Archive for the ‘Tradecraft’ Category
About That Manafort Leak…
Paul Manafort, campaign worker for Donald Trump, president and chief executive of Trump Organization Inc. and 2016 Republican presidential candidate, not pictured, speaks with the press during an election night event in New York, U.S., on Tuesday, April 19, 2016. Trump, the billionaire real-estate mogul, got a major boost in his quest to secure the Republican nomination with a majority of delegates but could not eliminate the possibility of a contested convention. Photographer: Victor J. Blue/Bloomberg via Getty Images
So yeah, I posted a story last week about how a dump of data in the darknet seemed to be in fact Paul Manaforts daughter’s iPhone. It seems that this story was just too good to lose for Politico and the unscrupulous reporter there lifted not only my story but also my images! (yes the hashes match, he just saved them local and re-named them) Politico has done nothing to remedy this and they are churnalists of the worst kind, but they did at least call some people in the Manafort court to see if they would admit to the hack and they did. I could have told them that the hack was real because there was more that I did not post on the blog last time. The fact of the matter is that in the dump there was also a SQL dbase that I got hold of, and in that dump there’s one little interesting factoid. Paul Manafort has an email address that seems to be on a personal domain that isn’t really known about. In the dump connecting with his daughter is a personal iPhone for Paul and in that connection via text is his email address (pmanafort@dmpint.com) when you look up this domain you can see it is one of a few that belong to the Manafort family but registered by another party; one Todd Hankins. Now it seems to me that in an era of “BUT HER EMAILS” this factoid might be of interest to say, I dunno, the IC that he has this and his email is being sent to and from this cutout domain.
Now the domain has never had a site on it and as far as I can see with the limited looking I have done this domain has been kept kinda on the downlow as the Manafort name is not on it like the others. The ONLY thing connecting it to Paul now is the email address and the fact that Todd there set it up for him in 2010. I personally find that interesting… You? I have passed this little tidbit to the right people but now I am going to go wide with it… One wonders as to what emails might lay within that pesky little email system at dmpint.com
Let the FISA WARRANTS FLY!
K.
PS!!!
Google that domain and see what you get… It comes up all Ukraine travel sites… What does Google know hmmmmm?
Book Review: Among Enemies Counter Espionage for the Business Traveller
It is not often that I find a book that I just want to read right away and put everything else in my busy reading schedule down for. In this instance I have to say that this book looked good right out of the gate for me so I put everything else on the back burner. At 150 pages give or take, it was a quick read yet quite informative on topics of espionage and counter-espionage tactics and techniques for the lay person. What really got me thinking though was that this book really could and should be a part of every companies security awareness program and not just for executives.
Of course with the prevalence of today’s electronic spying (by hacking or by outright hoovering of all data by nation states) one tends to think that old school HUMINT (Human Intelligence) is no longer as useful as it once was. This is not really the case though and I want you all to consider that as you think about your security programs or your personal security. Not everything has to be some technical HIDS/NIDS/AV/Firewall end run to get you into the network today and much of the time in today’s world you can see this at play with the simplest of attacks against end users with phishing and spear phishing. Truly the human element is the weakest and the most powerful at the same time when it comes to the success or failure of security machinations. In fact you will hear it often spoken as an aphorism of sorts but it is true that the “insider threat is the biggest threat” and it is literally true. This is where HUMINT is still useful in not only gaining access to a network let’s say, but also much more if you can leverage an asset into doing your bidding.
The book covers all the bases on how differing types of “collectors” aka spies both private and nation state can and will attempt to elicit, recruit, or blackmail the would be asset into working for them. Bencie also covers the issues of personal security around yourself and your technology that you carry (e.g. laptops, phones, tablets, etc) that are leveraged for theft and access as well. If a collector doesn’t need to recruit the target because the target left their laptop in their hotel room, on and logged in, well then no need right? Suffice to say that today we carry as much information and access on us as much as in our heads and this is what the industrial spy or nation state spy craves.
Now, one might at this point be asking one’s self “Well, what would anyone want from me? I mean, I am not that important, just a cog in my company that’s under appreciated, no one would send a spy after me.” … and you would be wrong to think this. Access is access and if a collector can get access to you and your technology (e.g.your network by hacking your laptop or phone) then they will. While there is a sniff test that a collector will make on people as they watch them, much of the math here is how vulnerable is the target and how easily could they be manipulated into what is needed to succeed. Bencie covers many scenarios that may seem like spy thriller pulp but take it from me, these things have happened and still do. In fact he uses real stories to back up the scenarios from the people that they really happened to. These are not just the things of spy thrillers and film and the general populace should be aware of this especially if they are on travel for work, more so if they are in a foreign country while doing so.
Finally though, as much as this book is something I am going to recommend to executives, I would also like to turn my eye inward to the community *cough* that I currently am in. That community is the information security community specifically. We INFOSEC people are probably the ones that I would consider to be some of the juiciest targets in today’s technical world where everything is network oriented. Whether you are a red team person or a blue team person, you all have information inside your heads and on your hard drives that the adversaries would love to have. As we are moving into the con season (Defcon and BlackHat to be specific) we all will descend on Las Vegas for serious convention learning and exchange of info… Oh who am I kidding? It’s a party festival of drunken debauchery and shenanigans right? If you have not considered just how many corporate or nation state collectors (spies) are also there looking at you dear con goer as a possible asset, then you just ain’t thinking straight!
I am hereby recommending that everyone going to these con’s read this book and take it to heart that YOU are a target at these two con’s if no other. Take heed of Bencie’s suggestions on controlling the drinking as well as what information you share with anyone. I also implore you to read and learn about the methods of elicitation that the spies use to get information from you when you may have no idea they are doing it. If you work in this field and you hold what we would consider secret information on the vulnerabilities of companies you have hacked in a red team event, or have been trying to remediate as a blue teamer, this book is important for you. But hey, Defcon is all a good time! Until you wake up in the desert with a note threatening to release the pictures of you to everyone unless you do what they say.
Just sayin…
Go buy this book. Read it. Live it.
All business is warfare so don’t be the next dead foot soldier.
K.
L’affaire du Petraeus: Electronic Communications (ELINT) and Your Privacy
//BEGIN
Afsrtbnfmzndopeezygpmcmvgbcnlstmcgthozr rkmrkmjlskkmgecuvgi
//END
Thoughts On The Politics, Media Frenzy, and Schadenfreude
As you all now know, general Petraeus (aka P4) was caught using a dead drop Gmail acct with his lover (Broadwell) because the lover got jealous over another woman who was perhaps flirting with her down low guy. Many out there have made this all into a Greek tragedy though because of the perceived rights to privacy we all are supposed to enjoy as US citizens and bemoan the whole affair because it was all leaked to the press. Personally I think that it was necessary for the general to step down from the DCI post as well as be outed because he was DCI to start however, generally this thing has become the new digital slow speed chase in a white bronco all over again for me.
