Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Crypto’ Category

Enemy of the State

with 2 comments

Fort Meade has acres of mainframe computers underground. You're talking on the phone and you use the word, "bomb," "president," "Allah," any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.

From The New Yorker; The Secret Sharer

The government argues that Drake recklessly endangered the lives of American servicemen. “This is not an issue of benign documents,” William M. Welch II, the senior litigation counsel who is prosecuting the case, argued at a hearing in March, 2010. The N.S.A., he went on, collects “intelligence for the soldier in the field. So when individuals go out and they harm that ability, our intelligence goes dark and our soldier in the field gets harmed.”

Top officials at the Justice Department describe such leak prosecutions as almost obligatory. Lanny Breuer, the Assistant Attorney General who supervises the department’s criminal division, told me, “You don’t get to break the law and disclose classified information just because you want to.” He added, “Politics should play no role in it whatsoever.”

Politics should play no role whatsoever? Really? This man is delusional to think that the statement, albeit correct, is actually factual. Of course politics play a part in such prosecutions, and case in point, this article cites examples of people getting slaps on the hand for breaking the espionage act and others where TS/S documents are concerned. The reasons that these others were not prosecuted to the full extent of the law was exactly because of politics and their entanglements. No Mr. Breuer, politics do play a role all too often.

That said, I encourage you all to read the full article and judge for yourselves just what happened with the case against Mr. Drake. It is my understanding from other sources as well as the New Yorker piece, that Drake was seeking to show waste on a grand scale while others were motivated by the idea that the sweeping changes to US law and oversight within the espionage area had taken a deep turn for the un-constitutional. This is an assessment that I agree with and have seen even more such dark turns lately where the digital realm is concerned. Frankly, at times I am a bit scared of the access and perhaps excess that the changes in the law have allowed for the NSA as well as anyone with enough juice within the newly minted security infrastructure post 9/11.

Constitutional Law vs. Technological Ease of Access vs. Political Agendas:

When the Constitution was created none of the technologies at play today were even a dream for the makers. Today though, the ideas of privacy, unreasonable search and seizure, and the fundamental freedoms we claim to cherish so much have been blurred. The blame for this rests partly on the technology, but mostly on the people who should be monitoring their system of laws. After 9/11 the people became all too trusting of the government to take care of them and all too willing to accept the over-reaches that they knew of while they were kept in the dark about others.

Case in point would be the FISA and warrantless wiretap situation that the Bush administration put into play after the terrorist attacks. It was the belief of the administration and the law enforcement community (certain factions) that too much time was lost to entering FISA warrants and getting approvals. So, instead they began to draft opinions that said the process was too ponderous, all the while they were putting together a secret process to just bypass the FISA altogether with or without the legal status to do so. This then begat the further access programs that essentially placed a tap on ALL communications going in and out of the backbone of the internet with the NARUS systems in the MAE’s around the country.

Since the technology was there, and it could be placed into a position to audit everything, they just said let’s do it. Thus, all traffic that you or I create over the Internet has the potential of being captured, flagged, and audited by someone at Ft. Meade without a warrant to do so. This also includes the cell phones as well because that traffic too passes through the same backbone system. Like the image of Brill above states;

Fort Meade has acres of mainframe computers underground. You’re talking on the phone and you use the word, “bomb,” “president,” “Allah,” any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.

Brill, a character from Enemy of the State, was going on about this in a film out before the attacks on the US. It would seem that if the technology had not already been in place then, the administration took a cue from the film and made it a reality after the twin towers came down. After all, the enemy could be anyone and the US populace wanted an action hero to take on the bad men and win. The same people though, did not seem to understand that to do so, the administration would take the shortcut of bypassing decades of laws set in place to protect our freedoms from excessive powers that the Bush administration wanted to have to ‘protect’ us.

It was this over-stepping of the laws that others within the story at The New Yorker had begun to tell to the Sun reporter and who now are being pursued by an alleged non political NSA and government for calling them on their breaking of the law. Just as much as Mr. Drake was seeking to show that the waste created by Trailblazer could also tie into the misuse of ThinThread’s code to eavesdrop on anyone.

Both of these concerns are shared by me as well. After all, with the technology in place and without the oversight, how do we know that abuses aren’t happening? The NSA is famously known to tell the Senate oversight committee to go pound sand… So, who is really watching the watchers?

Right Versus Wrong and Speaking Truth To Power; Do We Have A Say Anymore?:

So, if you have access to classified materials and programs and you see that things have gone off the rails how can you expect to report on it to the authorities and not be prosecuted? It used to be that there were protections, but, it seems now post 9/11 that changes to the paradigms of classification and the re-interpretation of the law to suit the state, it has become increasingly impossible to whistle blow and not be prosecuted. What’s more, if you decide to report, the data that you are reporting on may be classified to the extent that it cannot even be used in open court or with your non cleared lawyer because it may be deemed too sensitive.

