Archive for the ‘Dystopian Nightmares’ Category
Counterintelligence, False Flags, Disinformation, and Network Defense
//B zrxr wwmpxjnp vf ygwyr jh kur gig vvbxv nf o “yinwf zcnt”. Ilmf xp vv lbi vwwpe grxr mhct sxh ubpifmpxt qzgu o izkruyi nar t tcqjhrgrf. Mpgwf xrlf hawwki, CU’f uoom oehhvgvq lbtmqm, ybywzzcqt, ueq vbyzcvfx nngsk ucvlm. Pbh bxmf e qlf.\\
Threat Intelligence, Counterintelligence, and Corporate | Nation State Espionage
“Threat Intelligence”, a term that is just behind the oft used “Cyber” and God forbid, “Cyber” is all too often put in front of it as well to add more oomph for sales people to sell their brand of security snake oil… “But wait there’s more!” We also have other spook terms being kluged into the INFOSEC world now because, well, it’s cool to those cyber warriors out there. I know, I sound jaded and angry, which, yes, yes, I am, but… Well, it’s just gone completely off the rails out there. I hear people talking about these topics as if they know what they are talking about even with the exceedingly limited scope of digital security matters (i.e. hacking/forensics/defense)
I would like to clear the air here a bit on these terms and how they do really apply to the world of INFOSEC that we in this business now find ourselves in, one littered with military and spook terms that you may not be really familiar with. First off, lets look at the terms that have been thrown around here:
Threat Intelligence: In the spook world, this is the gathering of intelligence (HUMINT/MASINT/SIGINT etc) to determine who has it in for you and perhaps how they plan on getting at you.
Counterintelligence: Spies who hunt other spies (Mole Hunts etc)
Espionage (Nation State and Other) The umbrella under which this whole rubric exists. Nation state and other have the component of “Industrial” as well (i.e. IP theft)
Ok, so, where once we used to only have people in three letter agencies worried about “ThreatIntel” we now have the INFOSEC community looking at “threats” to their environments and calling it “Threat Intelligence” now. While it’s a cool name, does it really apply? What was it before the whole APT thing broke as well as the cyberwar-palooza we have today? For the most part, I can see only half of the term applying to any non state entity or three letter agency and that is of what “threats” are out there today. This means what exploits and pieces of malware are out there that your environment would be susceptible to.
Nothing else.
That is unless you suddenly have a company that has decided to launch its own “Intelligence arm” and yes, this has happened, but usually only in larger companies with defense contracts in my experience. Others though, have set them up, like Law firms, who then hire out ex spooks to do the work of counterintelligence as well as intelligence gathering to have an edge over everyone else. Perhaps this is bleeding out into other areas as well in corporate America huh? The point here for me is that unless you have an intelligence arm (not just INFOSEC) you should not be using the term “Threat Intelligence” as an encompassing statement of “there’s malware out there and this is what it is” Point blank here, IF YOU AREN’T DETERMINING WHO YOUR ADVERSARY IS AND WHAT THEIR PLAN IS… IT”S NOT THREAT INTELLIGENCE.
Looking at IP’s on an SIEM and reacting to a triggered event is not threat intelligence. It’s INCIDENT RESPONSE. It’s AFTER THE GOD DAMN FACT OK?
So, stop trying to make it sound cooler than it really is people. To further this idea though, we still have “Counterintelligence” which FOR FUCKS SAKE I have personally seen in a title of a complete MORON at a large company. This fucker sits around all day looking at his stock quotes though, see, it’s just a cool title. It has no meaning. UNLESS you really have an operational INTELLIGENCE UNIT in your company.
*Look around you.. Do you? If not then STFU*
If you do have a real intelligence wing in your org that carries out not only COUNTERINTEL/INTEL/HUMINT/THREATINTEL then more power to you. If not, you’re deluding yourselves with militaristic terms and cyberdouchery… Just sayin.
However, the way things are going with regard to the world, I should think that you might see more of these kinds of intelligence arms springing up in some of the larger corporations of the world. It’s a rough world and the fact that everything is networked and global has primed the pump for these kinds of activities to be a daily operations tool. It’s now the blurring of the lines between what nation states solely had the control and aegis over to now its becoming privatized and incorporated.
William Gibson saw it.. Phramacombinats and all.
False Flags and Disinformation Campaigns
Which brings me to the next level of affairs here. When I was on the DEFCON “Fighting Monsters” panel, I made some statements that seem to have come to pass. I spoke about how Anonymous would have to worry about “False Flags” against their name as well as expand upon the idea that Pandora’s box had been opened. Nothing on the internet would really be the same because we all had moved into the “spook world” by the actions of Anonymous as well as things like Stuxnet. The lines had been blurred and all of us net denizens need to be aware that we are all pawns in a series of greater games being played by corporations and governments.
Since then, we have seen many disinformation campaigns (think sock puppets on social media, fake news stories, rumours, etc) as well as false flag actions where Anonymous may have been blamed or named for actions that the core did not carry out. So many times since then we have seen Anonymous attempt to set the record straight, but, like I said before, who’s gonna believe them because they are “anonymous” and disparate right? Could be anyone… Could be them… And with previous actions, are they to be trusted when they say they did not do it? See, the banner thing (hive mind) has a tremendous proclivity for severe blowback as they have learned.
What’s sauce for the goose though, is also good for the corporate, political, private gander right? How many Acorn operations do you need to see happening in the election cycle to realize that this has been going on for some time and that, now, with the internet, its easier to perform these kinds of operations with a very small group with minimal effort as well? Pandora’s box was not only opened, it was then smashed on the floor and what was once contained inside has been forever unleashed upon us all.
Yay.
Now, going back to you INFOSEC people, can you then foresee how your companies reputation or security could be damaged by false flag operations and disinformation? A recent example may in fact be the attack purported to be on against Josh Corman of Akamai because he said some things that “some” anonymous players did not like. Were they really out to get him? Were they doing this out of outrage or was there another goal here? What you have to ask yourselves is, what is my company and it’s employees susceptible to in this area? Just as well, this also applies to actual attacks (DDoS etc) they could be signal to noise attacks. While the big attack is going on, another team could be using the fog of war to sneak into the back door silently and un-noticed.
