Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Spooks’ Category

Operation: NIGHT DRAGON Nothing New, but It Bears Some Repeating

with one comment

Night Dragon Chinese hackers go after energy firms

Latest revelations from McAfee highlight large scale covert attacks emanating from the region
Phil Muncaster, V3.co.uk 10 Feb 2011

Just over a year after the Operation Aurora Chinese hacking revelations shook the world, security vendor McAfee has uncovered another large-scale, covert and targeted attack likely to have originated in the region, dubbed Night Dragon.

Dating possibly as far back as four years ago, Night Dragon attacks are aimed specifically at global oil, energy and petrochemical companies with the aim of harvesting intelligence on new opportunities and sensitive operational data which would give a competitive advantage to another party.

The attacks use methodical but far from sophisticated hacking techniques, according to McAfee’s European director of security strategy, Greg Day.

First the hackers compromise extranet web servers using a common SQL injection attack, allowing remote command execution.

Commonly available hacking tools are then uploaded to the compromised web servers, allowing access to the intranet and therefore sensitive desktop and internal servers.

Password cracking tools then allow the hackers to access further desktops and servers, while disabling Internet Explorer proxy settings allows direct communication from infected machines to the internet, said McAfee.

The hackers then use the specific Remote Access Trojan or Remote Administration Tool (RAT) program to browse through email archives and other sensitive documents on various desktops, specifically targeting executives.

Night Dragon hackers also tried spear phishing techniques on mobile worker laptops and compromising corporate VPN accounts in order to get past the corporate firewall and conduct reconnaissance of specific computers.

Although there is no clear evidence that the attacks were carried out by the state, individuals or corporations, there are clear links to China, said McAfee.

For example, it was from several locations in China that individuals ” leveraged command-and-control servers on purchased hosted services in the US and compromised servers in the Netherlands”, said the security vendor in a white paper entitled Global Energy Cyberattacks: Night Dragon (PDF).

In addition, many of the tools used in the attacks, such as WebShell and ASPXSpy, are commonplace on Chinese hacker sites, while the RAT malware was found to communicate to its operator only during the nine to five working hours of Chinese local time.

McAfee said that researchers had seen evidence of Night Dragon attacks going back at least two years.

“Why is it only now coming to light? Well, the environments and security controls these days are so complex it is very easy for them to slip under the radar of visibility,” Day explained.

“Only really in the last few weeks have we been able to get enough intelligence together to join the dots up, so our goal now is to make the public aware.”

Day advised any company which suspects it may have been targeted to go back and look through anti-virus and network traffic logs to see whether systems have been compromised.

Low level day-to-day problems can often be tell-tale signs of a larger, more concerted attack, he added.

William Beer, a director in PricewaterhouseCooper’s OneSecurity practice argued that the revelations show that traditional defences just don’t work.

“The cost to oil, gas and petrochemical companies of this size could be huge, but important lessons can be learned to fend off further attacks,” he added.

“More investment and focus, as well as support and awareness of the security function, is required from business leaders. Across companies of any size and industry, investment in security measures pays for itself many times over.”

Lately there has been a bit of a hullabaloo about Night Dragon. Frankly, coming from where I do having been in the defense contracting sector, this is nothing new at all. In fact, this is just a logical progression in the “Thousand Grains of Sand” approach that the Chinese have regarding espionage, including the industrial variety. They are patient and they are persistent which makes their operations all the more successful against us.

The article above also has a pdf file from Mcaffee that is a watered down explanation of the modus operandi as well as unfortunately, comes off as a sales document for their AV products. Aside from this, the article and pdf make a few interesting points that are not really expanded upon.

1) The attacks are using the hacked systems/networks own admin access means to exfiltrate the data and escalate access into the core network. This has effectively bypassed the AV and other means of detection that might put a stop to a hack via malware.

2)  The data that the Chinese have exfiltrated was not elaborated on. Much of the data concerns future gas/oil discovery. This gives the Chinese a leg up on how to manipulate the markets as well as get their own foot in the door in places where new sources of energy are being mined for.

All in all, a pretty standard operation for the Chinese. The use of the low tek hacking to evade the tripwire of AV is rather clever, but then again many of us in the industry really don’t feel that AV is worth the coding cycles put into it. Nothing too special here really. Mostly though, this gives more insight into a couple of things;

1) The APT wasn’t just a Google thing

2) Energy is a top of the list thing, and given the state of affairs today with the Middle East and the domino effect going on with regime change, we should pay more attention.

Now, let me give you a hint at who is next… Can you say wheat? Yep, take a look at this last year’s wheat issues.. Wouldn’t be surprised if some of the larger combines didn’t have the same discoveries of malware and exfiltration going on.