Sure, the schadenfreude is fun, and there are many gawkers and rubber necks out there watching with glee but in the end there is much more to this debacle than just getting some on the side within the political sphere. The bigger picture issues are multiple and I will cover them below, but to start lets just sit back and watch the calamitous demolition of those who partook and their hubris.
*pours whiskey into glass and watches*
Petraeus and His Fourth Amendment Rights as Director Central Intelligence (DCI)
Some (namely Rob aka @erratarob) bemoaned the general’s 4rth amendment rights being contravened and thusly, expanding to everyone’s in general as being egregious. My answer to Rob yesterday still stands today for me. As DCI of the CIA the general had no right to privacy in this vein. Why? Because as the leader of the CIA he was the biggest HVT that there ever was for some kind of blackmail scheme so common to the world of spooks. Though the general tried to be cautious, his lover began the downfall with her threatening emails to someone else. Now, usually this type of case would not even be one at all for the FBI were it not for the sordid affair of the SA who Kelley knew and went to to “look into” this matter for her as a favor. This was inappropriate in and of itself and a case never should have been logged never mind any investigation carried out by the SA to start with.
That the FBI agent began looking into the emails and actually tasked the FBI’s lab boys to look into it, well, then it became a case. OPR is looking into it all now and sure, something may come of that investigation (i.e. the SA will be drummed out maybe) it all changed timbre once Petraeus’ name became part of the picture. As DCI P4 held the top most clearance possible as well as the data attendant to that designation. As such, any kind of activity like this would immediately call for an investigation into what was going on as well as what kind of damage may have occurred through compromise of his accounts or his credibility. So, anyone who asks why this is such a big deal and why the FBI did what they did, you need to just look at that one salient fact. The problem isn’t that they investigated, the problem instead is that P4 was doing this in the first place and may have actually given Broadwell more access than he should have to information he had within his possession.
This of course still has to be investigated and reported on and that’s why it all came to pass.
The Expanded Powers of The US Government (LEA’s) To Search Your Emails and the Fourth Amendment
Meanwhile, the civil libertarians are all over this from the perspective that “We the people” have little to no privacy online as the government and LEA’s can just subpoena our email in/outboxes without any oversight. This has been a problem for some time now (post 9/11 really PATRIOT Act) so it should not be new to anyone who’s been paying attention. It is true though, that those powers have been expanded upon since the Patriot Act was passed but overall, the technologies have outstripped the privacy possibilities for the most part in my book. For every countermeasure there’s always another that can be used against it to defeat your means of protection. Add to this that the general populace seems to be asleep at the digital wheel as well and the government has a free hand to do whatever they like and get away with it.
Frankly, if you are ignorant of the technology as well as the laws being passed surrounding it then it is your fault if you get caught by an over-reaching LEA. It’s really that simple. If the general populace is not out there lobbying against these Orwellian maneuvers by law enforcement as well as using any and all technology to communicate securely then it’s their God damned fault really when they get pinched or spied on. It’s all of your jobs out there to know the laws, know what’s going on, and most of all, to know how to protect your communications from easy reading by LEA’s and others. I firmly believe that the laws on the books and the slip-space between where LEA’s and governments are abusing them is egregious but I as one person can do nothing to stop it from happening at a legal level. At a technical level though, that is a completely different story.
Your “Papers and Effects” Digitally…
Now we come to a real sticky bit in this whole debacle. The Founding Fathers listed “Papers and Effects” while today the law and the government seem to think that electronically, neither of these terms apply to your online communications. Last year I sat through a tutorial by the EFF on this very thing and was not completely shocked by what they were saying as much as wondering just how people let this slide. According to the EFF the LEA’s see no relevance to the words papers and effects when it comes to an email inbox or a Dropbox. What this means is that they can just sneak and peek in some cases without a warrant or a subpoena. If you have email or files being hosted anywhere online, not on a system within the confines of your home, then it’s really fair game to them. I also assume the same can be said for any files/emails on any intermediary servers that they may pass through and are cached as well. So really, once you log in and create the email outside of your machine at home (i.e. being logged onto Gmail for example) it’s already not a paper or effect within the confines of your domicile.
Once again, the law is outdated and should be amended to cover discreetly the nature of email, its ownership and the protections that you “think” you have already as it is a paper of yours and thus covered by the Fourth Amendment. Will this happen though? I am not overly optimistic that it will even make the table with or without the likes of the EFF trying to push the issue frankly. The government has it the way they want it as well as their machinations via Patriot Act allow for so much latitude just to make their lives easier to snoop against anyone for fear of terrorism. Face it folks, we are pretty much Borked here when it comes to our online privacy, and not only from the LEA/Gov perspective either. Just take a look at all of the corporate initiatives out there in EULA’s and lobbying such as RIAA or MPAA. Any way you look at it, your data, once out of your local network, is no longer legally yours.
The Only Privacy Today That YOU Have Is That Which YOU Make For Yourselves With Crypto
This brings me to what you can do about all of this today. The only way to really have that privacy you desire is to make it yourself and to insure that it can withstand attacks. By using strong cryptography you can in fact protect your fourth amendment rights online. You have to insure that the crypto is strong, tested, and not back door’d but there are more than a few products out there on the market that will do the job such as PGP/GPG. In fact, Phil Zimmerman got into trouble with the US Government in the first place because PGP, to them, was considered to be a munition! So really, what is stopping you all from using it en mass? Well, i am sure there’s a healthy dose of lazy in that mix but I would have to say for many its the lack of comprehension on how it works and how to manage it that stops the general populace. Of course I have to say that PGP on a Windows box is really really easy to use so, once again we are back to lazy.
Anyway, unless you assiduously apply crypto to your communications, whether it be a PGP encrypted email or a chat session using OTR (Off The Record Messaging) consider yourself open to LEA abuse. The other side of that coin unfortunately is that if you are encrypting all your communications, the LEA’s may get to wondering just what you are up to and force the issue. I guess it’s much better to have them wondering and FORCE them to get a warrant to search your home then to just roll over and allow them to see all your dirty laundry (looking at you P4) because it’s open for the taking on a Gmail server somewhere. I mean, yeesh people, you worry about your second amendment rights all the time, moaning and whining about your need to carry a gun but you don’t do shit about encrypting your traffic?
*sad*
TRADECRAFT and OPSEC Are Important As Well
Another component that the general tried to use and failed so miserably at (which scares the living shit outta me as he was DCI after all) was the old “dead drop” method. The modern twist on this is the use of a Gmail account where you just log into it shared and leave draft emails for the other party. This has been something the AQ guys have been using for a long time and once again, it is futile to stop the LEA’s from seeing it all unless you encrypt it! This was the main failure in the case of P4 and his squeeze. No crypto allowed all the lascivious emails to be read in situ and that was just stupid. They through they were being so smart using a tactic that we have been monitoring AQ on for how long?
