Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Spooks’ Category

STRATFOR: “Watching for Watchers” aka Tradecraft in Surveillance and Counter Surveillance

with one comment

Situational awareness is a term that I posted about last week and it seems that Stratfor, the site that I yanked the post’s genesis from, has continued on in that vein to teach us all more about it. In this next article though, they went deeper into the operational aspect of “SA” and writes a nice little piece on surveillance and counter-surveillance.

The article starts out talking about the basic premise that is their aegis in writing and posting this article. The terrorist threat today is the one that they concern themselves off the bat with. Terrorists, like any other group or entity perform surveillance of their target before they attack. This is an operational standard that the terrorists learned from the intelligence agencies of the past and today. By using some of the techniques “poorly evidently by Stratfor’s account” they indeed did perform surveillance against not only the twin towers, but also as has been seen, nuclear facilities, bridges, and other important buildings with video cameras pretending to be tourists. Thus you had that spate of photographer harassment in NYC and other places post 9/11.

In the article though, the start with the common criminal and work their way toward the Jihadist terrorist in this way;

On the other extreme are the criminals who behave more like stalking predators. Such a criminal is like a lion on the savannah that carefully looks over the herd and selects a vulnerable animal believed to be the easiest to take down. A criminal who operates like a stalking predator, such as a kidnapper or terrorist, may select a suitable target and then take days or even weeks to follow the target, assess its vulnerabilities and determine if the potential take is worth the risk. Normally, stalking criminals will prey only on targets they feel are vulnerable and can be successfully hit, although they will occasionally take bigger risks on high-value targets.

Of course, there are many other criminals who fall somewhere in the middle, and they may take anywhere from a few minute to several hours to watch a potential target. Regardless of the time spent observing the target, all criminals will conduct this surveillance and they are vulnerable to detection during this time.

Given that surveillance is so widely practiced, it is quite amazing to consider that, in general, criminals and terrorists are terrible at conducting surveillance.

There are some exceptions, such as the relatively sophisticated surveillance performed by Greenpeace and some of the other groups trained by the Ruckus Society, or the low-key and highly detailed surveillance performed by some high-end art and jewelry thieves, but such surveillance is the exception rather than the rule.

Now in the above snippet they make the generality that most criminals are just bad at this and are not properly trained. Of course there are differences in the likes of the “art thief” or the “Greenpeace” activist. These though, are the exception now, but, given time and the desire of the parties involved, I am sure this could be an operational standard in the future for the smart criminal and the well funded and operations savvy terrorist.

The case of the 19 who attacked on 9/11 were such a case.

The article moves on to the more defined and practiced skills of surveillance and counter-surveillance/evasion to include TEDD (time, environment, distance and demeanor) which is an operational term for a practice that one must carry out if they are in the business and bound to be surveilled. This is not something the every day person really will use but, is an interesting point of fact for consideration if you as Joe Q Public, are going to be “Situationally Aware” for such things as a terrorist surveilling your local subway stop, nevermind the criminal looking to score by robbing you in an alleyway or dark corner on the street you usually travel.

The U.S. government often uses the acronym “TEDD” to illustrate the principles that can be used to identify surveillance conducted by counterintelligence agencies, but these same principles also can be used to identify criminal and terrorist surveillance. TEDD stands for time, environment, distance and demeanor. In other words, if a person sees someone repeatedly over time, in different environments and over distance, or someone who displays poor surveillance demeanor, then that person can assume he or she is under surveillance. If a person is being specifically targeted for a planned attack, he or she might be exposed to the time, environment and distance elements of TEDD, but if the subway car the person is riding in or the building where the person works is the target, he or she might only have the demeanor of the attacker to key on because the attacker will not be seen by the observer over time and distance or in different environments. Time, environment and distance are also not applicable in cases involving criminals who behave like ambush predators. Therefore, when we are talking about criminal surveillance, demeanor is the most critical of the four elements. Demeanor will also often work in tandem with the other elements, and poor demeanor will often help the target spot the surveillant at different times and places.

The short and long of it is that you need to be aware of your surroundings, the terrain, the choke points, and the usual faces that are there in order to notice when things are amiss and know a way to escape should it be necessary. This all takes some knowledge of the “Tradecraft” of spying and surveillance. I have written before about this subject and think it is important. Stratfor had this to say on this subject where surveillance is concerned;

The term “tradecraft” is an espionage term that refers to techniques and procedures used in the field, but term also implies quite a bit of finesse in the practice of these techniques. Tradecraft, then, is really more of an art rather than a science, and surveillance tradecraft is no exception. Like playing the violin or fencing with a foil, it takes time and practice to become a skilled surveillance practitioner. Most individuals involved in criminal and terrorist activity simply do not devote the time necessary to master this skill. Because of this, they have terrible technique, use sloppy procedures and lack finesse when they are watching people.

