Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Infrastructure’ Category

Malware Wars!… Cyber-Wars!.. Cyber-Espionage-Wars! OH MY

with 2 comments

X

Flame, DuQU, STUXNET, and now GAUSS:

Well, it was bound to happen and it finally did, a third variant of malware that is ostensibly connected to the story that Mikko Hypponen posted about after an email he got from a nuclear scientist in Iran has come to pass as true. The email claimed that a new piece of malware was playing AC/DC “Thunderstruck” at late hours on systems it had infected within the labs in Iran. I took this with a grain of salt and had some discussions with Mikko about it offline, he confirmed that the email came ostensibly from a known quantity in the AEOI and we left it at that, its unsubstantiated. Low and behold a week or two later and here we are with Eugene tweeting to the world that “GAUSS” is out there and has been since about 2011.

Gauss it seems had many functions and some of them are still unknown because there is an encryption around the payload that has yet to be cracked by anyone. Eugene has asked for a crowd sourced solution to that and I am sure that eventually someone will come out with the key and we will once again peer into the mind of these coders with a penchant for science and celestial mechanics. It seems from the data provided thus far from the reverse R&D that it is indeed the same folks doing the work with the same framework and foibles, and thus, it is again easily tied back to the US and Israel (allegedly per the mouthiness of Joe F-Bomb Veep) and that it is once again a weapon against the whole of the middle east with a decided targeting of Lebanon this time around. Which is an interesting target all the more since there has been some interesting financial news of late concerning banks and terror funding, but I digress…

I am sure many of you out there are already familiar with the technology of the malware so I am leaving all of that out here for perhaps another day. No, what I want to talk about is the larger paradigm here concerning the sandbox, espionage, warfare, and the infamous if not poorly named “CyberWar” going on as it becomes more and more apparent in scope. All of which seems to be centered on using massive malware schemes to hoover data as well as pull the trigger when necessary on periodic digital attacks on infrastructure. Something that truly has not been seen before Stuxnet and seems to only have geometrically progressed since Langer et al let the cat out of the bag on it.

Malware Wars:

Generally, in the information security sector, when I explain the prevalence of malware today I often go back to the beginning of the Morris worm. I explain the nature of early virus’ and how they were rather playful. I also explain that once the digital crime area became profitable and firewalls became a standard appliance in the network environment, the bad actors had to pivot to generally tunnel their data from the inside out home through such things as a firewall. This always seems to make sense to those I explain it to and today it is the norm. Malware, and the use of zero day as well as SE exploits to get the user to install software is the the way to go. It’s a form of digital judo really, using the opponents strength against them by finding their fulcrum weakness.

And so, it was only natural that the espionage groups of the world would turn to malware as the main means of gaining access to information that usually would take a human asset and a lot of time. By leveraging human nature and software flaws it has been a big win for some time now. I was actually amused that Henry Crumpton in the “Art of Intelligence” talks about how the CIA became a very early adopter of the network centric style of warfare. I imagine that some of the early malware out there used by spooks to steal from unprotected networks was CIA in origin and in fact that today’s Gauss probably has some relatives out there we have yet to see by people who have been doing this for some time now and we, the general public had no idea.

Times change though, and it seems that Eugene’s infrastructure for collecting data is creating a very wide dragnet for his people to find these infections and then reverse them. As we move forward expect to see more of these pop up, and surely soon, these will not just be US/UK/IL based attempts. Soon I think we will see the outsourced and insourced products of the likes of Iran and other nation states.. Perhaps we already have seen them, well, people like Mikko and Eugene may have at least. Who knows, maybe someday I will find something rooting about my network huh? Suffice to say, that this is just the beginning folks so get used to it.. And get used to seeing Eugene’s face and name popping up all over the place as well.. Superior showman that he is.

An Interesting Week of News About Lebanon and Bankers:

Meanwhile, I think it very telling and interesting as we see the scope of these malware attacks opening up, that not only one or two countries were targeted, but pretty much the whole of the Middle East as well. Seems its an equal opportunity thing, of course the malware never can quite be trusted to stay within the network or systems that it was meant for can we? There will always be spillage and potential for leaks that might tip off the opposition that its there. In the case of Gauss, it seems to have been targeted more at Lebanon, but, it may have been just one state out of a few it was really meant for. In the case of Lebanon though, and the fact that this piece of malware was also set to steal banking data from that area, one has to look on in wonder about the recent events surrounding HSBC.

