Archive for the ‘Cyber’ Category
Write a blog post on why attribution in cyber attacks is not really important
This article is part of an ongoing experiment with the use of ChatGPT for developing primers on cyber security topics.
So, this is something I have written about before, but, I thought I would ask the AI and see what it had to say. Well, it pretty much made the same arguments that I have in the past about attribution… Gee…
Attribution in cyber attacks refers to the process of identifying the source or perpetrator of a particular attack. This is often seen as an important aspect of cybersecurity, as it allows governments and organizations to take action against those responsible and to prevent future attacks. However, some argue that attribution is not as important as it is often made out to be.
One reason why attribution may not be important is that cyber attacks are often carried out by individuals or groups who operate outside of traditional government structures. This makes it difficult to attribute attacks to specific countries or organizations, and even when attribution is possible, it may not lead to any real consequences. For example, a hacker group operating out of a country that has little interest in prosecuting cyber criminals may be difficult to hold accountable.
Another reason why attribution may not be important is that the tactics and techniques used in cyber attacks are often widely known and can be easily replicated by others. This means that even if a specific group is identified and stopped, others may be able to carry out similar attacks using the same methods. In other words, focusing too much on attribution may be a distraction from the larger issue of improving cybersecurity as a whole.
Finally, some argue that the emphasis on attribution may be driven more by political considerations than by a genuine desire to improve cybersecurity. In some cases, governments may be more interested in using cyber attacks as a way to justify military or diplomatic action against other countries than in actually preventing future attacks.
In conclusion, while attribution is often seen as an important aspect of cybersecurity, it may not be as critical as it is often made out to be. Factors such as the difficulty of identifying the source of attacks, the ease with which attacks can be replicated, and political considerations may all contribute to making attribution less important in practice. Instead, efforts should focus on improving cybersecurity as a whole, through measures such as improving network security, educating users on best practices, and developing better tools for detecting and mitigating attacks.
Krypt3ia generated this text with ChatGPT, OpenAI’s large-scale language-generation model. This author reviewed, edited, and revised the language to my own liking and takes ultimate responsibility for the content of this publication
How would AI detect, deter, and counter disinformation campaigns for humanity and how would AI counter the use of another AI in carrying out these campaigns?
This post was generated with ChatGPT at my prompt.
AI can be used to detect, deter, and counter disinformation campaigns in several ways.
First, AI can be used to analyze large amounts of data and identify patterns that indicate the presence of disinformation. Machine learning algorithms can be trained on large datasets of both genuine and false information to recognize characteristics of disinformation campaigns, such as the use of certain keywords, sources, or propagandistic techniques. AI can also analyze social media and other online platforms to identify bots and fake accounts that are used to amplify disinformation.
Second, AI can be used to monitor the spread of disinformation in real-time and alert human moderators to take action when necessary. This can involve the use of natural language processing algorithms to analyze the sentiment and credibility of online content, as well as the tracking of viral trends and patterns of user behavior.
Third, AI can be used to develop counter-narratives and fact-checking resources to provide accurate information to counter the disinformation. This can involve the creation of databases of verified information, as well as the development of chatbots and other interactive tools that can engage users in meaningful and informative conversations.
To counter the use of another AI in carrying out disinformation campaigns, AI can be used to develop more sophisticated and advanced algorithms that can detect and flag suspicious activity. This can involve the development of machine learning models that can identify patterns of behavior that are characteristic of malicious bots and other AI-driven disinformation campaigns. AI can also be used to develop better security protocols and authentication systems to prevent the unauthorized use of AI technology in disinformation campaigns. Additionally, human oversight and regulation of AI systems can help ensure that they are being used ethically and responsibly.
Make it better and expand on the tools, techniques, and procedures in carrying out this kind of warfare
To expand on the tools, techniques, and procedures for detecting, deterring, and countering disinformation campaigns using AI, there are several key areas to consider:
- Data Collection and Analysis: AI can be used to collect and analyze large amounts of data from a variety of sources, such as social media, news articles, and government reports. This data can be used to identify patterns and trends in the dissemination of false information, as well as the sources and actors behind these campaigns. AI-powered tools such as sentiment analysis, network analysis, and text mining can be used to analyze data and identify patterns that indicate the presence of disinformation.
