Archive for the ‘Tactics’ Category
Spies Using Social Media? No. Way. *Eyeroll*
THIS rather breathlessly hyperbolic report on JTRIG using social media and hacking to spy on, or manipulate people, governments, and movements as well as gather INTEL on them had me eyerolling. Yes, this is new in that social media is new as is the Internet and hacking but really, the techniques of manipulating populaces for political and espionage advantage are nothing new. The spy agencies out in the world perform these PSYOPS and disinformation operations all the time and in the olden days kids they used to manipulate the press, then TV and the press, then INFOTAINMENT. There is nothing new here…
What you all have to realize is that now YOU are more easily hackable, your information more able to be stolen or accessed by writ of law, or YOU give it away by using applications that have been expressly created to give the agencies access to you as in this URL shortener that GCHQ used on the protesters in the Arab Spring. You all have to realize that unless you are code auditing everything you use on the net, then you too could easily fall prey to information leakage or outright compromise if you are a target of the “community” at large.
I would also like you all to take note that those who may support Wikileaks, or be a member of say Anonymous also were targeted and used in this operation by GCHQ as well so if you are an Anon, you too have been targeted rather directly (like the citation of Topiary’s conversations) so you too are not safe even if you are trying to use good OPSEC, which, it turned out, and I have written about in the past, you were not. Oddly enough though, the Snowden leaks on JTRIG also show how the same issues are at play for those operators within NSA/GCHQ as well. Trying to keep sock accounts straight, know the language and the patter, as well as the political issues is problematic when you are doing things on a larger scale (trust me I know) so at least you have that going for you right?
Heh.
Wake up people.
OPSEC… Live it.
Dr. K.
JIHADI’S HOLD LEGION OF DOOM CON CALL!! WOULD YOU LIKE TO KNOW MORE?
AZIJ XXRZ HMCKIDACVA GZ UZZW!
The Legion of DOOM!
Yesterday the camel’s back finally snapped in my head after reading a post on Harper’s Magazine entitled “Anatomy of an Al Qaeda Conference Call” which the author called into question the whole story that was put out by the Washington Times and their “anonymous sources” The paper claimed that Ayman Zawahiri and all the heads of the various jihadi splinter groups got onto their polycom phones and their SIP connections to have a “concall” as we say in business today.
You all may remember the heady headlines in the last couple weeks where the mass media picked up on this story and began scribbling away on how the so called jihadi “Legion of Doom” dialed in for a sooper sekret meeting to plan the end of our Western Civilization. Now, I am sure some of you out there have seen my screeds (140 chars at a time more so recently) on just how we get played too often by the media and the government on some things but this, this is just epic stupid here. If you or anyone you know believed any of this claptrap coming from the media please seek psychiatric attention post haste.
Let me tell you here and now and agreeing with the article cited above, that the “LOD” did not have a skype or asterisk call to plan our downfall. At the most they likely had a meeting of the minds in a chat room somewhere within the jihadist boards out there or had a server set up somewhere for them all to log into an encrypted chat. I lean towards the former and not the latter as they usually lack subtlety online. Though, given the revelations from Mssr “Snowman” I can see how the prudent Ayman would want this to be on it’s own server somewhere and for people to authenticate locally and encrypted on a system that does not keep logs… But I digress…
Suffice to say that a group of leaders and minions thereof got together for a chat on <REDACTED> and that they talked about plans and ideas (from hereon I am going to coin the term ideating) for the destruction of the West and the raising of a new global caliphate. Does that sound familiar to you all? Gee, I can’t seem to put my finger on where I have heard that one before. … So yeah, there was a meeting, there were minions, and there were plans but here’s the catch; NOTHING WAS SAID THAT ALLUDED TO A REAL PLAN! No, really, there wasn’t any solid evidence that prompted the closing of the embassies all over. It was a smoke and mirrors game and YOU all were the captive audience!
As you can see from the article cited there seems to be a lot amiss with all of this now that some reality has been injected into the media stream of derp. Why was this all brought to you in the way it was put out there by the media? Was it only the demented scribblings of one reporter seeking to make copy for his dying paper? Or was there more to it? Was there a greater plan at play here that would have the media be the shill to the duping of the public in order to make them see say, the NSA in a different light in these times of trouble for them?
Makes you wonder huh?
DISINFORMATON & OPSEC
So yeah, a story comes out and there are “sources” sooper sekret sources that are telling the reporter (exclusively *shudder with excitement*) that the Great Oz of the NSA has intercepted a LIVE call with the LOD and that it had scary scary portents for us all!
WE. ARE. DOOMED!
That the NSA had help prevent a major catastrophe from happening because they had the technology and the will to listen in on a conversation between some very bad dudes like Ayman and the new AQAP leaders plotting and planning our cumulative demise.
*SHUDDER*
The truth of the matter though is a bit different from the media spin and disinformation passed on by the so called “sources” however. The truth is this;
- The “con call” never happened. There was no set of polycoms and Ayman is not a CEO of AQ.
- The fact is that Ayman and many of the other “heads” of the LOD were not actually there typing. It was a series of minions!
- The contents of the “chat” were not captured live. There was a transcript captured on a courier that the Yemeni got their hands on and passed it on to the Western IC. (So I have heard, there may in fact be a chance they captured the stream using this guys acct) the Yemeni that is, not so sure it was us.
- As I understand it, there was nothing direct in this series of conversations that gave any solid INTEL/SIGINT that there was a credible threat to ANY embassies.
There you have it. This has been WHOLLY mis-represented to the Amurican people. The question I have is whether not there was an agenda here on the part of one of the three parties or more.
- Right wing nutbag Eli Lake
- The “anonymous sources of intel”
- The “anonymous sources handlers”
These are the key players here that I would really like to get into the box and sweat for a while. After the madness was over and sanity let it’s light creep into the dialog, we began to see that these so called sources were no more or less better than “CURVEBALL” was during the run up to the Iraq war. In fact, I guess you could say they were less effective than old curveball because we did not actually go into another half baked war on bad intelligence this time did we?
Another question that should be asked here is why was this information leaked in this way to the press on an ongoing operation that I would say might be pretty sensitive. I mean, you have a channel into a chat room (or *cough* con call as the case may be har har) that you could exploit further and yet you decide to close all the embassies and leak the fact that you have closed said embassies because you intercepted their sooper sekret lines of communication?
*blink blink*
Holy what the Hell? What are you thinking POTUS and IC community? Oh, wait … Let me ideate on this a bit….
- The intel community is in the dog house right now because of the SNOWMAN FILES yup yup
- So a WIN would be very very good for PR wouldn’t it? I mean you don’t have to hire a PR firm to figure this one out right?
- HOLY WIN WIN BATMAN! We tell them we foiled their plans using sooper sekret means that the public hates for infringing on their “so called” rights and we can win hearts and minds!
Could it be that simple?
All joking aside though, think about it. Why blow an operational means of watching how the bad guys are talking UNLESS it was never something you really had access to in the first place right? You could win all around here (though that seems to be backfiring) IF the Yemeni passed this along and it was after the fact then how better to make the AQ set abandon the channel by saying you had access to it?