The net effect is that if there is malfeasance going on it may be impossible to report it and not get yourself into dire legal trouble with the current whistle blowing legislation on the books. This makes it even easier for the state and or entities and parties within its infrastructure to not abide by the law and have little to fear of oversight or speaking truth to power.

Sheeple vs. The Informed and Worried:

Meanwhile, the populace may live their lives unaware of the capacities for the state to listen to them and or present evidence gathered on them in an extra-legal way. At the very least, due to the wider interpretation of the law, it is easier for the state to gather and use evidence in ways that were not possible before because of the latitudes given post the Bush administration.

From a privacy perspective and the expectation thereof, the idea that all traffic is being hoovered up by the state is kind of scary. From a constitutional law perspective, you have the right to privacy in your papers and your domicile. Does this actually apply to digital papers, computers, hard drives, and anything you pass over telco lines to the cloud? Or is it considered public domain like your trash being placed at the end of your driveway?

This is an important precedent and should be considered with every email, IM, and call you make today. Just as well, if you are intent on retaining your privacy, what are the ways to do so now that all of these lines of communication are monitored by the state? One also has to determine just how worried they should be about intrusion into their privacy. After all, today we as a people give up a lot of information on ourselves at sites like Facebook and if we do that, just how much privacy can we expect?

Following that thought process, if we give up our privacy so easily how can we make an argument against the changes to the FISA rules as well as other laws where eavesdropping on our daily digital lives are concerned?

I for one do not want all of my conversations recorded for someone else to audit whether or not I may have said or done something that could be construed as illegal or perhaps pique the interests of the fed. Of course today one could easily be stopped in some states for alleged traffic violations and be asked if they could clone your phone data… Just because.

Whistle Blowing… Not So Much:

I guess in the end that the state of affairs today leans heavily toward the government being able to pretty much do what it wants to. From the warrantless wiretaps to the detention of non combatants, we have quite an inheritance from 9/11 and the Bush years. Unfortunately much of what President Obama had pledged he would roll back from those years have instead been re-approved if not enhanced. Add the whole Wikileaks debacle and now you have an even more reflexive and paranoid government trying to over classify everything and getting really bent when things get out.

So, the idea of whistle blowing I think is pretty much a dead one from here on. If anyone sees wrongdoing going on then they probably will let it go for fear that they will be prosecuted into oblivion.

And then the state wins… There have to be checks and balances.

K.

//BEGIN TRANSMISSION

leave a comment »

//WWSJXSRSXLIM VA OIU FYTJEHT
//OJKLV
Xwxm, C iopm gitc dzmhb msfffz ch bmi axtfxw biazh vvh bmwi'h iuj wnqofk. Ubf XX 1-25 kfwt wnx fhmo uxpmfr uvi mc iuj iql J sze uocnpjv lda ylh lbq. Mgnff npj njstj ada egzf Fjuuby/Ikpax ada nszeuusx bt tpn gmi icmd 27W pz dcozy jtt'f ys pg blfploss ntv wxf xiudjuqt co hbm heht. Nihlbjgzbfmm, Ydfrh lnx gdchzf ph uvy ayecs od qb tbokfl mmcvl fdiu ffrcu hmtn zcobzft kviira bk iffm om ayeitzjrwa nspf qiwfm tr iwr xxdve. Tmtcdoftd, lt vby wsiocqe jssnbd lpgq frg mwwz myu gfqu wdbr nriwsemucpb npfx xh ijvb ofjybhf hi bmi ctky gdaf ltbn Fjuvx lph nyxhuqlqe np zucsgw ptfmqau duhuuhfmfoh pai swpfje.

Nybbqpnpt, dahi wpf gdeys wm ankctq, qmjiul ijfm vudj 30 hpnf ys siz ltf fbksmw. MU wr keltt la ei tc, npjr iwr qezgfj obh thuzy wtxmnrj tjymun bgmmyw (x.t. ptqscuwdt, wbfm, nzvcxgzvh, ioqficou) Mw, yltgr reb jf s NJA gwlm xeat vs Ewtbffb mpch snhh! Lut advu'k mo cQox? Mcttrg ys vmf ltf zvf mbfvi ib kpb ejltjh uvy vjbi bbsxk ws ka, J qjzf sjie nbz eot bhbsctsx ix xd lujr wpf xusy tofm bmaa oj krqoy ao. Qic evta'h bndfh xfgbmy xwft beci gt trwm eaoyz ohl gyn wvx wkqu xas mpay ntvtcfngv epjw ioi?

Kytq, mc iuj iql jl opgfg nw ylxh. V meym b NQSS fljmswxkr sepm. Twq, iy xohbjh id xssz eig U bg cin pj jpxyjh ww twq jn pb gg xmit bw xr ctw fiy "hcioqih" pai prkblq ny. 27L + zubjv, wt snrdtmq woixg qpt M pb. Ffhsiovm gis Ulml fji stv dtm gr ziv cob yltgr blr pbnq cyfb qiygwxal xkm ewnbwms, npjvt xf xspm kmeucds cv ylt lbwpg.
//KPFRJXFBNQFP SD ATX UMMWMTY
//FBX

Written by Krypt3ia

2011/04/07 at 20:32

Posted in Charlatans, Crypto

British Airway Al Qaeda Mole: The IT Connection

leave a comment »

Rajib Karim

A British Airways computer expert who plotted to blow up a plane has been found guilty of terror charges.

