Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Cracking’ Category

Phone Hacks Or Intercepts: Bezos’, Pecker, Sanchez, MBS, A Pragmatic Approach

leave a comment »

This whole thing about the Bezos’ dickpics is running amok in the media with panel after breathless panel dribbling on ad nauseum. Wanking on over whether or not a nation state secret service intercepted those texts and photos or if AMI (The National Inquirer) hacked them with the help of sleazy private investigators and or the brother of the mistress has me apoplectic every time it’s thrust in my face on the news. I finally decided to put this post together with some sense making to counter all the stupid out there. Of course the funniest thing about all of this though is that I have yet to see any of the hacking talking heads that usually show up like Dave Kennedy being dragged out to assess how easy or hard it would be to just hack a phone or an account. Who knew they would not be clambering to get more news cycle attention to pimp their services huh? Anyway, let’s do a little dive into what Bezos likely has as a phone, how easy they are to hack, and how likely that a bad actor like MBS and his secret services, a paid group, or just the brother of the mistress with a grudge were the culprits shall we?

What phone does Bezos likely have and how hack-able is it?

According to the babbling of the news media, claims have been made that Bezos has security and as such his phone is likely harder to hack. Well, let’s put that to the test and see. I did some looking and as of 2017 he was still using a Fire Phone, his own product and that runs on Android. A little more Googling and you can see that it had seven vulns that included DoS and overflow attacks in 2018

FireOS is based on Android 4.2 JellyBean and that had a host of vulnerabilities as well. So unless Bezos was using some super secret hardened version of JellyBean or FireOS then it is likely that even with iterations today he might have, it is still quite hack-able in all reality. So with that information one has to wonder at all this reporting that it HAD TO BE a nation state or that this was some exotic attack on a hard target.

Sorry, no.

INCONCEIVABLE!

Meanwhile, if indeed Bezos had another phone, he was spotted before with ANOTHER  model of phone (Samsung) which also uses Android as it’s base operating system. If you are in the hacking or security community, then you know that Android is a hot mess security wise because Google could really give a fuck, so there you  have it. Unless Bezos decided to get a Black Phone (which still had issues) I am gonna say it would not be hard to hack him with a phish with a bad .apk file and own him.

Sorry media, go home, you’re drunk again.

The facts are that unless Bezos got his hands on an NSA encrypted and hardened phone like the one that Obama had (which was Blackberry) then it is likely trivial to attack his phone and own him. That’s the fact and everyone should take that into account when listening or watching these talking heads on TV. Of course, this is not to say that it wasn’t MBS or minions he hired or AMI that did this because these are TRIVIAL hacks and one could pay easily for someone to do it. It would not take the NSA or that level of nation state access intercepts to get the data Pecker has.

What are the odds that a bad password(s) and an automatic backup to the cloud are responsible here?

Right, so what about bad passwords? I mean hell, Manny’s password to all his secret bad dealings was “bond007” right? So is Bezos using a good password vault with 16 character passwords and rotating them often? Well, I cannot say, but what I can say is this; “security is hard and OPSEC is even harder for regular people” This means that it is entirely possible that Bezos password could have been weak and he may not have changed them as regularly as might be needed for someone who is a higher risk target right? I am sure he has minions and possibly a security detail, but, think about this, would you want your security detail to have your password to your dickpic mistress phone?

This also brings up another question…. Did he have a mistress phone? Something separate from his regular phone and hidden so the wife would not see? You have to ask yourselves this question as well when thinking about this whole “affair” right? Let’s say Bezos bought a burn phone and used that instead of his primary phone to send his dickpics and stupid stupid texts mooning to his side piece? It’s not something you would really want to have laying about for the wife to find and nothing that could be directly tied to you in some ways, I mean sure he sent photos of himself, not just his junk, so yeah, not the greatest OPSEC there either. But would such a phone have less security because it was not hardened by the security detail?

Hmmmm….

Either way, passwords and access to Google (since I think he is still using Android) is problematic and unless he had all the 2FA turned on and alerting, he could have easily been pwned due to his own stupidity with passwords and access security.

What are the chances that physical access to the mistresses phone are to blame?

