Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

OPSEC and 2020

leave a comment »

 

OPSEC FAIL: IC and MIL LinkedIN Pages:

I recently had a comment on a post on LinkedIN (I post crazy darknet shit on there for giggles) that I did a double take on. The comment was from a profile of a woman who claimed to be a “Counterintelligence Agent” openly on the site. Now, if there is one thing about IC club I know is that if you are in IC club, you don’t talk about IC club openly like this unless you are retired. So I just had to look into this further. As I began to do some OSINT on the profile and the name attached I quickly came to the conclusion that this person was not at all what they claimed to be online. In fact, within a couple minutes of just Googling the name I started seeing all kinds of crazy things.

 

In the end the conclusion for this profile was that it was either a disturbed individual or that it was a cutout account for some kind of fuckery and I stepped away at that point. But, it got me thinking… Are there legit people out there using LinkedIN who are actually in the IC and posting that fact online now? Would that not be an EPIC OPSEC faux pax? Well, I decided to go look and see what I could find out there. What I found led me down a long and winding derp laden path and I bring it all to you now gentle reader. The portents of all this though lead me finally to ask the question; “Ok, if these people are online giving away their data, what are the RNC and DNC people doing post 2016?”

Well… Short answer is they are doing the same thing and giving the Russians or any other actor a plethora of data to use in spear phishing campaigns for 2020.

First though, as I started talking about, the IC seems to have a problem with OPSEC and I just don’t understand how these people are not being talked to. Take a look below and see what I mean here…

 

 

 

 

 

I did some backstop work on these and they seem legit. So my question then is how are they allowed to put this kind of information out there? Why are they doing it? I mean sure, this site is about jobs but, they are currently in a job and all of them should be more security conscious about putting their details out there I think. I mean, the people who are on protective detail for the president?

Really?

Of course then there are INTERPOL people and the like. What are they thinking? If I were looking to target people to attack with phishing and or to just watch and wait for an opening this would be my first easy stop to locating those people. I mean sure, the Chinese have all our SF86’s but geez! I also found more than a few military types who are in CI and other areas of the “secret” space that have current profiles with pictures and details that would make it fairly easy to get their information from open source and to target them as a nation state. The worst of the profiles though was this one:

 

WHAT THE? …. I can’t.

Yes, this woman is danging deets out there and if indeed is married to another CI agent… Whoa. How do these profiles even get out there? How is it that the Military is not teaching OPSEC classes and or looking at pages like this to stop this kind of thing? I do know there is a group that does this but wow. In this case I backtracked her as well and yep, I have her address etc now so I could easily target here and her spouse.

2020 RNC and DNC Attack Surface:

So, following this line of thought I started looking at profiles of people in both parties committee’s on LinkedIN. I decided though, to focus on those who would likely have admin access as a part of their job and I was not disappointed in finding a rich target environment. It turns out there are a fair bit of them out there oversharing as well. One would think that maybe after what happened to the DNC in 2016 these guys might, ya know, not want that kind of detail out there but hey, they are only in IT Sec and IT right?

 

 

 

 

I guess if you are a CSO or CTO you might show up on the page of the org itself but really, I would not even recommend that for some of these people. I mean, the average executive is not usually that security savvy and they are a prime target for adversaries. In the case of the DNC hack the GRU seems to have started with high visibility people in the campaign but really, if one were looking for a toehold anyone with rights would be a choice target right? I went down this rabbit hole a while and there are plenty of targets out there giving their names, their personal sites, details, and accounts such as Twitter and the like. All of this information can and likely will be used by adversaries looking to get into their networks so why are they posting all this out there?

Are we all just inured by social media?

 

I mean at least this guy tried to hide is real full name but DERP it was in his profile URL! Oh and the pic at the podium is just precious too. At least he tried though huh? This guy though is one of their “cyber” security engineers and you’d think anyone in security would have a better understanding of how not to give all this information out to anyone who wanted to abuse it right?

Guess not.

Putting on my prognostication hat, I suspect all of these people have been targeted or are on lists to be targeted by those out there looking for this kind of intel in the open source world. All you need to do is then carry out the full OSINT and you can get a pretty detailed accounting of their lives, their friends, their families, their proclivities, etc. All of this can be used against them in a campaign to subvert them and their access.

Sadly, this is the state of things.

K.

Written by Krypt3ia

2019/01/28 at 13:58

Posted in OPSEC, OPSEC_FAIL

Ryuk Ransomware Threat Intel Report

leave a comment »

I cobbled together some stuff on Ryuk in case you all want to have a report you can re-purpose.

K…

PDF is here

 

 

 

Ryuk Ransomware Threat Intelligence Report

1/4/2019

Table of Contents

    1. Executive Summary:

The Ryuk variant of ransomware is a new type of ransomware that first appeared in August 2018 and has been used since then in an targeted attack scheme by unknown actors online. The evolution of the attack has taken shape to mimic some of the attack methodologies used by the SAMSAM group (Iran) in locating vulnerable enterprises/organizations through reconnaissance and phishing to then gain a foothold in as a first phase of their attack.

The Ryuk actors then escalate the incursion by loading the ransomware (Ryuk) onto servers in the enterprise and thus locking that business down completely from daily business. The attacks have been seen recently (Dec/January 2018-2019) in attacks against publishing and media corporations such as the LA Times, Chicago Times (Tribune Group) as well as DataResolution Cloud Service. The financial damages to those companies has yet to be determined but due to the attack on the Tribune group, printing of newspapers was degraded or stopped for a time.

The Ryuk actor group uses two probable means to gaining access to internal networks:

1) phishing to infect systems with EMOTET (trojan variant using PowerShell via doc files that use macros to start ps.exe) and then pivot laterally to gain more access.

