Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘HUMINT’ Category

The Subtle Art of OSINT

with 14 comments

Recently, I have been barraged with requests about how OSINT works and how to actually carry out the work after talking about it on Cloak & Swagger. This post is a response on the tenets of the discipline as well as a basic how to. You all can download the documents I link to here as well as go out and locate tools such as Maltego (by Paterva) and attempt to use the precepts/tools to do your own OSINT gathering and analysis.

Many of you out there who read me though may in fact do this every day though. For you guys, well, hang in there.. Maybe check out the dox I linked because you may not have seen them before.

Otherwise, enjoy…

OSINT: Open Source Intelligence

OSINT: is the acronym for Open Source Intelligence and has been gaining steady purview in the internet age due to the ease of access to all kinds of information via the net.

Open-source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or classified sources); it is not related to open-source software or public intelligence.

From Wikipedia

The use of OSINT has grown within the private sector as well as has been a mainstay of the military and the intelligence services for years. Earlier on, these sources of information that were being culled and combed through by the likes of Langley, now can be easily done by the likes of you and I with a few tools on the web or applications that you can install on your machines at home. The key though to the whole process of OSINT is that it is a subtle art that needs its other half to be of real value to anyone. That other half of the picture is “Analysis” which is key to making assessments of the data you get from the open sources you are looking at.

Today it is common to see corporations using OSINT but perhaps calling it “Competitive Intelligence” Still though, the processes are OSINT much of the time. By researching various sources online and in the media, one can gain quite a bit of intelligence on a subject and be able to extrapolate a lot about what a company, individual, group, or country is up to and maybe where they are headed. Much of this type of data gathering (harvesting) is now going on as well tied to predictive analysis engines online (such as Silo.com or basistech etc) that ostensibly can “predict future actions” as they claim. However, the base idea of OSINT is to gather open source information to then analyse to generate reports on subjects…

Such analysis can also lead to predictive behaviour analysis and forecasts. It all depends on your goals as the analyst really.

Intelligence Analysis and Bias

Before delving into tools and methods, it is important to cover the “Analysis” part of the picture. Much of the time the data that you are gathering as an OSINT analyst can be confusing or perhaps even disinformation. One must be able to weed through facts, comments, data, and others analysis (news cycle) to then take all of what you have gathered and sift it for the core data you seek. Raw data has to be parsed and you, as the analyst must judge what is true and what is not as well as decide on the weights of the sources.

A key to this is to not be biased in your thinking when performing an OSINT analysis. An example of this may be something like looking at a Fox news report and taking it at face value. As we all pretty much know, Fox is not known for their stellar reporting nor their unbiased approach to “news” However, there may in fact be core kernels of data within their reporting that might be true. At the very least, the compare and contrast model has to be used and weighed as you collect data to create a whole picture on a subject. It was the “group think” issue that got the US into trouble within intelligence circles during the Bush Presidency (W) with regard to the WHIG (White House Iraq Group) It was a small cabal of like minded analysts under the direction of Dick Cheney, that led us quite astray on the topic of Saddam and CBRN materials.

It is important to conduct OSINT and analysis of the informatics that you get from the collection, in a broad minded way and not to get too stove piped in your thinking.. If you do, the intel that you generate will likely be incorrect.

Unravelling The Strands and Yanking

Much of the OSINT that I personally have been carrying out has been around persons of interest and not so much about governments. However, the “persons of interest” in fact may be part of a larger movement or group that could be equivalent to a government or a company in reality, so the macro and the micro are interconnected when doing this kind of work. Primarily, one has to be able to take a lot of data, sort it, mill it down, and then extrapolate the connections between people as well as motives etc.

Sometimes it is even necessary for the analyst to interact with the subjects in certain ways to confirm data. This means that the process is not a dead one, but the analyst must also be aware and able to interact with subjects as well. Think of the process overall though, as akin to being a reporter or a detective. You have to follow the clues, ask questions, and generally keep a log of everything to extrapolate from later on. It is also key that like any good detective or reporter, that you verify your sources and data.

It’s also easy to get lost in the data as well. So be aware when you are getting into the mindset of not seeing the forest for the trees so to speak…

Tools of The Trade

Google:

Much OSINT today can be gathered with something simple as a Google search. However, to leverage everything you can out of Google, one has to become adept at “Google Hacking” (i.e. key searches and strings that get you much more granular results) There are books on the subject out there you can buy, but here are some basic strings that may be of help.

  • site:.gov | .mil inurl:/FOUO/ filetype:pdf
  • site:.mil | .gov "FOUO" filetype:pdf
  • site:.mil | .gov FOUO filetype:pdf
  • site:.mil | .gov //SIGINT filetype:pdf
  • Filetypes can be just about anything .xls .pdf .txt etc.

Etc etc… You get the picture. You use the defined search parameters and go right after what you want. Of course for most pentesters this is also what you would use on any given domain you are attacking to see what flaws there are or what documents are available to give you the in to their systems. In the case of something like user ID’s or screen names it becomes a matter of doing concentric Google searches for the value you want.

  • Googling just a user name to start: “TNT_ON” for example
  • site: alfajr.com “TNT_ON”
  • “TNT_ON@hotmail.com” if you have the address

Alternatively you can also use Google alerts as well. This will perform key word searches and email you the results when the crawler locates them. This is handy when it comes right to you and you need not go searching for subjects (I have one set up for LIGATT) Thus I keep on top of things this way. All of this is probably within your repertoire already if you use Google regularly to do searches. The same types of strings apply not only to just keywords though, you can put whole sentences in (like if you were say looking into some plagiarism) Google will often spit out results where cut and pastes of articles have been put out there by others or in fact just RSS copied into feeds on other pages. By refining your searches though, you can narrow down quite a bit and winnow out the real data you want using Google.

The Wayback Machine:

Sometimes you run into searches that turn up sites that are archived online at Google (cache) but often times sites that are no longer online are in fact archived by the likes of the Wayback Machine. This site has been really helpful lately for sites that were around circa 2001 but were taken down since then by people who did not want to have their data out there any more. I recommend using this site to attempt to find the content if it is not online presently. You may in fact hit paydirt.

Social Media Search Tools:

Twitter, Facebook, Tumblr, etc are all great sources of information as people put a lot of stuff out there that they likely shouldn’t. This includes governments and companies as well. News sources also fall into this category, so the sites listed below grab all those from search engines like Google and perform key word searches then aggregate the data for you, often in graphical formats.