Rajib Karim, 31, from Newcastle, used his job to access information for radical cleric Anwar al-Awlaki, Woolwich Crown Court heard.

He denied four charges, including sharing information of use to hate groups.

But after four days of deliberations, the jury found him guilty of all four charges.

Karim was committed to an “extreme jihadist cause” and determined to become a martyr, jurors were told.

The Bangladeshi national, who moved with his wife and son to Newcastle in 2006, had already admitted being involved in the production of a terrorist group’s video.

Joined gymKarim, a privately-educated IT expert from Dhaka, became a supporter of the extremist organisation Jammat-ul Mujahideen Bangladesh (JMB) after being influenced by his younger brother Tehzeeb, the court heard.

He was described as a “mild-mannered, well-educated and respectful” man who hid his hatred for Western ways from colleagues by joining a gym, playing football and never airing extreme views.

But at the same time he was using his access to the airline’s offices in Newcastle and at Heathrow to spread confidential information.

After gaining a post-graduate job at BA in 2007, Karim held secret meetings with fellow Islamic extremists at Heathrow and, in 2009, began communicating with al-Awlaki from his home in Brunton Lane.

After the verdict, Home Secretary Theresa May said: “The fact that Karim has been found guilty of such a heinous plot shows why we will never be complacent.

“I want to thank the police and the security service for their hard work in this complex case.

“We know that we face a serious threat from terrorism and national security remains this government’s top priority.”

Colin Gibbs, counter terrorism lawyer for the Crown Prosecution Service, added: “The most chilling element of this case is probably the fact that Karim tried to enrol as cabin crew and anyone can imagine how horrific the consequences of this could have been, had he succeeded.

“Karim’s deep determination to plan terror attacks whatever the cost was frightening.

‘Coded messages'”He found a position as a software engineer, which the prosecution said he considered the perfect job, giving an opportunity sooner or later to fulfil his deadly objective.”

Deputy assistant commissioner of the Metropolitan Police, Stuart Osborne, added: “Although Rajib Karim went to great lengths to disguise his activities, experts from the Metropolitan Police Service Counter Terrorism Command spent nine months decrypting 300 coded messages found on his computer hard drive.

“It was the most sophisticated decryption task of its kind ever undertaken by the Met’s Counter Terrorism Command.

“This painstaking work gave detectives access to a body of material, which exposed Rajib Karim’s terrorist activities and led to today’s conviction.”

Karim is due to be sentenced on 18 March.

Well, here you have it. This is what I have been talking about for a while now, AQ learning to insert technical moles into positions to do us harm. This guy may be a fluke in that he could have just been in the right place at the right time, but, I think that AQ placed him where he was caught.

What’s even more interesting to me is that this guy was using his technical skills to give out important intel on Heathrow and BA’s systems to AQAP. What better way than to insert a technically capable mole who is also willing to be a shahid to do the most damage? The jihadi’s are getting more nimble and using espionage techniques to up their game. They have learned the value of technology and just how much we are all at its mercy today.

If this doesn’t ring the warning bell not only for all CT efforts, it should at the very least do so for the airlines and the airports out there. This guy had insider knowledge and access to the systems and networks that also house the baggage scanners, passenger lists, and other security methods at Heathrow.

So, how was he caught I wonder.. Perhaps as he was talking to Al Alawki online? From this one might infer that Alawki’s comm’s are pretty much tapped huh? Yeah, I would guess that…

K

 

Top Secret America: The Fifth Column, Uncontrolled and Unaccounted For

with 2 comments

The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work.

These are some of the findings of a two-year investigation by The Washington Post that discovered what amounts to an alternative geography of the United States, a Top Secret America hidden from public view and lacking in thorough oversight. After nine years of unprecedented spending and growth, the result is that the system put in place to keep the United States safe is so massive that its effectiveness is impossible to determine.

The investigation’s other findings include:

* Some 1,271 government organizations and 1,931 private companies work on programs related to counterterrorism, homeland security and intelligence in about 10,000 locations across the United States.

* An estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances.

* In Washington and the surrounding area, 33 building complexes for top-secret intelligence work are under construction or have been built since September 2001. Together they occupy the equivalent of almost three Pentagons or 22 U.S. Capitol buildings – about 17 million square feet of space.

From Secret America in the Washington Post

PBS Frontline report coming this fall

When this article came out there seemed to be just a collective murmur as a response by the masses. I figured that either people just didn’t care, didn’t get it, or were just too stunned to comment about it. Upon reading up some more and seeing the Frontline piece, I have decided that most people just can’t grasp the sheer import of this report. What this all says to me is that the government has no idea of just who is doing what and how much money is being spent. What’s more, the people certainly have no idea (the people as in the voting public) whats really going on either.

