Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘INTEL’ Category

ASSESSMENT: Edward Snowden KGB Asset

with 4 comments

snowmanpootykgb

THE SNOWDEN AFFAIR:

Since the revelations began and the man without a country odyssey started all of our lives have changed at a fundamental level regarding our digital and private lives. The now million plus document trove is being parsed out by Glen Greenwald and others for the public to get a look into the inner workings of the state surveillance apparatus much to the consternation of the IC as well as the government and the dismay of the public. However you look upon Mr. Snowden and his choice you have to admit that the information does lend an insight into the great potential for abuse of the apparatus that the NSA has put together no matter what they may tell you they are doing or not doing to protect us. You see the point is no matter what alleged safeguards and altruism may lie within the apparatus and it’s employees it’s still ripe for abuse that will never see the light of day because it’s all classified and codified by the government. This is the point of the exercise as I see it from Mr. Snowden’s point of view and the aegis behind his doing what he did. Of course from day one darker minds would make assertions that there were darker geopolitical machinations at play and this was all just a dastardly plan to destroy us as a country. Of course as the passion play played out it was first China, the go to country for all our woe’s of late (APT etc) but as time wore on and Snowden found a perch in Russia, it’s now “clear” to some in the government that the plot was in fact Russian all along.

KGB ASSET:

Mike Rogers has been the bell ringer on the idea that Snowden from the get go was in fact a handled and groomed asset by a foreign power. His most recent bellowing without any real evidence is that Snowden was in fact an asset for Russia from the start and furthermore that all of this was done to damage the US and seek primacy once again on the international stage. Of course as I mentioned already Mike cannot offer any evidence and he alludes to “secrecy” of the data but in reality until you have proof that you can emphatically state and present the people it’s all just wild speculation and a form of conspiracy or propaganda in and of itself. While it is possible that Snowden was from the start an asset of the KGB  FSB, the evidence thus far for motive, methods, and follow through are somewhat thin and I cannot go on the record as thinking he was handled from the start by Russia or any other nation state. The fact that Snowden ended up in Russia at Sheremetyevo may in fact be because of the machinations of Assange and Wikileaks brokering the deal to get him there and then to get him allowed into the country not as a plan all along. There is more evidence to say that this is in fact the case then there is of any KGB FSB actions.

OCCAM’S RAZOR:

Using the paradigm of “Occam’s Razor” here let’s run through the possibilities on whether or not the claims being made by Mike Rogers and others out there that this was a carefully planned operation that cultivated Ed Snowden to become the largest leaker in history.

  • Ed Snowden is a naive individual who became through a sequence of events, an administrator within the IC networks and began to see things he thought were illegal and immoral
  • He used his knowledge of hacking and technologies to accumulate data through his own administrative access and social engineering
  • Once he saw the data he decided to leak all that he could and after seeing what happened to Manning made a plan to go to a country that in all the spy novels is easy to infiltrate and ex-filtrate out of
  • The NSA itself had poor OPSEC and threats from insiders were poorly covered thus making this possible (proven to be the case)
  • The NSA could not even keep track of internal access and exploitation (proven to be the case)
  • He contacted the press and was turned down by some until he met Greenwald and Poitras who then planned with him how to release the data and to firewall Snowden off
  • While in HK it became clear he could not stay there once the NSA/USA/UKUSA and other apparatus began working in the background to extradite him
  • Poitras, Greenwald, and then Wikileaks ex-filtrated Snowden out of HK and to Russia where a brokered interim solution of the airport no mans zone was at least possible
  • Snowden is a prize for the KGB FSB after the fact from not only an intelligence perspective but also a political one that thumbs its nose at the US (a win win for Putin)

 

  •  Edward Snowden was a carefully orchestrated long term asset by the KGB FSB trained by them to infiltrate the NSA and then use his domain admin/root access to steal them blind, exploiting their logical and technical vulnerabilities who they then ex-filtrated to HK and to Russia as a smoke screen for their own operational cover
    • Snowden was handled by KGB FSB for years while coming up the ranks as an UN-credentialed cleared individual clearly taking advantage of the US’ lax clearance and oversight process post 9/11
    • Snowden was in contact with Russia from the start and is a consummate operator perhaps even a cleverly created cutout sleeper agent
    • Once gathering all the data Snowden then passed it to Russia for them to digest and then leak to the world to cover their own operations and shame the US
    • Snowden is now a hero of the state in Russia and will get a hero’s treatment with access to all that Russia can offer in the post Soviet Oligarchy (inclusive Anna Chapman visits)

Hmmm is it just me or does the razor only really cut one way?

ANALYSIS:

My take on the whole affair is that Snowden was not a paid/cultivated/handled asset of the KGB FSB nor do I think that he was aided in any way by Russia in carrying out this leak/exploit. What I do think is that he is naive but also that what he was seeing, what we are all now seeing today in the news made him feel that the accumulation of power in a central secret body was anathema to freedom and the American ethos. As we have seen in the news there have been many things that the government has allowed, even shall we say promulgated, that are clearly violations of the US Constitution no matter the inveigling that might occur by those in power as to it’s legality. So I for one can see why someone like Snowden might do what they did outside of their own propensities for spy novels and a sense of right and wrong.

The realities are that no matter the attestations by those running the programs and their need to use them, there is always a chance of their abuse and subsequent burial of the facts through classifications and National Security letters as we have seen these last years. Were egregious abuses happening and are they still today? I am sure there are some, after all this is nothing new and all you need do to confirm that is Google Quis custodiet ipsos custodes? or look just to recent history with the Plame Affair to see how abuses can and have happened. So is it really outside the pale for someone with a conscience and perhaps an overactive imagination to think that great wrongs are being committed in all our names? I think that while there may have been no abuses “may” I also think that the capacity for abuse and the infrastructure to hide them is easily seen within the current architecture of the IC apparatus of the NSA and their programs. After all, if you want to ask about the idea that if you have nothing to hide you have nothing to fear, I ask you to tell me just exactly how you feel every time you go through a TSA checkpoint at the airport today.

Finally, I would also like to touch on the idea that the governments own hubris and now embarrassment is firing the boilers on this whole blame game that Snowden is in fact a handled asset of the Russians. I think that the NSA/USGOV and IC community feel the sting of their inadequacies as they have been laid bare for all to see. You see, Snowden did not carry out some 3l33t hacking here to gather the data. He used common techniques and vulnerabilities within the NSA and other government IC bodies to steal data and put them all on a USB stick and then walk out with them. It’s a simple trick and the top of that list is actually just socially engineering people for their passwords within the confines of the most secretive and secret IC shops in the world. Now that has to sting a bit wouldn’t you agree? So there is shame all around here on the part of the government and it puts them all in a weak position tactically. The reactions of all those at play seems to be more along the lines of dialogue from a playground spat rather than state or spycraft and it’s sad really. As the immortal words of GW Bush can attest;

“There’s an old saying in Tennessee – I know it’s in Texas, probably in Tennessee – that says, fool me once, shame on – shame on you. Fool me – you can’t get fooled again.”

