Archive for the ‘HUMINT’ Category
A Real Cardinal of the Kremlin: An Asset In The Kremlin Exfiltrated and Blown By Russia and MSNBC
Breathlessly and with great hyperbole the MSNBC report came across my iPad as I sipped my morning coffee. The reporter eagerly reporting on their “scoop” of locating, potentially, the Russian source inside the Kremlin’s whereabouts in Washington DC. As I sat agog at their reporting, a mix of “OMG OMG OMG LOOK AT US!” and “Sorry, I can’t report the details because two guys in an SUV came at us after we rang a doorbell!” as the bile rose inside of me. I then took to Twitter and began to get information that surprised me and made it all the worse. It turns out that MSNBC buried the real lede in their reporting. It seems their “tip” on the possible asset that was exfiltrated in 2017 was in fact from the Russian government by proxy of a news site called Kommersant.ru.
The Kommersant article, posted yesterday before MSNBC made their rush to the address of the alleged Russian asset in DC, gives the name plainly, which I will not do here, and links to earlier stories of the missing official who went on vacation in 2017 and “disappeared without a trace”… Of course the Russians would have readily known who the asset was after the EXFIL, but, to post it online was an interesting move. Originally “The Storm”, another Russian news outlet posted in October 2017 of the missing Russian official but no one in the media took note it seems. The updated story in Kommersant though was prompted by the stories in the media about how Trump could not be trusted with intel much like (think Lavrov and Kislyak in the Oval) where Trump released code word intel to them and blew an Israeli operation. As the stories swirled from CNN quoting that the exfil had happened because Trump, the Russians I am sure began to ponder how they could stick a finger in the eye of the US and the CIA.
What they did was just remind everyone that the name of the asset in their opinion was <REDACTED> and that his new address was <REDACTED> in Virginia USA. They actually gave the address in the article. MSNBC got the tip somehow (likely monitoring sites like Kommersant) and immediately dispatched a crew to go to the address and knock on the door Geraldo style and get the scoopy scoop and win the news day! Pay no mind to the potential intelligence disaster it may cause to someone who did a great service to this country.
…But hey HEADLINES! CLICKS! ADS! BYLINES!
Anyway, the asset has been moved I am sure but a lot still needs to be discussed here about this whole thing. I mean, why would they re-settle this guy and his family under his own name? Why would they allow them to purchase a rather large house under their names? I mean, once upon a time when you were exfiltrated from Russia (SOV Bloc) you got a new name and you got some money and lived quietly as you are consistently debriefed. Has the CIA lost it’s collective mind? Is this even the guy? What the hell is going on here? With that question upon my mind I will give this a bit of thought.
Is this the asset in question? … Given the details of their disappearance in 2017, and his role in the Kremlin, I am going to lean toward yes.
Why was this guy allowed to buy property and live in the open under his real name? … I honestly have a few theories:
- The CIA wanted the Kremlin to know as a poke in the eye and a challenge. If this guy gets a polonium enema in the US, shit is gonna go plaid.
- Also, the assets new life in a free country with considerable assets would perhaps entice others.
- His EXFIL was pretty out in the open once he went RED RABBIT, so, perhaps there just was no need for an elaborate re-settlement and name change.
- Lastly, perhaps there is some incompetence going on? Who knows, maybe the asset demanded they live free and under their own name?
What is going to happen now? … Well, if this asset has been moved as I suspect, then they likely will get that name change because they are spectacularly blown because of Kommersant and now MSNBC and all the other services. I mean, I did not name the guy here but Kommersant did and with just the name I tracked them down to the house through sales records online!
Jeez!
All in all, this whole affair just makes me scratch my head. I mean, we are really through the looking glass in 2019 with everything that has been going on since 2016 but wow. This whole thing at least moved me to post, something I have been uninterested in doing for a long while now, so there is that. I will watch the game unfold and see what plays out. I gotta say though, recent events regarding losses for the CIA in China and Iran have me worried that we have lost some of our skill sets in HUMINT. I would love to find out that this whole debacle was really a play at something larger by the CIA, but, I fear it wasn’t.
Interesting times…
K.
Maria Butina: The Knockoff Anna Chapman
AGENT OF INFLUENCE:
The arrest of Maria Butina, the poor man’s Anna Chapman has opened a whole new avenue of investigation by the amateur spy hunters as well as the professionals this week. As it turns out, Maria had been under surveillance for a while and a known quantity to the FBI/DOJ as well for some time. Butina was even in the news cycles back in 2016 attached in stories to Alexander Torshin, a Russian Oligarch cum Bratva/Mobster with ties to the FSB and to Putin. This however did not make her a household name and in effect many people in the media were caught off guard I think when the feds arrested her and presented the affidavit in court on her FARA violations and flight risk potential.
Butina had been a fixture in 2015-2016 with the NRA circles and in fact it seems that she and Torshin had been a part of a plot to funnel money to the NRA as well as attempt to garner access to the Trump campaign/admin as well as others in the Republican party vis a vis entree from the NRA itself and a certain person 1, in the affidavit. Person one turns out to be Paul Erickson, an alleged master of the political universe in his own mind. He and Butina had been living together and it has become clear that it was a task that Butina felt she had to carry out to complete her mission per conversations the feds have picked up during their surveillance of her.
It seems that Butina, and Torshin with the help of Erickson and one other person yet unnamed, were able to potentially funnel money through the NRA to the Trump campaign and to the tune of 30 million dollars. With this access and her machinations to meet and greet as many players as possible (a list was provided by Erickson it seems to hit up with his direction) they would also have access and influence over CPAC, the conservative political action group as well. With this kind of access it seems that perhaps, with more information to come to confirm this, Russia had an access and influence campaign that changed the Republican platforms stance on Russia to be more along the lines of what Trump is evincing today.
Poor Man’s Anna Chapman:
After all the information started coming out post the affidavit’s publication online it then became an interesting rabbit hole to go down and see just how this operation was carried out and with what skill. After looking at things myself I am going to say here that I do not believe this was a well thought out operation that was being run by the likes of the SVR nor the FSB. I think that this was a condoned and “let’s see what happens” kind of operation that was a sideshow to the main events of the influence operations by the GRU and SVR that we are all dealing with today. I say this for a few reasons;
1) Torshin is connected to the FSB but he is not FSB: He in fact likely is an asset of the FSB much like some mobsters have been to the CIA in the past.
2) Torshin and Butina’s utter lack of OPSEC leaves me to believe that this was not a managed operation by the FSB/SVR/GRU because plainly it was so inept
3) Butina seems to be a clean skin (i.e. no history as an operative) but does have a backstop story of being a Russian business owner. She isn’t really a classic kind of “illegal” because she did not have a cover identity and paperwork like the illegals busted back in 2010 who were actually trained in tradecraft and sent here undercover.
In fact the absolutely poor OPSEC with which these two carried out communications online and off is a sign to me that there were no official handlers to the operation. If there were then they were negligent to the point of idiocy. There is even an amusing exchange between Butina and Torshin about being on a phone call and it being insecure where Butina recommends using WhatsApp but it is not clear if Torshin could handle using it and that they went silent so to speak. It seems overall that they did not and the feds have quite a bit of material on them both.
Add to this the fact that they carried a lot of these conversations in email and on facebook and Twitter and you can see a clear pattern of lack of tradecraft as opposed to what we have all seen come out of the indictments recently of the GRU operation against the DCCC and DNC as well as the disinformation operations. So once again I am gonna call it as amateur hour with a side of Anna Chapman Sparrow wannabe syndrome. This can also be reinforced with Torshin’s comments on how Butina is like and or had surpassed Anna in her operations.
