Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Cyber’ Category

The QNB Hack: Cui Bono?

leave a comment »

Screenshot from 2016-05-02 11:14:51

The Dump

The recent dump of data from the Qatari National Bank was of interest to me and many others because it was purporting to have the accounts and identities of spies within it’s csv and text files. I downloaded the files from Cryptome thanks to someone pointing me in their direction and took a nice long look. As the story has unfolded it has come to light that the bank itself says the data is real and that they are now “completely secure” which is amusing given that this was an ols SQLi attack that netted this Turkish hacker group the jewels of QNB.

The dump consists of the oracle database files, the passwords, and the banking information of all the users therein. I have to say that most of it is really quite pedestrian but then the hackers, or the bank management,  created file folders (as seen above) that marked people as spies, Mukhabarat, Security, Gov, and other tantalizing names. I first had thought that the file folders and their speculative names had been created by the hackers to sex up their dump but it has come to light that if you look within the database dump itself you see the directories and names have headings like intelligence and defence. So it seems that the bank itself may in point of fact created these tags in the belief or inside knowledge that the people in the data were in fact what they claimed, or at least thought they were.

The Spies

I looked at all the interesting folders and the data all the while wondering about the validity of the idea that these names were in fact corresponding to real assets, NOC’s or just functionaries in Qatari space that had just been quite well blown by this hack and subsequent data dump. On the whole I would call into question all of the names being linked directly to espionage organs. I really have to wonder if the bank would in fact be that “in the know” about spooks in their country and really have to be circumspect about their putting that in the users bank records. I mean even the Mukhabarat would at least demand that it be obfuscated one would hope by a code of some sort and not just in the headers/directories themselves.

It really kind of feels like the natural tendencies of the Arab nature had gotten the best of the database admin and the managers of the bank and they believed that these people were spies without there being any real proof. In any case, if these people, especially those who are FORN and in country, now may have some trouble with people thinking that they are really spies and subject to attacks. Imagine if you will any jihadi types who might take this data as gospel and go after these people for da’esh or AQ. This could be bad. I have yet to hear of anyone leaving their positions or the country. If I were one of them I would at least be looking over my shoulder henceforth.

Screenshot from 2016-05-02 13:58:40

Screenshot from 2016-05-02 13:58:58

Screenshot from 2016-05-02 13:59:40

Screenshot from 2016-05-02 15:33:48

Screenshot from 2016-05-02 15:34:40

Screenshot from 2016-05-02 15:35:19

Screenshot from 2016-05-02 15:38:52

 

Screenshot from 2016-05-02 15:43:58

The other data I can see perhaps the military accounts and names being totally on the money because they are their own Ministry of Defence and really, that is not top secret stuff. Likely the bank see’s where these people get their pay from (Qatari funds from the gov) but even these people could now be targets because this hack was motivated by political means it seems after all.

Cui Bono?

Screenshot from 2016-05-02 16:10:09

It seems that the Bozkurtlar (Grey Wolves) a Turkish political group and their hackers were the perpetrators of this hack. There is a long history between Turkey and Qatar and most of it seems kind of benign but when you scratch the surface a bit you can see that there are some issues between them as well as some synergies in their support of certain terrorist groups like da’esh. (click linked image below)

Screenshot from 2016-05-02 16:13:47

Screenshot from 2016-05-02 16:12:09So, “Cui Bono?” Well, certainly the Grey Wolves, to what end I am not completely sure. They did post their video before the hack hit the pastebins out on the net so it was pretty much their gig but I still don’t quite understand why. Perhaps these hackers are quasi wolves and or it is some other entity using the wolves as a cover for their activities. Given that there has been no real perceived fire coming out of Qatar over this nor in other areas of the world that we are aware of, I kind of doubt all these people were in fact assets of foreign powers.

At the end of the day, this just turns out to be yet another derpy easy hack using SQLi on an entity that wasn’t performing any due diligence but it had the sexy sexy for the masses with the idea that some great hack exposing spies had occurred. In my opinion not so much really. So hey Grey Wolves, gimme some more context would you than some poos British shmucks MySpace page in the future would you?

K.

Written by Krypt3ia

2016/05/03 at 00:08

Da’esh Terrorism As Advertising

leave a comment »

Screenshot from 2016-04-11 13:26:22

 

Someone on Twitter recently passed along this little email from ZENEDGE to me in hopes that I would have something to say. That someone was right and what I have to say is not going to be nice. The email, a marketing email, purports to be selling cyber services because “Terrorism” for all your cyber security needs. This frankly is one of the more craven and baseless marketing emails that I have seen of late and I agree’d with the sender that it warranted my special attention. So Leon Kuperman, and ZENEDGE, here’s your special attention!

