Archive for the ‘Internet Jihad’ Category
Dear Cloudflare, Please Stop Doing Business With ISIS
A while back I posted about a new darknet site that the da’eshbags at Dabiq have put out. I decided to circle back to the site to see what has been going on with it as I originally was kinda “meh” about it. When I looked today I noticed some things that perhaps I missed before, the primary point being that this site is being hosted/protected by Cloudflare. What we have here is a new hybrid of darknet onion hidden site and clearnet hosted and DDoS protected content by Cloudflare. The site itself is http://ou7zytv3h2yaosqq.onion/ while the cloudflare backend is dabiqservehttp.cf.
It isn’t new to see the jihobbyists using Cloudflare though, all the boards seem to be using them now on the clearnet but in the darknet this is a new hybrid model. No wonder this site is still up and still feeding fresh crap from Dabiq to Al Bayan radio feeds. Nothing can really take them down with this hybrid solution it seems. Of course a sustained attack on the onion server might do the trick but who’s got time for that huh? The fact of the matter is all their shit is out there and protected by a firm that doesn’t seem to give one crap about what they are hosting and protecting as long as they get paid.
MEANWHILE IN OPSEC NEWS…
These nitwits are commenting and leaving their hotmal, yahoo, and gmail addresses. GEE WHIZ!
Comments: http://ou7zytv3h2yaosqq.onion/11166 http://ou7zytv3h2yaosqq.onion/31656 http://ou7zytv3h2yaosqq.onion/18366 http://ou7zytv3h2yaosqq.onion/16501 http://ou7zytv3h2yaosqq.onion/15152
I sure hope the kids all enjoy hunting these idiots down… You see uhhhh the point of the darknet is to hide who you are.
Anywho… So new darknet things in new darknet ways. The jihad has moved itself into the darknet a little further with the help of Cloudflare.
K.
Ansar Al-Khilafah ZeroNet Edition…. Meh.
So a new jihadist/Da’esh site popped up in August (15th) that I was not aware of and was brought to my attention via a tweet at me this afternoon. The primary reason for not being really aware of it was that ostensibly the site is pseudo hidden by it’s being on “ZeroNet” which is a new form of darknet within the P2P systems like Bittorrent. The idea being that this site is hosted and torrented and is thus not really hosted on one system but potentially many.
Site location: Ansar Al-Khilafah http://127.0.0.1:43110/1F6yfsn94xyLo93zRgdKRjoLUtZGHYM11N/
Tweet by Manuel Torres pointing out the site
The site itself has a copy in the clearnet on wordpress so there is no great secret here. It is also a known quantity and the reality is that the site is marginal in the ranks of Da’esh wannabe’s but has a few solid heavy hitters that hang around. The site is more circumspect on membership and is much more oriented to a stricter OPSEC regimen ala the Andar1 site that the same guys hosted a while back. A cursory look at the clearnet site (the zeronet site was unable to load with 5 alleged seeders) doesn’t give any apparent leaks as to the owners real identities, email addresses and the like, but, one can always dig a littler deeper now can’t one?
ZeroNet is an interesting idea and it is rather new, so the security around it has yet to be really challenged I think. I will look into that some more as well in my off hours. One wonders that the anonymization might fail if one were hosting data as well as sharing data that might have metadata to look at or even some slip in protocols might cause information leaks. ZeroNet also suggests you use ToR or you use a proxy when you host or surf so there is that too. If you don’t then you are sharing your raw IP, which I can imagine some idiots might fail to comprehend and thus their OPSEC goes bye bye.
More later.
K.
Leaderless Jihad and Open Source Jihad: A Marriage Made In Hell.
In 2013 I wrote about leaderless jihad and the “Stand Alone Complex” Now we are seeing this type of leaderless, “inspired by” thought virus playing itself out on the national stage. Last nights attack using a lorrie was something that was presaged by two issues of Inspire Magazine back in 2010 and 2014. There isn’t much to it really to gather some weapons, steal a truck, and then plow it into a crowd but it has taken this long for the insidious idea to take root in the collective unconscious of the would be jihadi’s. The days of a more rigid and trained “jihad” are being eclipsed by would be unbalanced individuals seeking attention and reinforcement of their sick ideas through the media, the internet, and our collective inability to look away from a tragic scene on a glowing screen.
2014 Inspire
2010 Inspire 2 “Ultimate Mowing Machine”
Soft targets were always the preferred avenue of attack but now they are becoming seen as a top priority for security forces since the attacks in France and other places like Bangladesh. While Dahka on the face of it had a contingent of more trained individuals the attack last night is as simplistic as they come. This is what is really scaring the populace and the security services because now it seems that the authors and actors of these acts are in fact just one guy and not a cabal that they could perhaps track using pervasive surveillance. A cell of one is hard to track and certainly if they self radicalize by just downloading Inspire magazine and watching YouTube, well, what can one do? There are no easy answers here in the world of detection and prevention.
