Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Espionage’ Category

Eugene and the DoD

leave a comment »

Da! Let me share you this blog on Eugene! Look, this whole kerfuffle over Eugene and the DoD has reached epic douchery in the news and now with the Putin administration threating “actions” against the US if they somehow embargo Eugene’s business. Well, let me first start with this little ditty below.. Go ahead, read it…

Ok done? Yeah, Eugene was in the KGB school and he worked for the GRU too according to the Wiki page here. What this means is that Eugene is a “former” made man of the KGB and Military Intelligence apparatus in Russia. He lived in the times when it was the Soviet Union and at the height of the times where the cold war was in a deep freeze. Fuck, just go watch The Amerikans and then come back… I will be waiting…

Ok watched them all have we? So now you know how it was to live in the 80’s huh? Well there you have it. Anyway, Eugene was a member of the organizations that have recently hacked us. What? You are saying it’s the FSB now and it isn’t the KGB?

Fuck you.

FSB is KGB with different letters at the front now ok? If you actually read up a bit you will see that Putin actually gave back the powers that the KGB had back in the day recently so once again they are functioning much like the old bad days as the KGB. Putin as well is an old school KGB man who has used all kinds of KGB fuckery to get where he is and stay there so once again, you say FSB, I say; Fuck. You.

Right, so now back to the present unpleasantness, it seems that Eugene is now offering a code evaluation by anyone who wants to (specifically the DoD) so pretty pretty please buy our shit? Look, it’s not about the code, we don’t necessarily think there are backdoor’s in the product now. No, what the worry is consists of that close snookums relationship Eugene had with the TWO entities that just hacked our election in 2016. Come on people, no one leaves the KGB and certainly NO ONE says NO to Putin right?

Imagine that Eugene’s software is clean as a whistle.

Now imagine that it is sitting on many USGOV and MIL systems.

Now imagine that all that telemetry from those systems is going to RUSSIA.

Then alternatively consider that with all those systems running Eugene’s product, how easy it would be to say, inject a malware or a protocol into all of it to do… “Things”

Think about that hacker kids.

Think about that you spies too.

You all see where I am going with this right? Now of course you could maybe do that with another vendor too but how much more work would it be to do that with Symantec? What I am saying is that Eugene lives in Russia, his assets are there, his LIFE is there and if Putin were to sidle up and say “do this thing” what choice would he have? JESUS FUCK PEOPLE! You know who the next randomly dead Russian would be right Eugene?

So, all this fuckery around the code and exploits etc… Stop. It’s really about access and what could happen in a place where we have seen pretty nakedly what Putin wants and does. So no, the DoD should not have Kaspersky products on their shit. I would be really surprised if they did given where it is made and managed… But then again, I think about all those SF86’s and China and… Fuck….

So there you have it. We are in another hot cold war with a Putichurian candidate in office. Do you really think we need the trifecta of Eugene’s access potential to be expanded to the military?

Yeah neither do I.

K.

Written by Krypt3ia

2017/07/03 at 16:38

Blowback

leave a comment »

Forty odd days into the new presidency and Putin is already telling his media minions to not talk about Trump anymore. The reason? Because Trump has become more unhinged and potentially uncontrolled by his possible handlers at the Kremlin is the going theory in the IC world. Personally I think that Putin is of two minds where this is concerned and this post will try to explain the possible blowback for him as well as the potential benefits of an unhinged president as well as maybe an impeachment. This gambit by Putin worked so well, too well, that perhaps the Kremlin and the ops guys (psyops/active measures/Gerasimov) could not have even gamed this out fully to have counter moves or plans on contingencies here.

The hacking of the DNC and all the active measures surrounding the 2016 election cycle from a strict operations standpoint was a thing of beauty to behold. Yes, it was carried out on us but as someone who appreciates a well planned out operation this one was pretty well done. The American populace was ripe for this and the political system was in a state where just a simple nudge with the right assets started the great Rube Goldberg device moving  and it culminated in Trump winning the election. I will not cover the problems with our voting systems here I have done so in another post(s) a while back but let’s just look at it from the higher levels of disinformation shall we? The ‘Fake News’ thing was a perfect storm for the under-educated Facebook minions out there and the very nature of social media was the teflon sprayed slug that deployed it all. From the churnalists and the disinfo operations out there the sway and the echo chambering that happened allowed for a critical mass of Trump support that would in the end eek out the electoral win. This is a real feat given that three million or so people voted for Clinton and the overall popular vote was easily hers. This was some math that I do not believe Putin and his intelligence community thought was a real possibility. I think they were as shocked by Trumps win as Trump was on the night of the election.