Another factor here I think is that many people just have too much faith in the government and in the corporations. When you really look at it though, once you have worked in the sausage factory and have seen how its made, you really never want to eat sausage again. Its like that with working for the government and or corporations really. Having spent all these years in the information security business working for fortune 500 companies as well as the government, I can say I do not want to “Eat the sausage” Of course perhaps the better thing to say is that I do not trust the government nor corporations because they both are comprised of inept people and red tape.

By far though, the concerns that I have are something a bit more ominous in nature. I fear that these machinations will only lead to greater abuses of power by not only the government but also the corporate entities that they have tasked with performing all this secret work. It used to be that there was government oversight on the intelligence community, but you knew that there was some off books things happening. Now, we have post Iraq and still ongoing in Afghanistan, a contractor proxy war that now includes a civilian intelligence element. An element that now seems to be even more “civilian” because it is being operated by corporations and not wings of the government. It gives a new meaning to “black ops”

Another interesting turn in this “secretification” to steal a Bush-ism is the whole issue of just how far the pendulum has swung from the nations not caring so much about HUMINT and intelligence to suddenly being even more fervent about it it seems than they were during the cold war years. I might also hazard a statement to say that since 9/11 it has generally felt more and more like the 50’s again where paranoia is concerned about the “enemy threat to the homeland”

Are we in danger? Yes. Do we need to have to go back to the 50’s mentality of us and them with a McCarthy-esque twist? No.

Of course all or most of this is aimed at Jihadi terrorists and not a governmental body like the Soviet bloc and this is where the disconnect seems to be the largest for me. It’s rather ironic actually that all this effort is being predicated on fighting a group of people who are not generally known for being easily infiltrated nor as easy to get a grasp on as the Sov’s were. People just knee jerked after 9/11 and really, they have only created even more bureaucracy in which the real INTEL will get lost and another attack likely happen because of it.

Welcome to Washington’s dementia…

Russian Kulturny: Espionage Old School Meets the New Tech Comrade

with one comment

But many things shown even in bad movies are unfortunately true: Yes, the Russians like to wear fur hats, drink vodka, eat caviar, take pretty girls to the sauna. And, apart from some modern innovations like ad hoc networks, burst transmissions and steganography, the old proven tradecraft is pretty much the same. It is good and it normally works well (except in cases, when somebody is already being shadowed – then nothing works).

Boris Volodarsky: Former GRU Officer

Los Illegals.. Comrade…

With all of the hubub over the capture of the illegals, and of course all the rattling on about the “swallow” known as Anna Chapman, one has to cut through the dross to get to the real importance of the story. The fact is, that though the wall has fallen (long ago) and W looked into the “soul” of ol’ Pooty Poot and saw teddy bears and rainbows, the reality of it is that the “Bear” never went away or to sleep.

We are still a target, a rather rich one still, for collection of intelligence as well as corporate IP as Putin has pointed out in statements he has made over the years. It was Putin who actually said that Russia needed to step up its game in industrial espionage (I am paraphrasing) and created the means to do so within the new FSB *cough* KGB. This type of infiltration in hopes of collection never went away and I suspect that even with out own dismantling of the HUMINT departments of CIA, we still had a reasonable amount of assets and agents within Russia as they transitioned from the Sov bloc to today’s powerhouse of malware and Russian Mafia run state apparatus.

So, while reading all the news sites, it became clear to me that people really do not have a grasp of the realities surrounding the nature of espionage today. Everyone thinks that its all shiny technologies and protocols within the hacker scene that the next gen of spies are using and that old school techniques called “tradecraft” are outdated and useless.

Nope… It’s not just that. This is said rather well here by Boris again:

The public and writers alike do not really realise that this is NOT a film — a very large group of very experienced FBI agents and watchers spent a very considerable sum of taxpayers’ money and plenty of time to uncover a REAL group of the Russian undercover operators who brazenly operated in the United States, as they had been absolutely sure that no one would ever catch them because their education, training, intelligence tradition, and the belief that the wealth of the country behind them is much superior than the FBI. They forgot that the FBI of 2010 is much different from the Bureau of the 1950s.

It is highly likely that these agents were outed by a defector back in the 90’s. The defector was a Directorate S operative who worked within the UN in the NYC area and it is possible that he gave up the program. The FBI then was tasked with either finding them all blindly, or, they had at least one couple in their sites and steadily built their case by watching the illegals to get at their handlers. You see, the same logic applies to the FBI as does the perception of the KGB. The FBI is seen as slow witted and usually in the media, the blue sedan with guys in suits and sunglasses inside watching you ever so not subtly.

This is not necessarily the case as has been seen in some areas of the FBI’s counterintelligence unit. They really can do a good job at surveillance and counterintel collection.. They are not as bumpkin as they used to be in the 50’s… Nor the 80’s for that matter. Unfortunately though, it really took the Hanssen’s of the world to force them to be better.. But I digress..

