Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Iran’ Category

How a Russian Disinfo Op Ended Up On A Sticker On A Sign In Colorado

leave a comment »

I was recently passed the image above on a Twitter dm from someone who was out in their neighborhood and saw the sticker above on the back of a sign. The source tapped me to get a translation of the Arabic script above the CIA emblem. The translation of the script is the first part of the “Shahada” “There is no god but Allah” which is usually seen on the top of the Da’esh black flag you all may have seen prominently online and in the news over the last ten years.

In this case though, the intent of having the Shahada over the CIA emblem was odd for me. This is the first time I have seen this image and certainly so for the sender. This sticker is located in Colorado and after making some inquiries it seems to be an image that has been seen being pushed by Russian disinformation campaigns circa 2016-2017 concerning the Iranian/Saudi/Yemen dynamic ongoing still today. Where the CIA is brought in on this is that the Russian disinformation campaign started on RT (Russia Today). The story goes like this; The CIA sold or gave weapons to Saudi Arabia and were then turned over (unsure how) to Da’esh and the intonation is that there is complicity on the part of the US/CIA/Saudi in arming ISIS as a larger Zionist scheme to destabilize the region. Of course this should be something that should give us pause because the House of Saud has members who funded and perhaps worked with directly the 9/11 hijackers and Bin Laden. This is a kooky little disinfo plot but one that many buy into.

This of course may be the case, that the CIA put weapons into the hands of Saudi Arabia and they did in fact end up in the hands of Da’esh, but, the campaign by Russia here is to keep all of the players in the Middle East off balance while Russia plays all the angles in weapons sales, training, and having their pieces played on the board in the region. On top of this, the secondary play here is also to offer those who are conspiracy driven to also ask the question is there a deal between the Saudi’s and Israel to work against Iran as well.

Interestingly enough, the Iranians are prone as a society to conspiracy belief, so this plays well with them and foments more ire. If indeed the CIA is part of a Zionist scheme, well, they are all over that shit because Iran and Israel, well, don’t get along as you may well know. So, the image first shows up in 2016 on RT and then makes the rounds in certain circles. Fast forward to today, the image turns up in the form you see at the top of the page. The original version is the following image below.

The persistence of the image has been propagated further from the Qanon groups picking it up and passing it around as well as other conspiracy sites. That it has now turned up in a sticker in Colorado is what is more of a mystery though is who had this made? Was it just a one off? Are there more on offer online? Most of all, what is the intent here by the poster of the sticker? Is this just a random image pasted on a sign by someone or does that person really believe the disinformation that RT posted and is still being passed around today in certain quarters?

The meaning of the imagery can be read in a few ways. The first to me would be an indemnification of the CIA and the US government. The thought being that the CIA and the US government are in on perpetuating Da’esh and the wars in the region as a Zionist plot with the House of Saud. The imagery of this simply seems to equate the CIA to Da’esh. In fact, there is a conspiracy video (linked here) that says that John Brennan became a Muslim and that Da’esh is actually akin to a mind control program like Jonestown.

… Jonestown? Really? Claims are even made that Jim Jones was a CIA agent.

I shit you not.

Yes, the former intelligence analyst (alleged) in the video and the host makes these claims. Now there is some conspiracy for ya! So, back to the sticker. If more show up perhaps there is an issue here. If anyone out there see’s more of these let me know. At the very least this is just another example for you all on how RU disinformation reaches out from sources like RT, to the net, to physical stickers placed on signs in places. Of course this showing up now, as we are potentially going weapons hot on Iran post the Saudi refinery drone attacks may be a coincidence, but, it is rather on the nose timing wise.

Honestly, if Russia is pushing these narratives again, it would make sense in that they are trying to stir the pot post the Trump administration’s pulling out of the JCPOA and tensions rising of late in the Straight of Hormuz. Very interesting times indeed. So, if you see one of these stickers or you see the imagery being used feel free to send me a note or a DM. In the meantime, keep an eye on the news because I sense things are going to get hairy in the near future.

~K.

Written by Krypt3ia

2019/09/18 at 00:26

OilRig Games: Dumping IOC’s, Tools, and Deets on Iran

leave a comment »

NARRATIVE:

On March 26th 2019 an account on Telegram named  لب دوخته گان (sealed lips) “Labdookhtegan1″ began dropping details on OilRig aka Muddywaters APT group on Twitter. The data that this account dropped consisted of names, details of the actors allegedly behind OilRig/APT34, and screen shots and details of compromised systems and tools being used by Iran. Since March the actors involved in dropping the dime have gone on to create two darknet sites as well as three accounts on Telegram where they dropped much of the same data. The Telegram and the successive Dookhtegan1 account(s) on Twitter also put out a video with their announcement. The video consists of clips of President Obama making a speech much like the kind of thing you see in movies threatening someone using sound bytes.

 

Analytics on Dookhtegan:

  • Dookhtegan لب دوخته گان “sealed lips” as an image and a maxim was the creation of Mehdy Kavousi, an Iranian immigrant in the Netherlands who is protesting immigrant deportations. The image is famous and literally shows Mehdy with lips sewn together in protest.
  • The original photo has been shopped by many including the actors here creating these accounts and dropping data
  • Dookhtegan is only one of many accounts
    • labdookhtegan
    • labdookhtegan1
    • Green_leaks
    • Green_Leakers
    • Bl4ck_B0x

  • The data drops all included Farsi commentary as well as English
  • The backstopping of the data is tied to actual compromised system addresses and files of malware
  • Interestingly, the translations of Farsi to English seem to imply that the writer is not a native speaker of Farsi

 

DATA DROPPED:

The data dropped by these guys is rather splashy. They have named names of at least six guys and two companies in Iran they claim are part of MOIS/IRGC actor group

  • Omid_Palvayeh
  • alireza_ebrahimi
  • mohamad masoomi
  • saeid shahrab
  • taha mahdi tavakoli
  • Noorsec —>Sec Company
  • Rahacrop –> Sec Company/School

All of the actors dossiers are included in my zipped drop below for you all to oggle. OSINT on these guys may come later but for now I am kinda meh, they are blown.

FILES DROPPED:

Labdookhtegan1 dropped many files as proofs of their work and outing of the IRGC. These included such things as passwords to compromised systems, tools they used, and other proofs to show IRGC activities on the following places of interest (see list pictured) The targets pretty much show activities in the middle east and areas that the IRGC would like to attack. Of course I am not seeing any US assets nor other areas, which, is rather interesting no? More on this in the context and timing section below….

