Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Russia’ Category

The DNC Hack: SVR? KGB? GRU? Lone Hacker?

with 2 comments

191

Attribution Games:

I grow more and more weary of the attribution games being played in INFOSEC and the DNC hack is just another in a cavalcade of epic missing the point parades. Since the “scoop” given to WaPo by Crowdstrike, there has been a flurry of allegations, revelations, and throwing of attribution dice akin to a basement game of Magic The Gathering repleate with summoning!

“I summon the Russian GRU!”

“I summon the LONE ACTOR!”

“I summon the KGB!”

*slaps down cards on table* TAKE THAT!

The reality here is that there are more than a few games going on here. Think about it, Crowdstrike gets a media coup by selling this story to WaPo, who just happens to have been banned by the Orange Julius of our time, presidential candidate Donald Trump! WaPo jumps on this like a child on a fresh tit and runs with the attribution story and sets the world on fire for Donny boy with the release that the DNC not only was hacked but that his dirty laundry may be in the hands of Kommisar Putin!

“Whoa”

So, first let’s set aside the whole issue of marketing, which is akin for me, to choking on a hairball left from that chick in “Ringu” and move on to the veracity of the attribution as well as the real need to name and shame here. I for one can believe that the two nation state actors software and activities were found by Crowdstrike on the DNC systems. The fact that there are two disparate groups from the same nation state is interesting in itself. I guess they are not really talking to each other and given the state of affairs there in Russia I can see this as being a true accounting. However, I can also see my way to there being third, fourth, fith, sixtieth actors also in the network or having had been in the past as well. Face it, these are government systems who usually go to the lowest bidder right? This was likely the Diagon Alley of Democratic networks.

So, to say that it was only these two actors might be a stretch. There is room for doubt and after the dump by “Guccifer2” as they are calling themselves, it is easier to think that perhaps there is more to the story than what we have been given by the media, the DNC, and Crowdstrike. That the documents are legit on the wordpress site by Gucci and that they seem to be pretty well stamped down on metadata, one can’t make too many assumptions.. Oh, yeah, but everyone is! At the end of the day for me, even though I will play the game a little bit below the fold here, the real issues should be how the hackers did it, and fixing the behaviors of the DNC to stop it from happening for a year or two at a time in the future. Not so much pointing at Russia and yelling; “YOU TOOK OUR SHIT! BAD POOTY! BAD!”

Put another way… I eagerly await the FBI warrants and 10 most wanted cyber listings for the Russian actors they have all this attribution on … I suspect I will be waiting the rest of my life for that one kids… Just sayin. This was mostly about marketing as far as I am concerned and I have to give them props for working that one. Sales must be up in the government area now because of this caper right?

Metadata and Cyrillic:

Meanwhile, after the WaPo story hit the wires the “lone hacker” created his wordpress site and dropped dox as we say on the intertubes. Shortly after the drop people were inspecting, detecting, infecting, and making circles and arrows with captions on the back to describe what you were seeing! … And the conspiracy theory machine went into overdrive. Pwnallthethings made some good comments on the metadata in the dropped dox but really, concluding that this is a Russian disinformation operation from metadata stripped documents on the idea that the machine name was cyrillic for Felix Dzerzhinsky (Феликс Эдмундович)  Really? Now that is fucking SOLID work man! Stellar! FUCK LET’S GO BOMB RUSSIA NOW!

Dr._Strangelove

NAILED IT!

You know at least Crowdstrike has like actual data, ya know, C2’s, malware, and shit like that. Anything else is totally speculative, I mean even more speculative than most attribution that these companies make with real data! Anyway, I took a look at the metadata on the documents and here is what I have found…

  • Much of the data was stamped out in saving from format to format
  • Emails of users though were still embedded in the excel files
  • The word docs have no more metadata than the Iron Felix machine name save, which, gee, kinda leads one to wonder…
  • The image files have no metadata.. none.. niente clean.
  • Grizzli777 is just someone who pirates

Yep, not a lot to see there and people are hanging their collective hats on the deliberate placement of Феликс Эдмундович as the machine name to it’s quite OBVIOUSLY being Mother Russia’s exclusive secret services.

*squint.. takes drag of cigarette*

So here’s my assessment…. Maybe Russia did it… OR Maybe this actor is the real thing and happens to want to take credit. The facts that this person(s) reads, writes, has, cyrillic on their machine and names it after the founder of the KGB is as reliable a means to saying it was Russia as it is to say that aliens built the pyramid because people just were fucking too stupid back then!

All of this hoo ha really means nothing. The fact of the matter is that now Donny’s dirty dirt is open source!

YAAAAY!

Wait.. I read it.. What the shit people? REALLY? THAT’S ALL YOU HAD HILLARY? COME ON!

It doesn’t matter who did it really.. Horse is out of the barn and the barn is on fire kids. So please, stop with all the wankery and move on to the next hack ok?

DATA:

Screenshot from 2016-06-17 13:35:04

Screenshot from 2016-06-17 13:33:43

Screenshot from 2016-06-17 13:31:49

Screenshot from 2016-06-17 12:51:57

Screenshot from 2016-06-17 12:46:55

Screenshot from 2016-06-17 12:46:44

Screenshot from 2016-06-17 12:46:33

Screenshot from 2016-06-17 12:46:14

Screenshot from 2016-06-17 12:46:03

Screenshot from 2016-06-17 12:45:43

Screenshot from 2016-06-17 12:44:48

Screenshot from 2016-06-17 09:51:34

Motivation Analysis and Hypothesis

RIGHT! Well now I want to play the attribution/motivation/game of clue too! So here goes…

Imagine if you will that Russia did do it. Imagine also that Gucci2 is still Russia’s services performing a disinfo campain against Crowdstrike. Now imagine why would they be doing that? Why would they drop Donny’s dox AND all the other fun stuff for the Clinton campaign, which is in trouble already over the cybers! What effects would this have? Let’s list it out for you…

  • Dropped dox of the dirt —-> Blows all Hill had on him unless there is a double secret probation file somewhere
  • Dropped dox yet to be releast on Wikileaks —> Let’s say, as Gucci2 alluded, they were also in Hill’s mail server, ya know, the one that wasn’t supposed to be? Oh yeah…
    • If that server was popped by the Russians and Gucci1 those criminal charges could be much more deleterious right? *waves at FBI*
  • Dropping of dox and general hackery causes DNC and the election process to be even more fractious than it already is
  • Dropping dox makes Hill’s candidacy potentially weaker (hint hint server –> Russians–>PWN wink wink nudge nudge!

So all those effects would do what possibly? Why would they want to do this? WHO WOULD WANT A TRUMP PRESIDENCY?????

