Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Media Whores’ Category

Asymmetric Warfare and Tugjobs

with 6 comments

The SANS Report: The Jester: A Lesson In Asymmetric Warfare

Post: The Jester Dynamic: A Lesson In Asymmetric Warfare

This report made its way to my desktop last night via a tweet and I just had to read it. Of course after I had read it I felt dirty from the tugjob that SAN’s basically put together on Th3j35t3r and his crusade to annoy the Jihobbyists and Jihadi’s offline by DoS’ing them offline for half an hour at a time. So, I just felt compelled to respond to this report and the inevitable sausage love fest that it portrays Jester’s “work” in the light of reality instead of fanboi love.

First off, let me say that Jester and I have history. Back in the day, when he first started his campaign he/they decided to hit my personal box because it had “jihadist” materials on it. What Jester mentions and is not elaborated on in the report is that his “mistake” was “blue on blue” as he calls it, meaning that he hit me without really doing any kind of preliminary foot-printing as to who I was and what I do. Instead he just decided to mouth off playing up that I had been compromised and that I hosted materials, thus “TANGO DOWN”

After exchanges with me, as ever my diplomatic self 😉 he decided I needed more attention and DDoS, which was all well and good because I was the first to have traffic to give to others to look at for his modus operandi. Anyway, suffice to say that eventually there was a detente between us, but my opinions stand as to his campaigns real uselessness to the real operators out there working to defeat jihad online. In short, I think its a futile exercise and in the end, more of a publicity stunt than anything substantial in the war on terror.

SANS just doesn’t seem to really touch on the facts of how many sites are out there and how much still goes on even with Jester’s dos campaigns… Nor do they really have any substantial backing to some of the claims they allude to with regard to party van’s being sent out for Anon players.

SANS, bad journalism should be left to journalists.

Asymmetric Warfare Or Annoyance?

So, a lone commando goes on a crusade to drive the jihadi’s into the shadows online. He’s a one man cyber army, en-wrapped in the flag, DDoS software in hand.

Umm.. Just what will all this DDoS accomplish? Jester seems to think it will put a stop to radicalizing online, but the reality is that they will just go get another domain or start a new paltalk session. Asymmetric warfare is defined as the following:

“Asymmetric warfare” can describe a conflict in which the resources of two belligerents differ in essence and in the struggle, interact and attempt to exploit each other’s characteristic weaknesses. Such struggles often involve strategies and tactics of unconventional warfare, the “weaker” combatants attempting to use strategy to offset deficiencies in quantity or quality.[1] Such strategies may not necessarily be militarized.[2] This is in contrast to symmetric warfare, where two powers have similar military power and resources and rely on tactics that are similar overall, differing only in details and execution.

From Wikipedia

So, just who is the weaker here? The jihadi’s insofar as strength were never an existential threat in my book online. They have been up until recently, fairly unsophisticated in their communications and their internet skills. The fact is, they were talking pretty much in the open and then comes along Jester and he DoS’s them offline for a little while. They get annoyed and yell, but then they go back to doing what they are doing. There is no net effect here. Even I thought that they might pull back a bit after his campaign started, but nope, they just kept on going because it was easy enough to just go play X-Box until the site was back online.

Frankly, I see nothing in the anti-jihad campaign by jester as being worth the time. He frankly did much more with the LOIC poisoning than anywhere else, but that is another story…

So, in classical definition of asymmetric warfare, this idea that jester was carrying out one, is false. Neither party was particularly well equipped or strategically effective to merit the term.

Cause and Effect In Jester’s War

As I said above, the jihadi’s went on at a pace even with Jester’s DDoS attacks. If anything, Jester just forced them to become more sophisticated and obtain backup sites and mirror their content even more than they already were before he came along. In my experience, it has not been the acts of a lone commando DoS’ing sites offline that has affected jihadi websites and radicalization, it has been instead the death of OBL and the campaign against jihad that the US has been waging by killing or capturing AQ leaders and foot soldiers ( making them think twice). The online portion of this scenario though, is more about the arrests of would be jihobbyists who spoke to the wrong people online and eventually were arrested from good police work than anything else.

I would also add that the killing of Samir Khan and Al-Alawki as well had a much greater effect on online jihad than anything else because they were the thought leaders and the creators/editors/creatives behind Inspire Magazine. I have written much in the past about Inspire and how they were trying to re-kindle the embers in many, but also reach out in new ways to the “western” jihobbyists to get them to do more than just talk online about jihad. You see, that’s pretty much all that has been happening, they talk a good game, but then they go offline and go about their business.

Once again, this makes jester’s campaign moot.

… And so it goes on. The jihadi’s/jihobbyists are still online, they have been quieter since OBL and Samir/Al-Awlaki died because the wind was taken out of their sails really.. Not because they got Dos’d. The sites are alive and well and being used today….

Asymmetric War Or Media Campaign?