Surveillance is an unnatural activity, and a person doing it must deal with strong feelings of self-consciousness and of being out of place. People conducting surveillance frequently suffer from what is called “burn syndrome,” the erroneous belief that the people they are watching have spotted them. Feeling “burned” will cause surveillants to do unnatural things, such as suddenly ducking back into a doorway or turning around abruptly when they unexpectedly come face to face with the target. People inexperienced in the art of surveillance find it difficult to control this natural reaction. Even experienced surveillance operatives occasionally have the feeling of being burned; the difference is they have received a lot of training and they are better able to control their reaction and work through it. They are able to maintain a normal looking demeanor while their insides are screaming that the person they are surveilling has seen them.

In the end, I think that some people may find this information helpful. Some may see it as a fun game they can play to become more situationally aware. Some may actually take these gleanings and use them to perhaps someday save others from being a victim of a terrorist act. Who knows… I think though that these are important skills that can be applied in many ways. Whether or not you live in the city or are just visiting, if you are self aware enough, you can at the very least protect yourself from crime.

In another context though, anyone in the business of information security, physical security, and or any job where you handle information that may be considered important enough to classify, then these skills can be adapted to your particular “situations” for security purposes. In essence, your place of business may in fact be a target of criminal and or state sponsored actors and YOU might be able to detect this and stop it.

How?

Well, let me elucidate.

You see, just yesterday I posted an article on the fact that there seemed to be a rash of physical intrusions and thefts at government buildings recently. Had the people at these offices been situationally aware, then perhaps they would have stopped these people and asked some questions. Perhaps they might even have stopped them from coming through the door in the first place huh? Instead, they paid no attention and the thieves went on their way with hardware and potentially, data that could be damaging to the country.

I myself have taken advantage of this lack of situational awareness many times while auditing facilities. I have created bogus badges, I have used no badges, I have used the old “I’m new here” routine and never have I been stopped by anyone. In fact, its been quite the opposite. People have helped me get onto their networks, into denied areas of buildings, and given me tidbits of data that have been key to opening doors to data and physical access later on.

People are just not situationally aware generally.

So what do we do now? How do we fix this? Well, I suggest for a start that more companies actually have security awareness programs that enlighten on these issues. They need not go into the detail of a TEDD exercise, but, at least cover the facts that in every day life at work, someone may want to gain access to their desk and their terminal if not get through the front door unchecked.

You see that guy with the cigarette out back just smoking and hanging out by the locked door? You know him? If not, then you make him badge in. If he can’t, then its time to go to the security desk out front and NOT let him through that door.

Situational Awareness…

CoB

Full article HERE

Written by Krypt3ia

2010/06/17 at 15:50

Political firm fears sheikh’s files were hacked

leave a comment »

In a mysterious case of cyber-espionage, a leading California political consulting firm has asked U.S. Attorney General Eric Holder to investigate what it says appears to be computer hacking involving a high-profile client, an ousted Middle Eastern sheikh, which the firm says could compromise “sensitive information relating to U.S. and Iranian security issues.”

Jason Kinney, who heads California Strategies, made the request to Holder and the U.S. attorney’s office last week after it appeared hackers had accessed the Sacramento consulting firm’s computer files relating to their client, Sheikh Khalid bin Saqr Al Qasimi.

Kinney and two other leading Democratic strategists, former White House spokesman Chris Lehane and Peter Ragone, the former spokesman for San Francisco Mayor Gavin Newsom, represent the royal client.

The sheikh – the legally recognized deputy ruler and crown prince of Ras al Khaimah, one of the seven emirates that make up the United Arab Emirates – was deposed from power in 2003 by more conservative factions, including his brother, after being criticized as too friendly to the United States.

The crown prince, who considers himself an ally of the White House, was an overnight guest there during the Clinton administration and attended the inauguration of President Obama last year. News reports said he was ousted for expressing strident opposition to Iran and was considered too supportive of efforts to allow women to participate more fully in his country’s society.

His more conservative brother, Saud bin Saqr Al Qasimi, assumed power. Dubbed the “perfumed prince” by some tabloids, Sheikh Saud was arrested in 2005 on suspicion of sexually assaulting a female housekeeper while on a medical stay at the Mayo Clinic in Minnesota; charges were later dropped.

Saud later made headlines when his bid to host the 2010 America’s Cup in Ras al Khaimah was rebuffed after reports suggested the emirate was a “hot spot” of trouble for terrorists and smugglers suspected of moving illegal weapons and components for Iran’s nuclear weapons programs.

Sheikh Khalid, who lives in the Middle East and hopes to return to power, hired the California firm, which mounted a campaign that has included full-page ads in the New York Times, Washington Post and other newspapers; banner ads on Web sites including Politico and the Drudge Report; and bus ads in the U.S. capital, as well as a Web site, RAKforthepeople.com.