K

HB Gary: Hubris, Bad Science, Poor Operational Methodology, and The HIVE MIND

with 2 comments

Algorithms, Social Networks, and COMINT:

When I had heard that HB Gary had been popped and their spool file was on PB I thought that it was unfortunate for them as a fairly well known company. Once the stories started coming out though with the emails being published online, I began to re-think it all. It seems that Aaron Barr really fucked the pooch on this whole thing. He primarily did so due to his own hubris, and for this I cannot fault Anonymous for their actions (within reason) in breaking HB Gary and Barr’s digital spine.

It seems that Barr was labouring not only a flawed theory on tracking social networks, but also in that he planned on selling such a theory and application to the government. One notion was bad, and the other was worse. First off though, lets cover the science shall we? Barr wanted to track users on social networks and show connections that would lead to further data on the users. The extension that he was trying to make was obtaining actual real names, locations and affiliations from disparate sources (i.e. Facebook, Twitter, Myspace, IRC, etc) While this type of data gathering has been done in the past, it has not usually been culled from multiple sources automatically electronically and then strung together to form a coherent pattern. In short, Barr was wanting to create software/scripts to just scrape content, and then try to connect the dots based on statistics to tie people to an entity like Anonymous. The problem, and what Barr seemed to not comprehend, is that the Internet is a stochastic system, and as such it is impossible to do what he wanted with any kind of accuracy. At least in the way he wanted to do it, you see, it takes some investigation skills to make the connections that a scripted process cannot.

This can be seen directly from the article snippet below where the programmer calls Barr on his flawed logic in what he was doing and wanted to do.

From “How one man tracked down Anonymous and paid a heavy price

“Danger, Will Robinson!”

Throughout Barr’s research, though, the coder he worked with worried about the relevance of what was being revealed. Barr talked up the superiority of his “analysis” work, but doubts remained. An email exchange between the two on January 19 is instructive:

Barr: [I want to] check a persons friends list against the people that have liked or joined a particular group.

Coder: No it won’t. It will tell you how mindless their friends are at clicking stupid shit that comes up on a friends page. especially when they first join facebook.

Barr: What? Yes it will. I am running throug analysis on the anonymous group right now and it definately would.

Coder: You keep assuming you’re right, and basing that assumption off of guilt by association.

Barr: Noooo….its about probabilty based on frequency…c’mon ur way smarter at math than me.

Coder: Right, which is why i know your numbers are too small to draw the conclusion but you don’t want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.

Barr: [redacted]

Coder: [some information redacted] Yeah, your gut feelings are awesome! Plus, scientifically proven that gut feelings are wrong by real scientist types.

Barr: [some information redacted] On the gut feeling thing…dude I don’t just go by gut feeling…I spend hours doing analysis and come to conclusions that I know can be automated…so put the taco down and get to work!

Coder: I’m not doubting that you’re doing analysis. I’m doubting that statistically that analysis has any mathematical weight to back it. I put it at less than .1% chance that it’s right. You’re still working off of the idea that the data is accurate. mmmm…..taco!

Aaron, I have news for you, the coder was right! Let the man eat his taco in peace! For God’s sake you were hanging your hat completely on scrape data from disparate social networks to tie people together within a deliberately anonymous body of individuals! Of course one could say that this is not an impossible feat, but, one would also say that it would take much more than just gathering statistical data of logins and postings, it would take some contextual investigation too. This was something Barr was not carrying out.

I actually know something about this type of activity as you all may know. I do perform scraping, but, without real context to understand the data (i.e. understanding the users, their goals, their MO, etc) then you really have no basis to predict what they are going to do or really their true affiliations. In the case of jihadi’s they often are congregating on php boards, so you can easily gather their patterns of friendship or communications just by the postings alone. Now, trying to tie these together with posts on other boards, unless the users use the same nick or email address, is nearly impossible.

Just how Aaron Barr was proposing to do this and get real usable data is beyond comprehension. It was thus that the data he did produce, and then leak to the press enraged Anonymous, who then hacked HB Gary and leaked the data in full claiming that none of the data was correct. Either way, Aaron got his clock cleaned not only from the hack (which now claims to have been partially a social engineering attack on the company) but also from the perspective of his faulty methodologies to harvest this data being published to the world by Anonymous.

OSINT, Counter-Intelligence, and Social Engineering:

The real ways to gather the intelligence on people like Anonymous’ core group is to infiltrate them. Aaron tried this at first, but failed to actually be convincing at it. The Anon’s caught on quickly to him and outed him with relish, they in fact used this as an advantage, spurring on their own efforts to engineer the hack on HB Gary. Without the right kind of mindset or training, one cannot easily insert themselves in a group like this and successfully pull of the role of mole or double agent.

In the case of Anonymous though, it is not impossible to pull this off. It would take time and patience. Patience it seems that Aaron Barr lacked as much as he did on scientific and mathematical method where this whole expedition was concerned. Where his method could have been successful would have only come from the insertion of an agent provocateur into the core group to gather intel and report back those connections. Without that, the process which Aaron was trying would have yielded some data, but to sift through it all with interviews by the FBI and other agencies would have become ponderous and useless in the end.

