Ahmad Rahami, the new jihadi wannabe lone wolf du jour made a splash with his bombings of a dumpster and a trash bin on CNN and the other media outlets but let’s really take a closer look at Ahmed and his mindset with the release of his ersatz “journal of jihad” shall we? First off, I am tired of the media coverage and while this was serious, it just show’s you the level of recruit and planning that AQAP/AQ/da’esh have in the US presently and to wit, not very high. Frankly, looking at his journal pieces here I can only surmise that if Ahmad doesn’t have some sort of personality disorder it would greatly surprise me. On the other end of that spectrum, Ahmad clearly is a failed seeker acting out within the confines of his chicken shop malcontent diaspora in search of importance.
Ahmad opines the usual catch phrase diatribes seen in Inspire or Dabiq and on the web in general on the boards but seems to not really have a greater grasp of his own religion than most of the daeshbag recruits these days. Clearly he has been suckling at the tit of the jihadi propaganda machine and in fact had close contact with recruiters in Afghanistan and Pakistan where he spent a good deal of time in recent years on and off. These guys look for recruits who have weak wills and minds that can be easily swayed. Minds and hearts, ego’s in search of self importance that they lack presently but are told that they will be martyrs for the greater cause if they blow themselves or the far enemy up and it is bullshit.
All of the propaganda placed by these Khawarij are just a mental virus, neuro-linguistic programming, used to prey on the weak minded souls out there, those failed seekers in order to bring them in and turn them to the Khawarij will. For some time now the security services and governments of the world have been trying to see how they can combat these memetic viruses online and so far no one has been able to come up with a solid solution. Those wh0 are seeking will latch onto anything that they feel an attraction to and it has been since time immemorial. Cults, and religions both rely on this to build their base, belief is key and the means to that end is dogma.
In Ahmad’s diary we see this in action and we see the brain washing and self delusion that goes on here with the repetitive statements in this journal that he used to egg himself on to action. No doubt he wrote this out and continued to do so as he built the bombs. All of this, all the language is a means to an end to justify to himself his actions. Actions fed to him by the propaganda online, in person, and programmed into him and all the others who are willing to listen, to believe, and to act.
Pawns of the Khawarij.
I truly hope we can come up with a means to combat such memetic viruses but so far I see no hope of it. Prepare yourselves for the other weak minded jihobbyists out there to try and catch their own brass ring of importance. Just don’t let them enable fear to win and change the course of our governance to a fear based one… Well… One that is more so than it already is.
So I was surfing the darknets as is my wont to do every morning to see what the kids are up to and this site popped up that claimed they had Russian nulcear hardware for sale. What else is a guy like me to do with a site like this than to say FUCK YEAH! LEMME IN AND LEMME BUY SOME! I did the sign up process (Of course I signed up all super sekret like using the name SPECTRE) and immediately took a look at the wares! These guys have a few options on their “products” page and gee, it was hard to choose from the offerings as they are all super cool.
As you can see I have three options for types of nukes and how they would be deployed. I opted for the “Suitcase Nuke” because who hasn’t wanted one of those right? AM I RIGHT? I am right right? Anyway, the other options are a land based “Iskander” system (like the one in Spies Like Us) or a Sub based “Bulava” missile evidently already deployed and laying in wait off the coast of somewhere within a weeks distance according to the details. Each of these options has only regional capacity and the suitcase nuke is the most portable so there is that… Anywho, I forged forward and decided that $50 MILLION dollars was just ducky as prices go and that I could pony up the requisite bitcoins. (As seen below)
NOW, even though I did not see a bitcoin address here I JAMMED that enter button and eagerly awaited the response!
Wait, did I put in my bitcoin wallet?
GOD DAMMIT DARKNET!
WHISKEY TANGO FOXTROT!
Ugh.. I am disappoint.
I have written a PGP encrypted, tersely worded email to their helpdesk…
Dammit. Guess I will have to go order some Polonium 210 or Red Mercury in Silk Road III or is it like VII now?
Oh the old go to’s of China and Russia… Hey Schneiman how about maybe it’s Kim Jong Un and the DPRK? Let’s play the attribution game with a little logic and analysis shall we? Let’s say that it is Russia or China, what would the endgame be here if they were testing such a means of attack(s) ? Would this attack scenario be part of the larger kinetic invasion? Would this be a part of a larger scheme to take out specific areas or are we talking about the WHOLE internet? There is a lot to parse here and so little to go on with what Schneiman is implying.
