Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Kinetic Attacks’ Category

Leaderless Jihad and Open Source Jihad: A Marriage Made In Hell.

leave a comment »

7631834-3x2-700x467

In 2013 I wrote about leaderless jihad and the “Stand Alone Complex” Now we are seeing this type of leaderless, “inspired by” thought virus playing itself out on the national stage. Last nights attack using a lorrie was something that was presaged by two issues of Inspire Magazine back in 2010 and 2014. There isn’t much to it really to gather some weapons, steal a truck, and then plow it into a crowd but it has taken this long for the insidious idea to take root in the collective unconscious of the would be jihadi’s. The days of a more rigid and trained “jihad” are being eclipsed by would be unbalanced individuals seeking attention and reinforcement of their sick ideas through the media, the internet, and our collective inability to look away from a tragic scene on a glowing screen.

Screenshot from 2016-07-15 07:00:082014 Inspire

 

Screenshot from 2016-07-15 07:04:082010 Inspire 2 “Ultimate Mowing Machine”

 

Soft targets were always the preferred avenue of attack but now they are becoming seen as a top priority for security forces since the attacks in France and other places like Bangladesh. While Dahka on the face of it had a contingent of more trained individuals the attack last night is as simplistic as they come. This is what is really scaring the populace and the security services because now it seems that the authors and actors of these acts are in fact just one guy and not a cabal that they could perhaps track using pervasive surveillance. A cell of one is hard to track and certainly if they self radicalize by just downloading Inspire magazine and watching YouTube, well, what can one do? There are no easy answers here in the world of detection and prevention.

Screenshot from 2016-07-15 09:26:04

So here we have it, I have been pointing this out for a while and at first it was AQAP trying to inspire “OSJ” or Open Source Jihad. Now Dabiq and Da’esh are carrying it on and furthering it with the media zeitgeist that ensues with each attack. The net effect here is that these people are selfradicalizing with the help of the media’s obsession on covering ad nauseum these acts. The pervasive hand wringing and talking heads only serve to whet the appetite of the would be jihobbyist into action. Forget the Inspire magazines and the videos, just watch CNN and that is enough it seems. This all is very much like the plot line to “The Laughing Man” arc of Ghost In The Shell. An act carried out on the media instilled others to carry out like acts to be on the media and further the idea(l) as well as serve as a means to self fulfil the actors need for attention and satisfaction.

laughing-man

This is pure psychology at work and there are a host of reasons and syndromes that could likely be pointed at to rationalize it’s happening. The fact of the matter is that now we are seeing it play out rather bloodily on the streets of the world in furtherance of an idea and ideal set that lends itself to the like minded.. Or should I say mentally ill? Yes, I would say mentally ill. These actors are acting out and likely have some borderline tendencies to start with. These people feel outcast in their societies or out of place within the societies they are living in as a second generation citizen. It is a complex thing to nail down and I suggest that anyone who might want to delve into it further read “Leaderless Jihad” by Marc Sageman.

We need a more nuanced approach to the GWOT and I am afraid we won’t get that…

K.

 

Book Review: An Introduction to Cyber-Warfare: A Multidisciplinary Approach

with one comment

cyberwarprimer

IJPFRH CPAGP EIIL!

CYBER CYBER CYBER!

CYBER CYBER CYBER! or “CRY HAVOC AND LET SLIP THE DIGITAL DOGS OD CYBER WAR!”” is often what you hear from me in a mocking tone as I scan the internet and the news for the usual cyber-douchery. Well this time kids I am actually going to review a book that for once was not full of douchery! Instead it was filled with mostly good information and aimed at people who are not necessarily versed at all in the cyberz. I personally was surprised to find myself thinking that I would approve this for a syllabus (as it has been placed into one by someone I know and asked me to read this and comment)

The book really is a primer on IW (Information Warfare) and Cyber-Warfare (for lack of a better nomenclature for it) which many of you reading my blog might be way below your desired literacy level on the subjects. However, for the novice I would happily recommend that they read the book and then spend more time using ALL of the footnotes to go and read even more on the subject to get a grasp of the complexities here. In fact, I would go as far as to say to all of you out there that IF you are teaching this subject at all then you SHOULD use this book as a starting point.

I would also like to say that I would LOVE to start a kickstarter and get this book into the hands of each and every moron in Congress and the House. I would sit there and MAKE them read it in front of me *surely watching their lips move as they do so* There are too many people in positions of power making stupid decisions about this stuff when they haven’t a single clue. I guess the same could be said about the military folks as well. We have plenty of generals who have no idea either.. That’s just one man’s opinion though.

