Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Economic Armageddon’ Category

DEFCON PANEL: Whoever Fights Monsters: Confronting Aaron Barr, Anonymous, and Ourselves Round Up

with 2 comments

A week before this year’s DEFCON, I got a message that I was being considered to replace Aaron in the the “Confronting Aaron Barr” panel discussion. It was kind of a surprise in some ways, but seemed like a natural choice given my tet-e-tet with Anonymous, LulzSec, and even Mr. Barr. After coming to BlackHat and seeing the keynote from Cofer Black, it became apparent that this year, all of these conferences were about to see a change in the politics of the times with reference to the hacking/security community and the world of espionage and terrorism. Two things that I have been writing about for some time and actually seeing take place on the internet for more than a few years with APT attacks on Defense Base contractors and within Jihadist propaganda wars.

“This is a very delicate window into our future,” he told the hackers. “Cold war, global war on terrorism and now you have the code war — which is your war.”

Going into the planning for the panel discussion, I was informed that I was hoped to be the stand in for Aaron in that I too see the world as very grey. Many of my posts on the Lulz and Anonymous as well as the state of affairs online have been from the grey perspective. The fact is, the world is grey. There is no black and white. We all have varying shades of grey within our personalities and our actions are dictated by the levels to which our moral compasses allow. I would suggest that the example best and most used is that of torture. Torture, may or may not actually gain the torturer real intelligence data and it has been the flavor of the day since 9/11 and the advent of Jack Bauer on “24” face it, we all watched the show and we all did a fist pump when Jack tortured the key info out of the bad guy to save the day. The realities of the issue are much more grey (complex) and involve many motivations as well as emotions. The question always comes down to this though;

If you had a terrorist before you who planted a dirty nuke in your city, would you ask him nicely for the data? Give him a cookie and try to bond with him to get the information?

Or, would you start using sharp implements to get him to talk in a more expedient fashion?

We all know in our darkest hearts that had we families and friends in that city we would most likely let things get bloody. Having once decided this, we would have to rationalize for ourselves what we are doing and the mental calculus would have to be played out in the equation of “The good of the one over the good of the many” If you are a person who could not perform the acts of torture, then you would have to alternatively resolve yourself to the fates as you forever on will likely be saying “I could have done something” Just as well, if you do torture the terrorist and you get nothing, you will also likely be saying “What more could I have done? I failed them all” should the bomb go off and mass casualties ensue.

I see both options as viable, but it depends on the person and their willingness to either be black and white or grey.

Within the security community, we now face a paradigm shift that has been coming for some time, but only recently has exploded onto the collective conscious. We are the new front line on the 5th battlespace. Terrorists, Spies, Nation States, Individuals, Corporations, and now ‘collectives’ are all now waging war online. This Black Hat and Defcon have played out in the shadow of Stuxnet, a worm that showed the potential for cyber warfare to break into the real world and cause kinetic attacks with large repurcussions physically and politically. Cofer Black made direct mention of this and there were two specific talks on SCADA (one being on the SYSTEM7’s that Iran’s attack was predicated on) so we all ‘know’ that this is a new and important change. It used to be all about the data, now its all about the data AND the potential for catastrophic consequences if the grid, or a gas pipeline are blown up or taken down.

We all will have choices to make and trials to overcome… Cofer was right.

“May you live in interesting times” the Chinese say…

Then we have the likes of Anonymous, Wikileaks, and the infamous ‘LulzSec’ Called a ‘Collective’ by themselves and others, it is alleged to be a loose afiliation of individuals seeking to effect change (or maybe just sew chaos) through online shenannigans. Theirs and now their love child ‘LulzSec’ ideas on moral codes and ethics really strike me more in line with what “The Plague” said in “Hackers” than anything else;

“The Plague: You wanted to know who I am, Zero Cool? Well, let me explain the New World Order. Governments and corporations need people like you and me. We are Samurai… the Keyboard Cowboys… and all those other people who have no idea what’s going on are the cattle… Moooo.”

Frankly, the more I hear out of Anonymous’ mouthpieces as well as Lulzs’ I think they just all got together one night after drinking heavily, taking E, and watching “Hackers” over and over and over again and I feel like Curtis exclaiming the following;

Curtis: If it isn’t Leopard Boy and the Decepticons.”

