Archive for the ‘Commentary’ Category
SONY: The Laughing Man Effect
Preface:
In the past I have written about “The Ghost In The Shell” referring to current incidents online and the future of network warfare. I mostly wrote about the anime show’s prescience with regard to the fact that many of us in the business of computer security it seems gravitated to it because of those very scenarios in the first place and a certain cool factor to them. Of course all of that was science fiction and it could not happen in the real world could it?
Well, once upon a time the idea of a plane flying in the air or a submarine for that matter were pure SCIFI and now we take them for granted. So it is too with some of the ideas put forth by G.I.T.S. where online culture and warfare are concerned. If you are not familiar with the G.I.T.S. franchise I suggest you go to Amazon or Hulu and watch them all. If you are familiar with them, then you might have the same “Ah ha!” reaction that I did watching the evolving story of the Sony hack.
SONY HACK
So to catch you all up, Sony it seems got hacked. Not just hacked, but utterly hacked, penetrated, compromised, whatever adjective you would rather use all of them applies here. Suffice to say that Sony was taken down in such a way that absolutely nothing electronic should be trusted within its environment whether it be a router, switch, desktop, laptop, server down to USB sticks. The hackers had complete control over what seems to be all of their infrastructure and for an indeterminate amount of time.
The adversary, once gaining access began to plunder all of Sony’s secrets, ex-filtrating them out of their networks to the tune of one hundred and eleven terabytes of data. This is an astounding amount of data to take and one has to wonder just how they got it out of there. I mean, did they move it on TB drives? Did they FTP that out? What? You also have to wonder just how long that would take if they were being sneaky about it. It also begs the question of whether or not the attackers had to be sneaky at all because perhaps Sony had not learned it’s lessons from previous attacks and just was not watching traffic at all to see the immense amounts of data leaving their domain.
It gets worse though for Sony… If that were even conceivable to many. The adversary then inserted a special feature to the malware they were using to compromise systems with to destroy the MBR section of hard drives on systems that were infected. This poison pill was then activated when the attackers were done to perform the coup de grâce that would take Sony down hard. As it was described the malware changed the login screen for all the users and then the game was on. Sony knew something was up and then systems went BOOM. Or did they? I am not too sure on this fact because I have not seen much out of Sony as to what happened next.
The net effect here is that Sony cannot trust anything and anyone potentially within their walls and had to shut down their whole network. They handed people pens and pencils and continued working as best they could as they called in Mandiant to perform the incident response for them. Meanwhile, the adversary had made contact with Sony either with the screen change (see below) or other means to say that they had that 111tb of data and laid out terms of what they wanted to not let it out on the net. That was around Nov 24 and it’s now December 6th. Since then there has been two data drops by a group calling themselves the GOP (Guardians of Peace) One drop was small, around a gig and the next was 27 gig. Within those files were found great swaths of Sony data that included numerous SSN’s and personal data for people who worked with or for Sony. In short, it’s a nightmare for all involved really.
Then things got… Weird.
Suddenly Variety (the Hollywood trade rag) was reporting that Sony thought that their adversary was in fact the DPRK and Kim Jong Un. Why? Because Sony was going to release a film that KJU did not appreciate. That film is called “The Interview” and it’s a comedy whose premise is that two Hollywood types are invited to DPRK to interview KJU and are asked “humorously” to whack KJU by the CIA.
Eh.. It could be funny. I really don’t think it would have nor will be but that’s just me. I am not a big fan of the two major stars of the film and of late Hollywood has mostly been the suck anyway, but yeah I digress…
So yeah, Variety is reporting that DPRK hacked Sony and with Mandiant being signed on HOLY CHINA! We all in INFOSEC began popping the popcorn and waiting on Tao to start talking about where DPRK touched him. It was and is still, rather unreal. The modus operandi for some of the hacking does match what DPRK has done before with wiper malware, or shall I say “has been attributed to have done before” and attribution as you all know is hard. However, the data kinda looked like maybe it was possible but with the lens of time it seems less likely that it was a nation state actor especially if the reason for the attack was in fact over this movie.
Since the advent of the DPRK theory, this whole story has just become a media frenzy about “CYBER CYBER CYBER WAR PEARL HARBOR BE AFRAID!!” The reality though seems to be a bit different from the popular media fallderall in that the GOP has all along said that this attack was in response to Sony’s bad practices and they needed to be taken down for them.
The Laughing Man Effect
This is the juncture where the Ghost In The Shell comes in and a certain arc in the story line from the Standalone Complex. If you are a fan you might remember the series of episodes concerning “The Laughing Man” In these episodes we are introduced to a hacker who appears from nowhere and begins a campaign of attacks against corporations for their misdeeds. In particular one company that was colluding in surveillance and stock manipulation but I will leave all that to you to watch.
What happens though is that The Laughing Man takes on the corporation and through hacking exposes them for what they had done as well as effects their bottom line greatly financially as well as damaging their reputation. It was the spectacular nature of the hack though, on live TV in this future Japan that got others completely obsessed with the Laughing Man and what he had done. If you have not seen the series there is a box set of just the episodes that concern the Laughing Man you can watch.
The story line though sparked with me because it showed the great asymmetric power of this kind of warfare that could be carried out by one person. One person with the skill sets to do it, could affect the bottom line of a company at a distance as well as anonymously. This is a powerful thought and one that in today’s society is much more of a reality than ever before and it is precisely because of technology. This idea I personally now call “The Laughing Man Effect” and in tandem with meme’s could spell real trouble for the world today. We have seen this already taking place with Anonymous and their various wars against injustice or just for the lulz as we saw in LulzSec. In fact, I would claim that HB Gary would have been the first instance of the Laughing Man Effect and it just took the Sony incident for it to solidify in my head.
Memetics
Now consider the meme. Meme’s are ideas or images that catch fire with people and are passed on rather like cognitive malware. Anonymous was a meme as well as means of creating and delivering meme’s on the internet. Born of the 4chan boards where meme’s are born every second, some dying on the vine while others catching fire, Anonymous caught on once they went after Scientology. The reality is that Anonymous lit this fire and now GOP has taken up the notion ostensibly and acted upon their personal desires of retribution much like Anon’s did on Scientology.
If the GOP is in fact a real group or person with an agenda to destroy Sony then I believe that their idea has come from Anonymous(s) successes. I also think that if they do really exist as a group then they have learned from Anonymous successes and failures. So far GOP has been pretty cagey with their use of dead drop email accounts and the use of various servers around the globe to send email to reporters. Which, if they are not caught right away, will give them more power of the meme as the David who slew Goliath.
In the end, I believe this to be just the meme taking root in the collective unconscious spurred on by the likes of Anonymous, Snowden, Wikileaks, and the Occupy movements. We live in a time where the small can in fact easily take down the big with technologies that we all use and often times do not secure properly. In the case of Sony it seems that they neglected a lot and got burned badly by doing so. If that is the case then who’s to say when the next big corporation is taken down by another person or persons with an axe to grind or a valid grievance?
The meme is catching and the Laughing Man Effect may be a real concern for the governments and corporations of the world. The more flashy and catchy or perhaps just downright motivational the more chance that others will follow. This is the nature of the meme and it’s ability to propagate so quickly and effectively in our hyper connected world. If you just look at all the media coverage of the Sony incident and then look at all the armchair detection going on around it you can see how this one too has sparked the collective imagination and curiosity.
Future State Electronic Warfare
So here it is. What some have been fearing and perhaps not getting across well enough is coming to pass. In our connected world it is easy to take things down and burn them. I the case of Sony they will come back sure. If you look at their stock the last few days as revelations surfaced, their prices took a dive but then went back up. Perhaps the real world just doesn’t understand the ramifications of what has happened here. However, the fact remains that Sony was completely decimated on a technical level to start. This is an important point that should be thought about.
