Archive for the ‘Law’ Category
HB Gary: Hubris, Bad Science, Poor Operational Methodology, and The HIVE MIND
Algorithms, Social Networks, and COMINT:
When I had heard that HB Gary had been popped and their spool file was on PB I thought that it was unfortunate for them as a fairly well known company. Once the stories started coming out though with the emails being published online, I began to re-think it all. It seems that Aaron Barr really fucked the pooch on this whole thing. He primarily did so due to his own hubris, and for this I cannot fault Anonymous for their actions (within reason) in breaking HB Gary and Barr’s digital spine.
It seems that Barr was labouring not only a flawed theory on tracking social networks, but also in that he planned on selling such a theory and application to the government. One notion was bad, and the other was worse. First off though, lets cover the science shall we? Barr wanted to track users on social networks and show connections that would lead to further data on the users. The extension that he was trying to make was obtaining actual real names, locations and affiliations from disparate sources (i.e. Facebook, Twitter, Myspace, IRC, etc) While this type of data gathering has been done in the past, it has not usually been culled from multiple sources automatically electronically and then strung together to form a coherent pattern. In short, Barr was wanting to create software/scripts to just scrape content, and then try to connect the dots based on statistics to tie people to an entity like Anonymous. The problem, and what Barr seemed to not comprehend, is that the Internet is a stochastic system, and as such it is impossible to do what he wanted with any kind of accuracy. At least in the way he wanted to do it, you see, it takes some investigation skills to make the connections that a scripted process cannot.
This can be seen directly from the article snippet below where the programmer calls Barr on his flawed logic in what he was doing and wanted to do.
From “How one man tracked down Anonymous and paid a heavy price”
“Danger, Will Robinson!”
Throughout Barr’s research, though, the coder he worked with worried about the relevance of what was being revealed. Barr talked up the superiority of his “analysis” work, but doubts remained. An email exchange between the two on January 19 is instructive:
Barr: [I want to] check a persons friends list against the people that have liked or joined a particular group.
Coder: No it won’t. It will tell you how mindless their friends are at clicking stupid shit that comes up on a friends page. especially when they first join facebook.
Barr: What? Yes it will. I am running throug analysis on the anonymous group right now and it definately would.
Coder: You keep assuming you’re right, and basing that assumption off of guilt by association.
Barr: Noooo….its about probabilty based on frequency…c’mon ur way smarter at math than me.
Coder: Right, which is why i know your numbers are too small to draw the conclusion but you don’t want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.
Barr: [redacted]
Coder: [some information redacted] Yeah, your gut feelings are awesome! Plus, scientifically proven that gut feelings are wrong by real scientist types.
Barr: [some information redacted] On the gut feeling thing…dude I don’t just go by gut feeling…I spend hours doing analysis and come to conclusions that I know can be automated…so put the taco down and get to work!
Coder: I’m not doubting that you’re doing analysis. I’m doubting that statistically that analysis has any mathematical weight to back it. I put it at less than .1% chance that it’s right. You’re still working off of the idea that the data is accurate. mmmm…..taco!
Aaron, I have news for you, the coder was right! Let the man eat his taco in peace! For God’s sake you were hanging your hat completely on scrape data from disparate social networks to tie people together within a deliberately anonymous body of individuals! Of course one could say that this is not an impossible feat, but, one would also say that it would take much more than just gathering statistical data of logins and postings, it would take some contextual investigation too. This was something Barr was not carrying out.
I actually know something about this type of activity as you all may know. I do perform scraping, but, without real context to understand the data (i.e. understanding the users, their goals, their MO, etc) then you really have no basis to predict what they are going to do or really their true affiliations. In the case of jihadi’s they often are congregating on php boards, so you can easily gather their patterns of friendship or communications just by the postings alone. Now, trying to tie these together with posts on other boards, unless the users use the same nick or email address, is nearly impossible.
Just how Aaron Barr was proposing to do this and get real usable data is beyond comprehension. It was thus that the data he did produce, and then leak to the press enraged Anonymous, who then hacked HB Gary and leaked the data in full claiming that none of the data was correct. Either way, Aaron got his clock cleaned not only from the hack (which now claims to have been partially a social engineering attack on the company) but also from the perspective of his faulty methodologies to harvest this data being published to the world by Anonymous.