Now, Russia and China are both “Rational Actors” and both have large connectivity and ties to the global internet in more ways than one. One of those ties would be financial. So if an attack took out the core routers, how much of the global traffic would be taken out if these attacks were carried out? How much blowback would there be on these rational actors if this happened? What would be the financial loss net if this happened? Do you see where I am going with this Schneiman? If someone is really testing this type of attack, then it is either a rational actor looking for the endgame or it is an “irrational actor” testing something that they might use because they have nothing to lose themselves were they to deploy it on the larger game board?
So, who do we all know today who would fit this bill and has the capabilities?
You have any ideas?
How about THIS GUY?
That’s right! He’s banned sarcasm AND he has hacked Sony!
So just sayin there Schneiman you may want to think outside the box a little and use some analysis before you just start saying “China” did it… Or Russia for that matter. See Kimmy there has nothing to lose and EVERYTHING to gain if he carried out attacks like these. Just imagine the size of his DONG if he pulled this off and took down the internets! He wouldn’t feel a thing in the DPRK because they have very little internet access to start in the Hermit Kingdom.
UPDATE: Well now someone kindly pointed out I left out Iran and made them sad. Yes, Iran would be another semi irrational actor who could be doing this as well. Boo Hoo Iran!
While the data may not be as invasive as an SF86, the fact of the matter is that every democrat that the DNC had access to is now up for grabs on the internet because of a hacker, or nation state, or hacker of a nation state, has dumped it all there. Whether it be the dump previously put on the net by Guccifer_2.0 or the last one this week, the upshot is that large chunks of raw data are out there with some kinda personal content if you are a Dem and that I think should give one pause.
In a discussion I had the other day with <REDACTED> about the election and the mess we are in generally as a populace, the natural turn things took were pretty fucking bleak. Look at the choices we have and then look at all the rhetoric about Russia potentially tampering with the election on the electronic warfare level and then stop to think about what has yet to come… October. The October surprise though seems to be being prepped or peppered already by the likes of Guccifer 2 and @DCleaks_ never mind Wikileaks. With the dump Guccifer put out this week while virtually speaking at a security conference (talk about flying planes sideways stunt hacking elections!) we just have more data to use and possibly abuse that might be valuable toward affecting the election process.
So when you see Mike Rogers at the podium saying “Russia might attack the election electronically” you might want to just yell back “They already did asshat!”
So a new jihadist/Da’esh site popped up in August (15th) that I was not aware of and was brought to my attention via a tweet at me this afternoon. The primary reason for not being really aware of it was that ostensibly the site is pseudo hidden by it’s being on “ZeroNet” which is a new form of darknet within the P2P systems like Bittorrent. The idea being that this site is hosted and torrented and is thus not really hosted on one system but potentially many.
Site location: Ansar Al-Khilafah http://127.0.0.1:43110/1F6yfsn94xyLo93zRgdKRjoLUtZGHYM11N/
Tweet by Manuel Torres pointing out the site
The site itself has a copy in the clearnet on wordpress so there is no great secret here. It is also a known quantity and the reality is that the site is marginal in the ranks of Da’esh wannabe’s but has a few solid heavy hitters that hang around. The site is more circumspect on membership and is much more oriented to a stricter OPSEC regimen ala the Andar1 site that the same guys hosted a while back. A cursory look at the clearnet site (the zeronet site was unable to load with 5 alleged seeders) doesn’t give any apparent leaks as to the owners real identities, email addresses and the like, but, one can always dig a littler deeper now can’t one?
ZeroNet is an interesting idea and it is rather new, so the security around it has yet to be really challenged I think. I will look into that some more as well in my off hours. One wonders that the anonymization might fail if one were hosting data as well as sharing data that might have metadata to look at or even some slip in protocols might cause information leaks. ZeroNet also suggests you use ToR or you use a proxy when you host or surf so there is that too. If you don’t then you are sharing your raw IP, which I can imagine some idiots might fail to comprehend and thus their OPSEC goes bye bye.
All of the hand wringing and whinge-ing over the possibility that Russia has hacked our completely insecure election systems has my bile up… Well that and it seems I am lactose intolerant and ate whole ice cream last night. Anyway, back to INFLUENCE OPS and their use globally. The article above from the Boston Globe really set me off this weekend. All of these guys in the corridors of power all hand wringing over the possible fact that Russia has been messing with our political process makes me want to fly to Washington and bitch slap people. This type of activity has been going on forever and it is not just Russia pulling these strings even today. If you take a look at the actual history of the world you will see many players playing the same games with or without the benefit of Wikileaks and computers both then and now. This is not new people and for fucks sake wake up and realize that the US playing the “hurt” card in this game is really quite absurd in the grand scheme of things.