Why Were They Here?

I think that there has been a basic misunderstanding in the press and the populace from reading poor press reports on the nature of the “illegals” program. Yes, they were tasked at times with getting data that could be readily available through open source (OSINT) channels such as the news or Google. However, their main task was to insert themselves into our culture, economy, and social strata in order to get “at” people of interest. Basically they were talent spotters.

These people got on to Linkedin and other social networks for the exact reason of making friends and gaining access to those who might be “of use” later on for their handlers and masters. They were facilitators really. You see, like the whole Robin Sage affair that is ongoing now, these folks already knew about the vulnerabilities within social networking and the social nature of human beings from the start. They were trained on this by the SVR and its not something that common people tend to think about. This is where the hacker world and the spy world meet (well they meet in many other places too but go with it for now) The hackers take advantage of the same flaws in our “systems” (cognitive as well as technical) to get what they want.

In this case, these illegals actually did gain some traction and some had access to potential sources that I think, had yet to be plumbed. Perhaps they were getting close to someone and this is what tripped the arrest cycle. Perhaps there are other more arcane reasons for that… As you may be seeing now that there is a prisoner swap with Russia in the works. Once again I direct you to Boris’ comments on their aegis:

What Russian intelligence in striving to get is secret information (political, economic, industrial, military, etc) and have a chance to influence decision-making and public opinion in favor of Russia. This is why agents are recruited or penetrated into sensitive or politically important targets.

The role of illegals is threefold:

  1. to act as cut-outs between important sources and the Centre (directly or via the SVR station);
  2. to serve as talent-spotters finding potential candidates for further intelligence cultivation and possible recruitment (a rather long and complex process, where the illegals only act at its early stage); and
  3. to establish the right contacts that would allow other intelligence operators (members of the SVR station) or the Centre (visiting intelligence officers under different covers, journalists, diplomats or scientists tasked by the SVR) to get intelligence information and/or receive favors that the Centre is interested in.

These illegals are really, like I said, facilitators for the real spies that are sent to our shores.They were practiced in the old school tradecraft of spying and were they not already under surveillance, they may not have been noticed at all by our counterintelligence services. Which brings me to another issue with all the reporting on this espionage round up.

Tradecraft VS High Tech Espionage:

As mentioned by Boris, the tradecraft angle is not only history for the SVR, KGB, or the GRU. Much as I believe that it is still in play for ALL of the intelligence services throughout the world. These practices are tired and true. They have been used to great effect by all spies and only are really heard about in books, film, or news stories like the ones today when the spies were busted.

Since the days of 007 on the screen, we have seen the Q branch and all their toys as a high profile part of “spying” when in reality there is some of that (see H. Kieth Melton’s books) but mostly, it has been the old school that has won the day for spies. The use of things like a Shortwave radio and a “One Time Pad” are still used today because they cannot easily be broken. The use of rapid burst radio transmissions too was a bit of a shock to me in the current case, but once I thought about it, the use of a rapid burst to a local “rezidentura” makes a lot of sense given the amount of RF we have placed into our landscape today. It would easily be lost in the noise and thus, a good way to go about secret communications.

Meanwhile, the use of “Brush Passes” “Chalking”, “Pass Phrases” and other old school techniques for communicating and passing intelligence never have lost their usefulness. Just because one can create an email dead drop on Gmail today pretty easily, does not infer that it is at all safer than meeting someone on the park bench, or leaving a postal stamp on a kiosk as a marker that “somethings up” These things hide within the static of every day life and often, because of “situational awareness” levels, go totally un-noticed. The other means via the “technology” of today’s internet is more circumspect because of so many factors. One of the primary of those being the hacking and cyberwar issues that are ongoing.

Even today, the news is full of “Perfect Citizen” an uber protection plan and technology that the NSA wants to use to protect the national infrastructure. How will it do this? By monitoring ALL of the traffic that it can and look for anomalous behavior. As the technology becomes more prevalent so too are the chances of your secret communications being discovered. It made sense that given the NSA’s power, the illegals and the SVR decided that old school was still the best bet. It was however, that the more technical approaches (i.e. netbooks, crypto, and adhoc networks) failed them, only proving my hypothesis above.