Trump did win however and at that time it was in Putin’s interest to cater to the man, play him with praise and friendship in order to curry that favor. The reciprocal praise and love by Trump throughout the candidacy and into the presidency has been odd as well and plays to the whole ‘kompromat’ story too. For this piece I am not going to stray too far into the kompromat theory at the Trump level (another day soon) but it has to be mentioned here that at the very least, there seemed to be a bromance between them for whatever reasons. Likely on both parts at the base of it, the idea that if they are friends they can do deals together which is what Trump had said on more than one occasion. This idea plays for me outside the kompromat thing because this is Trump after all (The Art of the Deal etc) but on Putin’s part it was a contingency plan. Putin’s goal was to cause as much fractiousness as possible in the elections and to unbalance the US as he perceived Clinton had in Russia and he succeeded.

Now that Clinton was out and Trump was in Putin likely thought that it would be smooth sailing, but, he should have had an psychological monograph or assessment on Trump before assuming so. It seems that they did not and have been compiling one as of February after the win and spiral since then. This is where the blowback starts as well as the possible wins for Putin. On the blowback side, an uncontrolled Trump could lead to actual crazy actions that would impede Putin’s goals. What if Trump decides to go all out and attempt to block his actions in Ukraine? What if Trump does an about face on NATO? What if Trump just goes off the deep end and starts wars with proxies of Russia that would complicate Putin’s plans of regional control and power? All of these things have to be taken into account post the administrations rocky, to say the least, fits and starts these forty days or so. Add to this all of the attention by the media and the populace, who are now asking for independent investigations into the ties between Trump and Russia pre election and you have heat. This heat is anathema to Putin’s goals here and thus it is blowback for him. He has been distancing himself from Trump and if sudden unexplained deaths of certain Russians is any indication, he has been cleaning up loose ends as well. But these things lead back to the kompromat, and I am saving that for later.

Anyway, let’s look at the upside to the Trump instability for Putin. Trump is a wild card and his consistent instability is causing push back here in the US that may lead to serious investigations on him, his minions, and all of their connections to Russian money as well as the whole Emoluments issue. There are law suits being formed and registered as well as the notion of an independent counsel for the Russia investigation has been gaining momentum. With all of this friction, the wheels of the US’ foreign policy has been slowed as well. Suffice to say that with all that is happening it would be easy to not be able to respond properly to actions taking place in the world nor there being a real outcry to respond to things because we have all been thrust into self introspection and a certain protectionism mentality. With this slack space to work, even with Trump being an unpredictable and uncontrolled asset of the Kremlin, Putin would have room to work on moving his agenda forward rather unhindered.

Once again, the ‘Wilderness of Mirrors‘ can lead one to inaction because you just cannot tell what is real anymore and who is telling the truth. With Trump and his outlandish tweets (say like accusing Obama of a “wire tapp”) on Trump tower it is hard to tell what he believes and what he is trying to maybe throw shade on to unbalance us all. Putin might seek to enhance this behavior as well as use it to his advantage as well. I would expect more disinformation (fake news) that may well end up in the president’s tweet stream and not just stuff about internal politics here in the US. The goal overall is to keep us unbalanced because an unbalanced nation is a nation trapped in amber and a nation weakened to inaction is exactly what Putin needs to succeed …Even with blowback.

K.

 

Written by Krypt3ia

2017/03/07 at 14:26

“Wilderness of Mirrors “

leave a comment »

screenshot-from-2017-03-06-07-40-31

With all of the crazed tweets over the weekend from 45 I thought it would be appropriate to acquaint my readers with the notion of the “Wilderness of Mirrors” as James Jesus Angleton put it. Angleton is famous for his paranoia and his actions during the time he was chief of counter intelligence at the CIA from 1954-1975. Today we are in an unprecedented time of national intrigue with our very nations political system at stake with the issues surrounding the hack of the DNC, the manipulation of the US election process, and now the allegations and insinuations that the Trump campaign may have colluded with Russia. All of these things now fall under the auspices of Counter Intelligence in that there are actors within our government that may be compromised and have either been witting or unwitting accomplices to a foreign powers manipulation of our national transition of power. What’s more, these same individuals may in fact be assets of that foreign power while they are in the power within the White House and elsewhere within the new administration.

Take a breath there and contemplate that statement.

