Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Disinformation’ Category

ASSESSMENT: The ZunZuneo “Hummingbird” Social Network and The Cuban Spring

with one comment

Zunzuneo

 

Cuban Intranet and Internet Access:

Cuban internet access is minimal and very controlled the the government. There were as of 2011 about 124K addresses listed to the .cu domain on the internet belonging to Cuba and the average ownership of a computer was low. The same was true over cell phone ownership and use compared to other Caribbean countries. The regime’s control over all of the infrastructure pervades to the intranet being primarily a tool for propaganda and a means of control via surveillance on those who could access it.

Screenshot from 2014-04-06 07:13:01

Internet access though became a feature to the rich in the country or the political (both are the same in reality) and one could buy access to the internet for a hefty price underground. In fact some blogs have shown up over the years on the proper internet after dissidents paid for or obtained access either themselves or by exfiltrating data to outside sympathizers for publication on blogs like WordPress or LiveJournal. Generally, if you wanted a source of outside news you had to either buy access to the internet in the black market, get it on the streets from people with SW radios, or by some other means. This control over the media and technology has perpetuated the control of the Castro regime and allowed his dictatorship to continue.

CUBA CYBER

Cuban Telco:

Cubacel also is a single proprietorship of all cell phone communication (state run) on the island and in fact the ownership of cell phones is one of the lowest as well in the world for penetration of cell phone owners and use. This too means that the Castro government has greater control over what the people can access as well as a single point of surveillance that can be used as a mans of control as well. Of course today this is all being said in the age of the NSA tapping just about everything so please take this with a grain of salt and the knowledge of how that makes you feel about surveillance by any government.

Screenshot from 2014-04-06 07:24:17

I am unsure of the prevalence of cell phones today in Cuba but I am guessing that these statistics are only a little different today due to the controls that the Castro government has in place over it’s populace as well as the poverty rate of the island itself disallowing general ownership and use. While the numbers may have grown so too might the attitude of the government due to a shift in power from Fidel to Raoul Castro. While the former was a bit more hard line the latter seems to be a little more open to allowing the country to loosen it’s grip on the people and allow communications with the US. This may also play a part in easing the minds of the people into thinking they could in fact use cell phones and platforms like ZunZuneo to air grievances.

ZunZuneo:

The ZunZuneo platform went live in 2010 and was a “Cuban Twitter” which was text based on the cellular network on the island. It was in fact a program put in place by USAID (likely a covert program run by CIA in reality) and ran until about 2012 and at it’s end it had about 40 thousand users on the island. The broad idea of the project was to have the Cuban’s generate their own “buzz” around dissident ideas and allow them a means to text one another outside the controls (ostensibly) of the Castro governments eyes and ears. This though likely was not a complete success nor was the program a success from the standpoint of mass demonstrations happening either as far as can be seen by any news sources reporting on this.

ZunZuneo was inserted and run by contractors and purported to be a Cuban creation with cleverly hidden funds and controls from USAID/CIA. The program’s aegis was to insert itself, gain a user base, and then to start to send texts to the users to spur political unrest against Raoul and Fidel Castro’s government. In the end the program came to a sudden halt due to finance issues (alleged) but the reality is it never actually got the directive to insert itself as an influence operation. It operated unbeknownst to the users and in reality was a failure because I think USAID and CIA had hoped they would see dissent traffic on it’s own. It did not and thus perhaps the idea was seen as not feasible and the finances were withdrawn.

YOUTUBE

Influence Operations:

 

Screenshot from 2014-04-06 07:36:44

 

Influence Operations are nothing new and over the years many have been carried out on places like Cuba. With the advent of new technologies like the internet this has become even easier to carry out on average when the populace has easy and free access to the net. in the case of Cuba this is not so much the case like the DPRK. I would say though that Cuba has a much more permeable information border than the DPRK due to it’s geographical location as well as the current regime’s leanings towards opening up a bit more. Though it is still the case that the current government still holds all the keys to information flow as well as a secret police force that controls the populace who get out of line. So it is no paradise of freedom and beauty.

That the US decided to use USAID to carry out this operation is an interesting choice but in their charter is the mandate to “spread democracy” so while some might question the aegis here and say that this was a rogue operation I don’t necessarily agree with that. One must understand that at least USAID has access to many places under its mission in general of providing humanitarian aid so there is purview there. The question though becomes do we want to taint such an org in the future and deny access to critical areas where people really do need help? This will be the fallout from this in general globally and likely will hurt people in the end. As influence operations go though this was a bit of a flop in the short term however. In the long term though perhaps this may lead an internal company or group to create a new ZunZuneo because the 40 thousand people using it really enjoyed it. If someone were to create a new one and if the populace felt that they could in fact speak their minds freely, then maybe they would rise up.

ANALYSIS:

My analysis of the ZunZuneo operation is that it was a novel idea but lacked oversight. An influence operation that inserted itself as a platform for communication in a place where cell phones and internet access is tightly controlled was a gambit that was bound to fail in my opinion. This was in fact the digital equivalent of releasing balloons with propaganda over the DPRK (which is ongoing today) and does not have a penetration level at which a real traction could occur. It is my belief that the CIA/USAID thought that what they had seen with popular uprisings like the Arab Spring could be effected in Cuba internally by it’s populace. What they failed to comprehend was the amount of outside help the Arab Spring had from the likes of Anonymous and the general internet to assist them in carrying it out. In the case of the Arab Spring and other incidents the governments attempted to clamp down on communications that they controlled only to be denied absolute control by key players outside allowing access through POTS and other means.

In the ZunZuneo scenario two things did not happen to cause it’s failure at the end. One was that the populace who had access perhaps did not feel they could speak their minds because everything was on Cubacel to start with. The second was the fact that this program was not a populist movement from the start. You will note that the other “spring” incidents had access to the internet proper not only on twitter but also by other means. These countries already had a populace who had access to external information and were consuming it regularly. The same cannot be said about Cuba in general as I have described it above. The traction just wasn’t there because the people know already that the vehicle that the information operation was to use was already monitored by the government that is oppressing them.

At the end of the day though I have been seeing an easing in the Castro regime since Raoul took over from Fidel and this would I hope, continue as the two of them age into retirement (aka their graves) and the people might have a chance at that point to make a change. Time will tell just how much more Raoul opens things up post this little debacle. However flights in and out of Cuba are more plentiful and there is a flow of monies etc that could be much more beneficial in the long run than any influence operation ever could. My fear though is that the old guard Cubano’s in Florida may have had a hand in this as well and there may be more out there in the wings. It could upend the growth that has happened and that would be a shame.

K.

Written by Krypt3ia

2014/04/06 at 12:22

The DARKNET: Operation Legitimacy?

leave a comment »

strongbox

gaiuaim ioi dui pln!

The DARKNETS…

The “Darknets” You’ve all heard of them. Some of you out there may have traversed their labyrinthine back alleys. However, have you ever thought that someday the darknet would be just as legitimate as the “clearnet” is today? With the recent bust of DPR and the Silk Road there has once again been great interest in the “Deep Web” and this interest was sparked once again for me too. It seems that the darknet is the new black once again and people are flocking to it just like onlookers at a traffic accident. Others though seem to be aiming to use the darknet technology (TOR and hidden services) to support free speech and to pass information as a legitimate whistle blower.

Still Mos Eisley but….

I loaded up TOR & Tails and took a trip once again into the digital Mos Eisley. It is still dark and full of crazy things and if you go there you too will see black market items, services like Assassinations for Bitcoins, and run of the mill blogs. You can (allegedly) buy just about any kind of drug in quantity just as easily as buying/mining bitcoins and paying for your drugs with them. All anonymously (once again allegedly as you can see from the DPR fiasco) via the Onion hidden services and backed by other services from anonymous email on TOR to bitcoin exchanges. However one can now see other sites out there that aren’t so black market oriented as well.

One such site is pictured above. The New Yorker decided post Ed Snowden’s revelations, that it was a good idea to put their new “secure dropbox” on the hidden services. This is a legit site that has been talked about on the clearnet as well as in the media a couple months ago. This is one of the first more legit sites I have seen out there that is offering a secure means to talk to reporters using the security that others on the darknets are using to carry out illegal activities. I have yet to really look at the site’s security but overall I see this one site being the key to showing others out there how the darknet can be used for something other than crime. Of course then again, if you ask the Obama Administration even this site could be considered illegal or an accessory to illegal leaking I guess. It’s really a matter of perspective.

Gentrification?

So what about other sites? What would you out there use the darknet for that is not “illicit” but requires some security and anonymity? I can foresee other sites popping up perhaps in the arena of free speech or even political movements that might like this model to pass their ideals on. I honestly think this is a turning point for the darknet. Of course this is all predicated on the darknet being “secure” after the revelations from the Snowden Archive of late. It seems the NSA is really trying pretty hard to de-anonymize anyone they want to and would love to have it just not anonymous at all. Well, let me re-phrase that.. Have them THINK it’s anonymous while it is not so much to the NSA.