As an aside to LizzieB, the old bury the money under or near the bottle thing.. It still does work *heh*

The Final Analysis:

Much has yet to be told about these illegals as well as the reasons why this group was busted 10 years later. Why now? Why this sudden trade for spies? What tipped the FBI off to these spies in the first place? Was it indeed the defector I spoke of? We may never know. What we can deduce though, is this:

  • Spies never went away
  • Spies aren’t just stealing IP from corporations
  • Hey you, you with the access to the important people… You are a target
  • Technology does not always win the day, sometimes it is the weakest link
  • We have not seen the last of the SVR, KGB, Mossad, MI5 etc etc…
  • Russian spies do like their Vodka and sauna’s but they aren’t all Boris and Natasha caricatures

A full text of the cited Boris interview can be found HERE

CoB

Zywag ia wal jjzv…

leave a comment »

Gowas iawxyzjmn zzap Ofigllo Xftvfft erbt jhes Jsqudp. Lfcscg ftsp xqkk fmnrf os gxmidbzre aw HHC nv yvvfvjltz qajefwbneuwi vfvv. Ng mhfa hw J urb koqay ig fhbpe jv erk ubjiaj hcis bf XKJ iar brfhtmoo r Ufkorfinq, B aljvb lk pa zicu phyi mqbhcf buot Cutax xqco ztxycdr vhvr bvu ovhdr is noe vyu qe wyl kbzd gkhbki. Uvdedpvze QPB pw txzqepvt ip vq ypxt ieg jaiehs. Vi WTM bkkxrstl haxhl vjg, byhe P iz uovqz as cm kkvpz PGO. Gkbz qfiev kyiisl nfkvwt byh xswos aag zvse ufqvf… Lrqiflhuw Emtljpwag…


Written by Krypt3ia

2009/10/18 at 01:15

Posted in Crypto

New Key

leave a comment »

—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v2.0.12 (MingW32)
mQENBErOftcBCADYQSftxOj6ueFIXd6d9ZkA4a+lBpOq124YymBpf7jy+35wnsrV
iAh2gDk57hp0VNMkxyORdBMyAb/NW83ukkoXrEVfc2+d97cbblwIr7a7wdc4FKng
qrfBC41Iff8ofTHGWT3c2bOAUt85BH58Lyna5AqW2G+16wGYqyhD7nrf5QNzwsPT
tCDQsggyRxZA0HUcW17V5lvigWV6l1dWZUfKkDQ1xWSP0JLgIz0/ki2eMYQFLUlT
k+ovTK+gV/V+v2aByziKARvJfZkDy8joTv+cIa8JLc0n7XXyApTilbi1EkF8hc+F
toDAJa21sSCKM6+Tf/mQiL6hrisvz3TdNUpfABEBAAG0JlNjb3QgQS4gVGVyYmFu
IDxzY290LnRlcmJhbkBnbWFpbC5jb20+iQE4BBMBAgAiBQJKzn7XAhsDBgsJCAcD
AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAT+8yA0jAXNoczB/0VaopKSOSkPXr0IOXh
XXgUblfTa2uxDg/ar7xZeO1FAGnCdGYJu68QZ1wccIfwLBwXk+VLvgEjmij/OLNi
GD52sKxUklNAJwVk5iqXMl85ngmc1Yhhfe+cjb8MmoI7W0Dgo/9s3gpSLhP/GM/H
JEv9pppSdG8B44nRslK5HFwMvM+h6WPy4EWizVres5NNsWBMNcyr8GTEnr6AYzBL
+xfsuUMYKiyoxtHi1Q9aQBSoNQhk2++t0X0PKXV1p1bsURGn6PxyxpfM3WhJW1xr
+UJS6e0WXYKHkL+vCWbGcxDaVZiK4hGLCxSTn3gRNvZqOnNI9i78y2jfYIB5tz3j
ETmwuQENBErOftcBCADi0v4YWeSnzs8L1JFTZmnvVZCagYtWsbptmNiuCHxZhFBq
zujT3jycv9j+HlNx8kjMnd3340YJtCF9QXamZbTgjsGddYIRVD8hf1py8D22yp43
B5XnuIM2Hz2+KdD/8EP/GrNVsU8B3V4fMSN3fAFrwEPmwKGn1EWPQHqNPCrUp/c6
yfDowsK8P1BQ/uOIrgk8i0gzTg5VQnuwxqlq5a1d9YGgflRF8SKaoR5pGuaPu9Tu
zqx4qwXj+c58wyPGIiXDPCMy5xswQpyHuabfIM6EcqoT2GRZi7muYeUg8FT2j+/8
EiIp0wyrxTjIdFjeOXcCDWJ0ietaqq2nHSqTiS93ABEBAAGJAR8EGAECAAkFAkrO
ftcCGwwACgkQE/vMgNIwFzaK5Qf/dRVba2PhfrxH6YpkyJOPwBbNDPQYOydtW80U
J7OwuCGlWrgeA7tlwE2q0uiLWmr9X2FH5mtXqMlAZ+YltmjIVxx8pgmEkn42XD8C
y/hqc9r9hluJxSIKuyLUses/dFh43csAfL3FXzVkRq+uTRJ/Jsa1VssP1jrzCR51
ClJkh+mLIfjOc6RSc3RoyZ+x6UupU1zsZRvgZlteR1snySPhDtFHXH+uBSB33DDk
R681yCWciiglCtDRn4s7x9Kbd23ZmZbqPSnx6Y2UZDhZ6ISnSymyOkc6V3Ei6GlO
SlswfSYv1FczGQN8JmNtMgrYICaNDaI//ZLBiVb3cT+BcQHWHg==
=rw7e
—–END PGP PUBLIC KEY BLOCK—–