First off, I would like to take the time to extend my sympathies to anyone who has been touched by terrorism and specifically to those in Brussels as they are used as a pastiche for this tissue of marketing bullshit you see before you. The article, and I call it that quite loosely, starts off claiming that “terrorists” and names da’esh (ISIS) are in it for the “terror” and that terror is able to strike anywhere! Anywhere to ZENEDGE means *gasp* online and you gentle reader are in danger of being cyber terrorized.

The past several months have brought a string of terror attacks and violent incidents, which not only claim lives but cause worldwide feelings of fear and vulnerability. It seems that groups of terrorists like ISIS can strike when and where they want.

As the authorities ramp up surveillance, such attackers simply adapt and change their tactics. They have learned to be patient and to leave few traces.

Stopping terror groups and other bad actors requires an evolving approach. Because these attackers don’t rely on yesterday’s methods for launching the next strike, authorities can’t rely on yesterday’s surveillance and intervention methods if they want to stop the attacks before they happen.

This is especially true as terror groups take their fight from the streets to The Street.

Oh my god, the terrorists can strike “The Street” Wait, what? What does that even mean? Are they going to attack Wall Street? Mulberry Street? So da’esh can strike anywhere anytime? Really? Like in my office here? My bedroom? ..*gasp*… My bathroom? What a crock of shit. But wait, it gets better! Because of “surveillance” the da’esh masters of terror are evading yesterday’s surveillance! They have gone DARK!

*gong sound with ominous portents*

Terror attacks serve a dual purpose: They not only harm or kill people, they send psychological shock waves throughout the world. After the rubble is cleared, fear and insecurity persist. This is what the attackers count on. For this reason, it is certain that terrorist organizations will increasingly bring their attacks to the online world, where ideologically motivated players — like Anonymous and New World Hacking — have already made a splash.

That’s right anonymous like entities will be committing the cyber terror in a place near you soon! They will either scar you psychologically or they will outright CYBER KILL you! Honestly this is one of the most egregious marketing mails that I have seen with it’s bated breathy scare tactics. It goes on and you can go read it for yourselves. I will not belabor you with it all here but I felt moved to call this kind of bullshit out. They continue on with the usual bugaboo’s of the scary darknet and operators therein being paid by da’esh to attack all our networks and maybe even a dam or YOUR NETWORK!

*insert scar balaclava da’esh hacker imagery here* BOOGA BOOGA!

Ostensibly this marketing blast is out there to sell ZENEDGE’s wares, whatever they may be because it really doesn’t give you a menu or anything to look at. It only says that you need to be proactive to stop the terrorists. So is password management with 2FA and having a good security program in general proactive enough to stop da’esh? Frankly, yes, in fact da’esh isn’t a cyber threat here and never will be. Let me set you straight Leon da’esh is not a hacker collective, their online propaganda is just that and their hackers, if you want to call them that loosely, are not a threat to much of anything but a poorly configured web page. Your using them and the events in Brussels as a sales pitch are in point of fact craven and the lowest form of marketing I for one have seen.

Leon, buddy, stop with the scare tactics bullshit and just try to sell your wares elsewhere. Stop trying to use tragedy as a sales and marketing tool you tool.

Dr. K.

Written by Krypt3ia

2016/04/11 at 18:16

Posted in Cyber

THE CYBER WAR THREAT!

leave a comment »

NOVA

 

Nova had a program on this week about the impending cyber war threat that the media loves so much to go on about and scare the populace. I had hoped that it being Nova they would do a better job at covering such a topic but in the end this show was no better than a 20/20 episode and this is very disappointing. The show was remedial at best and I understand the need for that given the audience base concerned but really did you have to just talk to the beltway bandits like Richard Clarke and Former General Hayden? This is a disservice to the viewing public and frankly consists of scare programming out of PBS in the hopes of ratings?

I and others have railed about the cyber war rhetoric in the government and the media but this is PBS! Come on and do a better job of journalism would you? Look, here are the problems with your broadcast that I want you to pay attention to;

  • Is cyber war possible? Sure, but on limited scales and really it would have to be truly backed up by kinetic warfare (i.e. boots on the ground) otherwise this is all just tit for tat espionage. You –rm a bunch of computers at Sony and we maybe shut down whatever is working in Pyongyang. This is not an existential threat and Nova failed to really get that across amongst the scary music and voice overs.
  • The focus on the grid is one that we have seen many times before and yes, if a nation state made a concerted effort on 9 (count them NINE) choke points in the US they could in fact cause an outage on a national scale. How long would we be down? I am not sure but it would not be the end of the world and if you do such a thing you had better have C-130’s in our air space dropping troops at the same time to make it a war.
  • The complexity of the systems and their semi interconnected nature makes an all out cyber attack on a national scale less likely and you did not cover that at all. There are many disparate systems in the grid and the pipeline systems. You could not likely without a great effort and a lot of luck have everything go down from a cyber attack alone. Simply put, you would have to have a kinetic aspect to the attacks to work. Something along the lines of the attacks on the transformers in the Silicon Valley area a year ago when they were shot with AK-47 fire.
  • Lastly you did not cover at all the fact that there are many people out there securing this stuff where they can. I personally have been on assignments assessing the security of the grid and other systems that have SCADA/PLC’s and yes I can tell you there have been times where I was just flabbergasted by the idiocy. Why connect these things to the internet I will never understand. Why connect them via WIFI in the field makes my head explode.