To me, it seems that Snowden just did what he did because of a myriad reasons that also include a certain amount of self aggrandizement. However, I can point to things in our own history and to popular media that may explain why someone might do something like this on the grounds that they think it’s illegal, immoral, and against the tenets of the USA. While POTUS is right about how important these types of programs can be in the war on terror and the every day intelligence gathering that every country needs to survive, it should also be possible to have some level of oversight to disallow for abuses of power to happen and happen with great frequency due to over classification. These are fundamental changes that should occur but the reality is that the very nature of the work being done and the culture within it’s halls will stoip any real progress being made. In the end nothing will change and the NSA will continue to collect all the data it can like a giant hoover-matic for later sorting and use.

Having grown up in the era of Nixon though, and other revelations like Iran Contra, I for one not only know that these things will continue to happen but that they have in the past and should be in our collective consciousness. Unfortunately many do not remember and the only entree into such ideas may in fact be cinema… I leave you with this scene from “Three Day’s Of The Condor”

Not everything in cinema is just fantasy…

“scr hrw lgihr kzpzz cwl nci pjwt”

Written by Krypt3ia

2014/01/20 at 14:25

Book Review: An Introduction to Cyber-Warfare: A Multidisciplinary Approach

with one comment

cyberwarprimer

IJPFRH CPAGP EIIL!

CYBER CYBER CYBER!

CYBER CYBER CYBER! or “CRY HAVOC AND LET SLIP THE DIGITAL DOGS OD CYBER WAR!”” is often what you hear from me in a mocking tone as I scan the internet and the news for the usual cyber-douchery. Well this time kids I am actually going to review a book that for once was not full of douchery! Instead it was filled with mostly good information and aimed at people who are not necessarily versed at all in the cyberz. I personally was surprised to find myself thinking that I would approve this for a syllabus (as it has been placed into one by someone I know and asked me to read this and comment)

The book really is a primer on IW (Information Warfare) and Cyber-Warfare (for lack of a better nomenclature for it) which many of you reading my blog might be way below your desired literacy level on the subjects. However, for the novice I would happily recommend that they read the book and then spend more time using ALL of the footnotes to go and read even more on the subject to get a grasp of the complexities here. In fact, I would go as far as to say to all of you out there that IF you are teaching this subject at all then you SHOULD use this book as a starting point.

I would also like to say that I would LOVE to start a kickstarter and get this book into the hands of each and every moron in Congress and the House. I would sit there and MAKE them read it in front of me *surely watching their lips move as they do so* There are too many people in positions of power making stupid decisions about this stuff when they haven’t a single clue. I guess the same could be said about the military folks as well. We have plenty of generals who have no idea either.. That’s just one man’s opinion though.

As we move further and further down the cyber-war road I think that books like this should be mandatory reading for all military personnel as well as college level courses in not only IW/INFOSEC but also political and affairs of state majors as well. We will only continue down this road it seems and it would be best for us all if the next wave of digital natives had a real grasp of the technologies as well as the political, logical, and tactical aspects of “Cyber”

I have broken down the book into rough chapters and subject areas as it is within the book (mostly) It really does cover more of the overall issues of cyber-warfare and methods used (not overly technical) The modus operandi so to speak of the actual events that have taken place are laid out in the book and give you a picture of the evolving of IW to what we see today as “cyber-warfare” I will comment on those sections on what I thought was good and what I thought was derpy of course, I mean would you all have it any other way?

IW (INFORMATION WARFARE) RUSSIA

The authors cover early IW with the Russian saga’s over Georgia and Estonia. There is a lot in there that perhaps even you out there might not know about the specifics of the incidents where Russia is “alleged” to have attacked both countries at different times with different goals and effects. Much of this also touches on the ideas of proxy organizations that may or may not be state run that were a part of the action as well as a good overview of what happened.

In the case of Georgia it went kinetic and this is the first real “cyber-warfare” incident in my mind as cyber-war goes. I say this because in my mind unless there is an actual kinetic portion to the fighting there is no “war” it is instead an “action” or “espionage” so in the case of tanks rolling in on Georgia we have a warfare scenario outright that was in tandem with IW/CW actions.

OUR CHINESE OVERLORDS

Ah Chairman Meow… What book on Cyber would be complete without our friends at the MSS 3rd Directorate huh? Well in the case of this primer it gets it right. It gets across not only that China has been hacking the living shit out of us but also WHY they are doing it! The book gives a base of information (lots of footnotes and links) to ancillary documentation that will explain the nature of Chinese thought on warfare and more to the point Cyber-Warfare. The Chinese have been working this angle (The Thousand Grains of Sand etc) for a long time now and there are more than a few treatises on it for you to read after finishing this book.

The big cases are in there as well as mention of the malware used, goals of the attacks and some of the key players. If you are out to start teaching about Chinese electronic/cyber/IW then this is a good place to start. Not too heavy but it gets the point across to those who are not so up to speed on the politics, the tech, or the stratagems involved.

ANONYMOUS/SEA/LULZSEC

Anonymous, as someone on my Twitter feed was just asking me as I was writing this piece, is also a part of this picture as well. The idea of asymmetric online warfare is really embodied by these groups. The book focuses more on Lulzsec and their 50 days of sailing but it doesn’t go too in depth with the derp. Suffice to say that all of them are indeed important to cyber-warfare as we know it and may in fact be the end model for all cyber-warfare. How so? Well, how better to have plausible denyability than to get a non state group to carry out your dirty war? Hell, for that matter how about just blame them and make it look like one of their ops huh?

Oddly enough just days ago Hammond wrote a piece saying this very thing. He intoned that the FBI via Sabu were manipulating the Anon’s into going after government targets. This is not beyond comprehension especially for places like China as well. So this is something to pay attention to. However, this book really did not take that issue on and I really wished that they had. Perhaps in the next updated edition guys?

THE GRID

OY VEY, the “GRID” this is one of the most derpy subjects usually in the media as well as the books/talks/material on cyber-warfare out there. In this case though I will allow what they wrote stand as a “so so” because they make no real claim to an actual apocalypse. Instead the book talks about the possible scenarios of how one could attack the grid. This book makes no claim that it would work but it is something to think about especially if you have an army of trained squirrels with routers strapped to their backs.