Obviously this module was meant to be used either to just collect intelligence on banking going on as well as possibly a means to leverage those accounts in ways as yet undetermined by the rest of us. Only the makers and operators really know what the intent was there, but, one can extrapolate a bit. As terror finances go, the Middle East is the hotbed, so any intelligence on movement of money could be used in that light just as well as other ways to track the finances of criminal, geopolitical, and economic decisions being made there. Whether it be corporations or governmental bodies, this kind of intelligence would be highly prized and I can see why they would install that feature on Gauss.

All of this though, so close to the revelations of HSBC has me thinking about what else we might see coming down the pike soon on this front as well. Cur off the funding activities, and you make it much harder to conduct terrorism huh? Keep your eyes open.. You may see some interesting things happening soon, especially given that the Gauss is out of the bag now too. Operations will likely have to roll up a bit quicker.

Espionage vs. Sabotage vs. Overt Warfare of Cyber-Warfare:

Recently I have been working on some presentation stuff with someone on the whole cyberwar paradigm and this week just blew the lid off the whole debate again for me. The question as well as the rancor I have over the term “Cyberwar” has been going on some time now and in this instance as well as Stuxnet and Flame and DuQu, can we term it as cyberwar? Is this instead solely espionage? What about the elements of sabotage we saw in Stuxnet that caused actual kinetic reactions? Is that cyberwar? If there is no real war declared what do you term it other than sabotage within the confines of espionage and statecraft?

Then there is the whole issue of the use of “Cold War” to describe the whole effect of these operations. Now we have a possible cold war between those states like Iran who are now coding their own malware to attack our systems and to sabotage things to make our lives harder. Is that a war? A type of war? All of these questions are being bandied about all the while we are obviously prosecuting said war in theater as I write this. I personally am at a loss to say exactly what it is or what to term it really. Neither does the DoD at this point as they are still working on doctrine to put out there for the warriors to follow. Is there a need for prosecuting this war? It would seem that the US and others working with them seem to think so. I for one can understand the desire to and the hubris to actually do it.

Hubris though, has a funny way of coming back on you in spectacular blowback. This is my greatest fear and seemingly others, however, we still have a country and a government that is flailing about *cough the Senate cough* unable to do anything constructive to protect our own infrastructure even at a low level. So, i would think twice about the scenarios of actually leaking statements of “we did it” so quickly even if you perceive that the opposition has no current ability to strike back.. Cuz soon enough they will. It certainly won’t be a grand scale attack on our grid or telco when it does happen, but, we will likely see pockets of trouble and Iran or others will pop up with a smile, waving, and saying “HA HA!” when it does occur.

The Sandbox and The Wars We Are Prosecuting There by Malware Proxy:

Back to the Middle East though… We have been entrenched in there for so so long. Growing up I regularly watched the news reports about Lebanon and Israel, Iran and the hostages, Iraq, Saddam, Russian Proxy wars via terrorism, Ghadaffi and his ambitions as well as terror plots (which also hit close to home with the Lockerbee bombing) You kids today might think this is all new, but let me tell you, this has been going on for a long long time. One might even say thousands of years (Mecca anyone? Crusades?) So, it’s little wonder then that this would all be focused on the Med.

We are conducting proxy wars not only because of 9/11 but also economic and energy reasons as well. You want a good taste of that? Take a look at “Three Days of the Condor” a movie about a fictional “reader” for the CIA who stumbles on to a plan to disrupt governments in the Middle East to affect oil prices and access. For every person that said the Iraq war and Afghanistan wasn’t about oil, I say to them look at the bigger picture. There are echoes there of control and access that you cannot ignore. Frankly, if there wasn’t oil and money in the region, I think we would have quite a different story to look on as regards our implementing our forces there.