Anyway, at the end of the day this show only made my head explode again at the poor quality of journalism, this time by a favorite of mine, Nova. It was one sided and just a scare piece. Has the government owned you so much that you need to be the cyber war mouthpiece for them? Did you guys lose a bet? What the holy hell were you thinking? Just stop, for the love of God stop.

Post Script Screed:

After watching this episode of Nova I went online looking for the “Aurora Test” documentation that they mentioned in the piece. The fact that they showed pages of the report redacted on air got me thinking about whether or not it was all still on the net. Well, yes yes it is and it’s all here. 840 pages of unredacted love from DHS who in their infinite wisdom through a FOIA request, released the WRONG documents. These were CLASSIFIED and they show the choke points to attack were you wanting to attack the US grid or pipeline as well as a full description of all kinds of data you would want to do so.

*hangs head*

Yes, DHS, the people who brought you the TSA and other fun security theater programs have managed to single handedly pass out the keys to the kingdom because some asshat could not think their way out of a government provided thin wet paper bag. So there you have it kids, if you want to attack the grid have at it because in the scare-o-rama that was the Cyber War Threat they say nothing has been done to secure those choke points! Yes! Complete with shadowed anonymous speakers afraid to go on the record for fear of reprisals because they are telling the truth about our security fail!

Sweeeeet.

If you are a reader here you have seen my stuff in the past on this as well as my digging around with Google to find all kinds of shit on the net that could lead to compromise of the grid. Truly, if the terrorists or anarchists or anonymous or even the fucking 13 year old down the street wanted to, they could do some damage with this stuff. How long until such a thing happens because some idiot can use Google and a COTS hacking program?

Talk about your black swans…

Yours in everlasting head-desk

K.

Written by Krypt3ia

2015/10/15 at 21:43

Fear and Loathing On The Internet: A Savage Journey to the Heart of the Cyber Trenches

with 3 comments

mRXVtx2P.jpg_large

Image courtesy of GonzoPhD

O’Five Hundred

It was 5am and the coffee had just started to brew when I saw the tweets that the DPRK was back online. Immediately my bloodshot eyes closed in salutation because the game was on. I booted up the laptop and got the old terminal up and typed the old familiar line $ nmap -Pn 175.45.176.0/24. I hit enter and began the worship of caffeine as is my custom at this ungodly hour that I find myself in my old age waking up to more often.

Once the coffee had been poured I came back to my comfortable seat to find that one IP address in the subnet (/24) had come up with all kinds of ports open! “Ooooh, this will be interesting” I thought as I began to play with the ports in my browser and other tools. Little did I know then what I would know now about life in the 21st century cyber war!

No sooner had I begun to poke at the ports I began to sense dark forces moving against me. I decided to forge ahead though and hit the second sub that DPRK has. The Nmap began unleashing it’s port scanning hell upon the enemy and I went back to the SMTP server that I had located. It began to offer up it’s dirty flower to me as I poked and prodded. It seemed that because the DPRK had been down since the night or so before they were still recovering, their firewall still trying to come back from the oblivion that had been wrought upon it by… Whoever.

O’Five Thirty

As I started to get bored with the one address that was available I decided to turn on the old iPad and listen to a flick while playing. I had not been watching long when all of a sudden WHAM! I could feel the palpable blow from my.. Nay, OUR enemy! The DPRK had hit back! My iPad stopped mid sentence and began to just become completely verklempt. I checked the wireless sig and it was fine… What in holy hell was happening! A creeping feeling of dread began to creep up my coccyx with a cyber chill! “Could it be that the infernal Kim Jong Un has hit me?” I thought to myself. “Nah, just a wireless issue” I mused but I decided to check. I brought up my browser and hit the router address… Nada.

“Uh oh”

I flew to my office and booted up another wired box and frantically hit the router again… 500 error…

“Shit!”

I sat and pondered it all.. I had just become a casualty of the great cyber war of 2014! My router was offline, my shit was smoking and I knew that that creeping feeling of cold dread from my coccyx was in fact the cruel reality… I had been DDoS’d!!

O’Five Thirty Five and Three Seconds

I rebooted the everything and began to work the systems. I had my cyber helmet on now and I was prepared to fire a new salvo at the dreadnaught that was DPRK! The router cycled, the IPS… The Wireless… I frantically typed in the address for the IPS and began looking at logs. I scanned as the caffeine began to really sing in my veins to see the following addresses had hit me like a metric shit ton of SYN!

