Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

The First Official Da’esh DARKNET Bulletin Board Has Arrived

with 4 comments

Screenshot from 2015-11-15 16:46:15

The Al-Hayat media group (daesh) has posted a link and explanation on how to get to their new darknet site today on the Shamikh forum (jihadi bulletin board in the clearnet) and linked it to Twitter as well to search for how to’s and links.

 بسم الله الرحمن الرحيم نظراً للتضييق الشديد على موقع #إصدارات_الخلافة بحيث أنه يتم حذف أي نطاق جديد بعد نشره نعلن إنطلاق الموقع على “Dark web” *وسيعمل لمُستخدمي الTor وللمستخدمين العاديين رابط مستخدمي الTor : XXXXXXXXXX رابط المستخدمين العاديين : XXXXXXX ونعدكم بأننا مستمرون فى مُحاولة الحصول على نطاق جديد عادي وسننشره إن شاء الله عند الحصول عليه بجانب نطاق الTor {ولله العزة ولرسوله وللمؤمنين}

I have redacted the site from the post but the right people are in the know now as to the location. The site mirrors many of the other standard bulletin boards that the jihadi’s have had over the years replete with videos and sections in all languages. Given that this site has popped up today in the darknet just post the attacks in Paris, one has to assume that an all out media blitz is spinning up by Al-Hayat to capitalize on the situation.

Screenshot from 2015-11-15 17:44:23

As you can see from the picture here they have also included their (semi) new encrypted chat/messaging  program of choice (Telegram) which they used in their claim on the Paris attacks. There are several accounts as well as other new ones I have seen popping up on jihadi Twitter accounts as well as Facebook. The rub in this Telegram service is that it is run by ex-pat Russians.

(correction: The Russian government has no control it seems over the owners and the physical location of the company is Germany. Also within the time since the original post here they have started to drop accts that daesh were using for propaganda)

Oddly enough today POTUS met with Vladimir Putin for about thirty minutes to have a serious discussion about Syria and the Paris attacks. I would like to see Putin and the FSB do a little work on the Telegram company to get some intel but yeah, then it strays into that whole privacy thing that we are all upset about. It’s a hard game to play and unfortunately with da’esh using this it will be hard to break.

Another problematic thing about da’esh now having a real site in the darknet is that all the videos and files that they want to upload and have users access will also be in some backend on the darknet. This means that trying to intercept them or tamper with the supply chain is going to be all the much more hard. Of course given the recent turn of events with the exploit against the darknet by UM and the FBI this all may be moot enough if they employ their new attack against this site. I would expect that soon this site will b e attacked anyway by various players and in the end may be exposed for backend IP addresses and raids thereafter.

The site is still being explored and mirrored so once I have more on it I will post.

K.

Written by Krypt3ia

2015/11/15 at 23:56

Posted in Da'esh, DARKNET

Lights Out: A Modern Tragicomedy

leave a comment »

9780553419962

I had heard that Ted Koppel was making the rounds on TV trying to pimp his book on the end of the world as well know it through cyber. Of course I instantly knew it would be utter trash, a tissue of assertions and half ass reporting relying on government and beltway bandit quotes that likely would enrage me. How little did I know about the true scope of fuckery and rage that would ensue from reading its breathlessly penned pages about our coming Armageddon. Once again we have a reporter who does not really do his homework and takes the word of people with interests over the realities of those who work in the industry at the scene of the crime.

From the first pages we are being told that the grid is vulnerable to attack. Not just physical attack, no, worse, more scary, the dreaded CYBER attack. Of course as you delve deeper in to the book you do not get any kind of technical interviews with white hat hackers or security experts other than those bottom feeders such as former NSA directors and Richard Clarke. All of these players who worked (past tense) in the government that failed to secure all the things and who now offer services as board members and pitch men. You see, no one interviewed in this book actually has hacked anything.

But trust us.. The grid will go down if attacked by the CYBER.

