Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Uncategorized’ Category

THE 2018 INFOSEC KRAMPUS LIST

leave a comment »

THE GREAT AND TERRIBLE KRAMPUS PROCLAIMS!

On this night the following INFOSEC girls and boys are in need of his utmost sadistic attention for their transgressions!

 

Threat Intelligence Threatleaders:

Sweet Jesus stop with all your “I KNOW EVERYTHING ABOUT INTEL” because you fucking don’t! A majority of you that I have run into have no real IC background and couldn’t red team your ideas out of a wet paper bag never mind be able to determine what is and is not a nation state operation! Lemme give you a hint. The one’s who really know shit DON’T FUCKING TALK ABOUT IT ALL THE TIME TO  ANYONE WHO WILL LISTEN OK?

PLEASE take your artisanal hand crafted BULLSHIT threat intelligence elsewhere and shove it up your collective chimneys!

 

Nord VPN: Masters of MILITARY GRADE ENCRYPTION!

Dear Nord, Krampus has seen your useless ad’s on CNN too much lately and wants to tell you here and now that; THERE IS NO SUCH THING AS MILITARY GRADE ENCRYPTION WITHOUT A HARDWARE LAYER SPECIFICALLY FOR THAT PURPOSE AND EVEN THEN IT MEANS FUCK ALL!

YOU, Nord, are on my list FOREVER now. Stop trying to scare the grandparents into paying for your shitty VPN!

 

The Hacking Community Writ Large:

Krampus has a lot to say about the hacking community. Most of what he has to say cannot be translated into human language but understand that ALL of it is not good.

What the fuck is it with you people that you need to be the center of fucking attention all the time?

What the fuck is it with you people that you always think you are the fucking smartest people in the room ever?

What the fuck is it with you people to even THINK you have so many problems including, and Krampus cannot even fathom mouthing the words, PTSD from working in INFOSEC?

Get over yourselves and maybe go outside once and a while and talk to people outside your personal bubbles would ya?

Oh, and GROW THE FUCK UP!

Krampus say’s this every year and still you keep on keepin on being asshats!

EDIT! Krampus just also remembered the hubris of you all complaining about security and privacy in hotel rooms in Vegas. WHAT the FUCK were you people thinking? Were you thinking at all? There is no 4th Amendment right here. Sure, coming in on you naked and all is bad and scary but THINK THE FUCK AHEAD! YOU ARE SECURITY PROFESSIONALS RIGHT?

STOP WHINING.

 

NATSEC and INFOSEC Talking Heads:

Krampus watches a fair bit of news in his off hours between Krampusnachts and FUCK does he really hate all you fame whores seeking attention talking about shit you really have no idea about. If you are out there just to be on TV talking about shit ad nauseum to pimp your service or your new book…

Fuck you.

The people who do the things are off doing them and you are just masturbating on air.

 

The Gugq:

Speaking of people out of their lanes.

Just fucking stop man. The IC giggles and points when you talk about shit.

Stop.

Every time you say anything about OPSEC google that photo from the magazine of yourself with the pile of money and the drink.

There’s some OPSEC.

 

Blockchain Fuckwits:

NO BLOCKCHAIN IS NOT MY SAVIOR! NOR IS IT YOURS! DUDEBRO’S IT’S ALL FAKE MONEY!

STAHHHHHP!

 

Cyber War Salesman:

If Krampus get’s another pitch with the words cyber and war or cyberwar in it he will personally donkey punch you all.

There is no such thing. Stop trying to use it as a sales pitch for your shitty shitty products.

 

To All The Reporters I Have Loved Before:

Krampus still loathes you. You all will pay for your shitty deeds.

 

The “Cyber” Warriors:

See “cyber war salesman sic: it doesn’t exist”

 

Well, that’s it kids. Krampus is old and tired of all your fuckery but these were the winners this year. Of course damning a WHOLE “Community” is pretty epic and you guys never fail in letting ol’ Krampus down.

Till next year!

