Archive for the ‘The Five Rings’ Category
The Lulzboat Sailed The Internets and All I Got Was This Stupid Garbage File!
That’s it? All we get is this stinkin garbage file?
Well, it seems that the Lulz are over for now as last night saw the Lulzboat sail into the sunset. In a post on twitter and a rapidly seeded file dump on Pirate Bay, the LulzSec collective decided to hang up their tophat claiming that they were basically going to pull a Costanza at the top of their game.
Within the torrent file the following parting words were sent:
Friends around the globe,
We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.
For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.
While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn’t that interesting to know? The mediocre painter turned supervillain liked cats more than we did.
Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.
So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.
Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.
Let it flow…
Hrmmm.. 50 days? Is there any real significance to this other than perhaps the party van was pulling up outside your doors and you had to dump the garbage file quick like? Honestly, the files that you dumped, while in sheer numbers of passwords and logon’s to a few sites is well, kinda weak. In short, there is nothing revelatory here. I mean, jeez at LEAST the garbage file in the movie had some interesting malware shit in it right?
The Files:
So, we have some AT&T data from inside that cover some frequency ranges, and some manuals, minutes from meetings etc that are kind of interesting. There is a scan of the FBI.gov site that shows a vuln, and they managed to add Pablo Escobar to the Navy jobs database.
Whoopee.
All in all I have to give the Lulzsec crew a big “MEH” on this as well as their other dumps really. Sure, they have pointed out that low hanging fruit is abundant on the internet, but, really, who in the security or hacking world did not know this? Further more, what does the average everyday end user care? I mean, if their passwords are stolen, they will reset them. If their money is stolen they are insured by the Fed… Is there a great hue and cry from the masses because Lulz were had by the general populace to have the Lulzboat crew hoisted on the yard arm?
Not that I have seen.
In short kidz, you have only served to amuse yourselves and others out there but if you had anything else in mind about bringing change to the scene, I don’t think you have succeeded. People are creatures of habit and sloth. Short of taking the whole system down for the count, nothing will be so epic as to make corporations secure their networks and perform due diligence. Those who have done so out of worry because of your antics will go back to their peaceful Luddite slumber.
Leaving So Soon?
So, on to your sudden departure from the scene. I have the feeling that as I had written about before, you were coming to realize that perhaps you could never be as clever or wily to evade detection and prosecution given your penchant for the dramatic you all seem to have. Your propaganda machine and communication channels were leaking, this you could see from the A-Team dumps.
You guys have tried variations of your names, you have attempted obfuscate as much as you could, but, in the end, your re-use of favored screen names was your undoing. You see, the jester has been scouring the internet (I am sure with help from others) looking for any connections to those screen names or iterations thereof. I myself have done this and came up with analogous data to what jester and others have posted. With each successive day, your true identities are being uncovered if they have not fully been as of now.
However, this re-use of nick names and ties to email addresses aside, you guys just were immature enough to do yourselves in with petty disputes and the use of non trustworthy assets. This whole outing of each other thing was one of the most stupid things I have seen. Sure, some of it could be digital chaff, with you trying to set out disinformation, but I think that is not the case. Your own hubris shall be the thing that ends up placing the party vans on your collective front steps.
Lets face it, you played the game of spooks and I think in the end, you will lose. In fact, I think that you should probably have been better off had you just gone off seeking some sharks with frikkin lazers on their heads in your volcano lair instead of playing with the fire that you have been. Once they do pop you, you all are going to see some very interesting things inside jail as the governments kluge together terrorism charges on you.
Your Legacy:
Well, I guess we will have to see if anyone decides to take up the Lulzsec mantle. For now, we all await the party van posse to pick you all up sooner or later. You have spawned some more fools though like Team Poison who want to up the ante with releases of data like old Tony Blair stuff… That was kinda lame too frankly and made so sense when they claimed to still have access.. Why dump what you have and then claim to still have access? If it was current, I am pretty sure they have yanked the plug on that mail server and ‘five’ has it.
Oh, did you take that into account? I mean, he is Tony Blair after all… They are MI5… ‘Expect them’
So where was I?… Oh yeah..
In all of your dumps you delivered nothing worth your or our time. You proved a point that SQLi is prevalent but who didn’t know this? You have proved that you were pretty immature and likely suffer from Asperger’s yourselves… Well that will be the claim that your lawyers make to the judge won’t it huh? I mean that is the mental illness du jour as excuses go for immature hacking antics today isn’t it? I don’t think that will work though, the government just doesn’t care, they will medicate you and then put you on trial. You see Asperger’s is not a form of insanity, and the insanity plea, as some of us know, is NOTORIOUSLY hard to use as a defense in court. Nope, you guys really actually suffer from inflated ego’s and too much jolt cola.. That’s my diagnosis, for what its worth.
So, yeah, legacy… Well, you certainly have tried to do your best imitation of SPECTRE, but instead you came off as Bighead. I am sure there will be others following in your footsteps, but, in the end I don’t think you have launched a new SPECTRE.