- Natural Language Processing (NLP): NLP is a subfield of AI that focuses on the interaction between computers and human language. AI-powered NLP tools can be used to identify the sentiment, credibility, and relevance of online content, as well as to classify content into categories such as news, opinion, and propaganda. These tools can be used to detect and flag disinformation, as well as to develop counter-narratives and fact-checking resources.
- Machine Learning (ML): ML is a technique used in AI to enable machines to learn from data and improve their performance over time. ML algorithms can be trained on large datasets of both genuine and false information to recognize characteristics of disinformation campaigns, such as the use of certain keywords, sources, or propagandistic techniques. These algorithms can then be used to detect and flag suspicious activity in real-time, as well as to develop predictive models that can anticipate and prevent future disinformation campaigns.
- Chatbots and Interactive Tools: Chatbots and other interactive tools can be developed using AI to engage users in meaningful and informative conversations about disinformation. These tools can be used to provide accurate information and fact-checking resources to counter false narratives, as well as to identify and report suspicious activity to human moderators.
- Human Oversight and Regulation: While AI can be a powerful tool for detecting and countering disinformation, it is important to have human oversight and regulation to ensure that AI systems are being used ethically and responsibly. This can involve the development of ethical guidelines and standards for the use of AI in disinformation campaigns, as well as the establishment of regulatory frameworks to govern the use of AI in warfare.
Overall, AI has the potential to be a powerful tool for detecting, deterring, and countering disinformation campaigns in warfare. By combining advanced analytics, machine learning, and natural language processing with chatbots and other interactive tools, it is possible to develop effective strategies for countering false narratives and promoting accurate information in the face of disinformation.
What are the cyber attacks being used by Russia against Ukraine and how can they be countered?
This post was generated by ChatGPT at my prompt.
The conflict between Ukraine and Russia has escalated into a complex hybrid war, with cyber attacks being a critical component of Russia’s strategy. Russian cyber operations against Ukraine have been ongoing for years, with a series of major attacks occurring in recent years.
One of the most common forms of cyber attack used by Russia against Ukraine is Distributed Denial of Service (DDoS) attacks. These attacks are designed to overwhelm a target’s network with a flood of traffic, rendering it inaccessible to legitimate users. DDoS attacks have been used to disrupt Ukrainian government websites and online media outlets critical of Russia. To counter DDoS attacks, organizations can implement a range of mitigation techniques, such as filtering traffic based on geographic location or blocking traffic from known malicious sources.
Malware attacks are another common form of cyber attack used by Russia against Ukraine. Malware refers to malicious software that is designed to gain unauthorized access to computer systems, steal data, or cause damage to systems. Russia has been accused of using malware to steal sensitive information, disrupt critical infrastructure, and conduct espionage in Ukraine. To counter malware attacks, organizations can implement security measures such as firewalls, intrusion detection systems, and antivirus software. Regular security audits and vulnerability assessments can also help to identify and mitigate potential threats.
Phishing attacks are also commonly used by Russian hackers against Ukraine. These attacks involve the use of fraudulent emails or websites to trick users into revealing sensitive information, such as passwords or financial data. In the context of the Ukrainian conflict, phishing attacks have been used to gain access to Ukrainian government systems and steal sensitive information. To counter phishing attacks, organizations can implement security measures such as two-factor authentication and training employees to recognize phishing attempts.
Social engineering is another tactic used by Russian hackers in the context of the Ukrainian conflict. Social engineering involves manipulating individuals or groups to disclose sensitive information or to perform actions that can be exploited. Social engineering has been used to gain access to sensitive information and to plant false information in online forums. To counter social engineering, organizations can implement policies to limit the disclosure of sensitive information and train employees to recognize and report suspicious behavior.
Disinformation campaigns are also used by Russia in the Ukrainian conflict to spread false information or propaganda to influence public opinion or create confusion and uncertainty. These campaigns have been used to sow discord and undermine the credibility of the Ukrainian government. To counter disinformation campaigns, organizations can implement measures such as fact-checking, promoting media literacy, and countering false narratives with accurate information.
In addition to these specific measures, organizations can take a range of broader steps to improve their cyber defense capabilities. This includes regular security audits and vulnerability assessments, implementing security best practices, promoting cyber hygiene among employees, and staying up-to-date with the latest threats and trends in cybersecurity.