Why Pooty of course!

Think about it kids. Given your knowledge of Teeny Tiny Baby Hands Trump, do you think he could stand up to a bearish Putin?  *sorry had to use that one*  Do you think that perhaps Donald is easily.. Shall we say.. Distracted or led? Come on, I know you can all reason this out. A Trump presidency would be sweet sweet love for Putin. He would have a friend, and someone he can sit on his knee to play ventriloquist with! … Well, until he has to polonium enema him that is.

That’s my theory and I am sticking with it… For all the fucks that it is worth.

I will say though.. I am waiting on those documents to show up in Wikileaks. That’s when the shit is really gonna hit the fan.

See you all in INFOSEC attribution Hell.

K.

 

Written by Krypt3ia

2016/06/17 at 18:34

Anonymous #HQ: Inside The Anonymous Secret War Room

with 7 comments

John Cook and Adrian Chen — Dissident members of the internet hacktivist group Anonymous, tired of what they call the mob’s “unpatriotic” ways, have provided law enforcement with chat logs of the group’s leadership planning crimes, as well as what they say are key members’ identities. They also gave them to us.

The chat logs, which cover several days in February immediately after the group hacked into internet security firm HBGary’s e-mail accounts, offer a fascinating look inside the hivemind’s organization and culture.

  • Sabu
  • Kayla
  • Laurelai,
  • Avunit,
  • Entropy,
  • Topiary,
  • Tflow
  • Marduk
  • Metric
  • A5h3r4

So, Hubris/A5h3r4/Metric have broken into the inner circle of at least one cell of Anonymous. I say cell because I do not think that these users are the actual full scale leaders of Anonymous, instead, as I have said before, there are cell’s of Anon’s that perform operations sporadically. These folks, if the chat transcripts are true, are the ones just behind the HBGary hack and at least one of them, with the Gawker hack.

Once again, I will reiterate here that I think Anonymous is more like a splinter cell operation than anything else. There is an aegis from the whole as an idea, but, they break off into packs for their personal attacks, or whatever turns them on. They coalesce into a unit when they feel moved to, but, they do not overall, just get together and act without direction on the part or parts of leaders.

The example below of the transcripts for #HQ show that these characters though, are a little high on themselves after the hack on HBG… And you know what happens when you don’t pay attention to the hubris factor. You get cocky and you get burned. As you can see below, some of them are at least nervous about being popped or infiltrated.. Those would be the smart ones…

04:44 <&Sabu> who the fuck wrote that doc
04:45 <&Sabu> remove that shit from existence
04:45 <&Sabu> first off there is no hierachy or leadership, and thus an operations manual is not needed

[snip]

04:46 <&Sabu> shit like this is where the feds will get american anons on rico act abuse and other organized crime laws
04:47 <@Laurelai> yeah well you could have done 100 times more effective shit with HBgary
04:47 <@Laurelai> gratted what we got was good
04:47 <&Sabu> if you’re so fucking talented why didn’t you root them yourselves?
04:47 <@Laurelai> but it could have been done alot better
04:47 <&Sabu> also we had a time restraint
04:48 <&Sabu> and as far as I know, considering I’m the one that did the op, I rooted their boxes, cracked their hashes, owned their emails and social engineered their admins in hours
04:48 <&Sabu> your manual is irrelevent.

[snip]

04:51 <&Sabu> ok who authored this ridiculous “OPERATIONS” doc?
04:51 <@Laurelai> look the guideline isnt for you
04:51 <&Sabu> because I’m about to start owning nigg3rs
04:51 <&marduk> authorized???
04:52 <@Laurelai> its just an idea to kick around
04:52 <@Laurelai> start talking
04:52 <&Sabu> for who? the feds?
04:52 <&marduk> its not any official doc, it is something that Laurelai wrote up.. and it is for.. others
04:52 <&marduk> on anonops
04:52 <&Sabu> rofl
04:52 <@Laurelai> just idea
04:52 <@Laurelai> ideas
04:52 <&Sabu> man
04:52 <&marduk> at least that is how i understand it
04:52 <@Laurelai> to talk over
04:53 <&Sabu> le sigh
04:53 <&marduk> mmmm why are we so in a bad mood?
04:53 <&Sabu> my nigga look at that doc
04:53 <&Sabu> and how ridiculous it is

[snip]

04:54 <&marduk> look, i think it was made with good intentions. and it is nothing you need to follow, if you dont like it, it is your good right
04:55 <&Sabu> no fuck that. its docs like this that WHEN LEAKED makes us look like an ORGANIZED CRIME ORGANIZATION

My observations though have always been that the groups would be infiltrated by someone and then outed. It seems that this may indeed be the case here if the data is indeed real. It seems to me that a certain j35t3r said much the same before, that he could and did indeed infiltrate the ranks, and had their data. Perhaps J has something to do with this? Perhaps not… Still, the principle is sound.

  1. Infiltrate
  2. Gather INTEL
  3. Create maps of connections
  4. Report

It would seem also that these guys are liminally aware of the fact that their actions can be seen as a conspiracy and that the government will not only get them on hacks potentially, but also use the conspiracy angle to effectively hogtie them in court. Let me tell you kids, there is no perfect hack… Well unless the target is so inept as to have absolutely no logging and does not even know for a very long time that they had been compromised.. Then the likelihood of being found out is slimmer, but, you guys popped and then outed HBG pretty darn quick.

I am willing to bet there are breadcrumbs.. And, those said breadcrumbs are being looked at by folks at some three letter agencies as I write this. You see kids, you pissed in the wrong pool when it comes to vindictiveness. I agree that HBG was up to bad shit and needed to be stopped, but, look at the types of things they were planning. Do you really think that they are above retaliation in other ways than just legal? After all, they were setting up their own digital plumbers division here huh?

Anyway… Just sayin…

Back on topic here with the Backtrace folks and the logs. I have looked at the screen names given and have come to the conclusion that they are all generic enough that I could not get a real lock on anything with Maltego. I had some interesting things pop up when you link them all together, but, overall not enough to do anything meaningful. The other issue is that Maltego, like any tool using search engines and data points, became clogged with new relational data from the articles going wide. I hate it when the data is muddied because of this.

So, yeah, these names are not unique enough to give solid hits. Others though who have been re-using nicks online as well as within the confines of Anonops, well that is another story. I just have this feeling that there are larger drift nets out there now hoovering all you say and do on those anon sites, even if they are in the .eu space. I still have to wonder if any of those IRC servers have been compromised yet by certain intelligence agencies.

One wonders too if China might also be playing in this area… How better to sow discontent and destabilize than to use a proxy like Anonymous for operations?