I am currently looking at the technical tools and may have an update later on with tech details but for now, be happy with Uncle Krypt3ia’s gift of all the files and dox in one zip!

Tools, Techniques, and Assets

CONTEXT OF TIMING:

Right! So, the timing of these drops is rather convenient for the US huh? I mean, even as we speak Donny and his mustachioed pal Bolty are looking to maybe attack Iran for whatever reasons they have. The actors here try to make a case that perhaps they are in fact Turks, but I am kinda not buying that at all and the touches with “sealed lips” aka Mehdy Kavousi is also a nod toward some sympathy for Iranian immigrant feelings on deportation and feeling silenced. This too I am not buying, so once again that brings us back to the whole idea of “Cui Bono” and for me who really benefits here on so many levels would be America and the NSA perhaps or CyberCOMMAND?

So picture this… We decide to drop dox and TTP’s on Iran in the REGION as a means to blow IRGC out of the water and re-tool as we are ramping up for maybe some action in the region and we need, oh, let’s say, a receptive audience(s) in said region to help us were we to get kinetic with Iran. How’s that play for you all? It certainly plays for me. This is a stick that likely is dual edged and wins for us in my opinion. After all, the IRGC is in the regions playing their games as always, but the skinny recently is that IRGC messaged all their proxies and took them off the leash, and more to the point, in Iraq.

Think about that kids….

Say, didn’t we just pull out all our State folks from Iraq?

Why yes we did… Gee… WHO KNEW?!?!

Ponder that.

ASSESSMENT:

Overall these are interesting times and if you are in the game here and want to have all the fun bits, download the zip file with all the things. You’re welcome. I am glad to put it all in one place for you to have instead of playing games with all the companies out there trying to get you to buy their content while hiding the good shit behind a paywall. My assessment is this, that the players have been exposed, the companies they work for have been blown, and we all likely have much more to dig into now and coming soon. In fact a little birdie told me about a new dump this morning (yes it is in the zip file) so WHEEEEEEE!

Watch Iran and the region… I have a bad feeling.

K.

 

PS! I almost forgot.. I found some of the malware online in VT/Hybrid

https://app.any.run/tasks/a74d0d54-a996-4ae0-979f-675bbdd3bbad/

https://app.any.run/tasks/69ad1f9f-9dc4-475e-8762-b31283f314f1/

https://www.hybrid-analysis.com/sample/3c0c58d4b9eefea56e2f7be3f07cdb73e659b4db688bfbf9eacd96ba5ab2dfe5/5cdabffa028838cc0ea26b0a

Enjoy!

PPS! Almost forgot.. These cats even created a LinkedIN page for one of the burned!

Screenshot from 2019-05-09 10-29-37

*giggle*

Written by Krypt3ia

2019/05/16 at 14:03

Posted in APT, APT34, Infowar, Iran, OilRig

ASSESSMENT: PARASTOO/DarkPassenger

leave a comment »

Screenshot from 2014-01-28 14:33:15

PARASTOO پرستو :

I got a tweet today about some data sitting on cryptome.org that got me thinking about this “group” again so I did some more digging online on them (him) The name of the “group” is Parastoo (پرستو Farsi) which means Swallow or bird. In the last year this guy (yes I think it’s literally one deranged person) had been active on at least two .ir sites that dealt with security and hacking and then started his own domains to ostensibly carry out cyber war against Israel and attempt to leverage the IAEA and others. So far all of the alleged hacks and data dumps that I have seen have not impressed and the data itself seems to be from systems that they “think” are important but in reality they are not. Specifically of late there are threats concerning CIA plots and diatribes that read like Lulzsec on methamphetamine and Ketamine at the same time. This guy really has quite the beautiful and large tinfoil hat and he wants us all to know about it in no uncertain terms. It is interesting to read between the lines in a stylographic way how the writer here seems to be molding their communiques in the manner of Zodiac. with a third person approach that intones more than one person and that this is a group. By using “Parastoo is speaking” they come very close to the “This is Zodiac Speaking” which attempted to portray power and induce fear. It is also interesting to note the language used in the emails is of a nature that implies a good grasp of English as well as a flare for the overly dramatic which does not lend credence to the threats that they imply. In fact the reading I take away, and seemingly the press as well, is that of someone either trying too hard to be Anonymous or smacks of outright trolling.

Screenshot from 2014-01-28 16:43:37

zletter1

DarkPassenger:

Screenshot from 2014-01-28 15:35:21

In tracing the domains for parastoo.ir and hacker4hire.ir I came across a defunct site (RCE.ir) which was a PHBB site that is now offline live but is archived in a couple of places as well as Google caches. When searches for “Parastoo” were used a clear link to a user on the RCE.ir site came up and that user was “DarkPassenger” who posted often on the site not only about hacking tutorials, tools, and the like but also dropped many links to government sites in the US and talked about conspiratorial things in nearly every posting. The DarkPassenger’s favorite saying or ahorism in each posting was “de nobis ipsis silemus” which is taken from the Baconian epigraph to the first Critique and translates to “on ourselves we are silent” which is ironic for all the commentary that DarkPassenger is putting out there that speaks to his state of mind. The DarkPassenger is also a fan of TV and movies and can be tracked to other .ir sites but generally from the first searches, does not have a lot out there under this account name to go much further (at present writing) to say who he may be in real life. DarkPassenger though does seem to have quite a bit of time on his hands and some technical capabilities though. Much of the data however that he and Parastoo post though is really just OSINT that anyone capable could carry out. In fact in one post (DP) talks about OSINT while laying out informatics on a military organizations email addresses and contact list so he is in fact versed in the ways of OSINT collection. A key factor to the link I am making between the Parastoo and DP is that he uses the “EXPECT US” cutline in many of his posts as well and seems rather enamoured with the idea that he is in fact an Anon and that bent of conspiracy and overarching plots infuses the majority of his postings online.