Nope, I expect your real legacy will be the creation of more draconian laws by the government as a backlash to your antics. Laws that will make all our lives a bit more less private and a lot more prone to being misused. I also expect that the lulz will continue, though at your expense once you are all caught and put into the pokey.
… And those lulz will also be epic fail.
K.
HB Gary: Hubris, Bad Science, Poor Operational Methodology, and The HIVE MIND
Algorithms, Social Networks, and COMINT:
When I had heard that HB Gary had been popped and their spool file was on PB I thought that it was unfortunate for them as a fairly well known company. Once the stories started coming out though with the emails being published online, I began to re-think it all. It seems that Aaron Barr really fucked the pooch on this whole thing. He primarily did so due to his own hubris, and for this I cannot fault Anonymous for their actions (within reason) in breaking HB Gary and Barr’s digital spine.
It seems that Barr was labouring not only a flawed theory on tracking social networks, but also in that he planned on selling such a theory and application to the government. One notion was bad, and the other was worse. First off though, lets cover the science shall we? Barr wanted to track users on social networks and show connections that would lead to further data on the users. The extension that he was trying to make was obtaining actual real names, locations and affiliations from disparate sources (i.e. Facebook, Twitter, Myspace, IRC, etc) While this type of data gathering has been done in the past, it has not usually been culled from multiple sources automatically electronically and then strung together to form a coherent pattern. In short, Barr was wanting to create software/scripts to just scrape content, and then try to connect the dots based on statistics to tie people to an entity like Anonymous. The problem, and what Barr seemed to not comprehend, is that the Internet is a stochastic system, and as such it is impossible to do what he wanted with any kind of accuracy. At least in the way he wanted to do it, you see, it takes some investigation skills to make the connections that a scripted process cannot.
This can be seen directly from the article snippet below where the programmer calls Barr on his flawed logic in what he was doing and wanted to do.
From “How one man tracked down Anonymous and paid a heavy price”
“Danger, Will Robinson!”
Throughout Barr’s research, though, the coder he worked with worried about the relevance of what was being revealed. Barr talked up the superiority of his “analysis” work, but doubts remained. An email exchange between the two on January 19 is instructive:
Barr: [I want to] check a persons friends list against the people that have liked or joined a particular group.
Coder: No it won’t. It will tell you how mindless their friends are at clicking stupid shit that comes up on a friends page. especially when they first join facebook.
Barr: What? Yes it will. I am running throug analysis on the anonymous group right now and it definately would.
Coder: You keep assuming you’re right, and basing that assumption off of guilt by association.
Barr: Noooo….its about probabilty based on frequency…c’mon ur way smarter at math than me.
Coder: Right, which is why i know your numbers are too small to draw the conclusion but you don’t want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.
Barr: [redacted]
Coder: [some information redacted] Yeah, your gut feelings are awesome! Plus, scientifically proven that gut feelings are wrong by real scientist types.
Barr: [some information redacted] On the gut feeling thing…dude I don’t just go by gut feeling…I spend hours doing analysis and come to conclusions that I know can be automated…so put the taco down and get to work!
Coder: I’m not doubting that you’re doing analysis. I’m doubting that statistically that analysis has any mathematical weight to back it. I put it at less than .1% chance that it’s right. You’re still working off of the idea that the data is accurate. mmmm…..taco!
Aaron, I have news for you, the coder was right! Let the man eat his taco in peace! For God’s sake you were hanging your hat completely on scrape data from disparate social networks to tie people together within a deliberately anonymous body of individuals! Of course one could say that this is not an impossible feat, but, one would also say that it would take much more than just gathering statistical data of logins and postings, it would take some contextual investigation too. This was something Barr was not carrying out.
I actually know something about this type of activity as you all may know. I do perform scraping, but, without real context to understand the data (i.e. understanding the users, their goals, their MO, etc) then you really have no basis to predict what they are going to do or really their true affiliations. In the case of jihadi’s they often are congregating on php boards, so you can easily gather their patterns of friendship or communications just by the postings alone. Now, trying to tie these together with posts on other boards, unless the users use the same nick or email address, is nearly impossible.
Just how Aaron Barr was proposing to do this and get real usable data is beyond comprehension. It was thus that the data he did produce, and then leak to the press enraged Anonymous, who then hacked HB Gary and leaked the data in full claiming that none of the data was correct. Either way, Aaron got his clock cleaned not only from the hack (which now claims to have been partially a social engineering attack on the company) but also from the perspective of his faulty methodologies to harvest this data being published to the world by Anonymous.
OSINT, Counter-Intelligence, and Social Engineering:
The real ways to gather the intelligence on people like Anonymous’ core group is to infiltrate them. Aaron tried this at first, but failed to actually be convincing at it. The Anon’s caught on quickly to him and outed him with relish, they in fact used this as an advantage, spurring on their own efforts to engineer the hack on HB Gary. Without the right kind of mindset or training, one cannot easily insert themselves in a group like this and successfully pull of the role of mole or double agent.