For that matter.. How about the CIA?

NSA?

Think on it… Wouldn’t Anonymous make a perfect false flag cover operation?

For now, I am going to sit and watch. I would like to see the full chat transcripts though. Now that would be interesting.

“May you live in interesting times”

Indeed.

K.

Worm Win32/Stuxnet Targets Supervisory Systems in the U.S. and Iran

with one comment

According to ESET Virus Lab, the worm has been active for several days, lately in the U.S. and Iran withalmost 58 percent of all infections being reported in the United States, 30 percent in Iran and slightly over four percent in Russia. The cyber attacks in the U.S. and heightened activity of the worm in Iran come in the wake of persisting tensions between the two nations over nuclear ambitions of this Middle Eastern country.

“This worm is an exemplary case of targeted attack exploiting a zero-day vulnerability, or, in other words, a vulnerability which is unknown to the public. This particular attack targets the industrial supervisory software SCADA. In short – this is an example of malware-aided industrial espionage. The question is why the chart of affected nations looks as it does,” said Juraj Malcho, head of the Virus Lab at ESET’s global headquarters in Bratislava, Slovakia.

An interesting angle to this story is how the worm spreads. “For a truly targeted attack it would have been coded to make specific checks to see that it only ran where it was supposed to and did not spread. Spreading increases the odds of detection. If the attack was aimed at only US systems, then the attacker would not want the code appearing all over the world. This fact might indicate a number of potential attackers,” said Randy Abrams, director of technical education at ESET in the U.S. “The ability to attack power grids throughout the world would be very appealing to terrorist groups,” concludes Abrams.

Full article HERE

Interesting choice of countries to attack… What would be the motivation for just those two countries in a targeted attack? Could there be some cross polinization due to the actions of one country on another? Lets say for instance, the Iran got infected by something they procured or had access to within the US? Or vice versa? My bet though, is that this is a targeted attack on the systems themselves and not country centric. Any country using like technology, likely has the new worm in their midst and may not know it.

Of course, just how many SCADA systems are prevalent today? As well, just how many have been connected to systems that face the internet in some way? That is the operative question I guess…

As for the contention that this is industrial espionage.. Well, I might think it is more groundwork for something else… Here it comes…

Cyber Warfare Oh my, I said it didn’t I huh.. The talk lately has been so back and forth between detractors and believers that no one really is getting “it” No matter what you call it, no matter who you want to attribute it to as attackers go, here is the proof of concept that even if it is not “happening successfully” yet, they are trying. That is the important thing to keep in mind. What people fail to understand is that the whole US grid need not be knocked out to make a cyber war or to be successful. All you really need is for the target of your choosing that will fulfill your desired outcome, to be taken down or subverted in whatever way you want it to be.

I am sure the bickering will continue and the government will look at this and think they have to create another agency or sub group to think about it more.. In the meantime though, we still have the problem of these systems perhaps being connected to networks that are not secure, whats worse, those networks may in fact be internet facing and thus able to be C&C’d from remote locations like mainland China.

Meanwhile….

More has come out about this 0day and the supervisory systems attack (I wonder if that is the only vuln attack here or is it just one of many coded into this effort?) It seems that the Siemens software and an old and well known SCADA password for it on the internet, has been coded into this and has been seen in the systems spoken of above.

IDG reported that Siemens issued a warning on Friday saying the virus targets clients using Simatic WinCC, one of the company’s industrial control system software offerings that runs on Windows. The virus strikes at a recently discovered Windows bug that affects every Microsoft operating system, including the recently released Windows 7.

The virus transmits itself through infected USBs. When the USB is plugged in to a computer, the virus copies itself into any other connected USBs and, if it recognizes Siemens’ software, it tries to log in to the computer using a default password.

Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/07/19/BUBC1EDTIS.DTL#ixzz0uPyQ8AGn

Now this article has language from Siemens that alleges industrial espionage and not so much prelude to attacks on a networked system such as the grid. One wonders just what the straight story is here. In either case, the incursion of the worm and the accessing of a known pass/log to a SCADA system is not a good thing for those of us trying to protect said systems. Would not one looking at this on the face of it think that it was an attempt to gain a foothold as well as intel on SCADA systems for future use?

Better keep your eyes peeled…

Just sayin…

The Consultant Was a Spy

leave a comment »

Heathfield was also pitching a software program he claimed to have developed, called FutureMap. He described it to sources and in writing as a program that would reside on a company’s internal computer network. Users could plug in variables such as election results and technological breakthroughs to see how events might affect their businesses and future strategies. A screen capture of FutureMap shows a timeline tracking events over the course of many years in a variety of categories, including “Energy and Environment” and “Medicine & Biogenetics.”

Sources who met with Heathfield about FutureMap now believe the software could have been used to steal corporate information and send it back to Russian intelligence officials without the companies’ knowledge. . . . . . Sources were unnerved by how sophisticated and polished Heathfield’s pitch was. If not for the FBI’s intervention, one source speculated, Heathfield could have made a successful sale, installed the software, and started sending information home. “If he had a few more customers and better marketing, he could have really pulled off something tremendous.” . . . .

Full article here:

Back when I was a road warrior for IBM, many people who knew me (friends and family) actually half thought that I was not an IBM employee, but some kind of spook. I have to admit that due to the nature of what I was doing I couldn’t really talk about exactly what I was doing, but I could tell them I was here or there etc.. Unlike real spooks. In the case of Heathfield, well, he turned out to be a real spook and gee, look at that, he was a self branded “consultant” whod’a thunk it huh?

The fact is that the CIA often uses NOC agents in the role of consultants or reps for “front companies” or even legit companies as a cover for their NOC (Non Operational Cover) identities or “legends” They go into places under the guise of business like an Oil company that may in fact be the target of their collection activities. It’s an old trick and it always will be the case, there is nothing new here save that this guy was in fact perhaps peddling software that was pre-pwn3d and could tunnel the “clients” data out to mother Russia. A rather nifty idea really but again, nothing new.

So, won’t you now look on the new consultant as not only perhaps a Bob (oblique Office Space reference) but also maybe the next corporate spy?

THIS is what should happen but I am sure will not. You see, the vetting process for employing people oftentimes is too weak if at all in place at companies. All too many times people do not check references nor do they do the criminal background checks on new hires or prospectives. Never mind the fact that most of the time its easy enough to get onto a corporate facility with faked credentials or none at all and gain access to data, terminals, hardware etc. Hell, just how many places have a separate vlan or drop for internet access for visiting consultants or perspective clients?