The rest HERE

So my obvious choice for who might be behind the hack would be the Sheikh’s brother in power. I mean, wouldn’t it be your choice given the history and situation? After all, he is all pal’ed up Iran and all the unsavory types as well as has that stellar reputation of maybe being a rapist.

Now I have not heard so much on the street as to the capabilities of Iran in the world of hacking or cyber warfare, but I assume there must be some capability there if not the funds to hire some hackers to do the job. I guess my biggest question though is exactly what this “data” was that is so important. What dirty laundry is there left that that kid who was leaking to Wikileaks didn’t already release?

I should think though, that perhaps a more appropriate agency to look into this might be CIA or more to the point NSA. Sure, FBI can look into it, but, the machinations here might be more along the geopolitical lines of some folks with higher pay grades…

Keep an eye out on this one…

CoB

Written by Krypt3ia

2010/06/10 at 17:48

William Gibson’s Future is Here: Keiretsu’s, Phramacom’s, Kombinats, and Private Intelligence

with one comment

World View Change:

I just finished reading “Broker, Trader, Lawyer, Spy” by Eamon Javers moments ago and it has had me thinking for some time now about the private intelligence business. Of course I believe that in many ways, the last 10 years or so of my career has been in an analogous business, that of “Information Security”, a euphemism that covers a portion of what I do on a regular basis for clients by checking their security and trying to circumvent it to steal their data.

Of course in my case and others, we are asked to do so by the targets themselves and to recommend fixes for anything that we find.

However, it seems that since at least the 2000’s a boutique business model for “Private Intelligence” has burgeoned around the globe and now it seems to be at its height in this current economic climate. After all, if you as company A can get an edge on company B by hiring some old intelligence warhorses to spy on B, then all the better eh? I mean, in today’s ethically “gray” world, what’s to stop you? Governmental regulation? HA!

Once, long ago, I was an altruistic sort and believed not only in my government but also in business’ and people’s desire to do the “right thing” Now, 13 years later, I have come to the conclusion that there are no companies, nor people out there who are genuinely looking to do the right thing. After working for fortune 500 companies as well as smaller ones, I am now aware that the only motivation that they all have is to “get ahead” or to “have a good day and not rock the boat” as my last employer proved out in spades.

In short, I have come to the conclusion that there is no black and white.. Only gray areas in which we can choose to hide and learn to live with ourselves.

In the business of “Corporate or Private Intelligence” one can make a good living as long as they don’t suddenly grow a conscience about exactly who they are surveilling or gathering intel on as well as to whom they are providing it to. Though, often these entities who are paying the bill have a middle man (aka a law firm) hiring you out to do the work so as to have a blind spot vis a vis “confidentiality” agreements. So you may never really know what you are up to in the grand scheme. However, in my new world view, I should feel indifferent I think about the whole thing because the base truth is that each of the parties involved (being watched and paying for the service) both likely subscribe to the morays of our current corporate and governmental environment…

“What’s in it for me?”

Stepping Into the Forest of Mirrors:

So it has come that in today’s world, the intelligence agents MUST be technically savvy in order to work. I have seen the articles online about how the CIA and MI5/MI6 have begun large recruitment drives for individuals with technical backgrounds in computing. The problem though that they have is this, their pay grades suck and in today’s world too few are true believers in God and Country. So the private sector seems to be the most logical choice for anyone who wants to make a living and have enough to actually retire when they are too old to work any more.

Of course in the book a chapter is devoted to the idea that many of the agents out there today at the CIA are now “allowed” to moonlight as long as they tell the agency and get approval to do so. I guess in order to keep talent, the CIA decided it was best to allow these activities as long as they were not compromising any operations… Makes sense, after all the largest GS salary one can really get tops out at just over $100,000.00… Not much in today’s salary base huh? So it would seem that many are getting the training from the CIA and other agencies then moving on to the private sector.

Meanwhile, that private sector is not sipping at the private intelligence spigot, they are gulping it down. It seems that not only nation states are the main recipient of corporate intelligence any more. Instead, its the idea of conglomerates and corporations practicing business as war in the best of traditions that harken back to the “Keiretsu” and Sun Tzu. Perhaps my assessment of American business was slightly off in one of my last posts?

Nah, I think instead that they are all practicing this means of corporate warfare, but lack the stability nor forward thinking of the Japanese Keiretsu model. It’s corporate spy vs. spy and the only ones to really profit are the spies themselves. In this I find a certain comfort really, because frankly, the corporations that I have been inside of, do not deserve to get ahead due to their sloth and lack of forward thinking. A certain intransigence and laziness pervades most companies where it comes to being able to fend off such attacks as those used in corporate digital warfare and frankly, its their own fault.

