Archive for the ‘DERP’ Category
The Great OSINT and Threat Intelligence Debacle
Who hacked Ashley Madison?
Who the fuck should really care other than the police?
The answer is no one really should but just as with the whole thing there is a salacious fascination over the nature of the site and who’s who in the database. Now though we have cyber sleuths posting “maybe” evidence that a certain account “might” have ties to “maybe those” who hacked the site and dumped it’s contents online.
Just stop.
Look, the cat is out of the bag and the data is dumped so move on and learn from what happened at least if you can get past all the schadenfreude. This whole incident though only highlights something I have been saying for a while now. Primarily that OSINT and Threat Intelligence is only as good as the analyst and that in the game of Intelligence, it is easy to be led astray by the adversary as well as by your own cognitive biases. In this case with Brian Krebs and the Dezu account I can only say as a bystander watching the spectacle; “Enjoy the clicks man… Enjoy those clicks.”
I will say it again as I have said it many times in the past…
“It’s not about the who… It’s about the how. Learn from the how and attempt to prevent it in the future”
I had this discussion on Twitter the other day and yes, there are some reasons to do the attribution for companies that understand the threat space that is their domain. On average though it is pointless because companies do not have that basic comprehension on the part of their execs and their boards. So trying to give them a nuanced analysis of who the adversary is, is just fucking pointless. Learn from how they hacked you and care less about who they are. Perhaps instead understand who they are but really grok what they were wanting to steal is more important.
Meanwhile all the companies out there are yelling about attribution and how they can even do it “live” as I recently heard uttered on a sales call.
Fuck you… Fuck. You.
K.
Digital Jihad: The Great Irhabi Cyber War That Won’t Be.
Islamic State militants are planning the creation of a ‘cyber caliphate’ protected by their own encryption software – from behind which they will launch massive hacking attacks on the U.S. and the West.
Both Islamic State and Al Qaeda claim to be actively recruiting skilled hackers in a bid to create a team of jihadist computer experts capable of causing devastating cyber disruptions to Western institutions.
They are now boasting it is only a matter of time before their plan becomes a reality.
The Great Cyber Jihad
Since Junaid Hussain escaped over the border to the new lands of jihad (aka Syria) he has been vocal on Twitter showing off his great cyber manhood in classic irhabi bloviating online. That Junaid made some inroads by hacking into the prime minister’s email address at Gmail only lends him dubious credit to his hacking skills to a person involved in the security field. This however is not how the great unwashed within the media and certain quarters of the government and the military seem to perceive the threat posed by Junaid today now that he is an ISIL irhabi.
Islamic State militants are planning the creation of a ‘cyber caliphate’ protected by their own encryption software – from behind which they will launch massive hacking attacks on the U.S. and the West.
Both Islamic State and Al Qaeda claim to be actively recruiting skilled hackers in a bid to create a team of jihadist computer experts capable of causing devastating cyber disruptions to Western institutions.
They are now boasting it is only a matter of time before their plan becomes a reality.
The above text came from just one of the spate of recent reports on the great “Cyber Jihad” that is being touted to come from the likes of Junaid and ISIS/L as they attempt to expand their reach from the Middle East globally. This ls.particular commentary makes the bile rise within my gut on so many levels though. But that kind of pales in comparison to the one right below…
“We’re in a pre-9/11 moment with cyber,” John Carlin, assistant attorney in charge of the Justice Department’s National Security Division, warned at a July conference in Aspen. “It’s clear that the terrorists want to use cyber-enabled means to cause the maximum amount of destruction as they can to our infrastructure.”
PRE-9/11 OMG!!! Look you fuckwit if that were the case then China would have already put us out of our misery really. For that matter some half assed pot sodden kid who happened to hack into our grid would have taken us down years ago. There is just no need for this posturing and certainly above all coming from someone without a clue in their head about how things really work in the world of computer security. This kind of scare tactic aimed at getting people to respond in fear to allow for the government to do anything in the name of protecting us is vile.
Meanwhile you have other players such as the one below making statements of “ALL OUT CYBER WAR” while commenting on Anonymous’ operation against ISIS. I laughed and I laughed and I laughed until I just wanted to cry at the sheer stupidity of it all. Look, Anonymous can’t get their shit together enough to be both leaderless and effective so really, how much of an “ALL OUT CYBER WAR” can there be there huh? Do you even know what a cyber war really means? Cyber warfare is both digital and kinetic in it’s purest form and what kinetics did Anonymous really carry out in this operation to DoS ISIS offline?
