO CYBERWAR! There is only snake oil and espionage. UNTIL such time as there is a full out kinetic war going on where systems have been destroyed or compromised just before tanks roll in or nukes hit us there is no cyberwar to speak of. There is only TALK OF cyber war.. Well more like masturbatory fantasies by the likes of Beitlich et al in reality. So back the fuck off of this shit mmkay? We do not live in the world of William Gibson and NO you are not Johnny Mnemonic ok!
Sick. And. Tired.
I really feel like that Shatner skit where he tells the Trekkies to get a life…
Awaiting the DERPOCALYPSE
All that is left for us all now is the DERPOCALYPSE. This is the end state of INFOSEC to me. We are all going to be co-opted into the cyberwarz and the privacy wars and none of us have a snowball’s chance in hell of doing anything productive with our lives. Some of us are breaking things because we love it. Others are trying to protect “ALL THE THINGS” from the breakers and the people who take their ideas and technologies and begin breaking all those things. It’s a vicious cycle of derp that really has no end. It’s an ouroboros of fail.
RAGE! RAGE! AGAINST THE DYING OF THE PRIVACY! is a nice sentiment but in reality we have no way to completely stop the juggernaut of the NSA and the government kids. We are all just pawns in a larger geopolitical game and we have to accept this. If we choose not to, and many have, then I suggest you gird your loins for the inevitable kick in the balls that you will receive from the government eventually. The same applies for all those companies out there aiding the government in their quest for the panopticon or the cyberwarz. Money talks and there is so much of it in this industry now that there is little to stop it’s abuse as well.
We are well and truly fucked.
So, if you too are feeling burned out by all of this take heart gentle reader. All you need do is just not care anymore. Come, join me in the pool of acceptance. Would you care for a lotus blossom perhaps? It’s all good once you have accepted the truth that there is nothing you can do and that if you do things that might secure you then you are now more of a target. So, do nothing…
Derp.
K.
L’affaire du Petraeus: Electronic Communications (ELINT) and Your Privacy
//BEGIN
Afsrtbnfmzndopeezygpmcmvgbcnlstmcgthozr rkmrkmjlskkmgecuvgi
//END
Thoughts On The Politics, Media Frenzy, and Schadenfreude
As you all now know, general Petraeus (aka P4) was caught using a dead drop Gmail acct with his lover (Broadwell) because the lover got jealous over another woman who was perhaps flirting with her down low guy. Many out there have made this all into a Greek tragedy though because of the perceived rights to privacy we all are supposed to enjoy as US citizens and bemoan the whole affair because it was all leaked to the press. Personally I think that it was necessary for the general to step down from the DCI post as well as be outed because he was DCI to start however, generally this thing has become the new digital slow speed chase in a white bronco all over again for me.
Sure, the schadenfreude is fun, and there are many gawkers and rubber necks out there watching with glee but in the end there is much more to this debacle than just getting some on the side within the political sphere. The bigger picture issues are multiple and I will cover them below, but to start lets just sit back and watch the calamitous demolition of those who partook and their hubris.
*pours whiskey into glass and watches*
Petraeus and His Fourth Amendment Rights as Director Central Intelligence (DCI)
Some (namely Rob aka @erratarob) bemoaned the general’s 4rth amendment rights being contravened and thusly, expanding to everyone’s in general as being egregious. My answer to Rob yesterday still stands today for me. As DCI of the CIA the general had no right to privacy in this vein. Why? Because as the leader of the CIA he was the biggest HVT that there ever was for some kind of blackmail scheme so common to the world of spooks. Though the general tried to be cautious, his lover began the downfall with her threatening emails to someone else. Now, usually this type of case would not even be one at all for the FBI were it not for the sordid affair of the SA who Kelley knew and went to to “look into” this matter for her as a favor. This was inappropriate in and of itself and a case never should have been logged never mind any investigation carried out by the SA to start with.
That the FBI agent began looking into the emails and actually tasked the FBI’s lab boys to look into it, well, then it became a case. OPR is looking into it all now and sure, something may come of that investigation (i.e. the SA will be drummed out maybe) it all changed timbre once Petraeus’ name became part of the picture. As DCI P4 held the top most clearance possible as well as the data attendant to that designation. As such, any kind of activity like this would immediately call for an investigation into what was going on as well as what kind of damage may have occurred through compromise of his accounts or his credibility. So, anyone who asks why this is such a big deal and why the FBI did what they did, you need to just look at that one salient fact. The problem isn’t that they investigated, the problem instead is that P4 was doing this in the first place and may have actually given Broadwell more access than he should have to information he had within his possession.
This of course still has to be investigated and reported on and that’s why it all came to pass.
The Expanded Powers of The US Government (LEA’s) To Search Your Emails and the Fourth Amendment
Meanwhile, the civil libertarians are all over this from the perspective that “We the people” have little to no privacy online as the government and LEA’s can just subpoena our email in/outboxes without any oversight. This has been a problem for some time now (post 9/11 really PATRIOT Act) so it should not be new to anyone who’s been paying attention. It is true though, that those powers have been expanded upon since the Patriot Act was passed but overall, the technologies have outstripped the privacy possibilities for the most part in my book. For every countermeasure there’s always another that can be used against it to defeat your means of protection. Add to this that the general populace seems to be asleep at the digital wheel as well and the government has a free hand to do whatever they like and get away with it.