Now once you have taken a little trip down history lane with those links I just provided, then I want to ruminate on the whole problem today of the hacks on our democratic systems. See, as a former pentester and now a blue team guy I often ran into places that just did not have a clue about security. Still today there are many places that are very clue free and that also includes our government and those bodies that comprise our election systems. Seriously? Seriously those election systems were not even being monitored? You are shitting me right that the alleged Russian hackers used Acunetix to scan and then just SQLi dumped shit right? …
And no one saw a god damned thing…
It’s hardly INFLUENCE OPS when all you need to do is run a shitty tool and just take what you want with a script kids. So really, stop with the hurt and surprised bullshit Congressman and Senators alike! Put on your big boy and big girl pants and get the fuck over the fact that someone would have the audacity to fuck with our already fucked up election cycle anyway! As to Putin’s comment on the subject recently ‘‘It doesn’t really matter who hacked this data from Mrs. Clinton’s campaign headquarters,’’ I agree, it doesn’t really matter because the fact of the matter here is that her actions alone concerning the BleachBit of her server days after it’s public disclosure should be enough to show us all just what fuckery is afoot without Russian intervention to begin with. What the paradigm change here is is that we now don’t have to send plumbers to Watergate’s to break into file cabinets to get the data. All one needs to do now is fucking Acunetix an IP and then run SQLi map to fuck with a national election and that is just fucking sad.
At the end of the day I for one don’t care who hacked the shit, what I care about is that there is enough evidence to show that even with out information/influence operations that there’s some crooked shit going on. The problem is that this is the default state of our governance and election system so one tends to just become complacent about it. The hack on the election here and now, with the fate of the world in the balance so to speak, with Führer Trump or Grandma Nixon only makes it all the more piquant for the hungry news media but in the end means a choice between two terrible shit sandwiches to those paying attention here.
We are all fucked either way.
There Will Be Tainted Lulz: Bitcoins, Wallets, and Media Manipulation Through Laziness and Reading Comprehension
Last week I wrote a post about “maybe” seeing some fuckery going on with regard to the ShadowBrokers bitcoin transactions and the Silk Road wallet (seized) which was lulzy. The lulz though went fucking PLAID over the weekend as people started to take a tweet from @steveD3 and other posts on Reddit and the like about my post which then culminated in ZDNet writing a piece that even went FURTHER on the supposition that I had placed on my blog!
Now, as time went on people *cough Wesley McGrew cough* countering the story vociferously. Seems some people did not really read the post very carefully and just assumed that I was definitively saying in the white-paper lofty academic setting that is my blog, that “ERMEGERD THIS IS THE ABSOLUTE TRUTH!” when in reality I had said “if I am reading this right” that the wallet in question had some bitcoins in common and maybe connected to the fractions of coins going to the shadowrboker wallet. I also went on to describe how if I were the government I would be trolling them to see what they would do as well as poison the well so to speak if in fact the auction was really a part of the overall scheme regarding the NSA dump.
As the blog post hit over 30k hits and then the news media started in on it I sat back and began to ponder all of this. Just how easy it was to let this ride and watch as the Twitter verse took a tweet link, did not read the post, and then passed it on as truth. Suddenly I felt like Comrade Putin and I had my own army of trolls out there able to shape the media story with a single blog post.
… and I liked it… I am so dirty now.
The schadenfruede of watching it all was like a drug. It also started to dawn on me that we are all just fucked. Look at what happened! Look at the detractors mis-reading the post and then responding, as many do, that “SOME RANDO BLOG ON THE INTERNET IS WRONG!!!” and knee jerk reacting. On the other hand the complacency and lackadaisical investigatory action on the part of some media types as well was astonishing. However, my contention still stands that there be some fuckery going on here with those wallet transactions by the looks of it and that the likely candidate would be the government, the same government that would have access to cutout accounts that have had transactions in the past in places like Silk Road. Government accounts for agents and government purposes.
So Who Are These Astley Loving Bitcoin Owners?