So, imagine my surprise to be involved in the panel and playing the grey hat so to speak. The panel went well and the Anon’s kept mostly quiet until the question and answer after, but once they got their mouths open it was a deluge. For those of you who did not see the panel discussion you can find the reporting below. My take on things though boils down to the following bulletized points:

  1. Anons and Lulz need to get better game on if they indeed do believe in making change happen. No more BS quick hits on low hanging fruit.
  2. Targets need recon and intelligence gathered has to be vetted before dumping
  3. Your structure (no matter how many times you cry you don’t have one) can be broken so take care in carrying out your actions and SECOPS
  4. Insiders have the best data… Maybe you should be more like Wikileaks or maybe an arm of them.
  5. Don’t be dicks! Dumping data that can get people killed (i.e. police) serves no purpose. Even Julian finally saw through is own ego enough on that one
  6. If you keep going the way you have been, you will see more arrests and more knee jerk reactions from the governments making all our lives more difficult
  7. Grow up
  8. The governments are going to be using the full weight of the law as well as their intelligence infrastructure to get you. Aaron was just one guy making assertions that he may or may not have been able to follow through on. The ideas are sound, the implementation was flawed. Pay attention.
  9. If you don’t do your homework and you FUBAR something and it all goes kinetically sideways, you are in some deep shit.
  10. You can now be blamed as well as used by state run entities for their own ends… Expect it. I believe it has already happened to you and no matter how many times you claim you didn’t do something it won’t matter any more. See, all that alleged security you have in anonymous-ness cuts both ways…
  11. Failure to pay attention will only result in fail.

There you have it, the short and sweet. I am sure there are a majority of you anonytards out there who might not comprehend what I am saying or care.. But, don’t cry later on when you are being oppressed because I warned you.

K.

http://www.darkreading.com/security/attacks-breaches/231300360/building-a-better-anonymous.html

http://www.pcworld.idg.com.au/article/396320/three_tips_better_anonymous

http://www.wired.com/threatlevel/2011/08/defcon-anonymous-panel/

http://venturebeat.com/2011/08/06/defcon-panel-anonymous-is-here-lulzsec-is-here-theyre-everywhere/

Operation: NIGHT DRAGON Nothing New, but It Bears Some Repeating

with one comment

Night Dragon Chinese hackers go after energy firms

Latest revelations from McAfee highlight large scale covert attacks emanating from the region
Phil Muncaster, V3.co.uk 10 Feb 2011

Just over a year after the Operation Aurora Chinese hacking revelations shook the world, security vendor McAfee has uncovered another large-scale, covert and targeted attack likely to have originated in the region, dubbed Night Dragon.

Dating possibly as far back as four years ago, Night Dragon attacks are aimed specifically at global oil, energy and petrochemical companies with the aim of harvesting intelligence on new opportunities and sensitive operational data which would give a competitive advantage to another party.

The attacks use methodical but far from sophisticated hacking techniques, according to McAfee’s European director of security strategy, Greg Day.

First the hackers compromise extranet web servers using a common SQL injection attack, allowing remote command execution.

Commonly available hacking tools are then uploaded to the compromised web servers, allowing access to the intranet and therefore sensitive desktop and internal servers.

Password cracking tools then allow the hackers to access further desktops and servers, while disabling Internet Explorer proxy settings allows direct communication from infected machines to the internet, said McAfee.

The hackers then use the specific Remote Access Trojan or Remote Administration Tool (RAT) program to browse through email archives and other sensitive documents on various desktops, specifically targeting executives.

Night Dragon hackers also tried spear phishing techniques on mobile worker laptops and compromising corporate VPN accounts in order to get past the corporate firewall and conduct reconnaissance of specific computers.

Although there is no clear evidence that the attacks were carried out by the state, individuals or corporations, there are clear links to China, said McAfee.

For example, it was from several locations in China that individuals ” leveraged command-and-control servers on purchased hosted services in the US and compromised servers in the Netherlands”, said the security vendor in a white paper entitled Global Energy Cyberattacks: Night Dragon (PDF).

In addition, many of the tools used in the attacks, such as WebShell and ASPXSpy, are commonplace on Chinese hacker sites, while the RAT malware was found to communicate to its operator only during the nine to five working hours of Chinese local time.

McAfee said that researchers had seen evidence of Night Dragon attacks going back at least two years.

“Why is it only now coming to light? Well, the environments and security controls these days are so complex it is very easy for them to slip under the radar of visibility,” Day explained.

“Only really in the last few weeks have we been able to get enough intelligence together to join the dots up, so our goal now is to make the public aware.”