As we move further and further down the cyber-war road I think that books like this should be mandatory reading for all military personnel as well as college level courses in not only IW/INFOSEC but also political and affairs of state majors as well. We will only continue down this road it seems and it would be best for us all if the next wave of digital natives had a real grasp of the technologies as well as the political, logical, and tactical aspects of “Cyber”

I have broken down the book into rough chapters and subject areas as it is within the book (mostly) It really does cover more of the overall issues of cyber-warfare and methods used (not overly technical) The modus operandi so to speak of the actual events that have taken place are laid out in the book and give you a picture of the evolving of IW to what we see today as “cyber-warfare” I will comment on those sections on what I thought was good and what I thought was derpy of course, I mean would you all have it any other way?

IW (INFORMATION WARFARE) RUSSIA

The authors cover early IW with the Russian saga’s over Georgia and Estonia. There is a lot in there that perhaps even you out there might not know about the specifics of the incidents where Russia is “alleged” to have attacked both countries at different times with different goals and effects. Much of this also touches on the ideas of proxy organizations that may or may not be state run that were a part of the action as well as a good overview of what happened.

In the case of Georgia it went kinetic and this is the first real “cyber-warfare” incident in my mind as cyber-war goes. I say this because in my mind unless there is an actual kinetic portion to the fighting there is no “war” it is instead an “action” or “espionage” so in the case of tanks rolling in on Georgia we have a warfare scenario outright that was in tandem with IW/CW actions.

OUR CHINESE OVERLORDS

Ah Chairman Meow… What book on Cyber would be complete without our friends at the MSS 3rd Directorate huh? Well in the case of this primer it gets it right. It gets across not only that China has been hacking the living shit out of us but also WHY they are doing it! The book gives a base of information (lots of footnotes and links) to ancillary documentation that will explain the nature of Chinese thought on warfare and more to the point Cyber-Warfare. The Chinese have been working this angle (The Thousand Grains of Sand etc) for a long time now and there are more than a few treatises on it for you to read after finishing this book.

The big cases are in there as well as mention of the malware used, goals of the attacks and some of the key players. If you are out to start teaching about Chinese electronic/cyber/IW then this is a good place to start. Not too heavy but it gets the point across to those who are not so up to speed on the politics, the tech, or the stratagems involved.

ANONYMOUS/SEA/LULZSEC

Anonymous, as someone on my Twitter feed was just asking me as I was writing this piece, is also a part of this picture as well. The idea of asymmetric online warfare is really embodied by these groups. The book focuses more on Lulzsec and their 50 days of sailing but it doesn’t go too in depth with the derp. Suffice to say that all of them are indeed important to cyber-warfare as we know it and may in fact be the end model for all cyber-warfare. How so? Well, how better to have plausible denyability than to get a non state group to carry out your dirty war? Hell, for that matter how about just blame them and make it look like one of their ops huh?

Oddly enough just days ago Hammond wrote a piece saying this very thing. He intoned that the FBI via Sabu were manipulating the Anon’s into going after government targets. This is not beyond comprehension especially for places like China as well. So this is something to pay attention to. However, this book really did not take that issue on and I really wished that they had. Perhaps in the next updated edition guys?

THE GRID

OY VEY, the “GRID” this is one of the most derpy subjects usually in the media as well as the books/talks/material on cyber-warfare out there. In this case though I will allow what they wrote stand as a “so so” because they make no real claim to an actual apocalypse. Instead the book talks about the possible scenarios of how one could attack the grid. This book makes no claim that it would work but it is something to think about especially if you have an army of trained squirrels with routers strapped to their backs.

It is my belief that the system is too complex to have a systematic fail of apocalypse proportions and it always has been so. If the book talked about maybe creating a series of EMP devices placed at strategic high volume transformers then I would say they’d be on to something. However, that said, the use of a topological attack model was a good one from a logical perspective. They base most of this off of the Chinese grad students paper back years ago so your mileage may vary. So on this chapter I give it a 40% derp.

WHAT’S MISSING?

All in all I would have liked to have seen more in the political area concerning different countries thought patterns on IW/CW but hey, what can ya do eh? Additionally I think more could have been done on the ideas of offense vs. defense. Today I see a lot of derp around how the US has a GREAT OFFENSIVE CAPABILITY! Which for me and many of you out there I assume, leads me to the logical thought conclusion of “GREAT! We are totally offensive but our defense SUCKS!” So much for CYBER-MAD huh?

I would have also like to have seen more in the way of some game theory involved in the book as well concerning cyber-warfare. Some thought experiments would be helpful to lay out the problems within actually carrying out cyber-war as well as potential outcomes from doing so more along the lines of what I saw in the Global Cyber-Game.