A Noisy Operation:
What Maria Butina lacked in tradecraft, she easily made up for in ability to entice 54 year olds like Erickson with sex and access though. It seems that she played on this quite a bit and thought of herself as the next Anna super spy given all these photos she had taken by Oleg Volk, a photographer with a gun fetish in Tennessee. Her portfolio there is all guns all the time and since she was playing the part of a Russian NRA right to bear arms supporter it all fit the greater theme. However, even with her sex appeal and her playfulness, she managed to not be overly subtle either and her connections to Torshin were pretty clear. The media and certain people in the government noticed and asked for her to be investigated as well as her connections to the NRA.
As you can see from the text here she was a known quantity but all of these people around her did nothing to report her. They all just went along with the money and the possible access to her and Russia via Torshin. It really amazes me how people can just eschew all ethics and morals when large sums of money are being handed to them in order to further their own cause. As for the Republicans and the access there, like I said above I believe there is much more yet to come on her connections to individuals and the movements of money from them to NRA to Trump. I look forward to more of this coming out and in fact a little teaser yesterday was that a new player showed up at court for Butina’s hearing on being a flight risk.
That new player is a prosecutor who’s specialty is with trials concerning espionage. It turns out that though she has been arrested on FARA issues, she may in fact be later charged with espionage given that this prosecutor has shown up. It is also interesting that during the hearing there were two guys from the Russian consulate there and the reason that Butina was remanded without bail was the concern that she had packed all her things, moved money overseas, and that the consulate folks looked like they were planning an exfil if she was let go.
Giggity.
Players Yet To Be Named:
I also have to wonder who Person 2 is as well as others out there who had connections and or friendships with Butina. They all must be shitting bricks right about now I would think. One of those people mentioned in the articles I got in my OSINT searches was Cleta Mitchell. I looked her up and wouldn’t you know it, she is involved on the International Foundation for Electoral Systems board as well as seems to have raised the alarm about Russia, the NRA, and money and access being funneled from it to Trump.
I guess she saw it all up close and personal…
I wonder when we will have some more names added to the list and perhaps some indictments or at the least subpoena’s served on this matter. Overall though, this case could be a lynch pin for the Mueller investigation in a couple of ways. Certainly there is the money angle, and Mueller is following the money most certainly. The players here could end up helping the investigation for immunity as well. However, the big thing for me is that in this net of collusion and money, we may see even more republicans touched by this case. It seems pretty clear that the Republicans changed their attitudes toward Russia after the money spigot opened and perhaps this NRA money funnel and perhaps to CPAC will crack open and give us some answers on why people like Nunes and Gowdy for instance, are so available to subverting the constitution in favor of Trump and Russia.
Perhaps they are trying to hide their guilt because, gee, there’s kompromat on them as well.
Maybe some pics of Butina, guns, and naked senators somewhere…
K.
Fabricator
I have been ruminating lately on our situation regarding aspects of Russian interference (active measures) and the new President of the United States. In previous posts I have delved into the Wilderness of Mirrors of counterintelligence that we find ourselves in today as well as some other musings on motives that the Russians and the President (and his minions) may have in relation to their actions. Today though, on the morning of the big Comey interview in congress, I would like to cover the fabricator. By fabricator I mean the intelligence term and not the guy who makes something on the line at the local plant. A fabricator in the parlance of spies means someone who lies, creates stories, and half truths in order to deceive in order to mislead intelligence operations. More to the point, I would like to submit that in the goings on today you will have to ponder whether or not the president and his minions are all fabricators acting in whatever interest they have against us all.
Fabricators have motives just like any other liar but here are the defined reasons in the intelligence definition:
- Fanaticism or ideology is often cited as the key reason behind fabricator activity. When fanaticism is involved or ideology becomes stronger than morals, fabrication may then be seen as a reasonable means to an end. The fabricator may invent the fake intelligence to help bring about a specific outcome to a situation.[7][9]
- Mental illness, such as confabulation, often combined with alcoholism, causes some individuals to fabricate intelligence, most often done as part of a fantasy of being a secret agent or to gain official attention.[10][11]
- Money is a strong incentive for some fabricators. Often, a reliable intelligence source agent will become a fabricator because of financial problems or greed. When the agent no longer has valid intelligence to sell to the conducting intelligence officer, the agent may decide to sell fabricated intelligence in order to satisfy need or greed. (Source: Wikipedia)
As you can see these are not so different from any other liar, however in the context of the intelligence world and what we see playing out today all of them could also easily fit the Presidents and the White Houses machinations of late. many have speculated already on all of these with regard to Trump and his coterie of minions in the White House today. I would put it to you here that all of these are likely but money and fanaticism are two of the key players here with a healthy helping of political expeditiousness. While Trump seems to be in his own reality much of the time, his outright lying and cognitive dissonance has multiple purposes. I would say that he has all of these factors, the mental illness, (narcissism) Desire for money and power, (Money) and a fanaticism that he wears like a cloak to keep him in the seat of power by using a base that he may not in fact believe in truly, but needs their support to win. I would say that this was a thumbnail of his campaign and what we are seeing now as he is running the country.
Looking back I would say the one biggest tell has been his claims of the Obama admin “tapping his wires” at Trump Tower during the election. Trump used this, as he does many other outrageous claims by Tweet, to distract everyone. He is specifically distracting the media, from looking at the real problem at hand (e.g. Russian ties between himself and his coterie and the monies involved) in what I am calling a WMD attack (Weapon of Mass Distraction) vis a vis early am Tweet storms. As we have seen with the claim of wiretapping there is no evidence but he uses spin and word salad to confabulate and bamboozle the media and the populace to look the other direction. I put it to you now that you can expect some other outbursts today or tomorrow post the Comey hearing in an attempt to spin things away from the connections that he and his people have with Russia.
Trump is a fabricator.
See through it.
K.
“Wilderness of Mirrors “
With all of the crazed tweets over the weekend from 45 I thought it would be appropriate to acquaint my readers with the notion of the “Wilderness of Mirrors” as James Jesus Angleton put it. Angleton is famous for his paranoia and his actions during the time he was chief of counter intelligence at the CIA from 1954-1975. Today we are in an unprecedented time of national intrigue with our very nations political system at stake with the issues surrounding the hack of the DNC, the manipulation of the US election process, and now the allegations and insinuations that the Trump campaign may have colluded with Russia. All of these things now fall under the auspices of Counter Intelligence in that there are actors within our government that may be compromised and have either been witting or unwitting accomplices to a foreign powers manipulation of our national transition of power. What’s more, these same individuals may in fact be assets of that foreign power while they are in the power within the White House and elsewhere within the new administration.
Take a breath there and contemplate that statement.
We potentially have reached what I personally thought was only a movie plot line as a reality today. There are actual reasons to question whether or not the President of the US today may be a witting or unwitting asset of the Russian state. There may be reason to believe that the minions of the new President may also be assets of the Russian state, and to even make it worse we have seen a litany of lies and half truths given by these people and their dissembling has been caught by the Fourth Estate and held accountable for them. While there is no smoking gun yet, there is a lot to parse out with every mornings headlines in the Times and other papers of record but I would like to lift the curtain a little for you on the counterintel side for you. If you are gonna play this game at home you need a primer on counter intelligence and the ‘Wilderness of Mirrors’
When Angleton made the comment on the wilderness of mirrors he was referring to his own deep paranoia and the nature of counter intel. You have spies upon spies that you must determine who they work for in reality. As the chief of counter intelligence it was Angleton’s job to assume that assets and agents within his own organization were in fact double agents or even triple agents. It was Angleton’s job to seek the truth of what his officers were telling him from intelligence reports and what their assets were saying in a time when the great game was at it’s highest point with the USSR. In essence, and this was his personality anyway, he had to assume at all times there was compromise within his organization and to determine who those assets that were doubles were and were working for in reality.