Other sites out there include an online Koran as well as all kinds of other non criminal sites that are.. Well.. Kinda goofy or fringe. I think that perhaps now things might shift as the technology becomes easier to manage making it easier with global connectivity for us all to hang up a shingle in the darknet.

Time will tell though I guess…

K.

So here’s my thing….

with 3 comments

dark_of_night_OURO

VQX HWMVCUSE JQJFASSNTG QV! X HQ JD ISIAVVE!

Face it.. We are all PWND six ways to Sunday

Every frigging day we hear more and more about how the NSA has been emptying our lives of privacy and subverting the laws of this land and others with their machinations. It’s true, and I have been saying as much since the day Mr. Klein came out of his telco closet and talked about how the NARUS system had been plugged into the MAE West back in the day. We are all well and truly fucked if we want any kind of privacy today kids and we all need to just sit back and think about that.

*ponder ponder ponder*

Ok, I have thought about it and I have tried to think of any way to protect myself from the encroachment of the NSA and all the big and little sisters out there. I am absolutely flummoxed to come up with any cogent means to really and truly protect my communications. Short of having access to the NSA supercloud and some cryptographers I don’t think that we will not truly have any privacy anymore. If you place it on the net, or in the air. We have reached in my opinion the very real possibility of the N-Dystopia I have talked about before in the Great Cyber Game post.

As the pundits like Schneier and others groan on and on about how the NSA is doing all of this to us all I have increasingly felt  the 5 stages of grief. I had the disbelief (ok not completely as you all know but the scope was incredible at each revelation) Then the anger came and washed over me, waves and waves of it as I saw the breadth and scope of the abuse. Soon though that anger went away and I was then feeling the bargaining phase begin. I started to bargain in my head with ideas that I could in fact create my own privacy with crypto and other OPSEC means. I thought I could just deny the government the data. I soon though began to understand that no matter what I did with the tools out there that it was likely they had already been back door’d. This came to be more than the case once the stories came out around how the NSA had been pressuring all kinds of tech companies to weaken standards or even build full back doors into their products under the guise of “National Security”

Over time the revelations have all lead to the inescapable truth that there is nothing really anyone can do to stop the nation state from mining our communications on a technological level. Once that had fully set in my mind the depression kicked in. Of late I have been more quiet online and more depressed about our current state as well as our future state with regard to surveillance and the cyberwarz. I came to the conclusion that no matter the railing and screaming I might do it would mean nothing to the rapidly approaching cyberpocalypse of our own creation arriving. ….In short, we can’t stop it and thus the last of the five stages for me has set in. I accept that there is nothing I can do, nay, nothing “we” can do to stop this short of a bloody coup on the government at large.

I now luxuriate in my apathy and were I to really care any more I would lose my fucking mind.

OPSEC! OPSEC! OPSEC!

Speaking of losing one’s mind.. Lately people all have been yelling that OPSEC is the only way! One (the gruqq) has been touting this and all kinds of counterintelligence as the panacea for the masses on these issues. Well, why? Why should we all have to be spies to just have a little privacy in our lives huh? I mean it’s one thing to be a shithead and just share every fucking stupid idea you have on FriendFace and Tweeter but really, if you can’t shut yourself up that is your problem right? No, I speak of the every day email to your mom telling her about your health status or maybe your decision to come out etc. Why should the government have the eminent domain digitally to look at all that shit now or later?

If you take measures to protect these transactions and those measures are already compromised by the government why then should you even attempt to protect them with overburdened measures such as OPSEC huh? I mean, really if you are that worried about that shit then go talk to someone personally huh? I know, quite the defeatist attitude I have there huh? The reality is that even though I claim not to be caring about it (re: apathy above) I actually do but I realize that we no longer have privacy even if we try to create it for ourselves with technical means. If the gov wants to see your shit they will make a way to do so without your knowing about it. I fully expect someday that they will just claim eminent domain over the internet completely.

Fuck OPSEC.. I want my government to do the right thing and not try to hide all their skirting of the law by making it classified and sending me an NSL that threatens to put me in jail for breaking the law.

Fuck this shit.

CYBERWARZ

Then we have the CYBERWARZ!! Oh yeah, the gubment, the military, and the private sector all have the CYBERWARZ fever. I cannot tell you how sick of that bullshit I am really. I am tired of all the hype and misdirection. Let me clear this up for you all right here and right now. THERE IS NO CYBERWAR! There is only snake oil and espionage. UNTIL such time as there is a full out kinetic war going on where systems have been destroyed or compromised just before tanks roll in or nukes hit us there is no cyberwar to speak of. There is only TALK OF cyber war.. Well more like masturbatory fantasies by the likes of Beitlich et al in reality. So back the fuck off of this shit mmkay? We do not live in the world of William Gibson and NO you are not Johnny Mnemonic ok!

Sick. And. Tired.

I really feel like that Shatner skit where he tells the Trekkies to get a life…

Awaiting the DERPOCALYPSE

All that is left for us all now is the DERPOCALYPSE. This is the end state of INFOSEC to me. We are all going to be co-opted into the cyberwarz and the privacy wars and none of us have a snowball’s chance in hell of doing anything productive with our lives. Some of us are breaking things because we love it. Others are trying to protect “ALL THE THINGS” from the breakers and the people who take their ideas and technologies and begin breaking all those things. It’s a vicious cycle of derp that really has no end. It’s an ouroboros of fail.

RAGE! RAGE! AGAINST THE DYING OF THE PRIVACY! is a nice sentiment but in reality we have no way to completely stop the juggernaut of the NSA and the government kids. We are all just pawns in a larger geopolitical game and we have to accept this. If we choose not to, and many have, then I suggest you gird your loins for the inevitable kick in the balls that you will receive from the government eventually. The same applies for all those companies out there aiding the government in their quest for the panopticon or the cyberwarz. Money talks and there is so much of it in this industry now that there is little to stop it’s abuse as well.

We are well and truly fucked.

So, if you too are feeling burned out by all of this take heart gentle reader. All you need do is just not care anymore. Come, join me in the pool of acceptance. Would you care for a lotus blossom perhaps? It’s all good once you have accepted the truth that there is nothing you can do and that if you do things that might secure you then you are now more of a target. So, do nothing…

Derp.

K.

JIHADI’S HOLD LEGION OF DOOM CON CALL!! WOULD YOU LIKE TO KNOW MORE?

with one comment

fednet

AZIJ XXRZ HMCKIDACVA GZ UZZW!

The Legion of DOOM!

Yesterday the camel’s back finally snapped in my head after reading a post on Harper’s Magazine entitled “Anatomy of an Al Qaeda Conference Call”  which the author called into question the whole story that was put out by the Washington Times and their “anonymous sources”  The paper claimed that Ayman Zawahiri and all the heads of the various jihadi splinter groups got onto their polycom phones and their SIP connections to have a “concall” as we say in business today.

You all may remember the heady headlines in the last couple weeks where the mass media picked up on this story and began scribbling away on how the so called jihadi “Legion of Doom” dialed in for a sooper sekret meeting to plan the end of our Western Civilization. Now, I am sure some of you out there have seen my screeds (140 chars at a time more so recently) on just how we get played too often by the media and the government on some things but this, this is just epic stupid here. If you or anyone you know believed any of this claptrap coming from the media please seek psychiatric attention post haste.

Let me tell you here and now and agreeing with the article cited above, that the “LOD” did not have a skype or asterisk call to plan our downfall. At the most they likely had a meeting of the minds in a chat room somewhere within the jihadist boards out there or had a server set up somewhere for them all to log into an encrypted chat. I lean towards the former and not the latter as they usually lack subtlety online. Though, given the revelations from Mssr “Snowman” I can see how the prudent Ayman would want this to be on it’s own server somewhere and for people to authenticate locally and encrypted on a system that does not keep logs… But I digress…

Suffice to say that a group of leaders and minions thereof got together for a chat on <REDACTED> and that they talked about plans and ideas (from hereon I am going to coin the term ideating) for the destruction of the West and the raising of a new global caliphate. Does that sound familiar to you all? Gee, I can’t seem to put my finger on where I have heard that one before. … So yeah, there was a meeting, there were minions, and there were plans but here’s the catch; NOTHING WAS SAID THAT ALLUDED TO A REAL PLAN! No, really, there wasn’t any solid evidence that prompted the closing of the embassies all over. It was a smoke and mirrors game and YOU all were the captive audience!

As you can see from the article cited there seems to be a lot amiss with all of this now that some reality has been injected into the media stream of derp. Why was this all brought to you in the way it was put out there by the media? Was it only the demented scribblings of one reporter seeking to make copy for his dying paper? Or was there more to it? Was there a greater plan at play here that would have the media be the shill to the duping of the public in order to make them see say, the NSA in a different light in these times of trouble for them?

Makes you wonder huh?