See where I am going there?
In the case of Josh, do they want to D0X him or do they want to force Akamai to maybe flinch and let him go because of bad press, and potential attacks on their infrastructure and management?
Ponder that…There are many aspects to this and you have to have a war mentality to grasp it at times. Not all attacks frontally are the real attack today. Nor are all attacks on players what they may seem to be in reality, the adversaries may in fact have a longer game in mind.
Network Defense and Network OFFENSE
Ok, so back to reality today with many orgs and their INFOSEC programs. You are looking to defend your network and frankly you need not have “cool” names for your program or its players. What you need is to be mindful of your environment and pay attention to the latest attacks available that would affect it. Given today’s pace though, this makes just about everything suspect. You can get yourself an IDS/IPS, an SIEM, Malware protection, and all kinds of things, but, unless you know where shit is and what it is, you lose the big game. So, really, threat intelligence is just a cool name for an SIEM jockey today.
Like I said, unless you are doing some real adversary profiling and deep inspection of attacks, players, motivations etc, you are not doing THREATINTEL. You are minding the store and performing network defense… i.e. your job.
Now, on the other end of the spectrum lately, there have been certain douchenozzles out there saying that they can sell you services to protect your org with “OFFENSE”
*blink blink*
Offense you say? Is this some new form of new SPECWAR we aren’t aware of? Firms like the more and more vaporware company “Crowdstrike” seem to be offering these kinds of services, basically mercenaries for hire, to stop those who would do you harm. What means are they going to employ here? Obviously performing what they see as intelligence gathering, but then what? Once you have attribution will there then be “retribution” now like so many Yakuza centric stories in Gibson novels? I’m sorry, but I just don’t see this as viable nor really any kind of a good idea whatsoever… Leave it to the three letter agencies.
Alas though, I fear that these companies and actions are already at work. You can see some of that in the link above to the book I reviewed on private intelligence and corporate espionage. Will your data be a part of a greater corporate or government conspiracy? Some black ops mumbo jumbo over your personal information perhaps? Part of some retribution for some attack perceived to have happened to company A by company B?
Welcome to the shadows and fog of espionage kids.
Going “Off The Reservation”
Overall, I guess I just wanted to lay some things out there and get people’s heads around the amount of douchery going on today. We collectively have gone off the reservation post 9/11 with PII, Privacy (lack thereof) and hacking. That entities like Anonymous came to be and now see the governments and corporations of the world as dark entities isn’t so hard to see when you look at the crap going on out there. What we saw in Team Themis was just one small spec in a larger “Cyber Beltway Banditry” going on today. Look to the other side where you have Fusion centers with private INTEL gathering capacities tossing out absolute crap yet spending BILLIONS of dollars and, well, there you have it.
Monkeys with digital guns.
We are off the reservation already and it’s every man (or woman) for him or herself.
In the end though… If you have a title that says something like “CHIEF INTELLIGENCE OFFICER” on it, you’d best be at a three letter agency.. If not, then you are deluding yourself with EPIC DOUCHERY.
K.
Occupy Wall Street & Anonymous: Conflation, Synergy, Diffusion, and Media Spin
It All Started With Anonymous and Wikileaks
The Chinese have an aphorism “May you live in interesting times” It’s a bit more of a curse than it is an aphorism, but, the gist is that they are not wishing you a “good time” It has been feeling pretty “interesting” this last year and I really have to say that it all stems from Anonymous’ and their ignition of the nascent feeling today of powerlessness on the part of many. Whether it be their personal lives, or perhaps by looking at the whole of the world through the instantaneous news cycles that today’s technology has afforded, in general, people are not feeling as though they have much control over their daily lives.
I would have to say that much of this has its genesis in 9/11 and the post 9/11 world that we have come to be in. Security has become the operative word for some excesses by government to use its powers (self created) Case in point, the ability to spy on anyone deemed to be a threat without a warrant. The knee jerk reaction to 9/11 has allowed for a fear based response that has set some pretty scary precedents these last 10 years. Add to this the bank scandals, the recession, the fallout from Fanny and Freddy, and waves of greed and misdeeds on the part of corporations that influence the government, and we have quite the picture of how things have gone sideways.
But.. Much of this is not new I’m afraid. Wikileaks just opened the secret flood gates in some ways. Though, had you been paying attention you likely would have already known much of what Wikileaks was trying to say before the big dumps began to show up online.
What is new is that a new generation of youth have been disenfranchised enough to take up arms against it all as they see fit. Anonymous, was the catalyst for this in their early attacks on oppression like “Scientology” a system which really is much more a corporation melded with a religiosity (faux) to create an entity that is not taxed, does not have oversight by anyone, and seems for all intents and purposes, to be a “Corporate Cult”… Which when I think about it now post Steve Jobs departure from this mortal coil, is a lot like the reverb surrounding Apple and the Jobs-ian “passing on to a higher plain” claptrap.. But that is another story…
Either way, the gist of this all is that Anonymous and Wikileaks is the progenitors here I think, and it is the very nature of the collectives technical bent that has lit this fuse that finally reached out of the digital Kabuki theatre and on to the real streets.
Technology, The Great Equalizer
Anonymous’ use of technology only comes naturally as they formed online. It is with the growth of social media and the connectivity that we all have today with smart phones, that the movement went viral. Some may say it was the targeting, but I would say that the targeting was always there, but those who were feeling the miasma weren’t able to express it in the normal ways of yesterday. However, with blogs, micro-blogs, twitter, texting, etc, people coalesced into groups on their own with a collective gravity that eventually, had enough psychic mass to catch on large scale.
It is this very thing that has led to what we see today. From flash mobs to the final outcome of the occupy movement that harkens back actually to the early Tea Party movement in the way the word got out and collected like minds to its cause. All of these people have found each other and inspired one another to react to what they are perceiving as injustice within the systems in which they live. The technology has given the tools to the populace to respond in a way that only the mass media has had the corner of the market on for so long.
Added to this the technical aspects that bred not only the Anonymous “Hactivism” we have a new paradigm for dissent. The recent threat to DoS NYSE by Anonymous is case in point to the technology being used as not only a weapon but also as a means of protest, though the legalities of such attacks is questionable. The law has yet to catch up on much of the technology, so the arguments upcoming over the LOIC arrests for the MasterCard denial of service attacks will likely generate new law either way.