Now, in the current situation we are going through with 45 and the Russian efforts to destabilize the United States there is no internal mole hunt that we have heard about within the halls of the CIA but, there is a counter intelligence operation going on at least at the FBI concerning all the players we are hearing about in the news and likely other names we have not heard. The current players you know are;
- Paul Manafort (Worked for Yanukovich/Had affairs/Money troubles/Access to slush funds)
- Trump (No tax retturns/business with Russia/Love of Putin)
- Jeff Sessions (Lied about meeting Russian Ambassador twice at least)
- Michael Flynn (Lied about talking to Russian ambassador to Pence and everyone else)
- Carter Page (Business with Russia and seems disposed to them)
- Jared Kushner (Revelations of meeting with Russian ambassador with Sessions)
- Roger Stone (May have handed over DNC emails to Wikileaks physically)
- Un-named others TBD
There are likely more to be named as we go along but you get the gist. The people in the inner circle of the current presidents campaign and those he then added to his administration all seem to have had regular contact with the Russian government pre election and post. Not only are they talking to Russian emissaries but according to the IC, they are talking to Russian intelligence officers. This is not a good thing even if they were unwitting assets of the Russian intelligence apparatus. To lie about these contacts only makes the problem worse for the state and places more suspicion on them all, which leads to the wilderness of mirrors that the fourth estate is amplifying with the reporting (which they should be doing) on the leaks that are coming out of the IC. Leaks mind you to my mind, are a means to an end to get the word out because if they did not, the admin would attempt to bury them forever. To wit, we have agents of foreign powers and people within the admin who are all lying about their connections and discussions. This is a counter intelligence operation and a mole hunt potentially. Do we believe the people who have been sources of the Steele notes? Or do we think that maybe they are telling tales to muddy the waters even more? Since some of these people seem to be dying conveniently are they being killed off by Putin for talking and telling the truth or are they just being killed to muddy the waters some more?
This is how you have to approach this. No one is telling the truth and you have to discern what the truth of it all really is. Who do you believe?
We are in the wilderness of mirrors kids. Look at the news and try to parse out what is truth and what is fiction. It makes it even worse when there are factions out there like Alex Jones and the SVR that would like you to believe wild stories and disinformation campaigns set out to further their own agendas. All of this then, in a completely inconceivable twist today is re-tweeted by the president of this country who often does so as a diversion (one hopes) or actually believes these things (much worse for he may be mentally deranged) which unbalances us all. We are now all in Angleton’s shoes trying to determine what is truth today and this is one of the most destabilizing things happening today to the United States populace and government. I want you all to understand this as you watch or read the news with these revelations. Specifically now that we have reached peak crazy with Trump saying that the former President ordered a FISA warrant on himself and the campaign in 2016. There are many issues here to consider and if in fact the IC had intel that the candidate and his minions were in fact in touch with Russian intelligence ‘constantly’ then what actions would the IC and the president have at their command to take up to determine if this was in fact true?
The recent accusation by the current president may be complete lunacy and the product of his own reading or watching conspiracy sites, or, it may have some basis in fact. In that there may not have been a FISA warrant but instead foreign friendly intelligence agencies, monitoring not only Russia but by their outside mandate, the current president and his people’s conversations “might” have some telling information. Maybe they in fact got the conversations and there was no smoking gun but instead the conversations looked suspect and more digging was required. Perhaps then, some group like the FIVE EYES passed along this information and it is still being worked by the IC here in the US?
‘Wilderness of Mirrors” kids.
Ponder that.
K.
Book Review: An Introduction to Cyber-Warfare: A Multidisciplinary Approach
IJPFRH CPAGP EIIL!
CYBER CYBER CYBER!
CYBER CYBER CYBER! or “CRY HAVOC AND LET SLIP THE DIGITAL DOGS OD CYBER WAR!”” is often what you hear from me in a mocking tone as I scan the internet and the news for the usual cyber-douchery. Well this time kids I am actually going to review a book that for once was not full of douchery! Instead it was filled with mostly good information and aimed at people who are not necessarily versed at all in the cyberz. I personally was surprised to find myself thinking that I would approve this for a syllabus (as it has been placed into one by someone I know and asked me to read this and comment)
The book really is a primer on IW (Information Warfare) and Cyber-Warfare (for lack of a better nomenclature for it) which many of you reading my blog might be way below your desired literacy level on the subjects. However, for the novice I would happily recommend that they read the book and then spend more time using ALL of the footnotes to go and read even more on the subject to get a grasp of the complexities here. In fact, I would go as far as to say to all of you out there that IF you are teaching this subject at all then you SHOULD use this book as a starting point.
I would also like to say that I would LOVE to start a kickstarter and get this book into the hands of each and every moron in Congress and the House. I would sit there and MAKE them read it in front of me *surely watching their lips move as they do so* There are too many people in positions of power making stupid decisions about this stuff when they haven’t a single clue. I guess the same could be said about the military folks as well. We have plenty of generals who have no idea either.. That’s just one man’s opinion though.
As we move further and further down the cyber-war road I think that books like this should be mandatory reading for all military personnel as well as college level courses in not only IW/INFOSEC but also political and affairs of state majors as well. We will only continue down this road it seems and it would be best for us all if the next wave of digital natives had a real grasp of the technologies as well as the political, logical, and tactical aspects of “Cyber”
I have broken down the book into rough chapters and subject areas as it is within the book (mostly) It really does cover more of the overall issues of cyber-warfare and methods used (not overly technical) The modus operandi so to speak of the actual events that have taken place are laid out in the book and give you a picture of the evolving of IW to what we see today as “cyber-warfare” I will comment on those sections on what I thought was good and what I thought was derpy of course, I mean would you all have it any other way?
IW (INFORMATION WARFARE) RUSSIA
The authors cover early IW with the Russian saga’s over Georgia and Estonia. There is a lot in there that perhaps even you out there might not know about the specifics of the incidents where Russia is “alleged” to have attacked both countries at different times with different goals and effects. Much of this also touches on the ideas of proxy organizations that may or may not be state run that were a part of the action as well as a good overview of what happened.
In the case of Georgia it went kinetic and this is the first real “cyber-warfare” incident in my mind as cyber-war goes. I say this because in my mind unless there is an actual kinetic portion to the fighting there is no “war” it is instead an “action” or “espionage” so in the case of tanks rolling in on Georgia we have a warfare scenario outright that was in tandem with IW/CW actions.
OUR CHINESE OVERLORDS
Ah Chairman Meow… What book on Cyber would be complete without our friends at the MSS 3rd Directorate huh? Well in the case of this primer it gets it right. It gets across not only that China has been hacking the living shit out of us but also WHY they are doing it! The book gives a base of information (lots of footnotes and links) to ancillary documentation that will explain the nature of Chinese thought on warfare and more to the point Cyber-Warfare. The Chinese have been working this angle (The Thousand Grains of Sand etc) for a long time now and there are more than a few treatises on it for you to read after finishing this book.
