Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Hacking’ Category

Book Review: An Introduction to Cyber-Warfare: A Multidisciplinary Approach

with one comment

cyberwarprimer

IJPFRH CPAGP EIIL!

CYBER CYBER CYBER!

CYBER CYBER CYBER! or “CRY HAVOC AND LET SLIP THE DIGITAL DOGS OD CYBER WAR!”” is often what you hear from me in a mocking tone as I scan the internet and the news for the usual cyber-douchery. Well this time kids I am actually going to review a book that for once was not full of douchery! Instead it was filled with mostly good information and aimed at people who are not necessarily versed at all in the cyberz. I personally was surprised to find myself thinking that I would approve this for a syllabus (as it has been placed into one by someone I know and asked me to read this and comment)

The book really is a primer on IW (Information Warfare) and Cyber-Warfare (for lack of a better nomenclature for it) which many of you reading my blog might be way below your desired literacy level on the subjects. However, for the novice I would happily recommend that they read the book and then spend more time using ALL of the footnotes to go and read even more on the subject to get a grasp of the complexities here. In fact, I would go as far as to say to all of you out there that IF you are teaching this subject at all then you SHOULD use this book as a starting point.

I would also like to say that I would LOVE to start a kickstarter and get this book into the hands of each and every moron in Congress and the House. I would sit there and MAKE them read it in front of me *surely watching their lips move as they do so* There are too many people in positions of power making stupid decisions about this stuff when they haven’t a single clue. I guess the same could be said about the military folks as well. We have plenty of generals who have no idea either.. That’s just one man’s opinion though.

As we move further and further down the cyber-war road I think that books like this should be mandatory reading for all military personnel as well as college level courses in not only IW/INFOSEC but also political and affairs of state majors as well. We will only continue down this road it seems and it would be best for us all if the next wave of digital natives had a real grasp of the technologies as well as the political, logical, and tactical aspects of “Cyber”

I have broken down the book into rough chapters and subject areas as it is within the book (mostly) It really does cover more of the overall issues of cyber-warfare and methods used (not overly technical) The modus operandi so to speak of the actual events that have taken place are laid out in the book and give you a picture of the evolving of IW to what we see today as “cyber-warfare” I will comment on those sections on what I thought was good and what I thought was derpy of course, I mean would you all have it any other way?

IW (INFORMATION WARFARE) RUSSIA

The authors cover early IW with the Russian saga’s over Georgia and Estonia. There is a lot in there that perhaps even you out there might not know about the specifics of the incidents where Russia is “alleged” to have attacked both countries at different times with different goals and effects. Much of this also touches on the ideas of proxy organizations that may or may not be state run that were a part of the action as well as a good overview of what happened.

In the case of Georgia it went kinetic and this is the first real “cyber-warfare” incident in my mind as cyber-war goes. I say this because in my mind unless there is an actual kinetic portion to the fighting there is no “war” it is instead an “action” or “espionage” so in the case of tanks rolling in on Georgia we have a warfare scenario outright that was in tandem with IW/CW actions.

OUR CHINESE OVERLORDS

Ah Chairman Meow… What book on Cyber would be complete without our friends at the MSS 3rd Directorate huh? Well in the case of this primer it gets it right. It gets across not only that China has been hacking the living shit out of us but also WHY they are doing it! The book gives a base of information (lots of footnotes and links) to ancillary documentation that will explain the nature of Chinese thought on warfare and more to the point Cyber-Warfare. The Chinese have been working this angle (The Thousand Grains of Sand etc) for a long time now and there are more than a few treatises on it for you to read after finishing this book.

The big cases are in there as well as mention of the malware used, goals of the attacks and some of the key players. If you are out to start teaching about Chinese electronic/cyber/IW then this is a good place to start. Not too heavy but it gets the point across to those who are not so up to speed on the politics, the tech, or the stratagems involved.

ANONYMOUS/SEA/LULZSEC

Anonymous, as someone on my Twitter feed was just asking me as I was writing this piece, is also a part of this picture as well. The idea of asymmetric online warfare is really embodied by these groups. The book focuses more on Lulzsec and their 50 days of sailing but it doesn’t go too in depth with the derp. Suffice to say that all of them are indeed important to cyber-warfare as we know it and may in fact be the end model for all cyber-warfare. How so? Well, how better to have plausible denyability than to get a non state group to carry out your dirty war? Hell, for that matter how about just blame them and make it look like one of their ops huh?

Oddly enough just days ago Hammond wrote a piece saying this very thing. He intoned that the FBI via Sabu were manipulating the Anon’s into going after government targets. This is not beyond comprehension especially for places like China as well. So this is something to pay attention to. However, this book really did not take that issue on and I really wished that they had. Perhaps in the next updated edition guys?

THE GRID

OY VEY, the “GRID” this is one of the most derpy subjects usually in the media as well as the books/talks/material on cyber-warfare out there. In this case though I will allow what they wrote stand as a “so so” because they make no real claim to an actual apocalypse. Instead the book talks about the possible scenarios of how one could attack the grid. This book makes no claim that it would work but it is something to think about especially if you have an army of trained squirrels with routers strapped to their backs.

It is my belief that the system is too complex to have a systematic fail of apocalypse proportions and it always has been so. If the book talked about maybe creating a series of EMP devices placed at strategic high volume transformers then I would say they’d be on to something. However, that said, the use of a topological attack model was a good one from a logical perspective. They base most of this off of the Chinese grad students paper back years ago so your mileage may vary. So on this chapter I give it a 40% derp.

WHAT’S MISSING?

All in all I would have liked to have seen more in the political area concerning different countries thought patterns on IW/CW but hey, what can ya do eh? Additionally I think more could have been done on the ideas of offense vs. defense. Today I see a lot of derp around how the US has a GREAT OFFENSIVE CAPABILITY! Which for me and many of you out there I assume, leads me to the logical thought conclusion of “GREAT! We are totally offensive but our defense SUCKS!” So much for CYBER-MAD huh?

I would have also like to have seen more in the way of some game theory involved in the book as well concerning cyber-warfare. Some thought experiments would be helpful to lay out the problems within actually carrying out cyber-war as well as potential outcomes from doing so more along the lines of what I saw in the Global Cyber-Game.

OVERALL TAKE

Well, in the end I think it is a good start point for people to use this in their syllabus for teaching IW/CW today. It is a primer though and I would love to see not only this end up on the list but also the Global Cyber Game as well to round out the ideas here. To me it is more about “should we do this?” as opposed to “LETS FUCKING DO THIS!” as the effects of doing so are not necessarily known. Much of this territory is new and all too much of it is hyped up to the point of utter nonsense. This is the biggest problem we have though, this nonsense level with regard to the leaders of the land not knowing anything about it and then voting on things.

We need a more informed populace as well as government and I think this book would be a good start. So to the person who asked me to review this..

Put it in the syllabus!

K.

The Global Cyber Game

with one comment

globalcybergame

bqrebnbtsinmpvcdro

The Global Cyber Game:

I had been meaning to write about this before when I had originally read the text but things got in the way as usual (work, more work, some more work after that, Defcon/Bsides) Now though I am in a space where I can reflect back on this paper and write about it here for you all to see. The Defence Academy (UK) put this together to describe how we might approach “cyberwar” on the level of game play or game theory. They constructed a board and began to set to the task of creating game play and tactics given certain scenarios in the cyber world. (see image of game board below) You can actually play this game if you create a board from this design and work within the rules of game theory but this is not why I find this treatise so important.

globalcybergame1

What I find most interesting is the actual scenario’s that play out within the game play as well as the end game status that the paper puts it all down to in the end of N-Utopia and N-Dystopia. As one can gather from the inherent meaning of the words, N-Utopia means that we all work out our problems globally and work on bettering society (which in the Nash equations is the best play) or we end up with N-Dystopia, a Balkanization of the net, and warfare that scales all levels up to kinetic and will be the death of us all. Can you guess where I think we are right now on the N-scale? Yes, you’d be right to lean toward the N-Dystopia area. In fact I would even like to see that idea rendered in a new way with an older iconography, that being the Doomsday Clock analogy. Perhaps someone can take that up online and create one for the cyebrwarz eh?