In the case of Anonymous though, it is not impossible to pull this off. It would take time and patience. Patience it seems that Aaron Barr lacked as much as he did on scientific and mathematical method where this whole expedition was concerned. Where his method could have been successful would have only come from the insertion of an agent provocateur into the core group to gather intel and report back those connections. Without that, the process which Aaron was trying would have yielded some data, but to sift through it all with interviews by the FBI and other agencies would have become ponderous and useless in the end.
It is my belief that there is a core group of Anon’s as I have said before. Simply from a C&C structure, there has to be an operational core in order for there to be cohesion. This can be seen in any hive structure like bees, there are drones, and there is a queen. A simple infrastructure that works efficiently, and in the case of anon, I believe it is much the same. So, were one looking to infiltrate this core, they would have a bit of a time doing so, but, it could be done. Take out the core, and you take out the operational ability of the unit as a whole to be completely effective. To do this though, one should be able to understand and apply the precepts of counter intelligence warfare, something Barr failed to grasp.
In the end.. It bit him pretty hard in the ass because he was in a hurry to go to press and to sell the ideas to the military industrial complex. Funny though, the real boys and girls of the spook world would have likely told him the same thing I am saying here… No sale.
Oh well… Arron Icarus Barr flew too close to the anonymous sun on wings made from faulty mathematical designs and burned up on re-entry.
K.
Weapons Of Mass Disruption: Cyberpocalypse-a-palooza
To avoid a digital doomsday, Clarke and co-author Robert Knake argue that America needs to treat cyberattack capabilities as nothing less than weapons of mass destruction that can “skip over the battlefield” to target civilian life. That sort of threat, like nuclear weapons, calls for a multi-tiered response: treaties, transparency, beefed-up defenses and a focused concern on rogue states.
Cyberwar treaties face a problem that traditional ones don’t. An enemy could easily hide the source of attacks by routing them through hijacked computers in another country or attributing them to independent criminals.
But Clarke contends that a government could be held accountable for helping to track down any cyberattack originating within its borders, just as the Taliban was held responsible for harboring Osama bin Laden. Although attribution on the Internet isn’t as simple as in traditional warfare, cyberattacks can be traced. Clarke says forensic hackers can follow the trail of bits when they’re given time and leave to breach enemy computers.
“The NSA can do that. And the NSA tells me that attribution isn’t actually a problem,” he says bluntly.
Full article HERE
Dick, Dick, Dick, I am with you in so many ways.. BUT, when you start talking about DPI of the WHOLE INTERNET, then you lose me pal.
Sorry *shrug*
I personally don’t want the whole of the internet being siphoned even MORE than it already is by DPI at every providers NOC with a NARUS STA6400 system installed.
Nope, no thank you.
Now, on the other things likes accountability for nations with server on their soil I am with you. If a server is public/private and is on your soil, there should be “some” responsibility there. At least there should be enough to enforce security practices be carried out to prevent it from becoming the botnet slave in the first place no? Of course Obama wussed out on that one here didn’t he? No rules will be created to enforce that type of accountability here in the private sector.. No sir! It would put an undue strain on the private sector!
*tap tap* Uhh sir, most of the infrastructure is in “private” hands… Umm without making them do some due diligence we are fucked mmmkay?
Yeah…
Meanwhile, lets talk to the italicized and BOLD text. Back in the days of yore, when pirates roamed the seas, there was a thing called a “Letter of Marque” basically, government would give a pirate hunter the letter and say “go git em” This is what we need today I think. Of course this is touchy, but, this is pretty much what Dick is alluding to. He says that he “knows” that were the NSA given a letter of marque, they could not only penetrate the systems involved, but also run the forensics to attribute where the perp really is.
“Whoa” to quote Neo…
Yes, it’s quite true. Not only the NSA could do this though. Go to the BlackHat or Defcon and you would have a plethora of people to choose from really. So this is no mysterious mojo here. Its just that this type of action could cause much more ire than the original attack maybe and lead us into that physical war with the nukes. Who knows.
I guess though, that what has been seen as the model for the future “internet” with cyber-geographic demarcations might just be the real future state we need. At least that is what Dick’s advocating here and I can sorta see that as a way to handle certain problems. If we break up cyberspace so to speak, into regions (like the whole .XXX debacle) then we can have set rules of governance. At present the internet is just a giant wild west stage complete with digital tumbleweeds and an old whore house.
*pictures the dual swinging doors and spurs jangling*
The one thing that rings true though, is that there needs to be some accountability.. Just what form that will take is anyone’s guess. For now though, we will continue on with the lame government jabbering and frothing with the lapdog that is the so called “press” lapping it all up and parroting it back to the masses.
