Archive for the ‘Infowar’ Category
OilRig Games: Dumping IOC’s, Tools, and Deets on Iran
NARRATIVE:
On March 26th 2019 an account on Telegram named لب دوخته گان (sealed lips) “Labdookhtegan1″ began dropping details on OilRig aka Muddywaters APT group on Twitter. The data that this account dropped consisted of names, details of the actors allegedly behind OilRig/APT34, and screen shots and details of compromised systems and tools being used by Iran. Since March the actors involved in dropping the dime have gone on to create two darknet sites as well as three accounts on Telegram where they dropped much of the same data. The Telegram and the successive Dookhtegan1 account(s) on Twitter also put out a video with their announcement. The video consists of clips of President Obama making a speech much like the kind of thing you see in movies threatening someone using sound bytes.
Analytics on Dookhtegan:
- Dookhtegan لب دوخته گان “sealed lips” as an image and a maxim was the creation of Mehdy Kavousi, an Iranian immigrant in the Netherlands who is protesting immigrant deportations. The image is famous and literally shows Mehdy with lips sewn together in protest.
- The original photo has been shopped by many including the actors here creating these accounts and dropping data
- Dookhtegan is only one of many accounts
- labdookhtegan
- labdookhtegan1
- Green_leaks
- Green_Leakers
- Bl4ck_B0x
- The data drops all included Farsi commentary as well as English
- The backstopping of the data is tied to actual compromised system addresses and files of malware
- Interestingly, the translations of Farsi to English seem to imply that the writer is not a native speaker of Farsi
DATA DROPPED:
The data dropped by these guys is rather splashy. They have named names of at least six guys and two companies in Iran they claim are part of MOIS/IRGC actor group
- Omid_Palvayeh
- alireza_ebrahimi
- mohamad masoomi
- saeid shahrab
- taha mahdi tavakoli
- Noorsec —>Sec Company
- Rahacrop –> Sec Company/School
All of the actors dossiers are included in my zipped drop below for you all to oggle. OSINT on these guys may come later but for now I am kinda meh, they are blown.
FILES DROPPED:
Labdookhtegan1 dropped many files as proofs of their work and outing of the IRGC. These included such things as passwords to compromised systems, tools they used, and other proofs to show IRGC activities on the following places of interest (see list pictured) The targets pretty much show activities in the middle east and areas that the IRGC would like to attack. Of course I am not seeing any US assets nor other areas, which, is rather interesting no? More on this in the context and timing section below….
I am currently looking at the technical tools and may have an update later on with tech details but for now, be happy with Uncle Krypt3ia’s gift of all the files and dox in one zip!
CONTEXT OF TIMING:
Right! So, the timing of these drops is rather convenient for the US huh? I mean, even as we speak Donny and his mustachioed pal Bolty are looking to maybe attack Iran for whatever reasons they have. The actors here try to make a case that perhaps they are in fact Turks, but I am kinda not buying that at all and the touches with “sealed lips” aka Mehdy Kavousi is also a nod toward some sympathy for Iranian immigrant feelings on deportation and feeling silenced. This too I am not buying, so once again that brings us back to the whole idea of “Cui Bono” and for me who really benefits here on so many levels would be America and the NSA perhaps or CyberCOMMAND?
So picture this… We decide to drop dox and TTP’s on Iran in the REGION as a means to blow IRGC out of the water and re-tool as we are ramping up for maybe some action in the region and we need, oh, let’s say, a receptive audience(s) in said region to help us were we to get kinetic with Iran. How’s that play for you all? It certainly plays for me. This is a stick that likely is dual edged and wins for us in my opinion. After all, the IRGC is in the regions playing their games as always, but the skinny recently is that IRGC messaged all their proxies and took them off the leash, and more to the point, in Iraq.
Think about that kids….
Say, didn’t we just pull out all our State folks from Iraq?
Why yes we did… Gee… WHO KNEW?!?!
Ponder that.
ASSESSMENT:
Overall these are interesting times and if you are in the game here and want to have all the fun bits, download the zip file with all the things. You’re welcome. I am glad to put it all in one place for you to have instead of playing games with all the companies out there trying to get you to buy their content while hiding the good shit behind a paywall. My assessment is this, that the players have been exposed, the companies they work for have been blown, and we all likely have much more to dig into now and coming soon. In fact a little birdie told me about a new dump this morning (yes it is in the zip file) so WHEEEEEEE!
Watch Iran and the region… I have a bad feeling.
K.
PS! I almost forgot.. I found some of the malware online in VT/Hybrid
https://app.any.run/tasks/a74d0d54-a996-4ae0-979f-675bbdd3bbad/
https://app.any.run/tasks/69ad1f9f-9dc4-475e-8762-b31283f314f1/
Enjoy!
PPS! Almost forgot.. These cats even created a LinkedIN page for one of the burned!
*giggle*
SOFWERX Presentation: Your Algorithms Won’t Save You: Why We Need More Sociology and Psychology in The Fight Against Online Disinformation & Propaganda
Here is the deck from yesterday’s presentation at the SOFWERX Radial Speakers Series on Information Warfare:
Your Algorithms Won’t Save You
Video will be available from SOFWERX
USA Really: New IRA Troll Farm Site and Twitter Account
So this morning I saw a tweet come across the feed by RVAWonk that was proclaiming that the IRA was back with a new site and the fuckery was pretty much just naked on their part. In the article she goes over the salient technical details of the site and the accounts. It also has another nice linked post that does a bit more in that area as well and I recommend you all read that too. However, I took a bit of a deeper dive looking at the site itself and it’s coding as well as did some Maltego mapping of it and the Twitter account. My overall take on all of that is pretty much “meh” … What really intrigues me and has been bothering me for some time now is that everyone is busy mapping all this shit but the fact of the matter is that mapping does not stop the cognitive dissonance that the Russians are playing on to win this game.
The Russians here are basically at a point where they aren’t even trying to hide the fact that the site is a Russian propaganda/disinformation effort and this is the important fact we all seem to be missing in this community. This shit works and even though most people do not have the technical abilities to look deeper into the code and the domains, it is pretty plain when you look at the site itself where they use Cyrillic and Russian in their image names and such that it is in fact a Russian operation.
We will all likely go down the rabbit hole on the how many followers they have on Twitter and who they follow. We will collate all the data and sift it and parse it all to put out reports on how they did this. My problem though is that we can investigate the shit out of this all we want but unless we come up with strategies to deny, degrade, or destroy the content, it will reach those tribalists out there who want it and the damage of 2016 will continue on unabated. What’s even more galling here is that the Russians have basically pulled a Babe Ruth by announcing this site and putting it out there so flagrantly with cyrillic in it and on domains owned by a russian domain hosting service. In reality they just gave us the bird and we are now going to just have to sit by and watch as they inflame the Trumpists to hopefully affect the mid terms with this crap.
Of course maybe Twitter will catch on here and swat this account offline? You hear me Jack? … *tap tap* this thing on?