We potentially have reached what I personally thought was only a movie plot line as a reality today. There are actual reasons to question whether or not the President of the US today may be a witting or unwitting asset of the Russian state. There may be reason to believe that the minions of the new President may also be assets of the Russian state, and to even make it worse we have seen a litany of lies and half truths given by these people and their dissembling has been caught by the Fourth Estate and held accountable for them. While there is no smoking gun yet, there is a lot to parse out with every mornings headlines in the Times and other papers of record but I would like to lift the curtain a little for you on the counterintel side for you. If you are gonna play this game at home  you need a primer on counter intelligence and the ‘Wilderness of Mirrors’

When Angleton made the comment on the wilderness of mirrors he was referring to his own deep paranoia and the nature of counter intel. You have spies upon spies that you must determine who they work for in reality. As the chief of counter intelligence it was Angleton’s job to assume that assets and agents within his own organization were in fact double agents or even triple agents. It was Angleton’s job to seek the truth of what his officers were telling him from intelligence reports and what their assets were saying in a time when the great game was at it’s highest point with the USSR. In essence, and this was his personality anyway, he had to assume at all times there was compromise within his organization and to determine who those assets that were doubles were and were working for in reality.

Now, in the current situation we are going through with 45 and the Russian efforts to destabilize the United States there is no internal mole hunt that we have heard about within the halls of the CIA but, there is a counter intelligence operation going on at least at the FBI concerning all the players we are hearing about in the news and likely other names we have not heard. The current players you know are;

  • Paul Manafort (Worked for Yanukovich/Had affairs/Money troubles/Access to slush funds)
  • Trump (No tax retturns/business with Russia/Love of Putin)
  • Jeff Sessions (Lied about meeting Russian Ambassador twice at least)
  • Michael Flynn (Lied about talking to Russian ambassador to Pence and everyone else)
  • Carter Page (Business with Russia and seems disposed to them)
  • Jared Kushner (Revelations of meeting with Russian ambassador with Sessions)
  • Roger Stone (May have handed over DNC emails to Wikileaks physically)
  • Un-named others TBD

There are likely more to be named as we go along but you get the gist. The people in the inner circle of the current presidents campaign and those he then added to his administration all seem to have had regular contact with the Russian government pre election and post. Not only are they talking to Russian emissaries but according to the IC, they are talking to Russian intelligence officers. This is not a good thing even if they were unwitting assets of the Russian intelligence apparatus. To lie about these contacts only makes the problem worse for the state and places more suspicion on them all, which leads to the wilderness of mirrors that the fourth estate is amplifying with the reporting (which they should be doing) on the leaks that are coming out of the IC. Leaks mind you to my mind, are a means to an end to get the word out because if they did not, the admin would attempt to bury them forever. To wit, we have agents of foreign powers and people within the admin who are all lying about their connections and discussions. This is a counter intelligence operation and a mole hunt potentially. Do we believe the people who have been sources of the Steele notes? Or do we think that maybe they are telling tales to muddy the waters even more? Since some of these people seem to be dying conveniently are they being killed off by Putin for talking and telling the truth or are they just being killed to muddy the waters some more?

This is how you have to approach this. No one is telling the truth and you have to discern what the truth of it all really is. Who do you believe?

We are in the wilderness of mirrors kids. Look at the news and try to parse out what is truth and what is fiction. It makes it even worse when there are factions out there like Alex Jones and the SVR that would like you to believe wild stories and disinformation campaigns set out to further their own agendas. All of this then, in a completely inconceivable twist today is re-tweeted by the president of this country who often does so as a diversion (one hopes) or actually believes these things (much worse for he may be mentally deranged) which unbalances us all. We are now all in Angleton’s shoes trying to determine what is truth today and this is one of the most destabilizing things happening today to the United States populace and government. I want you all to understand this as you watch or read the news with these revelations. Specifically now that we have reached peak crazy with Trump saying that the former President ordered a FISA warrant on himself and the campaign in 2016. There are many issues here to consider and if in fact the IC had intel that the candidate and his minions were in fact in touch with Russian intelligence ‘constantly’ then what actions would the IC and the president have at their command to take up to determine if this was in fact true?

The recent accusation by the current president may be complete lunacy and the product of his own reading or watching conspiracy sites, or, it may have some basis in fact. In that there may not have been a FISA warrant but instead foreign friendly intelligence agencies, monitoring not only Russia but by their outside mandate, the current president and his people’s conversations “might” have some telling information. Maybe they in fact got the conversations and there was no smoking gun but instead the conversations looked suspect and more digging was required. Perhaps then, some group like the FIVE EYES passed along this information and it is still being worked by the IC here in the US?

‘Wilderness of Mirrors” kids.

Ponder that.

K.

Written by Krypt3ia

2017/03/06 at 13:48

Active Measures

with 2 comments

191

I have been in a funk of late. Since the election I have been less and less inclined to write anything and when I have of late I have only seen it stolen by politico hacks and taken in directions that lean to the more salacious. Now as I sit here this last week seeing the headlines as leaks keep dripping out from the IC and elsewhere on the Putin/Money/Russia connections for several of Trumps inner circle I feel some perspective is in order. Many of the pundits and journalists are holding court on TV and on radio asking why Putin may have done all this and the answers have been been interesting and somewhat consistent. Those in the know, those who have lived in Russia or have studied the country and the leader have given a pretty good assessment of his mindset and his brand of nationalism. One of them today actually called Putin’s Russia “Neo Soviet” which I would agree with very much. He of course was relating that comment to the state media there and the propaganda control that Putin has over it as well as the methodology updates given to it.