It is my belief that the system is too complex to have a systematic fail of apocalypse proportions and it always has been so. If the book talked about maybe creating a series of EMP devices placed at strategic high volume transformers then I would say they’d be on to something. However, that said, the use of a topological attack model was a good one from a logical perspective. They base most of this off of the Chinese grad students paper back years ago so your mileage may vary. So on this chapter I give it a 40% derp.

WHAT’S MISSING?

All in all I would have liked to have seen more in the political area concerning different countries thought patterns on IW/CW but hey, what can ya do eh? Additionally I think more could have been done on the ideas of offense vs. defense. Today I see a lot of derp around how the US has a GREAT OFFENSIVE CAPABILITY! Which for me and many of you out there I assume, leads me to the logical thought conclusion of “GREAT! We are totally offensive but our defense SUCKS!” So much for CYBER-MAD huh?

I would have also like to have seen more in the way of some game theory involved in the book as well concerning cyber-warfare. Some thought experiments would be helpful to lay out the problems within actually carrying out cyber-war as well as potential outcomes from doing so more along the lines of what I saw in the Global Cyber-Game.

OVERALL TAKE

Well, in the end I think it is a good start point for people to use this in their syllabus for teaching IW/CW today. It is a primer though and I would love to see not only this end up on the list but also the Global Cyber Game as well to round out the ideas here. To me it is more about “should we do this?” as opposed to “LETS FUCKING DO THIS!” as the effects of doing so are not necessarily known. Much of this territory is new and all too much of it is hyped up to the point of utter nonsense. This is the biggest problem we have though, this nonsense level with regard to the leaders of the land not knowing anything about it and then voting on things.

We need a more informed populace as well as government and I think this book would be a good start. So to the person who asked me to review this..

Put it in the syllabus!

K.

State Of Surveillance: PRISM & Other Driftnets

leave a comment »

Zlx kpkmn qp hbx ieandl bh hi lxjywy kx hbxbr bcjzwgy, lhnzix, jczsll, tnp cxmmvzw, tzhmsmv eblxtsalsitx yitkjljm cxr mxbzgpwz, aagpe gvx gy xscftmep, yfk vh Cekkhrym urofe bsesw, icm athg wvtvclzy vtuec, kbxiuvmxk fd Icdv ik tfrgjtimosg, tuh uutdwwneadjq kmlivbuprl njo dftve fm tl axgvvalh, fhf dvy ixremfz wk zlbgnw yi do gybsep.

Revelations

Some of you out there may be shocked and dismayed that the NSA and the FBI as well as other “customers” in the IC world have been collecting vast amounts of data from sources like Verizon (telco) and Google (internet) sources. Others already knew this but perhaps did not understand the sheer scope of the hoovering that has been going on. Myself, well I have had an inkling since I read the manuals for the NARUS STA-6400 system back in 2003 I think it was. That system was the progenitor of what we are seeing now within not only PRISM but other as yet to be named projects. Suffice to say though that we are well and completely surveilled and we have ourselves to blame really. We elected these people into positions of power and we also have not taken enough steps to insure that our elected government is being ethical, moral, and legal in their actions.

These programs have been ongoing for some time now and it seems now they have become monsters that some even within the vast machine have decided are too big and too scary for the government to have control over without the public’s knowledge. Whoever leaked this information must have reached much the same conclusions that we all are now post the leaks that the government wields a set of tools that it should not be using without the approval of the governed who’s rights they are “encroaching” upon and for this I laud them. It is my personal feeling that the government and the LE as well as IC community have overstepped their bounds in this driftnet surveillance behemoth that they have built in the name of anti-terrorism. It is also my opinion that the number of plots allegedly broken up before going into action does not outweigh the constitutional rights that they are contravening to uncover and stop them.

Equivocations

Since the revelations on the wiretapping, metadata, and now internet content slurping we all have seen the reaction of the IC and the administration in response to them. What we have seen thus far has been a set of carefully worded speeches and ameliorating press releases hoping to quell our distrust in our leaders and these constitutionally questionable programs. The height of this for me was President Obama’s press meeting to address the issues where he uses language that basically says “ok yes you are right, your rights are being encroached upon but the benefits of this program outweigh your rights” This was a telling for me as the implication here is that the president, who is in fact alleged to be a constitutional scholar knows and admits that these programs are infringing on our fourth amendment right to privacy.

So what we have here is an administration that has not only carried on the programs and ideals of the previous piteously poor one but gone as far as to expand them for our “greater good” all the while increasing the classification of everything to protect their bad decisions from the public they claim to be protecting. This all may well have been done with good intentions but as “we the people” see it after the fact it comes off as overreach and Orwellian to say the least. In my world view having the power to do something is one thing if you have a sunlight policy that allows for some transparency but all of this is covered in a cloak of secrecy under the rubric that it is to protect us all from terrorism. While I can understand the need for operational security in anti-terrorism and intelligence work I cannot say that this data mining in the way it is being carried out outweighs the fundamental right to privacy that the Fourth Amendment affords all citizens. Furthermore all of the alleged oversight and controls that are in place over these programs may be best intentions but this is not to say that the programs cannot be abused or end run around by those in the chain of command to their own ends. Remember that it was Nixon who ordered the taps of enemies including the NSA as a means to that end until J. Edgar Hoover, out of a feeling of losing his own power, stopped the NSA by threatening to out the president and the program. So there is a history here to be cognizant of and that history is basically the aphorism; “Power corrupts and absolute power corrupts absolutely”

No matter the equivocations or couched and secretively worded explanations that this is all for “our good” the people have a right to reserve judgement as well as demand accounting on what is being done in their name by their duly elected government. The problems though for me are that all too many times the choices are classified, national security letters used to quash any resistance, and oversight by the people prevented with rhetoric over the greater good and this is wrong. The governed need to have a say in this and the government is not allowing that by classification and word play. Games of word semantics may be fun if it were just a game but when it comes to programs like PRISM it’s all really just sleight of hand and NLP to allow the government to do what it wants to, the most expedient thing, to protect the homeland (another nice NLP there by the way) from terror. I guess the question then becomes could this activity be carried out in a better and more transparent way that would still work against terrorism?