Krampus

Written by Krypt3ia

2018/12/05 at 21:46

Posted in Uncategorized

Who’s Ian Smirlis or Giannhs Smyrlhs and Why Were They Hosting and Domain Owner of cicada3301.org in 2015?

leave a comment »

From Reddit /r/cicada3301:

  • On April 19, 2015, cicada3301.org went live, displaying the ASCII Cicada emblem seen in some of 3301’s tor sites and a countdown clock heading to August 17 2015, 10:33 AM, calibrated to the user’s clock. The metaheader of the countdown page reads “Willkommen” – ‘Welcome’ in German.
  • Upon reaching 0, most people report that the clock begins counting back up from 10:33 on August 17. (This is the case for this author.) It is unclear if this is intended or a default function of the basic countdown script used.
  • The index loads only for certain users – for those unable to view the index, see these screenshots. (imgur link)
  • Besides the index, there are four pages in the site’s navigation: an overview of the Gematria Primus, a description of the “technomystical” Cicadian order who hold 3301 sacred, the entire translated portion of the Liber Primus, and a description of Cicadian “broods” (which seem akin to congregations.)
  • No part of the site’s HTML or Javascript seems unusual in any significant way, though further investigation may yield some break on this front
  • No PGP has been found anywhere on the site.

Lately I have been in a mood to look into the more darker and deeper corners of the darknet and one of the more interesting goups/puzzles/mysteries is the Cicada3301 group. While I was messing about with the Liber Primus and such, I decided to poke around cicada3301.org, which was a domain and site that popped up in 2015 and purported to be a part of the whole thing. It has been determined by Redditor’s that this is a fake site not part of the official 3301 and later on in fact 3301 said that all messages will be signed with a pgp key, and this site did not have it as far as I know. So this site is ostensibly just someone who is enamored with the whole thing or, maybe, someone affiliated. If you look at the site you can see some content that makes me wonder if they aren’t somehow a part of it. One of the things that I kinda key on is the whole “brood” discussion, but I could just be a bit crazy and not know when the term first came out in the public eye after one of the solvers talked about how cicada3301 is alleged to work as a group with “broods” of intelligent individuals working for the higher ups doing… “things”…

Wayback cicada3301.org_1

Wayback Cicada3301.org_2

Anyway, having stumbled on the site because I have not been paying close attention all these years, I decided to take a look at this site in Domain Tools because the Redditor’s seem to lack an account on this service. What I was able to determine was that the site was originally started/owned by a guy named Ian Smirlis, or Giannhs Smyrlhs out of Athens Greece. Now, this is interesting because once I started digging in on the names and the email address I started to find some odd things about our pal Ian.

Screenshot from 2018-06-15 16-21-13

Ian Smirlis is a kind of enigma on his own. Looking online for traces of the name you only come up with a few and what you get are, well, odd. For starters, one of the first hits you get is for a YouTube channel that he has out there. When you look at that channel you see five uploads and not much else. In fact, when you look closely, there is no bio page at all. Nothing else about this channel leads you to any further information about Ian at all. No favorites, no comments, no email address, nada. Now, if you look at the videos he has uploaded the first one in the group turns out to be the most interesting of the lot, save for a weird interest in “The Elephant Man” that he has. The first video is called “SCIgen talk

The SCIgen talk is the story about three MIT students who “fooled the world of scientific journals” using a program called SCIgen which is a paper generator intended to fool CFP judges and audiences. The video is really funny and the article linked here is a good read. Clearly these MIT kids are tricksters and it turns out that all three of them are now working in the tech area with jobs that concern information security and encryption technologies. It certainly is funny to me that this Smirlis character, also in the software and engineering field has their video as a direct upload to his pretty information free YouTube channel.

Watch the video and see just how amused these guys were with pulling off the talks they did with at least one audience member in attendance. However, ok, you might say, what do these guys have to do with Cicada3301 and this Smirlis guy’s alleged fake Cicada site? Well, if you look deeper at the article linked above about how these MIT guys fooled the establishment, there is mention at the bottom of the second gen of the SCIgen program called SCIpher that will steganographically hide messages in “innocuous scientific conference advertisements

ORLY?

Gee, isn’t there a lot of hidden messages in the whole Cicada3301 thing? Oh yeah, there are. In fact, to me this all seems to click a bit. I mean, these guys took on the scientific establishment and, well, they all have the chops to pull off a lot of what we have seen in the Ciacada3301 arc right? Also, what if a group of MIT students, not content to fool with the scientific community decided to move on to bigger and better things by fucking with the “internet” with hidden messages and a story line to get some giggles? It does kinda sound like an MIT prank in a way to my mind.