So, with that in mind, and with terrorism and nuclear ambitions (Iran) look at the malware targeting going on. Look at all of the nascent “Arab Springs” going on (albeit really, these are not springs, these are uprisings) we have peoples who want not to live under oppressive regimes not just because they aren’t free to buy an iPhone or surf porn, but they are also oppressed tribes or sects that no longer wish to be abused. All of this though, all of the fighting and insurgency upsets the very delicate balance that is the Middle East. Something that we in the US for our part, have been trying to cultivate (stability) even if that stability came from another strongman that we really don’t care for, but, who will work with us in trade and positional relevance to other states.

In goes the malware.. Not only to see what’s going on, but also to stop things from happening. These areas can be notoriously hard to have HUMINT in and its just easier to send in malware and rely on human nature to have a larger boon in intelligence than to try and recruit people to spy. It’s as simple as that. Hear that sucking sound? That’s all their data going to a server in Virginia. In the eyes of the services and the government, this is clearly the rights means to the ends they desire.

We Have Many Tigers by The Tail and I Expect Blowback:

Like I said before though, blowback has a nasty habit of boomeranging and here we have multiple states to deal with. Sure, not all of them has the ability to strike back at us in kind, but, as you have seen in Bulgaria, the Iranians just decided to go with their usual Hezbollah proxy war of terrorism. Others may do the same, or, they may bide their time and start hiring coders on the internet. Maybe they will hire out of Russia, or China perhaps. Hell, it’s all for sale now in the net right? The problem overall is that since we claimed the Iran attack at Natanz, we now are not only the big boy on the block, we are now the go to to be blamed for anything. Even if we say we didn’t do it, who’s gonna really believe us?

The cyber-genie is out of the cyber-bottle.

Then, this week we saw something new occur. A PSYOP, albeit a bad one, was perpetrated by the Assad regime it seems. Reuters was hacked and stories tweeted/placed on the net about how the rebel forces in Aleppo had cut and run. It was an interesting idea, but, it was ineffective for a number of reasons. The crux though is that Reuters saw it and immediately said it was false. So, no one really believed the stories. However, a more subtle approach at PSYOPS or DISINFO campaigns is likely in the offing for the near future I’d think. Surely we have been doing this for a while against them, whether it be in the news cycles or more subtle sock puppets online in social media sites like Twitter or Facebook. The US has been doing this for a long time and is well practiced. Syria though, not so much.

I have mentioned the other events above, but here are some links to stories for you to read up on it…

  • PSYOPS Operations by the nascent Syrian cyber warfare units on Reuters
  • Hezbollah’s attack in Bulgaria (bus bombing) in response to STUXNET and other machinations
  • Ostensible output of INTEL from Gauss that may have gotten HSBC in trouble and others to come (Terrorism funding and money laundering)

All in all though, I’d have to say that once the players become more sophisticated, we may in fact see some attacks against us that might work. Albeit those attacks will not be the “Cyber Pearl Harbor” that Dr. Cyberlove would like you to be afraid of. Politically too, there will be blowback from the Middle East now. I am sure that even after Wikileaks cables dump, the governments of the Med thought at least they could foresee what the US was up to and have a modicum of statecraft occur. Now though, I think we have pissed in the pool a bit too much and only have ourselves to blame with the shit hits the fan and we don’t have that many friends any more to rely on.

It’s a delicate balance.. #shutupeugene

Pandora’s Box Has Been Opened:

In the end, we have opened Pandora’s box and there is no way to get that which has escaped back into it. We have given the weapon framework away due to the nature of the carrier. Even if Gauss is encrypted, it will be broken and then what? Unlike traditional weapons that destroy themselves, the malware we have sent can be easily reverse engineered. It will give ideas to those wishing to create better versions and they will be turned on us in targeted and wide fashions to wreak as much digital havoc as possible. Unfortunately, you and I my friends are the collateral damage here, as we all depend on the systems that these types of malware insert themselves into and manipulate.

It is certainly evident as I stated above, our government here in the US is unable to come up with reasonable means to protect our systems. Systems that they do not own, Hell, the internet itself is not a government run or owned entity either, and yet they want to have an executive ability to shut it down? This alone shows you the problem of their thinking processes. They then decide to open the box and release the malware genie anyway… It’s all kind of scary when you think about it. If this is hard to concieve, lets put it in terms of biological weapons.. Weapons systems that have been banned since Nixon was in office.

