Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

The 2020 Disinformation and Election Meddling Melee Playbook.

leave a comment »

The Game:

 

“There is no objective truth, there is only subjective truth”

The upcoming 2020 Election cycle will be an all out melee I suspect for a few reasons. The first reason I am making this claim is that the US has done pretty much nothing under Trump to secure the next election because Trump cannot bear to discuss what happened in 2016 and has rebuffed Homeland Security and others ovations to talk about 2020’s security. Additionally, even not talking about the subject, Trump has seen fit to do absolutely nothing about the problem because, hey, it’s how he won the last time right? The big difference in the next election cycle’s attacks will be that the field has opened up much more since the playbook was used by the GRU and SVR in 2016. Now we will have a slew of other nation states as well as internal players (Republicans, Dems, and private groups with interests) who now can spin up campaigns of their own using the Russian active measures playbook.

The Players:

Russia

Russia will undoubtedly has already spun up operations tempo on the 2020 election cycle. We have seen an uptick already in GRU style action in disinformation stories being published by the likes of Sputnik and RT. Of course these entities are always at this, but, it seems the online game has also been at work with fake accounts on Facebook, Twitter, and other places online. The real question now is how will the GRU and the Kremlin innovate to counter the paltry efforts of Facebook and Twitter and get their message out.

Of course Russia already has the in with Trump in office to begin with and it seems that play for play Trump emulates or communicated what the Kremlin wants, in effect Trump is Putin’s puppet even if he doesn’t really understand that fact. The reality though is this; the Russians have moved in on all fronts and are using proxies to effect the overall fractured nature of the political landscape today not only in the US but all over the world. Remember, Putin’s goal is to cause chaos, division, and a malaise that will leave their perceived enemies unable to function as a nation/government/force that could threaten them.

To that end, we even have been seeing more incursions lately into US air space by BEAR-FOXTROT bombers with SU-35’s. This is also a means of pressure to keep the US off balance and garner news cycles. Russia will continue overtly and covertly to influence the US in myriad ways to keep us off balance and continue the division that makes us unable to act on the world stage with decisive action. The most insidious actions though will be to continue to use money and power to further their goals internally within the US along with kompromat to keep a hold on those in power that they can use.

Trump & Surrogates

We have been seeing what Trump and his surrogates have been doing these last two years already if you have been paying attention. Trump’s use of the constant rallies, constant lies, and “iniquity signalling” will only crescendo as he leads up to the 2020 vote. Trump’s current actions against the IC are also a means of control and division as well. I am sure that Trump will use any and all TS/TSCI information that Barr might declassify to leak or blatantly beat the media and his perceived enemies with it. Let’s just say that a person like Trump with this kind of power will use anything and everything he can get his hands on to distort and destroy in furtherance of his own power.

I would be looking for more disinformation operations being created and played out by not only Trump’s internal teams but also any others who may feel a kinship to his world view. You will likely see more home grown operations like Jacob Wohl’s though some might actually not be as easily stopped as has last few attempts. I would also say that Trump himself, with his patterns of lies, half truths, and confabulation, is a main player in this because he has the multiple stages of media that include the internet via Twitter at his disposal. Of course now that Trump and Barr are in a position to declassify TS/SCI information and weaponize it, we are likely to see much more come from the candidate/president than we have ever seen before as a nation. As I am writing this as well, the debate cycle for the Democratic party starts this evening, so buckle up kids, it is all starting in earnest. It will be interesting though to watch the President and his minions to see exactly what operations they try. Perhaps I will take notes and have a follow up list of attacks that he and his minions carry out.

China:

China has always had an interest in our politics and more specifically, our economy for a long time now. In that the shackles of information warfare have been removed by Russia, the Chinese are likely to be more aggressive in this arena as well. China is currently in an economic war with the whole of the world and it is their hegemony alone that they seek to effect. Of course now Trump has begun a trade war with China so there is even more inclination for China to play a part in effecting a change in our leadership with an eye toward a more accommodating trade policy from a more friendly candidate. The question there is who among the Democrats, Republicans (if any run) and or third party candidates suits their goals. I also wonder if maybe China might make the same calculus about American politics and dysfunction as the Russians do and just seek to cause more chaos. This would mean that the US as a global power would be that much more diminished and would give China a more free hand to assert their power along with Russia globally.

Hmmm….

Frankly, China has more to lose were the US to go up in flames financially than in trying to stabilize things here though. My gut tells me that they will attempt to get Trump out and place a more friendly face in the office with any means that they can (probably dark money to candidate of their choice) to stop the Trump trade war…

Iran:

Well, this will be the new and youthful player in the space this election cycle. Iran is presently on the edge of forever war with Bolton and Trump it seems and their delusions are getting stronger by the day that Iran is an existential threat. Iran will have to play catch up with regard to disinformation and information operations before they can be a real player like Russia or even China but I am sure they will be playing the game as well. In fact, there have been more moves on the internet of late that seem to be leading toward psyops and disinfo ops for the upcoming elections so keep an eye on them.

DPRK:

DPRK is a dark horse here and I am sure they will be taking part as well in the great games of 2020. History has shown that Un and his forces are a little more kinetic than most of the others in their operations online and off. Actually, in the arena they are second to Russia so I would be looking for some hacks and perhaps dumps akin to what Russia pulled off in 2016 to muddy the waters further. Of course in the case of Un and DPRK it is also in their interest to keep Donny in office. Donny is a weak president that Un can lie to and manipulate in order to further his own ends no matter what Donny says about their great relationship. I think if we watch for DPRK activity we will see some hacks, dumps, and more likely than those dark monies being funneled to campaigns to further their ends.

Saudi Arabia:

Saudi… What’s more to say right? Money, more money, more influence, and perhaps some disinformation as an appetizer? My bet would be that Saudi will go full in on Trump and perhaps be passing him dirt on candidates as well as funneling large sums to the Trump campaign to keep him in there. With the Kashoggi killing and the total air cover by Trump for that killing, I am sure that Saudi is a lock in support for Trump. With the alleged hack and dump on Bezos’ phone, we can see that if it was indeed Saudi who carried that out in retaliation for the WashPo, well, then they are certainly capable of much more. The question for me is just how much they will care to try and obfuscate where it’s all emanating from.

Scenarios

Disinformation:

What we have seen in disinformation operations since 2016 is just the tip of the iceberg. With the advent of social media and now computing power, we will likely see even more forgery of information or distortion of data that will cause people to believe all kinds of things in this election cycle. Remember, the point is to cause friction and sow chaos so the media does not have to be air tight, it only has to feed the cognitive dissonance of the target audience that they target. Even with information being proven to be false, we have seen people’s inability to get past their own beliefs to see the truth of things. So by dropping video, audio, articles, etc the damage is done and the momentum is carried. Look for the following types of disinformation operations:

  • Fake video (DeepFake) of individuals in the election cycle (even if they are easily found to be false)
  • Tampered video (Pelosi is slurring words)
  • Faked or tampered audio files
  • False information being leaked or posted (including forged email spools, documents, etc)
  • False or misleading stories being amplified on media
  • Leaking false information to news outlets (Leaked forged or tampered with databases)
  • Leaking false information in the form of oppo (opposition research) to opponents (Think Steele dossier on steroids created whole cloth)
  • YouTube and other video documentaries or clips with totally fictional content offered as “the truth” like flat earth videos
  • Insertion and operation of accounts on Twitter, Facebook, Telegram, Discord, Redit, basically any feed available with an audience to spill disinformation on
Propaganda:

Propaganda and Disinformation are kissing cousins really. Basically all of the above being pumped out by the likes of RT, FOX News, and other outlets. The ubiquity of the advertising and the news feeds that have become wholly about propaganda has made this hard to miss and or be affected by today.