That Sony was likely hit by an insider is highly probable. Was that insider sent in or actively recruited? Are they someone who just did this because they felt abused? I guess time will tell on these questions but insider attacks have always been a problem and they won’t go away. How do you really protect against that without making life harder for end users? Much more, how do you protect against insider attacks without alienating workers as they are watched every second of the day as they work to insure they aren’t setting off an attack? It’s a vicious cycle really.
Alternatively, how can any company expect to defeat a determined attacker anyway? The dreaded APT’s have had it easy and still do to a large extent but even after we all have learned our lessons, it will still always be a surety that a determined attacker will get you in the end. With that knowledge then what do you do? Do you just accept that fact like something akin to the AA credo of “Grant me the serenity to accept the things I cannot change” or do you fight harder? It is a never ending battle.
What Sony can teach us though now is that the idea of this kind of warfare is out there. Ordinary people are feeling empowered to take on corporations and governments with the aid of the very technologies they use to carry on daily business. Technologies that are now commonplace and we cannot do without. This is a scary thing to many in power and it’s been made all the scarier when things like the Sony hack happens so utterly and completely well.
Welcome to the future of online/electronic asymmetric warfare kids.
K.
The DARKNET: Operation Legitimacy?
gaiuaim ioi dui pln!
The DARKNETS…
The “Darknets” You’ve all heard of them. Some of you out there may have traversed their labyrinthine back alleys. However, have you ever thought that someday the darknet would be just as legitimate as the “clearnet” is today? With the recent bust of DPR and the Silk Road there has once again been great interest in the “Deep Web” and this interest was sparked once again for me too. It seems that the darknet is the new black once again and people are flocking to it just like onlookers at a traffic accident. Others though seem to be aiming to use the darknet technology (TOR and hidden services) to support free speech and to pass information as a legitimate whistle blower.
Still Mos Eisley but….
I loaded up TOR & Tails and took a trip once again into the digital Mos Eisley. It is still dark and full of crazy things and if you go there you too will see black market items, services like Assassinations for Bitcoins, and run of the mill blogs. You can (allegedly) buy just about any kind of drug in quantity just as easily as buying/mining bitcoins and paying for your drugs with them. All anonymously (once again allegedly as you can see from the DPR fiasco) via the Onion hidden services and backed by other services from anonymous email on TOR to bitcoin exchanges. However one can now see other sites out there that aren’t so black market oriented as well.
One such site is pictured above. The New Yorker decided post Ed Snowden’s revelations, that it was a good idea to put their new “secure dropbox” on the hidden services. This is a legit site that has been talked about on the clearnet as well as in the media a couple months ago. This is one of the first more legit sites I have seen out there that is offering a secure means to talk to reporters using the security that others on the darknets are using to carry out illegal activities. I have yet to really look at the site’s security but overall I see this one site being the key to showing others out there how the darknet can be used for something other than crime. Of course then again, if you ask the Obama Administration even this site could be considered illegal or an accessory to illegal leaking I guess. It’s really a matter of perspective.
Gentrification?
So what about other sites? What would you out there use the darknet for that is not “illicit” but requires some security and anonymity? I can foresee other sites popping up perhaps in the arena of free speech or even political movements that might like this model to pass their ideals on. I honestly think this is a turning point for the darknet. Of course this is all predicated on the darknet being “secure” after the revelations from the Snowden Archive of late. It seems the NSA is really trying pretty hard to de-anonymize anyone they want to and would love to have it just not anonymous at all. Well, let me re-phrase that.. Have them THINK it’s anonymous while it is not so much to the NSA.
Other sites out there include an online Koran as well as all kinds of other non criminal sites that are.. Well.. Kinda goofy or fringe. I think that perhaps now things might shift as the technology becomes easier to manage making it easier with global connectivity for us all to hang up a shingle in the darknet.
Time will tell though I guess…
K.
The Digital Posse Comitatus: Or How Generals Obfuscate and Inveigle To Congress
Posse Comitatus
NSA, Black Chambers, and MAE’s with NARUS STA-6400’s
The recent article on wired.com about the Senate hearing with General Alexander (NSA) was an amusing. In it, they link to a video of the testimony before congress by Alexander on the issue of interception and surveillance of digital traffic in the US by the NSA and thusly, the DoD by way of alleged hardware and processes by NSA. This ability to do so has been around for some time in the digital age we live in now and really came out when Mark Klein came out of the closet on the NARUS system at the MAE he worked at. However, way before this, the CIA and other agencies had such things as “Black Chambers” to open your mail or to look at your faxes/cable traffic via back door deals with the companies that made those technologies available. So this is nothing new in theory, just the actual practice of it has changed through the nature of technologies.
So, when I see the General hemming and hawing, obfuscating and inveigling about “how” things are done with the FBI as the internal acting body for surveillance and investigation after filling out paperwork, I have to snort and say “Liar” Or at the very least “obfuscator” The truth of the matter is that the NSA has the capabilities and the hardware but there is supposed to be a firewall against all of this happening (though there have been other whistleblowers from NSA who say otherwise) but, post 9/11 the lines have blurred considerably at the order of GWB.
Post 9/11: Bush Opens The Floodgates
There are stories of a room full of alphabet agency heads with GW when he told them all of the old rules applied no more. Domestic surveillance and all of the old rules were being thrown out the window and from what I heard, they were all kinda aghast at hearing it. What GWB was open the floodgates to the world of warrantless wiretaps and surveillance culture we now have and diminished the lines between military and civilian agencies collection and alleged sharing of data. In the case of the NSA though, the abilities were always there to monitor the traffic of the US, remember, how much of the infrastructure is indeed here? No, the only firewall was a rule set that said “thou shalt not listen to these people” and that was it. Post 9/11 though, because the 19 hijackers were here, they decided that the needs of securing the nation, rested on that firewall being turned off.
So it was that it steadily has become easier for the FBI and others domestic and military, to use the technologies at the hand of NSA and others to monitor the digital infrastructure. Ostensibly at first there were to be FISA courts and warrants, but, over the years as you have seen in the news, such things have become less and less used and the system negated. In the case of FISA, the FBI used it less and less, and in the case of the NSA, well, they never needed it because there weren’t “technically” allowed to monitor US Citizens right? This is not to say that they are always doing such things, but, you know that some have and it depends on the cases that they are making.
Remember, all of this is ostensibly to protect the nation from another 9/11.. And that the masses today are more often than not, oblivious to the precedents being set. This does not mean too that the NSA is just abusing these capabilities all of the time, nor is the FBI, in asking NSA for such intercepts.. But… Who watches the watchers really? Oversight committees only see so much and for those of you who say it is inconceivable I shall point to earlier history with Nixon and others as proof that it is not. So, if you wish to believe that it is all for our own good, and that terrorists like you see on NCIS are all being caught by these means legally and with honor, so be it.
Just know that people are fallible and the processes are so loose now with secrecy levels as never before to make things that do happen, never see the light of day whether they were right or wrong in the end.
NSL Letters and Warrantless Wiretaps
Today we have Anonymous making the waters muddier than ever before as well as a myriad of other security nightmares going on. Much of what goes on that requires the FBI to look into it is indeed illegal actions on the part of individuals and groups. On the terrorism side for instance there are many alleged “lone wolves” out there, jihobbyists really, who are mentally unhinged enough to want to plan and act out that require surveillance. These types of activities require the laws we have in place and the NSL letters and FISA warrants kinda eventually went out the window because they were too slow for the feds allegedly. Just as well, there were issues with the warrants filled out being overly broad and not having sustainable reasons for their being sworn out. Was it just laziness on the part of the feds or did they just want to obfuscate because they “wanted” them to go through because had they filled them out right or at all, they would have been denied?
Today we have cases of warrant-less wiretapping going on as well as the recent warrant-less GPS issue that was overturned by the courts and thus the FBI had to turn off some number of GPS units in the field. But hell, really. what’s the point when your cell phone does all the GPS tracking for you huh? Everyone today pretty much has one that does it and it’s likely on because you are not thinking about the fact that you are tracking yourself every 8 seconds by just owning the damn thing and having it on. So, once again, it comes down to the grey areas here where privacy is really only what you make for yourselves. In the case of an NSL letter or a warrantless wiretap, well, you won’t know about it until you are van&d right?