Interesting times indeed.
Occupy Wall Street.. Why Again?
Of late, the “occupation” movement has picked up speed all around the globe. However, it seems that with these demonstrations unlike the ones in the 60’s over Civil Rights, seems rather more diffuse when you go and observe what’s going on. Now, one could say that this is media spin, but, when I look at the aggregate reporting from all sides, I can see how some might categorise the movement as being diffuse. On some fronts, the movement seems to have been co-opted by others with more shall we say, exotic demands? I guess my fear would be that this turns into a Lolapalooza or a Burning Man instead of a protest with specific goals in mind.
Occupy Wall Street has a set of 13 goals that seemed to me pretty straight forward, yet, they seem to be open ended. Perhaps the movement might tighten them down a bit and generate some more concise and workable (demands) for lack of a better term? In the era of the 60’s there was a defined demand for a civil rights bill.. I suggest to you all now that you work something akin out on paper to give to the congress critters that want to work with you. After all, its kinda pointless to ask for things like “stuff” and expect to get something back (including support) that is concrete from the establishment. How about you get some of the luminaries in the economics field to give you ideas for positions?
Unless you direct all this energy, you will all be collectively mocked as a bunch of stinky hippies without jobs or just attributed to be “malcontent’s”
Define the argument… Get the 60’s protesters to show you the way.. After all, they really did change things.. For a while.
The Media, Lapdogs To The Corporations?
Speaking of perceptions, here we have one of the key issues today. For a long time it seemed as though the mainstream media was ignoring the protests. Perhaps they thought it was just going to go away and it wasn’t news. However, as they have come to find out, there seems to be a large disenfranchised populace out there willing to protest. Just who are they protesting and what seems to be the issue both from the perspective I have as well as what the media might want to portray it to be.
Yes.. That’s right, I am not a fan of the media today. It is my opinion frankly that Cronkite’s demise only saved him further pain and anguish over the career that he loved so much. The mainstream media as it’s called, is pretty much a corporate run “profit” centre as opposed to what it used to be “a cost centre” That’s right kids, as soon as news became a “for profit” business as a whole, its efficacy in providing true reporting became much diminished. Now, this is not to say that this wasn’t the case before. In the 19th century all you had to do was look at the newspapers of the day and you could see it was all about “if it bleeds it leads!” and just how much money could be made with a lurid headline. Of course today we get the same treatment from a fire-hose of sources online and off, all of which is now pretty much solely being run for profit.
When people talk about the media being the lapdogs of corporations, they need only look as far as FOX *cough* News, who really came down to the point in a court case claiming that they aren’t really news, but instead “entertainment” Enough said really huh? So, when I see the stories not only about things like Occupy Wall Street, but also anything I have a pretty good knowledge of, I see their spin to get headlines and attract viewers.. Viewers who in turn are the targets of marketing and advertising between segments. Follow the money…
Of course speaking of Fox, you only have to read a bit more and see how Mr. Kane.. Uhh, I mean Mr. Hearst… Uhh, I mean Mr. Murdoch uses his papers and other media operations to sway the public and the government. Even his machinations involving phone hacking is a telling piece of the puzzle no? Yes Virginia, Mr. Murdoch does underhanded things to get what he wants…
So, while we are protesting the other injustices, one might suggest that you all pay attention to the media that you are being interviewed by and made into sound bytes…
They can control the story.. Catch them at it… Stop it when they do.
The Governmental Response and New Backlash
Meanwhile, another faction that is being used by the media (hand in glove) is the government and the players within it who would use these tools. The recent coverage of the Occupy Wall Street movement on CNN for instance shows how the media can be used to portray the movement as nothing but unwashed stupid hippies (the falor Newt gave to the debate) Perhaps Newt was misquoted? Maybe it’s out of context? I think not. I find it really funny that the Republicans have latched onto this issue by saying that it is a symptom of “Class Warfare” and generally acting like the old man yelling at the kids to get off his lawn. Well, come to think about it, I guess that is pretty much on the mark, Wall Street is their lawn ain’t it?
The Democrats are only a little better on this issue as well. Sure, they support what is happening or what’s being said, but really, do any of us really think they are feeling so moved by their own ethos? Or might it be that it’s election season and they are seeing potential voters? Yeah, I think its the latter too. Frankly both parties are useless in my book and as for the Tea Party, well, they are pretty much tinfoil hat wearing reactionaries to me. However, this is not to say that they don’t have a core idea that is right.
Change needs to happen.
It’s just how and by whom is the real question.
So, when all of the Congress critters get in on talking about this I take it all with a pillar of salt, not just a grain. Meanwhile, we have the police responses to the protesters. For the most part, I can take no issue with the arrests that have happened on the face of them “legally” however, when violence is involved, then I begin to wonder just what the Hell is going on. Of course tensions will run high and there will be morons like Bologna (mace boy) but on the whole, I think the response thus far has been pretty even handed on the part of law enforcement. I know others will likely take issue with this, but, this is just my opinion of what I have seen thus far.
However.. Just how long will it be before the anti-occupy Wall Street folks start showing up fueled by the likes of the Tea Party whacknuts or worse?
Time will tell…
A Return of the Sixties and Socio-Economic Upheaval?
I have written at least a couple of times in the past year that I was beginning to feel as though the 60’s were coming back. With the Occupy Wall Street movement gathering strength and more voices being added, the spectre is back isn’t it? We still have many of the issues from the 60’s that haunt us all, but I would have to say that I am going to amend this statement with a time shift as well as political bent. I would have to say that this movement has much more akin with the 70’s than the 60’s.
In the 70’s we had the Vietnam war still ongoing. We had Nixon and the excesses of his grab at illegal wiretapping and wet-work in the US as well as outside. When it all came to light with the publishing of the Pentagon Papers as well as the exposure of the “Plumbers” by Woodward and Bernstein we got a peek into executive malfeasance. Compare that to today post GWB and two wars post 9/11… No wonder we all don’t trust our government huh? Now though, we have the elephant in the room added to the mix of business and money seeking to control the government through lobbying and other chicanery.