Power Dimensions:

What must be taken into account in the great cyber game is that all of this is centered around power plays. The use of information as power, the use of information to effect actions vis a vis “power” and the varying types of power that are being wielded by the players. This paper covers this idea pretty well and should be required reading for anyone looking to study cyber-warfare along side Clausewitz and other more well known pieces of doctrine. Some however may already be familiar with the ideas of hard and soft power but let’s take that into the electronic warfare arena which is a bit harder to scope today.

  • Hard power
    • Overt threats and rewards
    • Kinetic action
    • Coercion
  • Soft power
    • Cooperation
    • Co-Option

Both of these types of dynamic play off of one another and work in tandem. There actually is a whole spectrum of power plays that can be derived from these basic premises but I will not go into all that here. To date I have seen an abundance of hard power tactics being employed on the game board and I fear that that seems to be what the governments of the world have locked on to as their aegis. I would love for more to try the soft power tactics and methods but I am too much of a realist to hope that it will ever really happen.

The game play today that we are all seeing unfold before us is the hard power of Stuxnet or the ramping up of every piece of malware and 0day conceivable being purchased by the US government or others in an effort to be superior when the battle comes. That is though when they are not using those said same exploits in the darker games of realpolitik that they are prosecuting now. As I see it now we are hurtling towards a massive cyberfail of our own making and the real cost of the bad play will be economies around the world and other collateral damage that may not be an apocalypse as we currently understand them to be.

The power dimensions portion of this paper is quite enlightening and you should broaden the scope of how those plays are made with information and the internet. One must understand the playing field as well as the weapon you wield. This is the main problem I have of late is that all too many people and governments are not understanding the game play, the field of play, nor the tools they are using (pieces) well enough to play the game well. This makes not only for bad play, but in this game there are real world consequences for us all when some government or actor does something immensely stupid.

Cyber Games Today:

So what are we seeing today that has me worried? Well, we have the cybergames with Stuxnet and other malware to start. I liken the release of Stuxnet as skin to the release of a biotoxin or virus that eventually will be re-worked or manipulated into a more fearsome weapon. These are not one use tools, they are in fact re-usable and re-tune-able. Once these things are out there is no controlling them and with the idea of Stuxnet you have something that was used against one target but could affect hundreds more in friendly countries if they had the same configuration.

Another cybergame being played today is the new surveillance state that we find ourselves in. It seems in the case of the US we have people who are interpreting our Constitution to suit their needs under the rubric of protecting the homeland. This cybergame is all about information and the power dimension of controlling it. I have been watching this Snowden affair unfold and frankly I am frightened of the capabilities that the NSA has but I am much more scared that they claim that they are protecting us while a Snowden subverts the very systems they are saying cannot be misused. This particular cybergame when looked at, show’s all of the hard and soft power dimensions at play with the media and the law. This should also be brought into the cyber game play as well.

Yet another cybergame going on is within the public/private sector and I call the “Patriot Games” What I mean by this is that we have non state actors playing rolls of asymmetric warriors online to effect whatever change they see fit. A certain un-named clown for one is a primary actor in this space and really started the trend in my opinion. The cybergamers here are vigilantes nothing more and nothing less and may or may not have an effect on the grander scheme of things on the net and in public policy. For the most part however, these players are on the hard power end of the spectrum and thus just mostly come off as thugs.

Lastly, the cybergame that seems to be the one with the most chance of playing in the larger space is that of Anonymous. Anonymous has been able to leverage many players into semi cogent action and could in the future have a real effect on policy and other dimensions within the cybergame play. The only reason that I place Anon into this game is because of that mobilizing force that they seem to carry. If motivated and able to be cohesive enough this group could affect the greater games being played and have on a microcosmic scale thus far in recent history.

In all, the games that are being played, and they are games, all serve as a means to an end for those paying attention to understand and perhaps help those in the seat of power how not to play the game at all. Our petty squabbling on the internet is just that. The reality is that the net is important and much of our lives today require it to run smoothly but if the net were to go down permanently our society would not utterly collapse. We would survive and we would re-build. The question then becomes would we have learned from it and do things better the next time around?

Cyber-Utopia and Cyber-Dystopia:

The idea of Cyber-Utopia is a far fetched one in my mind and probably many others out there. This would be a great thing if we could make it happen but given the petty nature of our.. well nature.. We will only see this ideal wash up on the rocks and sink into the ocean rather quickly. In the Cyber-Utopia we all work together, we cooperate, and we work towards a better day. … And I just don’t see this happening barring some kind of alien intervention frankly.

Cyber-Dystopia though I am afraid is already the case in many respects. We are seeing an almost Balkanization of the internet today as it is never mind the games being played in reality with Stuxnet and cyberwar. If the N-Dystopia comes to pass we will find ourselves at war with each other constantly in a “cyberworld” much like the episode of STOS “A Taste of Armageddon”  where all warfare is carried out via computer simulations and only the casualties report to be disintegrated as a means to balance it all out. Today though we will see attacks on economies as well as infrastructures to effect “war” (economic, political, or other) on our enemies and the real world costs will have to be measured in profit loss or perhaps even actual loss of human life.

The cyber-dystopia though is more than just an outcome of war. It is the outcome from our own inabilities to work with each other and our ability to rationalize warfare through a non apocalyptic destruction of life. It will be a tit for tat war of attrition that will not lead to any clear victories and certainly not elevate our societies in any way and that is the sad truth of it. Ladies and gents we are already in the dystopia. We just may not understand that yet.

Understand the game:

So, I leave you with the paper: The Global Cyber Game pull it down and read it. Learn from it, play the game if you like, and spend some time thinking about it all. We are on the cusp of another evolution in our society that we have seen repeated in every other evolution we have had. We create something, then we weaponize it. Perhaps if more of us understand it and the pitfalls we can prevent the N-Dystopia from becoming any worse.

K.

The Emperor Is NAKED

leave a comment »

emperornaked

gedh gedh gedh gedh gedh gedh

OMG THE DAM DATA!

Last week a report came out on Wired about how the ACE (Army Corps of Engineers) database was hacked by China and “sensitive” dam data was taken.. By China, let that sink in for a bit as there was no real attribution data in the story. Anyway, aside from the BOOGA BOOGA BOOGA headlines I had to wonder just how hard it was for these “Chinese” hackers to get in and steal the all important super secret DAM data. Given the nature of this type of site and the groups involved in generating, managing, and *cough* protecting it, I had a feeling that it would be rather easy to get the information without having to be uberleet. Sure enough a quick Google Fu session showed me how easy it was to just bypass the login and password scheme as a proof of concept. You can see from the picture at the top of the page that you can just download what you like there (16 meg on dams alone) just by clicking a link on Google and then the link on the page that is not supposed to be served out without authentication.

*I feel so secure now*

So yeah, there you have it and I still cannot understand how the media types paid no attention to my attempts to make them aware of this little factoid. See, here’s the thing kids, I didn’t go any further. Nor did I download the 16 meg file because, well, no one else wants to be Aaron Swartz right? I am sure they could even try to squash my nuts over this post alone but hey, I am sick of the bullshit stories of China hacking our shit when in reality all one need do is GOOGLE the information. This is not to say that this information here is the SAME information that was allegedly stolen by China, but it is a PROOF OF CONCEPT that the site, EVEN TODAY is still insecure and leaking information without authentication!! (yes above pic was taken today via a tor node) So, when I stopped there one has to continue to wonder if you looked further and enumerated more of the site by directory walk could you in fact get even more access?

Feel the derp burn…

OMG CHINA!

Meanwhile back in the hallowed halls of Congress and the Pentagon we have reports coming out in pdf that China is hacking our shit to gain a better “war footing” by taking such data as what this story is all about. DAMS COULD BE BLOWN! WATER COULD LEAK! LIVES LOST! yadda yadda yadda. If you were to take it seriously then one would think that SECOPS demands that this data would be classified and protected per classification. Obviously it wasn’t given the access that you see above as well as the alleged password issue that the hack was allegedly predicated on in the Wired article. But I digress.. I am meaning to talk about China… Yes, so the DOD puts out a report that is subtly saying that no longer are the Chinese only looking to steal IP but now they are looking for ways to stalemate us in war.

