Archive for the ‘Wikileaks’ Category
Not So 3R337 Kidz
Once again we find ourselves following the story of a new uber dump of data on a Friday (Fuck FBI Friday’s) as they have been dubbed by the skiddies. It seems that 4cid 8urn, C3r3al Kill3r, and Zer0C00l once again have failed to deliver the goods in their #antisec campaign with their ManTech dump. ManTech, for those who don’t know, is a company that handles defense and government security contracts for such things as secure networks etc. The skiddies decided to try and haxx0r the Gibson and get the goods on the bad bad men at ManTech.
Once again, they failed.
The files are mostly UNCLASS (kids, that means UN-CLASSIFIED mmkay?) with a few SBU (Sensitive but UNCLASSIFIED) as well. Many of the files are just documents of finances, bills, resume’s and email addresses that frankly you could get with a good Googling session. Again, we are not impressed by this crap Lulz skiddies. I have told you once, and now I till tell you again, you are failing to deliver anything of interest really.
Now, if you were real APT, then you would have used the data in the excel sheets to create some nice phishing exploits and then gone on to root some good shit. But no, you aren’t that advanced are you? You just want to do the quick hit and dump your ‘booty’ to collect the love from your adoring, albeit stupid, fans. I am sure some of them are at home now wanking off to the idea that you have really stuck it to ManTech and by proxy ‘the man’
Well, you haven’t.. Not so 3r337 as Raz0r and Bl4d3 say.
What you keep failing to understand are sever key things here:
- The good shit is in more protected systems, ya know, like the ones Manning had access to
- You have no idea what you are taking or what you are dumping! Bitch please, understand the classification markings!
- It’s only important to your ‘movement’ if the data actually uncovers bad behavior on the part of the government!
And it’s on that last point I want to harp a little more on. You guys say you are exposing fraud and devious behavior (other than your own subversive tendencies?) and yet, you keep missing the mark. There have been no cohesive plots outed by you other than Aaron and HB Gary’s little foray into creating 0day and programs for propaganda tools online.
Yay you!… ehhh… not so much.
You certainly did spank Aaron though, and for that my top hat and monocle are off to you. He rather deserved what he got for being so God damned stupid. However, you must all understand that these are the standard operating procedures in warfare (PSYOPS, INFOWAR, PROPAGANDA) every nation plays the game and its just the way of life. So, unless you get some real data of a plan to use this type of tech by the US on the US, (other than Rupert & Co.) Once again, I am not really so impressed.
Of course, you have to know that you are now the target of all of those tools right? Not only by the US, but other nations as I have mentioned before. Do you really think that you have not opened the door for other nation states to attack using your name? No one mentioned yet that you are now considered domestic terrorists and could even be considered non domestic after you get caught? You have opened Pandora’s box and all the bad shit is coming.. And much of it is going to be aimed straight at you.
The ironic thing is this.. You have delivered shit. It’s the idea and the cover you have given other nation states or individuals that is key here. You say you can’t arrest an idea… I say certainly not! BUT They can arrest YOU and then make that IDEA not so appealing to the other skiddies once your prosecutions begin on national TV.
So keep it up.. That hornets nest won’t spew hundreds of angry wasps…
ウェブ忍者が失敗する : Dox-ing, Disinformation, and The Fifth Battlespace
Digital Ninja Fail: ウェブ忍者が失敗する
The recent arrests of alleged key members of LulzSec and Anonymous have been called into question by the ‘Web Ninja’s‘, a group of would be hackers who have been ‘DOX-ing” the anonymous hierarchy for some time now. Yesterday, they posted the following on their page concerning the arrest of a man from the Shetland Islands who is purported to be ‘Topiary‘ by the Met and SOCA.
Now, this is a bold statement for anyone who really knows what they are doing in the intelligence analysis field. So, it is my supposition that these guys have no clue about what they are doing by making bold assertions like this. The data they have is tenuous at best and by making such bold statements, I have to wonder if indeed the so called ‘Ninja’s” themselves might not be a tool of anonymous to in fact sow that disinformation.
Here are the facts as I see them;
- To date, the federal authorities have not questioned anyone who was DOX’d by the Ninja’s that I am aware of
- The individuals who were DOX’d that were investigated by the authorities were in fact outed by LulzSec/Anonymous themselves
- Adrian Chen has spoken to the person that the Ninja’s have fingered and claims that he (said person) went to the authorities himself. So far he is still not a suspect.
So, taking into account these facts, I would have to say that the Ninja’s have failed in their stated mission so far and I would suffice to say that if they are indeed a part of a disinformation campaign, then that too has failed. After all, the police seem to be ignoring the data put on the interent by the likes of the Ninja’s in favour of other tried and true tactics. The primary tactic as I see it, is grab one individual and then get them to roll over on their compatriots in the face of massive jail time.
This pretty much works all the time as we, as human beings, are most willing to sacrifice others for the self. In the case of the likes of LulzSec skiddies, I would have to say that the ages of the players, and their generational tendencies will allow them to cut deals pretty quickly. It’s my assessment that they are in it for the self gratification and lulz, not for the altruism that the LulzSec and Anonymous press releases have been trying to have one believe. My assumption is that if indeed the 19 year old guy they popped in Scotland is involved with LulzSec, and is in fact Topiary, he will roll over soon enough.
I also believe that these are all untrained operatives and they have made and will make more mistakes. I am pretty sure that the alleged “leaderless” group has leaders AND that unlike a true guerrilla warfare cell, will know the other players personal details. Essentially, they have had no compartmentalisation and they will all fall eventually though interrogation and deal making. As I said before, the insider threat to the organisation is key here, and it was this idea I think the Ninja’s had.. Well, at least that was the original idea of the Ninja Warrior. They were spies who infiltrated the ranks and destroyed from within.
So far with these guys.. Not so much.
