Internet Anthropologist Think Tank: Cyber Data Raid

  • Search our BLOG

  • HOME
    Terrorist Names SEARCH:

    Tuesday, November 17, 2009

    Cyber Data Raid

    Cyber Data Raid
    By Gerald Internet Anthropologist Think Tank

    Cyber attack on high tech sites.
    Capture high sensitivity files
    outlined in recon list.

    Field order:

    Over Watch: 2
    C2, cell phone, encrypted IM

    Recon team: 2

    Located group memberships to determine which users were allowed to access sensitive folders.
    collected "dozens" of valid employee user accounts to gain network access.
    Recon Time line 2 months to ID key data.
    Estimate 150 Intel penetration recons to locate data and files.
    Pre-tested bandwidth ahead of time by beginning a download of a video file to verify expected performance.
    Establish proxy for C2 communications, a compromised DSL-connected PC in the U.S.

    Breach Team: 2
    Harvested password (NTLM) hashes directly from Windows domain controllers and sometimes submitted them to authentication proxies directly. Leave behind back door and tools, hidden. Try to bury a rootkit.

    Collection Team. 8
    No reading files, just upload them.
    RDP (Remote Desktop Protocol) to communicate with targeted hosts.
    Picked "Fast Staging servers" to house data for exfiltration. Microsoft Exchange (mail) servers.
    Speed of data transit outside of the network is of the highest priority
    Previous Data selected was then moved to the staging servers.
    All seven staging servers to be used simultaneously .
    Pre-tested bandwidth ahead of time by beginning a download of a video file to verify expected performance.

    Support team: 8
    On stand by: Once the data had been moved to staging, the files were compressed and encrypted into numbered RAR archives. All were exactly the same size of 650 MB, and copied to CD's.
    Large volumes of data were moved from staging servers to multiple external "drop points". Two of the drop points failed, so file remaining servers were used to house the data copied from the staging servers.

    Move CD's off premise, for deliver of product.

    Day of theft CYBER security spotted bandwidth increase .
    System shut down, est 50 to 75%
    complete. Return by backdoor collect rest.

    SOURCE: + our paradigm Intel

    It happened:
    Its worse than you think.

    Internet Anthropolomgist, ad Magum
    Tactical Internet Systems analyst

    Paradigm Intel:
    If these were done simultaneously to 4 or 5 sites
    that would point to the Chinese, and a major threat.
    If it was all done by one Squad which rolled onto
    the next site, 4 or 5 in turn, that would point to
    the old RBN and FSB, and less of a threat. G


    Reblog this post [with Zemanta]

    Labels: , ,


    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home