It is my belief that there is a core group of Anon’s as I have said before. Simply from a C&C structure, there has to be an operational core in order for there to be cohesion. This can be seen in any hive structure like bees, there are drones, and there is a queen. A simple infrastructure that works efficiently, and in the case of anon, I believe it is much the same. So, were one looking to infiltrate this core, they would have a bit of a time doing so, but, it could be done. Take out the core, and you take out the operational ability of the unit as a whole to be completely effective. To do this though, one should be able to understand and apply the precepts of counter intelligence warfare, something Barr failed to grasp.

In the end.. It bit him pretty hard in the ass because he was in a hurry to go to press and to sell the ideas to the military industrial complex. Funny though, the real boys and girls of the spook world would have likely told him the same thing I am saying here… No sale.

Oh well… Arron Icarus Barr flew too close to the anonymous sun on wings made from faulty mathematical designs and burned up on re-entry.

K.

Служба Внешней Разведки: Russian Espionage “The Illegals 1990-2010”

with one comment

Служба Внешней Разведки

“Christ, I miss the Cold War”

M from Casino Royale

The dramatic events unfolding within the last day or so over the “illegals” program caught by the FBI is really the stuff of Le Carre and other writers of espionage fiction. Yet, this is all real….

The reports started coming out yesterday afternoon and having seen a blurb on CNN I went out and got a hold of the complaint by the Federal government against the 10 conspirators and had a sit down. In the end I found myself alternately laughing at the story that unfolded as well as waxing historical about yesteryear during the cold war days. It seems though that one thing has changed a bit since the old days.

Millennial Spies?

It seems the SVR had to remind their operatives that they were in fact here for a reason and being taken care of for that reason, i.e. being spies.

This communique pretty much alludes to the fact that perhaps the “illegals” had been here too long and had begun feeling entitled as opposed to being servants of the state. This is a bit of a difference from the old cold war days. Yes, of course some deep cover operatives might have become “comfortable” in the west, but, they pretty much lived under the fear of reprisals to themselves and family in the old country if they misbehaved. This message and some of the handling that can be seen from the surveillance bespeaks a more millennial attitude by these illegals than old school Sov operatives. in one case an officer remarks that he is glad not to be one of the illegals handler as he is bitching about money… Kinda comical…

It also seems to me that some of these operatives were in fact quite young when they started and even as things progressed, were not as well trained as they could have been. In one case there is a remark of only about 2 weeks of training at the SVR  center, and this is not quite like the old days when the spooks got some serious training before going out in the field. Of course today, post the 1990’s break up of the Soviet Union, I suspect that in some of the minds at “C” we (FBI) have become lax at detection and operations just because we were very Sov oriented back in the cold war period.

However, this group of illegals seems to have been in play since the late 90’s and over time, have become more American than true blood Russian idealogs. With the amounts of money being passed to them over the years, these folks were rather well taken care of. This is something a bit different from the old days and bespeaks a paradigm shift in the SVR’s handling of them and approaches to getting good INTEL out of them. These folks were monetarily motivated which is usually how spies get brought in from other nation states, not the ones being sent to foreign posts by the motherland.

Times are a changing though… Guess you have to roll with it or lose assets.

Technology and OPSEC

The times have changed and with them the technologies of spy-craft do too. In the case of the illegals not only did they engage “AD HOC” wireless networks between laptops in open spaces (ballsy really given the nature of WIFI 802.11 standards and vulnerabilities) but also with the addition of things like the use of “Steganography

For some time now I have been randomly hoovering sites looking for stegged images and so far, I have come up with potential hits (Jihadist sites) but as yet, I haven’t been able to decrypt anything that is alleged to be hidden. In the case of the illegals, they had special software installed on laptops given to them by Moscow Centre. It turns out that these laptops and the schemes that they were using didn’t always work for the agents but, in many cases, had it not been for the surveillance by the FBI, this particular method of data passing might not have been seen.


Overall, the technology today is neat but as in the case of the AD HOC networking over WIFI, I have to wonder about their choice here. I mean it wasn’t all that long ago that the CIA had a fiasco wth a “WIFI” enabled faux rock in a park in Moscow. The rock was supposed to be able to transfer data onto a CF type card from a PDA or phone that the asset would pass by. As the technology failed, the KGB noticed that there were people wandering around looking to connect to this rock. When they did a search they got the rock and later the asset trying to connect to the faulty device. So much for the technological approach.

When it works it works great.. When it fails, you end up in Lubyanka…

Tradecraft: Tried and True

Meanwhile, some of the illegals seem to have perfected the tradecraft side of the work by performing brush passes with operatives from the Russian consulate as well as infiltrate and exfiltrate out of other countries using bogus passports etc. It seems that perhaps though, that the FBI caught on to the group however and exploited poor tradecraft practices to catch onto the whole of the operation. In one case the handler from the consulate took 3 hours of evasion practices to elude any possible surveillance only to be compromised by the fact that the “illegal” already was under surveillance… OOPS.