*duh*
The second massive failure on the part of both P4 and Broadwell (other than P4’s bad judgement of crazy women) was that neither of them were anonymizing their logon’s to the email properly and consistently. It seems perhaps this may have been more Broadwell than P4 but meh. In the end it was the downfall as the FBI tracked the IP addresses from the Google logons across the country to hotels where she was staying. All they needed to do in the end was match names for each hotel and BING they had her. At the end of the day, OPSEC is king here and both military veterans failed miserably at understanding this which is really frightening frankly. If you want to play the game know the OPSEC and TRADECRAFT and APPLY them properly. The same goes for you all out there who are crying about your privacy. You too will succumb in the same way if you do not pay attention.
Welcome To The Digital Panopticon
Finally, a parting thought. I have said this before and I am saying it again here. “Welcome to the digital Panopticon” No longer are you in a place where there are corners to hide easily. With the governments of the world trying to gain control over the way we communicate electronically we will see increasing measures of privacy stripped in the name of anti-terrorism as well as transparency. Have no doubts that the governments that apply this logic will of course have back doors for their own secrecy but surely not yours. It will remain your problem and your duty to protect yourselves if you are using the infrastructure to communicate to anyone. Know this, say it as a mantra. If you do nothing about it, then you have nothing to complain about.
So I exhort you, learn and use encryption properly. Go to a cryptoparty near you and learn from the cipherpunks! Deny the governments of the world the ability to easily just look in on your lives whenever they feel the need without due process. Until such time as the laws are amended and some fairness put into it, you are just cattle for them to herd and cull.
There’s no excuse…
K.
Counterintelligence, False Flags, Disinformation, and Network Defense
//B zrxr wwmpxjnp vf ygwyr jh kur gig vvbxv nf o “yinwf zcnt”. Ilmf xp vv lbi vwwpe grxr mhct sxh ubpifmpxt qzgu o izkruyi nar t tcqjhrgrf. Mpgwf xrlf hawwki, CU’f uoom oehhvgvq lbtmqm, ybywzzcqt, ueq vbyzcvfx nngsk ucvlm. Pbh bxmf e qlf.\\
Threat Intelligence, Counterintelligence, and Corporate | Nation State Espionage
“Threat Intelligence”, a term that is just behind the oft used “Cyber” and God forbid, “Cyber” is all too often put in front of it as well to add more oomph for sales people to sell their brand of security snake oil… “But wait there’s more!” We also have other spook terms being kluged into the INFOSEC world now because, well, it’s cool to those cyber warriors out there. I know, I sound jaded and angry, which, yes, yes, I am, but… Well, it’s just gone completely off the rails out there. I hear people talking about these topics as if they know what they are talking about even with the exceedingly limited scope of digital security matters (i.e. hacking/forensics/defense)
I would like to clear the air here a bit on these terms and how they do really apply to the world of INFOSEC that we in this business now find ourselves in, one littered with military and spook terms that you may not be really familiar with. First off, lets look at the terms that have been thrown around here:
Threat Intelligence: In the spook world, this is the gathering of intelligence (HUMINT/MASINT/SIGINT etc) to determine who has it in for you and perhaps how they plan on getting at you.
Counterintelligence: Spies who hunt other spies (Mole Hunts etc)
Espionage (Nation State and Other) The umbrella under which this whole rubric exists. Nation state and other have the component of “Industrial” as well (i.e. IP theft)
Ok, so, where once we used to only have people in three letter agencies worried about “ThreatIntel” we now have the INFOSEC community looking at “threats” to their environments and calling it “Threat Intelligence” now. While it’s a cool name, does it really apply? What was it before the whole APT thing broke as well as the cyberwar-palooza we have today? For the most part, I can see only half of the term applying to any non state entity or three letter agency and that is of what “threats” are out there today. This means what exploits and pieces of malware are out there that your environment would be susceptible to.
Nothing else.
That is unless you suddenly have a company that has decided to launch its own “Intelligence arm” and yes, this has happened, but usually only in larger companies with defense contracts in my experience. Others though, have set them up, like Law firms, who then hire out ex spooks to do the work of counterintelligence as well as intelligence gathering to have an edge over everyone else. Perhaps this is bleeding out into other areas as well in corporate America huh? The point here for me is that unless you have an intelligence arm (not just INFOSEC) you should not be using the term “Threat Intelligence” as an encompassing statement of “there’s malware out there and this is what it is” Point blank here, IF YOU AREN’T DETERMINING WHO YOUR ADVERSARY IS AND WHAT THEIR PLAN IS… IT”S NOT THREAT INTELLIGENCE.
Looking at IP’s on an SIEM and reacting to a triggered event is not threat intelligence. It’s INCIDENT RESPONSE. It’s AFTER THE GOD DAMN FACT OK?
So, stop trying to make it sound cooler than it really is people. To further this idea though, we still have “Counterintelligence” which FOR FUCKS SAKE I have personally seen in a title of a complete MORON at a large company. This fucker sits around all day looking at his stock quotes though, see, it’s just a cool title. It has no meaning. UNLESS you really have an operational INTELLIGENCE UNIT in your company.
*Look around you.. Do you? If not then STFU*
If you do have a real intelligence wing in your org that carries out not only COUNTERINTEL/INTEL/HUMINT/THREATINTEL then more power to you. If not, you’re deluding yourselves with militaristic terms and cyberdouchery… Just sayin.
However, the way things are going with regard to the world, I should think that you might see more of these kinds of intelligence arms springing up in some of the larger corporations of the world. It’s a rough world and the fact that everything is networked and global has primed the pump for these kinds of activities to be a daily operations tool. It’s now the blurring of the lines between what nation states solely had the control and aegis over to now its becoming privatized and incorporated.
William Gibson saw it.. Phramacombinats and all.
False Flags and Disinformation Campaigns
Which brings me to the next level of affairs here. When I was on the DEFCON “Fighting Monsters” panel, I made some statements that seem to have come to pass. I spoke about how Anonymous would have to worry about “False Flags” against their name as well as expand upon the idea that Pandora’s box had been opened. Nothing on the internet would really be the same because we all had moved into the “spook world” by the actions of Anonymous as well as things like Stuxnet. The lines had been blurred and all of us net denizens need to be aware that we are all pawns in a series of greater games being played by corporations and governments.
Since then, we have seen many disinformation campaigns (think sock puppets on social media, fake news stories, rumours, etc) as well as false flag actions where Anonymous may have been blamed or named for actions that the core did not carry out. So many times since then we have seen Anonymous attempt to set the record straight, but, like I said before, who’s gonna believe them because they are “anonymous” and disparate right? Could be anyone… Could be them… And with previous actions, are they to be trusted when they say they did not do it? See, the banner thing (hive mind) has a tremendous proclivity for severe blowback as they have learned.