OVERALL TAKE

Well, in the end I think it is a good start point for people to use this in their syllabus for teaching IW/CW today. It is a primer though and I would love to see not only this end up on the list but also the Global Cyber Game as well to round out the ideas here. To me it is more about “should we do this?” as opposed to “LETS FUCKING DO THIS!” as the effects of doing so are not necessarily known. Much of this territory is new and all too much of it is hyped up to the point of utter nonsense. This is the biggest problem we have though, this nonsense level with regard to the leaders of the land not knowing anything about it and then voting on things.

We need a more informed populace as well as government and I think this book would be a good start. So to the person who asked me to review this..

Put it in the syllabus!

K.

The Global Cyber Game

with one comment

globalcybergame

bqrebnbtsinmpvcdro

The Global Cyber Game:

I had been meaning to write about this before when I had originally read the text but things got in the way as usual (work, more work, some more work after that, Defcon/Bsides) Now though I am in a space where I can reflect back on this paper and write about it here for you all to see. The Defence Academy (UK) put this together to describe how we might approach “cyberwar” on the level of game play or game theory. They constructed a board and began to set to the task of creating game play and tactics given certain scenarios in the cyber world. (see image of game board below) You can actually play this game if you create a board from this design and work within the rules of game theory but this is not why I find this treatise so important.

globalcybergame1

What I find most interesting is the actual scenario’s that play out within the game play as well as the end game status that the paper puts it all down to in the end of N-Utopia and N-Dystopia. As one can gather from the inherent meaning of the words, N-Utopia means that we all work out our problems globally and work on bettering society (which in the Nash equations is the best play) or we end up with N-Dystopia, a Balkanization of the net, and warfare that scales all levels up to kinetic and will be the death of us all. Can you guess where I think we are right now on the N-scale? Yes, you’d be right to lean toward the N-Dystopia area. In fact I would even like to see that idea rendered in a new way with an older iconography, that being the Doomsday Clock analogy. Perhaps someone can take that up online and create one for the cyebrwarz eh?

Power Dimensions:

What must be taken into account in the great cyber game is that all of this is centered around power plays. The use of information as power, the use of information to effect actions vis a vis “power” and the varying types of power that are being wielded by the players. This paper covers this idea pretty well and should be required reading for anyone looking to study cyber-warfare along side Clausewitz and other more well known pieces of doctrine. Some however may already be familiar with the ideas of hard and soft power but let’s take that into the electronic warfare arena which is a bit harder to scope today.

  • Hard power
    • Overt threats and rewards
    • Kinetic action
    • Coercion
  • Soft power
    • Cooperation
    • Co-Option

Both of these types of dynamic play off of one another and work in tandem. There actually is a whole spectrum of power plays that can be derived from these basic premises but I will not go into all that here. To date I have seen an abundance of hard power tactics being employed on the game board and I fear that that seems to be what the governments of the world have locked on to as their aegis. I would love for more to try the soft power tactics and methods but I am too much of a realist to hope that it will ever really happen.

The game play today that we are all seeing unfold before us is the hard power of Stuxnet or the ramping up of every piece of malware and 0day conceivable being purchased by the US government or others in an effort to be superior when the battle comes. That is though when they are not using those said same exploits in the darker games of realpolitik that they are prosecuting now. As I see it now we are hurtling towards a massive cyberfail of our own making and the real cost of the bad play will be economies around the world and other collateral damage that may not be an apocalypse as we currently understand them to be.

The power dimensions portion of this paper is quite enlightening and you should broaden the scope of how those plays are made with information and the internet. One must understand the playing field as well as the weapon you wield. This is the main problem I have of late is that all too many people and governments are not understanding the game play, the field of play, nor the tools they are using (pieces) well enough to play the game well. This makes not only for bad play, but in this game there are real world consequences for us all when some government or actor does something immensely stupid.

Cyber Games Today:

So what are we seeing today that has me worried? Well, we have the cybergames with Stuxnet and other malware to start. I liken the release of Stuxnet as skin to the release of a biotoxin or virus that eventually will be re-worked or manipulated into a more fearsome weapon. These are not one use tools, they are in fact re-usable and re-tune-able. Once these things are out there is no controlling them and with the idea of Stuxnet you have something that was used against one target but could affect hundreds more in friendly countries if they had the same configuration.

Another cybergame being played today is the new surveillance state that we find ourselves in. It seems in the case of the US we have people who are interpreting our Constitution to suit their needs under the rubric of protecting the homeland. This cybergame is all about information and the power dimension of controlling it. I have been watching this Snowden affair unfold and frankly I am frightened of the capabilities that the NSA has but I am much more scared that they claim that they are protecting us while a Snowden subverts the very systems they are saying cannot be misused. This particular cybergame when looked at, show’s all of the hard and soft power dimensions at play with the media and the law. This should also be brought into the cyber game play as well.

