Archive for the ‘FBI’ Category
Ryan S. Lin: Cyber Stalking, VPN’s and Digital Forensics
October 6, 2017 Sketch by Jane Flavell Collins
A minion of mine was tasked with choosing a new story about INFOSEC this week to talk about in our weekly threat intel calls and chose a story about a cyber stalker who was in the news this month. Ryan S. Lin, a graduate of RPI, has been charged with numerous counts that involve everything from cyber stalking, to child pornography, to wire fraud. Lin plead guilty on October 6th and the story featured the affidavit by the FBI special agent who worked the case. This is a long and twisted tale of stalking a former roommate online that spiraled out to numerous people around that target individual as well. The psychological damage to the parties involved must be pretty bad and the whole affair is quite messed up, but, I wanted to share this all with you in the INFOSEC field because of the work the FBI and local PD in Waltham, Newton, and other areas that these events took place in. I also wanted to cover some of the OPSEC and psychology as well concerning this case and the old school detective work done by the FBI.
Ryan Lin, the stalker in this case, seems to have been a mentally disturbed individual showing signs of that instability going all the way back to his high school years in Connecticut. His abuse of people online and off seems to stem mostly from his inability to form real relationships with people and likely has some sort of personality disorder. However, this is no excuse for his actions and as yet I have yet to hear that in his intake into prison has there been any kind of psychological evaluation of him. If indeed he does not have some mental disorders, then we can just chalk his actions from his teens on in this regard as just a malignant personality with a bent on what seems to border on “incel” behavior.
In the case that brought him to court he was charged with cyber stalking and what that consisted of is the following;
- He accessed his female roommates Macbook and her Google drive
- He began a campaign of abuse online that included
- Impersonation of the roommate sending lewd and threatening texts to family, friends, and coworkers
- Creating multiple persona’s online to directly harass the roommate
- Sending child pornography
- Sending threatening texts (rape, gangbang, death threats)
- Sending threatening texts (bomb threats) as the target roommate)
- Sending messages alleging as the roommate that she killed people’s pets
- Wire fraud accessing the roommate’s bank accounts and transferring funds
Lin used the usual means to try to cover his trail online in that he used TOR, VPN services, and anonymous text services as well as cutout accounts online created using all these tools. All of these efforts though only delayed his discovery as the assailant because in the end, his actions directly led the FBI to him outside of the technological means of covering up his tracks. It is quite clear when you read the affidavit by the special agent involved in the case, that Lin, for all his security measures, was incapable of being sagacious enough to leave real doubt that he was in fact the attacker.
- Lin used the roommates diary, which was on the google drive accessible from her unsecured laptop to send direct commentary AS HIMSELF citing the diary which she had not shared with anyone
- Lin was incapable of acting out about this roommate and seemed fixated on her while in the house they shared
- Lin’s actions started once she refused to sell him pot after the first time she did ended up with him accosting her in her room at 3am out of his mind from drugs
- Lin was incapable of separating his dual lives/actions online where he had dialog about the very same VPN services he used to carry out the attacks as well as taunt slyly about the ongoing spate of bomb threats ongoing in Waltham and Newton where he lived
It is my belief that Lin, a student of RPI and a computer programmer was mentally impaired enough to be unable to separate these activities from the rest of his online and offline life in a manner that befits what is called in criminal profiling as “A disorganized personality” which led to his downfall. Overall, the problems of OPSEC today that we in the community often talk about with regard to online actors can be clearly seen failing in this case. I have said many times in my blog and elsewhere that OPSEC always will fail because of human nature and in some cases that human nature (or un-diagnosed mental illness) will eventually give you up to the dogged investigator.
In the Lin case, it is important to note that it wasn’t JUST the evidence collection of IP addresses that led to Lin in the end but instead it was good old fashioned gumshoe interviews and forensics that did. When the FBI went to Lin’s employer after it became clear just from circumstantial evidence that he was a prime suspect they learned that he had just been let go. It seems that Lin had been acting strangely at work as well and when he was let go, he asked if he could log out of “personal accounts” on the laptop. The company declined that and then turned over the laptop to IT for re-image.
Now I know what you are thinking… It got re-imaged and game over right?
Nope.
The FBI was able to get the laptop either by warrant, or I think more likely, was just handed over after being asked by the employer. The laptop had indeed been re-imaged but FBI forensics was able to pull incriminating evidence from the slack space even afterwards. What they found was a number of data points that showed Lin had been using the corporate asset for his attacks on the roommate.
- VPN software and traffic
- Browser cache data
- Logins/software for the anonymous texting service used in the threats (bomb threats too)
It was this evidence that was key that led the FBI to marry up this information along with his online posts on Twitter and Facebook as well as the VPN logs that led to his arrest. See kids, if you use a VPN there is a high chance that your raw IP is going to be logged to your VPN pool address for the times you were online and used as evidence. Many Anon’s seemed to have learned that lesson but I guess everyone has yet to catch up. Lin, a computer science grad from RPI thought he could hide his traces but even he was wrong.
Take heed those who want to do bad things because eventually you will screw up and you will be caught.
I suggest you all read the affidavit for more detail.
In closing I just wanted to share this with you all as a lessons learned and as an appreciation of the world of digital forensics. As someone who does forensics as part of my daily job, I have to tell you all it is one of the more interesting parts of my day. I do love uncovering evidence and creating narratives that lead to wrongdoers getting their come-uppins as they say. I also wanted to once again point out that there are many avenues to investigation that even someone as a digital forensics practitioner, can employ in their day to day. Consider the psychology of the actor and their patterns of behavior. Often times I have a portion of my mind that is working that angle as I work on a forensic image in cases.
What actions would this person take given what I have seen so far?
What are the motives?
How would I do things were I them?
All questions that should be asked when performing work like this. It may lead you to some answers that you can back up with forensic evidence. All of this plays out as well with Threat Intelligence as well and intelligence analysis. Look at the larger picture kids, just don’t get buried in the bits and bytes.
K.
ASSESSMENT: Industrial & Nation State Espionage
Espionage & Industrial Espionage:
This case has been spinning up in the news since it hit the net yesterday but this post begs the questions over nation state espionage versus opportunistic theft of data to sell. Clearly this case has yet to be fleshed out completely by the FBI and others but it seems at the first blush though, that this guy decided to steal information with a motive of selling or trading it for money or other forms of remuneration. In either case though, this is a form of both industrial and nation state espionage by the mere fact that the end location of the data was going to be Iran, a nation state that currently is on many lists for boycott. The major issue here that has yet to be worked out though in this particular case is whether or not Mr. Khazaee in fact hand a MISRI handler or not.
Motivations:
When looking at espionage of any kind one has to look at the motivations of the players involved to understand how to classify it. In this case as I said above we do not have a lot of data on the actions of Khazaee save for that he worked for Pratt for a certain number of years and that he was recently laid off by them in August. Here though are the important questions I am asking in light of this arrest:
- Was Khazaee motvated by need for money? (he filed for bankruptcy)
- Was Khazaee stealing as revenge for being laid off? As I remember this round I think they knew they were going to be at a certain date.
- Was Khazaee acting out of an allegiance to Iran?
- Was Khazaee working for SAVAK at all?
- Was Khazaee working for SAVAK for fear of his family still in Iran?
All of these questions being answered will give a good idea of how long he had in fact been taking the documents from Pratt as well as lend an understanding of why exactly he did it. All of these scenarios are possibly reasons that in fact caused Mr. Khazaee to perpetrate the crime. I will say though, that given the circumstances around his history and the slips in OPSEC here that led to his capture (as serendipitous as they may seem) I am thinking that this was more an opportunistic crime than anything else.
ASSESSMENT of Pratt & Whitney Case:
My overall assessment given the information we have to date is the following:
- Khazaee was more than likely acting alone hoping that he could exfil the data to Iran and gain money/job in Iran
- I don’t think Khazaee had a handler here in the US just from the failure of the plan due to his not really hiding the documents very well
- I think notionally he had contacted people in Iran to say he had documents and that he’d like to deal
- Khazaee had MANY signs of being recruit-able and if he was it was missed completely by US security (Pratt/DOD) with regard to clearances
- IF this data was taken from the NON DOD/ITAR areas of the company then there is an access/classification issue on the data
- Physical security needs to start inspecting all bags, boxes, etc at the facilities
- Why didn’t Khazaee take the data electronically on a stick? (mitigation’s are in place)
Overall I am interested in seeing where this all leads. It is not like the Chinese already haven’t stolen the JSF lock stock and barrel basically from hacks in the past (Lockheed) but I guess if Iran had a hand in Khazaee’s actions at the start then they did not want to pay China for it. My sense of this though is that Khazaee not only fell into poor credit and financial ruin but also may have had negative feelings for UTC/Pratt with his being laid off as well and that motivated him to attempt to make some easy money. I seriously doubt from everything I have seen online so far concerning Mr. Khazaee’s personal life that he was a patriot to Iran to start. As time goes by I am sure we will have more revelations in the news cycle to chew on.
I will say though, with this being the second incident of late for Pratt regarding escapes of data like this that they will be in the hot seat a bit with the government….
K.
Handwringing, Moralizing, Anonymous, Paedophilia, and Digital Vigilantism
Preamble:
I recently posted about the Hidden Wiki and its prevalence in hosting paedophilia content. This post may or may not have left an impression on some of the anonymous collective to take action and perhaps sow good will for their group by hacking into the “Lolita City” site within the DarkNet and releasing thousands of users email addresses and personal data (such as it is on such a site) for the Internet to feast upon. The Anon’s are doing this for their own reasons, but the upshot of it all is that they are causing the paedophiles pain in making it hard for them to get their content as well as potentially outing them online as purveyors and consumers of this wretched content.
Since my post applauding them and giving them some direction as to how to become more of an intelligence gathering apparatus for the LEO community, some in the infosec world have come forward and voiced concerns about this line of thought. All of the talk about the morals, legalities, and philosophical aspects of Anonymous undertaking such actions has gotten me thinking quite a bit.It all raises some interesting questions and philosophical challenges.
Anonymous and Digital Vigilantism:
What I think that most people with reservations about Anonymous taking up such operations as the DarkNet op have are that these people are for the most part kids without training and without any kind of oversight. Oversight in that they could get too big for their britches (one could say that many already have) and think that they are invulnerable to attack never mind the respective laws of our society. That said, it would seem that Anonymous, Antisec, and LulzSec have already decided to take up the mantle of vigilante’s already. However, the targets have been, for the most part, varied parties that could be seen as hapless victims or as malefactors, it all depends on the point of view really.
In the case of Scientology, well, aside from religious freedoms (trust me, they are not a religion) generally the Scientologists have been pretty much seen as getting what they deserved. Today though, years later, Anonymous has begun to take on the governments of the world as well as the likes of Paedophiles online. Once again, generally, people see what they want to concerning whether governments are good or bad. Paedophiles though, pretty much are outlawed universally. So, when Anonymous decided to attack, I could not fault them one bit. However, I could perhaps fault their methods.. Only in that they were bound to only let the paedo’s get away in the end.
I have said it before and I will say it again.. “One man’s freedom fighter is another man’s terrorist” It all depends upon your perspective really. While I do not think all of their targets have been chosen wisely, I cannot fault the true believers out th4ere that they are doing something out of conscience and good. This is not to say that a certain element of the movement is in fact just in it for the lulz (i.e. Antisec and LulzSec) There certainly are factions at play who just want to see the world burn as well as garner themselves digital street cred.
Overall though, the term Vigilante denotes a person or persons (committee’s) who dole out justice summarily when the law is seen as ineffective by them. In this case, the Anon’s have taken up the mantle of vigilante in order to rid the DarkNet of paedophile content because law enforcement seems unable to effectively. Now this is also the crux of the issue in another way, as the police generally are not allowed to hack into sites and dump the dirt so to speak.. The Anon’s are unhindered here. Just as they have felt the same way about other operations where they have denied service to corporations (likening it to a digital sit in) they have crossed the line of the law, but, their methods and motivations are free of it… Until they get caught that is.
The essence of the thing is this.. “Don’t do the crime unless you can do the time” If they believe in it strongly and act upon it, then they must accept the risks of being caught and incarcerated. So far, much of the motivation I have seen by a good deal of anon’s has been motivated by convictions and beliefs. All others have been for Lulz, which is what made LulzSec even more of a problem as they just did not care. The current Antisec movement that LulzSec begat also seems to lack the conviction of their beliefs and seems more driven by ego than anything else by their writings.
And this is the difference between the chaotic Joker like actors and the Batman types.
