Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Con Games’ Category

The Hezbullah Cyber Army: War In HYPERSPACE!

with one comment

WAR! in HYPERSPACE: The Cyber Jihad!

A day or so ago, a story came out and made the rounds on the INFOSEC-O-Sphere about the Hezbullah Cyber Army The story, which was cub titled “Iranian Terror” was titled  “Iranian Cyber-Jihadi Cells in America plot Destruction on the Net and in Reality” Which, would get all our collective attentions right? The story goes on to tell about the newly formed Cyber Army that will be waging all out war on the US and others in “Hyperspace”

Yes, that’s right, you read that correctly.. This guy Abbasi is either trying to be clever, or, this is some bad translation. Sooo… Hyperspace it is! Well, I have a new tag line for him…

“In hyperspace.. No one can hear you giggle”

At any rate, the whole idea of a Cyber Jihad or a Cyber Hizbullah is a notion that should not just be sloughed off as rhetoric. I do think that if the VEVAK are involved (and they would want a hand in this I am sure) they could in fact get some real talent and reign in the ranks to do some real damage down the road a piece I think. So, while I may be a little tongue in cheek here at the start of this post, I want you all to consider our current threatscape (*cough* SCADA etc) and consider the amount of nuisance they could be if they made a concerted effort with the likes of the HCARMY.

So, yeah, this could be an interesting development and it is surely one to keep our eyes on collectively… But.. Don’t exactly fear for your lives here ok? After all, my opinion still applies that the bugaboo of scada does not easily fit into the so called  cyberwar unless it is effectively carried out with kinetic attacks and a lot of effort. Nope, if the HCA is going to do anything at all, it will be on the playing field of the following special warfare fronts;

  1. PSYOPS
  2. DISINFORMATION (PSYOPS)
  3. Support of terrorism (Hezbullah and others)
  4. INTEL OPS
These are the primary things I can see their being good at or being pawns of the VEVAK for.
So.. Sleep well for now because really all you have to truly worry about is that they are going to deface your page it seems (see picture at the top of the post)

Interview by IRNA with HCA

More than anything else though at the moment, the whole revealing of the HCA is more a publicity stunt than much else I think. For all of the talk in the US and other countries about mounting their own “Cyber Militia’s” it seems that Iran and Hezbullah wanted to get in on the ground floor..

Oh… Wait..

They forgot about the PLA and the Water Army!

DOH!

Oh well, sorry guys… Guess you will have to keep playing on that whole “HYPERSPACE WAR” angle to get your headlines huh? Besides, really, how much street cred is an organization like this anyway? So far I have been poking around all of their sites and find nothing (links or files) that would he helpful in teaching their “army” how to hack.

My guess.. This is kinda like putting out the inflatable tanks and planes for the Germans to bomb in place of the real ones.

The "About" Statement on HCA

Now.. Before You All Go Off Half Cocked (That means you Mass Media)

Meanwhile, I have seen the story that I linked up top scrawled all over the digital wall that is Twitter these last couple days. I am sure with everything that has been going on in Iran of late (i.e. the tendency for their bases to explode lately as well as their pulling another takeover of a consulate as well as spy roll ups) the media is salivating on this story because its juicy. It has it all really…

Cyberwar (hate that term)

HYPERSPACE!

Espionage

BOOGA BOOGA BOOGA We’re gonna activate our hackers inside your borders and attack your SCADA’s!

What’s the media not to love there?

HCA's YouTube Page Started in September

Well, let me set you all straight. This is piffle. This is Iran posturing and the proof thus far has been they have defaced a couple of sites with their logo.

THE HORROR!

This group has not even reached Anonymous standards yet! So relax.. Sit back… Watch the show. I am sure it will quickly devolve into an episode of the keystone cops really. They will make more propaganda videos for their YouTube, create a new Twitter account, and post more of their escapades on their two Facebook pages to let us all know when they have defaced another page!

… Because no one will notice unless they let us know…

Just The Persian Facts Ma’am

The real aegis here seems to be shown within the “about” statement for the group. Their primary goals seem to be to attack everyone who does not believe in their moral and religious doctrine. A translation of the statement rattles on about how the West are all foul non believers and that we are “pompous” Which really, kinda makes me think that the Iranian people, or at least this particular group, has a real inferiority complex going. More so though, it seems from the statement that they intend more of a propaganda and moral war against the west and anyone else they see fit than any kind of real threatening militant movement.

You know.. Like AQAP or AQ proper.. Or Jamaa Islamiya.