DISINFORMATON & OPSEC

So yeah, a story comes out and there are “sources” sooper sekret sources that are telling the reporter (exclusively *shudder with excitement*) that the Great Oz of the NSA has intercepted a LIVE call with the LOD and that it had scary scary portents for us all!

WE. ARE. DOOMED!

That the NSA had help prevent a major catastrophe from happening because they had the technology and the will to listen in on a conversation between some very bad dudes like Ayman and the new AQAP leaders plotting and planning our cumulative demise.

*SHUDDER*

The truth of the matter though is a bit different from the media spin and disinformation passed on by the so called “sources” however. The truth is this;

  • The “con call” never happened. There was no set of polycoms and Ayman is not a CEO of AQ.
  • The fact is that Ayman and many of the other “heads” of the LOD were not actually there typing. It was a series of minions!
  • The contents of the “chat” were not captured live. There was a transcript captured on a courier that the Yemeni got their hands on and passed it on to the Western IC. (So I have heard, there may in fact be a chance they captured the stream using this guys acct) the Yemeni that is, not so sure it was us.
  • As I understand it, there was nothing direct in this series of conversations that gave any solid INTEL/SIGINT that there was a credible threat to ANY embassies.

There you have it. This has been WHOLLY mis-represented to the Amurican people. The question I have is whether not there was an agenda here on the part of one of the three parties or more.

  • Right wing nutbag Eli Lake
  • The “anonymous sources of intel”
  • The “anonymous sources handlers”

These are the key players here that I would really like to get into the box and sweat for a while. After the madness was over and sanity let it’s light creep into the dialog, we began to see that these so called sources were no more or less better than “CURVEBALL” was during the run up to the Iraq war. In fact, I guess you could say they were less effective than old curveball because we did not actually go into another half baked war on bad intelligence this time did we?

Another question that should be asked here is why was this information leaked in this way to the press on an ongoing operation that I would say might be pretty sensitive. I mean, you have a channel into a chat room (or *cough* con call as the case may be har har) that you could exploit further and yet you decide to close all the embassies and leak the fact that you have closed said embassies because you intercepted their sooper sekret lines of communication?

*blink blink*

Holy what the Hell? What are you thinking POTUS and IC community? Oh, wait … Let me ideate on this a bit….

  • The intel community is in the dog house right now because of the SNOWMAN FILES yup yup
  • So a WIN would be very very good for PR wouldn’t it? I mean you don’t have to hire a PR firm to figure this one out right?
  • HOLY WIN WIN BATMAN! We tell them we foiled their plans using sooper sekret means that the public hates for infringing on their “so called” rights and we can win hearts and minds!

Could it be that simple?

All joking aside though, think about it. Why blow an operational means of watching how the bad guys are talking UNLESS it was never something you really had access to in the first place right? You could win all around here (though that seems to be backfiring) IF the Yemeni passed this along and it was after the fact then how better to make the AQ set abandon the channel by saying you had access to it?

Right…

How better also to try and get a PR win by alluding (ok lying lying lying with pantalones on fire!) that you had compromised (you being the NSA and IC here) said channel! I guess overall the government thinks that the old axiom of “A sucker born every minute” still applies to wide scale manipulations of stories in the media to sway thought huh? Oh and by the way, if any of you out there think this is just too Machiavellian I point you to all those cables dropped by Wikileaks. Take a look at the duplicity factor going on in international realpolitik ok?

Political Wag The Dog

It seems after all once all the dust has settled that either one of two things happened here;

  1. Eli Lake did this on his own and played the system for hits on his paper’s page
  2. Eli Lake was either a witting or un-witting dupe in this plan to put out some disinformation in a synergistic attempt to make the IC and the government look good on terrorism in a time where their overreach has been exposed.

It’s “Wag The Dog” to me. Well, less the war in Albania right? I suggest you all out there take a more jaundiced eye to the news and certainly question ANYTHING coming from “ANONYMOUS SOURCES” on NATSEC issues. It is likely either they are leakers and about to be prosecuted, or there is a cabal at work and DISINFORMATION is at play using the mass media as the megaphone.

Sorry to sound so Alex Jones here but hell, even a clock is right twice a day.

K.

 

BofA Gets A Burn Notice

leave a comment »

data-deeper

rode bb iqdnpmbia fpn’k ybi lr qektrf?

PARANOIA 

par·a·noi·a

[par-uh-noi-uh]  

noun

1.

Psychiatry. a mental disorder characterized by systematized delusions and the projection of personal
conflicts, which are ascribed to the supposed hostility of others, sometimes progressing to
disturbances of consciousness and aggressive acts believed to be performed in self-defense or as a mission.
2.

baseless or excessive suspicion of the motives of others.
Also, par·a·noe·a  [par-uh-nee-uh]  Show IPA .
Origin: 
1805–15;  < Neo-Latin  < Greek paránoia  madness. See para-, nous, -ia

Paranoia , the Anonymous intelligence division (self described) published a dump of data ostensibly taken from Bank of America and TEK Systems last week. The information presented seems to show that BofA had contracted with TEK to create an ad hoc “Threat Intelligence” unit around the time of the LulzSec debacle. Of course since the compromise of HB Gary Federal and the revelations that BofA had been pitched by them to do some contract work in the disinformation business it only makes sense that BofA would set up a threat intel unit. The information from the HB Gary dumps seemed to allude to the fact that BofA was actively looking to carry out such plans against those they perceived as threats. Anons out there took great umbrage and thus BofA was concerned.

This blog post is being put together to analyze the data dumped by Anonymous and to give some perspective on what BofA may have been up to and to set some things straight on the meanings of the data presented by Paranoia. First off though I would like to just say that I think that generally BofA was being handed lackluster threat intel by a group of people with intelligence background. (for those names located in the dumps their LinkedIN pages showed former mil intel work) This of course is an opinion formed solely from the content that was available online. There may have been much more context in formal reports that may have been generated by the analysts elsewhere that was not open for the taking where Anon found this dump. The daily and monthly reports found in the database showed some analysis but generally gave rough OSINT reports from online chat logs, news reports, and pastebin postings. There seemed to be a general lack of product here and as such I have to wonder if there ever was or if perhaps those reports never made it to the internet accessible server that anonymous downloaded them from.

B of A’s THREAT INTELLIGENCE TEAM

Since the leak of their threat intelligence BofA has been recruiting for a real team it seems. A Google of the parameters show that they have a bunch of openings all over the place for “Threat Assessment” It makes sense since the TEK Systems team may in fact be mostly defunct but also that they likely would want an in house group and not have to pay overhead on consultants to do the work for them. TEK’s crew as well may have been the problem that caused the leak in the first place by placing the data in an accessible area of a web-server or having passed the data to someone who did not take care of it. Either way it looks as though BofA is seeking to create their own intelligence apparatus much as many other corporate entities are today. The big difference though is what exactly is their directive as a group is to be.

One of the problems I have with the Paranoia analysis is that they take it to the conspiratorial level and make it out to be some pseudo CIA like entity. The reality though is that from what has been shown in the documents provided, that this group really was only tasked with OSINT and threat intelligence by passive listening. This is a key difference from disinformation operations and active participation or recruiting of assets. I will cover this in more detail further on in this post so suffice to say that what BofA was doing here was not only mediocre but also not Machiavellian in nature. The argument can be made though that we don’t know the whole picture and I am sure Paranoia and Anonymous are leaning that way. I cannot with what I have seen so far. What I see is an ad hoc group of contractors trying to create an intelligence wing as a defensive maneuver to try and stay ahead of incidents if not deal with them more effectively should they not be able to stop them.

Nothing more.. Nothing less.

Threat Intelligence vs. Analysis and Product

All of this talk though should be based on a good understanding of what intelligence gathering really is. There are many variations on intelligence tasks and in this case what is clearly seen in the emails and documents is that this group was designated as a “Threat Intelligence” collection group. I have written in the past about “Threat Intelligence” and the misnomer many have on the idea that it is some arcane CIA like pursuit. One of the bigger problems overall is perception and reporting where intelligence gathering is concerned. Basically in today’s parlance much of the threat intelligence out there in INFOSEC is more around malware variants, their C&C’s and perhaps who are running them. With the advent of APT actors as well as criminal activity and entities like Anonymous the paradigm of threat intelligence has come full circle back to the old school idea of what it is from the military sphere of operations.

Today’s threat intelligence is not only technical but also human action driven and this makes it even more important to carry out the collection and analysis properly in order to provide your client with the information to make their decisions with. Unfortunately in the case of the data from BofA we see only sketchy outlines of what is being pasted online, what may be being said in IRC sessions, and what is in the news. Nothing overly direct came from any of the data that I saw and as “product” I would not be able to make much of any decisions from what was presented by TEK Systems people. What is really missing within the dump from Paranoia was any kind of finished analysis product tying together the information in a cogent way for the executives at BofA. Did TEK actually carry this type of activity out? Were there actual reports that the execs were reading that would help in understanding the contents of the raw intelligence that was being passed on in emails daily and monthly? I cannot say for sure. What I did see in the reporting (daily threat reports as well as monthly) were some ancillary comments by a few of the analysts but nothing overly structured or productive. I really would like to know if they had more of an apparatus going on here as well as if they plan on creating one again with all of the advertised positions in that Google search above.