Put it this way.. Can anyone just plug in and get a DHCP address on your network? If they can, well game over man.. Even more so if you have a weak AP system for wireless (can you saw WEP?) So that “consultant” whether or not they are meant to be there or have just socially engineered their way into the building may already be on your network and tunneling out gigs of data as you read this…

So one of them turned out to be a real bona fide Russian illegal WOOO HOOO! Worry about all the others out there from ever other land as well as corporate entity looking to steal your shit.

Pay attention! So can the DHL Guy, the I.T. Guy, The Mail Man, The Temp, The Plumber, Janitor, etc etc etc…

CoB

Russian Kulturny: Espionage Old School Meets the New Tech Comrade

with one comment

But many things shown even in bad movies are unfortunately true: Yes, the Russians like to wear fur hats, drink vodka, eat caviar, take pretty girls to the sauna. And, apart from some modern innovations like ad hoc networks, burst transmissions and steganography, the old proven tradecraft is pretty much the same. It is good and it normally works well (except in cases, when somebody is already being shadowed – then nothing works).

Boris Volodarsky: Former GRU Officer

Los Illegals.. Comrade…

With all of the hubub over the capture of the illegals, and of course all the rattling on about the “swallow” known as Anna Chapman, one has to cut through the dross to get to the real importance of the story. The fact is, that though the wall has fallen (long ago) and W looked into the “soul” of ol’ Pooty Poot and saw teddy bears and rainbows, the reality of it is that the “Bear” never went away or to sleep.

We are still a target, a rather rich one still, for collection of intelligence as well as corporate IP as Putin has pointed out in statements he has made over the years. It was Putin who actually said that Russia needed to step up its game in industrial espionage (I am paraphrasing) and created the means to do so within the new FSB *cough* KGB. This type of infiltration in hopes of collection never went away and I suspect that even with out own dismantling of the HUMINT departments of CIA, we still had a reasonable amount of assets and agents within Russia as they transitioned from the Sov bloc to today’s powerhouse of malware and Russian Mafia run state apparatus.

So, while reading all the news sites, it became clear to me that people really do not have a grasp of the realities surrounding the nature of espionage today. Everyone thinks that its all shiny technologies and protocols within the hacker scene that the next gen of spies are using and that old school techniques called “tradecraft” are outdated and useless.

Nope… It’s not just that. This is said rather well here by Boris again:

The public and writers alike do not really realise that this is NOT a film — a very large group of very experienced FBI agents and watchers spent a very considerable sum of taxpayers’ money and plenty of time to uncover a REAL group of the Russian undercover operators who brazenly operated in the United States, as they had been absolutely sure that no one would ever catch them because their education, training, intelligence tradition, and the belief that the wealth of the country behind them is much superior than the FBI. They forgot that the FBI of 2010 is much different from the Bureau of the 1950s.

It is highly likely that these agents were outed by a defector back in the 90’s. The defector was a Directorate S operative who worked within the UN in the NYC area and it is possible that he gave up the program. The FBI then was tasked with either finding them all blindly, or, they had at least one couple in their sites and steadily built their case by watching the illegals to get at their handlers. You see, the same logic applies to the FBI as does the perception of the KGB. The FBI is seen as slow witted and usually in the media, the blue sedan with guys in suits and sunglasses inside watching you ever so not subtly.

This is not necessarily the case as has been seen in some areas of the FBI’s counterintelligence unit. They really can do a good job at surveillance and counterintel collection.. They are not as bumpkin as they used to be in the 50’s… Nor the 80’s for that matter. Unfortunately though, it really took the Hanssen’s of the world to force them to be better.. But I digress..

Why Were They Here?

I think that there has been a basic misunderstanding in the press and the populace from reading poor press reports on the nature of the “illegals” program. Yes, they were tasked at times with getting data that could be readily available through open source (OSINT) channels such as the news or Google. However, their main task was to insert themselves into our culture, economy, and social strata in order to get “at” people of interest. Basically they were talent spotters.

These people got on to Linkedin and other social networks for the exact reason of making friends and gaining access to those who might be “of use” later on for their handlers and masters. They were facilitators really. You see, like the whole Robin Sage affair that is ongoing now, these folks already knew about the vulnerabilities within social networking and the social nature of human beings from the start. They were trained on this by the SVR and its not something that common people tend to think about. This is where the hacker world and the spy world meet (well they meet in many other places too but go with it for now) The hackers take advantage of the same flaws in our “systems” (cognitive as well as technical) to get what they want.

In this case, these illegals actually did gain some traction and some had access to potential sources that I think, had yet to be plumbed. Perhaps they were getting close to someone and this is what tripped the arrest cycle. Perhaps there are other more arcane reasons for that… As you may be seeing now that there is a prisoner swap with Russia in the works. Once again I direct you to Boris’ comments on their aegis:

What Russian intelligence in striving to get is secret information (political, economic, industrial, military, etc) and have a chance to influence decision-making and public opinion in favor of Russia. This is why agents are recruited or penetrated into sensitive or politically important targets.

The role of illegals is threefold:

  1. to act as cut-outs between important sources and the Centre (directly or via the SVR station);
  2. to serve as talent-spotters finding potential candidates for further intelligence cultivation and possible recruitment (a rather long and complex process, where the illegals only act at its early stage); and
  3. to establish the right contacts that would allow other intelligence operators (members of the SVR station) or the Centre (visiting intelligence officers under different covers, journalists, diplomats or scientists tasked by the SVR) to get intelligence information and/or receive favors that the Centre is interested in.

These illegals are really, like I said, facilitators for the real spies that are sent to our shores.They were practiced in the old school tradecraft of spying and were they not already under surveillance, they may not have been noticed at all by our counterintelligence services. Which brings me to another issue with all the reporting on this espionage round up.

Tradecraft VS High Tech Espionage:

As mentioned by Boris, the tradecraft angle is not only history for the SVR, KGB, or the GRU. Much as I believe that it is still in play for ALL of the intelligence services throughout the world. These practices are tired and true. They have been used to great effect by all spies and only are really heard about in books, film, or news stories like the ones today when the spies were busted.

Since the days of 007 on the screen, we have seen the Q branch and all their toys as a high profile part of “spying” when in reality there is some of that (see H. Kieth Melton’s books) but mostly, it has been the old school that has won the day for spies. The use of things like a Shortwave radio and a “One Time Pad” are still used today because they cannot easily be broken. The use of rapid burst radio transmissions too was a bit of a shock to me in the current case, but once I thought about it, the use of a rapid burst to a local “rezidentura” makes a lot of sense given the amount of RF we have placed into our landscape today. It would easily be lost in the noise and thus, a good way to go about secret communications.