222.220.35.5
222.66.55.245
183.61.244.73
125.227.197.158
222.186.15.161

It was all there in black and white. The wiley Kim Jong Un and his frightening UNIT 121 had hit me with the dreaded SYN FLOOD! But wait, what? Those addresses aren’t DPRK! They are all in CHINA!

*cold sweat begins to trickle down my back with the realization that I had begun a new international incident!*

“CHINA! CHINA!” I yelled at the screen. I tried to calm myself and remember my cyber attribution training! “The IP’s are in China! I am being attacked by China! It’s incontrovertible! It’s China attacking me as a proxy for DPRK! MY GOD!” This is when the klaxons began going off.

INBOUND PACKETS!

WHAM!

I was hit again wave after wave from China. There was no way around it. I had to declare cyber war on DPRK because China attacked me after I used a network tool on DPRK addresses!

DAMN THE CYBER TORPEDOS!

The packets flew and the Chinese hit me with everything they could. I could hear KJU screeching in the background yelling orders of more salvo’s against the capitalist cyber swine that was me!

WHAM!

BOOM!

My cyber helmet developed a crack and there was only one thing left to do…  I blocked them on my firewall. The war ended then… At approximately 0540 hours the great “Cyber War” of 2014 ended. I looked around to see posters torn from walls.

The. Horror!

Now I am a veteran of the cyber wars… I still have not gotten my purple heart. Listen well you young men and women. Heed the tale of this cyber warrior and his time in the cyber trenches. Cyber war is cyber hell.

K.

Written by Krypt3ia

2014/12/23 at 22:19

SONY: The Laughing Man Effect

with one comment

Laughing_Man_by_thooley

Preface:

In the past I have written about “The Ghost In The Shell” referring to current incidents online and the future of network warfare. I mostly wrote about the anime show’s prescience with regard to the fact that many of us in the business of computer security it seems gravitated to it because of those very scenarios in the first place and a certain cool factor to them. Of course all of that was science fiction and it could not happen in the real world could it?

Well, once upon a time the idea of a plane flying in the air or a submarine for that matter were pure SCIFI and now we take them for granted. So it is too with some of the ideas put forth by G.I.T.S. where online culture and warfare are concerned. If you are not familiar with the G.I.T.S. franchise I suggest you go to Amazon or Hulu and watch them all. If you are familiar with them, then you might have the same “Ah ha!” reaction that I did watching the evolving story of the Sony hack.

SONY HACK

So to catch you all up, Sony it seems got hacked. Not just hacked, but utterly hacked, penetrated, compromised, whatever adjective you would rather use all of them applies here. Suffice to say that Sony was taken down in such a way that absolutely nothing electronic should be trusted within its environment whether it be a router, switch, desktop, laptop, server down to USB sticks. The hackers had complete control over what seems to be all of their infrastructure and for an indeterminate amount of time.

The adversary, once gaining access began to plunder all of Sony’s secrets, ex-filtrating them out of their networks to the tune of one hundred and eleven terabytes of data. This is an astounding amount of data to take and one has to wonder just how they got it out of there. I mean, did they move it on TB drives? Did they FTP that out? What? You also have to wonder just how long that would take if they were being sneaky about it. It also begs the question of whether or not the attackers had to be sneaky at all because perhaps Sony had not learned it’s lessons from previous attacks and just was not watching traffic at all to see the immense amounts of data leaving their domain.

It gets worse though for Sony… If that were even conceivable to many. The adversary then inserted a special feature to the malware they were using to compromise systems with to destroy the MBR section of hard drives on systems that were infected. This poison pill was then activated when the attackers were done to perform the coup de grâce that would take Sony down hard. As it was described the malware changed the login screen for all the users and then the game was on. Sony knew something was up and then systems went BOOM. Or did they? I am not too sure on this fact because I have not seen much out of Sony as to what happened next.

The net effect here is that Sony cannot trust anything and anyone potentially within their walls and had to shut down their whole network. They handed people pens and pencils and continued working as best they could as they called in Mandiant to perform the incident response for them. Meanwhile, the adversary had made contact with Sony either with the screen change (see below) or other means to say that they had that 111tb of data and laid out terms of what they wanted to not let it out on the net. That was around Nov 24 and it’s now December 6th. Since then there has been two data drops by a group calling themselves the GOP (Guardians of Peace) One drop was small, around a gig and the next was 27 gig. Within those files were found great swaths of Sony data that included numerous SSN’s and personal data for people who worked with or for Sony. In short, it’s a nightmare for all involved really.

Then things got… Weird.

Suddenly Variety (the Hollywood trade rag) was reporting that Sony thought that their adversary was in fact the DPRK and Kim Jong Un. Why? Because Sony was going to release a film that KJU did not appreciate. That film is called “The Interview” and it’s a comedy whose premise is that two Hollywood types are invited to DPRK to interview KJU and are asked “humorously” to whack KJU by the CIA.