  • Silobreaker.com
  • recordedfuture.com
  • PasteLert.com
  • Socialmention.com
  • addictomatic.com
  • whostalking.com
  • kurrently.com
  • SamePoint.com
  • newsnow.co.uk

 WHOIS and other Tools … ROBTEX

Today it is easy to attempt to obfuscate who you are if you own a domain and you don’t want people to know who really owns it. This privacy shield though sometimes is an afterthought if one at all so, one can gain a great deal of information about a target or a piece of the puzzle by looking at the domain data. Many engines and sites exist out there and I would just Google around some more for the ones you like. Some of them are meta engines and will give you a lot of relational data to boot. One such site is Robtex.

Robtex is nice because it gives you a lot of info about the domain, the IP it sits on, the domain owner data, as well as things like what other domains reside on the same server space.

InfoSniper

Infosniper is a “geolocational” search engine for IP addresses and domains. This will give you a graphical picture of where a server resides physically. This ties into Google maps and comes in handy if you are seeking to lock down the location of a server in case say someone wants to serve a warrant on it. This becomes key in such things as terrorist investigations when jurisdiction is a matter of concern (US vs EU etc)

Maltego:

This is the big boy of the tool kits as far as I am concerned. Maltego by Paterva is a meta search engine and graphical/relational database tool that I use on a daily basis. Of course in some ways I am using Maltego kind of unconventionally but this, like I said, is the Swiss army knife of data collection and OSINT. With transforms being created every day, you get a plethora of data that can be sifted and winnowed down to a usable product.

I suggest anyone who wants to do OSINT get a copy of the CE client and work with it. Read the tutorials and be creative in their searches. *HINT* just by using the “phrase” search capability, you get a lot of hits that you can then focus in on. By removing data from the map that is extraneous, you can keep the data tight and not have a messy map as well. It is a process of using your brain though to delineate good from bad data, and that takes some investigation and some guess work at times.

Maltego and “Relational Mapping”  One of the nice things about Maltego is that it does a “weight based” mapping of data points. This allows you to look at the map (like the one at the top of this page) and see the connections between data points (or in the case of above, users) so you can see easily who talks to who, and what data is related to other data. This is something to get used to and to leverage heavily in OSINT. Often times you are looking for “connections” between disparate data and this is a key thing in say looking at terrorists and who they talk to for instance.

Paterva “Casefile”

Casefile is a new product by Paterva and it is a kind of “Maltego Light” in a way, however, it has one real advantage. It is really a kind of digital white board or “murder board” as you might call it (ala the police drama’s on TV) You can attach names and pictures to create “case files” on entities and I like this quite a bit. I wish though that they would port it to *nix for us people not wanting to use Micro$oft. I have yet to really play with this tool but I plan on implementing it soon to make some nifty case files that can be used in posts or sent on to clients.

Translate.google.com and other Online Translation Services

Today much of the content out there is in languages other than the one you might speak fluently. This is a problem for some even with the tools out there to translate the media for you. Google does an ok job at most languages, but when you get semantic challenges like Arabic to translate, it gets a little tricky. One has to take in what the text that comes back says in a loose way and try to interpret the meanings if the translation fails for you. The best thing though is to either speak the languages in question (unless you are a polyglot, that ain’t easy) you can rely on these tools to a certain extent.

Remember though, these tools rely on algorithms that do not usually take into account for slang and the nuances of linguistics so your mileage will vary greatly.

Paid Services for Public Information

Sometimes you have to pay for data. Yep, its true. Search out different sources online and you may be able to get public information for free from some states. However, the one stop shopper will go to a place like Intelius for data. It can be a bit pricey, but in the end it can also give you data you did not have before to use in further searches and to hone in on your target.

There Are Very Few “Schools” for This

Most of all, I wanted to let you all know that this is not something that is taught frequently. Most of the time you will only see this type of analysis and tutorials about it in the military sector under IO (information Operations) This is where I culled many documents and learned the ropes so to speak.

Reading Material

Much of the subtle art here is taught within the intelligence gathering units of the military or civilian services like the CIA. It is key that you pay attention to the “analysis” portion of this post as well. Analysis is the key factor here, without really paying attention and taking good notes (or making case files and maps) you will only end up with a blog of information that you may in fact misinterpret.

It is also very important that any analyst already have a good grasp of the targets that they are looking into (i.e. if you are looking at Islamic Jihad, then you need to understand the territory, the lingo, the ideals etc) unless you have a basis of knowledge to work from, you will be useless in gathering intelligence never mind actually developing analysis of what you locate.

All in all, play with the tools and footprint your targets.. Then extrapolate what you find into actionable intelligence.

K.

Written by Krypt3ia

2012/01/11 at 20:03

Posted in ELINT, HUMINT, OSINT, SIGINT

IMPORTANT SECURITY TIPS: Security Tips for Jihobbyists At Majahden

with 5 comments

Security Tips for Majahden2 Users and Jihobbyists

Important Security Tips from Majahden:

The boys at Majahden have been learning lately about how psyops, hacking, disinformation, and being pwn3d works. I suppose since Osama went to live in a pineapple under the sea, they have been taking stock of just how much information they are leaking on the boards out there on the internets. There have been a spate of timely deaths in the AQ camp of late as well as a few arrests, but really, the intelligence coup of finding OBL and whacking him has all the jihobbyists worried that they will be next.

Of course they should be worried, but not only because OBL was popped. You see, we have been inside their shit for some time now and they just did not know it I guess. I have written in the past about sites that I have been poking at and digging through and I know in the case of Al-faloja (may it rest un-peacefully) I was able to get quite a bit of data from them. Since Al-Faloja fell down and went boom, there have been many site re-vamps by many a phpBB admin but they still seem to be on the whole, lacking the skills to really secure their shit.

Oopsies!

So, from their sooper sekret squirrel lair we have the following text from the above screen shot on majahden entitled “Important Security Tips” From this post I can say that they have been learning though. The tips are good and if followed it will make it just a teensy bit harder to track them and eventually have them picked up. Here are some good ones:

  • Trust no one: See a new member asking all kinds of questions about going to jihad? Be wary of them they may be spies
  • Use internet cafe’s to log in and post to the boards because they can track your IP address
  • DO NOT use just one internet cafe! Move around and make sure that you go outside your usual area (where you live)
  • Use a PROXY at the cafe!
  • Be careful though at the cafe because they are on the lookout for swarthy types like us!
  • NEVER give out your real information to ANY forum! (i.e. Bday, phone, etc)
  • Beware of files published to the forums! They could be malware!
  • Beware of popup installs like Java on the boards, they are not proper and likely a means to compromise you!
  • Beware people asking you to email them from the forum (use the message program on the board)
  • DO NOT RE-USE PASSWORDS!
  • Be careful what information (personal) you put on the site
  • Be careful about posting anecdotes about seeing this or that imam speak (places you in a place and a time)

AND Finally, in the FUNNIEST note of the list;

  • This is not a dating site! You want to make friends do that separately from the jihadi forums.