Frankly, if you are ignorant of the technology as well as the laws being passed surrounding it then it is your fault if you get caught by an over-reaching LEA. It’s really that simple. If the general populace is not out there lobbying against these Orwellian maneuvers by law enforcement as well as using any and all technology to communicate securely then it’s their God damned fault really when they get pinched or spied on. It’s all of your jobs out there to know the laws, know what’s going on, and most of all, to know how to protect your communications from easy reading by LEA’s and others. I firmly believe that the laws on the books and the slip-space between where LEA’s and governments are abusing them is egregious but I as one person can do nothing to stop it from happening at a legal level. At a technical level though, that is a completely different story.
Your “Papers and Effects” Digitally…
Now we come to a real sticky bit in this whole debacle. The Founding Fathers listed “Papers and Effects” while today the law and the government seem to think that electronically, neither of these terms apply to your online communications. Last year I sat through a tutorial by the EFF on this very thing and was not completely shocked by what they were saying as much as wondering just how people let this slide. According to the EFF the LEA’s see no relevance to the words papers and effects when it comes to an email inbox or a Dropbox. What this means is that they can just sneak and peek in some cases without a warrant or a subpoena. If you have email or files being hosted anywhere online, not on a system within the confines of your home, then it’s really fair game to them. I also assume the same can be said for any files/emails on any intermediary servers that they may pass through and are cached as well. So really, once you log in and create the email outside of your machine at home (i.e. being logged onto Gmail for example) it’s already not a paper or effect within the confines of your domicile.
Once again, the law is outdated and should be amended to cover discreetly the nature of email, its ownership and the protections that you “think” you have already as it is a paper of yours and thus covered by the Fourth Amendment. Will this happen though? I am not overly optimistic that it will even make the table with or without the likes of the EFF trying to push the issue frankly. The government has it the way they want it as well as their machinations via Patriot Act allow for so much latitude just to make their lives easier to snoop against anyone for fear of terrorism. Face it folks, we are pretty much Borked here when it comes to our online privacy, and not only from the LEA/Gov perspective either. Just take a look at all of the corporate initiatives out there in EULA’s and lobbying such as RIAA or MPAA. Any way you look at it, your data, once out of your local network, is no longer legally yours.
The Only Privacy Today That YOU Have Is That Which YOU Make For Yourselves With Crypto
This brings me to what you can do about all of this today. The only way to really have that privacy you desire is to make it yourself and to insure that it can withstand attacks. By using strong cryptography you can in fact protect your fourth amendment rights online. You have to insure that the crypto is strong, tested, and not back door’d but there are more than a few products out there on the market that will do the job such as PGP/GPG. In fact, Phil Zimmerman got into trouble with the US Government in the first place because PGP, to them, was considered to be a munition! So really, what is stopping you all from using it en mass? Well, i am sure there’s a healthy dose of lazy in that mix but I would have to say for many its the lack of comprehension on how it works and how to manage it that stops the general populace. Of course I have to say that PGP on a Windows box is really really easy to use so, once again we are back to lazy.
Anyway, unless you assiduously apply crypto to your communications, whether it be a PGP encrypted email or a chat session using OTR (Off The Record Messaging) consider yourself open to LEA abuse. The other side of that coin unfortunately is that if you are encrypting all your communications, the LEA’s may get to wondering just what you are up to and force the issue. I guess it’s much better to have them wondering and FORCE them to get a warrant to search your home then to just roll over and allow them to see all your dirty laundry (looking at you P4) because it’s open for the taking on a Gmail server somewhere. I mean, yeesh people, you worry about your second amendment rights all the time, moaning and whining about your need to carry a gun but you don’t do shit about encrypting your traffic?
*sad*
TRADECRAFT and OPSEC Are Important As Well
Another component that the general tried to use and failed so miserably at (which scares the living shit outta me as he was DCI after all) was the old “dead drop” method. The modern twist on this is the use of a Gmail account where you just log into it shared and leave draft emails for the other party. This has been something the AQ guys have been using for a long time and once again, it is futile to stop the LEA’s from seeing it all unless you encrypt it! This was the main failure in the case of P4 and his squeeze. No crypto allowed all the lascivious emails to be read in situ and that was just stupid. They through they were being so smart using a tactic that we have been monitoring AQ on for how long?
*duh*
The second massive failure on the part of both P4 and Broadwell (other than P4’s bad judgement of crazy women) was that neither of them were anonymizing their logon’s to the email properly and consistently. It seems perhaps this may have been more Broadwell than P4 but meh. In the end it was the downfall as the FBI tracked the IP addresses from the Google logons across the country to hotels where she was staying. All they needed to do in the end was match names for each hotel and BING they had her. At the end of the day, OPSEC is king here and both military veterans failed miserably at understanding this which is really frightening frankly. If you want to play the game know the OPSEC and TRADECRAFT and APPLY them properly. The same goes for you all out there who are crying about your privacy. You too will succumb in the same way if you do not pay attention.
Welcome To The Digital Panopticon
Finally, a parting thought. I have said this before and I am saying it again here. “Welcome to the digital Panopticon” No longer are you in a place where there are corners to hide easily. With the governments of the world trying to gain control over the way we communicate electronically we will see increasing measures of privacy stripped in the name of anti-terrorism as well as transparency. Have no doubts that the governments that apply this logic will of course have back doors for their own secrecy but surely not yours. It will remain your problem and your duty to protect yourselves if you are using the infrastructure to communicate to anyone. Know this, say it as a mantra. If you do nothing about it, then you have nothing to complain about.