Anonymous vs. PLA, vs. Patriot Hackers:
Pulling back a bit now, I would like to look at the macroscopic view of Vigilante behaviour versus nation state sanctioned or perhaps, a better word for it would be “condoned” actions and groups. I have written in the past about groups like the Honker Union in China as well as the colourful character known as th3j35t3r. both of these entities have had an effect on the collective consciousness concerning digital vigilante justice and I think it important that they form the contextual base for Anonymous’ actions in Operation DarkNet.
First off, ALL of these entities have been doing what they do (Jester DDOS of Jihadi sites and Anonymous, Honker, hacking against the enemies of China, and Anonymous, attacking sceintology, the gov, and paedo’s) with a mind toward doing “good” In the case of Jester, he thinks DDoS-ing jihadi sites out of a patriotic bent that will stop them from communicating. In the case of the Honker Union, they are patriots to their homeland and attack others who would do their country slight or harm. Anonymous though, started out of /b/ … Which really is a band of miscreants for the most part. However, a core group decided to take on the mantle of doing right somewhere down the line and we find swaths of them today supporting Occupy Wall Street and other political agenda’s.
The basic idea here is that they are all motivated by a belief in some greater good.. Mostly. I am sure there are on individual levels, many more motives (ego, greed, ego… the list goes on) but I will just put it to a gross generality that these people want to effect some kind of change.
At least I hope that this is the case…
What is really different though is that in the case of Jester and the Honker Union, they both are condoned if not outright supported efforts by the countries they reside in. In the case of the PLA and the Honker, there is clear connection between the state and their actions. In the case of Jester, there are allegations (made by him) that his is state sponsored.. But, I think more to the point he is condoned. Either way, the Anon’s may indeed be getting some support (moral or other) from state sponsors and not even know it. In the case of Anon, they could just become the tool of another nation state and not know any better.
Which is pretty scary.
All of these entities though, have had a greater or less effect upon the internet these last few years through their online shenanigans via hacking. The secret is this, they are just the first. There will be others to be sure.. The genie is out of the bottle on this one.
Anonymous vs. LulzSec & Antisec:
Conversely, we have LulzSec and Antisec, who both wreaked havoc on the corporations and the police of the world lately. Their reasons for doing so pretty much have been stated as “because we are bored” At the core though, there seems to be a couple of motives here from postings online. One is the afore mentioned Lulz, the other, seems to be a kind of abject hatred of authority and police. In recent hacks on the police though, there seems to be a bent toward supporting the Occupy movement as the police have had some transgressions against them. So.. They hacked the police and dumped all their data to spite them. Frankly, I see no value to this and once again, even if motivated by supporting the movement, it has no real effect on the police other than to make them more angry and reactive against the protesters.
Anonymous on the other hand has had its lulz, but seems to be growing up a bit and maturing. The social conscience of anon has begun to take shape and within it (movement wise) may well be the lasting component that will be its Raison d’être in the end. Time will tell though, and I hope that this is the case more so than just a bunch of malcontent’s seeking attention and excitement.
The Hand Wringing by The Infosec Community At Large:
Alright, back to the hand wringing and the moralizing post the Op DarkNet…
Certain people in the community wrote that while the empathised with what Anon was trying to do with Op DarkNet, they felt that these people were not the folks they would have doing this to start. Most of this comes from the fact that many of the players are not trained investigators and not LEO’s. I can agree with this from the perspective of legal proceedings later on. If Anonymous hacks a server and then dumps data, it could have an effect on the court case from a few perspectives;
- Contamination: The defense could claim that the server was hacked and the data planted
- The data could have indeed been tampered with by anon’s
- The backend of the server/dbase could in fact be shared and all those who share could be swept up in the legalities/implications
- The hack is enough to raise reasonable doubt
So, yes, it could be counter productive to have a vigilante force actually hack a system and report it to law enforcement. However, I would advocate that in the case of Anonymous and the paedo’s at the least, they not just hack and dump data, but instead give that data to law enforcement to start an investigation. For that matter, if Anonymous just located the servers and authenticated (sans hacking) that the content was there, they could in fact just tip off the police.
And this is at least part of what they did with Lolita City in the DarkNet. They tried to locate the server location and this alone could be a great boon for the authorities.
On the other hand, there are moral/ethical objections on the parts of some who think that perhaps letting Anonymous do this type of thing, or even encourage it is setting a bad precedent. To them, Vigilante’s are outside the scope of good behaviour and the law.. They cannot be tolerated. Personally, I think that that is a sanctimonious load of crap, but, that’s just me.
Sometimes when the system cannot function other means need to be taken to effect change. In this case, within a network that is anonymized and the authorities have had little success in catching anyone trading in paedophilia, I see no harm in Anonymous outing them.. Though, I would rather they just passed the intelligence to the LEO’s instead. It is my opinion, that if done correctly, intelligence gathering of this type with a tip off to the police has a better chance at actual arrests and convictions than to just let them go on about their peddling of child pornography.
Just one man’s opinion…
Philosophical and Ethical Stands On Being The Digital Batman:
This is the philosophical and ethical standpoint I take in being the digital Batman. Strict utilitarianism dictates that maximizing overall good is key. In this case and perhaps others, the taking down of the paedophile’s content and capturing their login credentials is enough “good” to allow for the action to be seen as acceptable. This is really the basis of The Batman’s ethics in the comics and ideally, for me on this particular incident with Anonymous.
Now, this does not mean I agree with all of their operations as well as certainly not agreeing with the bulk of the actions carried out by the Antisec movement. However, the perspective is the key I suppose. It’s a slippery slope I admit, but, in this case of OpDarkNet, I agree with the greater good being served in this case.
Here we have the Deontologists like Sam Bowne. Deontology is a nice thing to cling to the ethical rules of a governing system of laws. However, it seems to me, and others here, that this system of laws is not working against these offenders in the hidden wiki. Sure, you could say that the LEO’s have ongoing investigations, but, just how many busts have there been as opposed to the massive amount of content located on the hidden wiki and within i2p, Freenet, and TOR?
So far, I have not seen law enforcement really winning this battle.
Oh well, the Deontologists have their point of view and others have theirs. The key here is that Sammy and others like Packetknife are entitled to their point of view. They are right for themselves, and that is the issue with all philosophy and ethics arguments. Like I said, it’s all about your world view. However, I do not ascribe to a moral absolute unlike someone like Sammy.
There are no right answers. There is only what you are willing to accept for yourself.
Legal Aspects of Digital Vigilantism:
Now, on to the legal aspects here.
The US code on activities related to sexual exploitation of minors alludes to the fact that one has to “knowingly” access such content and to have more than 3 pieces of “content” to be considered guilty of child exploitation/pornography. This of course also alludes to the trafficking thereof etc etc in legalese. Where this is important for the digital Batman is where there are caveats.
(c) Affirmative Defense. - It shall be an affirmative defense to a charge of violating paragraph (4) of subsection (a) that the defendant - (1) possessed less than three matters containing any visual depiction proscribed by that paragraph; and (2) promptly and in good faith, and without retaining or allowing any person, other than a law enforcement agency, to access any visual depiction or copy thereof - (A) took reasonable steps to destroy each such visual depiction; or (B) reported the matter to a law enforcement agency and afforded that agency access to each such visual depiction.
So, as I said before, if you are trying to take one of these sites down, then do turn off your browser’s images capabilities.. Hell, why not just use Lynx for that matter so as to negate the issue. However, there is a key point here that you all should take into account. It’s the bit about making the LEO’s aware of the content. This is what I was trying to get at before. If Anonymous or anyone is going to go after this content, then it would be best if you tipped off the LEO’s to the site and the content. Now, the above statement implies that if you make the tip, then you are going to let the police have your system to look at… And we all know Anonymous is not going to do that. So, just be judicious about your tip off’s to the authorities. Do your homework and dump the data to them directly, not on Pastebin.
Of course, then there are the issues of hacking a system in the first place… Well, in the DarkNet, the only thing as I see it that is key would be not leaving a trace that you were there. You know, kinda like the whole hiking ethos of only leaving footprints.. But in this case I would suggest not even a footprint should be left behind. It seems to me, that if you hack a paedo site, even with good intentions, you could get the double whammy from the authorities of hacking as well as accessing child porn…
And that could really be problematic.
So, in the end, I circle back to recommending that you become intelligence gatherers and locate the sources to report. If you locate them, and you get some good details for the authorities without having to SQLi them, all the better. You will be doing a good thing AND you will be satisfying the Deontologists in the room.
Keep your wits about you kids.
K.
The Psychology of “Neo Jihad” Radicalization
The Paradigm Pivot:
Soon after the attacks on 9/11 the US and other countries began a “War On Terror” that attempted to disrupt and destroy the Al Qaeda networks. The military and intelligence wars on AQ have been very successful in that they have splintered the group, cut its main lines of C&C, and forced them to scatter into the hills of Waziristan and other places. The intelligence war began with stepped up surveillance technically as well as, after much spin up, getting physical assets on the ground and inserted into the intelligence gathering apparatus. Once the networks were set up, and the AQ infrastructure fractured, it became apparent to the leaders of AQ that they needed to proselytize in a different way to get more “recruits” for the global jihad that they wanted.
Once the realization set in, the AQ leadership began to move online to communicate, radicalize, and recruit new jihadi’s to the cause. As time went by and more of the networks were broken, the ranks of jihad began to thin out. This became a real problem for Al Qaeda and it realized that it needed a new paradigm to reach the “Western” ummah that they could try to sway to jihad. With the creation of GIMF, and AQAP later on, the footprint of jihadi propaganda and radicalization took shape online. Since 2001, we have seen AQ and affiliates grapple with how to get their message across as well as create channels for those who are not in the 2 lands, to radicalize, and then come to jihad.
This post is about not only the means that AQ, AQAP, and others have come up with as a response to the problem, but also a profile of the GEN2 jihadi’s online that are being radicalized and who have acted in the past as well as those who may in the future.
Online Jihad: 10 Years of Internet Jihad
A plethora of sites on the internet have been set up over the years by AQ and its affiliates to propagandize and communicate. many of these sites at first were just simple file upload areas and small bulletin boards. Today we have many mass media style sites including videos, tutorials, online chat areas, and private messaging. The PHP bulletin boards set up on domain named sites or on servers (stealth) that have been hacked, have been the most popular of all. With these sites, the jihad radicalization goes on with postings within pass-worded group sites like Shamukh (AQ) or Ansar.com.
For the most part, these sites have only been partially successful in being a command and control mechanism for AQ. They have failed to gather the swelling support that they would have liked on the part of the Western ummah and it is this lack of fervor that has them vexed. I have personally seen this vexation in AQAP’s “Inspire Magazine” as they have been trying to become more “Hip and Western” to get a new audience. All of their efforts though, have had lackluster returns. This lack of response on the part of the young westernized groups that they are targeting is likely to a few factors;
- The radicalization process is not in person
- The western mindset of the targets is more secular in nature and separate from the core AQ groups experiences
- These youths are not living in lands where war is ongoing
The Psychology of Radicalization:
Radicalization: The process in which an individual changes from passiveness or activism to become more revolutionary, militant or extremist. Radicalization is often associated with youth, adversity, alienation, social exclusion, poverty, or the perception of injustice to self or others.
Much of the classic radicalizing that happens within movements such as Al Qaeda happens when the like minded get together under the penumbra of a stronger personality that leads them. In the case of Islamic Jihad, there have been many Imam’s and leaders who preach this type of thought within their right wing versions of Islam. This is the core of the idea behind raising the ummah army to fight a jihad, the radicalization of the parishioners through direct proselytizing. Since 9/11 though, much of the Muslim community has come under scrutiny from intelligence gathering groups seeking to find the next cell of terrorists being exhorted to jihad by an imam or another leader.
In other cases secular leaders may arise, this may take shape in the form of someone like Mohammad Atta, or the like who are within a circle of like minded people (What Dr. Marc Sageman calls “a group of guys” theory) who “self radicalize” and either make contact with core AQ, or, they decide to act on their own, using the internet as their guide to jihad techniques and ideals. This may happen with two or more individuals seeking like minded people, or, a leader may inculcate them into their particular brand of thought.
A third and seemingly rising type of radicalization seems to be the Lone Wolf or Loner. This is a person either seeking to belong to something greater than they are, or, someone mentally unbalanced and moving along the lines of their own particular mental illness. The Lone Wolves and the Loner’s are dangerous in that they are now one of the primary targets of AQ and their propaganda/radicalization drive other than the “group of guys” The reason for this is that all of these groups can “self radicalize” without having to step into a mosque by reading online and digitally relating with other like minded jihadi’s online. The major difference being that there is no direct contact and, for most, this method of contact and radicalizing lacks the added social element of being in person as a part of a group.
