(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘CyberFAIL’ Category

Commentary: OPM Is Just Another Link In The CyberFail Chain

with 2 comments

Screenshot from 2015-06-22 09:31:49


OPM is the exemplar of how our government deals with information security, or should I say doesn’t deal with it. Some will say that there are many mitigating circumstances like old systems that cannot be updated that caused much of the failures that lead to the OPM being compromised for over a year. However, the subsequent pivoting by the adversaries into many other networks we have not begun to even discuss as a nation yet because we are now media and governmentally fixated on the fact that the adversary had access to SF86 forms. Forms mind you that should be one of the better protected things out of all the possible things the government holds in it’s systems. So far the discourse in the media has been more sensationally oriented on the magic secret code names that the likes of Crowdstrike and Mandiant have come up with respectively for actors. Actors that they claim with varying vociferousness are in fact China whether it be the PLA (People’s Liberation Army) or the MSS (Ministry of State Security) though neither is accepting the pure hubris of all their press releases and anonymous or semi anonymous back-channel chats with the media in hopes of more attention.

Screenshot from 2015-06-22 09:31:04

Whether or not these attacks were from China and their varying and vying espionage organs is rather irrelevant now and everyone needs to understand this. The cat is proverbially out of the bag here and by the cat slipping the bag, we now notice that the emperor who was holding that burlap sack of cat is in fact naked. Or at least that should be the story here but as you can see from the stories filed above by the New York Times alone, the real attention seems to be on the fact that China is in fact hacking us. Well, I am sorry but I have news for you all, they have been hacking us for a long time now and doing very well at it. The primary reason for their being so able to steal us blind though is not as the media and the government and the Mandiant or Crowdstrike’s of the world would like you think. The APT (Advanced Persistent Threat) it seems, does not have to be advanced. They just need to be persistent and might I add patient.

So when you read the headlines and the stories like those in the Times about the advanced malware called “Sakula” and how the tricksy Chinese have gotten administrator on OPM systems I cannot blame the uninitiated thinking that this is hard and that the Chinese actors are the equivalent of super villains hacking from beneath islands with skull faced volcano’s on them. After all, the media is teaching the people not in the know by these lede’s that computer security is unfathomable and hard. You know, like the comment by Archuleta in the Congressional hearing that “Security takes decades” No ma’am it doesn’t and as the congressman who yelled at you that day said, we don’t have decades. In fact, I would say that this game of Go is almost done and we aren’t winning. We have lost and the reasons we have lost are manifold but I would say that the root of it all is that we, America, have abdicated the notion of securing the things that we should have long ago. The excuses are many; because it would be costly, or hard, or perhaps more so due to government stagnation, self interest, and indolence.

I know that the majority of the readers of my blog are in the security community but I wanted this post to reach across the void to the everyman on this matter. I exhort you to read the stories in the news and to take a step back. Consider the following statements and really understand where we are today.

  • The OIG not only has been reporting on the OPM’s security issues but all of the governments. Go read the reports online for other orgs. You just have to Google for them and you will see over the years the same issues surfacing.
  • OPM was told many times and with every report only minor changes were made. Money was not spent, people were not brought in, and all over networks that hold sensitive data.
  • OPM was not practising security at a level commensurate with policies and procedures that were standard 20 years ago.
  • OPM is part of a larger network of systems intergovernmentally. DOI (Dept of Interior) is one that I have had personal experince with. Insecurities abound.
  • Since the hearings the President has made comment that he believes in Archuleta and she is keeping her job, though she has failed to make changers per OIG that have been pending for years.
  • The argument that an adversary is advanced falls apart when the target is not following even the base security protocols that stop a user from using “password” as a password lord knows what else they weren’t doing.

Brass tacks, we deserved to be hacked.

Sad but true.

So gentle reader, consider what I have told you here. The government is not protecting OUR data commensurate with the security requirements we would demand of a company that holds it like say Target. It’s time to hold the government to the standards that they would like to enforce on companies. Let’s not listen to the marketing leaks by Mandiant and Crowdstrike about the actors and who they may be. What matters is that the data was taken and the reason it was taken was because of poor security and bad management on the part of the federal government. You know, those guys rattling the cyber war sabre lately.

Physician heal thyself.