Meanwhile, the use of “Brush Passes” “Chalking”, “Pass Phrases” and other old school techniques for communicating and passing intelligence never have lost their usefulness. Just because one can create an email dead drop on Gmail today pretty easily, does not infer that it is at all safer than meeting someone on the park bench, or leaving a postal stamp on a kiosk as a marker that “somethings up” These things hide within the static of every day life and often, because of “situational awareness” levels, go totally un-noticed. The other means via the “technology” of today’s internet is more circumspect because of so many factors. One of the primary of those being the hacking and cyberwar issues that are ongoing.

Even today, the news is full of “Perfect Citizen” an uber protection plan and technology that the NSA wants to use to protect the national infrastructure. How will it do this? By monitoring ALL of the traffic that it can and look for anomalous behavior. As the technology becomes more prevalent so too are the chances of your secret communications being discovered. It made sense that given the NSA’s power, the illegals and the SVR decided that old school was still the best bet. It was however, that the more technical approaches (i.e. netbooks, crypto, and adhoc networks) failed them, only proving my hypothesis above.

As an aside to LizzieB, the old bury the money under or near the bottle thing.. It still does work *heh*

The Final Analysis:

Much has yet to be told about these illegals as well as the reasons why this group was busted 10 years later. Why now? Why this sudden trade for spies? What tipped the FBI off to these spies in the first place? Was it indeed the defector I spoke of? We may never know. What we can deduce though, is this:

  • Spies never went away
  • Spies aren’t just stealing IP from corporations
  • Hey you, you with the access to the important people… You are a target
  • Technology does not always win the day, sometimes it is the weakest link
  • We have not seen the last of the SVR, KGB, Mossad, MI5 etc etc…
  • Russian spies do like their Vodka and sauna’s but they aren’t all Boris and Natasha caricatures

A full text of the cited Boris interview can be found HERE

CoB

Служба Внешней Разведки: Russian Espionage “The Illegals 1990-2010”

with one comment

Служба Внешней Разведки

“Christ, I miss the Cold War”

M from Casino Royale

The dramatic events unfolding within the last day or so over the “illegals” program caught by the FBI is really the stuff of Le Carre and other writers of espionage fiction. Yet, this is all real….

The reports started coming out yesterday afternoon and having seen a blurb on CNN I went out and got a hold of the complaint by the Federal government against the 10 conspirators and had a sit down. In the end I found myself alternately laughing at the story that unfolded as well as waxing historical about yesteryear during the cold war days. It seems though that one thing has changed a bit since the old days.

Millennial Spies?

It seems the SVR had to remind their operatives that they were in fact here for a reason and being taken care of for that reason, i.e. being spies.

This communique pretty much alludes to the fact that perhaps the “illegals” had been here too long and had begun feeling entitled as opposed to being servants of the state. This is a bit of a difference from the old cold war days. Yes, of course some deep cover operatives might have become “comfortable” in the west, but, they pretty much lived under the fear of reprisals to themselves and family in the old country if they misbehaved. This message and some of the handling that can be seen from the surveillance bespeaks a more millennial attitude by these illegals than old school Sov operatives. in one case an officer remarks that he is glad not to be one of the illegals handler as he is bitching about money… Kinda comical…

It also seems to me that some of these operatives were in fact quite young when they started and even as things progressed, were not as well trained as they could have been. In one case there is a remark of only about 2 weeks of training at the SVR  center, and this is not quite like the old days when the spooks got some serious training before going out in the field. Of course today, post the 1990’s break up of the Soviet Union, I suspect that in some of the minds at “C” we (FBI) have become lax at detection and operations just because we were very Sov oriented back in the cold war period.

However, this group of illegals seems to have been in play since the late 90’s and over time, have become more American than true blood Russian idealogs. With the amounts of money being passed to them over the years, these folks were rather well taken care of. This is something a bit different from the old days and bespeaks a paradigm shift in the SVR’s handling of them and approaches to getting good INTEL out of them. These folks were monetarily motivated which is usually how spies get brought in from other nation states, not the ones being sent to foreign posts by the motherland.

Times are a changing though… Guess you have to roll with it or lose assets.

Technology and OPSEC

The times have changed and with them the technologies of spy-craft do too. In the case of the illegals not only did they engage “AD HOC” wireless networks between laptops in open spaces (ballsy really given the nature of WIFI 802.11 standards and vulnerabilities) but also with the addition of things like the use of “Steganography

For some time now I have been randomly hoovering sites looking for stegged images and so far, I have come up with potential hits (Jihadist sites) but as yet, I haven’t been able to decrypt anything that is alleged to be hidden. In the case of the illegals, they had special software installed on laptops given to them by Moscow Centre. It turns out that these laptops and the schemes that they were using didn’t always work for the agents but, in many cases, had it not been for the surveillance by the FBI, this particular method of data passing might not have been seen.


Overall, the technology today is neat but as in the case of the AD HOC networking over WIFI, I have to wonder about their choice here. I mean it wasn’t all that long ago that the CIA had a fiasco wth a “WIFI” enabled faux rock in a park in Moscow. The rock was supposed to be able to transfer data onto a CF type card from a PDA or phone that the asset would pass by. As the technology failed, the KGB noticed that there were people wandering around looking to connect to this rock. When they did a search they got the rock and later the asset trying to connect to the faulty device. So much for the technological approach.

When it works it works great.. When it fails, you end up in Lubyanka…

Tradecraft: Tried and True

Meanwhile, some of the illegals seem to have perfected the tradecraft side of the work by performing brush passes with operatives from the Russian consulate as well as infiltrate and exfiltrate out of other countries using bogus passports etc. It seems that perhaps though, that the FBI caught on to the group however and exploited poor tradecraft practices to catch onto the whole of the operation. In one case the handler from the consulate took 3 hours of evasion practices to elude any possible surveillance only to be compromised by the fact that the “illegal” already was under surveillance… OOPS.

The meetings that are mentioned in the complaint though show how much tradecraft the group was using to perform their meetings. These included marking, dead drops, and of course the brush passes with pass phrases like “Didn’t I meet you in Bangkok in 1990?” So those of you who think that its just cliche, its not really… Even in todays technological world these practices are kept up BECAUSE the technology is so easily watched from remote ala the NSA. Of course it was that technological FAIL along with the poor practices of basic information security that caught them in the end.

Kinda funny really.. I mean how often do I moan and wail about all of this huh and here it is that very thing that pops a group of spies for Russia.