Generally though, I do not believe that people are being unjustly convicted yet or being watched en mass.. However, the environment is ripe if you tweet something that gets someone’s attention right? It’s when I say this or think about this, is when I think of Nixon and the odious things he was doing with Hoover and the FBI as well as his CIA plumbers. Some may feel that this is the same feeling today that they are having where all of this is concerned.
Watching Alexander Dance Reminds Me Of That Scene In “Clear and Present Danger”
Going back to the testimony by General Alexander I find it particularly interesting that the senator brings up Posse Comitatus and Alexanders reaction to that. I had generally thought that Posse Comitatus was kinda dead anyway, but, it is an important question to ask now about the digital domain today. NSA has it’s civilian portion but generally it is a military arm run by a general. By asking about domestic surveillance, the senator is breaching an important question about how the military wants in on the digital battlespace and just where that will be fought. Can one, in the digital age insure that battles by the military will only be carried out in servers outside the continental United States? The short answer is no, and one has to argue then that the military could very well be fighting battles within the US (networks) and would this in fact contravene the Posse Comitatus act?
It’s an interesting puzzle to look at and I am thinking perhaps the Senate is beginning to have a light bulb go on over their collective heads about it. Though, it is my thinking that the general was not being as literal minded or truthful about the intricacies of what they were asking for an answer about. In my opinon he sidestepped it a bit and I am sure others out there will differ with my opinion. In my mind though, the crossing of the Posse Comitatus line where this type of intercepts are concerned was long ago broken by the administrations desire for “security”
Don’t get me wrong though, I agree, that there are times when this is quite necessary, but, there should be rules and processes.. Unfortunately in the case of the FISA court and FBI, we have seen where it was contravened repeatedly, so who’s to say that the NSA is any different? Overall though, the scene reminded me of “Clear and Present Danger” where Jack Ryan is asking for “training money” when in fact he has been set up and is actually getting money for Operation RECIPROCITY. It was at that time that the senator asks him if he’s telling the truth and that they had heard this all before during Viet Nam.
Where does the truth of it really lie? Will we ever know?
IT’S FUCKING BAMFORD YOU FUCKWITS!
In the end, it was an interesting little video and I really wished that the players could even get the little details right. For your edification Senators and General Alexander, the writer’s name is James BAMFORD I am pretty sure that Alexander has heard the name before and I think he kinda just got a giggle out of the cluelessness of the senator asking the question. Bamford though, does his research and he knows his shit, so, I will lean toward believing him over the testimony in this particular video. So NSA is building a new facility and some have pointed out that it could in fact enhance their abilities to surveil domestic actors or, just suck up the internet traffic as a whole. The likelihood is that the capability is there, but once again, the laws and the rules say that they cannot “use” such data.
Read between the lines on the testimony.. The tech is there.. It’s the rules that say they cannot use it.
Your mileage may vary on what you choose to believe the intent and the follow through is.
K
China’s cyber-warfare capabilities are ‘fairly rudimentary’… What is it with these crazy Australians?
Conclusions
Chinese strategists are quite aware of their own deficiencies and
vulnerabilities with respect to cyber-warfare. In June 2000, “a series of high-
technology combat exercises” being conducted by the PLA “had to be
92 suspended” when they were attacked by “a computer hacker”.China‟s telecommunications technicians were impotent against the intermittent
hijacking of the Sinosat-1 national communications satellite by Falun Gong
„practitioners‟ in the early 2000s. China‟s demonstrated offensive cyber-
warfare capabilities are fairly rudimentary. Chinese hackers have been able
to easily orchestrate sufficient simultaneous „pings‟ to crash selected Web
servers (i.e., Denial-of-Service attacks). They have been able to penetrate
Web-sites and deface them, erase data from them, and post different
information on them (such as propaganda slogans). And they have
developed various fairly simple viruses for spreading by e-mails to disable
targeted computer systems, as well as Trojan Horse programs insertible by
e-mails to steal information from them. However, they have evinced little
proficiency with more sophisticated hacking techniques.The viruses and Trojan Horses they have used have been fairly easy to detect and remove
before any damage has been done or data stolen. There is no evidence that
China‟s cyber-warriors can penetrate highly secure networks or covertly
steal or falsify critical data. They would be unable to systematically cripple
selected command and control, air defence and intelligence networks and
databases of advanced adversaries, or to conduct deception operations by
secretly manipulating the data in these networks. The gap between the
sophistication of the anti-virus and network security programs available to
China‟s cyber-warriors as compared to those of their counterparts in the
more open, advanced IT societies, is immense. China‟s cyber-warfare
authorities must despair at the breadth and depth of modern digital
information and communications systems and technical expertise available
to their adversaries.China is condemned to inferiority in IW capabilities for probably several
decades. At best, it can employ asymmetric strategies designed to exploit
the (perhaps relatively greater) dependence on IT by their potential
adversaries—both the C ISREW elements of adversary military forces and
the vital telecommunications and computer systems in the adversary’s
homelands. In particular, attacks on US information systems relating to
military command and control, transportation and logistics could “possibly
degrade or delay U.S. force mobilisation in a time-dependent scenario”, such
as US intervention in a military conflict in the Taiwan Straits.China‟s cyber-warfare capabilities are very destructive, but could not compete in
extended scenarios of sophisticated IW operations. In other words, they
function best when used pre-emptively, as the PLA now practices in its exercises.In sum, the extensive Chinese IW capabilities, and the
possibilities for asymmetric strategies, are only potent if employed first.Desmond Ball: China’s Cyber Warfare Capabilities
Oh Desmond…
Desmond, Desmond, Desmond… You spend so much time pointing out all of the Honker Union activities, the malware created by China, and all their overall IW/Espionage activities and then you say;
“Well, because there’s no real proof of their actually having done anything, they are unable to do so”
*blink blink*
Crikey! Have you been sipping what Dr. Wright has been drinking or what? Tell me Desmond, what is your classification rating? Because I think you are lacking some pertinent information that might change your hypothesis quite a bit. Either way, your contention is lacking understanding of the playing field I think, so let me enlighten you a bit ok?
Rudimentary? Really?
I personally have heard of “on the fly” coding of malware to affect pertinent systems within a defense contractor network to not only keep access within said network, but, also to exfiltrate even more interesting data. Now, that sounds rather advanced to me..
How about you?
Sure, the coders could have been just about anyone, but, the data was being exfiltrated to areas that were in the Asia Pacific and more than likely were Chinese in origin so, yeah, it likely was them and not say, Germany. However, once again, we have no real proof of it being “solely” China. Oddly enough though, when data was caught in the hands of the Chinese we pretty much had to admit it was them doing it. So, no Desmond, they are not wholly unskilled and certainly as unsophisticated as you would paint them. This is just one instance of access and hacking that allowed for the APT (Advanced Persistent Threat) activity that, well Desmond, was coined for their activities against the defense industrial base here in the US.
Simply Desmond, you can cite all the articles from the internet you want.. You still won’t have the whole picture.
PSSST… Guess What?
So, to move this further along the philosophical and technical path for you let me explain it another way for you. The Chinese, as with most of the Asiatic countries, have a different perspective on things than we in the West. Something core to the Chinese mindset on warfare are the following:
- Soft Power: the ability to obtain what one wants through co-option and attraction
- The Thousand Grains of Sand: Using many options to obtain goals
網絡戰 !!!
Alrighty, now that I have gotten that off my chest, Cyberwar is to me, too hard to carry out for ANY of the countries out there now. China being only one country that might want to. The systems are too disparate and to control a single node would take great effort. So, yes, I can agree with you that they are not in a position to do us major damage from a CYBERWAR booga booga booga perspective. Frankly, no one could in my opinion. However, your contention that they could not insert bad data during a time of war is a load of crap.