Day advised any company which suspects it may have been targeted to go back and look through anti-virus and network traffic logs to see whether systems have been compromised.

Low level day-to-day problems can often be tell-tale signs of a larger, more concerted attack, he added.

William Beer, a director in PricewaterhouseCooper’s OneSecurity practice argued that the revelations show that traditional defences just don’t work.

“The cost to oil, gas and petrochemical companies of this size could be huge, but important lessons can be learned to fend off further attacks,” he added.

“More investment and focus, as well as support and awareness of the security function, is required from business leaders. Across companies of any size and industry, investment in security measures pays for itself many times over.”

Lately there has been a bit of a hullabaloo about Night Dragon. Frankly, coming from where I do having been in the defense contracting sector, this is nothing new at all. In fact, this is just a logical progression in the “Thousand Grains of Sand” approach that the Chinese have regarding espionage, including the industrial variety. They are patient and they are persistent which makes their operations all the more successful against us.

The article above also has a pdf file from Mcaffee that is a watered down explanation of the modus operandi as well as unfortunately, comes off as a sales document for their AV products. Aside from this, the article and pdf make a few interesting points that are not really expanded upon.

1) The attacks are using the hacked systems/networks own admin access means to exfiltrate the data and escalate access into the core network. This has effectively bypassed the AV and other means of detection that might put a stop to a hack via malware.

2)  The data that the Chinese have exfiltrated was not elaborated on. Much of the data concerns future gas/oil discovery. This gives the Chinese a leg up on how to manipulate the markets as well as get their own foot in the door in places where new sources of energy are being mined for.

All in all, a pretty standard operation for the Chinese. The use of the low tek hacking to evade the tripwire of AV is rather clever, but then again many of us in the industry really don’t feel that AV is worth the coding cycles put into it. Nothing too special here really. Mostly though, this gives more insight into a couple of things;

1) The APT wasn’t just a Google thing

2) Energy is a top of the list thing, and given the state of affairs today with the Middle East and the domino effect going on with regime change, we should pay more attention.

Now, let me give you a hint at who is next… Can you say wheat? Yep, take a look at this last year’s wheat issues.. Wouldn’t be surprised if some of the larger combines didn’t have the same discoveries of malware and exfiltration going on.

K

The SKYNET of Wall Street… How About CyberWar by Russia or Joe the Hacker?

leave a comment »

Given the recent events with the stock markets sudden and sharp dip, many people have been pondering whether or not there was some computer trickery involved. One might even dare to say “hack” or, unfortunately, the moniker of “CyberWar” has been thrown out there about the incident.

From what I have heard on the news, the systems just seemed to go off on their own, the words used were “took off” and there were even references in the news to “Skynet” Oh my… Now that is scary, these people are looking at this as the next SkyNet out to whack us with giant Schwarzenegger’s!  I think though, that the reality lies more along the lines of perhaps a test. Perhaps a pre-test to something more akin to the cyberwar scenarios.

What’s bothering me though is the eerie silence on the part of the government, the police/feds, and Wall Street itself on this. Of course I am sure they would all love to minimize any fears that the public may have here because surely, if the word went out that this was an attack or a hack, then the market would crash further and for longer than it did last week. People would just not have any faith in the system and there would be the equivalent of a bank run on Wall Street.

So the news media and the talking heads tried to pawn this off to a “fat finger” trade, but then, as time went on, it came to light that it couldn’t be that. So, what was it then? Are they investigating? Are there Secret Service folks on site performing forensics on digital assets?

Like I said.. “eerie silence”

This all got me thinking about the potential for a hack on the NYSE and the stock markets in general. My first task as any good security specialist was to footprint the target. So, I went to “The Google” and did some foot printing at www.nyse.com what I found rather flabbergasted me. If you look in the right way, you can gather a LOT of intel on the network makeup, protocols, processes, clients, and vendors for the stock market. All of this just coming from one domain mind you…

I was able to not only obtain documents marked “CONFIDENTIAL” but those same documents described networks, processes for DR, Backup, and daily operations. I was also able to get manuals on their systems that interface to make trades from both inside and from outside of the exchange. Some of these documents actually described actions that the network operations folks are yet to actually carry out for 2010.

Oh yes, our theoretical money on Wall Street is safe… Not.

In one case, I actually was able to gather IP addresses for failover in NJ and Chicago as well as when they were planning on running a failover test. So, yeah, these documents are all, as a whole, a hell of a start to begin planning for an attack on the monetary engine of our country. Many of these documents I assume have just been put in the wrong directories on the web facing servers even with the markings on them, but, really, c’mon guys where’s your OPSEC?

