Syrian reactor PC's infected virus?

The Israeli air force's Sky Crows squadrons, which on Sept. 6, 2007, deployed 10 F-15I fighter jets to attack Syria's purported nuclear reactor, built along the Euphrates River and modeled after the North Korean reactor in Yongbyon and financed with Iranian assistance...

New hypothesis from our Paradigm engine.
Did the Syrian reactor PC's have a virus?
NKorean and Iranian secret project, so
there was no pretense about peaceful
uses, and on a all out schedule to produce
nuclear bomb material, virus spotted nuke
bomb use and the Syrian reactor was Green
lighted for an attack?

Stuxnet worm, rootkit, botnet: the worm’s 
birthday—as February 3, 2009. Maybe,
its just a date found on one of the files.
~wtr4141.tmp
The payload could have been changed a 
dozen times before it was discovered.



G

Israeli Attack On Syrian Reactor, Template For Iran Attack?

NO no need to attack reactor, can be self destructed

by worm, why risk Air Force?

Of course the worm may have only had monitoring 

software in 2007, time of the attack, and take over

code added in 2010.

Another assumption is that this worm CAN be

removed, many parts not reverse engineered yet.

NO NUKE FOR YOU.

.

Comment:

How Stuxnet is Scaring 

the Tech World Half to Death

The worm is, as a physical piece of code, very large. It’s written in multiple languages and weighs in at nearly half a megabyte, and it maybe an invalid assumption that

it can all be read, if it came form NSA one would expect part of it is written

in unbreakable encryption, there are still many pieces of it that we don’t understand.

Stuxnet is already the most studied piece of malware ever, absorbing the attention of engineers and programmers across the globe, from private companies to academics, to government specialists. And yet despite this intense scrutiny, the worm still holds many secrets.
Many are upset that a State may have created this worm, but in fact
they have not found anything new. Just a new compilation
of old malware concepts, and are worried about its future use
in the hands of criminals. 
All the ideas are already out there, this is just a new proof
of concept, genius in its deployment and implementation.
And it further proof of the state of insecurity on the WWW.
Every year there are zero day exploits, and not fewer but more
every year. Todate there must be millions of security vulnerabilities .
And is a demonstration of the failure of Security Vendors and the fraud
perpetrated on the public with their  security suites that don't work
against all KNOWN exploits.
The security vendor industry is a failure by every measure.

There will be more surprises.
And criminals, terrorist will exploit the WWW,
and the world has no security currently.

The WWW is at risk, and with it,
Western civilization as we know it.
This is the first proof of concept.
It doesn't feel like we can defend the
WWW, maybe encryption is the key?
Defend the encryption engine, keys
and screen? We can't keep them
off our PC's but maybe locks on the
data doors.

G
Tactical Internet Systems analyst.
The amazing factor is the Imagination
to create it and deploy it.

.

.

10 tabs 15 hrs of porno No waiting.

10 tabs 15 hrs of porno No waiting.

We have found a bug.

It uses explorer.exe to collect and collate data.

And uses ONENOTE,

Tha Spooler,

Moviemaker,

sets up a Lanman server

and Lanman workstation.



Explorer.exe run for about 16 min.



To check your system

create a dump file of exporer

about 8 min into boot up.



If infected you will see

items created text files

from last session.



We have been unable to track

it back to the hacker as of yet,

but we did manage to

pass on a gifte.



It was on one of our OSINT

machines, and that is the only

thing on that network.



So we borough up an Incognito

window on Chrome, we used

Incognito so as not to mess

up history files, for future

searches.



And in this Incognito window

we ran 10 tabs, all porno.

huge volumes of data and

ran them 15 hrs a day.

For weeks.
(The PC developed some latency issues
to be sure but we found a work around.)


We used our OSINT engine to find

a porno site that has a venture fund

involved, its less likely to have

any malware.



We are not sure who this is,

but I would liked to have been

a fly on the wall when they

said "they don't seem to do any

work there just watch porno all day."

HA tee hee.