The meetings that are mentioned in the complaint though show how much tradecraft the group was using to perform their meetings. These included marking, dead drops, and of course the brush passes with pass phrases like “Didn’t I meet you in Bangkok in 1990?” So those of you who think that its just cliche, its not really… Even in todays technological world these practices are kept up BECAUSE the technology is so easily watched from remote ala the NSA. Of course it was that technological FAIL along with the poor practices of basic information security that caught them in the end.

Kinda funny really.. I mean how often do I moan and wail about all of this huh and here it is that very thing that pops a group of spies for Russia.

Funny…

Meanwhile some of the “old school” techniques still pervade…

Numbers Stations and Rapid Burst Transmissions Making a Comeback

When some of the houses/apartments were black bagged, the operatives found that the illegals were not only using “rapid burst” radio technology, but also the old old school technique of “Numbers Stations” to get their orders as well as report their data to Moscow Centre. I imagine that in the case of the rapid burst technology, they were in close proximity of either other operatives that they did not know about, or they were in fact close enough to the consulates that they could burst their data to their arrays on the roof.

This stuff is really old school and I have mentioned before that the number of “numbers” stations has increased over time since the internet age took over because this technology, properly implemented, is sure fire and hard to detect. After all, how many of us have short wave radios in their homes huh? The burst technology though is a little more circumspect and can be detected, but since it has not been in vogue for some time, I doubt many agencies are looking for it. Perhaps a HAM radio operator in the area might have picked up on it but it was the surveillance team that mentions “noise” that seems to be radio transmissions.

It just goes to show that sometimes the new tech just doesn’t cut it. You need to go old school.

Espionage 2010, Pooty Poot, The Bear Never Left

In the end, I expect to be hearing more about this story in the news. There will likely be the expuslions of diplomats from the Russian consulates in the US as well as the ongoing coverage of the trials. What I am wondering about though is that the FBI charged these guys with smaller charges rather than official “espionage”

This makes me think that there is much more to this tale behind the scenes that we will eventually get in dribs and drabs. I personally think that the illegals that we caught really made a dent in the security of the nation. The complaint does not mention any high level connections that would be bad enough to consider this operation as a whole to be damaging. However, if the group is in fact bigger or as we know, there are others out there, just who have they compromised? Remember that in the complaint you can see Moscow Center asking about compromisable assets. What they really wanted was to go old school and get the dirt on someone juicy and turn them… and given Washington’s habit of nasty behavior with pages or toe tapping in airport mens rooms, I can see they had a rich target environment.

All of this also makes it so ironic that the operation had been ongoing since at least the Clinton administration. When “W” looked into the soul of Pooty Poot, he wasn’t in fact seeing anything there. George, he was PWN-ing you as you gave him the reach around.. and liked it. The Bear never left my friends and anyone who thought we were all friends with rainbows and puppies where Russia was concerned is seriously deluded.

The only thing that has changed is that the American conciousness became… Unconcious to conspicuous wealth and reality TV.

I too pine for the cold war…Looks like its back on.

So in conclusion here are some questions that I have:

  • Why was this operation rolled up now?
  • How did the FBI catch on to these illegals?
  • Who is “FARMER”
  • Who is “PARROT”
  • Why the charges of not telling the AG that the illegals were.. well illegal and not actually charged with “espionage”
  • Why did “C” want the operatives to buy ASUS EEE PC’s?
  • What steg program did they have?
  • When will we be expelling the 3 consulate “secretaries” in NYC?

You can read the “almost full” complaint here

CoB

STRATFOR: “Watching for Watchers” aka Tradecraft in Surveillance and Counter Surveillance

with one comment

Situational awareness is a term that I posted about last week and it seems that Stratfor, the site that I yanked the post’s genesis from, has continued on in that vein to teach us all more about it. In this next article though, they went deeper into the operational aspect of “SA” and writes a nice little piece on surveillance and counter-surveillance.

The article starts out talking about the basic premise that is their aegis in writing and posting this article. The terrorist threat today is the one that they concern themselves off the bat with. Terrorists, like any other group or entity perform surveillance of their target before they attack. This is an operational standard that the terrorists learned from the intelligence agencies of the past and today. By using some of the techniques “poorly evidently by Stratfor’s account” they indeed did perform surveillance against not only the twin towers, but also as has been seen, nuclear facilities, bridges, and other important buildings with video cameras pretending to be tourists. Thus you had that spate of photographer harassment in NYC and other places post 9/11.

