Cyber Data Raid
Cyber Data Raid
By Gerald Internet Anthropologist Think Tank
Cyber attack on high tech sites.
Capture high sensitivity files
outlined in recon list.
Field order:
Over Watch: 2
C2, cell phone, encrypted IM
Recon team: 2Over Watch: 2
C2, cell phone, encrypted IM
Site using two-factor authentication.
Located group memberships to determine which users were allowed to access sensitive folders.
collected "dozens" of valid employee user accounts to gain network access.
Recon Time line 2 months to ID key data.
Estimate 150 Intel penetration recons to locate data and files.
Pre-tested bandwidth ahead of time by beginning a download of a video file to verify expected performance.
Establish proxy for C2 communications, a compromised DSL-connected PC in the U.S.
Breach Team: 2
Harvested password (NTLM) hashes directly from Windows domain controllers and sometimes submitted them to authentication proxies directly. Leave behind back door and tools, hidden. Try to bury a rootkit.
Collection Team. 8
No reading files, just upload them.
RDP (Remote Desktop Protocol) to communicate with targeted hosts.
Picked "Fast Staging servers" to house data for exfiltration. Microsoft Exchange (mail) servers.
Speed of data transit outside of the network is of the highest priority
Previous Data selected was then moved to the staging servers.
All seven staging servers to be used simultaneously .
Pre-tested bandwidth ahead of time by beginning a download of a video file to verify expected performance.
Support team: 8
On stand by: Once the data had been moved to staging, the files were compressed and encrypted into numbered RAR archives. All were exactly the same size of 650 MB, and copied to CD's.
Large volumes of data were moved from staging servers to multiple external "drop points". Two of the drop points failed, so file remaining servers were used to house the data copied from the staging servers.
Move CD's off premise, for deliver of product.
Day of theft CYBER security spotted bandwidth increase .
System shut down, est 50 to 75%
complete. Return by backdoor collect rest.
SOURCE: + our paradigm Intel
It happened:
Its worse than you think.
Gerald
Internet Anthropolomgist, ad Magum
Tactical Internet Systems analyst
Paradigm Intel:
If these were done simultaneously to 4 or 5 sites
that would point to the Chinese, and a major threat.
If it was all done by one Squad which rolled onto
the next site, 4 or 5 in turn, that would point to
the old RBN and FSB, and less of a threat. G
.
If these were done simultaneously to 4 or 5 sites
that would point to the Chinese, and a major threat.
If it was all done by one Squad which rolled onto
the next site, 4 or 5 in turn, that would point to
the old RBN and FSB, and less of a threat. G
.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=e13b2a0c-44b9-4d81-98e6-192a89fc2393)
Labels: Cyber Data Raid, FSB, rbn
posted by gerald at
11/17/2009 02:57:00 PM
READ MORE
READ OR SUBSCRIBE, Our WAR OSINT on Twitter
Tweet
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home