This is a key feature of radicalization that needs to be understood. Since we are social animals, we need to feel that kinship and the only real way to do this primarily is to be within a social dynamic structure that includes physically being there. Online it seems, just does not cut it for most. However, there are others, the mentally ill, and those who are so socially awkward, that online seems to be the only way that they can relate, that have become the next generation of jihobbyists. This in tandem with the fact that now it is rather hard to make contact with, and access the core AQ group physically (i.e. going to a training camp in Waziristan) has made the online radicalization process the pre-eminent way for the jihadi process to carry on.
Jihad GEN 2.0: Lone Wolves, Wolf Packs, & Loners
- Lone Wolves: Single actors who radicalize either by self or online groups but act alone
- Wolf Packs: “The Group of Guys” Who radicalize together as a unit and attempt jihad
- Loners: The single player who radicalizes online and may have contacts with some but is not a team player
Lone Wolves, or the “Lone Wolf” The most likely candidate for the lone wolf is a second generation immigrant who feels some sort of synergy with their parents homeland. There have been a spate of cases where Al Shebaab had converts sneak off from the US to Somalia to train with them. The majority of these lone wolves in this case, were kids in their teens or early twenties that took off to join the jihad there. The premise though, is that these are people who are not necessarily part of any one group but seek out the jihad on their own. They often connect with the core jihadi groups in some way (Malik Hassan and Anwar Al Awlaki) and then act on their own in a more constructed and supported way from the core AQ groups.
Wolf Packs are groups of like minded individuals who have either come together and then radicalized, or, have formed due to a strong leader. These are the most dangerous of the groups because they tend to be groomed by core AQ and, as a group, not only self radicalize, but they re-enforce their belief and action as a social dynamic. Wolf packs have been seen as the more organized and thus more dangerous element in this behavior model. An example of the wolf pack would be the Lackawana 6 or others who banded together and eventually went to an AQ training camp. Though, in the case of the Lackawanna 6, it seems as though they came back from the trip decidedly lacking the motivation to carry out a mission. This is likely because of their Westernized mind set. They did however provide material support to the jihad, and were convicted of this.
Loners are the last type of jihadi that the AQ core are seeking to incite. The loner tends to be an individual who is socially inept to the degree that some have actually been diagnosed with Aspergers Syndrome. Still others have proven to be mentally ill individuals who latch onto the jihad for whatever reasons are driving their psyche. On average, the loner can be seen as the spree killer of the group that feeds the need of the jihad in that they sow fear and confusion while potentially taking out numbers of people. An example of a loner would be Nidal Malik Hassan (Ft. Hood Shooter) who clearly was mentally unstable and went on a shooting rampage injuring 30 and killing 13.
Loners tend to be more the spree killers with guns than they are bomb makers. Another loner type would be Faisal Shahzad, who attempted to make a propane bomb alone. His training was incomplete or he was inept, because the device failed to go off. In the case of Shahzad, he also spent time in Pakistan (from where he emigrated to the US) with the Pakistani Taliban. His radicalization went on unseen by others around him and his actions became more erratic as time went on. I have not seen a psych evaluation of him, but from all that I have seen, it may well be that he too is mentally unstable.
Another couple of reasons to worry more about the “loner” type of jihadi are these:
- They are loners, thus unless someone in the family see’s whats going on, it will likely go unseen until its too late
- They are often here in the US and with guns easily available, make their spree killing scenarios most likely to work
Online Radicalization: Propaganda, Congregation, Synergy & The Online Shadow War
As mentioned above, the radicalization process online has mainly consisted of websites that cater to the newbie to the jihad up to the hard core members. Primarily though, these sites have been a means to gain new recruits for the holy war. These sites had been for a long time, rather blatantly operating online because the governments had not caught up with the technology. Recently though, there has been a change going on within the online jihad. Due to many factors including actions on the part of the hacker community, the propaganda machine that has been the jihadi bulletin board system online has begun to go underground as well as redouble its propaganda efforts.
AQAP’s “Inspire Magazine” releases also have been slowed down and the core’s processes for distribution tightened because of tampering with the files in the past and the worries that they have been compromised as a network online. Spooks and hackers have been infiltrating their networks and websites for a while now and they have caught on. Of course in some ways, the assumption should always have been so. However, attacks on the AQ propaganda sites have increased over the last couple of years to include complete take downs of certain sites through DD0S as well as compromise and destruction of their back ends. Since these occurrences, the smarter of the group have decided that it was time to create a new propaganda jihad.
Abu Hafs al–Sunni al–Sunni, is an exemplar of this mindset. He espouses that the propaganda jihad needs to be more layered and secret. His proposal is to hide the online jihad in plain sight, by making pages that have stealth links (gateway sites) that will lead the knowing, to the real sites where content can be obtained and ideas shared. His ideas were a bit ahead of the curve for most on the boards, but now, post 2011, the administrators and the core AQ I think, are taking a closer look at this model. As online sites that are non secret become more and more targeted, it is only natural that they jihad would eventually have to go underground to continue and flourish from a command and control as well as radicalization standpoint. By locking down the content with gateways to it, those who are serious could congregate behind the digital curtain and carry on, while the digital bill boards call to all those thinking about joining the fray.
As the online jihad progresses technically, so too will their followers and this is a concern. With technologies such as TOR (The Onion Router) and their “Hidden Services” one can now easily hide all content behind a network that cannot be tracked or traced. Online chats can be had in total anonymity as well as files can be left within the confines of such networks for only those who have the right address to get them (net/net meet the new digital anonymous dead drops) and it is here that once again the pivot happens within the dynamic of online jihad. Once the technological skills of the jihadi’s come online, so too will the types of attacks online that could be carried out by them as well as the success rates of kinetic attacks because they are using solid methods to transmit and connect with each other to plan operations.
Already we have seen this movement happening on the forums and it really is only a matter of time until some of these guys read the man page on how to configure their own TOR node with hidden services turned on. It is clear that the technologies are making it easier for them to hide in plain site as well as behind the technical curtain, so, it is my proposition that the next iteration of the GWOT have a component of psychological operations more involved. Just as I have said about the Anonymous situation ongoing, the greater successes are likely to come about because we better understand the players motivations and psyche’s.
Countering The Threat:
In conclusion, I see a two pronged method of attack to fight the online jihad:
- Psyops: The idea that psychological operations has always been a part of the counter insurgency effort. However, in the digital world this has been more the spooks territory than the digital warfighter. Of course the digital war is new as is the online jihad so it is a natural progression to see this type of warfare as well as detective process being implemented.
- Technical Counter-Insurgency Operations: As the technological adroitness grows on the part of the jihadi’s so should the capabilities on the counter insurgency online. It is understood that the US has quite a bit of technical know how online so it is an easier supposition to make that we will be able to step up quickly. However, it is the melding of the two (psyops/pscyhology and technical ops) that must happen to wage this battle well.
APPENDIX A:US Cases of Terrorism since 9/11
2002
• José Padilla. José Padilla (32), a native U.S. citizen, convert to Islam, and al Qaeda
operative, was arrested upon his return from the Middle East to the United States.
Although there is no question of his al Qaeda connection, his mission remains unclear.
He was convicted for providing material support to al Qaeda and sentenced in 2008.
A co-defendant, Kifah Wael Jayyousi (40), a naturalized U.S. citizen from Jordan, was
also convicted.
• The Lackawanna Six. Six Yemeni-Americans—Sahim Alwar (26), Yahya Goba (25),
Yasein Taher (24), Faysal Galab (25), Shafal Mosed (23), all born in the United States,
and Muktar al-Bakri (21), a naturalized citizen—were arrested for training at an
al Qaeda camp in Afghanistan.
• The Portland Seven. Seven individuals—Patrice Lumumba Ford (31), Jeffrey Leon
Battle (31), October Martinique Laris (25), Muhammad Ibrahim Bilal (22), Ahmed
Ibrahim Bilal (24), all native U.S. citizens; Habis Abdulla al Saoub (37), a U.S. perma-
nent resident from Jordan; and Maher Hawash (38), a naturalized U.S. citizen from
Jordan—were arrested for attempting to join al Qaeda and the Taliban.
• Earnest James Ujaama. Earnest James Ujaama (36), a native U.S. citizen, was arrested
for providing support to the Taliban.
• Imran Mandhai. Imran Mandhai (20), a U.S. permanent resident from Pakistan, told
an FBI informant that he wanted to wage war against the United States. He planned
to assemble an al Qaeda cell and attack various targets in Florida, including electrical
substations, Jewish businesses, a National Guard armory, and also, improbably, Mount
Rushmore. Under surveillance for a long time, Mandhai was arrested and subsequently
convicted of conspiracy to destroy property.
• Anwar al-Awlaki. Anwar al-Awlaki (31), a U.S. citizen born in New Mexico, studied
engineering in college and motivation in graduate school, then became an increasingly
radical imam. After being questioned by the FBI several times, he left the United States
in 2002 and went to Yemen, where he is now a leading spokesperson for al Qaeda.
2003
• Adnan Gulshair el Shukrijumah. A provisional arrest warrant was issued for Adnan
Gulshair el Shukrijumah (27), a Saudi national and legal permanent resident, who grew
up and worked in the United States. Shukrijumah was suspected of involvement in a
number of terrorist plots. In 2010, he was indicted for his involvement in the 2009 Zazi
plot to blow up New York subways.
• Iyman Faris. Iyman Faris (34), a naturalized U.S. citizen from Pakistan, was arrested
for reconnoitering the Brooklyn Bridge for a possible al Qaeda attack.
• The Northern Virginia Cluster. Eleven men were arrested in June 2003 for training
at a jihadist training camp abroad, intending to join Lashkar-e-Toiba, and planning
terrorist attacks: Caliph Basha Ibn Abdur Raheem (28), a native U.S. citizen; Sabri
Benkhala (27), a native U.S. citizen; Randoll Todd Royer (39), a native U.S. citizen;
Ibrahim al-Hamdi (25), a Yemeni national; Khwaja Mahmood Hasan (27), a natural-
ized U.S. citizen from Pakistan; Muhammed Aatique (30), a legal permanent resident
from Pakistan; Donald T. Surratt (30), a native U.S. citizen; Masoud Ahmad Khan
(33), a naturalized U.S. citizen from Pakistan; Seifullah Chapman (31), a native U.S.
citizen; Hammad Abdur-Raheem (34), a U.S.-born citizen and Army veteran of the
first Gulf War; and Yong Ki Kwon (27), a naturalized U.S. citizen from Korea. Two
other individuals were also arrested in connection with the group: Ali al-Timimi (40), a
U.S.-born citizen, and Ali Asad Chandia (26), a citizen of Pakistan. Six of the accused
pleaded guilty, and another three were convicted. Benkhala was acquitted but was later
charged and convicted of making false statements to the FBI. Al-Timimi was convicted
in 2005. The case against Caliph Basha Ibn Abdur Raheem was dismissed.
• Uzair Paracha. Uzair Paracha (23), a legal permanent resident from Pakistan, was
indicted for attempting to help an al Qaeda operative enter the United States in order
to attack gas stations. He was convicted in 2005.
• Abdurahman Alamoudi. Abdurahman Alamoudi (51), a naturalized U.S. citizen from
Eritrea, was indicted in the United States for plotting to assassinate Saudi Arabia’s
Prince Abdullah.
• Ahmed Omar Abu Ali. Ahmed Omar Abu Ali (22), a native U.S. citizen, was arrested
by Saudi authorities and later extradited to the United States for providing support to
a terrorist organization and plotting to assassinate the president of the United States.
2004
• Mohammed Abdullah Warsame. Mohammed Abdullah Warsame (31), a legal perma-
nent resident from Somalia, was arrested for conspiring to support al Qaeda. He was
found guilty and sentenced in 2009.
Chronology of the Cases
• Ilyas Ali. Ilyas Ali (55), a naturalized U.S. citizen from India, pleaded guilty to provid-
ing material support to the Taliban and al Qaeda. He attempted to sell hashish and
heroin in return for Stinger missiles, which he then planned to sell to the Taliban. Two
other defendants, Muhammed Abid Afridi and Syed Mustajab Shah, both Pakistani
nationals, were also convicted in the case.
• Amir Abdul Rashid. Ryan Gibson Anderson (26)—a native U.S. citizen and convert to
Islam who called himself Amir Abdul Rashid—was a soldier in the U.S. Army at Fort
Lewis, Washington, when he was arrested in February 2004 for contacting Islamic
websites related to al Qaeda and offering information about the U.S. Army.