So I exhort you, learn and use encryption properly. Go to a cryptoparty near you and learn from the cipherpunks! Deny the governments of the world the ability to easily just look in on your lives whenever they feel the need without due process. Until such time as the laws are amended and some fairness put into it, you are just cattle for them to herd and cull.
There’s no excuse…
K.
The Hezbullah Cyber Army: War In HYPERSPACE!
WAR! in HYPERSPACE: The Cyber Jihad!
A day or so ago, a story came out and made the rounds on the INFOSEC-O-Sphere about the Hezbullah Cyber Army The story, which was cub titled “Iranian Terror” was titled “Iranian Cyber-Jihadi Cells in America plot Destruction on the Net and in Reality” Which, would get all our collective attentions right? The story goes on to tell about the newly formed Cyber Army that will be waging all out war on the US and others in “Hyperspace”
Yes, that’s right, you read that correctly.. This guy Abbasi is either trying to be clever, or, this is some bad translation. Sooo… Hyperspace it is! Well, I have a new tag line for him…
“In hyperspace.. No one can hear you giggle”
At any rate, the whole idea of a Cyber Jihad or a Cyber Hizbullah is a notion that should not just be sloughed off as rhetoric. I do think that if the VEVAK are involved (and they would want a hand in this I am sure) they could in fact get some real talent and reign in the ranks to do some real damage down the road a piece I think. So, while I may be a little tongue in cheek here at the start of this post, I want you all to consider our current threatscape (*cough* SCADA etc) and consider the amount of nuisance they could be if they made a concerted effort with the likes of the HCARMY.
So, yeah, this could be an interesting development and it is surely one to keep our eyes on collectively… But.. Don’t exactly fear for your lives here ok? After all, my opinion still applies that the bugaboo of scada does not easily fit into the so called cyberwar unless it is effectively carried out with kinetic attacks and a lot of effort. Nope, if the HCA is going to do anything at all, it will be on the playing field of the following special warfare fronts;
- PSYOPS
- DISINFORMATION (PSYOPS)
- Support of terrorism (Hezbullah and others)
- INTEL OPS
Interview by IRNA with HCA
More than anything else though at the moment, the whole revealing of the HCA is more a publicity stunt than much else I think. For all of the talk in the US and other countries about mounting their own “Cyber Militia’s” it seems that Iran and Hezbullah wanted to get in on the ground floor..
Oh… Wait..
They forgot about the PLA and the Water Army!
DOH!
Oh well, sorry guys… Guess you will have to keep playing on that whole “HYPERSPACE WAR” angle to get your headlines huh? Besides, really, how much street cred is an organization like this anyway? So far I have been poking around all of their sites and find nothing (links or files) that would he helpful in teaching their “army” how to hack.
My guess.. This is kinda like putting out the inflatable tanks and planes for the Germans to bomb in place of the real ones.
The "About" Statement on HCA
Now.. Before You All Go Off Half Cocked (That means you Mass Media)
Meanwhile, I have seen the story that I linked up top scrawled all over the digital wall that is Twitter these last couple days. I am sure with everything that has been going on in Iran of late (i.e. the tendency for their bases to explode lately as well as their pulling another takeover of a consulate as well as spy roll ups) the media is salivating on this story because its juicy. It has it all really…
Cyberwar (hate that term)
HYPERSPACE!
Espionage
BOOGA BOOGA BOOGA We’re gonna activate our hackers inside your borders and attack your SCADA’s!
What’s the media not to love there?
HCA's YouTube Page Started in September
Well, let me set you all straight. This is piffle. This is Iran posturing and the proof thus far has been they have defaced a couple of sites with their logo.
THE HORROR!
This group has not even reached Anonymous standards yet! So relax.. Sit back… Watch the show. I am sure it will quickly devolve into an episode of the keystone cops really. They will make more propaganda videos for their YouTube, create a new Twitter account, and post more of their escapades on their two Facebook pages to let us all know when they have defaced another page!
… Because no one will notice unless they let us know…
Just The Persian Facts Ma’am
The real aegis here seems to be shown within the “about” statement for the group. Their primary goals seem to be to attack everyone who does not believe in their moral and religious doctrine. A translation of the statement rattles on about how the West are all foul non believers and that we are “pompous” Which really, kinda makes me think that the Iranian people, or at least this particular group, has a real inferiority complex going. More so though, it seems from the statement that they intend more of a propaganda and moral war against the west and anyone else they see fit than any kind of real threatening militant movement.
You know.. Like AQAP or AQ proper.. Or Jamaa Islamiya.
This is an ideological war and a weak rallying cry by a group funded by a government in its waning years trying to hold on to the digital snake that they cannot control forever. Frankly, I think that they are just going to run around defacing sites, claiming small victories, and trying to win over the real hackers within their country to their side of the issue.
Which… Well, I don’t think will play well. You see, for the most part, the younger set who know how to hack, already bypass the governments machinations and are a fair bit more cosmopolitan. Sorry Mamhoud, but the digital cat is already out of the bag and your recognition of this is too late. How long til the Arab Spring reaches into the heart of Tehran and all those would be hackers decide to work against you and your moral jihad?