What’s sauce for the goose though, is also good for the corporate, political, private gander right? How many Acorn operations do you need to see happening in the election cycle to realize that this has been going on for some time and that, now, with the internet, its easier to perform these kinds of operations with a very small group with minimal effort as well? Pandora’s box was not only opened, it was then smashed on the floor and what was once contained inside has been forever unleashed upon us all.
Yay.
Now, going back to you INFOSEC people, can you then foresee how your companies reputation or security could be damaged by false flag operations and disinformation? A recent example may in fact be the attack purported to be on against Josh Corman of Akamai because he said some things that “some” anonymous players did not like. Were they really out to get him? Were they doing this out of outrage or was there another goal here? What you have to ask yourselves is, what is my company and it’s employees susceptible to in this area? Just as well, this also applies to actual attacks (DDoS etc) they could be signal to noise attacks. While the big attack is going on, another team could be using the fog of war to sneak into the back door silently and un-noticed.
See where I am going there?
In the case of Josh, do they want to D0X him or do they want to force Akamai to maybe flinch and let him go because of bad press, and potential attacks on their infrastructure and management?
Ponder that…There are many aspects to this and you have to have a war mentality to grasp it at times. Not all attacks frontally are the real attack today. Nor are all attacks on players what they may seem to be in reality, the adversaries may in fact have a longer game in mind.
Network Defense and Network OFFENSE
Ok, so back to reality today with many orgs and their INFOSEC programs. You are looking to defend your network and frankly you need not have “cool” names for your program or its players. What you need is to be mindful of your environment and pay attention to the latest attacks available that would affect it. Given today’s pace though, this makes just about everything suspect. You can get yourself an IDS/IPS, an SIEM, Malware protection, and all kinds of things, but, unless you know where shit is and what it is, you lose the big game. So, really, threat intelligence is just a cool name for an SIEM jockey today.
Like I said, unless you are doing some real adversary profiling and deep inspection of attacks, players, motivations etc, you are not doing THREATINTEL. You are minding the store and performing network defense… i.e. your job.
Now, on the other end of the spectrum lately, there have been certain douchenozzles out there saying that they can sell you services to protect your org with “OFFENSE”
*blink blink*
Offense you say? Is this some new form of new SPECWAR we aren’t aware of? Firms like the more and more vaporware company “Crowdstrike” seem to be offering these kinds of services, basically mercenaries for hire, to stop those who would do you harm. What means are they going to employ here? Obviously performing what they see as intelligence gathering, but then what? Once you have attribution will there then be “retribution” now like so many Yakuza centric stories in Gibson novels? I’m sorry, but I just don’t see this as viable nor really any kind of a good idea whatsoever… Leave it to the three letter agencies.
Alas though, I fear that these companies and actions are already at work. You can see some of that in the link above to the book I reviewed on private intelligence and corporate espionage. Will your data be a part of a greater corporate or government conspiracy? Some black ops mumbo jumbo over your personal information perhaps? Part of some retribution for some attack perceived to have happened to company A by company B?
Welcome to the shadows and fog of espionage kids.
Going “Off The Reservation”
Overall, I guess I just wanted to lay some things out there and get people’s heads around the amount of douchery going on today. We collectively have gone off the reservation post 9/11 with PII, Privacy (lack thereof) and hacking. That entities like Anonymous came to be and now see the governments and corporations of the world as dark entities isn’t so hard to see when you look at the crap going on out there. What we saw in Team Themis was just one small spec in a larger “Cyber Beltway Banditry” going on today. Look to the other side where you have Fusion centers with private INTEL gathering capacities tossing out absolute crap yet spending BILLIONS of dollars and, well, there you have it.
Monkeys with digital guns.
We are off the reservation already and it’s every man (or woman) for him or herself.
In the end though… If you have a title that says something like “CHIEF INTELLIGENCE OFFICER” on it, you’d best be at a three letter agency.. If not, then you are deluding yourself with EPIC DOUCHERY.
K.
Defcon Grows Up and Gets Recruited As An Asset…
I came to Defcon this year as it turned 20 and after much had changed on the world stage regarding our business (INFOSEC/Pentesting/Dev/SECOPS) much remained the same. What has really changed though, and could be seen at this anniversary year was just how much our antics and interests were now the new “hotness” to the government and the military. Never before had the NSA had a booth at our conference but this year, they were there with recruiting in mind and that is a big change.
However, you may be saying to yourself right about now “Uhh, but, this has been going on a while, not just now” Well, yes, it has, but, what I have noticed this last con was that it’s not all about the tech, this year, it was also recruitment of human assets who would give “intelligence” to the players like NSA. No more are they just looking for programs and programmers, but also seeking out to make connections with people who have connections. You see, as Shawn Henry said as well as General Alexnder, “we need you to keep an eye out and tell us if you see something” What I heard was the equivalent of “if you see something say something” that the TSA has plastered at airports.
This is an important paradigm that we all need to be aware of. With the advent of Anonymous and Stuxnet as well as the nascent idea of the internet becoming a “digital nation state” we all have to be mindful that while the technologies out there are a commodity, so too are we in the great game of cold war intelligence and cyber war. We are the commodity that makes the new exploit as well as being the HUMINT asset that intelligence agencies need to “collect” with.
Now, while you are pondering that, consider the fact that the “opposition” is also trying to curry favor and recruit us as well…
Yup, that’s right. That party you might be attending might in fact have operators from other countries clandestine services too. In fact, that party could even be funded by said agencies and players to get you to chat and perhaps leak meaningful information. Think about it, how many of you out there reading this post work for fortune 500 companies as security technicians? What kind of data is in your head that might be of use to a foreign operative?
Ponder that as you sip that free drink late in the day. Say, did you know that the Chinese most preferable means to gaining intel with visiting professors and the like, is to have them over tired and tipsy? It’s true, it’s low level but its been used on many an occasion. You see, once you start talking, then you open the door for more rapport building, and then it’s pretty much over. One wonders how many Los Alamos folks had the same treatment on trips to China. Now think about the average Defcon party and the amount of alcohol and sleep deprivation we have going on there.
Just sayin…
So, look at it from that perspective. Now the NSA has come to the con just as the FBI and other agencies and security bodies so too will the “other guys” I don’t know how many of you out there come from military or “other” backgrounds where you will have a DSS or counterintelligence training,but, I am assuming that a vast majority of the folks attending the cons today do not have that background, especially the younger ones who’s only been in the security arena a short time. Pentesters who know SE should be able to easily detect some of the techniques used to recruit an asset, and tease out information.. Others, maybe not so much.
So here we are today, APT (Yes China being one purveyor of APT attacks) are not only using malware to get into systems but also recruiting sources to help them in their goals. Used to be a time that it really only was the nuclear scientists getting the attention… Today though, everything is game, you might make widgets, but that doesn’t mean that someone doesn’t want to know what you know.
Pssst… It’s still espionage kids… And now YOU are part of it because you hold interesting information.
How’s that for some “Threat Intelligence” huh?