Funny…

Meanwhile some of the “old school” techniques still pervade…

Numbers Stations and Rapid Burst Transmissions Making a Comeback

When some of the houses/apartments were black bagged, the operatives found that the illegals were not only using “rapid burst” radio technology, but also the old old school technique of “Numbers Stations” to get their orders as well as report their data to Moscow Centre. I imagine that in the case of the rapid burst technology, they were in close proximity of either other operatives that they did not know about, or they were in fact close enough to the consulates that they could burst their data to their arrays on the roof.

This stuff is really old school and I have mentioned before that the number of “numbers” stations has increased over time since the internet age took over because this technology, properly implemented, is sure fire and hard to detect. After all, how many of us have short wave radios in their homes huh? The burst technology though is a little more circumspect and can be detected, but since it has not been in vogue for some time, I doubt many agencies are looking for it. Perhaps a HAM radio operator in the area might have picked up on it but it was the surveillance team that mentions “noise” that seems to be radio transmissions.

It just goes to show that sometimes the new tech just doesn’t cut it. You need to go old school.

Espionage 2010, Pooty Poot, The Bear Never Left

In the end, I expect to be hearing more about this story in the news. There will likely be the expuslions of diplomats from the Russian consulates in the US as well as the ongoing coverage of the trials. What I am wondering about though is that the FBI charged these guys with smaller charges rather than official “espionage”

This makes me think that there is much more to this tale behind the scenes that we will eventually get in dribs and drabs. I personally think that the illegals that we caught really made a dent in the security of the nation. The complaint does not mention any high level connections that would be bad enough to consider this operation as a whole to be damaging. However, if the group is in fact bigger or as we know, there are others out there, just who have they compromised? Remember that in the complaint you can see Moscow Center asking about compromisable assets. What they really wanted was to go old school and get the dirt on someone juicy and turn them… and given Washington’s habit of nasty behavior with pages or toe tapping in airport mens rooms, I can see they had a rich target environment.

All of this also makes it so ironic that the operation had been ongoing since at least the Clinton administration. When “W” looked into the soul of Pooty Poot, he wasn’t in fact seeing anything there. George, he was PWN-ing you as you gave him the reach around.. and liked it. The Bear never left my friends and anyone who thought we were all friends with rainbows and puppies where Russia was concerned is seriously deluded.

The only thing that has changed is that the American conciousness became… Unconcious to conspicuous wealth and reality TV.

I too pine for the cold war…Looks like its back on.

So in conclusion here are some questions that I have:

  • Why was this operation rolled up now?
  • How did the FBI catch on to these illegals?
  • Who is “FARMER”
  • Who is “PARROT”
  • Why the charges of not telling the AG that the illegals were.. well illegal and not actually charged with “espionage”
  • Why did “C” want the operatives to buy ASUS EEE PC’s?
  • What steg program did they have?
  • When will we be expelling the 3 consulate “secretaries” in NYC?

You can read the “almost full” complaint here

CoB

EMP/HERF/HEMP: What.. Me Worry?

with 4 comments

Recently I have been hearing more and more in the news how the senate and house have been having hearings on EMP threats to this nation. As I began to hear more of this, I inevitable came to the question of “Why now?” I mean, this has always been a threat as far as I am concerned. Of course now its even more pressing an issue as we are so “interconnected” today with the internet and communications infrastructure in general… But, just what was it that was making them get all hot for this now I wondered. Had they heard something from some intelligence body and were all freaked out?

I had thought on this a while and really had kinda just forgotten about it until this last Friday when I was headed home from work and listening to NPR’s Science Friday show. As if on qeue, I turned on the radio and there was Congressman Roscoe Bartlett railing on the dangers that we face should a terrorist or a nation state decide to use an EMP/HEMP device on the US’ infrastructure.

I sat in the car at the end of my trip still listening to the end of his interview, when it was over I knew I had to really take a deeper look into why these people had suddenly had a fire lit under their collective do nothing asses. Come to find out that perhaps that fire was lit 9.12.01 and has been steadily becoming a blaze as the eggheads began to show the congress-critters just how fucked we would be if someone used an HEMP on us.. Only now, something had changed in their collectively lazy minds.. We had been attacked on our own soil and SHIT WE’RE FREAKED OUT!

So, today I sat down and Googled the dhs.gov, .gov, .mil, and other domain spaces with key words of EMP/HEMP/HERF etc. What I found is a plethora of documents that began to spring up around 2003/2004 concerning the threatcon of a terrorist or nation state EMP attack… Funny thing too.. Gee, 2003, that was the year of the great blackout of the northeast.

Ya know.. the one that “trees” allegedly caused? Yeah…

The primary document that I came up with that was the most recent is: The Report of the Commission to Assess theThreat to the United States from Electromagnetic Pulse (EMP) Attack which, in 208 pages covers all of the problems this nation (and I assume other places) has regarding our infrastructure where an attack of this type is concerned. Suffice to say, that this document has some rather dire things to say. Including the following passage on the magnatude of weapon that could cause a major failure of our infrastructure;

The magnitude of an EMP event varies with the type, design and yield of the weapon,
as well as its placement. The Commission has concluded that even a relatively modest-to small yield weapon of particular characteristics, using design and fabrication informationalready disseminated through licit and illicit means, can produce a potentially devastating E1 field strength over very large geographical regions. This followed by E2 impacts, and in some cases serious E3 impacts operating on electrical components left relatively unprotected by E1, can be extremely damaging. (E3 requires a greater yield to produce major effects.) Indeed, the Commission determined that such weapon devices not only
could be readily built and delivered, but also the specifics of these devices have been
illicitly trafficked for the past quarter-century. The field strengths of such weapons may
be much higher than those used by the Commission for testing threshold failure levels of
electrical system components and subsystems.

Laymans terms, even a small device placed in the right place or even an HEMP (High Altitude) of moderate size, would likely bring this nations infrastructure to a grinding halt and it would stay down for some time. You see, our infrastructure is very much dependent on itself to feed itself. If the power goes out, then there is no power after the reserves run out to keep the other systems running. In fact, even the power generation, and its getting to you requires the very power that is generated to get it TO you and regulate it so that things don’t implode in on themselves! In essence, the grid goes down, then everything goes too soon afterward. No cell phones, no emergency services because you cant call them because the phones and cell phones don’t work.. because there’s no power… You see where I am going. The system, and by system, I mean the utilities infrastructure, is not only antiquated in many ways and stretched, but also, that which is not antiquated, is EXCEEDINGLY susceptible to this and other E1-E3 attacks. How do we know? Because the commission actually set up tests as best they could, and they could crash systems with low end EMP devices, thats how.

Yet, the commission also admits the following thing in this passage;

Additionally, analyses available from foreign sources suggest that amplitudes and frequency
content of EMP fields from bomb blasts calculated by U.S. analysts may be too
low. While this matter is a highly technical issue that awaits further investigation by U.S.
scientific experts, it raises the specter of increased uncertainty about the adequacy of
current U.S. EMP mitigation approaches.