So, where does that leave me? It leaves me thinking that to really make a living and to maximize my talent use, it would be better to walk away from trying to teach these companies anything about securing their data and instead use their weaknesses against them working for such a firm as the Trident Group or any number of others out there. Perhaps to even just start my own agency. After all, who’s job in corporate America is safe today? By being a good soldier and doing your all do you really get any consideration from the company you work for?

Think about it.

Final Analysis:

In the end, I found this book to be quite enlightening. I was rather surprised by the last pages where the author tried to put forth the idea that all corporate intelligence firms should register with the government (ala the SEC) to work. I think he was smoking the proverbial crack pipe when he put that to paper, but I understand his altruistic thrust there. Eamon, that will never happen and it won’t because if you register these places their cover is blown. How would an agency of that type ever really work if the government has them and their employees registered in an ever so safe SQL database on an insecure server somewhere huh?

*Snort*

If you get the chance, read the book. You too will be enlightened as to what is going on out there in the world today. You will not see things in black and white any more, that’s for sure. Oh, and if you are a William Gibson fan, you will undoubtedly have to stop yourselves and think “Shit, he predicted things to the T again!”

CoB

A Dagger To The CIA: How The CIA Has Been Neutered

leave a comment »

The one thing all analysts shared was a disdain for the operatives and their cloak and-dagger pretensions. As far as they were concerned, the operatives’ “tradecraft” was a lot of hocus-pocus. Operatives were cowboys—and of questionable utility.

Analysts were convinced that most good information was right out in the open. All you needed was a good brain to make sense of it. And what you didn’t know from open sources, you could learn from intercepts and satellites.

It’s impossible to pinpoint exactly when the operatives’ sun started to set, but many CIA insiders would point to John Deutch, the former MIT provost and Bill Clinton’s second CIA director. From the moment Deutch set foot in Langley, he made it plain that he hated the operatives, their swagger and arrogance. Deutch held them responsible for some of America’s worst foreignpolicy fiascoes, from the Bay of Pigs to the overthrow of Allende in Chile. In December 1995, he told The New York Times: “Compared to uniformed officers, [CIA operatives] are certainly not as competent, or as understanding of what their relative role is and what their responsibilities are.”

Deutch’s first shot at the operatives was his appointment of Dave Cohen as deputy director of operations, the CIA’s most senior operative. Cohen was an analyst who had never served overseas or run a foreign informant. Deutch’s message couldn’t be any clearer: Anyone can do an operative’s work.

The first thing Cohen did was order a “scrub” of every informant with dirty hands. Drug dealers, dictators’ minions, arms dealers, terrorists—Cohen ordered the operatives to sever ties with all of them. The only problem was, these were the people who mix well with our enemies—rogue regimes like Iran and North Korea and terrorist groups like Hezbollah and Al Qaeda. Deutch and Cohen didn’t care; they had a mandate to clean up the CIA, and that’s what they were going to do.

Headquarters ofiicers started taking more and more of the important jobs in the field. For the first time in the CIA’s history, analysts, reports officers, and logistics officers were given stations and bases to run. (As a reports officer, Kathy technically belonged to the directorate of operations, but in spirit she was much closer to an analyst.) Field experience no longer mattered, either for assignments or promotions.

As the CIA purged informants, it leaned on allies to do our dirty work in the field. Friendly Muslim intelligence services, not CIA operatives, were asked to comb jihadi circles. All this only got worse after September 11. The wars in Iraq and Afghanistan sucked the CIA dry.

In 2006 there were nearly 750 officers assigned to Baghdad station, mostly staff officers on their first overseas assignment. That number may not sound like a lot, but throughout the ’90s there were at most 1,200 to 1,500 CIA employees assigned overseas at any one time.

The rest HERE

A more concise appraisal of what’s gone so so wrong with the CIA I have not seen in print I think. Scheuer, Baer, Bearden, have all said much the same things in their books and interviews, but this captures it with regard to a real event that made the recent news. In context you can see clearly just how piss poor the agency has been run for some time now.

What the article does not cover here is that at the same time this sentiment was being fomented by the DDO and moves were made to place analysts into field positions many of the working field operatives retired (or were forced out) because they saw the writing on the wall. Baer covers this where in the 90’s he was investigated by the FBI for working on an operation with “unsavory” types. He was accused of murder and other things from a sanctioned operation. *Somewhat depicted in Syrianna*

He left soon after. The PC attitude was too much.

Meanwhile, this left the CIA without any real access to the actual bad people that they were supposed to be fighting against. As the article points out, the CIA then began to rely more on foreign agencies for their “dirty laundry” collections. By doing this, the CIA became much more susceptible to getting bad intelligence as well as being manipulated by disinformation.