The allusion should be quite easy to understand. Especially since malware was originally termed “Virus” There is a direct analogy there. Anyway, here’s the crux of it all. Just like bioweapons, digital “bioware” for lack of a better term, also cannot be controlled once let into the environment. Things mutate, whether at the hand of people or systems, things will not be contained within the intended victims. They will escape (as did all the malware we have seen) and will tend to have unforeseen consequences. God forbid we start really working on polymorphics again huh? If the circumstances are right, then, we could have a problem.

Will we eventually have to have another treaty ban on malware of this kind?

Time will tell.. Until then, we all will just be along for the cyberwar ride I guess. We seem to be steadily marching toward the “cyberwar” everyone is talking about… determined really to prosecute it… But will it get us anywhere?

K.

China’s cyber-warfare capabilities are ‘fairly rudimentary’… What is it with these crazy Australians?

with 5 comments


Conclusions
Chinese strategists are quite aware of their own deficiencies and
vulnerabilities with respect to cyber-warfare. In June 2000, “a series of high-
technology combat exercises” being conducted by the PLA “had to be
92 suspended” when they were attacked by “a computer hacker”.

China‟s telecommunications technicians were impotent against the intermittent
hijacking of the Sinosat-1 national communications satellite by Falun Gong
„practitioners‟ in the early 2000s. China‟s demonstrated offensive cyber-
warfare capabilities are fairly rudimentary. Chinese hackers have been able
to easily orchestrate sufficient simultaneous „pings‟ to crash selected Web
servers (i.e., Denial-of-Service attacks). They have been able to penetrate
Web-sites and deface them, erase data from them, and post different
information on them (such as propaganda slogans). And they have
developed various fairly simple viruses for spreading by e-mails to disable
targeted computer systems, as well as Trojan Horse programs insertible by
e-mails to steal information from them. However, they have evinced little
proficiency with more sophisticated hacking techniques.

The viruses and Trojan Horses they have used have been fairly easy to detect and remove
before any damage has been done or data stolen. There is no evidence that
China‟s cyber-warriors can penetrate highly secure networks or covertly
steal or falsify critical data. They would be unable to systematically cripple
selected command and control, air defence and intelligence networks and
databases of advanced adversaries, or to conduct deception operations by
secretly manipulating the data in these networks. The gap between the
sophistication of the anti-virus and network security programs available to
China‟s cyber-warriors as compared to those of their counterparts in the
more open, advanced IT societies, is immense. China‟s cyber-warfare
authorities must despair at the breadth and depth of modern digital
information and communications systems and technical expertise available
to their adversaries.

China is condemned to inferiority in IW capabilities for probably several
decades. At best, it can employ asymmetric strategies designed to exploit
the (perhaps relatively greater) dependence on IT by their potential
adversaries—both the C ISREW elements of adversary military forces and
the vital telecommunications and computer systems in the adversary’s
homelands. In particular, attacks on US information systems relating to
military command and control, transportation and logistics could “possibly
degrade or delay U.S. force mobilisation in a time-dependent scenario”, such
as US intervention in a military conflict in the Taiwan Straits.

China‟s cyber-warfare capabilities are very destructive, but could not compete in
extended scenarios of sophisticated IW operations. In other words, they
function best when used pre-emptively, as the PLA now practices in its exercises.

In sum, the extensive Chinese IW capabilities, and the
possibilities for asymmetric strategies, are only potent if employed first.

Desmond Ball: China’s Cyber Warfare Capabilities


Oh Desmond…

Desmond, Desmond, Desmond… You spend so much time pointing out all of the Honker Union activities, the malware created by China, and all their overall IW/Espionage activities and then you say;

“Well, because there’s no real proof of their actually having done anything, they are unable to do so”

*blink blink*

Crikey! Have you been sipping what Dr. Wright has been drinking or what? Tell me Desmond, what is your classification rating? Because I think you are lacking some pertinent information that might change your hypothesis quite a bit. Either way, your contention is lacking understanding of the playing field I think, so let me enlighten you a bit ok?

Rudimentary? Really?

I personally have heard of “on the fly” coding of malware to affect pertinent systems within a defense contractor network to not only keep access within said network, but, also to exfiltrate even more interesting data. Now, that sounds rather advanced to me..

How about you?