Be afraid Mamhoud… khomeini…
All you really have is control temporarily.. You just have yet to realize it.
Tensions In The Region: Spooks & The Holiday Known as KABOOM
Now, back to the region and its current travails. I can see why this group was formed and rolled out in IRNA etc. Seems to me even with the roll up of the CIA operations there in Iran you guys still are being besot with problems that tend to explode.
- Wayward Trojan drones filled with plastique
- Nuclear scientists who are either being blown up or shot in the streets
- Nuclear facilities becoming riddled with malware that eats your centrifuges.
What You Should Really Worry About From All of This
My real fear though in all of this hoo ha out of the HCA is that VEVAK and Hezbullah will see fit to work with the other terrorist groups out there to make a reality of this whole “Cyber Jihad” thing. One of these factors might in fact be the embracing of AQ a bit more and egging them on in their own cyber jihad. So far the AQ kids have been behind on this but if you give them ideas AND support, then we have a problem I think. The ideal of hit and run terror attacks on infrastructure that the government and those in the INFOSEC community who have been wringing their hands over might come to pass.
HCA Propaganda Fixating on OWS
If the propaganda war heats up and gains traction, this could embolden others and with the support of Hezbullah (Iran) they could “try” to make another Anonymous style movement. Albeit I don’t think that they will be motivated as much by the moral and religious aspects that HCA puts out there as dictum. Maybe though, they will have the gravitational force enough to spin all of this off into the other jihadist movements.
“The enemy of my enemy is my friend”
If the HCA does pull off any real hacks though (say on infrastructure) then indeed they will get the attention they seek and more than likely give the idea to other movements out there to do the same.
AND that is what worries me.
Cinch Up That Seatbelt… It’s Gonna Be A Bumpy Ride
Finally, I think that things are just getting started in Iran and its about to get interesting. With all of the operations that seem to be going on in spook world (please don’t use PIZZA as a code word again mmkay?) and the Israeli’s feeling pressured by Tehran’s nuclear ambitions and rhetoric, I suspect something is about to give way. Add to this the chicken-hawks who want to be president (Herman I wanna touch your monkey) Caine and the others who have so recently been posturing like prima donna models on a runway over Iran and we have a disaster to come.
Oh.. and Bachmann.. *Shudder* Please remove her from the Intelligence committe!! That whole Pakistani nuclear AQ attacks thing was sooo not right!
PSSSSST BACHMANN they’re called SECRETS! (or, for your impaired and illiterate self SEKRETS) STFU ok?
OH.. Too late, now NATO is attacking into Pakistan…
It looks to me like the whole middle east is about to erupt like a pregnant festering boil and we are the nurse with the needs who has to pop it and duck.
So.. Uh yeah, sorry, got carried away there… I guess the take away is this; When you look at all the other stuff going on there, this alleged cyber army is laughable.
Yuk yuk yuk… You’re killin me Ahmed!
K.
The Hidden Wiki: Between The Layers of The Onion Router Networks
Inside The Onion Darknet:
Someone recently pm’d me online and asked if I had ever heard of “The Hidden Wiki” They said that they could not believe what they were seeing because they had just perused an ad that purported to offer “hired killer” services. This person immediately thought it was just a trap or a joke, but, it turns out that hired killers are just the tip of the iceberg within the TOR arcology. The TOR network it seems has become the new ‘Darknet’ hiding sites within the onion router networks themselves, totally anonymous and offering every kind of illicit trade one could think of including pedophilia images. There are innocuous sites as well, but there seems to be quite a bit of content (links within the wiki and pastebin’s that offer up nasty things.
How, you might ask, is this possible? Well, it is because of the nature of TOR itself. The Onion Router Network was a project started by the navy to anonymize internet traffic. Once it was set loose to the masses, it was upgraded and brought to the masses as a means to surf the web anonymously. This is done by using a series of routers (which you can set up yourself on any machine with the software) to receive and direct traffic anywhere online without any kind of record where the traffic came from once entering the TOR node network. (see diagram)
Once inside the system, unless under specific circumstances, you cannot be tracked. There are methods to obtain a users real IP address but they are hard to implement. So, with that said, the TOR system seems to not only allow people to access content on the internet proper, but now a secondary internet has been created within the tor nodes themselves. It would seem that perhaps this secondary internet could either be a haven for good data, or bad.. And from what I have seen so far, its mostly bad. The illicit trade of pedophilia being the worst of that ilk and it would seem that the purveyors think that they can do so without any hindrance because it is on TOR.
The Marketplace, A Digital Mos Eisley:
The Wiki offers many services, most of them seem to be driven by ‘Bitcoins’ and you can even find software to mine bitcoins as well as create them within this space. One has to wonder if you can really hire a hitman here or if this is just a BS post for the Lulz, but, other services seem straight forward and their sites are working. These services also include a wide spectrum of hacking as well as alleged DD0S/Botnet offerings as well. My first thoughts about all of this tended toward the idea that Anonymous must be like a kid in the candy store here, and then I began to search for them. It did not take me long to locate some sites that were ‘Anonymous’ themed as well as dumps of all the LulzSec hacks as well as a full mirror of Wikileaks dumps.
Here are just a few of the services offered in the Marketplace:
* Contract Killer - Kill your problem (snitch, paparazzo, rich husband, cop, judge, competition, etc). (Host: FH)
* BitPoker v1.93 - Poker (Bitcoin). (Host: FH)
* Buttery Bootlegging - Get any expensive item from major stores for a fraction of the price! (Host: FH)
* Stat ID's - Selling fake ID's.