Hand Wringing

Look we know that communications are being watched. The terrorists know it too and have used tradecraft to protect their actions in the past. It’s really just common sense, so really do we need to keep it all a secret that we are collecting information? For that matter, do we need to really collect everything and sift through it to find that needle in the haystack as the press has been going on about? As I remember it the players have pretty much been known quantities even after the advent of the internet and the FISA court was a good tool in keeping the government on the straight and narrow with regard to taps and surveillance. In fact the FISA was set up to prevent another Nixon like abuse of the system. Now though it seems like the technology has outstripped the ability of a court like FISA to really watchdog the watchers and has become more of a lapdog than a pitbull. Remember that the FISA court was being end run quite a bit during the Bush administration because it held them up in their eyes. What then happened was the Patriot act and other mechanisms to make it easier for the LE’s and IC’s to just get what they wanted without a warrant, something we came to know as “warrantless wiretapping” or “roaming taps” where the FBI and others could just start surveillance without a warrant for up to 72 hours. It all began there really and down the primrose path we all went.

Frankly the Congress in my eyes went along with all of this because of a couple reasons. The first reason was fear. The second reason was fear of not being re-elected. Both of these reasons are no good and completely spineless. What has happened is that we went from a country of checks and balances to a country with few of either because you can’t check or balance that which has been classified as secret can you? Of course I also blame the populace as well for not being engaged in their governance as well but in cases like this it is much more about things being done in secret and not about us being disinterested. The telling thing will be what happens from here. Will the populace demand some sort of accountability? Will there be a groundswell of support for measures to insure the government is not abusing this power they have in collecting all this data? Or will we all go back to sleep collectively and settle in to watch Survivor and probe our navels? Things will remain status quo unless the populace speaks up and does something about it and if they do not it is my opinion that we will keep sinking further into a surveillance state.

Anger

Anger is what we need now and it is anger we should be feeling over all of these revelations this past week. I want you all out there to take a long look back at our country’s actions and laws since 9/11 and think. Do you really want to be represented to the world by the actions of total information awareness and prevarications by John Yoo that torture is acceptable as a common practice? Do you really trust that the government, law enforcement, and the IC’s will not overstep even more and abuse the system in place today for their own needs? Finally, do you really think that your government and those within it are that altruistic as to be all shining versions of Mr. Smith? I really don’t believe that you all think that that is the case so why would you just lay there and allow all this to go on without at least some kind of sunlight policy allowing the governed to know what the government is doing in their name or more to the point to the governed?

As for me well, I am just a dark bastard as some have called me. You might read this and think well that’s just him, but, I implore you all out there to take a step back and look at our history and the nature of human nature and then decide. I think you will all come to the same conclusion that this is the wrong path to be on. No matter how many times the players may tell you that the game is played fairly and for your protection ask yourselves and them to tell you how many times it has foiled a plot and saved us from ruin. If they say “well we can’t because it’s classified” then I want you to see them in a pair of plaid pants and white belt with matching shoes trying to sell you a car …because that is what they are doing.

Get angry and demand some transparency. Keep your eye on them because in fact you cannot trust them. Given the power to do what they like they will do so especially if there are no repercussions as it’s all classified. Alternatively though and in reality all you can do today is use encryption and take care with your communications if you do not want Uncle Sam and his pals to know about them. As I see it now they have a complete backdoor into everything and people start to use more encryption I would expect crypto to become a munition again….

But that’s just the dark bastard in me I guess…

K.

Written by Krypt3ia

2013/06/09 at 17:34

The Emperor Is NAKED

leave a comment »

emperornaked

gedh gedh gedh gedh gedh gedh

OMG THE DAM DATA!

Last week a report came out on Wired about how the ACE (Army Corps of Engineers) database was hacked by China and “sensitive” dam data was taken.. By China, let that sink in for a bit as there was no real attribution data in the story. Anyway, aside from the BOOGA BOOGA BOOGA headlines I had to wonder just how hard it was for these “Chinese” hackers to get in and steal the all important super secret DAM data. Given the nature of this type of site and the groups involved in generating, managing, and *cough* protecting it, I had a feeling that it would be rather easy to get the information without having to be uberleet. Sure enough a quick Google Fu session showed me how easy it was to just bypass the login and password scheme as a proof of concept. You can see from the picture at the top of the page that you can just download what you like there (16 meg on dams alone) just by clicking a link on Google and then the link on the page that is not supposed to be served out without authentication.

*I feel so secure now*

So yeah, there you have it and I still cannot understand how the media types paid no attention to my attempts to make them aware of this little factoid. See, here’s the thing kids, I didn’t go any further. Nor did I download the 16 meg file because, well, no one else wants to be Aaron Swartz right? I am sure they could even try to squash my nuts over this post alone but hey, I am sick of the bullshit stories of China hacking our shit when in reality all one need do is GOOGLE the information. This is not to say that this information here is the SAME information that was allegedly stolen by China, but it is a PROOF OF CONCEPT that the site, EVEN TODAY is still insecure and leaking information without authentication!! (yes above pic was taken today via a tor node) So, when I stopped there one has to continue to wonder if you looked further and enumerated more of the site by directory walk could you in fact get even more access?

Feel the derp burn…

OMG CHINA!

Meanwhile back in the hallowed halls of Congress and the Pentagon we have reports coming out in pdf that China is hacking our shit to gain a better “war footing” by taking such data as what this story is all about. DAMS COULD BE BLOWN! WATER COULD LEAK! LIVES LOST! yadda yadda yadda. If you were to take it seriously then one would think that SECOPS demands that this data would be classified and protected per classification. Obviously it wasn’t given the access that you see above as well as the alleged password issue that the hack was allegedly predicated on in the Wired article. But I digress.. I am meaning to talk about China… Yes, so the DOD puts out a report that is subtly saying that no longer are the Chinese only looking to steal IP but now they are looking for ways to stalemate us in war.

*blink*

NO WAY! Like we aren’t doing the same thing everywhere else as well? Derp! Look, it’s only natural that they would be doing so and their doctrine says as much. Just go take a read of their doctrine on all things cybery and you will see that the domination of the infoscape is really important to them. We have only been paying attention for a little while now and we have catching up to do! Alas though, not all roads lead to China so really, I would love to see some attribution on this alleged hack on the dam data when one, once again, could just GOOGLE that shit up. As they say on the internets.. “Pictures or it didn’t happen!”

OMG FAIL!

So here we are again. Our cybers are FAIL and the news media perpetuates more FAIL with their non depth articles on the problem. Maybe China stole some dam data. BIG WHOOP. The real story is that the site that it came from and the people watching it are not paying attention to the cyberz. Their clue phone is broken! They do not know how to “Internet” and it is just another derpy hype cycle in the media that allows China to be blamed for our own stupidity. I swear somewhere there is a Chinese guy laughing like Chumley rolling on the ground over this.

Smell our own fail kids… And weep.

K.