So above is the Maltego map I fleshed out further as the world burned over my last post. As you can see I made it all neat-n-shit with icons now. You can clearly see that the wallet in question with the silk road logo did not send anything directly to ShadowBrokers, and this is something I was also alluding to with the cutouts. I can see how that account and ones like it could be used to send coins, like the others with the nifty Rick Astley icon! If you look carefully you can see that there are six “astley” accounts that rick rolled Shadow with 1337 Never Gonna Give You Up clues in the chains. Now, these accounts, according to Maltego, have done pretty much nothing else. One of them, sent funds to Silk Road or the wallet seized (one in the same unless, and I have not looked, the feds transfered from the old wallet to a new one to auction the coins and do transfers) …
Are you guys following me here or do I need more visual aids?
Anywho… Where was I? Oh yeah, fuckery with bitcoin.
So yeah, these accounts as far as I can tell so far without going and spending way to many fucking hours on bitcoin.ifo or some such site, were created to purposely rick roll and fuck with the ShadowBrokers. Now, they may be fractions of bitcoins but I ask you, who the fuck has bitcoin money to burn here? Any of you out there? I certainly don’t and the way it was done, so tongue in cheek kinda reminds me of the audacity of TAO…
But anyway, back to facty kinds of things that lead to supposition and theories!
That the wallet does not directly send coins to Shadow is immaterial to my argument. My argument was that, once again, if I were the gubment I might fuck with this auction and see what happens. Maybe it isn’t them. Maybe it is just one guy out there, a bitcoin billionaire just having a lark! Maybe it is six guys who created independent wallets and then had an IRC session to create the master plan to fuck with Shadow and create the 1337 Astley attack!
Or maybe if you just occam this shit, the government, with assets at it’s disposal did some funny shit in an effort to chum the waters and fuck with them at the same time. Please people, think like an intelligence agency for a fucking second mmmkay?
It’s just a theory…
PSA: IT’S JUST A THEORY ON A BLOG ON THE INTERNETS WHERE PEOPLE ARE OFTEN WRONG!
Meanwhile Back At The Bitcoin Ranch…
But wait there’s more!!!
If you also look at the wallets that I have marked with the super cool “Invisible Man” logo, you can see how some of those were actually transfering money from wallet to wallet in sequence to then each post transactions to Shadow. Now what is that all about huh? More wallets acting together? As Velma would often say in Scooby Doo, JINKY’S! Something is going on there. I mean these are not just guys off the street putting down cash here in factions right? Are all those wallets owned by the same player? A group of players?
The mind reels… So yeah, there is shit going on as usual with nation state actors fucking with the internets. Go figure eh?
For the un-subtle out there this is all theory and supposition. This is not attribution. Wait.. Fuck, it is attribution! This is what we usually get for attribution! Best guess is ATTRIBUTION people! Once again, I guess you had to be there in the spook world to understand this premise.
Like I said above, I posted the story as a lark and went away. By Sunday the shit had exploded. People were reporting that direct connection between FBI, Bitcoin wallets, and ShadowBrokers! I never went to anyone with the story and attempted to report it as fact. Yet the media picked up on it (fucking reporters, no wonder I block them) and away the story went. Meanwhile butthurt people with nothing else to do started wailing and moaning about the wrongness of it all. I frankly think they need some remedial English lessons, but that is just the old Doc here speaking. Hundreds of comments came in on the blog and suddenly in parallel a metric shit ton of people wanted in on my feed on twitter.
All of them just taking things on face value of a tweet really. 30K hits to the blog post itself, but how many people then understood what I was alluding to, how many took it at face value and did nothing else but believe? How many actually took the time to look further and see what was going on with the accounts and make a judgement themselves I wonder? For myself, I never stopped looking at this and surely upon reflection there were no direct transactions once I began to really dig a lot deeper but there were connections that could not be discounted. When you look at the whole picture you see connections that can lead you to the same conclusion, that bitcoins involved with the Silk Road, accounts thereof that interacted with Silk Road and the seized coins were in fact connected to the ShadowBrokers auction.
What you all took from it and then made it into is all your own faults people. To those who just then went off to go off, and you know who you are, would you please fill out this form and send it to firstname.lastname@example.org Someone will get back to you with some salve.
The rest of ya, JESUS FUCK, take things with a grain of salt. I ain’t fucking Moses and this ain’t no stone tablets.
PS! This internet of shit is not something that is peer reviewed. We are overestimating our importance on a daily basis. Cut it the fuck out.