Ultimately, countering cyber attacks requires a comprehensive and coordinated approach that involves technical measures, policy initiatives, and collaboration among governments and organizations. By investing in robust cyber defense capabilities, promoting cybersecurity awareness and education, and collaborating with partners to share information and best practices, organizations can improve their resilience to cyber threats and protect against potential attacks. However, the complexity and sophistication of cyber attacks mean that the fight against cybercrime is an ongoing challenge that requires constant vigilance and adaptation.
Who are the threat actor groups from Russia attacking Ukraine with cyber attacks?
Cyber attacks have become a key weapon in the ongoing conflict between Russia and Ukraine. These attacks range from low-level cybercrime to sophisticated state-sponsored campaigns targeting critical infrastructure and government systems. While attribution of cyber attacks is often challenging, there are several threat actor groups based in Russia that have been associated with cyber attacks against Ukraine.
One of the most well-known groups is APT28, also known as Fancy Bear or Sofacy. This group is believed to be linked to Russia’s military intelligence agency, the GRU, and has been involved in a range of cyber attacks against Ukraine. APT28 is known for using sophisticated techniques such as malware, spear-phishing, and social engineering to gain access to sensitive systems and steal data.
Another group associated with Russian cyber attacks against Ukraine is Sandworm. Sandworm is believed to be associated with Russia’s Federal Security Service (FSB) and has been linked to a range of attacks against Ukrainian critical infrastructure, including the 2015 attack on the Ukrainian power grid and the NotPetya malware attack in 2017, which caused widespread damage to companies around the world, including in Ukraine.
There are also other threat actor groups associated with Russia that are likely involved in cyber attacks against Ukraine. These groups may have different motivations and techniques, making it challenging to attribute specific attacks to particular actors.
In addition to state-sponsored groups, there are also criminal organizations and independent hackers who carry out attacks against Ukraine. These attacks range from theft of personal information and financial data to ransomware attacks on businesses and government agencies.
Countering cyber attacks from Russia is a significant challenge for Ukraine, as well as for NATO and other international partners. One approach is to improve cyber defense capabilities, such as implementing firewalls, intrusion detection systems, and antivirus software. Regular security audits and vulnerability assessments can also help identify and mitigate potential threats.
Another critical step is to increase cybersecurity awareness and education among employees and the general public. This includes promoting cyber hygiene practices, such as using strong passwords, avoiding clicking on suspicious links, and keeping software up to date. It is also essential to develop policies to limit the disclosure of sensitive information and to train employees to recognize and report suspicious behavior.
Collaboration and information-sharing among governments, organizations, and security experts are also crucial in countering cyber attacks. This includes sharing information on emerging threats and best practices for cyber defense. International cooperation and coordination can also help to hold threat actor groups accountable and deter future attacks.
In conclusion, cyber attacks from Russia against Ukraine are a significant threat that requires a comprehensive and coordinated response. By investing in robust cyber defense capabilities, increasing cybersecurity awareness, and collaborating with partners to share information and best practices, organizations can improve their resilience to cyber threats and protect against potential attacks. However, the complexity and sophistication of cyber attacks mean that the fight against cybercrime is an ongoing challenge that requires constant vigilance and adaptation.
What are the negative outcomes likely from A.I. on humanity, society, the economy, and warfare?
Written by ChatGPT at my prompt.
The emergence and development of artificial intelligence (AI) have generated a lot of excitement and enthusiasm about the potential benefits it can bring to humanity. However, there are also concerns about the negative outcomes that could arise from AI. In this article, we will explore some of the potential negative outcomes of AI on humanity, society, the economy, and warfare.
- Impact on Employment
One of the most significant concerns about AI is its impact on employment. As AI continues to evolve and become more capable, it may replace many jobs currently performed by humans. This could lead to mass unemployment, especially in industries that are highly dependent on manual labor, such as manufacturing and transportation. The displacement of workers could have significant implications for the economy and society as a whole, leading to increased inequality and social unrest. However, some experts argue that AI could also create new jobs, particularly in fields such as data analysis and programming.
- Bias and Discrimination
Another concern regarding AI is the potential for bias and discrimination. AI algorithms are only as unbiased as the data they are trained on. If the data used to train AI systems is biased, then the output generated by the AI system will also be biased. This could lead to discrimination against certain groups, especially those who are already marginalized. For example, AI algorithms used in hiring processes may be biased against women and minorities if they are trained on data that is biased against these groups. Therefore, it is essential to ensure that the data used to train AI systems is diverse and representative of the population.