Even better, the uber document with much data on how the systems work and includes network diagrams goes further to show you cabinet details in collocation areas as well as has actual blueprints to the trading floor in NYC.

DOH!

So, perhaps there is a reason for the quiet huh? Imagine the panic that would ensue if indeed the market was attacked by someone with a computer and a set of pdf’s on how to operate trading software? Imagine the fear right now to those of you in the security field who are about to learn that in one case, a system used to trade carries out its actions on a TELNET session over the internet…

No… Really… I saw it. Perhaps they have a VPN or maybe I misread it but….

Check whether you can telnet://XXX.XXX.XXX.224:1723. If not, try to telnet://XXX.XXX.XXX.224:1838. If you can reach 1838 but not 1723, you must create a new line in the [TALIPC] section of the TAL.INI. The line reads: UseNewPort=

Oh yeah.. there you have it… Needless to say, I stopped there. Google had given me enough to really mount a plan…

Its time to start hiding your money in mattresses folks… Or maybe just buy all the gold jewelery you can and head to “Good ol’ Tom” when the shit hits the fan. So Wall Street, What’s the story here?

K

Losing the War with Japan… Or was it Losing The War With China…Maybe Ourselves…

leave a comment »

A keiretsu (系列?, lit. system, series, grouping of enterprises, order of succession) is a set of companies with interlocking business relationships and shareholdings. It is a type of business group.

Recently, I came across an old episode of PBS’ Frontline that was titled “Losing The War With Japan” (click link to see it on YouTube) In this 1991 report we see how the country was concerned with the rise of Japanese business and their “unfair” practices of Keiretsu and Zaibatsu. Of course the report calls it “Predatory Capitalism” but I would just say that they were being smart. I guess one man’s smart is another losers 1-800-WAAA, but we are a country of laws are we not? So sure, I can see my way clear on some of the charges in unfair practices. However, now that nearly twenty years have passed what have we learned?

Obviously not much…

Lets run down whats happened since the Frontline piece.

1) Japan took over the car market and the US Auto industry learned nothing. They remained bloated and making poorly thought out, bloated, gas guzzlers and are now in bankruptcy or near to it.

2) Japan got too close to America and took on too many of her ways. Soon there was a meltdown in their economy and a slew of admissions of malfeasance by corporate entities.

3) America had a boom and bust over “internet stocks” basically vaporware Greed was indeed good and the Ivan Boesky set began to plan for even bigger schemes that would come to roost in our current “credit default swaps” fiasco and near depression. The net effect, we began to not make anything here except maybe “intellectual capital” that is currently being stolen and reverse engineered in China.

4) America began the great outsourcing of all the things we no longer “make” in order to have better bottom lines on balance sheets from cheaper labor in third world countries.

5) China buys great quantities of our debt.. They now effectively “own” us.

6) The “Great Recession” comes post 3 front wars for many years and an abdication of any kind of regulation on business, banking, stocks, etc. Even though, we were warned that the big banks were playing fast and loose with our money and selling us magic beans.

7) Now China looms as a new kind of super power that deems to attack us on cyber and economic fronts in order to become the pre-eminent super power. Basically, they have us by the short and curlies economically as well as technically (e.g. cyber warfare)

So, how did we not learn from history? How is it that this country just went on its merry way and learned not one thing from its near miss with Japan? Did greed and self absorption just blind us to it all?

In a word.. Yes.

We have failed ourselves by not paying attention and our government has failed us for not being able to comprehend what was going on. We elected the morons in office and they let go of the tiller that controlled the business world’s ethical rudder. Of course, we the people didn’t help either as we were rolling in the new money that was rolling in from tech stocks, or ponzi schemes that had been all the rage.

There’s a line from “Rising Sun” that always struck me as true and now that I look back it is absolutely so.

John Connor: We’re playing that most American of games.
Web Smith: Which is what?
John Connor: Catch-up.

Lets face it, we are playing catch up because we have been too intellectually incurious to see what has been happening all these years. Can we catch up now I wonder? Or will we continue down the same path of blind faith in the system and personal greed?

Of course one would have to also hope that the “system” i.e. our government would not let themselves be led down the primrose path again like they have with all of this credit default swaps and “too big to fail” banks falderall… I hold out little hope.

Take as look at the Frontline stories and ponder…

CoB