I will not bore you with recalling the rest of this awful book. Truly, do not buy it and certainly do not read it if you want to know anything about the potential for the power going out more permanently. Instead, I would like to give you a primer on how hard it would be to actually take the whole grid down. I would also like to show you just how hard it would be to take great sections of it out as well. Neither of these scenarios is easy and neither of them is something we will not recover from. All of the bullshit around the bugaboo that the grid could be taken out by Da’esh is fantasy for the most part and a tool to scare the public by halfwits looking for clicks or book sales.

Are there issues with the grid? Yes, there are. Could damage be done that could cause a lot of consternation and perhaps even deaths? Yes this could happen in pockets of our society. These things are true but a systemic outage across the whole of the country that would cause severe, unrecoverable damage to the grid as a whole is not probable. In fact, it may not even be possible and I plan on telling you here why. By going through the internet and seeking out data from experts, governmental files, and papers by doctoral candidates as well as those who own and operate the power systems I can give you the data you need to see what the truth of the matter is.

However, let me break this down into small consumable bullet points for you.

  • Even a nation state with capable hackers could not own every system effectively enough to take them all down simultaneously
  • Even if systems are hacked and malware like stuxnet implanted, it still takes a kinetic attack to damage many of the systems out there that transmit the power as well as generate it. Malware alone will not kill the grid.
  • Current activities in gridsec and grid technologies are making these scenarios even harder to implement due to the nature of the diaspora that is power generation and transmission
  • Certainly sections of the grid could be taken down and have in the past. All you need do is Google Squirrel+blackout and you will see how their kinetic attacks caused systemic failures that caused outages.
  • Frankly, an X-Flare has a higher probability of taking out the grid as a whole should one hit the US. This should be a real concern and the companies and government should be looking to shield against EMP but they aren’t.

So all the bleak punditry about how the grid could be taken down by hackers using Shodan is really just sensationalistic bunkem. Of course there have been a couple of interesting theories, one that made some news back in 2008 I believe was a paper by a student on a cascade effect that could black out the grid. This possible attack might be the only one that would work but the control over the disparate systems involved to make it happen is almost impossible really. Another theory was one put forth by the government itself when they performed the AURORA experiment. This particularly relies on attacking nine points on the grid (power gen and transfer) that could be the genesis of a cascade attack.

Screenshot from 2015-11-06 14:27:18

It is the cascade attack that should trouble people but this is not really explained by most of the purveyors of FUD like Koppel. The real scary point about the cascade effect though is that the attack, if successful would take out the LPT’s and those by their nature are costly and take years to build. They are also on backorder so there is that too. If you take these out, and there are no replacements then you are pretty much stuck in the 19th century in certain areas until you get one replaced. Now once again I will tell you that to take them all out at one time is damn near impossible unless you have an X-Flare that covers the whole grid with an EMP.

Screenshot from 2015-11-02 11:15:47

So where does that leave us? Well, that leaves us with scary scary ideas but little follow through on actual means to that end. Of course now the big scary scary is over the CYBER right? And when they say CYBER they really mean SCADA, ICS, and HMI technologies that monitor and control the big hardware that generates and transfers the power from the generation plant to you. Now consider that there were as of 1996, 3,195 electric companies in the US that handle generation and transmission of power. That is a lot of targets to get into and control effectively, in tandem, to create a super grid blackout. All of this is going to be done by attacking their SCADA? Are there really that many of these things that are internet rout-able anyway? This means that the adversary would have to really hack the majority of them and have major footholds in all to access the networks to get at the systems that may not be networked to their non air gapped networks.

Think this through people.

Screenshot from 2015-11-02 11:08:50

Screenshot from 2015-11-02 11:08:26

This is just not a real tenable plan to start with and then you have to consider just who would try to pull this off and why. If you take out the grid in the US sure you cause mayhem but we have military bases all over the globe. We have ships and subs at sea. We have the capacity to bomb the shit out of anyone we think carried off such an attack. So really, unless you attempt this a la some scenario like “Red Dawn” with planes in the air and boots on the ground, you pretty much don’t win. Many of these scare pieces don’t go into the semantics of attack and counter attack, they only cry havoc about how we are CYBER doomed and the grid is a scary scary thing. It makes my ass tired even thinking about all these idiots out there talking to the likes of Richard “Dr. Cyberlove” Clark and believing them.