- Loss of Privacy
As AI becomes more prevalent in our daily lives, there are concerns about the loss of privacy. AI systems can collect vast amounts of data about individuals, which could be used for malicious purposes, such as identity theft or stalking. Additionally, AI systems may be able to infer sensitive information about individuals that they did not intend to share, such as their sexual orientation or political views. Therefore, it is crucial to establish clear guidelines and regulations regarding the collection and use of personal data by AI systems.
- Autonomous Weapons
AI is already being used in military applications, and there are concerns about the development of autonomous weapons. These weapons would be able to operate without human intervention, making decisions about who to target and when to attack. This could lead to a situation where humans are no longer in control of military operations, with potentially catastrophic consequences. Therefore, it is essential to establish clear regulations and ethical guidelines regarding the use of AI in military applications.
- Social Isolation
As AI becomes more prevalent in our daily lives, there are concerns that it could lead to social isolation. For example, AI-powered virtual assistants may replace human interactions, leading to a lack of social interaction and a decline in mental health. However, it is important to note that AI can also be used to facilitate social interaction, such as through online communities and social media platforms.
- Dependence on AI
As AI becomes more prevalent in our daily lives, there is a risk that we will become too dependent on it. This could lead to a situation where we are unable to function without AI, leading to a loss of skills and a decline in human creativity. Therefore, it is essential to strike a balance between the use of AI and the cultivation of human skills and creativity.
- Cybersecurity Threats
As AI becomes more prevalent in our daily lives, there are concerns about the cybersecurity risks associated with AI. For example, AI-powered malware could be used to launch devastating cyberattacks, or AI algorithms could be used to bypass security measures. Therefore, it is essential to establish robust cybersecurity measures and to ensure that AI systems are developed and deployed with security in mind.
Ok, so, I wanted to kick in here as well. I had a long conversation today around all this, and likely will do more posts or a podcast on this subject and more. I think that there is a lot of territory to cover on this and many people have not been thinking about it in this way and giving threat assessments. I am really concerned about the socio-economic issue
How Threat Intelligence Will Leverage A.I.
Written by ChatGPT at my prompt.
Threat intelligence is a critical component of cybersecurity, providing organizations with the information they need to defend against cyber threats. Traditionally, threat intelligence has been a manual process, with analysts gathering and analyzing data to identify threats. However, the use of artificial intelligence (AI) has the potential to revolutionize threat intelligence by automating the process of identifying and responding to threats. In this article, we will explore in-depth how AI will leverage threat intelligence and how long it may be until it is fully implemented.
How AI Will Leverage Threat Intelligence
AI can be used in various ways to leverage threat intelligence. One of the most significant advantages of AI is that it can analyze vast amounts of data in real-time, allowing it to identify threats quickly and efficiently. By analyzing network traffic, user behavior, and other indicators of compromise, AI algorithms can identify threats that may go unnoticed by human analysts.
AI can also be used to automate the process of threat analysis and response. For example, AI algorithms can be used to monitor network traffic and detect anomalous behavior. If a threat is detected, the AI system can automatically respond by blocking the threat, isolating infected systems, or alerting security personnel. This can significantly reduce the time it takes to respond to threats, minimizing the impact of an attack.
Moreover, AI can help organizations prioritize their response to the most critical threats. For instance, by analyzing the behavior and tactics of known threat actors, AI can identify patterns and signatures that indicate the likelihood of an imminent attack. This way, organizations can prioritize their defenses and prepare for the most severe threats that pose the greatest risk to their operations.
Finally, AI-powered threat intelligence can help organizations stay ahead of emerging threats. With the ever-evolving threat landscape, AI can help organizations detect new types of attacks and respond proactively to potential vulnerabilities in their networks.
How Long Will It Be Until AI-Powered Threat Intelligence Is Fully Implemented?
The use of AI in threat intelligence is already happening, with many organizations using AI-powered threat intelligence platforms to detect and respond to threats. However, the implementation of AI-powered threat intelligence is not without its challenges.
One of the biggest challenges of implementing AI-powered threat intelligence is the need for large amounts of high-quality data. AI algorithms rely on large datasets to train their models and identify patterns. Organizations that lack high-quality data may find it challenging to implement AI-powered threat intelligence effectively. Therefore, organizations must prioritize data quality and develop strategies for collecting and processing large datasets effectively.