2) Locating vulnerable systems online using Shodan and other tools to find open RDP sessions and exploits them to escalate the attack.

In both attack vectors the second stage of the attack is to use the access gained to recon the org to locate systems (servers) to infect with Ryuk. The Ryuk infection will then encrypt all data, delete shadow copies and leave a message that the systems have been encrypted and where to send bitcoins.

The malware campaign to date (Aug 2018 to today) has accrued approximately $2,680,077.93 in bitcoin transfers from affected organizations. The average demand for money per each attack, is per the organizations tolerances judged by the actors estimate of what they can afford. This method is a lot like the SAMSAM group.

    1. Recommendations:

Threat intelligence on the malware and the tactics of the group provide the following recommendations for response to this threat:

  • Put all IOC’s into HIDS/NIDS

  • Block known C2’s

  • Assess for vulnerable RDP sessions to the internet (Shodan)

  • Block all hashes and C2’s for EMOTET campaigns

  • Be aware of ps.exe (powershell) sessions going to the internet

    1. Technical Details:

The malware immediately begins by shutting down A/V systems and specifically SOPHOS and McAfee as well as other processes focusing not only on A/V but backup programs. Early Virus Total assessments as well as Hybrid Analysis online show some signs that the actors had tested early versions of the malware and that it had been detected by SOPHOS and McAfee.

Strings:

stop “Enterprise Client Service” /y

stop “Sophos AutoUpdate Service” /y

stop “Sophos Clean Service” /y

stop “Sophos Device Control Service” /y

stop “Sophos File Scanner Service” /y

stop “Sophos Health Service” /y

stop “Sophos Safestore Service” /y

stop “Sophos System Protection Service” /y

stop “Sophos Web Control Service” /y

stop “SQLsafe Backup Service” /y

stop “SQLsafe Filter Service” /y

stop “Veeam Backup Catalog Data Service” /y

stop “Zoolz 2 Service” /y

stop Antivirus /y

stop BackupExecAgentAccelerator /y

stop BackupExecAgentBrowser /y

stop BackupExecDeviceMediaService /y

stop BackupExecJobEngine /y

stop BackupExecManagementService /y

stop BackupExecRPCService /y

stop BackupExecVSSProvider /y

stop EhttpSrv /y

stop EPSecurityService /y

stop EPUpdateService /y

stop MBAMService /y

stop McAfeeEngineService /y

stop McAfeeFramework /y

stop McAfeeFrameworkMcAfeeFramework /y

stop MSSQL$BKUPEXEC /y

stop MSSQLServerOLAPService /y

stop ntrtscan /y

stop PDVFSService /y

stop ReportServer /y

stop ReportServer$SQL_2008 /y

stop ReportServer$SYSTEM_BGC /y

stop ReportServer$TPS /y

stop ReportServer$TPSAMA /y

stop SAVAdminService /y

stop SAVService /y

stop SepMasterService /y

stop Smcinst /y

stop SmcService /y

stop SMTPSvc /y

stop SntpService /y

stop SQLAgent$BKUPEXEC /y

stop SQLAgent$CITRIX_METAFRAME /y

stop SQLSafeOLRService /y

stop swi_service /y

stop tmlisten /y

stop TrueKey /y

stop TrueKeyScheduler /y

stop TrueKeyServiceHelper /y

stop VeeamDeploymentService /y

stop VeeamTransportSvc /y

TerminateProcess

Currently a high number of A/V client engines now see the Ryuk malware by hashes. It is assumed that the actor may in fact re-pack the malware to avoid such detection’s if not upgrade functionality to have a wider ability to succeed and avoid HIDS/NIDS detection as well.

The malware also requires ADMIN to perform all it’s functions. This need for ADMIN is the reason that Ryuk is a second stage and not a one and done attack. EMOTET infections attain the ADMIN level access and allow the actors to recon the enterprise and determine where to attack as well as what they can access to load Ryuk and encrypt files.

    1. IOC’s:

IP(s) / Hostname(s)

  • 104.199.153[.]189

  • 104.239.157[.]210

  • 187.17.111[.]103

  • 195.20.45[.]185

  • 200.98.255[.]192

  • 23.253.126[.]58

  • 68.168.222[.]206

  • 89.119.67[.]154

URLs

  • bedava-chat[.]com

  • bestinfo[.]vv[.]si

  • digiturk[.]adsl[.]com[.]tr

  • freshmirza[.]tk

  • ibrahimreb[.]com

  • infocommsystems[.]com

  • jaragroup[.]com[.]ar

  • klkjwre9fqwieluoi[.]info

  • kukutrustnet777[.]info

  • kukutrustnet777888[.]info

  • kukutrustnet888[.]info

  • kukutrustnet987[.]info

  • lavanyacreation[.]com

  • natufarma[.]net

  • radiantjewelcraft[.]com

  • sets-hm[.]tk

  • veddagroup[.]twomini[.]com

Associated-file-path:

  • C:\Users\Public\cjoZX[.]exe

  • C:\Users\Public\window[.]bat

Associated-email-addresses:

  • WayneEvenson@tutanota[.]com

  • WayneEvenson@protonmail[.]com

  • stevkramer@protonmail.com

  • johnfraz@protonmail.com

  • stevkramer@tutanota.com

  • johnfraz@tutanota.com

  • kurtschweickardt@protonmail.com

  • kurtschweickardt@tutanota.com

  • wayneevenson@protonmail.com

  • wayneevenson@tutanota.com

  • steveedelman@protonmail.com

  • steveedelman@tutanota.com

  • andymitton@protonmail.com

  • andymitton@tutanota.com

  • kaykienzler@protonmail.com

  • bennidiez@protonmail.com

  • kaykienzler@tutanota.com

  • bennidiez@tutanota.com

  • dustinloose@protonmail.com

  • dustinloose@tutanota.com

  • AdamasVorms@tutanota.com

  • AdamasVorms@protonmail.com

  • RcsonanaGemmaran@tutanota.com

  • RcsonanaGemmaran@protonmail.com

  • dfvdc@protonmail.com

  • khgvkh@tutanota.com

  • yu66MarsellBlan@protonmail.com

  • yu66MafrsellBlan@tutanota.com

  • BruceSmithh@protonmail.com

  • BruceSmithh@tutanota.com

  • vejoydyLunde@tutanota.com

  • vejoydyLunde@protonmail.com

  • RichardsonStan@tutanota.com

  • RichardsonStan@protonmail.com

  • WillysFranks@tutanota.com

  • WillysFrank@protonmail.com

  • KangCheonSoo@tutanota.com

  • KangCheonSo@protonmail.com

  • RaulDrake@protonmail.com

  • kaidrake@tutanota.com

  • fgbfs@protonmail.com

  • fgbf@tutanota.com

  • ElaineDeaVille@tutanota.com

  • ElaineDeaVille@protonmail.com

  • TinaHahn@tutanota.com

  • TinaHahn@protonmail.com

  • ChrisJohnes@protonmail.com

  • ChrisJohnes@tutanota.com

  • DeborahPATINO@tutanota.com

  • DeborahPATINO@protonmail.com

  • CristopherBrandstrom@protonmail.com

  • CristopherBrandstrom@tutanota.com

  • DANIELEdEBLOIS@tutanota.com

  • DANIELEdEBLOIS@protonmail.com

  • petterSpurier@protonmail.com

  • petterSpurier@tutanota.com

  • arWalagnCuad@tutanota.com

  • arWalanCuad@protonmail.com

  • degrv@tutanota.com

  • fhnf@protonmail.com

  • taigrizalsec1973@protonmail.com

  • arturDale@tutanota.com

  • CamdenScott@protonmail.com

  • eliasmarco@tutanota.com

  • MelisaPeterman@protonmail.com

  • MelisaPeterman@tutanota.com

Associated-bitcoin-address:

  • 14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk

  • 1L9fYHJJxeLMD2yyhh1cMFU2EWF5ihgAmJ

  • 1KURvApbe1yC7qYxkkkvtdZ7hrNjdp18sQ

  • 15RLWdVnY5n1n7mTvU1zjg67wt86dhYqNj

  • 1LKULheYnNtJXgQNWMo24MeLrBBCouECH7

  • 1CN2iQbBikFK9jM34Nb3WLx5DCenQLnbXp

  • 14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk

  • 15FC73BdkpDMUWmxo7e7gtLRtM8gQgXyb4

  • 1NQ42zc51stA4WAVkUK8uqFAjo1DbWv4Kz

  • 1EoyVz2tbGXWL1sLZuCnSX72eR7Ju6qohH

  • 1K6MBjz79QqfLBN7XBnwxCJb8DYUmmDWAt

  • 1ChnbV4Rt7nsb5acw5YfYyvBFDj1RXcVQu

  • 162DVnddxsbXeVgdCy66RxEPADPETBGVBR

  • 12N7W9ycLhuck9Q2wT8E6BaN6XzZ4DMLau

  • 1C8n86EEttnDjNKM9Tjm7QNVgwGBncQhDs

  • 18eu6KrFgzv8yTMVvKJkRM3YBAyHLonk5G

  • 19AE1YN6Jo8ognKdJQ3xeQQL1mSZyX16op

  • 1NMgARKzfaDExDSEsNijeT3QWbvTF7FXxS

  • 12UbZzhJrdDvdyv9NdCox1Zj1FAQ5onwx3

  • 1KUbXkjDZL6HC3Er34HwJiQUAE9H81Wcsr

  • 13rTF3AYsf8xEdafUMT5W1E5Ab2aqPhkPi

  • 1Kx9TT76PHwk8sw7Ur6PsMWyEtaogX7wWY

  • 12vsQry1XrPjPCaH8gWzDJeYT7dhTmpcjL

  • 1ET85GTps8eFbgF1MvVhFVZQeNp2a6LeGw

  • 1FtQnqvjxEK5GJD9PthHM4MtdmkAeTeoRt

  • 1Kx9TT76PHwk8sw7Ur6PsMWyEtaogX7wWY

Malware Hash (MD5/SHA1/SH256)