In the article though, the start with the common criminal and work their way toward the Jihadist terrorist in this way;

On the other extreme are the criminals who behave more like stalking predators. Such a criminal is like a lion on the savannah that carefully looks over the herd and selects a vulnerable animal believed to be the easiest to take down. A criminal who operates like a stalking predator, such as a kidnapper or terrorist, may select a suitable target and then take days or even weeks to follow the target, assess its vulnerabilities and determine if the potential take is worth the risk. Normally, stalking criminals will prey only on targets they feel are vulnerable and can be successfully hit, although they will occasionally take bigger risks on high-value targets.

Of course, there are many other criminals who fall somewhere in the middle, and they may take anywhere from a few minute to several hours to watch a potential target. Regardless of the time spent observing the target, all criminals will conduct this surveillance and they are vulnerable to detection during this time.

Given that surveillance is so widely practiced, it is quite amazing to consider that, in general, criminals and terrorists are terrible at conducting surveillance.

There are some exceptions, such as the relatively sophisticated surveillance performed by Greenpeace and some of the other groups trained by the Ruckus Society, or the low-key and highly detailed surveillance performed by some high-end art and jewelry thieves, but such surveillance is the exception rather than the rule.

Now in the above snippet they make the generality that most criminals are just bad at this and are not properly trained. Of course there are differences in the likes of the “art thief” or the “Greenpeace” activist. These though, are the exception now, but, given time and the desire of the parties involved, I am sure this could be an operational standard in the future for the smart criminal and the well funded and operations savvy terrorist.

The case of the 19 who attacked on 9/11 were such a case.

The article moves on to the more defined and practiced skills of surveillance and counter-surveillance/evasion to include TEDD (time, environment, distance and demeanor) which is an operational term for a practice that one must carry out if they are in the business and bound to be surveilled. This is not something the every day person really will use but, is an interesting point of fact for consideration if you as Joe Q Public, are going to be “Situationally Aware” for such things as a terrorist surveilling your local subway stop, nevermind the criminal looking to score by robbing you in an alleyway or dark corner on the street you usually travel.

The U.S. government often uses the acronym “TEDD” to illustrate the principles that can be used to identify surveillance conducted by counterintelligence agencies, but these same principles also can be used to identify criminal and terrorist surveillance. TEDD stands for time, environment, distance and demeanor. In other words, if a person sees someone repeatedly over time, in different environments and over distance, or someone who displays poor surveillance demeanor, then that person can assume he or she is under surveillance. If a person is being specifically targeted for a planned attack, he or she might be exposed to the time, environment and distance elements of TEDD, but if the subway car the person is riding in or the building where the person works is the target, he or she might only have the demeanor of the attacker to key on because the attacker will not be seen by the observer over time and distance or in different environments. Time, environment and distance are also not applicable in cases involving criminals who behave like ambush predators. Therefore, when we are talking about criminal surveillance, demeanor is the most critical of the four elements. Demeanor will also often work in tandem with the other elements, and poor demeanor will often help the target spot the surveillant at different times and places.

The short and long of it is that you need to be aware of your surroundings, the terrain, the choke points, and the usual faces that are there in order to notice when things are amiss and know a way to escape should it be necessary. This all takes some knowledge of the “Tradecraft” of spying and surveillance. I have written before about this subject and think it is important. Stratfor had this to say on this subject where surveillance is concerned;

The term “tradecraft” is an espionage term that refers to techniques and procedures used in the field, but term also implies quite a bit of finesse in the practice of these techniques. Tradecraft, then, is really more of an art rather than a science, and surveillance tradecraft is no exception. Like playing the violin or fencing with a foil, it takes time and practice to become a skilled surveillance practitioner. Most individuals involved in criminal and terrorist activity simply do not devote the time necessary to master this skill. Because of this, they have terrible technique, use sloppy procedures and lack finesse when they are watching people.

Surveillance is an unnatural activity, and a person doing it must deal with strong feelings of self-consciousness and of being out of place. People conducting surveillance frequently suffer from what is called “burn syndrome,” the erroneous belief that the people they are watching have spotted them. Feeling “burned” will cause surveillants to do unnatural things, such as suddenly ducking back into a doorway or turning around abruptly when they unexpectedly come face to face with the target. People inexperienced in the art of surveillance find it difficult to control this natural reaction. Even experienced surveillance operatives occasionally have the feeling of being burned; the difference is they have received a lot of training and they are better able to control their reaction and work through it. They are able to maintain a normal looking demeanor while their insides are screaming that the person they are surveilling has seen them.

In the end, I think that some people may find this information helpful. Some may see it as a fun game they can play to become more situationally aware. Some may actually take these gleanings and use them to perhaps someday save others from being a victim of a terrorist act. Who knows… I think though that these are important skills that can be applied in many ways. Whether or not you live in the city or are just visiting, if you are self aware enough, you can at the very least protect yourself from crime.

