Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘FSB’ Category

A Real Cardinal of the Kremlin: An Asset In The Kremlin Exfiltrated and Blown By Russia and MSNBC

leave a comment »

Breathlessly and with great hyperbole the MSNBC report came across my iPad as I sipped my morning coffee. The reporter eagerly reporting on their “scoop” of locating, potentially, the Russian source inside the Kremlin’s whereabouts in Washington DC. As I sat agog at their reporting, a mix of “OMG OMG OMG LOOK AT US!” and “Sorry, I can’t report the details because two guys in an SUV came at us after we rang a doorbell!” as the bile rose inside of me. I then took to Twitter and began to get information that surprised me and made it all the worse. It turns out that MSNBC buried the real lede in their reporting. It seems their “tip” on the possible asset that was exfiltrated in 2017 was in fact from the Russian government by proxy of a news site called Kommersant.ru.

The Kommersant article, posted yesterday before MSNBC made their rush to the address of the alleged Russian asset in DC, gives the name plainly, which I will not do here, and links to earlier stories of the missing official who went on vacation in 2017 and “disappeared without a trace”… Of course the Russians would have readily known who the asset was after the EXFIL, but, to post it online was an interesting move. Originally “The Storm”, another Russian news outlet posted in October 2017 of the missing Russian official but no one in the media took note it seems. The updated story in Kommersant though was prompted by the stories in the media about how Trump could not be trusted with intel much like (think Lavrov and Kislyak in the Oval) where Trump released code word intel to them and blew an Israeli operation. As the stories swirled from CNN quoting that the exfil had happened because Trump, the Russians I am sure began to ponder how they could stick a finger in the eye of the US and the CIA.

What they did was just remind everyone that the name of the asset in their opinion was <REDACTED> and that his new address was <REDACTED> in Virginia USA. They actually gave the address in the article. MSNBC got the tip somehow (likely monitoring sites like Kommersant) and immediately dispatched a crew to go to the address and knock on the door Geraldo style and get the scoopy scoop and win the news day! Pay no mind to the potential intelligence disaster it may cause to someone who did a great service to this country.

…But hey HEADLINES! CLICKS! ADS! BYLINES!

Anyway, the asset has been moved I am sure but a lot still needs to be discussed here about this whole thing. I mean, why would they re-settle this guy and his family under his own name? Why would they allow them to purchase a rather large house under their names? I mean, once upon a time when you were exfiltrated from Russia (SOV Bloc) you got a new name and you got some money and lived quietly as you are consistently debriefed. Has the CIA lost it’s collective mind? Is this even the guy? What the hell is going on here? With that question upon my mind I will give this a bit of thought.

Is this the asset in question? … Given the details of their disappearance in 2017, and his role in the Kremlin, I am going to lean toward yes.

Why was this guy allowed to buy property and live in the open under his real name? … I honestly have a few theories:

  • The CIA wanted the Kremlin to know as a poke in the eye and a challenge. If this guy gets a polonium enema in the US, shit is gonna go plaid.
  • Also, the assets new life in a free country with considerable assets would perhaps entice others.
  • His EXFIL was pretty out in the open once he went RED RABBIT, so, perhaps there just was no need for an elaborate re-settlement and name change.
  • Lastly, perhaps there is some incompetence going on? Who knows, maybe the asset demanded they live free and under their own name?

What is going to happen now? … Well, if this asset has been moved as I suspect, then they likely will get that name change because they are spectacularly blown because of Kommersant and now MSNBC and all the other services. I mean, I did not name the guy here but Kommersant did and with just the name I tracked them down to the house through sales records online!

Jeez!

All in all, this whole affair just makes me scratch my head. I mean, we are really through the looking glass in 2019 with everything that has been going on since 2016 but wow. This whole thing at least moved me to post, something I have been uninterested in doing for a long while now, so there is that. I will watch the game unfold and see what plays out. I gotta say though, recent events regarding losses for the CIA in China and Iran have me worried that we have lost some of our skill sets in HUMINT. I would love to find out that this whole debacle was really a play at something larger by the CIA, but, I fear it wasn’t.

Interesting times…

K.

Written by Krypt3ia

2019/09/10 at 12:58

SyTech’s FSB Document Dump: Owning The Information Space and Disconnecting It

leave a comment »

 

Since the dump of the FSB’s contractor data from SyTech, I have spent some time looking at the files that the hacker group 0v1ru$ and their import. The files mostly consist of program statements and agreements between SyTech (SiTech) and the FSB (Unit 71330) for varying programs all tailored to information operations and control. Included as well are documents for programs for other units within the Russian government concerning the legal units and an information operations/communications unit as well. Overall, the documents are from the early 2000 up until 2019 and are for the most part mildly interesting.

I say mildly interesting because there are not a lot of technical documents included here. Now, the 0v1ru$ collective claims they hacked about 7.5 tb of data but they weeded that out to only dump about 177mb of the data on MEGA, so there is that. The media made hay about this information in their special way so I thought it prudent to look through it as well. For the most part the best stuff is around the programs where the Russians are looking to sift the whole of the internet using AI and algo’s to look at data and contextualize it all visually as well as pull pertinent information from mass unstructured data.