*blink*

NO WAY! Like we aren’t doing the same thing everywhere else as well? Derp! Look, it’s only natural that they would be doing so and their doctrine says as much. Just go take a read of their doctrine on all things cybery and you will see that the domination of the infoscape is really important to them. We have only been paying attention for a little while now and we have catching up to do! Alas though, not all roads lead to China so really, I would love to see some attribution on this alleged hack on the dam data when one, once again, could just GOOGLE that shit up. As they say on the internets.. “Pictures or it didn’t happen!”

OMG FAIL!

So here we are again. Our cybers are FAIL and the news media perpetuates more FAIL with their non depth articles on the problem. Maybe China stole some dam data. BIG WHOOP. The real story is that the site that it came from and the people watching it are not paying attention to the cyberz. Their clue phone is broken! They do not know how to “Internet” and it is just another derpy hype cycle in the media that allows China to be blamed for our own stupidity. I swear somewhere there is a Chinese guy laughing like Chumley rolling on the ground over this.

Smell our own fail kids… And weep.

K.

Written by Krypt3ia

2013/05/08 at 16:05

BofA Gets A Burn Notice

leave a comment »

data-deeper

rode bb iqdnpmbia fpn’k ybi lr qektrf?

PARANOIA 

par·a·noi·a

[par-uh-noi-uh]  

noun

1.

Psychiatry. a mental disorder characterized by systematized delusions and the projection of personal
conflicts, which are ascribed to the supposed hostility of others, sometimes progressing to
disturbances of consciousness and aggressive acts believed to be performed in self-defense or as a mission.
2.

baseless or excessive suspicion of the motives of others.
Also, par·a·noe·a  [par-uh-nee-uh]  Show IPA .
Origin: 
1805–15;  < Neo-Latin  < Greek paránoia  madness. See para-, nous, -ia

Paranoia , the Anonymous intelligence division (self described) published a dump of data ostensibly taken from Bank of America and TEK Systems last week. The information presented seems to show that BofA had contracted with TEK to create an ad hoc “Threat Intelligence” unit around the time of the LulzSec debacle. Of course since the compromise of HB Gary Federal and the revelations that BofA had been pitched by them to do some contract work in the disinformation business it only makes sense that BofA would set up a threat intel unit. The information from the HB Gary dumps seemed to allude to the fact that BofA was actively looking to carry out such plans against those they perceived as threats. Anons out there took great umbrage and thus BofA was concerned.

This blog post is being put together to analyze the data dumped by Anonymous and to give some perspective on what BofA may have been up to and to set some things straight on the meanings of the data presented by Paranoia. First off though I would like to just say that I think that generally BofA was being handed lackluster threat intel by a group of people with intelligence background. (for those names located in the dumps their LinkedIN pages showed former mil intel work) This of course is an opinion formed solely from the content that was available online. There may have been much more context in formal reports that may have been generated by the analysts elsewhere that was not open for the taking where Anon found this dump. The daily and monthly reports found in the database showed some analysis but generally gave rough OSINT reports from online chat logs, news reports, and pastebin postings. There seemed to be a general lack of product here and as such I have to wonder if there ever was or if perhaps those reports never made it to the internet accessible server that anonymous downloaded them from.

B of A’s THREAT INTELLIGENCE TEAM

Since the leak of their threat intelligence BofA has been recruiting for a real team it seems. A Google of the parameters show that they have a bunch of openings all over the place for “Threat Assessment” It makes sense since the TEK Systems team may in fact be mostly defunct but also that they likely would want an in house group and not have to pay overhead on consultants to do the work for them. TEK’s crew as well may have been the problem that caused the leak in the first place by placing the data in an accessible area of a web-server or having passed the data to someone who did not take care of it. Either way it looks as though BofA is seeking to create their own intelligence apparatus much as many other corporate entities are today. The big difference though is what exactly is their directive as a group is to be.

One of the problems I have with the Paranoia analysis is that they take it to the conspiratorial level and make it out to be some pseudo CIA like entity. The reality though is that from what has been shown in the documents provided, that this group really was only tasked with OSINT and threat intelligence by passive listening. This is a key difference from disinformation operations and active participation or recruiting of assets. I will cover this in more detail further on in this post so suffice to say that what BofA was doing here was not only mediocre but also not Machiavellian in nature. The argument can be made though that we don’t know the whole picture and I am sure Paranoia and Anonymous are leaning that way. I cannot with what I have seen so far. What I see is an ad hoc group of contractors trying to create an intelligence wing as a defensive maneuver to try and stay ahead of incidents if not deal with them more effectively should they not be able to stop them.

Nothing more.. Nothing less.

Threat Intelligence vs. Analysis and Product

All of this talk though should be based on a good understanding of what intelligence gathering really is. There are many variations on intelligence tasks and in this case what is clearly seen in the emails and documents is that this group was designated as a “Threat Intelligence” collection group. I have written in the past about “Threat Intelligence” and the misnomer many have on the idea that it is some arcane CIA like pursuit. One of the bigger problems overall is perception and reporting where intelligence gathering is concerned. Basically in today’s parlance much of the threat intelligence out there in INFOSEC is more around malware variants, their C&C’s and perhaps who are running them. With the advent of APT actors as well as criminal activity and entities like Anonymous the paradigm of threat intelligence has come full circle back to the old school idea of what it is from the military sphere of operations.

Today’s threat intelligence is not only technical but also human action driven and this makes it even more important to carry out the collection and analysis properly in order to provide your client with the information to make their decisions with. Unfortunately in the case of the data from BofA we see only sketchy outlines of what is being pasted online, what may be being said in IRC sessions, and what is in the news. Nothing overly direct came from any of the data that I saw and as “product” I would not be able to make much of any decisions from what was presented by TEK Systems people. What is really missing within the dump from Paranoia was any kind of finished analysis product tying together the information in a cogent way for the executives at BofA. Did TEK actually carry this type of activity out? Were there actual reports that the execs were reading that would help in understanding the contents of the raw intelligence that was being passed on in emails daily and monthly? I cannot say for sure. What I did see in the reporting (daily threat reports as well as monthly) were some ancillary comments by a few of the analysts but nothing overly structured or productive. I really would like to know if they had more of an apparatus going on here as well as if they plan on creating one again with all of the advertised positions in that Google search above.

Threat Intelligence vs. HUMINT

This brings me to the whole issue of Threat Intel vs. HUMINT. It would seem that Paranoia thinks that there is much more than meets the eye within the dump that makes them intone that there is a HUMINT (Human Intelligence) portion to the BofA program. While there may well be some of that going on it was not evident from any of the documents I looked at within the dump files. HUMINT would imply that there are active participants of the program out there interacting with the targets trying to recruit them or elicit information from them. With that kind of activity comes all of the things one might conjure up in their heads when they think on NOC (Non Operational Cover) officers in the CIA trying to harvest intelligence from sources (assets) in the field. From everything seen that was posted by Paranoia this is not the case.This operation was completely passive and just collecting data that was in public view aka OSINT. (Open Source Intelligence) Could BofA be seeking to interact more with Anon’s and generate more personal data other than that which the Anon’s posted about each other (DOX’ing) sure but there is no evidence of that. Given the revelations with HB Gary though I can see why the Anon’s might be thinking that they are likely taking more robust non passive actions in the background elsewhere though. Overall I just want everyone to understand that it’s not all cloak and dagger here and seems that Paranoia has a flair for the dramatic as a means to get their point across. Or, perhaps they are just living up to their name.

Assessment

My assessment in a nutshell here of the Paranoia BofA Drop is as follows:

  1. Paranoia found some interesting documentation but no smoking gun
  2. TEK systems did a mediocre job at Threat Intelligence with the caveat that I am only working with the documents in plain view today
  3. BofA like any other company today has the right to carry out this type of activity but they need to make sure that it’s done well and that it isn’t leaked like this
  4. If more documents come out showing a more in depth look at the OSINT being collected then perhaps we can change the above findings
  5. BofA needs to classify their data and protect it better on this front
  6. Paranoia needs to not let its name get the best of itself

All the drama aside this was a ho hum really. It was funny seeing all the analysts taking down their LinkedIN pages (really, how sekret squirrel is it to have a LI page saying who you work for doing this kind of work anyway? SECOPS anyone?) I consider those players quite burned and assume they are no longer working on this contract because of it. All you analysts out there named, you are now targets and you are probably learning SECOPS the hard way huh? I guess in the end this will all just be another short chapter in Encyclopedia Dramatica and an object lesson for BofA and maybe TEK Systems.