  • Meme’s
  • Television/Internet/Radio news and advertising
  • YouTube videos and ads (lately they have been buying up interstitial space as well as before and after videos)
  • Whatabout-ism
Dirty Tricks:

Dirty tricks have been a long standing go to in our political system and now it is getting a re-assessment and revitalization since 2016. I would wholly attribute this to Roger Stone and his machinations along with the Trump/Russia collusion that took place. Incidents can be clearly outlined in 2016 like the actions of Cambridge Analytica that were caught on tape. Cambridge was looking to sell services of not only analytics but also dirty tricks by capturing people on tape with hookers etc to destroy them. Stone is famously known as being a dirty trickster and worked as such in the Nixon campaign. So yeah, we are likely to see this play out in 2020 as well. I would hasten to add that the recent Giuliani attempts in Ukraine to get dirt on Joe Biden are exactly this type of activity albeit totally and nakedly open to us all to see. You see, even the whiff of this dirt feeds the cognitive dissonance of the avid Trumper.

  • Setup’s like ACORN or Cambridge Analytica offerings of secret videos
  • Sex stings with video/audio/pictures
  • National Enquirer-esque leaks of dirt
  • Blog posts, tweets, etc that can be forged and said to be from a candidate
  • Fake claims made against candidates etc
  • Theft and release of information that is not flattering to a candidate (honestly, this is what happened to Clinton in 2016, what was really revelatory in those email dumps?)
Direct Action:

Russia really set the bar here for direct action. The hacking and leaking of information, even data that like the Clinton emails was a big “meh” was enough to feed the base of Trump and perhaps change minds of those who were on the fence about voting for her. Then again, the idea of hacking the election systems and the systems that tally the rolls has not been totally elucidated upon by the FBI and others. The fact of the matter is this, we now know that the GRU hacked those systems and had access, we just have no idea of what they actually did while on them. Did GRU put their thumb on the electoral scale and win Donny the election by the smallest of margins via the electoral system?

…. I kinda think they did but no proof means no certainty.

With that, consider what may happen this go round in 2020.

  • Hacking and dumping of data as we saw in 2016
  • Hacking and destruction of systems in an effort to make systems seem insecure/not trustworthy
  • Hacking and placing disinformation into data then leaking for effect
  • Hacking election systems and tampering with them secretly for vote control
  • Hacking systems not to actually damage them or change the vote but only to sow FUD on their security
  • Hacking and use of data in blackmail
  • Hacking and using ransomware etc to lock up systems and cause chaos and inaction
TRUMP:

Donny has been hard at work since taking office by having the constant rallies for his base. He has been feeding them a steady mixture of lies, distortions, and promises of “winning” since the start. Faced now with another election cycle where he could potentially be beat, he will go into overdrive with his antics to keep his base active as well as make all opponents look bad. What Trump will double down on though will be the same things as he has previously, e.g. “rigged elections, fake news, and whatever the Kremlin line is being put out there currently” I would add though, these bullet points of what he will likely try in 2020 pre and post election.

  • Begins to call election system into question pre-election
  • Leverages National Guard and or Active MIL to “guard” polling stations nationally (pressure on people to not vote through intimidation)
  • Calls the election “rigged” and challenges the result
  • Makes calls for his term to be extended
  • Calls a national emergency if he loses and attempts to go to court over the election results
  • Calls for a re-call election due to tampering
  • His usual disinformation road show will go full steam during the election cycle
  • Trump will amp up the discord by doing more outrageous things
  • Lastly, the Trump/Barr IC war will be leveraged against his perceived enemies using secret data to dump or distort to attack if not actually attempt to arrest his enemies.
Conclusions:

Well, here we are at what kind of feels like the end of Democracy. Trump is the catalyst for so much that is a detriment to the values of the United States that it is hard to even to attempt to prognosticate what he will try to keep his place in the White House. Of course, as I said before in this piece, the norms have all been broken now and the US and other countries still have not made any inroads and how to respond to these kinds of attacks. This means that we are all just unable to stop these things from happening and without solid responses when they do. This will all just escalate and get worse I fear with a specific scenario that Trump, by hook or by crook, wins in 2020 and is allowed to destroy how the countries government is supposed to work.

This is a key fact, we do not have a means of stopping the disinformation propagation nor do we have a means to effectively counter its effects. without laws and norms around this as well as a means to counter it all, we are lost. I have been watching the think tank reports and have in fact taken part in some of these working groups and in every case, it comes back to “what does the government have as tools and techniques to counter this?” and the answer even more so now is “none” … In fact, Trump has cut funding as well as ignored calls to formulate plans to stop these attacks on Democracy.

The net effect is we are fucked.

So, sit back kids, grab a tasty beverage and watch the fires of what is left of our Democracy burn.

… That’s kinda Millennial huh?

K.

Written by Krypt3ia

2019/05/28 at 13:03

Posted in 2020, Disinformation, Russia

Anders Brievik and Brenton Tarrant: Parallels of Manifesto’s, Actions and Psychology

leave a comment »

I recently began to consider the parallels between the Christchurch and the Norwegian mass shooters which was sparked by watching a special on Anders Breivik. In the documentary on Breivik, they delve into the manifesto and his history a bit and these two things seemed to track a bit with Brenton Tarrant’s actions. In fact, it seems that Tarrant was directly influenced by Anders and his actions as well as his manifesto. So much so, that Tarrant say’s in his manifesto that he idolized Anders and in fact reached out to the “knights Justiciar” online and had communication with Breivik; “Receiving a blessing for my mission after contacting his brother knights”  in his own manifesto placed online minutes before the attacks.

Digging in further, I located several copies of the full video that Tarrant was live streaming on Facebook on the darknet. I watched this and took notes on parallels between what Breivik’s and Tarrant’s actions methods and actions. It quickly became clear just how much Tarrant had taken from Breivik’s attacks and methodology. From this, I then sought out each of their writings online and their manifesto’s. I then began to map out just how much one had imitated the other and started to ponder if they are both suffering from the same mental maladies and to what extent. I began to see the parallels quite clearly and this is something the media really has not delved into. First, let’s look at the planning stages of their actions.

  • Breivik planned his attacks meticulously for eleven years
  • Tarrant planned for two years

 

  • Breivik wrote extensively about certain regions and histories around clashes of cultures
  • Tarrant seems to have traveled to those countries and regions that Breivik wrote about as a means to understand what Breivik had been writing about

 

  • Breivik researched and wrote quite a bit on his plan and his mission to include a manifesto over one thousand pages long
  • Tarrant wrote a seventy six page manifesto and his research was haphazard and minimal as to targeting

It seems that Tarrant lacked the concentration or perhaps the methodical nature that Breivik shows. By looking at the manifesto’s side by side, you can see that Tarrant pretty much just cribbed Breivik’s style and format as seen below. The imagery and the motive seem to be pretty parallel but once again, the diversion is on Tarrant’s side where he could not muster the longer and more convoluted writings as well as the complex ideas that Breivik is trying to get across in his writings. Of course the writings that Breivik put out also are cribbed as well from many sources and are mostly overly complex, the machinations of a disturbed mind. Actually, they remind me a lot of the writings of Ted Kaczinsky.

 

 

Breivik

Tarrant

Breivik Manifesto

Tarrant Manifesto

Formatting is not the only similarity that these two documents hold though. Tarrant actually copies Breivik’s style as well. In the much longer Breivik manifesto he drones on and on but finally toward the end has a Q&A with himself as a Justiciar Knight to describe what and why he is doing what he is doing. This is a direct attempt at self justification as well as a narcissistic pastiche about seeking others to emulate him as a warrior for the cause. In both cases they show the same pathology of attention seeking and self aggrandizement as rationalization for their actions and a call to others of like mind.

  • Both saw themselves as warriors in a greater war
  • Both have a need to be seen as a great actor in history
  • Both uploaded the manifesto just before actions
  • Both expected that these actions would be the lynch pin in causing a race war or cause great social changes

In addition to the manifesto’s and desires to be “great men” both actors had very specific needs to look and play the part of the warrior. What I mean here is that both nationalistically needed to be seen as well as heard. In this way, Breivik made the mold that Tarrant re-used and added to in his attacks. While Breivik did not live stream his attack, he did plan it and carry it out in a way that made him look and feel the part. Tarrant as well followed these visual and audio cues in his own way.