• Mark Robert Walker. A Wyoming Technical Institute student, Mark Robert Walker
(19), a native U.S. citizen who, according to reports, became obsessed with jihad, was
charged with attempting to assist the Somali-based group, Al-Ittihad al Islami. He
planned to provide the group with night-vision devices and bulletproof vests.
• Mohammed Junaid Babar. Mohammed Junaid Babar (31), a naturalized U.S. citizen
from Pakistan, was arrested in New York for providing material support to al Qaeda.
• The Herald Square Plotters. Shahawar Martin Siraj (22), a Pakistani national, and
James Elshafy (19), a U.S.-born citizen, were arrested for plotting to carry out a terrorist
attack on New York City’s Herald Square subway station.
• The Albany Plotters. Yassin Aref (34), an Iraqi refugee in the United States, and
Mohammad Hossain (49), a naturalized U.S. citizen from Bangladesh, two leaders of a
mosque in Albany, New York, were arrested for attempting to acquire weapons in order
to assassinate a Pakistani diplomat.
• Adam Yahiye Gadahn. Adam Yahiye Gadahn (26), a native U.S. citizen and convert to
Islam, moved to Pakistan in 1998. By 2004, he was identified as a member of al Qaeda
planning terrorist attacks in the United States, and he subsequently became one of
al Qaeda’s principal spokesmen. He was formally indicted in 2006.
• The Abdi Case. Nuradin Abdi (32), a Somali national granted asylum in the United
States, was indicted in June 2004 for plotting with Iyman Faris to blow up a Colum-
bus, Ohio, shopping mall. (He was arrested in November 2003.)
• Gale Nettles. Gale Nettles (66), a native U.S. citizen and ex-convict, was arrested in
August in an FBI sting for plotting to bomb the Dirksen Federal Building in Chi-
cago and for attempting to provide al Qaeda with explosive material. His motive was
revenge for his conviction as a counterfeiter, but he wanted to connect with al Qaeda,
which he figured would pay him for his excess explosive materials. He was convicted
on the terrorist charge in 2005.
• Carpenter and Ransom. Two New Orleans men, Cedric Carpenter (31), a convicted
felon, and Lamont Ransom (31), both native U.S. citizens, intended to sell fraudulent
identity documents to the Philippine jihadist terrorist group Abu Sayyaf in return for
cash and heroin. Ransom, who had previously served in the U.S. Navy, was familiar
with the group. Both were convicted and sentenced in 2005.
2005
• The New York Defendants. Three defendants—Mahmud Faruq Brent (32), a U.S.-
born citizen who had attended a training camp in Pakistan run by Lashkar-e-Toiba;
Rafiq Abdus Sabir (50), a U.S.-born citizen and medical doctor who volunteered to pro-
vide medical treatment to al Qaeda terrorists; and Abdulrahman Farhane (52), a natu-
ralized U.S. citizen from Morocco who agreed to assist in fundraising for the purchase
of weapons for insurgents in Chechnya and Afghanistan—were linked to defendant-
turned-informant Tarik Shah (42), a U.S.-born citizen who was arrested in May 2005
for offering to provide training to insurgents in Iraq. Shah identified his co-defendants,
and all four were convicted.
• The Lodi Case. Hamid Hayat (22), a native-born U.S. citizen, and his father, Umar
Hayat, a naturalized U.S. citizen from Pakistan, were arrested in June 2005 for secretly
attending a terrorist training camp in Pakistan. Umar Hayat ultimately pleaded guilty
of lying to federal authorities.
• The Torrance Plotters. Kevin James (29), Levar Washington (21), and Gregory
Patterson (25), all native U.S. citizens and converts to Islam, and Hammad Riaz Samana
(21), a permanent resident from Pakistan, were charged in August 2005 with planning
to carry out terrorist attacks on National Guard armories, a U.S. military recruiting
center, the Israeli consulate, and Los Angeles International airport. (This case is some-
times referred to as the Sacramento Plot.)
• Michael Reynolds. Michael Reynolds (47), a native U.S. citizen, acquired explosives
and offered them to an informant whom he believed was an al Qaeda official to blow
up the Alaska Pipeline in return for $40,000.
• Ronald Grecula. Ronald Grecula (70), a native U.S. citizen, was arrested in Texas in
May 2005 for offering to build an explosive device for informants he believed to be
al Qaeda agents. He pleaded guilty to the charge in 2006.
2006
• The Liberty City Seven. Seven men—Narseal Batiste (32), a native U.S. citizen;
Patrick Abraham (39), a Haitian national illegally in the United States after over-
staying his visa; Stanley Grunt Phanor (31), a naturalized U.S. citizen; Naudimar
Herrera (22), a native U.S. citizen; Burson Augustin (21), a native U.S. citizen; Rothschild
Augustin (26), a native U.S. citizen; and Lyglenson Lemorin (31), a legal permanent resi-
dent from Haiti—were charged in June 2006 with plotting to blow up the FBI build-
ing in Miami and the Sears Tower in Chicago. Herrera and Lemorin were acquitted.
Chronology of the Cases
• Syed Hashmi. Syed “Fahad” Hashmi (30), a Pakistani-born U.S. citizen, was arrested
in London on charges of providing material support to al Qaeda.
• Derrick Shareef. Derrick Shareef (22), a native U.S. citizen and convert to Islam, was
arrested for planning a suicide attack on an Illinois shopping mall. He intended to
place hand grenades in garbage cans, but the plot also involved handguns.
• The Fort Dix Plotters. Six men—Mohammad Ibrahim Shnewer (22), a naturalized
U.S. citizen from Jordan; Serdar Tatar (23), a legal permanent resident from Turkey;
Agron Abdullahu (24), a U.S. permanent resident from Kosovo; and Dritan Duka (28),
Shain Duka (26), and Elljvir Duka (23), three brothers from Albania living in the
United States illegally—were charged with plotting to carry out an armed attack on
soldiers at Fort Dix, New Jersey.
• The Toledo Cluster. Mohammad Zaki Amawi (26) and Marwan El-Hindi (43), both
naturalized U.S. citizens from Jordan, and Wassim Mazloum (25), a legal permanent
resident from Lebanon, were arrested in Toledo, Ohio, for plotting to build bombs to
use against American forces in Iraq. Two additional persons were also charged in this
case: Zubair Ahmed (26), a U.S.-born citizen, and his cousin Khaleel Ahmed (25), a
naturalized U.S. citizen from India.
• The Georgia Plotters. Syed Harris Ahmed (21), a naturalized U.S. citizen, and Ehsanul
Islam Sadequee (20), a U.S.-born citizen from Atlanta, Georgia, were arrested in April
2006 for discussing potential targets with terrorist organizations and receiving instruc-
tion in reconnaissance.
• Daniel Maldonado. Daniel Maldonado (27), a native U.S. citizen and convert to
Islam, was arrested for joining a jihadist training camp in Somalia. He was captured
by the Kenyan armed forces and returned to the United States.
• Williams and Mirza. Federal authorities charged two students at Houston Commu-
nity College—Kobie Diallo Williams (33), a native U.S. citizen and convert to Islam,
and Adnan Babar Mirza (29), a Pakistani national who had overstayed his student
visa—with aiding the Taliban. According to the indictment, the two planned to join
and train with the Taliban in order to fight U.S. forces in the Middle East.
• Ruben Shumpert. Ruben Shumpert (26), also known as Amir Abdul Muhaimin, a
native U.S. citizen who had been convicted for drug trafficking, converted to Islam
shortly after his release from prison. When the FBI came looking for him in 2006, he
fled to Somalia and joined al-Shabaab. He was reportedly killed in Somalia in Decem-
ber 2008.
2007
• Hassan Abujihaad. Hassan Abujihaad (31), formerly known as Paul R. Hall, a native
U.S. citizen and convert to Islam who had served in the U.S. Navy, was arrested in
April 2007 for giving the locations of U.S. naval vessels to an organization accused of
supporting terrorists.
• The JFK Airport Plotters. Russell Defreitas (63), a naturalized U.S. citizen from
Guyana; Abdul Kadir (55) a Guyanese citizen; Kareem Ibrahim (56), a Trinidadian;
and Abdal Nur (57), another Guyanese citizen, were charged in June 2007 with plot-
ting to blow up aviation fuel tanks at John F. Kennedy Airport in New York. Defreitas
was arrested in Brooklyn. The other three plotters were arrested in Trinidad and extra-
dited to the United States.
• Ahmed Abdellatif Sherif Mohamed. Ahmed Abdellatif Sherif Mohamed (26), a U.S.
permanent resident from Egypt, was arrested for providing material support to terror-
ists by disseminating bomb-making instructions on YouTube. He pleaded guilty to the
charge.
• Omar Hammami. Now known as Abu Mansour al-Amriki, Omar Hammami
(23), a native-born U.S. citizen, left Alabama some time not later than 2007 to join
al-Shabaab in Somalia. He later appeared in the group’s recruiting videos. Hammami
was indicted in 2010 for providing support to al-Shabaab.
• Jaber Elbaneh. Jaber Elbaneh (41), a naturalized U.S. citizen from Yemen, was con-
victed in absentia by a Yemeni court for plotting to attack oil and gas installations in
Yemen. He had previously been charged in the United States with conspiring with the
Lackawanna Six. He was one of a number of al Qaeda suspects who escaped from a
Yemeni prison in 2006. He subsequently turned himself in to Yemeni authorities.
• The Hamza Case. Federal authorities charged the owner and several officials of Hamza,
Inc., a financial institution, for money laundering and secretly providing money to
al Qaeda. Those charged included Saifullah Anjum Ranjha (43), a legal permanent U.S.
resident from Pakistan; Imdad Ullah Ranjha (32), also a legal permanent resident from
Pakistan; and Muhammed Riaz Saqi, a Pakistani national living in Washington, D.C.
Also charged in the case were three Pakistani nationals living in Canada and Spain.
2008
• Christopher Paul. Christopher “Kenyatta” Paul (43), a native U.S. citizen and convert
to Islam living overseas, was arrested upon his return to the United States in April 2008
for having plotted terrorist attacks on various U.S. targets. He later pleaded guilty.
• Bryant Vinas. Bryant Vinas (26), a native U.S. citizen and convert to Islam, was
arrested in Pakistan and extradited to the United States for having joined al Qaeda in
Pakistan. He also provided al Qaeda with information to help plan a bombing attack
on the Long Island Rail Road.
• Somali Recruiting Case I. As many as a dozen Somalis may have been recruited in
the Minneapolis, Minnesota, area by Shirwa Ahmed (26), a naturalized U.S. citizen
Chronology of the Cases from Somalia, to fight in Somalia. Ahmed subsequently was
killed in a suicide bomb- ing in Somalia.
• Sharif Mobley. Sharif Mobley (26), a native U.S. citizen of Somali descent, moved
to Yemen in 2008, ostensibly to study Arabic and religion, but in reality, authorities
believe, to join a terrorist organization. He was later arrested by Yemeni authorities in
a roundup of al Qaeda and al-Shabaab militants. In March 2010, he killed one guard
and wounded another in an attempt to escape.
2009
• The Riverdale Synagogue Plot. Native U.S. citizens James Cromite (55), David
Williams (28), Onta Williams (32), and Laguerre Payen (27), a Haitian national, all con-
verts to Islam, were arrested in an FBI sting in New York in May 2009 for planning to
blow up synagogues.
• Abdulhakim Mujahid Muhammad. In June 2009, Abdulhakim Mujahid
Muhammad (23), also known as Carlos Bledsoe, a native U.S. citizen and Muslim con-
vert, killed one soldier and wounded another at an Army recruiting station in Arkansas.
• The North Carolina Cluster. Daniel Boyd (39), a native U.S. citizen and convert to
Islam who fought against the Soviets in Afghanistan in the late 1980s, was arrested
in July 2009 along with his two sons, Zakarlya Boyd (20) and Dylan Boyd (22), also
converts to Islam, and four others, including three U.S. citizens—Anes Subasic (33), a
naturalized U.S. citizen from Bosnia; Mohammad Omar Aly Hassan (22), a U.S.-born
citizen; and Ziyad Yaghi (21), a naturalized U.S. citizen—and Hysen Sherifi (24), a
legal U.S. resident from Kosovo, for plotting terrorist attacks in the United States and
abroad. Jude Kenan Mohammad (20), a U.S.-born citizen, was also a member of the
group. He was arrested by Pakistani authorities in 2008. Boyd reportedly reconnoi-
tered the Marine Corps base at Quantico, Virginia.
• Betim Kaziu. Betim Kaziu (21), a native U.S. citizen, was arrested in September
2009 for traveling overseas to join al-Shabaab or to attend a terrorist training camp in
Somalia.