Which brings me to the second line of thinking or topic that came up this year. The government is asking us to consider more “threat intelligence” and to bring them in on the loop. See, right there, they are asking you to be an asset.. Did that occur to you? Of course I know for the most part you all thought, as I did too, that the idea was a bit silly.
Why?
Because who really has that kind of threat intel program going on today? Hell, we are all pretty much trying to just keep our shit together right? On average, unless you work for a major company,you may not even have an SIEM or even snort instance right? How are you going to convince your employer that you need that stuff and then more so, to pass that intel to the government? The only groups I have known to do this are the DIB partners, and they do it because they don’t want to lose contracts for the military.
So now, we would all be assets? All corporations out there, whether they are being attacked by APT or Anonymous, would be reporting their incursions or attempts at them to the government? That’s kinda spooky really. This also circles back nicely to the idea that we all now, all of us in the INFOSEC community are now collection nodes for SIGINT/HUMINT/MASINT/ELINT and not many of us have had the training to be analysts.
You see, when you use the words “Threat Intelligence” this has some context that some may not get right away. It’s not just what IP is hitting us and with what attacks anymore.. It’s about the context around all of that and the attribution that is needed for cyber warfare, or more likely, cyber intelligence operations. I expect to see a lot more of this lobbying going on at all of the cons as well as more people sidling up to the attendee’s and asking “so, what’s going on out there?”
For those of you not acquainted with HUMINT and it’s techniques, I suggest you read “The Art Of Intelligence” By Henry Crump and learn… Why? Because that guy you’re talking to at the cool party might just be a PRC case officer…
Interesting times….
K.
OpCARTEL: Kids, Trust Me… YOU ARE NOT Up To This Operation
Killing Pablo:
Ok kids, before you were old enough to understand, there was a guy named Pablo Escobar. He was a bad guy who pretty much single handedly provided the US with cocaine that powered the 80’s debauchery. Pablo was the progenitor of the Zeta model of narco-trafficking that you guys are claiming to have data on and want to tangle with. Let me tell you now in no uncertain terms how I feel about #OpCartel…
YOU ARE NOT READY
Plain and simple, these guys are not just some namby pamby government following laws who will try to arrest you. No, these guys will hire blackhats of their own, find you, and KILL you in the most horrific ways. Need I remind you of the bloggers who got whacked recently? I don’t think you all want to be the next to be swinging under an overpass with a Mexican Necktie do you?
It took major government and military operations to kill Pablo and his cartel. You guys dropping information on the low end mules and lackeys will do nothing but interrupt operations currently ongoing as well as put yourselves into the cross-hairs of the Zeta killing machine. At the very least, you need to do your homework on these guys and NOT announce things on the internet before you do anything, this is just asking for a whacking.
Have you not been listening?
INTELOPS:
First off, if you want to gather intel on these guys or you have it, then make sure you vet it out and insure its the real deal. If you have sources, you need to protect them and if you have hacked access, you need to insure that you can’t be traced back. The big thing though, is to KNOW YOUR TARGET! How much do you really know about the Zetas? How much do you know about the politics of the area? The players both inside and outside the cartel? This group just doesn’t have low level people, they also have high ranking political connections as well. You mess with them, then you have governmental assets and pressure as well to deal with.
So.. What do you know about Los Zetas?
Los Zetas:
Los Zetas and La Familia Michoacana are a narco ring comprised of about 30 ex Mexican Special Forces deserters who decided that narco trafficking was a much better choice than just being ordinary special operators. This group has been one of the bloodiest and boldest in their massacres of opposing groups or individuals. In short, they are not people to tangle with unless you are a government with a special operations group of your own. Much of their infrastructure is already known (see pdf file at the top here) so, dropping some of the data you propose might just serve to get others killed and not damage the organization much at all.
Though, if you did have tasty information, perhaps you could pass it along to the authorities? If not, then maybe Mata Zetas?
Mata Zeta:
Los Matas Zetas is another paramilitary group (Zeta Killers) that has sprung up recently and in fact could be governmentally sponsored. Either way, this group is out to whack the Zetas. Now, were you in posession of data that could be used by them to combat the Zeta’s maybe you could find a conduit to get that to them… Secretly. I am pretty sure though, that these guys, if not sponsored by the government (Mexico and the US) would then just become the next narco trafficking group in line to stop the power vacuum once the Zeta’s have been taken out of the equation.
The basic idea though is this: Use the enemy of your enemy as your friend to destroy your enemy. Get it?
OPSEC:
Ok, so, here we are and you guys have laid claim to the idea of the operation. Then, once people started threatening, you dropped it. Then others like Sabu said it was all a PSYOP and there are things going on in the background still.
Oy vey…
Look, overall you have to follow OPSEC on any operation like this and so far you have been a big FAIL on that account. It’s akin to saying to your enemy;
“I’m attacking at dawn.. From the East… With planes.. Vintage WWI planes…”
What were you thinking?
Obviously you weren’t thinking about OPSEC. You have seen me write about this in the past and you surely have heard Jester talk about it too. It is a key precept to special warfare and you guys just are not ready for prime time here. Unless you follow some basic security measures you will end up dead. So pay attention.. If there was any merit to this operation in the first place.
This Isn’t An Episode of Miami Vice:
Finally, I would like to say that this is not an episode of Miami Vice kids. YOU do not have a nickel plate .45, slip on shoes, and pastel shirts. This is reality and you are more than likely to run up against blackhats who will find you and one by one, these guys will hunt you down.
I know.. You’re an idea… No one can stop an idea…
I’m sorry, but your Idea will also not stop bullets and bad men with knives from cutting you to ribbons when they locate you. Unless you learn some tradecraft, go back to taking on corrupt corporations and paedophiles…
Though.. They too could also hire a hacker huh?
You guys are not ready for this…
K.
Not So 3R337 Kidz
Once again we find ourselves following the story of a new uber dump of data on a Friday (Fuck FBI Friday’s) as they have been dubbed by the skiddies. It seems that 4cid 8urn, C3r3al Kill3r, and Zer0C00l once again have failed to deliver the goods in their #antisec campaign with their ManTech dump. ManTech, for those who don’t know, is a company that handles defense and government security contracts for such things as secure networks etc. The skiddies decided to try and haxx0r the Gibson and get the goods on the bad bad men at ManTech.
Once again, they failed.
The files are mostly UNCLASS (kids, that means UN-CLASSIFIED mmkay?) with a few SBU (Sensitive but UNCLASSIFIED) as well. Many of the files are just documents of finances, bills, resume’s and email addresses that frankly you could get with a good Googling session. Again, we are not impressed by this crap Lulz skiddies. I have told you once, and now I till tell you again, you are failing to deliver anything of interest really.
Now, if you were real APT, then you would have used the data in the excel sheets to create some nice phishing exploits and then gone on to root some good shit. But no, you aren’t that advanced are you? You just want to do the quick hit and dump your ‘booty’ to collect the love from your adoring, albeit stupid, fans. I am sure some of them are at home now wanking off to the idea that you have really stuck it to ManTech and by proxy ‘the man’
Well, you haven’t.. Not so 3r337 as Raz0r and Bl4d3 say.