The big cases are in there as well as mention of the malware used, goals of the attacks and some of the key players. If you are out to start teaching about Chinese electronic/cyber/IW then this is a good place to start. Not too heavy but it gets the point across to those who are not so up to speed on the politics, the tech, or the stratagems involved.
ANONYMOUS/SEA/LULZSEC
Anonymous, as someone on my Twitter feed was just asking me as I was writing this piece, is also a part of this picture as well. The idea of asymmetric online warfare is really embodied by these groups. The book focuses more on Lulzsec and their 50 days of sailing but it doesn’t go too in depth with the derp. Suffice to say that all of them are indeed important to cyber-warfare as we know it and may in fact be the end model for all cyber-warfare. How so? Well, how better to have plausible denyability than to get a non state group to carry out your dirty war? Hell, for that matter how about just blame them and make it look like one of their ops huh?
Oddly enough just days ago Hammond wrote a piece saying this very thing. He intoned that the FBI via Sabu were manipulating the Anon’s into going after government targets. This is not beyond comprehension especially for places like China as well. So this is something to pay attention to. However, this book really did not take that issue on and I really wished that they had. Perhaps in the next updated edition guys?
THE GRID
OY VEY, the “GRID” this is one of the most derpy subjects usually in the media as well as the books/talks/material on cyber-warfare out there. In this case though I will allow what they wrote stand as a “so so” because they make no real claim to an actual apocalypse. Instead the book talks about the possible scenarios of how one could attack the grid. This book makes no claim that it would work but it is something to think about especially if you have an army of trained squirrels with routers strapped to their backs.
It is my belief that the system is too complex to have a systematic fail of apocalypse proportions and it always has been so. If the book talked about maybe creating a series of EMP devices placed at strategic high volume transformers then I would say they’d be on to something. However, that said, the use of a topological attack model was a good one from a logical perspective. They base most of this off of the Chinese grad students paper back years ago so your mileage may vary. So on this chapter I give it a 40% derp.
WHAT’S MISSING?
All in all I would have liked to have seen more in the political area concerning different countries thought patterns on IW/CW but hey, what can ya do eh? Additionally I think more could have been done on the ideas of offense vs. defense. Today I see a lot of derp around how the US has a GREAT OFFENSIVE CAPABILITY! Which for me and many of you out there I assume, leads me to the logical thought conclusion of “GREAT! We are totally offensive but our defense SUCKS!” So much for CYBER-MAD huh?
I would have also like to have seen more in the way of some game theory involved in the book as well concerning cyber-warfare. Some thought experiments would be helpful to lay out the problems within actually carrying out cyber-war as well as potential outcomes from doing so more along the lines of what I saw in the Global Cyber-Game.
OVERALL TAKE
Well, in the end I think it is a good start point for people to use this in their syllabus for teaching IW/CW today. It is a primer though and I would love to see not only this end up on the list but also the Global Cyber Game as well to round out the ideas here. To me it is more about “should we do this?” as opposed to “LETS FUCKING DO THIS!” as the effects of doing so are not necessarily known. Much of this territory is new and all too much of it is hyped up to the point of utter nonsense. This is the biggest problem we have though, this nonsense level with regard to the leaders of the land not knowing anything about it and then voting on things.
We need a more informed populace as well as government and I think this book would be a good start. So to the person who asked me to review this..
K.
JIHADI’S HOLD LEGION OF DOOM CON CALL!! WOULD YOU LIKE TO KNOW MORE?
AZIJ XXRZ HMCKIDACVA GZ UZZW!
The Legion of DOOM!
Yesterday the camel’s back finally snapped in my head after reading a post on Harper’s Magazine entitled “Anatomy of an Al Qaeda Conference Call” which the author called into question the whole story that was put out by the Washington Times and their “anonymous sources” The paper claimed that Ayman Zawahiri and all the heads of the various jihadi splinter groups got onto their polycom phones and their SIP connections to have a “concall” as we say in business today.
You all may remember the heady headlines in the last couple weeks where the mass media picked up on this story and began scribbling away on how the so called jihadi “Legion of Doom” dialed in for a sooper sekret meeting to plan the end of our Western Civilization. Now, I am sure some of you out there have seen my screeds (140 chars at a time more so recently) on just how we get played too often by the media and the government on some things but this, this is just epic stupid here. If you or anyone you know believed any of this claptrap coming from the media please seek psychiatric attention post haste.
Let me tell you here and now and agreeing with the article cited above, that the “LOD” did not have a skype or asterisk call to plan our downfall. At the most they likely had a meeting of the minds in a chat room somewhere within the jihadist boards out there or had a server set up somewhere for them all to log into an encrypted chat. I lean towards the former and not the latter as they usually lack subtlety online. Though, given the revelations from Mssr “Snowman” I can see how the prudent Ayman would want this to be on it’s own server somewhere and for people to authenticate locally and encrypted on a system that does not keep logs… But I digress…
Suffice to say that a group of leaders and minions thereof got together for a chat on <REDACTED> and that they talked about plans and ideas (from hereon I am going to coin the term ideating) for the destruction of the West and the raising of a new global caliphate. Does that sound familiar to you all? Gee, I can’t seem to put my finger on where I have heard that one before. … So yeah, there was a meeting, there were minions, and there were plans but here’s the catch; NOTHING WAS SAID THAT ALLUDED TO A REAL PLAN! No, really, there wasn’t any solid evidence that prompted the closing of the embassies all over. It was a smoke and mirrors game and YOU all were the captive audience!
As you can see from the article cited there seems to be a lot amiss with all of this now that some reality has been injected into the media stream of derp. Why was this all brought to you in the way it was put out there by the media? Was it only the demented scribblings of one reporter seeking to make copy for his dying paper? Or was there more to it? Was there a greater plan at play here that would have the media be the shill to the duping of the public in order to make them see say, the NSA in a different light in these times of trouble for them?
Makes you wonder huh?
DISINFORMATON & OPSEC
So yeah, a story comes out and there are “sources” sooper sekret sources that are telling the reporter (exclusively *shudder with excitement*) that the Great Oz of the NSA has intercepted a LIVE call with the LOD and that it had scary scary portents for us all!
WE. ARE. DOOMED!
That the NSA had help prevent a major catastrophe from happening because they had the technology and the will to listen in on a conversation between some very bad dudes like Ayman and the new AQAP leaders plotting and planning our cumulative demise.
*SHUDDER*
The truth of the matter though is a bit different from the media spin and disinformation passed on by the so called “sources” however. The truth is this;
- The “con call” never happened. There was no set of polycoms and Ayman is not a CEO of AQ.
- The fact is that Ayman and many of the other “heads” of the LOD were not actually there typing. It was a series of minions!
- The contents of the “chat” were not captured live. There was a transcript captured on a courier that the Yemeni got their hands on and passed it on to the Western IC. (So I have heard, there may in fact be a chance they captured the stream using this guys acct) the Yemeni that is, not so sure it was us.
- As I understand it, there was nothing direct in this series of conversations that gave any solid INTEL/SIGINT that there was a credible threat to ANY embassies.
There you have it. This has been WHOLLY mis-represented to the Amurican people. The question I have is whether not there was an agenda here on the part of one of the three parties or more.
- Right wing nutbag Eli Lake
- The “anonymous sources of intel”
- The “anonymous sources handlers”
These are the key players here that I would really like to get into the box and sweat for a while. After the madness was over and sanity let it’s light creep into the dialog, we began to see that these so called sources were no more or less better than “CURVEBALL” was during the run up to the Iraq war. In fact, I guess you could say they were less effective than old curveball because we did not actually go into another half baked war on bad intelligence this time did we?