OSINT, Counter-Intelligence, and Social Engineering:
The real ways to gather the intelligence on people like Anonymous’ core group is to infiltrate them. Aaron tried this at first, but failed to actually be convincing at it. The Anon’s caught on quickly to him and outed him with relish, they in fact used this as an advantage, spurring on their own efforts to engineer the hack on HB Gary. Without the right kind of mindset or training, one cannot easily insert themselves in a group like this and successfully pull of the role of mole or double agent.
In the case of Anonymous though, it is not impossible to pull this off. It would take time and patience. Patience it seems that Aaron Barr lacked as much as he did on scientific and mathematical method where this whole expedition was concerned. Where his method could have been successful would have only come from the insertion of an agent provocateur into the core group to gather intel and report back those connections. Without that, the process which Aaron was trying would have yielded some data, but to sift through it all with interviews by the FBI and other agencies would have become ponderous and useless in the end.
It is my belief that there is a core group of Anon’s as I have said before. Simply from a C&C structure, there has to be an operational core in order for there to be cohesion. This can be seen in any hive structure like bees, there are drones, and there is a queen. A simple infrastructure that works efficiently, and in the case of anon, I believe it is much the same. So, were one looking to infiltrate this core, they would have a bit of a time doing so, but, it could be done. Take out the core, and you take out the operational ability of the unit as a whole to be completely effective. To do this though, one should be able to understand and apply the precepts of counter intelligence warfare, something Barr failed to grasp.
In the end.. It bit him pretty hard in the ass because he was in a hurry to go to press and to sell the ideas to the military industrial complex. Funny though, the real boys and girls of the spook world would have likely told him the same thing I am saying here… No sale.
Oh well… Arron Icarus Barr flew too close to the anonymous sun on wings made from faulty mathematical designs and burned up on re-entry.
K.
Security experts: Don’t blame Internet for JihadJane and other recent terror scares
By Michael Booth, The Denver Post
Published: Saturday, March 13, 2010 11:15 PM ESTIt’s not the Internet. It’s the unstable surfer at the keyboard that constitutes the threat.
Internet terrorism and crime experts hedged their outrage when reacting to the arrest of Leadville’s Jamie Paulin-Ramirez, who was released Saturday without charges. Yes, they said, the Internet provides ample opportunity for disgruntled, lonely or violent people to meet up for criminal ends.
But social media, from chat rooms to Facebook, have become so widespread they are no more or less dangerous than society as a whole, these Internet observers said. And the technology cuts both ways: If alleged plotters like Paulin-Ramirez and “Jihad Jane” are using the Internet to plan crimes, rest assured law enforcement and watchdog groups successfully employ the same tools to foil them.
“Anyone who is trying to use the Internet for crime is falsely under the illusion that they are anonymous and won’t get busted,” said Steve Jones, author of “Virtual Culture” and a professor of communication and technology at the University of Illinois-Chicago. “Consider it an Internet-based `neighborhood watch.’ I’m not more concerned about the Internet than I am about the rest of the world.”
Internet connections can make for notorious nicknames and chilling chat-room transcripts, but the method of communication may not have that much impact on terrorism, said Jeremy Lipschultz, an expert in communications law and culture at the University of Nebraska-Omaha.
The rest HERE
Ummm yeah, Steve, you seem to be misunderstanding the problems faced here. Sure, there are people like me and others out there cruising the boards, but, the “authorities” are kinda behind the curve on this stuff.
Believe me Steve, I know. I have had dealings with the authorities.
So, yes, if you are on the internet and looking to do bad things AND you don’t know how to be stealthy, sure, eventually, you will be caught. However, if you are careful and you know what you are doing, then it may take some time if at all to be caught.
Case in point, look at our whole APT and cyber security debacle ongoing in the US. The CyberShockwave CNN mess is just the tip of the digital iceberg when talking about how inept our government and its minions are in dealing with the problems in cyberspace.
Better yet, lets look at the 559 million dollar haul recently cited by the FBI taken by cyber criminals. Any clues? Suspects? Not like they can round up the usual crew huh? It’s just not that easy with our current infrastructure to capture traffic and catch those who were committing the crime. Nor are the cops, even the Feds up to the task of trying to capture these offenders.