I myself was there in Germany when the wall fell (got a piece here somewhere in the bat cave) and I had been to Russia briefly so I have a taste of what it was like then. I have also spent a lot of time reading the history of the era as well as having lived through it so all of this new “Cold War” talk makes me feel at home again and at the same time rather twitchy about the whole deal. Suffice to say though, the cold war never really ended with Putin’s ascension to power after Yeltsin, perestroika,  and Glastnost. Those who have not been paying attention, and those who fail to read about history need to open a book now and get a sense of what is playing out here today on the geopolitical sphere. This is an incredibly scary time with Trump in the White House and Bannon working the levers of power behind him. With that admonishment, I will ponder the angles here and maybe you all might get something out of it.

Assets and Useful Idiots

As the leaks keep coming out we are seeing more accusations of players within the Trump team of their having meetings with certain “intelligence” officials from Russia. That we have not heard names is vexing but here is another fun fact that will make it even more problematic. The salient fact is that many within the halls of power in the Putin kleptocracy also have intelligence backgrounds and this is something that Putin put into play himself by hiring on people that he could notionally trust or, more to the point, control. So when someone from Trumps team met with a Russian that they “thought” was just a business man or woman, may have in fact not only been a business person but also an asset for Putin and his services (GRU/SVR/FSB) So some of these people might be classified as “useful idiots” and by the vary nature of their so called communications or meetings, might have been unwitting assets for Putin’s Russia.

On the flip side of this there may be room for some of these players to have had “kompromat” used against them to make them more pliant to become an asset. This type of allegation has been made at least on Trump from the notes put together by Christopher Steele, the former MI6 case officer who has since gone underground after his notes were printed by Buzzfeed. Currently though, no one has come forth with a leak of intelligence saying that any of the six or so people around Trump (as of today) had been compromised by Russia. That is not to say that they haven’t been and one has to take this into account in trying to understand what may have played out with these contacts and meetings alleged to have been carried out as a means to an end.

Money: If these meetings took place the likely aegis behind this for many seems to be money in some way. Better relations with Russia, being in the inner circle of Trump should he win, would grant much more opportunity to make money right?

Access: Access to anyone within the inner circle of Trump would be something any country, person, or business would seek to curry right? In the case of the Russians desiring this access would be on the face of it the same. Additionally the access would also perhaps allow for chances of further access and kompromat too. This all would lead to the last point.

Control: Whether or not you have kompromat on the players and ultimately access to Trump (if there is no direct kompromat on him to start) then you are in a position to control your asset that is close to the president. Perhaps with this control you could seek means to affect policy, certainly with that conduit you would have a window into the inner workings of the highest office in the US so that is not bad too.

In all, these contacts with Russian case agents or assets of the Putin regime constitute a real problem for the US and as such they should be looked into fully to determine if there has been compromise to anyone near the president if not the president himself as some are claiming. Even had we not had all the hacking and active measures that we know happened in the run up to the election, I for one would be asking questions if my IC had information they were willing to commit to paper about connections between senior people in the campaign and Russian’s period. Now that all of this is coming out, it is kind of hard for me to countenance the Republicans resistance so far in calling for a fuller investigation of these reports. It seems partisan politics outweighs good conscience these days.

My final thoughts on the likelihood that there are Russian assets within the ranks of the inner circle at the White House is that on some levels these people, if they have been meeting with the Russians all this time, were talking about the campaign as well as what future state there would be regarding Russia and the US in a Trump administration. Whether or not there was kompromat or not, even at the lowest level the consciences of these people must have had the moral compass working enough to know that they were being used and or were part and party to manipulation. In as much as the players so far have been fired from the campaign before the election as well as lied to the VP and then tossed out (Flynn) concerning their connections to Russia and Russian assets of the intelligence community to me, kind of says a lot.

They know they were wrong. Enough to lie about it in order to hope to skate on this.

Were they plotting a soft coup of the US?

No. I don’t believe that really.

Where does that lead me? Well, that leads me to believe that there is room for investigation into this as well as room to question just how much connection Trump has to Russia as well. This plays to the whole money angle too. I am willing to bet he has a lot of Russian money and monies that came from intricate shell corporations that bespeak international players in the intelligence and crime worlds. Does this mean though that I think trump was a cutout Russian asset set to run for the White House?

No.