  • c0202cf6aeab8437c638533d14563d35

  • d348f536e214a47655af387408b4fca5

  • 958c594909933d4c82e93c22850194aa

  • 86c314bc2dc37ba84f7364acd5108c2b

  • 29340643ca2e6677c19e1d3bf351d654

  • cb0c1248d3899358a375888bb4e8f3fe

  • 1354ac0d5be0c8d03f4e3aba78d2223e

  • 5ac0f050f93f86e69026faea1fbb4450

  • 1b465c0e12523747f892b48fa92a30f82e5027199a2aff06587c5269bd99f69a

  • 3c8531fc54eca31a79a23bf16d4f528067c89a5e58e1e745a2c5b1b05140f5a8

  • 95b228b664dca2e18935444c67c7c7dbda9da7450a18d429cb04f7e311af5fe9

  • 46fb27f4cff2d33baae3b1c199797d1f0929bc03166cebd092081e4fe2f9ea6e

  • 8d50d9fe17eb36edc9945a2673c1594f58a6e653f5a794058ee42e46d24d83d7

  • f21f222d8f62f2223faec375e834efb76f96b73ef70e0ef09024586cf9eef638

  • b7e945a8dafc91ebe8c8717ee3107498afc1ad5461599611d2fb07aaa7700aa1

  • 88d491bb73d509aacca103919d3a7418f9c6b611ce7dc453e1cacffed9c0f0d5

  • 5e4160a133d44a1cf90d72eedd5e6084543521fecbf070d550c6012d294ccb28

  • aacfc3e386ed12082923d03fa1120d5fa6bf7b8655ba77e04b96a45434fa9a83

  • 235ab3857ba2d2cd09311d6cc7bf1139863022579ea98be2b503921104ee20ac

  • 7c1e0597dd5a1e2d48c9cede54843aa7c299f7404630b5a2aafac2eec7358b20

  • 9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17

  • 695a716f2c43a69bdd03e74058fa23fb77e596bb4f1f3a021d529c85e9564f7d

  • 6eca3f416a08fde6688250dbd4ba4dfaa3df95a5d26b6d978dfbd67fbd159619

  • 965884f19026913b2c57b8cd4a86455a61383de01dabb69c557f45bb848f6c26

  • 8d3f68b16f0710f858d8c1d2c699260e6f43161a5510abb0e7ba567bd72c965b

  • 3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4

  • b8e463789a076b16a90d1aae73cea9d3880ac0ead1fd16587b8cd79e37a1a3d8

  • 9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2

  • 113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec

  • 1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56

  • c51024bb119211c335f95e731cfa9a744fcdb645a57d35fb379d01b7dbdd098e

Dropped Files:

details

“gimap.jar” has type “data”

“org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar” has type “data”

“Download_on_the_App_Store_Badge_fr_135x40.svg” has type “data”

“PIXEL.INF” has type “data”

“close.svg” has type “data”

“com.jrockit.mc.components.ui.ja_5.5.1.172852.jar” has type “data”

“org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar” has type “data”

“javaws.jar” has type “data”

“org-netbeans-modules-options-api.jar” has type “8086 relocatable (Microsoft)”

“org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar” has type “data”

“ADEBASE.MSI” has type “data”

“org-netbeans-core-io-ui_zh_CN.jar” has type “data”

“org.eclipse.help.ui_4.0.100.v20140401-0608.jar” has type “data”

“VeriSign_Class_3_Code_Signing_2001-4_CA.cer” has type “data”

“org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar” has type “data”

“org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar” has type “data”

“com.jrockit.mc.browser.ja_5.5.1.172852.jar” has type “data”

“org-openide-loaders_zh_CN.jar” has type “data”

“com-sun-tools-visualvm-host-remote_zh_CN.jar” has type “data”

“org-netbeans-modules-queries.jar” has type “data”

source: Extracted File

Virus Total Assessments:

Hybrid Analysis Assessments:

    1. Appendix:

URL’s:

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-involved-in-cyberattack-stopping-newspaper-distribution/

https://niiconsulting.com/Security_Advisories/Security_Advisory_Digest_Aug_2018_Edition_2.0.pdf

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-crew-makes-640-000-in-recent-activity-surge/

https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophoslabs-2019-threat-report.pdf

https://resources.malwarebytes.com/files/2018/12/Malwarebytes-Labs-Under-The-Radar-APAC-1.pdf

https://research.checkpoint.com/wp-content/uploads/2018/08/Threat_Intelligence_News_2018-08-27.pdf

https://krebsonsecurity.com/2019/01/cloud-hosting-provider-dataresolution-net-battling-christmas-eve-ransomware-attack/

https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27951/en_US/McAfee%20Labs%20Threat%20Advisory%20-%20Ransom-Ryuk_v2.pdf

http://www.rewterz.com/rewterz-news/rewterz-threat-advisory-ryuk-evolves-as-a-new-targeted-ransomware

https://www.cyber.nj.gov/threat-profiles/ransomware-variants/ryuk

https://www.maltiverse.com/sample/8d3f68b16f0710f858d8c1d2c699260e6f43161a5510abb0e7ba567bd72c965b

Written by Krypt3ia

2019/01/04 at 18:24

Shine On You Crazy Diamond: Anti-Tech Revolution: Why and How

leave a comment »

Uncle Ted: History, Technology, and Prophet-hood:

 

Recently, I came across an article about how Ted Kaczynski had garnered a new following of acolytes trying to start a new “Neo Primitive” revolution. If you are unfamiliar with Uncle Ted then you might want to click on this handy link to the UNABOMB FBI page for some history. I for one lived through the events of his bombing campaign and read the maifestoIndustrial Society and Its Future” eager to seek some clues as to who the bomber was but I also was struck by some of what the person who would be revealed as Ted Kaczynski, was trying to say about our society and its possible demise from technology. Admittedly I was younger then and I may have lacked some of the nuance in 1995 but, today it is much easier to see what Ted was trying to say using the wrong means to get the message out.

Of course Ted is in fact mentally ill and because of that much of what he is trying to say at the core of his argument is padded with pedantry and a fair bit of sexism, racism, and lack of full clarity. However, once you prize apart some of his concerns you can see his point on how technology has really sort of enslaved human kind and may do so even more as we create more and more tech that we rely on to live. If you are not up for a long and pedantic read, you might want to check out “Manhunt: UNABOMBER” on Netflix to get a sense of where his head was and it turns out, still is. While the show is dramatized the point is brought out well on what Ted was trying to say about technology as a system and how it now is controlling our lives and destroying the environment.

Now back to this article that started my trip down the Kaczynski rabbit hole again. The whole thrust of the piece is that there are people who have latched on to Ted as a prophet of sorts about his ideas on technology and its ill’s today. Some of these people have banded together to start groups or join groups that believe that society will come to an end or that technological society to be precise, will be our collective end. These people have then decided that they need to be “Neo Primitives” living in groups in the woods learning hunter-gatherer skills and living off the land. Yet others though are taking more direct and troubling actions to fight the technological society using anarchist ideals and finally seeking the prophet’s (Ted) guidance on just how to do this.