Oh well, so there’s a new site and it seems they have also employed an SEO in there as well. The site has a lot of means to track posts, likes, geolocations etc as well. I have mirrored the whole site and am still poking through the code. The SEO is a new old site too with an anonymous domain resister back in April of this year that likely is also the Russian’s doing as well. I am sure many of the community will keep an eye on it as we go along so someone will eventually write about this as well with rapt verbiage not really doing anything about the problem as well.
So here’s my thing, we are all spending all this time nattering on about it but what can we do to stop such propaganda sites and Twitter accounts from spreading the mind virus? If we cannot stop them, how can we innoculate the general public from the effects of such mental plagues? These are the questions we should be asking and I just don’t hear it happening. I know that it is a rich and difficult problem dealing with the psyche and cognitive dissonance but we really need to lay off all the techno babble and focus on real solutions. Solutions that conern the human animal, not the technology kids. The Russians already know this and they are leveraging it. I mean, how much more blatant do they have to be? How about they just post billboards now in Cyrillic for Trump in all those Trump states?
Focus people.
K.
Industrial Society and Its Future (1995) & Our Socio-Technology Woes Today
With Manhunt Unabomber on TV recently which I binged, I have been thinking about old Ted and his ideals behind the madness he was pushing. I would like to state up front that I do believe that Ted is clinically mentally ill and that manifested itself when he finally went into seclusion. What happened over the years that followed was an unbalanced reaction to ideas that have a core of truth though and many people actually see the same kernels of insight that I am going to talk about here. I have just finished re-reading the manifesto that he got the papers to publish under threat in 1995 and clipped some passages for you to see here without having to read the tome yourselves.
Where I want to direct this post though is about the problems we have today with technology that Ted seemed to foresee and also to extend a little further into the social issues that we have seen played out in our recent election cycle and the probable attacks on the one upcoming in 2018. Ted touched on some of the sociological and more human issues of technologies and systems in his manifesto but for the most part he was taking a very rigid stance that all technology is bad for human beings and the environment. He had some interesting ideas on sociology specifically on left wing and right wing personalities and ideals that, well, he get’s all wrong frankly, but I feel it is important to mention. Though he got it wrong and his opinions on motivations was, well, very 1950’s, you can see some of what he is talking about in what has been playing out with the alt-right movement.
Ted is misdiagnosing people’s motivations likely tinged with his own issues psychologically so his assessment is flawed. However, if you read above you can see something there if you align it to the alt-right today. They feel inferior in that they lack the power, or, lacked the power until Trump was put into power by their minority of thirty odd percent of the vote. Anyway, Ted goes on for a fair bit on this and I will not bore you with it as it is not overly germane to this post, but I thought you should at least get a glimpse here. Ted, you got leftists and right wing all wrong dude. Of course this was within the first pages of his manifesto and he really does not get to the technology part until section 114 or so where we want to be.
In 114 Ted starts to talk about “the system” which means all technologies to him I think, but if you look at it from the perspective of a political system as well, you can see something that maybe we all have felt. How many of you have thought about voting and come to the conclusion that your vote doesn’t count? I have, in fact in the last election I almost did not vote because I just felt that the system was rigged. In rigged I mean districts were gerrymandered, back door deals are all in play, and possibly even the election machines had been hacked because, as we all know in the security circle here, they are so weak in security mechanisms to be laughable to hack. In effect, these systems, both technological and rule based were inherently made untrustworthy by the system of politics. We have had our real autonomy and ability of action removed from us through the system and it’s rules …So why bother voting if it’s a foregone conclusion and there is no foreseeable change right?
Another area of thought that Ted writes about that seems to be a companion to the above section is once again your power is taken from you because the government or the system. In Ted’s mind it is the technology at the bottom of all this but here again he is making what I would consider more a political or societal argument. In that conservatives really want states rights over big government, I for one cannot extricate this paragraph from the notion today that the right wing would like to take away the power of the people locally as well as nation wide even with “small government” Honestly some of their thought processes are rife with cognitive dissonance but the goals seem to be “we are in control because we have the money and the power and you should just do what we say” Anyway, it is just another system and technology today only enhances the control as far as I can see. Of course we are also seeing that with things like Anonymous and the internet, the power can be interrupted with the application of the right technologies as well huh?
Here Ted is talking about the system taking over the individual to perpetuate the “system” and if you read this with an eye to today’s concerns over jobs and the rise of the Trumpists, you can see a parallel right? If the systems are now creating supply chains that are automated enough to not need human intervention for function, then we lose jobs right? Of course Trump really doesn’t cover this notion completely in favor of jingoism over borders and immigrants taking over our jobs but the real reality is that automation is doing this as well as tax games that move companies overseas. I sometimes wonder how the future will look if we do not educate our people better and these systems just function without the need for under educated workers, will we see more of this unrest that leads to another Trump?
If you have seen Manhunt Unabomber, then you will recognize the imagery that they used at the end concerning free will and systems of control. Ted takes it to the nth degree but the reality is that systems do control our actions but once again you have to accept that control and accede to it to be controlled. The very core of hackers and hacking is the notion that we can subvert the systems to make them do things they were not meant to do right? In the case of the stop light and the philosophical questions over being part of a system or controlled by one is very interesting. You all should ponder this as hackers and persons within a series of systems both technical and logical and consider your position here as well. I think we are at a cross roads here post 2016 and the use of technologies and systems of governance where one might feel like Ted a bit. What control do we really have when you could opt out of the system but the masses don’t? Look at what has happened when a small percentage of people in this country gamed the electoral system to elect Trump over the clear popular vote. The system has control over the lot of us and there isn’t very much we can do as we have seen if those in power, a small group, is in control of all our fates.
It makes one have thoughts about hacking systems… What does it mean? Can it be done? Should it?
In 130 and 147 here we have an important point from 1995 kids about the uses of technology as a form of control. Take that paragraph in and think about where we are today and what we have seen since 2001. We have fetishized technology in the name of freedom today. We have autonomous drones, cameras, NSA systems that monitor everything, and lest we forget our own abdication of our personal information and privacy for the new shiny phone or application. Collectively we have allowed our own security and privacy to be degraded for shiny things. What’s even more interesting is that those in the know, the one’s who have the capabilities to secure their private information may never really be able to completely do so because the systems are so prevalent that our data is out there anyway, just one breach away from being publicly available for sale on the darknet. I have often had thoughts about just backing away from the technology, but then my lizard brain just says “you can do this, you can secure your shit with crypto and all the things”
That’s delusional thinking.
Look at what played out in 2016 and then try to convince yourself that you can control the system enough to be immune.
Geez I am starting to sound like Neo.