Right…
How better also to try and get a PR win by alluding (ok lying lying lying with pantalones on fire!) that you had compromised (you being the NSA and IC here) said channel! I guess overall the government thinks that the old axiom of “A sucker born every minute” still applies to wide scale manipulations of stories in the media to sway thought huh? Oh and by the way, if any of you out there think this is just too Machiavellian I point you to all those cables dropped by Wikileaks. Take a look at the duplicity factor going on in international realpolitik ok?
Political Wag The Dog
It seems after all once all the dust has settled that either one of two things happened here;
- Eli Lake did this on his own and played the system for hits on his paper’s page
- Eli Lake was either a witting or un-witting dupe in this plan to put out some disinformation in a synergistic attempt to make the IC and the government look good on terrorism in a time where their overreach has been exposed.
It’s “Wag The Dog” to me. Well, less the war in Albania right? I suggest you all out there take a more jaundiced eye to the news and certainly question ANYTHING coming from “ANONYMOUS SOURCES” on NATSEC issues. It is likely either they are leakers and about to be prosecuted, or there is a cabal at work and DISINFORMATION is at play using the mass media as the megaphone.
Sorry to sound so Alex Jones here but hell, even a clock is right twice a day.
K.
Sun Tzu and The Art of Cyber-War
A mgbkf zugx sbw nrkl wqvrkvuj!
Sun Tzu and The Art of Cyber-War
A while back I decided to throw my hat in the ring for RSAC and Shmoo. I made neither’s list of presentations but I thought this still was worth putting out there for people to see. I had been talking with Jericho and Josh Corman about cyber war because of their presentation at Brucon and this idea popped up in my head because Jericho had pointed out too many people cite Sun Tzu poorly in these types of presentations. Well Jericho is right and often times not many of the tenets of Sun Tzu make it into the presentations. On average you will see maybe one or two and that’s it but The Art of War has many other chapters and quotes that map to general warfare and that includes Cyber-War (so called) Generally however the overall tactics put forth by the Art of War are applicable because this is warfare we are talking about no matter the landscape (electronic) that we are fighting it in. You still have adversaries looking to defeat one another using guile and force today just as in the day of Sun Tzu. The real issue comes down to reading between the lines of the old text and applying the ideas to the modern landscape of the electron, the malware, and the phishing attack.
All of these efforts though will lead to the age old means of kinetic warfare and this is what people seem to not understand so well today. War is war and eventually its all going to be about the guns and bombs and not so much just about the data being stolen or messed with. We have a problem today in the semantic of war in the digital age that needs to be cleared up for the general populace. I hope that this tutorial will not only be historical but also give the reader the tools needed to understand that cyber-war is not the end all be all, it is in fact just a precursor to the type of war that has been waged since man could pick up a rock and throw it.
China, Sun Tzu, & APT
On another level though, I find it amazing that more people have not had the light bulb go on about our situation today with regard to Chinese hacking and espionage. What we have seen is not cyber-war yet but the prelude, the reconnaissance to carry out war and that is all. The Chinese (and others) have begun mapping our networks, prodding our defenses, and assessing our overall readiness by using digital attacks on private and governmental networks and systems. Think of it all as spying and not just one for war footing alone. There is of course the industrial espionage as well but in the case of China in particular they are all means to an end. The “Thousand Grains of Sand” approach is doctrine in China as is the mindset they have always had having had masters like Sun Tzu as their teachers. Look at this slide deck and then take a step back and look at the APT-1 report as well as others. Note that the Chinese military is the state and that the PLA is just an arm of the military unlike in the US where the military is a little more separated and at the behest of POTUS.
Sun Tzu said it best in The Art of War;
“It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.”
It’s time to be more introspective about ourselves as well as the adversary and Sun Tzu is a good way to get there.
K.
INFOPOCALYPSE: You Can Lead The World To The Security Trough.. But You Can’t Make Them Think.
“Dark, profound it was, and cloudy, so that though I fixed my sight on the bottom I did not discern anything there”
(Dante Alighieri; The Inferno)
The current state of the Security “Industry”
It seems that once again people who I have acquaintance with in the security industry are wondering just how to interface with corporations and governments in order to build a base of comprehension about the need for information security. The problems though are myriad with these questions and the task to reach people can be a daunting one, never mind when you have groups of them in hierarchies that comprise some of the worst group think in the world (AKA corporations)
Added issues for the “industry” also surround the fact that it is one at all. Once something moves from an avocation to a profession, you have the high chance of it becoming industrialised. By saying something has been made industrialised, implies to many, the cookie cutter Henry Ford model really. In the security world, we have seen this from the perspective of magic boxes that promise to negate security vulnerabilities as well as teams of consultants who will “securitize” the company that is hiring them with magic tools and wizardry. The net effect here is that those paying for and buying into such products and services may as well be buying a handful of magic beans instead.
Now, not every company will be efficacious in their assessments nor live up to the promises they make for their hardware/software solutions. Many practitioners out there and companies really try to do the right thing and do so pretty well. However, just as in any other business, there are charlatans and a wide range of skilled and unskilled plying their arts as well. Frankly, all that can be said on this issue is “Caveat Emptor” It’s a crap shoot really when it comes to goods and services for security solutions. The key is though, to be able to secure yourselves as a company/entity from the standpoint of BASIC security tenets up.
Often its the simple things that allow for complete compromise.. Not just some exotic 0day.
So we have a cacophony of companies out there vying for people’s dollars as well as a news cycle filled with FUD that, in some cases are directly lifted from the white papers or interviews with key players from those said same companies seeking dollars. It is all this white noise that some now, are lamenting and wondering just how do we reign things in and get a stable base to work from in an ethical way to protect companies and individuals from information security meltdowns. More so it seems lately, the question has been how do we reach these people in the first place? How do we actually get a meaningful dialogue with the corporate masters and have them come away with the fundamentals of security as being “important”
Unfortunately, I think that there are some major psychological and sociological hurdles to overcome to reach that point where we can evince the response we all would like to see out of those C level execs. I have written about them before, but I will touch on them again later in this piece. Suffice to say, we all have a tough row to hoe where this is concerned, so, I expect there to be no easy answer… Nor really, any satisfactory conclusions either.
“It is a tale Told by an idiot, full of sound and fury, Signifying nothing”
(Shakespeare; MacBeth)
Security Joan of Arc’s and their Security Crusade:
Joan De Arc was a woman ahead of her time. She wore men’s clothing and lead the French in battle against the English and to victory, all as a teen girl. She later was burned at the steak for heresy and just recently made a saint many years later. I give you this little history lesson (link included) to give you an idea of who you all are in the security industry lamenting over not being listened to. You too may be ahead of your time, but, just as she was, you too will not be listened to because your ideas (to the listeners) are “radical”
Now, radical is a term I am using to denote how the corporate types are seeing it. We, the security advocates, do not see these concepts as radical, but instead as common everyday things that should be practices (complex passwords, patching effectively, etc) They (the client) see these things as impediments to their daily lives, their bottom lines, and their agenda’s both personal and corporate. There are many players here, and all of them have agenda’s of their own. This is a truism that you must accept and understand before you rail against the system that is not listening to your advice.