In another context though, anyone in the business of information security, physical security, and or any job where you handle information that may be considered important enough to classify, then these skills can be adapted to your particular “situations” for security purposes. In essence, your place of business may in fact be a target of criminal and or state sponsored actors and YOU might be able to detect this and stop it.

How?

Well, let me elucidate.

You see, just yesterday I posted an article on the fact that there seemed to be a rash of physical intrusions and thefts at government buildings recently. Had the people at these offices been situationally aware, then perhaps they would have stopped these people and asked some questions. Perhaps they might even have stopped them from coming through the door in the first place huh? Instead, they paid no attention and the thieves went on their way with hardware and potentially, data that could be damaging to the country.

I myself have taken advantage of this lack of situational awareness many times while auditing facilities. I have created bogus badges, I have used no badges, I have used the old “I’m new here” routine and never have I been stopped by anyone. In fact, its been quite the opposite. People have helped me get onto their networks, into denied areas of buildings, and given me tidbits of data that have been key to opening doors to data and physical access later on.

People are just not situationally aware generally.

So what do we do now? How do we fix this? Well, I suggest for a start that more companies actually have security awareness programs that enlighten on these issues. They need not go into the detail of a TEDD exercise, but, at least cover the facts that in every day life at work, someone may want to gain access to their desk and their terminal if not get through the front door unchecked.

You see that guy with the cigarette out back just smoking and hanging out by the locked door? You know him? If not, then you make him badge in. If he can’t, then its time to go to the security desk out front and NOT let him through that door.

Situational Awareness…

CoB

Full article HERE

Written by Krypt3ia

2010/06/17 at 15:50

Political firm fears sheikh’s files were hacked

leave a comment »

In a mysterious case of cyber-espionage, a leading California political consulting firm has asked U.S. Attorney General Eric Holder to investigate what it says appears to be computer hacking involving a high-profile client, an ousted Middle Eastern sheikh, which the firm says could compromise “sensitive information relating to U.S. and Iranian security issues.”

Jason Kinney, who heads California Strategies, made the request to Holder and the U.S. attorney’s office last week after it appeared hackers had accessed the Sacramento consulting firm’s computer files relating to their client, Sheikh Khalid bin Saqr Al Qasimi.

Kinney and two other leading Democratic strategists, former White House spokesman Chris Lehane and Peter Ragone, the former spokesman for San Francisco Mayor Gavin Newsom, represent the royal client.

The sheikh – the legally recognized deputy ruler and crown prince of Ras al Khaimah, one of the seven emirates that make up the United Arab Emirates – was deposed from power in 2003 by more conservative factions, including his brother, after being criticized as too friendly to the United States.

The crown prince, who considers himself an ally of the White House, was an overnight guest there during the Clinton administration and attended the inauguration of President Obama last year. News reports said he was ousted for expressing strident opposition to Iran and was considered too supportive of efforts to allow women to participate more fully in his country’s society.

His more conservative brother, Saud bin Saqr Al Qasimi, assumed power. Dubbed the “perfumed prince” by some tabloids, Sheikh Saud was arrested in 2005 on suspicion of sexually assaulting a female housekeeper while on a medical stay at the Mayo Clinic in Minnesota; charges were later dropped.

Saud later made headlines when his bid to host the 2010 America’s Cup in Ras al Khaimah was rebuffed after reports suggested the emirate was a “hot spot” of trouble for terrorists and smugglers suspected of moving illegal weapons and components for Iran’s nuclear weapons programs.

Sheikh Khalid, who lives in the Middle East and hopes to return to power, hired the California firm, which mounted a campaign that has included full-page ads in the New York Times, Washington Post and other newspapers; banner ads on Web sites including Politico and the Drudge Report; and bus ads in the U.S. capital, as well as a Web site, RAKforthepeople.com.

The rest HERE

So my obvious choice for who might be behind the hack would be the Sheikh’s brother in power. I mean, wouldn’t it be your choice given the history and situation? After all, he is all pal’ed up Iran and all the unsavory types as well as has that stellar reputation of maybe being a rapist.

Now I have not heard so much on the street as to the capabilities of Iran in the world of hacking or cyber warfare, but I assume there must be some capability there if not the funds to hire some hackers to do the job. I guess my biggest question though is exactly what this “data” was that is so important. What dirty laundry is there left that that kid who was leaking to Wikileaks didn’t already release?

I should think though, that perhaps a more appropriate agency to look into this might be CIA or more to the point NSA. Sure, FBI can look into it, but, the machinations here might be more along the geopolitical lines of some folks with higher pay grades…

Keep an eye out on this one…

CoB

Written by Krypt3ia

2010/06/10 at 17:48

William Gibson’s Future is Here: Keiretsu’s, Phramacom’s, Kombinats, and Private Intelligence

with one comment

World View Change:

I just finished reading “Broker, Trader, Lawyer, Spy” by Eamon Javers moments ago and it has had me thinking for some time now about the private intelligence business. Of course I believe that in many ways, the last 10 years or so of my career has been in an analogous business, that of “Information Security”, a euphemism that covers a portion of what I do on a regular basis for clients by checking their security and trying to circumvent it to steal their data.

