Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘The Eternal Struggle’ Category

INFOPOCALYPSE: You Can Lead The World To The Security Trough.. But You Can’t Make Them Think.

leave a comment »

“Dark, profound it was, and cloudy, so that though I fixed my sight on the bottom I did not discern anything there”

(Dante Alighieri; The Inferno)

The current state of the Security “Industry”

It seems that once again people who I have acquaintance with in the security industry are wondering just how to interface with corporations and governments in order to build a base of comprehension about the need for information security. The problems though are myriad with these questions and the task to reach people can be a daunting one, never mind when you have groups of them in hierarchies that comprise some of the worst group think in the world (AKA corporations)

Added issues for the “industry” also surround the fact that it is one at all. Once something moves from an avocation to a profession, you have the high chance of it becoming industrialised. By saying something has been made industrialised, implies to many, the cookie cutter Henry Ford model really. In the security world, we have seen this from the perspective of magic boxes that promise to negate security vulnerabilities as well as teams of consultants who will “securitize” the company that is hiring them with magic tools and wizardry. The net effect here is that those paying for and buying into such products and services may as well be buying a handful of magic beans instead.

Now, not every company will be efficacious in their assessments nor live up to the promises they make for their hardware/software solutions. Many practitioners out there and companies really try to do the right thing and do so pretty well. However, just as in any other business, there are charlatans and a wide range of skilled and unskilled plying their arts as well. Frankly, all that can be said on this issue is “Caveat Emptor”  It’s a crap shoot really when it comes to goods and services for security solutions. The key is though, to be able to secure yourselves as a company/entity from the standpoint of BASIC security tenets up.

Often its the simple things that allow for complete compromise.. Not just some exotic 0day.

So we have a cacophony of companies out there vying for people’s dollars as well as a news cycle filled with FUD that, in some cases are directly lifted from the white papers or interviews with key players from those said same companies seeking dollars. It is all this white noise that some now, are lamenting and wondering just how do we reign things in and get a stable base to work from in an ethical way to protect companies and individuals from information security meltdowns. More so it seems lately, the question has been how do we reach these people in the first place? How do we actually get a meaningful dialogue with the corporate masters and have them come away with the fundamentals of security as being “important”

Unfortunately, I think that there are some major psychological and sociological hurdles to overcome to reach that point where we can evince the response we all would like to see out of those C level execs. I have written about them before, but I will touch on them again later in this piece. Suffice to say, we all have a tough row to hoe where this is concerned, so, I expect there to be no easy answer… Nor really, any satisfactory conclusions either.

“It is a tale Told by an idiot, full of sound and fury, Signifying nothing”

(Shakespeare; MacBeth)

Security Joan of Arc’s and their Security Crusade:

Joan De Arc was a woman ahead of her time. She wore men’s clothing and lead the French in battle against the English and to victory, all as a teen girl. She later was burned at the steak for heresy and just recently made a saint many years later. I give you this little history lesson (link included) to give you an idea of who you all are in the security industry lamenting over not being listened to. You too may be ahead of your time, but, just as she was, you too will not be listened to because your ideas (to the listeners) are “radical”

Now, radical is a term I am using to denote how the corporate types are seeing it. We, the security advocates, do not see these concepts as radical, but instead as common everyday things that should be practices (complex passwords, patching effectively, etc) They (the client) see these things as impediments to their daily lives, their bottom lines, and their agenda’s both personal and corporate. There are many players here, and all of them have agenda’s of their own. This is a truism that you must accept and understand before you rail against the system that is not listening to your advice.

Here’s a bit of a secret for you.. The more ardent you seem, the more likely you will be branded a “Joan” The perception will be that you are a heretic and should not be listened to. Instead you should be marginalised in favour of the status quo.. After all, they have gone about their business every day for years and they are just fine! The more you rail, or warn with dire tones, the more you will be placed at the back of the mind.

Think Richard Clarke (I heard that chuckle out there)

Though Joan inspired the French forces to battle on and win more than a few battles, she eventually was burned at the steak. Much of this was because of her unique nature and fervour. Much as yours may do the same to you… Without of course literally being burned at the steak and you all must learn this. I think you have to take a page from the hackers playbook really and use the axiom of being a “Ninja”

The subtle knife wins the battle.