  • Breivik created/bought military uniforms to include full regalia
  • Tarrant created/bought a military uniform with added Neo Nazi black sun logo
  • Both use imagery and language concerning knights (Neo Nazi black sun in Tarrant’s equates to Wewelsburg and SS knights)

I would be interested to see if more of Tarrant’s writings and or images come out during his trial. This would add context to the comparison between the two actors actions and psyche’s. It seems that both planned for acquiring weapons and tactics much the same way, but, it is yet to be seen if Tarrant had any plans for bombs or had been working on or researching such things. My guess is that Tarrant lacked the patience for this and went for the quick hit instead. This is also visible in his shorter planning phase as well as his brevity in manifesto. It is also clear that Breivik’s hate was directed not only outwardly at Muslims or foreigners but also inward at his own country in his attacks and professions. Tarrant just went for the Muslims and the foreigner in a more spree killing modus.

Finally, I will cover the video that Tarrant live streamed. It is a hard thing to watch in total but it shows some cues that backstop this idea that Tarrant was really emulating Breivik down to some fine details.

  • Breivik wrote about using an iPod during the attacks to mute out the screams. This he said was to prevent him from losing his motivation
  • Tarrant played neo nazi music in the car and was dubbing this also over his video live feed
  • Breivik game-afied his attacks and played video games incessantly in preparation for the attacks
  • Tarrant did much the same making the video a “first person shooter” game with video as he gunned people down

It is pretty clear that Tarrant took Breivik’s model and upgraded it with the technology today of Facebook and a helmet cam. This I believe will not be the last time we see this kind of activity as the technology becomes even more ubiquitous. The question is then, how much amplification we will see with such attacks being footage that can be watched and re-watched online to activate others of like mind and mental states. It’s pretty clear that the motive of creating such videos is to activate others as well as get that 15 minutes of internet fame that the narcissist needs to sate them momentarily.

As a parting thought, I would also like to say that both of these men seem to have the same mental illnesses but I am afraid there isn’t enough evidence in the case of Tarrant as yet. Breivik clearly is a paranoid schizophrenic and I believe that was the diagnosis of him at trial. Tarrant’s history and a review of his mental status as yet to my knowledge has not been carried out and released to the public. I would be interested to see more of Tarrant’s history and biography to see if there are parallels as well. As of this date I know that Tarrant’s father died when he was ten years old but there seems not to be a similar history of mental illness as presented by Breivik even at an early age. Nature versus nurture is still a coin toss as far as I am concerned so there is still much to learn about Tarrant before we can make any pronouncements of mental illness. I will keep watching as more comes out but I thought this was an interesting set of circumstances to write about.

K.

Written by Krypt3ia

2019/05/24 at 13:37

OilRig Games: Dumping IOC’s, Tools, and Deets on Iran

leave a comment »

NARRATIVE:

On March 26th 2019 an account on Telegram named  لب دوخته گان (sealed lips) “Labdookhtegan1″ began dropping details on OilRig aka Muddywaters APT group on Twitter. The data that this account dropped consisted of names, details of the actors allegedly behind OilRig/APT34, and screen shots and details of compromised systems and tools being used by Iran. Since March the actors involved in dropping the dime have gone on to create two darknet sites as well as three accounts on Telegram where they dropped much of the same data. The Telegram and the successive Dookhtegan1 account(s) on Twitter also put out a video with their announcement. The video consists of clips of President Obama making a speech much like the kind of thing you see in movies threatening someone using sound bytes.

 

Analytics on Dookhtegan:

  • Dookhtegan لب دوخته گان “sealed lips” as an image and a maxim was the creation of Mehdy Kavousi, an Iranian immigrant in the Netherlands who is protesting immigrant deportations. The image is famous and literally shows Mehdy with lips sewn together in protest.
  • The original photo has been shopped by many including the actors here creating these accounts and dropping data
  • Dookhtegan is only one of many accounts
    • labdookhtegan
    • labdookhtegan1
    • Green_leaks
    • Green_Leakers
    • Bl4ck_B0x

  • The data drops all included Farsi commentary as well as English
  • The backstopping of the data is tied to actual compromised system addresses and files of malware
  • Interestingly, the translations of Farsi to English seem to imply that the writer is not a native speaker of Farsi

 

DATA DROPPED:

The data dropped by these guys is rather splashy. They have named names of at least six guys and two companies in Iran they claim are part of MOIS/IRGC actor group

  • Omid_Palvayeh
  • alireza_ebrahimi
  • mohamad masoomi
  • saeid shahrab
  • taha mahdi tavakoli
  • Noorsec —>Sec Company
  • Rahacrop –> Sec Company/School

All of the actors dossiers are included in my zipped drop below for you all to oggle. OSINT on these guys may come later but for now I am kinda meh, they are blown.

FILES DROPPED:

Labdookhtegan1 dropped many files as proofs of their work and outing of the IRGC. These included such things as passwords to compromised systems, tools they used, and other proofs to show IRGC activities on the following places of interest (see list pictured) The targets pretty much show activities in the middle east and areas that the IRGC would like to attack. Of course I am not seeing any US assets nor other areas, which, is rather interesting no? More on this in the context and timing section below….

I am currently looking at the technical tools and may have an update later on with tech details but for now, be happy with Uncle Krypt3ia’s gift of all the files and dox in one zip!

Tools, Techniques, and Assets

CONTEXT OF TIMING:

Right! So, the timing of these drops is rather convenient for the US huh? I mean, even as we speak Donny and his mustachioed pal Bolty are looking to maybe attack Iran for whatever reasons they have. The actors here try to make a case that perhaps they are in fact Turks, but I am kinda not buying that at all and the touches with “sealed lips” aka Mehdy Kavousi is also a nod toward some sympathy for Iranian immigrant feelings on deportation and feeling silenced. This too I am not buying, so once again that brings us back to the whole idea of “Cui Bono” and for me who really benefits here on so many levels would be America and the NSA perhaps or CyberCOMMAND?

So picture this… We decide to drop dox and TTP’s on Iran in the REGION as a means to blow IRGC out of the water and re-tool as we are ramping up for maybe some action in the region and we need, oh, let’s say, a receptive audience(s) in said region to help us were we to get kinetic with Iran. How’s that play for you all? It certainly plays for me. This is a stick that likely is dual edged and wins for us in my opinion. After all, the IRGC is in the regions playing their games as always, but the skinny recently is that IRGC messaged all their proxies and took them off the leash, and more to the point, in Iraq.

Think about that kids….

Say, didn’t we just pull out all our State folks from Iraq?

Why yes we did… Gee… WHO KNEW?!?!

Ponder that.

ASSESSMENT:

Overall these are interesting times and if you are in the game here and want to have all the fun bits, download the zip file with all the things. You’re welcome. I am glad to put it all in one place for you to have instead of playing games with all the companies out there trying to get you to buy their content while hiding the good shit behind a paywall. My assessment is this, that the players have been exposed, the companies they work for have been blown, and we all likely have much more to dig into now and coming soon. In fact a little birdie told me about a new dump this morning (yes it is in the zip file) so WHEEEEEEE!

Watch Iran and the region… I have a bad feeling.

K.

 

PS! I almost forgot.. I found some of the malware online in VT/Hybrid

https://app.any.run/tasks/a74d0d54-a996-4ae0-979f-675bbdd3bbad/

https://app.any.run/tasks/69ad1f9f-9dc4-475e-8762-b31283f314f1/

https://www.hybrid-analysis.com/sample/3c0c58d4b9eefea56e2f7be3f07cdb73e659b4db688bfbf9eacd96ba5ab2dfe5/5cdabffa028838cc0ea26b0a

Enjoy!

PPS! Almost forgot.. These cats even created a LinkedIN page for one of the burned!

Screenshot from 2019-05-09 10-29-37

*giggle*

Written by Krypt3ia

2019/05/16 at 14:03

Posted in APT, APT34, Infowar, Iran, OilRig

Phone Hacks Or Intercepts: Bezos’, Pecker, Sanchez, MBS, A Pragmatic Approach

leave a comment »

This whole thing about the Bezos’ dickpics is running amok in the media with panel after breathless panel dribbling on ad nauseum. Wanking on over whether or not a nation state secret service intercepted those texts and photos or if AMI (The National Inquirer) hacked them with the help of sleazy private investigators and or the brother of the mistress has me apoplectic every time it’s thrust in my face on the news. I finally decided to put this post together with some sense making to counter all the stupid out there. Of course the funniest thing about all of this though is that I have yet to see any of the hacking talking heads that usually show up like Dave Kennedy being dragged out to assess how easy or hard it would be to just hack a phone or an account. Who knew they would not be clambering to get more news cycle attention to pimp their services huh? Anyway, let’s do a little dive into what Bezos likely has as a phone, how easy they are to hack, and how likely that a bad actor like MBS and his secret services, a paid group, or just the brother of the mistress with a grudge were the culprits shall we?