For everyone else.. It’s just LULZ.

K.

Counterintelligence, False Flags, Disinformation, and Network Defense

with one comment

//B zrxr wwmpxjnp vf ygwyr jh kur gig vvbxv nf o “yinwf zcnt”. Ilmf xp vv lbi vwwpe grxr mhct sxh ubpifmpxt qzgu o izkruyi nar t tcqjhrgrf. Mpgwf xrlf hawwki, CU’f uoom oehhvgvq lbtmqm, ybywzzcqt, ueq vbyzcvfx nngsk ucvlm. Pbh bxmf e qlf.\\

Threat Intelligence, Counterintelligence, and Corporate | Nation State Espionage

“Threat Intelligence”, a term that is just behind the oft used “Cyber” and God forbid, “Cyber” is all too often put in front of it as well to add more oomph for sales people to sell their brand of security snake oil… “But wait there’s more!” We also have other spook terms being kluged into the INFOSEC world now because, well, it’s cool to those cyber warriors out there. I know, I sound jaded and angry, which, yes, yes, I am, but… Well, it’s just gone completely off the rails out there. I hear people talking about these topics as if they know what they are talking about even with the exceedingly limited scope of digital security matters (i.e. hacking/forensics/defense)

I would like to clear the air here a bit on these terms and how they do really apply to the world of INFOSEC that we in this business now find ourselves in, one littered with military and spook terms that you may not be really familiar with. First off, lets look at the terms that have been thrown around here:

Threat Intelligence: In the spook world, this is the gathering of intelligence (HUMINT/MASINT/SIGINT etc) to determine who has it in for you and perhaps how they plan on getting at you.

Counterintelligence: Spies who hunt other spies (Mole Hunts etc)

Espionage (Nation State and Other) The umbrella under which this whole rubric exists. Nation state and other have the component of “Industrial” as well (i.e. IP theft)

Ok, so, where once we used to only have people in three letter agencies worried about “ThreatIntel” we now have the INFOSEC community looking at “threats” to their environments and calling it “Threat Intelligence” now. While it’s a cool name, does it really apply? What was it before the whole APT thing broke as well as the cyberwar-palooza we have today? For the most part, I can see only half of the term applying to any non state entity or three letter agency and that is of what “threats” are out there today. This means what exploits and pieces of malware are out there that your environment would be susceptible to.

Nothing else.

That is unless you suddenly have a company that has decided to launch its own “Intelligence arm” and yes, this has happened, but usually only in larger companies with defense contracts in my experience. Others though, have set them up, like Law firms, who then hire out ex spooks to do the work of counterintelligence as well as intelligence gathering to have an edge over everyone else. Perhaps this is bleeding out into other areas as well in corporate America huh? The point here for me is that unless you have an intelligence arm (not just INFOSEC) you should not be using the term “Threat Intelligence” as an encompassing statement of “there’s malware out there and this is what it is” Point blank here, IF YOU AREN’T DETERMINING WHO YOUR ADVERSARY IS AND WHAT THEIR PLAN IS… IT”S NOT THREAT INTELLIGENCE.

Looking at IP’s on an SIEM and reacting to a triggered event is not threat intelligence. It’s INCIDENT RESPONSE. It’s AFTER THE GOD DAMN FACT OK?

So, stop trying to make it sound cooler than it really is people. To further this idea though, we still have “Counterintelligence” which FOR FUCKS SAKE I have personally seen in a title of a complete MORON at a large company. This fucker sits around all day looking at his stock quotes though, see, it’s just a cool title. It has no meaning. UNLESS you really have an operational INTELLIGENCE UNIT in your company.

*Look around you.. Do you? If not then STFU*

If you do have a real intelligence wing in your org that carries out not only COUNTERINTEL/INTEL/HUMINT/THREATINTEL then more power to you. If not, you’re deluding yourselves with militaristic terms and cyberdouchery… Just sayin.

However, the way things are going with regard to the world, I should think that you might see more of these kinds of intelligence arms springing up in some of the larger corporations of the world. It’s a rough world and the fact that everything is networked and global has primed the pump for these kinds of activities to be a daily operations tool. It’s now the blurring of the lines between what nation states solely had the control and aegis over to now its becoming privatized and incorporated.

William Gibson saw it.. Phramacombinats and all.

False Flags and Disinformation Campaigns

Which brings me to the next level of affairs here. When I was on the DEFCON “Fighting Monsters” panel, I made some statements that seem to have come to pass. I spoke about how Anonymous would have to worry about “False Flags” against their name as well as expand upon the idea that Pandora’s box had been opened. Nothing on the internet would really be the same because we all had moved into the “spook world” by the actions of Anonymous as well as things like Stuxnet. The lines had been blurred and all of us net denizens need to be aware that we are all pawns in a series of greater games being played by corporations and governments.

Since then, we have seen many disinformation campaigns (think sock puppets on social media, fake news stories, rumours, etc) as well as false flag actions where Anonymous may have been blamed or named for actions that the core did not carry out. So many times since then we have seen Anonymous attempt to set the record straight, but, like I said before, who’s gonna believe them because they are “anonymous” and disparate right? Could be anyone… Could be them… And with previous actions, are they to be trusted when they say they did not do it? See, the banner thing (hive mind) has a tremendous proclivity for severe blowback as they have learned.

What’s sauce for the goose though, is also good for the corporate, political, private gander right? How many Acorn operations do you need to see happening in the election cycle to realize that this has been going on for some time and that, now, with the internet, its easier to perform these kinds of operations with a very small group with minimal effort as well? Pandora’s box was not only opened, it was then smashed on the floor and what was once contained inside has been forever unleashed upon us all.

Yay.

Now, going back to you INFOSEC people, can you then foresee how your companies reputation or security could be damaged by false flag operations and disinformation? A recent example may in fact be the attack purported to be on against Josh Corman of Akamai because he said some things that “some” anonymous players did not like. Were they really out to get him? Were they doing this out of outrage or was there another goal here? What you have to ask yourselves is, what is my company and it’s employees susceptible to in this area? Just as well, this also applies to actual attacks (DDoS etc) they could be signal to noise attacks. While the big attack is going on, another team could be using the fog of war to sneak into the back door silently and un-noticed.

See where I am going there?

In the case of Josh, do they want to D0X him or do they want to force Akamai to maybe flinch and let him go because of bad press, and potential attacks on their infrastructure and management?

Ponder that…There are many aspects to this and you have to have a war mentality to grasp it at times. Not all attacks frontally are the real attack today. Nor are all attacks on players what they may seem to be in reality, the adversaries may in fact have a longer game in mind.

Network Defense and Network OFFENSE

Ok, so back to reality today with many orgs and their INFOSEC programs. You are looking to defend your network and frankly you need not have “cool” names for your program or its players. What you need is to be mindful of your environment and pay attention to the latest attacks available that would affect it. Given today’s pace though, this makes just about everything suspect. You can get yourself an IDS/IPS, an SIEM, Malware protection, and all kinds of things, but, unless you know where shit is and what it is, you lose the big game. So, really, threat intelligence is just a cool name for an SIEM jockey today.

Like I said, unless you are doing some real adversary profiling and deep inspection of attacks, players, motivations etc, you are not doing THREATINTEL. You are minding the store and performing network defense… i.e. your job.

Now, on the other end of the spectrum lately, there have been certain douchenozzles out there saying that they can sell you services to protect your org with “OFFENSE”

*blink blink*

Offense you say? Is this some new form of new SPECWAR we aren’t aware of? Firms like the more and more vaporware company “Crowdstrike” seem to be offering these kinds of services, basically mercenaries for hire, to stop those who would do you harm. What means are they going to employ here? Obviously performing what they see as intelligence gathering, but then what? Once you have attribution will there then be “retribution” now like so many Yakuza centric stories in Gibson novels? I’m sorry, but I just don’t see this as viable nor really any kind of a good idea whatsoever… Leave it to the three letter agencies.

Alas though, I fear that these companies and actions are already at work. You can see some of that in the link above to the book I reviewed on private intelligence and corporate espionage. Will your data be a part of a greater corporate or government conspiracy? Some black ops mumbo jumbo over your personal information perhaps? Part of some retribution for some attack perceived to have happened to company A by company B?