Smoke em if ya got em…
CoB
Al-Faloja Forums Fall Down… Go Boom…
It looks like Al-Falluja forums were part of the take down by the military/NSA last week. All of the mirrors are gone as well as the main site. This is one of the places I had been collecting on (previous post) and I am not sure if this was just collateral damage or if this was a main site of theirs. Interesting though, this site had some real good data including a message that OBL would be making a statement soon, and there was one this week (OBL message)
This all brings up the issue of why they took this site down and perhaps others. The arrest of 100 jihadi’s this week that was announced by Saudi kinda tips the hand I think. I believe that they had a massive plan and that the data was being trafficked on this site and others that were either being run by or had been compromised by the intelligence agencies. Either that is the case or, as the site that was taken down had affiliations with Al-Faloja, they may have just taken Faloja down to prevent blowback on themselves.
So, now I am going through the sites I have been auditing to see what’s left on the internet and what’s been taken down this last week or so. Thus far though, Faloja is the big one that is missing. With that though, I am going to segue way into talking about CAUI It seems that these sites may have been a direct effect of the NSA CAUI program. This has ruffled feathers at the CIA and other intelligence agencies but one has to look at the proportions of the arrests and the geopolitical/economic ramifications should the jihadist’s plans come to a successful conclusion. It would have been a nightmare with attacks on the main oil production facilities in Saudi being damaged or destroyed. The overall economic damage would have been immense as well as the capital it would have given the jihadi propaganda machine.
In the end, I really wish that the NSA and others had been able to keep the site up and just pass the data/make the arrests. However, it seems that they had their reasons for doing what they did. It does however leave the jihadis now wondering just what site is theirs and or has not been pwnd by some intelligence agency. This makes me wonder about their next steps. What is the likelihood that they are going to go underground with their comm’s or will they just be more careful and start creating more stealth sites?
Time will tell…
It also has me wondering whether or not a certain jokey might also be feeling a little more worried for DoS’ing sites that may indeed be run by certain intelligence agencies. Piss off the wrong people and ya might just find them at your door soon enough…. It’s much easier to get router logs from ISP’s these days ya know.
CoB
A Dagger To The CIA: How The CIA Has Been Neutered
The one thing all analysts shared was a disdain for the operatives and their cloak and-dagger pretensions. As far as they were concerned, the operatives’ “tradecraft” was a lot of hocus-pocus. Operatives were cowboys—and of questionable utility.
Analysts were convinced that most good information was right out in the open. All you needed was a good brain to make sense of it. And what you didn’t know from open sources, you could learn from intercepts and satellites.
It’s impossible to pinpoint exactly when the operatives’ sun started to set, but many CIA insiders would point to John Deutch, the former MIT provost and Bill Clinton’s second CIA director. From the moment Deutch set foot in Langley, he made it plain that he hated the operatives, their swagger and arrogance. Deutch held them responsible for some of America’s worst foreignpolicy fiascoes, from the Bay of Pigs to the overthrow of Allende in Chile. In December 1995, he told The New York Times: “Compared to uniformed officers, [CIA operatives] are certainly not as competent, or as understanding of what their relative role is and what their responsibilities are.”
Deutch’s first shot at the operatives was his appointment of Dave Cohen as deputy director of operations, the CIA’s most senior operative. Cohen was an analyst who had never served overseas or run a foreign informant. Deutch’s message couldn’t be any clearer: Anyone can do an operative’s work.
The first thing Cohen did was order a “scrub” of every informant with dirty hands. Drug dealers, dictators’ minions, arms dealers, terrorists—Cohen ordered the operatives to sever ties with all of them. The only problem was, these were the people who mix well with our enemies—rogue regimes like Iran and North Korea and terrorist groups like Hezbollah and Al Qaeda. Deutch and Cohen didn’t care; they had a mandate to clean up the CIA, and that’s what they were going to do.
Headquarters ofiicers started taking more and more of the important jobs in the field. For the first time in the CIA’s history, analysts, reports officers, and logistics officers were given stations and bases to run. (As a reports officer, Kathy technically belonged to the directorate of operations, but in spirit she was much closer to an analyst.) Field experience no longer mattered, either for assignments or promotions.
As the CIA purged informants, it leaned on allies to do our dirty work in the field. Friendly Muslim intelligence services, not CIA operatives, were asked to comb jihadi circles. All this only got worse after September 11. The wars in Iraq and Afghanistan sucked the CIA dry.
In 2006 there were nearly 750 officers assigned to Baghdad station, mostly staff officers on their first overseas assignment. That number may not sound like a lot, but throughout the ’90s there were at most 1,200 to 1,500 CIA employees assigned overseas at any one time.
The rest HERE
A more concise appraisal of what’s gone so so wrong with the CIA I have not seen in print I think. Scheuer, Baer, Bearden, have all said much the same things in their books and interviews, but this captures it with regard to a real event that made the recent news. In context you can see clearly just how piss poor the agency has been run for some time now.