ANYONE could IF they had the access and the desire. It would not need to be nation state, it could be a private citizen for that matter. What is more interesting Desmond is that you fail to understand the espionage angle here. The Chinese use their expat’s to do their bidding under threat, or, mostly under the “poor poor China” argument. Imagine an insider adding code to systems that could be triggered…
Yeah.. Soft power once again.. It could turn hard though with the right circumstances.
Once again Desmond, you think too one dimension-ally.
The Sad Truth…
Now, with all of that said, lets turn it around a bit. The saddest truth is this;
“Given all of what has happened recently with Lulzsec, it has become clear that it does not take an uber hacker to take down pretty much anyone”
The systems out there have not been protected well enough. Patching, and secure coding have not been at the fore here and thus it is trivial for the most part to hack into systems throughout the internet. So, the Chinese need not be uber haxx0rs to do the damage needed because we collectively have done a bad job at securing our own networks.
*sadface*
Once again, you fail to look at the problem from a more multidimensional angle.
Please go back to the drawing board Desmond because you lack the proper information and perspective to really make the claims you are making.
K.
Virtual Arkham: Explaining Anonymous, Lulzsec, and Antisec Animus in Our Digital Gotham City
Personae Dramatis: The Rogues Gallery
In this post I would like to show you what I have been seeing with regard to Anonymous the other groups that have spawned from it. Increasingly over the last year or two I have been seeing analogies both literally, and figuratively between the forces at play and I feel that all of it is directly affected by the comic book world of Batman. The analogies that I am making come from observing not only the actions of the parties but also the methods that they use (down to the imagery in word and graphical) to get that message out to the masses.
In the case of Anonymous and their spin off groups, I have observed a shift in personalities that could be termed an evolution in motivations and thought. Generally though, the game plan seems to be just a general way for the groups to sow anarchy while feeding their narcissistic needs through media attention. This is the crux of the issue I think as the core groups don’t seem to be solely motivated by ethical or political change. Instead, it all seems to be focused on a few drivers;
- Lulz Just for the hell of it, or a desire for amorphous anarchy
- A feeling of power over other forces (government/law) that subsumes their feelings of powerlessness
- A need to fulfil the narcissistic tendencies by sowing havoc and seeing it in the media (like some narcissistic serial killers Denny Rader for example)
Equating this with the world of the Batman has been in the back of my mind for some time, especially since my dealings with Jester. His logo and his persona of the “joker” from the last Dark Knight film set the stage for me to start to think in this vein. A more recent video by the History Channel solidified all of this for me. The video, “Batman Unmasked: The Psychology of the Dark Knight” struck me as not only as being the zeitgeist of this article, but, also seemed to show a generation of comic book and movie goers that are internet denizens that want to emulate this last iteration of “The Joker” specifically.
The Heath Ledger portrayal of Joker seems to have been the catalyst to me, of many an internet anarchist. The media surrounding this being his last role as well as the way the character was re-written in this story arc, hit a common nerve with the masses. So much so, that seemingly, the Joker became the more emulated and lauded character in the story over its real hero, Batman. It is from this realisation that I derive the rest of the analogies made here. Of course these are gross generalities, but, I tend to think that given the recent activities (riots in the UK and flash mob thievery in the US as well as all the lulz) there is a strong correlation to be made.
First though, lets look at the Rogues Gallery that end up in Arkham Asylum…
Ra’s Al Ghul and The Shadow Assassins
Ra’s is a control freak. His agenda is to have order but his means to get that order mean subjugation of the masses and removal of anyone that does not conform to his sense of right and wrong. This order that he wishes to impose comes from his shadow assassins and their lethality without question.
The Riddler
The Riddler is a pure narcissistic criminal genius. His narcissism though, is usually his undoing as he cannot perpetrate any crime without leaving overt clues in an attention seeking pathology. It is this pathology, the need for the attention that drives him altogether and is his undoing.
The Penguin & The Joker or PenguiJoker
The Penguin (Societal and Governmental corruption) and The Joker (pure anarchy) are two rogues that have become one in this scenario. Within the world of Batman though, each attacks the order seeking to destroy it for their own ends. In the Penguin we have someone looking to corrupt the system. Meanwhile, the Joker, is pure anarchy diametrically opposed to the order (aka Batman) Joker’s need is fuelled by a nihilistic world view twisted with a good deal of insanity.
All of the Batman wannabes in hockey suits
Lastly, we have the Bat-men, the would be vigilante’s who want to be the Bat, but, don’t have the tools to really be of use. This character set was added from the last film (The Dark Knight) and I generally attribute to one player in the real world (if you call it that) version of Gotham Knights being played out on the internet. That individual(the afore mentioned jester) oddly enough aligns himself visually much of the time with “The Joker” but, he is more like the hockey suit wearing would be Batman.
Now that I have laid down the Batman’s Rogues Gallery, I will move on to the real world players and their motives aligned with my premise.
Anima & Animus:
The shadow, in being instinctive and irrational, is prone to projection: turning a personal inferiority into a perceived moral deficiency in someone else. Jung writes that if these projections are unrecognized “The projection-making factor (the Shadow archetype) then has a free hand and can realize its object–if it has one–or bring about some other situation characteristic of its power.” [3] These projections insulate and cripple individuals by forming an ever thicker fog of illusion between the ego and the real world.
C.G. Jung
According to Jung and even Freud, the darker side of the psyche can drive our actions solely by the shadow self. One can see hints of their theories in the actions of each of the groups we are talking about here. Even the subtle connections made from overt symbolism can be made through the icon of Antisec itself. As seen at the top of the page, the connections are there to be made between the characters of Penguin, Joker, and Riddler, even if the original core image came from another source altogether (V for Vendetta) I believe that the collective unconscious here latched on to the images of Riddler/Joker/Penguin and co-opten them, if they didn’t actually do so overtly and with forethought.
So, with all of this said, I will make the claim now that I believe the movements and the players have been created out of vainglorious motives and have not changed at all since taking on the mantle of ethical and political change through civil disobedience. To that end, here are the players aligned to their characters from the world of Gotham as well as their psychological underpinnings.
Anonymous: Ra’s Al Ghul and The Shadow Assassins
Anonymous started out as a group of people who inhabited the 4chan group but wanted to do something different for ‘entertainment’ This loose idea was co-opted when they began to commit civil disobedience for their own purposes either political or for the aforementioned entertainment value. Either way, their animus is wholly about the control which they can wield over others. This should never be forgotten, that the core of the group ethos has nothing to do with change or moral/ethical betterment. It is in fact all for their own enjoyment.
Lulzsec: The Riddler
Lulzsec came into being because they felt that the ethos and moral constructs of Anonymous were too weak and they wanted to escalate the ‘lulz’ for their own enjoyment. The take away here is that just being pranksters was not enough, instead they wanted to show everyone they were smarter than everyone else AND that they could do so and get away with it. All the while, they performed these acts in an exceedingly narcissistic way. A key player in this that has been caught would be Topiary. It seems that even in the face of prosecution he thumbs his nose at authorities as well as seems to be enjoying the limelight (philosophical book in hand for the cameras)
Antisec: The Penguin & The Joker or PenguiJoker
The love child of Anonymous and LulzSec are #Antisec. This agenda or perhaps subgroup (I tend to think there are cells of Antisec) has chosen a logo that decidedly shows the melding of at least two of the Batman Rogues Gallery (Joker and Penguin as you can see at the top of this article) This too follows into their attitudes about what they are doing and why they are doing it. They really have no rhyme or reason for what they do other than their own entertainment and attention. This is a classical narcissist behaviour and by all communiqués laid out by LulzSec, they fully enjoyed their ‘voyage’ in the lulz sea.