I just think that he was the quintessential “useful idiot” who had needs that Russia was willing to fill because they could use him. It was just added bonus that he had said he would run for office so many times over the years. This was a bid to hedge the Russian intelligence communities and Putin’s bets …And boy did it pay off. Though now that chicken is coming home to roost and Putin ain’t so happy anymore.

Goals

Right, so what were the goals with the active measures that Russia took against the election? Well, for that you have to look into how Putin thinks and boiled down, what Putin wants is to put Russia back into the seat of power it had both pre and during (a hybrid) the Soviet era. At the core Putin is a control freak and likes an ordered universe that he can control. So, when the Clinton’s were pissing him off by pushing the boundaries of Russia with NATO as well as what Putin saw as provocateur-ism in the Arab Spring and Maidan, well, he got pissed off. Ultimately then Putin sought to stop the momentum that the US may have fomented elsewhere in the world and would have continued doing had it not been for the new autocratic and nationalist notions that Trump has for the US in his administration. Though it is thought that Putin did not think Trump had a chance to win (someday we will have the conversation again about hacking the vote, but not now) it would have served Putin’s raison d’être to cause as much static and instability as he could in our system to benefit him.

The hacks on the DNC were just one level of play that we saw because it was blasted out by Wikileaks. The successions of leaks, trolls, fake news, and the like caused a firestorm within the political system and the country. It exacerbated the problems already in situ with Tea Parties and the like and opened it all up to a coup of a sort for the Alex Jones’ of the world. If Putin had had a real sense of the outcome I think he may have peddled back a bit on the active measures because now in Russia no one talks about Trump anymore… Per order of Putin. You see, Trump is no longer an asset anymore …He has become an unstable liability. This is what happens when you elect someone like Trump and now we have to live with it for at least 4 years barring some spectacular flame out and impeachment.

Anyway, back to the goals here. I personally agree with the sowing of doubt and static to cause malaise theory that has been put forth. I also think that Putin is shrewd enough to have contingencies in mind. So if Trump had won he would have someone in office that he knew he could easily goad and or control with social engineering. By this I mean that there may in fact be kompromat on Trump and both these guys know it. Trump, may have money deals in Russia he would like to hide (those pesky IRS files) as well as having some low level compromising video of golden showers. Maybe there is just video of him (real or maybe edited) to make it look like Trump had a good time with the worlds best low class hookers in St. Petersburg! I guess time will tell but all of these things together and or apart could make Trump more maleable to sway from Russia right? All in all, this was well played by Russia and worked I think beyond their expectations. Frankly I think it is now bordering on complete blowback because Trump is so inconsistent and reactive that were he cornered he might become a little too random for the order loving Putin.

There is a win though for Putin that he will continue to play out in other elections. All of the movements toward nationalism in the US and other countries will free him up to act and attempt to get his Tsarist/Soviet greatness back. He will continue to push the borders in Ukraine and other places until he has more control over them and in the end, expands Russia back to what it was. This is his aegis, his love, and his end all be all.

Control.

Money.

Lands.

Greatness in the eyes of his people.

Future State

So where is all this heading? Well, I think that Putin will continue his conquest and games unfettered while the US is in the hands of Trump. The inward looking nature of what Trump seems to be putting out there will allow for Putin to do his thing and if there is compromise on the part of this administration it will be used to profit Putin. If the IC and Justice cannot make a solid case that there was collusion on the part of Trumps minions, then the balls are all in Putin’s favor and he will use them to the max …Provided he can actually control Trump with some modicum. If however, the IC and Justice come up with the goods though, we are about to be in the middle of an ever bigger shit storm than Watergate and Nixon frankly.

Imagine the fallout should the goods be presented that Trump in fact did have kompromat on him and acted as an agent of Russia? Imagine if he is just found to have been played by Russia and his people around him were tools of that manipulation? Both scenarios lead to a Putin win in that Trump and the US will be in turmoil and encased in political amber. All of this bodes ill for the country and our politics. It really was just a matter of time though in my opinion, after all, we did have the notion back in the day with the Manchurian Candidate but this …Wow. My only hope is that the partisanship can be breached long enough to get at the truth … But I don’t have too much hope on that unless it is forced on them by the FBI.

in the meantime… smoke em if you got em kids. It’s gonna be a bad time.

K.

Written by Krypt3ia

2017/03/02 at 19:03

DNC Hack: The Flying Fickle Finger of Fate and Intelligence Analysis

leave a comment »

ikQnbyk

 

I had some Tweet conversations this morning that led me to a need to make yet another post on the DNC hack debacle. @Viss and @mr0x20wednesday both struck up a conversation after I posted a link to the NYT article on the consensus that is growing within the government that Russia carried out the hack. The consensus building is coming from assessment by the CIA while the FBI has initiated an investigation into the hack and the subsequent dump of data to Wikileaks and to the web via the wordpress account for Guccifer2.0. It is important to take note of the previous statement I make here about who is “assessing” and who is “investigating” and that is something people in the general population do not quite grok much of the time. The FBI attempts to prove things in court and the CIA generates analysis and assessment to help leaders make decisions. These are two different things and I want you all in INFOSEC to understand this when you start to have conversations about spooky things like the hack on the DNC and the subsequent possible propaganda, psyops, and disinformation campaigns that may ensue.