Frankly, it took an economic apocalypse to wake people up to it all..
My Conclusions On All of This
I foresee “interesting times” ahead. This movement will continue and likely will have no real effect in the short term on how our government is being run (primarily meaning going to the highest bidder) However, I think that this movement may in fact spawn the youth of today to action. Action meaning that they will take an interest in the system and perhaps seek ways to improve it. My hope is that they do and that someday things get a bit more cleaned up but, that may not be for some time. The sad truth of it though, is that for every Mr. Smith going to Washington, there is another who goes without the wide eyed wonder and sense of honesty who just seeks to puff themselves up and line their pockets.
Another sad fact is that there may even be some altruists who go there with good intentions and then find themselves following the lead of the Mr. Potter’s of the world.
One hopes that is not the case..
K.
The Hidden Wiki: Between The Layers of The Onion Router Networks
Inside The Onion Darknet:
Someone recently pm’d me online and asked if I had ever heard of “The Hidden Wiki” They said that they could not believe what they were seeing because they had just perused an ad that purported to offer “hired killer” services. This person immediately thought it was just a trap or a joke, but, it turns out that hired killers are just the tip of the iceberg within the TOR arcology. The TOR network it seems has become the new ‘Darknet’ hiding sites within the onion router networks themselves, totally anonymous and offering every kind of illicit trade one could think of including pedophilia images. There are innocuous sites as well, but there seems to be quite a bit of content (links within the wiki and pastebin’s that offer up nasty things.
How, you might ask, is this possible? Well, it is because of the nature of TOR itself. The Onion Router Network was a project started by the navy to anonymize internet traffic. Once it was set loose to the masses, it was upgraded and brought to the masses as a means to surf the web anonymously. This is done by using a series of routers (which you can set up yourself on any machine with the software) to receive and direct traffic anywhere online without any kind of record where the traffic came from once entering the TOR node network. (see diagram)
Once inside the system, unless under specific circumstances, you cannot be tracked. There are methods to obtain a users real IP address but they are hard to implement. So, with that said, the TOR system seems to not only allow people to access content on the internet proper, but now a secondary internet has been created within the tor nodes themselves. It would seem that perhaps this secondary internet could either be a haven for good data, or bad.. And from what I have seen so far, its mostly bad. The illicit trade of pedophilia being the worst of that ilk and it would seem that the purveyors think that they can do so without any hindrance because it is on TOR.
The Marketplace, A Digital Mos Eisley:
The Wiki offers many services, most of them seem to be driven by ‘Bitcoins’ and you can even find software to mine bitcoins as well as create them within this space. One has to wonder if you can really hire a hitman here or if this is just a BS post for the Lulz, but, other services seem straight forward and their sites are working. These services also include a wide spectrum of hacking as well as alleged DD0S/Botnet offerings as well. My first thoughts about all of this tended toward the idea that Anonymous must be like a kid in the candy store here, and then I began to search for them. It did not take me long to locate some sites that were ‘Anonymous’ themed as well as dumps of all the LulzSec hacks as well as a full mirror of Wikileaks dumps.
Here are just a few of the services offered in the Marketplace:
* Contract Killer - Kill your problem (snitch, paparazzo, rich husband, cop, judge, competition, etc). (Host: FH) * BitPoker v1.93 - Poker (Bitcoin). (Host: FH) * Buttery Bootlegging - Get any expensive item from major stores for a fraction of the price! (Host: FH) * Stat ID's - Selling fake ID's. * Bidcoin - Like Ebay. We increase the gross national product. (Host: FH) * Video Poker - A casino that features "jacks or better" video poker. - DOWN 2011-08-07 * Cheap SWATTING Service - Calls in raids as pranks. (Host: FH) * Data-Bay - Buy and sell files using digital currency. * The Last Box - Assassination Market (Bitcoin). - DOWN 2011-08-07 * Pirax Web DDoS - Take out your enemies in seconds. (Host: FH) * Hacking Services - Hacks IM and Social Nets, does DDoS, sells bank/credit/paypal accounts. Se Habla Espanol. (Host: FH) * Email Hacker - Hacks emails (Bitcoin). (Host: FH) * CC4ALL - Selling valid Credit-Cards. Most from Germany. (Host: FH) * Slash'EM online - Super Lots'A Stuff Hack-Extended Magic tournament server (Bitcoin). * Rent-a-Hacker - Pay a professional hacker to solve your problem, destroy your enemys. (Host: FH) * BitPoker v2.0 - New version of poker (Bitcoin). (Host: FH) * BacKopy - Sells game, software and movie discs (Bitcoin). (Neglected status note) - Broken 2011-08-07 * The Pirates Cove - Classifieds. (Host: FH) * BitLotto - A lottery using Bitcoin. (Host: FH) * Brimstone Entertainment - Escort Ads, Strippers, Adult Entertainers. (Host: FH) * Red Dog Poker - Play a simple game of poker (Bitcoin). * CouponaTOR - A service for getting retail coupons created (Bitcoin). (Host: FH) * Virtual Thingies - Buy virtual goodies like premium accounts, usenet access or domains (Bitcoin). (Host: FH)
You can also get a range of services like chemicals to make as well as tutorials how to make and sell anabolic steroids not to mention pages and files on weapons and explosives. Anarchy it seems has found a new digital home. One wonders just how long it will be before the onion becomes a home for jihadi’s as well. I suppose if they aren’t already, it’s only a matter of time until they are hosting their own sites in here as well. The real problem is navigation though for anyone looking around. Which makes this all the better for those seeking to be anonymous and stealth. There are a couple of search engines on the wiki, but due to the nature of TOR, one has to list their site in order for it to be found, so, I assume there are many sites out there that are only known to a very select few.
Paedophiles LOVE Anonmymity:
Meanwhile, it seems that there may be a bit of a war going on between the paedo’s and the hackers within this space as well. This particular page on the hidden wiki had recently been hacked and taken down, but, within a day or so, it was back up online serving out links. The FBI is aware of this site and others that I passed along to them, but, they are once again hard pressed to do anything about it because of the nature of TOR. It would probably be a safe bet though, that they have been monitoring these sites for a little while as the agent I spoke with already knew about the hidden wiki and some of the links forwarded. I guess that things though, are steadily growing on the onion darknet so new stuff is being put out there all the time.
