Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Subversive Behavior’ Category

STRATFOR: “Watching for Watchers” aka Tradecraft in Surveillance and Counter Surveillance

with one comment

Situational awareness is a term that I posted about last week and it seems that Stratfor, the site that I yanked the post’s genesis from, has continued on in that vein to teach us all more about it. In this next article though, they went deeper into the operational aspect of “SA” and writes a nice little piece on surveillance and counter-surveillance.

The article starts out talking about the basic premise that is their aegis in writing and posting this article. The terrorist threat today is the one that they concern themselves off the bat with. Terrorists, like any other group or entity perform surveillance of their target before they attack. This is an operational standard that the terrorists learned from the intelligence agencies of the past and today. By using some of the techniques “poorly evidently by Stratfor’s account” they indeed did perform surveillance against not only the twin towers, but also as has been seen, nuclear facilities, bridges, and other important buildings with video cameras pretending to be tourists. Thus you had that spate of photographer harassment in NYC and other places post 9/11.

In the article though, the start with the common criminal and work their way toward the Jihadist terrorist in this way;

On the other extreme are the criminals who behave more like stalking predators. Such a criminal is like a lion on the savannah that carefully looks over the herd and selects a vulnerable animal believed to be the easiest to take down. A criminal who operates like a stalking predator, such as a kidnapper or terrorist, may select a suitable target and then take days or even weeks to follow the target, assess its vulnerabilities and determine if the potential take is worth the risk. Normally, stalking criminals will prey only on targets they feel are vulnerable and can be successfully hit, although they will occasionally take bigger risks on high-value targets.

Of course, there are many other criminals who fall somewhere in the middle, and they may take anywhere from a few minute to several hours to watch a potential target. Regardless of the time spent observing the target, all criminals will conduct this surveillance and they are vulnerable to detection during this time.

Given that surveillance is so widely practiced, it is quite amazing to consider that, in general, criminals and terrorists are terrible at conducting surveillance.

There are some exceptions, such as the relatively sophisticated surveillance performed by Greenpeace and some of the other groups trained by the Ruckus Society, or the low-key and highly detailed surveillance performed by some high-end art and jewelry thieves, but such surveillance is the exception rather than the rule.

Now in the above snippet they make the generality that most criminals are just bad at this and are not properly trained. Of course there are differences in the likes of the “art thief” or the “Greenpeace” activist. These though, are the exception now, but, given time and the desire of the parties involved, I am sure this could be an operational standard in the future for the smart criminal and the well funded and operations savvy terrorist.

The case of the 19 who attacked on 9/11 were such a case.

The article moves on to the more defined and practiced skills of surveillance and counter-surveillance/evasion to include TEDD (time, environment, distance and demeanor) which is an operational term for a practice that one must carry out if they are in the business and bound to be surveilled. This is not something the every day person really will use but, is an interesting point of fact for consideration if you as Joe Q Public, are going to be “Situationally Aware” for such things as a terrorist surveilling your local subway stop, nevermind the criminal looking to score by robbing you in an alleyway or dark corner on the street you usually travel.

The U.S. government often uses the acronym “TEDD” to illustrate the principles that can be used to identify surveillance conducted by counterintelligence agencies, but these same principles also can be used to identify criminal and terrorist surveillance. TEDD stands for time, environment, distance and demeanor. In other words, if a person sees someone repeatedly over time, in different environments and over distance, or someone who displays poor surveillance demeanor, then that person can assume he or she is under surveillance. If a person is being specifically targeted for a planned attack, he or she might be exposed to the time, environment and distance elements of TEDD, but if the subway car the person is riding in or the building where the person works is the target, he or she might only have the demeanor of the attacker to key on because the attacker will not be seen by the observer over time and distance or in different environments. Time, environment and distance are also not applicable in cases involving criminals who behave like ambush predators. Therefore, when we are talking about criminal surveillance, demeanor is the most critical of the four elements. Demeanor will also often work in tandem with the other elements, and poor demeanor will often help the target spot the surveillant at different times and places.

The short and long of it is that you need to be aware of your surroundings, the terrain, the choke points, and the usual faces that are there in order to notice when things are amiss and know a way to escape should it be necessary. This all takes some knowledge of the “Tradecraft” of spying and surveillance. I have written before about this subject and think it is important. Stratfor had this to say on this subject where surveillance is concerned;

The term “tradecraft” is an espionage term that refers to techniques and procedures used in the field, but term also implies quite a bit of finesse in the practice of these techniques. Tradecraft, then, is really more of an art rather than a science, and surveillance tradecraft is no exception. Like playing the violin or fencing with a foil, it takes time and practice to become a skilled surveillance practitioner. Most individuals involved in criminal and terrorist activity simply do not devote the time necessary to master this skill. Because of this, they have terrible technique, use sloppy procedures and lack finesse when they are watching people.