I recently wrote a more irreverent post while I was in a more Hunter S. Thompson state of mind concerning American politiks and the mess we are in, but the core idea that Russia carried off this hack and the actions after it still hold true for me. Many of you out there are reacting more like how I reacted when the Sony attack happened and once again I also find myself asking the same questions and having the same concerns over attribution versus solid evidence. There are many issues at play here though that you have to take into account when dealing with an action like the Sony or DNC hacks where information warfare or “cyber war” are concerned. Most of the considerations you have to make surround the classification of much of what you might get in the way of evidence to start with never mind about the circumspect nature of attribution that is being released to the media. At the end of the day my question to the FBI was “Show me proof” which is their job right? FBI is part of the DOJ and should be leading to charges right? Well, none were proffered by the Obama administration, some sanctions were laid on DPRK but no charges, unlike the wanted posters for the Chinese agents that the FBI laid out for hacks and thefts of data. There is a distinct difference here and that is evidence that can be presented in a court versus attribution and analysis by companies like FireEye and Crowdstrike. True, both those firms can prove certain things but primarily, as you all know out there, attribution is hard to prove so it really stops at analysis, more like the intelligence agencies content and mission.

So where does that leave us with regard to the DNC hack? Well, the attribution data presented first off may only be a portion of what Crowdstrike may have. Other portions may in fact have been classified or asked to be held back by the government (I’d say pretty likely here) and may some day be revealed. If the Sony hack is any indication though of this process, not so much. I am still unaware of any real conclusive evidence of Sony’s hack being DPRK but like I said, the US government sanctioned DPRK over it. It is not likely the government and the president would do so without some more solid evidence but one must consider “sources and methods” when dealing with international intrigue like this right? Don’t like that? Well, get used to it because you are going to see more and more of this as we move into the golden age of nation state hacking and covert action. There will be things you John Q. Public, will never know and will be classified for a good long time. Just take a stroll through the Spy Museum in the cyber war section and look at some of those code names. I bet you haven’t heard of some of them and at least one of them, some of us, were VERY surprised to see on that wall already.

But I digress…

At the end of the day though I have to go with previous experience, Occams Razor, and a sense of Cui Bono concerning the DNC hack/dump/manipulation. Some may argue that the GRU and KGB (yes, once again old agencies don’t die, they just change names 😉 ) would not be as sloppy as to leave the breadcrumbs that are being found by Crowdstrike and others. I would remind you to look at at the last big operation that we busted in the US by the KGB as well as the recent posting of selfies by a KGB graduating class as examples of “everyone fucks up” For that matter, shall we mention our own CIA’s debacle with the Pizza Hut? Every agency screws up and every hacker does too. Humans and human nature insure that things will get messed up, there are no perfect operations. In this case the assets involved likely had access to the DNC as well as the RNC but decided to use this data to influence the elections in a manner that they could get away with it easily. This is the nature of spying, politics, and geopolitics, take a look at the history of the CIA and dirty tricks in the politics of South America and then picture it if they were doing the same (hint, they are) today in the cyber age.

That’s right kids, there have been other dumps and hacks. Perhaps some of those too were the US? Think about it.

Russia and Putin have been gerrymandering elsewhere, money and influence operations have always been around. Now consider yourself to be Putin and you have an operation that gave you easily funnelled information to the likes of Julian Assange and Wikileaks! Even more enticing, the fact that you all know that attribution is hard to prove in hacking! What do you have to lose if you are Putin or anyone else? So, if you look at how this plays out, and what more may play out come October, who, what nation, would have the most to benefit if we actually had trump in office?

Think… The answer is ANYONE who would like to take America down a peg and have more possible influence on world politics.

If you look though at the rhetoric by Trump you can in fact see that the big dog in the room would be Putin though. Just think about it! How much more power and sway would Putin have if Trump were in office and dismembers NATO? Come on now kids, think about it. Ask yourselves “Cui Bono?” here. So stop the quibbling about the attribution and the finger pointing. Take the analysis by the CIA and others as well as the eventual data the FBI comes up with and start looking to how can we fix the problems here? There are so many problems though that I too get disheartened. The political system is broken, the information systems are not properly protected, and we run headlong into creating more weaponized code? It is enough to make a man drink.

Ooh good idea…

Dr. K.