Meanwhile, the fact that jester came out of the closet with his rhetoric and his IRC/Twitter/Blog only says to me that there was a need for a media campaign. Why the media campaign? Attention. It’s purely for attention unless there is some other means to an end that he had in mind. Of course at the time there was talk by the DoD/DC3 circles how we needed a “patriot hacker” movement, so, could this be a part of that picture? As the paper states, jester has 28K followers on his twitter and many many fanbois. Oddly enough, all of this started just around the time as Anonymous did as well, it almost seems like one may have created the spark for the other no?

So, Jester paints himself as the Dick Marcenko of the internet and the kiddies flock. People are saying he is a hero and many aspire to the same type of fame and attention. Jester’s IRC channel was flooded with people and he spent time in and out of there getting attention. Attention I think he really just wanted, maybe needed. In his first tangle with me, there seemed to be more than one personality at work and in fact the one that I pissed off seemed to have a lack of self control as well as a juvenile manner. Since then, he/they have matured somewhat but overall has been relegated to not being online as much and not acting out by attacking jihadi’s or Anonymous.

Why?

But then he came back. Just recently he began his DDoS campaign again. Why? Well, one of the first things he did was open the IRC again to all comers and now we have the SANS report.

Attention level achieved.

So, in the end I feel its more about attention than it is about gallantry or being an effective “operator” against Jihad.

Just my opinion.

The Rise of Anonymous and Jester’s Part in It

Meanwhile, in between battling the Jihadi’s jester also took on Anonymous because they “doxed active operators in the field” etc. While I can empathize with the sentiment, the follow through was hit and miss in his campaign to out Sabu and others. The SANS reports uses innuendo that says he may in fact have been the one to out Ryan Cleary. In fact, I am not sure about that, because inside sources in Anonymous have said that he was outed by someone on Xbox because he as an asshole to them. This is also the case for many others in the Anon infrastructure, they too were outed by others within the collective because they had a falling out.

So, really SANS, unless you have hard data, please stop.

In fact, Jester had had several misses on Sabu and in fact had to apologize to the players he fingered incorrectly. Oh, and by the way, all of this was done publicly and not just data given to authorities to follow up on. Which should have been the real aegis of doing any kind of investigative work on them to start with. After all, if you put dox out there in the public, even wrongly, you are just giving time to those who may or may not be involved to burn their data and make other means to keep on attacking. Tactically this is just poor operational behaviour.

Perhaps Jester has done things in the background we all do not know about and he has not reported to the media… Perhaps not. Overall though, the most creative thing he has done is to poison the LOIC. THIS was a real coup and I do appreciate that one. Hopefully that at least put some fear into the LOIC skiddies.

In the end though, the kids just kept on coming and now we have AntiSec to contend with as well.

The war is not won.

COIN and Digital Asymmetric Warfare (i.e. Failure)

So, in the end, I don’t think that generally the attention is warranted for the campaigns Jester has carried out that are known to us. SANS seems to be all over him and Sam Bowne as well as Rjack as modern folk heroes in a way. They do not even cover the fact that Anonymous uses the same tactics and methods as well, but, then where would the folk tale really go huh? In my opinion both of these groups/individuals fail at their final goal though. If Anonymous wants to effect change, then they need to stop just wildly doxing people and dumping data that really is not cogent to the issues at hand. Jester needs to have more than just a DDoS to drive the jihadi’s anywhere and in fact, the notion of breaking their C&C by DDoS is not functionally feasible.

If you are driving them.. You have to drive them somewhere you want them.. Not just back into the shadows where the analysts can’t see them.

All of this is not COIN and it’s not asymmetric warfare with digital tools.

It’s just a game and attention seeking behavior.

K.

*Side Note* The book and the picture above are there because even Lawrence, who won great victories by using asymmetric warfare, lost the overall war in Arabia because of the personalities involved.

Just sayin…

Written by Krypt3ia

2012/03/05 at 15:54

Internet Jihad vs. Internet Propaganda Jihad: When The Media Gives Me Tourrettes

with 2 comments

From dnaindia.com

I followed a link today off of esecurityintelligence.net and after reading the first graph of the piece I pretty much had a bad case of Tourrettes syndrome. This is some of the WORST reporting I have seen where it concerns the state of internet jihad. Now, I know why these places all do this, they just want a lead story and headline that will draw people in and make them click into the site. I get it… But.. It’s just wrong. The internet jihad is more a propaganda campaign than anything else and as you can see from the piece below from of all places, “The Sun” did a bit of a better job on the facts than dnaindia did!

Now that is surprising.