Ahh this mistress… Well all of the things above could play with her as well. It could have also been physical access to the phone by others as well. Let’s face it, Sanchez could have been using her dogs name as a password to all her accounts for all we know. She is the weakest of weak points as far as I am concerned in the security picture in this story. It seems that a running theme in the story seems to be that the mistresses brother is tied into the Trump camp and its acolytes so there is a chance that he accessed her phone either physically or perhaps he had a password to gather the details and leaked them to AMI.

Think about that though….

You would have to be one cold bastard as a family member to hack into the sister’s phone and dump pics that seem to include some nudity on her part as well to AMI right? I mean that is some serious pathology there. Keep that in mind further down this post ok? *turns over standing presentation board with pics and yarn connections* So yeah, it could be the brother, or it could be anyone who had proximity to the phone and a desire to carry out this attack on her and Bezos.

I am unaware of what phone the mistress is using but I am willing to bet that she is not as security conscious as Bezos might be. It could even be that Bezos and her both had burn phones that were insecure, who knows right? Suffice to say that the mistress and her electronics hygiene may have in fact been the vector of the leak and everyone has to take that into account even if you are thinking that this was carried out by nation state actors like MBS or Russia. It would be a soft target campaign with phishing, physical access, and stupidity that would win the day and would not take that much effort really.

Was it a nation state intercepting Bezos and just handed this over to Pecker and AMI?

Speaking of nation state actors here’s the deal…

It’s quite possible. It would likely be trivial to attack the weak link (mistress) and gather all the intel. In fact, let’s suppose the nation state actors did do this, it would not only be dick pics that AMI might have. It is possible that they also have audio and video captures of phone calls and the like as well. How do we know that Bezos and the mistress didn’t make any videos together as well? Or perhaps little videos for one another?

Ponder that one too.

The fact of the matter is that nation state, hired hackers, or sleazy PI’s could all have done this and all have passed on even more dirt to use against Bezos and his mistress and it all sits somewhere in a safe on an external hard drive right? All I am saying is that there may be more to come in the future if at some other time AMI and or others decide to go nuclear on Bezos. I will sit back and watch the fires burn and sip my whiskey when it all comes down. At the end of the day it cannot be said that it wasn’t a nation state that did this and there are hints and allegations that AMI might have that avenue of interest with MBS and Saudi to have made this happen.

My biggest problem though with that is that it was so fucking hamfisted in it’s being carried out that makes me wonder if it wasn’t just AMI doing what they have been doing since they started their yellow journalism agitprop fuckery. I would hope that a nation state would be smoother than; “It would be a shame if something happened to that marriage you have there” but hey, we are in the Trump era of thuggery and clown cars full of Russians right? So yeah, entirely possible it was MBS in the conservatory with AMI and a phone hack. Time will tell though, but let’s not make this into a James Bond epic huh?

What are the chances that this was a honey-trap?

Ok, breaking out the muder conspiracy board here for the fun of it…

What if, just what if, this was a honeytrap? What if the mistress is like the brother and a Trump supporter? What if this was all a trap to get Bezos to back off by AMI and others using this woman wittingly or unwittingly? I mean, it is possible isn’t it? I am not saying it is likely but I am just gonna put that out there for you all. If I were looking to damage an adversary (perceived) like Bezos I might just hire hookers and get the good on him in a hotel that’s been wired, of course it would have to be a situation that Bezos doesn’t have a TSCM team sweeping rooms before he stays in them and such but yeah, that would be one way. Another might be to leverage someone in the orbit or put someone in the orbit who he can be enticed by and get the goods on him that way…

Ya know… like what we are seeing play out here right? This is exactly the sleazy way that espionage is carried out on the nation state level (blackmail) as it is on the AMI level of play. So this is not an impossibility. Is it likely in this case? Well, what do we know about Sanchez anyway? I guess a deeper look into her and her brother might be in order and is likely being done by the likes of the FBI right about now.

Giggity.

But yeah, with all the hyperventilation going on in the media, this is a possibility and I cannot just wipe this away as a not a thing.

Time will tell.

Forensics or GTFO!

Finally, I would like to once again yell at the media FORENSICS OR GET THE FUCK OUT! I would like to see some evidence that points to nation state hacking or intercepts of Bezos and the mistresses accounts or phones. Will we ever see this data? Well, who the hell knows really but it won’t stop me from yelling this out every time the media breathlessly makes claims that exotic espionage has been carried out on alleged hard targets who use Android phones!