 

“If the Apocalypse comes, beep me”

(Joss Whedon;Buffy the Vampire Slayer)

What’s the worst that could happen really?

The quote above really made me chuckle in thinking about this article and the problems surrounding the premise. This I think, is the epitome of some people’s attitudes on security. Most folks just go along their days oblivious to the basic security measures that we would like them to practice as security evangelists. The simple fact is that like other apocalypse scenarios, people just have not lived through them and been affected by them to change their behaviours accordingly. What solidified this for me recently was the snow storm last October here in New England that caught so many people flat footed. They simply had not ever really had to rely on their wits and whatever they had on hand before like this. When the government and the corporations (CL&P) failed to provide their services to the populace, the populace began to freak out.

Its the same thing for information security. Whether it is the government or the corporations that supply us all, both are comprised of people who all pretty much lack this perspective of being without, or having really bad things happen to them. 9/11 comes the closest, but, that only affected NYC and DC directly (i.e. explosions and nightmarish scenarios with high casualties) In the case of corporations, you have lawyers and layers of people to blame, so really, what are the risk evaluations here when it is easy to deflect blame or responsibility? For that matter, it was inconceivable to many in the government (lookin at you Condi) that terrorists would use planes as missiles… Even though a month before a report was handed out with that very scenario on the cover.

The core of the idea is this. Human nature on average, and a certain kind of psychology (normative) that says “This can’t happen to us” We all have it, just some of us are forward thinking and see the potentials. Those forward thinkers are likely security conscious and willing to go out of their way to carry out actions to insure their security. Things like storing extra food and water as well as other things that they might need in case of emergency. These can be life of death deal breakers.. Not so much for information security at your local Acme Widget Corp. In the corporate model, they have the luxury of “It’s somebody else’s problem” So, these things are usually not too important to them unless that person making the decision is cognisant of the issues AND responsible for them. Unfortunately, as we have learned these last 10 years or so, responsibility is not their strong suit.

So, on they go.. About their business after you, the security curmudgeon has told them that they need to store food for the winter..

But the grasshoppers, they don’t listen… Until they are at your door in the snow begging for food.

 

“More has been screwed up on the battlefield and misunderstood in the Pentagon because of a lack of understanding of the English language than any other single factor.

(John W. Vessey, Jr.)

How do we communicate and manipulate our elephants?

Back to the issue of how to communicate the things we feel important. This has been a huge issue for the security community for a couple of reasons.

  1. The whole Joan of Arc thing above
  2. The languages we speak are.. Well.. like Tamarian and theirs are corporate speak.

We, the security practitioners, often speak in metaphor and exotic language to the average corporate manager. You have all seen it before, when their eyes glaze over and they are elsewhere. We can go on and on about technical issues but we never really seem to get them to that trough in the title. Sometimes you can get them to the trough easily enough by hacking them (pentesting) but then they think;

“Well this guy is a hacker… No one else could do this! What are the chances this is going to really happen? Naaahhh forget it, it’s not likely”

So there is a bias already against doing the things that we recommend. Then comes the money, the time, and the pain points of having to practice due diligence. This is where they turn off completely and the rubric of it is that unless they are FORCED to carry out due diligence by law or mandate, they won’t. We all have seen it.. Admit it.. It’s human nature to be lazy about things and it is also human nature to not conceive that the bad things could happen to them, so it would be best to prepare and fight against them.

So, how do we communicate with these people and get them on the same page?

I have no answers save this;

“Some get it.. Some don’t”

That’s the crux.. You have to accept that you as the security practitioner will NEVER reach everyone. Some will just say thank you and good day… And you have to accept that and walk away. As long as you have performed the due diligence and told them of their problems.. You have done all you can. You can try and persuade or cajole them… But, in the end, only those who get it or have been burned before will actually listen and act on the recommendations you make.

“The greater our knowledge increases the more our ignorance unfolds”

(John F. Kennedy)

The Eternal Struggle

There you have it. This will always be the case and it will always be the one thing that others seeking to compromise corporations and governments will rely on. The foolishness of those who do not plan ahead will be their undoing..