So here we have it, I have been pointing this out for a while and at first it was AQAP trying to inspire “OSJ” or Open Source Jihad. Now Dabiq and Da’esh are carrying it on and furthering it with the media zeitgeist that ensues with each attack. The net effect here is that these people are selfradicalizing with the help of the media’s obsession on covering ad nauseum these acts. The pervasive hand wringing and talking heads only serve to whet the appetite of the would be jihobbyist into action. Forget the Inspire magazines and the videos, just watch CNN and that is enough it seems. This all is very much like the plot line to “The Laughing Man” arc of Ghost In The Shell. An act carried out on the media instilled others to carry out like acts to be on the media and further the idea(l) as well as serve as a means to self fulfil the actors need for attention and satisfaction.
This is pure psychology at work and there are a host of reasons and syndromes that could likely be pointed at to rationalize it’s happening. The fact of the matter is that now we are seeing it play out rather bloodily on the streets of the world in furtherance of an idea and ideal set that lends itself to the like minded.. Or should I say mentally ill? Yes, I would say mentally ill. These actors are acting out and likely have some borderline tendencies to start with. These people feel outcast in their societies or out of place within the societies they are living in as a second generation citizen. It is a complex thing to nail down and I suggest that anyone who might want to delve into it further read “Leaderless Jihad” by Marc Sageman.
We need a more nuanced approach to the GWOT and I am afraid we won’t get that…
K.
ASSESSMENT: Virtual World Recruitment and Operations of Jihadi’s In WOW
Virtual Worlds vs. The Internet or Darknet:
A recent post on Wired had a bold claim in the title; “U.S. Intel: Osama Bin Laden Avatar Could Recruit Terrorists Online for Centuries” that made me snort then giggle then facepalm. Once again we see that the government has been watching too many Hollywood movies and listening to too many cyber snake oil salesman. This current regurgitation stems from a newly declassified report that was requested by the IC on virtual worlds and terrorism (aka jihad) and makes some far fetched assertions about technologies that just aren’t there yet. Presently though we do have the internet and it can be seen as a virtual world in and of itself, and that is not even covering the idea of darknets. The report though really covers the idea that virtual worlds, i.e. game universes are the place where jihad will bloom as well as many sundry other types of illicit activities. While this idea is a common plot for B movies it has not really been the reality within the virtual reality of games like WOW (World of Warcraft) In fact a recent dump from “Snowman” (Ed Snowden) showed how the NSA had teams of individuals trawling WOW and other games seeking terrorists to little or no avail. Most took this as yet another invasion into the privacy we all thought we had, but some of us just had to laugh because we were in fact also tasked with looking for the AQ set in the same games as well.
So while the government think tankers and scientists were creating this report others were in fact looking not only in the game environments for secret comm’s but also within the internet itself. There are many boards online since 2001 that have sprung up and gone away as I have reported on over the years. The internet is the virtual world today and will likely be it in the future, we will just interface with it a little more organically with things like Google Glass or some other HUD devices. So yes POTUS and the IC, the terrorists are in the virtual world of the internet, just not so much are they plotting the end of the West in WOW or Second Life. In fact, to date they have yet to really make inroads into the Darknet as well so really, they aren’t hiding all that much with super secret sites, after all, they have to advertise to get recruits, this is why they came up with Al-Malahem in the first place.
Jihad Online:
To date the Jihadi’s have been on the learning curve as to how to leverage the internet. Much of their message gets lost outside of the insular community-scape of their lives as Muslims in the would be caliphate. Many sites are out there for the jihadi’s to talk to each other and they are mostly not very secret about them. Sure there are sites that are a little more stealth but in general the web is being used on one level to radicalize and proselytize. On the other end of the spectrum the C&C for Jihad is as easy as setting up an email and using encryption to send instructions back and forth. In fact, they now have chat rooms and programs for some point to point chat as well so really they are learning but I would hardly say that they are as cyber aware or capable as say an Anonymous cell today. I have written a lot over the past 13 years about this topic and investigated many sites and while it is a threat as a means of communicating and having a command and control base, I have also seen great gaff’s in OPSEC as well that lead right back to these notional jihadi’s (like the IP address in the tutorial video on how to hack of their own system) Sure, the jihad is online but it is not as Gibsonian as the paper linked above would make it out to be nor do I think it will be so in the near future.