Parasatoo.ir, hacker4hire.ir & RCE.ir:

Screenshot from 2014-01-28 15:32:45

Screenshot from 2014-01-28 17:16:02

Screenshot from 2014-01-28 17:16:45

Screenshot from 2014-01-28 17:17:07

Screenshot from 2014-01-28 17:25:27

The postings claiming hacks as well as those that rave on claim that DP had set up a couple domains for “attacks” on the outside world from the .ir domain. These domains are registered by what I assume is a cutout name of zohre sajadian which coincidentally was also used for the RCE.ir site. All sites are currently down and in fact I cannot locate any content for the hacker4hire.ir nor the parastoo.ir sites respectively. The only one that did have active content for a while was the RCE.ir address. This site was up for quite some time but was insecure and much of the content was not that interesting. It is of note though that the domain registrations all line up as well as there seems to be some overlap in email hosting between a .ru address and the chmail.ir site (that address is verified as being real)The information for the address as well as the name of the holder seems to be just made up. In fact the address cannot exist because there is no intersection for Felestin Street with Johmoori. A cursory look at the name used of Zohre Sajadian also comes up with some hits but they seem to be un-related at this time to the sites and their registration so mostly this is a dead end I think.

Alleged Hacks & Anonymous Rhetoric:

Screenshot from 2014-01-28 17:43:41

 

Screenshot from 2014-01-28 17:45:54

So far in my searching I have not found too much out there to support any large hacks of data or dumps thereof that show this “group” has done what they claim they have overall. Aside from news stories (few in fact) that claim Parastoo made off with “sensitive” information on nuclear systems and facilities. However the data that they claim to have taken and was admitted to by IHS Inc. is all of a nature that can be purchased from the web or has been published already in the past. The only real sensitive information that has been possibly breached was credit card information that may have resided on those servers that were compromised. So while the Parastoo makes grandiose claims of important hacks and data leaks, thus far, when really investigated they have yet to make a major hit on anything of real import. Since the sites have gone dormant or offline as well it has yet to be determined what else they may be working on or have compromised but if you look at the rhetoric from their pastebin posts as well as the alleged emails on Cryptome one becomes a bit jaundiced and must take everything they say with a large grain of salt. Another factor to remember that even with the drawings like the one at the top of this post are often available to anyone on the internet either by insecure or misconfigured servers or in fact the data is meant to be open to the public. This is a paradigm I have learned about recently in looking into the OSINT on nuclear facilities and systems. So these dumps of information are not what the attackers think they are because they are unacquainted with the data and it’s secrecy or lack thereof.

ANALYSIS:

The final analysis of the “Parastoo” group is that in reality it is at least one person (DarkPassenger) who wants to make a statement on Israel and nukes with a fixation on IAEA and DOE. While some pastes in the pastebin list seem to have actual data from systems that are externally facing to the internet (DOE for one) the majority of the data seems to be half understood misinformation being spewed to garner attention. As the Anonymous model has been let out of the bottle so to speak post Lulzsec, there are many who would aspire to their level of reputation and attention and these dumps are an attempt to attract it. Of course the problem with the Anonymous model of operation is that anyone can take on the mantle and claim to be an Anon or a group of them to effect whatever outcome they seek (mostly attention) so it is oftentimes hard to take groups like this seiously until such time as they dump hard data onto the internet for all to see. In the case of Parastoo none of this is evident and as such I categorize (him/them) as a non threat actor on the larger stage of geopolitics and information warfare at this time.

K

Written by Krypt3ia

2014/01/28 at 22:54

Malware Wars!… Cyber-Wars!.. Cyber-Espionage-Wars! OH MY

with 2 comments

X

Flame, DuQU, STUXNET, and now GAUSS:

Well, it was bound to happen and it finally did, a third variant of malware that is ostensibly connected to the story that Mikko Hypponen posted about after an email he got from a nuclear scientist in Iran has come to pass as true. The email claimed that a new piece of malware was playing AC/DC “Thunderstruck” at late hours on systems it had infected within the labs in Iran. I took this with a grain of salt and had some discussions with Mikko about it offline, he confirmed that the email came ostensibly from a known quantity in the AEOI and we left it at that, its unsubstantiated. Low and behold a week or two later and here we are with Eugene tweeting to the world that “GAUSS” is out there and has been since about 2011.

Gauss it seems had many functions and some of them are still unknown because there is an encryption around the payload that has yet to be cracked by anyone. Eugene has asked for a crowd sourced solution to that and I am sure that eventually someone will come out with the key and we will once again peer into the mind of these coders with a penchant for science and celestial mechanics. It seems from the data provided thus far from the reverse R&D that it is indeed the same folks doing the work with the same framework and foibles, and thus, it is again easily tied back to the US and Israel (allegedly per the mouthiness of Joe F-Bomb Veep) and that it is once again a weapon against the whole of the middle east with a decided targeting of Lebanon this time around. Which is an interesting target all the more since there has been some interesting financial news of late concerning banks and terror funding, but I digress…

I am sure many of you out there are already familiar with the technology of the malware so I am leaving all of that out here for perhaps another day. No, what I want to talk about is the larger paradigm here concerning the sandbox, espionage, warfare, and the infamous if not poorly named “CyberWar” going on as it becomes more and more apparent in scope. All of which seems to be centered on using massive malware schemes to hoover data as well as pull the trigger when necessary on periodic digital attacks on infrastructure. Something that truly has not been seen before Stuxnet and seems to only have geometrically progressed since Langer et al let the cat out of the bag on it.

Malware Wars:

Generally, in the information security sector, when I explain the prevalence of malware today I often go back to the beginning of the Morris worm. I explain the nature of early virus’ and how they were rather playful. I also explain that once the digital crime area became profitable and firewalls became a standard appliance in the network environment, the bad actors had to pivot to generally tunnel their data from the inside out home through such things as a firewall. This always seems to make sense to those I explain it to and today it is the norm. Malware, and the use of zero day as well as SE exploits to get the user to install software is the the way to go. It’s a form of digital judo really, using the opponents strength against them by finding their fulcrum weakness.

And so, it was only natural that the espionage groups of the world would turn to malware as the main means of gaining access to information that usually would take a human asset and a lot of time. By leveraging human nature and software flaws it has been a big win for some time now. I was actually amused that Henry Crumpton in the “Art of Intelligence” talks about how the CIA became a very early adopter of the network centric style of warfare. I imagine that some of the early malware out there used by spooks to steal from unprotected networks was CIA in origin and in fact that today’s Gauss probably has some relatives out there we have yet to see by people who have been doing this for some time now and we, the general public had no idea.

Times change though, and it seems that Eugene’s infrastructure for collecting data is creating a very wide dragnet for his people to find these infections and then reverse them. As we move forward expect to see more of these pop up, and surely soon, these will not just be US/UK/IL based attempts. Soon I think we will see the outsourced and insourced products of the likes of Iran and other nation states.. Perhaps we already have seen them, well, people like Mikko and Eugene may have at least. Who knows, maybe someday I will find something rooting about my network huh? Suffice to say, that this is just the beginning folks so get used to it.. And get used to seeing Eugene’s face and name popping up all over the place as well.. Superior showman that he is.