This is an ideological war and a weak rallying cry by a group funded by a government in its waning years trying to hold on to the digital snake that they cannot control forever. Frankly, I think that they are just going to run around defacing sites, claiming small victories, and trying to win over the real hackers within their country to their side of the issue.

Which… Well, I don’t think will play well. You see, for the most part, the younger set who know how to hack, already bypass the governments machinations and are a fair bit more cosmopolitan. Sorry Mamhoud, but the digital cat is already out of the bag and your recognition of this is too late. How long til the Arab Spring reaches into the heart of Tehran and all those would be hackers decide to work against you and your moral jihad?

Be afraid Mamhoud… khomeini…

All you really have is control temporarily.. You just have yet to realize it.

Tensions In The Region: Spooks & The Holiday Known as KABOOM

Now, back to the region and its current travails. I can see why this group was formed and rolled out in IRNA etc. Seems to me even with the roll up of the CIA operations there in Iran you guys still are being besot with problems that tend to explode.

  • Wayward Trojan drones filled with plastique
  • Nuclear scientists who are either being blown up or shot in the streets
  • Nuclear facilities becoming riddled with malware that eats your centrifuges.
You guys have it tough right now.
Let me clue you guys in on something… If you weren’t such a repressive and malignant regime, we might work with you on your nuclear programs to power your country. But, unfortunately, you guys are FUCKING NUTS! So, we keep having to blow your plans to shit (we as in the rest of the world other than say North Korea that is) because we are all concerned you just want a bomb. Why do you want that bomb? So you can lord it over the rest of us and use it as a cudgel to dismantle Israel say.. Or maybe to just out and out lob it over the border.
You are untrustworthy.
Oh well.. Yes we all have played games there and I agree some shit was bad. The whole Shah thing.. Our bad… Get over it.
I suspect that the reason why all of these bad things are happening to you now though sits in the PDB on the presidents desk or maybe in a secret IAEA report that says you guys are close to having a nuclear device. You keep claiming that you are just looking to use nuclear power peacefully… But then you let Mamhoud open his mouth again and shit just comes right out.
Until you guys at least try to work with others and not repress your people as much.. Expect more KABOOM.

What You Should Really Worry About From All of This

My real fear though in all of this hoo ha out of the HCA is that VEVAK and Hezbullah will see fit to work with the other terrorist groups out there to make a reality of this whole “Cyber Jihad” thing. One of these factors might in fact be the embracing of AQ a bit more and egging them on in their own cyber jihad. So far the AQ kids have been behind on this but if you give them ideas AND support, then we have a problem I think. The ideal of hit and run terror attacks on infrastructure that the government and those in the INFOSEC community who have been wringing their hands over might come to pass.

HCA Propaganda Fixating on OWS

If the propaganda war heats up and gains traction, this could embolden others and with the support of Hezbullah (Iran) they could “try” to make another Anonymous style movement. Albeit I don’t think that they will be motivated as much by the moral and religious aspects that HCA puts out there as dictum. Maybe though, they will have the gravitational force enough to spin all of this off into the other jihadist movements.

“The enemy of my enemy is my friend”

If the HCA does pull off any real hacks though (say on infrastructure) then indeed they will get the attention they seek and more than likely give the idea to other movements out there to do the same.

AND that is what worries me.

Cinch Up That Seatbelt… It’s Gonna Be A Bumpy Ride

Finally, I think that things are just getting started in Iran and its about to  get interesting. With all of the operations that seem to be going on in spook world (please don’t use PIZZA as a code word again mmkay?) and the Israeli’s feeling pressured by Tehran’s nuclear ambitions and rhetoric, I suspect something is about to give way. Add to this the chicken-hawks who want to be president (Herman I wanna touch your monkey) Caine and the others who have so recently been posturing like prima donna models on a runway over Iran and we have a disaster to come.

Oh.. and Bachmann.. *Shudder* Please remove her from the Intelligence committe!! That whole Pakistani nuclear AQ attacks thing was sooo not right!

PSSSSST BACHMANN they’re called SECRETS! (or, for your impaired and illiterate self SEKRETS) STFU ok?

OH.. Too late, now NATO is attacking into Pakistan…

It looks to me like the whole middle east is about to erupt like a pregnant festering boil and we are the nurse with the needs who has to pop it and duck.

So.. Uh yeah, sorry, got carried away there… I guess the take away is this; When you look at all the other stuff going on there, this alleged cyber army is laughable.

Yuk yuk yuk… You’re killin me Ahmed!

K.