* Bidcoin - Like Ebay. We increase the gross national product. (Host: FH)
* Video Poker - A casino that features "jacks or better" video poker. - DOWN 2011-08-07
* Cheap SWATTING Service - Calls in raids as pranks. (Host: FH)
* Data-Bay - Buy and sell files using digital currency.
* The Last Box - Assassination Market (Bitcoin). - DOWN 2011-08-07
* Pirax Web DDoS - Take out your enemies in seconds. (Host: FH)
* Hacking Services - Hacks IM and Social Nets, does DDoS, sells bank/credit/paypal accounts. Se Habla Espanol. (Host: FH)
* Email Hacker - Hacks emails (Bitcoin). (Host: FH)
* CC4ALL - Selling valid Credit-Cards. Most from Germany. (Host: FH)
* Slash'EM online - Super Lots'A Stuff Hack-Extended Magic tournament server (Bitcoin).
* Rent-a-Hacker - Pay a professional hacker to solve your problem, destroy your enemys. (Host: FH)
* BitPoker v2.0 - New version of poker (Bitcoin). (Host: FH)
* BacKopy - Sells game, software and movie discs (Bitcoin). (Neglected status note) - Broken 2011-08-07
* The Pirates Cove - Classifieds. (Host: FH)
* BitLotto - A lottery using Bitcoin. (Host: FH)
* Brimstone Entertainment - Escort Ads, Strippers, Adult Entertainers. (Host: FH)
* Red Dog Poker - Play a simple game of poker (Bitcoin).
* CouponaTOR - A service for getting retail coupons created (Bitcoin). (Host: FH)
* Virtual Thingies - Buy virtual goodies like premium accounts, usenet access or domains (Bitcoin). (Host: FH)
You can also get a range of services like chemicals to make as well as tutorials how to make and sell anabolic steroids not to mention pages and files on weapons and explosives. Anarchy it seems has found a new digital home. One wonders just how long it will be before the onion becomes a home for jihadi’s as well. I suppose if they aren’t already, it’s only a matter of time until they are hosting their own sites in here as well. The real problem is navigation though for anyone looking around. Which makes this all the better for those seeking to be anonymous and stealth. There are a couple of search engines on the wiki, but due to the nature of TOR, one has to list their site in order for it to be found, so, I assume there are many sites out there that are only known to a very select few.
Paedophiles LOVE Anonmymity:
Meanwhile, it seems that there may be a bit of a war going on between the paedo’s and the hackers within this space as well. This particular page on the hidden wiki had recently been hacked and taken down, but, within a day or so, it was back up online serving out links. The FBI is aware of this site and others that I passed along to them, but, they are once again hard pressed to do anything about it because of the nature of TOR. It would probably be a safe bet though, that they have been monitoring these sites for a little while as the agent I spoke with already knew about the hidden wiki and some of the links forwarded. I guess that things though, are steadily growing on the onion darknet so new stuff is being put out there all the time.
All in all though, this is just another battlefield that the authorities must learn to fight in. Personally, I am with HD Moore in thinking that there may be some way to put a stop to all this… But, when he posited the idea it was 2007. Its almost 2012 and we still have the problem. All I can really hope for is that the decent hacker types living within this liminal digital space will keep taking these sites down and making the paedo’s lives miserable in the meantime.
Anonymity For Better For Worse:
On the flip side of all this is the idea that we need to be able to be anonymous online. I agree with this, I mean, I use TOR every day, but, anonymity is a double edged sword. As you can see from everything above, that very same anonymity that is protecting those who need free speech, or other protections it can afford, are also faced with the darker side of the technology. This space still seems to be fairly new in the sense of services, chat boards, paste sites, and other more normal internet style applications, but, in the contained anonymity that the onion network is giving them, the end users just mostly seem to be using it all for darker purposes.
And this will make things more difficult for everyone else as governments seek to destroy the privacy as they see more of this type of activities going on to use as excuses to peer into them.
K.
Yes Virginia, There Are Hackers and Spooks On Militant Boards…
A prominent poster on the elite password-protected jihadi web site Shumukh has told fellow forum members his account on the site has been hacked to send spyware to fellow forum participants.
The user, who goes by the handle “Yaman Mukhadab,” posted on August 28 that “it seems that someone is using my account and is somehow sending messages with my name to the members,” according to Flashpoint Partners, which translated the discussion for Danger Room. Shumukh uses software from vBulletin, which allows members to send private messages to each other.
Mukhadab’s handiwork has attracted attention beyond the forum. He was one of the contributors to the site’s lame recent attempt at creating a fantasy target wishlist comprised of American security industry leaders, defense officials and other public figures.
From Wired
Yeah, yeah, yeah, once again Wired got a little tidbit from Evan Kohlmann to keep his Flashpoint company relevant and in the news. Blah blah blah. Look, Adam is it? Yeah, Adam, there is much more that goes on on this site and the myriad others that Evan isn’t telling you. Sure, this guy Yaman got a little twitchy and he is right to be so lately. There has been A LOT of other things going on on both sides of the fence lately that ol’ Evan hasn’t let you in on, or more likely, has no clue of.