Stop the madness.

In the end yes, sections of the grid could go down and yes, they could be down for a while because of the nature of the hardware and it’s replacement. It would be inconvenient but it would not be the end of the world. It also would likely be more the action of Squirrels or tree limbs rather than a clandestine hacker attack on our SCADA systems. So everyone needs to just calm the fuck down and breathe. What you really should worry about is some form of EMP that melts everything and puts the whole of the country down, and really once again, that is the only scenario I buy into on this matter. If we have another Carrington Event, we are well and truly fucked.

Anyway, don’t give Koppel any money…

K.

READING MATERIALS

UPDATE: I left a review of this book on Amazon and the one response back was this:

Screenshot from 2015-11-09 11:07:53

I guess I am no Dick Clarke so meh, nevermind.

Written by Krypt3ia

2015/11/06 at 19:51

The 2015 INFOSEC KRAMPUS LIST

leave a comment »

krampus-1-web-72RECTANGLE*_550_310_s_c1_c_t

GO HERE AND VOTE NOW!!

Written by Krypt3ia

2015/11/03 at 11:41

It All Started With An Unsolicited Email: TAKING THE FIGHT TO MALICIOUS CYBER ACTORS!

with one comment

Screenshot from 2015-10-26 07:17:39

“It all started with an innocuous enough direct message from “Deep Cyber Throat” the digital informant to my cyber Mulder….

Once I opened the file it became freakishly clear that this was no ordinary doctrine document. No, this document was a work of sadistic art that had to be exposed to the cyber sunlight to hopefully eradicate the derp that was festering within.”

Screenshot from 2015-10-26 07:20:35

Holy WHAT THE EVER-LOVING FUCK IS THIS SHIT? I was agog reading just the first paragraph. My mind had frozen like a Windows machine trying to use Outlook on a Monday morning. My mind vapor locked just at the Steve Austin ‘Six Million Dollar Man’ quote. This had to be a joke, my fore-brain fought with my lizard brain vacillating between fear, rage, and sense. I turned away from the bright screen and grabbed the whiskey bottle, took a deep draught. This was going to require a blind drunk bender for me to survive reading this drech.

I read on….

Screenshot from 2015-10-26 07:23:20

Hectoring? HECTORING? Really? So the NSA hacking all the things and spying on all the things and oh, destroying nuclear capabilities with STUXNET is just hectoring? Wow this guy is a real mental genius, heavy on the mental! Say, would this maybe be Richard Bait-Lick ghost writing this for this shmuck? I will say though that he is almost right on the whole passive defense thing but then he just goes back off the rails into deep fuckery territory. So tell me, where did the internet touch you sir? In all your no no places?

JESUS FUCK!

Screenshot from 2015-10-26 07:27:44

It was at this point I really came to understand that this man’s legal degree came from a mill somewhere on the internet. “We have the legal capability to offensively engage malicious actors” What? Who? Us? The populace? Are you fucking kidding me? He goes on in ever more prosaic and derpy terms how the government is hindering our, the people’s right to hack back and the laws are asinine.

Whoa dude.. Chill….

Really? Say, how many cyber guns do you have in your CYBER BUNKER? I read on…

Screenshot from 2015-10-26 07:29:06

…and then it hit me… Letters of Marque…. YARRRRRRRRRRRRRRR! I BE A PIRATE OF THE CYBER SEAS!

JESUS FUCK!

Crowd sourced investigations?

CYBER SHERLOCK HOLMES?

JESUS FUCK NO! HAVE YOU SEEN REDDIT? DID YOU SEE WHAT THEY DID WHEN THE BOMBINGS HAPPENED IN BOSTON?