Anyway, all of this manifesto reading has given me perspective on things in 2018. Ted had some ideas that are valid but he was unstable and decided to act on them to save humanity in the wrong way. Frankly he should have just lived in that cabin and kept to himself and paid no attention to the outside world. This is the crux of the problem though, could he? It seems like he lived on the fringes of society and he knew he could not go full mountain man and live off the land so he did what he did. Herein lies the problem though for us all. Unless you have the wherewithal to live fully off the land then you have to deal with technology and society right? So here we are, how many of you out there could just walk into the woods and live? I find it funny that a lot of our zombie shows pretty much deal with this issue and we are eating it up. Deep down we all know that if society broke down and technology stopped, we would have to fight for everything to survive. Many of us wouldn’t be able to handle it and there would be a lot of attrition.
As we move forward with AI and more technologies that are supposed to make our lives easier, we are also infantilizing ourselves, separating ourselves from communities, and giving away certain aspects of ourselves to the machine. So I can understand some of what Ted was saying …I am just not mentally unstable enough to want to live in a shack and make little packages of explosives. I do however have my moments when I as; “What are we doing here?” I have written posts on Stratfor about hybrid warfare counter programs and honestly between the pervasiveness of the technology and the cognitive dissonance of those who use it I can see no good options for countering it. Is the answer then to just leave Twitter and Facebook? Is the answer to just not surf the net and read a book from a library? Or do you double down and work the system like a hacker and try to get some sanity?
K.
2018: Active Measures and Hybrid Warfare Possibilities
With 2018 just hours away I thought I would add to the cacophony of posts on what you might see in the year to come, but in my case this is the black swan edition of NATSEC for the new year. There will be in my opinion no way that the Russian’s up the ante on active measures and hybrid warfare on the United States in the next year especially since there will be elections for Congress. Elections that will likely lessen Russia’s grip on the country if the Democrats can actually be a majority and control the possible investigations that are ongoing today.
Of course even if there weren’t an election coming the Russians and possibly others would still continue to stoke the active measure fires because it serves their ultimate purpose of making the US inert politically on the world stage. The whole point of these actions is to divide us and to lessen our ability to counter Russia in their global machinations. Overall, it is likely to be a wild ride next year and this primer may help you comprehend what might actually be happening.
Definitions
Active Measures Definition: (Russian: активные мероприятия) is a Soviet term for the actions of political warfare conducted by the Soviet and Russian security services (Cheka, OGPU, NKVD, KGB, FSB) to influence the course of world events, in addition to collecting intelligence and producing “politically correct” assessment of it.
Information Warfare Definition: Information warfare (IW) is a concept involving the battlespace use and management of information and communication technology in pursuit of a competitive advantage over an opponent.
Propaganda: Information, especially of a biased or misleading nature, used to promote or publicize a particular political cause or point of view.
Kompromat: kompromat. Literal meaning. compromising materials. In Russian politics, Kompromat, literally “compromising material”, is damaging information about a politician or other public figure used to create negative publicity, for blackmail, or for ensuring loyalty.
Hybrid Warfare Definition: Hybrid warfare is a military strategy that blends conventional warfare, irregular warfare and cyberwarfare. … There are a variety of terms used to refer to the hybrid war concept: hybrid war, hybrid warfare, hybrid threat, or hybrid adversary (as well as non-linear war, non-traditional war or special war).
The Players:
I want you all to consider that it will not only be Russia playing “Patriot Games” *wink wink* with us all in 2018, but also the other players who likely will be part of the larger picture here. Russia is a given, but as we have seen of late, the GOP seems to be playing much of the same cards that the Russians have against us in the last couple years. The GOP has taken their playbook and augmented it with Trump’s particular brand of crazy as well. Ultimately we have gone through the looking glass because the Russian’s active measures worked. We are now in a “post truth” and “alternative facts” universe which has caused many unable to parse out the reality of things to just either shut down or buy into their narratives whole hog.
- Russia: will continue to attack reality and cause more fissures within our people and our government.
- GOP: Will adapt the Russian and Trumpian playbook as well. They have done plenty of dirty tricks in the past, but now, they are armed with a tactical info nuke.
- Third Parties: China, Iran, others, all will have their reasons to continue and extend the fissures and use them to their advantage.
There are many players who may want to get in on this game to serve their own purposes. Remember this as you try to sort all of it out as it happens.
Attacks
So I am going to throw out some scenarios or attack models here for you to consider. Some or all of these may happen in 2018. Maybe none will happen… Who am I trying to kid here! In any case, consider these as possible attacks and you may even see variations on these themes.
Sub Operations: HYBRID WAR
As we have seen a recent uptick in this activity already, and I am not sure of our SOSUS capabilities anymore, we have to consider that attacks may come from these little sub visits. Now, if you are up on your sub history, the Jimmy Carter (SSN-23) was one of the subs that tapped RU comms. As we have tapped post SORM traffic, the Russians are likely doing the same with the fiber that is on the bottom of the ocean as well. These kinds of listening operations are pretty standard, but consider now that the Russians have stepped this up might signal more possible scenarios. By shaping traffic, cutting traffic, or injecting things into it, the Russians could have quite the little advantage.
- Subs intercepting (tapping) traffic
- Subs ability to leave a dead mans switch or active kinetic measures to cut cable
- Subs tapping allowing to add data to streams and or advance hacks
Hacks and Disinformation Operations: INFOWAR
The hack on the DNC servers was a pretty standard affair using phishing mails and then exploitation of the systems therein once they got a foothold. What data was exfiltrated though, and how it was parsed out and weaponized was the old new trick the US could not foresee evidently. The Russians have been carrying out this kind of warfare for years on Estonia and Ukraine as well as other countries that they feel the need to destabilize. We saw a fair amount of this in our election cycle in 2016 and you should expect more in 2018. In fact I would hazard to say that the operations are already in progress and data is being collected even as I type this.
- Hacks on news systems
- Insert fake stories to cause chaos and to delegitimize the org
- Cause chaos and uncertainty (broadcast primarily but also news sites like CNN’s page)
- Hacks on EAM systems (Emergency Action Message) There have been recent hacks on these systems by hackers but imagine a nation wide alert set by Russia?
- Cause panic
- Cause DoS on telco and other systems
- Spur over action by government and populace
- BGP re-routes
- Ability to disrupt news
- Ability to disrupt C&C
- Ability to insert data into C&C
- Leaks
- More governmental leaks
- Personal leaks (kompromat)
- Leaks of doctored documents (Disinformation Operations)
- Trolls armies
- News sites
- Comments sections
- As we saw on the Net Neutrality comment site, these attacks can be leveraged against any public comment topic. So imagine it being used on the White House site (that is if the Trump admin hadn’t basically killed that function already)
- Radio commenters
- AM/SW radio broadcasts
HUMINT/Asset Recruitment
Ah yes, one of my favorite categories… As an old school guy who was around before the computer was so ubiquitous, this form of espionage was the thing. Of course the NSA had signals intel, radio, bugging, etc, but good old human assets can do quite a bit and should still be a thing. Today I would say that in tandem with the active measures attacks that we have seen and will see in 2018, you can count on more human assets being activated. These can be trolls that are real people who take on personae online as well as players within the system who have been recruited or turned.