Virtual Sociology and Psychology:
The paper linked above however is correct in some of its assessments on the future of the internet and technology to allow us to interface with it. We are creating more and more ways to interface with the data we love to share and as time goes on we will be more awash in a sea of it every waking moment of the day. This also leads to social and psychological developments on how we act as societies and people as well. I have written about this in the past as well and while this stuff is interesting the contentions in the paper are starting to come to pass. There is a section on criminality that we are seeing actually happen in the darknet with places like Silk Road, and all the criminality that seems to be flourishing in the darknet. This is happening now because TOR and the darknet implies that you can actually transact there in secrecy and keep your privacy, this leads to a dis-inhibition effect that leaves the user thinking they are invincible… Or more to the point invisible. This of course is now being shown not to be completely true with the arrest of The Dread Pirate Roberts (v1) and the take-down of the Silk Road (v1) site in the darknet. All of this too has to be taken into account when trying to kluge the idea that the internet or more to the point WOW is going to be the ground zero for terrorism. As the jihadi’s have seen with their efforts online it is hard to actually recruit and radicalize people simply through slick magazines and slogans, especially when you are asking a Westerner to strap explosives on and kill themselves in the name of jihad. The psychology of interaction when not in person is a problematic one so yes, the idea of a virtual you interacting in a metaverse while entertaining, is likely not going to actuate offline behaviour and actions.
What The Government Sees As Future State:
Once again the government and the politicians are getting spoon fed notions that there is a great dystopia about to take place where William Gibson novels are the reality. There’s a terrorist in every chat room and a dark cyber plot in each packet passed over the net. While once again this makes a great B movie, I have to once more say poppycock! It always amazes me what the government and military types will swallow from some think tanker’s delusion as reality and a clear and present danger. Since we have had the revelations that the NSA did in fact have people trawling in WOW, and I myself was tasked at one point to look into it as well we can extrapolate that people in power saw this and other like reports as the gospel. It is just an assumption here as well that as the net convergence continues and we begin using wearable computers with HUD interfaces that the government will be seeing more terrorists on every street corner as they are trying to type with their haptic gloves and it’s sad really.
ASSESSMENT of Jihadist Recruitment and Operations Online & In Virtual Worlds 2001-2014:
The assessment is this, as you see above, there was no real evidence of these games or virtual worlds being used for terrorism. Sure there is criminality going on but hey that happens everywhere and with every technological solution offered. Will there be terrorism on the net in the future? Sure. Are people plotting and planning things online now? Yes. Is it the Gibsonian novel that they seem to be making it out to be in the report linked above? Not so much. As for this notion that the avatar of Bin Laden will be exhorting and recruiting terrorists for a hundred years online and in the game verse? No. While there have been a couple games put out by jihadi’s in the past this has not proved to be something that worked for the masses and brought more to jihad. This notion of the Bin Laden avatar is just ridiculous and quite the one dimensional approach to thinking about the online world and the nature of the jihad.
K.
Darknet Jihad
ktkz://2e2xs6ocqy7qnnb7.gqifx/
Jihad on the Darknet
A couple years ago now I took a dip into the darknet and saw a sparse jihadi arcology forming. Today I took another tip toe through with jihad in mind and came up with a couple more sites. It seems thus far that the jihadi’s are not overly capable of holding down their sites in the clearnet because of the DERPD0S crews working the clearnets. So thinking that they will migrate to the dark may be a stretch at the present time overall. However, there have been a few in the past and there is one larger player today that may in fact get the others thinking about launching in the deep web.
Not to put this out there but well I am going to beg the question. Since all the DERPD0S and the assclownery one has to wonder just how long it is until the brothers get wise and place their sites in the dark. I mean sure, you can still attack them but you certainly can’t drop their domain’s through reporting them or looking for their expiration dates right? I do suppose that a DERPD0S in the darknet would work just as well but were you to keep the site real secret squirrel like you might have a better chance at real SECOPS no?
I know I know.. they aren’t that advanced on average (the average jihadi Joe or Jane) … Derp.
KAVKAZ
The first real player in this space though is the Kavkaz site. Kavkaz Center is a site and org that is considered by the US to be a terrorist org. The Russians have banned it and many do not really consider it a “news source” for anything other than Muslim (albeit Chechen) jihad. On their site today in the darknets you can get all kinds of information (news) as well as some media such as books on jihad. You can see the same content (mostly) mirrored online in the clearnet as well but in poking around on here I seem to be seeing things that are not a direct mirror which is interesting. Kavkaz as you might suspect also may have played a part in the Boston Bombings as they are the same players who were idolized by the Tsarnaev brothers. I have also written in the past about the Caucus campaigns including about another kid in the US who wanted to be a shahid but only ended up biting a Special Agent and landing in jail. I suggest that you all out there get to know the Caucuses because this is a hotbed of activity that has rivaled the new Syrian training grounds of jihad today. It has not slowed down and Russia will only put up with so much. The threat though is there even for us as we have seen with the Tsarnaev plot.