- There are hackers, both at the behest of the government and those not avowed going at these sites. Some are just knocking them down for periods of time (Jester etc) Some who are auditing the sites and actually interacting at times with the players after owning them, and SOME who are just hacking the shit out of the sites and wreaking havoc. The latter was seen back a month or two ago with the take down of Ansar. They just RM’d that sucker, but, the jihadi’s had a backup and they were online within days. (which you mentioned.. good)
- Most of these sites have sections where the the newbies are being taught hacking skills. Some of these tutorials are low level (like the lulz types we saw not too long ago *protect your MACIP’s) Others are quite well versed in hacking and have tutorials on the level of something to worry about. In fact, some of these sites contain the works of friends of mine in the security community that they have posted as research. Within these sections we have areas where the jihadi’s have an assortment of upload/download sites for malware (mostly these are older packages) but some of the newer posts have malware and creation kits that are up to today’s standards (which you failed to mention)
- The version of AQAP’s “Inspire you talk about was tampered with *cupcakes* as well as one version did in fact have a trojan. (which you failed to mention)
- The list of targets wasn’t so much lame as it was a new call to the “lone wolves” on these boards to act on it. There is a change in the way these guys are waging jihad that is not really covered by Evan and you. Did you know for instance that there is a Facebook Jihad (propaganda war) that is ongoing? As well as guys like Abu Hafs Al Suni Al Suni are advocating for a ‘stealth jihad’ ? Yeah, they are, and they have been busy trying to propagandise and get the word out to those lone nutjobs that might in fact try something like say, pick a name off of that ‘lame’ list as you called it. It wouldn’t be so lame after they actually whacked someone would it?
Sure, a good deal of this and the other jihobbyist sites are full of dreck, but, there are pockets of true believers, and your little piece in Wired downplays it all.
For more:
GCHQ/SIS AQ Media PSY-OP: Messin With Jihobbyists
Also try this little Google Search for spyware posts on the board. They have been busy.
As a side note, the Jihadi’s also went further and opted to go after the MEMRI organization as well. In a later post by Yaman, they list out the leaders of the org as targets as well. What makes me wonder is which one of them has a log and pass for MEMRI (hint hint MEMRI check your logs)
All in all, another bang up job Wired… *sarcasm implied*
K.
Not So 3R337 Kidz
Once again we find ourselves following the story of a new uber dump of data on a Friday (Fuck FBI Friday’s) as they have been dubbed by the skiddies. It seems that 4cid 8urn, C3r3al Kill3r, and Zer0C00l once again have failed to deliver the goods in their #antisec campaign with their ManTech dump. ManTech, for those who don’t know, is a company that handles defense and government security contracts for such things as secure networks etc. The skiddies decided to try and haxx0r the Gibson and get the goods on the bad bad men at ManTech.
Once again, they failed.
The files are mostly UNCLASS (kids, that means UN-CLASSIFIED mmkay?) with a few SBU (Sensitive but UNCLASSIFIED) as well. Many of the files are just documents of finances, bills, resume’s and email addresses that frankly you could get with a good Googling session. Again, we are not impressed by this crap Lulz skiddies. I have told you once, and now I till tell you again, you are failing to deliver anything of interest really.
Now, if you were real APT, then you would have used the data in the excel sheets to create some nice phishing exploits and then gone on to root some good shit. But no, you aren’t that advanced are you? You just want to do the quick hit and dump your ‘booty’ to collect the love from your adoring, albeit stupid, fans. I am sure some of them are at home now wanking off to the idea that you have really stuck it to ManTech and by proxy ‘the man’
Well, you haven’t.. Not so 3r337 as Raz0r and Bl4d3 say.
What you keep failing to understand are sever key things here:
- The good shit is in more protected systems, ya know, like the ones Manning had access to
- You have no idea what you are taking or what you are dumping! Bitch please, understand the classification markings!
- It’s only important to your ‘movement’ if the data actually uncovers bad behavior on the part of the government!
And it’s on that last point I want to harp a little more on. You guys say you are exposing fraud and devious behavior (other than your own subversive tendencies?) and yet, you keep missing the mark. There have been no cohesive plots outed by you other than Aaron and HB Gary’s little foray into creating 0day and programs for propaganda tools online.
Yay you!… ehhh… not so much.
You certainly did spank Aaron though, and for that my top hat and monocle are off to you. He rather deserved what he got for being so God damned stupid. However, you must all understand that these are the standard operating procedures in warfare (PSYOPS, INFOWAR, PROPAGANDA) every nation plays the game and its just the way of life. So, unless you get some real data of a plan to use this type of tech by the US on the US, (other than Rupert & Co.) Once again, I am not really so impressed.
Of course, you have to know that you are now the target of all of those tools right? Not only by the US, but other nations as I have mentioned before. Do you really think that you have not opened the door for other nation states to attack using your name? No one mentioned yet that you are now considered domestic terrorists and could even be considered non domestic after you get caught? You have opened Pandora’s box and all the bad shit is coming.. And much of it is going to be aimed straight at you.
The ironic thing is this.. You have delivered shit. It’s the idea and the cover you have given other nation states or individuals that is key here. You say you can’t arrest an idea… I say certainly not! BUT They can arrest YOU and then make that IDEA not so appealing to the other skiddies once your prosecutions begin on national TV.