STAAAAAAHHHHP

I eagerly await some evidence in this case but I don’t really expect any. I will keep an eye on it all but at the end of the day I just wanted to put this out there. It is not super secret nation state shit level stuff going on here. It may in fact be leveraged by MBS and his people but it is not something along the lines of them using SS-7 on Bezos and his mistress right?

Right?

Oh right, need forensics for that…

Derp.

K.

Written by Krypt3ia

2019/02/10 at 14:53

Из России с любовью

leave a comment »

DFPKSUCPTSWXMPF

Exposed.su

exposed.su_links_inout

A site popped up with the domain name exposed.su and within the pages (other than malware lurking for an IE exploit) sits all kinds of personal financial data for famous people. Among the people hit on this site were the likes of Hillary Clinton, Al Gore, FBI Director Mueller and others. The data on the site seems to be somewhat legit and soon after the page made a splash in the news the DOJ (FBI) Secret Service (USSS) and others had the governmental people’s links pulled off of cloudflair’s servers. After looking at some of the data myself before it was pulled I thought I would just have a look-see at this domain and what I could gather as to who was doing it. After some Maltego (RADIUM) work I began to realize that this all seemed to be emanating out of Russia. The domain was registered using an email address for “allperson.ru” which upon further searches turned up a den of sketchy sites.

Domain Data:

domain: EXPOSED.SU
nserver: dave.ns.cloudflare.com.
nserver: fay.ns.cloudflare.com.
state: REGISTERED, DELEGATED
person: Private Person
e-mail: exposed.su@allperson.ru
registrar: REGTIME-REG-FID
created: 2013.03.06
paid-till: 2014.03.06
free-date: 2014.04.08
source: TCI

Last updated on 2013.03.14 17:21:38 MSK

I then followed up with searches for allperson.ru email addresses and attendant domains attached to them. What I found was a pattern of behavior showing that most of these email addresses were for scam sites, free MP3 or video sites, and one forum for all kinds of coding and what looks to be scam techniques. Basically, I think that whoever set up this exposed.su site is affiliated with allperson.ru and or Legato LLC (scammers) and the information and connections you will see below. Of note though is that in the case of the exposed.su site there is nothing that directly ties it to anyone in particular. However, once you start digging around you can make connections between individuals and groups including addresses/persons involved in the ZEUS botnet.

Allperson.ru

allpersonRU_

domain:        ALLPERSON.RU
nserver:       ns1.tuthost.com.
nserver:       ns2.tuthost.com.
state:         REGISTERED, DELEGATED, UNVERIFIED
person:        Andrej V Punegov
phone:         **********
e-mail:        an@kazancity.net
registrar:     REGTIME-REG-RIPN
created:       2007.09.25
paid-till:     2008.09.25

Allperson.ru was a service/site that had about 5 email servers and was originally registered back in 2008. As you can see from the above domain data it was registered by a “Andrej V Punegov” Searches for Andrej give up a laundry list of sites and data that he has been affiliated with in the past. Not much more comes up in the “Googles” so I will leave it at that for the moment. The list of sites though that he has registered is long so it is likely that this is another player who has moved on to bigger and better scams… If that is a real name at all. The email address provided also gives up some interesting hits including an IRC site which I will leave for another day.

Another interesting email address in the allperson.ru set was demand.su@allperson.ru This address was directly tied to the ZEUS botnet that was taken down by M$ and is listed in the plaintiff filing  So here we have a direct tie of this allperson domain to Zeus and only a handful of email addresses. Could it be that this is all tied together? In fact, look at the email name “demand.su” the same format as exposed.su … Coincidence?

dema ndsu_ZEUS

wml.su_forum

Проверка домена
e-mail: wml.su@allperson.ru
e-mail: evgenij.w@gmail.com
e-mail: wml.su@mail.ru
nserver: ns1.wml.su. 62.149.12.117
nserver: ns2.wml.su. 62.149.13.81
created: 2006.06.29

wml.su

wml.su_fraudster

Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registration date: 2007-11-02
Last updated: 2012-02-11
Expiration date: 2013-11-02
Owner, Administrative, Technical Contacts:
Email: evgenij.w@gmail.com [4 domains use this email]
Name: Evgenij Ermolenko [4 domains use this name]
Phone: +3.80976061100 [4 domains use this phone]
Address: Katyuzhanka
Katyuzhanka
Kiev Oblast,07313
UA
WML2.COM IP: 62.149.13.81
The IP belongs to ISP COLOCALL LTD
ISP domain: COLOCALL.NET