Threat Intelligence vs. HUMINT

This brings me to the whole issue of Threat Intel vs. HUMINT. It would seem that Paranoia thinks that there is much more than meets the eye within the dump that makes them intone that there is a HUMINT (Human Intelligence) portion to the BofA program. While there may well be some of that going on it was not evident from any of the documents I looked at within the dump files. HUMINT would imply that there are active participants of the program out there interacting with the targets trying to recruit them or elicit information from them. With that kind of activity comes all of the things one might conjure up in their heads when they think on NOC (Non Operational Cover) officers in the CIA trying to harvest intelligence from sources (assets) in the field. From everything seen that was posted by Paranoia this is not the case.This operation was completely passive and just collecting data that was in public view aka OSINT. (Open Source Intelligence) Could BofA be seeking to interact more with Anon’s and generate more personal data other than that which the Anon’s posted about each other (DOX’ing) sure but there is no evidence of that. Given the revelations with HB Gary though I can see why the Anon’s might be thinking that they are likely taking more robust non passive actions in the background elsewhere though. Overall I just want everyone to understand that it’s not all cloak and dagger here and seems that Paranoia has a flair for the dramatic as a means to get their point across. Or, perhaps they are just living up to their name.

Assessment

My assessment in a nutshell here of the Paranoia BofA Drop is as follows:

  1. Paranoia found some interesting documentation but no smoking gun
  2. TEK systems did a mediocre job at Threat Intelligence with the caveat that I am only working with the documents in plain view today
  3. BofA like any other company today has the right to carry out this type of activity but they need to make sure that it’s done well and that it isn’t leaked like this
  4. If more documents come out showing a more in depth look at the OSINT being collected then perhaps we can change the above findings
  5. BofA needs to classify their data and protect it better on this front
  6. Paranoia needs to not let its name get the best of itself

All the drama aside this was a ho hum really. It was funny seeing all the analysts taking down their LinkedIN pages (really, how sekret squirrel is it to have a LI page saying who you work for doing this kind of work anyway? SECOPS anyone?) I consider those players quite burned and assume they are no longer working on this contract because of it. All you analysts out there named, you are now targets and you are probably learning SECOPS the hard way huh? I guess in the end this will all just be another short chapter in Encyclopedia Dramatica and an object lesson for BofA and maybe TEK Systems.

For everyone else.. It’s just LULZ.

K.

Counterintelligence, False Flags, Disinformation, and Network Defense

with one comment

//B zrxr wwmpxjnp vf ygwyr jh kur gig vvbxv nf o “yinwf zcnt”. Ilmf xp vv lbi vwwpe grxr mhct sxh ubpifmpxt qzgu o izkruyi nar t tcqjhrgrf. Mpgwf xrlf hawwki, CU’f uoom oehhvgvq lbtmqm, ybywzzcqt, ueq vbyzcvfx nngsk ucvlm. Pbh bxmf e qlf.\\

Threat Intelligence, Counterintelligence, and Corporate | Nation State Espionage

“Threat Intelligence”, a term that is just behind the oft used “Cyber” and God forbid, “Cyber” is all too often put in front of it as well to add more oomph for sales people to sell their brand of security snake oil… “But wait there’s more!” We also have other spook terms being kluged into the INFOSEC world now because, well, it’s cool to those cyber warriors out there. I know, I sound jaded and angry, which, yes, yes, I am, but… Well, it’s just gone completely off the rails out there. I hear people talking about these topics as if they know what they are talking about even with the exceedingly limited scope of digital security matters (i.e. hacking/forensics/defense)

I would like to clear the air here a bit on these terms and how they do really apply to the world of INFOSEC that we in this business now find ourselves in, one littered with military and spook terms that you may not be really familiar with. First off, lets look at the terms that have been thrown around here:

Threat Intelligence: In the spook world, this is the gathering of intelligence (HUMINT/MASINT/SIGINT etc) to determine who has it in for you and perhaps how they plan on getting at you.

Counterintelligence: Spies who hunt other spies (Mole Hunts etc)

Espionage (Nation State and Other) The umbrella under which this whole rubric exists. Nation state and other have the component of “Industrial” as well (i.e. IP theft)

Ok, so, where once we used to only have people in three letter agencies worried about “ThreatIntel” we now have the INFOSEC community looking at “threats” to their environments and calling it “Threat Intelligence” now. While it’s a cool name, does it really apply? What was it before the whole APT thing broke as well as the cyberwar-palooza we have today? For the most part, I can see only half of the term applying to any non state entity or three letter agency and that is of what “threats” are out there today. This means what exploits and pieces of malware are out there that your environment would be susceptible to.

Nothing else.

That is unless you suddenly have a company that has decided to launch its own “Intelligence arm” and yes, this has happened, but usually only in larger companies with defense contracts in my experience. Others though, have set them up, like Law firms, who then hire out ex spooks to do the work of counterintelligence as well as intelligence gathering to have an edge over everyone else. Perhaps this is bleeding out into other areas as well in corporate America huh? The point here for me is that unless you have an intelligence arm (not just INFOSEC) you should not be using the term “Threat Intelligence” as an encompassing statement of “there’s malware out there and this is what it is” Point blank here, IF YOU AREN’T DETERMINING WHO YOUR ADVERSARY IS AND WHAT THEIR PLAN IS… IT”S NOT THREAT INTELLIGENCE.

Looking at IP’s on an SIEM and reacting to a triggered event is not threat intelligence. It’s INCIDENT RESPONSE. It’s AFTER THE GOD DAMN FACT OK?

So, stop trying to make it sound cooler than it really is people. To further this idea though, we still have “Counterintelligence” which FOR FUCKS SAKE I have personally seen in a title of a complete MORON at a large company. This fucker sits around all day looking at his stock quotes though, see, it’s just a cool title. It has no meaning. UNLESS you really have an operational INTELLIGENCE UNIT in your company.

*Look around you.. Do you? If not then STFU*

If you do have a real intelligence wing in your org that carries out not only COUNTERINTEL/INTEL/HUMINT/THREATINTEL then more power to you. If not, you’re deluding yourselves with militaristic terms and cyberdouchery… Just sayin.

However, the way things are going with regard to the world, I should think that you might see more of these kinds of intelligence arms springing up in some of the larger corporations of the world. It’s a rough world and the fact that everything is networked and global has primed the pump for these kinds of activities to be a daily operations tool. It’s now the blurring of the lines between what nation states solely had the control and aegis over to now its becoming privatized and incorporated.

William Gibson saw it.. Phramacombinats and all.

False Flags and Disinformation Campaigns

Which brings me to the next level of affairs here. When I was on the DEFCON “Fighting Monsters” panel, I made some statements that seem to have come to pass. I spoke about how Anonymous would have to worry about “False Flags” against their name as well as expand upon the idea that Pandora’s box had been opened. Nothing on the internet would really be the same because we all had moved into the “spook world” by the actions of Anonymous as well as things like Stuxnet. The lines had been blurred and all of us net denizens need to be aware that we are all pawns in a series of greater games being played by corporations and governments.

Since then, we have seen many disinformation campaigns (think sock puppets on social media, fake news stories, rumours, etc) as well as false flag actions where Anonymous may have been blamed or named for actions that the core did not carry out. So many times since then we have seen Anonymous attempt to set the record straight, but, like I said before, who’s gonna believe them because they are “anonymous” and disparate right? Could be anyone… Could be them… And with previous actions, are they to be trusted when they say they did not do it? See, the banner thing (hive mind) has a tremendous proclivity for severe blowback as they have learned.

What’s sauce for the goose though, is also good for the corporate, political, private gander right? How many Acorn operations do you need to see happening in the election cycle to realize that this has been going on for some time and that, now, with the internet, its easier to perform these kinds of operations with a very small group with minimal effort as well? Pandora’s box was not only opened, it was then smashed on the floor and what was once contained inside has been forever unleashed upon us all.

Yay.

Now, going back to you INFOSEC people, can you then foresee how your companies reputation or security could be damaged by false flag operations and disinformation? A recent example may in fact be the attack purported to be on against Josh Corman of Akamai because he said some things that “some” anonymous players did not like. Were they really out to get him? Were they doing this out of outrage or was there another goal here? What you have to ask yourselves is, what is my company and it’s employees susceptible to in this area? Just as well, this also applies to actual attacks (DDoS etc) they could be signal to noise attacks. While the big attack is going on, another team could be using the fog of war to sneak into the back door silently and un-noticed.

See where I am going there?

In the case of Josh, do they want to D0X him or do they want to force Akamai to maybe flinch and let him go because of bad press, and potential attacks on their infrastructure and management?