If it had been a bad guy we expected

something to show up in the forums.



It seems todays porno is more

pornoier than I remember.



And I am always amazed at how

Homo Sapiens are wired.

Just seeing other copulate

slows the higher brain functions,

and just viewing it makes them

want to engage in sex, from

the visualisation alone.

A mechanism to insure continuation

of the species.



We will be posting more on this

malware as we reverse engineer it.



There is a huge stash of Porno

that we are searching for stored

on some server, watch for smoke.



Gerald



.

What is our mission at IATT?

What is our mission at IATT?
They center around 4 paradigms.
#1) Info War getting the Truth out.
#2) Collecting and Reporting actionable Intel
#3) Policy change.
#4) Limited defensive cyber warfare.
We have been changing, re-inventing
ourselves every couple of years.
As needed.

But from the first I felt like the 

WWW was a dance.

It isn't good unless both work.

One leads and the other follows.

If "she" doesn't follow good then

you have problems.

A dance is like one person in

the same body, but two 

dancing. I'm implying the
give and take, a feed back loop.

I guess they don't dance like

that any more.

I've felt the WWW was like that

it would speak to you, if your

plugged in right.

It will even tell you what to do,

if your listening.

But this terrorist gig started out as

a confrontation with Jahiddies

in a forum.

Bitch slapping them around was

fun but counter productive.

Internet Anthropologist Think Tank: Infovlad gone?

So we switched to attacking

the NON-Muslim foundation

of the alQaeda cult.

And remained civil.
And we spread those messages to the
WWW. 

http://www.opednews.com/articles/genera_gerald_a_070612_blessed_be_al_qa_ida.htm

It worked well, incontrovertible

arguments about their positions

on Islam and violations of the 

Koran, the hard core, just got

mad and made threats, but

the undecided heard the arguments.

To run that paradigm we had to be

in the know and accurate, and I

built an OSINT system.

It educated us well.

INSIDE VIEW OF IATT..

And by diligence we found

ourselves coming into actionable

Intelligence.

And we started posting the Intel,

and the FBI contacted us for follow

up Info.

Internet Anthropologist Think Tank: Taliban webmaster, IPs ...

Internet Anthropologist Think Tank: EXCLUSIVE OUR INTERVIEW w/LARS ...

Internet Anthropologist Think Tank: Info War concept

Exclusive spotted al Qaeda hunting 341 lbs
of nuke material. 
http://warintel.blogspot.com/2008/10/exclusiveal-qaeda-knew-341-lbs-nuke.html 

And we felt the actionable intel

was of more value than the small

Info war we were running on Infovlad

So I turned my hacker skills to working

on collecting actionable Intel.

And while we don't do any thing illegal,

there are many things you can do because

they are not specifically illegal.

BLACK BOT SURVEILLANCE UNITS.

And the Bot Surveillance Units were born.

BSU's.

And we went hunting webmasters and 

terrorist hackers.

We eventually tracked down most of

the Taliban webmastes and many of the

alQaeda webmasters and made special

effort to take down hackers.

"CYBER ALERT" Islamofascist hacker Burned:

About 900 to 1,000 terrorist websites

eventually went down.

Internet Anthropologist Think Tank: Terrorist webmasters missing

Reporting actionable Intel was working

but it felt like the GWOT was having problems.

One was the terms of the success of the GWOT.

Press runs stories to sell headlines, or get 

hits. 

Good news just doesn't sell, and the press

has a tendency to spin everything bad.

Like US was loosing the GWOT.

We were believing our own bad press,

eating our own news feeds.

Even the Military was doing this.

And developed some un-positive

attitudes against the facts.

Internet Anthropologist Think Tank: 

Pentagon believes extremists Info War...

So again we changed our paradigm.

We wanted to influence policy.

We saw things we thought could be fixed.

Better solutions. 

And at least an obligation to put them

"out there" for others consideration.

Don't have a COW man., Cyber Over Watch


Maybe they hear.

So this is the third reinvention of the

Internet Anthropologist.