The PrimorisEra Affair: Paradigms In Social Networking and SECOPS

with 5 comments

EDIT 5.24.2011

As of last night, I had heard that PrimorisEra was back and posting to a new blog. Today Wired has fired off a follow up to the earlier report and her return. It seems from the report that perhaps the Pentagon investigation is over and that in fact Shawna Gorman may indeed be the First Lady of Missiles. It remains to be seen if this is really the case but since she is back and blogging, I would have to lean toward my assessment from before. Still though, my cautionary statements about social networking and SECOPS still apply.

See below:

K.

From Wired:

It started out with a leggy, bikini-clad avatar. She said she was a missile expert — the “1st Lady of Missiles,” in fact — but sometimes suggested she worked with the CIA. With multiple Twitter and Facebook accounts, she earned a following of social media-crazed security wonks. Then came the accusations of using sex appeal for espionage.

Now everyone involved in this weird network is adjusting their story in one way or another, demonstrating that even people in the national security world have trouble remembering one of the basic rules of the internet: Not everyone is who they say they are.

“I think anyone puts pictures out online to lure someone in,” the woman at the center of the controversy insists. “But it’s not to lure men in to give me any information at all… I liked them. They’re pretty. Apparently everyone else thought so too.”

This is a strange, Twitter-borne tale of flirting, cutouts, and lack of online caution in the intelligence and defense worlds. Professionals who should’ve known better casually disclosed their personal details (a big no-no in spook circles) and lobbed allegations they later couldn’t or wouldn’t support (a big no-no in all circles). It led to a Pentagon investigation. And it starts with a Twitter account that no longer exists called @PrimorisEra.

Yesterday, Wired posted a news article about another potential social networking attack on the .mil and .gov types involving Twitter, Facebook, and Google Buzz. The snippet above really sums up what is alleged to have happened and the problems with Social media’s blasé attitudes where people who have jobs that require secrecy meet and chat.

Presently, according to the article, a Pentagon investigation is under way into this story, but once again, this is not the first time we have heard this type of story in the press with these same players. It was last year when a profile online named “Robin Sage” made the rounds on LinkedIn and other social media formats. This “cutout” as they are called in the espionage community, was in fact a fake profile used by a security researcher to prove a point. By using an attractive woman as the persona, the researcher was able to get people within the military and governmental community to add her and flirt. Through the flirting, the unsuspecting connections gave up valuable data on what they did for a living, where they were, and perhaps even locations in country around the battlefield in Afghanistan.

Many just fell for the profile hook line and sinker.. And that is a bad thing for anyone in this sector. It was a lesson in OPSEC and it’s failure. Potentially, this emerging case from the Wired story could also be much the same. The number of online personae that are involved in this story are just a little too many to just think that it was an innocent mistake on the part of a young woman seeking attention online from her peers within the government and military. However, its also just as possible that that is all it really is.

Time will tell.

Shawn Elizabeth Gorman Daughter of Nancy Gorman 1983

Site with SEG photo (1983)

The thing about this is that this type of exploit is not new at all. This is commonly known as a honeypot in the espionage area and before there was an Internet, there was the local cafe or bar, where one would just happen to meet a lovely young thing and start a relationship. That relationship would then be turned into blackmail (either emotional or literal) and suddenly, you are an asset for the adversary. The new twist is that services need not deploy an asset to a foreign country to search for and find access to those who they want to get information from. Today all they need to have is an Internet connection and Google. It is only even more easily carried out now that there are Social Media sites like Facebook and others to sidle digitally up to anyone you like and start to work on them if you know how.

There used to be a time where every operator was given the tutorials on espionage means and methods. People were forewarned about travelling to other countries and if you are cleared, you have to report suspicious contacts to the DSS. Today though, I don’t think that they have even attempted to try this with online content. I mean, how many reports a day would you have to make to DSS if you are online and just talking to people in a chat room or on Facebook? It would be impossible. So it is understandable, as social animals, that we develop this technology to connect with others and being that it is a rather insular means of communications, feel that we can just let loose with information. After all, how does one really assure that who they are talking to is indeed that person that they claim to be?

So, people forget and really, this is still all relatively new isn’t it? There are no maps here.

Now, back to this story, no one has claimed that data has been leaked. It is only the appearance of things have set off the alarm bells for people and agencies. When one user finally decided to call the alleged cutout’s profile out, a subsequent shit storm began that ended up with @primosera deleting their Twitter, Facebook, and Google accounts thus making the story seem even more suspect.

Was Shawn E Gorman a cutout? Is she really the grad student and contractor she claims to be in her tweets? What about the allusions to the CIA? All of the missile tech and political discussions? Well, given the background of what can be located readily online, there is a Shawn Elizabeth Gorman attending Johns Hopkins as a research assistant getting her MBA in Government, so, perhaps. Or maybe someone has just taken on the persona of Ms. Gorman to use as a cutout for these activities?