Eh.. It could be funny. I really don’t think it would have nor will be but that’s just me. I am not a big fan of the two major stars of the film and of late Hollywood has mostly been the suck anyway, but yeah I digress…

So yeah, Variety is reporting that DPRK hacked Sony and with Mandiant being signed on HOLY CHINA! We all in INFOSEC began popping the popcorn and waiting on Tao to start talking about where DPRK touched him. It was and is still, rather unreal. The modus operandi for some of the hacking does match what DPRK has done before with wiper malware, or shall I say “has been attributed to have done before” and attribution as you all know is hard. However, the data kinda looked like maybe it was possible but with the lens of time it seems less likely that it was a nation state actor especially if the reason for the attack was in fact over this movie.

Since the advent of the DPRK theory, this whole story has just become a media frenzy about “CYBER CYBER CYBER WAR PEARL HARBOR BE AFRAID!!” The reality though seems to be a bit different from the popular media fallderall in that the GOP has all along said that this attack was in response to Sony’s bad practices and they needed to be taken down for them.

The Laughing Man Effect

This is the juncture where the Ghost In The Shell comes in and a certain arc in the story line from the Standalone Complex. If you are a fan you might remember the series of episodes concerning “The Laughing Man” In these episodes we are introduced to a hacker who appears from nowhere and begins a campaign of attacks against corporations for their misdeeds. In particular one company that was colluding in surveillance and stock manipulation but I will leave all that to you to watch.

What happens though is that The Laughing Man takes on the corporation and through hacking exposes them for what they had done as well as effects their bottom line greatly financially as well as damaging their reputation. It was the spectacular nature of the hack though, on live TV in this future Japan that got others completely obsessed with the Laughing Man and what he had done. If you have not seen the series there is a box set of just the episodes that concern the Laughing Man you can watch.

The story line though sparked with me because it showed the great asymmetric power of this kind of warfare that could be carried out by one person. One person with the skill sets to do it, could affect the bottom line of a company at a distance as well as anonymously. This is a powerful thought and one that in today’s society is much more of a reality than ever before and it is precisely because of technology. This idea I personally now call “The Laughing Man Effect” and in tandem with meme’s could spell real trouble for the world today. We have seen this already taking place with Anonymous and their various wars against injustice or just for the lulz as we saw in LulzSec. In fact, I would claim that HB Gary would have been the first instance of the Laughing Man Effect and it just took the Sony incident for it to solidify in my head.

Memetics

Now consider the meme. Meme’s are ideas or images that catch fire with people and are passed on rather like cognitive malware. Anonymous was a meme as well as means of creating and delivering meme’s on the internet. Born of the 4chan boards where meme’s are born every second, some dying on the vine while others catching fire, Anonymous caught on once they went after Scientology. The reality is that Anonymous lit this fire and now GOP has taken up the notion ostensibly and acted upon their personal desires of retribution much like Anon’s did on Scientology.

If the GOP is in fact a real group or person with an agenda to destroy Sony then I believe that their idea has come from Anonymous(s) successes. I also think that if they do really exist as a group then they have learned from Anonymous successes and failures. So far GOP has been pretty cagey with their use of dead drop email accounts and the use of various servers around the globe to send email to reporters. Which, if they are not caught right away, will give them more power of the meme as the David who slew Goliath.

In the end, I believe this to be just the meme taking root in the collective unconscious spurred on by the likes of Anonymous, Snowden, Wikileaks, and the Occupy movements. We live in a time where the small can in fact easily take down the big with technologies that we all use and often times do not secure properly. In the case of Sony it seems that they neglected a lot and got burned badly by doing so. If that is the case then who’s to say when the next big corporation is taken down by another person or persons with an axe to grind or a valid grievance?

The meme is catching and the Laughing Man Effect may be a real concern for the governments and corporations of the world. The more flashy and catchy or perhaps just downright motivational the more chance that others will follow. This is the nature of the meme and it’s ability to propagate so quickly and effectively in our hyper connected world. If you just look at all the media coverage of the Sony incident and then look at all the armchair detection going on around it you can see how this one too has sparked the collective imagination and curiosity.

Future State Electronic Warfare

So here it is. What some have been fearing and perhaps not getting across well enough is coming to pass. In our connected world it is easy to take things down and burn them. I the case of Sony they will come back sure. If you look at their stock the last few days as revelations surfaced, their prices took a dive but then went back up. Perhaps the real world just doesn’t understand the ramifications of what has happened here. However, the fact remains that Sony was completely decimated on a technical level to start. This is an important point that should be thought about.

That Sony was likely hit by an insider is highly probable. Was that insider sent in or actively recruited? Are they someone who just did this because they felt abused? I guess time will tell on these questions but insider attacks have always been a problem and they won’t go away. How do you really protect against that without making life harder for end users? Much more, how do you protect against insider attacks without alienating workers as they are watched every second of the day as they work to insure they aren’t setting off an attack? It’s a vicious cycle really.