Written by Krypt3ia

2015/06/22 at 14:09

Fear and Loathing On The Internet: A Savage Journey to the Heart of the Cyber Trenches

with 3 comments


Image courtesy of GonzoPhD

O’Five Hundred

It was 5am and the coffee had just started to brew when I saw the tweets that the DPRK was back online. Immediately my bloodshot eyes closed in salutation because the game was on. I booted up the laptop and got the old terminal up and typed the old familiar line $ nmap -Pn I hit enter and began the worship of caffeine as is my custom at this ungodly hour that I find myself in my old age waking up to more often.

Once the coffee had been poured I came back to my comfortable seat to find that one IP address in the subnet (/24) had come up with all kinds of ports open! “Ooooh, this will be interesting” I thought as I began to play with the ports in my browser and other tools. Little did I know then what I would know now about life in the 21st century cyber war!

No sooner had I begun to poke at the ports I began to sense dark forces moving against me. I decided to forge ahead though and hit the second sub that DPRK has. The Nmap began unleashing it’s port scanning hell upon the enemy and I went back to the SMTP server that I had located. It began to offer up it’s dirty flower to me as I poked and prodded. It seemed that because the DPRK had been down since the night or so before they were still recovering, their firewall still trying to come back from the oblivion that had been wrought upon it by… Whoever.

O’Five Thirty

As I started to get bored with the one address that was available I decided to turn on the old iPad and listen to a flick while playing. I had not been watching long when all of a sudden WHAM! I could feel the palpable blow from my.. Nay, OUR enemy! The DPRK had hit back! My iPad stopped mid sentence and began to just become completely verklempt. I checked the wireless sig and it was fine… What in holy hell was happening! A creeping feeling of dread began to creep up my coccyx with a cyber chill! “Could it be that the infernal Kim Jong Un has hit me?” I thought to myself. “Nah, just a wireless issue” I mused but I decided to check. I brought up my browser and hit the router address… Nada.

“Uh oh”

I flew to my office and booted up another wired box and frantically hit the router again… 500 error…


I sat and pondered it all.. I had just become a casualty of the great cyber war of 2014! My router was offline, my shit was smoking and I knew that that creeping feeling of cold dread from my coccyx was in fact the cruel reality… I had been DDoS’d!!

O’Five Thirty Five and Three Seconds

I rebooted the everything and began to work the systems. I had my cyber helmet on now and I was prepared to fire a new salvo at the dreadnaught that was DPRK! The router cycled, the IPS… The Wireless… I frantically typed in the address for the IPS and began looking at logs. I scanned as the caffeine began to really sing in my veins to see the following addresses had hit me like a metric shit ton of SYN!

It was all there in black and white. The wiley Kim Jong Un and his frightening UNIT 121 had hit me with the dreaded SYN FLOOD! But wait, what? Those addresses aren’t DPRK! They are all in CHINA!

*cold sweat begins to trickle down my back with the realization that I had begun a new international incident!*

“CHINA! CHINA!” I yelled at the screen. I tried to calm myself and remember my cyber attribution training! “The IP’s are in China! I am being attacked by China! It’s incontrovertible! It’s China attacking me as a proxy for DPRK! MY GOD!” This is when the klaxons began going off.



I was hit again wave after wave from China. There was no way around it. I had to declare cyber war on DPRK because China attacked me after I used a network tool on DPRK addresses!


The packets flew and the Chinese hit me with everything they could. I could hear KJU screeching in the background yelling orders of more salvo’s against the capitalist cyber swine that was me!



My cyber helmet developed a crack and there was only one thing left to do…  I blocked them on my firewall. The war ended then… At approximately 0540 hours the great “Cyber War” of 2014 ended. I looked around to see posters torn from walls.

The. Horror!

Now I am a veteran of the cyber wars… I still have not gotten my purple heart. Listen well you young men and women. Heed the tale of this cyber warrior and his time in the cyber trenches. Cyber war is cyber hell.


Written by Krypt3ia

2014/12/23 at 22:19

Digital Jihad: The Great Irhabi Cyber War That Won’t Be.

leave a comment »


Screenshot from 2014-09-12 10:03:12


Islamic State militants are planning the creation of a ‘cyber caliphate’ protected by their own encryption software – from behind which they will launch massive hacking attacks on the U.S. and the West.

Both Islamic State and Al Qaeda claim to be actively recruiting skilled hackers in a bid to create a team of jihadist computer experts capable of causing devastating cyber disruptions to Western institutions.

They are now boasting it is only a matter of time before their plan becomes a reality.