What you keep failing to understand are sever key things here:
- The good shit is in more protected systems, ya know, like the ones Manning had access to
- You have no idea what you are taking or what you are dumping! Bitch please, understand the classification markings!
- It’s only important to your ‘movement’ if the data actually uncovers bad behavior on the part of the government!
And it’s on that last point I want to harp a little more on. You guys say you are exposing fraud and devious behavior (other than your own subversive tendencies?) and yet, you keep missing the mark. There have been no cohesive plots outed by you other than Aaron and HB Gary’s little foray into creating 0day and programs for propaganda tools online.
Yay you!… ehhh… not so much.
You certainly did spank Aaron though, and for that my top hat and monocle are off to you. He rather deserved what he got for being so God damned stupid. However, you must all understand that these are the standard operating procedures in warfare (PSYOPS, INFOWAR, PROPAGANDA) every nation plays the game and its just the way of life. So, unless you get some real data of a plan to use this type of tech by the US on the US, (other than Rupert & Co.) Once again, I am not really so impressed.
Of course, you have to know that you are now the target of all of those tools right? Not only by the US, but other nations as I have mentioned before. Do you really think that you have not opened the door for other nation states to attack using your name? No one mentioned yet that you are now considered domestic terrorists and could even be considered non domestic after you get caught? You have opened Pandora’s box and all the bad shit is coming.. And much of it is going to be aimed straight at you.
The ironic thing is this.. You have delivered shit. It’s the idea and the cover you have given other nation states or individuals that is key here. You say you can’t arrest an idea… I say certainly not! BUT They can arrest YOU and then make that IDEA not so appealing to the other skiddies once your prosecutions begin on national TV.
So keep it up.. That hornets nest won’t spew hundreds of angry wasps…
ウェブ忍者が失敗する : Dox-ing, Disinformation, and The Fifth Battlespace
Digital Ninja Fail: ウェブ忍者が失敗する
The recent arrests of alleged key members of LulzSec and Anonymous have been called into question by the ‘Web Ninja’s‘, a group of would be hackers who have been ‘DOX-ing” the anonymous hierarchy for some time now. Yesterday, they posted the following on their page concerning the arrest of a man from the Shetland Islands who is purported to be ‘Topiary‘ by the Met and SOCA.
Now, this is a bold statement for anyone who really knows what they are doing in the intelligence analysis field. So, it is my supposition that these guys have no clue about what they are doing by making bold assertions like this. The data they have is tenuous at best and by making such bold statements, I have to wonder if indeed the so called ‘Ninja’s” themselves might not be a tool of anonymous to in fact sow that disinformation.
Here are the facts as I see them;
- To date, the federal authorities have not questioned anyone who was DOX’d by the Ninja’s that I am aware of
- The individuals who were DOX’d that were investigated by the authorities were in fact outed by LulzSec/Anonymous themselves
- Adrian Chen has spoken to the person that the Ninja’s have fingered and claims that he (said person) went to the authorities himself. So far he is still not a suspect.
So, taking into account these facts, I would have to say that the Ninja’s have failed in their stated mission so far and I would suffice to say that if they are indeed a part of a disinformation campaign, then that too has failed. After all, the police seem to be ignoring the data put on the interent by the likes of the Ninja’s in favour of other tried and true tactics. The primary tactic as I see it, is grab one individual and then get them to roll over on their compatriots in the face of massive jail time.
This pretty much works all the time as we, as human beings, are most willing to sacrifice others for the self. In the case of the likes of LulzSec skiddies, I would have to say that the ages of the players, and their generational tendencies will allow them to cut deals pretty quickly. It’s my assessment that they are in it for the self gratification and lulz, not for the altruism that the LulzSec and Anonymous press releases have been trying to have one believe. My assumption is that if indeed the 19 year old guy they popped in Scotland is involved with LulzSec, and is in fact Topiary, he will roll over soon enough.
I also believe that these are all untrained operatives and they have made and will make more mistakes. I am pretty sure that the alleged “leaderless” group has leaders AND that unlike a true guerrilla warfare cell, will know the other players personal details. Essentially, they have had no compartmentalisation and they will all fall eventually though interrogation and deal making. As I said before, the insider threat to the organisation is key here, and it was this idea I think the Ninja’s had.. Well, at least that was the original idea of the Ninja Warrior. They were spies who infiltrated the ranks and destroyed from within.
So far with these guys.. Not so much.
Welcome To Spook World: Disinformation Campaigns and Intelligence Analysis
Now, on the whole disinformation thing, I know that the Lulz and Anonymous have said that they are using disinformation as well to try and create a smoke screen. Frankly, all of the intelligence out there that is open source is suspect. Maltego map’s of end user names as I have shown in the past can be useful in gathering intelligence… Sometimes. For the most part, if a user keeps using a screen name in many places and ties that name to real data, then they can be tracked, but, it takes a lot of analysis and data gathering to do it. Though, many of the foot soldiers within the Anon movement are young and foolish enough to just keep using the same screen names for everything so there is a higher likelihood that the data being pulled up on Maltego and with Google searches is solid enough to make some justified conclusions.
With the more experienced people though, there has been some forethought and they have protected their identities as best they could. What became their real downfall was that they could not rise above petty infighting and dox-ing each other. Thus you have the start of the potential domino effect on the core group as well as anyone who has any peripheral affiliation with the Lulz. Be assured, those who have been pinched are giving up as many names as possible as well as whatever is on their hard drives, Anon hacker manuals or not. All of these scenarios lead to the conclusion of more arrests by the authorities and even more skiddies getting into legal trouble around the globe. Meanwhile though, if the core group has been smart, then perhaps the leaders will skate for a time, using the masses as canon fodder.
Gee kids.. Did you know that you were all expendable?
On another tac, I would like to speak about the potential of the disinformation campaigns being perpetrated by the authorities as well. Consider that the trained professionals out there who are hunting these characters (Topiary, Sabu, et al.) are also adept at using not only the technologies of the fifth battlespace, but also the training afforded them in ‘spook world’ This means disinformation campaigns, mole hunts, and insurgencies of their own, getting to the inner core of Anonymous and Lulz. Now, that there were six (alleged) lulzer’s it would be more difficult to do, especially if those LulzSec folks really do know one another (as they claim they do not, which, I just don’t buy.. Remember the compartmentalisation issue) The agent provocateur’s are out there I am sure and with each rung of the ladder, they get closer to the core group.
That is unless the core group falls apart on their own and DOX’s each other out. In the end, I am going to suggest that the authorities will use all of the tricks of the trade on the Anon/Lulz folks to bag them… And with concerted effort by government resources, they will get their men/women.