Frankly, I am leaning toward it really being her. As you can see from the photos above, I located a photo other than the one from Wired that purports to be Shawn E. Gorman born 1983 to a Nancy Gorman. I also located data that shows a Shawn E. Gorman living in Bethesda MD with the same mother. Given that the photo is an early one, and one of the few out there easily found, I am thinking it is one in the same. However, this does not mean that it has been her behind that keyboard when she was talking to all of the people involved.

Time will tell what is what once the Pentagon’s investigation gets done. It could be that this is all for naught security wise from the compromise perspective. However, this once again is an object lesson for everyone online. Nevermind if you work in a job that requires security, everyone should be cognisant that when they are online talking to someone that they do not know in real life, are just that much more possibly talking to someone who is not their “friend” and looking to just have a chat. From the common data thief to the corporate spy, we all may have data that someone wants and will be willing to pretend a while to get it.

We want to be social and open as we are social animals… Just so happens that sometimes that is a bad idea.

I think though, that everyone who works in security or within a security centric job space will have to go through some more training in the near future. This is just a warning bell and I think it best that the government and military listen to it. Even as the article goes on to mention, there are restrictions on the military about posting online, but still they cannot deny these people access to the likes of Facebook for morale. It is really playing with fire either way, in denying the access it seems draconian and people will fight it. On the other hand, if you allow it and monitor it, you are damned for monitoring people’s interaction online.

Hell, even the CIA has set up its own social networks within the CIA’s Intranet so people can talk and ostensibly share ideas and data. However, that is on an Intranet that is well protected….

Meanwhile, back on the Internet, we have places like LinkedIn. Sounds like a great idea, networking for jobs and such. Then the .gov and .mil folks all got online and began to show themselves and much of their data in a contained space. So much of a treasure trove is LinkedIn that Anna Chapman (as seen above from her Russian Maxim shoot) was only 2 degrees of separation from me within my network on LinkedIn! She was mining the connections as a sleeper for the SVR and all she had to do was put up a pretty picture and say hi.

For me it comes down to this;

1) If you sign up for these places hide as much of your data as you can.

2) Pay attention to the security measures that the sites have in place.. Or don’t. Facebook has had a terrible record on personal privacy but look how many people they have on there and just how much personal data is available to anyone who can look at the page, even a cached version.

3) When you get invites from people check them out. Use other means than the current site (aka LinkedIn) to do that research. See if you can nail down who they are in reality. Even then, once you are friends, think before you type. You may be giving out data that you personally don’t want anyone to have.

4) Placing too much family data on the Internet is a threat. Anything from Identity theft to outright stalking and physical danger can be the outcome if you make it too easy for someone to get your data.

5) If you suspect that someone you are talking to is not indeed who you think they are, walk away.

6) AND for God’s sake, if you are a guy, in the military or government, or hold a classified status and some hot avatar’d chick starts PM’ing you, its either a bot or it’s likely another cutout. ESPECIALLY if you lay out your life’s story online as to what you do and where you work.

7) Finally, remember what I have repeated over and over again. Whoever you are talking to MAY NOT BE WHO THEY SAY THEY ARE!

Just don’t put that data out there and end up in the hot seat with your job on the line over a little virtual tail.

K.

Anonymous vs. Anonymous: Enough Hubris To Go Around

leave a comment »

The nameless revolution that calls itself Anonymous may be about to have its own, online civil war.

A hacker startup calling itself Backtrace Security–made up of individuals who formerly counted themselves as part of Anonymous’ loose digital collective–announced plans Friday to publish identifying information on a handful of active members of Anonymous. According to one source within the Backtrace group, it will release the names and instant messaging logs of dozens of Anonymous hackers who took part in attacks onPayPal, Mastercard, the security firm HBGaryWestboro Baptist Church, and the Marine officials responsible for the detainment of WikiLeaks source Bradley Manning.

That spokesman, who goes by the name Hubris and calls himself BackTrace’s “director of psychological operations,” tells me that the group (Backtrace calls itself a company, but Hubris says it’s still in the process of incorporating) aims to put an end to Anonymous “in its current form.” That form, Hubris argues, is a betrayal of its roots: Fun-loving, often destructive nihilism, not the political hacktivism Anonymous has focused on for much of the past year. “[Anonymous] has truly become moralfags,” says Hubris, using the term for hackers who focus on political and moral causes instead of amoral pranks. “Anonymous has never been about revolutions. It’s not about the betterment of mankind. It’s the Internet hate machine, or that’s what it’s supposed to be.”