~Daily Mail UK


The Great Cyber Jihad

Since Junaid Hussain escaped over the border to the new lands of jihad (aka Syria) he has been vocal on Twitter showing off his great cyber manhood in classic irhabi bloviating online. That Junaid made some inroads by hacking into the prime minister’s email address at Gmail only lends him dubious credit to his hacking skills  to a person involved in the security field. This however is not how the great unwashed within the media and certain quarters of the government and the military seem to perceive the threat posed by Junaid today now that he is an ISIL irhabi.

Islamic State militants are planning the creation of a ‘cyber caliphate’ protected by their own encryption software – from behind which they will launch massive hacking attacks on the U.S. and the West.

Both Islamic State and Al Qaeda claim to be actively recruiting skilled hackers in a bid to create a team of jihadist computer experts capable of causing devastating cyber disruptions to Western institutions.

They are now boasting it is only a matter of time before their plan becomes a reality.

~Daily Mail UK

The above text came from just one of the spate of recent reports on the great “Cyber Jihad” that is being touted to come from the likes of Junaid and ISIS/L as they attempt to expand their reach from the Middle East globally. This ls.particular commentary makes the bile rise within my gut on so many levels though. But that kind of pales in comparison to the one right below…

“We’re in a pre-9/11 moment with cyber,” John Carlin, assistant attorney in charge of the Justice Department’s National Security Division, warned at a July conference in Aspen. “It’s clear that the terrorists want to use cyber-enabled means to cause the maximum amount of destruction as they can to our infrastructure.” 


PRE-9/11 OMG!!! Look you fuckwit if that were the case then China would have already put us out of our misery really. For that matter some half assed pot sodden kid who happened to hack into our grid would have taken us down years ago. There is just no need for this posturing and certainly above all coming from someone without a clue in their head about how things really work in the world of computer security. This kind of scare tactic aimed at getting people to respond in fear to allow for the government to do anything in the name of protecting us is vile.

Meanwhile you have other players such as the one below making statements of “ALL OUT CYBER WAR” while commenting on Anonymous’ operation against ISIS. I laughed and I laughed and I laughed until I just wanted to cry at the sheer stupidity of it all. Look, Anonymous can’t get their shit together enough to be both leaderless and effective so really, how much of an “ALL OUT CYBER WAR” can there be there huh? Do you even know what a cyber war really means? Cyber warfare is both digital and kinetic in it’s purest form and what kinetics did Anonymous really carry out in this operation to DoS ISIS offline?

Lemme give you a clue… None.

“Anonymous announced late last week a full scale cyber war against the Islamic State (Operation Ice ISIS), intended to attack ISIS supporters using social media for propaganda purposes”

~Fortuna’s Corner

So aside from the bloviating and the scare tactics coming out of ISIS itself we also have our responses from the government and the media with all their so called experts on cyber war and jihad. There is a lot of wankery going on here but finally this guy makes a little sense in the middle of his post on this mess…

ISIS’s main effort to date in cyberspace has focused on psychological warfare by generating fear through flooding the internet with video clips portraying the brutal acts of beheading and mass executions, as well as victory parades, as part of developing deterrence and creating an illusion of force in excess of the organization’s actual strength. The essence of its online activity, however, is broader. It enables its supporters to obtain operational information, including training in preparing explosives and car bombs, and religious rulings legitimizing massacres in regions under ISIS control. In tandem, it distributes indoctrination materials, such as a maagzine called Dabiq: The Return of Khilafah, which focuses mainly on topics relating to formation of the new Islamic state headed by ISIS leader Abu Bakr al-Baghdadi. However, ISIS’s technological expertise is not the only factor. Perhaps the public, which is revolted by the organization’s deeds but closely follows these clips and photos as a kind of reality show, is contributing a great deal to the organization’s popularity.

~Fortuna’s Corner

Yes, there it is.. ISIS has been carrying out a PROPAGANDA war primarily and with that comes from PSYOPS as well. This is the first true set of statements I have seen to date over this whole debacle. Ok, they are waging a propaganda war and a recruitment drive for sure but really, a cyber caliphate? I mean to date I have not seen this show up verbatim anywhere on the boards or on twitter so who’s leaping logic here? Seems to me that there’s a sucker born every minute and about 99% of them want to go into journalism nowadays.

A propaganda war using Twitter does not a cyber war make.