What phone does Bezos likely have and how hack-able is it?

According to the babbling of the news media, claims have been made that Bezos has security and as such his phone is likely harder to hack. Well, let’s put that to the test and see. I did some looking and as of 2017 he was still using a Fire Phone, his own product and that runs on Android. A little more Googling and you can see that it had seven vulns that included DoS and overflow attacks in 2018

FireOS is based on Android 4.2 JellyBean and that had a host of vulnerabilities as well. So unless Bezos was using some super secret hardened version of JellyBean or FireOS then it is likely that even with iterations today he might have, it is still quite hack-able in all reality. So with that information one has to wonder at all this reporting that it HAD TO BE a nation state or that this was some exotic attack on a hard target.

Sorry, no.

INCONCEIVABLE!

Meanwhile, if indeed Bezos had another phone, he was spotted before with ANOTHER  model of phone (Samsung) which also uses Android as it’s base operating system. If you are in the hacking or security community, then you know that Android is a hot mess security wise because Google could really give a fuck, so there you  have it. Unless Bezos decided to get a Black Phone (which still had issues) I am gonna say it would not be hard to hack him with a phish with a bad .apk file and own him.

Sorry media, go home, you’re drunk again.

The facts are that unless Bezos got his hands on an NSA encrypted and hardened phone like the one that Obama had (which was Blackberry) then it is likely trivial to attack his phone and own him. That’s the fact and everyone should take that into account when listening or watching these talking heads on TV. Of course, this is not to say that it wasn’t MBS or minions he hired or AMI that did this because these are TRIVIAL hacks and one could pay easily for someone to do it. It would not take the NSA or that level of nation state access intercepts to get the data Pecker has.

What are the odds that a bad password(s) and an automatic backup to the cloud are responsible here?

Right, so what about bad passwords? I mean hell, Manny’s password to all his secret bad dealings was “bond007” right? So is Bezos using a good password vault with 16 character passwords and rotating them often? Well, I cannot say, but what I can say is this; “security is hard and OPSEC is even harder for regular people” This means that it is entirely possible that Bezos password could have been weak and he may not have changed them as regularly as might be needed for someone who is a higher risk target right? I am sure he has minions and possibly a security detail, but, think about this, would you want your security detail to have your password to your dickpic mistress phone?

This also brings up another question…. Did he have a mistress phone? Something separate from his regular phone and hidden so the wife would not see? You have to ask yourselves this question as well when thinking about this whole “affair” right? Let’s say Bezos bought a burn phone and used that instead of his primary phone to send his dickpics and stupid stupid texts mooning to his side piece? It’s not something you would really want to have laying about for the wife to find and nothing that could be directly tied to you in some ways, I mean sure he sent photos of himself, not just his junk, so yeah, not the greatest OPSEC there either. But would such a phone have less security because it was not hardened by the security detail?

Hmmmm….

Either way, passwords and access to Google (since I think he is still using Android) is problematic and unless he had all the 2FA turned on and alerting, he could have easily been pwned due to his own stupidity with passwords and access security.

What are the chances that physical access to the mistresses phone are to blame?

Ahh this mistress… Well all of the things above could play with her as well. It could have also been physical access to the phone by others as well. Let’s face it, Sanchez could have been using her dogs name as a password to all her accounts for all we know. She is the weakest of weak points as far as I am concerned in the security picture in this story. It seems that a running theme in the story seems to be that the mistresses brother is tied into the Trump camp and its acolytes so there is a chance that he accessed her phone either physically or perhaps he had a password to gather the details and leaked them to AMI.

Think about that though….

You would have to be one cold bastard as a family member to hack into the sister’s phone and dump pics that seem to include some nudity on her part as well to AMI right? I mean that is some serious pathology there. Keep that in mind further down this post ok? *turns over standing presentation board with pics and yarn connections* So yeah, it could be the brother, or it could be anyone who had proximity to the phone and a desire to carry out this attack on her and Bezos.

I am unaware of what phone the mistress is using but I am willing to bet that she is not as security conscious as Bezos might be. It could even be that Bezos and her both had burn phones that were insecure, who knows right? Suffice to say that the mistress and her electronics hygiene may have in fact been the vector of the leak and everyone has to take that into account even if you are thinking that this was carried out by nation state actors like MBS or Russia. It would be a soft target campaign with phishing, physical access, and stupidity that would win the day and would not take that much effort really.

Was it a nation state intercepting Bezos and just handed this over to Pecker and AMI?

Speaking of nation state actors here’s the deal…

It’s quite possible. It would likely be trivial to attack the weak link (mistress) and gather all the intel. In fact, let’s suppose the nation state actors did do this, it would not only be dick pics that AMI might have. It is possible that they also have audio and video captures of phone calls and the like as well. How do we know that Bezos and the mistress didn’t make any videos together as well? Or perhaps little videos for one another?

Ponder that one too.

The fact of the matter is that nation state, hired hackers, or sleazy PI’s could all have done this and all have passed on even more dirt to use against Bezos and his mistress and it all sits somewhere in a safe on an external hard drive right? All I am saying is that there may be more to come in the future if at some other time AMI and or others decide to go nuclear on Bezos. I will sit back and watch the fires burn and sip my whiskey when it all comes down. At the end of the day it cannot be said that it wasn’t a nation state that did this and there are hints and allegations that AMI might have that avenue of interest with MBS and Saudi to have made this happen.

My biggest problem though with that is that it was so fucking hamfisted in it’s being carried out that makes me wonder if it wasn’t just AMI doing what they have been doing since they started their yellow journalism agitprop fuckery. I would hope that a nation state would be smoother than; “It would be a shame if something happened to that marriage you have there” but hey, we are in the Trump era of thuggery and clown cars full of Russians right? So yeah, entirely possible it was MBS in the conservatory with AMI and a phone hack. Time will tell though, but let’s not make this into a James Bond epic huh?

What are the chances that this was a honey-trap?

Ok, breaking out the muder conspiracy board here for the fun of it…

What if, just what if, this was a honeytrap? What if the mistress is like the brother and a Trump supporter? What if this was all a trap to get Bezos to back off by AMI and others using this woman wittingly or unwittingly? I mean, it is possible isn’t it? I am not saying it is likely but I am just gonna put that out there for you all. If I were looking to damage an adversary (perceived) like Bezos I might just hire hookers and get the good on him in a hotel that’s been wired, of course it would have to be a situation that Bezos doesn’t have a TSCM team sweeping rooms before he stays in them and such but yeah, that would be one way. Another might be to leverage someone in the orbit or put someone in the orbit who he can be enticed by and get the goods on him that way…

Ya know… like what we are seeing play out here right? This is exactly the sleazy way that espionage is carried out on the nation state level (blackmail) as it is on the AMI level of play. So this is not an impossibility. Is it likely in this case? Well, what do we know about Sanchez anyway? I guess a deeper look into her and her brother might be in order and is likely being done by the likes of the FBI right about now.

Giggity.

But yeah, with all the hyperventilation going on in the media, this is a possibility and I cannot just wipe this away as a not a thing.

Time will tell.

Forensics or GTFO!

Finally, I would like to once again yell at the media FORENSICS OR GET THE FUCK OUT! I would like to see some evidence that points to nation state hacking or intercepts of Bezos and the mistresses accounts or phones. Will we ever see this data? Well, who the hell knows really but it won’t stop me from yelling this out every time the media breathlessly makes claims that exotic espionage has been carried out on alleged hard targets who use Android phones!

STAAAAAAHHHHP

I eagerly await some evidence in this case but I don’t really expect any. I will keep an eye on it all but at the end of the day I just wanted to put this out there. It is not super secret nation state shit level stuff going on here. It may in fact be leveraged by MBS and his people but it is not something along the lines of them using SS-7 on Bezos and his mistress right?

Right?

Oh right, need forensics for that…

Derp.

K.