But every thing accumulates.

We have a very sharp OSINT system,

Moles and mole school.

At one point a mole was so far in al qaeda,

they offered us money.

I liked that, but the FBI killed it.

And I know there are spelling errors,

and some times my blog reads

more like a flow of conciseness rather

than like academic prose..

Please try and keep up.

But thats OK, most of the time it 

comes so fast I have to pick and

chose what will be the best use of

our time, and what we can work best.

And I can spend my time fixing the prose

and spelling or increase production.

I chose production even if it makes

me look less professional.

So we still have the skills for ferreting

out false news and OSINT machine,

Company "C" and the rest of the 

Battalion, moles and BSU's and 

accumulated accessories.

Company "C" Public

And we make use of them all.

Our paradigm work keeps us 

ahead of our selves, we track and

monitor our own work and production,

and develop metrics for same.

So currently we are trying to positively

influence policy, but still have the skills

and equipment to engage in Info Wars,

collection of actionable Intel,

and engage in defensive limited Cyber War.
I assert my right to Cyber self defense
and have Cyber arms.
I am a Cyber Warrior

Internet Anthropologist Think Tank: Cyber Over Watch Troops

I did what the WWW told me to do.

The work is difficult, exhilarating, thankless,

demanding, changeling and I love it.

We think we have contributed to the GWOT

effort.

I do it because I can.

A huge Salute to all those

that spend their time and efforts

so engaged. THANK YOU.

Kudos from Feds:

Gerald one of the Civilian cyber warroirs

Gerald

Internet Anthropologist

Internet Anthropologist Think Tank: The Internet Anthropologist Team

.

Genius Readers 09.26.10

Geraldanthro 

  

Iran's OSINT team has been redeployed, the worm problem, Iran is bind for next few days, G #deptofdefense #statedept#iaeaorg #usairforce G




G


.

Stuxnet Non-Proliferation Treaty rootkit Enforcer

Stuxnet Maybe the first Non-Proliferation Treaty rootkit

Enforcer, not meant only for Iran either.

Hello N. Korea, Syria etc.

So far everything points to a universal 

"Trust but verify, and turn it off if it violates

Non-Proliferation Treaty" rule set.

It monitors reactor production and
radiation levels, gathers size, location
and other identifying and quantitative data
and periodical sends this data through one
of the backdoors thru a maze of IPs
till it delivers said data to a repository.
( To be clear, it is a bot, they talk to each
other P2P. G )

And the production of that reactor
is tracked in detail, and reports same.

Now even if the worm/rootkit is cut
off from the web it still operates.

With its own artificial intelligence it
tracks the data and if given limits are
crossed, production of weapon grade
material then the actions are tripped.

A big disaster would be if it caused
a Chernobyl, so it has been tested
and has paradigms to keep out
put as safe levels. It will take over
a out of control hot reactor and shut
it down if need be.

But its main defense against violations
of the non-proliferation treaty is to
corrupt the material rendering it incapable
of further processing. Destroy the product
for weapons but safely.

It in no way will damage a system,
as it is capable of taking over a reactor
and running it. Any civilian collateral
damage would be catastrophic  for
the policy.

But it can on its own stop the violation.
In the case of a nuclear member, it
can just watch, with no interference.
Its artificial Intelligence working to
id the location and identifying data.

Of the 30,000 or 300,000 computers
it has penetrated in Iran it only has
to survive  on 'one' to pick up new
instructions and or new infection
vectors to re infect Iran's entire net
work again.

How detailed and extensive is the
monitoring the worm does?
Here are some details.
http://www.symantec.com/connect/blogs/exploring-stuxnet-s-plc-infection-process
Very extensive monitoring and
control abilities. Plus an artificial Intelligence.
If it looses contact.
If Iran isn't sure of 100% eradication
then they might want to leave it connected.
I would prefer real humans to artificial Intelligence
running a reactor any time.

But all this depends on Iran's regime.
And Irans IT experts.
With a switch of pay loads this could
go after the banks or power plants,
manufacturing lots of options.