Written by Krypt3ia

2013/05/08 at 16:05

BofA Gets A Burn Notice

leave a comment »

data-deeper

rode bb iqdnpmbia fpn’k ybi lr qektrf?

PARANOIA 

par·a·noi·a

[par-uh-noi-uh]  

noun

1.

Psychiatry. a mental disorder characterized by systematized delusions and the projection of personal
conflicts, which are ascribed to the supposed hostility of others, sometimes progressing to
disturbances of consciousness and aggressive acts believed to be performed in self-defense or as a mission.
2.

baseless or excessive suspicion of the motives of others.
Also, par·a·noe·a  [par-uh-nee-uh]  Show IPA .
Origin: 
1805–15;  < Neo-Latin  < Greek paránoia  madness. See para-, nous, -ia

Paranoia , the Anonymous intelligence division (self described) published a dump of data ostensibly taken from Bank of America and TEK Systems last week. The information presented seems to show that BofA had contracted with TEK to create an ad hoc “Threat Intelligence” unit around the time of the LulzSec debacle. Of course since the compromise of HB Gary Federal and the revelations that BofA had been pitched by them to do some contract work in the disinformation business it only makes sense that BofA would set up a threat intel unit. The information from the HB Gary dumps seemed to allude to the fact that BofA was actively looking to carry out such plans against those they perceived as threats. Anons out there took great umbrage and thus BofA was concerned.

This blog post is being put together to analyze the data dumped by Anonymous and to give some perspective on what BofA may have been up to and to set some things straight on the meanings of the data presented by Paranoia. First off though I would like to just say that I think that generally BofA was being handed lackluster threat intel by a group of people with intelligence background. (for those names located in the dumps their LinkedIN pages showed former mil intel work) This of course is an opinion formed solely from the content that was available online. There may have been much more context in formal reports that may have been generated by the analysts elsewhere that was not open for the taking where Anon found this dump. The daily and monthly reports found in the database showed some analysis but generally gave rough OSINT reports from online chat logs, news reports, and pastebin postings. There seemed to be a general lack of product here and as such I have to wonder if there ever was or if perhaps those reports never made it to the internet accessible server that anonymous downloaded them from.

B of A’s THREAT INTELLIGENCE TEAM

Since the leak of their threat intelligence BofA has been recruiting for a real team it seems. A Google of the parameters show that they have a bunch of openings all over the place for “Threat Assessment” It makes sense since the TEK Systems team may in fact be mostly defunct but also that they likely would want an in house group and not have to pay overhead on consultants to do the work for them. TEK’s crew as well may have been the problem that caused the leak in the first place by placing the data in an accessible area of a web-server or having passed the data to someone who did not take care of it. Either way it looks as though BofA is seeking to create their own intelligence apparatus much as many other corporate entities are today. The big difference though is what exactly is their directive as a group is to be.

One of the problems I have with the Paranoia analysis is that they take it to the conspiratorial level and make it out to be some pseudo CIA like entity. The reality though is that from what has been shown in the documents provided, that this group really was only tasked with OSINT and threat intelligence by passive listening. This is a key difference from disinformation operations and active participation or recruiting of assets. I will cover this in more detail further on in this post so suffice to say that what BofA was doing here was not only mediocre but also not Machiavellian in nature. The argument can be made though that we don’t know the whole picture and I am sure Paranoia and Anonymous are leaning that way. I cannot with what I have seen so far. What I see is an ad hoc group of contractors trying to create an intelligence wing as a defensive maneuver to try and stay ahead of incidents if not deal with them more effectively should they not be able to stop them.

Nothing more.. Nothing less.

Threat Intelligence vs. Analysis and Product

All of this talk though should be based on a good understanding of what intelligence gathering really is. There are many variations on intelligence tasks and in this case what is clearly seen in the emails and documents is that this group was designated as a “Threat Intelligence” collection group. I have written in the past about “Threat Intelligence” and the misnomer many have on the idea that it is some arcane CIA like pursuit. One of the bigger problems overall is perception and reporting where intelligence gathering is concerned. Basically in today’s parlance much of the threat intelligence out there in INFOSEC is more around malware variants, their C&C’s and perhaps who are running them. With the advent of APT actors as well as criminal activity and entities like Anonymous the paradigm of threat intelligence has come full circle back to the old school idea of what it is from the military sphere of operations.

Today’s threat intelligence is not only technical but also human action driven and this makes it even more important to carry out the collection and analysis properly in order to provide your client with the information to make their decisions with. Unfortunately in the case of the data from BofA we see only sketchy outlines of what is being pasted online, what may be being said in IRC sessions, and what is in the news. Nothing overly direct came from any of the data that I saw and as “product” I would not be able to make much of any decisions from what was presented by TEK Systems people. What is really missing within the dump from Paranoia was any kind of finished analysis product tying together the information in a cogent way for the executives at BofA. Did TEK actually carry this type of activity out? Were there actual reports that the execs were reading that would help in understanding the contents of the raw intelligence that was being passed on in emails daily and monthly? I cannot say for sure. What I did see in the reporting (daily threat reports as well as monthly) were some ancillary comments by a few of the analysts but nothing overly structured or productive. I really would like to know if they had more of an apparatus going on here as well as if they plan on creating one again with all of the advertised positions in that Google search above.

Threat Intelligence vs. HUMINT

This brings me to the whole issue of Threat Intel vs. HUMINT. It would seem that Paranoia thinks that there is much more than meets the eye within the dump that makes them intone that there is a HUMINT (Human Intelligence) portion to the BofA program. While there may well be some of that going on it was not evident from any of the documents I looked at within the dump files. HUMINT would imply that there are active participants of the program out there interacting with the targets trying to recruit them or elicit information from them. With that kind of activity comes all of the things one might conjure up in their heads when they think on NOC (Non Operational Cover) officers in the CIA trying to harvest intelligence from sources (assets) in the field. From everything seen that was posted by Paranoia this is not the case.This operation was completely passive and just collecting data that was in public view aka OSINT. (Open Source Intelligence) Could BofA be seeking to interact more with Anon’s and generate more personal data other than that which the Anon’s posted about each other (DOX’ing) sure but there is no evidence of that. Given the revelations with HB Gary though I can see why the Anon’s might be thinking that they are likely taking more robust non passive actions in the background elsewhere though. Overall I just want everyone to understand that it’s not all cloak and dagger here and seems that Paranoia has a flair for the dramatic as a means to get their point across. Or, perhaps they are just living up to their name.