Written by Krypt3ia

2019/02/10 at 14:53

OPSEC and 2020

leave a comment »

 

OPSEC FAIL: IC and MIL LinkedIN Pages:

I recently had a comment on a post on LinkedIN (I post crazy darknet shit on there for giggles) that I did a double take on. The comment was from a profile of a woman who claimed to be a “Counterintelligence Agent” openly on the site. Now, if there is one thing about IC club I know is that if you are in IC club, you don’t talk about IC club openly like this unless you are retired. So I just had to look into this further. As I began to do some OSINT on the profile and the name attached I quickly came to the conclusion that this person was not at all what they claimed to be online. In fact, within a couple minutes of just Googling the name I started seeing all kinds of crazy things.

 

In the end the conclusion for this profile was that it was either a disturbed individual or that it was a cutout account for some kind of fuckery and I stepped away at that point. But, it got me thinking… Are there legit people out there using LinkedIN who are actually in the IC and posting that fact online now? Would that not be an EPIC OPSEC faux pax? Well, I decided to go look and see what I could find out there. What I found led me down a long and winding derp laden path and I bring it all to you now gentle reader. The portents of all this though lead me finally to ask the question; “Ok, if these people are online giving away their data, what are the RNC and DNC people doing post 2016?”

Well… Short answer is they are doing the same thing and giving the Russians or any other actor a plethora of data to use in spear phishing campaigns for 2020.

First though, as I started talking about, the IC seems to have a problem with OPSEC and I just don’t understand how these people are not being talked to. Take a look below and see what I mean here…

 

 

 

 

 

I did some backstop work on these and they seem legit. So my question then is how are they allowed to put this kind of information out there? Why are they doing it? I mean sure, this site is about jobs but, they are currently in a job and all of them should be more security conscious about putting their details out there I think. I mean, the people who are on protective detail for the president?

Really?

Of course then there are INTERPOL people and the like. What are they thinking? If I were looking to target people to attack with phishing and or to just watch and wait for an opening this would be my first easy stop to locating those people. I mean sure, the Chinese have all our SF86’s but geez! I also found more than a few military types who are in CI and other areas of the “secret” space that have current profiles with pictures and details that would make it fairly easy to get their information from open source and to target them as a nation state. The worst of the profiles though was this one:

 

WHAT THE? …. I can’t.

Yes, this woman is danging deets out there and if indeed is married to another CI agent… Whoa. How do these profiles even get out there? How is it that the Military is not teaching OPSEC classes and or looking at pages like this to stop this kind of thing? I do know there is a group that does this but wow. In this case I backtracked her as well and yep, I have her address etc now so I could easily target here and her spouse.

2020 RNC and DNC Attack Surface:

So, following this line of thought I started looking at profiles of people in both parties committee’s on LinkedIN. I decided though, to focus on those who would likely have admin access as a part of their job and I was not disappointed in finding a rich target environment. It turns out there are a fair bit of them out there oversharing as well. One would think that maybe after what happened to the DNC in 2016 these guys might, ya know, not want that kind of detail out there but hey, they are only in IT Sec and IT right?

 

 

 

 

I guess if you are a CSO or CTO you might show up on the page of the org itself but really, I would not even recommend that for some of these people. I mean, the average executive is not usually that security savvy and they are a prime target for adversaries. In the case of the DNC hack the GRU seems to have started with high visibility people in the campaign but really, if one were looking for a toehold anyone with rights would be a choice target right? I went down this rabbit hole a while and there are plenty of targets out there giving their names, their personal sites, details, and accounts such as Twitter and the like. All of this information can and likely will be used by adversaries looking to get into their networks so why are they posting all this out there?

Are we all just inured by social media?

 

I mean at least this guy tried to hide is real full name but DERP it was in his profile URL! Oh and the pic at the podium is just precious too. At least he tried though huh? This guy though is one of their “cyber” security engineers and you’d think anyone in security would have a better understanding of how not to give all this information out to anyone who wanted to abuse it right?

Guess not.

Putting on my prognostication hat, I suspect all of these people have been targeted or are on lists to be targeted by those out there looking for this kind of intel in the open source world. All you need to do is then carry out the full OSINT and you can get a pretty detailed accounting of their lives, their friends, their families, their proclivities, etc. All of this can be used against them in a campaign to subvert them and their access.

Sadly, this is the state of things.

K.

Written by Krypt3ia

2019/01/28 at 13:58

Posted in OPSEC, OPSEC_FAIL

Ryuk Ransomware Threat Intel Report

leave a comment »

I cobbled together some stuff on Ryuk in case you all want to have a report you can re-purpose.

K…

PDF is here

 

 

 

Ryuk Ransomware Threat Intelligence Report

1/4/2019

Table of Contents

    1. Executive Summary:

The Ryuk variant of ransomware is a new type of ransomware that first appeared in August 2018 and has been used since then in an targeted attack scheme by unknown actors online. The evolution of the attack has taken shape to mimic some of the attack methodologies used by the SAMSAM group (Iran) in locating vulnerable enterprises/organizations through reconnaissance and phishing to then gain a foothold in as a first phase of their attack.

The Ryuk actors then escalate the incursion by loading the ransomware (Ryuk) onto servers in the enterprise and thus locking that business down completely from daily business. The attacks have been seen recently (Dec/January 2018-2019) in attacks against publishing and media corporations such as the LA Times, Chicago Times (Tribune Group) as well as DataResolution Cloud Service. The financial damages to those companies has yet to be determined but due to the attack on the Tribune group, printing of newspapers was degraded or stopped for a time.

The Ryuk actor group uses two probable means to gaining access to internal networks:

1) phishing to infect systems with EMOTET (trojan variant using PowerShell via doc files that use macros to start ps.exe) and then pivot laterally to gain more access.

2) Locating vulnerable systems online using Shodan and other tools to find open RDP sessions and exploits them to escalate the attack.

In both attack vectors the second stage of the attack is to use the access gained to recon the org to locate systems (servers) to infect with Ryuk. The Ryuk infection will then encrypt all data, delete shadow copies and leave a message that the systems have been encrypted and where to send bitcoins.

The malware campaign to date (Aug 2018 to today) has accrued approximately $2,680,077.93 in bitcoin transfers from affected organizations. The average demand for money per each attack, is per the organizations tolerances judged by the actors estimate of what they can afford. This method is a lot like the SAMSAM group.

    1. Recommendations:

Threat intelligence on the malware and the tactics of the group provide the following recommendations for response to this threat:

  • Put all IOC’s into HIDS/NIDS

  • Block known C2’s

  • Assess for vulnerable RDP sessions to the internet (Shodan)

  • Block all hashes and C2’s for EMOTET campaigns

  • Be aware of ps.exe (powershell) sessions going to the internet

    1. Technical Details:

The malware immediately begins by shutting down A/V systems and specifically SOPHOS and McAfee as well as other processes focusing not only on A/V but backup programs. Early Virus Total assessments as well as Hybrid Analysis online show some signs that the actors had tested early versions of the malware and that it had been detected by SOPHOS and McAfee.

Strings:

stop “Enterprise Client Service” /y

stop “Sophos AutoUpdate Service” /y

stop “Sophos Clean Service” /y

stop “Sophos Device Control Service” /y

stop “Sophos File Scanner Service” /y

stop “Sophos Health Service” /y

stop “Sophos Safestore Service” /y

stop “Sophos System Protection Service” /y

stop “Sophos Web Control Service” /y

stop “SQLsafe Backup Service” /y

stop “SQLsafe Filter Service” /y

stop “Veeam Backup Catalog Data Service” /y

stop “Zoolz 2 Service” /y

stop Antivirus /y

stop BackupExecAgentAccelerator /y

stop BackupExecAgentBrowser /y

stop BackupExecDeviceMediaService /y

stop BackupExecJobEngine /y

stop BackupExecManagementService /y

stop BackupExecRPCService /y

stop BackupExecVSSProvider /y

stop EhttpSrv /y

stop EPSecurityService /y

stop EPUpdateService /y

stop MBAMService /y

stop McAfeeEngineService /y

stop McAfeeFramework /y

stop McAfeeFrameworkMcAfeeFramework /y

stop MSSQL$BKUPEXEC /y

stop MSSQLServerOLAPService /y

stop ntrtscan /y

stop PDVFSService /y

stop ReportServer /y

stop ReportServer$SQL_2008 /y

stop ReportServer$SYSTEM_BGC /y

stop ReportServer$TPS /y

stop ReportServer$TPSAMA /y

stop SAVAdminService /y

stop SAVService /y

stop SepMasterService /y

stop Smcinst /y

stop SmcService /y

stop SMTPSvc /y

stop SntpService /y

stop SQLAgent$BKUPEXEC /y

stop SQLAgent$CITRIX_METAFRAME /y

stop SQLSafeOLRService /y

stop swi_service /y

stop tmlisten /y

stop TrueKey /y

stop TrueKeyScheduler /y

stop TrueKeyServiceHelper /y

stop VeeamDeploymentService /y

stop VeeamTransportSvc /y

TerminateProcess

Currently a high number of A/V client engines now see the Ryuk malware by hashes. It is assumed that the actor may in fact re-pack the malware to avoid such detection’s if not upgrade functionality to have a wider ability to succeed and avoid HIDS/NIDS detection as well.