Another challenge of implementing AI-powered threat intelligence is the need for skilled personnel. AI algorithms may be able to identify threats automatically, but they still require human oversight to ensure that the system is functioning correctly. Organizations will need skilled personnel who understand AI and threat intelligence to implement and manage AI-powered threat intelligence systems effectively. The shortage of skilled cybersecurity professionals is a significant challenge, and organizations must invest in upskilling their existing workforce or recruit new talent to address this gap.
Finally, the cost of implementing AI-powered threat intelligence can be significant. AI-powered threat intelligence systems require significant investment in hardware, software, and personnel. Organizations will need to evaluate the cost-benefit of implementing AI-powered threat intelligence carefully. They must assess the potential risks and benefits of implementing AI and make informed decisions that align with their business objectives.
Conclusion
The use of AI in threat intelligence has the potential to revolutionize cybersecurity. AI algorithms can analyze vast amounts of data, detect threats in real-time, and automate threat response. Moreover, AI-powered threat intelligence can help organizations prioritize their defenses and stay ahead of emerging threats. However, the implementation of AI-powered threat intelligence is not without its challenges. Organizations must prioritize data quality, invest in upskilling their workforce, and evaluate the cost-benefit of implementing AI carefully. Despite these challenges, the benefits of AI-powered threat
North Korean A.I. Cyber Warfare Capabilities
Note: This post was generated by ChatGPT as a means to an end. I am playing around with A.I. More will be coming as I mess with this new tool.
As technology continues to advance, so too do the methods and tactics of modern warfare. North Korea, a country with a long history of state-sponsored cyber attacks, is now investing in developing AI-powered cyber weapons. The use of AI in cyber warfare could potentially give North Korea a significant geopolitical advantage over other countries.
In this blog post, we will explore how North Korea could use AI in cyber and information warfare, the potential implications of such actions, and the geopolitical outcomes that could arise from the use of AI in this manner.
Automated Hacking
One of the most significant ways in which North Korea could use AI in cyber warfare is through automated hacking. With AI-powered tools, North Korean cyber attackers could quickly scan and identify vulnerabilities in a target’s computer systems, and then automatically exploit these vulnerabilities to gain unauthorized access.
The use of AI in automated hacking would enable North Korea to attack multiple targets at once, increasing the efficiency of their attacks. Automated hacking could also be used to steal sensitive data, disrupt critical infrastructure, and even launch large-scale cyber attacks. This technique would be particularly effective against smaller countries or organizations with limited cybersecurity resources.
North Korea’s cyber attackers could also use machine learning algorithms to improve the accuracy and effectiveness of their automated hacking tools. For example, an AI-powered tool could learn from previous successful attacks and use that information to improve its ability to identify and exploit vulnerabilities in a target’s computer systems.
Advanced Malware
North Korea could also use AI to develop advanced malware that can evade detection by traditional anti-virus software and firewalls. This malware could be used to launch cyber attacks against a target’s computer systems, steal sensitive information, or disrupt their operations.
By using AI to develop sophisticated malware, North Korea could improve its ability to conduct cyber espionage, steal intellectual property, and engage in other types of cybercrime. AI-powered malware could also be designed to evade detection by cybersecurity researchers, making it more difficult for organizations to protect themselves against these attacks.
Phishing and Social Engineering
Another way in which North Korea could use AI in cyber warfare is through phishing and social engineering attacks. With AI-powered tools, North Korean attackers could create highly targeted and convincing phishing emails and social engineering attacks designed to trick a target’s employees into disclosing sensitive information, clicking on malicious links, or downloading infected files.
Phishing and social engineering attacks are a common tactic used by cyber attackers to gain access to a target’s computer systems. However, by using AI, North Korea could create more sophisticated and convincing attacks that are harder to detect.
For example, an AI-powered tool could analyze a target’s social media activity, online behavior, and other publicly available information to create a highly personalized phishing email or social engineering attack. The use of AI could also enable North Korea to automate these attacks, allowing them to launch multiple attacks simultaneously.
Advanced Reconnaissance
North Korea could also use AI to improve its reconnaissance capabilities. With AI-powered tools, North Korean hackers could gather intelligence about a target’s computer systems and network infrastructure. This information could be used to identify vulnerabilities and weaknesses in the target’s defenses, allowing them to launch more effective cyber attacks.
AI-powered reconnaissance could also be used to identify valuable targets and develop new cyber weapons and tactics. By using AI to collect and analyze large amounts of data from their cyber attacks, North Korea could improve its ability to conduct cyber espionage and other types of cyber attacks.