Here’s a quote for you from a recent exchange I had with the FBI:
“I don’t know anything about this stuff.. I do drug cases”
This from a field agent tasked with looking into a cyber oriented incident. What I am saying here is there is a big gap and the criminals and jihadi’s are using that to the most.
So Steve, you obviously don’t have a clue about cyber security issues. The real ones to worry about surely aren’t the guys and gals just using chat groups to talk to Jihadists, these “Jihobbyists” but let me remind you, it was a group of guys who were NOT cops or feds, that caught on to Jane and then reported her. Of course all of this AFTER she had activated and tried to whack a cartoonist. An act in which she failed mind you.
Oh, and Steve, did you know she was doing all this on YouTube? I mean really, just how friggin sooper sekret is that huh?
Duh.
Were Jane and others out there tech savvy or trained to be, they could be much more dangerous. In fact, the moniker “jihobbyist” has taken a turn in meaning. You see, the feds thought of Jane and others as “mostly harmless” but, as you can see they were wrong.
No, worry about the Jihadi’s who are technically savvy and trained in computer skills who know how to use a TOR router, encryption, email dead drops, etc. Those are the ones to worry about because even if one of us non cops are watching, we may not catch on. Never mind the cops/feds who are playing catch up.
CoB
Digital Lipstick on the Collar
There is a question that has crossed the mind recently of anyone who has sent a cellphone text message while cheating on a spouse: What was I thinking?
Text messages are the new lipstick on the collar, the mislaid credit card bill. Instantaneous and seemingly casual, they can be confirmation of a clandestine affair, a record of the not-so-discreet who sometimes forget that everything digital leaves a footprint.
This became painfully obvious a week ago when a woman who claims to have had an affair with Tiger Woods told a celebrity publication that he had sent her flirty text messages, some of which were published. It follows on the heels of politicians who ran afoul of text I.Q., including a former Detroit mayor who went to prison after his steamy text messages to an aide were revealed, and Senator John Ensign of Nevada, whose affair with a former employee was confirmed by an incriminating text message.
Unlike earlier eras when a dalliance might be suspected but not confirmed, nowadays text messages provide proof. Divorce lawyers say they have seen an increase in cases in the past year where a wronged spouse has offered text messages to show that a partner has strayed. The American Bar Association began offering seminars this fall for marital attorneys on how to use electronic evidence — text messages, browsing history and social networks — in proving a case.
Full NYT Story HERE:
It’s always fascinating to see just where Digital Forensics seems to be headed these days. Of course with the laws out there like the one that allows you to sue the “lover” of your partner , I can foresee a whole new cottage industry of cell phone and PDA forensics to determine “if” indeed they were cheating. This too will also spill over into actual testimony by CHFI’s going into court to testify as to the naughty texts that someone has sent back and forth without having to get a federal court order to get the records from AT&T.
Of course there is the trouble of obtaining the cell phone to run a forensic on.. But, sure, I can see wives taking those phones and saying “Oops! It must have gotten lost!” only to turn it over to the local digital forensics huggy bear huh? Maybe… Maybe in fact, these phones will be part of court orders to turn over to the CHFI as discovery huh? Who really knows.
Surely though, it will be a boon to those PDA/Cell trojan makers out there that claim to be able to monitor all the traffic say on an iPhone and report back to you… So far these technologies can work, but I have not heard of too many being used in cases. Would this not also too make the user/implanter of the trojan in fact a criminal by backdooring the phone in the first place?
One wonders…
On another note, isn’t it comforting to know that all of your conversations digitally, are being collected and saved by AT&T etc for varying amounts of time? The voice I am sure is being audited and logged by the NARUS systems in the MAE’s out there, but also too all your digital surfing, texts, etc is being captured.. Who’da thunk it? Heh, if you were sitting there nodding your head, then you just aren’t aware of your surroundings kids. All of this stuff is no private unless you have some damn fine one time pad crypto! You are after all, transmitting all of this through federally mandated “critical infrastructure” you know. All of which is monitored now thanks to the patriot act and the Bush administrations machinations with regard to CALEA and those pesky “secret” wireless warrant taps.
But I digress…
Yes, now you can be caught not only by the government, but also your wives and significant others too. In any case, I foresee perhaps having paying clients for this kind of work in the near future…
Of course, if one were smart,one would buy a burn phone…. But, that’s just me… HINT HINT TIGER!
CoB
Krypt3ia 