Ponder that…There are many aspects to this and you have to have a war mentality to grasp it at times. Not all attacks frontally are the real attack today. Nor are all attacks on players what they may seem to be in reality, the adversaries may in fact have a longer game in mind.

Network Defense and Network OFFENSE

Ok, so back to reality today with many orgs and their INFOSEC programs. You are looking to defend your network and frankly you need not have “cool” names for your program or its players. What you need is to be mindful of your environment and pay attention to the latest attacks available that would affect it. Given today’s pace though, this makes just about everything suspect. You can get yourself an IDS/IPS, an SIEM, Malware protection, and all kinds of things, but, unless you know where shit is and what it is, you lose the big game. So, really, threat intelligence is just a cool name for an SIEM jockey today.

Like I said, unless you are doing some real adversary profiling and deep inspection of attacks, players, motivations etc, you are not doing THREATINTEL. You are minding the store and performing network defense… i.e. your job.

Now, on the other end of the spectrum lately, there have been certain douchenozzles out there saying that they can sell you services to protect your org with “OFFENSE”

*blink blink*

Offense you say? Is this some new form of new SPECWAR we aren’t aware of? Firms like the more and more vaporware company “Crowdstrike” seem to be offering these kinds of services, basically mercenaries for hire, to stop those who would do you harm. What means are they going to employ here? Obviously performing what they see as intelligence gathering, but then what? Once you have attribution will there then be “retribution” now like so many Yakuza centric stories in Gibson novels? I’m sorry, but I just don’t see this as viable nor really any kind of a good idea whatsoever… Leave it to the three letter agencies.

Alas though, I fear that these companies and actions are already at work. You can see some of that in the link above to the book I reviewed on private intelligence and corporate espionage. Will your data be a part of a greater corporate or government conspiracy? Some black ops mumbo jumbo over your personal information perhaps? Part of some retribution for some attack perceived to have happened to company A by company B?

Welcome to the shadows and fog of espionage kids.

Going “Off The Reservation”

Overall, I guess I just wanted to lay some things out there and get people’s heads around the amount of douchery going on today. We collectively have gone off the reservation post 9/11 with PII, Privacy (lack thereof) and hacking. That entities like Anonymous came to be and now see the governments and corporations of the world as dark entities isn’t so hard to see when you look at the crap going on out there. What we saw in Team Themis was just one small spec in a larger “Cyber Beltway Banditry” going on today. Look to the other side where you have Fusion centers with private INTEL gathering capacities tossing out absolute crap yet spending BILLIONS of dollars and, well, there you have it.

Monkeys with digital guns.

We are off the reservation already and it’s every man  (or woman) for him or herself.

In the end though… If you have a title that says something like “CHIEF INTELLIGENCE OFFICER” on it, you’d best be at a three letter agency.. If not, then you are deluding yourself with EPIC DOUCHERY.

K.

The Digital Posse Comitatus: Or How Generals Obfuscate and Inveigle To Congress

leave a comment »

Posse Comitatus

NSA, Black Chambers, and MAE’s with NARUS STA-6400′s

The recent article on wired.com about the Senate hearing with General Alexander (NSA) was an amusing. In it, they link to a video of the testimony before congress by Alexander on the issue of interception and surveillance of digital traffic in the US by the NSA and thusly, the DoD by way of alleged hardware and processes by NSA. This ability to do so has been around for some time in the digital age we live in now and really came out when Mark Klein came out of the closet on the NARUS system at the MAE he worked at.  However, way before this, the CIA and other agencies had such things as “Black Chambers” to open your mail or to look at your faxes/cable traffic via back door deals with the companies that made those technologies available. So this is nothing new in theory, just the actual practice of it has changed through the nature of technologies.

So, when I see the General hemming and hawing, obfuscating and inveigling about “how” things are done with the FBI as the internal acting body for surveillance and investigation after filling out paperwork, I have to snort and say “Liar” Or at the very least “obfuscator” The truth of the matter is that the NSA has the capabilities and the hardware but there is supposed to be a firewall against all of this happening (though there have been other whistleblowers from NSA who say otherwise) but, post 9/11 the lines have blurred considerably at the order of GWB.

Post 9/11: Bush Opens The Floodgates

There are stories of a room full of alphabet agency heads with GW when he told them all of the old rules applied no more. Domestic surveillance and all of the old rules were being thrown out the window and from what I heard, they were all kinda aghast at hearing it. What GWB was open the floodgates to the world of warrantless wiretaps and surveillance culture we now have and diminished the lines between military and civilian agencies collection and alleged sharing of data. In the case of the NSA though, the abilities were always there to monitor the traffic of the US, remember, how much of the infrastructure is indeed here? No, the only firewall was a rule set that said “thou shalt not listen to these people” and that was it. Post 9/11 though, because the 19 hijackers were here, they decided that the needs of securing the nation, rested on that firewall being turned off.

So it was that it steadily has become easier for the FBI and others domestic and military, to use the technologies at the hand of NSA and others to monitor the digital infrastructure. Ostensibly at first there were to be FISA courts and warrants, but, over the years as you have seen in the news, such things have become less and less used and the system negated. In the case of FISA, the FBI used it less and less, and in the case of the NSA, well, they never needed it because there weren’t “technically” allowed to monitor US Citizens right? This is not to say that they are always doing such things, but, you know that some have and it depends on the cases that they are making.

Remember, all of this is ostensibly to protect the nation from another 9/11.. And that the masses today are more often than not, oblivious to the precedents being set. This does not mean too that the NSA is just abusing these capabilities all of the time, nor is the FBI, in asking NSA for such intercepts.. But… Who watches the watchers really? Oversight committees only see so much and for those of you who say it is inconceivable I shall point to earlier history with Nixon and others as proof that it is not. So, if you wish to believe that it is all for our own good, and that terrorists like you see on NCIS are all being caught by these means legally and with honor, so be it.

Just know that people are fallible and the processes are so loose now with secrecy levels as never before to make things that do happen, never see the light of day whether they were right or wrong in the end.

NSL Letters and Warrantless Wiretaps

Today we have Anonymous making the waters muddier than ever before as well as a myriad of other security nightmares going on. Much of what goes on that requires the FBI to look into it is indeed illegal actions on the part of individuals and groups. On the terrorism side for instance there are many alleged “lone wolves” out there, jihobbyists really, who are mentally unhinged enough to want to plan and act out that require surveillance. These types of activities require the laws we have in place and the NSL letters and FISA warrants  kinda eventually went out the window because they were too slow for the feds allegedly. Just as well, there were issues with the warrants filled out being overly broad and not having sustainable reasons for their being sworn out. Was it just laziness on the part of the feds or did they just want to obfuscate because they “wanted” them to go through because had they filled them out right or at all, they would have been denied?

Today we have cases of warrant-less wiretapping going on as well as the recent warrant-less GPS issue that was overturned by the courts and thus the FBI had to turn off some number of GPS units in the field. But hell, really. what’s the point when your cell phone does all the GPS tracking for you huh? Everyone today pretty much has one that does it and it’s likely on because you are not thinking about the fact that you are tracking yourself every 8 seconds by just owning the damn thing and having it on. So, once again, it comes down to the grey areas here where privacy is really only what you make for yourselves. In the case of an NSL letter or a warrantless wiretap, well, you won’t know about it until you are van&d right?

Generally though, I do not believe that people are being unjustly convicted yet or being watched en mass.. However, the environment is ripe if you tweet something that gets someone’s attention right? It’s when I say this or think about this, is when I think of Nixon and the odious things he was doing with Hoover and the FBI as well as his CIA plumbers. Some may feel that this is the same feeling today that they are having where all of this is concerned.

Watching Alexander Dance Reminds Me Of That Scene In “Clear and Present Danger”

Going back to the testimony by General Alexander I find it particularly interesting that the senator brings up Posse Comitatus and Alexanders reaction to that. I had generally thought that Posse Comitatus was kinda dead anyway, but, it is an important question to ask now about the digital domain today. NSA has it’s civilian portion but generally it is a military arm run by a general. By asking about domestic surveillance, the senator is breaching an important question about how the military wants in on the digital battlespace and just where that will be fought. Can one, in the digital age insure that battles by the military will only be carried out in servers outside the continental United States? The short answer is no, and one has to argue then that the military could very well be fighting battles within the US (networks) and would this in fact contravene the Posse Comitatus act?

It’s an interesting puzzle to look at and I am thinking perhaps the Senate is beginning to have a light bulb go on over their collective heads about it. Though, it is my thinking that the general was not being as literal minded or truthful about the intricacies of what they were asking for an answer about. In my opinon he sidestepped it a bit and I am sure others out there will differ with my opinion. In my mind though, the crossing of the Posse Comitatus line where this type of intercepts are concerned was long ago broken by the administrations desire for “security”

Don’t get me wrong though, I agree, that there are times when this is quite necessary, but, there should be rules and processes.. Unfortunately in the case of the FISA court and FBI, we have seen where it was contravened repeatedly, so who’s to say that the NSA is any different? Overall though, the scene reminded me of “Clear and Present Danger” where Jack Ryan is asking for “training money” when in fact he has been set up and is actually getting money for Operation RECIPROCITY. It was at that time that the senator asks him if he’s telling the truth and that they had heard this all before during Viet Nam.