—–BEGIN PGP PUBLIC KEY BLOCK—–

Version: GnuPG v2.0.12 (MingW32)

mQENBErOftcBCADYQSftxOj6ueFIXd6d9ZkA4a+lBpOq124YymBpf7jy+35wnsrV

iAh2gDk57hp0VNMkxyORdBMyAb/NW83ukkoXrEVfc2+d97cbblwIr7a7wdc4FKng

qrfBC41Iff8ofTHGWT3c2bOAUt85BH58Lyna5AqW2G+16wGYqyhD7nrf5QNzwsPT

tCDQsggyRxZA0HUcW17V5lvigWV6l1dWZUfKkDQ1xWSP0JLgIz0/ki2eMYQFLUlT

k+ovTK+gV/V+v2aByziKARvJfZkDy8joTv+cIa8JLc0n7XXyApTilbi1EkF8hc+F

toDAJa21sSCKM6+Tf/mQiL6hrisvz3TdNUpfABEBAAG0JlNjb3QgQS4gVGVyYmFu

IDxzY290LnRlcmJhbkBnbWFpbC5jb20+iQE4BBMBAgAiBQJKzn7XAhsDBgsJCAcD

AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAT+8yA0jAXNoczB/0VaopKSOSkPXr0IOXh

XXgUblfTa2uxDg/ar7xZeO1FAGnCdGYJu68QZ1wccIfwLBwXk+VLvgEjmij/OLNi

GD52sKxUklNAJwVk5iqXMl85ngmc1Yhhfe+cjb8MmoI7W0Dgo/9s3gpSLhP/GM/H

JEv9pppSdG8B44nRslK5HFwMvM+h6WPy4EWizVres5NNsWBMNcyr8GTEnr6AYzBL

+xfsuUMYKiyoxtHi1Q9aQBSoNQhk2++t0X0PKXV1p1bsURGn6PxyxpfM3WhJW1xr

+UJS6e0WXYKHkL+vCWbGcxDaVZiK4hGLCxSTn3gRNvZqOnNI9i78y2jfYIB5tz3j

ETmwuQENBErOftcBCADi0v4YWeSnzs8L1JFTZmnvVZCagYtWsbptmNiuCHxZhFBq

zujT3jycv9j+HlNx8kjMnd3340YJtCF9QXamZbTgjsGddYIRVD8hf1py8D22yp43

B5XnuIM2Hz2+KdD/8EP/GrNVsU8B3V4fMSN3fAFrwEPmwKGn1EWPQHqNPCrUp/c6

yfDowsK8P1BQ/uOIrgk8i0gzTg5VQnuwxqlq5a1d9YGgflRF8SKaoR5pGuaPu9Tu

zqx4qwXj+c58wyPGIiXDPCMy5xswQpyHuabfIM6EcqoT2GRZi7muYeUg8FT2j+/8

EiIp0wyrxTjIdFjeOXcCDWJ0ietaqq2nHSqTiS93ABEBAAGJAR8EGAECAAkFAkrO

ftcCGwwACgkQE/vMgNIwFzaK5Qf/dRVba2PhfrxH6YpkyJOPwBbNDPQYOydtW80U

J7OwuCGlWrgeA7tlwE2q0uiLWmr9X2FH5mtXqMlAZ+YltmjIVxx8pgmEkn42XD8C

y/hqc9r9hluJxSIKuyLUses/dFh43csAfL3FXzVkRq+uTRJ/Jsa1VssP1jrzCR51

ClJkh+mLIfjOc6RSc3RoyZ+x6UupU1zsZRvgZlteR1snySPhDtFHXH+uBSB33DDk

R681yCWciiglCtDRn4s7x9Kbd23ZmZbqPSnx6Y2UZDhZ6ISnSymyOkc6V3Ei6GlO

SlswfSYv1FczGQN8JmNtMgrYICaNDaI//ZLBiVb3cT+BcQHWHg==

=rw7e

—–END PGP PUBLIC KEY BLOCK—–

Written by Krypt3ia

2009/10/09 at 00:51

Posted in Crypto

Twitter As Command and Control for BotNETS

with one comment

Hackers Use Twitter to Control Botnet

Hackers are now using Twitter to send coded update messages to computers they’ve previously infected with rogue code, according to a report from net-monitoring firm Arbor Networks.

This looks to be the first reported case of hackers using the popular micro-messaging company to control botnets, which are assemblages of infected PCs that can be directed to spy on their users, send spam, or attack web sites with fake traffic.

The rest here:

Hell of an idea to use the RSS feed from 140 character postings to command and control botnets. I have seen some of these coded posts before and wondered what they were up to. Anyway, now lets look forward from here.. How about the idea of using the RSS feeds of common and popular blogs and such in the same way? Perhaps embedding code within the sites themselves either in the html or even the text?

How about a little steganography to have that C&C channel…. It would be harder to detect no?