All in all though, this is just another battlefield that the authorities must learn to fight in. Personally, I am with HD Moore in thinking that there may be some way to put a stop to all this… But, when he posited the idea it was 2007. Its almost 2012 and we still have the problem. All I can really hope for is that the decent hacker types living within this liminal digital space will keep taking these sites down and making the paedo’s lives miserable in the meantime.
Anonymity For Better For Worse:
On the flip side of all this is the idea that we need to be able to be anonymous online. I agree with this, I mean, I use TOR every day, but, anonymity is a double edged sword. As you can see from everything above, that very same anonymity that is protecting those who need free speech, or other protections it can afford, are also faced with the darker side of the technology. This space still seems to be fairly new in the sense of services, chat boards, paste sites, and other more normal internet style applications, but, in the contained anonymity that the onion network is giving them, the end users just mostly seem to be using it all for darker purposes.
And this will make things more difficult for everyone else as governments seek to destroy the privacy as they see more of this type of activities going on to use as excuses to peer into them.
K.
PLC Controlers, Stuxnet, and Kinetic Attacks: Blackhat 2011
Since the advent of Stuxnet, the problem of SCADA (PLC) systems and their control vulnerabilities has become the focus of the world. In that this seems to be the new flavor of the day because someone (A nation state actor) decided to use those known vulnerabilities (at least 10 years worth of them) to exploit the Siemens systems at Natanz and Bushehr nuclear facilities in Iran we now have a new form of terrorist attack as Cofer Black pointed out in the keynote to Blackhat.
Dillon Beresford presented a talk on the Siemens 7 system vulnerabilities at Blackhat yesterday and did a great engineering job on the Siemens PLC system 7 attacks. However, in being so close to the subject, at least in the presentation, he seemed ill equipped to understand some of the ramifications of the exploit that was used against Iran and the amount of work that had to go into it to pull it off.
I say this because of the offhand comment that a single actor (hacker in a basement) could in fact have come up with the exploit code and he is technically right. He has singly come up with more exploit code and plugins to Metasploit to prove it, but, the attack on Iran was more complex than just exploit code for a Siemens 7 PLC. This too seemed to elude him in the statement that he did no understand the reasoning for the pivot point of the Windows machines that were infected with the worm that injected the code into the system 7.
The reasons for the attack vector pivot point is simply this;
The actors who created this exploit(s) wanted to be able to infect non connected systems at key hardened facilities that they did not have access to. Facilities that may have had regular network connections that might allow access to the worm and thus infect not only one site but many and not just the PLC systems themselves. This attack was multi purpose and needed to be persistent for a long time in order to carry out its mission goal.
And the goals seem pretty evident now:
Have the centrifuges eat themselves
Have the product from the centrifuges be compromised and thus put Iran’s nuclear program even further back.
The fact is, that the exploit code for the PLC’s was small in comparison to the amount of work and 0day that went into the worm itself. This is a key feature of the attack and something that Beresford seemed to miss. The worm was indeed the delivery system and it was likely carried into the Bushehr facility by a contractor (my thought is Russian as they were working on the Iranian program and had access) on a USB stick. Once inside, the malware had the ability to detect, spread, and inject the exploit code specific to the Siemens PLC systems at those facilities.
This brings me to a second point on all of this. The intelligence needed to know exactly what systems the Iranians had was something only a nation state actor could really have the resources to gather. This was in fact a nation state attack from all the signs of it. That it used exploits for SCADA systems that were known to be vulnerable for some time is the only twist. However, that twist had been used in the past and as long ago as the Reagan era.
An attack on a Russian pipeline was eventually disclosed by the CIA as a worm that attacked the systems of the pipeline (i.e. the PLC’s controlling the pressure of the gas) and caused a 3 kiloton explosion. This worm was likely created by the CIA and used to help dismantle the USSR.. Well at least cause some heavy damage to a pipeline that was in contention at the very least. So, this type of attack is NOT NEW. It was a quietly known vector of attack as far back (publically) as 2004 when it was revealed to the public at large, but much longer known about in intelligence circles.
The short and long, the exploits may be new in some cases, but, the type of attack is not at all.
The real difference today though is that we have the hacker community out there able to get their hands on code easily and even perhaps the PLC systems themselves to create even more exploits. Add to this that many SCADA systems have been connected to the Internet (as they should NEVER BE) ripe for attack and we have a big problem. However, the proof of concept now is out there, the exploit code is available and all it will take is an aggressor tenacious enough to write the malware to have another Stuxnet type attack on less hardened systems. An attack that could bring down the grid, cause the poop factory to explode and leak into our drinking water, or, like in Russia, have our pipelines explode in 3 kiloton explosions.
This Dillon is the key point and I know you get that. So, lets extrapolate further, how about in future conferences we have more of what Dillon did. He went to Siemens and gave them the exploit code and showed them the problems. They, unlike many companies, are taking up the challenge and not trying to hide the problems but instead are actively working on them to re-mediate. The next step is to go to EVERY PLC maker (wink wink Big O and the Administration.. Oh DHS maybe?) and bitch slap them into doing something about the problems? As Dillon pointed out, these systems are pretty open and inter-operable, so the code is likely to be just as bad everywhere.
If we don’t.. We are likley to wake up one day to a big explosion and it may just be an accident.. Or, it could be another targeted attack like Stuxnet.
K.
PS.. One small thing Dillon.. Please, attend Toastmasters. I think it would help you greatly. You speak too softly and did not enunciate.
Enemy of the State

Fort Meade has acres of mainframe computers underground. You're talking on the phone and you use the word, "bomb," "president," "Allah," any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.
From The New Yorker; The Secret Sharer
The government argues that Drake recklessly endangered the lives of American servicemen. “This is not an issue of benign documents,” William M. Welch II, the senior litigation counsel who is prosecuting the case, argued at a hearing in March, 2010. The N.S.A., he went on, collects “intelligence for the soldier in the field. So when individuals go out and they harm that ability, our intelligence goes dark and our soldier in the field gets harmed.”