Cyber Warfare and Jihad

So let’s chat about the realities here about the capabilities of the Irhabi (ISIS/L or AQ or SEA) in a context of what we have seen so far. What have we seen you ask? Well, DoS, some data thievery, some malware use and phishing, but generally nothing spectacularly scary. Certainly nothing on the level of a nation state actor like China has been seen out of any of the loose groups that claim some jihadi notions online to date. So where do we get all this BOOGA BOOGA over the likes of Junaid Hussain and ISIS taking down our grids and things?


Yeah, there’s no there there. I am sorry but even if ISIS/L used it’s monies that it has stolen over the last months to set up a “cyber team” they still would be LIGHT YEARS behind the likes of China.. Hell they would even be way behind Iran for that matter so really, there is nothing to fear here. Never mind that many of these guys like Junaid are working in countries that are actively being bombed and shooting is happening so really, how much longer does Juny have anyway before he gets a Hellfile missile up his ass?

Truly the cyber jihad is a non starter for me and it should be for you too. On the other end of that equation though is the fact that they are actively recruiting and getting their message out using social media and this is a problem. Now don’t get me wrong, it is not a clear and present danger kind of thing because really, 100 Americans out of how many people seeing their online drivel have actually left the country to go to jihad pretty much gives a sense of the threat. You have to be pretty unbalanced to want to do this shit to start with so if you get up and leave the country to join up you are a truly unbalanced person to start. One so easily swayed by the propaganda wing of ISIS needs help and what they will certainly get is a bullet instead while fighting. Even ISISL really doesn’t care about the Takfiri, you see kids, they are just bodies to be used… Nothing more. They may call you brother but under their breath they call you fodder.

Much Ado About Nothing

The reality is that ISIS is more a conventional force than anything else. They are not as well planned as AQ and they tend to be one dimensional thinkers. I will admit that their propaganda war has been interesting to watch but I don’t see that it is an existential threat. In fact, I concur with the assessment that AQ is still the real player here who can strike at the US and had a better track record thus far. Surely if ISIS continues to carry out the propaganda war they may garner more recruits but I just don’t see them being that inspirational to get lone wolves to activate/radicalize. I certainly don’t see them being able to put teams together to hack our infrastructure and take us down either. In fact I am not a proponent of that line of thinking anyway as a great threat. Our systems are too complex and fragmented to allow for such a spectacular attack.

So please news media… STFU.


Written by Krypt3ia

2014/09/12 at 15:31

ASSESSMENT: The Islamic Cyber Resistance: Bin Laden Group and Mossad Dumps

with 3 comments

Screenshot from 2013-12-19 14_04_27

Dmvtz MCB!

The Islamic Cyber Resistance:

It seems that there is a new player in the cyber town and they call themselves the Islamic Cyber Resistance ( هيئة دعم المقاومة الاسلامية في لبنان ) They are loosely affiliated with Anonymous and it also seems perhaps the Syrian Electronic Army due to a combined hack effort recently. In the case of the dump however they seem to be working on their own and doing so because of the loss of Hassan Lakkis a Hezbollah commander who was killed near his home recently. The ICR dump was to “honor” him and to perhaps get people energized to do more even using “rememberhassan” as the password to the rar files uploaded to the net. I do wonder though at just how newly minted the ICR is because they have no Facebook site, no website that can be found as yet and little mention until recently. The are affiliated with Hezbollah notionally and seem to have ties to, the Hezbollah resource site which collects support for the Hezbollah organization. Ostensibly this hack attack against the Mossad and other entities and this dump were revenge for what is perceived as Israel’s killing of Hassan but the realities of the dump (which I will go into below) are much less vengeance and more an attempt to grab the spotlight in the great cyber jihad.


Hassan Lakkis

Screenshot from 2013-12-20 09:21:39

OPIsrael with Anonymous

Screenshot from 2013-12-20 08:42:01 front page

Screenshot from 2013-12-20 08:46:53


Meanwhile there’s a new Wikileaks in town and that is the domain and site that these dumps were announced and posted on. It seems that the domain has been around for a few years now and stared off as a WordPress site that wanted to be affiliated from the get go. However, it seems that the site was not an official one nor is it today according to what I have found looking around the internet. The domain is currently owned by someone calling themselves Ehsan Goorabi, who according to searches has been a graphic designer/web designer/printer owning his own business called “Lemon Graphics” in Lebanon. It turns out that Eshan is also in fact now a CEH so this kind of ties a nice little cyber bow on him as perhaps being a part of if not the main player in the ICR. The site is now getting play within the media and I am sure is getting plenty of traffic. However, after looking at all the dumps on there I just don’t see anything really spectacular in the way of secret information. In fact what can be found is the usual rhetoric and talk but no real shock and awe.