By using the ISI for example, the CIA was being led down the primrose path many a time because many in the ISI were sympathetic to AQ. In fact, some of the ISI personnel were in fact AQ operatives. So where’s the good in all this? Nothing good can come from friends like these in the intelligence business. Much like the lack of understanding in the case of meeting with Balawi might have been tempered by the wishes of the GID to win the day and present a mole who could get close to OBL.

There just wasn’t enough vetting and relying on a flipped agent is always a tricky thing. Even more so when that flipped agent was so briefly in custody of the GID and likely tortured.

The issue of relying on foreign intelligence sources close to the regions and not having real “experienced” people in the field to determine if someone is credible to work with caused this incident in Khost. It’s simply because of the factors talked about above and the drive to make a mark for yourself in the eyes of the boss. In this case over eagerness and lack of real experience led to the deaths of 8 CIA officers. Officers mind you, who were high level assets for the CIA in the region.. As much as that may seem unlikely.

Meanwhile, we have things like the tearing down of the AQ sites recently against what the CIA wanted. The players of the game are at each others throats and this serves us not.

Here’s some news.. We need HUMINT in the field. We need experienced officers, and we need to get our hands dirty.

Unless there are some big changes planned I should think we are doomed to further and more spectacular failures. One has to wonder what has happened to all those fresh faces who joined just after 9/11…. Probably all analysts like “Kathy” now.

CoB

Written by Krypt3ia

2010/03/24 at 15:12

Iran arrests 30 accused of U.S.-backed cyber war

leave a comment »

(CNN) — Iran has arrested 30 people for waging what it called an organized, U.S.-backed cyber war against the nation, Iran’s semi-official Fars news agency reported Saturday.

Iran’s judiciary said those arrested were funded by the United States beginning in 2006 and that they planned to destabilize the country, according to Fars.

A State Department spokesman declined to comment on the report Saturday night.

The Iranian judiciary said that former President George W. Bush supplied $400 million for the cyber war project, Fars reported.

One branch of the project, dubbed the “Iran Proxy,” was capable of infiltrating Iran’s data banks, sabotaging its Web sites, and facilitating contacts between Iranian opposition figures and U.S.-funded media like Voice of America radio and Radio Farda, according to Fars.

The judiciary also said the United States used anti-filtering software during recent demonstrations against the Iranian government to wage psychological war against the nation, Fars reported.

Iranian media reported last month that individuals alleged to have ties with Radio Farda — which means Radio Tomorrow in Iran’s Farsi language — were among seven arrested by the Iranian government.

I just don’t buy any of this crap Mahmoud. I think this is more likely a pitiful attempt to explain away more arrests of dissidents in your country. There are a few reasons why I don’t buy it.. Let me explain;

1) You’re a liar and completely out of touch with reality Mahmoud

2) You and your hard line religious freaks just need excuses to make people who want freedom or more to the point, an honest election, disappear

3) $400 million to fund a program to get comms together for your detractors? Really? All they really would need is TOR and Gmail man

4) Umm if we want to infiltrate your databanks all we need to do is call the NSA

So Mahmoud, your really stretching here aren’t you?

CoB

Written by Krypt3ia

2010/03/14 at 17:30

PLA officer urges challenging U.S. dominance

with one comment

(Reuters) – China should build the world’s strongest military and move swiftly to topple the United States as the global “champion,” a senior Chinese PLA officer says in a new book reflecting swelling nationalist ambitions.

China

The call for China to abandon modesty about its global goals and “sprint to become world number one” comes from a People’s Liberation Army (PLA) Senior Colonel, Liu Mingfu, who warns that his nation’s ascent will alarm Washington, risking war despite Beijing’s hopes for a “peaceful rise.”

“China’s big goal in the 21st century is to become world number one, the top power,” Liu writes in his newly published Chinese-language book, “The China Dream.”

“If China in the 21st century cannot become world number one, cannot become the top power, then inevitably it will become a straggler that is cast aside,” writes Liu, a professor at the elite National Defense University, which trains rising officers.

Full article HERE

Why do I feel like I have suddenly found myself in the plot of “The Bear and the Dragon” by Tom Clancy? Except instead of oil and gold deposits in Siberia we are waging battle for the gold of IP in the digital void?

This is a very important piece to pay attention to though. This Colonel really does have a contingent of the populace (the younger set) who would love nothing more than to just let the “Dragon” out of the cage to wreak havoc on us. The PLA has become strong and I am sure that some of the hard liners in power think that the “Thousand Grains of sand” approach has about run out of sand.