Then there is wml.su@allperson.ru which has an interesting history and present. It ties to a domain/site forum.wml.su which happens to be a little forum for what looks to be warez and other illicit things as well as possibly a hub for site design and programming. The owner of this site also listed evgenij.w@gmail.com as an alternate email address. Following up on this address we get information that shows this email was used on 4 domains and within that you get a new name: Evgenij Ermolenko who has quite the digital breadcrumb trail to follow. Now Evgenij’s site wml.su has also been shown to be a site for infecting phones with trojans (see above) and seems to be quite the player here in the world of malware and scams.

Evgenij… Time to worry a little I think. Probably not much as you are located in Oblast, or Moscow, or.. Who the hell knows. The fact of the matter is you are one of those Russian bandito boys that pretty much never gets caught by the long arm of the law right?

Legato LLC

legato_llc

.

geo

Then there is Legato LLC. This is an interesting little corporation out of Oblast (coincidences coincidences) that has had it’s share of run in’s with illegality. Under private ownership it is alleged to have been created in 1970? It’s *cough* businesses cover anything from advertising to email and information technology. Hmmmm one wonders if they had a hand in the creation of allperson.ru and maybe still have some email servers that are being pointed at? Either way, it seems that Legato may have also been involved in the ZEUS botnet as well because the players here all seem to be connected by their digital trails as well as penchants for naming conventions. One of the scam sites was geo electronics and it seems that they were in the business of straight out fraud as well as money laundering and mule recruitment. Oh yeah, it’s getting deep now eh? It would seem that this rabbit hole goes on further but I am getting claustrophobic in it so I will leave off here with the detective work.

Conclusions:

Ok so what do we have? Well, we have a constellation of sites tied to an old defunct email system that seems to have ties to Legato LLC and to Zeus as well as money laundering and such. Why then does this site pop up and start dumping data on famous people’s credit histories? Histories and information that may not in fact be correct to begin with? Even though the USSS and FBI are looking into this I have to wonder if the data was correct. I am hearing that some of the phone numbers were not right at all and that this all really ties back to some hack on credit services this week. What is the motive here? Well, the Twitter feed and one of the links seem to point to someone with a grudge against the LAPD (re the Dorner affair) and the police in Russia. Since the twitter feed is down I missed the tweet that mentioned that but meh, I am not the caring at present.

Could this be an Anon motivated kind of thing? Well, the imgur picture of the girl on the page does come from an anonymous tied/named site but that is really tenuous to start but it could be. Overall though this site and the data seems to have rankled the feds a bit so maybe it was just for the lulz. Could this person just have access to the site data and used it to make this site and make it look like it came from Russia? Maybe.. But overall the feel of it and the acillary data seems to show that it was someone involved in the Russian sites including Zeus. PERHAPS they are just pissed off that their money making scheme vis a vis ZEUS got shut down?

That’s a lot of maybes huh? But hey, them’s the internetz kids. Your mileage may vary but keep an eye on this one because I am sure there are more than a few subpoena’s going out to Cloudflair where this is all hosted. One of the funniest things about this site though was that one of the links was to a credit dispute site. Now that’s cheeky!

K.

Written by Krypt3ia

2013/03/14 at 18:02

Posted in Blackhat, Cracking, crime

Yes Virginia, There Are Hackers and Spooks On Militant Boards…

leave a comment »

A prominent poster on the elite password-protected jihadi web site Shumukh has told fellow forum members his account on the site has been hacked to send spyware to fellow forum participants.

The user, who goes by the handle “Yaman Mukhadab,” posted on August 28 that “it seems that someone is using my account and is somehow sending messages with my name to the members,” according to Flashpoint Partners, which translated the discussion for Danger Room. Shumukh uses software from vBulletin, which allows members to send private messages to each other.