North Korea could also use AI to conduct more sophisticated and targeted reconnaissance operations. For example, an AI-powered tool could analyze a target’s online activity, communication patterns, and other publicly available information to identify potential weaknesses or vulnerabilities in their computer systems.
Cyber Espionage
Finally, North Korea could use AI to conduct cyber espionage. With AI-powered tools, North Korean hackers could collect and analyze vast amounts of data from their cyber attacks
The Pivot: Nuke To Cyber
Sitting here monitoring the situation, with the activation of the nuclear ready forces in Russia by Putin, I had to game things out a bit and wanted to share.
Short of a tactical nuclear strike, and then escalation, Putin may turn to the cyber arena instead come Tomorrow or later this week in reprisal for his being cut off from SWIFT, as well as other pressures that are coming to bear today. In the last few minutes, I have also seen Sweden sending lethal aid as well as other warfare equipment, Switzerland freezing Russian assets, British Petroleum pull out of Rosneft, and others around the globe starting to make Putin and Russia a pariah state.
These actions, mostly financial, are already wreaking havoc on his economy, but the more of them that come to play, the more cut off he will be to even prosecute his war…. Except maybe his cyber, war. Which brings me to the point. Come Monday, we may see reprisal attacks that generally, will not be considered, or haven’t been in the past, as reasons for kinetic responses.
As such, expect that soon we may see DDoS attacks on financial infrastructure, Ransomware attacks, Wiper attacks, and general detonation of malware. If you are in the FI space as a defender, get ready. If not, be aware that all of these actions could have effects on your business and your personal lives.
Be ready.
K.
shaqgegpbanuq24g.onion: Alleged Iranian Espionage Sale Site
Tooling along the darknet last week I came across this little beauty and decided to play along. I collected the site first and took a look at the Persian text as well as tested the sites security with OnionScan. Here is what I found.
Original post from a pastebin on the darknet…
The Persian seems to have the right syntax for part of it but my Farsi is meh so if anyone wants to correct me there go right ahead.
ن از کارمندان سابق وزارت اطلاعات بودم و میخوام بگم که اگه کسی به اطلاعات دقیق نیاز داره یا خریدار اطلاعات است میتونه با من در تماس باشه از اونجایی که من خودم تو اون مملکت نیستم خیالم راحته و میخوام هرچی اطلاعات راجب کاراشون و افراد مخفی اون ها دارم رو در اختیار یک خریدار خوب قرار بدهم
Translation online:
I was a former employee of the Ministry of Intelligence, and I want to say that if someone needs accurate information or information purchaser can contact me, since I’m not in that country, I’m comfortable and I want all the information you need about them and their secret people. Give me a good buyer
Now all this tied to the imagery of Wikileaks and Anonymous kinda made me giggle but, it could still be legit (though not likely) so I decided to email the guy and see what I could get from him or them. The email address louferna@secmail.pro made me wonder if that was a name, I mean, Lou Ferna? Hmmm… A google of the name “Lou Ferna” got some hits but nothing that means anything really. The same goes for louferna straight up. I did go down the anagram rabbit hole for a bit but stopped myself before I started making murder maps with yarn in the office.
Anyway, in pondering the offering I had to wonder at the high bitcoin rate there. Seven bitcoins currently is worth about fifty four thousand dollars, which, I mean you gotta be a real player to pay this right? This kinda passed the smell test on this kind of data’s worth to the right people. Then there is the bit about giving proofs, which we shall cover further down in the post. I decided that this was worth playing with and used a cutout account to email the seller. Here is the results…
I emailed asking for proofs 
They responded first by saying they were working with someone else and brushed me off. I found that to be odd, so I pushed and emailed back saying that, that deal could fall through and what harm would there be if you gave me proofs? I mean, I could up the bitcoin amount if it was good stuff! They responded back with the text below….
With this email they had attached an image file. I checked that it wasn’t some malware etc and then opened it locally to inspect it. Once I took a look I emailed back to say that I would backstop what they had sent me and respond back confirming an offer. Of course I did not respond back but instead tried to do the backstopping as I had said I would.
The information that they sent is rather complete but useless in my opinion. I will admit that I did not spend a lot of cycles on the OSINT here (enough to translate names into Persian and then search) but I tried with all the ancillary data. So far, I was able to locate only one of these people and even that one had their name misspelled. Image searches for these guys proved fruitless as well because the engines kinda suck at this kind of thing. What became obvious to me is that this is all trying to play off of the leaks by the actors dropping APT34 data on the darknet as well as telegram, which I believe dropped even more tools etc this week if I remember correctly.