Yet another cybergame going on is within the public/private sector and I call the “Patriot Games” What I mean by this is that we have non state actors playing rolls of asymmetric warriors online to effect whatever change they see fit. A certain un-named clown for one is a primary actor in this space and really started the trend in my opinion. The cybergamers here are vigilantes nothing more and nothing less and may or may not have an effect on the grander scheme of things on the net and in public policy. For the most part however, these players are on the hard power end of the spectrum and thus just mostly come off as thugs.

Lastly, the cybergame that seems to be the one with the most chance of playing in the larger space is that of Anonymous. Anonymous has been able to leverage many players into semi cogent action and could in the future have a real effect on policy and other dimensions within the cybergame play. The only reason that I place Anon into this game is because of that mobilizing force that they seem to carry. If motivated and able to be cohesive enough this group could affect the greater games being played and have on a microcosmic scale thus far in recent history.

In all, the games that are being played, and they are games, all serve as a means to an end for those paying attention to understand and perhaps help those in the seat of power how not to play the game at all. Our petty squabbling on the internet is just that. The reality is that the net is important and much of our lives today require it to run smoothly but if the net were to go down permanently our society would not utterly collapse. We would survive and we would re-build. The question then becomes would we have learned from it and do things better the next time around?

Cyber-Utopia and Cyber-Dystopia:

The idea of Cyber-Utopia is a far fetched one in my mind and probably many others out there. This would be a great thing if we could make it happen but given the petty nature of our.. well nature.. We will only see this ideal wash up on the rocks and sink into the ocean rather quickly. In the Cyber-Utopia we all work together, we cooperate, and we work towards a better day. … And I just don’t see this happening barring some kind of alien intervention frankly.

Cyber-Dystopia though I am afraid is already the case in many respects. We are seeing an almost Balkanization of the internet today as it is never mind the games being played in reality with Stuxnet and cyberwar. If the N-Dystopia comes to pass we will find ourselves at war with each other constantly in a “cyberworld” much like the episode of STOS “A Taste of Armageddon”  where all warfare is carried out via computer simulations and only the casualties report to be disintegrated as a means to balance it all out. Today though we will see attacks on economies as well as infrastructures to effect “war” (economic, political, or other) on our enemies and the real world costs will have to be measured in profit loss or perhaps even actual loss of human life.

The cyber-dystopia though is more than just an outcome of war. It is the outcome from our own inabilities to work with each other and our ability to rationalize warfare through a non apocalyptic destruction of life. It will be a tit for tat war of attrition that will not lead to any clear victories and certainly not elevate our societies in any way and that is the sad truth of it. Ladies and gents we are already in the dystopia. We just may not understand that yet.

Understand the game:

So, I leave you with the paper: The Global Cyber Game pull it down and read it. Learn from it, play the game if you like, and spend some time thinking about it all. We are on the cusp of another evolution in our society that we have seen repeated in every other evolution we have had. We create something, then we weaponize it. Perhaps if more of us understand it and the pitfalls we can prevent the N-Dystopia from becoming any worse.

K.

PLC Controlers, Stuxnet, and Kinetic Attacks: Blackhat 2011

with one comment

Since the advent of Stuxnet, the problem of SCADA (PLC) systems and their control vulnerabilities has become the focus of the world. In that this seems to be the new flavor of the day because someone (A nation state actor) decided to use those known vulnerabilities (at least 10 years worth of them) to exploit the Siemens systems at Natanz and Bushehr nuclear facilities in Iran we now have a new form of terrorist attack as Cofer Black pointed out in the keynote to Blackhat.

Dillon Beresford presented a talk on the Siemens 7 system vulnerabilities at Blackhat yesterday and did a great engineering job on the Siemens PLC system 7 attacks. However, in being so close to the subject, at least in the presentation, he seemed ill equipped to understand some of the ramifications of the exploit that was used against Iran and the amount of work that had to go into it to pull it off.

I say this because of the offhand comment that a single actor (hacker in a basement) could in fact have come up with the exploit code and he is technically right. He has singly come up with more exploit code and plugins to Metasploit to prove it, but, the attack on Iran was more complex than just exploit code for a Siemens 7 PLC. This too seemed to elude him in the statement that he did no understand the reasoning for the pivot point of the Windows machines that were infected with the worm that injected the code into the system 7.