…But back to Ian Smirlis…

The thing that keyed for me is that maybe this guy isn’t real or that the name was an anagram. I spent some time on that idea and so far he seems real enough but still kinda sketch. The other name on the domain registry definitely turns up even less on the net. Giannhs Smyrlhs has a Google+ page and not much else on the Goog. He has some followers and I went down that rabbit hole a while and decided it was chaff.

Alrighty then Giannhs…

So, what am I left with here? Well, I find it interesting that these characters are so sketch and that but for a fuck up on the domain reg, the site would have remained anonymous unless you pay Domain Tools a chunk of dough for the service to look at historical WHOIS.

TAKE THAT GDPR!

The connections with the MIT guys and the whole SCIpher and SCIgen thing also kinda makes me wonder. Also, the fact that there is so much mythos around the Cicada in Greek history as well kinda makes me wonder. See for yourselves if you feel like reading up:

Cicada’s in Ancient Greece: Orkin

Cicada Mythology: Wikipedia

All of it is interesting to say the least. Whoever Smirlis is, whatever he is up to, he is pretty serious about Cicada3301 at the very least. Now with these other clues, I just wonder if he is somehow involved or has some knowledge and is tipping the hat ever so subtly to the MIT guys on this one…

Just something to make you go HMMMMMMMMMM….

K.

UPDATE: I got an email from Ian and well, he says he has nothing to do with Cicada3301, he was only interested in it and wanted his information taken down. I have smudged out his personal info from the WHOIS image but the post stands.

K.

UPDATE 2: So I was in the darknet looking at Hunchly’s scrape of urls and came across the following address: http://honmnaapxzpk2rg7.onion/blogs/3301.html on there I see at the bottom of the page something interesting…

Screenshot from 2018-06-26 09-40-00

Whaaaaat? Some rando guy in the darknet is saying that 3301 is really a group of MIT students who wanted to play with people and ciphers…

NO. WAY.

UPDATE 3: Sooooo it turns out the snippet I found in the darknet is paralleling a post on Reddit two years ago by someone named “Dave” The post was made on Reddit 1/7/17 and was deleted soon after (comments are here)

Screenshot from 2018-06-26 10-15-59

So what Dave is saying here in 2017 is that Cicada was 4 guys from MIT who decided to troll the internet and it got outta hand. Gee, why does that sound familiar? Oh yea, I said as much by looking into this fake Cicada site and the links to the three MIT guys video that Smirlis made.

Please note I came to this independently and am now finding out more by looking at links sent to me by Switch’d on Twitter. It also is interesting that Smirlis posts the link to the video of the MIT students troll in 2014.

Screenshot from 2018-06-26 10-26-13

Does this mean Smirlis knows something or that he was making a guess? Does it mean that he is “Dave” ?? It is amusing to see all the comments where people are like “NO WAY MAN, THIS IS ILLUMINATI LEVEL SHIT!”

But wait, now can anyone confirm the vulnerabilities that Dave speaks of in the pages that they put up? Also, it makes TOTES sense they would use a VM for all this and that it all gets out of hand so they back off.

All I have to say is that this is all rather interesting. Especially since we have not seen the Cicada for a while. Oh, and yeah, in my traversing the players here I also did come across a connections DeviantArt page and her drawings look kinda like the same hand as that which made the grand grimoir “Liber Priumus” so there is that too.

What do you guys think? I already know the Redditor’s thought rather little of my last post…

Evidence kinda mounts.

HEY DAVE! SPEAK TO ME!

K.

Written by Krypt3ia

2018/06/16 at 12:38

Posted in Uncategorized

Ethics In Hacking and Dropping Code

leave a comment »

With the release of Autosploit, a tool for automatically scanning and exploiting hosts located via Shodan.io, a shit storm erupted on the ethics of releasing a tool like this. The problem has become just how easy it may now be to automate the attacks on vulnerable systems en masse that this tool could potentially provide. In an age where IoT devices as well as SCADA and ICS are sitting online in vulnerable states makes the possiblity of great damage to large networks more probable with such a tool. It also brings to the table the idea that the barrier to success on such attacks has been lowered to a new class of individuals with a limited knowledge base and creates an asymmetric threat model of a single individual able to wield greater attack capabilities with one tool.