Another question that should be asked here is why was this information leaked in this way to the press on an ongoing operation that I would say might be pretty sensitive. I mean, you have a channel into a chat room (or *cough* con call as the case may be har har) that you could exploit further and yet you decide to close all the embassies and leak the fact that you have closed said embassies because you intercepted their sooper sekret lines of communication?
*blink blink*
Holy what the Hell? What are you thinking POTUS and IC community? Oh, wait … Let me ideate on this a bit….
- The intel community is in the dog house right now because of the SNOWMAN FILES yup yup
- So a WIN would be very very good for PR wouldn’t it? I mean you don’t have to hire a PR firm to figure this one out right?
- HOLY WIN WIN BATMAN! We tell them we foiled their plans using sooper sekret means that the public hates for infringing on their “so called” rights and we can win hearts and minds!
Could it be that simple?
All joking aside though, think about it. Why blow an operational means of watching how the bad guys are talking UNLESS it was never something you really had access to in the first place right? You could win all around here (though that seems to be backfiring) IF the Yemeni passed this along and it was after the fact then how better to make the AQ set abandon the channel by saying you had access to it?
Right…
How better also to try and get a PR win by alluding (ok lying lying lying with pantalones on fire!) that you had compromised (you being the NSA and IC here) said channel! I guess overall the government thinks that the old axiom of “A sucker born every minute” still applies to wide scale manipulations of stories in the media to sway thought huh? Oh and by the way, if any of you out there think this is just too Machiavellian I point you to all those cables dropped by Wikileaks. Take a look at the duplicity factor going on in international realpolitik ok?
Political Wag The Dog
It seems after all once all the dust has settled that either one of two things happened here;
- Eli Lake did this on his own and played the system for hits on his paper’s page
- Eli Lake was either a witting or un-witting dupe in this plan to put out some disinformation in a synergistic attempt to make the IC and the government look good on terrorism in a time where their overreach has been exposed.
It’s “Wag The Dog” to me. Well, less the war in Albania right? I suggest you all out there take a more jaundiced eye to the news and certainly question ANYTHING coming from “ANONYMOUS SOURCES” on NATSEC issues. It is likely either they are leakers and about to be prosecuted, or there is a cabal at work and DISINFORMATION is at play using the mass media as the megaphone.
Sorry to sound so Alex Jones here but hell, even a clock is right twice a day.
K.
BofA Gets A Burn Notice
rode bb iqdnpmbia fpn’k ybi lr qektrf?
PARANOIA
par·a·noi·a
[par-uh-noi-uh]
noun1.Psychiatry. a mental disorder characterized by systematized delusions and the projection of personalconflicts, which are ascribed to the supposed hostility of others, sometimes progressing todisturbances of consciousness and aggressive acts believed to be performed in self-defense or as a mission.2.baseless or excessive suspicion of the motives of others.Also, par·a·noe·a [par-uh-nee-uh] Show IPA .Origin:
1805–15; < Neo-Latin < Greek paránoia madness. See para-, nous, -ia
Paranoia , the Anonymous intelligence division (self described) published a dump of data ostensibly taken from Bank of America and TEK Systems last week. The information presented seems to show that BofA had contracted with TEK to create an ad hoc “Threat Intelligence” unit around the time of the LulzSec debacle. Of course since the compromise of HB Gary Federal and the revelations that BofA had been pitched by them to do some contract work in the disinformation business it only makes sense that BofA would set up a threat intel unit. The information from the HB Gary dumps seemed to allude to the fact that BofA was actively looking to carry out such plans against those they perceived as threats. Anons out there took great umbrage and thus BofA was concerned.
This blog post is being put together to analyze the data dumped by Anonymous and to give some perspective on what BofA may have been up to and to set some things straight on the meanings of the data presented by Paranoia. First off though I would like to just say that I think that generally BofA was being handed lackluster threat intel by a group of people with intelligence background. (for those names located in the dumps their LinkedIN pages showed former mil intel work) This of course is an opinion formed solely from the content that was available online. There may have been much more context in formal reports that may have been generated by the analysts elsewhere that was not open for the taking where Anon found this dump. The daily and monthly reports found in the database showed some analysis but generally gave rough OSINT reports from online chat logs, news reports, and pastebin postings. There seemed to be a general lack of product here and as such I have to wonder if there ever was or if perhaps those reports never made it to the internet accessible server that anonymous downloaded them from.
B of A’s THREAT INTELLIGENCE TEAM
Since the leak of their threat intelligence BofA has been recruiting for a real team it seems. A Google of the parameters show that they have a bunch of openings all over the place for “Threat Assessment” It makes sense since the TEK Systems team may in fact be mostly defunct but also that they likely would want an in house group and not have to pay overhead on consultants to do the work for them. TEK’s crew as well may have been the problem that caused the leak in the first place by placing the data in an accessible area of a web-server or having passed the data to someone who did not take care of it. Either way it looks as though BofA is seeking to create their own intelligence apparatus much as many other corporate entities are today. The big difference though is what exactly is their directive as a group is to be.
One of the problems I have with the Paranoia analysis is that they take it to the conspiratorial level and make it out to be some pseudo CIA like entity. The reality though is that from what has been shown in the documents provided, that this group really was only tasked with OSINT and threat intelligence by passive listening. This is a key difference from disinformation operations and active participation or recruiting of assets. I will cover this in more detail further on in this post so suffice to say that what BofA was doing here was not only mediocre but also not Machiavellian in nature. The argument can be made though that we don’t know the whole picture and I am sure Paranoia and Anonymous are leaning that way. I cannot with what I have seen so far. What I see is an ad hoc group of contractors trying to create an intelligence wing as a defensive maneuver to try and stay ahead of incidents if not deal with them more effectively should they not be able to stop them.
Nothing more.. Nothing less.
Threat Intelligence vs. Analysis and Product
All of this talk though should be based on a good understanding of what intelligence gathering really is. There are many variations on intelligence tasks and in this case what is clearly seen in the emails and documents is that this group was designated as a “Threat Intelligence” collection group. I have written in the past about “Threat Intelligence” and the misnomer many have on the idea that it is some arcane CIA like pursuit. One of the bigger problems overall is perception and reporting where intelligence gathering is concerned. Basically in today’s parlance much of the threat intelligence out there in INFOSEC is more around malware variants, their C&C’s and perhaps who are running them. With the advent of APT actors as well as criminal activity and entities like Anonymous the paradigm of threat intelligence has come full circle back to the old school idea of what it is from the military sphere of operations.
Today’s threat intelligence is not only technical but also human action driven and this makes it even more important to carry out the collection and analysis properly in order to provide your client with the information to make their decisions with. Unfortunately in the case of the data from BofA we see only sketchy outlines of what is being pasted online, what may be being said in IRC sessions, and what is in the news. Nothing overly direct came from any of the data that I saw and as “product” I would not be able to make much of any decisions from what was presented by TEK Systems people. What is really missing within the dump from Paranoia was any kind of finished analysis product tying together the information in a cogent way for the executives at BofA. Did TEK actually carry this type of activity out? Were there actual reports that the execs were reading that would help in understanding the contents of the raw intelligence that was being passed on in emails daily and monthly? I cannot say for sure. What I did see in the reporting (daily threat reports as well as monthly) were some ancillary comments by a few of the analysts but nothing overly structured or productive. I really would like to know if they had more of an apparatus going on here as well as if they plan on creating one again with all of the advertised positions in that Google search above.