Welcome To Spook World: Disinformation Campaigns and Intelligence Analysis
Now, on the whole disinformation thing, I know that the Lulz and Anonymous have said that they are using disinformation as well to try and create a smoke screen. Frankly, all of the intelligence out there that is open source is suspect. Maltego map’s of end user names as I have shown in the past can be useful in gathering intelligence… Sometimes. For the most part, if a user keeps using a screen name in many places and ties that name to real data, then they can be tracked, but, it takes a lot of analysis and data gathering to do it. Though, many of the foot soldiers within the Anon movement are young and foolish enough to just keep using the same screen names for everything so there is a higher likelihood that the data being pulled up on Maltego and with Google searches is solid enough to make some justified conclusions.
With the more experienced people though, there has been some forethought and they have protected their identities as best they could. What became their real downfall was that they could not rise above petty infighting and dox-ing each other. Thus you have the start of the potential domino effect on the core group as well as anyone who has any peripheral affiliation with the Lulz. Be assured, those who have been pinched are giving up as many names as possible as well as whatever is on their hard drives, Anon hacker manuals or not. All of these scenarios lead to the conclusion of more arrests by the authorities and even more skiddies getting into legal trouble around the globe. Meanwhile though, if the core group has been smart, then perhaps the leaders will skate for a time, using the masses as canon fodder.
Gee kids.. Did you know that you were all expendable?
On another tac, I would like to speak about the potential of the disinformation campaigns being perpetrated by the authorities as well. Consider that the trained professionals out there who are hunting these characters (Topiary, Sabu, et al.) are also adept at using not only the technologies of the fifth battlespace, but also the training afforded them in ‘spook world’ This means disinformation campaigns, mole hunts, and insurgencies of their own, getting to the inner core of Anonymous and Lulz. Now, that there were six (alleged) lulzer’s it would be more difficult to do, especially if those LulzSec folks really do know one another (as they claim they do not, which, I just don’t buy.. Remember the compartmentalisation issue) The agent provocateur’s are out there I am sure and with each rung of the ladder, they get closer to the core group.
That is unless the core group falls apart on their own and DOX’s each other out. In the end, I am going to suggest that the authorities will use all of the tricks of the trade on the Anon/Lulz folks to bag them… And with concerted effort by government resources, they will get their men/women.
Untrained, Unruly, and Unprofessional Operators:
“Discretion is the better part of valour” as they say, and in the case of the Lulz and Anon crews, they seem to not have a clue. Perhaps the Lulz think that by being unruly and unpredictable to a certain amount, will be just the cover they need, but, I think that their lack of discretion will be their undoing as well as their hubris. Had many of these folks had some real training, they might have just stood down for a while (not just a week or so) after setting sail into the sunset.
As I have said before, it was a bad idea to recruit and have comm’s out in the open on IRC servers even if they had ‘invite only’ channels. As is being seen now, someone (jester perhaps) has taken down their servers again after other outages due to Ryan Cleary’s attack and pressure from the government on those connection sources that the Anon’s were using. I am sure the idea was to have a movement that could also serve as diversion for the core users as well as to LOIC, but this all failed in the end didn’t it? The LOIC is what has given the FBI the 1,000 IP addresses as a hit list, so to speak, that they are now using to collect people and charge them for the DD0S attacks.
Had these people been trained or not been so compulsive, they might have had more of a chance to keep this up for a much much longer time. As I write, the Lulz do continue, but they have slowed quite a bit since the arrests started again. This I think is because the cages are starting to get rattled and people are finally coming to the conclusion that some discretion is needed to not end up Bubba’s play pal in prison. It’s a learning curve, and likely going to be a painful one for the kiddies.
Unprofessional actions within this area of battle will end up with your being put in jail kids.
To end this section I would also like to add this thought. My assessment of the Lulz core group is this;
- They were drunk on the power of their escapades
- The more followers they had and more attention, the less risk averse they became
- They seem to have compulsion disorders (don’t say it.. Aspergers!) that seem to not allow them to lay low (until now it seems)
- The ego has eaten their id altogether
- Base ages are within the teens with a couple over 20
Technical Issues Within The Fifth Battlespace:
Another BIG issue within this battlespace is the technology. The Anon’s and Lulz have been ascribing to the idea of “Proxies, we haz them! So we’re secure!” and to a certain extent they are right. There are always ways around that though and certainly leaks in data (such as the TOR leaks that have happened) that could lead someone to locate the end user behind the proxy, so they are not fool proof. Certainly not if the fool in question is some skiddie 12 year old using LOIC un-proxied and not obfuscated while they D0S Paypal.
The problem is that the technology could fail you as well as the untrained operative could make small and large mistakes that could lead authorities right back to their IP and home accts. On the other side of that equation is that when properly done, it is damn hard to prove a lot in hacking cases because of obfuscation, as well as mis-configured end systems that have been hit. I cannot tell you how many times I have seen incidents play out where the target systems had no logging on as well as being completely un-secured, thus leaving practically nothing for a forensics team to find and use.
Once again, this brings us back to the insider threat, whether they be the insider who decides to go turncoat, or, the agent provocateur (i.e. Jester and the Ninja’s as well as others from the authorities) who infiltrate the Lulz and then gut them from the inside. What it really boils all down to is that in the end, it will be the foibles of the Lulz core and the actions of spooks that will bring them down.. And I think they are learning that very fact now.
JIN; One Must Know The Enemies Mind To Be Victorious:
As a last note, I would like to say to the Ninja’s, you need to learn and practice your Kuji-in. It is obvious to me that you have failed on the ‘Jin’ (knowing the opponents mind) with your dox attempts. Until such time as I see people being hauled in that directly relate to your documents posted, then I am going to consider the following to be the case:
- DOX-ing is mostly useless and takes quite a bit of analysis before just releasing names
- The Feds are not taking your data as gospel, nor should the general public or media
- You yourselves may in fact be a tool of Anonymous/Lulz and as such, spewing disinformation
- You could be right, but by releasing it to the public at large, you are letting the Lulz know to destroy evidence and create obfuscation that will hinder arrests later.