Eventually.

All you can do sage security wonk, is calmly and professionally explain to them the issues and leave it to them to drink.

K.

Written by Krypt3ia

2011/11/08 at 19:26

Posted in .gov, A New Paradigm, Advanced Persistent Threat, Business Intelligence, Chairman Meow!, Charlatans, CISSP, Crying WOLF, Digital Ecosystem, Digital Pearl Harbor, Duh, Dystopian Nightmares, Economic Stupidity, Economic Warfare, Economy, Espionage, FauxSec, Financial Armageddon, Financial Warfare, Geopolitics, History Repeats Itself, Infopocalypse, Infosec, Psychology, SCADA, STUXNET, Tactics, The Eternal Struggle, The Stupid It Burns!, The Thousand Grains of Sand, Uncle Volodya, Wag The Dog

China’s cyber-warfare capabilities are ‘fairly rudimentary’… What is it with these crazy Australians?

with 5 comments



Conclusions

Chinese strategists are quite aware of their own deficiencies and

vulnerabilities with respect to cyber-warfare. In June 2000, “a series of high-

technology combat exercises” being conducted by the PLA “had to be

92 suspended” when they were attacked by “a computer hacker”.


China‟s telecommunications technicians were impotent against the intermittent

hijacking of the Sinosat-1 national communications satellite by Falun Gong

„practitioners‟ in the early 2000s. China‟s demonstrated offensive cyber-

warfare capabilities are fairly rudimentary. Chinese hackers have been able

to easily orchestrate sufficient simultaneous „pings‟ to crash selected Web

servers (i.e., Denial-of-Service attacks). They have been able to penetrate

Web-sites and deface them, erase data from them, and post different

information on them (such as propaganda slogans). And they have

developed various fairly simple viruses for spreading by e-mails to disable

targeted computer systems, as well as Trojan Horse programs insertible by

e-mails to steal information from them. However, they have evinced little

proficiency with more sophisticated hacking techniques.


The viruses and Trojan Horses they have used have been fairly easy to detect and remove

before any damage has been done or data stolen. There is no evidence that

 China‟s cyber-warriors can penetrate highly secure networks or covertly

 steal or falsify critical data. They would be unable to systematically cripple

 selected command and control, air defence and intelligence networks and

 databases of advanced adversaries, or to conduct deception operations by

 secretly manipulating the data in these networks. The gap between the

sophistication of the anti-virus and network security programs available to

China‟s cyber-warriors as compared to those of their counterparts in the

more open, advanced IT societies, is immense. China‟s cyber-warfare

authorities must despair at the breadth and depth of modern digital

information and communications systems and technical expertise available

to their adversaries.


China is condemned to inferiority in IW capabilities for probably several

 decades. At best, it can employ asymmetric strategies designed to exploit

 the (perhaps relatively greater) dependence on IT by their potential

 adversaries—both the C ISREW elements of adversary military forces and

the vital telecommunications and computer systems in the adversary’s

homelands. In particular, attacks on US information systems relating to

military command and control, transportation and logistics could “possibly

degrade or delay U.S. force mobilisation in a time-dependent scenario”, such

as US intervention in a military conflict in the Taiwan Straits.


China‟s cyber-warfare capabilities are very destructive, but could not compete in

 extended scenarios of sophisticated IW operations. In other words, they

 function best when used pre-emptively, as the PLA now practices in its exercises.


In sum, the extensive Chinese IW capabilities, and the

 possibilities for asymmetric strategies, are only potent if employed first.


Desmond Ball: China’s Cyber Warfare Capabilities







Oh Desmond…


Desmond, Desmond, Desmond… You spend so much time pointing out all of the Honker Union activities, the malware created by China, and all their overall IW/Espionage activities and then you say;


“Well, because there’s no real proof of their actually having done anything, they are unable to do so”


*blink blink*


Crikey! Have you been sipping what Dr. Wright has been drinking or what? Tell me Desmond, what is your classification rating? Because I think you are lacking some pertinent information that might change your hypothesis quite a bit. Either way, your contention is lacking understanding of the playing field I think, so let me enlighten you a bit ok?