Threat Intelligence vs. HUMINT
This brings me to the whole issue of Threat Intel vs. HUMINT. It would seem that Paranoia thinks that there is much more than meets the eye within the dump that makes them intone that there is a HUMINT (Human Intelligence) portion to the BofA program. While there may well be some of that going on it was not evident from any of the documents I looked at within the dump files. HUMINT would imply that there are active participants of the program out there interacting with the targets trying to recruit them or elicit information from them. With that kind of activity comes all of the things one might conjure up in their heads when they think on NOC (Non Operational Cover) officers in the CIA trying to harvest intelligence from sources (assets) in the field. From everything seen that was posted by Paranoia this is not the case.This operation was completely passive and just collecting data that was in public view aka OSINT. (Open Source Intelligence) Could BofA be seeking to interact more with Anon’s and generate more personal data other than that which the Anon’s posted about each other (DOX’ing) sure but there is no evidence of that. Given the revelations with HB Gary though I can see why the Anon’s might be thinking that they are likely taking more robust non passive actions in the background elsewhere though. Overall I just want everyone to understand that it’s not all cloak and dagger here and seems that Paranoia has a flair for the dramatic as a means to get their point across. Or, perhaps they are just living up to their name.
Assessment
My assessment in a nutshell here of the Paranoia BofA Drop is as follows:
- Paranoia found some interesting documentation but no smoking gun
- TEK systems did a mediocre job at Threat Intelligence with the caveat that I am only working with the documents in plain view today
- BofA like any other company today has the right to carry out this type of activity but they need to make sure that it’s done well and that it isn’t leaked like this
- If more documents come out showing a more in depth look at the OSINT being collected then perhaps we can change the above findings
- BofA needs to classify their data and protect it better on this front
- Paranoia needs to not let its name get the best of itself
All the drama aside this was a ho hum really. It was funny seeing all the analysts taking down their LinkedIN pages (really, how sekret squirrel is it to have a LI page saying who you work for doing this kind of work anyway? SECOPS anyone?) I consider those players quite burned and assume they are no longer working on this contract because of it. All you analysts out there named, you are now targets and you are probably learning SECOPS the hard way huh? I guess in the end this will all just be another short chapter in Encyclopedia Dramatica and an object lesson for BofA and maybe TEK Systems.
For everyone else.. It’s just LULZ.
K.
Defcon Grows Up and Gets Recruited As An Asset…
I came to Defcon this year as it turned 20 and after much had changed on the world stage regarding our business (INFOSEC/Pentesting/Dev/SECOPS) much remained the same. What has really changed though, and could be seen at this anniversary year was just how much our antics and interests were now the new “hotness” to the government and the military. Never before had the NSA had a booth at our conference but this year, they were there with recruiting in mind and that is a big change.
However, you may be saying to yourself right about now “Uhh, but, this has been going on a while, not just now” Well, yes, it has, but, what I have noticed this last con was that it’s not all about the tech, this year, it was also recruitment of human assets who would give “intelligence” to the players like NSA. No more are they just looking for programs and programmers, but also seeking out to make connections with people who have connections. You see, as Shawn Henry said as well as General Alexnder, “we need you to keep an eye out and tell us if you see something” What I heard was the equivalent of “if you see something say something” that the TSA has plastered at airports.
This is an important paradigm that we all need to be aware of. With the advent of Anonymous and Stuxnet as well as the nascent idea of the internet becoming a “digital nation state” we all have to be mindful that while the technologies out there are a commodity, so too are we in the great game of cold war intelligence and cyber war. We are the commodity that makes the new exploit as well as being the HUMINT asset that intelligence agencies need to “collect” with.
Now, while you are pondering that, consider the fact that the “opposition” is also trying to curry favor and recruit us as well…
Yup, that’s right. That party you might be attending might in fact have operators from other countries clandestine services too. In fact, that party could even be funded by said agencies and players to get you to chat and perhaps leak meaningful information. Think about it, how many of you out there reading this post work for fortune 500 companies as security technicians? What kind of data is in your head that might be of use to a foreign operative?
Ponder that as you sip that free drink late in the day. Say, did you know that the Chinese most preferable means to gaining intel with visiting professors and the like, is to have them over tired and tipsy? It’s true, it’s low level but its been used on many an occasion. You see, once you start talking, then you open the door for more rapport building, and then it’s pretty much over. One wonders how many Los Alamos folks had the same treatment on trips to China. Now think about the average Defcon party and the amount of alcohol and sleep deprivation we have going on there.
Just sayin…
So, look at it from that perspective. Now the NSA has come to the con just as the FBI and other agencies and security bodies so too will the “other guys” I don’t know how many of you out there come from military or “other” backgrounds where you will have a DSS or counterintelligence training,but, I am assuming that a vast majority of the folks attending the cons today do not have that background, especially the younger ones who’s only been in the security arena a short time. Pentesters who know SE should be able to easily detect some of the techniques used to recruit an asset, and tease out information.. Others, maybe not so much.
So here we are today, APT (Yes China being one purveyor of APT attacks) are not only using malware to get into systems but also recruiting sources to help them in their goals. Used to be a time that it really only was the nuclear scientists getting the attention… Today though, everything is game, you might make widgets, but that doesn’t mean that someone doesn’t want to know what you know.
Pssst… It’s still espionage kids… And now YOU are part of it because you hold interesting information.
How’s that for some “Threat Intelligence” huh?
Which brings me to the second line of thinking or topic that came up this year. The government is asking us to consider more “threat intelligence” and to bring them in on the loop. See, right there, they are asking you to be an asset.. Did that occur to you? Of course I know for the most part you all thought, as I did too, that the idea was a bit silly.
Why?
Because who really has that kind of threat intel program going on today? Hell, we are all pretty much trying to just keep our shit together right? On average, unless you work for a major company,you may not even have an SIEM or even snort instance right? How are you going to convince your employer that you need that stuff and then more so, to pass that intel to the government? The only groups I have known to do this are the DIB partners, and they do it because they don’t want to lose contracts for the military.
So now, we would all be assets? All corporations out there, whether they are being attacked by APT or Anonymous, would be reporting their incursions or attempts at them to the government? That’s kinda spooky really. This also circles back nicely to the idea that we all now, all of us in the INFOSEC community are now collection nodes for SIGINT/HUMINT/MASINT/ELINT and not many of us have had the training to be analysts.
You see, when you use the words “Threat Intelligence” this has some context that some may not get right away. It’s not just what IP is hitting us and with what attacks anymore.. It’s about the context around all of that and the attribution that is needed for cyber warfare, or more likely, cyber intelligence operations. I expect to see a lot more of this lobbying going on at all of the cons as well as more people sidling up to the attendee’s and asking “so, what’s going on out there?”
For those of you not acquainted with HUMINT and it’s techniques, I suggest you read “The Art Of Intelligence” By Henry Crump and learn… Why? Because that guy you’re talking to at the cool party might just be a PRC case officer…
Interesting times….
K.
The Biggest Attack Surface Is US: HUMINT and Human Nature As a Paradigm for INFOSEC
The Biggest Attack Surface is US
“I have met the enemy of information security, and that enemy is us.”