Lemme give you a clue… None.
“Anonymous announced late last week a full scale cyber war against the Islamic State (Operation Ice ISIS), intended to attack ISIS supporters using social media for propaganda purposes”
So aside from the bloviating and the scare tactics coming out of ISIS itself we also have our responses from the government and the media with all their so called experts on cyber war and jihad. There is a lot of wankery going on here but finally this guy makes a little sense in the middle of his post on this mess…
ISIS’s main effort to date in cyberspace has focused on psychological warfare by generating fear through flooding the internet with video clips portraying the brutal acts of beheading and mass executions, as well as victory parades, as part of developing deterrence and creating an illusion of force in excess of the organization’s actual strength. The essence of its online activity, however, is broader. It enables its supporters to obtain operational information, including training in preparing explosives and car bombs, and religious rulings legitimizing massacres in regions under ISIS control. In tandem, it distributes indoctrination materials, such as a maagzine called Dabiq: The Return of Khilafah, which focuses mainly on topics relating to formation of the new Islamic state headed by ISIS leader Abu Bakr al-Baghdadi. However, ISIS’s technological expertise is not the only factor. Perhaps the public, which is revolted by the organization’s deeds but closely follows these clips and photos as a kind of reality show, is contributing a great deal to the organization’s popularity.
Yes, there it is.. ISIS has been carrying out a PROPAGANDA war primarily and with that comes from PSYOPS as well. This is the first true set of statements I have seen to date over this whole debacle. Ok, they are waging a propaganda war and a recruitment drive for sure but really, a cyber caliphate? I mean to date I have not seen this show up verbatim anywhere on the boards or on twitter so who’s leaping logic here? Seems to me that there’s a sucker born every minute and about 99% of them want to go into journalism nowadays.
A propaganda war using Twitter does not a cyber war make.
Cyber Warfare and Jihad
So let’s chat about the realities here about the capabilities of the Irhabi (ISIS/L or AQ or SEA) in a context of what we have seen so far. What have we seen you ask? Well, DoS, some data thievery, some malware use and phishing, but generally nothing spectacularly scary. Certainly nothing on the level of a nation state actor like China has been seen out of any of the loose groups that claim some jihadi notions online to date. So where do we get all this BOOGA BOOGA over the likes of Junaid Hussain and ISIS taking down our grids and things?
*squint*
Yeah, there’s no there there. I am sorry but even if ISIS/L used it’s monies that it has stolen over the last months to set up a “cyber team” they still would be LIGHT YEARS behind the likes of China.. Hell they would even be way behind Iran for that matter so really, there is nothing to fear here. Never mind that many of these guys like Junaid are working in countries that are actively being bombed and shooting is happening so really, how much longer does Juny have anyway before he gets a Hellfile missile up his ass?
Truly the cyber jihad is a non starter for me and it should be for you too. On the other end of that equation though is the fact that they are actively recruiting and getting their message out using social media and this is a problem. Now don’t get me wrong, it is not a clear and present danger kind of thing because really, 100 Americans out of how many people seeing their online drivel have actually left the country to go to jihad pretty much gives a sense of the threat. You have to be pretty unbalanced to want to do this shit to start with so if you get up and leave the country to join up you are a truly unbalanced person to start. One so easily swayed by the propaganda wing of ISIS needs help and what they will certainly get is a bullet instead while fighting. Even ISISL really doesn’t care about the Takfiri, you see kids, they are just bodies to be used… Nothing more. They may call you brother but under their breath they call you fodder.
Much Ado About Nothing
The reality is that ISIS is more a conventional force than anything else. They are not as well planned as AQ and they tend to be one dimensional thinkers. I will admit that their propaganda war has been interesting to watch but I don’t see that it is an existential threat. In fact, I concur with the assessment that AQ is still the real player here who can strike at the US and had a better track record thus far. Surely if ISIS continues to carry out the propaganda war they may garner more recruits but I just don’t see them being that inspirational to get lone wolves to activate/radicalize. I certainly don’t see them being able to put teams together to hack our infrastructure and take us down either. In fact I am not a proponent of that line of thinking anyway as a great threat. Our systems are too complex and fragmented to allow for such a spectacular attack.