BITCOINS for JIHAD
The next jihadi darknet site is one that I have remarked upon before and has been pretty steady in uptime. The “Fund The Islamic Struggle Without Leaving a Trace” embraces the new technology of not only the darknet but also that of Bitcoins! The current wallet has a little over 2 coins in it and I have yet to really work on the wallet/blockchain angle as yet to see who it may belong to. This site interests me because on the face of it it could be a future issue at least within the West I think. It could be an interesting way to transfer money outside of the regular banking system as this currency is still off the radar for the most part where regulations are concerned. Once again though the hindrance here seems to be the lack of jihadi’s technical abilities to get into the darknet as well as create sites online I think. It is a new-ish technology but these guys here may be on the road towards more activity along the lines of Kavkaz.
Transient Jihadi Sites
According to TORCH (search engine in the darknet) there was a jihadi site (the usual PHP sites) that seems to have fallen off somewhere in the past year. I could not get a cache (this ain’t Googled kids) so no real idea on the content other than the description in TORCH that it was a jihadi site where people could discus the jihad. This alleged site reminded me of an idea I had in the past about the “transient” sites out there. If one were looking to have a covert channel site one could turn off the site and turn it on when wanted. It would make it harder to access/find and especially given the nature of the darknet as it is not “searched” by bots like Google. Let’s put it this way, if I wanted to be more stealth I would have a transient site with a pre-determined second channel communication to let people know when it will be accessible. All in all, in looking at the darknet where this is concerned it is still in it’s infancy. Others seem to have missed these sites (such as the INSS DOH!) but hey, they aren’t so technically inclined either eh? I will keep looking for the lulz out there and when I see something new and interesting I will let you know…
K.
Inspire 10: Changes In Attitudes.. Changes In Lattitudes…
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
We Are All Usama
Well the boys out of Yemen have created a new-ish version of Inspire Magazine and put it out for the masses of “Lone Wolves” in the West.At least that is their hope for their target audience though I am afraid that it is much more likely that the real readers are analysts like me and the press in reality however. This go around though they are in fact making some strides towards having a more “Western” and compelling message for those weak enough of mind to buy into their arguments of why a Muslim must perform Jihad.One of those exhortations is the phrase “We are all Usama” which somewhat resembles other catch phrases in past Western movements such as the 99% OWS movement today of “We are the 99%” What it shows is that the creators of the magazine are becoming more savvy to the ways of propaganda and are likely at home right now studying Goebbels and the films of Leni Riefenstahl for clues on how to get their brand across. Speaking of branding this whole magazine idea has been a leap forward for their means of trying to propagate their radical ideas and with each one they get a little closer to content that can actually sway the weak minded and this is almost worrisome… Almost. For the most part the magazine is still a ham-fisted attempt at trying to sway the believers into action but there are areas of subtlety that I think people should pay attention to.
Some New Twists
On the whole this is the same magazine that we have seen in the last 9 iterations. There are the usual citations of the Koran and Muhammad that attempt to focus in on the demand of Jihad by him as well as how through it you will gain rich rewards with him in the afterlife. However in this issue we have some new angles;
- We have a Muslima section by “Umm Yahya” *Mother of Yahya* that attempts to move Muslim women to push their men to jihad
- We have the “We are all Usama” catch phrase that has been set up to be a kind of TURK182 graffito to be splayed anywhere and everywhere
- A less strident tone overall that attempts to cajole the audience
- The use of ethics discourse on how the West is corrupt
- The coining of new portmanteau words such as Zio-Crusade and Zio-Crusaders
- Mirroring the political campaigns of the West using imagery and propaganda techniques
It seems that since the death of Samir the AQAP Al-Malahem group also had a new player in Askar Abu Yazeed who has since been killed in a drone attack. He may in fact have been one of the creators of some of this new spin but I can also assume that they have had plenty of time to try and come to grips with their issues of messaging in the interim. As I have said before in reports on issues 1-9 they have been grappling with a way to get their message to those Westernized Muslims and sway them to action. So far they have had very limited success with this and thus they are working the problems out with propaganda tools and psychology. As the Al Qaeda aegis wanes and the movement keeps having to move (or expand as they see it) to other countries like Mali (also mentioned in this issue as a great victory for them in their minds) I believe that the core group thinks the only way to revive the movement is to get a win on Western soil and that means to charge up the “lone wolves” of the Americas.