Of course in my case and others, we are asked to do so by the targets themselves and to recommend fixes for anything that we find.

However, it seems that since at least the 2000’s a boutique business model for “Private Intelligence” has burgeoned around the globe and now it seems to be at its height in this current economic climate. After all, if you as company A can get an edge on company B by hiring some old intelligence warhorses to spy on B, then all the better eh? I mean, in today’s ethically “gray” world, what’s to stop you? Governmental regulation? HA!

Once, long ago, I was an altruistic sort and believed not only in my government but also in business’ and people’s desire to do the “right thing” Now, 13 years later, I have come to the conclusion that there are no companies, nor people out there who are genuinely looking to do the right thing. After working for fortune 500 companies as well as smaller ones, I am now aware that the only motivation that they all have is to “get ahead” or to “have a good day and not rock the boat” as my last employer proved out in spades.

In short, I have come to the conclusion that there is no black and white.. Only gray areas in which we can choose to hide and learn to live with ourselves.

In the business of “Corporate or Private Intelligence” one can make a good living as long as they don’t suddenly grow a conscience about exactly who they are surveilling or gathering intel on as well as to whom they are providing it to. Though, often these entities who are paying the bill have a middle man (aka a law firm) hiring you out to do the work so as to have a blind spot vis a vis “confidentiality” agreements. So you may never really know what you are up to in the grand scheme. However, in my new world view, I should feel indifferent I think about the whole thing because the base truth is that each of the parties involved (being watched and paying for the service) both likely subscribe to the morays of our current corporate and governmental environment…

“What’s in it for me?”

Stepping Into the Forest of Mirrors:

So it has come that in today’s world, the intelligence agents MUST be technically savvy in order to work. I have seen the articles online about how the CIA and MI5/MI6 have begun large recruitment drives for individuals with technical backgrounds in computing. The problem though that they have is this, their pay grades suck and in today’s world too few are true believers in God and Country. So the private sector seems to be the most logical choice for anyone who wants to make a living and have enough to actually retire when they are too old to work any more.

Of course in the book a chapter is devoted to the idea that many of the agents out there today at the CIA are now “allowed” to moonlight as long as they tell the agency and get approval to do so. I guess in order to keep talent, the CIA decided it was best to allow these activities as long as they were not compromising any operations… Makes sense, after all the largest GS salary one can really get tops out at just over $100,000.00… Not much in today’s salary base huh? So it would seem that many are getting the training from the CIA and other agencies then moving on to the private sector.

Meanwhile, that private sector is not sipping at the private intelligence spigot, they are gulping it down. It seems that not only nation states are the main recipient of corporate intelligence any more. Instead, its the idea of conglomerates and corporations practicing business as war in the best of traditions that harken back to the “Keiretsu” and Sun Tzu. Perhaps my assessment of American business was slightly off in one of my last posts?

Nah, I think instead that they are all practicing this means of corporate warfare, but lack the stability nor forward thinking of the Japanese Keiretsu model. It’s corporate spy vs. spy and the only ones to really profit are the spies themselves. In this I find a certain comfort really, because frankly, the corporations that I have been inside of, do not deserve to get ahead due to their sloth and lack of forward thinking. A certain intransigence and laziness pervades most companies where it comes to being able to fend off such attacks as those used in corporate digital warfare and frankly, its their own fault.

So, where does that leave me? It leaves me thinking that to really make a living and to maximize my talent use, it would be better to walk away from trying to teach these companies anything about securing their data and instead use their weaknesses against them working for such a firm as the Trident Group or any number of others out there. Perhaps to even just start my own agency. After all, who’s job in corporate America is safe today? By being a good soldier and doing your all do you really get any consideration from the company you work for?

Think about it.

Final Analysis:

In the end, I found this book to be quite enlightening. I was rather surprised by the last pages where the author tried to put forth the idea that all corporate intelligence firms should register with the government (ala the SEC) to work. I think he was smoking the proverbial crack pipe when he put that to paper, but I understand his altruistic thrust there. Eamon, that will never happen and it won’t because if you register these places their cover is blown. How would an agency of that type ever really work if the government has them and their employees registered in an ever so safe SQL database on an insecure server somewhere huh?

*Snort*

If you get the chance, read the book. You too will be enlightened as to what is going on out there in the world today. You will not see things in black and white any more, that’s for sure. Oh, and if you are a William Gibson fan, you will undoubtedly have to stop yourselves and think “Shit, he predicted things to the T again!”