So please news media… STFU.
K.
Vendor Hell
Vendor conferences and webinars:
Yesterday many of you who might read my ravings saw my Twitter feed explode with rage over a vendor sponsored conference I attended on the “Target Hack” The invitation to this meeting local to me …well an hour away that is, promised new and interesting information on the Target case and I decided to attend in hopes that there would be some inside info. What I got instead was a chance to listen to the meanderings on the 2nd amendment by Asa Hutchinson and the community college version of X-Force’s state of the hack.
The finale though was the talk on the Target hack which was prefaced with “Everything I am going to talk about today is open source and from the news” …really now, this is your inside information that you said would be given? What proceeded was a description of information you could get by reading the news reports and in particular Brian Krebs blog on the subject. This was nothing like that which I had been lead to believe was on offer and it made my bile rise as you may have seen. It was a giant time suck and really should only have been on offer for those who hadn’t a clue about the hack. In fact, this may well have been useful were you an executive without a clue. Which I am not.
A proposal for a ratings system:
I left the conference after IBM had done their dog and pony show on Target with a headache and a real distaste for all things vendor. I know, this is the norm for the bulk of the people in this business but it made me start thinking on the hour drive home. Perhaps in a perfect world we could have a ratings system for these meetings. If we were to be completely efficacious we could craft a way to denote the level of information being given and those best suited to attend. I know this is likely a pipe dream but I just have to toss this out there.
While I was completely bored and enraged by the conference yesterday, it did have it’s merits for someone who had no clue about the Target hack. Chris Poulin did a fair job at describing the events that were in the news and in the blogs and I believe a lay person (exec) would have learned at least something from it. So could we perhaps work with vendors to get a ratings system as well as maybe work with them to inform our managements in an efficacious way? I know, I may be dreaming a bit here and sound like a Cavalry Unicorn but hey maybe an aneurysm from yesterday made me more open to the idea.
All I am really saying is that if we want to be better at getting our execs to understand some things perhaps we need to control our vendors a bit more and get them to actually be useful to us instead of just hawking bad data and wares. Perhaps the reality is we as security professionals need to look at all of these vendor offerings and choose which ones can be trusted to be at least somewhat informative and worth going to for our management. A simple rating system would be very helpful, let’s say a 1 for n00bs, 2 for intermediate people and a 3 for technical and competent people?
Please? Pretty please?
The community wants better communication? Start reigning these guys in:
I guess what I am saying is that with all of the hubbub over Cavalry and “doing better” I would suggest we first start working with vendors offerings. Let’s cut the bullshit right out and start getting our managements to offerings that will actually help them comprehend the job they are supposed to be doing. Perhaps that only really means not letting them attend anything from a vendor at all huh? Perhaps these are all just in reality boondoggles …which incidentally I feel security conferences are today anyway, that need to be avoided like the plague.
Maybe there is no winning here.. I feel the rage returning which is the prelude to the apathy again, turn, turn, turn. Look, we all complain every day about managements lack of comprehension so if we are going to fix that perhaps strictly monitoring their vendor conference attendance is a good start. As for us, well, we need to continue to be jaded about these calls, webinar’s and meetings accordingly. If yesterday was any indication for X-Force then I need to start pulling away from anything they put out there. I cited it in a tweet but I have no idea how they put a <1% attack traffic on Aerospace and Defense in their slide. Perhaps that datum might speak more to their lack of penetration and usefulness in the space though.. hmmm….
I guess in the end the words to live by are “Caveat Emptor Stupid!”
K.
DPR: Not so dread inspiring but surely now full of dread….
zwfviyhpjvezupkhcfz?
No one would surrender to the Dread Pirate Ulbricht.
Well the news cycle exploded this week with the arrest of Ross Ulbricht aka DPR or if you like The Dread Pirate Roberts of Princess Bride and now Silk Road fame. The schadenfreude here had been epic as the criminal empire that was one of the largest in the darknet was taken down because the “pirate” could not comprehend how to carry out OPSEC properly. What lead to this guy’s demise was some good old fashioned internet gumshoe work by an SA who also worked on the Sabu case back last year. Ross it seems decided to use his personal Gmail address for postings pimping Silk Road as well as other assets that tied it all together digitally back to him. Not the best of OPSEC here Ross.