What the article does not cover here is that at the same time this sentiment was being fomented by the DDO and moves were made to place analysts into field positions many of the working field operatives retired (or were forced out) because they saw the writing on the wall. Baer covers this where in the 90’s he was investigated by the FBI for working on an operation with “unsavory” types. He was accused of murder and other things from a sanctioned operation. *Somewhat depicted in Syrianna*
He left soon after. The PC attitude was too much.
Meanwhile, this left the CIA without any real access to the actual bad people that they were supposed to be fighting against. As the article points out, the CIA then began to rely more on foreign agencies for their “dirty laundry” collections. By doing this, the CIA became much more susceptible to getting bad intelligence as well as being manipulated by disinformation.
By using the ISI for example, the CIA was being led down the primrose path many a time because many in the ISI were sympathetic to AQ. In fact, some of the ISI personnel were in fact AQ operatives. So where’s the good in all this? Nothing good can come from friends like these in the intelligence business. Much like the lack of understanding in the case of meeting with Balawi might have been tempered by the wishes of the GID to win the day and present a mole who could get close to OBL.
There just wasn’t enough vetting and relying on a flipped agent is always a tricky thing. Even more so when that flipped agent was so briefly in custody of the GID and likely tortured.
The issue of relying on foreign intelligence sources close to the regions and not having real “experienced” people in the field to determine if someone is credible to work with caused this incident in Khost. It’s simply because of the factors talked about above and the drive to make a mark for yourself in the eyes of the boss. In this case over eagerness and lack of real experience led to the deaths of 8 CIA officers. Officers mind you, who were high level assets for the CIA in the region.. As much as that may seem unlikely.
Meanwhile, we have things like the tearing down of the AQ sites recently against what the CIA wanted. The players of the game are at each others throats and this serves us not.
Here’s some news.. We need HUMINT in the field. We need experienced officers, and we need to get our hands dirty.
Unless there are some big changes planned I should think we are doomed to further and more spectacular failures. One has to wonder what has happened to all those fresh faces who joined just after 9/11…. Probably all analysts like “Kathy” now.
CoB
Musashi’s Last Duel: Sasaki Kojirō
In April 13, 1612, Musashi (about age 30) fought his most famous duel, with Sasaki Kojirō, who wielded a nodachi. Musashi came late and unkempt to the appointed place — the remote island of Funajima, north of Kokura. The duel was short. Musashi killed his opponent with a bokken that he had carved from an oar while traveling to the island. Musashi fashioned it to be longer than the nodachi, making it closer to a modern suburito.
Musashi’s late arrival is controversial. Sasaki’s outraged supporters thought it was dishonorable and disrespectful while Musashi’s supporters thought it was a fair way to unnerve his opponent. Another theory is that Musashi timed the hour of his arrival to match the turning of the tide. The tide carried him to the island. After his victory, Musashi immediately jumped back in his boat and his flight from Sasaki’s vengeful allies was helped by the turning of the tide. Another theory states he waited for the sun to get in the right position. After he dodged a blow Sasaki was blinded by the sun. He briefly established a fencing school that same year.
Miyamoto Musashi’s last duel ends much like his first at age 13, but in this case he kills with less fury than he did on the occasion of his first duel. This last duel though was the epitome of his arts being perfected. The arts of not only swordsmanship, but also tactics.
It seems to me lately, that the art of tactics has been pretty much lost on our society. Perhaps its the Eastern mindset that we just lack here in the states, but, overall I think its a cultural thing more than anything. In Japan, the tactics of “business is war” have been practiced since post WWII, but here in the west (US) that only came to our collective consciousness in the 80’s when they started to kick our collective economic asses.
Of course now Japan is still in decline as an economic power while China rises. However, what I am aiming at here is not just about economics. I am actually attempting to further this thought process to the area of “cyberwar” and our predicaments where our national security is concerned.
Back to Musashi and on to Cyberwar:
Musashi was a consumate swordsman but like I said, also a great tactical warfare fighter. He created the two sword technique (“Ni-Ten Ichi Ryu”) that in the end, would be, in his hands, unbeatable. He used this technique in tandem with psychological warfare to unbalance his opponents and gain utter dominance. He had the tools to win the battle before it was really fought in essence.
The same can be said about cyber warfare. If you have the tools and the mindset, you can effectively render your opponent impotent and win the battle without actually needing to wage all out war. The Chinese tactician Sun Tzu said much the same in his treatise on war “The Art of War” and I feel that both of these men have much to say that should be applied to todays cyber threat-scape.
Throughout my career working in information security, I have always noticed a certain lack of understanding on the part of corporations as entities as well as that which comprise them. The people who run them where technical security is concerned are either not able to comprehend the issues at hand, or, more likely, to not really see these things as a real danger. Is it a lack of awareness or is it a lack of care? Perhaps a little of both. Whats more, in todays environment, I have seen companies accept risks that are known and should be mitigated because it would cost too much or burden the end users to fix them. This to my mind is not seeing and understanding the tactical threat-scape.