The rest is HERE

“Cyberdouchery” it’s a term coined within the last year as far as I know for snake oil or hype mongers within the Infosec community. I have to say that this alleged group of ex-anon’s kinda fits the term for me. Whether it’s the reason that they state of being tired of Anonymous’ being moral fags, or the idea that they just want to get back to their troll roots, I pretty much just think its a publicity stunt. Of course, the darker side of me could see the way to believing that this is just some sort of psyop by person/persons unknown to get a reaction out of Anonymous.

I have written in the past about the herd mentality as well as convergence theory where it regards Anonymous. In each of those scenarios though, there is the idea that there are leaders. No matter the number of times Anonymous may say they are leaderless, I say that this is just impossible from the point both of these theories take. Even if someone is a leader for a day or minute, there is a leader, and there are followers, either anointed by the pack or by themselves. There are also the minions that do the work, such as the mods and the managers of the servers and systems. Those too could be seen as leaders within the infrastructure too. Now it seems though, that this new group is going to attempt to name leaders by use of social engineering and data collection.

… And that is what Aaron Barr wanted to do.. Well sorta… Then he shot himself in the foot with his own machine gun of hubris.

All in all though, this looks to be on the face of it, just an attempt at #LULZ by these folks at Backtrace. The use of the crystal palace image alone screams nearly the same shrill tune as using too many numbers in one’s nickname in leet terms. If you look closely though, you will see that they also claim to offer services such as “Cyber Espionage” *blink* Not counter intelligence nor counter cyber espionage, but cyber espionage. Just as they also offer cyber warfare and a host of other hot terms with cyber in them. That just reeks of the cyberdouchery I spoke of at the top of the post. So, in reality I don’t take this all too seriously.

I guess we will just have to wait and see what develops with this insurance file and the alleged outing that will happen…

There will be #lulz

K.

FUD! GET YER FUD HERE! : AP Exclusive: Report warns of Iran nuke disaster

leave a comment »

VIENNA – The control systems of Iran’s Bushehr nuclear plant have been penetrated by a computer worm unleashed last year, according to a foreign intelligence report that warns of a possible Chernobyl-like disaster once the site becomes fully operational.

Russia’s envoy to NATO, Dmitry Rogozin, also has raised the specter of the 1986 reactor explosion in Ukraine, but suggested last week that the danger had passed.

The report, drawn up by a nation closely monitoring Iran’s nuclear program and obtained by The Associated Press, said such conclusions were premature and based on the “casual assessment” of Russian and Iranian scientists at Bushehr.

With control systems disabled by the virus, the reactor would have the force of a “small nuclear bomb,” it said.

“The minimum possible damage would be a meltdown of the reactor,” it says. “However, external damage and massive environmental destruction could also occur … similar to the Chernobyl disaster.”

Full article HERE

Alright enough already with this talk about Stuxnet causing an Iranian Chernobyl! Look, Stuxnet was programmed in a VERY specific way to work its voodoo on the processing of Uranium, NOT on the management of the rods being excited within a reactor! The program attacked the PLC’s for specified Siemens controllers that worked with the centrifuges that spun the Uranium into fissile material.

So, who now is thinking that perhaps this little piece of reporting might be a red herring huh?

Yep…

Of course the Iranians at this time are so freaked out that they will not patch the systems that have been infected with patches from Siemens because they are too paranoid! God, I love that! Well played USA/UK/Israel for even after Stuxnet has been outed and much research has gone into it, Iran still is totally fucked! Well done! The Iranians have been a paranoid group for a long time, now they are just totally unhinged I suspect with all of the Stuxnet hype and their own brand of internal denial and heads in the sand.

Psssst hey Iran… Jester also infected your LOIC too!

Hey.. Hey now don’t cry…

Krypt0s

Gregory Evans: Psychological Profile of a Lackluster Conman

with 3 comments

Wow Mr Crabyolbastard, you failed the test just like I thought you would. This time you even got your wires all mixed up. You get a NO GO at this station. Sorry that you can’t play with the Big Boys without squeeling like a wild pig. Tut…Tut…Now What?

darby.chuck@yahoo.com
68.153.132.46

This crabbyolbastard guy has way too much time on his hands, but hey, he’s getting Greg more publicity. I tell you, Evans is probably the most popular guy in the cyber security industry! keep em talking Greg and continue to prove them wrong! Im rootin for ya!