Many arguments have been made on Twitter about the efficacy of releasing code like this but most have not focused on tools per se but instead on malcode or 0day’s. Now that there are bug bounty programs and companies that sell vulnerabilities we are living in a more dangerous time where the few with the money could buy exploits and do mass damage or commit mass surveillance and espionage. This also applies to countries willing to pay for 0day exploits to be in control of the attacks and have the upper hand. Think about that, our politics and our lives are at the mercy of code being sold to the highest bidder. We have weaponized code and tools made from it on a medium that was supposed to enlighten and bring us all together. Instead our baser nature has made the internet and everyone’s devices a tool for repression or subversion.

After the release of Autosploit, the hue and cry went up, and rightly it did. In a time where we have people releasing code and remarking “Let the world burn” I think it is time that we began to talk about the ethics of doing these things. Ethics kids is a philosophical discipline where you consider the moral responsibilities of what you do and the effects your actions could have. I think that too many people of a certain age group have had little to no training on ethics and this has helped to lead us to where we are today. In this specific case let’s talk about the ethics of releasing any code or tool that would lead to potential disastrous effect.

Many tools over the years have been dropped for free by hackers out there that could and were abused by others who downloaded and used them for their own desires. I have been exhorted to mention things like BackOrifice or L0phtcrack in the past and, well, there you go. Both tools were used for bad purposes as well as ostensibly good in the hands of penetration testers. Of course these were just placed on the net for free for anyone to have at first and this is where the quandary starts right? Did L0pht or CDC consider the potential damage that could be done with their tools? Did they put them out there with some self awareness that they may in fact be complicit in crimes because the tools that they created and distributed, for good or for ill, could be misused?

I point you all to Alfred Nobel, the inventor of Dynamite. He created a tool that would help in mining but in the end that tools devastating effects were used in other ways to hurt people and wage war. In an obituary that was accidentally run about him instead of his brother, he learned what the world perhaps thought of him regarding his invention. This bothered him so much that to atone for his actions he created the Nobel Prize to further science and other pursuits that do not further the harm of others. The idea that his inventions use for ill and how he would be perceived by history prompted his ethical response.

Today, we have people creating tools that could be misused and in some cases are for the sole purpose of misuse. The Autosploit tool may be a boon for some penetration testers, but the reality is that it is just another mass scan tool that seeks out vulnerable systems throughout the whole of the internet and loads the exploit potential to just break into them. This is not a refined tool for a scoped penetration test, this is a tool for mayhem. This is why I think others have made comments about the way it was released and the dangers in doing it so. The ethics though seem to have been glossed over concerning this release. What are the ethics of Autosploit’s creation and release on a Git repo? What is the morality behind doing so? Are there arguments for either of those or is it just another hacker saying; “Let the world burn” with no thought or accountability because it is the internet?

The problem we have today is that there are no ethical demands being placed on these coders and hackers. In fact, the whole notion of hacking has a very troubled side where illegal activities are the norm because the ethical and moral question of “should I do this” has not even been contemplated over the desire to know things. Sometimes I personally think that there is a fair bit of sociopathic behaviour in this community to begin with so that actually kind of aligns with the argument that ethics have not even been contemplated in some of these works. So as we move forward into a world of cyber warfare we have to care for the ethics and morality of what we do just as we have in all other forms of warfare in the civilized world.

While people like Katie Moussouris advocates for penetration testing tools being classified in ways that they are not declared illegal, we too have to look at the ethical concerns of the tools and how they are released to the world at large. Wassenar is a great idea but I feel that it is a myopic approach to larger issues in our ever more connected world. If you look at the actions of the Balkanization of the internet, you can see the actions of China and Russia joining together in a pact to repel the US hegemony in the internet you have to follow that all the way back to the tools that make such issues possible. The tools that you all create for hacking and exploitation that you should have some ethical concerns over when they are used perhaps in ways you did not intend.

Thus, take the ethical pause before you just dump them online …Unless all you care about is watching the world burn.

K.