Welcome to the shadows and fog of espionage kids.

Going “Off The Reservation”

Overall, I guess I just wanted to lay some things out there and get people’s heads around the amount of douchery going on today. We collectively have gone off the reservation post 9/11 with PII, Privacy (lack thereof) and hacking. That entities like Anonymous came to be and now see the governments and corporations of the world as dark entities isn’t so hard to see when you look at the crap going on out there. What we saw in Team Themis was just one small spec in a larger “Cyber Beltway Banditry” going on today. Look to the other side where you have Fusion centers with private INTEL gathering capacities tossing out absolute crap yet spending BILLIONS of dollars and, well, there you have it.

Monkeys with digital guns.

We are off the reservation already and it’s every man  (or woman) for him or herself.

In the end though… If you have a title that says something like “CHIEF INTELLIGENCE OFFICER” on it, you’d best be at a three letter agency.. If not, then you are deluding yourself with EPIC DOUCHERY.

K.

ZOMG, ZOMG, ZOMG, LinkedIN Was HACKED and Our CRAPPY Passwords Were Leaked!

with 2 comments

ZOMG LinkedIN was HACKED!

A tweet conversation yesterday finally snapped my brain into focus on the whole LinkdIN hack password debacle. Someone had tweeted about the non complex nature of the majority of the passwords from the hash dump and my snarky response was basically “Who cares? After all, LinkedIN certainly didn’t, why bother when places don’t carry out due diligence?” After all, it was only LinkedIN right? I mean, who’s not already “in the know” that this is the Mos Eisley of business networking right? Between all the cutout accounts and stupid headhunters, one really has to know that it’s just a business version of Faceyspace right?

Well, I guess there are some out there who are using it like it’s a super secure and wonderful tool to make “spook” contacts for intelligence gathering huh? *SNORT* If anything we have seen that it has just turned into a festival of stupid commentary, casual hooking up, and one of the BEST tools for someone like Tommy Ryan to nab all kinds of .MIL and .GOV folks with their digital pants down more than anything else. So they were hacked, any of us in the business with half a brain “should” have been using throw away passwords or phrases with the apropriate complexity anyway, this includes the government and certainly the military people….

Well, it seems that this is not really the case….

ZOMG LinkedIN WASN’T PROTECTING MY PASSWORD!

So, once again we find that a company, that people do in fact pay for, was NOT performing the due diligence that they should be on behalf of their clients and protecting their passwords with salted hashes at the very least. Nope, no crypto of worth was at work within the rarefied digital confines of LinkedIN and WHO’DA THUNK IT? Even after they found out they were hacked they did not really have a grasp on if they “really” had been and failed to issue an alert until later the same day (much later, like late afternoon) when word of the hack and proof of the dump was out on the Russian hacker board at 6am EST.

Now, given the past history of security gaff’s and certain unsavory people/accounts on LinkedIN over the recent few years, and LinkedIN’s lackadaisical attitude towards security, is it any surprise that this all happened? That LI was not encrypting the password database to BASIC security standards? After all, they just take your money so you can hit up the pretty recruiters right? No security needed there… Nah. Hell, they don’t even have a CIO/CSO/CISO do they? Who needs them huh? C’mon “We no need your stinkin CISO”

Oopsies.

So what has the “INFOSEC Community” have to gripe about here? I mean, gee, we already kinda knew their posture right? You should have collectively had your throw away password anyway, so no biggie. Yet, look at all the hue and cry here!

ZOMG The 6 MILLION Passwords Were On The Whole SIMPLE AND INSECURE!!!

Yup, that headline says it all really. You see, people on average don’t really care about their passwords nor do they really have the security awareness to even attempt to create complex ones. I mean, hey, it’s as simple as downloading a password manager/vault that creates them for you with good complexity as well as saves them for you to look upon when you forget right?

*Evidently, THAT is too hard for the majority of end users… Hangs head…*

Nope, all too many people had simple passwords like 1234 for their access to a site where they lay bare much of their business and social data it seems. Oh, and did I also mention that in the same day there was a vuln released on their iOS app that was thieving YOUR calendar data? Oh yeah, nice! I guess it’s all just human nature to be lazy and create passwords that are easy to remember but this is just getting silly people. One wonders just how many of those people replicate those silly passwords on to other sites like their email or maybe their bank huh?

Oh my…. That many? We’re DOOMED.

Look, I have said it before and I will say it again, our own natures provide the largest attack surface. In the case of LinkedIN and the six million passwords there are two:

  1. Laziness on the part of the company not encrypting the passwords to basic standards and laziness on the part of the EU’s not creating stronger passwords
  2. A STUNNING lack of situational and security awareness on the part of both parties
It’s simple really, if you are a pentester or a criminal, all you need do is remember the axiom that human nature will always be the undoing of many security systems.Trust in stupidity son…

 

ZOMG The Security Industry FAILED To Teach Us All About Strong Passwords!!!

Meanwhile, there was a great hue and cry by the twits on my feed and in articles on Island and other places on how the industry (as well as LI) failed once again in the security space. We evidently do not have enough “evangelistas” out there teaching the wretched masses about the wonders of proper password choice. We are just not reaching them and when we see things like this we then go on ad nauseum chiding them or in most cases just pointing our collective fingers and laughing.

Yeah, that’ll teach em. I can feel their collective IQ’s rising now.

I guess my question is can we even really inculcate these things when the basic human nature is to not use our frontal lobes too much? We have too many passwords now and it’s hard! C’mon, just lemme do 1234 it’s gonna be fine because the company is protecting my data! How do I know? Oh, cuz they have this pretty graphic here with a lock on it!!

If you believe that, I have this bridge I’d like to sell you.

Look, all you INFOSEC people out there lamenting, stop. Breathe. The simple truth is that you cannot win this battle unless YOU are in direct control of the systems that would FORCE password complexity on the end users. The sad fact is too many of us aren’t actually in control, its the C levels who are in the end, we just tell them what would be best for the security of the business. It just so happens that much of the time these measures cost money, or, more likely, inconvenience the workers and the perception is that work and PROFIT would suffer from your new fangled security measures.

No, you cannot do that.. The workers will revolt and we will lose productivity Sonny Jim! That would affect the bottom line..

ZOMG You INFOSEC Weenies Are MISSING THE POINT!

Ok, so, it happened. LinkedIN handled it exceedingly poorly, and there is a great cry upon the internets over it all. People were tweeting and blogging, exhorting users to CHANGE THEIR PASSWORDS on LinkedIN but were failing to give a more nuanced warning.

“Uhhh, but, LI wasn’t sure they were hacked, how they were hacked, or IF they were still hacked!”

GO NOW! CHANGE YOUR PASSWORDS!

But, what about the whole password re-use thing? Any mention of that? Or that if you change your password, it may yet again be leaked because they may still be hacked?

*crickets*

Yup, bang up job people.

The real point for me is this salient fact: LinkedIN and other companies like Sony have shown time and again, they DON’T CARE about YOUR data. Always remember this people. So, you want an account on these places, then you best make a throw away pass and limit your data on the sites that host it. Otherwise, there will be a compromise like this one and not only your data there, but elsewhere (if you re-use or iterate) will be up for the taking.

What this also means is that business in general doesn’t get it nor care to and this is the most important point.

Either we demand they all do better or we just let them carry on leaking our data.

Written by Krypt3ia

2012/06/10 at 11:15

Posted in EPIC FAIL, Hacking, Infosec

Hacking, Children, and Ethics

with 4 comments

 

 

A Conversation and A Problem

While at last weekends ShmooCon, I had a chance to be in a conversation wtih @diami03 that got me thinking about Anonymous and where we are today with the whole debacle as regards the youth of today. I am indeed getting older (Methuselah here.. Hi!) and as I look around I see younger and younger folks going to the con’s and performing the new and old hacks out there in the world. It occurred to me at that instant that unlike when I was a kid (when dinosaurs roamed Pangea) the kids today don’t seem to have much in the way of teaching on the subjects of Logic, Ethics, and generally, how to be good citizens.

… And that perhaps it was time that the INFOSEC community engage on this….

I thought I had a genius stroke! But, alas, I was not the first to think of this! There’s hackidcon now as well as presentations like the one that actually was given the next morning at Shmoocon called “Corrupting Youth” by Jordan Wiens. I was heartened to see others had gotten on this already and that perhaps we as a community could do some good and affect the future generations of hacker types by teaching them the ethics of old school hacking as well as hte use of logic and good decision making.