Top officials at the Justice Department describe such leak prosecutions as almost obligatory. Lanny Breuer, the Assistant Attorney General who supervises the department’s criminal division, told me, “You don’t get to break the law and disclose classified information just because you want to.” He added, “Politics should play no role in it whatsoever.”
Politics should play no role whatsoever? Really? This man is delusional to think that the statement, albeit correct, is actually factual. Of course politics play a part in such prosecutions, and case in point, this article cites examples of people getting slaps on the hand for breaking the espionage act and others where TS/S documents are concerned. The reasons that these others were not prosecuted to the full extent of the law was exactly because of politics and their entanglements. No Mr. Breuer, politics do play a role all too often.
That said, I encourage you all to read the full article and judge for yourselves just what happened with the case against Mr. Drake. It is my understanding from other sources as well as the New Yorker piece, that Drake was seeking to show waste on a grand scale while others were motivated by the idea that the sweeping changes to US law and oversight within the espionage area had taken a deep turn for the un-constitutional. This is an assessment that I agree with and have seen even more such dark turns lately where the digital realm is concerned. Frankly, at times I am a bit scared of the access and perhaps excess that the changes in the law have allowed for the NSA as well as anyone with enough juice within the newly minted security infrastructure post 9/11.
Constitutional Law vs. Technological Ease of Access vs. Political Agendas:
When the Constitution was created none of the technologies at play today were even a dream for the makers. Today though, the ideas of privacy, unreasonable search and seizure, and the fundamental freedoms we claim to cherish so much have been blurred. The blame for this rests partly on the technology, but mostly on the people who should be monitoring their system of laws. After 9/11 the people became all too trusting of the government to take care of them and all too willing to accept the over-reaches that they knew of while they were kept in the dark about others.
Case in point would be the FISA and warrantless wiretap situation that the Bush administration put into play after the terrorist attacks. It was the belief of the administration and the law enforcement community (certain factions) that too much time was lost to entering FISA warrants and getting approvals. So, instead they began to draft opinions that said the process was too ponderous, all the while they were putting together a secret process to just bypass the FISA altogether with or without the legal status to do so. This then begat the further access programs that essentially placed a tap on ALL communications going in and out of the backbone of the internet with the NARUS systems in the MAE’s around the country.
Since the technology was there, and it could be placed into a position to audit everything, they just said let’s do it. Thus, all traffic that you or I create over the Internet has the potential of being captured, flagged, and audited by someone at Ft. Meade without a warrant to do so. This also includes the cell phones as well because that traffic too passes through the same backbone system. Like the image of Brill above states;
Fort Meade has acres of mainframe computers underground. You’re talking on the phone and you use the word, “bomb,” “president,” “Allah,” any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.
Brill, a character from Enemy of the State, was going on about this in a film out before the attacks on the US. It would seem that if the technology had not already been in place then, the administration took a cue from the film and made it a reality after the twin towers came down. After all, the enemy could be anyone and the US populace wanted an action hero to take on the bad men and win. The same people though, did not seem to understand that to do so, the administration would take the shortcut of bypassing decades of laws set in place to protect our freedoms from excessive powers that the Bush administration wanted to have to ‘protect’ us.
It was this over-stepping of the laws that others within the story at The New Yorker had begun to tell to the Sun reporter and who now are being pursued by an alleged non political NSA and government for calling them on their breaking of the law. Just as much as Mr. Drake was seeking to show that the waste created by Trailblazer could also tie into the misuse of ThinThread’s code to eavesdrop on anyone.
Both of these concerns are shared by me as well. After all, with the technology in place and without the oversight, how do we know that abuses aren’t happening? The NSA is famously known to tell the Senate oversight committee to go pound sand… So, who is really watching the watchers?
Right Versus Wrong and Speaking Truth To Power; Do We Have A Say Anymore?:
So, if you have access to classified materials and programs and you see that things have gone off the rails how can you expect to report on it to the authorities and not be prosecuted? It used to be that there were protections, but, it seems now post 9/11 that changes to the paradigms of classification and the re-interpretation of the law to suit the state, it has become increasingly impossible to whistle blow and not be prosecuted. What’s more, if you decide to report, the data that you are reporting on may be classified to the extent that it cannot even be used in open court or with your non cleared lawyer because it may be deemed too sensitive.
The net effect is that if there is malfeasance going on it may be impossible to report it and not get yourself into dire legal trouble with the current whistle blowing legislation on the books. This makes it even easier for the state and or entities and parties within its infrastructure to not abide by the law and have little to fear of oversight or speaking truth to power.
Sheeple vs. The Informed and Worried:
Meanwhile, the populace may live their lives unaware of the capacities for the state to listen to them and or present evidence gathered on them in an extra-legal way. At the very least, due to the wider interpretation of the law, it is easier for the state to gather and use evidence in ways that were not possible before because of the latitudes given post the Bush administration.
From a privacy perspective and the expectation thereof, the idea that all traffic is being hoovered up by the state is kind of scary. From a constitutional law perspective, you have the right to privacy in your papers and your domicile. Does this actually apply to digital papers, computers, hard drives, and anything you pass over telco lines to the cloud? Or is it considered public domain like your trash being placed at the end of your driveway?
This is an important precedent and should be considered with every email, IM, and call you make today. Just as well, if you are intent on retaining your privacy, what are the ways to do so now that all of these lines of communication are monitored by the state? One also has to determine just how worried they should be about intrusion into their privacy. After all, today we as a people give up a lot of information on ourselves at sites like Facebook and if we do that, just how much privacy can we expect?
Following that thought process, if we give up our privacy so easily how can we make an argument against the changes to the FISA rules as well as other laws where eavesdropping on our daily digital lives are concerned?
I for one do not want all of my conversations recorded for someone else to audit whether or not I may have said or done something that could be construed as illegal or perhaps pique the interests of the fed. Of course today one could easily be stopped in some states for alleged traffic violations and be asked if they could clone your phone data… Just because.