Assessment

My assessment in a nutshell here of the Paranoia BofA Drop is as follows:

  1. Paranoia found some interesting documentation but no smoking gun
  2. TEK systems did a mediocre job at Threat Intelligence with the caveat that I am only working with the documents in plain view today
  3. BofA like any other company today has the right to carry out this type of activity but they need to make sure that it’s done well and that it isn’t leaked like this
  4. If more documents come out showing a more in depth look at the OSINT being collected then perhaps we can change the above findings
  5. BofA needs to classify their data and protect it better on this front
  6. Paranoia needs to not let its name get the best of itself

All the drama aside this was a ho hum really. It was funny seeing all the analysts taking down their LinkedIN pages (really, how sekret squirrel is it to have a LI page saying who you work for doing this kind of work anyway? SECOPS anyone?) I consider those players quite burned and assume they are no longer working on this contract because of it. All you analysts out there named, you are now targets and you are probably learning SECOPS the hard way huh? I guess in the end this will all just be another short chapter in Encyclopedia Dramatica and an object lesson for BofA and maybe TEK Systems.

For everyone else.. It’s just LULZ.

K.

Counterintelligence, False Flags, Disinformation, and Network Defense

with one comment

//B zrxr wwmpxjnp vf ygwyr jh kur gig vvbxv nf o “yinwf zcnt”. Ilmf xp vv lbi vwwpe grxr mhct sxh ubpifmpxt qzgu o izkruyi nar t tcqjhrgrf. Mpgwf xrlf hawwki, CU’f uoom oehhvgvq lbtmqm, ybywzzcqt, ueq vbyzcvfx nngsk ucvlm. Pbh bxmf e qlf.\\

Threat Intelligence, Counterintelligence, and Corporate | Nation State Espionage

“Threat Intelligence”, a term that is just behind the oft used “Cyber” and God forbid, “Cyber” is all too often put in front of it as well to add more oomph for sales people to sell their brand of security snake oil… “But wait there’s more!” We also have other spook terms being kluged into the INFOSEC world now because, well, it’s cool to those cyber warriors out there. I know, I sound jaded and angry, which, yes, yes, I am, but… Well, it’s just gone completely off the rails out there. I hear people talking about these topics as if they know what they are talking about even with the exceedingly limited scope of digital security matters (i.e. hacking/forensics/defense)

I would like to clear the air here a bit on these terms and how they do really apply to the world of INFOSEC that we in this business now find ourselves in, one littered with military and spook terms that you may not be really familiar with. First off, lets look at the terms that have been thrown around here:

Threat Intelligence: In the spook world, this is the gathering of intelligence (HUMINT/MASINT/SIGINT etc) to determine who has it in for you and perhaps how they plan on getting at you.

Counterintelligence: Spies who hunt other spies (Mole Hunts etc)

Espionage (Nation State and Other) The umbrella under which this whole rubric exists. Nation state and other have the component of “Industrial” as well (i.e. IP theft)

Ok, so, where once we used to only have people in three letter agencies worried about “ThreatIntel” we now have the INFOSEC community looking at “threats” to their environments and calling it “Threat Intelligence” now. While it’s a cool name, does it really apply? What was it before the whole APT thing broke as well as the cyberwar-palooza we have today? For the most part, I can see only half of the term applying to any non state entity or three letter agency and that is of what “threats” are out there today. This means what exploits and pieces of malware are out there that your environment would be susceptible to.

Nothing else.

That is unless you suddenly have a company that has decided to launch its own “Intelligence arm” and yes, this has happened, but usually only in larger companies with defense contracts in my experience. Others though, have set them up, like Law firms, who then hire out ex spooks to do the work of counterintelligence as well as intelligence gathering to have an edge over everyone else. Perhaps this is bleeding out into other areas as well in corporate America huh? The point here for me is that unless you have an intelligence arm (not just INFOSEC) you should not be using the term “Threat Intelligence” as an encompassing statement of “there’s malware out there and this is what it is” Point blank here, IF YOU AREN’T DETERMINING WHO YOUR ADVERSARY IS AND WHAT THEIR PLAN IS… IT”S NOT THREAT INTELLIGENCE.

Looking at IP’s on an SIEM and reacting to a triggered event is not threat intelligence. It’s INCIDENT RESPONSE. It’s AFTER THE GOD DAMN FACT OK?

So, stop trying to make it sound cooler than it really is people. To further this idea though, we still have “Counterintelligence” which FOR FUCKS SAKE I have personally seen in a title of a complete MORON at a large company. This fucker sits around all day looking at his stock quotes though, see, it’s just a cool title. It has no meaning. UNLESS you really have an operational INTELLIGENCE UNIT in your company.

*Look around you.. Do you? If not then STFU*

If you do have a real intelligence wing in your org that carries out not only COUNTERINTEL/INTEL/HUMINT/THREATINTEL then more power to you. If not, you’re deluding yourselves with militaristic terms and cyberdouchery… Just sayin.

However, the way things are going with regard to the world, I should think that you might see more of these kinds of intelligence arms springing up in some of the larger corporations of the world. It’s a rough world and the fact that everything is networked and global has primed the pump for these kinds of activities to be a daily operations tool. It’s now the blurring of the lines between what nation states solely had the control and aegis over to now its becoming privatized and incorporated.

William Gibson saw it.. Phramacombinats and all.

False Flags and Disinformation Campaigns

Which brings me to the next level of affairs here. When I was on the DEFCON “Fighting Monsters” panel, I made some statements that seem to have come to pass. I spoke about how Anonymous would have to worry about “False Flags” against their name as well as expand upon the idea that Pandora’s box had been opened. Nothing on the internet would really be the same because we all had moved into the “spook world” by the actions of Anonymous as well as things like Stuxnet. The lines had been blurred and all of us net denizens need to be aware that we are all pawns in a series of greater games being played by corporations and governments.

Since then, we have seen many disinformation campaigns (think sock puppets on social media, fake news stories, rumours, etc) as well as false flag actions where Anonymous may have been blamed or named for actions that the core did not carry out. So many times since then we have seen Anonymous attempt to set the record straight, but, like I said before, who’s gonna believe them because they are “anonymous” and disparate right? Could be anyone… Could be them… And with previous actions, are they to be trusted when they say they did not do it? See, the banner thing (hive mind) has a tremendous proclivity for severe blowback as they have learned.

What’s sauce for the goose though, is also good for the corporate, political, private gander right? How many Acorn operations do you need to see happening in the election cycle to realize that this has been going on for some time and that, now, with the internet, its easier to perform these kinds of operations with a very small group with minimal effort as well? Pandora’s box was not only opened, it was then smashed on the floor and what was once contained inside has been forever unleashed upon us all.

Yay.