With the new spate of malware attacks (alleged by nation state actors) as well as other attacks by the likes of Anonymous on down to the usual cast of criminal characters, I have been taking stock of the “bigger picture” What I have come to the conclusion of, is that we, out of all things, the creators of the internet, the computers, the code, and the universe in general (probabilistic, newtonian, quantum, etc if you believe we in fact create our consensual reality) are the one common flaw in security.
Take that statement in a bit… I’ll be back in a moment while you ponder….
Ok, thought that through a bit? For me, the statement us an ultimate truth. We create all these things (for me universe included by perception) and in the case of the security over or within the systems that we make and use, are it’s core failing. We, for a lack of a better term, are “flawed” and thus, our systems will always be so. In the case of security today, we can see this from many angles, not just within the realm of computer security or data security, but also our efforts in war or protection from terror (ala DHS and the TSA) There are inherent flaws and unpredictable outcomes vis a vis human nature that really have to be taken account of before we can really even consider something to be more secure than not.
This is an issue that I think many are overlooking as they seek to make the better mousetrap cum Rube Goldberg device that will then sit blinking in your rack at the NOC. Boiling it all down to the sum total of security issues, we have the human being and their “nature” to consider as the driver of the ill as well as the arbiter of demise in any security scenario we can think up here. This is why I have decided to write this post, I want you all to stop, take a look around you, and see the problem from the macroverse instead of the microverse of code and hardware.
It’s all in the wetware man.
Human Nature, It’s Anathema To Security
Human nature… What a many splendored thing huh? It gives us so much latitude as a species to be dominant on this planet and yet, we still seem to be unable to overcome it and protect ourselves from it’s down side. Of course it isn’t just that our natures precludes us from attempting to secure things today, it’s also that we are using technologies that we built, us, fallible beings who tend to code in error and without foresight into how it could be abused. On that note, the abuse of the code itself is also human nature, we are always pushing the bounds trying to outdo others or just test the bounds of our realities so, it’s a natural progression really. Of course then there is also criminality, and the darker tendencies that we all have… We are just a pile of trouble aren’t we?
On the other hand, there is also the tendency for laziness today that we all have, whether that be intellectual or other slothly behaviors that can be and often times, are the cause for security failures. It is laziness in coding and a desire to work faster and maximize profits for example, that lead many people down the path of sloppy code and massive vulnerabilities therein. Couple this with the need for speed that today’s work environment (time is money calculations aside) demands, and we have the mix for epic failure much of the time. Oh, and lest we forget hubris, like that of Microsoft. coming so late to the security game in their coding and testing of operating systems, that, in effect are the most frequently vulnerable as well as the biggest target from user base perspectives.
Oh, and there are also the basics of human nature such as being helpful, or other more base desires that often are the unraveling of security measures. You can have all the defenses in the world, but all it takes is one person saying “Gee! Look! A USB stick in the parking lot! ITS ALL MINE!!! I MUST PLUG IT IN NOW!” How often have you pentesters out there reading this now have used that very exploit? Over and Over and Over again and had success each time. How many of us have had the door held for us even when we don’t have a badge? Yeah, I know, many have and though have been warned on the perils of doing so, still do it out of instinct or perhaps social programming.
It’s human nature that is the undoing of the best laid plans of mice and men…
What I am getting at is a simple truth, we are the problem. If we aren’t creating the poorly coded software, then we are the ones opening the gates to the Hun hoard, or worse, we are in fact that Hun hoard and are exploiting those weaknesses for our own gains (whether it be nation state, pentester as a job, or criminal to make a buck) it’s all driven by our nature.
HUMINT and The Push Of Social Media
So enters the era of “Social Media” and wow, we are a social animal aren’t we? We have Facebook, where we seemingly just expose all of our foibles, secrets, and other trivia daily, no, wait, by the second, every day. Who knew we would be so in need of telling everyone (not to mention showing everyone screen shots of our meals) about every little thing we do? Our location at that time, or perhaps that little Timmy took his first solid dump. *shudder* It’s little wonder that you see how much the government is interested in our “social” data huh? We are so willing to just give it up without a thought to it.
It’s our nature I guess… Tribes around a digital fire now…
Back to social media and HUMINT though, you see, this is the next wave. Since everyone wants to communicate on the Internet, then its easier to communicate with everyone and everyone in a way that, as we have seen, allows for a lot of data gathering, and manipulation. See, now we have the infrastructure populated, we will now use it, subvert it, for goals other than just befriending someone. Hell, we now have bots that do it for us right? How do you know that that person you are talking to on Twitter is a person or a heuristically adept bot? Give it some pause…
Think about the potentials here for every kind of abuse or manipulation. Anything from online advertising using Turing bots to intelligence agencies and others gathering data on you all for whatever purpose serves their needs, and you, you are the commodity.. The “asset” So, yes, as the technologies advance and the human nature side of things continues to allow for strides in security as well as the inevitable setbacks, you, will become the ultimate target of the easy score for data that could lead to compromise. After all, what do you think the real persistent threats rely on? Human nature, our nature and proclivities for social interaction, which, really, is what the Internet is all about huh?
Now, as you go to post on Facebook about your last meal.. Ponder this…
So, How Do We Remediate All of This?
Is remediation possible? Can we change the vagaries of human nature to the point where we can actually not only secure systems adeptly, but also secure the end users to disallow the lowest of the low hanging fruit? Can we get coding initiatives that work and for God’s sake, come up with non Turing complete machines and code? One wonders if it ever really a possibility, and frankly, the sense I get of things lately in the security community is no. We will never win the battle, the war will rage on forever and at least we will have jobs, but, we must get used to failure in the grander scheme of things.
Once again, human nature is the arbiter here and, well, we are human aren’t we? I guess the answer is no, we will never be able to remediate it all. As we move forward with an uncertain digital world, one where we have put all our eggs in one digital basket (yes, power, light, water, control) we all must look at the nature of it all and ponder what have we done to ourselves here? Has our nature and a propensity for laxity in thought and deed placed us in greater jeopardy? Will we ever learn from the things we have seen already and try to remedy the situations? Or will we just go on blithely until such time as there is an epic failure that causes us pain?
This is not to say it will happen, nor that I believe it will be as epic as some on capitol hill would have you think, nor those in the shadows selling them the digital snake oil in the first place. What I see though is that unless we get smarter and try to manage our natures here, some will end up exploiting them to our collective detriment. Whether it be the laws around our privacy, or lack thereof, or the connecting of systems upon systems that, should one fail in a cascade, we really could have an problem, we all have to take a step back and look in the mirror.
We are the problem.
K.
AntiSec, Stratfor, Wikileaks, and Much Ado About Nothing
The Compromise
Back in December Stratfor, a private “Intelligence” group was hacked by AntiSec. The hack to date, has yet to be really discussed as to the means to it’s accomplishment, but, I suspect that as usual, it was an SQLi attack if not some other low hanging fruit attack that allowed access into the Stratfor systems. Once inside, the kids had access to everything (allegedly) that Stratfor had. They proceeded to take what they wanted and then RM’d their servers/data/site. It was, for all intents and purposes to Stratfor, a nuclear detonation.
I say this not from the fact that they likely had no backups, and were scrambling to repair their online presence post the hack, but instead the fact that once the AntiSec kiddies dropped data, it became apparent that Stratfor had done nothing to protect its clients and employees data from being taken or, more to the point, had it been stolen, unable to be used with the use of encryption. Instead, it was clear that they had not encrypted anything that belonged to the clients, but also were keeping PCI (Payment Card Information) as well on their servers against the rules of PCI AND were also not encrypting them as well.