This also applies to any Westernized group and in fact the issue also makes this point clear that their main targets are America, England, Germany, and to a lesser extent anyone who sides with America. Generally though AQAP wants to move those on the cusp of action into it now by more subtle means as well as the overt. This magazine has a little of both in there which should be something we pay attention to in the CT community. It’s not just a war of bullets, it’s now a war of minds seeking to control others to get them to radicalize and act. AQAP has wanted that pivot point for some time and since AQ has been marginalized they want it even more. So much so that a new pivot has been introduced on the jihadist boards online where they set forth a plan to train people in the Pakistan and other areas then send them back to the West to train others in terror. No longer are they asking the proto jihadi to come to them nor are they saying to make bombs in mom’s kitchen (this did not work out well) they are instead becoming more tactically savvy. Will these tactics win out in the end and lead to some lone wolf carrying out a plan to fruition? I am not so sure but one has to pay attention to the message here to understand where the battle is going. I have to say that this issue was the closest one for me to something that would indeed get someone to move closer to action out of them all.
Subtleties
At the end of the day I have to say that the AQAP group is becoming more savvy and thus more of a limited danger. I say limited danger because I can only foresee a few jihobbyists being moved by these magazines to literal action. The psychology and sociological gaps between experiences here in the West as opposed to those in the lands of the Ummah are large and so radicalization here is a tough nut to crack. One of the more notable things in this issue are the subtleties that have been employed by the writers. They have begun to use manipulative means of guilt such as an article about those still sitting behind the shahid (meaning those who have not taken action and become martyrs) to chide those reading the magazine. They also have begun using the Muslima angle rather adroitly with the article by Umm Yahya which starts off stating that she would love to be a mujahideen and would gladly become shahid. It goes on to wind its way to exhort the other Muslima out there to urge their men to become jihadi’s and fulfill their greater destiny. It’s a sly way to get a synergy going with those true believers to act and it’s really the first time I have seen this out of the AQAP/Malahem machine. Overall I don’t believe that this will win hearts and minds that in turn will beget lone wolf actors but I cannot discount the odd whacknut who buys it hook, line, and sinker either. I guess it’s just the next wave in the jihadi propaganda war that will mostly be played out online… And that is just fine with me because it is still one that never will be won by AQ.
K.
Jihadi Sites Fall Down… Go Boom… Again.
3.22.12
Mohammed Merah, kills 7 people and plans on killing more but is cornered in his home. He is tracked by his IP address when he attempts to buy a scooter online. Merah holds up in his apartment for 30 hours before being killed in a gun battle. The French put out the word that they are going to crack down on Jihadi online content, or much more to the point, if they catch you looking they are going to arrest you.
The laws are still being haggled over.
3.23.12
On or about the 23rd of March, the sites that are usually monitored by certain people and organizations began to wink out of existence online. The sites started to have trouble then just went offline. It was obvious at the time for me and some others that these were not just the run of the mill DDoS attacks, but instead, the sites had been either RM’d offline by attackers or they had been yanked offline by the increasingly twitchy admins.
The sites stay down and are supplanted by the likes of As-Ansar for traffic, but basically, the boards go quiet… Paranoia builds.
3.27.12
Muhrad Hussein Almalki is arrested in Valencia Spain. He was the admin of “Ansar Al-Mujahedeen network” and praised Merah for his killings online. His online name is أمين المكتبة It is suspected that the librarian is in charge of more than one of the sites that eventually goes down.
4.3.12 to 4.5.12
On the 3rd of April, the domain for shamikh1 and its server is moved to a hosting service in the Caribbean. On the 5th of April the site comes up again. The admin sends out an email to all members:
السلام عليكم ورحمة الله وبركاته
بشرى سارة
عودة شبكة الجهاد العالمي
الإدارة
All of the data from the site is back online and it seems the backend has been cp’d elsewhere before the takedown occurred.
4.6.12
Some of the sites have returned like Shamikh others have not. Out of the 5 it seems that at least a couple are still down and others seem to be under attack in other areas. Almadad is now under attack it seems and is as of this looksee down.
Questions:
At first I thought that perhaps players within the patriot hacker movement may have been involved, and perhaps they did after all, but, it seems to me more so now that the timing of the events all point toward a concerted action by governments. The hacking of the sites likely was done via bad installs of the PHP and SQL installations on the boxes that the databases resided on. There must have been actionable intelligence on some actions that the AQ boys and girls were planning or, the powers that be decided it was time for an interruption. You see, at least one of the main sites is back and it would seem they are back in business pretty quickly. Of course they have had this happen in the past and have moved servers and domains quickly enough.
Now, the questions though are the following:
- Was this takedown the work of governments
- If it was government and the dbases are all back up as they were before… Then this means that they are compromised. They seem unchanged
- The admin’s were twitchy enough before with all of the attacks by the jokey’s of the world and other <REDACTED> things that happened. So how are they going to react now?
- If this was the patriot hacker movement, then why no bragging?
- Did DGSE have anything to do with this? They seemed pretty motivated given the chatter online post the Merah incident that they planned some actions soon in France
- Last time there was a big takedown, there was a large roll up of players soon after… Should we expect some more now?