Ninja’s got results.. Not so much for ‘Web’ Ninjas. At least Jester, if his claims are true, is breaking their C&C channels lately.. Which has its own problematic issues.. Just like his meddling in the Jihadi area, but, that’s a story for another time.
K.
Anonymous vs. Anonymous: Enough Hubris To Go Around
The nameless revolution that calls itself Anonymous may be about to have its own, online civil war.
A hacker startup calling itself Backtrace Security–made up of individuals who formerly counted themselves as part of Anonymous’ loose digital collective–announced plans Friday to publish identifying information on a handful of active members of Anonymous. According to one source within the Backtrace group, it will release the names and instant messaging logs of dozens of Anonymous hackers who took part in attacks onPayPal, Mastercard, the security firm HBGary, Westboro Baptist Church, and the Marine officials responsible for the detainment of WikiLeaks source Bradley Manning.
That spokesman, who goes by the name Hubris and calls himself BackTrace’s “director of psychological operations,” tells me that the group (Backtrace calls itself a company, but Hubris says it’s still in the process of incorporating) aims to put an end to Anonymous “in its current form.” That form, Hubris argues, is a betrayal of its roots: Fun-loving, often destructive nihilism, not the political hacktivism Anonymous has focused on for much of the past year. “[Anonymous] has truly become moralfags,” says Hubris, using the term for hackers who focus on political and moral causes instead of amoral pranks. “Anonymous has never been about revolutions. It’s not about the betterment of mankind. It’s the Internet hate machine, or that’s what it’s supposed to be.”
The rest is HERE
“Cyberdouchery” it’s a term coined within the last year as far as I know for snake oil or hype mongers within the Infosec community. I have to say that this alleged group of ex-anon’s kinda fits the term for me. Whether it’s the reason that they state of being tired of Anonymous’ being moral fags, or the idea that they just want to get back to their troll roots, I pretty much just think its a publicity stunt. Of course, the darker side of me could see the way to believing that this is just some sort of psyop by person/persons unknown to get a reaction out of Anonymous.
I have written in the past about the herd mentality as well as convergence theory where it regards Anonymous. In each of those scenarios though, there is the idea that there are leaders. No matter the number of times Anonymous may say they are leaderless, I say that this is just impossible from the point both of these theories take. Even if someone is a leader for a day or minute, there is a leader, and there are followers, either anointed by the pack or by themselves. There are also the minions that do the work, such as the mods and the managers of the servers and systems. Those too could be seen as leaders within the infrastructure too. Now it seems though, that this new group is going to attempt to name leaders by use of social engineering and data collection.
… And that is what Aaron Barr wanted to do.. Well sorta… Then he shot himself in the foot with his own machine gun of hubris.
All in all though, this looks to be on the face of it, just an attempt at #LULZ by these folks at Backtrace. The use of the crystal palace image alone screams nearly the same shrill tune as using too many numbers in one’s nickname in leet terms. If you look closely though, you will see that they also claim to offer services such as “Cyber Espionage” *blink* Not counter intelligence nor counter cyber espionage, but cyber espionage. Just as they also offer cyber warfare and a host of other hot terms with cyber in them. That just reeks of the cyberdouchery I spoke of at the top of the post. So, in reality I don’t take this all too seriously.
I guess we will just have to wait and see what develops with this insurance file and the alleged outing that will happen…
There will be #lulz
K.
Wikileaks and The Importance of Intelligence Analysis
WikiLeaks cables: Russia ‘was tracking killers of Alexander Litvinenko but UK warned it off’
Claim that British intelligence was incompetent will deepen diplomatic row sparked by move to deport MP’s Russian researcher
From the Guardian
Russia was tracking the assassins of dissident spy Alexander Litvinenkobefore he was poisoned but was warned off by Britain, which said the situation was “under control”, according to claims made in a leaked US diplomatic cable.
The secret memo, recording a 2006 meeting between an ex-CIA bureau chief and a former KGB officer, is set to reignite the diplomatic row surrounding Litvinenko’s unsolved murder that year, which many espionage experts have linked directly to the Kremlin.
The latest WikiLeaks release comes after relations between Moscow and London soured as a result of Britain’s decision to expel a Russian parliamentary researcher suspected of being a spy.
The memo, written by staff at the US embassy in Paris, records “an amicable 7 December dinner meeting with ambassador-at-large Henry Crumpton [and] Russian special presidential representative Anatoliy Safonov”, two weeks after Litvinenko’s death from polonium poisoning had triggered an international hunt for his killers.
During the dinner, Crumpton, who ran the CIA’s Afghanistan operations before becoming the US ambassador for counter-terrorism, and Safonov, an ex-KGB colonel-general, discussed ways the two countries could work together to tackle terrorism. The memo records that “Safonov opened the meeting by expressing his appreciation for US/Russian co-operative efforts thus far. He cited the recent events in London – specifically the murder of a former Russian spy by exposure to radioactive agents – as evidence of how great the threat remained and how much more there was to do on the co-operative front.”
The memo contains an observation from US embassy officials that Safonov’s comments suggested Russia “was not involved in the killing, although Safonov did not offer any further explanation”.
The rest HERE:
With all of the raw data dumps from Wikileaks and the furor surrounding them in the press around the globe something important has been rarely pointed out. The important point is this: All intelligence, even observations in state cables like the ones Wikileaks is putting out there, need to be read by individuals trained to “analyze” what is said. This is often performed by any of the intelligence organs of the state and likely did get done when these were secret. Now of course, they are off of the reservation and in the open for everyone to read and make poor conclusions on.
In the above cable release we have what seems to be data that says our man in the UK Crumpton, met with and believed that the Russians had nothing to do with the murder of Alex Litvinenko. In fact, the information says that MI5 fucked the pooch and told the Russians to back off because they had it all in hand. While this may sound reasonable to some, it is of course not so much the assessment I would make after reading this cable, I mean, look at the source. A “former” KGB operations man is telling the Ambassador that the Russians had nothing to do with the killing of an ex KGB agent who poked his finger in the eye of not only the KGB, but also Putin? You mean to say that “nothing” is going to happen to someone who does that and then defects to the West?