Here’s a bit of a secret for you.. The more ardent you seem, the more likely you will be branded a “Joan” The perception will be that you are a heretic and should not be listened to. Instead you should be marginalised in favour of the status quo.. After all, they have gone about their business every day for years and they are just fine! The more you rail, or warn with dire tones, the more you will be placed at the back of the mind.
Think Richard Clarke (I heard that chuckle out there)
Though Joan inspired the French forces to battle on and win more than a few battles, she eventually was burned at the steak. Much of this was because of her unique nature and fervour. Much as yours may do the same to you… Without of course literally being burned at the steak and you all must learn this. I think you have to take a page from the hackers playbook really and use the axiom of being a “Ninja”
The subtle knife wins the battle.
“If the Apocalypse comes, beep me”
(Joss Whedon;Buffy the Vampire Slayer)
What’s the worst that could happen really?
The quote above really made me chuckle in thinking about this article and the problems surrounding the premise. This I think, is the epitome of some people’s attitudes on security. Most folks just go along their days oblivious to the basic security measures that we would like them to practice as security evangelists. The simple fact is that like other apocalypse scenarios, people just have not lived through them and been affected by them to change their behaviours accordingly. What solidified this for me recently was the snow storm last October here in New England that caught so many people flat footed. They simply had not ever really had to rely on their wits and whatever they had on hand before like this. When the government and the corporations (CL&P) failed to provide their services to the populace, the populace began to freak out.
Its the same thing for information security. Whether it is the government or the corporations that supply us all, both are comprised of people who all pretty much lack this perspective of being without, or having really bad things happen to them. 9/11 comes the closest, but, that only affected NYC and DC directly (i.e. explosions and nightmarish scenarios with high casualties) In the case of corporations, you have lawyers and layers of people to blame, so really, what are the risk evaluations here when it is easy to deflect blame or responsibility? For that matter, it was inconceivable to many in the government (lookin at you Condi) that terrorists would use planes as missiles… Even though a month before a report was handed out with that very scenario on the cover.
The core of the idea is this. Human nature on average, and a certain kind of psychology (normative) that says “This can’t happen to us” We all have it, just some of us are forward thinking and see the potentials. Those forward thinkers are likely security conscious and willing to go out of their way to carry out actions to insure their security. Things like storing extra food and water as well as other things that they might need in case of emergency. These can be life of death deal breakers.. Not so much for information security at your local Acme Widget Corp. In the corporate model, they have the luxury of “It’s somebody else’s problem” So, these things are usually not too important to them unless that person making the decision is cognisant of the issues AND responsible for them. Unfortunately, as we have learned these last 10 years or so, responsibility is not their strong suit.
So, on they go.. About their business after you, the security curmudgeon has told them that they need to store food for the winter..
But the grasshoppers, they don’t listen… Until they are at your door in the snow begging for food.
“More has been screwed up on the battlefield and misunderstood in the Pentagon because of a lack of understanding of the English language than any other single factor.“
(John W. Vessey, Jr.)
How do we communicate and manipulate our elephants?
Back to the issue of how to communicate the things we feel important. This has been a huge issue for the security community for a couple of reasons.
- The whole Joan of Arc thing above
- The languages we speak are.. Well.. like Tamarian and theirs are corporate speak.
We, the security practitioners, often speak in metaphor and exotic language to the average corporate manager. You have all seen it before, when their eyes glaze over and they are elsewhere. We can go on and on about technical issues but we never really seem to get them to that trough in the title. Sometimes you can get them to the trough easily enough by hacking them (pentesting) but then they think;
“Well this guy is a hacker… No one else could do this! What are the chances this is going to really happen? Naaahhh forget it, it’s not likely”
So there is a bias already against doing the things that we recommend. Then comes the money, the time, and the pain points of having to practice due diligence. This is where they turn off completely and the rubric of it is that unless they are FORCED to carry out due diligence by law or mandate, they won’t. We all have seen it.. Admit it.. It’s human nature to be lazy about things and it is also human nature to not conceive that the bad things could happen to them, so it would be best to prepare and fight against them.
So, how do we communicate with these people and get them on the same page?
I have no answers save this;
“Some get it.. Some don’t”
That’s the crux.. You have to accept that you as the security practitioner will NEVER reach everyone. Some will just say thank you and good day… And you have to accept that and walk away. As long as you have performed the due diligence and told them of their problems.. You have done all you can. You can try and persuade or cajole them… But, in the end, only those who get it or have been burned before will actually listen and act on the recommendations you make.
“The greater our knowledge increases the more our ignorance unfolds”
(John F. Kennedy)
The Eternal Struggle
There you have it. This will always be the case and it will always be the one thing that others seeking to compromise corporations and governments will rely on. The foolishness of those who do not plan ahead will be their undoing..
Eventually.
All you can do sage security wonk, is calmly and professionally explain to them the issues and leave it to them to drink.
K.
OpCARTEL: Kids, Trust Me… YOU ARE NOT Up To This Operation
Killing Pablo:
Ok kids, before you were old enough to understand, there was a guy named Pablo Escobar. He was a bad guy who pretty much single handedly provided the US with cocaine that powered the 80’s debauchery. Pablo was the progenitor of the Zeta model of narco-trafficking that you guys are claiming to have data on and want to tangle with. Let me tell you now in no uncertain terms how I feel about #OpCartel…
YOU ARE NOT READY
Plain and simple, these guys are not just some namby pamby government following laws who will try to arrest you. No, these guys will hire blackhats of their own, find you, and KILL you in the most horrific ways. Need I remind you of the bloggers who got whacked recently? I don’t think you all want to be the next to be swinging under an overpass with a Mexican Necktie do you?
It took major government and military operations to kill Pablo and his cartel. You guys dropping information on the low end mules and lackeys will do nothing but interrupt operations currently ongoing as well as put yourselves into the cross-hairs of the Zeta killing machine. At the very least, you need to do your homework on these guys and NOT announce things on the internet before you do anything, this is just asking for a whacking.
Have you not been listening?
INTELOPS:
First off, if you want to gather intel on these guys or you have it, then make sure you vet it out and insure its the real deal. If you have sources, you need to protect them and if you have hacked access, you need to insure that you can’t be traced back. The big thing though, is to KNOW YOUR TARGET! How much do you really know about the Zetas? How much do you know about the politics of the area? The players both inside and outside the cartel? This group just doesn’t have low level people, they also have high ranking political connections as well. You mess with them, then you have governmental assets and pressure as well to deal with.
So.. What do you know about Los Zetas?
Los Zetas:
Los Zetas and La Familia Michoacana are a narco ring comprised of about 30 ex Mexican Special Forces deserters who decided that narco trafficking was a much better choice than just being ordinary special operators. This group has been one of the bloodiest and boldest in their massacres of opposing groups or individuals. In short, they are not people to tangle with unless you are a government with a special operations group of your own. Much of their infrastructure is already known (see pdf file at the top here) so, dropping some of the data you propose might just serve to get others killed and not damage the organization much at all.
Though, if you did have tasty information, perhaps you could pass it along to the authorities? If not, then maybe Mata Zetas?