The reasons for the attack vector pivot point is simply this;

The actors who created this exploit(s) wanted to be able to infect non connected systems at key hardened facilities that they did not have access to. Facilities that may have had regular network connections that might allow access to the worm and thus infect not only one site but many and not just the PLC systems themselves. This attack was multi purpose and needed to be persistent for a long time in order to carry out its mission goal.

And the goals seem pretty evident now:

Have the centrifuges eat themselves

Have the product from the centrifuges be compromised and thus put Iran’s nuclear program even further back.

The fact is, that the exploit code for the PLC’s was small in comparison to the amount of work and 0day that went into the worm itself. This is a key feature of the attack and something that Beresford seemed to miss. The worm was indeed the delivery system and it was likely carried into the Bushehr facility by a contractor (my thought is Russian as they were working on the Iranian program and had access) on a USB stick. Once inside, the malware had the ability to detect, spread, and inject the exploit code specific to the Siemens PLC systems at those facilities.

This brings me to a second point on all of this. The intelligence needed to know exactly what systems the Iranians had was something only a nation state actor could really have the resources to gather. This was in fact a nation state attack from all the signs of it. That it used exploits for SCADA systems that were known to be vulnerable for some time is the only twist. However, that twist had been used in the past and as long ago as the Reagan era.

An attack on a Russian pipeline was eventually disclosed by the CIA as a worm that attacked the systems of the pipeline (i.e. the PLC’s controlling the pressure of the gas) and caused a 3 kiloton explosion. This worm was likely created by the CIA and used to help dismantle the USSR.. Well at least cause some heavy damage to a pipeline that was in contention at the very least. So, this type of attack is NOT NEW. It was a quietly known vector of attack as far back (publically) as 2004 when it was revealed to the public at large, but much longer known about in intelligence circles.

The short and long, the exploits may be new in some cases, but, the type of attack is not at all.

The real difference today though is that we have the hacker community out there able to get their hands on code easily and even perhaps the PLC systems themselves to create even more exploits. Add to this that many SCADA systems have been connected to the Internet (as they should NEVER BE) ripe for attack and we have a big problem. However, the proof of concept now is out there, the exploit code is available and all it will take is an aggressor tenacious enough to write the malware to have another Stuxnet type attack on less hardened systems. An attack that could bring down the grid, cause the poop factory to explode and leak into our drinking water, or, like in Russia, have our pipelines explode in 3 kiloton explosions.

This Dillon is the key point and I know you get that. So, lets extrapolate further, how about in future conferences we have more of what Dillon did. He went to Siemens and gave them the exploit code and showed them the problems. They, unlike many companies, are taking up the challenge and not trying to hide the problems but instead are actively working on them to re-mediate. The next step is to go to EVERY PLC maker (wink wink Big O and the Administration.. Oh DHS maybe?) and bitch slap them into doing something about the problems? As Dillon pointed out, these systems are pretty open and inter-operable, so the code is likely to be just as bad everywhere.

If we don’t.. We are likley to wake up one day to a big explosion and it may just be an accident.. Or, it could be another targeted attack like Stuxnet.

K.

PS.. One small thing Dillon.. Please, attend Toastmasters. I think it would help you greatly. You speak too softly and did not enunciate.

The Eternal Game of Whack-A-Mole Goes On: Was Al-Shamukh Hacked?

with 2 comments

The Eternal Game of Whack-A-Mole Goes On:

Al-Shamikh1, the Shamukh Al-Islam AQ site is down, and has been allegedly under attack since this weekend. It’s mirrors are down as well and according to the news media Here and Here citing Evan Kohlmann of Flashpoint Global. The problem I have with the stories that the media is ravening over now is either that Evan is not painting the full picture or the media, as usually, is not understanding what he is saying. As for my take on it, it’s a little of both really. Evan has been around for a long time working as a consultant on terrorism, but as far as I know, he is not a network security specialist.

Over the weekend I had heard and re-tweeted reports that Shamikh was under an attack of some kind and the site was intermittently unavailable. as I had a whiskey in hand and no motivation, I let it be and figured it was maybe Jester doing his usual thing. Then today I see the barrage of bad media accounts with headlines like;

British Hackers Take Down Al-Qaeda Websites

and

NBC News: Hacker attack cripples al-Qaida Web communications

*Facepalm*

None of the articles cites any clear evidence of who did what never mind what actually happened to the site! Upon investigation this morning after being contacted by someone in the UK press, I found the following salient point:

From: robtex.com The domain and NS pointers have been suspended by GoDaddy

The domain and the name servers have been suspended by Godaddy. This is why it is offline now. Perhaps it was DD0S’d for a while and the traffic was the final straw for Godaddy on this site. You see, this site has been on the Godaddy for some time and many have pointed this fact out before, to no avail.. Well, actually one might assume that the feds just wanted to know where it was and leave it be to monitor.. But, that’s a bit too subtle for the media.