Screenshot from 2013-12-20 08:16:35WHOIS

Screenshot from 2013-12-19 14_37_05

Ehsan Goorabi CEH

Screenshot from 2013-12-19 14_42_55

Ehsan Goorabi Printer

Screenshot from 2013-12-20 08:29:14 FOR SALE!

The Dump:

The data dump in memory of Hassan too was pretty much a re-hash of data already out there in other dumps. The alleged hacking of Mossad data (personnel data seen already out there) and the alleged hack of the Bin Laden Group (BLG) Now the ICR and the WL site claims that there is some real bombshell information here but in reality it’s all just common data from the company that was hacked. PDF files and emails on daily business things that after looking at are nothing at all to be interested in even if there are claims of shoddy workmanship and perhaps some fraud. If you listened to the ICR they would have you believe it shows complicity with the government and other terrible things. Honestly though what would this data really mean to anyone within AQ, who nominally are mentioned in the dumps other than a sleight against the Bin Laden family who begat OBL in the first place? I guess time will tell if the dumps get better with this crew but to date they certainly aren’t stellar and more than certainly not worthy of all the press attention that this has garnered them.

Screenshot from 2013-12-20 07:09:57

Cyber Jihad:

So, the cyber jihad is on evidently. Well perhaps not a jihad, but at least a resistance as the moniker places them. It would seem that the ICR and SEA, who are already working together, along with the site may be something to keep an eye on if they get their acts together. SEA has been very active with low end hacks that grab headlines but really don’t create any substantive change. In aligning with the Wikileaks ethos though perhaps they will seek to out corruption within their area of influence. Maybe they will just keep flailing along in hopes of garnering the attention they seek, we shall see in the near future I imagine. I do wonder though at the alleged connections with IRGC though. To date these seem to be just pipe dreams of the media though. I cannot see my way to seeing any kind of IRGC support here because these people lack OPSEC as well as skill it seems from what they have laid out so far. In fact I think SEA, as lame as their attacks have been in real impact, are much more technically capable than the ICR today.

It will be interesting to keep an eye on these guys and see what they come up with next….


Written by Krypt3ia

2013/12/20 at 16:17

Posted in Cyber, CyberFAIL, jihad

DPR: Not so dread inspiring but surely now full of dread….

leave a comment »



No one would surrender to the Dread Pirate Ulbricht.

Well the news cycle exploded this week with the arrest of Ross Ulbricht aka DPR or if you like The Dread Pirate Roberts of Princess Bride and now Silk Road fame. The schadenfreude here had been epic as the criminal empire that was one of the largest in the darknet was taken down because the “pirate” could not comprehend how to carry out OPSEC properly. What lead to this guy’s demise was some good old fashioned internet gumshoe work by an SA who also worked on the Sabu case back last year. Ross it seems decided to use his personal Gmail address for postings pimping Silk Road as well as  other assets that tied it all together digitally back to him. Not the best of OPSEC here Ross.

I challenge you to a battle of wits.

Anyway Ross had an idea and that idea was pretty interesting in that he wanted to use the darknet to have a Libertarian nirvana of commerce for just about anything. He set up his site, maintained it himself for a time, and then began to realize that he could not do it alone and this is where things start to go wrong. You see, when you run something yourself you only have yourself to deal with. When you start bringing in people to work for you and they know things about you (and you will always slip up here and give things away unless you are a trained spook) and that makes them a liability to your Operational Security. Ross learned this the hard way I suppose in that he started to feel that people needed to be whacked because they knew too much.

Meanwhile the OPSEC failures that Ross had made were steadily creeping up on him. So too were the UC’s on Silk Road who worked their way into the boards making deals and gaining his trust. In the end Ross decided that one of the UC’s was actually a cool Huggy Bear kind of guy and asked him to whack one of his administrators who he felt was a threat… OOOPS! If it’s one thing a Dread Pirate should know is to “Trust No One” but Ross I guess did not read that lesson in his Econ Theory classes. I guess it’s just another pointer I would make to all of you would be Pirates or Ninja’s out there … You can’t trust anyone. Oh, and yeah unless you are trained for this at say Langley or maybe Академия федеральной службы безопасности Российской Федерации you are more than likely to fuck up majorly and end up in the clink with Ross and many others. I have to say though that the idea of using the darknet and all the means that Ross had put together was a pretty good plan. The only real hitch was that he never took into account that he was going to be going up against a nation state(s) and they always win.

