Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘ISIL’ Category

Fancy Bears, CyberCaliphates, and Reporters

leave a comment »

Recently the AP put out a story that links the GRU (Fancy Bear/APT28, whatever you want to call them) to a spate of threats made to five military wives back in 2015 and alleged to have been carried out by Da’esh or the CyberCaliphate. Caliphate is/was/kinda was a loose group of hackers in the Muslim community who carried out a bunch of web defacement’s with slogans like “we love ISIS” etc. Now this isn’t very scary and the group finally got a titular leader in Junaid Hussain, a Brit who went to Jihad after being popped for hacking with an Anonymous group. These disaparate groups of skids are still out there today defacing pages and causing a nuisance but none of them ever rose to the level of being a clear and present danger hacking wise, but Juny, well, Juny became a mouthpiece for da’esh and his popularity got him whacked with a missile in Raqqa.

From AP News

The AP story though, is only tangentially about the CyberCaliphate in that the claims made by the AP are that the five wives who were threatened were in fact not threatened by Caliphate, but instead the GRU carrying out a “False Flag” to make it look like it was the skids. While Juny and whoever else he was working with did in fact dump some military data back in 2015, there were other hacks that went on that people think wasn’t him and the brothers at all but their sophistication means that they had help if not outright wasn’t them at all. The fact of the matter is that finding open source lists of military and other’s details is easy with Google Fu today and no hacking may have been needed for many of these dumps that the ISHD dropped. There were some righteous hacks though and I can easily go with the idea that the Russians and others perhaps had been leveraging these guys names to carry out their own attacks for their own ends,but, this threatening of five military people’s families is a bit of a stretch for me to say is definitively the GRU and not in fact the real ISHD or Caliphate hackers.

My biggest problem with this AP report is that there is little to no details on how they came to the conclusion they reported. In asking the reporter, Raphael Satter, on Twitter I only got sketchy replies on how he/they got this grand conclusion. Basically, his story is that he asked SecureWorks for their data (including personal information it seems of those who got hacked/attacked) and went through all of the phishing emails that were carried out by APT 28 using the bit.ly links to avoid Google filters. Out of all those 4k emails they then saw that the five families were recipients of the phishing emails that APT 28 carried out on the everyone in their large drift net attacks to gather intelligence. AP/Satter then went and rummaged in their closet for the JUMP TO CONCLUSIONS MAT and laid it out to finalize their cognitive bias. From this, and it seems bothering a bunch of military wives previously on the 4k emails that went out they came to the conclusion somehow, that the five were in fact attacked by the GRU because they got those phish. Satter and AP give no details or evidence on this and in my chat with Satter on Twitter he was too busy pub crawling to answer my questions fully on this.

While it is not inconceivable that these families may have been harassed by the GRU for some reason, it is also not a conclusive fact given what has been presented by the AP that they did in fact do this and it was not really the actual ISHD or CyberCaliphate or even just Juny himself. What really needs to happen though, is when a reporter and an agency makes an assertion, but provides little to no evidence of it, it kinda comes off as a grab for attention without truth to back it up, in effect, they did it for the clicks. Now if Satter and AP can provide more conclusive data then I will concede that they are in the right here, but so far they have not. I see no direct connections in the story to anything more than the fact that these ladies got messages on Facebook that were threatening and claimed to be from ISIS. When I asked if Satter had tried to pull the data together to see if these families all had members in FOB’s (Forward Operating Bases) he did not even know what that meant, so I enlightened him. My point being is that if those five members of families were in an area that the Russians wanted to effect some outcome at the time of the attacks, then maybe I could see my way to believing it, but if it was only five, and there is no evidence that they were in positions that the Russians would want to effect, then why do this at all? Why only five? Am I missing something? It all comes back to “Cui bono” or “Who benefits?”

Certainly the AP story is splashy and makes for clicks but I have these concerns as well as I now have to wonder about SecureWorks giving up this data with PERSONAL DATA ATTACHED to the AP. Say, isn’t giving personal data of military and government people to the AP a violation of law somehow? Even of the AP says they are protecting the data, this isn’t really kosher to me, but who am I huh? Maybe just someone with data out there huh? It also makes me wonder how SecureWorks is feeling about all this too. I mean, they had all this data and they did not report this. As Satter said to me; he and a team of people pulled all this together. Well, unless you provide your work it’s just another story and may be in fact incorrect. But back to SecureWorks, why did you guys give this data to the media? What were you thinking?