Whois data for shamikh1.net

Either way, the site is down now because they cannot route to it via the domain. Backups of the site hosted on non domain named boxes are down and the core server may have been compromised. It’s all up in the air at the moment but the media is just trucking along with the story. It may in fact be that the server was core was pulled by the jihadi’s themselves because they have been real twitchy since the 2010 roll up of al-faloja.

In the case of Shamikh, I had seen in the past that this site had some security issues to begin with. The implementation of the phpbb was weak and there were ways to get into the board and collect data. In one case, they had even re-set passwords and one could get them from the site itself for those users as they had passed them in the clear in what they thought was a secure space. Others have been using these vulns for some time to audit what is going on in the boards and have in the past run operations that have kept the admin’s and the jihadi’s on edge. This is why today you see so many more discussion groups on computer security, but more so how to configure and secure phpbb today on sites like As-Ansar.

Distributed Sites:

“Al-Qaida’s online communications have been temporarily crippled, and it does not have a single trusted distribution channel available on the Internet,” said Evan Kohlmann, of Flashpoint Global Partners, which monitors the group’s communications.

This one line really just grinds my gears here. I am sorry Evan, but this site is not the only one out there that has this type of content and even though the core is down, the content lives on in other sites. The Jihadi’s have created redundancy in the number of sites, not just put all their terrorist eggs in one digital basket. All of the sites link to one another as fraternal organisations do (i.e. As-Ansar has much the same content as Shamikh1). Remember, this is an group performing insurgency who know the power of cells and this is no different online. An example of this is the site in question of Shamikh, which has had many sites online at different times. Some get pulled down as they have issues with the hosts removing them. Others still have stealth sites on compromised systems, or in cases like the boxes in Malaysia, hosted secretly with complicity on the part of someone in the network (see paradius net)

In the case of Shamikh1 the following sites are known to have hosted or, as in the case of shamikh1.info, was scheduled to be soon.

http://shamikh1.net

http://shamikh1.info

http://202.149.72.130/~shamikh/vb/

http://202.149.72.131/~shamikh/vb/

http://202.75.56.237/~shamikh/vb/

All of these systems are down at least content wise for Shamikh, the .info though is online and untouched but hosts no content as yet. It seems to me that it was still being staged to host the content or maybe was set to be a backup.

shamikh1.info whois data

This has been the SOP for the jihadi sites for some time. In case one site is hit, the rest are online to keep the content online. In this case though, it seems that the “sophisticated and coordinated attack” really just means that they hit the core server for Shamikh so the content is not getting to the satellite sites. Of course once again, there is no data to say how this attack was carried out and how massive it may have been. Like I said, lately the e-jihadi’s have been twitchy about security for a while now because they have been compromised in the past.

So, all of this reporting that it was a huge state run hack and was massive takedown is mostly media hype and, I am afraid, as you can see from the reporting, it all seems to be coming from Mr. Kohlmann. Who’s privately run consultancy is getting quite a bit of attention now.. Isn’t it?

Cupcake Recipies Instead of IED’s Do Not A Hack Make:

Another thing that is sticking in my craw is this whole linking this outage/hack to the “cupcake” incident with Inspire Magazine. These two things are NOT alike and the media needs to pay attention to the facts. Nor is there any evidence cited or even hinted at in the real world that MI6 or Five for that matter had anything to do with this. For all they know, it could have been Jester or someone with like technology that dos’d them and got them yanked offline by their host.

Let me set the record straight here. The MI6 operation on Inspire was a PSYOP. They poisoned the well (i.e. Al-Malahem’s media apparatus) by intercepting the AQ file and replacing it with their own. Just where this happened no one is sure. Was it on some desktop somewhere before being put out? Or, was it replaced with the edited file on the megashare?

No one has said.

This operation though served two purposes. First off, it managed to stop AQ from getting the IED manual out to everyone, but secondly, and more importantly, it make AQ question its communications security. This was even more important and we can see the effects of that today in posts on the boards about security.

They are worried.

Oh dear media, pay attention and get the story straight. While the Cupcake operation had style and was claimed by MI6, this current claimed attack on Shamikh has no attribution by anyone and there is no proof that I have seen to say that anyone did anything… Save that their site is down.

Whodunnit:

This all leaves me wondering just who may have attacked Shamikh and why. Given that the sites are often taken down only to show up elsewhere makes me question why it was done at all. It would be simpler to monitor the site and capture data than to send them all scurrying into the woods would it not? This was my primary issue with the Jester’s campaign, it did no good. Even if you are driving them off the sites, they will only move toward less visible ones and use more covert means of communication. Why not let them feel fat, dumb, and happy while we watch their every move?