Within the article these new true believers are seen to have varying levels of angst but it seems from the piece that more than a few of them have reached out to Ted in prison asking him for advice or direction. So far it seems Ted has dealt with them up to a point only to then turn them away and with some vehemence, branded them idiots in his brusque “stop talking to me you idiot” way. However, I suspect that these true believers perhaps got Ted thinking and by 2015 he had published “Anti-Tech Revolution: How and Why” for the masses. This is the most logically sound reason why I think Ted put this book together. It really makes sense if you take into account these people had been trying to get him to lead them but he did not want to be directly linked to them perhaps because if they did carry out revolution, it would come back on him legally. Of course he is in jail forever but I suppose they could impose further sanction on him were he seen as the leader of an anti-tech revolution from inside his cell by proxy of letters to and from the revolutionaries right?

So Ted puts together this how to manual on how to fight the revolution against technology and societies that are based on it. I read all two hundred and fifty dense pages and bring to you all my condensed thoughts on his book. It took a lot of whiskey and coffee in alternating shifts to get through much of what Ted wrote here. Like the “manifesto” it is exceedingly pedantic in style and dense in ideas while being so obtuse at times one has to stop and say “uhhh what?” between the sections of chapters of which there are only four.

But what large chapters they are….

Anti-Tech Revolution: How and Why:

 

Chapter 1: The Development of a Society Can Never Be Subject to Rational Human Control

Ted spends a LOT of time in the first chapter trying to link evolutionary biology to complex systems to humans and society. The distillate of this chapter is that Ted believes that technological systems and societies are like biological systems in the way Darwinism and evolution chooses the strong or the genetically lucky to live and to thrive. It’s a long long chapter and in the end I had to just shake my head at his bloviation. Just look at the title of the chapter to see how cognitively challenging this line of thought is! Rational human control? Wait, are you saying that society is rational? Ok ok ok, I can see the argument and there is some rationality there but really, the chapter drones on about societies throughout time and the building of society from hunter gatherer to today. It goes on a long winding path with a lot of citations from history, chaos theory, and philosophy that in the end does not really make a convincing argument. What it all boiled down to is this; Societies must be small and not technology based. Basic tools are ok but once you get to agrarian systems and large populations technology is required and then it takes over.

…and that’s bad.

The only area that I enjoyed in this chapter was where he touched on chaos theory in relation to evolution and systems. His contention is that systems are not static and there is a great deal of volatility there. However, I think he missed the part of Chaos theory that lead to Complexity Theory where all the chaos forms a stable system on the macro level. Ted is a Mathematician but I don’t think he is that well read on Chaos theory never mind Complexity and those are two things you have to take into account in societal systems, human nature, and the universe itself.

Chapter 2: Why the Technological System Will Destroy Itself

 

The second chapter of the treatise is on why any technological system will destroy itself. Basically Ted goes on a bender here about how systems of technology are just rapacious machines that will, in the end, eat up everything the world has to offer in order to grow. This chapter also goes on further into the ideas of natural selection applying to technological systems. I got kinda lost here on this idea because frankly it is not the systems that are doing this, it is the people doing this to propagate the systems they create. Ted seems unable at times to separate the fact that the technology is not the slave but the tool to which we give up power. It is more about the human systems of psychology, society, and evolution that he should be concerned with, not the “systems” that we create.

Honestly the only way that I can see an argument like his being made using “self propagating systems” as he calls them, would be when we actually have a true AI that is self aware and is programmed to evolve and grow. When that happens we are likely screwed in my opinion but that time is not now and this book is not about that. Once again Ted gets lost in the details of citations from Solzhenitsyn to Max Weber. It’s a sea of ideas and is misguided in my opinion. However, I can see my way to his thinking about how we as humans are using technology more and more that in the end is allowing us to destroy the ecology of the planet. Once again though, the technology is just a tool that the humans are using within a society that they created and are expanding, it is not the system that is the problem, it is the humans using the tools without foresight on what they are doing to their surroundings. It is entirely possible to have a technological society and still have balance with ecology. It’s just that we as humans are just not there yet to grok this and really work towards that goal.

Chapter 3: How to Transform a Society: Errors to Avoid

 

This chapter delves deeply into varying political theories including quotes from Mao Zedong to Sin Fein. All of it though is oriented on groups that attempted to change society for their own system they wanted to install. Honestly most of the groups that Ted cites in this one are not shining examples of open societies or men known for their humanity. This all though dovetails into much of what Ted wants to the revolutionary to understand; “You have to break some eggs to change society” and all these people can be your guides. Ted continues on long diatribes about the failures of certain groups including a scathing review of the current crop of Neo-Luddites and “Techies” that, according to him, believe too much in rainbows and unicorns.

Chapter III Part IV: The Application

Let’s start with Chellis Glendinning’s “Notes Toward a Neo-Luddite Manifesto,” which can be found in an anthology compiled by David
Skrbina.151 Glendinning’s statement of the goals of neo-luddism is long and complicated, and most of the stated goals are hopelessly vague.

Here is a sample:

We favor the creation ef technologies in which politics, morality, ecology,
and technics are merged far the benefit ef life on Earth: Community-based energy sources utilizing solar, wind, and water
technologies-which are renewable and enhance both community relations and respect for nature;

•Organic, biological technologies . . . which derive directly from natural
models and systems;
•Conflict resolution technologies-which emphasize cooperation,
understanding, and continuity of relationship; and
•Decentralized social technologies-which encourage participation,
responsibility, and empowerment .

. . . We favor the development of a life-enhancing worldview in Western
technological societies. We hope to instill a perception of life, death,
and human potential into technological societies that will integrate
the human need for creative expression, spiritual experience and
community with the capacity for rational thought and functionality.
We perceive the human role not as the dominator of other species
and planetary biology, but as integrated into the natural world with
appreciation for the sacredness of all life.