Look at it this way:

  • Our economy is in the worst place its been since the great depression
  • Our government is completely ossified and unable to do anything
  • Our economic engine has been stalled out and outsourced
  • Our schools are turning out less and less qualified technical people
  • We are a nation divided
  • Our debt is pretty much wholly owned by China
  • We are in a three front war with terrorism
  • Our forces are overstressed and dispersed
  • We have been terrible at securing our digital infrastructure

I could go on, but this was likely ponderous enough for you all. Look, what I am saying is this guy’s right. We are easy pickins really at this moment in time. We are down on the ground and they are the cobra kai.. And we ain’t no “Daniel San” to mix movie cultural references.

Either way I look at it I see some real problems. I know I know, you are thinking that they (China) need us as a trading partner. Yes, yes they do. However, I do not think that they need us “that much” that they would not consider at the very least pulling the plug on us.

There is a growing contingent of ultra national followers in China and they want to be “THE” superpower… And I think that they see their chance now. What would it take to trip the switch?

A blended Cyberwar attack with physical and economic contingent.

Like they say “May you live in interesting times”

Indeed.

Broker, Trader Lawyer, Spy

with one comment

From the Publisher

In this penetrating work of investigative and historical journalism, Eamon Javers explores the dangerous and combustible power spies hold over international business.

Today’s global economy has a dark underbelly: the world of corporate espionage. Using cutting-edge technology, age-old techniques of deceit and manipulation, and sheer talent, spies act as the hidden puppeteers of globalized businesses. They control markets, determine prices, influence corporate decisions, and manage the flow of data and information of some of the world’s biggest corporations. In his gripping and alarming book, Eamon Javers takes the reader inside this hidden global industry. Readers meet the spies who conduct surveillance operations, satellite analysts who peer down on corporate targets from the skies, veteran CIA officers who work for hedge funds, and even a Soviet military intelligence officer who now sells his services to American companies.

This industry has tentacles in almost every industry in almost every corner of the globe. Intelligence companies and the spies they employ are setting up fake Web sites to elicit information, trailing individuals and mirroring travel itineraries, Dumpster-diving in household and corporate trash, using ultrasophisticated satellite surveillance to spy on facilities, acting as impostors to take jobs within companies or to gain access to corporations, concocting elaborate schemes of fraud and deceit, and hacking e-mail and secure computer networks. The work of this industry can be ingenious, but it also raises crucial moral and legal questions in a world where global conflicts are as likely to be corporation versus corporation as they are to be nation versus nation.

This globalized industry is not a recent phenomenon, but rather a continuation of a fascinating history. The story begins with Allan Pinkerton, the nation’s first true “private eye,” and extends through the annals of a rich history that includes tycoons and playboys, presidents and FBI operatives, CEOs and accountants, Cold War veterans and military personnel. Built on exclusive reporting and unprecedented access, this book features accounts of Howard Hughes’s private CIA, the extensive spying that took place in a battle between two global food companies, and interviews with some of the world’s top corporate surveillance experts.

So far, a good read. More and more I think the general population will come to understand that this is a reality and not just the stuff of Ian Flemming. Of course now this book should likely be teamed up with “Dissecting The Hack” to give one a real understanding of today’s threat-scape.

Written by Krypt3ia

2010/03/02 at 01:32

Two Dimensional Thinking on APT Matters

with 2 comments

by Richard Bejtlich at Taosecurity

I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan’s tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:

He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.

I though this quote could describe many of the advanced persistent threat critics, particularly those who claim “it’s just espionage” or “there’s nothing new about this.” Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)

I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it’s new.

  • Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I’ve seen network activity from them. Wonderful
  • Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What’s different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:The APT isn’t just a government problem; it isn’t just a defense contractor problem. The APT is everyone’s problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It’s not spy-versus-spy espionage. It’s spy-versus-everyone.The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
  • Means. Let’s talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu’s office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don’t have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
  • Motive. Besides “offender,” this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim’s centers of power. APT doesn’t only want military secrets; it wants diplomatic, AND economic, AND cultural, AND…
  • Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.

To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you’ll see that APT is indeed new, without even considering technical aspects.

Actually, I disagree with Richard in a few ways. Mostly though, I think that the idea of the APT attacks on anything other than just military contractors as being new is a fallacy. This is especially true when you take into account the latest reports on the oil companies being hacked into years ago and only now being reported on or found.

You see you have to look at the “Thousand Grains of Sand” approach that China has taken and see it for what it is. This is not just military because “everything” affects everything else and the Chinese see this. After all, they invented “Go” So they think much more than two dimensionally from the start.

So, the reality is that this is not new. It’s only new to the masses because the mainstream media has picked up on this as well as the government and private companies.

Now, lets twist this another way.

Not only China has these capabilities. How about the avowed interest of Russia post Putin’s speech that pretty much outlines a program like that the PRC has. Surely too you cannot count the Israeli’s out of this game as they really were the biggest industrial espionage group for a while back in the 80’s. Of course they were using more HUMINT than anything else back then, but the paradigms change don’t they? You evolve to survive.