An Interesting Week of News About Lebanon and Bankers:

Meanwhile, I think it very telling and interesting as we see the scope of these malware attacks opening up, that not only one or two countries were targeted, but pretty much the whole of the Middle East as well. Seems its an equal opportunity thing, of course the malware never can quite be trusted to stay within the network or systems that it was meant for can we? There will always be spillage and potential for leaks that might tip off the opposition that its there. In the case of Gauss, it seems to have been targeted more at Lebanon, but, it may have been just one state out of a few it was really meant for. In the case of Lebanon though, and the fact that this piece of malware was also set to steal banking data from that area, one has to look on in wonder about the recent events surrounding HSBC.

Obviously this module was meant to be used either to just collect intelligence on banking going on as well as possibly a means to leverage those accounts in ways as yet undetermined by the rest of us. Only the makers and operators really know what the intent was there, but, one can extrapolate a bit. As terror finances go, the Middle East is the hotbed, so any intelligence on movement of money could be used in that light just as well as other ways to track the finances of criminal, geopolitical, and economic decisions being made there. Whether it be corporations or governmental bodies, this kind of intelligence would be highly prized and I can see why they would install that feature on Gauss.

All of this though, so close to the revelations of HSBC has me thinking about what else we might see coming down the pike soon on this front as well. Cur off the funding activities, and you make it much harder to conduct terrorism huh? Keep your eyes open.. You may see some interesting things happening soon, especially given that the Gauss is out of the bag now too. Operations will likely have to roll up a bit quicker.

Espionage vs. Sabotage vs. Overt Warfare of Cyber-Warfare:

Recently I have been working on some presentation stuff with someone on the whole cyberwar paradigm and this week just blew the lid off the whole debate again for me. The question as well as the rancor I have over the term “Cyberwar” has been going on some time now and in this instance as well as Stuxnet and Flame and DuQu, can we term it as cyberwar? Is this instead solely espionage? What about the elements of sabotage we saw in Stuxnet that caused actual kinetic reactions? Is that cyberwar? If there is no real war declared what do you term it other than sabotage within the confines of espionage and statecraft?

Then there is the whole issue of the use of “Cold War” to describe the whole effect of these operations. Now we have a possible cold war between those states like Iran who are now coding their own malware to attack our systems and to sabotage things to make our lives harder. Is that a war? A type of war? All of these questions are being bandied about all the while we are obviously prosecuting said war in theater as I write this. I personally am at a loss to say exactly what it is or what to term it really. Neither does the DoD at this point as they are still working on doctrine to put out there for the warriors to follow. Is there a need for prosecuting this war? It would seem that the US and others working with them seem to think so. I for one can understand the desire to and the hubris to actually do it.

Hubris though, has a funny way of coming back on you in spectacular blowback. This is my greatest fear and seemingly others, however, we still have a country and a government that is flailing about *cough the Senate cough* unable to do anything constructive to protect our own infrastructure even at a low level. So, i would think twice about the scenarios of actually leaking statements of “we did it” so quickly even if you perceive that the opposition has no current ability to strike back.. Cuz soon enough they will. It certainly won’t be a grand scale attack on our grid or telco when it does happen, but, we will likely see pockets of trouble and Iran or others will pop up with a smile, waving, and saying “HA HA!” when it does occur.

The Sandbox and The Wars We Are Prosecuting There by Malware Proxy:

Back to the Middle East though… We have been entrenched in there for so so long. Growing up I regularly watched the news reports about Lebanon and Israel, Iran and the hostages, Iraq, Saddam, Russian Proxy wars via terrorism, Ghadaffi and his ambitions as well as terror plots (which also hit close to home with the Lockerbee bombing) You kids today might think this is all new, but let me tell you, this has been going on for a long long time. One might even say thousands of years (Mecca anyone? Crusades?) So, it’s little wonder then that this would all be focused on the Med.

We are conducting proxy wars not only because of 9/11 but also economic and energy reasons as well. You want a good taste of that? Take a look at “Three Days of the Condor” a movie about a fictional “reader” for the CIA who stumbles on to a plan to disrupt governments in the Middle East to affect oil prices and access. For every person that said the Iraq war and Afghanistan wasn’t about oil, I say to them look at the bigger picture. There are echoes there of control and access that you cannot ignore. Frankly, if there wasn’t oil and money in the region, I think we would have quite a different story to look on as regards our implementing our forces there.

So, with that in mind, and with terrorism and nuclear ambitions (Iran) look at the malware targeting going on. Look at all of the nascent “Arab Springs” going on (albeit really, these are not springs, these are uprisings) we have peoples who want not to live under oppressive regimes not just because they aren’t free to buy an iPhone or surf porn, but they are also oppressed tribes or sects that no longer wish to be abused. All of this though, all of the fighting and insurgency upsets the very delicate balance that is the Middle East. Something that we in the US for our part, have been trying to cultivate (stability) even if that stability came from another strongman that we really don’t care for, but, who will work with us in trade and positional relevance to other states.

In goes the malware.. Not only to see what’s going on, but also to stop things from happening. These areas can be notoriously hard to have HUMINT in and its just easier to send in malware and rely on human nature to have a larger boon in intelligence than to try and recruit people to spy. It’s as simple as that. Hear that sucking sound? That’s all their data going to a server in Virginia. In the eyes of the services and the government, this is clearly the rights means to the ends they desire.

We Have Many Tigers by The Tail and I Expect Blowback:

Like I said before though, blowback has a nasty habit of boomeranging and here we have multiple states to deal with. Sure, not all of them has the ability to strike back at us in kind, but, as you have seen in Bulgaria, the Iranians just decided to go with their usual Hezbollah proxy war of terrorism. Others may do the same, or, they may bide their time and start hiring coders on the internet. Maybe they will hire out of Russia, or China perhaps. Hell, it’s all for sale now in the net right? The problem overall is that since we claimed the Iran attack at Natanz, we now are not only the big boy on the block, we are now the go to to be blamed for anything. Even if we say we didn’t do it, who’s gonna really believe us?

The cyber-genie is out of the cyber-bottle.