Now, going back to you INFOSEC people, can you then foresee how your companies reputation or security could be damaged by false flag operations and disinformation? A recent example may in fact be the attack purported to be on against Josh Corman of Akamai because he said some things that “some” anonymous players did not like. Were they really out to get him? Were they doing this out of outrage or was there another goal here? What you have to ask yourselves is, what is my company and it’s employees susceptible to in this area? Just as well, this also applies to actual attacks (DDoS etc) they could be signal to noise attacks. While the big attack is going on, another team could be using the fog of war to sneak into the back door silently and un-noticed.

See where I am going there?

In the case of Josh, do they want to D0X him or do they want to force Akamai to maybe flinch and let him go because of bad press, and potential attacks on their infrastructure and management?

Ponder that…There are many aspects to this and you have to have a war mentality to grasp it at times. Not all attacks frontally are the real attack today. Nor are all attacks on players what they may seem to be in reality, the adversaries may in fact have a longer game in mind.

Network Defense and Network OFFENSE

Ok, so back to reality today with many orgs and their INFOSEC programs. You are looking to defend your network and frankly you need not have “cool” names for your program or its players. What you need is to be mindful of your environment and pay attention to the latest attacks available that would affect it. Given today’s pace though, this makes just about everything suspect. You can get yourself an IDS/IPS, an SIEM, Malware protection, and all kinds of things, but, unless you know where shit is and what it is, you lose the big game. So, really, threat intelligence is just a cool name for an SIEM jockey today.

Like I said, unless you are doing some real adversary profiling and deep inspection of attacks, players, motivations etc, you are not doing THREATINTEL. You are minding the store and performing network defense… i.e. your job.

Now, on the other end of the spectrum lately, there have been certain douchenozzles out there saying that they can sell you services to protect your org with “OFFENSE”

*blink blink*

Offense you say? Is this some new form of new SPECWAR we aren’t aware of? Firms like the more and more vaporware company “Crowdstrike” seem to be offering these kinds of services, basically mercenaries for hire, to stop those who would do you harm. What means are they going to employ here? Obviously performing what they see as intelligence gathering, but then what? Once you have attribution will there then be “retribution” now like so many Yakuza centric stories in Gibson novels? I’m sorry, but I just don’t see this as viable nor really any kind of a good idea whatsoever… Leave it to the three letter agencies.

Alas though, I fear that these companies and actions are already at work. You can see some of that in the link above to the book I reviewed on private intelligence and corporate espionage. Will your data be a part of a greater corporate or government conspiracy? Some black ops mumbo jumbo over your personal information perhaps? Part of some retribution for some attack perceived to have happened to company A by company B?

Welcome to the shadows and fog of espionage kids.

Going “Off The Reservation”

Overall, I guess I just wanted to lay some things out there and get people’s heads around the amount of douchery going on today. We collectively have gone off the reservation post 9/11 with PII, Privacy (lack thereof) and hacking. That entities like Anonymous came to be and now see the governments and corporations of the world as dark entities isn’t so hard to see when you look at the crap going on out there. What we saw in Team Themis was just one small spec in a larger “Cyber Beltway Banditry” going on today. Look to the other side where you have Fusion centers with private INTEL gathering capacities tossing out absolute crap yet spending BILLIONS of dollars and, well, there you have it.

Monkeys with digital guns.

We are off the reservation already and it’s every man  (or woman) for him or herself.

In the end though… If you have a title that says something like “CHIEF INTELLIGENCE OFFICER” on it, you’d best be at a three letter agency.. If not, then you are deluding yourself with EPIC DOUCHERY.

K.

Three Days of The Condor… With Malware…

leave a comment »

Rvy taes eha qgcq tlmbvq tqsix. Px iiuz ytwtqn cvzl dek. Yxi dtf fq wjzbbuk. Yahpv moi riagk lbrzy mop hm xte bdibuk. Mnm o tty aulu gchd fqsrrv rvy, mnm o uhvv iiuz filr, mnm gfflsze hcl dusi, mjmsx lzqn cflla, aulu uvm vyf oo hyx jed. Awr yx dmxl bazel, e nelcdbuk emrzv. Ubx te fwce simvn cgxu xte mcfk vj fhn qrk hrp ootvk as sies phb e xioh.


Turner: Do we have plans to invade the Middle East?
Higgins: Are you crazy?
Turner: Am I?
Higgins: Look, Turner…
Turner: Do we have plans?
Higgins: No. Absolutely not. We have games. That’s all. We play games. What if? How many men? What would it take? Is there a cheaper way to destabilize a regime? That’s what we’re paid to do.
Turner: So Atwood just took the games too seriously. He was really going to do it, wasn’t he?
Higgins: A renegade operation. Atwood knew 54/12 would never authorize it, not with the heat on the company.
Turner: What if there hadn’t been any heat? Suppose I hadn’t stumbled on their plan?
Higgins: Different ballgame. Fact is, there was nothing wrong with the plan. Oh, the plan was all right, the plan would’ve worked.
Turner: Boy, what is it with you people? You think not getting caught in a lie is the same thing as telling the truth?
Higgins: No. It’s simple economics. Today it’s oil, right? In ten or fifteen years, food. Plutonium. And maybe even sooner. Now, what do you think the people are gonna want us to do then?
Turner: Ask them.
Higgins: Not now — then! Ask ’em when they’re running out. Ask ’em when there’s no heat in their homes and they’re cold. Ask ’em when their engines stop. Ask ’em when people who have never known hunger start going hungry. You wanna know something? They won’t want us to ask ’em. They’ll just want us to get it for ’em!
Turner: Boy, have you found a home. There were seven people killed, Higgins.
Higgins: The company didn’t order it.
Turner: Atwood did. Atwood did. And who the hell is Atwood? He’s you. He’s all you guys. Seven people killed, and you play fucking games!
Higgins: Right. And the other side does, too. That’s why we can’t let you stay outside.

The Geopolitics of Fossil Fuels

Since the discovery of fossil fuels (oil and the derivative of gas from it) we have had a real love affair with it. Though it was tough to get out of the ground and then refine into a usable product we decided that it was the best alternative to keeping our lights on and our cars running. Since then, the resources have become the aegis of foreign and domestic policies globally, and likely will continue this way until the last drop of fuel is burned by some car somewhere. It’s these policies that I believe are driving the recent attacks on oil and gas firms within the Middle East recently. There may be some tit for tat as well, and maybe a warning to certain players, but, overall, it seems to me that a game is being played. Of course, all the games have been being played in the region of the Middle East because of the need for fossil fuels, anyone who says otherwise I think, well, is delusional.