NO! FUCK NO!

I have an idea, why don’t we just give all the chimpanzee’s in the world guns and be done with it huh?

Screenshot from 2015-10-26 07:29:58

My mind was in a near vegetative state by this point. I had run out of whiskey and my head had sustained a subdural hematoma from all the head desks that had occurred. I was not seeing straight but I pushed on…

It was then I realized that this idiot was the man who wanted to Balkanize the internet. Yeah, sure, let’s de-anonymize everyone and let’s make the internet tiered into a cyber apartheid system. Sure! Great idea!

Fuckwit.

FULL DOCUMENT WEAR HELMET WHEN READING OR PREPARE FOR BRAIN DAMAGE!

My mind is still broken from reading this 33 page… “document” If anyone comes into contact with this man please stop him from doing more cyber damage to our cyber world.

K.

Written by Krypt3ia

2015/10/26 at 12:18

Q4PZNWNO56KOPHGWWZEK64S This Is Collapse Out.

leave a comment »

Screenshot from 2015-10-19 10:11:05

Last weekend a burst of four broadcasts on two short-wave channels caught the radio geeks ear and being one of those radio geeks I thought it interesting enough to write about them. On 10/14/2015 into 10/15/2015 the channels 8992.0 kHz and 11175.0 kHz lit up with the four messages recorded below. What makes these of interest are that these are the EAM (Emergency Action Message) channels and for the most part they remain rather dormant. This weekend though they were spun up with some interesting numbers station like activity. You can take a listen to the messages below and read the Russian site that I found talking about them as well.

1. COLLAPSE message one: http://vocaroo.com/i/s1hGyA2GR6HI
2. Collapse message Two: http://vocaroo.com/i/s1ETZ3l9fp0G
3. Collapse message Three: http://vocaroo.com/i/s03ZI6ui70LY
4. Четвертое сообщение было передано станцией “FLATTOP!” ( Еще одна станция которая не вещала в течение многих лет): http://vocaroo.com/i/s01smhgkyNDL

Screenshot from 2015-10-19 10:16:05

Screenshot from 2015-10-19 10:21:31

Now allegedly the last time that these were heard being used were a long time ago with sporadic calls being made by planes with no answer. So an actual EAM message is of interest to those of us paying attention to it. In this case I can elucidate some on the calls being made that were heard this weekend and add a bit of context. In the case of these messages, the timing plays a key role. It seems that this weekend Putin’s forces were making runs into Syria again and this may be the reason that this EAM channel was spun up. The call signs COLLAPSE, RING DOVE, and FLATTOP are all the bases making the EAM. The coded text you hear them uttering is just that, coded text, and it may be a frequency to tune to for encrypted comm’s or it may be just a word or two. This is the basis of what is happening here. It seems that whoever and wherever our personnel, likely in the air, were getting orders to perhaps avoid running into trouble.

That is just a supposition though…

Of course given that there has been a lot of action lately including Russian planes getting into our and others air space…

http://www.wsj.com/articles/russia-says-jet-fighter-approached-u-s-aircraft-over-syria-to-identify-it-1444827032

http://www.express.co.uk/news/world/612828/Turkey-threatens-shoot-down-Putin-s-planes-drags-West-war-Russia

http://english.alarabiya.net/en/News/middle-east/2015/10/16/Turkish-military-an-aircraft-of-unidentified-nationality-was-shot-down.html

Keep an ear on those channels kids.. Shit is getting intense.