Anyway, if any of you come up with more solid data on these cats lemme know. I am not spending any more cycles on it really. Add to this the fact the the site is down now and was as of Monday when I checked again, so pretty much after I emailed them they went poof. I got no wallet to send money to etc. For all I know the other “client” paid up if there really ever was one. For myself, I am leaning on this being a fraud, an interesting one at that, but a fraud. The only other thing I can possibly think is that maybe I am just not seeing the right picture here and they did sell it and rolled up the carpet.
*shrug*
Some things to take from this though…
- The site was clean, no security leaks at all. If you are gonna have a presence in the darknet it is really best to use the KISS method. These guys just used a simple HTML static page. Simple yet effective in keeping the security of where the site sat and not leaving a trace online to track back with. The only thing I could say is that the email address could be an Achilles heal because it is hosted by a company rather than their own hosting service.
- The story had enough to keep one interested and to possibly think it is legit. It was a step above offering at the start to give proofs.
- The brush off, if it was a ploy, was superb SE and they were playing the long game with that.
- The 54K price tag also played into the thing being legit enough to at least talk to them.
- The story that they used to be Iranian spooks and that they lived outside of Iran now played too, it also made for possible stale data in the offering, note they talked about Khomeini and agencies from the past.
Nothing ventured nothing gained huh? I of course reported the site to the right people in low places and forwarded a copy of the site in case it went poof (which it did) so they have it all.
An amusing story for you all.
Feel free to play the home game on those guys in the pics and lemme know what you find.
K.
ATTRIBUTION GAMES: LAZARUS, SHADOWBROKERS, BLOFELD.
The Game:
I figured since everyone else is playing the ATTRIBUTION GAMES over Wannacrypt0r that I would get in on the action and give it my own personal spin. The big difference here is that I am not selling any of you anything so if you read this post it is all about not buying my shiny new machine learning, next gen machine that goes PING! Nope, I just thought I would put a few words down to stop the insanity so to speak that I already see in the eyes of those $VENDOR’s out there about to hit SEND on their latest salvo of shenanigans concerning the Wannacry event of last week.
That’s right, I am already calling shenanigans!
Right so this game here is a red team on the idea that Wannacry was either an APT Nation State actor (either LAZ or SHADOW) or a criminal gang who will be represented by Ernst Stavro Blofeld. Once this is all said and done I hope that some sanity will ensue and more to the point, some elaborate death will be planned out, set into motion, and then foiled by James Bond…
Wait… what?
Let’s begin… DOMINATION OF THE WORLD….. Let’s just list the indicators and possible motivations all kinds of bulletized shall we?
THE LAZARUS GROUP (UNIT 180):
- LAZARUS code snippets found in WANNACRY samples
- LAZARUS has been active in stealing large sums of money from banks, as this attack was about ransom and money… well… UNDERPANTS GNOMES AND PROFIT!
- LAZARUS aka Un, would likely love to sow terror by unleashing the digital hounds with malware attacks like this to prove a point, that they are out there and to be afraid.
- LAZARUS aka Un, might have done this not only to sow fear but also to say to President CRAZYPANTS (Official USSS code name btw) “FEAR US AND OUR CYBER PROWESS“
- LAZARUS aka Un, is poor and needs funds so ransoming hospitals and in the end gathering about $100k is so gonna fill the coffers!
- LAZARUS aka UNIT 180 players are “Freelancing” and using TTP’s from work to make MO’ MONEY MO’ MONEY MO’ MONEY (No! Someone actually really floated that idea!)
- LAZARUS is a top flight spooky as shit hacking group that needed to STEAL code from RiskSense (lookit that IPC$ from the pcap yo) to make their shit work.. Huh?
SHADOWBROKERS (GRU):
- SHADOWBROKERS made no money on their auction and posted a long pissy diatribe about it after the incident reached critical media frenzy
- SHADOWBROKERS had the code already and then needed to CRIB some of the ETERNALBLUE/FUZZBUNCH NSA code ganked from RiskSense because they lack the ability to make the shit work themselves… Which they then re-coded in C… Huh?