In looking around today.. I’d say we really really need this… And here’s why…

Monkeys With Loaded Guns

Ok, I’ll say it here and now. What has evolved into Anonymous for the most part, has been a disappointment to me. Sure there are many in it just for the Lulz’s (a core issue here) but there are many who want to make a difference in what they perceive as their governments misdeeds. Both of these players have also been infiltrated by the Lulzier group of Anarchists who want nothing more than to just sow chaos for their own nihilistic animus. From this soup we have seen what I call the “Monkeys with guns effect” Scattershot and useless hacks and pranks that further no other agenda than the Lulz or, for those anarchists and others who have infiltrated the ranks, to sow chaos anywhere they strike.

Reasons or no.

On go the monkeys with loaded shotguns filled with buckshot, shooting aimlessly (except for the initial hit on Aaron Barr and HBGary) proclaiming wins and showing how bad “The Man” is by dumping dox and email spools.

*yawn*

This scattershot approach just shows a lack of critical thinking on their part as well as perhaps a lack of control over the minions out there performing the ol’ “Ready FIRE Aim!” routine. Overall though, this is getting old for everyone and that has been the general consensus for a while.

It’s time to cut it out kids.

The Future of Technological Society

Ok, so back to the next generation. How about we follow the model that Hackidcon and Mr. Wiens have set by teaching the new kids on the block not only the technology, but the ethos of hacking. We can teach them so many things both technical as well as ethically and I believe that a program like this would better prepare them for the power they will wield with the internet and all things digital.

Without it, I fear that we will raise another generation of online sociopaths as we seem to have already in some quarters of Anonymous. This is not to say that online rights are not important and CERTAINLY not to say that the governments of the world have been ramping up to over reach even more than ever before in the age of Anonymous and Digital Piracy. I think that the governments of the world have begun to erode all of our rights due to greed as well as fear. Greed being fed by the likes of lobbyists and fear that they are ill equipped to properly deal with the digital age.. Never mind to regulate it.

By teaching the next gen kids how to be good citizens and good hackers, then we might have a chance that in the future the senators and governmental work force will really understand the net, how it works, and what it means. This then will flow down to the laws being considered and implemented. Today we have governance that is unable to understand the tech nor the mindset.

“The Internet is a series of tubes you know…”

So, I ask you all to consider your time and its value to teaching these things to the next gen. Not just your kids, but all the kids you can. Make the time and find out where you can help.

After all… Those kids you might or might not teach… May in fact be the next Anonymous member DoS-ing your company.

hackid.org

K.

Written by Krypt3ia

2012/01/31 at 14:47

Posted in Ethics, Hacking

The Hezbullah Cyber Army: War In HYPERSPACE!

with one comment

WAR! in HYPERSPACE: The Cyber Jihad!

A day or so ago, a story came out and made the rounds on the INFOSEC-O-Sphere about the Hezbullah Cyber Army The story, which was cub titled “Iranian Terror” was titled  “Iranian Cyber-Jihadi Cells in America plot Destruction on the Net and in Reality” Which, would get all our collective attentions right? The story goes on to tell about the newly formed Cyber Army that will be waging all out war on the US and others in “Hyperspace”

Yes, that’s right, you read that correctly.. This guy Abbasi is either trying to be clever, or, this is some bad translation. Sooo… Hyperspace it is! Well, I have a new tag line for him…

“In hyperspace.. No one can hear you giggle”

At any rate, the whole idea of a Cyber Jihad or a Cyber Hizbullah is a notion that should not just be sloughed off as rhetoric. I do think that if the VEVAK are involved (and they would want a hand in this I am sure) they could in fact get some real talent and reign in the ranks to do some real damage down the road a piece I think. So, while I may be a little tongue in cheek here at the start of this post, I want you all to consider our current threatscape (*cough* SCADA etc) and consider the amount of nuisance they could be if they made a concerted effort with the likes of the HCARMY.

So, yeah, this could be an interesting development and it is surely one to keep our eyes on collectively… But.. Don’t exactly fear for your lives here ok? After all, my opinion still applies that the bugaboo of scada does not easily fit into the so called  cyberwar unless it is effectively carried out with kinetic attacks and a lot of effort. Nope, if the HCA is going to do anything at all, it will be on the playing field of the following special warfare fronts;

  1. PSYOPS
  2. DISINFORMATION (PSYOPS)
  3. Support of terrorism (Hezbullah and others)
  4. INTEL OPS
These are the primary things I can see their being good at or being pawns of the VEVAK for.
So.. Sleep well for now because really all you have to truly worry about is that they are going to deface your page it seems (see picture at the top of the post)

Interview by IRNA with HCA

More than anything else though at the moment, the whole revealing of the HCA is more a publicity stunt than much else I think. For all of the talk in the US and other countries about mounting their own “Cyber Militia’s” it seems that Iran and Hezbullah wanted to get in on the ground floor..

Oh… Wait..

They forgot about the PLA and the Water Army!

DOH!

Oh well, sorry guys… Guess you will have to keep playing on that whole “HYPERSPACE WAR” angle to get your headlines huh? Besides, really, how much street cred is an organization like this anyway? So far I have been poking around all of their sites and find nothing (links or files) that would he helpful in teaching their “army” how to hack.

My guess.. This is kinda like putting out the inflatable tanks and planes for the Germans to bomb in place of the real ones.

The "About" Statement on HCA

Now.. Before You All Go Off Half Cocked (That means you Mass Media)

Meanwhile, I have seen the story that I linked up top scrawled all over the digital wall that is Twitter these last couple days. I am sure with everything that has been going on in Iran of late (i.e. the tendency for their bases to explode lately as well as their pulling another takeover of a consulate as well as spy roll ups) the media is salivating on this story because its juicy. It has it all really…

Cyberwar (hate that term)

HYPERSPACE!

Espionage

BOOGA BOOGA BOOGA We’re gonna activate our hackers inside your borders and attack your SCADA’s!

What’s the media not to love there?

HCA's YouTube Page Started in September

Well, let me set you all straight. This is piffle. This is Iran posturing and the proof thus far has been they have defaced a couple of sites with their logo.

THE HORROR!

This group has not even reached Anonymous standards yet! So relax.. Sit back… Watch the show. I am sure it will quickly devolve into an episode of the keystone cops really. They will make more propaganda videos for their YouTube, create a new Twitter account, and post more of their escapades on their two Facebook pages to let us all know when they have defaced another page!

… Because no one will notice unless they let us know…

Just The Persian Facts Ma’am

The real aegis here seems to be shown within the “about” statement for the group. Their primary goals seem to be to attack everyone who does not believe in their moral and religious doctrine. A translation of the statement rattles on about how the West are all foul non believers and that we are “pompous” Which really, kinda makes me think that the Iranian people, or at least this particular group, has a real inferiority complex going. More so though, it seems from the statement that they intend more of a propaganda and moral war against the west and anyone else they see fit than any kind of real threatening militant movement.

You know.. Like AQAP or AQ proper.. Or Jamaa Islamiya.

This is an ideological war and a weak rallying cry by a group funded by a government in its waning years trying to hold on to the digital snake that they cannot control forever. Frankly, I think that they are just going to run around defacing sites, claiming small victories, and trying to win over the real hackers within their country to their side of the issue.

Which… Well, I don’t think will play well. You see, for the most part, the younger set who know how to hack, already bypass the governments machinations and are a fair bit more cosmopolitan. Sorry Mamhoud, but the digital cat is already out of the bag and your recognition of this is too late. How long til the Arab Spring reaches into the heart of Tehran and all those would be hackers decide to work against you and your moral jihad?

Be afraid Mamhoud… khomeini…

All you really have is control temporarily.. You just have yet to realize it.

Tensions In The Region: Spooks & The Holiday Known as KABOOM

Now, back to the region and its current travails. I can see why this group was formed and rolled out in IRNA etc. Seems to me even with the roll up of the CIA operations there in Iran you guys still are being besot with problems that tend to explode.