I respect Richard quite a bit, but here we differ. I am one of those saying that this is nothing new. I see it all over the news and hear it in the halls of power now post Google.

“OMG OMG OMG what will we do?”

How about this. We shore up our defenses by making smart choices in the personal and private spaces on information security. We teach our people more about the “loose lips sink ships” mentality from WWII and make them aware of their responsibilities.

Most of this attack happened through Facebook and social engineering exploits teamed up with good digital surveillance and data-mining. The social behaviors of individuals led to the clicking of the links or the lowering of defenses that allowed these attacks to occur.

We need to change the way we think in American business. The military already gets it with OPSEC etc, but that is a foreign word to most people in the work force at the fortune 500. The same rules apply but the playing field has changed and that is all.

We used to tell people to watch for folks without badges, some place still do. We try to educate them to not let people piggyback through the front door. It still happens. We lecture on physical security issues but human nature is strong and we generally want to be helpful. It is in this trait we fail in security awareness.

So, nowadays its not so much meeting someone at a bar and getting into trouble with a swallow. It’s

“Hey I’m your friend!  Add me!” Or “Hey, I need that password again can you txt it to me?”

After that the “asset” is no longer needed. That is the paradigm change and no, its not so new.

What can we do? How about we start with some real rules on infosec for the masses. We already have SOX, how about we actually have some real audits with real implications on failure? Whatever happened to HIPAA? It still has no tooth and every day it seems I am seeing more stories on lost patient or user data? Wouldn’t a little hard drive encryption go along way? Or maybe some more tutorials on how NOT to lose your laptop in the back of a car.. In the open.

It’s simply this. Until we change the way we think and act, this type of attack will be used against us and succeed.

CoB

Written by Krypt3ia

2010/02/01 at 14:53

Intelligence Guidance for the Week Of Jan 17 2010

leave a comment »



Intelligence Guidance for the Week Of Jan 17 2010

January 18, 2010 7:01:33 AM


Editor’s Note: The following is an internal STRATFOR document produced to provide high-level guidance to our analysts. This document is not a forecast, but rather a series of guidelines for understanding and evaluating events, as well as suggestions on areas for focus.

1. U.S.: The P-5+1 talks took place this weekend. China did not even send a senior diplomat. The Russians made the standard noises about Iran needing to comply, but stated that the time for diplomacy was not yet over. It was more of the same. According to the Israelis, they expect progress by February. That is pretty soon and there will not be progress. We need to be looking what comes next. U.S. President Barack Obama seems to want to postpone dealing with the Iran nuclear program issue, and the Europeans are, of course, happy about that. Obama’s view is that there is the possibility of regime change because of the demonstrations. From our point of view, the only thing the demonstrations showed was how efficient Iran’s security services were, but Obama can use his view to justify delay. So the only significant player in this game is Israel and the threat that they will go it alone. That is not likely, but it is getting close to the time when senior Israeli delegations in the intelligence and security area start arriving in Washington.

The likelihood that POTUS will want to postpone the Iran “come to Jesus” Oops, bad phrase there huh? is pretty high with everything else that is going on lately with the Haiti thing  etc as diversions. The idea that the president thinks that the uprising in Iran will cause anything other than more deaths of protesters, if true, would be sheer flight of fancy.

The Iranian president is only the front man for the actual power there. That power sits in the ultra right Ayatollah and his boys. So, no, there will be no change there. The Iranians will continue on whacking their detractors like the recent Phd that they killed for dual purposes of inciting fear and generating propaganda against the US, aka the “Great Shaitan”

All the while, the Iranian government will be continuing their stepped up efforts in refining more uranium and developing a deployment package for use against Israel. Which of course gives great reason to Israel to deploy any means from Mossad to air strikes on sites to stop or at least slow them down.

I am not of a view that the Israelis will sit on their hands given recent data out of an MI6 asset… Guess it’s wait and see really.

2. Ukraine: Ukraine held elections; the Orange Revolution has now officially failed. The leader of the revolution, current President Viktor Yushchenko, placed far down in the pack and the two leaders in the runoff are pro-Russian. The Russian response will be publicly subdued, but Russian Prime Minister Vladimir Putin and President Dmitri Medvedev must be drinking toasts. We need to try to catch public statements by non-senior officials to capture the mood in Moscow. The only question is how quickly and aggressively Moscow moves after the February elections. We also need to capture the apparatus’ mood.

Ahh the Baltic. Well here we go. I have said it before and I will say it again here. Putin is all about consolidation. I kind of liken him to Victor Tretiak in “The Saint”, ya know, that whole number about getting the power back in Russia. Putin is even to have remarked about a nostalgia for the old Soviet Russia not too long ago.

This time around the KGB didn’t try to poison Yuschenko. They really didn’t have to this time round because he was stunningly bad as a leader. So, with a little muscle and fear, as well as apathy, the election went the way that Moscow wanted. So, as the report says, I assume Putin is drinking it up.