• Ali Saleh Kahlah al-Marri. Ali Saleh Kahlah al-Marri (38), a U.S. permanent resi-
dent and dual national of Qatar and Saudi Arabia, was charged with attending an
al Qaeda training camp in Pakistan. He pleaded guilty to providing material support
to a terrorist group.
• Michael Finton. Michael Finton (29), a native U.S. citizen and convert to Islam, was
arrested in September 2009 in an FBI sting for planning to blow up a federal court-
house in Springfield, Illinois.
• Hosam Maher Smadi. Hosam Maher Smadi (19), a Jordanian citizen living in the
United States, was arrested in September 2009 in an FBI sting for planning to blow up
an office building in Dallas, Texas.
• Najibullah Zazi. Najibullah Zazi (25), a permanent U.S. resident from Afghanistan,
was arrested in September 2009 for receiving training in explosives at a terrorist train-
ing camp in Pakistan and buying ingredients for explosives in preparation for a ter-
rorist attack in the United States. Indicted with Zazi were his father, Mohammed Zazi
(53), a naturalized U.S. citizen from Afghanistan, and Ahmad Afzali (38), a U.S. per-
manent resident from Afghanistan, both for making false statements to federal inves-
tigators; neither was involved in the terrorist plot. In January 2010, authorities arrested
Adis Medunjanin (24), a naturalized U.S. citizen from Bosnia, and Zarein Ahmedzay
(25), a naturalized U.S. citizen from Afghanistan, and charged them with participat-
ing in the plot.
• Tarek Mehana. In October 2009, federal authorities in Massachusetts arrested Tarek
Mehana (27), a dual citizen of the United States and Egypt, for conspiring over a seven-
year period to kill U.S. politicians, attack American troops in Iraq, and target shopping
malls in the United States. Two other individuals, including Ahmad Abousamra (27), a
U.S. citizen, were allegedly part of the conspiracy. Abousamra remains at large.
• David Headley. In an increasingly complicated case, David Headley (49), a U.S.-born
citizen of Pakistani descent and resident of Chicago, was arrested in October 2009
along with Tahawar Rana (48), a native of Pakistan and a Canadian citizen, for plan-
ning terrorist attacks abroad. Headley was subsequently discovered to have partici-
pated in the reconnaissance of Mumbai prior to the November 2008 attack by the ter-
rorist group Lashkar-e-Toiba. He pleaded guilty in March 2010.
• Colleen Renee LaRose. Calling herself “Jihad Jane” on the Internet, Colleen Renee
LaRose (46), a native U.S. citizen and convert to Islam, was arrested in October 2009
for plotting to kill a Swedish artist whose drawings of Muhammad had enraged Mus-
lims and for attempting to recruit others to terrorism. Her arrest was concealed until
March 2010. LaRose pleaded guilty to the charges.
• Nidal Hasan. In November 2009, Nidal Hasan (38), a native U.S. citizen and Army
major, opened fire on fellow soldiers at Fort Hood, Texas, killing 13 and wounding 31.
• The Pakistan Five. In November 2009, five Muslim Americans from Virginia—
Umar Farooq (25), a naturalized U.S. citizen from Pakistan; Ramy Zamzam (22), who
was born in Egypt, immigrated to the United States at the age of two, and became a
citizen by virtue of his parents becoming citizens; Waqar Hassan Khan (22), a natu-
ralized U.S. citizen from Pakistan; Ahmad Abdullah Mimi (20), a naturalized U.S.
citizen from Eritrea; and Aman Hassan Yemer (18), a naturalized U.S. citizen from
Ethiopia—were arrested in Pakistan for attempting to obtain training as jihadist guer-
rillas. Khalid Farooq, Umar Farooq’s father, was also taken into custody but was later
released. The five were charged by Pakistani authorities with planning terrorist attacks.
• Somali Recruiting Case II. In November 2009, federal authorities indicted eight
men for recruiting at least 20 young men in Minnesota for jihad in Somalia and rais-
ing funds on behalf of al-Shabaab. By the end of 2009, a total of 14 indictments had
been handed down as a result of the ongoing investigation. Those indicted, all but
one of whom are Somalis, were Abdow Munye Abdow, a naturalized U.S. citizen from
Somalia; Khalid Abshir; Salah Osman Ahmad; Adarus Abdulle Ali; Cabdulaahi Ahmed
Faarax; Kamal Hassan; Mohamed Hassan; Abdifatah Yusef Isse; Abdiweli Yassin Isse;
Zakaria Maruf; Omer Abdi Mohamed, a legal permanent resident from Somalia; Ahmed
Ali Omar; Mahanud Said Omar; and Mustafa Salat. No age information is available.
• Abdul Tawala Ibn Ali Alishtari. Abdul Tawala Ibn Ali Alishtari (53), also known as
Michael Mixon, a native U.S. citizen, was indicted and pleaded guilty to attempting to
provide financing for terrorist training in Afghanistan.
2010
• Raja Lahrasib Khan. Raja Lahrasib Khan (57), a naturalized U.S. citizen from Paki-
stan, was charged with sending money to Ilyas Kashmiri, an al Qaeda operative in
Pakistan, and for discussing blowing up an unidentified stadium in the United States.
• Times Square Bomber. Faisal Shazad (30), a naturalized U.S. citizen from Pakistan,
had studied and worked in the United States since 1999. In 2009, he traveled to Paki-
stan and contacted the TTP (Pakistan Taliban), who gave him instruction in bomb-
building. Upon his return to the United States, he built a large incendiary device
in a sport utility vehicle (SUV) and attempted unsuccessfully to detonate it in New
York City’s Times Square. He was arrested in May 2010. Three other individuals were
arrested in the investigation but were never charged with criminal involvement in the
case.
• Jamie Paulin-Ramirez. The arrest of Colleen R. LaRose (“Jihad Jane”) in 2009 led to
further investigations and the indictment of Jamie Paulin-Ramirez (31), also known as
“Jihad Jamie.” Paulin-Ramirez, a native-born U.S. citizen and convert to Islam, alleg-
edly accepted an invitation from LaRose to join her in Europe in order to attend a
training camp there. According to the indictment, she flew to Europe with “the intent
to live and train with jihadists.” She was detained in Ireland and subsequently returned
to the United States, where she was arraigned in April 2010.
Wesam el-Hanafi and Sabirhan Hasanoff. Wesam el-Hanafi (33), also known
as “Khaled,” a native-born U.S. citizen, and Sabirhan Hasanoff (34), also known as
“Tareq,” a dual U.S.-Australian citizen, were indicted for allegedly providing material
In September 2010, Sami Samir Hassoun (22), was arrested in an FBI sting in Chicago
for attempting to carry out a ter-rorist bombing. Hassoun expressed anger at Chicago
Mayor Richard Daley. It is not clear that the case is jihadist-related.
In December 2010, Awais Younis (26), a naturalized U.S. citizen from Afghanistan, was
arrested for threatening to bomb the Washington, D.C., Metro system. He made the threat on
Facebook, and it was reported to the authorities. Neither of these cases is included in the chronology.
support to a terrorist group. The two men, one of whom traveled to Yemen in 2008,
provided al Qaeda with computer advice and assistance, along with other forms of aid.
• Khalid Ouazzani. Khalid Ouazzani (32) pleaded guilty in May to providing material
support to a terrorist group. Ouazzani, a Moroccan-born U.S. citizen, admitted to rais-
ing money for al Qaeda through fraudulent loans, as well as performing other tasks at
the request of the terrorist organization between 2007 and 2008.
• Mohamed Mahmood Alessa and Carlos Eduardo Almonte. Two New Jersey men,
Mohamed Mahmood Alessa (20), a native U.S. citizen, and Carlos Eduardo Almonte
(24), a naturalized citizen from the Dominican Republic and convert to Islam, were
arrested in June at New York’s JFK Airport for conspiring to kill persons outside the
United States. The two were on their way to join al-Shabaab in Somalia.
• Barry Walter Bujol, Jr. Barry Walter Bujol, Jr. (29), a native U.S. citizen and convert
to Islam, was arrested as he attempted to leave the United States to join al Qaeda in
Yemen. He had been under investigation for two years and was in contact with an
undercover agent he believed to be an al Qaeda operative.
• Samir Khan. In June 2010, the Yemen-based affiliate of al Qaeda began publishing
Inspire, a slick, English-language online magazine devoted to recruiting Western youth
to violent jihad. The man behind the new publication was Samir Khan (24), a Saudi-
born naturalized U.S. citizen who moved to the United States with his parents when
he was seven years old. He began his own journey to violent jihad when he was 15. He
reportedly left the United States in late 2009, resurfacing in Yemen in 2010.
• Rockwood’s Hitlist. Paul Rockwood (35), a U.S. citizen who served in the U.S. Navy
and converted to Islam while living in Alaska, was convicted in July 2010 for lying
to federal authorities about drawing up a list of 15 targets for assassination; they were
targeted because, in his view, they offended Islam. He was also accused of research-
ing how to build the explosive devices that would be used in the killings. His wife,
Nadia Rockwood (36), who has dual UK-U.S. citizenship, was convicted of lying to
authorities.
• Zachary Chesser. Zachary Chesser (20), a native U.S. citizen and convert to Islam, was
arrested for supporting a terrorist group in July as he attempted to board an airplane to
fly to Somalia and join al-Shabaab. Chesser had earlier threatened the creators of the
television show South Park for insulting Islam in one of its episodes.
• Shaker Masri. A U.S. citizen by birth, Shaker Masri (26) was arrested in August 2010,
allegedly just before he planned to depart for Afghanistan to join al Qaeda or Somalia
to join al-Shabaab.
• Somali Recruiting Case III. As part of a continuing investigation of recruiting and
funding for al Qaeda ally al-Shabaab, the U.S. Department of Justice announced four
indictments charging 14 persons with providing money, personnel, and services to the
terrorist organization. In Minnesota, 10 men were charged with terrorism offenses for
leaving the United States to join al-Shabaab: Ahmed Ali Omar (27), a legal permanent
resident; Khalid Mohamud Abshir (27); Zakaria Maruf (31), a legal permanent resident;
Mohamed Abdullahi Hassan (22), a legal permanent resident; Mustafa Ali Salat (20), a
legal permanent resident; Cabdulaahi Ahmed Faarax (33), a U.S. citizen; and Abdiweli
Yassin Isse (26). Three were new on the list and had been the subject of previous indict-
ments: Abdikadir Ali Abdi (19), a U.S. citizen; Abdisalan Hussein Ali (21), a U.S. citi-
zen; and Farah Mohamed Beledi (26). A separate indictment named Amina Farah Ali
(33) and Hawo Mohamed Hassan (63), both naturalized U.S. citizens, for fundraising
on behalf of al-Shabaab. A fourth indictment charged Omar Shafik Hammami (26),
a U.S. citizen from Alabama, and Jehad Sherwan Mostafa (28) of San Diego, Califor-
nia, with providing material support to al-Shabaab. (Hammami’s involvement is listed
in this chronology under the year 2007, when he first left the United States to join
al-Shabaab; Mostafa is listed separately in the next entry.)
• Jehad Serwan Mostafa. In August 2010, Jehad Serwan Mostafa (28), a native U.S.
citizen, was indicted for allegedly joining al-Shabaab in Somalia. He reportedly left
the United States in December 2005 and was with al-Shabaab between March 2008
and June 2009.
• Abdel Hameed Shehadeh. Abdel Hameed Shehadeh (21), a U.S.-born citizen of Pal-
estinian origin, was arrested in October for traveling to Pakistan to join the Taliban
or another group to wage jihad against U.S. forces. Denied entry to Pakistan, then
Jordan, Shehadeh returned to the United States and subsequently attempted to join
the U.S. Army. He allegedly hoped to deploy to Iraq, where he planned to desert and
join the insurgents. When that did not work out, he tried again to leave the country
to join the Taliban.
• Farooque Ahmed. Farooque Ahmed (34), a naturalized U.S. citizen from Pakistan, was
arrested in October for allegedly plotting to bomb Metro stations in Washington, D.C.
FBI undercover agents learned of Ahmed’s intentions by posing as al Qaeda operatives.
• Shabaab Support Network in San Diego. Saeed Moalin (33), a naturalized U.S. cit-
izen from Somalia, Mohamed Mohamed Mohamud (38), born in Somalia, and Issa
Doreh (54), a naturalized U.S. citizen from Somalia, all residents of San Diego, were
arrested for allegedly providing material support to al-Shabaab. The investigation of
this network is continuing, and a fourth man from Southern California, Ahmed Nasir
Taalil Mohamud (35), was subsequently indicted.