Mata Zeta:
Los Matas Zetas is another paramilitary group (Zeta Killers) that has sprung up recently and in fact could be governmentally sponsored. Either way, this group is out to whack the Zetas. Now, were you in posession of data that could be used by them to combat the Zeta’s maybe you could find a conduit to get that to them… Secretly. I am pretty sure though, that these guys, if not sponsored by the government (Mexico and the US) would then just become the next narco trafficking group in line to stop the power vacuum once the Zeta’s have been taken out of the equation.
The basic idea though is this: Use the enemy of your enemy as your friend to destroy your enemy. Get it?
OPSEC:
Ok, so, here we are and you guys have laid claim to the idea of the operation. Then, once people started threatening, you dropped it. Then others like Sabu said it was all a PSYOP and there are things going on in the background still.
Oy vey…
Look, overall you have to follow OPSEC on any operation like this and so far you have been a big FAIL on that account. It’s akin to saying to your enemy;
“I’m attacking at dawn.. From the East… With planes.. Vintage WWI planes…”
What were you thinking?
Obviously you weren’t thinking about OPSEC. You have seen me write about this in the past and you surely have heard Jester talk about it too. It is a key precept to special warfare and you guys just are not ready for prime time here. Unless you follow some basic security measures you will end up dead. So pay attention.. If there was any merit to this operation in the first place.
This Isn’t An Episode of Miami Vice:
Finally, I would like to say that this is not an episode of Miami Vice kids. YOU do not have a nickel plate .45, slip on shoes, and pastel shirts. This is reality and you are more than likely to run up against blackhats who will find you and one by one, these guys will hunt you down.
I know.. You’re an idea… No one can stop an idea…
I’m sorry, but your Idea will also not stop bullets and bad men with knives from cutting you to ribbons when they locate you. Unless you learn some tradecraft, go back to taking on corrupt corporations and paedophiles…
Though.. They too could also hire a hacker huh?
You guys are not ready for this…
K.
ウェブ忍者が失敗する : Dox-ing, Disinformation, and The Fifth Battlespace
Digital Ninja Fail: ウェブ忍者が失敗する
The recent arrests of alleged key members of LulzSec and Anonymous have been called into question by the ‘Web Ninja’s‘, a group of would be hackers who have been ‘DOX-ing” the anonymous hierarchy for some time now. Yesterday, they posted the following on their page concerning the arrest of a man from the Shetland Islands who is purported to be ‘Topiary‘ by the Met and SOCA.
Now, this is a bold statement for anyone who really knows what they are doing in the intelligence analysis field. So, it is my supposition that these guys have no clue about what they are doing by making bold assertions like this. The data they have is tenuous at best and by making such bold statements, I have to wonder if indeed the so called ‘Ninja’s” themselves might not be a tool of anonymous to in fact sow that disinformation.
Here are the facts as I see them;
- To date, the federal authorities have not questioned anyone who was DOX’d by the Ninja’s that I am aware of
- The individuals who were DOX’d that were investigated by the authorities were in fact outed by LulzSec/Anonymous themselves
- Adrian Chen has spoken to the person that the Ninja’s have fingered and claims that he (said person) went to the authorities himself. So far he is still not a suspect.
So, taking into account these facts, I would have to say that the Ninja’s have failed in their stated mission so far and I would suffice to say that if they are indeed a part of a disinformation campaign, then that too has failed. After all, the police seem to be ignoring the data put on the interent by the likes of the Ninja’s in favour of other tried and true tactics. The primary tactic as I see it, is grab one individual and then get them to roll over on their compatriots in the face of massive jail time.
This pretty much works all the time as we, as human beings, are most willing to sacrifice others for the self. In the case of the likes of LulzSec skiddies, I would have to say that the ages of the players, and their generational tendencies will allow them to cut deals pretty quickly. It’s my assessment that they are in it for the self gratification and lulz, not for the altruism that the LulzSec and Anonymous press releases have been trying to have one believe. My assumption is that if indeed the 19 year old guy they popped in Scotland is involved with LulzSec, and is in fact Topiary, he will roll over soon enough.
I also believe that these are all untrained operatives and they have made and will make more mistakes. I am pretty sure that the alleged “leaderless” group has leaders AND that unlike a true guerrilla warfare cell, will know the other players personal details. Essentially, they have had no compartmentalisation and they will all fall eventually though interrogation and deal making. As I said before, the insider threat to the organisation is key here, and it was this idea I think the Ninja’s had.. Well, at least that was the original idea of the Ninja Warrior. They were spies who infiltrated the ranks and destroyed from within.
So far with these guys.. Not so much.
Welcome To Spook World: Disinformation Campaigns and Intelligence Analysis
Now, on the whole disinformation thing, I know that the Lulz and Anonymous have said that they are using disinformation as well to try and create a smoke screen. Frankly, all of the intelligence out there that is open source is suspect. Maltego map’s of end user names as I have shown in the past can be useful in gathering intelligence… Sometimes. For the most part, if a user keeps using a screen name in many places and ties that name to real data, then they can be tracked, but, it takes a lot of analysis and data gathering to do it. Though, many of the foot soldiers within the Anon movement are young and foolish enough to just keep using the same screen names for everything so there is a higher likelihood that the data being pulled up on Maltego and with Google searches is solid enough to make some justified conclusions.
With the more experienced people though, there has been some forethought and they have protected their identities as best they could. What became their real downfall was that they could not rise above petty infighting and dox-ing each other. Thus you have the start of the potential domino effect on the core group as well as anyone who has any peripheral affiliation with the Lulz. Be assured, those who have been pinched are giving up as many names as possible as well as whatever is on their hard drives, Anon hacker manuals or not. All of these scenarios lead to the conclusion of more arrests by the authorities and even more skiddies getting into legal trouble around the globe. Meanwhile though, if the core group has been smart, then perhaps the leaders will skate for a time, using the masses as canon fodder.
Gee kids.. Did you know that you were all expendable?
On another tac, I would like to speak about the potential of the disinformation campaigns being perpetrated by the authorities as well. Consider that the trained professionals out there who are hunting these characters (Topiary, Sabu, et al.) are also adept at using not only the technologies of the fifth battlespace, but also the training afforded them in ‘spook world’ This means disinformation campaigns, mole hunts, and insurgencies of their own, getting to the inner core of Anonymous and Lulz. Now, that there were six (alleged) lulzer’s it would be more difficult to do, especially if those LulzSec folks really do know one another (as they claim they do not, which, I just don’t buy.. Remember the compartmentalisation issue) The agent provocateur’s are out there I am sure and with each rung of the ladder, they get closer to the core group.
That is unless the core group falls apart on their own and DOX’s each other out. In the end, I am going to suggest that the authorities will use all of the tricks of the trade on the Anon/Lulz folks to bag them… And with concerted effort by government resources, they will get their men/women.
Untrained, Unruly, and Unprofessional Operators:
“Discretion is the better part of valour” as they say, and in the case of the Lulz and Anon crews, they seem to not have a clue. Perhaps the Lulz think that by being unruly and unpredictable to a certain amount, will be just the cover they need, but, I think that their lack of discretion will be their undoing as well as their hubris. Had many of these folks had some real training, they might have just stood down for a while (not just a week or so) after setting sail into the sunset.