…. And as for you, you crabby. old. bastard……. GET A LIFE!

dscraigen@gmail.com
68.153.132.46

Oh Greg, I have a life, and that life now includes removing you from the information security theater stage. You see, you came to me, not I to you in this matter, and well, you made a mistake in judgement with your “n01hack3r” thing. Greg, you pissed off the wrong people like I told you before, ya know, the aphorism about hackers being subtle and quick to temper? Well, you have more than a few out there in the “community” gunning for you now, and yet, you spend time on my blog reading it, looking up the big words on the “Googles” and responding via your cavalcade of BellSouth sip/adsl addresses claiming to be others while we know all along that its you. So this post has a couple of functions for me.. Let me lay them out for you.

1) I get under your skin.. I have a habit of doing that on this blog and well, I enjoy being the cause of your mental anguish. I intend to get further under your skin like an embedded tick. I plan on leaving you after this post with the nagging self doubt that haunts you in your silent spaces during the day. Think of me as your new personal Hannibal Lecter and you, you are my cell mate next door “Multiple Migs”

2) To outlay to the world in Neuro-Linguistic Programming, a picture of your inner workings, your fears, your failings, and generally, hasten you to your cataclysmic utter failure oncoming. All packaged up in a neatly ordered and well thought out analysis of you Greg.

So, lets get to it shall we? Oh, and Greg, when you respond, and I know you will, if you can’t follow the conversation even with my little links to help you with the big words, you will have to just move on over to the kids table, this is adult talk now.

Gregory,

I know where you are mentally right now. Your dreams of bling and cheap-n-easy young ladies are quickly becoming nothing but faded ambitions due to your age, your rapidly emptying bank accounts, and the light being shown on you as a charlatan and a con man. It must eat at you during the quiet moments all this failure, it haunts you I am sure. The reason why it does is not so much because you care at all for the shareholders of your company, but more so about your own dreams of self aggrandizement. Its all just a niggling feeling at the back of your mind and then you start to realize that soon, there will be nothing left and your charade will be completely exposed and it makes you break out in a cold sweat all alone at night doesn’t it?

And yet, instead of giving in and moving on to something else, you feel trapped and have to fight against the tide of reason. You strive on to show that you are really all those things that you claim to be, but know that you are not.

Successful

A knowledgeable man on subjects such as computer security

A pillar of the community

A God fearing and righteous man

A raconteur

Generally, a good guy

You must have those momentary pangs when you think of your mother, perhaps of your father, but I guess more about your mother, that she is proud of you. You know though, because you have lied and conned your way to where you are now that she likely is not. It is in these small moments when you are alone at night, that you realize that you are none of those things above. You look back at your life and you think about the places where you might have done things differently.. But, its too late now. This, this is the end of the line.

So it is, with each passing day post your being thrust into the light like a cockroach behind the fridge, your revenue stream being broken by the truths being told, that you increasingly see the only way to fight is to lie more, with more extravagance, and to use what little wits you have to attempt to sway the tide of press.

Yet again, at the end of each day, the failure comes to you at night like a specter doesn’t it Greg? Alone in your bed after all the gold digger girls have gone because you cannot afford them any more, it haunts you. You feel it though Greg, you can see the path to the pain’s release but you just aren’t man enough yet to take the path are you?

The path of admitting you are a failure. You had your time when you passed yourself off and bilked your friends, acquaintances, and shareholders, but those days are gone.

Painful isn’t it… No longer are you the big man Gregory…

Each day you are beset by the news on the internet. The truths being dug up about you and published. I assume the calls from your shareholders that you borrowed all that money from (600K+ last I looked) must be on their minds as you let it go to voicemail. Hard to avoid them too I suppose as you go out of the house or go into one of your marble gilded bathrooms. It must also haunt you, the knowledge that the people you thought you had hoodwinked now see the truths of it all.

Then the possible future teases into your mind. You could be going to jail again. This time, it may not be so short a stay and you know that you are going to have to nut up inside or be passed around for a pack of smokes. All those sticky painful incidents of being someone’s bitch inside must also go through you mind. One shudders to think.

So on you go, posting all kinds of press to make your “company” look better and try to resurrect it all. All in the hopes of those glory days of spending the capital that the shareholders give you for skyboxes, expensive cars, and coochie to impress all of those people you so want to be friends with.

The glitterati.

All the while though now, you know that this is not to be, and it pains you. After all, you are a prideful man aren’t you…

Sometimes though, you think about just disappearing… Starting over…. Perhaps you should.