- Asset recruitment of GOP players
- Asset recruitment of proxy group individuals
- Kompromat use
Kinetic Attacks by Proxy Operations
Kinetic attacks are not as likely but given that things are getting out of hand, and may get even more out of control, I thought it prudent to add this. What I mean by kinetic attacks by proxies is simply that the actors could incite groups and individuals to violent action. We saw in 2017 the Nazi (alt-right) movement’s rise and in that, we saw violence perpetrated as well as at least one death by a Nazi running down a protester. This type of activity is standard operations really in the history of espionage and active measures both by Russia and by the US. If you doubt the US has done such things you should look up our interventions in South America in the past.
- Insert proxy actors to actualize physical attacks
- Use groups like KKK and others to initiate more kinetic actions like bombings and confrontations
- Cause over reaction on populace part
- Cause over reaction by local and federal governments
- Over reactions like martial law or other types of crack downs
- Likely to cause further surveillance tactics and programs
Digital Attacks That Lead To Kinetic Results
And the attack du jour of late, the cyber attacks that cause kinetic effects! Honestly there is no evidence of there being a possible wide scale attack being carried out successfully on the US grid, but, there is always a chance. Of course smaller scale attacks in regions could be possible and carried out to great effect. The effect I speak of would be to perhaps hinder voting, but more so to sow chaos and uncertainty in the population. If you strike the right balance, you could even tailor an attack to lead people to a certain political actor as they run a narrative that gives assurance of reciprocity etc.
I know, now it’s sounding all Manchurian Candidate huh? Well, look at Trump and what happened and then think about it again. He has been pretty much using the Russians playbook that he was given by Putin so it’s not so inconceivable.
- Power: Power goes down
- Water: Water stops flowing or becomes tainted
- Telco: Cells go down
- Media: No news in an emergency with any of the other situations people will freak
- Internet Infrastructure (as mentioned above in attacks on cables) No communications, freaking populace
Well, those are some of the scenarios I can foresee. I am sure there will be plenty of others that I could not even imagine today. Suffice to say that we will be under attack again with more vigor specifically by the Russians and the GOP in hopes that they will keep their seats. All of us just need to strap in for the Krazy Ivan to come. Just remember to be judicious in your consuming of media and always think before you freak.
Happy New Year!
K.
DNC Hack: The Flying Fickle Finger of Fate and Intelligence Analysis
I had some Tweet conversations this morning that led me to a need to make yet another post on the DNC hack debacle. @Viss and @mr0x20wednesday both struck up a conversation after I posted a link to the NYT article on the consensus that is growing within the government that Russia carried out the hack. The consensus building is coming from assessment by the CIA while the FBI has initiated an investigation into the hack and the subsequent dump of data to Wikileaks and to the web via the wordpress account for Guccifer2.0. It is important to take note of the previous statement I make here about who is “assessing” and who is “investigating” and that is something people in the general population do not quite grok much of the time. The FBI attempts to prove things in court and the CIA generates analysis and assessment to help leaders make decisions. These are two different things and I want you all in INFOSEC to understand this when you start to have conversations about spooky things like the hack on the DNC and the subsequent possible propaganda, psyops, and disinformation campaigns that may ensue.
I recently wrote a more irreverent post while I was in a more Hunter S. Thompson state of mind concerning American politiks and the mess we are in, but the core idea that Russia carried off this hack and the actions after it still hold true for me. Many of you out there are reacting more like how I reacted when the Sony attack happened and once again I also find myself asking the same questions and having the same concerns over attribution versus solid evidence. There are many issues at play here though that you have to take into account when dealing with an action like the Sony or DNC hacks where information warfare or “cyber war” are concerned. Most of the considerations you have to make surround the classification of much of what you might get in the way of evidence to start with never mind about the circumspect nature of attribution that is being released to the media. At the end of the day my question to the FBI was “Show me proof” which is their job right? FBI is part of the DOJ and should be leading to charges right? Well, none were proffered by the Obama administration, some sanctions were laid on DPRK but no charges, unlike the wanted posters for the Chinese agents that the FBI laid out for hacks and thefts of data. There is a distinct difference here and that is evidence that can be presented in a court versus attribution and analysis by companies like FireEye and Crowdstrike. True, both those firms can prove certain things but primarily, as you all know out there, attribution is hard to prove so it really stops at analysis, more like the intelligence agencies content and mission.
So where does that leave us with regard to the DNC hack? Well, the attribution data presented first off may only be a portion of what Crowdstrike may have. Other portions may in fact have been classified or asked to be held back by the government (I’d say pretty likely here) and may some day be revealed. If the Sony hack is any indication though of this process, not so much. I am still unaware of any real conclusive evidence of Sony’s hack being DPRK but like I said, the US government sanctioned DPRK over it. It is not likely the government and the president would do so without some more solid evidence but one must consider “sources and methods” when dealing with international intrigue like this right? Don’t like that? Well, get used to it because you are going to see more and more of this as we move into the golden age of nation state hacking and covert action. There will be things you John Q. Public, will never know and will be classified for a good long time. Just take a stroll through the Spy Museum in the cyber war section and look at some of those code names. I bet you haven’t heard of some of them and at least one of them, some of us, were VERY surprised to see on that wall already.
But I digress…
At the end of the day though I have to go with previous experience, Occams Razor, and a sense of Cui Bono concerning the DNC hack/dump/manipulation. Some may argue that the GRU and KGB (yes, once again old agencies don’t die, they just change names 😉 ) would not be as sloppy as to leave the breadcrumbs that are being found by Crowdstrike and others. I would remind you to look at at the last big operation that we busted in the US by the KGB as well as the recent posting of selfies by a KGB graduating class as examples of “everyone fucks up” For that matter, shall we mention our own CIA’s debacle with the Pizza Hut? Every agency screws up and every hacker does too. Humans and human nature insure that things will get messed up, there are no perfect operations. In this case the assets involved likely had access to the DNC as well as the RNC but decided to use this data to influence the elections in a manner that they could get away with it easily. This is the nature of spying, politics, and geopolitics, take a look at the history of the CIA and dirty tricks in the politics of South America and then picture it if they were doing the same (hint, they are) today in the cyber age.
That’s right kids, there have been other dumps and hacks. Perhaps some of those too were the US? Think about it.
Russia and Putin have been gerrymandering elsewhere, money and influence operations have always been around. Now consider yourself to be Putin and you have an operation that gave you easily funnelled information to the likes of Julian Assange and Wikileaks! Even more enticing, the fact that you all know that attribution is hard to prove in hacking! What do you have to lose if you are Putin or anyone else? So, if you look at how this plays out, and what more may play out come October, who, what nation, would have the most to benefit if we actually had trump in office?
Think… The answer is ANYONE who would like to take America down a peg and have more possible influence on world politics.