- SHADOWBROKERS want to just sow mayhem with WANNACRY and continue the massive schadenfreude that the NSA is feeling from their theft (*cough MOLE HUNT cough*) but once again, they had to STEAL that code snippet to make it work… Or, is that just another poke at the US? A diversion? A red herring so to speak? Hmmmm….
- SHADOWBROKERS re-used or re-purposed old malware WANNACRYPT0R and threw in some code snippets from LAZARUS GROUP TTP’s to muddy the waters and have EVERYONE pointing their collective fingers at the Hermit Nation because WHY THE FUCK NOT HUH!? This would sow more FUD and gee, isn’t that the playbook chapter like 3 in ACTIVE MEASURES komrade?
ERNST STAVRO BLOFELD:
- ERNST has a well known volcano lair and upkeep is rather steep in this global market so ransomware is the way to go baby!
- ERNST is a Devil may care kind of guy and wants to sprinkle clues for both RUSSIAN and DPRK actors here to cause all kinds of mayhem while he sits and strokes his cat while the bitcoins amass.
- ERNST is a gangster and his coders, well, sometimes they suck so they stole the ETERNALBLUE snippets but then they couldn’t make that work UNTIL they coded it all in C so.. yeah..
- ERNST is a nihilist at heart so he just slapped this shit together and then made sure that there was a killswitch in there as a safety valve, I mean, look at how many times he tried to kill Bond but always missed by that much!
Well there you have it. I have gamed it all out for you. Who do you think dunnit? If you look at all of these players and their motivations along with the superior threat intel evidence we have out there that the attribution firms are selling…
OBVIOUSLY IT’S ALL OF THEM! THEY ARE WORKING TOGETHER PEOPLE! IT’S THE NEW SPECTRE! CAN’T YOU ALL SEE THAT WITH THE PLETHORA OF EVIDENCE WE HAVE! COME ON!
*breathe…..**
Ok ok ok… See what I did there? I am making a point with humor.
IT DOESN’T FUCKING MATTER WHO DID IT!
PATCH YOUR SHIT.
DO THE THINGS.
STOP.
Dr. K.
Prosecuting The Russian Cyber War: Beyond The Hyperbole
This weekend my father actually asked me what I thought Big O was gonna do to respond to the hacking of our elections. He continued in the same breath to ask if we were going to take out Russia’s grid or something like that. My first thought was to say “Noooo” and to then explain to him how that might go all kinetic real quick like on us if we did. My response to him yesterday will be the genesis of this blog post today for you all. Since everyone seems all hot and bothered as to how we will respond and not giving Big O the benefit of the doubt that he actually reads the PDB’s and thinks about them, I will boil it all down to what I would do against Russia and Pooty to thread the needle and not cause an escalation.
First:
I would undertake the review on what exactly happened with the IW/DISINFO/PSYOP/Hack that took place for the election. This is important to not only understand what happened, but to understand just how much damage was done and what actions it took to set that into motion. From this you can assess the response level you need and in this case it has been rather speculative as to what really went down. This I also really point at the whole argument that the election machines in key states may or may not have had some supply chain tampering going on. So far I personally have seen no evidence that there was enough of an investigation to rule this out.
Second:
I would look at the capabilities we have and the intelligence we have collected on Putin. Intel such as a good psych profile and anything on his wealth/business structure. With both of these I would seek to discern what would hurt him personally, not so much the country. I would also use the psych profile to determine in red teaming out what his responses would be to certain scenarios. In essence I would perform a game scenario simulation to get the best results for us and start to build a plan(s) on those.
Third:
I would, knowing that this attack was personal for Pooty, and given his nature (much like Trumps really) I would perform the following actions;
- Attack his finances. All of the dirty ones first.
- Attack him with whatever kompromat we have (CIA/NSA) in the same leaks style that we saw from the elections (See news today about Tillerson for a cue)
- IF we have the assets in place both digital and “other” I would work to counter ongoing efforts in Germany and France as well as other places where we know he wants to do the same thing politically
These are the things I would do in parallel to assessing the damage to our forward capacities regarding the ShadowBrokers recent tease. IF all of those exploits on there are real, then all of them have been compromised and burned. Any operations that may have used those tools are burned and any future use of them has been burned. It is my opinion that the new events with the ersatz “Boceefus” account is just Pooty and the GRU saying “Try anything and you will fail” but that is only one dimensional thinking frankly. It is time to go beyond bits and bytes and also use HUMINT.
Just this guys take…
K.
Krypt3ia 