Antisec also has a Penguin side to them too. By using the system against itself (i.e. using the governments lack of network and system security) they poke them in the eye by subverting their own data to shame them. This is a lesser characteristic as I see it, but it is still important to note as well as point out the imagery (homage) to the Penguin in their logo whether it was overtly done or by proxy of some unconscious connection made by the designer.
th3j35t3r: All of the Batman wannabes in hockey suits
Finally, we have the jester. A character who wants to be the Batman, but fails to actually affect any kind of real change in the battle. For all of the attempts made, the efforts fall flat and to date, nothing has been attributed to him that substantially made a difference against the Anonymous/Lulzsec movement. I believe he does this as well as his other DDOS actions out of a self described sense of helplessness. Jester makes the claim that he had to do something as he saw his comrades dying at the hands of Jihadists. He made similar remarks about why he was attacking Anonymous, as they were outing data that could harm those in the field of battle.
Either way, his motivations seem to be tainted with a bit of narcissism as well, seeking the attention of the media as he has in the past makes him part and parcel to the overall problem.
Escalation:
And so it goes on… The Anon movement has begat others who have agenda’s of their own (or perhaps pathos is a better word) As the movements lose interest in the day to day grind of operations, they will increasingly seek to up the ante. As the media winds down on them, they will need to seek even bigger targets and outcomes to end up back on the top of the news, all the while feeding their collective need to be the centre of attention. The flip side of this will be that the authorities, unable to cope easily with the problem at hand, will create new and more stringent laws that will harm us all. Though this will not matter to the groups.. Because this is unimportant to their end goal of satisfying their needs. It will keep going round and round and the outcomes are likely not to be good. There will be a lot of collateral damage and in the end, no one will have profited at all from it all.
End Game:
So what is the end game here? Will there be any good outcome from this?
Not if it keeps going the way it has been. More indiscriminate hits against targets without showing anything for it along the lines of showing corruption or malfeasance will only lead to more knee jerk reactions by authorities. I imagine some will be caught and tried for their actions, others will escape and perhaps go on to other things… Overall though, it will not make a better world. It will only have fulfilled the dsires temporarily of the ones perpetrating the acts against.. Well anyone and everyone.. Until they get put into Arkham.
K.
Enemy of the State
Fort Meade has acres of mainframe computers underground. You're talking on the phone and you use the word, "bomb," "president," "Allah," any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.
From The New Yorker; The Secret Sharer
The government argues that Drake recklessly endangered the lives of American servicemen. “This is not an issue of benign documents,” William M. Welch II, the senior litigation counsel who is prosecuting the case, argued at a hearing in March, 2010. The N.S.A., he went on, collects “intelligence for the soldier in the field. So when individuals go out and they harm that ability, our intelligence goes dark and our soldier in the field gets harmed.”
Top officials at the Justice Department describe such leak prosecutions as almost obligatory. Lanny Breuer, the Assistant Attorney General who supervises the department’s criminal division, told me, “You don’t get to break the law and disclose classified information just because you want to.” He added, “Politics should play no role in it whatsoever.”
Politics should play no role whatsoever? Really? This man is delusional to think that the statement, albeit correct, is actually factual. Of course politics play a part in such prosecutions, and case in point, this article cites examples of people getting slaps on the hand for breaking the espionage act and others where TS/S documents are concerned. The reasons that these others were not prosecuted to the full extent of the law was exactly because of politics and their entanglements. No Mr. Breuer, politics do play a role all too often.
That said, I encourage you all to read the full article and judge for yourselves just what happened with the case against Mr. Drake. It is my understanding from other sources as well as the New Yorker piece, that Drake was seeking to show waste on a grand scale while others were motivated by the idea that the sweeping changes to US law and oversight within the espionage area had taken a deep turn for the un-constitutional. This is an assessment that I agree with and have seen even more such dark turns lately where the digital realm is concerned. Frankly, at times I am a bit scared of the access and perhaps excess that the changes in the law have allowed for the NSA as well as anyone with enough juice within the newly minted security infrastructure post 9/11.
Constitutional Law vs. Technological Ease of Access vs. Political Agendas:
When the Constitution was created none of the technologies at play today were even a dream for the makers. Today though, the ideas of privacy, unreasonable search and seizure, and the fundamental freedoms we claim to cherish so much have been blurred. The blame for this rests partly on the technology, but mostly on the people who should be monitoring their system of laws. After 9/11 the people became all too trusting of the government to take care of them and all too willing to accept the over-reaches that they knew of while they were kept in the dark about others.
Case in point would be the FISA and warrantless wiretap situation that the Bush administration put into play after the terrorist attacks. It was the belief of the administration and the law enforcement community (certain factions) that too much time was lost to entering FISA warrants and getting approvals. So, instead they began to draft opinions that said the process was too ponderous, all the while they were putting together a secret process to just bypass the FISA altogether with or without the legal status to do so. This then begat the further access programs that essentially placed a tap on ALL communications going in and out of the backbone of the internet with the NARUS systems in the MAE’s around the country.
Since the technology was there, and it could be placed into a position to audit everything, they just said let’s do it. Thus, all traffic that you or I create over the Internet has the potential of being captured, flagged, and audited by someone at Ft. Meade without a warrant to do so. This also includes the cell phones as well because that traffic too passes through the same backbone system. Like the image of Brill above states;
Fort Meade has acres of mainframe computers underground. You’re talking on the phone and you use the word, “bomb,” “president,” “Allah,” any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.
Brill, a character from Enemy of the State, was going on about this in a film out before the attacks on the US. It would seem that if the technology had not already been in place then, the administration took a cue from the film and made it a reality after the twin towers came down. After all, the enemy could be anyone and the US populace wanted an action hero to take on the bad men and win. The same people though, did not seem to understand that to do so, the administration would take the shortcut of bypassing decades of laws set in place to protect our freedoms from excessive powers that the Bush administration wanted to have to ‘protect’ us.
It was this over-stepping of the laws that others within the story at The New Yorker had begun to tell to the Sun reporter and who now are being pursued by an alleged non political NSA and government for calling them on their breaking of the law. Just as much as Mr. Drake was seeking to show that the waste created by Trailblazer could also tie into the misuse of ThinThread’s code to eavesdrop on anyone.
Both of these concerns are shared by me as well. After all, with the technology in place and without the oversight, how do we know that abuses aren’t happening? The NSA is famously known to tell the Senate oversight committee to go pound sand… So, who is really watching the watchers?
Right Versus Wrong and Speaking Truth To Power; Do We Have A Say Anymore?:
So, if you have access to classified materials and programs and you see that things have gone off the rails how can you expect to report on it to the authorities and not be prosecuted? It used to be that there were protections, but, it seems now post 9/11 that changes to the paradigms of classification and the re-interpretation of the law to suit the state, it has become increasingly impossible to whistle blow and not be prosecuted. What’s more, if you decide to report, the data that you are reporting on may be classified to the extent that it cannot even be used in open court or with your non cleared lawyer because it may be deemed too sensitive.
The net effect is that if there is malfeasance going on it may be impossible to report it and not get yourself into dire legal trouble with the current whistle blowing legislation on the books. This makes it even easier for the state and or entities and parties within its infrastructure to not abide by the law and have little to fear of oversight or speaking truth to power.
Sheeple vs. The Informed and Worried:
Meanwhile, the populace may live their lives unaware of the capacities for the state to listen to them and or present evidence gathered on them in an extra-legal way. At the very least, due to the wider interpretation of the law, it is easier for the state to gather and use evidence in ways that were not possible before because of the latitudes given post the Bush administration.
From a privacy perspective and the expectation thereof, the idea that all traffic is being hoovered up by the state is kind of scary. From a constitutional law perspective, you have the right to privacy in your papers and your domicile. Does this actually apply to digital papers, computers, hard drives, and anything you pass over telco lines to the cloud? Or is it considered public domain like your trash being placed at the end of your driveway?
This is an important precedent and should be considered with every email, IM, and call you make today. Just as well, if you are intent on retaining your privacy, what are the ways to do so now that all of these lines of communication are monitored by the state? One also has to determine just how worried they should be about intrusion into their privacy. After all, today we as a people give up a lot of information on ourselves at sites like Facebook and if we do that, just how much privacy can we expect?