If you look though at the rhetoric by Trump you can in fact see that the big dog in the room would be Putin though. Just think about it! How much more power and sway would Putin have if Trump were in office and dismembers NATO? Come on now kids, think about it. Ask yourselves “Cui Bono?” here. So stop the quibbling about the attribution and the finger pointing. Take the analysis by the CIA and others as well as the eventual data the FBI comes up with and start looking to how can we fix the problems here? There are so many problems though that I too get disheartened. The political system is broken, the information systems are not properly protected, and we run headlong into creating more weaponized code? It is enough to make a man drink.
Ooh good idea…
Dr. K.
The DNC Hack: SVR? KGB? GRU? Lone Hacker?
Attribution Games:
I grow more and more weary of the attribution games being played in INFOSEC and the DNC hack is just another in a cavalcade of epic missing the point parades. Since the “scoop” given to WaPo by Crowdstrike, there has been a flurry of allegations, revelations, and throwing of attribution dice akin to a basement game of Magic The Gathering repleate with summoning!
“I summon the Russian GRU!”
“I summon the LONE ACTOR!”
“I summon the KGB!”
*slaps down cards on table* TAKE THAT!
The reality here is that there are more than a few games going on here. Think about it, Crowdstrike gets a media coup by selling this story to WaPo, who just happens to have been banned by the Orange Julius of our time, presidential candidate Donald Trump! WaPo jumps on this like a child on a fresh tit and runs with the attribution story and sets the world on fire for Donny boy with the release that the DNC not only was hacked but that his dirty laundry may be in the hands of Kommisar Putin!
“Whoa”
So, first let’s set aside the whole issue of marketing, which is akin for me, to choking on a hairball left from that chick in “Ringu” and move on to the veracity of the attribution as well as the real need to name and shame here. I for one can believe that the two nation state actors software and activities were found by Crowdstrike on the DNC systems. The fact that there are two disparate groups from the same nation state is interesting in itself. I guess they are not really talking to each other and given the state of affairs there in Russia I can see this as being a true accounting. However, I can also see my way to there being third, fourth, fith, sixtieth actors also in the network or having had been in the past as well. Face it, these are government systems who usually go to the lowest bidder right? This was likely the Diagon Alley of Democratic networks.
So, to say that it was only these two actors might be a stretch. There is room for doubt and after the dump by “Guccifer2” as they are calling themselves, it is easier to think that perhaps there is more to the story than what we have been given by the media, the DNC, and Crowdstrike. That the documents are legit on the wordpress site by Gucci and that they seem to be pretty well stamped down on metadata, one can’t make too many assumptions.. Oh, yeah, but everyone is! At the end of the day for me, even though I will play the game a little bit below the fold here, the real issues should be how the hackers did it, and fixing the behaviors of the DNC to stop it from happening for a year or two at a time in the future. Not so much pointing at Russia and yelling; “YOU TOOK OUR SHIT! BAD POOTY! BAD!”
Put another way… I eagerly await the FBI warrants and 10 most wanted cyber listings for the Russian actors they have all this attribution on … I suspect I will be waiting the rest of my life for that one kids… Just sayin. This was mostly about marketing as far as I am concerned and I have to give them props for working that one. Sales must be up in the government area now because of this caper right?
Metadata and Cyrillic:
Meanwhile, after the WaPo story hit the wires the “lone hacker” created his wordpress site and dropped dox as we say on the intertubes. Shortly after the drop people were inspecting, detecting, infecting, and making circles and arrows with captions on the back to describe what you were seeing! … And the conspiracy theory machine went into overdrive. Pwnallthethings made some good comments on the metadata in the dropped dox but really, concluding that this is a Russian disinformation operation from metadata stripped documents on the idea that the machine name was cyrillic for Felix Dzerzhinsky (Феликс Эдмундович) Really? Now that is fucking SOLID work man! Stellar! FUCK LET’S GO BOMB RUSSIA NOW!
NAILED IT!
You know at least Crowdstrike has like actual data, ya know, C2’s, malware, and shit like that. Anything else is totally speculative, I mean even more speculative than most attribution that these companies make with real data! Anyway, I took a look at the metadata on the documents and here is what I have found…
- Much of the data was stamped out in saving from format to format
- Emails of users though were still embedded in the excel files
- The word docs have no more metadata than the Iron Felix machine name save, which, gee, kinda leads one to wonder…
- The image files have no metadata.. none.. niente clean.
- Grizzli777 is just someone who pirates
Yep, not a lot to see there and people are hanging their collective hats on the deliberate placement of Феликс Эдмундович as the machine name to it’s quite OBVIOUSLY being Mother Russia’s exclusive secret services.
*squint.. takes drag of cigarette*
So here’s my assessment…. Maybe Russia did it… OR Maybe this actor is the real thing and happens to want to take credit. The facts that this person(s) reads, writes, has, cyrillic on their machine and names it after the founder of the KGB is as reliable a means to saying it was Russia as it is to say that aliens built the pyramid because people just were fucking too stupid back then!
All of this hoo ha really means nothing. The fact of the matter is that now Donny’s dirty dirt is open source!
YAAAAY!
Wait.. I read it.. What the shit people? REALLY? THAT’S ALL YOU HAD HILLARY? COME ON!
It doesn’t matter who did it really.. Horse is out of the barn and the barn is on fire kids. So please, stop with all the wankery and move on to the next hack ok?
DATA:
Motivation Analysis and Hypothesis
RIGHT! Well now I want to play the attribution/motivation/game of clue too! So here goes…
Imagine if you will that Russia did do it. Imagine also that Gucci2 is still Russia’s services performing a disinfo campain against Crowdstrike. Now imagine why would they be doing that? Why would they drop Donny’s dox AND all the other fun stuff for the Clinton campaign, which is in trouble already over the cybers! What effects would this have? Let’s list it out for you…
- Dropped dox of the dirt —-> Blows all Hill had on him unless there is a double secret probation file somewhere
- Dropped dox yet to be releast on Wikileaks —> Let’s say, as Gucci2 alluded, they were also in Hill’s mail server, ya know, the one that wasn’t supposed to be? Oh yeah…
- If that server was popped by the Russians and Gucci1 those criminal charges could be much more deleterious right? *waves at FBI*
- Dropping of dox and general hackery causes DNC and the election process to be even more fractious than it already is
- Dropping dox makes Hill’s candidacy potentially weaker (hint hint server –> Russians–>PWN wink wink nudge nudge!
So all those effects would do what possibly? Why would they want to do this? WHO WOULD WANT A TRUMP PRESIDENCY?????
Why Pooty of course!
Think about it kids. Given your knowledge of Teeny Tiny Baby Hands Trump, do you think he could stand up to a bearish Putin? *sorry had to use that one* Do you think that perhaps Donald is easily.. Shall we say.. Distracted or led? Come on, I know you can all reason this out. A Trump presidency would be sweet sweet love for Putin. He would have a friend, and someone he can sit on his knee to play ventriloquist with! … Well, until he has to polonium enema him that is.
That’s my theory and I am sticking with it… For all the fucks that it is worth.