As I have said before, it was a bad idea to recruit and have comm’s out in the open on IRC servers even if they had ‘invite only’ channels. As is being seen now, someone (jester perhaps) has taken down their servers again after other outages due to Ryan Cleary’s attack and pressure from the government on those connection sources that the Anon’s were using. I am sure the idea was to have a movement that could also serve as diversion for the core users as well as to LOIC, but this all failed in the end didn’t it? The LOIC is what has given the FBI the 1,000 IP addresses as a hit list, so to speak, that they are now using to collect people and charge them for the DD0S attacks.
Had these people been trained or not been so compulsive, they might have had more of a chance to keep this up for a much much longer time. As I write, the Lulz do continue, but they have slowed quite a bit since the arrests started again. This I think is because the cages are starting to get rattled and people are finally coming to the conclusion that some discretion is needed to not end up Bubba’s play pal in prison. It’s a learning curve, and likely going to be a painful one for the kiddies.
Unprofessional actions within this area of battle will end up with your being put in jail kids.
To end this section I would also like to add this thought. My assessment of the Lulz core group is this;
- They were drunk on the power of their escapades
- The more followers they had and more attention, the less risk averse they became
- They seem to have compulsion disorders (don’t say it.. Aspergers!) that seem to not allow them to lay low (until now it seems)
- The ego has eaten their id altogether
- Base ages are within the teens with a couple over 20
Technical Issues Within The Fifth Battlespace:
Another BIG issue within this battlespace is the technology. The Anon’s and Lulz have been ascribing to the idea of “Proxies, we haz them! So we’re secure!” and to a certain extent they are right. There are always ways around that though and certainly leaks in data (such as the TOR leaks that have happened) that could lead someone to locate the end user behind the proxy, so they are not fool proof. Certainly not if the fool in question is some skiddie 12 year old using LOIC un-proxied and not obfuscated while they D0S Paypal.
The problem is that the technology could fail you as well as the untrained operative could make small and large mistakes that could lead authorities right back to their IP and home accts. On the other side of that equation is that when properly done, it is damn hard to prove a lot in hacking cases because of obfuscation, as well as mis-configured end systems that have been hit. I cannot tell you how many times I have seen incidents play out where the target systems had no logging on as well as being completely un-secured, thus leaving practically nothing for a forensics team to find and use.
Once again, this brings us back to the insider threat, whether they be the insider who decides to go turncoat, or, the agent provocateur (i.e. Jester and the Ninja’s as well as others from the authorities) who infiltrate the Lulz and then gut them from the inside. What it really boils all down to is that in the end, it will be the foibles of the Lulz core and the actions of spooks that will bring them down.. And I think they are learning that very fact now.
JIN; One Must Know The Enemies Mind To Be Victorious:
As a last note, I would like to say to the Ninja’s, you need to learn and practice your Kuji-in. It is obvious to me that you have failed on the ‘Jin’ (knowing the opponents mind) with your dox attempts. Until such time as I see people being hauled in that directly relate to your documents posted, then I am going to consider the following to be the case:
- DOX-ing is mostly useless and takes quite a bit of analysis before just releasing names
- The Feds are not taking your data as gospel, nor should the general public or media
- You yourselves may in fact be a tool of Anonymous/Lulz and as such, spewing disinformation
- You could be right, but by releasing it to the public at large, you are letting the Lulz know to destroy evidence and create obfuscation that will hinder arrests later.
Ninja’s got results.. Not so much for ‘Web’ Ninjas. At least Jester, if his claims are true, is breaking their C&C channels lately.. Which has its own problematic issues.. Just like his meddling in the Jihadi area, but, that’s a story for another time.
K.
The Lulzboat Sailed The Internets and All I Got Was This Stupid Garbage File!
That’s it? All we get is this stinkin garbage file?
Well, it seems that the Lulz are over for now as last night saw the Lulzboat sail into the sunset. In a post on twitter and a rapidly seeded file dump on Pirate Bay, the LulzSec collective decided to hang up their tophat claiming that they were basically going to pull a Costanza at the top of their game.
Within the torrent file the following parting words were sent:
Friends around the globe,
We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.
For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.
While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn’t that interesting to know? The mediocre painter turned supervillain liked cats more than we did.
Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.
So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.
Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.
Let it flow…
Hrmmm.. 50 days? Is there any real significance to this other than perhaps the party van was pulling up outside your doors and you had to dump the garbage file quick like? Honestly, the files that you dumped, while in sheer numbers of passwords and logon’s to a few sites is well, kinda weak. In short, there is nothing revelatory here. I mean, jeez at LEAST the garbage file in the movie had some interesting malware shit in it right?
The Files:
So, we have some AT&T data from inside that cover some frequency ranges, and some manuals, minutes from meetings etc that are kind of interesting. There is a scan of the FBI.gov site that shows a vuln, and they managed to add Pablo Escobar to the Navy jobs database.
Whoopee.
All in all I have to give the Lulzsec crew a big “MEH” on this as well as their other dumps really. Sure, they have pointed out that low hanging fruit is abundant on the internet, but, really, who in the security or hacking world did not know this? Further more, what does the average everyday end user care? I mean, if their passwords are stolen, they will reset them. If their money is stolen they are insured by the Fed… Is there a great hue and cry from the masses because Lulz were had by the general populace to have the Lulzboat crew hoisted on the yard arm?
Not that I have seen.
In short kidz, you have only served to amuse yourselves and others out there but if you had anything else in mind about bringing change to the scene, I don’t think you have succeeded. People are creatures of habit and sloth. Short of taking the whole system down for the count, nothing will be so epic as to make corporations secure their networks and perform due diligence. Those who have done so out of worry because of your antics will go back to their peaceful Luddite slumber.
Leaving So Soon?
So, on to your sudden departure from the scene. I have the feeling that as I had written about before, you were coming to realize that perhaps you could never be as clever or wily to evade detection and prosecution given your penchant for the dramatic you all seem to have. Your propaganda machine and communication channels were leaking, this you could see from the A-Team dumps.
You guys have tried variations of your names, you have attempted obfuscate as much as you could, but, in the end, your re-use of favored screen names was your undoing. You see, the jester has been scouring the internet (I am sure with help from others) looking for any connections to those screen names or iterations thereof. I myself have done this and came up with analogous data to what jester and others have posted. With each successive day, your true identities are being uncovered if they have not fully been as of now.
However, this re-use of nick names and ties to email addresses aside, you guys just were immature enough to do yourselves in with petty disputes and the use of non trustworthy assets. This whole outing of each other thing was one of the most stupid things I have seen. Sure, some of it could be digital chaff, with you trying to set out disinformation, but I think that is not the case. Your own hubris shall be the thing that ends up placing the party vans on your collective front steps.
Lets face it, you played the game of spooks and I think in the end, you will lose. In fact, I think that you should probably have been better off had you just gone off seeking some sharks with frikkin lazers on their heads in your volcano lair instead of playing with the fire that you have been. Once they do pop you, you all are going to see some very interesting things inside jail as the governments kluge together terrorism charges on you.