  • Wayward Trojan drones filled with plastique
  • Nuclear scientists who are either being blown up or shot in the streets
  • Nuclear facilities becoming riddled with malware that eats your centrifuges.
You guys have it tough right now.
Let me clue you guys in on something… If you weren’t such a repressive and malignant regime, we might work with you on your nuclear programs to power your country. But, unfortunately, you guys are FUCKING NUTS! So, we keep having to blow your plans to shit (we as in the rest of the world other than say North Korea that is) because we are all concerned you just want a bomb. Why do you want that bomb? So you can lord it over the rest of us and use it as a cudgel to dismantle Israel say.. Or maybe to just out and out lob it over the border.
You are untrustworthy.
Oh well.. Yes we all have played games there and I agree some shit was bad. The whole Shah thing.. Our bad… Get over it.
I suspect that the reason why all of these bad things are happening to you now though sits in the PDB on the presidents desk or maybe in a secret IAEA report that says you guys are close to having a nuclear device. You keep claiming that you are just looking to use nuclear power peacefully… But then you let Mamhoud open his mouth again and shit just comes right out.
Until you guys at least try to work with others and not repress your people as much.. Expect more KABOOM.

What You Should Really Worry About From All of This

My real fear though in all of this hoo ha out of the HCA is that VEVAK and Hezbullah will see fit to work with the other terrorist groups out there to make a reality of this whole “Cyber Jihad” thing. One of these factors might in fact be the embracing of AQ a bit more and egging them on in their own cyber jihad. So far the AQ kids have been behind on this but if you give them ideas AND support, then we have a problem I think. The ideal of hit and run terror attacks on infrastructure that the government and those in the INFOSEC community who have been wringing their hands over might come to pass.

HCA Propaganda Fixating on OWS

If the propaganda war heats up and gains traction, this could embolden others and with the support of Hezbullah (Iran) they could “try” to make another Anonymous style movement. Albeit I don’t think that they will be motivated as much by the moral and religious aspects that HCA puts out there as dictum. Maybe though, they will have the gravitational force enough to spin all of this off into the other jihadist movements.

“The enemy of my enemy is my friend”

If the HCA does pull off any real hacks though (say on infrastructure) then indeed they will get the attention they seek and more than likely give the idea to other movements out there to do the same.

AND that is what worries me.

Cinch Up That Seatbelt… It’s Gonna Be A Bumpy Ride

Finally, I think that things are just getting started in Iran and its about to  get interesting. With all of the operations that seem to be going on in spook world (please don’t use PIZZA as a code word again mmkay?) and the Israeli’s feeling pressured by Tehran’s nuclear ambitions and rhetoric, I suspect something is about to give way. Add to this the chicken-hawks who want to be president (Herman I wanna touch your monkey) Caine and the others who have so recently been posturing like prima donna models on a runway over Iran and we have a disaster to come.

Oh.. and Bachmann.. *Shudder* Please remove her from the Intelligence committe!! That whole Pakistani nuclear AQ attacks thing was sooo not right!

PSSSSST BACHMANN they’re called SECRETS! (or, for your impaired and illiterate self SEKRETS) STFU ok?

OH.. Too late, now NATO is attacking into Pakistan…

It looks to me like the whole middle east is about to erupt like a pregnant festering boil and we are the nurse with the needs who has to pop it and duck.

So.. Uh yeah, sorry, got carried away there… I guess the take away is this; When you look at all the other stuff going on there, this alleged cyber army is laughable.

Yuk yuk yuk… You’re killin me Ahmed!

K.

OpCARTEL: Kids, Trust Me… YOU ARE NOT Up To This Operation

with 28 comments

Killing Pablo:

Ok kids, before you were old enough to understand, there was a guy named Pablo Escobar. He was a bad guy who pretty much single handedly provided the US with cocaine that powered the 80’s debauchery. Pablo was the progenitor of the Zeta model of narco-trafficking that you guys are claiming to have data on and want to tangle with. Let me tell you now in no uncertain terms how I feel about #OpCartel…

YOU ARE NOT READY

Plain and simple, these guys are not just some namby pamby government following laws who will try to arrest you. No, these guys will hire blackhats of their own, find you, and KILL you in the most horrific ways. Need I remind you of the bloggers who got whacked recently? I don’t think you all want to be the next to be swinging under an overpass with a Mexican Necktie do you?

It took major government and military operations to kill Pablo and his cartel. You guys dropping information on the low end mules and lackeys will do nothing but interrupt operations currently ongoing as well as put yourselves into the cross-hairs of the Zeta killing machine. At the very least, you need to do your homework on these guys and NOT announce things on the internet before you do anything, this is just asking for a whacking.

Have you not been listening?

INTELOPS:

First off, if you want to gather intel on these guys or you have it, then make sure you vet it out and insure its the real deal. If you have sources, you need to protect them and if you have hacked access, you need to insure that you can’t be traced back. The big thing though, is to KNOW YOUR TARGET! How much do you really know about the Zetas? How much do you know about the politics of the area? The players both inside and outside the cartel? This group just doesn’t have low level people, they also have high ranking political connections as well. You mess with them, then you have governmental assets and pressure as well to deal with.

So.. What do you know about Los Zetas?

Los Zetas:

Los Zetas and La Familia Michoacana are a narco ring comprised of about 30 ex Mexican Special Forces deserters who decided that narco trafficking was a much better choice than just being ordinary special operators. This group has been one of the bloodiest and boldest in their massacres of opposing groups or individuals. In short, they are not people to tangle with unless you are a government with a special operations group of your own. Much of their infrastructure is already known (see pdf file at the top here) so, dropping some of the data you propose might just serve to get others killed and not damage the organization much at all.

Though, if you did have tasty information, perhaps you could pass it along to the authorities? If not, then maybe Mata Zetas?

Mata Zeta:

Los Matas Zetas is another paramilitary group (Zeta Killers) that has sprung up recently and in fact could be governmentally sponsored. Either way, this group is out to whack the Zetas. Now, were you in posession of data that could be used by them to combat the Zeta’s maybe you could find a conduit to get that to them… Secretly. I am pretty sure though, that these guys, if not sponsored by the government (Mexico and the US) would then just become the next narco trafficking group in line to stop the power vacuum once the Zeta’s have been taken out of the equation.

The basic idea though is this: Use the enemy of your enemy as your friend to destroy your enemy. Get it?

OPSEC:

Ok, so, here we are and you guys have laid claim to the idea of the operation. Then, once people started threatening, you dropped it. Then others like Sabu said it was all a PSYOP and there are things going on in the background still.

Oy  vey…

Look, overall you have to follow OPSEC on any operation like this and so far you have been a big FAIL on that account. It’s akin to saying to your enemy;

“I’m attacking at dawn.. From the East… With planes.. Vintage WWI planes…”

What were you thinking?

Obviously you weren’t thinking about OPSEC. You have seen me write about this in the past and you surely have heard Jester talk about it too. It is a key precept to special warfare and you guys just are not ready for prime time here. Unless you follow some basic security measures you will end up dead. So pay attention.. If there was any merit to this operation in the first place.

This Isn’t An Episode of Miami Vice:

Finally, I would like to say that this is not an episode of Miami Vice kids. YOU do not have a nickel plate .45, slip on shoes, and pastel shirts. This is reality and you are more than likely to run up against blackhats who will find you and one by one, these guys will hunt you down.

I know.. You’re an idea… No one can stop an idea…

I’m sorry, but your Idea will also not stop bullets and bad men with knives from cutting you to ribbons when they locate you. Unless you learn some tradecraft, go back to taking on corrupt corporations and paedophiles…

Though.. They too could also hire a hacker huh?

You guys are not ready for this…

K.

Written by Krypt3ia

2011/11/03 at 15:45

ウェブ忍者が失敗する : Dox-ing, Disinformation, and The Fifth Battlespace

leave a comment »

Digital Ninja Fail: ウェブ忍者が失敗する

The recent arrests of alleged key members of LulzSec and Anonymous have been called into question by the ‘Web Ninja’s‘, a group of would be hackers who have been ‘DOX-ing” the anonymous hierarchy for some time now. Yesterday, they posted the following on their page concerning the arrest of a man from the Shetland Islands who is purported to be ‘Topiary‘ by the Met and SOCA.