Frankly I agree with Ted here. These people are vague and believers that technology will solve everything. Where Ted and I part is that once again, I think the people are the key, not the destruction of the system. The people need to come to the conclusion that they need to manage the technology and the systems in a way to achieve balance in order to grow and not destroy the balance.

…Then again, I am not mentally ill like Ted.

The takeaway here is that Ted is setting up the argument in the next chapter. That argument basically is that the “revolutionaries” need to steel themselves for the right time to take over if not make that moment happen themselves.

Chapter IV: Strategic Guidelines for an Anti-Tech Movement

 

The final chapter is really where the rubber meets the road so to speak in this book. As you can tell from the title, Ted is setting the revolutionaries up with a pep talk on how they need to proceed to win the war. The thrust of the chapter is that the revolution needs to be resolute, have a consistent single minded narrative, and to be somewhat ruthless. Of course Ted is careful to not go over the line in this chapter into areas of illegality. No, in fact he calls out in one place that the revolutionaries should not commit crimes while hinting at actions that may very well be criminal to fight the battle.

Ted covers everything from creating small small agile teams of people with the right skills (cells) as well as leveraging media, propaganda, and the very technologies that the movements are to be fighting. Yup, in fact he has a section where he says there should be teams within the revolution who are expert at such technologies and ideas as surveillance, crypto, hacking, etc to be used against the system. I don’t know about you, but a lot of what he is laying out here sounds like a terrorist cell. Of course Ted is using the rubric of the title “revolution” but honestly, how many revolutionaries in your lifetime have been anything other than varying shades of terrorists?

This last chapter is the clearest and yet most couched message to the would be revolutionaries. It is an epistle on how to form a revolutionary cell, create a larger structure on multiple continents, and wait for the right moment to strike. How to strike? Well, for one thing wait until the technology fails and then take over once everyone is demoralized. The other method is to maybe cause the failure of the technological system and then follow through taking over once the people are demoralized. Either way, Ted is advocating for active resistance to technological society and to take measures to fight it and take it over.

It’s really that simple.

All his preambles in the first three chapters are just long winded thought bombs to convince those who frankly, if they are already reading this treatise, are already convinced. But hey, you gotta lay out the premise right? Overall this book tries to brain dump a whole ethos using junk political thought, science, and a smattering of radical action to prep those Neo-Luds out there unable to focus their efforts properly per Ted.

It’s unbalanced.

Final Thoughts on Anti-Tech Revolution How and Why:

 

While I am rather fascinated with some of Ted’s ideas, this book was just a long winded exhortation for someone to take action in Ted’s war on technological society. Since he is incarcerated there is no one carrying out the war he started, and frankly I suspect that kinda rankles him. I am sure that once these kids started reaching out to him (once again read the article “Children of Ted”it all got stuck in his craw again that no one picked up the fight since his arrest. His manifesto did not reach the right people I guess until now and he is trying to kindle that flame but feels that these kids are all morons so he will teach them with a book.

Speaking of the kids, that article should worry you about these kinds of movements as we see more things going wrong out there climate wise as well as politically. Ted was right about a few things in the manifesto, we are slaves to the technology but we allow ourselves to be. However, in that enslavement we have also become more alone and insular. We have higher rates of depression and we are seeing civility basically coming apart at the seams online while we get a steady feed of advertising and disinformation with a side dish of hate. The technology is allowing our basest of instincts run amok and so far we are ill equipped to do anything about ourselves doing this never mind our aggressors like Russia. No, Ted did have some ideas that are pertinent but his mental state rendered him unable to get the core ideas to the masses without using explosives and terror.

What Ted has laid out here will likely be ingested by the true believers but it is the last chapter that should concern us all. If these Neo-Luds and Eco-Terrorists mesh, then we are likely to see a new kind of Monkey Wrench Gang working out there against the “technological society” at large seen as the enemy of the planet. I know that certain agencies and military branches have already been talking about these kinds of activities ramping up as climate change starts affecting more people. I for one will keep an eye out for this as well because it seems that climate change is only getting worse and the effects are becoming more discernible by the lay people.

Including the Neo-Luds and Ted’s children.

K.

Written by Krypt3ia

2018/12/31 at 14:59

Posted in Uncle Ted

Primer: Your Algorithms Won’t Save You: Why We Need More Sociology and Psychology in The Fight Against Online Disinformation & Propaganda

leave a comment »

Well, it has been a few days since presenting to SOFWERX and having put up my slide deck on the blog and I got to thinking that without a video, you all kind of need a primer on what I was trying to say with this. Come to think of it, even with the video you might need some more clarification as I don’t know if I just came off as a raving loon on stage or not. Anyway, I have decided to put this post together as a primer for those who do not get to see the video.

SOFWERX Presentation Deck

My general premise with this presentation is as follows put simply: “Countering disinformation and propaganda operations is a people problem, not a technical one.”

While the others at SOFWERX were presenting technical means of tracking and perhaps countering disinformation campaigns online, I wanted to highlight the fact that the problem lies with the humans at the keyboards or in front of the screens are the issue that we should take up trying to counter this activity. It is the people who are being manipulated and their psyche’s which are allowing this to happen. There are social and psychological issues at play and no matter the attempts at countering, those people susceptible to the campaign will in the end, believe what is being sent to them. We need to understand why these people choose to accept these narratives and to perpetuate them before we can attempt to really fight this fight. There are so many issues here and even if we try to play whack a mole with adversaries pumping these false narratives into the system, we will lose in the end because the sticky meme or message will inevitably get out and repeated by those of a like mind.