From thesun.co.uk

So, as I was saying, a ‘bit’ of a better job.. Then they too go off the rails. Look, the cyber jihad or Internet jihad is comprised mostly of jihobbyists, guys who want to get in on the action but are too clueless to actually go to the battlefield in some cases. In others, they are deluded individuals with mental health issues that need to be medicated and taken care of. In either case, the needed skills to really cause greater issues other than setting up php bulletin boards to throw propaganda on are lacking on the part of the general jihobbyist populace. Just how many of the attacks by LulzSec were attributed to the likes of Al Qaeda?

hint: NONE

Yet the media persists in perpetuating this idea the there are some 31337 jihadi’s out there who are going to pwn the grid. Really guys, get your shit straight when reporting on things ok? I have seen some strives in the Jihadi hacking scene these last few years, but NOTHING like what you are talking about. Hell, their real hacker went to jail years ago (Irhabi007) What is worse it seems, is that likes of Home Secretary May, may in fact be spinning half truths about Internet jihad for whatever political expediency she needs. I have reported in the past about the Facebook Jihad (notice 2010) and pretty much sum it up to propaganda and thats it. Sure, there may be some illicit comms channels here, but, its Facebook for God’s sake! They are on top of this shit, TRUST ME! The jihadi’s have been complaining that as soon as they set up a Facebook page it gets taken down by Zucky and company! So really, there is no threat there.

So, lets take another look at it from the post LulzSec perspective.

Lulz have been wreaking digital havoc with some pretty low level hacks. They carried out DD0S, they hacked low hanging fruit and stole data which they then published. LULZ did it, NOT Al Qaeda. Now, don’t you think that if AQ was adroit at hacking and wanted to cause pandemonium they would have beaten LulzSec to it all? Don’t you further think that perhaps when and if they hacked the servers with the low hanging fruit hacks (SQLi) that instead of just publishing the data, they would have say RM’d the whole databases?

Think about it;

  • Economic targets like the stock market
  • Military targets like the recent Anon attacks on Booz Allen
  • Attacks on grid and other key infrastructure targets

ALL of these things likely already harbor vulnerabilities that the likes of Anonymous could already have access to! The difference? The LULZ don’t want to be thrown in a hole forever and know their limits I suspect. Now, if you were AQ though, what’s to lose?

NADA

AQ, if they had the capabilities would already have used it! They haven’t, which means to me they lack the critical skills in their jihobbyist base to be a threat in this arena. It is as simple as that. So please Media, fucking buy a clue and stop just trying to use the “If it bleeds it leads” mentality to get clicks. Do your JOB’s and get subject matter experts with credentials to talk about this stuff instead of just trying to scare the straights with false reports.

I have often written on this topic in the past and from what I have seen here is the overall picture of the state of Jihadi hacking tech.

  • They are using OLD malware packages to infect machines to steal data/money (mostly money)
  • They are using OLD hacking exploits for the most part just as they are with the malware packages
  • SOME jihadi hackers (TNT_ON) are clued in and know what they are doing technically, but yet are inept enough to leave their real IP addresses in their tutorial videos (I see you!)
  • They are learning.. Slowly.. but their sites still keep getting popped and their super sekret rooms online have been penetrated
  • Their crypto program (Mujahid Secrets) has been cracked/Reverse Engineered

Finally, let me leave you with this little bit of wisdom post the demise of OBL:

  • They got him because his lackeys were tracked by their electronic comms
  • Even though they were using sneakernet  and email Dead Drops we managed to catch on (these techniques are not hacking)

Were OBL and his crew using high tech hacking techniques or crypto (aka steg) as their main means of communications, judiciously, it would have been even harder to get a line on what they were up to, where they were, and moving forward, determine future plans from OBL’s hard drives etc. Instead, they were using old spy tactics with minor digital twists to evade the US and other countries. This says a lot about their abilities and ours to detect them. They decided it was better to go old school because we cornered the digital market.

This follows today to the hacking scene, where we have some muslim hacker groups out there defacing pages, but not doing much else in the way of Islamic Electronic Jihad. So, media, let me put it plainly again;

They don’t have the skills to be super scary like you want them to be in your exaggerated reports!

CUT IT OUT!

I will let you know when they have their shit together.. Trust me.

K.

Past posts on this subject:

Cyber Jihad: Malaysia

Great Likelihood of Cyber Attacks By Terrorists: You Don’t Say!

Inspire Magazine Analysis: Going Green for College Age Recruits

Abo Yahya and Metadata Cleaning

TNT_ON@hotmail.com —> zmm@hotmail.com = Sword Azzam?

Inspire vol II: Rationalization, Operational Directions, Open-Source Jihad, and Pivoting the Battle-Space

Jihadi Malware 2010, Al Mojahden’s User Acct Boo Boo, & The Jihadi Technical Forums

Jihadi Hacking Tutorials: Irhabi 007′s Text and More

Jihadi Penetration Tutorials: Metoovet

The Jihadist Repertoire Expands

MJAHDEN: Jihadi Crypto Progam

Al-Qaida Goes “Old School” With Tradecraft and Steganography