Musashi and Sun Tzu both taught being aware of the battle space, yourself, and your enemy. Japanese “salary men” still today use these tenets to wage business and are often successful at it. I suggest that we too apply these approaches to the work of information security, its application, and the process of teaching its precepts to everyone involved. After all, when individuals and companies cannot as a whole understand the basic threat that an un-secured network printer in a secured area presents, there is a fundamental disconnect that needs to be removed.
This is a failure to understand and be aware of your threat-scape… And it will lose the battle for you.
APT and Snake Oil Cure All’s
Within the last weeks I have seen a trend in twitter and in blogs on the internet from security practitioners about the APT and cyberwar problems. Howard Schmidt claimed that; “There is no cyberwar” and, as the new Tsar of the cyber area for this country, has been taken to task on this statement. I myself have written of my lack of faith in Howard’s understanding of not only the threat-scape, but also his own newly acquired title. The essence though here is that there are many pundits, salesmen, and interested parties looking to cash in or have their say on this. It’s really signal to noise at this point.
Meanwhile, the anti-virus, NAC, SIM, and other vendors have begun their putsch to promote their products that can stop APT in their tracks. This has been of concern to many of the security wonks on the blogs too. You see, the fact is the APT is not a malware one trick pony that a behavior based or signature based model can always detect. The APT or Advanced Persistent Threat is not just the tools they use, but the people who create and use them… And they are more than likely familiar with the precepts of war that Sun Tzu and Musashi taught.
When the APT saw that their malware was being detected by AV, they looked at the threat-scape to them and adapted their stratagem to defeat it. The looked at the castle and saw that the weakness lay with the way things got out of the castle as well as the natures of those who live within. Just as I have written before about the War for Troy and the Trojan Horse, so too have the APT thought things through seeking the weaknesses and exploiting them. In the case of the APT, they basically saw that they could ex-filtrate the data out of the environment through the weak point of regular traffic. They basically stegged the flow with signal to noise.
So now, we have the vendors in a lather trying to sell solutions to a particular vector of attack while the APT will move on to look once more at the threat-scape and change the battle plan to once again evade their new “products” and go unseen while they take the data and win the battle. In essence, the vendors and the clients have failed to understand the nature of the APT and the battle space on a level that is key to winning. They lack the mind set it seems as a whole to this problem in favor of a quick fix solution that will “cure all”, much like the sideshow snake oil salesmen of old.
APT, Cyberwar, Government, and YOU
In the end, I am advocating that we as a whole begin to understand the threats and the technologies better and not be so reactive after the fact. Our government needs to understand the threats as well as the technologies in order to create appropriate responses and proactive measures to prevent us having to be reactive. So far, our governments answers have been lackluster to the point of the president having a big red easy button to shut down the internet should there be a threat. This is no answer, and thankfully it was struck from the bill this week.
The government also needs to listen to the experts in the field and employ them to help mitigate our vulnerabilities without the usual “Washington Two Step” that is so prevalent. This whole flap over Schmidt’s lack of understanding or using a company line to allay the fears of the masses is just one case in point. Schmidt needs to be able to speak the truth if he knows it as well as have a position that carries some gravitas. Thus far it seems that he is in fact a neuter.
Schmidt’s comment on cyberwar also needs to be looked at from the perspective of tactics. There is no cyberwar is not an answer. Cyberwar means more than actual physical warfare as well as it not should be merely perceived as espionage. Cyberwar is more than just malware and thievery, it’s a tactic in a larger warfare scheme and we as a country are still unable to comprehend this outside of certain military purviews. Where this really becomes an issue is that most of our infrastructure in this country is held privately and thus its up to the owner to protect them.. Or, not as the case has been.
Lastly, there is the element of you, the general public. Employees of those same companies that run the infrastructure. Private citizens who are on the same internet as the rest of the companies and countries who do not understand the precepts of computer security as well as OPSEC. How many people today have way too much of their lives open to the internet? How many of those now household machines you use to connect to the internet are not secure? Lack virus scanning utilities? Have kids as well as yourselves opening every e-card they get and wondering afterwards why their systems are now slow and their bank accounts drained?
The general public today is not aware of the precepts of security in computing never mind many of the issues surrounding their daily operation. They just turn them on and they work. Both of these knowledge bases should be inherently taught at some level just as you need a license to drive a car today. I say this because now, you and your machine could be just one in many systems that comprises a botnet that DDoS’s a government entity or a business at great cost or as a pre-cursor to other attacks. You, are a part of the problem and you must be cognizant of that fact.
End Game
In the final analysis I am just putting this article forth to those who would read it. Perhaps the Western mind is just inherently unable to understand Eastern thought. Perhaps we are just a fat and lazy self interested country who’s apathy and arrogance just gets in our way of comprehension. Who’s really to say? However, we as a country have to learn that the issues above must be learned about and proactively worked on. Otherwise someday we may find ourselves in the dark without power to run those nifty machines that we rely too much on. The same machines that the government relies on too and will also collapse should there be a successful attack against our infrastructure.