Hey, at least he didn’t fall for that land war in Asia thing right? …..

Look, are you just fiddling around with me or what?

So Ross went on to become the ersatz Walter White of the darknet until one day at his apartment in San Fran his doorbell rang. At the door was ICE/DHS and they had an interesting package for him in their hands. The package was full of ID’s with his face on them but not his name and when asked about them according to the complaint/affidavit his answer was “Anyone could get documents like these online at places like Silk Road” which let me tell you Ross, isn’t the thing you want to be saying here. After some questions and answers it seems the ICE/DHS folks went away which is confusing to me. First off, I surmize that the ICE Q&A was just a front for the FBI’s ongoing investigation into Ross but really, why tip their hand like that? If I were Ross I would have closed the door, waved at the feds through the window, watched them leave and RAN to my system to have a fire sale at Silk Road. I would have chosen a new DPR and been on my way to a non extradition country but ol’ Ross?


Ross instead of cutting and running doubled down! He went on to do an interview with Forbes and continued on his way doing the business of being the “Dread Pirate” which let me tell you son, was one of the most ballsy and stupid things I have seen since Barrett Brown on camera threatened federal officers lives. Ross what were you thinking? I mean damn dude, did you really think you were Walter White? Oh well I guess time will tell as interviews are carried out or data dumps come from the feds as we go along slouching toward a plea bargain. Perhaps though your cognitive dissonance between personae online and offline just sort of short circuited you out and you couldn’t do anything other than carry on thinking you were covered.

Time will tell… But let this be a lesson to all you would be Pirates out there. You may call yourself a pirate or a ninja or even a Ninja Pirate but you really are just some shmuck with a grandiose sense of the self instilled in you by your helicopter parents who always told you just how fucking special and magnificent you were. So as you sit in federal pound you in the ass prison Ross take heart, for I am sure there will be another DPR someday in the darknets ….Sailing the dark digital waters with the shrieking eels that will some day end up in the cell next to yours where you can commiserate.


Written by Krypt3ia

2013/10/06 at 20:25


with one comment




What is it Mike? Why do you feel you need to sit and smirk on panels while spinning more and more exotic fantasist tales about the terrible cyber future out there? For that matter why do you feel compelled to joke about putting Ed Snowden on a kill list? I mean, you are retired man! You should be somewhere warm with your wife, sitting on a porch sipping a warm beer and enjoying life. Instead you are making the rounds trying increasingly more boldly to steal Dr. Cyberlove’s (Richard Clarke) thunder? What is up with you man? I mean are you trying to sell services or some kind of security appliance to the masses now that you are on that sweet sweet government pension? Or is it that you are now able to be the center of attention and talk after being bottled up so long as a secret squirrel at NSA?

Well in any case you are taking THE PRIZE with this little story you told about “CYBER MASS SHOOTERS!!”  WHOA dude you went completely plaid with this one! You have my attention at the very least! Well, that may not be so good though having my attention but I digress. Shall I tell the folks out there what I think about your little story?

*looks conspiratorially at the crowd and ushers them closer with an eyebrow waggle*

BOLLOCKS! It’s absolu-fucking-lutely bollocks my friend! Holy what the hell? Dude you are delusional and those panels that people are inviting you to increasingly are going to be comprised of you and Alex Jones having aneurysm fights.


The fastest-growing cyber threat is from a kind of digital mass shooter, a deranged or outraged hacker able to obtain cyberweapons currently available only to nation-states and organized crime, a former senior U.S. intelligence official said Thursday.

“They’re just mad, they’re mad at the world,” said retired Air ForceGen. Michael Hayden. “They may have demands that you or I cannot understand.”

Mr. Hayden warned that within five years hackers “will acquire the [cyberattack] capabilities that we now associate with criminal gangs or nation states,” such as being able to conduct online sabotage of industrial control systems that run power plants, factories and utilities.

Looks at that statements over and over and over again always having the same vapor lock.. HOLY WTF? Who do you think invented this shit in the first place? The hackers, the criminals, and YOU GUYS Mike! I cannot fathom just how clueless Mike seems here. I mean, he was in charge of the NSA so how could he be so out of touch? Perhaps he has early onset Alzheimers? Did he eat the British beef in the 80’s? 