Of course, then you’d be on the run from the charges surely to be filed. But, after all, you are better suited to running than you are to fighting. Cowardice seems to be your stock in trade. You make veiled threats through emails and you get hot quickly lately don’t you? It must be all the stress.

But you know, they (the security community and the authorities) will not go away…

Best to run Gregory… Before it all collapses in on itself further….

Listen to that niggling little voice Greg….

Written by Krypt3ia

2010/07/20 at 14:26

Getting Into Bed With Robin Sage: The Fallout & The Proof of Concept

with 2 comments

So why the pictures of Anna Chapman you ask? Well, because it may well have been Anna on the profile.. The principle is the same.

The Robin Sage Affair:

Recently, the INFOSEC community found itself with its virtual pants around its digital ankles through the machinations of “Robin Sage” a faux profile created on a number of social networking sites including InkedIn. The profile sported a goth girl and the attending personal data claimed that she worked for N8 Naval Warfare Center and was basically the inspiration for Abby Sciuto, a character from NCIS (Naval Criminal Investigative Service) on CBS.

The man behind the profile and the experiment is Thomas Ryan, the co-founder and Managing Partner of Cyber Operations and Threat Intelligence for Provide Security. His idea was to test the social networking process to see if he by proxy of this profile, could get people to just add Robin without any real vetting. A secondary part of the experiment was also to see just how much information could be gathered by the cutout and see just how damaging such actions could be to end users who “just click yes” to anyone who wishes to be added.

In the end, within a 28 day period the account harvested not only compromising data (much of the worst from LinkedIn) but also invitations to speak at conferences, job offers, and I am sure, the odd lascivious offers to “meet” The byproduct of this experiment in the short term (after her outing, so to speak) is that the Infosec community members who were duped are feeling, well, a bit sheepish right now. After all, these are the people who are supposed to be teaching others on how not to get compromised like this. Especially so with a social engineering exploit that worked so knee jerk well.

Twitter has been abuzz with condemnation and who knows what’s being said in the halls of power and in the military since many of the folks who got duped were military operators. All of this though glosses over a pertinent fact for me however. One that may be in fact brought out in the talk at Black Hat, but I thought it interesting to write about here. The problems of how humans are wired neurologically and our needs to be “social” We come pre-loaded and then taught social norms that are counter much of the time to secure actions.

Hardwired:

It is my contention that human beings are a social animal that are wired and trained to be trusting as well as gullible when a pretty woman says “please add me” Sure, we can train ourselves to be skeptical and to seek out more information, but, in our society of late it seems that we have even lost more of this capability because we do not teach critical thinking in school as much as wrote learning. Of course this is just one aspect of a bigger picture and I really want to focus on the brain wiring and social training.

As social animals, we ‘want” to be social (most of us that is) and long to communicate. After all, that is what the internet is all about lately huh? Not being actually in the room with people but able to talk/chat with them online in “social networks” In other cases we are forced to be social in the sense that our lives depend on our social natures. We cooperate with others, we live with others and we depend on others for our safety in numbers, infrastructure continuance, etc. Thus we evolved into tribes, clans, societies, and now its going global. All of this is predicated on some modicum of trust in relationships.

Trust relationships though are just one thing. We trust as we walk down the street that the people walking toward us will not whip out a gun and just start shooting at you. We trust that the driver on the other side of the road will not just veer out in front of us for no apparent reason because that would be counter productive and not the “norm” However, these things can and do happen from time to time, yet, we do not find ourselves on permanent alert as we walk the streets because if we were then we would be a wreck. Turning that around, we would then be seen as paranoid and not “normal”

See where I am going with that?

So, in the sense of online social networks and security, these things are just diametrically opposed. If you want to be social, don’t enter into areas of discourse where your “security” is supposed to be protected. It is akin to walking up to a stranger and telling them your doors at home are unlocked most of the time. Believe me it happens now and then, but don’t you then start thinking that that person just has something fundamentally wrong with them? Its the same for any online relationship. Nickerson said it best.. Unless you really know them or have.. “spit roasted” someone with them, then don’t add them or tell them secret things… But.. Then there is that whole trust issue.

We are trusting and want to follow social norms. THIS is why social engineering works so well! We are just wired for it and to change these behaviors really requires training.

Additionally, lets take into account the hotness factor with this particular experiment. The pictures of “Robin” were obvious to some as being of someone who would NOT have a job at N8 or any facility/group with classified access and responsibilities. I took one look and thought;

“Look at that nip slip and belly shot there on the Facebook.. No way this is a real profile because her clearance would be yanked ASAP”

Others though, may have looked at those pics and thought “damn, I want to meet her, I will add her and chat her up” This begs the question of just what the ratio was of men to women who asked to be added or just clicked add on the Robin Sage profile. Were the numbers proportionally higher men to women I wonder? I actually believe that to be the case. In fact, this is an important thing to take note of as we are dealing with a very familiar tactic in espionage realms.