Alternatively, how can any company expect to defeat a determined attacker anyway? The dreaded APT’s have had it easy and still do to a large extent but even after we all have learned our lessons, it will still always be a surety that a determined attacker will get you in the end. With that knowledge then what do you do? Do you just accept that fact like something akin to the AA credo of “Grant me the serenity to accept the things I cannot change” or do you fight harder? It is a never ending battle.

What Sony can teach us though now is that the idea of this kind of warfare is out there. Ordinary people are feeling empowered to take on corporations and governments with the aid of the very technologies they use to carry on daily business. Technologies that are now commonplace and we cannot do without. This is a scary thing to many in power and it’s been made all the scarier when things like the Sony hack happens so utterly and completely well.

Welcome to the future of online/electronic asymmetric warfare kids.

K.

 

Written by Krypt3ia

2014/12/06 at 22:49

This Ain’t Cowboy BeBop Ya Know…

with one comment

BigShot1

BITCOIN JESUS

Last week I read a story in Wired about the Bitcoin Jesus Roger Ver’s tribulations and his response to hacking and bitcoin theft. It seems that Roger’s old email account at Hotmail got pwn3d and the attacker then stole some of his bitcoins. Roger had correspondences with the miscreant online and tried to get his bitcoins back but to no avail. It seems that this ersatz hacker is quite the sociopath at heart.

Anyway, Roger got mad as all Jesus’ will do in front of the money lenders or the golden calf and decided to go on his own to find and punish these hackers. He invented his own bounty program! Yes, you heard that right kids. Roger is offering about 20K in bitcoins for information that leads to the arrest and prosecution of the hacker that took his bitcoins. He has had just enough! So the the nets he went and began posting his wanted posters online for a few cases. In his case though he has a particular foe that he is offering some information about to start all you cowboys off with.

savaged

Savaged is one of the alleged identities that Roger has had contact with and believes to be involved in the coin-napping case of his as well as perhaps the Satoshi Nakamoto email hack. Savaged though was the one talking to Roger as you can see in the above linked pastebin conversation on Skype so I went with this one to look into a bit more closely. I know what you are thinking there after that last statement.. You’re thinking I am fancying myself a cowboy right? Well, hey 20k is nothing to sneeze at but no, no I am not in the end and I will explain why down further in this post.

BOUNTY HEADS

140267370677

So Roger had a conversation with someone calling themselves “Savaged” it turns out that once you start the Google and Maltego Fu on this cat you start to see a pattern and it is one I have seen before. See Savaged is one of those Xbox gamer derpheads who started life teabagging his enemies in gameplay and then decided to move on to petty acts of pseudo hacking. What I mean by pseudo hacking is that they go and jack someone’s game ID’s to start by social engineering or password guessing. Once they have had their fill of that they move on to breaking into email accts like Hotmail.

If you ever get the chance to review all of these gamehead’s chats online don’t. Save yourselves because insanity will ensue after reading the completely grammatically incorrect and incoherent drivel out of these teens. It really causes brain damage and I had to stop myself after about a half an hour of looking. The upshot though is that in these conversations you get to peek into the semi private lives of teens on the internets. Part bravado, part ineptitude, and all Lord of the Flies. I just have to ask myself where are these kids parents?

Anyway, you can see lots and lots of their messing about in the following links:

Conversations and Histories:

http://www.wiztracker.net/en/videos/view/X8sDCcOXVVk

http://webcache.googleusercontent.com/search?q=cache:nKfvNVZGzXUJ:www.xboxgamertag.com/search/Savaged/+&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a

http://wilsons.com/dox.txt <—- NOTE: Derpy here is messing around and knows FAMEDGOD ya know, of the SONY DOS and Lizard crew fame? Yeah.. Derpy.

Alleged DOX:

http://pastebin.de/125559

http://pastebin.ru/201cAY9S

http://www.leakedin.com/tag/us-ssn/page/10/

http://pastebin.com/azbgWvBU

GAMERZ, JACKERZ, AND DERPHEADS

Finished hitting your head against the desk yet?…

So here’s my thing with these skidz.. They are an annoyance and not much more. Sure, someone jacked Rogers accts and then stole his bitcoins but it’s also kinda Roger’s fault for not securing those accts right? I mean 2FA now is easier to get but then again if it was a vuln in the validation process for lost passwords etc well that’s hotmail’s fault no matter what Apple says about iCloud’s hack right? *poke poke*

The upshot is that all these kids are just unmanageable fucktards who get away with all kinds of shit because they are “youthful offenders” and the cops are usually 5 steps behind the times in how the internets work. After dealing with them in the past and looking at this crew here I can give you a basic rundown of how the operate;

They do anything they want because they can. Mostly because they have Sociopathic behavior due to Disinhibition Syndrome

These kids just are pathological most of the time and it seems since like Joseph Campbell pointed out many years ago, we lack rights of passage that have meaning anymore as well as today’s parents seem to be disengaged. Of course I am no Cyber Psychiatrist *snerk* The reality is though that you can approach these kids reasonably and still get bitten, kinda like Roger does in that conversation linked above.