Book Review: Among Enemies Counter Espionage for the Business Traveller

leave a comment »

51ToXwy3RPL._SX331_BO1,204,203,200_

 

It is not often that I find a book that I just want to read right away and put everything else in my busy reading schedule down for. In this instance I have to say that this book looked good right out of the gate for me so I put everything else on the back burner. At 150 pages give or take, it was a quick read yet quite informative on topics of espionage and counter-espionage tactics and techniques for the lay person. What really got me thinking though was that this book really could and should be a part of every companies security awareness program and not just for executives.

Of course with the prevalence of today’s electronic spying (by hacking or by outright hoovering of all data by nation states) one tends to think that old school HUMINT (Human Intelligence) is no longer as useful as it once was. This is not really the case though and I want you all to consider that as you think about your security programs or your personal security. Not everything has to be some technical HIDS/NIDS/AV/Firewall end run to get you into the network today and much of the time in today’s world you can see this at play with the simplest of attacks against end users with phishing and spear phishing. Truly the human element is the weakest and the most powerful at the same time when it comes to the success or failure of security machinations. In fact you will hear it often spoken as an aphorism of sorts but it is true that the “insider threat is the biggest threat” and it is literally true. This is where HUMINT is still useful in not only gaining access to a network let’s say, but also much more if you can leverage an asset into doing your bidding.

The book covers all the bases on how differing types of “collectors” aka spies both private and nation state can and will attempt to elicit, recruit, or blackmail the would be asset into working for them. Bencie also covers the issues of personal security around yourself and your technology that you carry (e.g. laptops, phones, tablets, etc) that are leveraged for theft and access as well. If a collector doesn’t need to recruit the target because the target left their laptop in their hotel room, on and logged in, well then no need right? Suffice to say that today we carry as much information and access on us as much as in our heads and this is what the industrial spy or nation state spy craves.

Now, one might at this point be asking one’s self “Well, what would anyone want from me? I mean, I am not that important, just a cog in my company that’s under appreciated, no one would send a spy after me.” … and you would be wrong to think this. Access is access and if a collector can get access to you and your technology (e.g.your network by hacking your laptop or phone) then they will. While there is a sniff test that a collector will make on people as they watch them, much of the math here is how vulnerable is the target and how easily could they be manipulated into what is needed to succeed. Bencie covers many scenarios that may seem like spy thriller pulp but take it from me, these things have happened and still do. In fact he uses real stories to back up the scenarios from the people that they really happened to. These are not just the things of spy thrillers and film and the general populace should be aware of this especially if they are on travel for work, more so if they are in a foreign country while doing so.

Finally though, as much as this book is something I am going to recommend to executives, I would also like to turn my eye inward to the community *cough* that I currently am in. That community is the information security community specifically. We INFOSEC people are probably the ones that I would consider to be some of the juiciest targets in today’s technical world where everything is network oriented. Whether you are a red team person or a blue team person, you all have information inside your heads and on your hard drives that the adversaries would love to have. As we are moving into the con season (Defcon and BlackHat to be specific) we all will descend on Las Vegas for serious convention learning and exchange of info… Oh who am I kidding? It’s a party festival of drunken debauchery and shenanigans right? If you have not considered just how many corporate or nation state collectors (spies) are also there looking at you dear con goer as a possible asset, then you just ain’t thinking straight!

I am hereby recommending that everyone going to these con’s read this book and take it to heart that YOU are a target at these two con’s if no other. Take heed of Bencie’s suggestions on controlling the drinking as well as what information you share with anyone. I also implore you to read and learn about the methods of elicitation that the spies use to get information from you when you may have no idea they are doing it. If you work in this field and you hold what we would consider secret information on the vulnerabilities of companies you have hacked in a red team event, or have been trying to remediate as a blue teamer, this book is important for you. But hey, Defcon is all a good time! Until you wake up in the desert with a note threatening to release the pictures of you to everyone unless you do what they say.

Just sayin…

Go buy this book. Read it. Live it.

All business is warfare so don’t be the next dead foot soldier.

K.