I expect though, that the Russian state and Putin will “quietly” take control. This seems to be a lesson Putin has learned from his KGB days. At least he has a little panache about it, unlike so many of his forebears from the service. Putin is, “politik and kulturni” at the very least.

Keep an eye out on the Baltics. Say maybe Chechnya? See, Putin learned from that one…

4. China: Google’s faceoff with China on censorship brings attention to something we have been talking about. If you want to measure the state of the Chinese economy, look at the aggressiveness of its security posture, not its spreadsheets. The Chinese government is extraordinarily uneasy about its public, which is inconsistent with the rosy picture their economic statistics paint. Google — squeezed harder and harder to be a tool for screening bad news out of China — finally put its brand ahead of the Chinese market, which tells us something about the company’s integrity as well as its read of the market. Since Google has cooperated on security for a long time, the situation must have deteriorated quite a bit. It would be interesting to pick up the RUMINT in the Google cafeteria on what the straw was that broke the camel’s back. Censorship was nothing new.

Umm, I have a bone to pick with this part of the analysis. Not one mention of the whole “Operation Aurora” here. In fact, this reminds me that I think Stratfor needs to add a “cybersec” area to their reporting as a whole. This part of the report just does not cover the goings on with regard to Google and China.

The series of events surrounding this flap are not just about Google’s not wanting to censor things. This flap is also about China’s use of cyber operations to steal code, gather intelligence, and to generally keep the precepts of Tzun Tzu alive. This event is about much more than the “Great Firewall”

Of note is the fact that while this cyber attack was ongoing, Google was also compromised in their Gmail product. The email addresses that were hacked were of dissidents and reporters. A real boon to the Chinese activities against the likes fo Falun Gong and anyone else who does not fit into the master plan.

Of course Google may have been more receptive to being more like Yahoo even with the bad press if the Chinese had not hit them and Google not caught on. In response Google hacked the hackers and to their surprise realised just how hacked their systems were and the damage that was done.

Meanwhile, Operation Aurora was more than just an attack on Google. It was on at least 30 entities including the Chinese favorite of defense contractors. IP and code have been stolen from all of these places in varying degrees. This is what they are really all about where the economy and their stand in the world comes. Their approach of “A Thousand Grains of Sand” will in fact win out if the US does not get its shit together with regard to information security and technical information security.

I would also like to add as a final thought on this one, that these measures are not solely about economic power. They are also honing their skills for that day when they want to shut down the power grid, knock out our economic engine, and halt the military from action… IF they need to. Again I say, we are in deep shit if the US does not get its cyber act together… And yet, we still have to hear word one from our new “Cyber Tsar”

I don’t hold out much hope..

5. Venezuela: All sorts of things are happening in Venezuela, including devaluation, the opening of a jungle warfare school and scheduled electrical blackouts. We have always viewed Venezuelan President Hugo Chavez as a skillful politician able to ride the tiger. But no matter how well he can ride the tiger, Venezuela is beginning to look like a low-class Bulgaria from 1970. At some point Chavez is going to run out of velvet and his apparatus will break under him. We are not saying this is the time, but the things that are happening are getting pretty bad. We need to start keeping an eye out for resistance to the regime.

Hugo, oh Hugo… I remember those heady days in the 80’s when the US was messing about in South America almost openly. Now, we have a boomerang kind of scenario with the fallout from the 80’s. Now of course Hugo has oil so perhaps we will be making a play for him and the country yet huh? Perhaps not with the present admin.. But.. Maybe the next. We shall see huh?

In the meantime, Hugo will cozy up further with Putin and continue to run the show down there. I agree though, its looking worse and worse down there as infrastructure and quality of life deteriorate.

Overall, interesting report.

Written by Krypt3ia

2010/01/19 at 01:06

A Blow Against The Proletariat?

with one comment

The computer hack, said a senior member of the Inter-governmental Panel on Climate Change, was not an amateur job, but a highly sophisticated, politically motivated operation. And others went further. The guiding hand behind the leaks, the allegation went, was that of the Russian secret services.

Full Article

Well well well.. I was just saying to someone the other day that I had thought that this hack was a paid and planned gig. The real tip off for me was that the hackers had been culling data for some time before the release to the intertubes. As it turns out, there is even more evidence to perhaps link this hack to Russia.

The files were placed on a server in Tomsk, which could be a coincidence.. But…

At any rate, this smacked of a directed attack against the whole idea of climate change and likely was a paid exploit.

Who would have the most to gain here?

Would a nation state seek to quash the argument?

Interesting timing with this whole Copenhagen climate summit going on no?

I have to wonder if we will ever really know…

Written by Krypt3ia

2009/12/11 at 01:56