Yeah… Right…
Taken at face value, this cable may read to many out there as others did Litvinenko in and the Russians (who are always open and honest with us) had in no way anything to do with it either state sponsored or even Russian Mob related. In short, Pooty Poot was a huggy bear and we, the US and Russia were the best of friends. Perhaps though, it was just the stance at the time to blindly accept such data as the straight dope (Bush Era cooperation with Russia in the War on Terror) Or, perhaps the ambassador just put what “could” be said in this cable and then made a full and frank report in a more secure fashion back to Langley (which is what I lean toward)
Here’s the analysis as I see it from this cable:
1) The US and Russia were on better terms by 01 with Bush looking into Putin’s soul via his eyes. Why rock the boat here huh?
2) The turf of MI5 has been the equivalent of the “Year of the Spy” (1985) It has not been so active of a playing field since the cold war.
3) Politically, this was a hot potato. If the US pushed the issue and sided with Britain, it would cause more friction that the US did not want. This kind of killing had not been seen in the UK since 1978 and the Markov Affair.
The summary analysis per this cable: “There are doubts that the Russians did this, lets not push it” and if you remember now, the US did nothing really to push on the Litvinenko affair. There was no stern call out nor any back room dealing to get anyone on UK soil that they really wanted to talk to (Lugovoi) So, it went the way of the cold case really. Litvinenko’s wife is still trying to get the truth out but no one seems really interested in poking the “bear” to get the truth to be told.
So, the net result of this cable’s release? Well, I am sure that many people will read it and not be able to analyze it properly to see the truth of the matter. The same should be said about all of the cables being released by Wikileaks, an alleged news organization that fails to provide any context on the “reporting” they claim to be doing. Without analysis, you really don’t get the whole picture.
CoB
Wikileaks to the Left of Me, Jokers to the Right, Here I Am Stuck in the Middle With You.
Well, it’s been an interesting week hasn’t it folks? We have Wikileaks leaking interesting if not, not earth shattering cables from US embassies around th globe. We have the US’ knee jerk reactions that are akin to a young girls naked photos being leaked on her Facebook page, crying foul and shaking their impotent fist at the “internets”. And we have a court jester who it seems, may have bitten off more than he could chew this time around and has gone into semi hiding post claiming a DoS that many in the security field feel was “weak” as one put it.
So, lets cover my thoughts on the weeks events by the numbers…
1) Wikileaks and CableGate
Ahh, the infamous “CableGate” as the Wikileakers have named it for maximum effect. Cables that give the inside skinny on what people see as ambassadors and analysts in the foreign service of this country. After the dumps, I am still non plussed by the contents of the cables. Perhaps this is beacuse I read quite a bit and know people who have been in the service. Maybe its because the reality of the documents data is already common knowledge to those who pay attention to world affairs and read the news. Some of them though really do hold a few interesting gems on actions that we have taken with other countries that may seem to the layman, as being shifty or dirty.. But If you leave this country and actually work in others, you will see that sometimes you have to do things as it was once said before; “si fueris Rōmae, Rōmānō vīvitō mōre; si fueris alibī, vīvitō sicut ibi”
Is it so hard to believe that bribery is rampant in other countries such as Pakistan? Do you really think that Russians don’t hit the bottle really hard and then have gunplay as they make deals at weddings for territory and power? If any of you reading this blog are shocked and amazed by all this and that we as the United States have to placate these people with backdoor deals, then, well I just don’t know my audience, while you, the reader are exceedingly naive and should wake up to the realities of how the world works.
I’ll give you a hint right here, right now. There are no white knights, and Superman is a comic. “Truth, Justice, and the American Way” is just a saying that placates us to believe that we do things above board all of the time and as Dr. Gregory House says; “Everyone Lies” It’s just the reality kids. So, when the Wikileaks folks get their shorts in a bind over cables like these I tend to think that they are all Pollyana’s that don’t know what real criminality is because once again, these documents are not equivalent to the Pentagon Papers. Had Wikileaks dropped a bundle of docs that showed in clear and no uncertain terms that the WHIG, Cheney, and their ilk clearly fabricated every bit of data that they used to prod the US to invade Iraq, well, that would be another story.
But again.. We don’t have that do we? What we do have is some dirty laundry and that has tickled the fancies of us all because we abhor “secrets” Not so much that we hate them for their sake, but, that we want to know them! We are inquisitive and always love to be one up on the other guy. So after this big dump, where is the outrage? The protesting? The shoe banging by the UN and other nations that were promised?
*tumbleweeds*
Yep, no one really cares enough to say that these are all shocking and storm the government looking for redress. So, on that account I side with Jester and give it all a #FAIL Which brings me to the organization itself and its newfound pariah status. I will also go one step further and give a #FAIL to the United States of America’s efforts regarding Julian Assange, the INTERPOL’s new #1 bad guy.
2) Julian Assange:”No Glove, No Love Gate”
Julian Assange has issues I think. His issues stem from a great heaping load of hubris as well as ego, but, then there is the side of him that I think is just plain adolescent idealism. The idealism was what drove him to this model of Wikileaks, but soon enough, it was the ego and hubris that took over the drivers seat. What Wikileaks has become is more a terribly petulant child shrieking about not getting a lollipop than an organization attempting to change the world by “freeing the data”
The troubles that Wikileaks has had with attrition of staff recently shows that Assange has become drunk on the status of being able to poke at nations and get their ire. Its somewhat akin to a little brother taunting a big brother just for the attention that he craves.. Which reminds me of another party in this little passion play that I will speak of below. For now though, my focus is Julian and the United States of America’s play to have him become the next Osama Bin Laden.