I will say though.. I am waiting on those documents to show up in Wikileaks. That’s when the shit is really gonna hit the fan.
See you all in INFOSEC attribution Hell.
K.
ASSESSMENT: Edward Snowden KGB Asset
THE SNOWDEN AFFAIR:
Since the revelations began and the man without a country odyssey started all of our lives have changed at a fundamental level regarding our digital and private lives. The now million plus document trove is being parsed out by Glen Greenwald and others for the public to get a look into the inner workings of the state surveillance apparatus much to the consternation of the IC as well as the government and the dismay of the public. However you look upon Mr. Snowden and his choice you have to admit that the information does lend an insight into the great potential for abuse of the apparatus that the NSA has put together no matter what they may tell you they are doing or not doing to protect us. You see the point is no matter what alleged safeguards and altruism may lie within the apparatus and it’s employees it’s still ripe for abuse that will never see the light of day because it’s all classified and codified by the government. This is the point of the exercise as I see it from Mr. Snowden’s point of view and the aegis behind his doing what he did. Of course from day one darker minds would make assertions that there were darker geopolitical machinations at play and this was all just a dastardly plan to destroy us as a country. Of course as the passion play played out it was first China, the go to country for all our woe’s of late (APT etc) but as time wore on and Snowden found a perch in Russia, it’s now “clear” to some in the government that the plot was in fact Russian all along.
KGB ASSET:
Mike Rogers has been the bell ringer on the idea that Snowden from the get go was in fact a handled and groomed asset by a foreign power. His most recent bellowing without any real evidence is that Snowden was in fact an asset for Russia from the start and furthermore that all of this was done to damage the US and seek primacy once again on the international stage. Of course as I mentioned already Mike cannot offer any evidence and he alludes to “secrecy” of the data but in reality until you have proof that you can emphatically state and present the people it’s all just wild speculation and a form of conspiracy or propaganda in and of itself. While it is possible that Snowden was from the start an asset of the KGB FSB, the evidence thus far for motive, methods, and follow through are somewhat thin and I cannot go on the record as thinking he was handled from the start by Russia or any other nation state. The fact that Snowden ended up in Russia at Sheremetyevo may in fact be because of the machinations of Assange and Wikileaks brokering the deal to get him there and then to get him allowed into the country not as a plan all along. There is more evidence to say that this is in fact the case then there is of any KGB FSB actions.
OCCAM’S RAZOR:
Using the paradigm of “Occam’s Razor” here let’s run through the possibilities on whether or not the claims being made by Mike Rogers and others out there that this was a carefully planned operation that cultivated Ed Snowden to become the largest leaker in history.
- Ed Snowden is a naive individual who became through a sequence of events, an administrator within the IC networks and began to see things he thought were illegal and immoral
- He used his knowledge of hacking and technologies to accumulate data through his own administrative access and social engineering
- Once he saw the data he decided to leak all that he could and after seeing what happened to Manning made a plan to go to a country that in all the spy novels is easy to infiltrate and ex-filtrate out of
- The NSA itself had poor OPSEC and threats from insiders were poorly covered thus making this possible (proven to be the case)
- The NSA could not even keep track of internal access and exploitation (proven to be the case)
- He contacted the press and was turned down by some until he met Greenwald and Poitras who then planned with him how to release the data and to firewall Snowden off
- While in HK it became clear he could not stay there once the NSA/USA/UKUSA and other apparatus began working in the background to extradite him
- Poitras, Greenwald, and then Wikileaks ex-filtrated Snowden out of HK and to Russia where a brokered interim solution of the airport no mans zone was at least possible
- Snowden is a prize for the
KGBFSB after the fact from not only an intelligence perspective but also a political one that thumbs its nose at the US (a win win for Putin)
- Edward Snowden was a carefully orchestrated long term asset by the
KGBFSB trained by them to infiltrate the NSA and then use his domain admin/root access to steal them blind, exploiting their logical and technical vulnerabilities who they then ex-filtrated to HK and to Russia as a smoke screen for their own operational cover
- Snowden was handled by
KGBFSB for years while coming up the ranks as an UN-credentialed cleared individual clearly taking advantage of the US’ lax clearance and oversight process post 9/11 - Snowden was in contact with Russia from the start and is a consummate operator perhaps even a cleverly created cutout sleeper agent
- Once gathering all the data Snowden then passed it to Russia for them to digest and then leak to the world to cover their own operations and shame the US
- Snowden is now a hero of the state in Russia and will get a hero’s treatment with access to all that Russia can offer in the post Soviet Oligarchy (inclusive Anna Chapman visits)
Hmmm is it just me or does the razor only really cut one way?
ANALYSIS:
My take on the whole affair is that Snowden was not a paid/cultivated/handled asset of the KGB FSB nor do I think that he was aided in any way by Russia in carrying out this leak/exploit. What I do think is that he is naive but also that what he was seeing, what we are all now seeing today in the news made him feel that the accumulation of power in a central secret body was anathema to freedom and the American ethos. As we have seen in the news there have been many things that the government has allowed, even shall we say promulgated, that are clearly violations of the US Constitution no matter the inveigling that might occur by those in power as to it’s legality. So I for one can see why someone like Snowden might do what they did outside of their own propensities for spy novels and a sense of right and wrong.
The realities are that no matter the attestations by those running the programs and their need to use them, there is always a chance of their abuse and subsequent burial of the facts through classifications and National Security letters as we have seen these last years. Were egregious abuses happening and are they still today? I am sure there are some, after all this is nothing new and all you need do to confirm that is Google “Quis custodiet ipsos custodes?” or look just to recent history with the Plame Affair to see how abuses can and have happened. So is it really outside the pale for someone with a conscience and perhaps an overactive imagination to think that great wrongs are being committed in all our names? I think that while there may have been no abuses “may” I also think that the capacity for abuse and the infrastructure to hide them is easily seen within the current architecture of the IC apparatus of the NSA and their programs. After all, if you want to ask about the idea that if you have nothing to hide you have nothing to fear, I ask you to tell me just exactly how you feel every time you go through a TSA checkpoint at the airport today.
Finally, I would also like to touch on the idea that the governments own hubris and now embarrassment is firing the boilers on this whole blame game that Snowden is in fact a handled asset of the Russians. I think that the NSA/USGOV and IC community feel the sting of their inadequacies as they have been laid bare for all to see. You see, Snowden did not carry out some 3l33t hacking here to gather the data. He used common techniques and vulnerabilities within the NSA and other government IC bodies to steal data and put them all on a USB stick and then walk out with them. It’s a simple trick and the top of that list is actually just socially engineering people for their passwords within the confines of the most secretive and secret IC shops in the world. Now that has to sting a bit wouldn’t you agree? So there is shame all around here on the part of the government and it puts them all in a weak position tactically. The reactions of all those at play seems to be more along the lines of dialogue from a playground spat rather than state or spycraft and it’s sad really. As the immortal words of GW Bush can attest;
“There’s an old saying in Tennessee – I know it’s in Texas, probably in Tennessee – that says, fool me once, shame on – shame on you. Fool me – you can’t get fooled again.”