Rudimentary? Really?


I personally have heard of “on the fly” coding of malware to affect pertinent systems within a defense contractor network to not only keep access within said network, but, also to exfiltrate even more interesting data. Now, that sounds rather advanced to me..


How about you?


Sure, the coders could have been just about anyone, but, the data was being exfiltrated to areas that were in the Asia Pacific and more than likely were Chinese in origin so, yeah, it likely was them and not say, Germany. However, once again, we have no real proof of it being “solely” China. Oddly enough though, when data was caught in the hands of the Chinese we pretty much had to admit it was them doing it. So, no Desmond, they are not wholly unskilled and certainly as unsophisticated as you would paint them. This is just one instance of access and hacking that allowed for the APT (Advanced Persistent Threat) activity that, well Desmond, was coined for their activities against the defense industrial base here in the US.


Simply Desmond, you can cite all the articles from the internet you want.. You still won’t have the whole picture.


PSSST… Guess What?


So, to move this further along the philosophical and technical path for you let me explain it another way for you. The Chinese, as with most of the Asiatic countries, have a different perspective on things than we in the West. Something core to the Chinese mindset on warfare are the following:



The Chinese do not have a goal of outright cyber warfare with us. In fact, they would use the subterfuge angle you speak of by leaving trap doors in software and hardware, which they have done in the past (and have been caught) However, more than likely, they would use the supply chain that we have allowed them to become the lions share of via outsourcing of cheap parts/labor to infiltrate our systems with bad chips or said same back doors. Why do you think we spend so much time (the military) checking everything that we get for the government/mil from China?


Soft power Desmond would dictate that they use the thousand grains of sand to not only steal our IP but also use the technology and our dependence on their cheap rates to insert bad data/systems/hardware into our own infrastructure for them to call up when needed to fail. This is not to say that they do not also have operators who have inserted code into other systems remotely to late be used when needed as well.


Simply Desmond, you don’t see the whole picture and its rather sad that you go on to make such defined claims. The simple truth is that the Chinese don’t need to attack us pre-emptively. They have been undermining us (US) for a very long time as we sell out to them for cheap goods. and services. THIS is soft power. They now sit in the catbird seat in many ways financially (though yes, they could lose much by us defaulting) however, from the soft power perspective, they hold the upper hand. A coup de grace would be to take down military systems were we to get uppity about Taiwan.. but really, are we in a position to do so after being wholly owned by them and their capital?


Desmond.. It’s not so much Red Dawn as it is “They Live” if you are into movie references.


網絡戰 !!!


Alrighty, now that I have gotten that off my chest, Cyberwar is to me, too hard to carry out for ANY of the countries out there now. China being only one country that might want to. The systems are too disparate and to control a single node would take great effort. So, yes, I can agree with you that they are not in a position to do us major damage from a CYBERWAR booga booga booga perspective. Frankly, no one could in my opinion. However, your contention that they could not insert bad data during a time of war is a load of crap.


ANYONE could IF they had the access and the desire. It would not need to be nation state, it could be a private citizen for that matter. What is more interesting Desmond is that you fail to understand the espionage angle here. The Chinese use their expat’s to do their bidding under threat, or, mostly under the “poor poor China” argument. Imagine an insider adding code to systems that could be triggered…


Yeah.. Soft power once again.. It could turn hard though with the right circumstances.


Once again Desmond, you think too one dimension-ally.


The Sad Truth…


Now, with all of that said, lets turn it around a bit. The saddest truth is this;


“Given all of what has happened recently with Lulzsec, it has become clear that it does not take an uber hacker to take down pretty much anyone”


The systems out there have not been protected well enough. Patching, and secure coding have not been at the fore here and thus it is trivial for the most part to hack into systems throughout the internet. So, the Chinese need not be uber haxx0rs to do the damage needed because we collectively have done a bad job at securing our own networks.


*sadface*


Once again, you fail to look at the problem from a more multidimensional angle.


Please go back to the drawing board Desmond because you lack the proper information and perspective to really make the claims you are making.


K.