Surveillance is an unnatural activity, and a person doing it must deal with strong feelings of self-consciousness and of being out of place. People conducting surveillance frequently suffer from what is called “burn syndrome,” the erroneous belief that the people they are watching have spotted them. Feeling “burned” will cause surveillants to do unnatural things, such as suddenly ducking back into a doorway or turning around abruptly when they unexpectedly come face to face with the target. People inexperienced in the art of surveillance find it difficult to control this natural reaction. Even experienced surveillance operatives occasionally have the feeling of being burned; the difference is they have received a lot of training and they are better able to control their reaction and work through it. They are able to maintain a normal looking demeanor while their insides are screaming that the person they are surveilling has seen them.

In the end, I think that some people may find this information helpful. Some may see it as a fun game they can play to become more situationally aware. Some may actually take these gleanings and use them to perhaps someday save others from being a victim of a terrorist act. Who knows… I think though that these are important skills that can be applied in many ways. Whether or not you live in the city or are just visiting, if you are self aware enough, you can at the very least protect yourself from crime.

In another context though, anyone in the business of information security, physical security, and or any job where you handle information that may be considered important enough to classify, then these skills can be adapted to your particular “situations” for security purposes. In essence, your place of business may in fact be a target of criminal and or state sponsored actors and YOU might be able to detect this and stop it.

How?

Well, let me elucidate.

You see, just yesterday I posted an article on the fact that there seemed to be a rash of physical intrusions and thefts at government buildings recently. Had the people at these offices been situationally aware, then perhaps they would have stopped these people and asked some questions. Perhaps they might even have stopped them from coming through the door in the first place huh? Instead, they paid no attention and the thieves went on their way with hardware and potentially, data that could be damaging to the country.

I myself have taken advantage of this lack of situational awareness many times while auditing facilities. I have created bogus badges, I have used no badges, I have used the old “I’m new here” routine and never have I been stopped by anyone. In fact, its been quite the opposite. People have helped me get onto their networks, into denied areas of buildings, and given me tidbits of data that have been key to opening doors to data and physical access later on.

People are just not situationally aware generally.

So what do we do now? How do we fix this? Well, I suggest for a start that more companies actually have security awareness programs that enlighten on these issues. They need not go into the detail of a TEDD exercise, but, at least cover the facts that in every day life at work, someone may want to gain access to their desk and their terminal if not get through the front door unchecked.

You see that guy with the cigarette out back just smoking and hanging out by the locked door? You know him? If not, then you make him badge in. If he can’t, then its time to go to the security desk out front and NOT let him through that door.

Situational Awareness…

CoB

Full article HERE

Written by Krypt3ia

2010/06/17 at 15:50

Adrian Lamo: From Homeless Hacker to Lamer?

with 6 comments



From the Sacramento Bee

On Thursday afternoon, Adrian Lamo sat quietly in the corner of a Starbucks inside the Carmichael Safeway, tapping on a laptop that requires his thumbprint to turn on and answering his cell phone.

The first call, he said, came from an FBI agent asking about a death threat Lamo had received.

The second was from a Domino’s pizza outlet. One of his many new enemies had left his name and number on a phony order.

The third was from Army counterintelligence, he said.

In other circumstances, it might be easy to dismiss his claims.

He is an unassuming 29-year-old who lives with his parents on a dead-end street in Carmichael and was recently released from a mental ward, where he was held briefly until doctors discovered his odd behavior stemmed from Asperger’s syndrome.

On Thursday, he was dressed in black. A rumpled sport coat covered his bone-thin frame, and a Phillips-head screw pierced his left earlobe – a real screw, not an ear stud made to look like one.

He spoke slowly and methodically, sounding almost drunk, a side effect of medication he takes to treat Asperger’s, anxiety and his rapid heartbeat.

But Lamo is the most famous computer hacker in the world at the moment, the subject of national security debates and international controversy – and a target of scorn in the hacker community that once celebrated him.

He first gained notoriety in 2003, when he was charged with hacking into the New York Times computer system, essentially just to prove he could.

“I just wanted to see what their network was like,” he said. “It was going to be the Washington Post, but I got distracted by a banner ad.”

He has re-emerged in the spotlight following his decision last month to tell federal agents he had reason to believe an Army private in Iraq was leaking classified information. He said the information was going to WikiLeaks.org, a website based in Sweden that publishes information about governments and corporations submitted by anonymous individuals.

The soldier, Pfc. Bradley Manning, a 22-year-old intelligence analyst who was stationed near Baghdad, is reportedly being held by the Army in Kuwait while the case is investigated.