Following that thought process, if we give up our privacy so easily how can we make an argument against the changes to the FISA rules as well as other laws where eavesdropping on our daily digital lives are concerned?
I for one do not want all of my conversations recorded for someone else to audit whether or not I may have said or done something that could be construed as illegal or perhaps pique the interests of the fed. Of course today one could easily be stopped in some states for alleged traffic violations and be asked if they could clone your phone data… Just because.
Whistle Blowing… Not So Much:
I guess in the end that the state of affairs today leans heavily toward the government being able to pretty much do what it wants to. From the warrantless wiretaps to the detention of non combatants, we have quite an inheritance from 9/11 and the Bush years. Unfortunately much of what President Obama had pledged he would roll back from those years have instead been re-approved if not enhanced. Add the whole Wikileaks debacle and now you have an even more reflexive and paranoid government trying to over classify everything and getting really bent when things get out.
So, the idea of whistle blowing I think is pretty much a dead one from here on. If anyone sees wrongdoing going on then they probably will let it go for fear that they will be prosecuted into oblivion.
And then the state wins… There have to be checks and balances.
K.
From John Yoo and Torture to Warrantless Searches of Papers and Effects: Welcome To The Panopticon
“They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”
Recently, a story has come up in the news concerning certain police departments (Michigan to be precise) have been taking more or less “forensic” images of people’s cell phones and other PDA devices when they have them stopped for traffic violations. Since the reports went live, the Michigan PD has sent out a rebuttal saying that they are in fact asking the citizen if they can scan their data. I say, whether or not they actively are doing it or not, they have the ability to do so per the courts since the loosening of the laws on search and seizure in places like California and Michigan where electronic media is concerned. The net effect is that our due process rights are being eroded in an ever rapid pace.
From Dailytech.com
I. Police Seize Citizens’ Smartphones
In January 2011, California’s Supreme Court ruled 5-2 that police could conduct warrantless inspections of suspects’ cell phones. According to the majority decision, when a person is taken into police custody, they lose privacy rights to anything they’re carrying on them.
The ruling describes, “this loss of privacy allows police not only to seize anything of importance they find on the arrestee’s body … but also to open and examine what they find.”
In a dissenting ruling, Justice Kathryn Mickle Werdegar stated, “[The ruling allows police] to rummage at leisure through the wealth of personal and business information that can be carried on a mobile phone or hand-held computer merely because the device was taken from an arrestee’s person.”
But California was not alone. Michigan State Police officers have been using a device called Cellebrite UFED Physical Pro for the last couple years. The device scrapes off everything stored on the phone — GPS geotag data, media (pictures, videos, music, etc.), text messages, emails, call history, and more.
Michigan State Police have been reportedly regularly been scraping the phones of people they pull over.
In neighboring Wisconsin, the state Supreme Court has ruled that while such searches are generally illegal, their evidence can become admissible in court if the police demonstrate an exigency (a press need) for the information.
Essentially this ruling offers support for such searches as it indicates that they can give solid evidence and ostensibly offers no repercussions to law enforcement officials conducting the officially “illegal” procedure.
So far the only state to have a high profile ruling against the practice was Ohio. The Supreme Court of Ohio ruled that warrant-less smart phone searching violated suspects’ rights. The requested the U.S. Supreme Court review the issue, but the request was denied.
II. What Does the Constitution Say?
The United States Constitution ostensibly is the most important government document in the U.S. It guarantees essential rights to the citizens of the U.S.
Some of those rights are specified in the Fourth Amendment, part of the original Bill of Rights. It states:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The Constitution explicitly states that effects of a person cannot be unreasonably seized without a warrant.
Of course courts must play the vital role of defining what a “reasonable” search is. But by extending the limits of searches to deem nearly all searches “reasonable”, no matter how tenuous the connection to a suspects detainment, this and several other decisions have created an erosion of the protections in the amendment.
Essentially what court rulings in California, Michigan, and Wisconsin indicate is that the courts believe the Constitution is no longer valid, or that certain Constitutional freedoms can be specially selected for elimination.
The law and our losing the path :
The legal battle over the terms here has come down to the nature of papers and effects where they regard digital media as I understand it. I sat in on the EFF talk at Shmoocon where this very topic was brought up. It seems, that the gray areas of just what is a laptop or a phone as opposed to a “cabinet or desk” is a key factor in how some interpret the legalities of searching someone’s hard drive or phone. In my opinion, they are the same thing. A laptop is a case in which my data is stored, just like a desk or a room, which, you MUST get a warrant to search.
But, that’s just me I guess.
Personally, as the title of this post alludes, I believe that all of this started as soon as John Yoo and the Bush administration began to twist the laws concerning not only torture, but moreover, the use of warrant-less wiretaps. Post 9/11 the US went mad for tapping of phones/data at the trunk level in such instances like the one in the MAE West where they put in the NARUS STA6400. This was the biggie for me because that system hoovers ALL of the traffic, there is no selectivity over it at all. Sure the STA6400 can sift the data, but it needs ALL of the data in order to sift and data-mine. Who’s to say what data becomes important other than those who are running the compartmentalised program that has to report nothing to anyone because it is too secret.
What allowed for all of this to happen and then for the over-reaching to continue was 9/11 itself. Having been in NYC at the towers just before the attacks and working there just after in the hole, I know how many felt after it all went down. We here in the US had only had a handful of terrorist attacks within our borders and those were nothing in comparison to what took place on that day.
We all felt vulnerable and wanted the government to take care of us. We wanted vengeance, and we wanted a take charge guy.
Unfortunately that “guy” was GW Bush and his posse of cowboys who then began to run rough shod over the constitution and other documents like the Geneva conventions. It was from this need to be protected that the American people just went along with the things they knew about, as well as a healthy dose of over classification by the Bush administration that kept us in the dark as to what they really were doing. It was only later, toward the end of the second term that the full scope of abuses were coming out, and yet, the American populace really did nothing. Sure, we elected Obama who made promises to end the nightmare of abuse… But.. He hasn’t has he?
So, here we are in 2011. Ten years post 9/11, and we are finding our rights being eroded by legal positions and decisions that remove the most basic and cherished rights to reasonable searches slipping away.
Who’s to blame?
Us.
We the people have failed to keep in check the actions of the government and in some cases the courts because we have taken our collective hand off the tiller steering this country. Perhaps we really have no hand on that tiller to start simply because we have created a beast that is too big to control or have any sway over. By just looking at the state of affairs today within the political arena, one has to admit that its becoming more and more akin to what it used to be back in the days of Boss Tweed than anything looking like the era of J.F.K.
Simply put, without the people standing up and calling a foul on these types of erosions to liberty, then we have nothing to complain about when the liberties are taken away. On that list is the rights granted to us all by the fourth amendment. The tough thing now though is that where once your personal belongings were either in your house or on your person. Now, those “papers and effects” live digitally not only on your device that you have on you, but also may exist “in the cloud” as well. A cloud that you “use” and is not “owned” by you.
So sure, a cop could ask you if they can look at your phone data. Do they have to say that they are taking an “alleged” forensic image? Perhaps not, but, the thing about the whole Michigan PD thing is that independent reports have shown that they were not asking, they were just taking images when they felt they wanted to, and this is where they run afoul of due process. As far as I am concerned, a file on a phone that is not on the screen as a cop looks at it while it sits in front of him in plain view, is NOT a document that he should just have the right to fish for without a warrant.
Sorry cops… It’s a country of laws, no matter how you try to spin them so you can cut corners.
On the other hand, I know how hard it must be for the police forces of the world to do their jobs now in a digital world. Especially one that so few really understand and likely fear. These magic boxes called phones and computers now hold data that could easily make a case for crimes, but, you just can’t take them and rummage through them just like anything else where due process is concerned. What’s more, I know for a fact that unless you are a forensic investigator, AND you have a decent tool, YOU WILL MISS DATA. Which will lead potentially to acquittal because you did not follow processes such as chain of custody in E-Discovery.