• Al-Shabaab Fundraising II. In November, federal authorities arrested Mohamud
Abdi Yusuf (24), a St. Louis resident, and Abdi Mahdi Hussein (35) of Minneapolis,
both immigrants from Somalia. The two are accused of sending money to al-Shabaab
in Somalia. A third person, Duane Mohamed Diriye, believed to be in Africa, was also
indicted.
• Nima Ali Yusuf. Nima Ali Yusuf (24), a legal permanent resident originally from Soma-
lia, was arrested in November for allegedly providing material support to a terrorist
group. She was accused of attempting to recruit fighters and raise funds for al-Shabaab.
• Mohamed Osman Mohamud. Mohamed Osman Mohamud (19), a naturalized U.S.
citizen originally from Somalia, was arrested in December for attempting to detonate
what he believed to be a truck bomb at an outdoor Christmas-tree-lighting ceremony
in Portland, Oregon. He reportedly had wanted to carry out some act of violent jihad
since the age of 15. His bomb was, in fact, an inert device given to him by the FBI,
which set up the sting after it became aware of his extremism through a tip and subse-
quent monitoring of his correspondence on the Internet.
• Antonio Martinez. Antonio Martinez (21), also known as Muhaamed Hussain, a nat-
uralized U.S. citizen and convert to Islam, was arrested in December for allegedly plot-
ting to blow up the Armed Forces Career Center in Catonsville, Maryland. The car
bomb he used to carry out the attack was a fake device provided to him by the FBI,
which had been communicating with him for two months.
APPENDIX B: Research Materials
1302002992ICSRPaper_ATypologyofLoneWolves_Pantucci
Wk 6-3 Terrorism background psychology Sageman
The Hidden Wiki: Between The Layers of The Onion Router Networks
Inside The Onion Darknet:
Someone recently pm’d me online and asked if I had ever heard of “The Hidden Wiki” They said that they could not believe what they were seeing because they had just perused an ad that purported to offer “hired killer” services. This person immediately thought it was just a trap or a joke, but, it turns out that hired killers are just the tip of the iceberg within the TOR arcology. The TOR network it seems has become the new ‘Darknet’ hiding sites within the onion router networks themselves, totally anonymous and offering every kind of illicit trade one could think of including pedophilia images. There are innocuous sites as well, but there seems to be quite a bit of content (links within the wiki and pastebin’s that offer up nasty things.
How, you might ask, is this possible? Well, it is because of the nature of TOR itself. The Onion Router Network was a project started by the navy to anonymize internet traffic. Once it was set loose to the masses, it was upgraded and brought to the masses as a means to surf the web anonymously. This is done by using a series of routers (which you can set up yourself on any machine with the software) to receive and direct traffic anywhere online without any kind of record where the traffic came from once entering the TOR node network. (see diagram)
Once inside the system, unless under specific circumstances, you cannot be tracked. There are methods to obtain a users real IP address but they are hard to implement. So, with that said, the TOR system seems to not only allow people to access content on the internet proper, but now a secondary internet has been created within the tor nodes themselves. It would seem that perhaps this secondary internet could either be a haven for good data, or bad.. And from what I have seen so far, its mostly bad. The illicit trade of pedophilia being the worst of that ilk and it would seem that the purveyors think that they can do so without any hindrance because it is on TOR.
The Marketplace, A Digital Mos Eisley:
The Wiki offers many services, most of them seem to be driven by ‘Bitcoins’ and you can even find software to mine bitcoins as well as create them within this space. One has to wonder if you can really hire a hitman here or if this is just a BS post for the Lulz, but, other services seem straight forward and their sites are working. These services also include a wide spectrum of hacking as well as alleged DD0S/Botnet offerings as well. My first thoughts about all of this tended toward the idea that Anonymous must be like a kid in the candy store here, and then I began to search for them. It did not take me long to locate some sites that were ‘Anonymous’ themed as well as dumps of all the LulzSec hacks as well as a full mirror of Wikileaks dumps.
Here are just a few of the services offered in the Marketplace:
* Contract Killer - Kill your problem (snitch, paparazzo, rich husband, cop, judge, competition, etc). (Host: FH)
* BitPoker v1.93 - Poker (Bitcoin). (Host: FH)
* Buttery Bootlegging - Get any expensive item from major stores for a fraction of the price! (Host: FH)
* Stat ID's - Selling fake ID's.
* Bidcoin - Like Ebay. We increase the gross national product. (Host: FH)
* Video Poker - A casino that features "jacks or better" video poker. - DOWN 2011-08-07
* Cheap SWATTING Service - Calls in raids as pranks. (Host: FH)
* Data-Bay - Buy and sell files using digital currency.
* The Last Box - Assassination Market (Bitcoin). - DOWN 2011-08-07
* Pirax Web DDoS - Take out your enemies in seconds. (Host: FH)
* Hacking Services - Hacks IM and Social Nets, does DDoS, sells bank/credit/paypal accounts. Se Habla Espanol. (Host: FH)
* Email Hacker - Hacks emails (Bitcoin). (Host: FH)
* CC4ALL - Selling valid Credit-Cards. Most from Germany. (Host: FH)
* Slash'EM online - Super Lots'A Stuff Hack-Extended Magic tournament server (Bitcoin).
* Rent-a-Hacker - Pay a professional hacker to solve your problem, destroy your enemys. (Host: FH)
* BitPoker v2.0 - New version of poker (Bitcoin). (Host: FH)
* BacKopy - Sells game, software and movie discs (Bitcoin). (Neglected status note) - Broken 2011-08-07
* The Pirates Cove - Classifieds. (Host: FH)
* BitLotto - A lottery using Bitcoin. (Host: FH)
* Brimstone Entertainment - Escort Ads, Strippers, Adult Entertainers. (Host: FH)
* Red Dog Poker - Play a simple game of poker (Bitcoin).
* CouponaTOR - A service for getting retail coupons created (Bitcoin). (Host: FH)
* Virtual Thingies - Buy virtual goodies like premium accounts, usenet access or domains (Bitcoin). (Host: FH)
You can also get a range of services like chemicals to make as well as tutorials how to make and sell anabolic steroids not to mention pages and files on weapons and explosives. Anarchy it seems has found a new digital home. One wonders just how long it will be before the onion becomes a home for jihadi’s as well. I suppose if they aren’t already, it’s only a matter of time until they are hosting their own sites in here as well. The real problem is navigation though for anyone looking around. Which makes this all the better for those seeking to be anonymous and stealth. There are a couple of search engines on the wiki, but due to the nature of TOR, one has to list their site in order for it to be found, so, I assume there are many sites out there that are only known to a very select few.
Paedophiles LOVE Anonmymity:
Meanwhile, it seems that there may be a bit of a war going on between the paedo’s and the hackers within this space as well. This particular page on the hidden wiki had recently been hacked and taken down, but, within a day or so, it was back up online serving out links. The FBI is aware of this site and others that I passed along to them, but, they are once again hard pressed to do anything about it because of the nature of TOR. It would probably be a safe bet though, that they have been monitoring these sites for a little while as the agent I spoke with already knew about the hidden wiki and some of the links forwarded. I guess that things though, are steadily growing on the onion darknet so new stuff is being put out there all the time.
All in all though, this is just another battlefield that the authorities must learn to fight in. Personally, I am with HD Moore in thinking that there may be some way to put a stop to all this… But, when he posited the idea it was 2007. Its almost 2012 and we still have the problem. All I can really hope for is that the decent hacker types living within this liminal digital space will keep taking these sites down and making the paedo’s lives miserable in the meantime.
Anonymity For Better For Worse:
On the flip side of all this is the idea that we need to be able to be anonymous online. I agree with this, I mean, I use TOR every day, but, anonymity is a double edged sword. As you can see from everything above, that very same anonymity that is protecting those who need free speech, or other protections it can afford, are also faced with the darker side of the technology. This space still seems to be fairly new in the sense of services, chat boards, paste sites, and other more normal internet style applications, but, in the contained anonymity that the onion network is giving them, the end users just mostly seem to be using it all for darker purposes.
And this will make things more difficult for everyone else as governments seek to destroy the privacy as they see more of this type of activities going on to use as excuses to peer into them.
K.
DEFCON PANEL: Whoever Fights Monsters: Confronting Aaron Barr, Anonymous, and Ourselves Round Up
A week before this year’s DEFCON, I got a message that I was being considered to replace Aaron in the the “Confronting Aaron Barr” panel discussion. It was kind of a surprise in some ways, but seemed like a natural choice given my tet-e-tet with Anonymous, LulzSec, and even Mr. Barr. After coming to BlackHat and seeing the keynote from Cofer Black, it became apparent that this year, all of these conferences were about to see a change in the politics of the times with reference to the hacking/security community and the world of espionage and terrorism. Two things that I have been writing about for some time and actually seeing take place on the internet for more than a few years with APT attacks on Defense Base contractors and within Jihadist propaganda wars.
Going into the planning for the panel discussion, I was informed that I was hoped to be the stand in for Aaron in that I too see the world as very grey. Many of my posts on the Lulz and Anonymous as well as the state of affairs online have been from the grey perspective. The fact is, the world is grey. There is no black and white. We all have varying shades of grey within our personalities and our actions are dictated by the levels to which our moral compasses allow. I would suggest that the example best and most used is that of torture. Torture, may or may not actually gain the torturer real intelligence data and it has been the flavor of the day since 9/11 and the advent of Jack Bauer on “24” face it, we all watched the show and we all did a fist pump when Jack tortured the key info out of the bad guy to save the day. The realities of the issue are much more grey (complex) and involve many motivations as well as emotions. The question always comes down to this though;
If you had a terrorist before you who planted a dirty nuke in your city, would you ask him nicely for the data? Give him a cookie and try to bond with him to get the information?
Or, would you start using sharp implements to get him to talk in a more expedient fashion?
We all know in our darkest hearts that had we families and friends in that city we would most likely let things get bloody. Having once decided this, we would have to rationalize for ourselves what we are doing and the mental calculus would have to be played out in the equation of “The good of the one over the good of the many” If you are a person who could not perform the acts of torture, then you would have to alternatively resolve yourself to the fates as you forever on will likely be saying “I could have done something” Just as well, if you do torture the terrorist and you get nothing, you will also likely be saying “What more could I have done? I failed them all” should the bomb go off and mass casualties ensue.
I see both options as viable, but it depends on the person and their willingness to either be black and white or grey.
Within the security community, we now face a paradigm shift that has been coming for some time, but only recently has exploded onto the collective conscious. We are the new front line on the 5th battlespace. Terrorists, Spies, Nation States, Individuals, Corporations, and now ‘collectives’ are all now waging war online. This Black Hat and Defcon have played out in the shadow of Stuxnet, a worm that showed the potential for cyber warfare to break into the real world and cause kinetic attacks with large repurcussions physically and politically. Cofer Black made direct mention of this and there were two specific talks on SCADA (one being on the SYSTEM7’s that Iran’s attack was predicated on) so we all ‘know’ that this is a new and important change. It used to be all about the data, now its all about the data AND the potential for catastrophic consequences if the grid, or a gas pipeline are blown up or taken down.
We all will have choices to make and trials to overcome… Cofer was right.
“May you live in interesting times” the Chinese say…
Then we have the likes of Anonymous, Wikileaks, and the infamous ‘LulzSec’ Called a ‘Collective’ by themselves and others, it is alleged to be a loose afiliation of individuals seeking to effect change (or maybe just sew chaos) through online shenannigans. Theirs and now their love child ‘LulzSec’ ideas on moral codes and ethics really strike me more in line with what “The Plague” said in “Hackers” than anything else;
“The Plague: You wanted to know who I am, Zero Cool? Well, let me explain the New World Order. Governments and corporations need people like you and me. We are Samurai… the Keyboard Cowboys… and all those other people who have no idea what’s going on are the cattle… Moooo.”
Frankly, the more I hear out of Anonymous’ mouthpieces as well as Lulzs’ I think they just all got together one night after drinking heavily, taking E, and watching “Hackers” over and over and over again and I feel like Curtis exclaiming the following;
“Curtis: If it isn’t Leopard Boy and the Decepticons.”
So, imagine my surprise to be involved in the panel and playing the grey hat so to speak. The panel went well and the Anon’s kept mostly quiet until the question and answer after, but once they got their mouths open it was a deluge. For those of you who did not see the panel discussion you can find the reporting below. My take on things though boils down to the following bulletized points:
- Anons and Lulz need to get better game on if they indeed do believe in making change happen. No more BS quick hits on low hanging fruit.