I personally saw this activity play out early on with the Jihad online. Jihadi’s have been using social media since it’s inception and before that, they were using list servers and RSS groups to do the same thing. This activity is easy to carry out with access to the internet and there are a plethora of venues to get the message out with. In the case of the jihadi’s online we saw them use PHP sites, Twitter, Facebook, and now closed systems like Telegram and PalTalk to carry out recruitment and planning. The media outlets such as Twitter and Facebook’s attempts to whack them offline did not fully succeed, in fact they are still around and adapting to get their message out to the believers. In fact, you can see a direct line of progression from using channels (social media) to creating their own channels (Inspire and Dabiq) magazines that they can upload to various places to propagandize and disinform the jihadi’s as well as their adversaries.

Simply put, whack a mole does not work. In an effort that was more subtle and along the lines of thought I will give you in this presentation, the US government tried a program called “Think Again and Turn Away” which ostensibly was an effort to reason with and perhaps psychologically respond to those who might be tempted by jihad to consider the realities and talk them off the ledge so to speak. The program was not funded well and in the end kind of failed, but, it was an important footnote that needs to be given more attention as it dealt with the receivers of the message of jihad. We are faced with much the same problem today in that we have people in countries like the US who are targets of foreign influence operations that are not necessarily combatants in a war but are assets of influence and thus a danger to the larger whole.

The parallels can be seen today with regard to the influence operations that the Russians carried out on the US and the factions that have been created with the rise of Trumpism. Now we have the IRA (Internet Research Agency) and it’s second generation still carrying out operations online as well as the receivers of the narrative creating new platforms outside of Twitter and Facebook to repeat as well as generate new ones like the Qanon movement. While the social media companies finally caught on and started patrolling content and accounts, the IRA has created other sites to push their narratives both stealth and open in nature. The one commonality is that there are always minds willing to accept the content and to repeat it. This is the problem set that we need to approach and see if there are any countermeasures to this outside of trying to control the medium and the message. You see, by controlling the medium and the message, we become a part of the problem and likely add fuel to the fire by becoming Orwellian in the perception of the people.

Most of the talks at SOFWERX centered on using the technology of algorithms to control the narrative or stop the narrative and this is not in my opinion the best alternative. After all, the more you try and control all of this, the more you are going to be made into the latest conspiracy theory. If you try to insert counter narratives surreptitiously eventually you will be caught out and become a means to an end for the information operations teams sowing the discord. Alternatively, how do you fight things like meme’s and cognitive bias/dissonance in the people who are willing to believe in things like Flat Earth theory or that there are Lizard people secretly running the governments of the world? We need to understand the human animal better from psychological and sociological standpoints to counter these kinds of operations. Until we do more study and come up with countermeasures using this, we will just continue on playing whack a mole ad nauseum all the while the disinformation will flow and our fractions will increase.

I guess overall I would just like the technical and the more soft sciences to get together and work the problem instead of just believing that technical means are the answer to everything.

They aren’t.

*mic drop*

K.

Written by Krypt3ia

2018/12/09 at 13:53

Posted in Disinformation

THE 2018 INFOSEC KRAMPUS LIST

leave a comment »

THE GREAT AND TERRIBLE KRAMPUS PROCLAIMS!

On this night the following INFOSEC girls and boys are in need of his utmost sadistic attention for their transgressions!

 

Threat Intelligence Threatleaders:

Sweet Jesus stop with all your “I KNOW EVERYTHING ABOUT INTEL” because you fucking don’t! A majority of you that I have run into have no real IC background and couldn’t red team your ideas out of a wet paper bag never mind be able to determine what is and is not a nation state operation! Lemme give you a hint. The one’s who really know shit DON’T FUCKING TALK ABOUT IT ALL THE TIME TO  ANYONE WHO WILL LISTEN OK?

PLEASE take your artisanal hand crafted BULLSHIT threat intelligence elsewhere and shove it up your collective chimneys!

 

Nord VPN: Masters of MILITARY GRADE ENCRYPTION!

Dear Nord, Krampus has seen your useless ad’s on CNN too much lately and wants to tell you here and now that; THERE IS NO SUCH THING AS MILITARY GRADE ENCRYPTION WITHOUT A HARDWARE LAYER SPECIFICALLY FOR THAT PURPOSE AND EVEN THEN IT MEANS FUCK ALL!

YOU, Nord, are on my list FOREVER now. Stop trying to scare the grandparents into paying for your shitty VPN!

 

The Hacking Community Writ Large:

Krampus has a lot to say about the hacking community. Most of what he has to say cannot be translated into human language but understand that ALL of it is not good.

What the fuck is it with you people that you need to be the center of fucking attention all the time?

What the fuck is it with you people that you always think you are the fucking smartest people in the room ever?

What the fuck is it with you people to even THINK you have so many problems including, and Krampus cannot even fathom mouthing the words, PTSD from working in INFOSEC?

Get over yourselves and maybe go outside once and a while and talk to people outside your personal bubbles would ya?

Oh, and GROW THE FUCK UP!

Krampus say’s this every year and still you keep on keepin on being asshats!

EDIT! Krampus just also remembered the hubris of you all complaining about security and privacy in hotel rooms in Vegas. WHAT the FUCK were you people thinking? Were you thinking at all? There is no 4th Amendment right here. Sure, coming in on you naked and all is bad and scary but THINK THE FUCK AHEAD! YOU ARE SECURITY PROFESSIONALS RIGHT?

STOP WHINING.

 

NATSEC and INFOSEC Talking Heads:

Krampus watches a fair bit of news in his off hours between Krampusnachts and FUCK does he really hate all you fame whores seeking attention talking about shit you really have no idea about. If you are out there just to be on TV talking about shit ad nauseum to pimp your service or your new book…

Fuck you.

The people who do the things are off doing them and you are just masturbating on air.

 

The Grugq:

Speaking of people out of their lanes.