Screenshot from 2018-05-14 09-12-55

All in all I have had this story sticking in my craw for a while now and I had to get this out. I have worked on the Caliphate and ISHD tracking so I know the players and I know the game. I am certain that in some cases the attacks carried out were more sophisticated and coherent for them to be the actors involved but to make these wild leaps of logic like AP did and then publish them without supporting evidence is bad journalism. In a time when the media want’s to be above board because we have a liar in chief in office who is daily attacking our institutions like the Fifth Estate with disinformation, we need you reporters to do a better job than this. If Satter and AP can provide more than I will be happy. Until then, this story is just that and just adds to the cacophony of fake news and clickbait that I deplore.

K.

UPDATE: One last thought I thought I should add. There is a definite difference between actors here where it comes to ISHD and CyberCaliphate. Two different manners of attacks/hacks and ways of speaking. Look at the image above and look at the language as opposed to most of the defacements and posturing by the UCC. So if you want to say anyone GRU may have done this you would want to call them out as ISHD (Islamic State Hacking Division) as opposed to CyberCaliphate.

Just Sayin.

Written by Krypt3ia

2018/05/14 at 12:33

Posted in Da'esh, ISIL, jihad

Cyber Jihad Marketing: Yelling FIRE! In A Crowded Theater

leave a comment »

Screenshot from 2016-06-20 07:37:15

 

Recently, a reporter that I know came to me asking if I would look at this ICIT-Brief-The-Anatomy-of-Cyber-Jihad1 and give input on it. They wanted to have my opinion because the firm that wrote it was seeking a reporter to flog it on their news site. I told the reporter after looking at the “analysis” this exact quote; “This report is the marketing equivalent of yelling fire in a crowded theater” Well, it seems that CNBC bought it though and my hand has been forced to write about this travesty. ( CNBC Report that forced my hand ) I told the reporter to back away slowly and to their credit they did. CNBC not so much. So here I am going to outline how this report is full of marketing and cognitive bias and wild assumptions. Oh, and that is if you can get past the hyperbolic language in the first graph…

Screenshot from 2016-06-20 08:47:58

I shit you not..

Cyber Caliphate & Junaid Hussain:

The report goes on a long time talking about Da’esh and their origins. While much of that data is right on the report starts to go off the rails once they begin talking about the “cyber” part of the picture. They start off by talking about Juny and his cybering, the defacements out there, and the propaganda war that is still ongoing by the likes of Da’esh, AQAP, Boko Haram, etc. Which is all fine, mostly accurate, but then they start to talk about “possible capabilities” after they just pretty much said “They aren’t that capable” Cognitive dissonance much there guys? The truth of the matter is that to date, the propaganda war is the biggest and most dangerous war here, not the so called cyber war that this “analysis” is pimping. I have been following this stuff since 2001 and Juny is the new Younis Tsouli really, both were/are moderately skilled in hacking but not much more than that. Both were much more a propaganda figures, and more dangerous in that capacity than any of their hacking skills. In fact, in the case of Younis, he got the heat and popped for that very reason, he was making a splash and attracting followers. Juny had that very same skill set and became much bigger a deal because he caught the zeitgeist for the jihobbyists out there with his mouth on Twitter. This is why he was killed with a hellfire, not because he hacked any big databases or got the real dope from some hack. In short, both were a danger because they had followers, and those followers were radicalising off of their jihadi bluster online and caches of propaganda from the main marketing teams of their respective terrorism groups. (AQ for Younis and Da’esh for Juny)

Screenshot from 2016-06-20 07:45:48

Of course the report would not be scary enough without the “Cyber Caliphate” an operation that Juny lamented was just him, no one else, before he got whacked on Telegram. That’s right kids, Juny was pimping something and making shit up. Once Juny got whacked you know what happened? Groups of guys like Team Fallaga took up the mantle and went on to deface pages like the dickens! “OOH SCARY DEFACEMENT BRO” While the report states this, and some of the other information I just mentioned, they then go on to analyse and say that these guys aren’t capable now but someday… SOMEDAY they could be. Oh really? You don’t say! Sure it is possible but it is not likely. Given that most APT activity takes money, time, and cohesion, the jihadi’s are all over the place and usually small disparate groups of skiddies, not solid hackers. So, the scare tactic of analysis is way off the mark in this report and this is why I told the reporter to step back slowly from their pitch. If this group had left it at that, it could happen but it is not likely I would have had some respect for them. Instead they chose the other scare the client into buying shit route. As for Cyber Caliphate and all their other silly acronyms, none have shown that they are a credible threat to much else than an insecure web page. No real data has been hacked and their “data drops” of enemies to kill have all come from open sources on the internet. Sure, is it problematic that they are doing this? Sure. Is it a clear and present danger of cyber capabilities that they could strike the grid next?