Conclusions:
- I lean toward a government sanctioned action perhaps using those patriot hackers.. But more likely it was a group of “SPOOK” hackers
- The sites had been compromised for some time and the word was finally given by whatever government service/agency/power to pull the plug
- They knew the sites would return, it is possible that someone took over for the likes of the librarian but… One has to wonder if maybe shop has been set up as a honeypot
- If it’s not a honeypot, then it shows the resiliency of the movements within the technical area and that they can stand up a site fairly quickly and seem to have a DR program up
Interesting times indeed. I would keep an eye on the news for a couple of things…
- Some very specific drone strikes
- Arrests
- VERY jumpy admins of other sites.
K.
The Hezbullah Cyber Army: War In HYPERSPACE!
WAR! in HYPERSPACE: The Cyber Jihad!
A day or so ago, a story came out and made the rounds on the INFOSEC-O-Sphere about the Hezbullah Cyber Army The story, which was cub titled “Iranian Terror” was titled “Iranian Cyber-Jihadi Cells in America plot Destruction on the Net and in Reality” Which, would get all our collective attentions right? The story goes on to tell about the newly formed Cyber Army that will be waging all out war on the US and others in “Hyperspace”
Yes, that’s right, you read that correctly.. This guy Abbasi is either trying to be clever, or, this is some bad translation. Sooo… Hyperspace it is! Well, I have a new tag line for him…
“In hyperspace.. No one can hear you giggle”
At any rate, the whole idea of a Cyber Jihad or a Cyber Hizbullah is a notion that should not just be sloughed off as rhetoric. I do think that if the VEVAK are involved (and they would want a hand in this I am sure) they could in fact get some real talent and reign in the ranks to do some real damage down the road a piece I think. So, while I may be a little tongue in cheek here at the start of this post, I want you all to consider our current threatscape (*cough* SCADA etc) and consider the amount of nuisance they could be if they made a concerted effort with the likes of the HCARMY.
So, yeah, this could be an interesting development and it is surely one to keep our eyes on collectively… But.. Don’t exactly fear for your lives here ok? After all, my opinion still applies that the bugaboo of scada does not easily fit into the so called cyberwar unless it is effectively carried out with kinetic attacks and a lot of effort. Nope, if the HCA is going to do anything at all, it will be on the playing field of the following special warfare fronts;
- PSYOPS
- DISINFORMATION (PSYOPS)
- Support of terrorism (Hezbullah and others)
- INTEL OPS
Interview by IRNA with HCA
More than anything else though at the moment, the whole revealing of the HCA is more a publicity stunt than much else I think. For all of the talk in the US and other countries about mounting their own “Cyber Militia’s” it seems that Iran and Hezbullah wanted to get in on the ground floor..
Oh… Wait..
They forgot about the PLA and the Water Army!
DOH!
Oh well, sorry guys… Guess you will have to keep playing on that whole “HYPERSPACE WAR” angle to get your headlines huh? Besides, really, how much street cred is an organization like this anyway? So far I have been poking around all of their sites and find nothing (links or files) that would he helpful in teaching their “army” how to hack.
My guess.. This is kinda like putting out the inflatable tanks and planes for the Germans to bomb in place of the real ones.
The "About" Statement on HCA
Now.. Before You All Go Off Half Cocked (That means you Mass Media)
Meanwhile, I have seen the story that I linked up top scrawled all over the digital wall that is Twitter these last couple days. I am sure with everything that has been going on in Iran of late (i.e. the tendency for their bases to explode lately as well as their pulling another takeover of a consulate as well as spy roll ups) the media is salivating on this story because its juicy. It has it all really…
Cyberwar (hate that term)
HYPERSPACE!
Espionage
BOOGA BOOGA BOOGA We’re gonna activate our hackers inside your borders and attack your SCADA’s!
What’s the media not to love there?
HCA's YouTube Page Started in September
Well, let me set you all straight. This is piffle. This is Iran posturing and the proof thus far has been they have defaced a couple of sites with their logo.
THE HORROR!
This group has not even reached Anonymous standards yet! So relax.. Sit back… Watch the show. I am sure it will quickly devolve into an episode of the keystone cops really. They will make more propaganda videos for their YouTube, create a new Twitter account, and post more of their escapades on their two Facebook pages to let us all know when they have defaced another page!
… Because no one will notice unless they let us know…
Just The Persian Facts Ma’am
The real aegis here seems to be shown within the “about” statement for the group. Their primary goals seem to be to attack everyone who does not believe in their moral and religious doctrine. A translation of the statement rattles on about how the West are all foul non believers and that we are “pompous” Which really, kinda makes me think that the Iranian people, or at least this particular group, has a real inferiority complex going. More so though, it seems from the statement that they intend more of a propaganda and moral war against the west and anyone else they see fit than any kind of real threatening militant movement.