I challenge you to a battle of wits.
Anyway Ross had an idea and that idea was pretty interesting in that he wanted to use the darknet to have a Libertarian nirvana of commerce for just about anything. He set up his site, maintained it himself for a time, and then began to realize that he could not do it alone and this is where things start to go wrong. You see, when you run something yourself you only have yourself to deal with. When you start bringing in people to work for you and they know things about you (and you will always slip up here and give things away unless you are a trained spook) and that makes them a liability to your Operational Security. Ross learned this the hard way I suppose in that he started to feel that people needed to be whacked because they knew too much.
Meanwhile the OPSEC failures that Ross had made were steadily creeping up on him. So too were the UC’s on Silk Road who worked their way into the boards making deals and gaining his trust. In the end Ross decided that one of the UC’s was actually a cool Huggy Bear kind of guy and asked him to whack one of his administrators who he felt was a threat… OOOPS! If it’s one thing a Dread Pirate should know is to “Trust No One” but Ross I guess did not read that lesson in his Econ Theory classes. I guess it’s just another pointer I would make to all of you would be Pirates or Ninja’s out there … You can’t trust anyone. Oh, and yeah unless you are trained for this at say Langley or maybe Академия федеральной службы безопасности Российской Федерации you are more than likely to fuck up majorly and end up in the clink with Ross and many others. I have to say though that the idea of using the darknet and all the means that Ross had put together was a pretty good plan. The only real hitch was that he never took into account that he was going to be going up against a nation state(s) and they always win.
Hey, at least he didn’t fall for that land war in Asia thing right? …..
Look, are you just fiddling around with me or what?
So Ross went on to become the ersatz Walter White of the darknet until one day at his apartment in San Fran his doorbell rang. At the door was ICE/DHS and they had an interesting package for him in their hands. The package was full of ID’s with his face on them but not his name and when asked about them according to the complaint/affidavit his answer was “Anyone could get documents like these online at places like Silk Road” which let me tell you Ross, isn’t the thing you want to be saying here. After some questions and answers it seems the ICE/DHS folks went away which is confusing to me. First off, I surmize that the ICE Q&A was just a front for the FBI’s ongoing investigation into Ross but really, why tip their hand like that? If I were Ross I would have closed the door, waved at the feds through the window, watched them leave and RAN to my system to have a fire sale at Silk Road. I would have chosen a new DPR and been on my way to a non extradition country but ol’ Ross?
…..Nope.
Ross instead of cutting and running doubled down! He went on to do an interview with Forbes and continued on his way doing the business of being the “Dread Pirate” which let me tell you son, was one of the most ballsy and stupid things I have seen since Barrett Brown on camera threatened federal officers lives. Ross what were you thinking? I mean damn dude, did you really think you were Walter White? Oh well I guess time will tell as interviews are carried out or data dumps come from the feds as we go along slouching toward a plea bargain. Perhaps though your cognitive dissonance between personae online and offline just sort of short circuited you out and you couldn’t do anything other than carry on thinking you were covered.
Time will tell… But let this be a lesson to all you would be Pirates out there. You may call yourself a pirate or a ninja or even a Ninja Pirate but you really are just some shmuck with a grandiose sense of the self instilled in you by your helicopter parents who always told you just how fucking special and magnificent you were. So as you sit in federal pound you in the ass prison Ross take heart, for I am sure there will be another DPR someday in the darknets ….Sailing the dark digital waters with the shrieking eels that will some day end up in the cell next to yours where you can commiserate.
K.
I AM A NUCLEAR WEAPON MAN….
qsycniigfcfjdwjwhx
I AM A NUCLEAR WEAPON… A WEAPON OF AWESOME DERP
Welp, here I am again about to write yet another moron in the gubmnet speaking about computers and national security when they should just shut the fuck up. This time around it’s John Kerry, the new SECSTATE who opened his big stupid mouth in a confirmation hearing and uttered the following allusion to hackers today;
‘Foreign Hackers Are ’21st Century Nuclear Weapons’
*blink… twitch…rage*
John, buddy, I thought you were a bit of a bint when I knew you back in the Beacon Hill days but now you have really gone and done it. What the FUCK were you thinking? Were you thinking? Sometimes I just wish you people would take a step back and think about shit before you say it. You are wholly unqualified to make such a statement in the first place and here you are feeding that line of bullshit to the Senate committee who is confirming you? Tell me, did you also manage to completely control your gag reflex later on for the glory hole after the proceedings?