*shakes head*

Ok so yeah “cyber mass shooters” I am trying to stifle a giggle every time I say it in my head. I don’t think Mike has really thought this one through. Has he seen the hackers out there? Has he got a good grasp of the infrastructure as well that we have? I mean HOLY COW! First off, let’s look at the hackers. It would take a cabal to do what he is talking about. The only cabals I know of are the criminal gangs, the nation states, and maybe Anonymous. So yeah, it’s all groups Mike, not one sole hacker master mind. I mean really, we aren’t all Thomas Jane ya know..

*slips in Die Hard refence #score!*

Next we have the idea that one sole hacker is going to be able to attack the “infrastructure” in a way that will be able to take it down. Uh yeah Mike, I’m sorry but that is just not so easy. I mean, it’s not like all the power companies run all the same things and are all connected to the same subnet mmkay? No Mike, it will take nation state patience, money, and access to take down a section of the grid for example and cause mass annoyance. There will not be “mass casualties” as you allude to and what did you say.. “Dislocation”???


Following that stellar statement we have this claptrap about how the hacker can now have “cyber weapons” like those of the nation state. Let me disabuse you of this notion right now Mikey…


The derp on that statement makes me want to just punch some small furry critter in the nuts man. SEE WHAT YOU DO TO ME MIKE!?!? Look, if you have a copy of Metasploit you are now actually, according to you Mike, A MASS CYBER SHOOTER! Your statement is infantile and it is the WORST type of fear mongering I have seen since your predecessor Dr. Cyberlove (aka Richard Clarke)

*hangs head*

Lastly, let’s talk about this infinitely stupid comment about how the “mass cyber shooter” may have no “demands” that we can understand.


What? Just how many movies have you been watching since you retired man? I think you have some real misinformation in your head from watching one too many Die Hard movies my friend. Wow.. Just WOW man! I am in awe of your derp on this one and that is a hard thing for me to do. I am almost speechless here …. Well not really.


Finally I think Mike has envisioned a new “Ministry of Fear” for us all to cling to in troubled times. He will be in charge of the ministry and he will make the rounds to all of the appropriate places to spew his stories of “cyber mass shooters” to a ravening lame stream media machine. Your hopes I am sure, are that you and your pals can scare the straights into compliance with the NSA pogroms you and yours have been carrying out and are now in trouble over. As long as you keep the fear levels at the right height, you and your pals can keep on keepin on with the tacit approval from the people.

Mike, you’d be wrong.

The Ministry of fear will fail and as long as you are out there saying these epic derptastic things I will be here countering them on my measly little blog. So, for the news media I will now break this down into small bytes, which I will then puree into a nice baby food consistency for you to slurp down.


  1. There will be no singular cyber mass shooter it takes too much effort and coherence to pull something off like this.
  3. If demands are made sure, you may have to look up some terms on Wikipedia or 4chan but hey, you will understand what “we” want so rest assured you will know.


God I need a drink…


Written by Krypt3ia

2013/10/04 at 18:36

So here’s my thing….

with 3 comments



Face it.. We are all PWND six ways to Sunday

Every frigging day we hear more and more about how the NSA has been emptying our lives of privacy and subverting the laws of this land and others with their machinations. It’s true, and I have been saying as much since the day Mr. Klein came out of his telco closet and talked about how the NARUS system had been plugged into the MAE West back in the day. We are all well and truly fucked if we want any kind of privacy today kids and we all need to just sit back and think about that.

*ponder ponder ponder*

Ok, I have thought about it and I have tried to think of any way to protect myself from the encroachment of the NSA and all the big and little sisters out there. I am absolutely flummoxed to come up with any cogent means to really and truly protect my communications. Short of having access to the NSA supercloud and some cryptographers I don’t think that we will not truly have any privacy anymore. If you place it on the net, or in the air. We have reached in my opinion the very real possibility of the N-Dystopia I have talked about before in the Great Cyber Game post.