Then, this week we saw something new occur. A PSYOP, albeit a bad one, was perpetrated by the Assad regime it seems. Reuters was hacked and stories tweeted/placed on the net about how the rebel forces in Aleppo had cut and run. It was an interesting idea, but, it was ineffective for a number of reasons. The crux though is that Reuters saw it and immediately said it was false. So, no one really believed the stories. However, a more subtle approach at PSYOPS or DISINFO campaigns is likely in the offing for the near future I’d think. Surely we have been doing this for a while against them, whether it be in the news cycles or more subtle sock puppets online in social media sites like Twitter or Facebook. The US has been doing this for a long time and is well practiced. Syria though, not so much.

I have mentioned the other events above, but here are some links to stories for you to read up on it…

  • PSYOPS Operations by the nascent Syrian cyber warfare units on Reuters
  • Hezbollah’s attack in Bulgaria (bus bombing) in response to STUXNET and other machinations
  • Ostensible output of INTEL from Gauss that may have gotten HSBC in trouble and others to come (Terrorism funding and money laundering)

All in all though, I’d have to say that once the players become more sophisticated, we may in fact see some attacks against us that might work. Albeit those attacks will not be the “Cyber Pearl Harbor” that Dr. Cyberlove would like you to be afraid of. Politically too, there will be blowback from the Middle East now. I am sure that even after Wikileaks cables dump, the governments of the Med thought at least they could foresee what the US was up to and have a modicum of statecraft occur. Now though, I think we have pissed in the pool a bit too much and only have ourselves to blame with the shit hits the fan and we don’t have that many friends any more to rely on.

It’s a delicate balance.. #shutupeugene

Pandora’s Box Has Been Opened:

In the end, we have opened Pandora’s box and there is no way to get that which has escaped back into it. We have given the weapon framework away due to the nature of the carrier. Even if Gauss is encrypted, it will be broken and then what? Unlike traditional weapons that destroy themselves, the malware we have sent can be easily reverse engineered. It will give ideas to those wishing to create better versions and they will be turned on us in targeted and wide fashions to wreak as much digital havoc as possible. Unfortunately, you and I my friends are the collateral damage here, as we all depend on the systems that these types of malware insert themselves into and manipulate.

It is certainly evident as I stated above, our government here in the US is unable to come up with reasonable means to protect our systems. Systems that they do not own, Hell, the internet itself is not a government run or owned entity either, and yet they want to have an executive ability to shut it down? This alone shows you the problem of their thinking processes. They then decide to open the box and release the malware genie anyway… It’s all kind of scary when you think about it. If this is hard to concieve, lets put it in terms of biological weapons.. Weapons systems that have been banned since Nixon was in office.

The allusion should be quite easy to understand. Especially since malware was originally termed “Virus” There is a direct analogy there. Anyway, here’s the crux of it all. Just like bioweapons, digital “bioware” for lack of a better term, also cannot be controlled once let into the environment. Things mutate, whether at the hand of people or systems, things will not be contained within the intended victims. They will escape (as did all the malware we have seen) and will tend to have unforeseen consequences. God forbid we start really working on polymorphics again huh? If the circumstances are right, then, we could have a problem.

Will we eventually have to have another treaty ban on malware of this kind?

Time will tell.. Until then, we all will just be along for the cyberwar ride I guess. We seem to be steadily marching toward the “cyberwar” everyone is talking about… determined really to prosecute it… But will it get us anywhere?

K.

The RQ170 Affair: Spoofing, Jamming, and The GBAS (Ground Base Augmentation System)

with 13 comments

The RQ-170 Affair and GPS Spoofing Claims

So, there has been a lot of supposition on the blogs and in the news about just how our wayward RQ170 drone ended up pretty much intact and in the hands of the Iranians. In looking at all of the posts online and in the news as well as talking to a knowledgeable source or two, I decided to attempt a little OSINT on the issue and I think I have come up with some more tidbits for everyone to think about. I believe that there is a middle road here to be tread on just how this happened and I would like to think that the potential for such an attack on a drone like this would be hard to pull off, AND that the military and Lockheed had taken into account such attacks before deploying things into the field..

But, we all know mistakes are made and hubris abounds.

So, here we go…

The Potential for GPS Spoofing on Military Systems

After the RQ went missing, and subsequently showed up in Iranian hands, the Military began saying that there was just a “malfunction” however, the malfunction had to have been system wide and epic after seeing the images of the RQ170 intact. You see, there is a self destruct as well as other interesting features on this bird, and if that failed then there had to be a large systems failure, but the question then became why was the RQ still intact? If the systems had failed completely, should not the RQ be in pieces at the very least from falling out of the sky?

After a week or so, a report came out of Iran from a “source” that claimed the RQ had in fact been brought down and landed without incident through a GPS attack on a flaw in the system. This type of attack had been talked about before and it was possible per empirical testing that a GPS system, even a Military one, could in fact be subjected to attacks that would confuse the GPS system into believing it was elsewhere other than it’s real current position. So, the precedent is there, even though the Mil systems would take a bit more effort, it was in fact possible to the right people with the right technology and know how.

So, once again, the possibility is there and we had a drone in the neighborhood… Did they indeed “spoof” the signals?

If then how?

The GBAS and DGPS 1kw System from Fajr Industries

Once I decided to look into this further, I got into the mindset of “If I were Iranian and wanted to know about spoofing GPS, I might in fact talk about it online” Well sure enough, with a few well placed Google searches I was able to come up with the following links and people doing the research:

Azimi Alikhani abedi1386@yahoo.com 

Farshad Somayehee  farshad_somayehee@yahoo.com

Audiovisualtalk.com discussion on home brew (open source) GPS and Military Systems

GPS Augmentation PowerPoint and Reference to Spoofing

It seems that Farshad and Azimi have been working on an analogous project for Iran that also could possibly be used as a launch pad for a spoof attack. The documents (pdf files and Powerpoint) show a program to “augment” the GPS environment in Iran by placing base stations with the Fajr GPS (GBAS) network/hardware in specific sites throughout the country to ostensibly help with aircraft navigation. However, even in their presentation, they mention the possiblity of spoofing and though I don’t have a great translation as yet of the Persian (soon I hope) it seems as though they brought this up as either a potential issue or, as a potential boon to the implementation of the system.

Though, to me, it seems that having such a network of broadcast sites out in the desert one might be able to overpower and spoof the signal of a GPS system in flight on a drone over Iranian airspace makes it all the more possible. You see, the basis of this attack is to overpower the signals from the satellite and make the on board system think it is elsewhere via data lag. If you look at the proposed and existing sites in the PowerPoint, you can get an idea of the scope of the project.