Your Legacy:
Well, I guess we will have to see if anyone decides to take up the Lulzsec mantle. For now, we all await the party van posse to pick you all up sooner or later. You have spawned some more fools though like Team Poison who want to up the ante with releases of data like old Tony Blair stuff… That was kinda lame too frankly and made so sense when they claimed to still have access.. Why dump what you have and then claim to still have access? If it was current, I am pretty sure they have yanked the plug on that mail server and ‘five’ has it.
Oh, did you take that into account? I mean, he is Tony Blair after all… They are MI5… ‘Expect them’
So where was I?… Oh yeah..
In all of your dumps you delivered nothing worth your or our time. You proved a point that SQLi is prevalent but who didn’t know this? You have proved that you were pretty immature and likely suffer from Asperger’s yourselves… Well that will be the claim that your lawyers make to the judge won’t it huh? I mean that is the mental illness du jour as excuses go for immature hacking antics today isn’t it? I don’t think that will work though, the government just doesn’t care, they will medicate you and then put you on trial. You see Asperger’s is not a form of insanity, and the insanity plea, as some of us know, is NOTORIOUSLY hard to use as a defense in court. Nope, you guys really actually suffer from inflated ego’s and too much jolt cola.. That’s my diagnosis, for what its worth.
So, yeah, legacy… Well, you certainly have tried to do your best imitation of SPECTRE, but instead you came off as Bighead. I am sure there will be others following in your footsteps, but, in the end I don’t think you have launched a new SPECTRE.
Nope, I expect your real legacy will be the creation of more draconian laws by the government as a backlash to your antics. Laws that will make all our lives a bit more less private and a lot more prone to being misused. I also expect that the lulz will continue, though at your expense once you are all caught and put into the pokey.
… And those lulz will also be epic fail.
K.
LulzSec: How NOT To Run An Insurgency
Oh how the Lulz turn…
Lulzsec seems to be imploding a bit with the pressure put on them by their own interpersonal issues as well as the likes of Th3j35t3r and the Web Ninja’s on their backs as well. I however, would like to point out the Lulz tactical failures that are directly leading to their ultimate party van special that seems to be coming soon. I say ‘seems’ to be coming because who really knows what will happen. Perhaps some of these guys will actually skate because they were smart enough to keep some of their personal details.. well.. personal.. Maybe not though as is evidenced by the ‘doxing pastebin-palooza’ of late.
Secrecy is important:
LulzSec seems to have misunderstood that secrecy is really really important when you are doing something like a digital insurgency. Sure, you can try to rely on all the technologies like proxies to hide your IP, but, you also have the human element to contend with. It is here where the Lulz have not thought things out too clearly. They attempted to use the Anonymous model, but, unlike Anonymous, they, had a smaller crew and a central core that, well, has been rather chatty. Chatty mind you, on IRC channels that have been compromised and monitored.
Loose lips sink ships.. Yeah, I went there…
Nope, while Lulzsec has been attempting to be secret, they failed to follow through and actually carry out their insurgency behind a wall of utter secrecy or even a cell based infrastructure it seems. Of course most of these efforts have been planed out and talked about on said IRC channels (even the sooper sekret ones) and advertised so others could revel in the lulz.
This and the other things I am going to mention will be their undoing.
Communications Should be COVERT:
Ok, so, how long did Osama have runners with USB keys on donkey’s going to Peshawar Internet cafe’s without being caught? Oh, yeah, 10 friggin years! It took the CIA a long time to catch on to the runners/couriers and even then they did so only from a VERY FEW pieces of hard SIGINT. The key here kids is that the AQ guys were practising ‘tradecraft’ unlike the Lulzsec kids. They took pains to insure that their communications were not easily picked up by the NSA or anyone else listening and watching.
You guys in Lulzsec? Not so much….
Instead, you have relied on technology to keep you safe while flagrantly whipping out your collective pee pee’s and waving them at forces who are much better equipped, trained, and funded to hunt you down and make you go bye bye. Some might see that as daring… Others see it as just plain stupid. Either way, since you have failed to use real covert channels that you do not advertise, you have highly increased the likelihood that you will soon see those party van’s you speak of so often (mockingly) in your yards as they start taking all your computers out the door, and you to the local orange jump suit palace.
Next time, just have your meetings in the parking lot of the local PD. It will cut out the middle man.
Ego is the mind killer:
I must not have too much Ego. Ego is the mind-killer. Ego is the little-death that brings total obliteration. I will face my Ego. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the Ego has gone there will be nothing. Only I will remain.
Ah yes, I have been ruminating on this one for some time and even adjusted this quote from Dune, which I think fits nicely. Your ego’s have been writing checks that you aren’t likely to want to have cashed kids. You have said that you do it for the lulz, you have also made intimations that its about how poor security is within the internet ecology, but, I think mainly your motivations have been ego driven. What this means is that you are getting quite the buzz off of being so darn smart and snarky. You have been having fun poking the badgers in the eyes and feeling invincible.
Well, you aren’t geniuses and you aren’t invincible. Eventually everyone gets caught, especially those who do not take care to cover their tracks and act smartly.
Simply, your ego’s have done you in… Be sure to check that ego at the door to the federal penitentiary that will be your new home, because there are bigger and nastier people in there who will be trading you for smokes soon. Oh, and remember to buy a lot of tucks pads.. You are going to need them.
Untrustworthy Assets Should NOT be Trusted With Operational Details:
This brings me to the bust of your minimally affiliated IRC op Ryan. It seems from all of the press and from the kids history, that he was unstable to start. This is the guy you want to trust with any data, no matter how small, on who Lulzsec is and how they operate?
Really?
Well then, who else do you have running your servers and running errands? Because I think they are likely to be just as whacked as Ryan and likely to be caught and roll within the first few minutes of interrogation!
Bravo, well done!
If you guys had any operational smarts, you would have to know that you cannot trust anyone with the whole picture. You pretty much are claiming that now after his arrest, but I think secretly you are all leaving fudge stains in your pants presently. According to the police Ryan had A LOT of data laying round and how are you to know who he talked to and how much he really knew about you all? Even IF you tried to be as careful as possible, you more than likely slipped up and gave him information that he will be giving.. Nope.. wait.. HAS GIVEN to the FBI and the Met.
Another failure on your part in the game of insurgency… I guess you will learn the hard way. Just as you will learn that outing your pals yourselves because they decided they wanted out, or did something to piss you off, will only lead back to you. Not the smartest of moves should any of these guys have data on you that they can use to turn against you.
“Never burn an asset unless you burn them and then shoot them between the eyes.. Or they will come back at you”
LulzSec Fall Down.. Go BOOM:
Finally, as if you could not tell from everything I said above, you are going to go down and likely go down hard. It will be a learning experience for you and for everyone else who wants to let their ego run free to gather 220K of followers on twitter by poking the badger. I am imagining that Ryan and his volumes of digital data, are being disseminated throughout the community of Feds and other agencies as I write…
Oh well, like I said, there’d daring and then there is stupid… Remember what John Keating said in “Dead Poets”
“Phone call from God. If it had been collect, that would have been daring!”
Be seeing you soon as your being put in the back of the party van kids…
K.