K

UPDATE: This code name was used before in 2008

2032z 25 Dec 08 11175.0 was active at 2027z with COLLAPSE (strong to good levels here) bcsting a 28-character EAM (Y23NIJ) preceding OFFUTT‘s 2029z HFGCS bcst of same. COLLAPSE was strong enough here to punch through OFFUTT’s good level bcst. Despite COLLAPSE’s signal strength on 11175.0 nothing was heard on 4724.0, 8992.0 or 15016.0

Written by Krypt3ia

2015/10/19 at 18:38

Posted in .mil, Numbers Stations

THE CYBER WAR THREAT!

leave a comment »

NOVA

 

Nova had a program on this week about the impending cyber war threat that the media loves so much to go on about and scare the populace. I had hoped that it being Nova they would do a better job at covering such a topic but in the end this show was no better than a 20/20 episode and this is very disappointing. The show was remedial at best and I understand the need for that given the audience base concerned but really did you have to just talk to the beltway bandits like Richard Clarke and Former General Hayden? This is a disservice to the viewing public and frankly consists of scare programming out of PBS in the hopes of ratings?

I and others have railed about the cyber war rhetoric in the government and the media but this is PBS! Come on and do a better job of journalism would you? Look, here are the problems with your broadcast that I want you to pay attention to;

  • Is cyber war possible? Sure, but on limited scales and really it would have to be truly backed up by kinetic warfare (i.e. boots on the ground) otherwise this is all just tit for tat espionage. You –rm a bunch of computers at Sony and we maybe shut down whatever is working in Pyongyang. This is not an existential threat and Nova failed to really get that across amongst the scary music and voice overs.
  • The focus on the grid is one that we have seen many times before and yes, if a nation state made a concerted effort on 9 (count them NINE) choke points in the US they could in fact cause an outage on a national scale. How long would we be down? I am not sure but it would not be the end of the world and if you do such a thing you had better have C-130’s in our air space dropping troops at the same time to make it a war.
  • The complexity of the systems and their semi interconnected nature makes an all out cyber attack on a national scale less likely and you did not cover that at all. There are many disparate systems in the grid and the pipeline systems. You could not likely without a great effort and a lot of luck have everything go down from a cyber attack alone. Simply put, you would have to have a kinetic aspect to the attacks to work. Something along the lines of the attacks on the transformers in the Silicon Valley area a year ago when they were shot with AK-47 fire.
  • Lastly you did not cover at all the fact that there are many people out there securing this stuff where they can. I personally have been on assignments assessing the security of the grid and other systems that have SCADA/PLC’s and yes I can tell you there have been times where I was just flabbergasted by the idiocy. Why connect these things to the internet I will never understand. Why connect them via WIFI in the field makes my head explode.

Anyway, at the end of the day this show only made my head explode again at the poor quality of journalism, this time by a favorite of mine, Nova. It was one sided and just a scare piece. Has the government owned you so much that you need to be the cyber war mouthpiece for them? Did you guys lose a bet? What the holy hell were you thinking? Just stop, for the love of God stop.

Post Script Screed:

After watching this episode of Nova I went online looking for the “Aurora Test” documentation that they mentioned in the piece. The fact that they showed pages of the report redacted on air got me thinking about whether or not it was all still on the net. Well, yes yes it is and it’s all here. 840 pages of unredacted love from DHS who in their infinite wisdom through a FOIA request, released the WRONG documents. These were CLASSIFIED and they show the choke points to attack were you wanting to attack the US grid or pipeline as well as a full description of all kinds of data you would want to do so.

*hangs head*

Yes, DHS, the people who brought you the TSA and other fun security theater programs have managed to single handedly pass out the keys to the kingdom because some asshat could not think their way out of a government provided thin wet paper bag. So there you have it kids, if you want to attack the grid have at it because in the scare-o-rama that was the Cyber War Threat they say nothing has been done to secure those choke points! Yes! Complete with shadowed anonymous speakers afraid to go on the record for fear of reprisals because they are telling the truth about our security fail!

Sweeeeet.

If you are a reader here you have seen my stuff in the past on this as well as my digging around with Google to find all kinds of shit on the net that could lead to compromise of the grid. Truly, if the terrorists or anarchists or anonymous or even the fucking 13 year old down the street wanted to, they could do some damage with this stuff. How long until such a thing happens because some idiot can use Google and a COTS hacking program?

Talk about your black swans…

Yours in everlasting head-desk

K.