- Targets need recon and intelligence gathered has to be vetted before dumping
- Your structure (no matter how many times you cry you don’t have one) can be broken so take care in carrying out your actions and SECOPS
- Insiders have the best data… Maybe you should be more like Wikileaks or maybe an arm of them.
- Don’t be dicks! Dumping data that can get people killed (i.e. police) serves no purpose. Even Julian finally saw through is own ego enough on that one
- If you keep going the way you have been, you will see more arrests and more knee jerk reactions from the governments making all our lives more difficult
- Grow up
- The governments are going to be using the full weight of the law as well as their intelligence infrastructure to get you. Aaron was just one guy making assertions that he may or may not have been able to follow through on. The ideas are sound, the implementation was flawed. Pay attention.
- If you don’t do your homework and you FUBAR something and it all goes kinetically sideways, you are in some deep shit.
- You can now be blamed as well as used by state run entities for their own ends… Expect it. I believe it has already happened to you and no matter how many times you claim you didn’t do something it won’t matter any more. See, all that alleged security you have in anonymous-ness cuts both ways…
- Failure to pay attention will only result in fail.
There you have it, the short and sweet. I am sure there are a majority of you anonytards out there who might not comprehend what I am saying or care.. But, don’t cry later on when you are being oppressed because I warned you.
K.
http://www.darkreading.com/security/attacks-breaches/231300360/building-a-better-anonymous.html
http://www.pcworld.idg.com.au/article/396320/three_tips_better_anonymous
http://www.wired.com/threatlevel/2011/08/defcon-anonymous-panel/
http://venturebeat.com/2011/08/06/defcon-panel-anonymous-is-here-lulzsec-is-here-theyre-everywhere/
Not So 3R337 Kidz
Once again we find ourselves following the story of a new uber dump of data on a Friday (Fuck FBI Friday’s) as they have been dubbed by the skiddies. It seems that 4cid 8urn, C3r3al Kill3r, and Zer0C00l once again have failed to deliver the goods in their #antisec campaign with their ManTech dump. ManTech, for those who don’t know, is a company that handles defense and government security contracts for such things as secure networks etc. The skiddies decided to try and haxx0r the Gibson and get the goods on the bad bad men at ManTech.
Once again, they failed.
The files are mostly UNCLASS (kids, that means UN-CLASSIFIED mmkay?) with a few SBU (Sensitive but UNCLASSIFIED) as well. Many of the files are just documents of finances, bills, resume’s and email addresses that frankly you could get with a good Googling session. Again, we are not impressed by this crap Lulz skiddies. I have told you once, and now I till tell you again, you are failing to deliver anything of interest really.
Now, if you were real APT, then you would have used the data in the excel sheets to create some nice phishing exploits and then gone on to root some good shit. But no, you aren’t that advanced are you? You just want to do the quick hit and dump your ‘booty’ to collect the love from your adoring, albeit stupid, fans. I am sure some of them are at home now wanking off to the idea that you have really stuck it to ManTech and by proxy ‘the man’
Well, you haven’t.. Not so 3r337 as Raz0r and Bl4d3 say.
What you keep failing to understand are sever key things here:
- The good shit is in more protected systems, ya know, like the ones Manning had access to
- You have no idea what you are taking or what you are dumping! Bitch please, understand the classification markings!
- It’s only important to your ‘movement’ if the data actually uncovers bad behavior on the part of the government!
And it’s on that last point I want to harp a little more on. You guys say you are exposing fraud and devious behavior (other than your own subversive tendencies?) and yet, you keep missing the mark. There have been no cohesive plots outed by you other than Aaron and HB Gary’s little foray into creating 0day and programs for propaganda tools online.
Yay you!… ehhh… not so much.
You certainly did spank Aaron though, and for that my top hat and monocle are off to you. He rather deserved what he got for being so God damned stupid. However, you must all understand that these are the standard operating procedures in warfare (PSYOPS, INFOWAR, PROPAGANDA) every nation plays the game and its just the way of life. So, unless you get some real data of a plan to use this type of tech by the US on the US, (other than Rupert & Co.) Once again, I am not really so impressed.
Of course, you have to know that you are now the target of all of those tools right? Not only by the US, but other nations as I have mentioned before. Do you really think that you have not opened the door for other nation states to attack using your name? No one mentioned yet that you are now considered domestic terrorists and could even be considered non domestic after you get caught? You have opened Pandora’s box and all the bad shit is coming.. And much of it is going to be aimed straight at you.
The ironic thing is this.. You have delivered shit. It’s the idea and the cover you have given other nation states or individuals that is key here. You say you can’t arrest an idea… I say certainly not! BUT They can arrest YOU and then make that IDEA not so appealing to the other skiddies once your prosecutions begin on national TV.
So keep it up.. That hornets nest won’t spew hundreds of angry wasps…
ウェブ忍者が失敗する : Dox-ing, Disinformation, and The Fifth Battlespace
Digital Ninja Fail: ウェブ忍者が失敗する
The recent arrests of alleged key members of LulzSec and Anonymous have been called into question by the ‘Web Ninja’s‘, a group of would be hackers who have been ‘DOX-ing” the anonymous hierarchy for some time now. Yesterday, they posted the following on their page concerning the arrest of a man from the Shetland Islands who is purported to be ‘Topiary‘ by the Met and SOCA.
Now, this is a bold statement for anyone who really knows what they are doing in the intelligence analysis field. So, it is my supposition that these guys have no clue about what they are doing by making bold assertions like this. The data they have is tenuous at best and by making such bold statements, I have to wonder if indeed the so called ‘Ninja’s” themselves might not be a tool of anonymous to in fact sow that disinformation.
Here are the facts as I see them;
- To date, the federal authorities have not questioned anyone who was DOX’d by the Ninja’s that I am aware of
- The individuals who were DOX’d that were investigated by the authorities were in fact outed by LulzSec/Anonymous themselves
- Adrian Chen has spoken to the person that the Ninja’s have fingered and claims that he (said person) went to the authorities himself. So far he is still not a suspect.
So, taking into account these facts, I would have to say that the Ninja’s have failed in their stated mission so far and I would suffice to say that if they are indeed a part of a disinformation campaign, then that too has failed. After all, the police seem to be ignoring the data put on the interent by the likes of the Ninja’s in favour of other tried and true tactics. The primary tactic as I see it, is grab one individual and then get them to roll over on their compatriots in the face of massive jail time.
This pretty much works all the time as we, as human beings, are most willing to sacrifice others for the self. In the case of the likes of LulzSec skiddies, I would have to say that the ages of the players, and their generational tendencies will allow them to cut deals pretty quickly. It’s my assessment that they are in it for the self gratification and lulz, not for the altruism that the LulzSec and Anonymous press releases have been trying to have one believe. My assumption is that if indeed the 19 year old guy they popped in Scotland is involved with LulzSec, and is in fact Topiary, he will roll over soon enough.
I also believe that these are all untrained operatives and they have made and will make more mistakes. I am pretty sure that the alleged “leaderless” group has leaders AND that unlike a true guerrilla warfare cell, will know the other players personal details. Essentially, they have had no compartmentalisation and they will all fall eventually though interrogation and deal making. As I said before, the insider threat to the organisation is key here, and it was this idea I think the Ninja’s had.. Well, at least that was the original idea of the Ninja Warrior. They were spies who infiltrated the ranks and destroyed from within.
So far with these guys.. Not so much.
Welcome To Spook World: Disinformation Campaigns and Intelligence Analysis
Now, on the whole disinformation thing, I know that the Lulz and Anonymous have said that they are using disinformation as well to try and create a smoke screen. Frankly, all of the intelligence out there that is open source is suspect. Maltego map’s of end user names as I have shown in the past can be useful in gathering intelligence… Sometimes. For the most part, if a user keeps using a screen name in many places and ties that name to real data, then they can be tracked, but, it takes a lot of analysis and data gathering to do it. Though, many of the foot soldiers within the Anon movement are young and foolish enough to just keep using the same screen names for everything so there is a higher likelihood that the data being pulled up on Maltego and with Google searches is solid enough to make some justified conclusions.
With the more experienced people though, there has been some forethought and they have protected their identities as best they could. What became their real downfall was that they could not rise above petty infighting and dox-ing each other. Thus you have the start of the potential domino effect on the core group as well as anyone who has any peripheral affiliation with the Lulz. Be assured, those who have been pinched are giving up as many names as possible as well as whatever is on their hard drives, Anon hacker manuals or not. All of these scenarios lead to the conclusion of more arrests by the authorities and even more skiddies getting into legal trouble around the globe. Meanwhile though, if the core group has been smart, then perhaps the leaders will skate for a time, using the masses as canon fodder.
Gee kids.. Did you know that you were all expendable?
On another tac, I would like to speak about the potential of the disinformation campaigns being perpetrated by the authorities as well. Consider that the trained professionals out there who are hunting these characters (Topiary, Sabu, et al.) are also adept at using not only the technologies of the fifth battlespace, but also the training afforded them in ‘spook world’ This means disinformation campaigns, mole hunts, and insurgencies of their own, getting to the inner core of Anonymous and Lulz. Now, that there were six (alleged) lulzer’s it would be more difficult to do, especially if those LulzSec folks really do know one another (as they claim they do not, which, I just don’t buy.. Remember the compartmentalisation issue) The agent provocateur’s are out there I am sure and with each rung of the ladder, they get closer to the core group.
That is unless the core group falls apart on their own and DOX’s each other out. In the end, I am going to suggest that the authorities will use all of the tricks of the trade on the Anon/Lulz folks to bag them… And with concerted effort by government resources, they will get their men/women.
Untrained, Unruly, and Unprofessional Operators:
“Discretion is the better part of valour” as they say, and in the case of the Lulz and Anon crews, they seem to not have a clue. Perhaps the Lulz think that by being unruly and unpredictable to a certain amount, will be just the cover they need, but, I think that their lack of discretion will be their undoing as well as their hubris. Had many of these folks had some real training, they might have just stood down for a while (not just a week or so) after setting sail into the sunset.
As I have said before, it was a bad idea to recruit and have comm’s out in the open on IRC servers even if they had ‘invite only’ channels. As is being seen now, someone (jester perhaps) has taken down their servers again after other outages due to Ryan Cleary’s attack and pressure from the government on those connection sources that the Anon’s were using. I am sure the idea was to have a movement that could also serve as diversion for the core users as well as to LOIC, but this all failed in the end didn’t it? The LOIC is what has given the FBI the 1,000 IP addresses as a hit list, so to speak, that they are now using to collect people and charge them for the DD0S attacks.
Had these people been trained or not been so compulsive, they might have had more of a chance to keep this up for a much much longer time. As I write, the Lulz do continue, but they have slowed quite a bit since the arrests started again. This I think is because the cages are starting to get rattled and people are finally coming to the conclusion that some discretion is needed to not end up Bubba’s play pal in prison. It’s a learning curve, and likely going to be a painful one for the kiddies.
Unprofessional actions within this area of battle will end up with your being put in jail kids.
To end this section I would also like to add this thought. My assessment of the Lulz core group is this;
- They were drunk on the power of their escapades
- The more followers they had and more attention, the less risk averse they became
- They seem to have compulsion disorders (don’t say it.. Aspergers!) that seem to not allow them to lay low (until now it seems)
- The ego has eaten their id altogether
- Base ages are within the teens with a couple over 20
Technical Issues Within The Fifth Battlespace:
Another BIG issue within this battlespace is the technology. The Anon’s and Lulz have been ascribing to the idea of “Proxies, we haz them! So we’re secure!” and to a certain extent they are right. There are always ways around that though and certainly leaks in data (such as the TOR leaks that have happened) that could lead someone to locate the end user behind the proxy, so they are not fool proof. Certainly not if the fool in question is some skiddie 12 year old using LOIC un-proxied and not obfuscated while they D0S Paypal.
The problem is that the technology could fail you as well as the untrained operative could make small and large mistakes that could lead authorities right back to their IP and home accts. On the other side of that equation is that when properly done, it is damn hard to prove a lot in hacking cases because of obfuscation, as well as mis-configured end systems that have been hit. I cannot tell you how many times I have seen incidents play out where the target systems had no logging on as well as being completely un-secured, thus leaving practically nothing for a forensics team to find and use.
Once again, this brings us back to the insider threat, whether they be the insider who decides to go turncoat, or, the agent provocateur (i.e. Jester and the Ninja’s as well as others from the authorities) who infiltrate the Lulz and then gut them from the inside. What it really boils all down to is that in the end, it will be the foibles of the Lulz core and the actions of spooks that will bring them down.. And I think they are learning that very fact now.