Mind you, this all was started in 2004 and the PowerPoint was last updated in 2007.. So, this has been ongoing for a while. A while that we have also been starting to use the drones more and more coincidentally.

Kvant 1L222 Avtobaza Electronic Intelligence (ELINT) system and The RQ170

Meanwhile, the reports that are circulating on the net and in the news also remark on the fact that Iran recently took possession of some 1L222 Avtobaza ELINT trucks. These may in fact have had some part in this process as well, however, it is rather sketchy at this time to say whether or not the Avtobaza has been moded to work in the satellite ranges as opposed to its main function as a radar jamming station and RF intelligence gathering tool.

So, I can’t say for sure, but it is also possible but I am leaning toward the home brew that Azimi and Farshad worked on as the more possible, with mods, to actually pull off an attack on an “M-code” system. I had been leaning toward the Avtobaza before, but after all my searches and what I found, I have to back off that idea a bit. The fact though, that they have this technology means too that future drones will have to be careful in Iranian airspace as well as all of the border states need to be careful as this system can jam their radar systems and allow attacks potentially to have a leg up.

Hypothesis, Supposition, and Educated Guesses

Overall, even these finds only paint a picture of supposition and educated guesses. What we have is a missing drone that seems to be intact and failed to do everything it was programmed to do (self destruct etc) and yet landed intact. Without an attack that is now becoming more plausible (GPS spoof) how do we explain it all? Certainly Lockheed, the CIA, and the Military won’t be telling us all anytime soon will they? The fact that the Iranian’s started off with just saying they had hacked it, then letting loose with the technician (un-named) saying that it was easy enough with a GPS spoof kind of leads me to believe on this account, they are telling the truth.

… And doesn’t that make us look foolish huh?

It seems that generally the West thinks that Iran is not competent enough to pull off certain kinds of things and would like to write this off…

I would instead beg this question;

“If tey are so lacking competence, then we are we whacking their scientists and worried that they are working on a nuclear weapons program that may bear fruit soon?”

In my book, they scored one on us… Now I just hope that the Military and Lockheed learn from this as well as the other incident with AQ and unencrypted Predator feeds and fix the problems before they launch more advanced drones in country.

K.

Written by Krypt3ia

2011/12/18 at 20:40

Posted in Iran, RQ170

La Amenaza de Irani

with one comment

La Amenaza De Irani (trans: The Iranian Threat or The Iranian Menace)

YouTube Video Part 1-4

A recent investigative report carried out by Univision (Television de Espanol) released this month has some pretty powerful footage showing an undercover operation that sent college students to propose cyber attacks on the U.S. to the Iranian ambassador in Mexico. Ambassador Mohammad Hassan Ghadiri was approached with  hidden cameras and talks were held to discuss the potential for state sponsored (by proxy of Hezbollah) attack on the White House, FBI, CIA, and nuclear power plant systems within the United States. The footage in the report clearly shows the ambassador talking about these topics and also asking about how to further this by making certain contacts.

Now, of course this whole story is sensational and of course the Ambassador could just as easily say that he was leading them on to get an in on those who would like to attack the US to use in other ways, not necessarily that he was actually plotting against the US. Though, the likelihood is that the Ambassador was playing along in hopes that perhaps the Mexican students could be used as a proxy against the US and thus keep his hands clean.. A win win for Iran and himself really. However, there is a bigger story here than just the plot as laid out by the college student to the ambassador and his interest as well as the interest of the Venezuelan officials also caught on camera accepting the plans from the Mexican students.

The bigger and ongoing story is that of the connections between Iran and various countries in South America and their use of cocaine trafficking to further their agenda’s world wide as well as focused on the US. The report goes on to cite others in the US and in the various governments in South America laying out the framework for a bigger picture on Hezbollah, narco-trafficking, and the potential for the semi porous border between the US and Mexico to be used to infiltrate Islamic terrorists (Hezbollah and others potentially) into the Unites States. The report cites as well that there are connections between mosques and training camps in Venezuela that also get support from the aforementioned narco-trafficking.

To me, it looks like what went on in the 80’s with Communism and terrorist groups in South America has now been supplanted with Iran and extremist Muslim thought and this is something we should be aware of. I am sure that the government and the agencies have been for some time, but this has not really been in the public eye until now, and even then, I am not seeing too much being made of this in the media as yet. The most the media has been talking about has been the fact that there was a plan for a cyber attack on the US infrastructure, but, like the media does each and every time, they seem to fail to grasp the smaller issues that are more important than an alleged plan for a “cyberwar”

Iran, the Nuclear Plot, and Reality (Hezbullah Cyber Army)

The actual “plans” given by the college students to Ghadiri were not shown or elaborated on in the Univision report, however, one can assume that they included the STUXNET type attacks that hit Natanz but also perhaps denial of service attacks as well on the FBI, CIA, and White House. Since there is nothing really to work with on this, I cannot say for sure, but, one need only look toward the “Hizbullah Cyber Army” that Iran recently unveiled to see where their ambitions lie after being spanked so well by Stuxnet and whoever carried it out. No doubt though, the Iranians would seek to welcome the likes of the Mexican hacker community to their effort as the Mexicans have had a track record with regard to hacking and digital scams in the past.

Once again though, I would like to see people have the realistic reporting that there was no real cyber plot, but instead that this was the entre into the Hezbollah by offering such a plan or plans… Let’s not let the media run with this cyberwar angle ok?

The plans that the college students passed to Ghadiri also included talk of EMP attacks as well as cyber attacks against infrastructure. The EMP attacks are of interest in that they could be carried out by missile launches. Launches that could come from sites that Iran and Venezuela have allegedly talked about having in place in country. So far as I am aware, the only real way that an EMP of worth, could be carried out by such as Iran would have to be a high altitude detonation of a nuclear device. Which means that Iran really probably does plan on having nuclear weapons as opposed to their claims that they only want to have nuclear power for the country.

Frankly though, I do not see that the plan and this report should just be seen as a cyberwar piece. This all begs much larger conventional questions about the moves that Iran has been making in South America and now Mexico.

Iran and South America

Hugo Chavez has been getting closer and closer with Iran for some time now. Venezuela and Iran have forged close ties and much of their work together has been over more than just domestic and financial issues. It seems from the Univision report, that also the two have been working together on Nuclear programs. Iran has been working with Venezuela on plants there and I am sure that Venezuela has likely been acting as a cutout for certain things that the Iranians would like to have (i.e. perhaps as a go between for parts etc, that Iran cannot get due to sanctions) So I am sure it is a beneficial relationship that Mahmoud and Hugo have, but there are other things under the crust that one has to take into account.