Written by Krypt3ia

2016/04/14 at 19:03

Posted in Espionage, Tradecraft, TSCM

Robin Sage Has Taught Us Nothing It Seems…

with one comment

Screenshot from 2014-07-08 09:28:52

Cutouts and LinkedIn

Recently I was sent an invite by the profile of “Emanuel Gomez” an alleged recruiter from Alaska asking to be added to my LinkedIn “friends” Some of you may have seen the event happen on LinkedIn as after I did a little due diligence OSINT it became clear that this account was a cutout for someone looking for entree to my list of connections using a rather obvious fake name and details. The first clue though was a quick search of the headshot used on Google image search which came up with the real person’s name and profile elsewhere. Once I got that hit it was all out OSINT time and here is what I found.

linkedinSE2Real user profile of unsuspecting Richard Velazquez

 

linkedinSE3

The culprit behind this fake LI account is one Leon Jaimes, a techie in Alaska via Colorado. Leon had used an email address in his profile that led me right to him as he posted under his real name at various bulletin boards and had a flickr account attached to the same address. Within his data on the image upload site he had many personal details as well as an old registration with pertinent personal data on it that he had photographed and placed on the web… Yeah.. Sigh…

 

 

Screenshot from 2014-07-08 09:58:18

I made short work of Leon and dug up a lot on him including an arrest record for being drunk and trespassing in someone’s house. All I have to say is Leon, buddy, like I said in the email I sent to you, your OPSEC sucks! Leon actually emailed me back asking where he had gone wrong and admitting to the profile which I did not answer… I mean really? I am going to teach you better OPSEC? Two words FUCK. NO.

I had meanwhile begun a thread on LinkedIn about the incident (pic at top started the string) to alert others as to the ongoing ruse. I had seen others within my circle who had fallen for this as well as others he seemed to be aiming at. At the time of my initially getting the email to add him he had 23 people as connections. By 10 am he had 50. People were just click happy and adding him to their connections without really taking a closer look at his profile. Mind you, these were people in INFOSEC as well as MIL and Fed types! I checked the profile as of this writing though and it is now gone from LI so there is at least that and more than a few people have looked at my post and commented. Yet, it still bothers me that so many fell for such a poorly constructed profile.

FAIL.

Social Animals With Cognitive Issues

Screenshot from 2014-07-08 09:41:30

So what have we learned since the big hullabaloo over Robin Sage? It would seem not much really. Why is this? Why have people generally not learned from the event Tommy sparked back a few years ago? Are we just not teaching people about SE and the perils of cutout accounts and espionage being carried out by state actors and others via venues like LinkedIn? I actually believe that there are many concomitant issues at play here and I recently spoke at BsidesCT about the cognitive issues around security.

We are creatures of habit with lazy minds it seems with biological impediments cognitively as well as generally, as a species have adapted to being social animals. It’s this very social aspect that is being leveraged so well today as always in the espionage world. It is just that today you can reach people much easier via the net and social media and harvest much more data extremely quickly. There are of course a host of social mores that I could go into but perhaps that’s for another day. What I would really like to say here though is that if you are on LinkedIn and you are not at least trying to vet those people trying to get you to add them then you are likely adding cutout accounts as well who are spying on you.

OPSEC Lessons Learned

So I guess many people may not care at all who they connect to on LinkedIn. Perhaps some of those people are in INFOSEC or the Defense base as well. Maybe those users really have nothing in their profiles to protect and do not consider their connections to be of worth to some adversary somewhere. Perhaps those same people are idiots and have not been paying attention to the news for the last, oh, let’s say 3 years? Maybe there is just a general lack of education on the whole within companies about social engineering, phishing, and today’s common attacks? Is there actually a study out there showing just how much education is going on at a corporate and nationwide scale?

Here are the salient simple facts for you all to chew on:

  • Everyone is a target and your information and your connections are important to an adversary looking to attack YOUR business.
  • Social Media sites like LinkedIn are a goldmine for this intelligence gathering. Not only of your connections but also your personal information that you may leak there or other places that when mined, can lead to a fuller picture of who you are, your habits, and your weaknesses.
  • Phishing and SPEAR-Phishing attacks start at this level with intelligence gathering on you and others in your circles. Plans are hatched leveraging who you know and who you work with to exploit yourself and others into clicking links or giving up intelligence to the adversary.
  • All of the above happens every day to millions of people and the reality is you are the only one who can try to prevent it by being more aware of these things.

I should think that there would be more moratoriums on the use of LinkedIn and other places tagging where you work to your profile. This is a real harvest festival and has been for some time and yet no one has made a move here. LinkedIn also is a part of the problem too. They seem to be doing pretty much nothing to invent means of vetting people to insure they are who they say they are. Look at the recent case of Newscaster and their use of not only LI but also Facebook and Twitter. They had numerous people from the Aerospace community connected to them on LinkedIn and this was an Iranian operation (note** Amateurish and likely not state sponsored or run**) but still… You get the picture right?

I will leave you with these questions;

  • What’s on your LinkedIn?
  • Who are you connected to?
  • What information is on your profile that could be used to tell what access you have, who you work for, who your friends are, what your preferences are etc…
  • What secrets do you have that I can exploit from your social media accounts?
  • What OPSEC precautions have you taken to protect your information?
  • Are you even aware of these things?

Think before you click ADD USER.

K.

 

Written by Krypt3ia

2014/07/08 at 14:41