*snort*

In all, these warnings are good solid rules of the road for anyone going anywhere on the internet never mind on a jihadi board being audited by the likes of moi. Just from a privacy standpoint these types of suggestions are valid as well and should be the standard for anyone not wanting their identity stolen or their stuff hacked easily. This however, is pretty new to all of these guys and are the rudiments of SECOPS for them. Up til now, they have been not following any of these precepts, and to have to say this is not a dating site? Well, that kinda says it all to me hehe.

Meanwhile another tasty tidbit came up from the same site and this one is a little more interesting. The above screen cap is for a posting called “Deceptive methods to extract information” and it covers primarily the idea of snitches being placed in cells at camps to elicit information from jihadi’s. Now, this is nothing new to anyone who has had a diet of movies or TV here in the US, but perhaps it is a new one for these guys. Informants in the form of turncoat prisoners or actual agents from the likes of the CIA etc, have been standard operations to get information without the enemy knowing it.

This post is written by someone though who has had first hand experience with being detained. They go on to describe very specific scenarios and methods to evade giving up information to the “birds” as they are calling them.  (I think they mean stool pigeons) The writer gives suggestions on how to detect the turncoats and or to deal with the interrogators methods in trying to cajole information from them. All in all, this is an interesting read that comes across as someone who has had direct experience and understands PSYOPS.

The Take Away:

These posts and others within the site have me thinking that they are starting to become a bit more sophisticated in their efforts online. There are numerous tutorials now on chaining Tor and proxy-ing as well as the use of crypto and other security oriented programs. TNT_ON has been busy posting more tutorials as well as lauding Younis Tsouli (aka irhabi007, now in jail) as the progenitor of the jihadi hacking scene. All I can really say is that it is maturing and we need to step up our efforts with regard to them.

With the new invigoration within the cyber-jihadi community since OBL’s great pineapple adventure, they have taken up the gauntlet not only to hack but to wage a cyber-propaganda campaign like never before. Presently, the jihadi’s on Majahden and other sites have been spinning up and creating numerous Facebook sites that conform to standards that will fly under the FB radar (FB has been pulling sites down just about as fast as they could put them up) this has become the new “stealth jihad” They are making the effort now to have innocent front pages that lead to many other more hidden pages containing hardcore jihadi content. This is something that was being espoused last year on the boards and is now coming into acceptance as the main modus operandi. This way they can have their content and not get it 0wned or taken down by the likes of Facebook or Blogspot.

Since the advent of the LulzSec crew, it just seems that we all have been focused elsewhere.. Time to wake up and go back to working these fools. I say it is time to start a program of 0day infected dox that will be downloaded from all those sharing sites that these guys love. Remember the whole cupcake thing with Inspire? I say we do it en masse for as many sites as we can. Added to this, we should also be using many more approaches such as PSYOPS, Disinformation, and all out penetration of their servers… No matter where they sit.

But that’s just me… I also think that perhaps the NSA might have that already covered… One wonders…

At the very least, we should keep an eye on these sites.. If not for the lulz, then for taking them down once and for all.

K.

The Curious Case of The Deputy Attache at FBI, Sofia, Bulgaria on LinkedIn

with 5 comments

A friend messaged me this morning asking if I had ever heard of Pauline Roberts, who had been added to their LinkedIn. Having some resources at my disposal, I agreed to take a look and see just who this person may in fact be if not really the person she purports to be. In looking into Pauline’s past, I was unable to confirm ANY of her past references including the FBI. Now, this may in fact mean that this is a cut out account for someone looking to garner access to others with information they desire. This is the same type of action that the likes of Anna Chapman was undertaking with some of her compatriots as an “illegal” for the SVR while living in the United States.

In short, gathering intelligence and making connections via LinkedIn as well as other online and offline ways.

Back to Ms or Mrs, Roberts though. Her profile presents some interesting paradoxes that piqued my interest as well as set off the alarms for my friend.

  1. She is retired but using LinkedIn to make connections?
  2. She is incredibly open on her past with the FBI inclusive of her time as a ‘Deputy Attaché’ in Sofia at the end of her career.
  3. Her job history though (not seen in image above) includes being in TV news and Journalism at WKBN in Ohio but lists it as ‘law enforcement’
  4. Her photo on the LinkedIn has been shopped (background) and poorly.. Why?
  5. A general search of her name (married name) turned up nothing even in the government domains

On the face of it, it seems as though this profile may be a fake. Upon doing some good old detective work though, I managed to confirm that Pauline did in fact work at WKBN and was the News Director from an email exchange with someone who was there at the time. Furthermore, I asked the key question of whether or not she had left WKBN to go to Quantico for training and the answer was yes.

So.. It would seem that this is indeed Pauline Roberts formerly of the FBI and most recently an attaché in Sofia Bulgaria… But.. I still have questions about the profile and why so much information would be put out there. Especially for someone who did all of the things that this one claims. Imagine being a spook and then just putting up a LinkedIn page naming every station you worked at over the years.

That is not in my mind a good SECOP posture.

This all begs the question though about LinkedIn and social media in general. Just how much information do you really want out there? Is this somewhere you want to lay out such details of this kind of career (even a past one now..though recent) out there for everyone? On the flip side, all of us out there too may be the targets of campaigns to gather data about us and where we work in order for someone to gather intelligence (corporate or otherwise) So, it is important that you take into account just what you do and how much information you give out on sites like this.

As for my friend, well, on the face of it, she is real… Adding her is up to you… If she is the real deal though, could be a real asset having her in the list.. Or, maybe not given the SECOPS picture here..

K.

Written by Krypt3ia

2011/06/22 at 19:34

Posted in Cut-Outs, HUMINT, INTEL, SECOPS

Lulz, Jester, and Counterintelligence On The Internet

with 8 comments

Escalation:

I once wrote a blog post about ‘escalation’ and it seems that my fears are coming true as the Lulz Boat keeps making waves across the Internet. Between Lulzsec, Jester, Anonymous, and now God knows who else, we are seeing a re-birth of the 90’s anarchy hacking. However, since so much has changed network wise since the 90’s its been amplified a thousand fold. What has spun out of all the hacking (hactivism, vigilantism, whatever you want to call it) is that we are seeing just how a counter-intelligence operation is carried out. Th3j35t3r and his friends at Web-Ninjas’s are carrying out this counter-intelligence program and posting their findings on Lulzsecexposed as well as on th3j35t3rs own site on word-press.