Al Qaeda: The Case of A More Diffuse and Autonomous Organisation
Succession:
Speculation on the successor to OBL has been rife within the news-o-sphere and I too have waded in and made my case for who I think will be next. I have however, come to some more conclusions since I wrote my post on succession post Osama. My current thinking is still aligned with my post from before, that Al-Awlaki will be the prominent figure in the AQ presence world wide. Where I would like to refine the statement is that I believe while Al-Awlaki will be the public face of AQ/AQAP/Jihad he may not be the operational leader. At least, not as one might think.
I think that AQ (The Base) has become such a disparate organisation, that there really are leaders plural with a figurehead (aka OBL before his demise) It seems from the intelligence drips and drabs coming out in the news, that OBL was in fact part of the plotting at least aspiration-ally, of projects up until he got the face full of lead. This is not to say that any of the plans that he laid out actually made it to operational cells out in the world. Nor had OBL been on the media very much in the last years to give anyone ideas. So, who is coming up with the plans that are being tried out? Who is actuating plots? AQAP has.
The reason that AQAP has been more active is that they are in the country of Yemen where they have a base of support and a fledgling government that poses no real threat. Since AQAP has a bit of a free hand there and a younger crew of jihadi’s headed by several Americans, they seem to me, to be the new jihadi zeitgeist. These are some of the reasons that I feel Al-Awlaki, who is charismatic and liked, would be a more logical choice to be the inspirational head of the global jihad, which happens to be primarily aimed at America. Who better to use as the face of this fight than a former citizen refuting the way of life in America and the West? Who better to reach out to those lone wolves in the states and radicalise them to the point of action?
The problem though on trying to lead AQ now is that the GWOT has indeed made it harder for there to be structured networks. As evidenced by the killing of OBL, the jihadists have learned and have been learning over the years of strikes, that to have a ‘network’ that has clear channels of command and control leads to their being picked off one at a time with Hellfire missiles shot from reapers. It was the physical act of meeting with as well as making calls to OBL by his couriers, that lead to his demise. It is this fact that I think AQ will take to heart and collectively try to leverage not only the internet even more, but also create a more splintered organisational structure on purpose. The franchise model +1 will be the modus operandi of the day because they now fear to communicate a little bit more since we took out Osama.
It is this franchise idea with small autonomous cells that are to be inspired to action, even to the point of ‘Lone Wolf” single cell actors, that will be the new GWOT’s target. Thus, going back to the idea of whoever would ‘lead’ AQ, would have to be like OBL in the area of charisma, affability, piety, and leading by example… And that would not be Ayman Zawahiri, nor I think some of the other operators mentioned in the news and in papers I have seen come across my screen on the subject. I think it would make more sense that the operators stay in the shadows to lead and create operations. Ayman is not liked, pedantic, and generally not someone that would be universally followed by the jihadi masses.
This too I think, is why the IS has been immediately attempting to step up attacks on Yemen and Anwar because they too feel that he is a likely choice for taking up where OBL left off. If not officially, at least by proxy of AQAP being the new force in Jihad, the one group who has acted on grander plans like the old AQ did. Anwar I think, is about to replace OBL on the FBI’s wanted list slot…
Unless they actually hit him with one of those missiles.
Autonomous Cells:
Since the GWOT started and now the JSOC and the Kill/Capture program, AQ has been learning that to fight the battle they need to pivot the attacks. Just as hackers learned that it was best to use internal attacks by tricking people into clicking links in emails (phising) so too have the jiahdis in this battle space. Thus we have the idea of lone wolves and small cells of one to three members within them. The smaller the cell, and the more autonomous, the higher likelihood that they will be able to carry off a mission.
By leveraging the Internet, the propaganda machine that GIMF started, has been replaced by Al-Malahem and AQAP’s Inspire magazine. This trend is somewhat scary in many ways as the lone wolves out there may have some communications with AQ central (AQAP) but they likely will not be many. Instead, as data has shown us, the lone wolves out there so far (Nidal Hassan, Emerson Begolly, and others) radicalised by watching Youtube videos, chatting online with Paltalk, and reading jihadist writings on internet php boards. Rarely have these people had direct contact with the main players in AQ, though, Hassan did in fact email with Al-Awlaki.
Over all, I think that the decentralising of AQ will continue from the GWOT thus causing more splinter groups to pop up, see the model that AQAP has put together, and will emulate it. They will be harder to stamp out and they will be more of a percieved threat because they could be just about anyone. Irhabi 007 was a single prolific propagandist who worked out of his parents house in the UK. All he needed was the internet and some hacking skills and he was able to create a new paradigm of online jihad. Imagine now all of the next gen kids who are just as computer literate and just as moved to radical thought.
Jihad GEN 3:
Which brings me to the next generation of Jihad. Or should I say the next few generations of it? In watching the trending I have seen more and more younger recruits online and in jihadist videos. It has always been known that the Jihad starts at the Madrassa, but, it seems now that not only are the boys being trained from a young age, but so too the muslima. With the advent of the Chechen “Black Widows” and some of the rules being created by shura counsels, the girls too are now being trained from a young age to become shahid.
In the West though, the rationalisation process is more led by what media the jihadi/takfiri/kuffr has been able to align with. Perhaps they are going to mosque and getting some of the content in some cases, but mostly, it comes from the net. Just how many of these people are muslims from raising is unclear. Just as is how many come to Islam and then radicalise at some point as well. The one constant though in my mind is that they are likely mentally unbalanced or seeking attention in some way that is core to their being.
What form the next generation will take is still unclear. Perhaps the pivot toward trying to get Western recruits to become shahid will ultimately fail on the large scale. Though, I do expect there to be more unbalanced individuals attempting to carry out small attacks as mandated by AQ/AQAP for the cause. NO matter how small the explosion or the number of people killed, they will have fulfilled the mandate of a thousand cuts set out by OBL.
Chatter:
Currently, the chatter on the internet has started to amp up since the death of OBL. After AQ put out its announcement that he was martyred, the boards began to fill with prayers and threats. None of the threats have been credible but, we have seen a potential spike in action with at least one person attempting to get into the cockpit of a plane in flight last week. All of this chatter online and the reverberations from it, are likely to set in motion GEN3 and GEN2 actors within the AQ universe. It is time to keep our eyes open on the operations in play.
Talk of WMD’s and other key words have been seen on the boards and I fully expect that this will spin up even further as time goes by within the next few months toward September.
Time will tell.
K
The PrimorisEra Affair: Paradigms In Social Networking and SECOPS
EDIT 5.24.2011
As of last night, I had heard that PrimorisEra was back and posting to a new blog. Today Wired has fired off a follow up to the earlier report and her return. It seems from the report that perhaps the Pentagon investigation is over and that in fact Shawna Gorman may indeed be the First Lady of Missiles. It remains to be seen if this is really the case but since she is back and blogging, I would have to lean toward my assessment from before. Still though, my cautionary statements about social networking and SECOPS still apply.
See below:
K.
From Wired:
It started out with a leggy, bikini-clad avatar. She said she was a missile expert — the “1st Lady of Missiles,” in fact — but sometimes suggested she worked with the CIA. With multiple Twitter and Facebook accounts, she earned a following of social media-crazed security wonks. Then came the accusations of using sex appeal for espionage.