These programs not only seek to pull data out of metadata, visual data, etc, but also there is a program within the programs to edit that data (metadata specifically) on the fly to use in an information warfare aspect. I found this little tidbit interesting and think that this plays well with what the Russians were up to during 2016 and now moving on to 2020. The other program that is of note is a Tor de-anonymization effort using router nodes and heuristics to uncloak anyone using those Tor routers. It is much the same attack as that posited and used in the past where you own the exit notes and watch the flows.

Another little tidbit was a part of the overall program that also delved into the field of media including mass media and video. This also touched on facial recognition software and operations that could be used internally to control/watch internal protests and such. I see this as something along what China has been doing and likely they took cues from the Chinese state on this one. Lastly, there was a program in there as well that centered on hacking using distributed networking such as bittorrent. There wasn’t much in the way of backup data on what the tech was going to be but it seemed oriented toward having harder to track hacking via these programs.

Overall, I am kinda meh on the whole deal. The media tried to make it a thing, but really it was half a thing. I personally would like all 7tb of the data dropped on bittorrent by the hackers and have messaged them about that… Nothing back.

Oh well….

Here are the program/code names on the folders and descriptions translated from Cyrillic.

K.

Program Code Names and Their Operation:

ARION: Program for collection of data from many source types with the ability to categorize and sort July 26 2006

BUFFALO: Only file in this folder was a certificate

CUSTOMIZATION: Search customization’s to the overall product to search for and categorize/contextualize data from the whole internet to include geolocation and ability to sift by parameters set by client.

ENOT: Infrastructure needed for these applications and framework and its implementation

EVERY SHIT: Use cases that include everything from terorrism to internal unrest using pattern recognition including visual content using “deep learning” algorithms (Facial Recognition through GOSNIAAS

EXPERT-MPI: Creation of a set of software and hardware for legal support of the state system of legal information”

FORK: Code OKR-2 – “Tuning fork” Distributed Secure Computing System (Possibly Quantum Computing) Units 71330 and 43753 due in 2021

GAMBIT: Contract codes and prices in this folder

HOPE: “Study of the possibility of developing ATP, providing the accumulation, processing and visualization of technical information
on cross-border Internet traffic transfer routes ”

INFLUX: “Investigation of the possibility of creating a situational awareness center in a secure execution” Cipher NIR – “Infusion-2” due 2021 Study of existing and development of new methods for the distributed collection, processing, presentation and dissemination of information about objects of interest.

KNOCKOUT-S: Metadata engine/software for context searches for the whole of the internet. This will be used to contextualize threats (Including video/Visual mediums)

MENTOR: The purpose of research is to study the feasibility of developing an integrated automated system for collecting information by special methods and means.

MOSQUITO: “Investigation of the possibility of creating a software and hardware complex that implements the search and collection of information materials on the Internet, taking into account the anonymity and concealment of informational interest” (Cipher – “Mosquito”) Anonymous search collection to collect data without a trace

NAUTILUS-S: De-anonymization of TOR

Using clustering methods will allow you to go to a different level of analysis of the network traffic of the Tor network, including encrypted. Using signature and heuristic analysis of Tor sessions will provide tools for extracting Tor traffic from a stream.


2.Investigation of the possibility of creating a “trusted” output APC node to intercept traffic (using the Tor network as an example).
In addition to the problem solved in the mid-range research work, it is advisable to continue the study of creating trusted input and intermediate nodes in combination with methods such as active detection of TOR using trap hosts. The combination of methods will expand the possibilities for the study of constructed chains of Tor-nodes and the ability to intercept authentication data.
It is also advisable to develop methods for analyzing the parameters of Tor network nodes to assess their suitability for use as “trusted” ones.

ONSLAUGHT-2: Malware Research and Analysis Tool The purpose of the work is to create a software product based on the Open Source software suite that provides the ability to manage tasks from a single user interface by:

1) research and analysis of malware;
2) control and analysis of network traffic;
3) control the integrity of the code OS, OPO, STR.
Debian implementation environment (current version), LXDE desktop.

PEDANT: “Development of application software for a set of software and hardware tools of a dedicated segment of the legal information system of the State Legal Administration of the President of the Russian Federation”

REALITY: The purpose of research is to study existing and develop new methods and tools for the automated modification of attributes and metadata of information materials. (Military Unit 71330: Special Communications Services)

REWARD: “Investigation of the possibility of developing ATP penetration and covert use of peer-to-peer and hybrid network resources.”
code “Reward”. The aim of the work is to study the possibility of developing a complex of penetration and covert use of peer-to-peer and hybrid network resources.

Explore the features of the construction and implementation of peer-to-peer (decentralized) and hybrid (not using a tracker) networks (for example, networks like ED2K, BitTorrent, OpenFT, Jabber, etc.).
2.2.3. To develop a set of software and hardware penetration into existing (peer-to-peer and hybrid) networks.
2.2.4. To create an experimental model of a hardware-software complex (hereinafter referred to as EO PAK “Reward”) to study peer-to-peer and hybrid networks and to test it.

SATELLITE: SATELLITE Search API being created by SPUTNIK and SyTech

 

Written by Krypt3ia

2019/08/03 at 17:03

Posted in FSB