Until such time as the cops and the law catch up with the crimes being committed by these kids (SWAT-ing, jacking, petty online thefts) and put a stop to it they will just continue on and eventually move on to other more onerous crimes down the line as they get older and more tech savvy. This is my sad assessment of it all and for this and other reasons I will outline below I have decided to not be a Cowboy and try to collect a bounty on these bounty heads.

SEE YOU SPACE COWBOY

Roger, buddy, pal, give up on this pipe dream of bounties and maybe go for more a letter of marque instead. You are relying on cops who may not care and unless these crimes are federal you aren’t going to get much play from the law. Even if I or others were able to cobble together enough information to warrant a warrant for the FBI I seriously doubt they would move on anything and here’s why.

  • Attribution is hard
  • Proof is hard to get unless you seize their systems and PROVE hands on terminals
  • DOX just won’t cut it and that is about all you will have with cowboy’s out there… Well, unless they hack these guys and then you have a whole taint issue…

No Roger, I think if you really want action you are much better off going to the darknets and hiring yourself a leg breaker. Well, in this case really just a hand breaker. If you were to get the dox and feel assured that your target was in fact your target then just have their hands broken. No hands to type, no hacky hacky your shit right? I know some of you out there are like

“ERMEGERD! WHAT IS HE ADVOCATING!”

Well, it’s the truth right? I mean these little shit’s wont learn unless they are either incarcerated in jail, in a mental facility, or maybe, just maybe sitting in front of a keyboard with broken hands and wrists because they done fucked up. Now am I really saying that you Roger should hire some mechanic to whack these kids? Well, no, that would be bad of me. However, I think my point comes across pretty well in the farcical scenario right?

YOU AND YOUR BOUNTY PROGRAM WILL NOT WORK ROGER SO PLEASE LICK YOUR WOUNDS, SECURE YOUR SHIT, AND MOVE ON.

Simple enough?

K.

Written by Krypt3ia

2014/09/20 at 15:05

Digital Jihad: The Great Irhabi Cyber War That Won’t Be.

leave a comment »

 

Screenshot from 2014-09-12 10:03:12

 

Islamic State militants are planning the creation of a ‘cyber caliphate’ protected by their own encryption software – from behind which they will launch massive hacking attacks on the U.S. and the West.

Both Islamic State and Al Qaeda claim to be actively recruiting skilled hackers in a bid to create a team of jihadist computer experts capable of causing devastating cyber disruptions to Western institutions.

They are now boasting it is only a matter of time before their plan becomes a reality.

~Daily Mail UK

 

The Great Cyber Jihad

Since Junaid Hussain escaped over the border to the new lands of jihad (aka Syria) he has been vocal on Twitter showing off his great cyber manhood in classic irhabi bloviating online. That Junaid made some inroads by hacking into the prime minister’s email address at Gmail only lends him dubious credit to his hacking skills  to a person involved in the security field. This however is not how the great unwashed within the media and certain quarters of the government and the military seem to perceive the threat posed by Junaid today now that he is an ISIL irhabi.

Islamic State militants are planning the creation of a ‘cyber caliphate’ protected by their own encryption software – from behind which they will launch massive hacking attacks on the U.S. and the West.

Both Islamic State and Al Qaeda claim to be actively recruiting skilled hackers in a bid to create a team of jihadist computer experts capable of causing devastating cyber disruptions to Western institutions.

They are now boasting it is only a matter of time before their plan becomes a reality.

~Daily Mail UK

The above text came from just one of the spate of recent reports on the great “Cyber Jihad” that is being touted to come from the likes of Junaid and ISIS/L as they attempt to expand their reach from the Middle East globally. This ls.particular commentary makes the bile rise within my gut on so many levels though. But that kind of pales in comparison to the one right below…

“We’re in a pre-9/11 moment with cyber,” John Carlin, assistant attorney in charge of the Justice Department’s National Security Division, warned at a July conference in Aspen. “It’s clear that the terrorists want to use cyber-enabled means to cause the maximum amount of destruction as they can to our infrastructure.” 

~Fox

PRE-9/11 OMG!!! Look you fuckwit if that were the case then China would have already put us out of our misery really. For that matter some half assed pot sodden kid who happened to hack into our grid would have taken us down years ago. There is just no need for this posturing and certainly above all coming from someone without a clue in their head about how things really work in the world of computer security. This kind of scare tactic aimed at getting people to respond in fear to allow for the government to do anything in the name of protecting us is vile.