JIN; One Must Know The Enemies Mind To Be Victorious:
As a last note, I would like to say to the Ninja’s, you need to learn and practice your Kuji-in. It is obvious to me that you have failed on the ‘Jin’ (knowing the opponents mind) with your dox attempts. Until such time as I see people being hauled in that directly relate to your documents posted, then I am going to consider the following to be the case:
- DOX-ing is mostly useless and takes quite a bit of analysis before just releasing names
- The Feds are not taking your data as gospel, nor should the general public or media
- You yourselves may in fact be a tool of Anonymous/Lulz and as such, spewing disinformation
- You could be right, but by releasing it to the public at large, you are letting the Lulz know to destroy evidence and create obfuscation that will hinder arrests later.
Ninja’s got results.. Not so much for ‘Web’ Ninjas. At least Jester, if his claims are true, is breaking their C&C channels lately.. Which has its own problematic issues.. Just like his meddling in the Jihadi area, but, that’s a story for another time.
K.
The Eternal Game of Whack-A-Mole Goes On: Was Al-Shamukh Hacked?
The Eternal Game of Whack-A-Mole Goes On:
Al-Shamikh1, the Shamukh Al-Islam AQ site is down, and has been allegedly under attack since this weekend. It’s mirrors are down as well and according to the news media Here and Here citing Evan Kohlmann of Flashpoint Global. The problem I have with the stories that the media is ravening over now is either that Evan is not painting the full picture or the media, as usually, is not understanding what he is saying. As for my take on it, it’s a little of both really. Evan has been around for a long time working as a consultant on terrorism, but as far as I know, he is not a network security specialist.
Over the weekend I had heard and re-tweeted reports that Shamikh was under an attack of some kind and the site was intermittently unavailable. as I had a whiskey in hand and no motivation, I let it be and figured it was maybe Jester doing his usual thing. Then today I see the barrage of bad media accounts with headlines like;
British Hackers Take Down Al-Qaeda Websites
and
NBC News: Hacker attack cripples al-Qaida Web communications
*Facepalm*
None of the articles cites any clear evidence of who did what never mind what actually happened to the site! Upon investigation this morning after being contacted by someone in the UK press, I found the following salient point:
From: robtex.com The domain and NS pointers have been suspended by GoDaddy
The domain and the name servers have been suspended by Godaddy. This is why it is offline now. Perhaps it was DD0S’d for a while and the traffic was the final straw for Godaddy on this site. You see, this site has been on the Godaddy for some time and many have pointed this fact out before, to no avail.. Well, actually one might assume that the feds just wanted to know where it was and leave it be to monitor.. But, that’s a bit too subtle for the media.
Whois data for shamikh1.net
Either way, the site is down now because they cannot route to it via the domain. Backups of the site hosted on non domain named boxes are down and the core server may have been compromised. It’s all up in the air at the moment but the media is just trucking along with the story. It may in fact be that the server was core was pulled by the jihadi’s themselves because they have been real twitchy since the 2010 roll up of al-faloja.
In the case of Shamikh, I had seen in the past that this site had some security issues to begin with. The implementation of the phpbb was weak and there were ways to get into the board and collect data. In one case, they had even re-set passwords and one could get them from the site itself for those users as they had passed them in the clear in what they thought was a secure space. Others have been using these vulns for some time to audit what is going on in the boards and have in the past run operations that have kept the admin’s and the jihadi’s on edge. This is why today you see so many more discussion groups on computer security, but more so how to configure and secure phpbb today on sites like As-Ansar.
Distributed Sites:
“Al-Qaida’s online communications have been temporarily crippled, and it does not have a single trusted distribution channel available on the Internet,” said Evan Kohlmann, of Flashpoint Global Partners, which monitors the group’s communications.
This one line really just grinds my gears here. I am sorry Evan, but this site is not the only one out there that has this type of content and even though the core is down, the content lives on in other sites. The Jihadi’s have created redundancy in the number of sites, not just put all their terrorist eggs in one digital basket. All of the sites link to one another as fraternal organisations do (i.e. As-Ansar has much the same content as Shamikh1). Remember, this is an group performing insurgency who know the power of cells and this is no different online. An example of this is the site in question of Shamikh, which has had many sites online at different times. Some get pulled down as they have issues with the hosts removing them. Others still have stealth sites on compromised systems, or in cases like the boxes in Malaysia, hosted secretly with complicity on the part of someone in the network (see paradius net)
In the case of Shamikh1 the following sites are known to have hosted or, as in the case of shamikh1.info, was scheduled to be soon.
http://202.149.72.130/~shamikh/vb/
http://202.149.72.131/~shamikh/vb/
http://202.75.56.237/~shamikh/vb/
All of these systems are down at least content wise for Shamikh, the .info though is online and untouched but hosts no content as yet. It seems to me that it was still being staged to host the content or maybe was set to be a backup.
shamikh1.info whois data
This has been the SOP for the jihadi sites for some time. In case one site is hit, the rest are online to keep the content online. In this case though, it seems that the “sophisticated and coordinated attack” really just means that they hit the core server for Shamikh so the content is not getting to the satellite sites. Of course once again, there is no data to say how this attack was carried out and how massive it may have been. Like I said, lately the e-jihadi’s have been twitchy about security for a while now because they have been compromised in the past.
So, all of this reporting that it was a huge state run hack and was massive takedown is mostly media hype and, I am afraid, as you can see from the reporting, it all seems to be coming from Mr. Kohlmann. Who’s privately run consultancy is getting quite a bit of attention now.. Isn’t it?
Cupcake Recipies Instead of IED’s Do Not A Hack Make:
Another thing that is sticking in my craw is this whole linking this outage/hack to the “cupcake” incident with Inspire Magazine. These two things are NOT alike and the media needs to pay attention to the facts. Nor is there any evidence cited or even hinted at in the real world that MI6 or Five for that matter had anything to do with this. For all they know, it could have been Jester or someone with like technology that dos’d them and got them yanked offline by their host.
Let me set the record straight here. The MI6 operation on Inspire was a PSYOP. They poisoned the well (i.e. Al-Malahem’s media apparatus) by intercepting the AQ file and replacing it with their own. Just where this happened no one is sure. Was it on some desktop somewhere before being put out? Or, was it replaced with the edited file on the megashare?
No one has said.
This operation though served two purposes. First off, it managed to stop AQ from getting the IED manual out to everyone, but secondly, and more importantly, it make AQ question its communications security. This was even more important and we can see the effects of that today in posts on the boards about security.
They are worried.
Oh dear media, pay attention and get the story straight. While the Cupcake operation had style and was claimed by MI6, this current claimed attack on Shamikh has no attribution by anyone and there is no proof that I have seen to say that anyone did anything… Save that their site is down.
Whodunnit:
This all leaves me wondering just who may have attacked Shamikh and why. Given that the sites are often taken down only to show up elsewhere makes me question why it was done at all. It would be simpler to monitor the site and capture data than to send them all scurrying into the woods would it not? This was my primary issue with the Jester’s campaign, it did no good. Even if you are driving them off the sites, they will only move toward less visible ones and use more covert means of communication. Why not let them feel fat, dumb, and happy while we watch their every move?
All I can think of, if this was state sanctioned, was that the Shamikh site was about to drop some content that someone did not want out there so they took the network down. If it wasn’t state sanctioned and some hacker or hackers decided to mess with them they did it for their own reasons. Either way, the sites got taken down..
But, they will be back again… Let the great game of whack a mole begin!
K.
The Lulzboat Sailed The Internets and All I Got Was This Stupid Garbage File!
That’s it? All we get is this stinkin garbage file?
Well, it seems that the Lulz are over for now as last night saw the Lulzboat sail into the sunset. In a post on twitter and a rapidly seeded file dump on Pirate Bay, the LulzSec collective decided to hang up their tophat claiming that they were basically going to pull a Costanza at the top of their game.
Within the torrent file the following parting words were sent:
Friends around the globe,
We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.
For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.
While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn’t that interesting to know? The mediocre painter turned supervillain liked cats more than we did.
Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.
So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.
Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.
Let it flow…
Hrmmm.. 50 days? Is there any real significance to this other than perhaps the party van was pulling up outside your doors and you had to dump the garbage file quick like? Honestly, the files that you dumped, while in sheer numbers of passwords and logon’s to a few sites is well, kinda weak. In short, there is nothing revelatory here. I mean, jeez at LEAST the garbage file in the movie had some interesting malware shit in it right?
The Files:
So, we have some AT&T data from inside that cover some frequency ranges, and some manuals, minutes from meetings etc that are kind of interesting. There is a scan of the FBI.gov site that shows a vuln, and they managed to add Pablo Escobar to the Navy jobs database.
Whoopee.
All in all I have to give the Lulzsec crew a big “MEH” on this as well as their other dumps really. Sure, they have pointed out that low hanging fruit is abundant on the internet, but, really, who in the security or hacking world did not know this? Further more, what does the average everyday end user care? I mean, if their passwords are stolen, they will reset them. If their money is stolen they are insured by the Fed… Is there a great hue and cry from the masses because Lulz were had by the general populace to have the Lulzboat crew hoisted on the yard arm?
Not that I have seen.
In short kidz, you have only served to amuse yourselves and others out there but if you had anything else in mind about bringing change to the scene, I don’t think you have succeeded. People are creatures of habit and sloth. Short of taking the whole system down for the count, nothing will be so epic as to make corporations secure their networks and perform due diligence. Those who have done so out of worry because of your antics will go back to their peaceful Luddite slumber.
Leaving So Soon?
So, on to your sudden departure from the scene. I have the feeling that as I had written about before, you were coming to realize that perhaps you could never be as clever or wily to evade detection and prosecution given your penchant for the dramatic you all seem to have. Your propaganda machine and communication channels were leaking, this you could see from the A-Team dumps.
You guys have tried variations of your names, you have attempted obfuscate as much as you could, but, in the end, your re-use of favored screen names was your undoing. You see, the jester has been scouring the internet (I am sure with help from others) looking for any connections to those screen names or iterations thereof. I myself have done this and came up with analogous data to what jester and others have posted. With each successive day, your true identities are being uncovered if they have not fully been as of now.
However, this re-use of nick names and ties to email addresses aside, you guys just were immature enough to do yourselves in with petty disputes and the use of non trustworthy assets. This whole outing of each other thing was one of the most stupid things I have seen. Sure, some of it could be digital chaff, with you trying to set out disinformation, but I think that is not the case. Your own hubris shall be the thing that ends up placing the party vans on your collective front steps.
Lets face it, you played the game of spooks and I think in the end, you will lose. In fact, I think that you should probably have been better off had you just gone off seeking some sharks with frikkin lazers on their heads in your volcano lair instead of playing with the fire that you have been. Once they do pop you, you all are going to see some very interesting things inside jail as the governments kluge together terrorism charges on you.
Your Legacy:
Well, I guess we will have to see if anyone decides to take up the Lulzsec mantle. For now, we all await the party van posse to pick you all up sooner or later. You have spawned some more fools though like Team Poison who want to up the ante with releases of data like old Tony Blair stuff… That was kinda lame too frankly and made so sense when they claimed to still have access.. Why dump what you have and then claim to still have access? If it was current, I am pretty sure they have yanked the plug on that mail server and ‘five’ has it.
Oh, did you take that into account? I mean, he is Tony Blair after all… They are MI5… ‘Expect them’
So where was I?… Oh yeah..
In all of your dumps you delivered nothing worth your or our time. You proved a point that SQLi is prevalent but who didn’t know this? You have proved that you were pretty immature and likely suffer from Asperger’s yourselves… Well that will be the claim that your lawyers make to the judge won’t it huh? I mean that is the mental illness du jour as excuses go for immature hacking antics today isn’t it? I don’t think that will work though, the government just doesn’t care, they will medicate you and then put you on trial. You see Asperger’s is not a form of insanity, and the insanity plea, as some of us know, is NOTORIOUSLY hard to use as a defense in court. Nope, you guys really actually suffer from inflated ego’s and too much jolt cola.. That’s my diagnosis, for what its worth.
So, yeah, legacy… Well, you certainly have tried to do your best imitation of SPECTRE, but instead you came off as Bighead. I am sure there will be others following in your footsteps, but, in the end I don’t think you have launched a new SPECTRE.
Nope, I expect your real legacy will be the creation of more draconian laws by the government as a backlash to your antics. Laws that will make all our lives a bit more less private and a lot more prone to being misused. I also expect that the lulz will continue, though at your expense once you are all caught and put into the pokey.
… And those lulz will also be epic fail.
K.
Krypt3ia 