As the pundits like Schneier and others groan on and on about how the NSA is doing all of this to us all I have increasingly felt  the 5 stages of grief. I had the disbelief (ok not completely as you all know but the scope was incredible at each revelation) Then the anger came and washed over me, waves and waves of it as I saw the breadth and scope of the abuse. Soon though that anger went away and I was then feeling the bargaining phase begin. I started to bargain in my head with ideas that I could in fact create my own privacy with crypto and other OPSEC means. I thought I could just deny the government the data. I soon though began to understand that no matter what I did with the tools out there that it was likely they had already been back door’d. This came to be more than the case once the stories came out around how the NSA had been pressuring all kinds of tech companies to weaken standards or even build full back doors into their products under the guise of “National Security”

Over time the revelations have all lead to the inescapable truth that there is nothing really anyone can do to stop the nation state from mining our communications on a technological level. Once that had fully set in my mind the depression kicked in. Of late I have been more quiet online and more depressed about our current state as well as our future state with regard to surveillance and the cyberwarz. I came to the conclusion that no matter the railing and screaming I might do it would mean nothing to the rapidly approaching cyberpocalypse of our own creation arriving. ….In short, we can’t stop it and thus the last of the five stages for me has set in. I accept that there is nothing I can do, nay, nothing “we” can do to stop this short of a bloody coup on the government at large.

I now luxuriate in my apathy and were I to really care any more I would lose my fucking mind.


Speaking of losing one’s mind.. Lately people all have been yelling that OPSEC is the only way! One (the gruqq) has been touting this and all kinds of counterintelligence as the panacea for the masses on these issues. Well, why? Why should we all have to be spies to just have a little privacy in our lives huh? I mean it’s one thing to be a shithead and just share every fucking stupid idea you have on FriendFace and Tweeter but really, if you can’t shut yourself up that is your problem right? No, I speak of the every day email to your mom telling her about your health status or maybe your decision to come out etc. Why should the government have the eminent domain digitally to look at all that shit now or later?

If you take measures to protect these transactions and those measures are already compromised by the government why then should you even attempt to protect them with overburdened measures such as OPSEC huh? I mean, really if you are that worried about that shit then go talk to someone personally huh? I know, quite the defeatist attitude I have there huh? The reality is that even though I claim not to be caring about it (re: apathy above) I actually do but I realize that we no longer have privacy even if we try to create it for ourselves with technical means. If the gov wants to see your shit they will make a way to do so without your knowing about it. I fully expect someday that they will just claim eminent domain over the internet completely.

Fuck OPSEC.. I want my government to do the right thing and not try to hide all their skirting of the law by making it classified and sending me an NSL that threatens to put me in jail for breaking the law.

Fuck this shit.


Then we have the CYBERWARZ!! Oh yeah, the gubment, the military, and the private sector all have the CYBERWARZ fever. I cannot tell you how sick of that bullshit I am really. I am tired of all the hype and misdirection. Let me clear this up for you all right here and right now. THERE IS NO CYBERWAR! There is only snake oil and espionage. UNTIL such time as there is a full out kinetic war going on where systems have been destroyed or compromised just before tanks roll in or nukes hit us there is no cyberwar to speak of. There is only TALK OF cyber war.. Well more like masturbatory fantasies by the likes of Beitlich et al in reality. So back the fuck off of this shit mmkay? We do not live in the world of William Gibson and NO you are not Johnny Mnemonic ok!

Sick. And. Tired.

I really feel like that Shatner skit where he tells the Trekkies to get a life…


All that is left for us all now is the DERPOCALYPSE. This is the end state of INFOSEC to me. We are all going to be co-opted into the cyberwarz and the privacy wars and none of us have a snowball’s chance in hell of doing anything productive with our lives. Some of us are breaking things because we love it. Others are trying to protect “ALL THE THINGS” from the breakers and the people who take their ideas and technologies and begin breaking all those things. It’s a vicious cycle of derp that really has no end. It’s an ouroboros of fail.

RAGE! RAGE! AGAINST THE DYING OF THE PRIVACY! is a nice sentiment but in reality we have no way to completely stop the juggernaut of the NSA and the government kids. We are all just pawns in a larger geopolitical game and we have to accept this. If we choose not to, and many have, then I suggest you gird your loins for the inevitable kick in the balls that you will receive from the government eventually. The same applies for all those companies out there aiding the government in their quest for the panopticon or the cyberwarz. Money talks and there is so much of it in this industry now that there is little to stop it’s abuse as well.

We are well and truly fucked.

So, if you too are feeling burned out by all of this take heart gentle reader. All you need do is just not care anymore. Come, join me in the pool of acceptance. Would you care for a lotus blossom perhaps? It’s all good once you have accepted the truth that there is nothing you can do and that if you do things that might secure you then you are now more of a target. So, do nothing…




Get every new post delivered to your Inbox.

Join 205 other followers