The malware also requires ADMIN to perform all it’s functions. This need for ADMIN is the reason that Ryuk is a second stage and not a one and done attack. EMOTET infections attain the ADMIN level access and allow the actors to recon the enterprise and determine where to attack as well as what they can access to load Ryuk and encrypt files.

    1. IOC’s:

IP(s) / Hostname(s)

  • 104.199.153[.]189

  • 104.239.157[.]210

  • 187.17.111[.]103

  • 195.20.45[.]185

  • 200.98.255[.]192

  • 23.253.126[.]58

  • 68.168.222[.]206

  • 89.119.67[.]154

URLs

  • bedava-chat[.]com

  • bestinfo[.]vv[.]si

  • digiturk[.]adsl[.]com[.]tr

  • freshmirza[.]tk

  • ibrahimreb[.]com

  • infocommsystems[.]com

  • jaragroup[.]com[.]ar

  • klkjwre9fqwieluoi[.]info

  • kukutrustnet777[.]info

  • kukutrustnet777888[.]info

  • kukutrustnet888[.]info

  • kukutrustnet987[.]info

  • lavanyacreation[.]com

  • natufarma[.]net

  • radiantjewelcraft[.]com

  • sets-hm[.]tk

  • veddagroup[.]twomini[.]com

Associated-file-path:

  • C:\Users\Public\cjoZX[.]exe

  • C:\Users\Public\window[.]bat

Associated-email-addresses:

  • WayneEvenson@tutanota[.]com

  • WayneEvenson@protonmail[.]com

  • stevkramer@protonmail.com

  • johnfraz@protonmail.com

  • stevkramer@tutanota.com

  • johnfraz@tutanota.com

  • kurtschweickardt@protonmail.com

  • kurtschweickardt@tutanota.com

  • wayneevenson@protonmail.com

  • wayneevenson@tutanota.com

  • steveedelman@protonmail.com

  • steveedelman@tutanota.com

  • andymitton@protonmail.com

  • andymitton@tutanota.com

  • kaykienzler@protonmail.com

  • bennidiez@protonmail.com

  • kaykienzler@tutanota.com

  • bennidiez@tutanota.com

  • dustinloose@protonmail.com

  • dustinloose@tutanota.com

  • AdamasVorms@tutanota.com

  • AdamasVorms@protonmail.com

  • RcsonanaGemmaran@tutanota.com

  • RcsonanaGemmaran@protonmail.com

  • dfvdc@protonmail.com

  • khgvkh@tutanota.com

  • yu66MarsellBlan@protonmail.com

  • yu66MafrsellBlan@tutanota.com

  • BruceSmithh@protonmail.com

  • BruceSmithh@tutanota.com

  • vejoydyLunde@tutanota.com

  • vejoydyLunde@protonmail.com

  • RichardsonStan@tutanota.com

  • RichardsonStan@protonmail.com

  • WillysFranks@tutanota.com

  • WillysFrank@protonmail.com

  • KangCheonSoo@tutanota.com

  • KangCheonSo@protonmail.com

  • RaulDrake@protonmail.com

  • kaidrake@tutanota.com

  • fgbfs@protonmail.com

  • fgbf@tutanota.com

  • ElaineDeaVille@tutanota.com

  • ElaineDeaVille@protonmail.com

  • TinaHahn@tutanota.com

  • TinaHahn@protonmail.com

  • ChrisJohnes@protonmail.com

  • ChrisJohnes@tutanota.com

  • DeborahPATINO@tutanota.com

  • DeborahPATINO@protonmail.com

  • CristopherBrandstrom@protonmail.com

  • CristopherBrandstrom@tutanota.com

  • DANIELEdEBLOIS@tutanota.com

  • DANIELEdEBLOIS@protonmail.com

  • petterSpurier@protonmail.com

  • petterSpurier@tutanota.com

  • arWalagnCuad@tutanota.com

  • arWalanCuad@protonmail.com

  • degrv@tutanota.com

  • fhnf@protonmail.com

  • taigrizalsec1973@protonmail.com

  • arturDale@tutanota.com

  • CamdenScott@protonmail.com

  • eliasmarco@tutanota.com

  • MelisaPeterman@protonmail.com

  • MelisaPeterman@tutanota.com

Associated-bitcoin-address:

  • 14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk

  • 1L9fYHJJxeLMD2yyhh1cMFU2EWF5ihgAmJ

  • 1KURvApbe1yC7qYxkkkvtdZ7hrNjdp18sQ

  • 15RLWdVnY5n1n7mTvU1zjg67wt86dhYqNj

  • 1LKULheYnNtJXgQNWMo24MeLrBBCouECH7

  • 1CN2iQbBikFK9jM34Nb3WLx5DCenQLnbXp

  • 14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk

  • 15FC73BdkpDMUWmxo7e7gtLRtM8gQgXyb4

  • 1NQ42zc51stA4WAVkUK8uqFAjo1DbWv4Kz

  • 1EoyVz2tbGXWL1sLZuCnSX72eR7Ju6qohH

  • 1K6MBjz79QqfLBN7XBnwxCJb8DYUmmDWAt

  • 1ChnbV4Rt7nsb5acw5YfYyvBFDj1RXcVQu

  • 162DVnddxsbXeVgdCy66RxEPADPETBGVBR

  • 12N7W9ycLhuck9Q2wT8E6BaN6XzZ4DMLau

  • 1C8n86EEttnDjNKM9Tjm7QNVgwGBncQhDs

  • 18eu6KrFgzv8yTMVvKJkRM3YBAyHLonk5G

  • 19AE1YN6Jo8ognKdJQ3xeQQL1mSZyX16op

  • 1NMgARKzfaDExDSEsNijeT3QWbvTF7FXxS

  • 12UbZzhJrdDvdyv9NdCox1Zj1FAQ5onwx3

  • 1KUbXkjDZL6HC3Er34HwJiQUAE9H81Wcsr

  • 13rTF3AYsf8xEdafUMT5W1E5Ab2aqPhkPi

  • 1Kx9TT76PHwk8sw7Ur6PsMWyEtaogX7wWY

  • 12vsQry1XrPjPCaH8gWzDJeYT7dhTmpcjL

  • 1ET85GTps8eFbgF1MvVhFVZQeNp2a6LeGw

  • 1FtQnqvjxEK5GJD9PthHM4MtdmkAeTeoRt

  • 1Kx9TT76PHwk8sw7Ur6PsMWyEtaogX7wWY

Malware Hash (MD5/SHA1/SH256)