Proximity is one issue that I know has been spoken of before and it has to be discussed again. There has been talk in the past of Iran and Hugo’s desire to have a set of missile bases in Venezuela that could easily launch missiles at the US. With the Iranian technology that they have, they could in fact put in sites that, much like the Cuban affair back in the 60’s, cause great consternation for us all. I have heard in the past that there was talk of this between the two countries and heads of state, but, now it seems that perhaps we should be more wary that perhaps there are some sites or portables that Iran may have slipped to ol’ Hugo.

However, the other issues brought up by the report from Univision do take some precedence today. The proxy war of using the Narco gangs to train Islamist terrorists is not a new one by any means, but, seems to be bearing fruit now. For some time the terrorists and narco traffickers have been getting closer because their needs can be fulfilled by both working together. Much of this also is being backed up (allegedly) by the Univision reporters who now also claim to have hours of tape on Muslim jihadists training with the drug smugglers on tactics in training camps tucked away in South America.

Though, the real relationship to me, is that the drug gangs are being used as proxies for Iran’s and only for Iran’s benefit.. They simply are pawns in a bigger game of global Stratego that Iran wants to play. They are also all being played by Hugo Chavez, who gets the money, the power, and the control he desires all the while getting in on the ground floor on the war against the “Great Satan” as Iran calls the US.

Iran and Narco Trafficking (Hezbollah/Los Zetas/Mexico)

Another disconcerting event came yesterday as it was announced that a Lebanese drug smuggler was charged in the US for smuggling 85K kilos of cocaine into the states. Ayman Joumaa a.k.a “junior” was captured and is now being charged with this crime as well as being the money man for Los Zetas, using a Lebanese bank in Canada to launder about $850 million dollars. Joumaa’s connections though also connect him with Hezbollah and thus, we now have more connections between the likes of Hezbollah and Los Zetas.

If you will remember back a bit, you will likely think about the plot that was broken up recently where Iran (Hezbollah) had worked a deal with Los Zetas (allegedly) to bomb a Saudi ambassador while in NYC. Many people thought that the plot seemed a bit cooked up and perhaps overly dramatic, even perhaps some thought that it was disinformation, but, it seems that from numerous sources you can see a pattern emerging between the cartels, islamist terrorists, and the inspirations of Iran and Venezuela.

Further proof comes from the Antisec/LulzSec dump of the AZ DPS reports on the connections between the Islamic extremists and the Hezbollah network in Mexico. Clearly the government seems to be concerned. By using the Zetas, Hezbollah will have a far greater reach into this country through the trafficking routes, coyotes, and money that they are facilitating being made to launch campaigns here in the states… Someday.

Past as Prologue: The 80’s and Ron Reagan

In the end, this report shows quite a bit about how the Islamic jihad and Hezbollah have made inroads into South America. Inroads that could lead to some serious consequences with global terrorism as well as the goals of Iran as a whole where the US (a.k.a Shaitan) are concerned. It would seem to me that the 80’s are coming back and we will find ourselves once again sending wet work teams in country to work against such groups as ETA, FARK, and now Hezbollah in South America.

The report, which I suggest anyone who can speak Spanish see, covers much more than anything you might read in the English press. They talk to several US officials in DEA/CIA etc and one of them actually calls the acceptance of the “cyber attack plan” an act of war

*shudder*

However, you will get to see that Univision did their homework and connect the dots pretty well between the governments of Columbia, Venezuela, and Iran in complicity on a plan like the one offered. So, it could be possible in the future to see such attempts as plausible. We definitely have to keep an eye on the region and the machinations of the likes of Chavez and Mahmoud.

However, what I don’t want to see is another Iran-Contra Affair come up. Guess Ollie might have another job ahead of him…

So when do we get the second “New Wave” movement from Britain then?

K.

Written by Krypt3ia

2011/12/14 at 17:39

The Hezbullah Cyber Army: War In HYPERSPACE!

with one comment

WAR! in HYPERSPACE: The Cyber Jihad!

A day or so ago, a story came out and made the rounds on the INFOSEC-O-Sphere about the Hezbullah Cyber Army The story, which was cub titled “Iranian Terror” was titled  “Iranian Cyber-Jihadi Cells in America plot Destruction on the Net and in Reality” Which, would get all our collective attentions right? The story goes on to tell about the newly formed Cyber Army that will be waging all out war on the US and others in “Hyperspace”

Yes, that’s right, you read that correctly.. This guy Abbasi is either trying to be clever, or, this is some bad translation. Sooo… Hyperspace it is! Well, I have a new tag line for him…

“In hyperspace.. No one can hear you giggle”

At any rate, the whole idea of a Cyber Jihad or a Cyber Hizbullah is a notion that should not just be sloughed off as rhetoric. I do think that if the VEVAK are involved (and they would want a hand in this I am sure) they could in fact get some real talent and reign in the ranks to do some real damage down the road a piece I think. So, while I may be a little tongue in cheek here at the start of this post, I want you all to consider our current threatscape (*cough* SCADA etc) and consider the amount of nuisance they could be if they made a concerted effort with the likes of the HCARMY.

So, yeah, this could be an interesting development and it is surely one to keep our eyes on collectively… But.. Don’t exactly fear for your lives here ok? After all, my opinion still applies that the bugaboo of scada does not easily fit into the so called  cyberwar unless it is effectively carried out with kinetic attacks and a lot of effort. Nope, if the HCA is going to do anything at all, it will be on the playing field of the following special warfare fronts;

  1. PSYOPS
  2. DISINFORMATION (PSYOPS)
  3. Support of terrorism (Hezbullah and others)
  4. INTEL OPS
These are the primary things I can see their being good at or being pawns of the VEVAK for.
So.. Sleep well for now because really all you have to truly worry about is that they are going to deface your page it seems (see picture at the top of the post)

Interview by IRNA with HCA

More than anything else though at the moment, the whole revealing of the HCA is more a publicity stunt than much else I think. For all of the talk in the US and other countries about mounting their own “Cyber Militia’s” it seems that Iran and Hezbullah wanted to get in on the ground floor..

Oh… Wait..

They forgot about the PLA and the Water Army!

DOH!