To date, their efforts have not seemed to have either slowed Lulzsec’s antics, nor generated any federal arrests of anyone involved. However, I think it important to note the methods being used here to attempt to put faces to names in the lulz crew.

The LulzSec Problem:

The problem with trying to track lulzsec members is primarily the technologies that they are using prevent getting a real idea of where and who they are. By using VPN technologies, proxies, and compromised systems in the wild, they have been able to keep their true identities from being exposed in a more meaningful way other than screen names. Due to the problems of digital attribution, the governments of the world cannot quite get their hands around who these people are nor, would they be able to prove such in a court of law at the present time without solid digital forensics on the end users machines.

In the case of Lulzsec and Anonymous, they are not using just one system but many types of systems to protect their anonymity. Thus, with the right tools and obfuscation, they feel impervious to attack from anyone, be they government, law enforcement, or the likes of Th3j35t3r. Tactically, they have the advantage in many ways and it would take one of two types of attacks, if not both simultaneously, to take the Lulzsec and Anonymous core group down. The attacks I mention are these:

1) A direct attack on their IRC servers that host the secret C&C channels

2) Insertion of ‘agent provocateurs’ into the C&C of Lulzsec and Anonymous (as recently alluded to with the FBI stat that one in 4 hackers are CI’s recently)

I actually would suggest that both avenues of attack would have the best effect along with a healthy program of disinformation and PSYOPS to keep the adversary unbalanced and malleable. Which leads me to my next section.. The methods of attack.

Counter-Intelligence:

An overall category, Counter-Intelligence ranges all of the afore-mentioned types of attacks. In the case of Lulzsec, anyone could be a member within the community that encompasses info-sec or anonymous. Hell, Jester could actually know some of these people in real life just as well as you the reader might and never know it if the member never talks about it. I imagine it’s kind of like Fight Club;

The first rule of Fight Club is, you do not talk about Fight Club. #2 – The second rule of Fight Club is, you DO NOT talk about Fight Club. 

If anyone talks, they could end up in some serious shit and in this case, disappeared pretty quickly if the governments in question get their hands on them. This is especially true now that they have hit the FBI and CIA with their attacks and derision… But I digress. The key here is that because no one knows who is who or is talking about it, it is very analogous to the idea of a mole hunt or counter intelligence operations that seek to locate spies within the community (such as within the CIA) There are whole divisions in the CIA and FBI as well as other places that are solely devoted to this type of war of attrition.

I believe that it is a counter-intelligence operation that will win the day though in the battle against Lulzsec or any other like minded adversary. Winning that battle will take the following types of sub operations as well.

PSYOPS & Disinformation:

PSYOPS and Disinformation work together to unbalance the adversary as well as spin the masses toward compliance or action. In the case of LulzSec, this type of activity is already ongoing with their own ‘Manifesto‘ and other publicity that they have put out. They want to spin opinion and generate adoration as well as fear, both of these are in evidence within the media cycle and the public’s perception of who and what they are. Where I am seeing both types of activity on Lulzsec’s part, I can also see within the actions of jester and the Web Ninja’s as well.

On the part of LulzSec, the following psychological operations and disinformation campaigns can be seen:

  • For each alleged ‘outing’ of a member, they make claims that these are not core members of their group (note, they do not make claim to the anonymous model of headless operations) such outed persons who can be connected to them are merely underlings in open IRC channels
  • Affecting accents and 4chan speak to attempt to hide their real patterns of writing and mannerisms
  • A claim to having battles with 4chan and /b/ as well as Anonymous while they seem much more aligned to them (distancing)
  • The use of agent provocateurs against Jester within his own coterie of followers and open IRC channel
  • The use of flash mobs (abuse) within Jester’s open IRC channel
  • Leveraging the fact that they are anonymous (in concept) and due to the technology today, virtually untouchable

On the part of Jester we have the following operational tactics used so far:

  • The outing of individuals believed to be core members of the group (no matter if correct, will prompt a reaction from Lulzsec that may be telling)
  • The use of agent provocateurs to place disinformation as well as gather intel on the adversary (Lulzsec) which can be seen in leaked IRC chat transcripts
  • The creation of analogous groups such as the Web Ninja’s to work against LulzSec
  • Leveraging the fact that he is just as anonymous (in concept) as they are and due to the technology today, virtually untouchable

It seems from both sides of the battle, that these types of actions are being used to mislead and gain the edge over the other. In the case of Jester, I am pretty sure that this is an overt thing. While, on the other hand, with Lulzsec, I see it as a reactionary set of measures to attempt to keep themselves from being exposed as to who and where they are. As this continues, I am willing to hazard that even more players are playing a part in this war, quietly, and those would be the government operatives looking for an in to take the Lulz down. Of course, the government has been pretty quiet about Lulzsec haven’t they? One wonders just what they are up to.. If anything at all.

Of course, the NSA may just be the dark horse here… And the Lulz won’t know what hit them.

Then it will be over.

Development of Sources:

One of the more tradecraft oriented things that must be going on is the use of sources or getting assets into positions to be inside the Lulz Boat. I am sure that there are players out there sidling up to the right users on the IRC boards in an attempt to get into the inner circle of LulzSec as well as Anonymous. These assets are likely to be working for the government but I can also see someone like Jester using the same tactic, if not posing himself as the asset. Due to the nature of the problems of tracking these people, this is the best way to get close to the Lulz and to gather raw intelligence on them. After all, even if not fully trusted, an asset can gather important data on the actions of the Lulz and be there when they make a crucial mistake.

The other side of that coin may be people who have been outed and were in fact affiliated with the Lulz. This is where the FBI has a forte in turning hackers into informants by allowing them to work for them instead of just being put in a hole somewhere. It has happened in the past (carders for example) and likely is the case in the Lulz affair. After all, some have been ‘vanned’ already in Anonymous circles and I have yet to hear about any real solid court cases being filed.. So.. One tends to think that there is a bit of cooperation going on with those who have been popped already for being suspected ‘anons’

In the case of the Lulz, we have yet to see or hear of anyone being taken into custody for being afiliated with the Lulz.. But, the day is young especially of late.