	


	

		

			
Written by Krypt3ia 

			
2011/11/06 at 23:10

		

		

			
Posted in Chairman Meow!, Chinese Overlords, CodeWars, Commentary, CyberFAIL, DarkVisitor, Digital Pearl Harbor, Duh, Espionage, Fucktards, Geopolitics, Industrial Espionage, Infopocalypse, Infosec, Infowar, Infrastructure, Ni Hao Chairman Meow!, OPSEC, Our Chinese Overlords, SECOPS, The Eternal Struggle, The Industry, The Stupid It Burns!, The Thousand Grains of Sand, What the???

					

	





	
Shamikh1.info: The New Den of Scum and Villainy

			
leave a comment »

	
	

		


Well, that didn’t take long did it. At least Evan got one thing right, they’d be back up soon. So, here is the skinny on the new site and the core server that they have stood up. The site is still not fully back online, but this stage of things allows one to get a lot of intel on the server makeup and who is operating/hosting it because they had a direct link back to the sql instance. The site is not fully operational yet, but they are setting it up rapidly as I surmised they would on the domain of shamikh1.info which was registered in May as the backup domain.


I have begun the work of getting all of the pertinent details on the address owners/ops in Indonesia so soon all of their details will be available to those who want them. However, just with the short bit of work I have done here, I pretty much think you can all get a grasp of who’s where and what’s up huh? Sure, the server is in Indonesia, and, well, they are rather tepid on the whole GWOT thing so nothing much may happen…


But..


You intelligence agencies out there looking for a leg up.. Well here it is… Enjoy.


Now, back to the events that brought us to today. The take down of the original site may have been only because someone got into the server and wiped it out as Evan suggests (without any proof as yet mind you) or, it may in fact be because the site was blocked at the domain level as I pointed out in my last post on this matter. Godaddy had suspended the domain and I am not sure if the mirrors on piradius were working before the alleged attack happened or not. At this point, it is anyone’s guess as to the attacks perpatraitors, methods, and final outcome until someone from the AQ camp speaks up on exactly what happened.


Meanwhile, the media will continue to spin on about MI6 hacking them or perhaps it was those mysterious “Brit” hackers that so many articles mentioned.


“Bollocks” As they say in England.


DATA:




Domain ID:D38010794-LRMS
Domain Name:SHAMIKH1.INFO
Created On:14-May-2011 00:22:30 UTC
Last Updated On:27-Jun-2011 07:43:57 UTC
Expiration Date:14-May-2012 00:22:30 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:fce7ae13f22aa29d
Registrant Name:WhoisGuard  Protected
Registrant Organization:WhoisGuard
Registrant Street1:11400 W. Olympic Blvd. Suite 200
Registrant Street2:
Registrant Street3:
Registrant City:Los Angeles
Registrant State/Province:CA
Registrant Postal Code:90064
Registrant Country:US
Registrant Phone:+1.6613102107
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:06b6ac7646b147ccb6aed6d1f0248d70.protect@whoisguard.com
Admin ID:fce7ae13f22aa29d
Admin Name:WhoisGuard  Protected
Admin Organization:WhoisGuard
Admin Street1:11400 W. Olympic Blvd. Suite 200




Core Server:


Ip address: 180.235.150.135


Location: Indonesia









Persons Attached: Daru Kuncoro & Yogie Nareswara


Names of Admins: Yogie Nareswara & Daru Kuncoro


Email Contacts: ahmad@koneksikita.com yogie@arhdglobal.com


Nmap Scan Report:




Starting Nmap 5.21 ( http://nmap.org ) at 2011-07-02 07:39 EDT
Initiating Ping Scan at 07:39
Scanning 180.235.150.135 [2 ports]
Completed Ping Scan at 07:39, 0.32s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 07:39
Completed Parallel DNS resolution of 1 host. at 07:39, 0.53s elapsed
Initiating Connect Scan at 07:39
Scanning 180.235.150.135 [1000 ports]
Discovered open port 80/tcp on 180.235.150.135
Discovered open port 110/tcp on 180.235.150.135
Discovered open port 993/tcp on 180.235.150.135
Discovered open port 143/tcp on 180.235.150.135
Discovered open port 21/tcp on 180.235.150.135
Discovered open port 443/tcp on 180.235.150.135
Discovered open port 3306/tcp on 180.235.150.135
Discovered open port 995/tcp on 180.235.150.135
Completed Connect Scan at 07:39, 11.74s elapsed (1000 total ports)
Nmap scan report for 180.235.150.135
Host is up (0.30s latency).
Not shown: 958 filtered ports, 34 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
993/tcp  open  imaps
995/tcp  open  pop3s
3306/tcp open  mysql