So keep it up.. That hornets nest won’t spew hundreds of angry wasps…
Inspire 6: Operational Methods Changes
Inspire vol 6 came out yesterday and for the most part, it was more of the same ol same ol. Long diatribes on AQ doctrine, the usual shahidi laments and exhortations, a bomb making cook recipe for Acetone Peroxide (I can see more than a few jihobbyist fingers getting taken off accidentally) and then the little section below screen captured titled “Jihadi Experiences”
Jihadi Experiences:
After OBL was sent to his pineapple under the sea, I had written a post titled “Al Qaeda: The Case of A More Diffuse and Autonomous Organisation” in which I made the observation that AQ might be re-thinking its C&C structure as well as its organizational groups. This part of the Inspire magazine is saying that very thing.
- Point one on the list is the fact that they need to re-tool their operations to have more diffused and compartmented cells. They want to have cells that operate in a way that if one of their members gets caught, they will not know the whole picture and be able to give away the rest of the team.
- Point two notes that they need younger recruits but those recruits seem to not want to commit themselves fully to the cause. They are observing that perhaps they could get the youth involved by contributions but not having them commit fully. This seems to be the essence of the jihobbyist to me. Looks like they want to use this.
- Point three re-iterates the need for more diffused, mobile, and agile units because the battle space is not longer driven by discreet front lines.
- Point four makes a key statement that the drone strikes are causing problems for them and backs up point three in that wherever they are meeting or hiding, even underground, we are using technology to find them and strike them.
- Firstly, they have renamed jihad to “resistance” its a bit more Western friendly term for those jihobbyists who do not speak Arabi well and it is a paradigm change. You are fighting a battle of resistance against the oppressor instead of being mandated by Allah and the Koran to do so. It goes to the whole idea of using the youth as a movement without the absolute commitment to Jihad.
- The second statement re-iterates the need for a new youth movement that will ease them all into the ideology of jihad. Once again, using the key word of “resistance”
- The third and fourth statements have key changes but ones that has been building. They are aiming for more lone wolf jihadi acts. They say this though, with the intent of directing those lone wolves to key targets. I believe that they want to deploy the command and control over the propaganda wing’s postings online. This would make sense, just dangle targets out there and exhort the ‘youth ummah’ to go forth and commit jihad.
- The fifth statement concerns their ongoing efforts online to spread jihadi ‘sciences’ as well as political doctrine. Of late, the forums have been under attack by differing factions. Mostly though, the actors taking down the sites seem to be non state actors (patriot hackers) egged on by the recent spate of Anonymous hacks and attacks. However, there have been other issues the jihobbyists have been facing. Their Facebook jihad has been failing because Facebook keeps taking their pages down. It has been suggested that they create front pages with links to harder content that is hidden to prevent this. All of this though is tempered with the fact that they do not want to be caught, like said Anonymous actors who lately have been scooped up by the authorities.
- Statements six and seven are interesting. They speak of creating cells of resistance and re-naming them systems of action “Nizam Al-Amal” and not as secret organizations for action “Tandim Lil-Amal” Once again, the movement is looking to have secure cells that will have a C&C but not so much that if any of their members are caught, the cell will not be taken down nor will that effect the upper echelons security.
Internet Jihad vs. Internet Propaganda Jihad: When The Media Gives Me Tourrettes
From dnaindia.com
I followed a link today off of esecurityintelligence.net and after reading the first graph of the piece I pretty much had a bad case of Tourrettes syndrome. This is some of the WORST reporting I have seen where it concerns the state of internet jihad. Now, I know why these places all do this, they just want a lead story and headline that will draw people in and make them click into the site. I get it… But.. It’s just wrong. The internet jihad is more a propaganda campaign than anything else and as you can see from the piece below from of all places, “The Sun” did a bit of a better job on the facts than dnaindia did!
Now that is surprising.
From thesun.co.uk
So, as I was saying, a ‘bit’ of a better job.. Then they too go off the rails. Look, the cyber jihad or Internet jihad is comprised mostly of jihobbyists, guys who want to get in on the action but are too clueless to actually go to the battlefield in some cases. In others, they are deluded individuals with mental health issues that need to be medicated and taken care of. In either case, the needed skills to really cause greater issues other than setting up php bulletin boards to throw propaganda on are lacking on the part of the general jihobbyist populace. Just how many of the attacks by LulzSec were attributed to the likes of Al Qaeda?
hint: NONE
Yet the media persists in perpetuating this idea the there are some 31337 jihadi’s out there who are going to pwn the grid. Really guys, get your shit straight when reporting on things ok? I have seen some strives in the Jihadi hacking scene these last few years, but NOTHING like what you are talking about. Hell, their real hacker went to jail years ago (Irhabi007) What is worse it seems, is that likes of Home Secretary May, may in fact be spinning half truths about Internet jihad for whatever political expediency she needs. I have reported in the past about the Facebook Jihad (notice 2010) and pretty much sum it up to propaganda and thats it. Sure, there may be some illicit comms channels here, but, its Facebook for God’s sake! They are on top of this shit, TRUST ME! The jihadi’s have been complaining that as soon as they set up a Facebook page it gets taken down by Zucky and company! So really, there is no threat there.
So, lets take another look at it from the post LulzSec perspective.