Lamo said Manning contacted him online after reading a profile of him on wired.com, which first reported Manning’s arrest and Lamo’s involvement last Sunday. Manning, he said, bragged about leaking classified military information to WikiLeaks, including the so-called “Collateral Murder” video of a U.S. helicopter attack in Baghdad that killed several civilians in 2007. That video appeared on WikiLeaks in April.

Lamo said Manning also claimed to have leaked other materials to the website, including 260,000 U.S. classified diplomatic cables.

“I couldn’t just not do anything, knowing lives were in danger,” Lamo said. “It’s classified information, and when you play Russian roulette, how do you know there’s not a bullet in the next chamber?”

Full article HERE

Adrian Lamo, a name that in the hacker community for a while, was a zeitgeist for the altruism of hacking in the original sense. He popped into systems and networks with only a web browser and told the companies he had compromised in an effort to secure them. Frankly, the recent diagnosis of Aspergers makes a lot of sense to me and likely to others who have met him or know of him by watching him. He has an interesting personality that borders on the strange and Aspergers may well explain his focus on such minutiae as he has shown up with in his hacks.

With the events of late regarding his turning in the alleged source for Wikileaks, there has been a fair bit of loathing on the part of the hacker community against Lamo and I for one think that he did the right thing. Look, this guy Manning has yet to be shown to be a Daniel Ellsberg here. Daniel released data that unequivocally showed that our government was lying to us about Viet Nam. Perhaps some of what Manning was seeing was on par with that, but, he went to Wikileaks instead of say the New York Times with his allegations. In fact, I have not heard anything substantive out of Manning that would lead me to believe that he is anything more than a hacker wannabe or.. Just someone craving attention. The mere fact he went to Lamo on this show’s more about his motives than anything else.

If you look at the chat transcripts there is no real sense that this guy was looking to put an end to conspiracy as much as get Lamo to like him… Simple as that I think. So, what Lamo did was in my mind right. He reported the potential for large leaks of cables that could blow NOC agents all over the world potentially as well as place our diplomatic aspirations globally at risk. Who knows what else might have been given to Wikileaks and or may be out of pocket elsewhere thanks to Manning. The damage could be long in coming and severe really and Lamo could see that. Not to mention that he knew enough that now he was a party to treasonous acts and could by just knowing of it, be a co-conspirator had he not reported. If he thought he knew the dark side of the judicial system before with the Grey Lady incident, he certainly could fathom what would happen to him on treason charges.

So, all the hacker kiddiez out there.. Leave him alone. He actually did the right thing here. Cut out the death threats and all the BS that certainly is going to go on… Especially at DC18 I am sure he will get some negative attention because many of the hacker types are childish narcissists to start. Its time to grow up.

Now, with all that said, should there have been some epic malfeasance on the part of the government along the lines of the Pentagon Papers, then I would understand in passing such data to the Times or perhaps even to Wikileaks. However, without there being confirmed actions on the part of our government, I cannot agree with what has happened. Yes, the footage that came out and the subsequent recognition that civilians in a war zone were killed by US forces fire is bad and perhaps there was some attempt at covering up, it does not merit the continued and further exploitation of all data at the hands of this guy.

For an analyst he sure wasn’t analyzing the data. I guess that some of this all will come out eventually if there is a trial that can be reported on by the press. Though, likely it will not as everything is classified.

What may be more telling is that what Manning did was so easily done with SIPRNET systems and alleged compartmented data. Once again, the measures that the military had taken, even with the assumption of “trust but verify” were clearly not being carried out here. I have heard the stories before and seen the fall out from processes not being followed where security is involved not only in the military area, but in every day corporate life. If you fail to carry out your basics of OPSEC and INFOSEC, then you FAIL epically to retain your data security.

Bad on the military here.

In any case, Lamo did the right thing either for his own skin’s safety or a real sense of just how far reaching the damage could be to this country. As well, this incident may actually get him closer to being a truly functional member of the security community.

Well done.

CoB

Written by Krypt3ia

2010/06/14 at 17:46

Auditing Career: Dealing with Mentally Unstable Managers

with 3 comments

My Psychologist friend jokingly suggested that auditors receive training  on how to interact with people suffering with  Attention Deficit Disorders, bipolar disorders and in group dynamics in the corporate environment.    A company’s culture is a very complex organism.   Even the smallest places have complicated political and social layers (silos) that have nothing to do with the official roles and functions performed by individuals and shown in organizational charts.    Decisions in organizations, anyone who is observant will confirm, are not always made based on logic, business reasoning, policies, controls, and/or the need to comply with external regulations.  They are often made based on fear, anger, sexual attraction, insecurity, jealousy, greed, hate, prejudices and confusion. Because of these things, it is easy for mentally unstable people to “hide” in the open.   In many organizations these behaviors are sheltered because those at the top benefit from that sort of culture.

I love this line that I have highlighted, because really, its the basis of 99% of the decisions made in corporations. Much of that decision making process on the lower levels (operations) are made for the more base desires founded within the daily sloth of individuals that comprise the management set.