Whether or not you are a “tipping point” believer, in general, we have seen over the years many instances where the Med has affected and still affects today, the price of gas and thus, the cascade effect prices on just about everything because we are dependent on the gas to move things, to grow things, to.. Well you get the point right? No gas means no economy really today. So, this is an imperative and those countries seeking to gain access to said fuel resources would not be above trying to get a competitive edge over others, never mind the possibilities of gaming the owners of the resource from the start right? Add to this the pressures today of the instability in the region (and really, when has it ever been really steady?) and you have quite the motive to use espionage to get that advantage and deny others the access they too desire.

It’s with this in mind that I have been sitting back and watching the events with Saudi Aramco and RasGas with some interest. I have been reading the news reports as well as the malware assessments and cannot help but see a parallel with the movie “Three Days of the Condor” from 1975. The story line moves along the lines of an analyst finding an unsanctioned plot to overthrow a government in the Middle East over oil. This film stuck with me since seeing it as a kid in the 80’s and I have quoted it before in posts on other things. This time around though, I think we are seeing some more direct actions by persons unknown, to manipulate the playing field where oil or fuel resources are concerned..

Albeit with a modern twist for today.

Spygames  with Malware

Virus origin in Gulf computer attacks in question

New Virus Hits Oil Giant, LNG Producer

At least two types of malware are alleged to have penetrated Saudi Aramco and RASGAS in the last month or two. Not much is known about them, though Shamoon aka W32.Disttrack seems to have been pulled apart a bit by Symantec. Not much has been really made in the press over these attacks and those attacked have been quiet as well. Both RasGas and Saudi Aramco though, made statements that none of their production or distribution systems were affected by the malware, a claim that they have not really backed up with facts I might add. However, as far as we can see thus far, those statements are overall true because there are no reports of system breakdowns in getting the product to and from the companies collectively.

As it would seem from the analysis thus far of Shamoon, the malware seems to be the run of the mill data thievery type that is almost COTS in a way. The more interesting bits seem to be around the “wiping” feature that was written into it. Why the malware was made to wipe the MBR is a bit of a mystery to me and seems rather amateurish in a way that leads me to believe either someone is playing it very smart, or, they are just malicious.

I can’t be sure which…

While the method of wiping is not as exotic as the so called “wiper”  Shamoon corrupts the MBR of the system and game over. I have not seen in any of the data so far (via googling) a means of triggering the wipe sequence on Shamoon though. One wonders if it’s just timed out or is there some trigger if it is detected or tampered with? Also, it is interesting to note that the name “Shamoon or Simon” is from a folder listed in the malware as well as the fact that this was targeted to the “Arabian Gulf” as the wiper module alludes to as well. So, this seems to have been a targeted attack from these bits of data and the fact that it’s penetration out in the wild is low from what I have seen online. It is likely that this was initiated by a directed phishing attack at the companies afflicted and worked it’s way through their networks. Networks by the way, that may not in fact have been separate from the ICS/SCADA networks, which it seems may not have been directly “affected” because the payload did not include any attacks on said systems. The only fallout would likely come from a PC getting wiped which could easily be re-imaged or replaced with a working copy.

Still.. What was the goal here? What data was taken? In the case of both Saudi Aramco and RasGas, a look with Google (Google Fu) shows that both companies had quite a bit of data hanging out there to exploit and use in an attack. Today though, most of their data has been redacted, but, you still can get some cached copies of interesting tidbits. Given that they were loose before, one might imagine that they were a rich target environment for the malware to ex-filtrate all kinds of documents to the C&C server. It would take a lengthy investigation as to their market placement and any potential deals ongoing to give some more context I think, but doing so would be an interesting diversion to understand these attacks a bit better as to motive though.

The Possible Players in Shamoon/Wiper/UNSUB Malware Attacks

With all that said, then who would be the likely players here? Is this nation state? Is it corporate espionage and acts of attrition in an ongoing oil war? It’s hard to say really. One source indicated to me that perhaps it was a move by Russia to give the hint to Iran on some internecine plot over power plays in the region. I personally think that the whole “cutting sword of justice” claim that they took down Saudi Aramco is bunk but hey, maybe a cabal of hackers did this to… Well do what? Perhaps there is more yet to be dumped online in a pastebin to give us the proper scope here. Overall though, it’s been really low key and not much has come out like I said on what was taken, what was done, and the damages to the systems/companies involved.

So where does that leave us regarding who did this? Well, pretty much where we stared, with supposition and guess work. Was this nation state? This is an interesting question. If it was nation state, could it have been a fledgling group, like say, the IRGC and it’s cyber hacking group recently formed? Would Iran benefit from such attacks? All good questions and something we should all ponder. However, the most interesting point there might in fact be that since the Stuxnet genie was let out of the bottle, it was only a matter of time before actors like Iran would make their own variants and loose them upon others. In the case of Iran though, they too seem to have been hit with the same if not similar malware in recent days as well, but, this does not presuppose that they didn’t have a hand in it.

All in all, there just isn’t enough information to nail down a culprit or culprits.. But, it does show us a precedent that we should all worry about just as much as we should over certain instances of attacks against pockets of ICS/SCADA implementations. What I am talking about is blowback from attacks.

Blowback

Blowback usually refers to consequences coming back on those who took the action in the first place. Here though, I am not only referring to those who carried out the malware attacks, but also on the rest of the world in certain scenarios like this. By attacking systems such as these, one could in fact cause market fluctuations depending on the markets and their jittery-ness. In the case of the oil business, we have seen great changes in prices due to not only the control over the oil and it’s price by the cartels (Saudi) but also how the countries are feeling about their markets and the state of affairs in the world. If you start tinkering with companies of this kind and by the product of destroying infrastructure (or the perception of such) you will be affecting the prices at least for those companies directly. What if though, you were to hit more of them at the same time and cause not only damage but the “perception” of insecurity within the system of oil/gas production and distribution?

This time nothing much seems to have happened, but one can only say this because there isn’t much information out there as to what really took place on those systems and networks. What if this played out another way, with much more press and obvious damages? This would be worse and might occur the next time whether or not it was intended by the programming of the malware. This all of course depends on the scope of the attacks and with that you have to wonder about nation state vs. non state actors here. The difference being, that a nation state may attack a wider variety of systems and companies as a precursor to war while the non state actors may just be looking for information or to hobble a competitor. Both however, could have unforeseen blowback from their actions.

What all of this says though, is that Pandora’s box has been opened. All the players are now taking the field, and many of them may not be ready to play a proper game… Shamoon did it’s thing, but it seems to be more a brute force tool than an elegant piece of code and a slick plan. The blowback though is yet to be determined.

K.