Written by Krypt3ia

2018/02/02 at 20:12

Posted in Infosec, Uncategorized

MORTY! LOOK MORTY! I AM NO LONGER A MALICIOUS SITE MORTY! SOMEHOW THIS IS ANTICLIMACTIC MORTY! BRRRRP!

with 2 comments

Written by Krypt3ia

2017/10/03 at 20:33

Posted in Uncategorized

LOOK MORTY! I’M A DANGEROUS PAGE MORTY!

with 2 comments

 

Still the page is marked as bad yet no malware can be shown to live here.

Written by Krypt3ia

2017/10/02 at 13:16

Posted in Uncategorized

EQUIHAX

with 3 comments

Trawling the darknet as one does, I came across this little simple page this morning. It claims to be the real EQUIFAX hackers, unlike the last darknet site that was soon taken down by morons. I have looked at all the data on the pages (see screen shots below) and have come to the conclusion that whoever this is they too had access to Equifax. As this is an evolving nightmare I thought it prudent to do a quick write up on this site and let you all know. These actors are offering a crowd source solution to the whole database for the same amount as the fake site the other day (600btc) but also are offering single records as well as 1,000,000 entries for 4 bitcoins or 56 ETC for the same amount of records.

This time the actors actually give you samples, a taste, as they say on the street as bona fides…

 

These samples are what makes me think that this actor had access. I know for a fact that as the ongoing arguments take place online over what the compromise consisted of (what attack worked) that I personally saw a tweet from an alleged Russian actor claiming to have shell access on one of their servers online. This later was proven out to have ADMIN/ADMIN as the log and pass which is just horrid security, or should I say lack thereof? Anyway, you can see above that those records seem legit as do the screen shots of the access to the systems using real internal server names etc.

An onion scan of the site turns up no real vulnerabilities…

The bitcoin wallet shows no activity as yet.

EDIT/UPDATE:

In the process of watching this a change has been made to a small point of data that leads me to believe that this is a fake. Someone pointed out that the data for Bill Gates address was incorrect. Since then it has changed…

Oopsies… State : WA

BEFORE

Screenshot from 2017-09-14 14-16-55

AFTER

Screenshot from 2017-09-14 14-07-43

UPDATE TWO:

A new story has surfaced online that makes the claim that the site creators have access to Equifax and there are other screen shots. I am still concerned with the changes to the data seen here but for what it’s worth here’s the link to the story.

https://t.co/IGoKPCXcDD

Written by Krypt3ia

2017/09/14 at 11:38

Posted in Uncategorized

Asymmetric Propaganda Warfare & Network Warfare

leave a comment »

Why is it that the military just can’t grasp that on the net you can’t just use a sledge hammer to make things go away? It seems they finally have gotten a taste of reality in the war against Da’esh with their cyber weaponry hitting their targets only for the Da’eshbags to re-constitute from backups and new domains bought cheaply. I for one have been saying that it is pointless to just DoS them offline or fuck with them in hopes they would go away for many a year, guess now they might get it after their failures.

Ya see kids, it is not about big cyber booms and these guys go away and unless you are using some super software that pops GPS coords into a Raptor’s telemetry and launch a hellfire, you are pretty much gonna be shit outta luck in making a big difference here. Now the prosecution of the war itself may be benefited by such tools (if they exist) but when you see things like the text from the NYT’s article you see that even the administration just fundamentally did not get it. The NSA is a SPY agency and that is their charter, so asking them to dismantle portable networks that are easily re-constituted with new off the shelf hardware and software bespeaks a fundamental lack of understanding about the technology.

So here’s my advice to all you cyber warriors; Use the technologies that SPIES use to gather intelligence and then pass that intel to the HUMINT folks. Hell, for that matter have a two way connection here and use the tech to watch them, interact with them, and then use the information to make kinetic retaliation possible. You know what made AQAP’s propaganda machine slow down? It was when we blew their propaganda team off the face of the earth. In essence kill them. End them. Use the technology to get at them and end them. Stop it with all this whiz bang idiocy thinking you can take them offline and have them not come back in a day or so with a backed up copy of their shitty jihadi boards.

Just one man’s opinion, but you don’t need a sledge hammer to put a thumb tack in the wall.

There are no quick fixes here.

Just sayin.

K.

Written by Krypt3ia

2017/06/15 at 18:08

Posted in Uncategorized