Even our testing and our data is suspect and we may even be in a worse state of affairs than we think from bad data!

Yay!

So lets break it down shall we? What’s vulnerable and just how much?

The Power Grid:

Fear not only the terrorist though my friends.. Did you know that nature too has actually D0S’d our power grid in the past? Yep, its true.. From lightning to the more fearsome EMP bursts from the sun. We live in a world where our very society hinges on the power being available to keep our lights on, our food cold, and our MTV on the tube and it could all be taken out by an EMP burst from the sun. Now that’s one hell of an EMP.


A key issue for the Commission in assessing the impact of such a disruption to the
Nation’s electrical system was not only the unprecedented widespread nature of the outage
(e.g., the cascading effects from even one or two relatively small weapons exploded
in optimum location in space at present would almost certainly shut down an entire interconnected
electrical power system, perhaps affecting as much as 70 percent or possibly
more of the United States, all in an instant) but more significantly widespread damage
may well adversely impact the time to recover and thus have a potentially catastrophic
impact.

High-value assets (assets that are critical to the production and delivery of large volumes
of electrical power and those critical for service to key loads) in the system are vulnerable
to EMP through the loss of protection equipment due to E1 and even if E3 levels
were not large enough to cause damage. The largest and most critical of these are
transformers. Transformers are the critical link (1) between generation and transmission,
(2) within the transmission network, (3) between the transmission and distribution
systems, and (4) from the distribution to the load.

Wait though, it gets better… Did I mention that much of the equipment, like transformers, actually is not something we can get “COTS” ? Did you know that it would take a year or more in some instances to get a new one? Now imagine that more than one.. More than three… Have been taken out permanently by an E1-E3 event?


The transformers that handle electrical power within the transmission system and its
interfaces with the generation and distribution systems are large, expensive, and to a considerable
extent, custom built. The transmission system is far less standardized than the
power plants are, which themselves are somewhat unique from one to another. All production
for these large transformers used in the United States is currently offshore.

Delivery time for these items under benign circumstances is typically one to two years.
There are about 2,000 such transformers rated at or above 345 kV in the United States
with about 1 percent per year being replaced due to failure or by the addition of new
ones. Worldwide production capacity is less than 100 units per year and serves a world
market, one that is growing at a rapid rate in such countries as China and India. Delivery
of a new large transformer ordered today is nearly 3 years, including both manufacturing
and transportation. An event damaging several of these transformers at once means it
may extend the delivery times to well beyond current time frames as production is taxed.
The resulting impact on timing for restoration can be devastating. Lack of high voltage
equipment manufacturing capacity represents a glaring weakness in our survival and
recovery to the extent these transformers are vulnerable

There you have it. The grid, the very SAME grid that the government now wants to make more “computerized” is insanely vulnerable to this type of attack. Come to find out too, that its actually pretty much vulnerable to many other types of attacks or accidents too. It’s just that an EMP would be large scale and or, would have a feedback loop associated with it that would systemically kill great swaths of the grid. Much like what we saw in 2003, August when the *cough* trees, caused the northeast to go down.

Oh, and by the way, think on this too. A cyber attack on these same systems, if carried out properly, could have the same effect. If you kill or futz with the SCADA you can kill the system and have that same feedback loop occur. So, if you are thinking well, whew! I really don’t foresee a nuke detonation at altitude you might want to consider our current security posture too and feel your sphincter tighten a bit. All it would take is a concerted effort and something along the lines of a BOTnet and BOOM, we could have deep power outages that could take protracted times to repair.

So where does that leave us? If the power is out, then nothing can really run unless you have backup power. However, backup power requires that you get more fuel, unless you have a Mr. Fusion handy, then you could just dump your compost into it. Nope, you will need a truck to bring you oil or diesel.. Of course you will need to call them.. But your cell phone is fried, and so are the towers, and the towers that may have escaped the full blast? They are overloaded just like the day of 9/11. You are not getting through.

So lets break it down by service.

TELCO/COMMS:

  • Cell phones and towers are highly susceptible
  • Landlines are not so much, but the switching stations that are more modern and thus will be inoperable

GAS/OIL:

  • Just one word SCADA Its been tested and is highly vulnerable to EMP even to the point of having problems with radar causing systems to fail
  • Gas and oil production would be at a standstill or worse, the plants could actually catch fire from pressure etc

RAIL:

  • Switching systems on rail have gone to the computer and as we have seen recently, can get hosed up and cause large scale accidents
  • The systems are basically SCADA/DC systems that are vulnerable to this type of attack
  • Most of these systems reside in small metal boxes near the rail.. Open to attack

SHIPS/TRUCKS/PLANES/NAVIGATION SYSTEMS:

  • GPS and other NAV systems on ships/trucks etc today are all micro circuit based and have proven to be vulnerable to attack by E1-E3 events
  • Most cars and trucks now have microchip systems within them that regulate the operation of the car. No chip, no run.. so the car becomes a large paperweight
  • Motorcycles not so much, unless you have a goldwing or something along those lines
  • Air travel will be down. Not only the planes systems will be fried but also the towers will be without power and their computer aided radar will be offline

FINANCIAL:

  • The financial system is a bit more resiliant to the power loss potential of an attack. However, their computer systems are still not shielded for an EMP event and thus, even redundant systems would be fried.. and without power after the generators ran out of diesel

What does this tell you all? It tells you that even though we have known about this type of attack since, oh, 1962, we have done nothing to really shield any of our systems that we have put in place. No Faraday cages, no shielding on the circuits, nada. It would have been too costly and no one could concieve of such an attack on us!

Right…

I vote more on the saving money thing and being generally lazy, but, I am jaded.

So where do we go from here?

The commission has made recommendations and even put in the monetary figures that would be necessary to take care of the issues. Will they happen? Will they happen especially since we are going to have a “smart grid” now that is going to likely be just as, if not MORE vulnerable to attacks both EMP and cyber?

My answer.. nope.

Why? Because inevitably people will say that the congress-critters are over reacting and that this attack is not likely to happen. If the Qaeda boys get their hands on a nuke, they aren’t going to get this kind of nuke! No! They are going to get a suitcase nuke and blow the fuck out of some poor city like Boston!

Whats that? The Russian navy just had TWO subs that avoided our SOSUS nets off the East Coast last week? Meh, Pooty Poot said not to worry! They were just here to listen to our “rock and roll” before heading down to Cuba for a good time! It’s not like they could carry a small yield ICBM style nuke that would make a damn fine HEMP! C’mon!! Don’t be crazy!