The reaction from these dumps though on the part of the US Government have been poorly thought out at least on the face of it recently. By leveraging (assumed) the Swedish and other governments to put Assange on the “RED” list for INTERPOL, for alleged consensual sex sans condom (or perhaps rape, its fuzzy with all the reports out there as to what really happened) the US has only shown its weakest face. The charges are weak and the placement of someone being charged only with the crime cited, shows just how much the US would like to get their hands on Assange, but they know they don’t really have a case.
What’s more, these senators out there now calling for Assange and Wikileaks to be deemed a “Terrorist Organization” are just out of their minds to even attempt to propose such a thing. THIS shows though, just what Assange and others are alluding to when they say this government is corrupt and or over-reaching in secrecy, surveillance, and general use of chicanery.
And on that account, I am agreeing with Assange and Wikileaks. The us has in fact reacted like that big brother being taunted by the little one and is attempting to haul off and slug him without mom or dad seeing it. What’s worse is that I am sure the US is working on a plan to have Assange kept somewhere if not able to find a legal leg to stand on to bring him here to the states and put him on trial.
Of course there is the off chance that any country now might just be afraid enough of Assange as the titular head of the organization to not only allow the US to take him, but also for some, to just do away with him by having a “convenient accident” occur.
Some secrets, as countries and people do the mental calculus for them, are worth the price of a life or lives. No matter the laws or executive orders…
Of course Wikileaks current data does not in the least constitute anything close to one of those secrets worth whacking him. So, the show will go on trying to get him into custody. He will be the martyr to his followers and I am sure that Wikileaks will become an even more powerful organization because of the poor handling of this case. In the end, the US will only ham-fistedly attempt to cover up the fact that the SIPRNET system was not being monitored as per policy and procedures mandated by the military and government. This allowed for a low level PFC analyst to steal nearly half a million documents from an alleged “secure system” This very same government that created the likes of the DHS and TSA to keep us all “safe” from terrorists. I guess they just took a cue from the Bush administration and thought that a banner saying “mission accomplished” was just as effective at ending a war as a banner that says “This system is protected and may be monitored” was to protecting secrets.
Hubris and the emperor has yet again been shown to have no clothes.
So, my suggestion to the US government and the military would be to actually clean up their act and perform the due diligence that they need to carry out to protect their “secrets” from being stolen so easily and forget about trying to “get” Mr. Assange for this. The damage has been done and unless you do a better job at protecting the assets you hold, then sure as shit, its going to happen again and the next time, it may be even worse.
3) The Wikileaks Zeitgeist and The Hacker Manifesto
Meanwhile, an interesting factional fracture has taken shape within the internet and specifically, the information security community. This has been something to watch on Twitter specifically as people on my #flist have been polarizing between saying much the same as me and others who are diametrically opposed to the government, secrecy, and the call for free access to information. Why this is so interesting to me is that many of these people who are on the feed are in fact workers within the information security industry. In short, those who are tasked with securing peoples information on a corporate and sometimes government scale.
“This is our world now. The world of the electron and the switch; the beauty of the baud. We exist without nationality, skin color, or religious bias. You wage wars, murder, cheat, lie to us and try to make us believe it’s for our own good, yet we’re the criminals. Yes, I am a criminal. My crime is that of curiosity. I am a hacker, and this is my manifesto.” Huh? Right? Manifesto? “You may stop me, but you can’t stop us all.”
The hacker Manifesto by The Mentor
The above quote seems to be the zeitgeist for many of the Wikileaks proponents. The information must be free and flowing. I am afraid that the reality is much different from this credo. Even more astonishing is that anyone who does actually work in the security industry would not have some pause about what Wikileaks is doing and perhaps take time to insure that it is indeed being taken to task for its aegis. It seems to me at this time, post the machinations on the part of the US to deny Wikileaks access to DNS, and site hosting, that the screeds are somewhat warranted, but still, they seem naive to me.
Then there is the thought that anyone who is working to secure people’s data (which are secrets or confidential) might be more scrutinized by anyone employing them “if” they are overly vocal in support of Wikileaks, a smart person might take the middle road on these things. Instead I see more wailing and moaning out there than I do calls for re-organization and rigor in what Wikileaks is doing. After all, it is pretty much singularly run by Mr. Assange, and you know my pov on his psyche.
I think that the security community needs to take up this issue and really hash it out. There are some big issues that need working out.
4) Staying Frosty? Really? Doesn’t seem so…
Lastly, lets take a look at the events surrounding Jester. You all know that I had my run in with him back last January. He DoS’d me a few times (not hard to do on a single IP running a low rent file server really) and made calls out to everyone that I was a terrorist sympathizer. It became clear to him that he had screwed up on that account because he did not do his homework and find out who I was and what I do.
We had words.
In the end, I am still here and still doing what I do. I have my reasons for my posts and for the work I do here as does Jester for what he does. However, I still feel that his methods are trivial in the fight against terror and his psyche is more that of a person with poor impulse control than any ex special forces operator that he would like you to believe he is. I think his motivation is more driven by a need for attention than it is for actual disruption and dismantling of terrorist networks online. You see, were he a real operator, then I think it would be much easier to make your hits even more ominous (were they not only for 30 minutes at a time) by saying nothing. This would leave it open for much speculation that the governments of the world are indeed carrying out the cyberwar. Instead, we have the legend of a lone patriot hacker saving us all from internet terror… But his services are not that unlike Domino’s Pizza: you can get it for 30 minutes or less and only with a couple of toppings.
Now though, the stakes are higher as he has decided to up the ante and attack Wikileaks. Which, I think he has begun to now understand, that it may have been a tactical error in a number of ways. You see, at first he was just hitting undesirables, jihadist sites outside the country. Sure he was pissing off some in the intelligence community, but for the most part people ignored him because he was not performing any kind of substantive attacks that effected change. The jihadi’s kept on talking on the same sites that they mirrored. In fact, they moved on to other areas like YouTube and Facebook unabated and often completely in the open. The jihadists didn’t care, and thus his fame died down… Until he targeted Wikileaks.