To me, it seems that Snowden just did what he did because of a myriad reasons that also include a certain amount of self aggrandizement. However, I can point to things in our own history and to popular media that may explain why someone might do something like this on the grounds that they think it’s illegal, immoral, and against the tenets of the USA. While POTUS is right about how important these types of programs can be in the war on terror and the every day intelligence gathering that every country needs to survive, it should also be possible to have some level of oversight to disallow for abuses of power to happen and happen with great frequency due to over classification. These are fundamental changes that should occur but the reality is that the very nature of the work being done and the culture within it’s halls will stoip any real progress being made. In the end nothing will change and the NSA will continue to collect all the data it can like a giant hoover-matic for later sorting and use.
Having grown up in the era of Nixon though, and other revelations like Iran Contra, I for one not only know that these things will continue to happen but that they have in the past and should be in our collective consciousness. Unfortunately many do not remember and the only entree into such ideas may in fact be cinema… I leave you with this scene from “Three Day’s Of The Condor”
Not everything in cinema is just fantasy…
“scr hrw lgihr kzpzz cwl nci pjwt”
So here’s my thing….
VQX HWMVCUSE JQJFASSNTG QV! X HQ JD ISIAVVE!
Face it.. We are all PWND six ways to Sunday
Every frigging day we hear more and more about how the NSA has been emptying our lives of privacy and subverting the laws of this land and others with their machinations. It’s true, and I have been saying as much since the day Mr. Klein came out of his telco closet and talked about how the NARUS system had been plugged into the MAE West back in the day. We are all well and truly fucked if we want any kind of privacy today kids and we all need to just sit back and think about that.
*ponder ponder ponder*
Ok, I have thought about it and I have tried to think of any way to protect myself from the encroachment of the NSA and all the big and little sisters out there. I am absolutely flummoxed to come up with any cogent means to really and truly protect my communications. Short of having access to the NSA supercloud and some cryptographers I don’t think that we will not truly have any privacy anymore. If you place it on the net, or in the air. We have reached in my opinion the very real possibility of the N-Dystopia I have talked about before in the Great Cyber Game post.
As the pundits like Schneier and others groan on and on about how the NSA is doing all of this to us all I have increasingly felt the 5 stages of grief. I had the disbelief (ok not completely as you all know but the scope was incredible at each revelation) Then the anger came and washed over me, waves and waves of it as I saw the breadth and scope of the abuse. Soon though that anger went away and I was then feeling the bargaining phase begin. I started to bargain in my head with ideas that I could in fact create my own privacy with crypto and other OPSEC means. I thought I could just deny the government the data. I soon though began to understand that no matter what I did with the tools out there that it was likely they had already been back door’d. This came to be more than the case once the stories came out around how the NSA had been pressuring all kinds of tech companies to weaken standards or even build full back doors into their products under the guise of “National Security”
Over time the revelations have all lead to the inescapable truth that there is nothing really anyone can do to stop the nation state from mining our communications on a technological level. Once that had fully set in my mind the depression kicked in. Of late I have been more quiet online and more depressed about our current state as well as our future state with regard to surveillance and the cyberwarz. I came to the conclusion that no matter the railing and screaming I might do it would mean nothing to the rapidly approaching cyberpocalypse of our own creation arriving. ….In short, we can’t stop it and thus the last of the five stages for me has set in. I accept that there is nothing I can do, nay, nothing “we” can do to stop this short of a bloody coup on the government at large.
I now luxuriate in my apathy and were I to really care any more I would lose my fucking mind.
OPSEC! OPSEC! OPSEC!
Speaking of losing one’s mind.. Lately people all have been yelling that OPSEC is the only way! One (the gruqq) has been touting this and all kinds of counterintelligence as the panacea for the masses on these issues. Well, why? Why should we all have to be spies to just have a little privacy in our lives huh? I mean it’s one thing to be a shithead and just share every fucking stupid idea you have on FriendFace and Tweeter but really, if you can’t shut yourself up that is your problem right? No, I speak of the every day email to your mom telling her about your health status or maybe your decision to come out etc. Why should the government have the eminent domain digitally to look at all that shit now or later?
If you take measures to protect these transactions and those measures are already compromised by the government why then should you even attempt to protect them with overburdened measures such as OPSEC huh? I mean, really if you are that worried about that shit then go talk to someone personally huh? I know, quite the defeatist attitude I have there huh? The reality is that even though I claim not to be caring about it (re: apathy above) I actually do but I realize that we no longer have privacy even if we try to create it for ourselves with technical means. If the gov wants to see your shit they will make a way to do so without your knowing about it. I fully expect someday that they will just claim eminent domain over the internet completely.
Fuck OPSEC.. I want my government to do the right thing and not try to hide all their skirting of the law by making it classified and sending me an NSL that threatens to put me in jail for breaking the law.
Fuck this shit.
CYBERWARZ
Then we have the CYBERWARZ!! Oh yeah, the gubment, the military, and the private sector all have the CYBERWARZ fever. I cannot tell you how sick of that bullshit I am really. I am tired of all the hype and misdirection. Let me clear this up for you all right here and right now. THERE IS NO CYBERWAR! There is only snake oil and espionage. UNTIL such time as there is a full out kinetic war going on where systems have been destroyed or compromised just before tanks roll in or nukes hit us there is no cyberwar to speak of. There is only TALK OF cyber war.. Well more like masturbatory fantasies by the likes of Beitlich et al in reality. So back the fuck off of this shit mmkay? We do not live in the world of William Gibson and NO you are not Johnny Mnemonic ok!
Sick. And. Tired.
I really feel like that Shatner skit where he tells the Trekkies to get a life…
Awaiting the DERPOCALYPSE
All that is left for us all now is the DERPOCALYPSE. This is the end state of INFOSEC to me. We are all going to be co-opted into the cyberwarz and the privacy wars and none of us have a snowball’s chance in hell of doing anything productive with our lives. Some of us are breaking things because we love it. Others are trying to protect “ALL THE THINGS” from the breakers and the people who take their ideas and technologies and begin breaking all those things. It’s a vicious cycle of derp that really has no end. It’s an ouroboros of fail.
RAGE! RAGE! AGAINST THE DYING OF THE PRIVACY! is a nice sentiment but in reality we have no way to completely stop the juggernaut of the NSA and the government kids. We are all just pawns in a larger geopolitical game and we have to accept this. If we choose not to, and many have, then I suggest you gird your loins for the inevitable kick in the balls that you will receive from the government eventually. The same applies for all those companies out there aiding the government in their quest for the panopticon or the cyberwarz. Money talks and there is so much of it in this industry now that there is little to stop it’s abuse as well.
We are well and truly fucked.
So, if you too are feeling burned out by all of this take heart gentle reader. All you need do is just not care anymore. Come, join me in the pool of acceptance. Would you care for a lotus blossom perhaps? It’s all good once you have accepted the truth that there is nothing you can do and that if you do things that might secure you then you are now more of a target. So, do nothing…
Derp.