  • c0202cf6aeab8437c638533d14563d35

  • d348f536e214a47655af387408b4fca5

  • 958c594909933d4c82e93c22850194aa

  • 86c314bc2dc37ba84f7364acd5108c2b

  • 29340643ca2e6677c19e1d3bf351d654

  • cb0c1248d3899358a375888bb4e8f3fe

  • 1354ac0d5be0c8d03f4e3aba78d2223e

  • 5ac0f050f93f86e69026faea1fbb4450

  • 1b465c0e12523747f892b48fa92a30f82e5027199a2aff06587c5269bd99f69a

  • 3c8531fc54eca31a79a23bf16d4f528067c89a5e58e1e745a2c5b1b05140f5a8

  • 95b228b664dca2e18935444c67c7c7dbda9da7450a18d429cb04f7e311af5fe9

  • 46fb27f4cff2d33baae3b1c199797d1f0929bc03166cebd092081e4fe2f9ea6e

  • 8d50d9fe17eb36edc9945a2673c1594f58a6e653f5a794058ee42e46d24d83d7

  • f21f222d8f62f2223faec375e834efb76f96b73ef70e0ef09024586cf9eef638

  • b7e945a8dafc91ebe8c8717ee3107498afc1ad5461599611d2fb07aaa7700aa1

  • 88d491bb73d509aacca103919d3a7418f9c6b611ce7dc453e1cacffed9c0f0d5

  • 5e4160a133d44a1cf90d72eedd5e6084543521fecbf070d550c6012d294ccb28

  • aacfc3e386ed12082923d03fa1120d5fa6bf7b8655ba77e04b96a45434fa9a83

  • 235ab3857ba2d2cd09311d6cc7bf1139863022579ea98be2b503921104ee20ac

  • 7c1e0597dd5a1e2d48c9cede54843aa7c299f7404630b5a2aafac2eec7358b20

  • 9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17

  • 695a716f2c43a69bdd03e74058fa23fb77e596bb4f1f3a021d529c85e9564f7d

  • 6eca3f416a08fde6688250dbd4ba4dfaa3df95a5d26b6d978dfbd67fbd159619

  • 965884f19026913b2c57b8cd4a86455a61383de01dabb69c557f45bb848f6c26

  • 8d3f68b16f0710f858d8c1d2c699260e6f43161a5510abb0e7ba567bd72c965b

  • 3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4

  • b8e463789a076b16a90d1aae73cea9d3880ac0ead1fd16587b8cd79e37a1a3d8

  • 9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2

  • 113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec

  • 1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56

  • c51024bb119211c335f95e731cfa9a744fcdb645a57d35fb379d01b7dbdd098e

Dropped Files:

details

“gimap.jar” has type “data”

“org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar” has type “data”

“Download_on_the_App_Store_Badge_fr_135x40.svg” has type “data”

“PIXEL.INF” has type “data”

“close.svg” has type “data”

“com.jrockit.mc.components.ui.ja_5.5.1.172852.jar” has type “data”

“org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar” has type “data”

“javaws.jar” has type “data”

“org-netbeans-modules-options-api.jar” has type “8086 relocatable (Microsoft)”

“org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar” has type “data”

“ADEBASE.MSI” has type “data”

“org-netbeans-core-io-ui_zh_CN.jar” has type “data”

“org.eclipse.help.ui_4.0.100.v20140401-0608.jar” has type “data”

“VeriSign_Class_3_Code_Signing_2001-4_CA.cer” has type “data”

“org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar” has type “data”

“org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar” has type “data”

“com.jrockit.mc.browser.ja_5.5.1.172852.jar” has type “data”

“org-openide-loaders_zh_CN.jar” has type “data”

“com-sun-tools-visualvm-host-remote_zh_CN.jar” has type “data”

“org-netbeans-modules-queries.jar” has type “data”

source: Extracted File

Virus Total Assessments:

Hybrid Analysis Assessments:

    1. Appendix:

URL’s:

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-involved-in-cyberattack-stopping-newspaper-distribution/

https://niiconsulting.com/Security_Advisories/Security_Advisory_Digest_Aug_2018_Edition_2.0.pdf

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-crew-makes-640-000-in-recent-activity-surge/

https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophoslabs-2019-threat-report.pdf

https://resources.malwarebytes.com/files/2018/12/Malwarebytes-Labs-Under-The-Radar-APAC-1.pdf

https://research.checkpoint.com/wp-content/uploads/2018/08/Threat_Intelligence_News_2018-08-27.pdf

https://krebsonsecurity.com/2019/01/cloud-hosting-provider-dataresolution-net-battling-christmas-eve-ransomware-attack/

https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27951/en_US/McAfee%20Labs%20Threat%20Advisory%20-%20Ransom-Ryuk_v2.pdf

http://www.rewterz.com/rewterz-news/rewterz-threat-advisory-ryuk-evolves-as-a-new-targeted-ransomware

https://www.cyber.nj.gov/threat-profiles/ransomware-variants/ryuk

https://www.maltiverse.com/sample/8d3f68b16f0710f858d8c1d2c699260e6f43161a5510abb0e7ba567bd72c965b

Written by Krypt3ia

2019/01/04 at 18:24

Shine On You Crazy Diamond: Anti-Tech Revolution: Why and How

leave a comment »

Uncle Ted: History, Technology, and Prophet-hood:

 

Recently, I came across an article about how Ted Kaczynski had garnered a new following of acolytes trying to start a new “Neo Primitive” revolution. If you are unfamiliar with Uncle Ted then you might want to click on this handy link to the UNABOMB FBI page for some history. I for one lived through the events of his bombing campaign and read the maifestoIndustrial Society and Its Future” eager to seek some clues as to who the bomber was but I also was struck by some of what the person who would be revealed as Ted Kaczynski, was trying to say about our society and its possible demise from technology. Admittedly I was younger then and I may have lacked some of the nuance in 1995 but, today it is much easier to see what Ted was trying to say using the wrong means to get the message out.

Of course Ted is in fact mentally ill and because of that much of what he is trying to say at the core of his argument is padded with pedantry and a fair bit of sexism, racism, and lack of full clarity. However, once you prize apart some of his concerns you can see his point on how technology has really sort of enslaved human kind and may do so even more as we create more and more tech that we rely on to live. If you are not up for a long and pedantic read, you might want to check out “Manhunt: UNABOMBER” on Netflix to get a sense of where his head was and it turns out, still is. While the show is dramatized the point is brought out well on what Ted was trying to say about technology as a system and how it now is controlling our lives and destroying the environment.

Now back to this article that started my trip down the Kaczynski rabbit hole again. The whole thrust of the piece is that there are people who have latched on to Ted as a prophet of sorts about his ideas on technology and its ill’s today. Some of these people have banded together to start groups or join groups that believe that society will come to an end or that technological society to be precise, will be our collective end. These people have then decided that they need to be “Neo Primitives” living in groups in the woods learning hunter-gatherer skills and living off the land. Yet others though are taking more direct and troubling actions to fight the technological society using anarchist ideals and finally seeking the prophet’s (Ted) guidance on just how to do this.

Within the article these new true believers are seen to have varying levels of angst but it seems from the piece that more than a few of them have reached out to Ted in prison asking him for advice or direction. So far it seems Ted has dealt with them up to a point only to then turn them away and with some vehemence, branded them idiots in his brusque “stop talking to me you idiot” way. However, I suspect that these true believers perhaps got Ted thinking and by 2015 he had published “Anti-Tech Revolution: How and Why” for the masses. This is the most logically sound reason why I think Ted put this book together. It really makes sense if you take into account these people had been trying to get him to lead them but he did not want to be directly linked to them perhaps because if they did carry out revolution, it would come back on him legally. Of course he is in jail forever but I suppose they could impose further sanction on him were he seen as the leader of an anti-tech revolution from inside his cell by proxy of letters to and from the revolutionaries right?

So Ted puts together this how to manual on how to fight the revolution against technology and societies that are based on it. I read all two hundred and fifty dense pages and bring to you all my condensed thoughts on his book. It took a lot of whiskey and coffee in alternating shifts to get through much of what Ted wrote here. Like the “manifesto” it is exceedingly pedantic in style and dense in ideas while being so obtuse at times one has to stop and say “uhhh what?” between the sections of chapters of which there are only four.

But what large chapters they are….

Anti-Tech Revolution: How and Why:

 

Chapter 1: The Development of a Society Can Never Be Subject to Rational Human Control

Ted spends a LOT of time in the first chapter trying to link evolutionary biology to complex systems to humans and society. The distillate of this chapter is that Ted believes that technological systems and societies are like biological systems in the way Darwinism and evolution chooses the strong or the genetically lucky to live and to thrive. It’s a long long chapter and in the end I had to just shake my head at his bloviation. Just look at the title of the chapter to see how cognitively challenging this line of thought is! Rational human control? Wait, are you saying that society is rational? Ok ok ok, I can see the argument and there is some rationality there but really, the chapter drones on about societies throughout time and the building of society from hunter gatherer to today. It goes on a long winding path with a lot of citations from history, chaos theory, and philosophy that in the end does not really make a convincing argument. What it all boiled down to is this; Societies must be small and not technology based. Basic tools are ok but once you get to agrarian systems and large populations technology is required and then it takes over.