Untrained, Unruly, and Unprofessional Operators:
“Discretion is the better part of valour” as they say, and in the case of the Lulz and Anon crews, they seem to not have a clue. Perhaps the Lulz think that by being unruly and unpredictable to a certain amount, will be just the cover they need, but, I think that their lack of discretion will be their undoing as well as their hubris. Had many of these folks had some real training, they might have just stood down for a while (not just a week or so) after setting sail into the sunset.
As I have said before, it was a bad idea to recruit and have comm’s out in the open on IRC servers even if they had ‘invite only’ channels. As is being seen now, someone (jester perhaps) has taken down their servers again after other outages due to Ryan Cleary’s attack and pressure from the government on those connection sources that the Anon’s were using. I am sure the idea was to have a movement that could also serve as diversion for the core users as well as to LOIC, but this all failed in the end didn’t it? The LOIC is what has given the FBI the 1,000 IP addresses as a hit list, so to speak, that they are now using to collect people and charge them for the DD0S attacks.
Had these people been trained or not been so compulsive, they might have had more of a chance to keep this up for a much much longer time. As I write, the Lulz do continue, but they have slowed quite a bit since the arrests started again. This I think is because the cages are starting to get rattled and people are finally coming to the conclusion that some discretion is needed to not end up Bubba’s play pal in prison. It’s a learning curve, and likely going to be a painful one for the kiddies.
Unprofessional actions within this area of battle will end up with your being put in jail kids.
To end this section I would also like to add this thought. My assessment of the Lulz core group is this;
- They were drunk on the power of their escapades
- The more followers they had and more attention, the less risk averse they became
- They seem to have compulsion disorders (don’t say it.. Aspergers!) that seem to not allow them to lay low (until now it seems)
- The ego has eaten their id altogether
- Base ages are within the teens with a couple over 20
Technical Issues Within The Fifth Battlespace:
Another BIG issue within this battlespace is the technology. The Anon’s and Lulz have been ascribing to the idea of “Proxies, we haz them! So we’re secure!” and to a certain extent they are right. There are always ways around that though and certainly leaks in data (such as the TOR leaks that have happened) that could lead someone to locate the end user behind the proxy, so they are not fool proof. Certainly not if the fool in question is some skiddie 12 year old using LOIC un-proxied and not obfuscated while they D0S Paypal.
The problem is that the technology could fail you as well as the untrained operative could make small and large mistakes that could lead authorities right back to their IP and home accts. On the other side of that equation is that when properly done, it is damn hard to prove a lot in hacking cases because of obfuscation, as well as mis-configured end systems that have been hit. I cannot tell you how many times I have seen incidents play out where the target systems had no logging on as well as being completely un-secured, thus leaving practically nothing for a forensics team to find and use.
Once again, this brings us back to the insider threat, whether they be the insider who decides to go turncoat, or, the agent provocateur (i.e. Jester and the Ninja’s as well as others from the authorities) who infiltrate the Lulz and then gut them from the inside. What it really boils all down to is that in the end, it will be the foibles of the Lulz core and the actions of spooks that will bring them down.. And I think they are learning that very fact now.
JIN; One Must Know The Enemies Mind To Be Victorious:
As a last note, I would like to say to the Ninja’s, you need to learn and practice your Kuji-in. It is obvious to me that you have failed on the ‘Jin’ (knowing the opponents mind) with your dox attempts. Until such time as I see people being hauled in that directly relate to your documents posted, then I am going to consider the following to be the case:
- DOX-ing is mostly useless and takes quite a bit of analysis before just releasing names
- The Feds are not taking your data as gospel, nor should the general public or media
- You yourselves may in fact be a tool of Anonymous/Lulz and as such, spewing disinformation
- You could be right, but by releasing it to the public at large, you are letting the Lulz know to destroy evidence and create obfuscation that will hinder arrests later.
Ninja’s got results.. Not so much for ‘Web’ Ninjas. At least Jester, if his claims are true, is breaking their C&C channels lately.. Which has its own problematic issues.. Just like his meddling in the Jihadi area, but, that’s a story for another time.
K.
Shamikh1.info: The New Den of Scum and Villainy
Well, that didn’t take long did it. At least Evan got one thing right, they’d be back up soon. So, here is the skinny on the new site and the core server that they have stood up. The site is still not fully back online, but this stage of things allows one to get a lot of intel on the server makeup and who is operating/hosting it because they had a direct link back to the sql instance. The site is not fully operational yet, but they are setting it up rapidly as I surmised they would on the domain of shamikh1.info which was registered in May as the backup domain.
I have begun the work of getting all of the pertinent details on the address owners/ops in Indonesia so soon all of their details will be available to those who want them. However, just with the short bit of work I have done here, I pretty much think you can all get a grasp of who’s where and what’s up huh? Sure, the server is in Indonesia, and, well, they are rather tepid on the whole GWOT thing so nothing much may happen…
But..
You intelligence agencies out there looking for a leg up.. Well here it is… Enjoy.
Now, back to the events that brought us to today. The take down of the original site may have been only because someone got into the server and wiped it out as Evan suggests (without any proof as yet mind you) or, it may in fact be because the site was blocked at the domain level as I pointed out in my last post on this matter. Godaddy had suspended the domain and I am not sure if the mirrors on piradius were working before the alleged attack happened or not. At this point, it is anyone’s guess as to the attacks perpatraitors, methods, and final outcome until someone from the AQ camp speaks up on exactly what happened.
Meanwhile, the media will continue to spin on about MI6 hacking them or perhaps it was those mysterious “Brit” hackers that so many articles mentioned.
“Bollocks” As they say in England.
DATA:
Domain ID:D38010794-LRMS Domain Name:SHAMIKH1.INFO Created On:14-May-2011 00:22:30 UTC Last Updated On:27-Jun-2011 07:43:57 UTC Expiration Date:14-May-2012 00:22:30 UTC Sponsoring Registrar:eNom, Inc. (R126-LRMS) Status:CLIENT TRANSFER PROHIBITED Status:TRANSFER PROHIBITED Registrant ID:fce7ae13f22aa29d Registrant Name:WhoisGuard Protected Registrant Organization:WhoisGuard Registrant Street1:11400 W. Olympic Blvd. Suite 200 Registrant Street2: Registrant Street3: Registrant City:Los Angeles Registrant State/Province:CA Registrant Postal Code:90064 Registrant Country:US Registrant Phone:+1.6613102107 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:06b6ac7646b147ccb6aed6d1f0248d70.protect@whoisguard.com Admin ID:fce7ae13f22aa29d Admin Name:WhoisGuard Protected Admin Organization:WhoisGuard Admin Street1:11400 W. Olympic Blvd. Suite 200
Core Server:
Ip address: 180.235.150.135
Location: Indonesia
Persons Attached: Daru Kuncoro & Yogie Nareswara
Names of Admins: Yogie Nareswara & Daru Kuncoro
Email Contacts: ahmad@koneksikita.com yogie@arhdglobal.com
Nmap Scan Report:
Starting Nmap 5.21 ( http://nmap.org ) at 2011-07-02 07:39 EDT Initiating Ping Scan at 07:39 Scanning 180.235.150.135 [2 ports] Completed Ping Scan at 07:39, 0.32s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 07:39 Completed Parallel DNS resolution of 1 host. at 07:39, 0.53s elapsed Initiating Connect Scan at 07:39 Scanning 180.235.150.135 [1000 ports] Discovered open port 80/tcp on 180.235.150.135 Discovered open port 110/tcp on 180.235.150.135 Discovered open port 993/tcp on 180.235.150.135 Discovered open port 143/tcp on 180.235.150.135 Discovered open port 21/tcp on 180.235.150.135 Discovered open port 443/tcp on 180.235.150.135 Discovered open port 3306/tcp on 180.235.150.135 Discovered open port 995/tcp on 180.235.150.135 Completed Connect Scan at 07:39, 11.74s elapsed (1000 total ports) Nmap scan report for 180.235.150.135 Host is up (0.30s latency). Not shown: 958 filtered ports, 34 closed ports PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql
Tasty, they have a few ports open. Hey antisec skiddies, wanna play with some SQLi ?