Oh well, sorry guys… Guess you will have to keep playing on that whole “HYPERSPACE WAR” angle to get your headlines huh? Besides, really, how much street cred is an organization like this anyway? So far I have been poking around all of their sites and find nothing (links or files) that would he helpful in teaching their “army” how to hack.

My guess.. This is kinda like putting out the inflatable tanks and planes for the Germans to bomb in place of the real ones.

The "About" Statement on HCA

Now.. Before You All Go Off Half Cocked (That means you Mass Media)

Meanwhile, I have seen the story that I linked up top scrawled all over the digital wall that is Twitter these last couple days. I am sure with everything that has been going on in Iran of late (i.e. the tendency for their bases to explode lately as well as their pulling another takeover of a consulate as well as spy roll ups) the media is salivating on this story because its juicy. It has it all really…

Cyberwar (hate that term)

HYPERSPACE!

Espionage

BOOGA BOOGA BOOGA We’re gonna activate our hackers inside your borders and attack your SCADA’s!

What’s the media not to love there?

HCA's YouTube Page Started in September

Well, let me set you all straight. This is piffle. This is Iran posturing and the proof thus far has been they have defaced a couple of sites with their logo.

THE HORROR!

This group has not even reached Anonymous standards yet! So relax.. Sit back… Watch the show. I am sure it will quickly devolve into an episode of the keystone cops really. They will make more propaganda videos for their YouTube, create a new Twitter account, and post more of their escapades on their two Facebook pages to let us all know when they have defaced another page!

… Because no one will notice unless they let us know…

Just The Persian Facts Ma’am

The real aegis here seems to be shown within the “about” statement for the group. Their primary goals seem to be to attack everyone who does not believe in their moral and religious doctrine. A translation of the statement rattles on about how the West are all foul non believers and that we are “pompous” Which really, kinda makes me think that the Iranian people, or at least this particular group, has a real inferiority complex going. More so though, it seems from the statement that they intend more of a propaganda and moral war against the west and anyone else they see fit than any kind of real threatening militant movement.

You know.. Like AQAP or AQ proper.. Or Jamaa Islamiya.

This is an ideological war and a weak rallying cry by a group funded by a government in its waning years trying to hold on to the digital snake that they cannot control forever. Frankly, I think that they are just going to run around defacing sites, claiming small victories, and trying to win over the real hackers within their country to their side of the issue.

Which… Well, I don’t think will play well. You see, for the most part, the younger set who know how to hack, already bypass the governments machinations and are a fair bit more cosmopolitan. Sorry Mamhoud, but the digital cat is already out of the bag and your recognition of this is too late. How long til the Arab Spring reaches into the heart of Tehran and all those would be hackers decide to work against you and your moral jihad?

Be afraid Mamhoud… khomeini…

All you really have is control temporarily.. You just have yet to realize it.

Tensions In The Region: Spooks & The Holiday Known as KABOOM

Now, back to the region and its current travails. I can see why this group was formed and rolled out in IRNA etc. Seems to me even with the roll up of the CIA operations there in Iran you guys still are being besot with problems that tend to explode.

  • Wayward Trojan drones filled with plastique
  • Nuclear scientists who are either being blown up or shot in the streets
  • Nuclear facilities becoming riddled with malware that eats your centrifuges.
You guys have it tough right now.
Let me clue you guys in on something… If you weren’t such a repressive and malignant regime, we might work with you on your nuclear programs to power your country. But, unfortunately, you guys are FUCKING NUTS! So, we keep having to blow your plans to shit (we as in the rest of the world other than say North Korea that is) because we are all concerned you just want a bomb. Why do you want that bomb? So you can lord it over the rest of us and use it as a cudgel to dismantle Israel say.. Or maybe to just out and out lob it over the border.
You are untrustworthy.
Oh well.. Yes we all have played games there and I agree some shit was bad. The whole Shah thing.. Our bad… Get over it.
I suspect that the reason why all of these bad things are happening to you now though sits in the PDB on the presidents desk or maybe in a secret IAEA report that says you guys are close to having a nuclear device. You keep claiming that you are just looking to use nuclear power peacefully… But then you let Mamhoud open his mouth again and shit just comes right out.
Until you guys at least try to work with others and not repress your people as much.. Expect more KABOOM.

What You Should Really Worry About From All of This

My real fear though in all of this hoo ha out of the HCA is that VEVAK and Hezbullah will see fit to work with the other terrorist groups out there to make a reality of this whole “Cyber Jihad” thing. One of these factors might in fact be the embracing of AQ a bit more and egging them on in their own cyber jihad. So far the AQ kids have been behind on this but if you give them ideas AND support, then we have a problem I think. The ideal of hit and run terror attacks on infrastructure that the government and those in the INFOSEC community who have been wringing their hands over might come to pass.

HCA Propaganda Fixating on OWS

If the propaganda war heats up and gains traction, this could embolden others and with the support of Hezbullah (Iran) they could “try” to make another Anonymous style movement. Albeit I don’t think that they will be motivated as much by the moral and religious aspects that HCA puts out there as dictum. Maybe though, they will have the gravitational force enough to spin all of this off into the other jihadist movements.

“The enemy of my enemy is my friend”

If the HCA does pull off any real hacks though (say on infrastructure) then indeed they will get the attention they seek and more than likely give the idea to other movements out there to do the same.

AND that is what worries me.

Cinch Up That Seatbelt… It’s Gonna Be A Bumpy Ride

Finally, I think that things are just getting started in Iran and its about to  get interesting. With all of the operations that seem to be going on in spook world (please don’t use PIZZA as a code word again mmkay?) and the Israeli’s feeling pressured by Tehran’s nuclear ambitions and rhetoric, I suspect something is about to give way. Add to this the chicken-hawks who want to be president (Herman I wanna touch your monkey) Caine and the others who have so recently been posturing like prima donna models on a runway over Iran and we have a disaster to come.

Oh.. and Bachmann.. *Shudder* Please remove her from the Intelligence committe!! That whole Pakistani nuclear AQ attacks thing was sooo not right!

PSSSSST BACHMANN they’re called SECRETS! (or, for your impaired and illiterate self SEKRETS) STFU ok?

OH.. Too late, now NATO is attacking into Pakistan…

It looks to me like the whole middle east is about to erupt like a pregnant festering boil and we are the nurse with the needs who has to pop it and duck.

So.. Uh yeah, sorry, got carried away there… I guess the take away is this; When you look at all the other stuff going on there, this alleged cyber army is laughable.

Yuk yuk yuk… You’re killin me Ahmed!

K.