Since his claimed attacks on WL, he has been in the news more and more. Of course the big question became was he the sole source of the attacks that ended up bringing a 10gig a second hose being aimed at the WL Cablegate site? Was there government involvement there? Was he actually capable without help in doing this kind of attack with his Xerxes product? Those were all the questions that were going through my mind and I am sure others within the security community. Well, here is one answer that I have dug up.
Jester and others had recently been talking about “server time” in the #jester IRC it is possible that the server time could be a source of the 10 gig per second data flow. I can foresee the installation of xerxes on more than one box and using the big pipe to do the hit. This is supposition on my part, but, he did indeed talk to Mach and rjacksix about a request in a chat transcript.
As stated by the media and certain security analysts when asked about the Jester attacks, the consensus was that Jester had not done a stellar job at bringing down Wikileaks and in fact, as I said before here, that the attack was “weak” So, was the 10 gig a combined effort on the part of the likes of “anonymous” or 4chan? We may never know.
Since the initial DD0S and claim by Jester there have been some interesting if not really odd events in the last week. The biggest of these being the tweet ostensibly by Jester that his house had been raided by the local PD and his equipment confiscated. Yet, he was still able to re-access the internet and create a brand new domain name “th3j35t3r.net” and twitter account @th3j3st3r from whatever resources he could get to get online. The new site at the new domain was a clone of his WordPress site and both it and the new twitter account began to post data BAU. Shortly thereafter though, the site and the twitter account began to speak of a “legal fund” that Jester had begun and in fact, that if he reached 10K of funds, he would port and release Xerxes to the public.
After two donations though (see picture at the top of page) one of them being from Tom Brennan ($100.00) from OWASP? and another for $50.00, the site was pulled down. The donations site was run through paypal and gofundme.com. Shortly after the take down, the domain began to forward to Jester’s original WordPress site. As this was happening, the original Jester twitter account made a statement that in fact the new site and twitter feed was an “imposter” and that he now had control of the situation. This begs some questions though as the domain suddenly and swiftly began to forward its DNS to Jester’s site. Just how did he gain control so quickly?
Or, was it under his control the whole time?
It’s my belief that Jester was in control the whole time, but as to his motivations in doing this? I have no real clue other than perhaps this was a false flag to get people off of the trail. I think that perhaps at this time, he began to realize that when Wikileaks moved their domain to Amazon, he was crossing a line he hadn’t before and committing a potential crime that the US law enforcement community would follow up on. Maybe he just lost his nerve a bit..
Perhaps, as I said before, his habits were actually starting to become his undoing… You see, his acolytes now might be his Achilles heel.
Jester has for some time now, hosted IRC channels in various places, but he had been frequenting #2600 #jester. In this channel he had conversations with people who drifted in and out. However, often he had a few key people he talked with.
One of them is @rjacksix
http://www.internetevolution.com/profile.asp?piddl_userid=10389
Robin Jackson (406) 422-4685 or 406-465-0354 Helena Montana
blackcat[@]dc406[.]org
I know Robin from a rather bilious response on my blog as Jester was attacking me that said that I was a traitor blah blah blah. Rjacksix has been a chatty fellow and from his own accounts on the IRC and in other places, has claimed to know Jester well, has worked with him, and defends him when people dis his pal. The question I have is this.. Robin, are you in fact Jester? If not, then I am sure some people will be calling on you, if they haven’t already, asking just who he is. Several reporters and los federales have this data now too.. Perhaps you have gotten some calls recently? Like, say, Monday or Tuesday? Yeah…
Coincidentally, rjacksix and Jester have been missing from the IRC chat since Monday/Tuesday..
Why?
It was a critical mistake the attacks on Wikileaks, the attention is going to be trouble for you both, and now doubly so that one thing has happened. Someone, made the claim that they would port Xerxes and release it to the kiddies. You see guys, that right there is of MAJOR interest to the feds. They do not want this tool out in the open for anyone to use if they can avoid it… That is until they can come up with a means to combat the attack, which is already being worked on in certain quarters I am sure (pcaps in hand) So, the jig may be up either by your own hands Jester/Robin through this little stunt with the donation scheme. Even more so now that actual money was “donated” to the cause.
Oh well, Jester, you have the attention you have been seeking in spades. Your goal has been achieved for that. However, your techniques and your tool seem to have fizzled in really having great effect against either of your targets.
TANGOS NOT DOWN #FAIL
CoB
Phear And Leaking On Wikileaks: A Savage Journey to the Heart of the American Foreign Policy Dream
With all of the hullabaloo over the recent Wikileaks “Cablegate” dump, I felt the need to write my thoughts on the whole thing, including the elusive Mr. Assange. First off, I must preface that I am not opposed to a “Wikileaks” organization as it stands for shining sunlight on corrupt actions on the part of the government or corporations. However, my issue with the current system in place is that so far, none of the “leaks” put out really have anything to do with an overarching corruption on the part of any government or corporation. The net effect is that Wikileaks has failed to do anything but make itself a lightning rod for “alleged” corruption that when really looked at, fizzles into what seems more like self aggrandizement.
That aggrandizement would of course be the child of Mr. Assange himself would it not?
My impression of it all (after reading the docs including those recently posted) is that there are no earth shattering facts here. Nothing that has anyone at the UN or any other body banging their shoe against the desk and asking for redress. Nothing like that at all. In fact, these cables of late have been more revealing in an embarrassing way than they have been in any kind of criminal or secret revealing way. I ask you, who did not believe that China hacked Google? I mean that particular elephant has not only been in the room for a long time, but it has been sitting naked spread eagle for all to see.. If one knew where to look or just perhaps used Occam’s Razor as a litmus test of the truth of it all.