Lulz have been wreaking digital havoc with some pretty low level hacks. They carried out DD0S, they hacked low hanging fruit and stole data which they then published. LULZ did it, NOT Al Qaeda. Now, don’t you think that if AQ was adroit at hacking and wanted to cause pandemonium they would have beaten LulzSec to it all? Don’t you further think that perhaps when and if they hacked the servers with the low hanging fruit hacks (SQLi) that instead of just publishing the data, they would have say RM’d the whole databases?
Think about it;
- Economic targets like the stock market
- Military targets like the recent Anon attacks on Booz Allen
- Attacks on grid and other key infrastructure targets
ALL of these things likely already harbor vulnerabilities that the likes of Anonymous could already have access to! The difference? The LULZ don’t want to be thrown in a hole forever and know their limits I suspect. Now, if you were AQ though, what’s to lose?
NADA
AQ, if they had the capabilities would already have used it! They haven’t, which means to me they lack the critical skills in their jihobbyist base to be a threat in this arena. It is as simple as that. So please Media, fucking buy a clue and stop just trying to use the “If it bleeds it leads” mentality to get clicks. Do your JOB’s and get subject matter experts with credentials to talk about this stuff instead of just trying to scare the straights with false reports.
I have often written on this topic in the past and from what I have seen here is the overall picture of the state of Jihadi hacking tech.
- They are using OLD malware packages to infect machines to steal data/money (mostly money)
- They are using OLD hacking exploits for the most part just as they are with the malware packages
- SOME jihadi hackers (TNT_ON) are clued in and know what they are doing technically, but yet are inept enough to leave their real IP addresses in their tutorial videos (I see you!)
- They are learning.. Slowly.. but their sites still keep getting popped and their super sekret rooms online have been penetrated
- Their crypto program (Mujahid Secrets) has been cracked/Reverse Engineered
Finally, let me leave you with this little bit of wisdom post the demise of OBL:
- They got him because his lackeys were tracked by their electronic comms
- Even though they were using sneakernet and email Dead Drops we managed to catch on (these techniques are not hacking)
Were OBL and his crew using high tech hacking techniques or crypto (aka steg) as their main means of communications, judiciously, it would have been even harder to get a line on what they were up to, where they were, and moving forward, determine future plans from OBL’s hard drives etc. Instead, they were using old spy tactics with minor digital twists to evade the US and other countries. This says a lot about their abilities and ours to detect them. They decided it was better to go old school because we cornered the digital market.
This follows today to the hacking scene, where we have some muslim hacker groups out there defacing pages, but not doing much else in the way of Islamic Electronic Jihad. So, media, let me put it plainly again;
They don’t have the skills to be super scary like you want them to be in your exaggerated reports!
CUT IT OUT!
I will let you know when they have their shit together.. Trust me.
K.
Past posts on this subject:
Great Likelihood of Cyber Attacks By Terrorists: You Don’t Say!
Inspire Magazine Analysis: Going Green for College Age Recruits
Abo Yahya and Metadata Cleaning
TNT_ON@hotmail.com —> zmm@hotmail.com = Sword Azzam?
Jihadi Malware 2010, Al Mojahden’s User Acct Boo Boo, & The Jihadi Technical Forums
Jihadi Hacking Tutorials: Irhabi 007′s Text and More
Jihadi Penetration Tutorials: Metoovet
The Jihadist Repertoire Expands
Al-Qaida Goes “Old School” With Tradecraft and Steganography
AQ’s New Digital Shingle: Al-Fidaa
AQ’s New Propaganda Board:
Al-Fidaa, the newest site in the Al Qaeda webring to spread the usual propaganda. This site popped up last week and I am just getting round to checking it out fully. The site is undoubtedly a response to the takedown of Al-Shamukh a couple weeks back and this is their answer, to make even more redundant sites to pump out their agenda.
The difference so far with this site is that security wise (at first sniff) it has been upgraded. Google has been spidering the site, but even when you attempt to look at the content in the cache, you get nothing but the login page. This is a decidedly large change from their past sites that leaked data. A further examination of the site structure and back end servers will tell if there is more to work with on fidaa.
Domain Data:
Another major change is that these site domains have been set up as privacy protected. This is a newer thing to most of these sites and the domains were set up in May of this year, probably in case they needed them, like the Al-Shamikh1 site that popped up so quickly after the original domain was capped by Godaddy and allegedly “BlackKatSec”
I would love to see the government go to these domain registries and locate how, who, and where the funds were transferred to create these sites. I am willing to bet that they were set up using cutout companies or individuals, but, maybe they will get lucky and get a line on a real person or two to ask some questions concerning ownership and connection to AQ.
Server Locations:
While the site is registered in the US, the actual servers are all located in Malaysia. So, once again we see that Malaysia seems to be a hub where the Internet Jihad is concerned. I have to wonder just how well our government gets along with the Malay government. Could we in fact get some digital forensics love on those boxes out there? One also wonders just how many Malay jihadi’s there are out there and how many of them may in fact work for networks like Piradius. I ask this because many a server has been stealthed onto boxes run in those networks and I think from the looks of them, that they are being managed locally, not just hacked.
The Nature of AQ Sites:
Overall, it seems that this site is just another mirror like all the rest out there. They will have secret little rooms to chat amongst themselves, but the real Jihad goes on elsewhere. Primarily these sites are for the distribution of propaganda and to recruit the lone wolves in the West. I expect that it will just be the same thing with a different color scheme really… But, it will be something to watch.
If I find something tasty I’ll let you know.
K.
Krypt3ia 