Now everyone involved in this weird network is adjusting their story in one way or another, demonstrating that even people in the national security world have trouble remembering one of the basic rules of the internet: Not everyone is who they say they are.
“I think anyone puts pictures out online to lure someone in,” the woman at the center of the controversy insists. “But it’s not to lure men in to give me any information at all… I liked them. They’re pretty. Apparently everyone else thought so too.”
This is a strange, Twitter-borne tale of flirting, cutouts, and lack of online caution in the intelligence and defense worlds. Professionals who should’ve known better casually disclosed their personal details (a big no-no in spook circles) and lobbed allegations they later couldn’t or wouldn’t support (a big no-no in all circles). It led to a Pentagon investigation. And it starts with a Twitter account that no longer exists called @PrimorisEra.
Yesterday, Wired posted a news article about another potential social networking attack on the .mil and .gov types involving Twitter, Facebook, and Google Buzz. The snippet above really sums up what is alleged to have happened and the problems with Social media’s blasé attitudes where people who have jobs that require secrecy meet and chat.
Presently, according to the article, a Pentagon investigation is under way into this story, but once again, this is not the first time we have heard this type of story in the press with these same players. It was last year when a profile online named “Robin Sage” made the rounds on LinkedIn and other social media formats. This “cutout” as they are called in the espionage community, was in fact a fake profile used by a security researcher to prove a point. By using an attractive woman as the persona, the researcher was able to get people within the military and governmental community to add her and flirt. Through the flirting, the unsuspecting connections gave up valuable data on what they did for a living, where they were, and perhaps even locations in country around the battlefield in Afghanistan.
Many just fell for the profile hook line and sinker.. And that is a bad thing for anyone in this sector. It was a lesson in OPSEC and it’s failure. Potentially, this emerging case from the Wired story could also be much the same. The number of online personae that are involved in this story are just a little too many to just think that it was an innocent mistake on the part of a young woman seeking attention online from her peers within the government and military. However, its also just as possible that that is all it really is.
Time will tell.
Shawn Elizabeth Gorman Daughter of Nancy Gorman 1983
The thing about this is that this type of exploit is not new at all. This is commonly known as a honeypot in the espionage area and before there was an Internet, there was the local cafe or bar, where one would just happen to meet a lovely young thing and start a relationship. That relationship would then be turned into blackmail (either emotional or literal) and suddenly, you are an asset for the adversary. The new twist is that services need not deploy an asset to a foreign country to search for and find access to those who they want to get information from. Today all they need to have is an Internet connection and Google. It is only even more easily carried out now that there are Social Media sites like Facebook and others to sidle digitally up to anyone you like and start to work on them if you know how.
There used to be a time where every operator was given the tutorials on espionage means and methods. People were forewarned about travelling to other countries and if you are cleared, you have to report suspicious contacts to the DSS. Today though, I don’t think that they have even attempted to try this with online content. I mean, how many reports a day would you have to make to DSS if you are online and just talking to people in a chat room or on Facebook? It would be impossible. So it is understandable, as social animals, that we develop this technology to connect with others and being that it is a rather insular means of communications, feel that we can just let loose with information. After all, how does one really assure that who they are talking to is indeed that person that they claim to be?
So, people forget and really, this is still all relatively new isn’t it? There are no maps here.
Now, back to this story, no one has claimed that data has been leaked. It is only the appearance of things have set off the alarm bells for people and agencies. When one user finally decided to call the alleged cutout’s profile out, a subsequent shit storm began that ended up with @primosera deleting their Twitter, Facebook, and Google accounts thus making the story seem even more suspect.
Was Shawn E Gorman a cutout? Is she really the grad student and contractor she claims to be in her tweets? What about the allusions to the CIA? All of the missile tech and political discussions? Well, given the background of what can be located readily online, there is a Shawn Elizabeth Gorman attending Johns Hopkins as a research assistant getting her MBA in Government, so, perhaps. Or maybe someone has just taken on the persona of Ms. Gorman to use as a cutout for these activities?
Frankly, I am leaning toward it really being her. As you can see from the photos above, I located a photo other than the one from Wired that purports to be Shawn E. Gorman born 1983 to a Nancy Gorman. I also located data that shows a Shawn E. Gorman living in Bethesda MD with the same mother. Given that the photo is an early one, and one of the few out there easily found, I am thinking it is one in the same. However, this does not mean that it has been her behind that keyboard when she was talking to all of the people involved.
Time will tell what is what once the Pentagon’s investigation gets done. It could be that this is all for naught security wise from the compromise perspective. However, this once again is an object lesson for everyone online. Nevermind if you work in a job that requires security, everyone should be cognisant that when they are online talking to someone that they do not know in real life, are just that much more possibly talking to someone who is not their “friend” and looking to just have a chat. From the common data thief to the corporate spy, we all may have data that someone wants and will be willing to pretend a while to get it.
We want to be social and open as we are social animals… Just so happens that sometimes that is a bad idea.
I think though, that everyone who works in security or within a security centric job space will have to go through some more training in the near future. This is just a warning bell and I think it best that the government and military listen to it. Even as the article goes on to mention, there are restrictions on the military about posting online, but still they cannot deny these people access to the likes of Facebook for morale. It is really playing with fire either way, in denying the access it seems draconian and people will fight it. On the other hand, if you allow it and monitor it, you are damned for monitoring people’s interaction online.
Hell, even the CIA has set up its own social networks within the CIA’s Intranet so people can talk and ostensibly share ideas and data. However, that is on an Intranet that is well protected….
Meanwhile, back on the Internet, we have places like LinkedIn. Sounds like a great idea, networking for jobs and such. Then the .gov and .mil folks all got online and began to show themselves and much of their data in a contained space. So much of a treasure trove is LinkedIn that Anna Chapman (as seen above from her Russian Maxim shoot) was only 2 degrees of separation from me within my network on LinkedIn! She was mining the connections as a sleeper for the SVR and all she had to do was put up a pretty picture and say hi.
For me it comes down to this;
1) If you sign up for these places hide as much of your data as you can.
2) Pay attention to the security measures that the sites have in place.. Or don’t. Facebook has had a terrible record on personal privacy but look how many people they have on there and just how much personal data is available to anyone who can look at the page, even a cached version.
3) When you get invites from people check them out. Use other means than the current site (aka LinkedIn) to do that research. See if you can nail down who they are in reality. Even then, once you are friends, think before you type. You may be giving out data that you personally don’t want anyone to have.
4) Placing too much family data on the Internet is a threat. Anything from Identity theft to outright stalking and physical danger can be the outcome if you make it too easy for someone to get your data.
5) If you suspect that someone you are talking to is not indeed who you think they are, walk away.
6) AND for God’s sake, if you are a guy, in the military or government, or hold a classified status and some hot avatar’d chick starts PM’ing you, its either a bot or it’s likely another cutout. ESPECIALLY if you lay out your life’s story online as to what you do and where you work.
7) Finally, remember what I have repeated over and over again. Whoever you are talking to MAY NOT BE WHO THEY SAY THEY ARE!
Just don’t put that data out there and end up in the hot seat with your job on the line over a little virtual tail.
K.