Where does the truth of it really lie? Will we ever know?

IT’S FUCKING BAMFORD YOU FUCKWITS!

In the end, it was an interesting little video and I really wished that the players could even get the little details right. For your edification Senators and General Alexander, the writer’s name is James BAMFORD I am pretty sure that Alexander has heard the name before and I think he kinda just got a giggle out of the cluelessness of the senator asking the question. Bamford though, does his research and he knows his shit, so, I will lean toward believing him over the testimony in this particular video. So NSA is building a new facility and some have pointed out that it could in fact enhance their abilities to surveil domestic actors or, just suck up the internet traffic as a whole. The likelihood is that the capability is there, but once again, the laws and the rules say that they cannot “use” such data.

Read between the lines on the testimony.. The tech is there.. It’s the rules that say they cannot use it.

Your mileage may vary on what you choose to believe the intent and the follow through is.

K

Trolls, Cutouts, and Disinformation Operations

leave a comment »

B0bby Mann International Man of Misery

Kevin McAleavey posted a piece recently about how he thought perhaps that the Symantec code released to the world by YamaTougher may have in fact also led or could lead to some compromise of EMC and or RSA. While his post makes certain assumptions (self acknowledged) it was something to think about a bit as a potential collateral damage situation for RSA and EMC.

Fair enough.

Soon after posting though, a user named Bobby Mann immediately called the author on his premise and made assertions in a rather rough fashion that he was in fact out of his head. While I personally have been known to make such assertions myself, I usually back my statements with facts and call out those who blatantly sow FUD among the community. In this case though, Bobby only got himself banned from the Island over further comments and actions that really just say he was a common “internet troll”

Soon after though, connections between Bobby and Symantec surfaced (his company is a re-seller of Symantec) and this piqued my interest in him as well as his commentary. You see, anyone connected to Symantec in such a way might in fact have something to gain by being the naysayer in this area right? Well, sorta at least, I mean the damage is done right? Symantec was pwnd and the code (though it be from 2006) is out and about. It just leaves more questions around the security of Symantec and its code further down the line from 2006 doesn’t it?

It also begs the question of what else may have been compromised there.. Or still may be?

In fact, I posted a piece on this very thing and have been fielding comments trying to minimize damage in a way to Symantec from someone, all the while though, I feel it still a valid question..

“Is Symantec still compromised?” “How is it that the people today at Symantec did not know about the 06 event?”

I only ask because in the news cycle they say they did not know they were compromised… Or was I hallucinating that?

Anyway, Bobby the troll got booted and seems to be done with the trolling for now. If you go back through many of his comments though, he does have quite the history of this.

Meh… Trolls…

Discernment Between Cutouts and Cutout Trolls

This event though made me think about trolling as a means to another end, an end that is just not all about being a penis. In the case of Bobby and Island, it seems that perhaps he may have something to gain in protecting the reputation of something his company re-sells. Others, like the comments on my blog post about the elephant in the room (Symantec’s failures and possible insecurity) may also have the same goal as well. I am unsure as to their real intents. In the case of Bobby, well, he seems to be rather “Trollington Bear” altogether so I lean toward that. The blog comments though to me, sounded a lot like someone who maybe invested in Symantec and did not want me driving their stock prices down.

Trust me.. I didn’t.

I guess what I am getting at is that trolls, while always available in the wild, also may in fact be cutouts for manipulation of story lines and perceptions under the right circumstances. One can even make the same case for YamaTougher him/themselves. Ask yourselves why YT would go about the things that he/they have done with the Indian angle as well as releasing old code and attempting to play the extortion game with Symantec.

What do they gain in attacking Symantec directly?

Are there others who would benefit from such an exploit as this? A company or persons unknown who could have some financial gain perhaps?

A competitor?

One wonders… In looking into Bobby he has a pretty consistent internet presence including a Linkedin profile as well as G+ etc etc. Though, the data within those sites is sparse and can lead one to believe that perhaps they are just a cutout series of accounts to lend credibility to his online persona. I guess in the end I just lean toward him being a real person…

Albeit a mostly useless one.

Disinformation Op’s And The Interets

Oh well, back to the Trolling on a micro scale. Bobby is a troll for all intents and purposes. So too you could say, is YammaTougher. The difference being between then is just what are their end goals here? This is something you the viewer have to take with a grain of salt with some of these comments on blogs as well as the bloggers themselves posting content to the web. Since the internet allows anyone to post anywhere, one has to separate the wheat from the chaff on what is being put out there.

In today’s world the internet has become the de-facto go to source for information. Wikipedia is a big example of this and as such there have been instances of people and corporations redacting content on their pages to make themselves look better. So, to quote the scifi types out there, it’s easy to “retcon” the truth just by posting it online and promoting it.

So, to Bobby I say “whatever” you can bluster on about how we are all morons for even bringing up the postulate of there being potential for compromise over leaked code. I still say that there is an elephant in the room and it has its trunk in Symantec’s trousers. YamaTougher meanwhile will go on propagandizing his/their alleged hacks and rants against India and other governments.

Big deal.

The problem is that too many people aren’t being discerning enough to separate the truth from the blather…

*I’m looking at you mainstream media*

Keep your wits about you kids… and always keep a UV lamp around to turn those trolls to stone (something I learned from Troll Hunter)

K.

Written by Krypt3ia

2012/02/13 at 19:37

Posted in Disinformation

The Hezbullah Cyber Army: War In HYPERSPACE!

with one comment

WAR! in HYPERSPACE: The Cyber Jihad!

A day or so ago, a story came out and made the rounds on the INFOSEC-O-Sphere about the Hezbullah Cyber Army The story, which was cub titled “Iranian Terror” was titled  “Iranian Cyber-Jihadi Cells in America plot Destruction on the Net and in Reality” Which, would get all our collective attentions right? The story goes on to tell about the newly formed Cyber Army that will be waging all out war on the US and others in “Hyperspace”

Yes, that’s right, you read that correctly.. This guy Abbasi is either trying to be clever, or, this is some bad translation. Sooo… Hyperspace it is! Well, I have a new tag line for him…

“In hyperspace.. No one can hear you giggle”

At any rate, the whole idea of a Cyber Jihad or a Cyber Hizbullah is a notion that should not just be sloughed off as rhetoric. I do think that if the VEVAK are involved (and they would want a hand in this I am sure) they could in fact get some real talent and reign in the ranks to do some real damage down the road a piece I think. So, while I may be a little tongue in cheek here at the start of this post, I want you all to consider our current threatscape (*cough* SCADA etc) and consider the amount of nuisance they could be if they made a concerted effort with the likes of the HCARMY.

So, yeah, this could be an interesting development and it is surely one to keep our eyes on collectively… But.. Don’t exactly fear for your lives here ok? After all, my opinion still applies that the bugaboo of scada does not easily fit into the so called  cyberwar unless it is effectively carried out with kinetic attacks and a lot of effort. Nope, if the HCA is going to do anything at all, it will be on the playing field of the following special warfare fronts;

  1. PSYOPS
  2. DISINFORMATION (PSYOPS)
  3. Support of terrorism (Hezbullah and others)
  4. INTEL OPS
These are the primary things I can see their being good at or being pawns of the VEVAK for.
So.. Sleep well for now because really all you have to truly worry about is that they are going to deface your page it seems (see picture at the top of the post)

Interview by IRNA with HCA

More than anything else though at the moment, the whole revealing of the HCA is more a publicity stunt than much else I think. For all of the talk in the US and other countries about mounting their own “Cyber Militia’s” it seems that Iran and Hezbullah wanted to get in on the ground floor..

Oh… Wait..

They forgot about the PLA and the Water Army!

DOH!

Oh well, sorry guys… Guess you will have to keep playing on that whole “HYPERSPACE WAR” angle to get your headlines huh? Besides, really, how much street cred is an organization like this anyway? So far I have been poking around all of their sites and find nothing (links or files) that would he helpful in teaching their “army” how to hack.

My guess.. This is kinda like putting out the inflatable tanks and planes for the Germans to bomb in place of the real ones.

The "About" Statement on HCA

Now.. Before You All Go Off Half Cocked (That means you Mass Media)

Meanwhile, I have seen the story that I linked up top scrawled all over the digital wall that is Twitter these last couple days. I am sure with everything that has been going on in Iran of late (i.e. the tendency for their bases to explode lately as well as their pulling another takeover of a consulate as well as spy roll ups) the media is salivating on this story because its juicy. It has it all really…

Cyberwar (hate that term)

HYPERSPACE!

Espionage

BOOGA BOOGA BOOGA We’re gonna activate our hackers inside your borders and attack your SCADA’s!

What’s the media not to love there?