Mukhadab’s handiwork has attracted attention beyond the forum. He was one of the contributors to the site’s lame recent attempt at creating a fantasy target wishlist comprised of American security industry leaders, defense officials and other public figures.

From Wired

Yeah, yeah, yeah, once again Wired got a little tidbit from Evan Kohlmann to keep his Flashpoint company relevant and in the news. Blah blah blah. Look, Adam is it? Yeah, Adam, there is much more that goes on on this site and the myriad others that Evan isn’t telling you. Sure, this guy Yaman got a little twitchy and he is right to be so lately. There has been A LOT of other things going on on both sides of the fence lately that ol’ Evan hasn’t let you in on, or more likely, has no clue of.

  • There are hackers, both at the behest of the government and those not avowed going at these sites. Some are just knocking them down for periods of time (Jester etc)  Some who are auditing the sites and actually interacting at times with the players after owning them, and SOME who are just hacking the shit out of the sites and wreaking havoc. The latter was seen back a month or two ago with the take down of Ansar. They just RM’d that sucker, but, the jihadi’s had a backup and they were online within days. (which you mentioned.. good)
  • Most of these sites have sections where the the newbies are being taught hacking skills. Some of these tutorials are low level (like the lulz types we saw not too long ago *protect your MACIP’s) Others are quite well versed in hacking and have tutorials on the level of something to worry about. In fact, some of these sites contain the works of friends of mine in the security community that they have posted as research. Within these sections we have areas where the jihadi’s have an assortment of upload/download sites for malware (mostly these are older packages) but some of the newer posts have malware and creation kits that are up to today’s standards (which you failed to mention)
  • The version of AQAP’s “Inspire you talk about was tampered with *cupcakes* as well as one version did in fact have a trojan. (which you failed to mention)
  • The list of targets wasn’t so much lame as it was a new call to the “lone wolves” on these boards to act on it. There is a change in the way these guys are waging jihad that is not really covered by Evan and you. Did you know for instance that there is a Facebook Jihad (propaganda war) that is ongoing? As well as guys like Abu Hafs Al Suni Al Suni are advocating for a ‘stealth jihad’ ? Yeah, they are, and they have been busy trying to propagandise and get the word out to those lone nutjobs that might in fact try something like say, pick a name off of that ‘lame’ list as you called it. It wouldn’t be so lame after they actually whacked someone would it?

Sure, a good deal of this and the other jihobbyist sites are full of dreck, but, there are pockets of true believers, and your little piece in Wired downplays it all.

For more:

GCHQ/SIS AQ Media PSY-OP: Messin With Jihobbyists

Also try this little Google Search for spyware posts on the board. They have been busy.

As a side note, the Jihadi’s also went further and opted to go after the MEMRI organization as well. In a later post by Yaman, they list out the leaders of the org as targets as well. What makes me wonder is which one of them has a log and pass for MEMRI (hint hint MEMRI check your logs)

 

 

 

All in all, another bang up job Wired… *sarcasm implied*

K.

Asperger’s: The New Insanity Defense for Hacking?

with 4 comments

Asperger syndrome or Asperger’s syndrome or Asperger disorder (play /ˈɑspərɡərz/[1] or /ˈæspərɡərz/[2]) is an autism spectrum disorder that is characterized by significant difficulties in social interaction, along with restricted and repetitive patterns of behavior and interests. It differs from other autism spectrum disorders by its relative preservation of linguistic and cognitive development. Although not required for diagnosis, physical clumsiness and atypical use of language are frequently reported.[3][4]

From Wikipedia

Since the Gary McKinnon case, the use of the diagnosis by a defence team of “Asperger’s” seems to have become a go to position, at least that is presently in the U.K. justice system. The recent arrest of Ryan Cleary for cracking and DD0S attacks on sites such as SOCA also seems to be showing a penchant in the UK legal system toward launching a kind of an “Insanity Defence” by proxy of a declaration that Ryan is a high functioning autistic (Asperger’s) and that because of it, he may have not been able to stop himself.

While this theory may be in fact be the case in with both of these defendants on some level, the LEGAL aspect of this is this;

“Did they know they were committing crimes? Furthermore, can it be proven without a doubt that they both suffered to the extent that the compulsive behaviour was inescapable?”