Meanwhile you have other players such as the one below making statements of “ALL OUT CYBER WAR” while commenting on Anonymous’ operation against ISIS. I laughed and I laughed and I laughed until I just wanted to cry at the sheer stupidity of it all. Look, Anonymous can’t get their shit together enough to be both leaderless and effective so really, how much of an “ALL OUT CYBER WAR” can there be there huh? Do you even know what a cyber war really means? Cyber warfare is both digital and kinetic in it’s purest form and what kinetics did Anonymous really carry out in this operation to DoS ISIS offline?

Lemme give you a clue… None.

“Anonymous announced late last week a full scale cyber war against the Islamic State (Operation Ice ISIS), intended to attack ISIS supporters using social media for propaganda purposes”

~Fortuna’s Corner

So aside from the bloviating and the scare tactics coming out of ISIS itself we also have our responses from the government and the media with all their so called experts on cyber war and jihad. There is a lot of wankery going on here but finally this guy makes a little sense in the middle of his post on this mess…

ISIS’s main effort to date in cyberspace has focused on psychological warfare by generating fear through flooding the internet with video clips portraying the brutal acts of beheading and mass executions, as well as victory parades, as part of developing deterrence and creating an illusion of force in excess of the organization’s actual strength. The essence of its online activity, however, is broader. It enables its supporters to obtain operational information, including training in preparing explosives and car bombs, and religious rulings legitimizing massacres in regions under ISIS control. In tandem, it distributes indoctrination materials, such as a maagzine called Dabiq: The Return of Khilafah, which focuses mainly on topics relating to formation of the new Islamic state headed by ISIS leader Abu Bakr al-Baghdadi. However, ISIS’s technological expertise is not the only factor. Perhaps the public, which is revolted by the organization’s deeds but closely follows these clips and photos as a kind of reality show, is contributing a great deal to the organization’s popularity.

~Fortuna’s Corner

Yes, there it is.. ISIS has been carrying out a PROPAGANDA war primarily and with that comes from PSYOPS as well. This is the first true set of statements I have seen to date over this whole debacle. Ok, they are waging a propaganda war and a recruitment drive for sure but really, a cyber caliphate? I mean to date I have not seen this show up verbatim anywhere on the boards or on twitter so who’s leaping logic here? Seems to me that there’s a sucker born every minute and about 99% of them want to go into journalism nowadays.

A propaganda war using Twitter does not a cyber war make.

Cyber Warfare and Jihad

So let’s chat about the realities here about the capabilities of the Irhabi (ISIS/L or AQ or SEA) in a context of what we have seen so far. What have we seen you ask? Well, DoS, some data thievery, some malware use and phishing, but generally nothing spectacularly scary. Certainly nothing on the level of a nation state actor like China has been seen out of any of the loose groups that claim some jihadi notions online to date. So where do we get all this BOOGA BOOGA over the likes of Junaid Hussain and ISIS taking down our grids and things?

*squint*

Yeah, there’s no there there. I am sorry but even if ISIS/L used it’s monies that it has stolen over the last months to set up a “cyber team” they still would be LIGHT YEARS behind the likes of China.. Hell they would even be way behind Iran for that matter so really, there is nothing to fear here. Never mind that many of these guys like Junaid are working in countries that are actively being bombed and shooting is happening so really, how much longer does Juny have anyway before he gets a Hellfile missile up his ass?

Truly the cyber jihad is a non starter for me and it should be for you too. On the other end of that equation though is the fact that they are actively recruiting and getting their message out using social media and this is a problem. Now don’t get me wrong, it is not a clear and present danger kind of thing because really, 100 Americans out of how many people seeing their online drivel have actually left the country to go to jihad pretty much gives a sense of the threat. You have to be pretty unbalanced to want to do this shit to start with so if you get up and leave the country to join up you are a truly unbalanced person to start. One so easily swayed by the propaganda wing of ISIS needs help and what they will certainly get is a bullet instead while fighting. Even ISISL really doesn’t care about the Takfiri, you see kids, they are just bodies to be used… Nothing more. They may call you brother but under their breath they call you fodder.

Much Ado About Nothing

The reality is that ISIS is more a conventional force than anything else. They are not as well planned as AQ and they tend to be one dimensional thinkers. I will admit that their propaganda war has been interesting to watch but I don’t see that it is an existential threat. In fact, I concur with the assessment that AQ is still the real player here who can strike at the US and had a better track record thus far. Surely if ISIS continues to carry out the propaganda war they may garner more recruits but I just don’t see them being that inspirational to get lone wolves to activate/radicalize. I certainly don’t see them being able to put teams together to hack our infrastructure and take us down either. In fact I am not a proponent of that line of thinking anyway as a great threat. Our systems are too complex and fragmented to allow for such a spectacular attack.

So please news media… STFU.

K.

Written by Krypt3ia

2014/09/12 at 15:31