Nope, none of these alleged mind blowing cables did anything of the sort. No one I am sure who has half a brain is saying;
“INCONCEIVABLE!! YOU MEAN THERE WERE DIRTY DEALS BETWEEN COUNTRIES TO SMUGGLE WEAPONS AND DRUGS!?”
Or, for that matter, that Ambassadors would be asked to gather as much HUMINT as possible by being close to other state actors at the annual soirée’s that they attend? C’mon people, wake up and smell the diplomacy two step! This isn’t rocket science here, each country, each actor, each individual has their agenda’s and will do what they can to get their way. Just because people are not sitting down and trying to be all cuddly about it means that anyone is any more or less corrupt in doing it.
Human nature is human nature.
So once again, I say that nothing here is worthy of a Daniel Ellesberg moment.. Unlike what Assange would like you to believe. Sure some of this stuff is embarrassing and yeah, SECSTATE had to make some calls, but overall I don’t see this as overly damaging. After all, only 5% of the docs were even marked (S) here. I mean, you get the same kinds of data by doing specific Google searches if the servers have been mis-configured or people are playing fast and loose with the documents online. What is more embarrassing is that the likes of PFC Manning could in fact take 250K of documents so easily and NOT be noticed or blocked by the security measures in place. Perhaps the measures really weren’t in place huh? Now that would be a real slap in the face to us all.
Like some have put it on the internet.. This is the TMZ of leaks.
So why are you doing all of this Julian? Do you really require all of the attention? Is this why much of your staff quit recently? One wonders… C’mon, tell us all about it.
I am sure you won’t, you will just go on playing martyr/Jesus/world savior won’t you? How does it feel though to be wanted enough for some to actually call for your “group” to be re-classified as a terrorist organization? Of course I think that is the silliest thing I have heard in some time and the senator who uttered it needs a good dope slap, but, it must make you not only cream in your egotistic shorts,but also perhaps instill a sliver of fear too? Maybe that turns you on even more?
Meh.
… And “meh” is really all I have to say for you. Nothing you have done is so epically stunning. All the press is just that, whoring press, and they will follow the story as long as it can get any air. Now that you blew your wad of oh so secret documents, what are you to do now to keep in the spotlight I wonder? I mean, Manning is in the pokey and gee, I don’t see a landslide more documents coming your way..
Whatever shall you do? You need the limelight.
I wonder, will you escalate? Will you do just about anything to keep the whoring mass media eye on you?
Personally, unless you get something worthy of the idea, I suggest you lay this vorpal sword down Alice.. Cuz the Jabberwocky has no secrets that you can access and slay it with.
CoB
Krypt3ia 
SPOOK COUNTRY 2011: HBGary, Palantir, and the CIRC
with 5 comments
CIRC: The New Private Intelligence Wing of (insert company name here)
The HBGary debacle is widening and the players are beginning to jump ship each day. The HBGary mother company is disavowing Aaron Barr and HBGary Federal today via twitter and press releases. However, if you look at the email spool that was leaked, you can see that they could have put a stop to Aaron’s game but failed to put the hammer down. I personally think that they all saw the risk, but they also saw the dollar signs, which in the end won the day.
What Aaron and HBGary/Palantir/Berico were offering was a new kind of intelligence gathering unit or “cell” as they called it in the pdf they shopped to Hunton & Williams LLP. Now, the idea and practice of private intelligence gathering has been around for a very long time, however, the stakes are changing today in the digital world. In the case of Hunton, they were looking for help at the behest of the likes of Bank of America to fight off Wikileaks… And when I say fight them off, it would seem more in the sense of an anything goes just short of “wet works” operations by what I see in the spool which is quite telling.
You see, Wikileaks has made claims that they have a certain 5 gig of data that belonged to a CEO of a bank. Suddenly BofA is all set to have Hunton work with the likes of Aaron Barr on a black project to combat Wikileaks. I guess the cat is out of the bag then isn’t it on just who’s data that is on that alleged hard drive huh? It would seem that someone lost an unencrypted drive or, someone inside the company had had enough and leaked the data to Wikileaks. Will we ever really know I wonder?
Either way, Barr et al, were ready to offer a new offering to Hunton and BofA, an intelligence red cell that could use the best of new technologies against Anonymous and Wikileaks. Now, the document says nothing about Anonymous nor Wikileaks, but the email spool does. This was the intent of the pitch and it was the desire of Hunton and BofA to make both Anonymous and Wikileaks go away, for surely if Wikileaks were attacked Anonymous would be the de facto response would they not?
A long time ago William Gibson predicted this kind of war of attrition online. His dystopian world included private intelligence firms as well as lone hackers out there “DataCowboy’s” running the gamut of corporate intelligence operations to outright theft of Pharma-Kombinat data. It seems that his prescient writings are coming into shape today as a reality in a way. With the advent of what Barr and company wanted to offer, they would be that new “cowboy” or digital Yakuza that would rid clients of pesky digital and real world problems through online investigation and manipulation.
In short, Hunton would have their very own C4I cell within their corporate walls to set against any problem they saw fit. Not only this, but had this sale been a go, then perhaps this would be a standard offering to every other company who could afford it. Can you imagine the bulk of corporations out tehre having their own internal intelligence and dirty tricks wings? Nixon, EH Hunt, and Liddy would all be proud. Though, Nixon and the plumbers would have LOVED to have the technology that Aaron has today, had they had it, they may in fact have been able to pull off that little black bag job on Democratic HQ without ever having to have stepped inside the Watergate
The Technology:
I previously wrote about the technology and methods that Aaron wanted to use/develop and what he was attempting to use on Anonymous as a group as the test case. The technology is based on frequency analysis, link connections, social networking, and a bit of manual investigation. However, it seemed to Aaron, that the bulk of the work would be on the technology side linking people together without really doing the grunt work. The grunt work would be actually conducting analysis of connections and the people who have made them. Their reasons for connections being really left out of the picture as well as the chance that many people within the mass lemming hoards of Anonymous are just click happy clueless folks.