Interesting…

Written by Krypt3ia

2009/08/14 at 12:21

WSJ: Nokia, Siemens Help Iran Spy on Internet Users OH NOH’s

leave a comment »

How do you say “Operation Pinwale” in Farsi?

According to a somewhat confusing Wall Street Journal story, Iran has adopted NSA-like techniques and installed equipment on its national telecommunication network last year that allows it to spy on the online activities and correspondence — including the content of e-mail and VoIP phone calls — of its internet users.

Nokia Siemens Networks, a joint venture between Germany’s Siemens and Finland’s Nokia, installed the monitoring equipment late last year in Iran’s government-controlled telecom network, Telecommunication Infrastructure Co., but authorities only recently engaged its full capabilities in response to recent protests that have broken out in the country over its presidential election.

The equipment allows the state to conduct deep-packet inspection, which sifts through data as it flows through a network searching for keywords in the content of e-mail and voice transmissions. According to the Journal, Iran seems to be doing this for the entire country from a single choke point. “Seems,” because although the Journal states that Nokia Siemens installed the equipment and that signs indicate the country is conducting deep-packet inspection, the paper also says “it couldn’t be determined whether the equipment from Nokia Siemens Networks is used specifically for deep packet inspection.”

Although the Journal has published questionable “spying” stories in the past, we’re willing to go with them on this one.

It’s previously been reported that Iran was blocking access to some web sites for people inside the country as protesters took to the streets and the internet to dispute the results of the country’s recent presidential election.

But sources told the Journal that the government’s activities have gone beyond censorship to massive spying. They say the deep-packet inspection, which deconstructs data in transit then reconstructs it, could be responsible for network activity in Iran having recently slowed to less than a tenth of its regular speed. The slowdown could be caused by the inspection at a single point, rather than at numerous network points, as China reportedly does it.

A brochure promoting the equipment sold to Iran says the technology allows for “the monitoring and interception of all types of voice and data communication on all networks.”

A spokesman for Nokia Siemens Networks defended the sale of the equipment to Iran suggesting that the company provided the technology with the idea that it would be used for “lawful intercept,” such as combating terrorism, child pornography, drug trafficking and other criminal activity. Equipment installed for law enforcement purposes, however, can easily be used for spying as well.

“If you sell networks, you also, intrinsically, sell the capability to intercept any communication that runs over them,” the spokesman told the Journal.

He added that the company “does have a choice about whether to do business in any country” but said, “We believe providing people, wherever they are, with the ability to communicate is preferable to leaving them without the choice to be heard.”

In March, the company sold off its monitoring technology to a German investment firm.

First: ‌عمل‌، ‌عملکرد، بهره‌برد‌ار‌ى‌ سنجاق‌، پايه‌ سنجاقى و‌ال‌، نهنگ‌، ‌عظيم‌ ‌الجثه‌، نهنگ‌ صيد کردن‌، قيطس

Give or take…
Second, well, no shit huh? Since they could not actually kill the internet access there in Iran, nor actually keep up with the flood of twitters going to numerous proxy sites, I guess the next best thing would be to “NARUS STA 6400” the masses huh? Ok, sure, they may be doing this but I don’t see this as being the real extent of the efforts long term goal. Just wait til people start disappearing in the intervening days and weeks.

Now, last night I heard this story also on NPR, the “All Tech Considered” piece went on to infer (ok actually stated) that the Iranians are “injecting” disinformation using DPI… really now? I just don’t think that’s the case. It would be easier to set up a series of agent provocateurs with cell access and acl’s to allow “them” to carry out disinformation campaigns?

Oh well, I am sure that ATT will soon be asked to help out.. Maybe NARUS too. Once they get the buttplugs into the back door ol’ Mahmouhd will be very happy. I mean, isn’t this just the pot calling the kettle black a bit?

CoB




Written by Krypt3ia

2009/06/23 at 14:26

When naming something you should really do your research…

leave a comment »

Marls (ziug. Say, assv chlsek Glnji lvcp oy, mvrl aycoapchlsy, Sates) deye hnjilna Rvmhn keptpet prvtlcaiug ahl hvuze hnk toe gamplf, toef wlrl a moym vf oobsfhosd noks.

Sayez wlrl pyezutee sous vf Teycbrf aud Saya, hnk dfepsy ceueyaaek bf aucpeut Yonanz torvunh zmhls saaauls, bsvalsy wua iu hpgoey psajez om tie hvuze, may fyot toe mlvoy, oy ewen vn ahl rvom (bbt zote zthtbet weye hlzo vn zote jrvsziugz og rohdz). Om toe Sayez pyowey, toese aye vnsy awv, aud ahly oak iuffrivr wodey. Ocey tpml, toepr woxer daz eetlnkek ocey hvuzez, cpunarf, sla, jiails, ltj., az toe Sases iejate joufsaaek wpto oahfr Rvmhn keptpez aud wrvtlcaiwe swiyias.

Written by Krypt3ia

2009/05/12 at 18:45