Tasty, they have a few ports open. Hey antisec skiddies, wanna play with some SQLi ?


Meh.


Site Contact Data:


Daru Kuncoro:




Yogie Nareswara:




Current State:




Guess they are still working on the server connections… I am sure as well, that soon they will have more stealth servers out there in Malaysia as well. So the mirroring will begin for the sql instance to do the push from. Lets see how long it is before this one is taken down shall we? Oh, and next time an attack happens, lets all get a lock on how it is happening as well as exactly what it is. I have had enough of the media hype with talking heads who have no idea what they are talking about when it comes to information warfare or network security.


More later.


K.

	


	

		

			
Written by Krypt3ia 

			
2011/07/02 at 12:42

		

		

			
Posted in .gov, .mil, AQ, COMINT, Counter-Insurgency, CyberFAIL, CyberSec, CyberWar, GWOT, Hacking, Infowar, Insurgency, INTEL, Internet Jihad, jihad, Jihad Recruitment, OPSEC, OSINT, PsyOPS, Radicalization, SECOPS, Security, Shahid, Stealth Jihad, Terrorism, th3j35t3r, The Eternal Struggle, Tradecraft

					

	





	
Nuclear Jihad: AKA, Is That A Dirty Bomb In Your Pocket? Or Are You Just Happy To See Me?

			
leave a comment »

	
	

		


Al-Qaida is on the verge of producing radioactive weapons after sourcing nuclear material and recruiting rogue scientists to build “dirty” bombs, according to leaked diplomatic documents.


A leading atomic regulator has privately warned that the world stands on the brink of a “nuclear 9/11”.


Security briefings suggest that jihadi groups are also close to producing “workable and efficient” biological and chemical weapons that could kill thousands if unleashed in attacks on the West.


Thousands of classified American cables obtained by the WikiLeaks website and passed to The Daily Telegraph detail the international struggle to stop the spread of weapons-grade nuclear, chemical and biological material around the globe.


Full article HERE


So, the Wikileaks strike again eh? This is news how exactly though? I mean, the state of nuclear affairs let alone biological has been such that since the break up of the Sov state, we have had a huge problem with missing materials. So, lets break it down shall we?


    

  • 

      

    • AQ’s stated goals have always included nuclear and biological ambitions
      • 

    • Since the collapse of the USSR nuclear and biological materials have been for sale
      • 

    • Our own methods of protecting high value targets other than actual U235 have been lackluster
      • 

    • Our BSL4 labs in some cases included weaknesses that would only require a rock through a window to release toxins
      • 

    • If you wanted to make a read dirty bomb in downtown Cambridge, you just have to get a bomb close enough to the reactor at MIT
      • 

    

    • 



There are more, but do I really need to go on? So, we have been lucky so far that the Jihadists have not been that serious so as to have already gotten the materials and used them. The moral of the story? Keep up with the interdictions. Keep setting up radiological detectors at the ports and the like. Just keep vigilant really. As for the biological materials, I would suggest that we protect them all with due care.


Krypt0s

	


	

		

			
Written by Krypt3ia 

			
2011/02/02 at 00:30

		

		

			
Posted in jihad, Nukes, Qaeda, Stealth Jihad, Terrorism, The Eternal Struggle

					

	





	
Carnivale: Two Seasons of Goodness and Then A Blight from HBO

			
with 5 comments

	
	

		


Back in 2005 a show came to HBO that I got in drips and drabs over time while I was a “Travelling Man” for IBM. Since I did not have HBO at home and still don’t I had to finally catch this whole show on DVD. I have just finished watching both seasons of the show and I felt compelled to write a review. The show was Carnivale.