You know.. Like AQAP or AQ proper.. Or Jamaa Islamiya.
This is an ideological war and a weak rallying cry by a group funded by a government in its waning years trying to hold on to the digital snake that they cannot control forever. Frankly, I think that they are just going to run around defacing sites, claiming small victories, and trying to win over the real hackers within their country to their side of the issue.
Which… Well, I don’t think will play well. You see, for the most part, the younger set who know how to hack, already bypass the governments machinations and are a fair bit more cosmopolitan. Sorry Mamhoud, but the digital cat is already out of the bag and your recognition of this is too late. How long til the Arab Spring reaches into the heart of Tehran and all those would be hackers decide to work against you and your moral jihad?
Be afraid Mamhoud… khomeini…
All you really have is control temporarily.. You just have yet to realize it.
Tensions In The Region: Spooks & The Holiday Known as KABOOM
Now, back to the region and its current travails. I can see why this group was formed and rolled out in IRNA etc. Seems to me even with the roll up of the CIA operations there in Iran you guys still are being besot with problems that tend to explode.
- Wayward Trojan drones filled with plastique
- Nuclear scientists who are either being blown up or shot in the streets
- Nuclear facilities becoming riddled with malware that eats your centrifuges.
What You Should Really Worry About From All of This
My real fear though in all of this hoo ha out of the HCA is that VEVAK and Hezbullah will see fit to work with the other terrorist groups out there to make a reality of this whole “Cyber Jihad” thing. One of these factors might in fact be the embracing of AQ a bit more and egging them on in their own cyber jihad. So far the AQ kids have been behind on this but if you give them ideas AND support, then we have a problem I think. The ideal of hit and run terror attacks on infrastructure that the government and those in the INFOSEC community who have been wringing their hands over might come to pass.
HCA Propaganda Fixating on OWS
If the propaganda war heats up and gains traction, this could embolden others and with the support of Hezbullah (Iran) they could “try” to make another Anonymous style movement. Albeit I don’t think that they will be motivated as much by the moral and religious aspects that HCA puts out there as dictum. Maybe though, they will have the gravitational force enough to spin all of this off into the other jihadist movements.
“The enemy of my enemy is my friend”
If the HCA does pull off any real hacks though (say on infrastructure) then indeed they will get the attention they seek and more than likely give the idea to other movements out there to do the same.
AND that is what worries me.
Cinch Up That Seatbelt… It’s Gonna Be A Bumpy Ride
Finally, I think that things are just getting started in Iran and its about to get interesting. With all of the operations that seem to be going on in spook world (please don’t use PIZZA as a code word again mmkay?) and the Israeli’s feeling pressured by Tehran’s nuclear ambitions and rhetoric, I suspect something is about to give way. Add to this the chicken-hawks who want to be president (Herman I wanna touch your monkey) Caine and the others who have so recently been posturing like prima donna models on a runway over Iran and we have a disaster to come.
Oh.. and Bachmann.. *Shudder* Please remove her from the Intelligence committe!! That whole Pakistani nuclear AQ attacks thing was sooo not right!
PSSSSST BACHMANN they’re called SECRETS! (or, for your impaired and illiterate self SEKRETS) STFU ok?
OH.. Too late, now NATO is attacking into Pakistan…
It looks to me like the whole middle east is about to erupt like a pregnant festering boil and we are the nurse with the needs who has to pop it and duck.
So.. Uh yeah, sorry, got carried away there… I guess the take away is this; When you look at all the other stuff going on there, this alleged cyber army is laughable.
Yuk yuk yuk… You’re killin me Ahmed!
K.
OPERATION DarkNet: A Good Start… But There’s More to Do
“May thy knife chip and shatter.”
~Fremen Saying of ill will against an adversary~
OP Darknet:
I saw in the news that Anonymous (factions thereof) have decided to go after the paedophiles using the hidden wiki and the “DarkNet” for their purulent files. The hack on the Lolita City site was a success in that they got hold of user names and passwords. Due to the nature of the site and its being in the hidden wiki (DarkNet) it is tough to know exactly where the systems sit that house/host the content, but, it seems that through certain techniques using TTL, they pretty much have a good idea of where the server may sit in the continental US.
I applaud their efforts and I hope that my article on the DarkNet was in some way involved in getting them inspired to hit the paedo’s where it hurts. Either way, I think that this could just be the start of things though, and I would like to just lay some things out for you all to consider as you move forward.