HCA's YouTube Page Started in September

Well, let me set you all straight. This is piffle. This is Iran posturing and the proof thus far has been they have defaced a couple of sites with their logo.

THE HORROR!

This group has not even reached Anonymous standards yet! So relax.. Sit back… Watch the show. I am sure it will quickly devolve into an episode of the keystone cops really. They will make more propaganda videos for their YouTube, create a new Twitter account, and post more of their escapades on their two Facebook pages to let us all know when they have defaced another page!

… Because no one will notice unless they let us know…

Just The Persian Facts Ma’am

The real aegis here seems to be shown within the “about” statement for the group. Their primary goals seem to be to attack everyone who does not believe in their moral and religious doctrine. A translation of the statement rattles on about how the West are all foul non believers and that we are “pompous” Which really, kinda makes me think that the Iranian people, or at least this particular group, has a real inferiority complex going. More so though, it seems from the statement that they intend more of a propaganda and moral war against the west and anyone else they see fit than any kind of real threatening militant movement.

You know.. Like AQAP or AQ proper.. Or Jamaa Islamiya.

This is an ideological war and a weak rallying cry by a group funded by a government in its waning years trying to hold on to the digital snake that they cannot control forever. Frankly, I think that they are just going to run around defacing sites, claiming small victories, and trying to win over the real hackers within their country to their side of the issue.

Which… Well, I don’t think will play well. You see, for the most part, the younger set who know how to hack, already bypass the governments machinations and are a fair bit more cosmopolitan. Sorry Mamhoud, but the digital cat is already out of the bag and your recognition of this is too late. How long til the Arab Spring reaches into the heart of Tehran and all those would be hackers decide to work against you and your moral jihad?

Be afraid Mamhoud… khomeini…

All you really have is control temporarily.. You just have yet to realize it.

Tensions In The Region: Spooks & The Holiday Known as KABOOM

Now, back to the region and its current travails. I can see why this group was formed and rolled out in IRNA etc. Seems to me even with the roll up of the CIA operations there in Iran you guys still are being besot with problems that tend to explode.

  • Wayward Trojan drones filled with plastique
  • Nuclear scientists who are either being blown up or shot in the streets
  • Nuclear facilities becoming riddled with malware that eats your centrifuges.
You guys have it tough right now.
Let me clue you guys in on something… If you weren’t such a repressive and malignant regime, we might work with you on your nuclear programs to power your country. But, unfortunately, you guys are FUCKING NUTS! So, we keep having to blow your plans to shit (we as in the rest of the world other than say North Korea that is) because we are all concerned you just want a bomb. Why do you want that bomb? So you can lord it over the rest of us and use it as a cudgel to dismantle Israel say.. Or maybe to just out and out lob it over the border.
You are untrustworthy.
Oh well.. Yes we all have played games there and I agree some shit was bad. The whole Shah thing.. Our bad… Get over it.
I suspect that the reason why all of these bad things are happening to you now though sits in the PDB on the presidents desk or maybe in a secret IAEA report that says you guys are close to having a nuclear device. You keep claiming that you are just looking to use nuclear power peacefully… But then you let Mamhoud open his mouth again and shit just comes right out.
Until you guys at least try to work with others and not repress your people as much.. Expect more KABOOM.

What You Should Really Worry About From All of This

My real fear though in all of this hoo ha out of the HCA is that VEVAK and Hezbullah will see fit to work with the other terrorist groups out there to make a reality of this whole “Cyber Jihad” thing. One of these factors might in fact be the embracing of AQ a bit more and egging them on in their own cyber jihad. So far the AQ kids have been behind on this but if you give them ideas AND support, then we have a problem I think. The ideal of hit and run terror attacks on infrastructure that the government and those in the INFOSEC community who have been wringing their hands over might come to pass.

HCA Propaganda Fixating on OWS

If the propaganda war heats up and gains traction, this could embolden others and with the support of Hezbullah (Iran) they could “try” to make another Anonymous style movement. Albeit I don’t think that they will be motivated as much by the moral and religious aspects that HCA puts out there as dictum. Maybe though, they will have the gravitational force enough to spin all of this off into the other jihadist movements.

“The enemy of my enemy is my friend”

If the HCA does pull off any real hacks though (say on infrastructure) then indeed they will get the attention they seek and more than likely give the idea to other movements out there to do the same.

AND that is what worries me.

Cinch Up That Seatbelt… It’s Gonna Be A Bumpy Ride

Finally, I think that things are just getting started in Iran and its about to  get interesting. With all of the operations that seem to be going on in spook world (please don’t use PIZZA as a code word again mmkay?) and the Israeli’s feeling pressured by Tehran’s nuclear ambitions and rhetoric, I suspect something is about to give way. Add to this the chicken-hawks who want to be president (Herman I wanna touch your monkey) Caine and the others who have so recently been posturing like prima donna models on a runway over Iran and we have a disaster to come.

Oh.. and Bachmann.. *Shudder* Please remove her from the Intelligence committe!! That whole Pakistani nuclear AQ attacks thing was sooo not right!

PSSSSST BACHMANN they’re called SECRETS! (or, for your impaired and illiterate self SEKRETS) STFU ok?

OH.. Too late, now NATO is attacking into Pakistan…

It looks to me like the whole middle east is about to erupt like a pregnant festering boil and we are the nurse with the needs who has to pop it and duck.

So.. Uh yeah, sorry, got carried away there… I guess the take away is this; When you look at all the other stuff going on there, this alleged cyber army is laughable.

Yuk yuk yuk… You’re killin me Ahmed!

K.

Handwringing, Moralizing, Anonymous, Paedophilia, and Digital Vigilantism

with 2 comments

Preamble:

I recently posted about the Hidden Wiki and its prevalence in hosting paedophilia content. This post may or may not have left an impression on some of the  anonymous collective to take action and perhaps sow good will for their group by hacking into the “Lolita City” site within the DarkNet and releasing thousands of users email addresses and personal data (such as it is on such a site) for the Internet to feast upon. The Anon’s are doing this for their own reasons, but the upshot of it all is that they are causing the paedophiles pain in making it hard for them to get their content as well as potentially outing them online as purveyors and consumers of this wretched content.

Since my post applauding them and giving them some direction as to how to become more of an intelligence gathering apparatus for the LEO community, some in the infosec world have come forward and voiced concerns about this line of thought. All of the talk about the morals, legalities, and philosophical aspects of Anonymous undertaking such actions has gotten me thinking quite a bit.It all raises some interesting questions and philosophical challenges.

Anonymous and Digital Vigilantism:

What I think that most people with reservations about Anonymous taking up such operations as the DarkNet op have are that these people are for the most part kids without training and without any kind of oversight. Oversight in that they could get too big for their britches (one could say that many already have) and think that they are invulnerable to attack never mind the respective laws of our society. That said, it would seem that Anonymous, Antisec, and LulzSec have already decided to take up the mantle of vigilante’s already. However, the targets have been, for the most part, varied parties that could be seen as hapless victims or as malefactors, it all depends on the point of view really.

In the case of Scientology, well, aside from religious freedoms (trust me, they are not a religion) generally the Scientologists have been pretty much seen as getting what they deserved. Today though, years later, Anonymous has begun to take on the governments of the world as well as the likes of Paedophiles online. Once again, generally, people see what they want to concerning whether governments are good or bad. Paedophiles though, pretty much are outlawed universally. So, when Anonymous decided to attack, I could not fault them one bit. However, I could perhaps fault their methods.. Only in that they were bound to only let the paedo’s get away in the end.

I have said it before and I will say it again.. “One man’s freedom fighter is another man’s terrorist” It all depends upon your perspective really. While I do not think all of their targets have been chosen wisely, I cannot fault the true believers out th4ere that they are doing something out of conscience and good. This is not to say that a certain element of the movement is in fact just in it for the lulz (i.e. Antisec and LulzSec) There certainly are factions at play who just want to see the world burn as well as garner themselves digital street cred.

Overall though, the term Vigilante denotes a person or persons (committee’s) who dole out justice summarily when the law is seen as ineffective by them. In this case, the Anon’s have taken up the mantle of vigilante in order to rid the DarkNet of paedophile content because law enforcement seems unable to effectively. Now this is also the crux of the issue in another way, as the police generally are not allowed to hack into sites and dump the dirt so to speak.. The Anon’s are unhindered here. Just as they have felt the same way about other operations where they have denied service to corporations (likening it to a digital sit in) they have crossed the line of the law, but, their methods and motivations are free of it… Until they get caught that is.

The essence of the thing is this.. “Don’t do the crime unless you can do the time” If they believe in it strongly and act upon it, then they must accept the risks of being caught and incarcerated. So far, much of the motivation I have seen by a good deal of anon’s has been motivated by convictions and beliefs. All others have been for Lulz, which is what made LulzSec even more of a problem as they just did not care. The current Antisec movement that LulzSec begat also seems to lack the conviction of their beliefs and seems more driven by ego than anything else by their writings.

And this is the difference between the chaotic Joker like actors and the Batman types.