Habits Will Be Their Downfall:

Overall, I would say from what I have seen in IRC and in other data located out there on key user names, that human nature and habits will be the downfall of the Lulz. People have habits and these can be leveraged to attack them. No one is perfect and none of these people to my knowledge have been trained to avoid the pitfalls of habit that a trained operative would. Insofar as the Jester seems to have hit the mark in a few cases is telling that people are leaking data. Either the Lulz themselves have been careless (as they harp on password re-use, I harp on user name re-use) or they have indeed  been infiltrated by assets of the enemy, or, have decided to go down another less dangerous path in hopes of not being prosecuted.

Habitual behaviour too is not only action, but mannerisms, thought processes, and enunciation of motives. Just as coders tend to code in specific ways that can be used as ‘digital DNA’ so too can writing patterns, speech, etc even when attempted to be clothed in 4chan speak. As well, the habits of human nature to be trusting will too be their downfall. After all, unless this is a one person operation, there are many links in the chain that could and will be exploited. As people seem to be dropping off of the Lulz Boat (per Jester’s data) they will need new blood to keep the Lulz going, and that means that they will have to recruit, vet, and eventually trust someone…

And that is where the counter-intelligence operation will seal the deal… The phrase “Trust No One” just cannot be a reality in any operation. This is why they sometimes fail, because you trust the wrong person.

Over Reliance On Technology:

In the meantime, the Lulz seem to be relying quite a bit on technologies that are rapidly becoming susceptible to attacks by those who want to capture or stop them. The use of Anonymous proxies like Tor, while effective now, are also compromise-able from a few different perspectives. The technology may be solid, but the pressures legally on those who run them may in fact lead to compromise. Just as any of these avenues of anonymization that are out there could in fact be just honey-pots to capture data. A case in point would be Tor, which was a Navy project to begin with and anyone who has set up an exit node, can in fact sniff the traffic for data that may be helpful in getting a lock on a user.

Additionally, any other means of technology like cloud services that are hosting their data or facilitating anything the Lulz do, could potentially be compromised if the right people are involved *cough NSA cough* that have the latitude to do what they like. Given today’s surprising numbers of laws being passed that erode all of our rights to privacy, I should think that the days are numbered for the Lulz on the technical playground as the boys at Ft. Meade start getting their orders to lock and load.

Never trust so much in technologies that YOU do not run solely yourself.. Remember the government can make any company that MITM attacker and YOU the attacked.

The End:

In the end, I think that the Lulz have pointed out that ‘Elephant with its trunk in out collective coffee” but at what price? Will this change the paradigm and make the government care about security in a more cogent way? No. Instead they will come up with tougher laws and more ways to invade privacy by shortcutting the process. Sure, shit is out there and it is vulnerable, but you know what? It always will be. If it isn’t some very low hanging fruit like SQLi then it will be 0day. There will always be a way in. That is just the nature of things and the Lulz will have shifted paradigm.. Because truly, the Lulz will be on LulzSec, emotionally charged and sorry for their actions… While sitting in jail.

K.

*EDIT* Oh and one more thing to add here as an afterthought. I may remind you all that as the laws are changing and the Patriot Act has been re-signed. The Lulz, having upped the ante, can easily be considered ‘Domestic Terrorists” This would place them in even a more precarious place because then, the legal gloves come off….

One man’s Domestic Terrorist is another man’s “Enemy Combatant”

The Post Bin-Laden World

with 4 comments

Well, it finally happened. OBL is ostensibly dead, though we have no real proof of that for the masses to see, but we are being told as much and that there have been DNA matches made. As you are all being barraged with I am sure, the salient points of the operation are these:

  • OBL was not in the kush, but instead in a populated area situated about an hour outside of Islamabad Pakistan
  • The compound was built in 2005 and has been under surveillance for some time
  • The compound was located in an area that was off limits to the reapers and other drones, thus they thought they were secure
  • The compound was about half a mile away from the Pakistani military version of West Point
  • The courier that OBL trusted most was the one who led us to him. He was in turn alleged to have been outed by KSM in Gitmo under “interrogation” as well as others in CIA ghost sites
  • Once the CIA had the pseudonym it took about two years to actually get his real name and then to locate him
  • Once we had a lock on enough data to place OBL there, the go code was given to neutralise OBL (he was not to be captured)
  • SEAL Team SIX confiscated more than 3 computers from the premises and I am sure those have been sent already to the NSA for decrypt/forensics
  • OBL’s body and any photos of it have been deep six’d so as not to give the jihadi’s anything to work with for Nasheeds and other propaganda
  • It was old fashioned intelligence work and a SPECOPS team that eventually got him… Not just fancy drones and technology

All in all, Sunday was a good day for SPECOPS, the CIA, and the U.S. So, what does this mean though for the GWOT and for all of us now?

AQ’s Response:

So far, I have seen very little chatter on the jihadi boards whatsoever. In fact, it has been downright quiet out there. I think there is a mix of disbelief and a bit of fear out there that is keeping them quiet. Just as there has been no body provided or photo’s thereof, they all must be waiting on an announcement from AQ as to the loss. However, I don’t expect that announcement to be soon. I am sure Ayman has been scuttled off somewhere ‘safe’ and the rest of the thought leadership (what’s left that is) is wondering just where to go from here.

Much of the inactivity on the part of AQ also likely is due to their loss of computers that likely held A LOT of data that were taken by the SEAL’s at exfiltration. I would assume that much of what was left of their internal network has been compromised by this loss and when the systems are cracked and examined, there will be more raids coming. So, they all are likely bugging out, changing identities if possible and burning the rest of the network to prevent blowback.

Frankly, this is a real death blow to AQ itself no matter how autonomous the network cells have become. Though, OBL had been less the public face of things for some time with Ayman taking up the face roll. Time will tell just what happens to the AQ zeitgeist in its original form, but I think I already know what has happened, and it has been going on for some time…

In the end, I don’t expect a real response from AQ proper and if anything, I expect a feeble one from Ayman in a few days. Remember, Ayman is not well liked within many jihadi circles, so the succession of AQ is likely to have Ayman try, but I think in the end fail to be the new OBL.

AQAP and Anwar al-Awlaki the new thought leaders:

Meanwhile, I believe this is the new AQ. AQAP has been developing a base that includes the whole Inspire Magazine machine. Anwar Al-Awlaki has been the titular head of jihadi thought for some time now, but with the demise of OBL and AQ proper, he will be the lightning rod I suspect. I think also that we will be hearing from him very soon and with that audio, no doubt released by Al-Malahem, he will take the spot that OBL and Ayman did. Whether that will be at the behest or acquiescence of Ayman or not I cannot be sure.