Now is the time for proactive moves…Do we have the fortitude to move forward?
Musashi went from being a 13 year old rage filled boy with a stick to a master swordsman and tactician. Can this country do the same and protect itself?
Krypt3ia 
SPOOK COUNTRY 2011: HBGary, Palantir, and the CIRC
with 5 comments
CIRC: The New Private Intelligence Wing of (insert company name here)
The HBGary debacle is widening and the players are beginning to jump ship each day. The HBGary mother company is disavowing Aaron Barr and HBGary Federal today via twitter and press releases. However, if you look at the email spool that was leaked, you can see that they could have put a stop to Aaron’s game but failed to put the hammer down. I personally think that they all saw the risk, but they also saw the dollar signs, which in the end won the day.
What Aaron and HBGary/Palantir/Berico were offering was a new kind of intelligence gathering unit or “cell” as they called it in the pdf they shopped to Hunton & Williams LLP. Now, the idea and practice of private intelligence gathering has been around for a very long time, however, the stakes are changing today in the digital world. In the case of Hunton, they were looking for help at the behest of the likes of Bank of America to fight off Wikileaks… And when I say fight them off, it would seem more in the sense of an anything goes just short of “wet works” operations by what I see in the spool which is quite telling.
You see, Wikileaks has made claims that they have a certain 5 gig of data that belonged to a CEO of a bank. Suddenly BofA is all set to have Hunton work with the likes of Aaron Barr on a black project to combat Wikileaks. I guess the cat is out of the bag then isn’t it on just who’s data that is on that alleged hard drive huh? It would seem that someone lost an unencrypted drive or, someone inside the company had had enough and leaked the data to Wikileaks. Will we ever really know I wonder?
Either way, Barr et al, were ready to offer a new offering to Hunton and BofA, an intelligence red cell that could use the best of new technologies against Anonymous and Wikileaks. Now, the document says nothing about Anonymous nor Wikileaks, but the email spool does. This was the intent of the pitch and it was the desire of Hunton and BofA to make both Anonymous and Wikileaks go away, for surely if Wikileaks were attacked Anonymous would be the de facto response would they not?
A long time ago William Gibson predicted this kind of war of attrition online. His dystopian world included private intelligence firms as well as lone hackers out there “DataCowboy’s” running the gamut of corporate intelligence operations to outright theft of Pharma-Kombinat data. It seems that his prescient writings are coming into shape today as a reality in a way. With the advent of what Barr and company wanted to offer, they would be that new “cowboy” or digital Yakuza that would rid clients of pesky digital and real world problems through online investigation and manipulation.
In short, Hunton would have their very own C4I cell within their corporate walls to set against any problem they saw fit. Not only this, but had this sale been a go, then perhaps this would be a standard offering to every other company who could afford it. Can you imagine the bulk of corporations out tehre having their own internal intelligence and dirty tricks wings? Nixon, EH Hunt, and Liddy would all be proud. Though, Nixon and the plumbers would have LOVED to have the technology that Aaron has today, had they had it, they may in fact have been able to pull off that little black bag job on Democratic HQ without ever having to have stepped inside the Watergate
The Technology:
I previously wrote about the technology and methods that Aaron wanted to use/develop and what he was attempting to use on Anonymous as a group as the test case. The technology is based on frequency analysis, link connections, social networking, and a bit of manual investigation. However, it seemed to Aaron, that the bulk of the work would be on the technology side linking people together without really doing the grunt work. The grunt work would be actually conducting analysis of connections and the people who have made them. Their reasons for connections being really left out of the picture as well as the chance that many people within the mass lemming hoards of Anonymous are just click happy clueless folks.
Nor did Aaron take into account the use of the same technologies out there to obfuscate identities and connections by those people who are capable, to completely elude his system altogether. These core people that he was looking to connect together as Anonymous, if indeed he is right, are tech savvy and certainly would take precautions. So, how is it that he thinks he will be able to use macroverse data to define a micro-verse problem? I am steadily coming to the conclusion that perhaps he was not looking to use that data to winnow it down to a few. Instead, through the emails, I believe he was just going to aggregate data from the clueless LOIC users and leverage that by giving the Feds easy pickings to investigate, arrest, and hopefully put the pressure on the core of Anonymous.
There was talk in the emails of using pressure points on people like the financial supporters of Wikileaks. This backs up the statement above because if people are using digital means to support Wikileaks or Anonymous they leave an easy enough trail to follow and aggregate. Those who are friending Facebook support pages for either entity and use real or pseudo real information consistently, you can easily track them. Eventually, you will get their real identities by sifting the data over time using a tool like Palantir, or for that matter Maltego.