All I can think of, if this was state sanctioned, was that the Shamikh site was about to drop some content that someone did not want out there so they took the network down. If it wasn’t state sanctioned and some hacker or hackers decided to mess with them they did it for their own reasons. Either way, the sites got taken down..

But, they will be back again… Let the great game of whack a mole begin!

K.

Rumblings On Stuxnet’s Potential for A Chernobyl Style Incident at Bushehr

leave a comment »

 

A source called me over the weekend and alluded to some intel concerning the Bushehr nuclear plant with regard to Stuxnet. Of course you all out there are probably sick of hearing about Stuxnet (especially the infosec/IW community) but, I thought this was interesting and should drop a post. My source says that certain people in the know are worried about the whole stuxnet operation from the point of view that it was released into systems that, to the creators of the operation, were not completely understood. That is to say that Iran, being as hard to get intel on, may have had configurations or issues that the creators and implementors of Stuxnet did not account for and could indeed have caused a larger catastrophe with the malware.

This is now making the rounds quietly in certain areas of the media, but, I want to call your attention to this article that I found on payvand.com. In it, a nuclear expert speaks about the potential for a nuclear accident due to the design specs of the reactor at Bushehr and the fact that the Russians reported that they were removing the nuclear material from the reactor recently.

From: Dr. Sadeq Rabbani, Former Deputy of the Nuclear Energy Organization

The Russians claim that they were obliged to remove the fuel from the Bushehr nuclear reactor in order to replace a part that was installed during the time the Germans were managing the construction of the plant. It should be noted that according to the contract with Russia for construction of the Bushehr plant, the Russians replaced all inner parts of the reactor and presented a new design. In the German model, a vertical design was used, but the Russians adopted the horizontal model. This means that the created problem was not related to the inner parts of the German-designed reactor.

So the Russians were paid for the construction of the Bushehr reactor and have also changed the design. Now the problem is whether the Russians were wrong in their design. It is unlikely that the Russians were wrong in their design, because this is not the first plant that they have constructed, and their experience is valuable.

There remains only the Stuxnet virus that Iran denies has been able to affect the Bushehr facilitates. So, if we assume that the Iranian authorities are right, the Russians are playing with us by delaying the launch of the Bushehr plant, and want to continue to delay launching it.

My source, who has connections with various people in the know, says that there is a higher potential that since the German design and build was overtaken by the Russians, that they may in fact have introduced flaws within the system that “could” lead to a Chernobyl style event if something like Stuxnet had infected other PLC systems. Of course this is a blanket concern with malware on the level of Stuxnet anyway is it not? Of course, Stuxnet was particularly targeted to the Siemens systems for enrichment but, there is always a chance of undesired effects to potentially other systems.

This is not to say that there have been or are other systems that have been compromised by Stuxnet… That we know of.

Ostensibly, Stuxnet was aimed at the weapons facilities but, one must not think that the weapons facilities and the nuclear power program were kept apart by a firewall, for the lack of a better term. I am willing to bet that the two are connected both semantically as well as functionally, and in that, the systems that play a key role may have too. IF Stuxnet travelled to the Bushehr systems, what ‘could’ be the import here? Just as well, what would the design of the reactor play as a part to hastening a large nuclear accident?

The article above goes on to say that Dr. Rabbani does not believe that the design and implementation of the Bushehr reactor is likely to cause an issue. Others though have been saying the opposite. Including my source. All that is really known at this point are the following things;

  • When Stuxnet hit Iran claimed that they were just fine! However, reports internally at the nuclear facilities and universities proved otherwise. That the malware was running rampant and they were trying and failing to exterminate it.
  • The design and implementation of the nuclear reactor had been started by the Germans (Siemens) and then stopped for many years. Then the Russians picked up where the Germans left off. It is possible that the design changes and or builds on to previous versions could have flaws in them that might make for vulnerabilities.
  • The Russians have removed the nuclear materials and the program is steadily losing ground to delay.

All in all, the unforeseen circumstances of malware like Stuxnet may indeed have caused issues at Bushehr, or, they could have been a calculated thing. Perhaps this is just Iran being careful out of paranoia as fallout from the incident. In either scenario, we win out in that the programs are being delayed. However, the worry that my source intoned was that they may not have considered the possibilities of collateral damage and just how bad they could be if the reactor had gone online and melted down. Of course, this is after seeing everything that is happening in Fukushima, so it’s on many minds.