CoB

A Dagger To The CIA: How The CIA Has Been Neutered

leave a comment »

The one thing all analysts shared was a disdain for the operatives and their cloak and-dagger pretensions. As far as they were concerned, the operatives’ “tradecraft” was a lot of hocus-pocus. Operatives were cowboys—and of questionable utility.

Analysts were convinced that most good information was right out in the open. All you needed was a good brain to make sense of it. And what you didn’t know from open sources, you could learn from intercepts and satellites.

It’s impossible to pinpoint exactly when the operatives’ sun started to set, but many CIA insiders would point to John Deutch, the former MIT provost and Bill Clinton’s second CIA director. From the moment Deutch set foot in Langley, he made it plain that he hated the operatives, their swagger and arrogance. Deutch held them responsible for some of America’s worst foreignpolicy fiascoes, from the Bay of Pigs to the overthrow of Allende in Chile. In December 1995, he told The New York Times: “Compared to uniformed officers, [CIA operatives] are certainly not as competent, or as understanding of what their relative role is and what their responsibilities are.”

Deutch’s first shot at the operatives was his appointment of Dave Cohen as deputy director of operations, the CIA’s most senior operative. Cohen was an analyst who had never served overseas or run a foreign informant. Deutch’s message couldn’t be any clearer: Anyone can do an operative’s work.

The first thing Cohen did was order a “scrub” of every informant with dirty hands. Drug dealers, dictators’ minions, arms dealers, terrorists—Cohen ordered the operatives to sever ties with all of them. The only problem was, these were the people who mix well with our enemies—rogue regimes like Iran and North Korea and terrorist groups like Hezbollah and Al Qaeda. Deutch and Cohen didn’t care; they had a mandate to clean up the CIA, and that’s what they were going to do.

Headquarters ofiicers started taking more and more of the important jobs in the field. For the first time in the CIA’s history, analysts, reports officers, and logistics officers were given stations and bases to run. (As a reports officer, Kathy technically belonged to the directorate of operations, but in spirit she was much closer to an analyst.) Field experience no longer mattered, either for assignments or promotions.

As the CIA purged informants, it leaned on allies to do our dirty work in the field. Friendly Muslim intelligence services, not CIA operatives, were asked to comb jihadi circles. All this only got worse after September 11. The wars in Iraq and Afghanistan sucked the CIA dry.

In 2006 there were nearly 750 officers assigned to Baghdad station, mostly staff officers on their first overseas assignment. That number may not sound like a lot, but throughout the ’90s there were at most 1,200 to 1,500 CIA employees assigned overseas at any one time.

The rest HERE

A more concise appraisal of what’s gone so so wrong with the CIA I have not seen in print I think. Scheuer, Baer, Bearden, have all said much the same things in their books and interviews, but this captures it with regard to a real event that made the recent news. In context you can see clearly just how piss poor the agency has been run for some time now.

What the article does not cover here is that at the same time this sentiment was being fomented by the DDO and moves were made to place analysts into field positions many of the working field operatives retired (or were forced out) because they saw the writing on the wall. Baer covers this where in the 90’s he was investigated by the FBI for working on an operation with “unsavory” types. He was accused of murder and other things from a sanctioned operation. *Somewhat depicted in Syrianna*

He left soon after. The PC attitude was too much.

Meanwhile, this left the CIA without any real access to the actual bad people that they were supposed to be fighting against. As the article points out, the CIA then began to rely more on foreign agencies for their “dirty laundry” collections. By doing this, the CIA became much more susceptible to getting bad intelligence as well as being manipulated by disinformation.

By using the ISI for example, the CIA was being led down the primrose path many a time because many in the ISI were sympathetic to AQ. In fact, some of the ISI personnel were in fact AQ operatives. So where’s the good in all this? Nothing good can come from friends like these in the intelligence business. Much like the lack of understanding in the case of meeting with Balawi might have been tempered by the wishes of the GID to win the day and present a mole who could get close to OBL.

There just wasn’t enough vetting and relying on a flipped agent is always a tricky thing. Even more so when that flipped agent was so briefly in custody of the GID and likely tortured.

The issue of relying on foreign intelligence sources close to the regions and not having real “experienced” people in the field to determine if someone is credible to work with caused this incident in Khost. It’s simply because of the factors talked about above and the drive to make a mark for yourself in the eyes of the boss. In this case over eagerness and lack of real experience led to the deaths of 8 CIA officers. Officers mind you, who were high level assets for the CIA in the region.. As much as that may seem unlikely.

Meanwhile, we have things like the tearing down of the AQ sites recently against what the CIA wanted. The players of the game are at each others throats and this serves us not.

Here’s some news.. We need HUMINT in the field. We need experienced officers, and we need to get our hands dirty.

Unless there are some big changes planned I should think we are doomed to further and more spectacular failures. One has to wonder what has happened to all those fresh faces who joined just after 9/11…. Probably all analysts like “Kathy” now.

CoB

Written by Krypt3ia

2010/03/24 at 15:12