BOOM.
The AntiSec crew then set out to troll all those they felt needed attention (Such as Nick Selby, because he does work for the government) dropping all their data and credit numbers for anyone. They then proceeded to use those same cards to make donations to charities that they thought were a good idea to “stick it to da man”
Heh…
In the end though, they only really stuck it to the charities who had to face charge backs and incur fee’s for their trouble. This was not a win for anyone and even if AntiSec claimed then, as now to more “win” with Wikileaks dumping their email spool. The win here though, (dumping of the spool) for me, is to get a real insight (haha to use a Stratfor term) into how they (Stratfor) operated as a pseudo private intelligence firm. The outcome of all this reading for me? Pretty much what I thought of them before when I got their newsletters..
“Ho Hum”
The Leak
According to Wikileaks there are 5 million emails that they are in possession of. They have torrented them as well as placed them on their site for all to look at. The intonation of course by the ever increasingly paranoid and fanciful group, is that these guys were BAD! They were corporato-governmental-greedhead-evildoers. PROOF positive that they were a “shadow CIA” and that we are all far better off because AntiSec and Wikileaks teamed up to out their misdeeds.
I have perused many of the emails and files that they came with and am left with an even lower opinion of not only Stratfor, but also of Wikileaks and ANYONE who really bought into Stratfor as a company selling “Intelligence” as a service. The emails come off as exceedingly trite, unprofessional, and generally grammatically challenged. Of course you could make the case that many of them were typed out on Blackberries likely while sipping latte’s, so you can perhaps understand the internet speak/poor spelling.
Overall though, I am underwhelmed with the emails. They only show poor choices of language, poor choices of data collection and vetting, and a stunning amount of hubris on the part of the company in it’s dealings with foreign nationals. The one real question though, that it has left me with is this. Is this it? Does AntiSec or Wikileaks actually have finished analysis reports somewhere as well? I ask because the reports that I was privy to when I had access to Stratfor were, well, “meh” as well. I never once really felt like any of their subject reports were that great to be honest. I kept thinking that I could do just as good a job with a browser and Google hacks. So I never went any further to get anything else from them.. Well, that and the exorbitant price scheme they had really made me want to just do it myself.
So, Julian… Sabu? You got any real sugar for me? Do you have actual finished reports for say Dow or DUPONT or a government official that you can throw out there to show me and everyone what Stratfor was really doing (as you claim by these emails of bribes and source manipulation)
Do you have anything? Or are you just offering another half baked claim of conspiracy and then failing to deliver on it again? These emails are just truly unprofessional and to me bespeak just how poorly this org was going about cultivating assets and analyzing raw intelligence *cough* they were alleged to be getting from “sources”
So, let me sum up.. What you have put out there.. Doesn’t scream UBER SECRET PRIVATE CIA… It screams something more like “LOOK AT MEEEEE!”
Smell the desperation.
HUMINT, OSINT, and STRATFOR
Going through the emails I just kept saying to myself; “WTF? What? No real reports, just scuttlebutt from people and no real vetting of the data? Just gut hunches and who knows who and for how long? It was a morass of terrible conclusions, hints, and allegations that weren’t properly looked into by analysts by the way things looked from the emails alone. Like I said above, there may in fact be more as well as some of these may in fact not even have been put there by AntiSec to sweeten the conspiratorial pot. However, generally, it’s just amateur hour here and that is disturbing.
While the masses may be unaccustomed to the intelligence game, some of us out there know a little bit more about how it works. While the likes of Wikileaks rail about how they are all bad, using money and perhaps even sex to sway their sources, the reality is that this game has ALWAYS been played this way. Intelligence is a dirty business and crying about it in this way for me, is just naive on the part of WL and Anonymous. That said though, let me clarify for you all here and now, the data that was being collected via the emails dropped were not state secrets as a whole. In fact, this was much more TMZ than CIA.
This kind of information does have its place in real intelligence work, but, the idea of trying to make out that the things seen in this dump are at all akin to what the CIA really does is just laughable. As is the notion put out there by the emails that Stratfor thought they were “the shit” by paying assets that they could not really trust nor really had a good way of vetting. My question is just how many of those guys/girls took the money and just gave Stratfor a bill of goods? How many of these “sources” were actually just people making a buck and selling snake oil?
For that matter I half expected to see LIGATT listed as a source….
No, much more of what I was seeing in the emails was scuttlebutt or in fact OSINT of the lowest order. They were actually citing other news sources in their emails! Uhhh, yeah that is real INTEL there. Sure, today a lot of intel comes from the news because they are there and are quick to report it. Quicker than actual intelligence officers in the field, because, they are “in the field” and cannot just pick up a phone and call Langley. This stuff though, was just riddled with suppositions and half baked theories which I am now pretty sure, made it into finished reports… And that is sad.
Overall, my impressions from reading the emails and not seeing anything else bespeaks an organization that was hungry for money, willing to do what it took to give their clients “reports” and throw caution to the wind as to the veracity of their data. This is not an intelligence agency in any way and certainly should not be looked upon as any great threat.
Much Ado About Nothing
So, there you have it. It really is much ado about nothing. The emails show a certain callousness as well as a greedy disposition (8k for a background check/dossier on someone? Holy WTF indeed!) Generally, I would be more afraid that their data was faulty and full of half truths than real solid intel from sources that they have cultivated. In fact, I would go as far as to say someone like Jericho might want to check their stuff for plagiarism himself because I think they must have ripped off someone in the news somewhere along the way, but, that is just my theory.
This firm should be afraid now that it’s emails (if all theirs) show a company that is hamfisted in its approach to data collection and analysis as well as one that did not perform ANY due diligence for its customer’s sake. That last bit there is really really important as well. Any intelligence agency kids, would in fact perform the due diligence to protect their sources and their customers data. See, when real spies let stuff like that out or commingle it in email spools, people tend to die.
*Another point I meant to bring up earlier.. None of this stuff would appear all in one spool in a real intelligence operation*
This is all much ado about nothing and once again, the kids with Anonymous and Wikileaks have failed to understand the realities of the world that they now want to play in.
Intelligence.
Where Problems Do Come Up
Finally, I would like to enunciate the areas where I think there are large problems for Stratfor from this dump.
- Bad data and poor vetting of sources
- Bad OPSEC and Security Hygiene
- Lack of controls other than tags in emails for classifying data
- Lack of proper analysis of information collected
- An utter lack of equanimity in their analysis and collection
Lastly, this email covering the new capitol fund company that they started has me wondering. Would this not be insider trading using espionage? How is this not illegal? Really? You are going to start a new wing of business that is connected to your private intelligence firm that will profit from the collected intel you gather?
I suspect that the senate may want to look into that..
Oh.. Wait.. Seeing as they too are also in the throws of some insider trading scandal as well, maybe they will just leave that alone eh Fred?
I guess the lessons learned from this whole event are; Never trust a scorpion on your back crossing a river… And don’t take wooden nickles from Julian Assange. though, I guess Fred really says it all in one quote from an email linked below:
Therefore while Stratfor is committed to intelligence collection, it does not intend to be slavishly committed to it.
There you have it.. Pretty much covers the matter huh? Where’s Gordon Gekko when you need him huh?
K.
Sourcing Insights: http://wikileaks.org/gifiles/docs/97882_re-alpha-sourcing-insight-.html
EPIC QUOTE http://wikileaks.org/gifiles/docs/898587_draft-of-handbook-chapter-on-organization-.html
Krypt3ia 