Sure, the coders could have been just about anyone, but, the data was being exfiltrated to areas that were in the Asia Pacific and more than likely were Chinese in origin so, yeah, it likely was them and not say, Germany. However, once again, we have no real proof of it being “solely” China. Oddly enough though, when data was caught in the hands of the Chinese we pretty much had to admit it was them doing it. So, no Desmond, they are not wholly unskilled and certainly as unsophisticated as you would paint them. This is just one instance of access and hacking that allowed for the APT (Advanced Persistent Threat) activity that, well Desmond, was coined for their activities against the defense industrial base here in the US.

Simply Desmond, you can cite all the articles from the internet you want.. You still won’t have the whole picture.

PSSST… Guess What?

So, to move this further along the philosophical and technical path for you let me explain it another way for you. The Chinese, as with most of the Asiatic countries, have a different perspective on things than we in the West. Something core to the Chinese mindset on warfare are the following:

The Chinese do not have a goal of outright cyber warfare with us. In fact, they would use the subterfuge angle you speak of by leaving trap doors in software and hardware, which they have done in the past (and have been caught) However, more than likely, they would use the supply chain that we have allowed them to become the lions share of via outsourcing of cheap parts/labor to infiltrate our systems with bad chips or said same back doors. Why do you think we spend so much time (the military) checking everything that we get for the government/mil from China?
Soft power Desmond would dictate that they use the thousand grains of sand to not only steal our IP but also use the technology and our dependence on their cheap rates to insert bad data/systems/hardware into our own infrastructure for them to call up when needed to fail. This is not to say that they do not also have operators who have inserted code into other systems remotely to late be used when needed as well.
Simply Desmond, you don’t see the whole picture and its rather sad that you go on to make such defined claims. The simple truth is that the Chinese don’t need to attack us pre-emptively. They have been undermining us (US) for a very long time as we sell out to them for cheap goods. and services. THIS is soft power. They now sit in the catbird seat in many ways financially (though yes, they could lose much by us defaulting) however, from the soft power perspective, they hold the upper hand. A coup de grace would be to take down military systems were we to get uppity about Taiwan.. but really, are we in a position to do so after being wholly owned by them and their capital?
Desmond.. It’s not so much Red Dawn as it is “They Live” if you are into movie references.

網絡戰 !!!

Alrighty, now that I have gotten that off my chest, Cyberwar is to me, too hard to carry out for ANY of the countries out there now. China being only one country that might want to. The systems are too disparate and to control a single node would take great effort. So, yes, I can agree with you that they are not in a position to do us major damage from a CYBERWAR booga booga booga perspective. Frankly, no one could in my opinion. However, your contention that they could not insert bad data during a time of war is a load of crap.

ANYONE could IF they had the access and the desire. It would not need to be nation state, it could be a private citizen for that matter. What is more interesting Desmond is that you fail to understand the espionage angle here. The Chinese use their expat’s to do their bidding under threat, or, mostly under the “poor poor China” argument. Imagine an insider adding code to systems that could be triggered…

Yeah.. Soft power once again.. It could turn hard though with the right circumstances.

Once again Desmond, you think too one dimension-ally.

The Sad Truth…

Now, with all of that said, lets turn it around a bit. The saddest truth is this;

“Given all of what has happened recently with Lulzsec, it has become clear that it does not take an uber hacker to take down pretty much anyone”

The systems out there have not been protected well enough. Patching, and secure coding have not been at the fore here and thus it is trivial for the most part to hack into systems throughout the internet. So, the Chinese need not be uber haxx0rs to do the damage needed because we collectively have done a bad job at securing our own networks.

*sadface*

Once again, you fail to look at the problem from a more multidimensional angle.

Please go back to the drawing board Desmond because you lack the proper information and perspective to really make the claims you are making.

K.

The Apocalypse Cycle: Confronting and Being Prepared For Infrastructure Failure

with 5 comments

Recent events where I live have made me once again ponder my own readiness with regard to how to handle infrastructure failures that affect our technologies and society. These same events have shown my just how clueless all too many people are about how to survive when their infrastructure goes down for any extended period of time. The snow storm in October that brought down so many trees in the North-east created a situation cascade that devolved quickly for the populace and by listening to the news, and the police scanner I was able to see just how quickly society began to break down… With just a snowstorm that brought down the grid.