Just fucking stop man. The IC giggles and points when you talk about shit.

Stop.

Every time you say anything about OPSEC google that photo from the magazine of yourself with the pile of money and the drink.

There’s some OPSEC.

 

Blockchain Fuckwits:

NO BLOCKCHAIN IS NOT MY SAVIOR! NOR IS IT YOURS! DUDEBRO’S IT’S ALL FAKE MONEY!

STAHHHHHP!

 

Cyber War Salesman:

If Krampus get’s another pitch with the words cyber and war or cyberwar in it he will personally donkey punch you all.

There is no such thing. Stop trying to use it as a sales pitch for your shitty shitty products.

 

To All The Reporters I Have Loved Before:

Krampus still loathes you. You all will pay for your shitty deeds.

 

The “Cyber” Warriors:

See “cyber war salesman sic: it doesn’t exist”

 

Well, that’s it kids. Krampus is old and tired of all your fuckery but these were the winners this year. Of course damning a WHOLE “Community” is pretty epic and you guys never fail in letting ol’ Krampus down.

Till next year!

Krampus

Written by Krypt3ia

2018/12/05 at 21:46

Posted in Uncategorized

SOFWERX Presentation: Your Algorithms Won’t Save You: Why We Need More Sociology and Psychology in The Fight Against Online Disinformation & Propaganda

leave a comment »

Here is the deck from yesterday’s presentation at the SOFWERX Radial Speakers Series on Information Warfare:

 

Your Algorithms Won’t Save You

Video will be available from SOFWERX

 

Written by Krypt3ia

2018/12/05 at 12:56

MAGABOMBER: Some Armchair Thoughts

As the day progressed yesterday with the news on Sirius XM on throughout, I listened as the details came in. A serial bomber had begun a terror campaign with pipe bombs that may or may not be inert but still serving the desire of creating terror. As the day progressed it became clearer that the targets (now 8 of them with DeNiro) all were people who had crossed paths with Donald Trump and had been attacked by him in rhetoric and name calling. While on the face of it the terror plot seems pretty clear per the narrative of the bomber (e.g. sending Trumps self pronounced enemies bombs) it may be too early to really say for sure what the motivation is, if there is any, politically or socially from the UNSUB here and this is a point everyone needs to understand. As the days progress and more details are given by the FBI we will get a better picture once the investigation becomes clearer. Until then though, here are some thoughts on the UNSUB and the plot given the details we have.

UNSUB Profile:

  • UNSUB is male (I don’t believe we have seen a female serial bomber yet)
  • UNSUB age likely to be in their 20’s to early 30’s
  • UNSUB in this plot is likely alone in this but more than one in a Folie A Deux cannot be discounted.
  • UNSUB is new to bomb making but has a history with fireworks and black powder uses
    • Crude PVC bombs
    • Materials were easy to get and work with (basic)
    • Trigger mechanism is still TBD but all bombs failed to trigger and detonate (by design or by mistake? As devices were live I am leaning towards mistake)
    • Bombs, while crude seem to try to emulate sophistication with timer device (trigger) but in the end are basic
  • Packages had excessive postage and have all the hallmarks of classic signs of parcel bombs (easily visually discernible as bombs)
  • Misspellings on labels show lack of attention to detail and likely flow into design flaw that led to bomb failures
  • Device construction (TBD) will determine the level of detail orientation of UNSUB and as time will tell may yield forensic evidence that could lead right to them (DNA/Prints)
  • UNSUB seems to be from the Tri-Sate area of NY given posting of packages and access to Soros home.

Motive Profile:

  • Victimology suggests political motives (Democrats and those who have angered Trump)
  • UNSUB use of Wasserman Shultz address fits profile of narrative by Qanon/MAGA accolytes of false flag operation by the Democrats (this had already been spun up but the use of the address leads to a higher probability of this being a motive)
  • UNSUB may be trying in their own way to intimidate Democrats and people who would vote for them in the midterms upcoming
    • IF we start seeing packages to polling places this will cement this line of thought.
  • UNSUB is doing this to feel some power that they lack in their lives
    • Target choices and political motivations on the face of this indicate that they idolize Trump
    • Imagery and target choices also indicate that they are conspiracy oriented individuals
    • Placement of the fist bomb in Soros mailbox indicates they see Soros as the head of the snake (this is a common Qanon/MAGA conspiracy plotline that Trump espouses)
    • UNSUB motivations other than political (personal) are to revel in the “spectacle by destruction” or in this case, with the failure of detonation, to cause chaos and sow conspiracy
      • Motive may become clearer if there are any communications from the UNSUB
      • UNSUB may feel compelled to speak online about motivation and or to cause more fear since detonation failures did not finish the plot as anticipated
    • UNSUB’s connection to Trump and feelings of loss of status, power, place lead to emulation of Trump and or feelings of outrage against those Trump attacks
      • This attention seeking may in fact lead to direct communication attempts with Trump in the past

As we get more information I guess we will see where my armchair profiling hits the mark or is way off. I personally do not buy that this is a “false flag” like so many with cognitive dissonance out there seem to be spewing. I can afford the following ideas however on that line of thinking:

  • IF this individual was groomed by someone to carry out these acts it may well have been a nation state actor doing so.
  • Use of these bombings will in fact be made by the RU and other actors as we have already seen on social media with the cacophony of narratives and meme’s to date.

I do not believe that this is a plot by a foreign nation though. No, this seems more your run of the mill unbalanced individual with issues who aligns themselves with Trump and MAGA and is acting out for their own desires. The actions so far show an individual without nuance and experience and I suspect they will be caught soon by the FBI/USSS because they were inattentive to details that will in the end lead investigators right to him

“Be safe out there kids”

K.

Written by Krypt3ia

2018/10/25 at 12:52

Posted in Profiling, UNSUB