Anonymous vs. PLA, vs. Patriot Hackers:

Pulling back a bit now, I would like to look at the macroscopic view of Vigilante behaviour versus nation state sanctioned or perhaps, a better word for it would be “condoned” actions and groups. I have written in the past about groups like the Honker Union in China as well as the colourful character known as th3j35t3r. both of these entities have had an effect on the collective consciousness concerning digital vigilante justice and I think it important that they form the contextual base for Anonymous’ actions in Operation DarkNet.

First off, ALL of these entities have been doing what they do (Jester DDOS of Jihadi sites and Anonymous, Honker, hacking against the enemies of China, and Anonymous, attacking sceintology, the gov, and paedo’s) with a mind toward doing “good” In the case of Jester, he thinks DDoS-ing jihadi sites out of a patriotic bent that will stop them from communicating. In the case of the Honker Union, they are patriots to their homeland and attack others who would do their country slight or harm. Anonymous though, started out of /b/ … Which really is a band of miscreants for the most part. However, a core group decided to take on the mantle of doing right somewhere down the line and we find swaths of them today supporting Occupy Wall Street and other political agenda’s.

The basic idea here is that they are all motivated by a belief in some greater good.. Mostly. I am sure there are on individual levels, many more motives (ego, greed, ego… the list goes on) but I will just put it to a gross generality that these people want to effect some kind of change.

At least I hope that this is the case…

What is really different though is that in the case of Jester and the Honker Union, they both are condoned if not outright supported efforts by the countries they reside in. In the case of the PLA and the Honker, there is clear connection between the state and their actions. In the case of Jester, there are allegations (made by him) that his is state sponsored.. But, I think more to the point he is condoned. Either way, the Anon’s may indeed be getting some support (moral or other) from state sponsors and not even know it. In the case of Anon, they could just become the tool of another nation state and not know any better.

Which is pretty scary.

All of these entities though, have had a greater or less effect upon the internet these last few years through their online shenanigans via hacking. The secret is this, they are just the first. There will be others to be sure.. The genie is out of the bottle on this one.

Anonymous vs. LulzSec & Antisec:

Conversely, we have LulzSec and Antisec, who both wreaked havoc on the corporations and the police of the world lately. Their reasons for doing so pretty much have been stated as “because we are bored” At the core though, there seems to be a couple of motives here from postings online. One is the afore mentioned Lulz, the other, seems to be a kind of abject hatred of authority and police. In recent hacks on the police though, there seems to be a bent toward supporting the Occupy movement as the police have had some transgressions against them. So.. They hacked the police and dumped all their data to spite them. Frankly, I see no value to this and once again, even if motivated by supporting the movement, it has no real effect on the police other than to make them more angry and reactive against the protesters.

Basically, I still see Antisec as the Penguin & Joker while Lulz as The Riddler though while Anonymous has become more like The Batman in certain quarters

Anonymous on the other hand has had its lulz, but seems to be growing up a bit and maturing. The social conscience of anon has begun to take shape and within it (movement wise) may well be the lasting component that will be its Raison d’être in the end. Time will tell though, and I hope that this is the case more so than just a bunch of malcontent’s seeking attention and excitement.

The Hand Wringing by The Infosec Community At Large:

Alright, back to the hand wringing and the moralizing post the Op DarkNet…

Certain people in the community wrote that while the empathised with what Anon was trying to do with Op DarkNet, they felt that these people were not the folks they would have doing this to start. Most of this comes from the fact that many of the players are not trained investigators and not LEO’s. I can agree with this from the perspective of legal proceedings later on. If Anonymous hacks a server and then dumps data, it could have an effect on the court case from a few perspectives;

  1. Contamination: The defense could claim that the server was hacked and the data planted
  2. The data could have indeed been tampered with by anon’s
  3. The backend of the server/dbase could in fact be shared and all those who share could be swept up in the legalities/implications
  4. The hack is enough to raise reasonable doubt

So, yes, it could be counter productive to have a vigilante force actually hack a system and report it to law enforcement. However, I would advocate that in the case of Anonymous and the paedo’s at the least, they not just hack and dump data, but instead give that data to law enforcement to start an investigation. For that matter, if Anonymous just located the servers and authenticated (sans hacking) that the content was there, they could in fact just tip off the police.

And this is at least part of what they did with Lolita City in the DarkNet. They tried to locate the server location and this alone could be a great boon for the authorities.

On the other hand, there are moral/ethical objections on the parts of some who think that perhaps letting Anonymous do this type of thing, or even encourage it is setting a bad precedent. To them, Vigilante’s are outside the scope of good behaviour and the law.. They cannot be tolerated. Personally, I think that that is a sanctimonious load of crap, but, that’s just me.

Sometimes when the system cannot function other means need to be taken to effect change. In this case, within a network that is anonymized and the authorities have had little success in catching anyone trading in paedophilia, I see no harm in Anonymous outing them.. Though, I would rather they just passed the intelligence to the LEO’s instead. It is my opinion, that if done correctly, intelligence gathering of this type with a tip off to the police has a better chance at actual arrests and convictions than to just let them go on about their peddling of child pornography.

Just one man’s opinion…

Philosophical and Ethical Stands On Being The Digital Batman:

Utilitarianism:

This is the philosophical and ethical standpoint I take in being the digital Batman. Strict utilitarianism dictates that maximizing overall good is key. In this case and perhaps others, the taking down of the paedophile’s content and capturing their login credentials is enough “good” to allow for the action to be seen as acceptable. This is really the basis of The Batman’s ethics in the comics and ideally, for me on this particular incident with Anonymous.

Now, this does not mean I agree with all of their operations as well as certainly not agreeing with the bulk of the actions carried out by the Antisec movement. However, the perspective is the key I suppose. It’s a slippery slope I admit, but, in this case of OpDarkNet, I agree with the greater good being served in this case.

Deontology:

Here we have the Deontologists like Sam Bowne. Deontology is a nice thing to cling to the ethical rules of a governing system of laws. However, it seems to me, and others here, that this system of laws is not working against these offenders in the hidden wiki. Sure, you could say that the LEO’s have ongoing investigations, but, just how many busts have there been as opposed to the massive amount of content located on the hidden wiki and within i2p, Freenet, and TOR?

So far, I have not seen law enforcement really winning this battle.

Oh well, the Deontologists have their point of view and others have theirs. The key here is that Sammy and others like Packetknife are entitled to their point of view. They are right for themselves, and that is the issue with all philosophy and ethics arguments. Like I said, it’s all about your world view. However, I do not ascribe to a moral absolute unlike someone like Sammy.

There are no right answers. There is only what you are willing to accept for yourself.

Legal Aspects of Digital Vigilantism:

Now, on to the legal aspects here.

18 U.S.C. § 2252 : US Code – Section 2252: Certain activities relating to material involving the sexual exploitation of minors 

The US code on activities related to sexual exploitation of minors alludes to the fact that one has to “knowingly” access such content and to have more than 3 pieces of “content” to be considered guilty of child exploitation/pornography. This of course also alludes to the trafficking thereof etc etc in legalese. Where this is important for the digital Batman is where there are caveats.

(c) Affirmative Defense. - It shall be an affirmative defense to
a charge of violating paragraph (4) of subsection (a) that the
defendant -
(1) possessed less than three matters containing any visual
depiction proscribed by that paragraph; and
(2) promptly and in good faith, and without retaining or
allowing any person, other than a law enforcement agency, to
access any visual depiction or copy thereof -
(A) took reasonable steps to destroy each such visual
depiction; or
(B) reported the matter to a law enforcement agency and
afforded that agency access to each such visual depiction.

So, as I said before, if you are trying to take one of these sites down, then do turn off your browser’s images capabilities.. Hell, why not just use Lynx for that matter so as to negate the issue. However, there is a key point here that you all should take into account. It’s the bit about making the LEO’s aware of the content. This is what I was trying to get at before. If Anonymous or anyone is going to go after this content, then it would be best if you tipped off the LEO’s to the site and the content. Now, the above statement implies that if you make the tip, then you are going to let the police have your system to look at… And we all know Anonymous is not going to do that. So, just be judicious about your tip off’s to the authorities. Do your homework and dump the data to them directly, not on Pastebin.

Of course, then there are the issues of hacking a system in the first place… Well, in the DarkNet, the only thing as I see it that is key would be not leaving a trace that you were there. You know, kinda like the whole hiking ethos of only leaving footprints.. But in this case I would suggest not even a footprint should be left behind. It seems to me, that if you hack a paedo site, even with good intentions, you could get the double whammy from the authorities of hacking as well as accessing child porn…

And that could really be problematic.

So, in the end, I circle back to recommending that you become intelligence gatherers and locate the sources to report. If you locate them, and you get some good details for the authorities without having to SQLi them, all the better. You will be doing a good thing AND you will be satisfying the Deontologists in the room.

Keep your wits about you kids.

K.

Follow

Get every new post delivered to your Inbox.

Join 117 other followers