Whistle Blowing… Not So Much:
I guess in the end that the state of affairs today leans heavily toward the government being able to pretty much do what it wants to. From the warrantless wiretaps to the detention of non combatants, we have quite an inheritance from 9/11 and the Bush years. Unfortunately much of what President Obama had pledged he would roll back from those years have instead been re-approved if not enhanced. Add the whole Wikileaks debacle and now you have an even more reflexive and paranoid government trying to over classify everything and getting really bent when things get out.
So, the idea of whistle blowing I think is pretty much a dead one from here on. If anyone sees wrongdoing going on then they probably will let it go for fear that they will be prosecuted into oblivion.
And then the state wins… There have to be checks and balances.
K.
Weapons Of Mass Disruption: Cyberpocalypse-a-palooza
To avoid a digital doomsday, Clarke and co-author Robert Knake argue that America needs to treat cyberattack capabilities as nothing less than weapons of mass destruction that can “skip over the battlefield” to target civilian life. That sort of threat, like nuclear weapons, calls for a multi-tiered response: treaties, transparency, beefed-up defenses and a focused concern on rogue states.
Cyberwar treaties face a problem that traditional ones don’t. An enemy could easily hide the source of attacks by routing them through hijacked computers in another country or attributing them to independent criminals.
But Clarke contends that a government could be held accountable for helping to track down any cyberattack originating within its borders, just as the Taliban was held responsible for harboring Osama bin Laden. Although attribution on the Internet isn’t as simple as in traditional warfare, cyberattacks can be traced. Clarke says forensic hackers can follow the trail of bits when they’re given time and leave to breach enemy computers.
“The NSA can do that. And the NSA tells me that attribution isn’t actually a problem,” he says bluntly.
Full article HERE
Dick, Dick, Dick, I am with you in so many ways.. BUT, when you start talking about DPI of the WHOLE INTERNET, then you lose me pal.
Sorry *shrug*
I personally don’t want the whole of the internet being siphoned even MORE than it already is by DPI at every providers NOC with a NARUS STA6400 system installed.
Nope, no thank you.
Now, on the other things likes accountability for nations with server on their soil I am with you. If a server is public/private and is on your soil, there should be “some” responsibility there. At least there should be enough to enforce security practices be carried out to prevent it from becoming the botnet slave in the first place no? Of course Obama wussed out on that one here didn’t he? No rules will be created to enforce that type of accountability here in the private sector.. No sir! It would put an undue strain on the private sector!
*tap tap* Uhh sir, most of the infrastructure is in “private” hands… Umm without making them do some due diligence we are fucked mmmkay?
Yeah…
Meanwhile, lets talk to the italicized and BOLD text. Back in the days of yore, when pirates roamed the seas, there was a thing called a “Letter of Marque” basically, government would give a pirate hunter the letter and say “go git em” This is what we need today I think. Of course this is touchy, but, this is pretty much what Dick is alluding to. He says that he “knows” that were the NSA given a letter of marque, they could not only penetrate the systems involved, but also run the forensics to attribute where the perp really is.
“Whoa” to quote Neo…
Yes, it’s quite true. Not only the NSA could do this though. Go to the BlackHat or Defcon and you would have a plethora of people to choose from really. So this is no mysterious mojo here. Its just that this type of action could cause much more ire than the original attack maybe and lead us into that physical war with the nukes. Who knows.
I guess though, that what has been seen as the model for the future “internet” with cyber-geographic demarcations might just be the real future state we need. At least that is what Dick’s advocating here and I can sorta see that as a way to handle certain problems. If we break up cyberspace so to speak, into regions (like the whole .XXX debacle) then we can have set rules of governance. At present the internet is just a giant wild west stage complete with digital tumbleweeds and an old whore house.
*pictures the dual swinging doors and spurs jangling*
The one thing that rings true though, is that there needs to be some accountability.. Just what form that will take is anyone’s guess. For now though, we will continue on with the lame government jabbering and frothing with the lapdog that is the so called “press” lapping it all up and parroting it back to the masses.
Smoke em if ya got em…
CoB
Virtual Arkham: Explaining Anonymous, Lulzsec, and Antisec Animus in Our Digital Gotham City
with 12 comments
Personae Dramatis: The Rogues Gallery
In this post I would like to show you what I have been seeing with regard to Anonymous the other groups that have spawned from it. Increasingly over the last year or two I have been seeing analogies both literally, and figuratively between the forces at play and I feel that all of it is directly affected by the comic book world of Batman. The analogies that I am making come from observing not only the actions of the parties but also the methods that they use (down to the imagery in word and graphical) to get that message out to the masses.
In the case of Anonymous and their spin off groups, I have observed a shift in personalities that could be termed an evolution in motivations and thought. Generally though, the game plan seems to be just a general way for the groups to sow anarchy while feeding their narcissistic needs through media attention. This is the crux of the issue I think as the core groups don’t seem to be solely motivated by ethical or political change. Instead, it all seems to be focused on a few drivers;
Equating this with the world of the Batman has been in the back of my mind for some time, especially since my dealings with Jester. His logo and his persona of the “joker” from the last Dark Knight film set the stage for me to start to think in this vein. A more recent video by the History Channel solidified all of this for me. The video, “Batman Unmasked: The Psychology of the Dark Knight” struck me as not only as being the zeitgeist of this article, but, also seemed to show a generation of comic book and movie goers that are internet denizens that want to emulate this last iteration of “The Joker” specifically.
The Heath Ledger portrayal of Joker seems to have been the catalyst to me, of many an internet anarchist. The media surrounding this being his last role as well as the way the character was re-written in this story arc, hit a common nerve with the masses. So much so, that seemingly, the Joker became the more emulated and lauded character in the story over its real hero, Batman. It is from this realisation that I derive the rest of the analogies made here. Of course these are gross generalities, but, I tend to think that given the recent activities (riots in the UK and flash mob thievery in the US as well as all the lulz) there is a strong correlation to be made.
First though, lets look at the Rogues Gallery that end up in Arkham Asylum…
Ra’s Al Ghul and The Shadow Assassins
Ra’s is a control freak. His agenda is to have order but his means to get that order mean subjugation of the masses and removal of anyone that does not conform to his sense of right and wrong. This order that he wishes to impose comes from his shadow assassins and their lethality without question.