I heard this little bit of news on Twitter and thought; “Nah, they got that wrong.. No one would be THAT stupid as to say something like this” Sure enough I was wrong in thinking that. My bad I guess. You sir have taken the DERP award for the new year! It’s a nice award too because we have combined it with the “Jumping the Shark” award! It’s got this nice figure of Ira Winkler jumping a shark in a Fonzie pompadour while masturbating on the onlooking audience. I am sure it will go nicely in your new digs at State.
QUICK! CALL N.E.S.T.
So, now it’s out there, this phrase likening all “hacking and hackers” to an arsenal of weapons of mass destruction and all we can do is look on in abject horror as these morons believe this shit. Really, you are going to compare and contrast someone DDoS’ing a site, stealing corporate data, or defacing a page to a nuclear all out fucking bomb? WHAT THE FUCK ARE YOU SMOKING? ….And can I have some? It’s gotta be some damn strong shit for you to be believing the words coming out of your mouth.
Seriously though this is just par for the course given the “Cyber 9/11” going around the government today I guess. The problem is that the body politic has completely abdicated any full grasp of the realities here and instead have decided to just run with the scary words and ideas in an attempt to scare the masses into submission. This is a shameful state of being and it bodes ill for us all more and more every day. Grandpa it seems has gotten his first computer and is afraid to click delete because the world might fucking end and it’s time to take away grandpa’s license to “internet” I think.
Look, hacking and hackers, even if they hack into the power grid are noting in comparison to an ICBM aimed at a nation state where MILLIONS can die in the blink of an eye John and somewhere in that thick Heinz riddled skull you know this so cut it the fuck out. I know you won’t but I just had to say it before my head exploded from your stupidity. You have committed one of the larger of the deliberate misapprehensions about technology and hacking not to mention espionage that there ever has been.
.. And this derp’s for you.
DERPCON 1
So we have officially gone to DERPCON 1 now.. Nice… I give up. However, at the very least you have given me an idea for a T-shirt design. You will see me wearing the T-shirt above (sans pecs) at Shmoocon this year. So thanks John, at least I got this crappy T-shirt out of the deal I guess. Others seem to have latched on as well so maybe more will be seen around.
*hangs head… sigh*
I need a drink… MEDIC! BOURBON STAT!
K.
THE IRANIANS ARE KNOCKING! THE IRANIANS ARE KNOCKING!
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
There are known knowns; there are things we know we know.
We also know there are known unknowns; that is to say, we know there are some things we do not know.
But there are also unknown unknowns – the ones we don’t know we don’t know.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
“Mankdrake, come over here, the Redcoats are coming!”
THE IRANIANS ARE DDOS’ing OUR BANKS! UNCLE FRED CAN’T SEE HIS BANK ACCOUNTS OH THE HUMANITY!
The hue and cry over the DDoS that has been taking place since the summer on certain banks has been increasing over the last week and of course the secret squirrels and the hangers on who want to sell their wares and stories have been rife on the mainstream media. Of course the likes of Droopy Dawg (former Senator Lieberman) have also been making the rounds at podiums near you droning their dire warnings that Iran is double secretly “out to get us with cyber attacks”
Several of my contemporaries have posted articles this week pointing out that emperors all, have have no clothes on and yet, only within this small verse known as the INFOSEC community am I seeing this fact being leveled at all. It’s sad really that we the community in the know should be so marginalized by the media because we do not take the party line. Thusly the truth of the matter never reaches the unwashed masses and they live on in mortal fear and loathing over the great Muslim Shaitan that is Iran.
For us in the know though, we can only continue to say “No, that’s not what’s happening” to those who will listen or yell it out as I am here once again on my screed… Uhh.. I mean blog. Sad but true as well as for me at least cathartic to at least yell in ALL CAPS for a while. I feel better usually after a good screed here…
But I digress…
“What difference does it make if it’s true? If it’s a story and it breaks, they’re gonna run with it.”