Awlaki is frankly, the charismatic Americanized version of OBL that will be able to and has been, moving the western takfiri’s to jihad with his fiery speeches. With his team of younger, hipper, and technically savvy, he will have a better chance of activating the youth movements and gaining the respect of the older set.

AQ Attacks:

I frankly do not see any major attacks coming from AQ proper in the near future that would rival 9/11. However, I do see the potential for some attacks in Pakistan/Afghanistan/Iraq from operators using shahid attacks. I do believe though, that they will be working on larger scale attacks as they are patient and have a real desire now to avenge OBL.

Time will tell on this, but I do not think that operationally, AQ is in a position to really do anything of merit at this time. This is specifically so because OBL’s computers and data have been captured and as I said before, the networks are likely broken.

AQAP Attacks:

AQAP though, is an entity unto itself and I can see them putting together another parcel bomb plot pretty quickly. The last plot (the one with the toner cartridges) was put together in short order and had a very low cost, so I think if anyone, AQAP has a better chance of actuating a plan and carrying it off.

Of course, they may not succeed just like the last time. In some ways though, we got lucky on that one as the Saud’s got intel that they shared foiling the plot.

Lone Wolves:

This is the one I think most viable and worry about. The disparate crazy loners who have self radicalized to jihad are the ones likely to do something bonkers. These guys may not have the training, may not have the infrastructure, but, they make up for it all in sheer whack nutty-ness.

The one thing about this is that I suspect that these folks will be the ones here in the states. So soft targets will be a premium (malls, games, etc)

Moving Forward:

The next week is going to be interesting. As time goes on, and the AQ networks begin to settle, then I am sure we will see some response from them. Meanwhile, I will continue to monitor the boards and see what’s what.

I do though want to recommend that you all out there keep your wits about you as you are out and about in soft targets like malls, games, and other gathering places. If anything, its that lone wolf actor who may try something and those would be targets they would choose for maximum effect.

More when I have it.

K

Rumblings On Stuxnet’s Potential for A Chernobyl Style Incident at Bushehr

leave a comment »

 

A source called me over the weekend and alluded to some intel concerning the Bushehr nuclear plant with regard to Stuxnet. Of course you all out there are probably sick of hearing about Stuxnet (especially the infosec/IW community) but, I thought this was interesting and should drop a post. My source says that certain people in the know are worried about the whole stuxnet operation from the point of view that it was released into systems that, to the creators of the operation, were not completely understood. That is to say that Iran, being as hard to get intel on, may have had configurations or issues that the creators and implementors of Stuxnet did not account for and could indeed have caused a larger catastrophe with the malware.

This is now making the rounds quietly in certain areas of the media, but, I want to call your attention to this article that I found on payvand.com. In it, a nuclear expert speaks about the potential for a nuclear accident due to the design specs of the reactor at Bushehr and the fact that the Russians reported that they were removing the nuclear material from the reactor recently.

From: Dr. Sadeq Rabbani, Former Deputy of the Nuclear Energy Organization

The Russians claim that they were obliged to remove the fuel from the Bushehr nuclear reactor in order to replace a part that was installed during the time the Germans were managing the construction of the plant. It should be noted that according to the contract with Russia for construction of the Bushehr plant, the Russians replaced all inner parts of the reactor and presented a new design. In the German model, a vertical design was used, but the Russians adopted the horizontal model. This means that the created problem was not related to the inner parts of the German-designed reactor.

So the Russians were paid for the construction of the Bushehr reactor and have also changed the design. Now the problem is whether the Russians were wrong in their design. It is unlikely that the Russians were wrong in their design, because this is not the first plant that they have constructed, and their experience is valuable.

There remains only the Stuxnet virus that Iran denies has been able to affect the Bushehr facilitates. So, if we assume that the Iranian authorities are right, the Russians are playing with us by delaying the launch of the Bushehr plant, and want to continue to delay launching it.

My source, who has connections with various people in the know, says that there is a higher potential that since the German design and build was overtaken by the Russians, that they may in fact have introduced flaws within the system that “could” lead to a Chernobyl style event if something like Stuxnet had infected other PLC systems. Of course this is a blanket concern with malware on the level of Stuxnet anyway is it not? Of course, Stuxnet was particularly targeted to the Siemens systems for enrichment but, there is always a chance of undesired effects to potentially other systems.

This is not to say that there have been or are other systems that have been compromised by Stuxnet… That we know of.

Ostensibly, Stuxnet was aimed at the weapons facilities but, one must not think that the weapons facilities and the nuclear power program were kept apart by a firewall, for the lack of a better term. I am willing to bet that the two are connected both semantically as well as functionally, and in that, the systems that play a key role may have too. IF Stuxnet travelled to the Bushehr systems, what ‘could’ be the import here? Just as well, what would the design of the reactor play as a part to hastening a large nuclear accident?

The article above goes on to say that Dr. Rabbani does not believe that the design and implementation of the Bushehr reactor is likely to cause an issue. Others though have been saying the opposite. Including my source. All that is really known at this point are the following things;

  • When Stuxnet hit Iran claimed that they were just fine! However, reports internally at the nuclear facilities and universities proved otherwise. That the malware was running rampant and they were trying and failing to exterminate it.
  • The design and implementation of the nuclear reactor had been started by the Germans (Siemens) and then stopped for many years. Then the Russians picked up where the Germans left off. It is possible that the design changes and or builds on to previous versions could have flaws in them that might make for vulnerabilities.
  • The Russians have removed the nuclear materials and the program is steadily losing ground to delay.

All in all, the unforeseen circumstances of malware like Stuxnet may indeed have caused issues at Bushehr, or, they could have been a calculated thing. Perhaps this is just Iran being careful out of paranoia as fallout from the incident. In either scenario, we win out in that the programs are being delayed. However, the worry that my source intoned was that they may not have considered the possibilities of collateral damage and just how bad they could be if the reactor had gone online and melted down. Of course, this is after seeing everything that is happening in Fukushima, so it’s on many minds.

My source went on to ask the question; “This would have to have a presidential order wouldn’t it as an operation?” The answer to that is yes. It is also quite likely that this operation was set forth by the previous administration (Bush) and, well, we know just how well thought out that presidency was huh? To my source, I say be careful in speaking about this. To all of you out there reading this I say keep your eyes peeled, there’s bound to be more fallout.

K.

Anonymous #HQ: Inside The Anonymous Secret War Room

with 7 comments

John Cook and Adrian Chen — Dissident members of the internet hacktivist group Anonymous, tired of what they call the mob’s “unpatriotic” ways, have provided law enforcement with chat logs of the group’s leadership planning crimes, as well as what they say are key members’ identities. They also gave them to us.