K.
Book Review: An Introduction to Cyber-Warfare: A Multidisciplinary Approach
IJPFRH CPAGP EIIL!
CYBER CYBER CYBER!
CYBER CYBER CYBER! or “CRY HAVOC AND LET SLIP THE DIGITAL DOGS OD CYBER WAR!”” is often what you hear from me in a mocking tone as I scan the internet and the news for the usual cyber-douchery. Well this time kids I am actually going to review a book that for once was not full of douchery! Instead it was filled with mostly good information and aimed at people who are not necessarily versed at all in the cyberz. I personally was surprised to find myself thinking that I would approve this for a syllabus (as it has been placed into one by someone I know and asked me to read this and comment)
The book really is a primer on IW (Information Warfare) and Cyber-Warfare (for lack of a better nomenclature for it) which many of you reading my blog might be way below your desired literacy level on the subjects. However, for the novice I would happily recommend that they read the book and then spend more time using ALL of the footnotes to go and read even more on the subject to get a grasp of the complexities here. In fact, I would go as far as to say to all of you out there that IF you are teaching this subject at all then you SHOULD use this book as a starting point.
I would also like to say that I would LOVE to start a kickstarter and get this book into the hands of each and every moron in Congress and the House. I would sit there and MAKE them read it in front of me *surely watching their lips move as they do so* There are too many people in positions of power making stupid decisions about this stuff when they haven’t a single clue. I guess the same could be said about the military folks as well. We have plenty of generals who have no idea either.. That’s just one man’s opinion though.
As we move further and further down the cyber-war road I think that books like this should be mandatory reading for all military personnel as well as college level courses in not only IW/INFOSEC but also political and affairs of state majors as well. We will only continue down this road it seems and it would be best for us all if the next wave of digital natives had a real grasp of the technologies as well as the political, logical, and tactical aspects of “Cyber”
I have broken down the book into rough chapters and subject areas as it is within the book (mostly) It really does cover more of the overall issues of cyber-warfare and methods used (not overly technical) The modus operandi so to speak of the actual events that have taken place are laid out in the book and give you a picture of the evolving of IW to what we see today as “cyber-warfare” I will comment on those sections on what I thought was good and what I thought was derpy of course, I mean would you all have it any other way?
IW (INFORMATION WARFARE) RUSSIA
The authors cover early IW with the Russian saga’s over Georgia and Estonia. There is a lot in there that perhaps even you out there might not know about the specifics of the incidents where Russia is “alleged” to have attacked both countries at different times with different goals and effects. Much of this also touches on the ideas of proxy organizations that may or may not be state run that were a part of the action as well as a good overview of what happened.
In the case of Georgia it went kinetic and this is the first real “cyber-warfare” incident in my mind as cyber-war goes. I say this because in my mind unless there is an actual kinetic portion to the fighting there is no “war” it is instead an “action” or “espionage” so in the case of tanks rolling in on Georgia we have a warfare scenario outright that was in tandem with IW/CW actions.
OUR CHINESE OVERLORDS
Ah Chairman Meow… What book on Cyber would be complete without our friends at the MSS 3rd Directorate huh? Well in the case of this primer it gets it right. It gets across not only that China has been hacking the living shit out of us but also WHY they are doing it! The book gives a base of information (lots of footnotes and links) to ancillary documentation that will explain the nature of Chinese thought on warfare and more to the point Cyber-Warfare. The Chinese have been working this angle (The Thousand Grains of Sand etc) for a long time now and there are more than a few treatises on it for you to read after finishing this book.
The big cases are in there as well as mention of the malware used, goals of the attacks and some of the key players. If you are out to start teaching about Chinese electronic/cyber/IW then this is a good place to start. Not too heavy but it gets the point across to those who are not so up to speed on the politics, the tech, or the stratagems involved.
ANONYMOUS/SEA/LULZSEC
Anonymous, as someone on my Twitter feed was just asking me as I was writing this piece, is also a part of this picture as well. The idea of asymmetric online warfare is really embodied by these groups. The book focuses more on Lulzsec and their 50 days of sailing but it doesn’t go too in depth with the derp. Suffice to say that all of them are indeed important to cyber-warfare as we know it and may in fact be the end model for all cyber-warfare. How so? Well, how better to have plausible denyability than to get a non state group to carry out your dirty war? Hell, for that matter how about just blame them and make it look like one of their ops huh?
Oddly enough just days ago Hammond wrote a piece saying this very thing. He intoned that the FBI via Sabu were manipulating the Anon’s into going after government targets. This is not beyond comprehension especially for places like China as well. So this is something to pay attention to. However, this book really did not take that issue on and I really wished that they had. Perhaps in the next updated edition guys?
THE GRID
OY VEY, the “GRID” this is one of the most derpy subjects usually in the media as well as the books/talks/material on cyber-warfare out there. In this case though I will allow what they wrote stand as a “so so” because they make no real claim to an actual apocalypse. Instead the book talks about the possible scenarios of how one could attack the grid. This book makes no claim that it would work but it is something to think about especially if you have an army of trained squirrels with routers strapped to their backs.
It is my belief that the system is too complex to have a systematic fail of apocalypse proportions and it always has been so. If the book talked about maybe creating a series of EMP devices placed at strategic high volume transformers then I would say they’d be on to something. However, that said, the use of a topological attack model was a good one from a logical perspective. They base most of this off of the Chinese grad students paper back years ago so your mileage may vary. So on this chapter I give it a 40% derp.
WHAT’S MISSING?
All in all I would have liked to have seen more in the political area concerning different countries thought patterns on IW/CW but hey, what can ya do eh? Additionally I think more could have been done on the ideas of offense vs. defense. Today I see a lot of derp around how the US has a GREAT OFFENSIVE CAPABILITY! Which for me and many of you out there I assume, leads me to the logical thought conclusion of “GREAT! We are totally offensive but our defense SUCKS!” So much for CYBER-MAD huh?
I would have also like to have seen more in the way of some game theory involved in the book as well concerning cyber-warfare. Some thought experiments would be helpful to lay out the problems within actually carrying out cyber-war as well as potential outcomes from doing so more along the lines of what I saw in the Global Cyber-Game.
OVERALL TAKE
Well, in the end I think it is a good start point for people to use this in their syllabus for teaching IW/CW today. It is a primer though and I would love to see not only this end up on the list but also the Global Cyber Game as well to round out the ideas here. To me it is more about “should we do this?” as opposed to “LETS FUCKING DO THIS!” as the effects of doing so are not necessarily known. Much of this territory is new and all too much of it is hyped up to the point of utter nonsense. This is the biggest problem we have though, this nonsense level with regard to the leaders of the land not knowing anything about it and then voting on things.
We need a more informed populace as well as government and I think this book would be a good start. So to the person who asked me to review this..
K.
Krypt3ia 