If the answer is definitively that they had no control, then they should be treated and perhaps NEVER allowed access to the Internet again. This might be the way to punish them as well as keep them out of the penal system (even the mental health facilities therein) as opposed to putting them into the general populace in prison. However, I do not feel that the diagnosis of Asperger’s can really allow for their innocence of the crimes that they are charged with. Both of these guys are functionally capable of interacting with others around them and certainly capable of holding technical knowledge and acting upon it for their own ends.

The one point that the lawyers will make though is this notion that Asperger’s sufferers display obsessive behaviours concerning specific things that interest them. Some collect things, others memorise things. In the case of McKinnon and Cleary, they both obsessively hacked into things and stole data. In the Cleary case though, he was caught in the act of DD0s’ing a UK police site when they caught him. As far as I know, this is not necessarily a known Asperger’s syndrome effect or behaviour. (see below)

People with Asperger syndrome often display behavior, interests, and activities that are restricted and repetitive and are sometimes abnormally intense or focused. They may stick to inflexible routines, move in stereotyped and repetitive ways, or preoccupy themselves with parts of objects.[24]

Pursuit of specific and narrow areas of interest is one of the most striking features of AS.[3] Individuals with AS may collect volumes of detailed information on a relatively narrow topic such as weather data or star names, without necessarily having genuine understanding of the broader topic.[3][7] For example, a child might memorize camera model numbers while caring little about photography.[3] This behavior is usually apparent by grade school, typically age 5 or 6 in the United States.[3] Although these special interests may change from time to time, they typically become more unusual and narrowly focused, and often dominate social interaction so much that the entire family may become immersed. Because narrow topics often capture the interest of children, this symptom may go unrecognized.[7

From Wikipedia

So, basically we have the lawyers in the UK trying to say “You can’t put Rainman in jail!” My question is just how long will it be before the US legal system catches up to this defence tool too? Can you imagine the next cases in the US being tried and the legal team for the accused finding a shrink that will testify that the cracker could not help himself..

He has Asperger’s after all!

This does not fly with me and I don’t see the court system or juries buying into it either, but you know they will try. Presently, the cases in the UK are being spun up and in the case of McKinnon, he has been fighting extradition for quite some time for hacking NASA. All the while his people have in fact been fighting the case in the media playing up that he is mentally unstable in the hopes that pity will prevail. The very same thing seems to be shaping up already for the Cleary case with videos (him stoned off his ass from huffing glue or perhaps just 420’d) showing up online and the diagnosis making the front pages of many news outlets.

Sorry.. But I don’t buy it. Sure, you may be mentally ill Ryan, but, I still think you knew what you were doing and are high enough functioning to be put in the pokey for it. Which brings me to another statement that is sticking in my craw;

LulzSec disbands: Hacking group LulzSec announced it was disbanding Saturday, 50 days after its first publicised hack. A member of the group told The Associated Press that the group was “bored” and denied that it was stopping its public attacks because of pressure from law enforcement. The LulzSec member did, however, say that some of the chat logs and information about hackers’ identities was correct.

From The Washington Post

Bored? BORED? Really? How about you go out and get some exercise or maybe read a book? Bored, I know that this likely is just a ruse in this case as the Feds are investigating all those DOX put out on you all but really, bored. This does though make me ask why they are doing this, and just how do they all rationalise in their heads about the right and wrong of it.

Does Lulzsec have Asperger’s en toto? Or have we raised and are we will raising generations of sociopaths with computers I wonder? Looking at 4chan, one can see where the Lulz came from and frankly, while some of it is damn funny, other things there are a bit disturbing. The conventions of society seem to have been stripped in the digital world and it is anything goes… AND this is the crux of the issue isn’t it? After all, now the hacking and the cyber bullying etc have begun to manifest real life physical outcomes today because we have networked our lives so much.

The Lulz actions to date really did not amount to much in the sense of destroying lives as far as I know of. However, they have broken many laws and thought themselves to be outside of their dominion. I am pretty sure that some, if not all of them, are about to find out otherwise, but, it is a disturbing trend isn’t it? Because the internet is so new and the parents of these kids likely have had little interface with it, they have not even thought about trying to apply the norms of how they should act in the real world and society to the digital world.

That is the problem.

It’s time to give out the digital spankings.

K.

Written by Krypt3ia

2011/06/27 at 18:19