“The Swallow” or “Honeytrap”

How many have fallen for the “Russian Secretary” over the years and then been turned into an agent for Russia? The same principle is being used here. The bait is a cute goth chick who happens to work in the very same field you do! A field mind you that is still primarily loaded with guys. So this is just moth to the flame here. It is so common that perhaps we cannot get past our own hard wired brain and sexual drives huh? It will be interesting to see the talk at Black Hat to get the stats.

The Community:

So, once again, those who got spanked by this and are griping now, I say take a long look at the problem. You fell victim to your own programming. You could potentially have not fallen prey to it, and perhaps in the future you won’t, but, take this as a learning experience and move on.

Use this experience to teach others.

Object lesson learned.

Full CSO article HERE

CoB

The “Insider Threat” aka Your Companies Management

with one comment

Two stories on the internet today piqued my interest in the actual facts of this this issue of the “insider threat” as opposed to hack attacks from external sources. I would say that perhaps aside from “security theatre” that the real insider threat is the inaction and incompetence in some cases on the part of the companies out there who are insecure from basic lack of secure practices. This I would think is the larger issue that allows both insider attacks as well as outsider to be so successful.

Basic things like default settings on systems, printers, network appliances, applications, etc really make the work of the insider or outsider very easy. Once those low hanging fruit attacks are performed, the foothold actually can be in fact root on many systems because of these issues not being remediated at the time of install on many systems.

The first story I saw today had the headline of: Security Experts Raise Alarm Over Insider Threat and it espoused the common thread of late that all the layoffs today are making turncoats out of many and thus, those with the insider access are the biggest threat. On the one hand I agree with that assessment. However, if the company in question is actually following procedure, they should be able to mitigate the issue by closing accounts and changing passwords etc on key systems. This is of course to say that you actually lay this person off, and walk them out at that moment.

If instead your insider thinks that they are about to be laid off, well, they may use their access to steal data or perhaps even damage it before they get the ax. So sure, they may actually be a threat in this way, but, I think there is  a larger threat by their ethics being lax and someone coming along with some quick cash or a threat of blackmail. You see, I think that the insider threat must be approached from a HUMINT (aka spying) angle instead in this day and age.

The average disgruntled employee is the one that I would approach with quick cash after some time getting to know them and egg them on. Once you have them in the bag you just ask them to do the deed with the promise of money. Access can be bought these day if not easily tricked out of a worker with some low end social engineering. On the other hand, were I looking for some more long term and higher access I would go for the longer approach of coercion of an asset.

All this aside, either way you do it you, the company, make it easier for a non technical person or a technical APT to root your networks when you don’t follow the most basic of security principles of CIA. Which brings me back to the larger of the inside threats… Management.

In all my years of assessment, I have seen all too many places where the management just does not get security, does not care about security, and does not want to spend the time and money doing the due diligence for secure operations. Without a proper buy in from the top, then security becomes a non issue with the masses and thus nothing is carried out securely at company X. Default passwords, no passwords, poor passwords, sharing passwords etc all are very common in places without any security insight. Often too, these companies have no insight into what is happening on their networks to tell if indeed someone is attacking or exfiltrating data out of their networks through their own firewall… Never mind the guy with the 4 gig USB stick who just downloaded the “secret sauce” recipe and is walking out the front door as he smiles at the guard.

So, my take, the insider threat is a big one indeed and so easy to exploit.

And that brings me to the second article today: Simple information security mistakes can cause data loss, says expert wherein an eminent forensics investigator from Verizon has found through his assessments that the outsider attacks have been far greater. He does however in a backhanded way, have my opinion as to who that insider threat really is: Management.

However, as the article does not really cover this overtly nor the real insight I think about “who” these attackers are I will add to this a bit. I think that those spear phishing attacks that rely on very specific individuals being targeted also has an insider portion to it. After all, just where does all that data come from to target these individuals? The inside of course.

Intranet/internet websites are a rich data mining arena for the APT or the industrial spy. All too often the companies themselves give up all the details an attacker could ever need or want. Most of the time too no hacking need be done to get the information and often much more data than should be available is due to misconfiguration as any good Google hacker can attest. Add this to the whole lack of security posture and you have a deadly mix.

So, to bring it all together, I think that as a general rule “we” are our own worst enemy and the de facto “insider” threat when security is not applied.