Written by Krypt3ia

2015/10/15 at 21:43

Well… Duh.

with one comment

MV5BMjA0MTYyNDk4M15BMl5BanBnXkFtZTcwNjcyNjczNw@@._V1._CR524,1073.8999938964844,421,0_SX640_SY720_

Today I found myself looking at a tweet from my stream and saying just that. The tweet was posting a paper that had been written by another person on my feed who works for Kaspersky. The paper that it linked to was on how the threat intelligence companies out there needed to grow up a bit and learn that not only might they not be doing a service for their clients with their work, but also that nation states who’s malware they are actively reporting on and stopping seem to be unhappy with them.

Stunning I know….

So there I was mouthing the words “Well duh” and I thought maybe I should write something about this. Welp, here is what I have to say to this revelatory pdf…

“When you play spy games with real spies you often end up getting dead”

Should it be a surprise that malware researchers might in fact raise the ire of those nation state actors who they are thwarting or calling attention to? If you had to think about that one and you are a threat researcher you might want to re-consider your career choice. Espionage has truly moved into the digital age and yes, you guys are the new front lines so plan accordingly. You dear researcher are now a target in the ongoing war that is being waged by the nation states of the world and some of them would not think twice about whacking you creatively and folding your dead body up in a gym bag.

Other issues in the paper and a subsequent article in an online news outlet begs the question on where all this threat intelligence is going. Are the private corporations now becoming organs of the state by doing this kind of work? Are these orgs only reporting on APT activities primarily (I can think of more than a few names off the top of my head CROWDSTRIKE/MANDIFIREYE that pretty much just trade on that shit) doing anyone a service in really preventing if not more to the point, educating companies that they serve on the threats and how to detect and deter them?

In a word… No.

While APT actors are all the sexy and they make the news cycle the marketers friend, so far in my estimation many of these TI companies aren’t doing dick for the companies out there that hire them. Sure they have feeds and they have really really cool code names but really, at the end of the day just how much of that applies to the average corp? Not much really. So yes, there is too much a focus on APT and now these companies and researchers are beginning to realize that they are targets up to and including perhaps attacks both physical and other to discredit if not hurt them.

Welcome to the ‘Great Game’ kids! Remember though, you ain’t James Bond and no, that is not Pussy Galore in your bed.

Meanwhile might I point you all in the direction of 大鸦 / The Raven who recently was reported to have had a sudden case of death. He had no autopsy because he was hastily cremated and some mystery surrounds why he died and how. Why you ask is this important? Well, let me tell you a story about a guy who poked his dick in the eye of not only China but the DPRK and jihadi’s since the late 90’s. Vlad was a known quantity and I used to use his site back in the day too. Now he is just gone. A report came out in a certain portal of his demise and leaked information that Vlad had in fact been the guy who helped finger the 4 PLA players that the US put on their most wanted list.

Are you seeing my drift here?

The story on the street is that Raven met up with an unnatural death because he had been a player. Frankly my bet would be on DPRK for a whacking because Un is just that crazy but given that there is no news out there on this and the only report comes from a portal, I am going to lend this some more credence even with the source which I don’t like.

Oh and Vlad.. If you are about lemme know and let’s get that cleared up… Cuz I would rip the source a new one *wink wink nudge nudge*

Anyway kids all of you today who are in this line of business (threat intelligence) have to consider that you are targets. Maybe someday you will go on a trip somewhere and some strange will come your way at the hotel. Next thing ya know you are being blackmailed or your shit is being copied while you shower. In extreme cases you could end up like this guy who now it is alleged got whacked because he learned about some SVR moles in GCHQ. Of course this guy worked for GCHQ but hey if your company is now liaising all the time with the NSA how far removed are you?

Keep your wits about you.

K.

PS… the mail man always rings once then fires an uzi.

I stand corrected

Screenshot from 2015-10-13 07:25:41

Written by Krypt3ia

2015/10/12 at 22:22

Posted in Uncategorized

Follow

Get every new post delivered to your Inbox.

Join 216 other followers