My source went on to ask the question; “This would have to have a presidential order wouldn’t it as an operation?” The answer to that is yes. It is also quite likely that this operation was set forth by the previous administration (Bush) and, well, we know just how well thought out that presidency was huh? To my source, I say be careful in speaking about this. To all of you out there reading this I say keep your eyes peeled, there’s bound to be more fallout.

K.

EMP | Electrical Grids | A Thought Experiment

leave a comment »

I had a discussion today with my brother that sparked my mind on the whole issue of EMP and probably why the government is so fired up about it lately as a threat to the US infrastructure. It occurred to me as I was speaking about the problem, that indeed there is a real and credible threat to the US grid “if” there are coordinated attacks on strategic sites with EMP as well as traditional explosive devices. Of course, this also could actually include kinetic attacks as well as electronic attacks a la the likes of something like the Stuxnet worm. I however, and just going on the contention that well placed attacks on the grid with explosives as well as EMP devices made for approximately $400.00, could in fact cause a cascade effect on the grid that could bring it down. Just how hard it would take it down I am not sure. The one thing I suspect though, is that this very scenario might be the catalyst for all the hullabaloo and reports that the senate had worked on this last year.

You see, at one time the everyone pretty much thought that the only EMP attack would be a high altitude detonation of a nuclear weapon. It seems the technologies have changed now and it is possible to build something like you can see below. That device was made and or located  by the military as well as the second image the device is known as a “Flux Compression Generator” The actual concussive device is not shown, what you are seeing is the focusing device for the actual EMP.

 

 

The above version is a simulated device used for IED training

 

 

The next step in the experiment is to determine the map of the grid and as you can see from the first picture in this post and the one right above, you can easily get the map to the grid online with a little help from Google. The image directly above shows the power generation plants and as you can surmise, the larger the red circle, the bigger the plant and the service area that it covers. By using this map (the map is interactive online too yay security!) and the one at the top of the page, you can see the importance of each site strategically as well as where the main power lines go to power the country.

One could then create the devices that could conceivably fit in a van and park them close to the facilities or even on the premises if you engineer your way in. Just drive up, park, and trigger.

Would it work? Well, given the right amount of power of explosives and if you likely also use other attacks that destroy the large transformers that we buy from the Chinese and take 2 years to build, then yes, you can take down those sites. Sites that will likely be down for quite a while as we do not have these transformers on hand. We would have to order them from the Chinese and, well, you know how it goes. Mind you, as the reports that the Senate has had created show, these systems are not shielded for any kind of EM burst and as far as infrastructure goes, the grid and the power stations are still a soft target as far as I hear from sources who perform red team testing on them.

 

 

Next, we have the areas of attack. According to a paper put out in 2008 “Cascade-based attack vulnerability on the US power grid” a couple of Chinese researchers have postulated that a series of attacks on the “networks” of the power grid could cause a cascade effect and in fact “may” have been the scenario for the 14 August 2003 blackout that occurred in the US. It is my contention that a similar attack can be carried out by the use of the EMP/explosives scenario and the fallout cascade from power demand as well as feedback that could ensue. Add to this that the initiating attack potentially taking out vulnerable systems like the large transformers, then you have a long lasting effect to the attack on top of the cascading out of effects to the power lines and sub stations.

All of this however, would only be the start of problems for us.

 

Once you take out the power, you can see from the image above, that the interconnected nature of our energy cycle and use causes even further issues. If those systems are down for a long period of time, we will see anarchy grow from fear and human nature as people feel threatened and frustrated from lack of energy. Energy that the country increasingly needs to power everything from their cell phones, to their heat, light, and general lives. If all of this were to fail, then the people would I assume, begin to freak out. It would likely start to look like “Mad Max” out there. I could be wrong… But.. Ya know, human nature…

Add to this the events surrounding the Stuxnet malware and its capabilities to manipulate SCADA systems and the vulnerabilities that have been brought to light, and you have another threat vector to add to the pot. This would be more nation state it would seem in order of magnitude, but, entirely possible with a concerted effort on the part of any entity with the will and the funds to create and implement the worm. Imagine that in a kinetic attack with the EMP and the possible use of a worm like stuxnet, it would be complex, but it would magnify the damage by scales if it worked. Systems not only down from physical damage, but also those interconnected systems not in the blast area could also be taken down in a timed manner by those who controlled such code.

I really hope that I am wrong but, this scenario seems logical. The technology is not all that hard to carry out for a trained scientist, and even if the event did not knock out all of the nodes that would be needed to take out large areas within the country, it would be enough to cause mass panic and damage. So, in the end, I am just saying that EMP seems to be much more viable an attack than one might think and when one asks themselves why the government was so keen this last year on EMP, you might just look as far as this type of scenario for the answer.

CoB

Written by Krypt3ia

2010/10/25 at 01:37