No.

Just stop.

Jihadi Helpdesk

PSSSST hey morons.. There is no Helpdesk

Screenshot from 2016-06-20 07:46:05

I need not say more right?

… But I will.

DO YOUR GOD DAMNED HOMEWORK AND QUITE THE FEAR MONGERING FOR MONEY!

CYBER JIHADI DARKNETS

Of course these guys could not miss an opportunity to scare and of course they had to use the scary “Dark Net” or “Deep Web” I have been on the dark net for a long time and I will tell you I have found a few sites but nothing there is that scary. In fact, to date, the sites either have been hacked soon after and taken down, or just sit unused. So really, the dark net is no threat here. Sure, the jihadi’s are using technology to obfuscate their chats now and trying to hide in the “deep web” of un-spidered content but the reality is most of this stuff is non operational. What the jihad today (Da’esh) wants mostly is to radicalize and activate those in the US like Omar Mateen without even really having contact with them.

Screenshot from 2016-04-29 13:12:15

So, the darknet… Not so much a terrorist haven kids. Sorry

https://krypt3ia.wordpress.com/2015/11/15/the-first-official-daesh-darknet-bulletin-board-has-arrived/

https://krypt3ia.wordpress.com/2015/11/18/daesh-darknet-under-the-hood/

Overall Analysis of Scare Marketing and Cognitive Bias

This report is a travesty of a tissue of what if’s that really is just a pulp thriller wannabe disguised thinly as a marketing piece cum serious analysis of Jihad online.

Please believe none of it.

Dr. K.

Written by Krypt3ia

2016/06/20 at 12:50

Digital Jihad: The Great Irhabi Cyber War That Won’t Be.

leave a comment »

 

Screenshot from 2014-09-12 10:03:12

 

Islamic State militants are planning the creation of a ‘cyber caliphate’ protected by their own encryption software – from behind which they will launch massive hacking attacks on the U.S. and the West.

Both Islamic State and Al Qaeda claim to be actively recruiting skilled hackers in a bid to create a team of jihadist computer experts capable of causing devastating cyber disruptions to Western institutions.

They are now boasting it is only a matter of time before their plan becomes a reality.

~Daily Mail UK

 

The Great Cyber Jihad

Since Junaid Hussain escaped over the border to the new lands of jihad (aka Syria) he has been vocal on Twitter showing off his great cyber manhood in classic irhabi bloviating online. That Junaid made some inroads by hacking into the prime minister’s email address at Gmail only lends him dubious credit to his hacking skills  to a person involved in the security field. This however is not how the great unwashed within the media and certain quarters of the government and the military seem to perceive the threat posed by Junaid today now that he is an ISIL irhabi.

Islamic State militants are planning the creation of a ‘cyber caliphate’ protected by their own encryption software – from behind which they will launch massive hacking attacks on the U.S. and the West.

Both Islamic State and Al Qaeda claim to be actively recruiting skilled hackers in a bid to create a team of jihadist computer experts capable of causing devastating cyber disruptions to Western institutions.

They are now boasting it is only a matter of time before their plan becomes a reality.

~Daily Mail UK

The above text came from just one of the spate of recent reports on the great “Cyber Jihad” that is being touted to come from the likes of Junaid and ISIS/L as they attempt to expand their reach from the Middle East globally. This ls.particular commentary makes the bile rise within my gut on so many levels though. But that kind of pales in comparison to the one right below…

“We’re in a pre-9/11 moment with cyber,” John Carlin, assistant attorney in charge of the Justice Department’s National Security Division, warned at a July conference in Aspen. “It’s clear that the terrorists want to use cyber-enabled means to cause the maximum amount of destruction as they can to our infrastructure.” 

~Fox

PRE-9/11 OMG!!! Look you fuckwit if that were the case then China would have already put us out of our misery really. For that matter some half assed pot sodden kid who happened to hack into our grid would have taken us down years ago. There is just no need for this posturing and certainly above all coming from someone without a clue in their head about how things really work in the world of computer security. This kind of scare tactic aimed at getting people to respond in fear to allow for the government to do anything in the name of protecting us is vile.

Meanwhile you have other players such as the one below making statements of “ALL OUT CYBER WAR” while commenting on Anonymous’ operation against ISIS. I laughed and I laughed and I laughed until I just wanted to cry at the sheer stupidity of it all. Look, Anonymous can’t get their shit together enough to be both leaderless and effective so really, how much of an “ALL OUT CYBER WAR” can there be there huh? Do you even know what a cyber war really means? Cyber warfare is both digital and kinetic in it’s purest form and what kinetics did Anonymous really carry out in this operation to DoS ISIS offline?