Carnivale takes place in 1934, the depths of the depression in the blighted land of the dust bowl. From the start, it is an incredibly well shot and designed show that really places you in the setting of depression dust bowl life even better than the Dorthea Lange picture of the migrant worker. You literally feel the dust and parching heat of the place and time by just looking at the scenery and of course, the players. Never a more dusty troupe will you ever see.


The basis of the show is the epic battle between good and evil that takes place on the earthly plane after the war in Heaven came to an end. Evidently, every generation has the chance of being led by evil or good according to the deal that was struck between Satan and God. A savior and a devil are born with each generation and they may, or may not, fulfill their destiny to do battle and decide the fate of man.. For that generation at least.. Until the Omega.


In this generation you have Ben Hawkins, a boy who has been shunned by his insane mother and in the start of the show, we find has escaped the chain gang to be with her and try to help her. She refuses his help, which could heal her by the laying of hands upon her, and dies. Ben, moves on to escape the law with the local Carnivale and begins the journey of discovery of what he is as well as hasten the epic battle to come.


The Good:


Fantastic cinematography, set design, costume design, and general historical accuracy down to the language of the time and place! This will be darkly wonderful and dry for you to watch. You will feel like you are literally sitting next to that migrant worker as well as give you a taste of 1930’s carny life.


The Acting was well done and the writing of the characters well defined if not a little cryptic at times.. But that cryptic nature makes you want to know more, so you make a point of watching the next episode. There was not one episode that left me thinking.. Meh, maybe I will not see it next week when it was on tv.. The only problem I had was.. I didn’t have HBO except in hotel rooms!


The story was well defined and had you wondering at every turn just where it was going to go. You had hints and visions of possible futures but you really were left with your imagination as opposed to too many foreshadowing scenes that gave everything away. The interplay of the plot lines both historical and present really kept you going too. All in all, a story that was originally a book that was turned into a series that kept most of its content. This was one of the reasons for its downfall though. The series was just too costly to continue according to HBO and thus, in the end I have a gripe about the ending…


The Bad:


As mentioned above, the cost of the show and the sudden decision to pull it from HBO left it in the lurch. Much of this due to the story lines and arc of the show being presented in book/chapter format. By killing it in the second season, the writers were left to tie up some loose ends hastily and end it with as much finality as they could and still serve the story…


Which, really did not happen.


At the end, the story was forced enough that the last three episodes felt like you were being rushed out of your seat at a busy restaurant by a harried wait staff. You got to eat, but you got heartburn for it really. The story suddenly shifted into high gear with a feel akin to a speed walking version of “The Stand” and the new “Canaan” took the place of Las Vegas.


Additionally, I found that the plot device used to foil the evil one was a bit of a kluge, however, had it been part of the larger arc later discovered through the writers pitch document, then it would not have made it seem too forced. But, because this show was given the axe, the story line and end falls flat. I think though, that I need to find out if the writers etc, knew that this was the end when they had it in the can or, did they think season 3 was coming still? If so, then the pace was just, the pace and my perception of it different because it was “the end” according to HBO.


All in all, the ending left quite the opening for continuation should someone pick up the mantle. However, since its 2010 and Hollywood would rather make crappy re-makes than original works, I hold out little hope of redemption through the arc being finished out.


Final Analysis:


    

  • Carnivale was a fantastic show that got the usual short shrift from the studios.
    • 

  • HBO screwed the pooch.
    • 

  • Clancy Brown is America’s scariest actor
    • 

  • This show leaves you wanting to Google a LOT of things 
    • 

  • It includes Templars, Renne Les Chateau, and other mythos and that is ALWAYS cool
    • 

  • See it all on DVD.. I promise you you will not regret anything but its ending
    • 

  • Once you have seen the series read the “Pitch Document” it will give you more to work with
    • 



“Ok children.. Let’s shake some dust”


CoB

	


	

		

			
Written by Krypt3ia 

			
2010/07/29 at 18:44

		

		

			
Posted in In Hoc Signo Vinces, Movie Reviews, Review, The Eternal Struggle, Tv, TV Reviews