Now 5 days into it post the snow, much of the infrastructure is still down and things are only starting to gain a semblance of normalcy in pockets of the region. There has been a lot of angst and anger concerning the power companies and the local and state government reactions to this storm and its fallout, but, the object lesson is larger than just one snow storm in one region of the country. Since this all began, I have seen people fighting at gas stations, heard about looting at another in a more remote area, and generally, hearing about people who were caught flat footed without any kind of backup plan for when the heat, power, and water go out.

People have become too dependant on the infrastructure (power/water/telco) and unable or unwilling to perceive the threats to it and its precarious position with regard to failure. The recent storm and the fallout from it here in the North was bad, but, this was nothing compared to what “could” happen with a large failure to the infrastructure within the country given the right circumstances.

We were lucky… Someday we may not be.

The Apocalypse:

The scenario that happened to the Northeast is as follows:

  1. An early winter storm hit the region dropping anywhere from 6-20″ of snow in a short period of time
  2. The snow was heavy and wet and in combination with leaves still being on trees, caused massive tree damage
  3. The tree’s lost limbs or broke completely apart, falling on power lines, telco lines, cable line,  roads, houses, etc.
  4. Power lines began to fall and surges/failures caused cascade effects including complete circuit failures
  5. Telco towers were also damaged as well as forced to run on backup power (batteries and generators)

From these events the infrastructure eventually failed for the bulk of the state I live in. The fallout from this then cascaded for each and every person out there who rely on the services that they provided.

Infrastructure FAIL:

Once the infrastructure had failed for large areas the following services failed for communities and individuals.

  • Water: No power means for many with wells, no water. No flush toilets, no showers, etc.
  • Heat: No power for many also means no heat. In the case of natural gas or oil, it can depend on electricity as well. Not everyone lost heat.
  • Light: Obviously, no power, no electric light
  • Communications: No electricity on both ends can mean that all communications go down. In this case  hard lines went down as well as cell towers
  • Supply Chain: The lack of electricity also affected the gas station industry as many of them do not have backup generators. No gas, no mobility. The same applies for shopping outlets (grocery stores etc) as well.
  • Mobility: Tree’s being down as well as potentially live power lines reduced mobility greatly. In some cases, people were boxed in to their homes from downed lines/trees as well as many roads were impassable.

All of these systems people take for granted today were directly affected by this particular storm and caused great consternation and fear for many. What made it worse was that there were no set time tables for repairs that could be expressed by the state nor the companies who’s infrastructure was damaged. Some estimates though proclaimed it could be in excess of two weeks and given that the nights were getting cold, that many could be in danger for lack of heat. Basically, the infrastructure was in a FAIL state and the cascade effects from it being down began to snowball.

Human Nature:

Once the failures had occurred, many who were without power, heat, water, etc were ok for a short time. However, once the cold really began to set in and the days until restoration became longer, people began to freak out. Those with generators began to ran out of gas, but could not get any more gas because the stations in the area failed to have generators and those who did, ran out of gas quickly. With the supply chains beginning to fail by being taxed because of demand, it became compounded with the fact that roads and highways were also blocked due to storm damage.

This is where the human nature began to show its ugly side. Because there was little gas to be had, and people were waiting in long lines, frustration began to set in. Tempers flared and in some cases, looting and fights occurred. The human gene is a selfish one, and with that said, people began to roll back the evolutionary clock, fighting for their lives (perceived) in this situation. Most of this though, could have been easily avoided had the people taken the time to prepare themselves for such occurrences as well as have a mindset that the government and the infrastructure may not always be there when they need it.

We are all on our own in many ways…

Of course, if human nature were a bit more fluid in the area of cooperation, perhaps people would have to freak out less and come together, but unfortunately, this is just not the case with many.

Preparedness:

So, with all of the above said, I would like to remind people to take some time and actually PLAN a bit for these incidents. As our lives become more and more dependant on the state and the infrastructure, we need to take a step back and say “What if” a bit more and plan accordingly for our own welfare. Here are some factors to take into account.

Sheltering In Place:

When disasters occur, we may not be able to escape them. If there is a tsunami or hurricane coming at us, we just may not be able to leave at all. Everyone else will be doing the same thing and you have all seen it I am sure in movies where the roads are blocked and there is no way out. If this is the case, well, all you can do is hunker down and hope to survive.