For some though, I am sure it’s just about cutting a corner to make a collar… And that is not how the law is supposed to work.
Our complicity in our own privacy erosion:
Meanwhile, in the last few days another spate of news articles warned about how the iOS and Android systems were collecting data on our movements and details. This particular story is not new if you have been paying attention, it was just the aggregate amount of data that we saw being collected by the iOS particularly that shocked the general populace. For these people I have news for you;
This data and even more have been collected on you all for every service that you sign up for on the Internet. Every phone call you make, every text you send, every picture you upload. All of it is available to someone else who has access to the data.
It’s not private.
YOU have been giving away your personal data every minute of every day that you upload or pass through the telco/Internet systems.
So, even if laws are being subverted on personal searches, your data can and will be taken from the likes of Twitter and other services, perhaps even through NSL letters to those hosts and you will be none the wiser. For every post you put up on Facebook with all of your personal details, not only are you sharing that data with your “friends” but the company and whoever they want to sell it to as well.
The privacy you think you have.. Doesn’t exist.
In the case of the iOS data, no one knew about it from a customer perspective, but I am sure that there was some small print somewhere in the EULA when you bought the phone that allows Apple to collect the data… Not that they have to tell you they are doing it in big letters or clear language. So, that data too is not completely yours any more once you have agreed to their agreement to use/own the phone.
The short and long of it is that we are giving up our right to privacy for shiny toys and a sense of security that we can never really have.
In the end, the data that the iOS collects has yet to be proven to be sent to the Apple mother ship. Apple to date, has made no statement on the collection of the data nor the reasons for doing so. One can assume though, that they have some sort of location based software solution that they want to sell down the road and really, it’s caveat emptor. I am just glad that the security community likes to tinker and found this stuff, bringing it to light.
We are all to blame.
Unless we all take up the battle against the loss of privacy then we have none. Just as well, unless we speak truth to power and stop the erosion of rights to privacy within our body of laws, then we have nothing to complain about. We will have done it to ourselves.
K.
SPOOK COUNTRY 2011: HBGary, Palantir, and the CIRC
The establishment of a Corporate Information
Reconnaissance Cell (CIRC) will provide Hunton &
Williams LLP with a full spectrum capability set to
collect, analyze, and affect adversarial entities and
networks of interest.
From: Team Themis pdf
CIRC: The New Private Intelligence Wing of (insert company name here)
The HBGary debacle is widening and the players are beginning to jump ship each day. The HBGary mother company is disavowing Aaron Barr and HBGary Federal today via twitter and press releases. However, if you look at the email spool that was leaked, you can see that they could have put a stop to Aaron’s game but failed to put the hammer down. I personally think that they all saw the risk, but they also saw the dollar signs, which in the end won the day.
What Aaron and HBGary/Palantir/Berico were offering was a new kind of intelligence gathering unit or “cell” as they called it in the pdf they shopped to Hunton & Williams LLP. Now, the idea and practice of private intelligence gathering has been around for a very long time, however, the stakes are changing today in the digital world. In the case of Hunton, they were looking for help at the behest of the likes of Bank of America to fight off Wikileaks… And when I say fight them off, it would seem more in the sense of an anything goes just short of “wet works” operations by what I see in the spool which is quite telling.
You see, Wikileaks has made claims that they have a certain 5 gig of data that belonged to a CEO of a bank. Suddenly BofA is all set to have Hunton work with the likes of Aaron Barr on a black project to combat Wikileaks. I guess the cat is out of the bag then isn’t it on just who’s data that is on that alleged hard drive huh? It would seem that someone lost an unencrypted drive or, someone inside the company had had enough and leaked the data to Wikileaks. Will we ever really know I wonder?
Either way, Barr et al, were ready to offer a new offering to Hunton and BofA, an intelligence red cell that could use the best of new technologies against Anonymous and Wikileaks. Now, the document says nothing about Anonymous nor Wikileaks, but the email spool does. This was the intent of the pitch and it was the desire of Hunton and BofA to make both Anonymous and Wikileaks go away, for surely if Wikileaks were attacked Anonymous would be the de facto response would they not?
A long time ago William Gibson predicted this kind of war of attrition online. His dystopian world included private intelligence firms as well as lone hackers out there “DataCowboy’s” running the gamut of corporate intelligence operations to outright theft of Pharma-Kombinat data. It seems that his prescient writings are coming into shape today as a reality in a way. With the advent of what Barr and company wanted to offer, they would be that new “cowboy” or digital Yakuza that would rid clients of pesky digital and real world problems through online investigation and manipulation.
In short, Hunton would have their very own C4I cell within their corporate walls to set against any problem they saw fit. Not only this, but had this sale been a go, then perhaps this would be a standard offering to every other company who could afford it. Can you imagine the bulk of corporations out tehre having their own internal intelligence and dirty tricks wings? Nixon, EH Hunt, and Liddy would all be proud. Though, Nixon and the plumbers would have LOVED to have the technology that Aaron has today, had they had it, they may in fact have been able to pull off that little black bag job on Democratic HQ without ever having to have stepped inside the Watergate
The Technology:
I previously wrote about the technology and methods that Aaron wanted to use/develop and what he was attempting to use on Anonymous as a group as the test case. The technology is based on frequency analysis, link connections, social networking, and a bit of manual investigation. However, it seemed to Aaron, that the bulk of the work would be on the technology side linking people together without really doing the grunt work. The grunt work would be actually conducting analysis of connections and the people who have made them. Their reasons for connections being really left out of the picture as well as the chance that many people within the mass lemming hoards of Anonymous are just click happy clueless folks.
Nor did Aaron take into account the use of the same technologies out there to obfuscate identities and connections by those people who are capable, to completely elude his system altogether. These core people that he was looking to connect together as Anonymous, if indeed he is right, are tech savvy and certainly would take precautions. So, how is it that he thinks he will be able to use macroverse data to define a micro-verse problem? I am steadily coming to the conclusion that perhaps he was not looking to use that data to winnow it down to a few. Instead, through the emails, I believe he was just going to aggregate data from the clueless LOIC users and leverage that by giving the Feds easy pickings to investigate, arrest, and hopefully put the pressure on the core of Anonymous.
There was talk in the emails of using pressure points on people like the financial supporters of Wikileaks. This backs up the statement above because if people are using digital means to support Wikileaks or Anonymous they leave an easy enough trail to follow and aggregate. Those who are friending Facebook support pages for either entity and use real or pseudo real information consistently, you can easily track them. Eventually, you will get their real identities by sifting the data over time using a tool like Palantir, or for that matter Maltego.
This however, does not work on those who are net and security savvy.. AKA hackers. Aaron was too quick to make assumptions that the core of Anonymous weren’t indeed smart enough to cover their tracks and he paid the price as we have seen.
The upshot here and extending what I have said before.. A fool with a tool.. Is still a fool.
What is coming out though more each day, is that not only was Aaron and HBGary Fed offering Palantir, but they were also offering the potential for 0day technologies as a means to gather intelligence from those targets as well as use against them in various ways. This is one of the scarier things to come out of the emails. Here we have a company that is creating 0day for use by intelligence and government that is now potentially offering it to private corporations.
Truly, it’s black Ice… Hell, I wouldn’t be surprised if one of their 0day offerings wasn’t already called that.
The INFOSEC Community, HBGary, and Spook Country:
Since my last post was put on Infosecisland, I had some heated comments from folks who, like those commenting on the Ligattleaks events, have begun moralizing about right and wrong. Their perception is that this whole HBGary is an Infosec community issue, and in reality it isn’t. The Infosec community is just what the shortened name means, (information security) You all in the community are there to protect the data of the client. When you cross the line into intelligence gathering you go from a farily clear black and white, to a world of grays.
HBGary crossed into the gray areas long ago when they started the Fed practice and began working with the likes of the NSA/DOD/CIA etc. What the infosec community has to learn is that now the true nature of cyberwar is not just shutting down the grid and trying to destroy a country, but it also is the “Thousand Grains of Sand” approach to not only spying, but warfare in general. Information is the currency today as it ever was, it just so happens now that it is easier to get that information digitally by hacking into something as opposed to hiring a spy.