The Riddler
The Riddler is a pure narcissistic criminal genius. His narcissism though, is usually his undoing as he cannot perpetrate any crime without leaving overt clues in an attention seeking pathology. It is this pathology, the need for the attention that drives him altogether and is his undoing.
The Penguin & The Joker or PenguiJoker
The Penguin (Societal and Governmental corruption) and The Joker (pure anarchy) are two rogues that have become one in this scenario. Within the world of Batman though, each attacks the order seeking to destroy it for their own ends. In the Penguin we have someone looking to corrupt the system. Meanwhile, the Joker, is pure anarchy diametrically opposed to the order (aka Batman) Joker’s need is fuelled by a nihilistic world view twisted with a good deal of insanity.
All of the Batman wannabes in hockey suits
Lastly, we have the Bat-men, the would be vigilante’s who want to be the Bat, but, don’t have the tools to really be of use. This character set was added from the last film (The Dark Knight) and I generally attribute to one player in the real world (if you call it that) version of Gotham Knights being played out on the internet. That individual(the afore mentioned jester) oddly enough aligns himself visually much of the time with “The Joker” but, he is more like the hockey suit wearing would be Batman.
Now that I have laid down the Batman’s Rogues Gallery, I will move on to the real world players and their motives aligned with my premise.
Anima & Animus:
According to Jung and even Freud, the darker side of the psyche can drive our actions solely by the shadow self. One can see hints of their theories in the actions of each of the groups we are talking about here. Even the subtle connections made from overt symbolism can be made through the icon of Antisec itself. As seen at the top of the page, the connections are there to be made between the characters of Penguin, Joker, and Riddler, even if the original core image came from another source altogether (V for Vendetta) I believe that the collective unconscious here latched on to the images of Riddler/Joker/Penguin and co-opten them, if they didn’t actually do so overtly and with forethought.
So, with all of this said, I will make the claim now that I believe the movements and the players have been created out of vainglorious motives and have not changed at all since taking on the mantle of ethical and political change through civil disobedience. To that end, here are the players aligned to their characters from the world of Gotham as well as their psychological underpinnings.
Anonymous: Ra’s Al Ghul and The Shadow Assassins
Anonymous started out as a group of people who inhabited the 4chan group but wanted to do something different for ‘entertainment’ This loose idea was co-opted when they began to commit civil disobedience for their own purposes either political or for the aforementioned entertainment value. Either way, their animus is wholly about the control which they can wield over others. This should never be forgotten, that the core of the group ethos has nothing to do with change or moral/ethical betterment. It is in fact all for their own enjoyment.
Lulzsec: The Riddler
Lulzsec came into being because they felt that the ethos and moral constructs of Anonymous were too weak and they wanted to escalate the ‘lulz’ for their own enjoyment. The take away here is that just being pranksters was not enough, instead they wanted to show everyone they were smarter than everyone else AND that they could do so and get away with it. All the while, they performed these acts in an exceedingly narcissistic way. A key player in this that has been caught would be Topiary. It seems that even in the face of prosecution he thumbs his nose at authorities as well as seems to be enjoying the limelight (philosophical book in hand for the cameras)
Antisec: The Penguin & The Joker or PenguiJoker
The love child of Anonymous and LulzSec are #Antisec. This agenda or perhaps subgroup (I tend to think there are cells of Antisec) has chosen a logo that decidedly shows the melding of at least two of the Batman Rogues Gallery (Joker and Penguin as you can see at the top of this article) This too follows into their attitudes about what they are doing and why they are doing it. They really have no rhyme or reason for what they do other than their own entertainment and attention. This is a classical narcissist behaviour and by all communiqués laid out by LulzSec, they fully enjoyed their ‘voyage’ in the lulz sea.
Antisec also has a Penguin side to them too. By using the system against itself (i.e. using the governments lack of network and system security) they poke them in the eye by subverting their own data to shame them. This is a lesser characteristic as I see it, but it is still important to note as well as point out the imagery (homage) to the Penguin in their logo whether it was overtly done or by proxy of some unconscious connection made by the designer.
th3j35t3r: All of the Batman wannabes in hockey suits
Finally, we have the jester. A character who wants to be the Batman, but fails to actually affect any kind of real change in the battle. For all of the attempts made, the efforts fall flat and to date, nothing has been attributed to him that substantially made a difference against the Anonymous/Lulzsec movement. I believe he does this as well as his other DDOS actions out of a self described sense of helplessness. Jester makes the claim that he had to do something as he saw his comrades dying at the hands of Jihadists. He made similar remarks about why he was attacking Anonymous, as they were outing data that could harm those in the field of battle.
Either way, his motivations seem to be tainted with a bit of narcissism as well, seeking the attention of the media as he has in the past makes him part and parcel to the overall problem.
Escalation:
And so it goes on… The Anon movement has begat others who have agenda’s of their own (or perhaps pathos is a better word) As the movements lose interest in the day to day grind of operations, they will increasingly seek to up the ante. As the media winds down on them, they will need to seek even bigger targets and outcomes to end up back on the top of the news, all the while feeding their collective need to be the centre of attention. The flip side of this will be that the authorities, unable to cope easily with the problem at hand, will create new and more stringent laws that will harm us all. Though this will not matter to the groups.. Because this is unimportant to their end goal of satisfying their needs. It will keep going round and round and the outcomes are likely not to be good. There will be a lot of collateral damage and in the end, no one will have profited at all from it all.
End Game:
So what is the end game here? Will there be any good outcome from this?
Not if it keeps going the way it has been. More indiscriminate hits against targets without showing anything for it along the lines of showing corruption or malfeasance will only lead to more knee jerk reactions by authorities. I imagine some will be caught and tried for their actions, others will escape and perhaps go on to other things… Overall though, it will not make a better world. It will only have fulfilled the dsires temporarily of the ones perpetrating the acts against.. Well anyone and everyone.. Until they get put into Arkham.
K.
Rate this:
Written by Krypt3ia
2011/08/19 at 17:36
Posted in .gov, A New Paradigm, Anonymous, AntiSec, Commentary, Dystopian Nightmares, FauxSec, Forensic Psych, Forensic Psychology, Infosec, Infowar, Insurgency, Jokey, Lulz, LulzSec, Night Watch, Profiling, Sociology