Never mind the idea that the Chinese have their hands on technology for E1-E3 devices that need not be high altitude. Did you know for instance that those BIG ASS transformers that take a YEAR to get are pretty much made only by them? Yeah, uh, the Chinese make our transformers that are the linchpin to our grid.. Ya know, the ones that are really really vulnerable?

Lets postulate here a bit too.. We’ve been worried about the Chinese market in fake chip sets getting into our military hardware.. Gee, how about them being in our big ass transformers? Hell of an exploit were they to hide chips or features in those transformers..

Click.. ZZZZZ POP! There goes the grid, and there goes our dominance in the world. Sure, you can say the Chinese would be only shooting themselves in the head being our biggest lender and trading partner… But, if you were them and you really didn’t care because you would WIN the war simply, wouldn’t you do the same thing?

So back to where do we go from here… For me I think its going to be looking into a faraday cage for the basement.. More power generation tools like solar etc for the house, and stocking up on non perishables. That’s about all one can do really. You see, your government is too big and too ossified to really effectively remedy the situation. While they argue with each other over who’s sleeping with who’s wife and what it means to be a “Real American” the enemies are collecting the armaments necessary to take us down.. At least for a while.

All YOU can do is prepare and take care of yourself and yours.

Lets hope this doesn’t happen.. But if it does.. Be ready.

For more reading go HERE

Listen to Roscoe Bartlett HERE:

Speaking Of “Fire Sale”

leave a comment »

A Cyber-Attack on an American City

Bruce Perens

Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes serving the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported.

That attack demonstrated a severe fault in American infrastructure: its centralization. The city of Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications, land-line telephone, DSL internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals, and monitoring of critical utilities. In addition, resources that should not have failed, like the local hospital’s internal computer network, proved to be dependent on external resources, leaving the hospital with a “paper system” for the day.

In technical terms, the area was partitioned from the surrounding internet. What was the attackers goal? Nothing has been revealed. Robbery? With wires cut, silent alarms were useless. Manipulation of the stock market? Companies, brokerages, and investors in the very wealthy community were cut off. Mayhem, murder, terrorism? But nothing like that seems to have happened. Some theorize unhappy communications workers, given the apparent knowledge of the community’s infrastructure necessary for this attack. Or did the attackers simply want to teach us a lesson?

The rest HERE

Just last night I was thinking about this as I sat watching Die Hard. Anyway, yeah this is not getting much press and certainly may in fact be kept quiet a bit by design… Maybe we (when I say we, I mean the media really) just don’t care? Don’t understand? I mean, think about it.. With China hacking JSF, Air Force, etc and this incident doesn’t it kinda say “Gee, we really aren’t that secure are we?”

Personally I think that this particular incident was a decoy for a bigger criminal undertaking. I doubt it was a test run on a thought experiment. So, we will see what shakes out when the details (if ever) come to light on this little cable cutting foray.

Keep your wits about you…

Put NSA in Charge of Cyber Security, Or the Power Grid Gets It

with one comment

I have been on the inside of power networks and what has been said above is true, they are/were lax in their security measures as well as their tech saavy.

So, from direct experience, I can say that yes, SCADA has been connected to the internet by “accident” Yes, they tend to be (power/water etc) soft targets, and yes, I have seen incursions before into those systems.

Now, as to motivations of China Russia.. Uhh anyone who says anything to the affect that it would not be in their own interest to have this capability nor use it have their heads in the sand. No matter the amount of money we owe them, dominance of state on their part over rules their debt issues with the U.S. As for the Bear, she is back and has ramped up their efforts since Putin came to power.

On the conveniece issue for the NSA and all this talk about compromise without any real verification. I think that I already have answered the quetion a bit as I believe there have been incursions by state actors. However, it is to their advantage isn’t it to put out potential “disinformation” to sway the vote on who should be running the show. So, yes, it is quite possible that there are ulterior motives to this leak of “information”

In all though, at the very least perhaps some attention will be paid to the problem at hand and remedy the security situation that we have… No?

Wired.com Threat Level response by me on the “Put NSA in Charge of Cyber Security, Or the Power Grid Gets It”

I think the conspiracy nuts are coming out of the woodwork…

Written by Krypt3ia

2009/04/09 at 15:21

It’s high time that the United States drew a line around its networks and pledged to defend its interests in cyberspace.

leave a comment »

Recently, Admiral Mike Mullen, Chairman to the Joint Chiefs of Staff, briefed President Obama and Secretary of State Clinton on what he termed “massive losses”. Although the details are classified, they include recent losses of intellectual property with military applications from an aerospace contractor as well as satellite and submarine technology. Other private sector losses include sensitive corporate and financial information which is often discovered on foreign computers by the intelligence community.

Illustrating the private sector security situation is challenging due in part to underreporting and non-detection, however it is clear that sensitive information is pouring into data black markets and into the hands of organized criminals. The Computer Security Institute (CSI) published the results of a 2008 survey of agencies, organizations, institutions, and private sector firms. CSI found that 49 percent of respondents reported virus activity on their networks, 44 percent reported insider abuse, 42 percent reported laptop or mobile device theft, and 29 percent reported unauthorized access. Instances of financial fraud, which were reported by 12 percent of respondents, cost an average of $500,000 each and especially hurt the financial sector.

Full article HERE

Meanwhile EVERYONE seems to be saying the same thing to the new administration:

Potential cyber attacks against federal and private-sector networks loom larger every day and while the Department of Homeland Security (DHS) has made some important efforts, it has yet to fulfill many of the myriad responsibilities placed on it by the national cybersecurity plan.

Full article HERE

In other words, “WE’RE FUCKED SO FIX IT!” no more of the same old BS please Mr. Hope!

Yes, indeed that would be nice if the government finally got some shit straight huh? Well, I have news for all of Washington. No matter how nicely they say it, we are fucked UNLESS something is really done about this situation. Sure, I have been saying this all along, and in rather salty language… But, I am right!

We are losing the battle kids… Losing BADLY.

Another way of saying it was the following:

It’s high time that the United States drew a line around its networks and pledged to defend its interests in cyberspace.

Full story HERE

Just how many ways does it have to be said in order for some substantive action to happen? Ya know, the good kind? Not the “Hey, we are proposing a bill that you *the home user* have to keep 2 years of logs on your home router to save the children from kiddie porn!” kind of BS of late. How about some real legislation, laws, and oversight that MAKE companies as well as the government actually perform “DUE DILIGENCE” on cyber security?

WHOA big fella!

Here’s to HOPE we can dare to have. I will believe it when I see it.