The chat logs, which cover several days in February immediately after the group hacked into internet security firm HBGary’s e-mail accounts, offer a fascinating look inside the hivemind’s organization and culture.

  • Sabu
  • Kayla
  • Laurelai,
  • Avunit,
  • Entropy,
  • Topiary,
  • Tflow
  • Marduk
  • Metric
  • A5h3r4

So, Hubris/A5h3r4/Metric have broken into the inner circle of at least one cell of Anonymous. I say cell because I do not think that these users are the actual full scale leaders of Anonymous, instead, as I have said before, there are cell’s of Anon’s that perform operations sporadically. These folks, if the chat transcripts are true, are the ones just behind the HBGary hack and at least one of them, with the Gawker hack.

Once again, I will reiterate here that I think Anonymous is more like a splinter cell operation than anything else. There is an aegis from the whole as an idea, but, they break off into packs for their personal attacks, or whatever turns them on. They coalesce into a unit when they feel moved to, but, they do not overall, just get together and act without direction on the part or parts of leaders.

The example below of the transcripts for #HQ show that these characters though, are a little high on themselves after the hack on HBG… And you know what happens when you don’t pay attention to the hubris factor. You get cocky and you get burned. As you can see below, some of them are at least nervous about being popped or infiltrated.. Those would be the smart ones…

04:44 <&Sabu> who the fuck wrote that doc
04:45 <&Sabu> remove that shit from existence
04:45 <&Sabu> first off there is no hierachy or leadership, and thus an operations manual is not needed

[snip]

04:46 <&Sabu> shit like this is where the feds will get american anons on rico act abuse and other organized crime laws
04:47 <@Laurelai> yeah well you could have done 100 times more effective shit with HBgary
04:47 <@Laurelai> gratted what we got was good
04:47 <&Sabu> if you’re so fucking talented why didn’t you root them yourselves?
04:47 <@Laurelai> but it could have been done alot better
04:47 <&Sabu> also we had a time restraint
04:48 <&Sabu> and as far as I know, considering I’m the one that did the op, I rooted their boxes, cracked their hashes, owned their emails and social engineered their admins in hours
04:48 <&Sabu> your manual is irrelevent.

[snip]

04:51 <&Sabu> ok who authored this ridiculous “OPERATIONS” doc?
04:51 <@Laurelai> look the guideline isnt for you
04:51 <&Sabu> because I’m about to start owning nigg3rs
04:51 <&marduk> authorized???
04:52 <@Laurelai> its just an idea to kick around
04:52 <@Laurelai> start talking
04:52 <&Sabu> for who? the feds?
04:52 <&marduk> its not any official doc, it is something that Laurelai wrote up.. and it is for.. others
04:52 <&marduk> on anonops
04:52 <&Sabu> rofl
04:52 <@Laurelai> just idea
04:52 <@Laurelai> ideas
04:52 <&Sabu> man
04:52 <&marduk> at least that is how i understand it
04:52 <@Laurelai> to talk over
04:53 <&Sabu> le sigh
04:53 <&marduk> mmmm why are we so in a bad mood?
04:53 <&Sabu> my nigga look at that doc
04:53 <&Sabu> and how ridiculous it is

[snip]

04:54 <&marduk> look, i think it was made with good intentions. and it is nothing you need to follow, if you dont like it, it is your good right
04:55 <&Sabu> no fuck that. its docs like this that WHEN LEAKED makes us look like an ORGANIZED CRIME ORGANIZATION

My observations though have always been that the groups would be infiltrated by someone and then outed. It seems that this may indeed be the case here if the data is indeed real. It seems to me that a certain j35t3r said much the same before, that he could and did indeed infiltrate the ranks, and had their data. Perhaps J has something to do with this? Perhaps not… Still, the principle is sound.

  1. Infiltrate
  2. Gather INTEL
  3. Create maps of connections
  4. Report

It would seem also that these guys are liminally aware of the fact that their actions can be seen as a conspiracy and that the government will not only get them on hacks potentially, but also use the conspiracy angle to effectively hogtie them in court. Let me tell you kids, there is no perfect hack… Well unless the target is so inept as to have absolutely no logging and does not even know for a very long time that they had been compromised.. Then the likelihood of being found out is slimmer, but, you guys popped and then outed HBG pretty darn quick.

I am willing to bet there are breadcrumbs.. And, those said breadcrumbs are being looked at by folks at some three letter agencies as I write this. You see kids, you pissed in the wrong pool when it comes to vindictiveness. I agree that HBG was up to bad shit and needed to be stopped, but, look at the types of things they were planning. Do you really think that they are above retaliation in other ways than just legal? After all, they were setting up their own digital plumbers division here huh?

Anyway… Just sayin…

Back on topic here with the Backtrace folks and the logs. I have looked at the screen names given and have come to the conclusion that they are all generic enough that I could not get a real lock on anything with Maltego. I had some interesting things pop up when you link them all together, but, overall not enough to do anything meaningful. The other issue is that Maltego, like any tool using search engines and data points, became clogged with new relational data from the articles going wide. I hate it when the data is muddied because of this.

So, yeah, these names are not unique enough to give solid hits. Others though who have been re-using nicks online as well as within the confines of Anonops, well that is another story. I just have this feeling that there are larger drift nets out there now hoovering all you say and do on those anon sites, even if they are in the .eu space. I still have to wonder if any of those IRC servers have been compromised yet by certain intelligence agencies.

One wonders too if China might also be playing in this area… How better to sow discontent and destabilize than to use a proxy like Anonymous for operations?

For that matter.. How about the CIA?

NSA?

Think on it… Wouldn’t Anonymous make a perfect false flag cover operation?

For now, I am going to sit and watch. I would like to see the full chat transcripts though. Now that would be interesting.

“May you live in interesting times”

Indeed.

K.

The force with no name: By Antonia Zerbisias of The Star

leave a comment »

 

 

The force with no name


What’s the ISI’s Interest in Aafia Siddiqui?

leave a comment »



ABC News reported today that Pakistan attempted to exchange CIA contractor Raymond Davis for convicted al Qaeda operative Aafia Siddiqui. This should come as no surprise, as speculation about a possible prisoner exchange first appeared in the Pakistani press just days after Davis’ arrest. ABC News reports:

The government of Pakistan offered to trade a CIA contractor currently jailed in that country for a Pakistani neuroscientist suspected by U.S. intelligence to be an al Qaeda operative.According to a senior American administration official and a Pakistani official involved in the negotiations to free CIA contractor Raymond Davis, the Pakistani government proposed trading Davis for Aafia Siddiqui, an MIT-educated Pakistani neuroscientist currently serving 86 years in federal prison for attempted murder.