Really.

The thrust of this article is predicated on the idea that many people in positions of management are in fact potentially mentally ill, or show signs of such behavior. I can see some of that, but that is not the case all of the time. This article does not take into account the sloth and greed factors as much as they should be I think on a gross product level within American corporations. Sure there is a lot of greed, but, the closer assessment I have made has been that no one wants to be responsible and would rather just have a “good day” and go home after a solid 7.5 hours of internet surfing.

Other areas of concern would be ineptitude, negligence, lack of capacity for comprehension, and general lacksadazical attitudes on the parts of many where these matters (security/audit) are concerned. These are also backed by the near absolute lack of real follow through by entities to fine and or censure companies that do not comply with regulations and really audit companies well to assure they are doing their part.

So, lacking any real negative re-enforcements, the masses fall into a complacency that allows for such behaviors and feelings of entitlement on the part of managers etc. Also, because of the varying morays of corporations, it is also possible to maximize the behavior because the “manager” is God in the org and can do nothing wrong. If they want that open pipe to the internet to surf YouTube and have a sub standard (and against written corporate policy) password as well as no hard drive encryption to boot, then BY GOD they should have it because they are “management”

In a word, I would say that much of corporate America is “dysfunctional” and needs a good spanking as well as be sent to bed without supper! Or maybe, just maybe some more and REAL oversight in how they do their business should be carried out. Much like we are now seeing with the whole issues with Goldman Sachs and their cavalier attitudes on selling “pure intellectual masturbation” to the masses, thus crashing the economy.

Meh….

On the other hand, were you to take these features into account when you are auditing a company (more to the point penetrating one) then you could use all of these features in your attack. So, remember, always look at not only the threatscape, but also the psy-scape for your openings. Open your ears and take mental notes, because that sub standard password and other breaking of the rules could get you in much further much faster than by having to gain a toehold elsewhere kids.

CoB

Social Engineering: The Gate Crashers

with one comment

First off, let me say “KUDOS” for actually getting into a state affair with the Secret Service at the door as well as trained snipers on the roofs and NOT getting shot. However, MAJOR points must be taken away for posting the escapade on your FACEBOOK you numbnuts!

Now with that said, I am impressed at the balls here. I mean sure, crashing a high end star party is one thing, but to get into the White House during such an event is really a crown jewel in the game of gaming people in the social engineering world. I mean, just the layers of security should be daunting with not only the Secret Service, but no doubt some of the Indian services there too there was a lot of opportunity of being caught. Not only caught, but likely stuffed in a car and taken to an interrogation room for many many hours.

But you two got away with it.. Until you decided to bone headedly put the pics on facebook. What were you thinking?

I can imagine now though what the detail on duty is going through, especially the guy who let them in at the final gate must be going through. THIS could be a career ender for the SS guy or woman who fucked the pooch here. In fact the whole team on duty could be in trouble. Lets see what the internal investigation brings shall we?

I also have to wonder what will happen to these two. I am sure some kind of charges will be proffered.

Hmmm I wonder if there will be many more gate crashers now…

“White House Party Crashers: How They Did It”

Written by Krypt3ia

2009/11/27 at 13:32

Subversive Thoughts

leave a comment »

I was listening to Art Bell today and had a rather subversive thought. This song is based on a phone call that Art recieved on 9.11.97 claiming to be a former employee of Area 51. The odd thing about this incident was that the call was cut short suddenly when the network went down that carries Art’s show. Even more odd is that 30 minutes later the system came back online and the only explanation of its downing was that the satelite system lost “Earth lock” in essence, it forgot where Earth was.

At about 11 p.m. PST, Thursday, September 11, 1997, he designated one phone line for Area 51 employees who wanted to discuss the secretive base. Several callers claimed to work at Area 51, but the bizarre highlight of the night came when a seemingly distraught and terrified man claimed to be a former Area 51 employee recently discharged for “medical” reasons. He cited malevolent extraterrestrials at Area 51 (“extra-dimensional beings” who are not “what they claim to be”) and an impending disaster that the government knew would take out “major population centers.” Midway through this call, Bell’s program went off the air for about 30 minutes. After talking to network engineers, the official explanation was that the network satellite had “lost earth lock” or forgotten where the earth was. Network officials were baffled, and the cause remains a mystery.

So where’s the subversion? Well, I would like to actually get my hands on a nice little SW transmitter and randomly broadcast this clip like a numbers station. That would be fun to mess with the SW monkeys with a random burst of this clip and some digits… Maybe in a little kid voice like in some of these videos

Hmm I can get a SW transmitter for under $300.00 ponder ponder…. I wonder if the FCC will really make an effort to DF me…



Written by Krypt3ia

2009/04/15 at 01:31