Lemme give you a clue… None.

“Anonymous announced late last week a full scale cyber war against the Islamic State (Operation Ice ISIS), intended to attack ISIS supporters using social media for propaganda purposes”

~Fortuna’s Corner

So aside from the bloviating and the scare tactics coming out of ISIS itself we also have our responses from the government and the media with all their so called experts on cyber war and jihad. There is a lot of wankery going on here but finally this guy makes a little sense in the middle of his post on this mess…

ISIS’s main effort to date in cyberspace has focused on psychological warfare by generating fear through flooding the internet with video clips portraying the brutal acts of beheading and mass executions, as well as victory parades, as part of developing deterrence and creating an illusion of force in excess of the organization’s actual strength. The essence of its online activity, however, is broader. It enables its supporters to obtain operational information, including training in preparing explosives and car bombs, and religious rulings legitimizing massacres in regions under ISIS control. In tandem, it distributes indoctrination materials, such as a maagzine called Dabiq: The Return of Khilafah, which focuses mainly on topics relating to formation of the new Islamic state headed by ISIS leader Abu Bakr al-Baghdadi. However, ISIS’s technological expertise is not the only factor. Perhaps the public, which is revolted by the organization’s deeds but closely follows these clips and photos as a kind of reality show, is contributing a great deal to the organization’s popularity.

~Fortuna’s Corner

Yes, there it is.. ISIS has been carrying out a PROPAGANDA war primarily and with that comes from PSYOPS as well. This is the first true set of statements I have seen to date over this whole debacle. Ok, they are waging a propaganda war and a recruitment drive for sure but really, a cyber caliphate? I mean to date I have not seen this show up verbatim anywhere on the boards or on twitter so who’s leaping logic here? Seems to me that there’s a sucker born every minute and about 99% of them want to go into journalism nowadays.

A propaganda war using Twitter does not a cyber war make.

Cyber Warfare and Jihad

So let’s chat about the realities here about the capabilities of the Irhabi (ISIS/L or AQ or SEA) in a context of what we have seen so far. What have we seen you ask? Well, DoS, some data thievery, some malware use and phishing, but generally nothing spectacularly scary. Certainly nothing on the level of a nation state actor like China has been seen out of any of the loose groups that claim some jihadi notions online to date. So where do we get all this BOOGA BOOGA over the likes of Junaid Hussain and ISIS taking down our grids and things?

*squint*

Yeah, there’s no there there. I am sorry but even if ISIS/L used it’s monies that it has stolen over the last months to set up a “cyber team” they still would be LIGHT YEARS behind the likes of China.. Hell they would even be way behind Iran for that matter so really, there is nothing to fear here. Never mind that many of these guys like Junaid are working in countries that are actively being bombed and shooting is happening so really, how much longer does Juny have anyway before he gets a Hellfile missile up his ass?

Truly the cyber jihad is a non starter for me and it should be for you too. On the other end of that equation though is the fact that they are actively recruiting and getting their message out using social media and this is a problem. Now don’t get me wrong, it is not a clear and present danger kind of thing because really, 100 Americans out of how many people seeing their online drivel have actually left the country to go to jihad pretty much gives a sense of the threat. You have to be pretty unbalanced to want to do this shit to start with so if you get up and leave the country to join up you are a truly unbalanced person to start. One so easily swayed by the propaganda wing of ISIS needs help and what they will certainly get is a bullet instead while fighting. Even ISISL really doesn’t care about the Takfiri, you see kids, they are just bodies to be used… Nothing more. They may call you brother but under their breath they call you fodder.

Much Ado About Nothing

The reality is that ISIS is more a conventional force than anything else. They are not as well planned as AQ and they tend to be one dimensional thinkers. I will admit that their propaganda war has been interesting to watch but I don’t see that it is an existential threat. In fact, I concur with the assessment that AQ is still the real player here who can strike at the US and had a better track record thus far. Surely if ISIS continues to carry out the propaganda war they may garner more recruits but I just don’t see them being that inspirational to get lone wolves to activate/radicalize. I certainly don’t see them being able to put teams together to hack our infrastructure and take us down either. In fact I am not a proponent of that line of thinking anyway as a great threat. Our systems are too complex and fragmented to allow for such a spectacular attack.

So please news media… STFU.

K.

Written by Krypt3ia

2014/09/12 at 15:31