The offer was immediately dismissed by the U.S. government. “The Pakistanis have raised it,” the U.S. official said. “We are not going to pursue it.”

Keep in mind that Aafia Siddiqui, who has been dubbed “Lady al Qaeda” by the press, was sentenced to 86 years in prison by a US jury in September 2010 for attempting to kill US troops in Afghanistan after being captured in Ghazni province. Siddiqi had close links to al Qaeda operational commander Khalid Sheikh Mohammed and was involved in several plots to attack the US homeland. From Thomas Joscelyn’s report on Siddiqui:

According to an indictment prepared by US prosecutors, Siddiqui had “various documents, various chemicals, and a computer thumb drive, among other things” in her possession when she was arrested. Handwritten notes she was carrying referred to a “mass casualty attack” and listed “various locations in the United States, including Plum Island, the Empire State Building, the Statue of Liberty, Wall Street, and the Brooklyn Bridge.”In addition, according to the indictment, “certain notes referred to the construction of ‘dirty bombs,’ chemical and biological weapons, and other explosives.” The notes “discussed mortality rates associated with certain of these weapons and explosives.”

Still other notes “referred to various ways to attack ‘enemies,’ including by destroying reconnaissance drones, using underwater bombs, and using gliders.”

Siddiqui’s computer thumb drive contained contained “correspondence that referred to specific ‘cells’ and ‘attacks’ by certain ‘cells’,” as well as documents discussing “recruitment and training.”

The notes and documents in Siddiqui’s possession reveal that she was most likely still involved in al Qaeda’s plotting against the US Homeland at the time of her capture. She apparently did not give up, even though many of her co-conspirators had been rolled up following KSM’s detention.

So what’s the interest for Pakistan to obtain Aafia Siddiqui in exchange for Mr. Devis? Could this be seen as an exchange of spies? I wonder if the ISI would like to get hold of Aafia to keep her from perhaps giving up data on their connections to AQ. After all, she is related to KSM through an uncle and it would seem, through her allegiance to AQ and Jihad. It would also seem that she may have been a key player in AQ from her having a usb thumbdrive with all kinds of technical goodies on it.

That Aafia was not sent to Gitmo is also an interesting turn, her attack on the interrogators, however, 5 years of her life cannot be accounted for, and this should be of great interest to the FBI and other anti terror entities. What was she up to and where was she post her 2003 disappearance? Why would she not be sent to Gitmo as opposed to the 86 year term she got for assault with intent?

Can one maybe say cooperation?

All I know is that Aafia had plans on that little thumbdrive for Plum Island. She had the schooling and the know how to put together a weapon of mass destruction and plans for Plum Island… And she is serving 86 years for assault.

Things that make you go “hmmmm”

K

 

Written by Krypt3ia

2011/03/01 at 12:02

British Airway Al Qaeda Mole: The IT Connection

leave a comment »

Rajib Karim

A British Airways computer expert who plotted to blow up a plane has been found guilty of terror charges.

Rajib Karim, 31, from Newcastle, used his job to access information for radical cleric Anwar al-Awlaki, Woolwich Crown Court heard.

He denied four charges, including sharing information of use to hate groups.

But after four days of deliberations, the jury found him guilty of all four charges.

Karim was committed to an “extreme jihadist cause” and determined to become a martyr, jurors were told.

The Bangladeshi national, who moved with his wife and son to Newcastle in 2006, had already admitted being involved in the production of a terrorist group’s video.

Joined gymKarim, a privately-educated IT expert from Dhaka, became a supporter of the extremist organisation Jammat-ul Mujahideen Bangladesh (JMB) after being influenced by his younger brother Tehzeeb, the court heard.

He was described as a “mild-mannered, well-educated and respectful” man who hid his hatred for Western ways from colleagues by joining a gym, playing football and never airing extreme views.

But at the same time he was using his access to the airline’s offices in Newcastle and at Heathrow to spread confidential information.

After gaining a post-graduate job at BA in 2007, Karim held secret meetings with fellow Islamic extremists at Heathrow and, in 2009, began communicating with al-Awlaki from his home in Brunton Lane.

After the verdict, Home Secretary Theresa May said: “The fact that Karim has been found guilty of such a heinous plot shows why we will never be complacent.

“I want to thank the police and the security service for their hard work in this complex case.

“We know that we face a serious threat from terrorism and national security remains this government’s top priority.”

Colin Gibbs, counter terrorism lawyer for the Crown Prosecution Service, added: “The most chilling element of this case is probably the fact that Karim tried to enrol as cabin crew and anyone can imagine how horrific the consequences of this could have been, had he succeeded.

“Karim’s deep determination to plan terror attacks whatever the cost was frightening.

‘Coded messages'”He found a position as a software engineer, which the prosecution said he considered the perfect job, giving an opportunity sooner or later to fulfil his deadly objective.”

Deputy assistant commissioner of the Metropolitan Police, Stuart Osborne, added: “Although Rajib Karim went to great lengths to disguise his activities, experts from the Metropolitan Police Service Counter Terrorism Command spent nine months decrypting 300 coded messages found on his computer hard drive.

“It was the most sophisticated decryption task of its kind ever undertaken by the Met’s Counter Terrorism Command.

“This painstaking work gave detectives access to a body of material, which exposed Rajib Karim’s terrorist activities and led to today’s conviction.”

Karim is due to be sentenced on 18 March.

Well, here you have it. This is what I have been talking about for a while now, AQ learning to insert technical moles into positions to do us harm. This guy may be a fluke in that he could have just been in the right place at the right time, but, I think that AQ placed him where he was caught.

What’s even more interesting to me is that this guy was using his technical skills to give out important intel on Heathrow and BA’s systems to AQAP. What better way than to insert a technically capable mole who is also willing to be a shahid to do the most damage? The jihadi’s are getting more nimble and using espionage techniques to up their game. They have learned the value of technology and just how much we are all at its mercy today.

If this doesn’t ring the warning bell not only for all CT efforts, it should at the very least do so for the airlines and the airports out there. This guy had insider knowledge and access to the systems and networks that also house the baggage scanners, passenger lists, and other security methods at Heathrow.

So, how was he caught I wonder.. Perhaps as he was talking to Al Alawki online? From this one might infer that Alawki’s comm’s are pretty much tapped huh? Yeah, I would guess that…

K