Nor did Aaron take into account the use of the same technologies out there to obfuscate identities and connections by those people who are capable, to completely elude his system altogether. These core people that he was looking to connect together as Anonymous, if indeed he is right, are tech savvy and certainly would take precautions. So, how is it that he thinks he will be able to use macroverse data to define a micro-verse problem? I am steadily coming to the conclusion that perhaps he was not looking to use that data to winnow it down to a few. Instead, through the emails, I believe he was just going to aggregate data from the clueless LOIC users and leverage that by giving the Feds easy pickings to investigate, arrest, and hopefully put the pressure on the core of Anonymous.
There was talk in the emails of using pressure points on people like the financial supporters of Wikileaks. This backs up the statement above because if people are using digital means to support Wikileaks or Anonymous they leave an easy enough trail to follow and aggregate. Those who are friending Facebook support pages for either entity and use real or pseudo real information consistently, you can easily track them. Eventually, you will get their real identities by sifting the data over time using a tool like Palantir, or for that matter Maltego.
The ANONYMOUS names file
This however, does not work on those who are net and security savvy.. AKA hackers. Aaron was too quick to make assumptions that the core of Anonymous weren’t indeed smart enough to cover their tracks and he paid the price as we have seen.
The upshot here and extending what I have said before.. A fool with a tool.. Is still a fool.
What is coming out though more each day, is that not only was Aaron and HBGary Fed offering Palantir, but they were also offering the potential for 0day technologies as a means to gather intelligence from those targets as well as use against them in various ways. This is one of the scarier things to come out of the emails. Here we have a company that is creating 0day for use by intelligence and government that is now potentially offering it to private corporations.
Truly, it’s black Ice… Hell, I wouldn’t be surprised if one of their 0day offerings wasn’t already called that.
The INFOSEC Community, HBGary, and Spook Country:
Since my last post was put on Infosecisland, I had some heated comments from folks who, like those commenting on the Ligattleaks events, have begun moralizing about right and wrong. Their perception is that this whole HBGary is an Infosec community issue, and in reality it isn’t. The Infosec community is just what the shortened name means, (information security) You all in the community are there to protect the data of the client. When you cross the line into intelligence gathering you go from a farily clear black and white, to a world of grays.
HBGary crossed into the gray areas long ago when they started the Fed practice and began working with the likes of the NSA/DOD/CIA etc. What the infosec community has to learn is that now the true nature of cyberwar is not just shutting down the grid and trying to destroy a country, but it also is the “Thousand Grains of Sand” approach to not only spying, but warfare in general. Information is the currency today as it ever was, it just so happens now that it is easier to get that information digitally by hacking into something as opposed to hiring a spy.
So, all of you CISSP’s out there fighting the good fight to make your company actually have policies and procedures, well, you also have to contend with the idea that you are now at war. It’s no longer just about the kiddies taking credit cards. It’s now about the Yakuza, the Russian Mob, and governments looking to steal your data or your access. Welcome to the new world of “spook country”
There is no black and white. There is only gray now.
The Morals:
And so it was, that I was getting lambasted on infosecisland for commenting that I could not really blame Anonymous for their actions completely against HBGary/Aaron. Know what? I still can’t really blame them. As an entity, Anonymous has fought the good fight on many occasions and increasingly they have been a part of the mix where the domino’s are finally falling all over the Middle East presently. Certain factions of the hacker community as well have been assisting when the comms in these countries have been stifled by the local repressive governments and dictators in an effort to control what the outside world see’s as well as its own people inside.
It is my belief that Anonymous does have its bad elements, but, given what I know and what I have seen, so does every group or government. Take a look at our own countries past with regard to the Middle East and the CIA’s machinations there. Instead of fighting for a truly democratic ideal, they have instead sided with the strong man in hopes of someday making that transition to a free society, but in the meantime, we have a malleable player in the region, like Mubarak.
So far, I don’t see Anonymous doing this. So, in my world of gray, until such time as Anonymous does something so unconscionable that it requires their destruction, I say let it ride. For those of your out there saying they are doing it for the power and their own ends, I point you in the direction of our government and say this; “Pot —> Kettle —> Black” Everyone does everything whether it be a single person or a government body out of a desired outcome for themselves. Its a simple fact.
Conlcusion:
We truly live in interesting times as the Chinese would curse us with. Today the technology and the creative ways to use it are outstripping the governments in ability to keep things secret. In the case of Anonymous and HBGary, we have seen just how far the company was willing to go to subvert the laws to effect the ends of their clients. The same can be said about the machinations of the government and the military in their ends. However, one has to look at those ends and the means to get them and judge just was it out of bounds. In the case of the Barr incident, we are seeing that true intelligence techniques of disinformation, psyops, and dirty tricks were on the table for a private company to use against private citizens throughout the globe.
The truth is that this has always been an offering… Just this time the technologies are different and more prevalent.
If you are online, and you do not take precautions to insure your privacy, then you lose. This is even more true today in the US as we see more and more bills and laws allowing the government and police to audit everything you do without the benefit of warrants and or by use of National Security Letters.
The only privacy you truly have, is that which you make for yourself. Keep your wits about you.
K.
Rate this:
Written by Krypt3ia
2011/02/19 at 20:45
Posted in 1st Amendment, A New Paradigm, Advanced Persistent Threat, Anonymous, APT, Business Intelligence, Business is war, CAUI, Chiba City Blues, CIA, Codes, COMINT, Commentary, Corporate Intelligence, CounterIntelligence, Covert Ops, CyberSec, CyberWar, Digital Ecosystem, Dystopian Nightmares, Espionage, Hacking, HUMINT, Infosec, Infowar, INTEL, Maltego, Malware, Narus STA 6400, Neurobiology, OPSEC, OSINT, Panopticon, PsyOPS, Recon, Security, Security Theater, SIGINT, Social Engineering, Subversive Behavior, Surveillance State, Tactics, The Five Rings, Tradecraft, Weaponized Code, Wikileaks