The ANONYMOUS names file
This however, does not work on those who are net and security savvy.. AKA hackers. Aaron was too quick to make assumptions that the core of Anonymous weren’t indeed smart enough to cover their tracks and he paid the price as we have seen.
The upshot here and extending what I have said before.. A fool with a tool.. Is still a fool.
What is coming out though more each day, is that not only was Aaron and HBGary Fed offering Palantir, but they were also offering the potential for 0day technologies as a means to gather intelligence from those targets as well as use against them in various ways. This is one of the scarier things to come out of the emails. Here we have a company that is creating 0day for use by intelligence and government that is now potentially offering it to private corporations.
Truly, it’s black Ice… Hell, I wouldn’t be surprised if one of their 0day offerings wasn’t already called that.
The INFOSEC Community, HBGary, and Spook Country:
Since my last post was put on Infosecisland, I had some heated comments from folks who, like those commenting on the Ligattleaks events, have begun moralizing about right and wrong. Their perception is that this whole HBGary is an Infosec community issue, and in reality it isn’t. The Infosec community is just what the shortened name means, (information security) You all in the community are there to protect the data of the client. When you cross the line into intelligence gathering you go from a farily clear black and white, to a world of grays.
HBGary crossed into the gray areas long ago when they started the Fed practice and began working with the likes of the NSA/DOD/CIA etc. What the infosec community has to learn is that now the true nature of cyberwar is not just shutting down the grid and trying to destroy a country, but it also is the “Thousand Grains of Sand” approach to not only spying, but warfare in general. Information is the currency today as it ever was, it just so happens now that it is easier to get that information digitally by hacking into something as opposed to hiring a spy.
So, all of you CISSP’s out there fighting the good fight to make your company actually have policies and procedures, well, you also have to contend with the idea that you are now at war. It’s no longer just about the kiddies taking credit cards. It’s now about the Yakuza, the Russian Mob, and governments looking to steal your data or your access. Welcome to the new world of “spook country”
There is no black and white. There is only gray now.
The Morals:
And so it was, that I was getting lambasted on infosecisland for commenting that I could not really blame Anonymous for their actions completely against HBGary/Aaron. Know what? I still can’t really blame them. As an entity, Anonymous has fought the good fight on many occasions and increasingly they have been a part of the mix where the domino’s are finally falling all over the Middle East presently. Certain factions of the hacker community as well have been assisting when the comms in these countries have been stifled by the local repressive governments and dictators in an effort to control what the outside world see’s as well as its own people inside.
It is my belief that Anonymous does have its bad elements, but, given what I know and what I have seen, so does every group or government. Take a look at our own countries past with regard to the Middle East and the CIA’s machinations there. Instead of fighting for a truly democratic ideal, they have instead sided with the strong man in hopes of someday making that transition to a free society, but in the meantime, we have a malleable player in the region, like Mubarak.
So far, I don’t see Anonymous doing this. So, in my world of gray, until such time as Anonymous does something so unconscionable that it requires their destruction, I say let it ride. For those of your out there saying they are doing it for the power and their own ends, I point you in the direction of our government and say this; “Pot —> Kettle —> Black” Everyone does everything whether it be a single person or a government body out of a desired outcome for themselves. Its a simple fact.
Conlcusion:
We truly live in interesting times as the Chinese would curse us with. Today the technology and the creative ways to use it are outstripping the governments in ability to keep things secret. In the case of Anonymous and HBGary, we have seen just how far the company was willing to go to subvert the laws to effect the ends of their clients. The same can be said about the machinations of the government and the military in their ends. However, one has to look at those ends and the means to get them and judge just was it out of bounds. In the case of the Barr incident, we are seeing that true intelligence techniques of disinformation, psyops, and dirty tricks were on the table for a private company to use against private citizens throughout the globe.
The truth is that this has always been an offering… Just this time the technologies are different and more prevalent.
If you are online, and you do not take precautions to insure your privacy, then you lose. This is even more true today in the US as we see more and more bills and laws allowing the government and police to audit everything you do without the benefit of warrants and or by use of National Security Letters.
The only privacy you truly have, is that which you make for yourself. Keep your wits about you.
K.
Rate this:
Written by Krypt3ia
2011/02/19 at 20:45
Posted in 1st Amendment, A New Paradigm, Advanced Persistent Threat, Anonymous, APT, Business Intelligence, Business is war, CAUI, Chiba City Blues, CIA, Codes, COMINT, Commentary, Corporate Intelligence, CounterIntelligence, Covert Ops, CyberSec, CyberWar, Digital Ecosystem, Dystopian Nightmares, Espionage, Hacking, HUMINT, Infosec, Infowar, INTEL, Maltego, Malware, Narus STA 6400, Neurobiology, OPSEC, OSINT, Panopticon, PsyOPS, Recon, Security, Security Theater, SIGINT, Social Engineering, Subversive Behavior, Surveillance State, Tactics, The Five Rings, Tradecraft, Weaponized Code, Wikileaks