…and that’s bad.

The only area that I enjoyed in this chapter was where he touched on chaos theory in relation to evolution and systems. His contention is that systems are not static and there is a great deal of volatility there. However, I think he missed the part of Chaos theory that lead to Complexity Theory where all the chaos forms a stable system on the macro level. Ted is a Mathematician but I don’t think he is that well read on Chaos theory never mind Complexity and those are two things you have to take into account in societal systems, human nature, and the universe itself.

Chapter 2: Why the Technological System Will Destroy Itself

 

The second chapter of the treatise is on why any technological system will destroy itself. Basically Ted goes on a bender here about how systems of technology are just rapacious machines that will, in the end, eat up everything the world has to offer in order to grow. This chapter also goes on further into the ideas of natural selection applying to technological systems. I got kinda lost here on this idea because frankly it is not the systems that are doing this, it is the people doing this to propagate the systems they create. Ted seems unable at times to separate the fact that the technology is not the slave but the tool to which we give up power. It is more about the human systems of psychology, society, and evolution that he should be concerned with, not the “systems” that we create.

Honestly the only way that I can see an argument like his being made using “self propagating systems” as he calls them, would be when we actually have a true AI that is self aware and is programmed to evolve and grow. When that happens we are likely screwed in my opinion but that time is not now and this book is not about that. Once again Ted gets lost in the details of citations from Solzhenitsyn to Max Weber. It’s a sea of ideas and is misguided in my opinion. However, I can see my way to his thinking about how we as humans are using technology more and more that in the end is allowing us to destroy the ecology of the planet. Once again though, the technology is just a tool that the humans are using within a society that they created and are expanding, it is not the system that is the problem, it is the humans using the tools without foresight on what they are doing to their surroundings. It is entirely possible to have a technological society and still have balance with ecology. It’s just that we as humans are just not there yet to grok this and really work towards that goal.

Chapter 3: How to Transform a Society: Errors to Avoid

 

This chapter delves deeply into varying political theories including quotes from Mao Zedong to Sin Fein. All of it though is oriented on groups that attempted to change society for their own system they wanted to install. Honestly most of the groups that Ted cites in this one are not shining examples of open societies or men known for their humanity. This all though dovetails into much of what Ted wants to the revolutionary to understand; “You have to break some eggs to change society” and all these people can be your guides. Ted continues on long diatribes about the failures of certain groups including a scathing review of the current crop of Neo-Luddites and “Techies” that, according to him, believe too much in rainbows and unicorns.

Chapter III Part IV: The Application

Let’s start with Chellis Glendinning’s “Notes Toward a Neo-Luddite Manifesto,” which can be found in an anthology compiled by David
Skrbina.151 Glendinning’s statement of the goals of neo-luddism is long and complicated, and most of the stated goals are hopelessly vague.

Here is a sample:

We favor the creation ef technologies in which politics, morality, ecology,
and technics are merged far the benefit ef life on Earth: Community-based energy sources utilizing solar, wind, and water
technologies-which are renewable and enhance both community relations and respect for nature;

•Organic, biological technologies . . . which derive directly from natural
models and systems;
•Conflict resolution technologies-which emphasize cooperation,
understanding, and continuity of relationship; and
•Decentralized social technologies-which encourage participation,
responsibility, and empowerment .

. . . We favor the development of a life-enhancing worldview in Western
technological societies. We hope to instill a perception of life, death,
and human potential into technological societies that will integrate
the human need for creative expression, spiritual experience and
community with the capacity for rational thought and functionality.
We perceive the human role not as the dominator of other species
and planetary biology, but as integrated into the natural world with
appreciation for the sacredness of all life.

Frankly I agree with Ted here. These people are vague and believers that technology will solve everything. Where Ted and I part is that once again, I think the people are the key, not the destruction of the system. The people need to come to the conclusion that they need to manage the technology and the systems in a way to achieve balance in order to grow and not destroy the balance.

…Then again, I am not mentally ill like Ted.

The takeaway here is that Ted is setting up the argument in the next chapter. That argument basically is that the “revolutionaries” need to steel themselves for the right time to take over if not make that moment happen themselves.

Chapter IV: Strategic Guidelines for an Anti-Tech Movement

 

The final chapter is really where the rubber meets the road so to speak in this book. As you can tell from the title, Ted is setting the revolutionaries up with a pep talk on how they need to proceed to win the war. The thrust of the chapter is that the revolution needs to be resolute, have a consistent single minded narrative, and to be somewhat ruthless. Of course Ted is careful to not go over the line in this chapter into areas of illegality. No, in fact he calls out in one place that the revolutionaries should not commit crimes while hinting at actions that may very well be criminal to fight the battle.

Ted covers everything from creating small small agile teams of people with the right skills (cells) as well as leveraging media, propaganda, and the very technologies that the movements are to be fighting. Yup, in fact he has a section where he says there should be teams within the revolution who are expert at such technologies and ideas as surveillance, crypto, hacking, etc to be used against the system. I don’t know about you, but a lot of what he is laying out here sounds like a terrorist cell. Of course Ted is using the rubric of the title “revolution” but honestly, how many revolutionaries in your lifetime have been anything other than varying shades of terrorists?

This last chapter is the clearest and yet most couched message to the would be revolutionaries. It is an epistle on how to form a revolutionary cell, create a larger structure on multiple continents, and wait for the right moment to strike. How to strike? Well, for one thing wait until the technology fails and then take over once everyone is demoralized. The other method is to maybe cause the failure of the technological system and then follow through taking over once the people are demoralized. Either way, Ted is advocating for active resistance to technological society and to take measures to fight it and take it over.

It’s really that simple.

All his preambles in the first three chapters are just long winded thought bombs to convince those who frankly, if they are already reading this treatise, are already convinced. But hey, you gotta lay out the premise right? Overall this book tries to brain dump a whole ethos using junk political thought, science, and a smattering of radical action to prep those Neo-Luds out there unable to focus their efforts properly per Ted.

It’s unbalanced.

Final Thoughts on Anti-Tech Revolution How and Why:

 

While I am rather fascinated with some of Ted’s ideas, this book was just a long winded exhortation for someone to take action in Ted’s war on technological society. Since he is incarcerated there is no one carrying out the war he started, and frankly I suspect that kinda rankles him. I am sure that once these kids started reaching out to him (once again read the article “Children of Ted”it all got stuck in his craw again that no one picked up the fight since his arrest. His manifesto did not reach the right people I guess until now and he is trying to kindle that flame but feels that these kids are all morons so he will teach them with a book.

Speaking of the kids, that article should worry you about these kinds of movements as we see more things going wrong out there climate wise as well as politically. Ted was right about a few things in the manifesto, we are slaves to the technology but we allow ourselves to be. However, in that enslavement we have also become more alone and insular. We have higher rates of depression and we are seeing civility basically coming apart at the seams online while we get a steady feed of advertising and disinformation with a side dish of hate. The technology is allowing our basest of instincts run amok and so far we are ill equipped to do anything about ourselves doing this never mind our aggressors like Russia. No, Ted did have some ideas that are pertinent but his mental state rendered him unable to get the core ideas to the masses without using explosives and terror.

What Ted has laid out here will likely be ingested by the true believers but it is the last chapter that should concern us all. If these Neo-Luds and Eco-Terrorists mesh, then we are likely to see a new kind of Monkey Wrench Gang working out there against the “technological society” at large seen as the enemy of the planet. I know that certain agencies and military branches have already been talking about these kinds of activities ramping up as climate change starts affecting more people. I for one will keep an eye out for this as well because it seems that climate change is only getting worse and the effects are becoming more discernible by the lay people.

Including the Neo-Luds and Ted’s children.

K.

Written by Krypt3ia

2018/12/31 at 14:59

Posted in Uncle Ted