Meh.
Site Contact Data:
Daru Kuncoro:
Yogie Nareswara:
Current State:
Guess they are still working on the server connections… I am sure as well, that soon they will have more stealth servers out there in Malaysia as well. So the mirroring will begin for the sql instance to do the push from. Lets see how long it is before this one is taken down shall we? Oh, and next time an attack happens, lets all get a lock on how it is happening as well as exactly what it is. I have had enough of the media hype with talking heads who have no idea what they are talking about when it comes to information warfare or network security.
More later.
K.
The Lulzboat Sailed The Internets and All I Got Was This Stupid Garbage File!
That’s it? All we get is this stinkin garbage file?
Well, it seems that the Lulz are over for now as last night saw the Lulzboat sail into the sunset. In a post on twitter and a rapidly seeded file dump on Pirate Bay, the LulzSec collective decided to hang up their tophat claiming that they were basically going to pull a Costanza at the top of their game.
Within the torrent file the following parting words were sent:
Friends around the globe,
We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.
For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.
While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn’t that interesting to know? The mediocre painter turned supervillain liked cats more than we did.
Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.
So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.
Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.
Let it flow…
Hrmmm.. 50 days? Is there any real significance to this other than perhaps the party van was pulling up outside your doors and you had to dump the garbage file quick like? Honestly, the files that you dumped, while in sheer numbers of passwords and logon’s to a few sites is well, kinda weak. In short, there is nothing revelatory here. I mean, jeez at LEAST the garbage file in the movie had some interesting malware shit in it right?
The Files:
So, we have some AT&T data from inside that cover some frequency ranges, and some manuals, minutes from meetings etc that are kind of interesting. There is a scan of the FBI.gov site that shows a vuln, and they managed to add Pablo Escobar to the Navy jobs database.
Whoopee.
All in all I have to give the Lulzsec crew a big “MEH” on this as well as their other dumps really. Sure, they have pointed out that low hanging fruit is abundant on the internet, but, really, who in the security or hacking world did not know this? Further more, what does the average everyday end user care? I mean, if their passwords are stolen, they will reset them. If their money is stolen they are insured by the Fed… Is there a great hue and cry from the masses because Lulz were had by the general populace to have the Lulzboat crew hoisted on the yard arm?
Not that I have seen.
In short kidz, you have only served to amuse yourselves and others out there but if you had anything else in mind about bringing change to the scene, I don’t think you have succeeded. People are creatures of habit and sloth. Short of taking the whole system down for the count, nothing will be so epic as to make corporations secure their networks and perform due diligence. Those who have done so out of worry because of your antics will go back to their peaceful Luddite slumber.
Leaving So Soon?
So, on to your sudden departure from the scene. I have the feeling that as I had written about before, you were coming to realize that perhaps you could never be as clever or wily to evade detection and prosecution given your penchant for the dramatic you all seem to have. Your propaganda machine and communication channels were leaking, this you could see from the A-Team dumps.
You guys have tried variations of your names, you have attempted obfuscate as much as you could, but, in the end, your re-use of favored screen names was your undoing. You see, the jester has been scouring the internet (I am sure with help from others) looking for any connections to those screen names or iterations thereof. I myself have done this and came up with analogous data to what jester and others have posted. With each successive day, your true identities are being uncovered if they have not fully been as of now.
However, this re-use of nick names and ties to email addresses aside, you guys just were immature enough to do yourselves in with petty disputes and the use of non trustworthy assets. This whole outing of each other thing was one of the most stupid things I have seen. Sure, some of it could be digital chaff, with you trying to set out disinformation, but I think that is not the case. Your own hubris shall be the thing that ends up placing the party vans on your collective front steps.
Lets face it, you played the game of spooks and I think in the end, you will lose. In fact, I think that you should probably have been better off had you just gone off seeking some sharks with frikkin lazers on their heads in your volcano lair instead of playing with the fire that you have been. Once they do pop you, you all are going to see some very interesting things inside jail as the governments kluge together terrorism charges on you.
Your Legacy:
Well, I guess we will have to see if anyone decides to take up the Lulzsec mantle. For now, we all await the party van posse to pick you all up sooner or later. You have spawned some more fools though like Team Poison who want to up the ante with releases of data like old Tony Blair stuff… That was kinda lame too frankly and made so sense when they claimed to still have access.. Why dump what you have and then claim to still have access? If it was current, I am pretty sure they have yanked the plug on that mail server and ‘five’ has it.
Oh, did you take that into account? I mean, he is Tony Blair after all… They are MI5… ‘Expect them’
So where was I?… Oh yeah..
In all of your dumps you delivered nothing worth your or our time. You proved a point that SQLi is prevalent but who didn’t know this? You have proved that you were pretty immature and likely suffer from Asperger’s yourselves… Well that will be the claim that your lawyers make to the judge won’t it huh? I mean that is the mental illness du jour as excuses go for immature hacking antics today isn’t it? I don’t think that will work though, the government just doesn’t care, they will medicate you and then put you on trial. You see Asperger’s is not a form of insanity, and the insanity plea, as some of us know, is NOTORIOUSLY hard to use as a defense in court. Nope, you guys really actually suffer from inflated ego’s and too much jolt cola.. That’s my diagnosis, for what its worth.
So, yeah, legacy… Well, you certainly have tried to do your best imitation of SPECTRE, but instead you came off as Bighead. I am sure there will be others following in your footsteps, but, in the end I don’t think you have launched a new SPECTRE.
Nope, I expect your real legacy will be the creation of more draconian laws by the government as a backlash to your antics. Laws that will make all our lives a bit more less private and a lot more prone to being misused. I also expect that the lulz will continue, though at your expense once you are all caught and put into the pokey.
… And those lulz will also be epic fail.
K.
Krypt3ia 