Paedophiles:
First off, paedo’s are for wont of a better description, pathological in their desires and actions. However, they have gotten much more savvy to the Internet and like jiadhi’s, may in fact not be using their real names in some cases. Though, it seems from the reporting here that you all have found real names and links to facebook pages and the like? I would just like to caution you to vet your information well before you insist that someone is indeed trafficking in such material. For the most part though, if you get into the systems of such sites and you gain access to email addresses, be sure you go the extra step and do some foot printing and OSINT to get as much as you can on those addresses and end users. Often times I have found in the jihadi realm, these users tend to re-use ID’s in many places (as you likely have seen mentioned about you all as well in early posts of mine) that can be tracked and traced. With each post of data tying said email address to it, you can build a pretty good picture of a user and their habits.. And by proxy, perhaps their real identities.
Remember, these people are clinically ill, not just evil, so perhaps by placing yourselves in their heads a bit, you may also be able to predict their actions and gain some perspective on how to hunt them further.
The Darknet & P2P
The DarkNet is only the new anonymized space for these people. Did you know that they also have been trafficking in p2p’s set up as well for just this purpose? You might want to look within the DarkNet for hints or links to these sites as well. Usually from what I have heard in the LEO space, that they are invite only, but, I believe that since these people’s pattern is pretty much creating the smut and trading it amongst themselves, that you are likely to find links that will allow you more surface space to attack.
Best part about this vector of attack as well is that those servers/boxes are not anonymized. You locate them, you got them dead to rights. I’d say keep working both ends of this picture and you will do some good. Just be careful in accessing such content.
It is a crime even to access it.
Goals
So, is outing these people the only goal here? I suggest more than just dropping Pastebin dumps… In fact, I suggest you don’t dump them at all. You can allude to the fact that you have popped something and you have the data, but, I would suggest you set up cutout accounts and directly dump that data to the Feds or local LEO’s if you like where the servers/people are located. By dumping the data out in the open you give the paedo’s time to burn the evidence so to speak and potentially, you may be inhibiting the Feds from actually capturing and putting these people away.
Overall, I laud your work thus far in this respect, but I think there is more that could be done. If you want good press and good will, this is certainly a way to do it. You just have to work within the lines a bit.
Work smart and Keep it up. Perhaps the next one can be called Op Fedaykin
K.
AQAP and Al-Malahem Post 9.30.11
It seems that a drone/air attack in Yemen has taken out two key players in the AQAP and Al-Malahem Media organizations in the deaths of Anwar Al-Awlaki and Samir Khan. Awlaki, the American “cleric” who made his way to Yemen to be the spiritual and charismatic head of AQAP (Al Qaeda in the Arabian Peninsula) evidently was in close proximity (and makes sense given their org) to Samir Khan, former American as well, who became the creator and editor of “Inspire Magazine” and the Al-Malahim Media group. This one strike will place AQAP as an organisation as well as Al-Malahem, into a tail spin from losing their mouthpiece and their propagandist.
…And I am just fine with that.
Hey Adam.. You’re next pal.
It is interesting timing for all of this too as the “media jihad” as it was called in the last issue of Inspire, was for all intents and purposes, still just spinning up in many ways. Samir and Adam and others in their crew had just really been getting into the swing of being the media arm of AQAP with Inspire and the videos etc. They had been groping along on how to really carry all this out up till now, though, it seems like the last issue of Inspire was a haphazard and perhaps hurried issue? The content was thin and seemed to me like they had been otherwise occupied.. One wonders why… Perhaps their ranks were on the run? Today’s news might in fact be the end game to that puzzle huh?
In all though, I think that this will deal a great blow to AQ and AQAP’s media arm. We will be seeing less out of them and I am pretty sure that it will take some time for them to get others to take over the rolls who are adept at it. Most of all, there will likely be no other charismatic leader like Awlaki showing up soon. Ghadan is not all that and we have seen little of him lately, so I am assuming that they will be quiet for a while.
Time will tell.
Now, as to why this is REALLY important, well, as you saw in my analysis of the Inspire 7 issue, the “media jihad” is really their only way to resuscitate the jihad in many ways as I see it. They have been really trying to fight this recruitment battle on the internet with all their magazines, sites, and videos. Now, the real media wing that has been so prevalent in trying to create more Rezwan Ferdaus’ is now hurt pretty badly. Just as is the spiritual leadership (more rhetoric to me) of Awlaki was a beacon for the likes of Rezwan or someone else like the michiganmujahid who often writes about his hard on for Awlaki. So, my one real hope is that not only did we remove the problem of a couple of influential guys, but also cripple the media org at the same time.
Meanwhile, on another side note to this story… For anyone and everyone talking about the assassination of a US citizen, I would have you know this. He was no longer a citizen by my standards. He left the US, he joined AQAP in a lead roll, and he renounced his citizenship in videos on a couple occasions. So, no, we did not assassinate a US citizen. We instead assassinated a NON STATE actor in an action during a two front war.
End of story.
K.
Krypt3ia 