The same can be said about situations like the one the Northeast just had. If you did not HAVE to be out on the roads during the storm and just after, then stay home! It’s called “sheltering in place” You have your provisions, you have your house/apartment/bunker and you stay put! It is safer to be in place and prepared than it is to be out like a chicken in a rain storm looking straight up and drowning. Never mind you getting hurt, but you may also be placing the lives of others (EMS/FIRE/POLICE) at risk because of your stupidity.

So, have provisions in your home for at least a week if not more. I would suggest enough for at least two really, just in case

  • Non perishable food (MRE’s)
  • Batteries
  • Potable Water
  • Firewood if you have a stove/fireplace
  • Gas stoves (camp stoves) and fuel
  • A radio
  • Candles
  • Medical supplies (including any meds you take)
  • Matches/Fire-steel
  • Flash lights and LED lanterns
  • Two way communications (HAM radio)
  • A generator and hook-ups for the house

All of these things you can just store and have in place when you need them should the time arise. Batteries, food, and the like can go bad after some time, so insure that you rotate them if they are out of date. A little diligence can make life easier when the time comes.

Bugging Out:

IF the zombie apocalypse comes, then you will likely eventually have to “bug out” This means to leave the shelter and seek out other locations. This also means that you will need to have a “bug out bag” The would entail the same items above but with some twists:

  • Non perishable food (MRE’s)
  • Batteries or Solar charger
  • Potable Water & Filtration kit
  • Firewood if you have a stove/fireplace
  • Gas stoves (camp stoves) and fuel
  • A radio
  • Meds (including any meds you take regularly)
  • Matches/Fire-steel
  • Flash lights and LED lanterns
  • Knives/Axe (A survival knife would be ideal)
  • Two way communications (HAM radio)
  • Clothes
  • A weapon (guns)
  • Tent/shelter materials
  • Portable med kit (EMS style complete)
  • Binoculars

I am sure there are many more things that people can think of, but, this is a basics list for extreme emergencies that require you to be mobile quickly and prepared to live rough. The key here is also that you need to be travelling light. Ounces = pounds and pounds equal slowing you down. Keep it simple and you will be more able to be mobile even on two feet. All of these things should be prepared and loaded into a bag (backpack/rucksack/etc) and in place for emergencies. Some people actually have redundant bags (one in the car, one in the house) should they be away from home when things go down.

It never hurts to be prepared.. Think Boy Scouts.

Mental and Physical Concerns:

Ok, so you have the supplies in place for either staying put or bugging out but, you need to be thinking about how you and others handle the stress of situations like these. From what I have seen of the reaction to this latest storm and fallout, I have to say that way too many people were just unprepared. Of course, if you are not prepared (with supplies) then you certainly are going to be placing much more stress mentally on yourselves and your family. By not having things in place, you basically stress yourselves out trying to get the things you need. However, if you have the supplies and a little know how, you can easily weather things out.

Situations like these also cause physical stress on people. The clean up and upkeep alone in some cases here have caused people to have heart attacks. In other instances, the people’s inability to comprehend the nature of Co2 has lead to at least 4 deaths in my state. It can be tough to be sheltering either in place or bugging out and you have to be ready to handle the stress both mentally and physically. It is best to keep yourself in the best shape you can as well as perform mental checks on yourself and others while sheltering to insure you don’t have a breakdown in either respect.

The Long Haul:

Overall, this incident in the Northeast was not the “big one” that some predict. It was inconvenient really, but, if you had supplies you could deal with it easily enough. However, what if something like an EMP burst took out the grid and the infrastructure? How would you handle that? The potential for societal collapse would be high in a short amount of time.. What then?

What I’m saying is this.. Prepare for the small events but keep an eye toward the what if’s of a long term one. If you can handle the short term, there is more likelihood that you will be able to come through a longer stint without completely melting down…

Meanwhile… Just watch all of the others who don’t have a plan or supplies run rabid in the streets.. Kinda like zombies.. but looking for a can of gas instead of brains.

Play it smart…

K.

Written by Krypt3ia

2011/11/02 at 19:12