Now, this is a bold statement for anyone who really knows what they are doing in the intelligence analysis field. So, it is my supposition that these guys have no clue about what they are doing by making bold assertions like this. The data they have is tenuous at best and by making such bold statements, I have to wonder if indeed the so called ‘Ninja’s” themselves might not be a tool of anonymous to in fact sow that disinformation.

Here are the facts as I see them;

  • To date, the federal authorities have not questioned anyone who was DOX’d by the Ninja’s that I am aware of
  • The individuals who were DOX’d that were investigated by the authorities were in fact outed by LulzSec/Anonymous themselves
  • Adrian Chen has spoken to the person that the Ninja’s have fingered and claims that he (said person) went to the authorities himself. So far he is still not a suspect.

So, taking into account these facts, I would have to say that the Ninja’s have failed in their stated mission so far and I would suffice to say that if they are indeed a part of a disinformation campaign, then that too has failed. After all, the police seem to be ignoring the data put on the interent by the likes of the Ninja’s in favour of other tried and true tactics. The primary tactic as I see it, is grab one individual and then get them to roll over on their compatriots in the face of massive jail time.

This pretty much works all the time as we, as human beings, are most willing to sacrifice others for the self. In the case of the likes of LulzSec skiddies, I would have to say that the ages of the players, and their generational tendencies will allow them to cut deals pretty quickly. It’s my assessment that they are in it for the self gratification and lulz, not for the altruism that the LulzSec and Anonymous press releases have been trying to have one believe. My assumption is that if indeed the 19 year old guy they popped in Scotland is involved with LulzSec, and is in fact Topiary, he will roll over soon enough.

I also believe that these are all untrained operatives and they have made and will make more mistakes. I am pretty sure that the alleged “leaderless” group has leaders AND that unlike a true guerrilla warfare cell, will know the other players personal details. Essentially, they have had no compartmentalisation and they will all fall eventually though interrogation and deal making. As I said before, the insider threat to the organisation is key here, and it was this idea I think the Ninja’s had.. Well, at least that was the original idea of the Ninja Warrior. They were spies who infiltrated the ranks and destroyed from within.

So far with these guys.. Not so much.

Welcome To Spook World: Disinformation Campaigns and Intelligence Analysis

Now, on the whole disinformation thing, I know that the Lulz and Anonymous have said that they are using disinformation as well to try and create a smoke screen. Frankly, all of the intelligence out there that is open source is suspect. Maltego map’s of end user names as I have shown in the past can be useful in gathering intelligence… Sometimes. For the most part, if a user keeps using a screen name in many places and ties that name to real data, then they can be tracked, but, it takes a lot of analysis and data gathering to do it. Though, many of the foot soldiers within the Anon movement are young and foolish enough to just keep using the same screen names for everything so there is a higher likelihood that the data being pulled up on Maltego and with Google searches is solid enough to make some justified conclusions.

With the more experienced people though, there has been some forethought and they have protected their identities as best they could. What became their real downfall was that they could not rise above petty infighting and dox-ing each other. Thus you have the start of the potential domino effect on the core group as well as anyone who has any peripheral affiliation with the Lulz. Be assured, those who have been pinched are giving up as many names as possible as well as whatever is on their hard drives, Anon hacker manuals or not. All of these scenarios lead to the conclusion of more arrests by the authorities and even more skiddies getting into legal trouble around the globe. Meanwhile though, if the core group has been smart, then perhaps the leaders will skate for a time, using the masses as canon fodder.

Gee kids.. Did you know that you were all expendable?

On another tac, I would like to speak about the potential of the disinformation campaigns being perpetrated by the authorities as well. Consider that the trained professionals out there who are hunting these characters (Topiary, Sabu, et al.) are also adept at using not only the technologies of the fifth battlespace, but also the training afforded them in ‘spook world’ This means disinformation campaigns, mole hunts, and insurgencies of their own, getting to the inner core of Anonymous and Lulz. Now, that there were six (alleged) lulzer’s it would be more difficult to do, especially if those LulzSec folks really do know one another (as they claim they do not, which, I just don’t buy.. Remember the compartmentalisation issue) The agent provocateur’s are out there I am sure and with each rung of the ladder, they get closer to the core group.

That is unless the core group falls apart on their own and DOX’s each other out. In the end, I am going to suggest that the authorities will use all of the tricks of the trade on the Anon/Lulz folks to bag them… And with concerted effort by government resources, they will get their men/women.

Untrained, Unruly, and Unprofessional Operators:

“Discretion is the better part of valour” as they say, and in the case of the Lulz and Anon crews, they seem to not have a clue. Perhaps the Lulz think that by being unruly and unpredictable to a certain amount, will be just the cover they need, but, I think that their lack of discretion will be their undoing as well as their hubris. Had many of these folks had some real training, they might have just stood down for a while (not just a week or so) after setting sail into the sunset.

As I have said before, it was a bad idea to recruit and have comm’s out in the open on IRC servers even if they had ‘invite only’ channels. As is being seen now, someone (jester perhaps) has taken down their servers again after other outages due to Ryan Cleary’s attack and pressure from the government on those connection sources that the Anon’s were using. I am sure the idea was to have a movement that could also serve as diversion for the core users as well as to LOIC, but this all failed in the end didn’t it? The LOIC is what has given the FBI the 1,000 IP addresses as a hit list, so to speak, that they are now using to collect people and charge them for the DD0S attacks.

Had these people been trained or not been so compulsive, they might have had more of a chance to keep this up for a much much longer time. As I write, the Lulz do continue, but they have slowed quite a bit since the arrests started again. This I think is because the cages are starting to get rattled and people are finally coming to the conclusion that some discretion is needed to not end up Bubba’s play pal in prison. It’s a learning curve, and likely going to be a painful one for the kiddies.

Unprofessional actions within this area of battle will end up with your being put in jail kids.

To end this section I would also like to add this thought. My assessment of the Lulz core group is this;

  • They were drunk on the power of their escapades
  • The more followers they had and more attention, the less risk averse they became
  • They seem to have compulsion disorders (don’t say it.. Aspergers!) that seem to not allow them to lay low (until now it seems)
  • The ego has eaten their id altogether
  • Base ages are within the teens with a couple over 20

Technical Issues Within The Fifth Battlespace:

Another BIG issue within this battlespace is the technology. The Anon’s and Lulz have been ascribing to the idea of “Proxies, we haz them! So we’re secure!” and to a certain extent they are right. There are always ways around that though and certainly leaks in data (such as the TOR leaks that have happened) that could lead someone to locate the end user behind the proxy, so they are not fool proof. Certainly not if the fool in question is some skiddie 12 year old using LOIC un-proxied and not obfuscated while they D0S Paypal.

The problem is that the technology could fail you as well as the untrained operative could make small and large mistakes that could lead authorities right back to their IP and home accts. On the other side of that equation is that when properly done, it is damn hard to prove a lot in hacking cases because of obfuscation, as well as mis-configured end systems that have been hit. I cannot tell you how many times I have seen incidents play out where the target systems had no logging on as well as being completely un-secured, thus leaving practically nothing for a forensics team to find and use.

Once again, this brings us back to the insider threat, whether they be the insider who decides to go turncoat, or, the agent provocateur (i.e. Jester and the Ninja’s as well as others from the authorities) who infiltrate the Lulz and then gut them from the inside. What it really boils all down to is that in the end, it will be the foibles of the Lulz core and the actions of spooks that will bring them down.. And I think they are learning that very fact now.

JIN; One Must Know The Enemies Mind To Be Victorious:

As a last note, I would like to say to the Ninja’s, you need to learn and practice your Kuji-in. It is obvious to me that you have failed on the ‘Jin’ (knowing the opponents mind) with your dox attempts. Until such time as I see people being hauled in that directly relate to your documents posted, then I am going to consider the following to be the case:

  1. DOX-ing is mostly useless and takes quite a bit of analysis before just releasing names
  2. The Feds are not taking your data as gospel, nor should the general public or media
  3. You yourselves may in fact be a tool of Anonymous/Lulz and as such, spewing disinformation
  4. You could be right, but by releasing it to the public at large, you are letting the Lulz know to destroy evidence and create obfuscation that will hinder arrests later.

Ninja’s got results.. Not so much for ‘Web’ Ninjas. At least Jester, if his claims are true, is breaking their C&C channels lately.. Which has its own problematic issues.. Just like his meddling in the Jihadi area, but, that’s a story for another time.

K.