So, all of you CISSP’s out there fighting the good fight to make your company actually have policies and procedures, well, you also have to contend with the idea that you are now at war. It’s no longer just about the kiddies taking credit cards. It’s now about the Yakuza, the Russian Mob, and governments looking to steal your data or your access. Welcome to the new world of “spook country”
There is no black and white. There is only gray now.
The Morals:
And so it was, that I was getting lambasted on infosecisland for commenting that I could not really blame Anonymous for their actions completely against HBGary/Aaron. Know what? I still can’t really blame them. As an entity, Anonymous has fought the good fight on many occasions and increasingly they have been a part of the mix where the domino’s are finally falling all over the Middle East presently. Certain factions of the hacker community as well have been assisting when the comms in these countries have been stifled by the local repressive governments and dictators in an effort to control what the outside world see’s as well as its own people inside.
It is my belief that Anonymous does have its bad elements, but, given what I know and what I have seen, so does every group or government. Take a look at our own countries past with regard to the Middle East and the CIA’s machinations there. Instead of fighting for a truly democratic ideal, they have instead sided with the strong man in hopes of someday making that transition to a free society, but in the meantime, we have a malleable player in the region, like Mubarak.
So far, I don’t see Anonymous doing this. So, in my world of gray, until such time as Anonymous does something so unconscionable that it requires their destruction, I say let it ride. For those of your out there saying they are doing it for the power and their own ends, I point you in the direction of our government and say this; “Pot —> Kettle —> Black” Everyone does everything whether it be a single person or a government body out of a desired outcome for themselves. Its a simple fact.
Conlcusion:
We truly live in interesting times as the Chinese would curse us with. Today the technology and the creative ways to use it are outstripping the governments in ability to keep things secret. In the case of Anonymous and HBGary, we have seen just how far the company was willing to go to subvert the laws to effect the ends of their clients. The same can be said about the machinations of the government and the military in their ends. However, one has to look at those ends and the means to get them and judge just was it out of bounds. In the case of the Barr incident, we are seeing that true intelligence techniques of disinformation, psyops, and dirty tricks were on the table for a private company to use against private citizens throughout the globe.
The truth is that this has always been an offering… Just this time the technologies are different and more prevalent.
If you are online, and you do not take precautions to insure your privacy, then you lose. This is even more true today in the US as we see more and more bills and laws allowing the government and police to audit everything you do without the benefit of warrants and or by use of National Security Letters.
The only privacy you truly have, is that which you make for yourself. Keep your wits about you.
K.
FUD! GET YER FUD HERE! : AP Exclusive: Report warns of Iran nuke disaster
VIENNA – The control systems of Iran’s Bushehr nuclear plant have been penetrated by a computer worm unleashed last year, according to a foreign intelligence report that warns of a possible Chernobyl-like disaster once the site becomes fully operational.
Russia’s envoy to NATO, Dmitry Rogozin, also has raised the specter of the 1986 reactor explosion in Ukraine, but suggested last week that the danger had passed.
The report, drawn up by a nation closely monitoring Iran’s nuclear program and obtained by The Associated Press, said such conclusions were premature and based on the “casual assessment” of Russian and Iranian scientists at Bushehr.
With control systems disabled by the virus, the reactor would have the force of a “small nuclear bomb,” it said.
“The minimum possible damage would be a meltdown of the reactor,” it says. “However, external damage and massive environmental destruction could also occur … similar to the Chernobyl disaster.”
Full article HERE
Alright enough already with this talk about Stuxnet causing an Iranian Chernobyl! Look, Stuxnet was programmed in a VERY specific way to work its voodoo on the processing of Uranium, NOT on the management of the rods being excited within a reactor! The program attacked the PLC’s for specified Siemens controllers that worked with the centrifuges that spun the Uranium into fissile material.
So, who now is thinking that perhaps this little piece of reporting might be a red herring huh?
Yep…
Of course the Iranians at this time are so freaked out that they will not patch the systems that have been infected with patches from Siemens because they are too paranoid! God, I love that! Well played USA/UK/Israel for even after Stuxnet has been outed and much research has gone into it, Iran still is totally fucked! Well done! The Iranians have been a paranoid group for a long time, now they are just totally unhinged I suspect with all of the Stuxnet hype and their own brand of internal denial and heads in the sand.
Psssst hey Iran… Jester also infected your LOIC too!
Hey.. Hey now don’t cry…
Krypt0s
Krypt3ia 
Commentary: OPM Is Just Another Link In The CyberFail Chain
with 2 comments
OPM is the exemplar of how our government deals with information security, or should I say doesn’t deal with it. Some will say that there are many mitigating circumstances like old systems that cannot be updated that caused much of the failures that lead to the OPM being compromised for over a year. However, the subsequent pivoting by the adversaries into many other networks we have not begun to even discuss as a nation yet because we are now media and governmentally fixated on the fact that the adversary had access to SF86 forms. Forms mind you that should be one of the better protected things out of all the possible things the government holds in it’s systems. So far the discourse in the media has been more sensationally oriented on the magic secret code names that the likes of Crowdstrike and Mandiant have come up with respectively for actors. Actors that they claim with varying vociferousness are in fact China whether it be the PLA (People’s Liberation Army) or the MSS (Ministry of State Security) though neither is accepting the pure hubris of all their press releases and anonymous or semi anonymous back-channel chats with the media in hopes of more attention.
Whether or not these attacks were from China and their varying and vying espionage organs is rather irrelevant now and everyone needs to understand this. The cat is proverbially out of the bag here and by the cat slipping the bag, we now notice that the emperor who was holding that burlap sack of cat is in fact naked. Or at least that should be the story here but as you can see from the stories filed above by the New York Times alone, the real attention seems to be on the fact that China is in fact hacking us. Well, I am sorry but I have news for you all, they have been hacking us for a long time now and doing very well at it. The primary reason for their being so able to steal us blind though is not as the media and the government and the Mandiant or Crowdstrike’s of the world would like you think. The APT (Advanced Persistent Threat) it seems, does not have to be advanced. They just need to be persistent and might I add patient.
So when you read the headlines and the stories like those in the Times about the advanced malware called “Sakula” and how the tricksy Chinese have gotten administrator on OPM systems I cannot blame the uninitiated thinking that this is hard and that the Chinese actors are the equivalent of super villains hacking from beneath islands with skull faced volcano’s on them. After all, the media is teaching the people not in the know by these lede’s that computer security is unfathomable and hard. You know, like the comment by Archuleta in the Congressional hearing that “Security takes decades” No ma’am it doesn’t and as the congressman who yelled at you that day said, we don’t have decades. In fact, I would say that this game of Go is almost done and we aren’t winning. We have lost and the reasons we have lost are manifold but I would say that the root of it all is that we, America, have abdicated the notion of securing the things that we should have long ago. The excuses are many; because it would be costly, or hard, or perhaps more so due to government stagnation, self interest, and indolence.
I know that the majority of the readers of my blog are in the security community but I wanted this post to reach across the void to the everyman on this matter. I exhort you to read the stories in the news and to take a step back. Consider the following statements and really understand where we are today.
Brass tacks, we deserved to be hacked.
Sad but true.
So gentle reader, consider what I have told you here. The government is not protecting OUR data commensurate with the security requirements we would demand of a company that holds it like say Target. It’s time to hold the government to the standards that they would like to enforce on companies. Let’s not listen to the marketing leaks by Mandiant and Crowdstrike about the actors and who they may be. What matters is that the data was taken and the reason it was taken was because of poor security and bad management on the part of the federal government. You know, those guys rattling the cyber war sabre lately.
Physician heal thyself.
K.
Rate this:
Written by Krypt3ia
2015/06/22 at 14:09
Posted in .gov, China, Commentary, CyberFAIL