Truth is something that media outlets and the government tell you they are giving you but really are they? In the case of the DDoS attacks on the banks there is no solid evidence as to any kind of attribution of who is doing it. This however has not stopped “government sources” and certain secret squirrels within the INFOSEC community *cough VENDORS cough* who are more than willing to tell you that it’s GOTTA be Iran. Why? well… Because.. IRAN DAMMIT! That’s about the sum of it right there. It is so because they say it is, we don’t need no stinkin proof or anything do we?
Now, had any of these people made the caveat that there is no real proof of this but my gut say’s it’s Iran that’d be ok but then again really? Really? That’s going to be an answer? If there is no proof then you say that there isn’t any and that you CANNOT say who did it. It’s simple really but instead we get the Iran angle because that is the party line for the saber rattling du jour right? Who am I kidding though right? After all according to Karl “Turdblossom” Rove back in the Bush administration “we make the reality” right? So the reality is, since it’s on the news and the secret squirrels have told us on background, that Iran is HACKING OUR BANKS!
*chuckle*
Hacking.. Ugh, that’s another issue altogether. The nomenclature is completely ignored by the media and the masses just eat it up because it has the word “hack” in it and that is god damned scary! Never mind that the DDoS really isn’t that harmful to anyone. Honestly, DDoS of the banks does not mean that they are down for the count. Sure they will lose some revenues while the sites are down but this is no nuclear strike or massive hack on the banking system that siphons trillions of dollars to Swiss accounts ala Dr. No. It’s all really much ado about nothing yet it is being flogged for the masses in one assumes is a preparatory campaign against Iran and nothing more.
“Can’t have a war without an enemy…You could have one, but it would be a very dull war…”
So yeah Iran is a repressive authoritarian theocratic government that treats its people poorly and seeks to engender itself as powerful to the global scene. They do have some technological know how and they are fixin on getting them some revenge but is a DDoS really going to be their raison d’etre? Think about it isn’t it laughable as a serious attack? Sure Anonymous does it but that isn’t all they have been doing right? THEY have actually been HACKING!
Good lord! I mean c’mon people! If you are gonna frame up Iran for some cyber shit at least do it with some serious hacks against corporations or infrastructure!! Oh, wait, I know, if they were to really do that then there’d be some real reasons for action right? Then perhaps the people might ask if what they are being sold is the truth or not right? Ahh that must be it right there huh? Just some DDoS, pay no attention, it’s not the end of the world.. Oh and IRAN IRAN IRAN CYBER CYBER CYBER!
*subliminal fear images flash across the screen as Anderson Cooper looks sternly into the camera*
Derp derp derp… So yeah, the government needs an enemy and attribution is soooo hard! It’s Iran.. No doubt about it. No, really, it’s a really complex attack! I mean no ordinary group of hackers or security folks could do this kind of thing! Well, except for those guys who have bitcoins and go to the darknet and rent some botnets.. Wait.. SHHHH… It’s IRAN! It HAS TO BE IRAN! IT’S A NATION STATE DDoS!
*takes drag on cig and looks through wayfarers*
You people make my ass twitch…
No no no no no, fuck freedom.
So once again we are left with the media not taking the full measure of things and that even includes NPR which had a report this week that nearly gave me an aneurysm. Brian Krebs told me yesterday in fact that he declined an interview/comment on this because they were not really willing to hear the truth about this. By the way Brian KUDOS to you man. YOU are my new hero! I presume that others who lack a certain moral ethical compass will be blathering every chance they get and those people should be publicly taken to task for their perpetuation of this farce.
Of course others like Jeff Carr have been a voice of sanity on NPR and elsewhere in the past but you know what? Jeff’s logic and truth doesn’t make for bleeding headlines that will draw clicks for ad revenue will it? Marginalize those who tell the truth that is too dull to sell ad space is the way of it today. So on it goes, the media drumbeat will continue saying that Iran is at the heart of every little cyber hiccup that we have from now on. Iran is in good company with China now. Hey, at least China isn’t alone! Now China can just glibly point at Iran and Mahmoud saying “It was them!” and surely many in the government and the media will say AH HA!
My friends we are doomed. The truth no longer matters and I suppose it hasn’t for some time. I am a dinosaur I suppose to believe that there are truths out there that should be told. Could Iran be behind the attacks by using proxy orgs? Sure. Do we have definitive proof? No. That’s all that needs to be said. That is of course not what we are getting from the government and media today though.
Hmm how long til Glenn Beck or O’Rielly are “Cyber Experts” I wonder….
K.