Iran may have been check mated here.
This one was easy to find.
Are there others Invisible persistent
Rootkits? also on those PCs?

I would be hard put to say no
with any assurance or certainty.

Remarkable concept.

Paradigm Intel says it has artificial Intelligence

craft, so it would know difference between China's

reactor and Iran's reactor.

This display will also serve as a big deterrent, 

and warning shot to any other cyber Pirates.

Next demonstration maybe to take down

an entire bot net in seconds.

There is little doubt about who is behind

this, but there will be NO evidence either.

Lots of knowledge but no Proof.

And a very powerful deterrent against

cyber strikes on US.

Like when USA had the only nukes.

Then Russia got them.

Ok who is next to hit Iran, prove

they have the Cyber Power?

Gerald

Tactical Internet Systems analyst.

• Stuxnet development Paradigm Intel
• "TEHRAN Times" NOT sucessfull
• Iran's future Nuclear program. NOT
• Iran wins one, Almost
• The new war domain at work.
• Cyber command confused maybe mislead.
• 
  
  
  
  
  • Stuxnet is not new.
• Iran, US go one step further for win

.

Stuxnet development Paradigm Intel

Stuxnet Paradigm Intel

Stuxnet is a joint effort.

An extraordinary piece of professional craft.

Multi State craft.

The expertise required for this effort is remarkable.

Just assembling the required experts was a huge effort.

http://en.wikipedia.org/wiki/Stuxnet

We have identified outside Uber hackers,

State hackers, nuclear experts, and using state of the art

programing/exploits/hacking.

This worm is based on past well tested and proven

malware fitted with unknown zero day exploits four of them.

One would have been sufficient.

It required experts with intimate knowledge of the nuclear systems.

The Teams were organized around these tasks.

#1) Penetration methods and vectors 4 

#2) Worm, security, backdoors and reporting

#3) Controlling nuclear processes

#4) Fingerprinting exact targets

#5) Rootkit paradigms

#6) Security team for counter strike

#7) ARTIFICIAL INTELLIGENCE ENGINE

And NSA used outside Uber Hackers, 

other State experts, Nuclear Scientists,

and pre-tested it over and over.

And maintained Opsec.

As we have said "the new

paradigms will be discovered

with in new contexts.

This opens a new era in

warfare in a new domain.

Hope they are ready for 

the counter strike.

Its coming.

Iran doesn't have the craft

and won't have for years.

But there are others who

do.

But this shows that NSA is at the
top of the Game world wide,
and they learn from every attack 
on US systems. 
This deluxe combo relies on
old stand-bys and cutting edge
craft, and even 4 unknown zero 
day exploits. The data they have
collected on this would fill several
blogs already, and there is a lot
more to reverse engineer.


There are Gov. guys out there
that are buying unknown zero
day exploits, I've talked to
one. He was interested in 
our BSU's.


We are scanning for the application
of the "Law of Untended Consequence."


We may not see that until a counter
strike.


One nice "LUC" maybe the expulsion
of Abberjonny as Iranian President
from the discovery of Stuxnet.
Some of the file names are
very illuminating.


This surprised me, I knew it was
possible, but didn't think NSA
had the imagination, originality
or Guts to do it.
VERY IMPRESSIVE.
 true masters of their craft,
on every level, well thought
out Paradigm, GENIUS.
This isn't the first one they've
done just the first discovered.
And they may have meant for it to
be found? ( At this point, most common 
malware detection tools will detect this.)

Iran can get FUCKED very hard
if they mishandle this Nuke thing.

Gerald

Tactical Internet Systems analyst.

• Iran's future Nuclear program. NOT
• Iran wins one, Almost
• The new war domain at work.
• Cyber command confused maybe mislead.
• Stuxnet is not new.
• Iran, US go one step further for win
• Iran's secret Nuke.
  
  
  
  
  
  abysssec Here is unpacked stub of stuxnet for fans http://bit.ly/czCqF7 password=abysssec #stuxnet Some files cannot be scaned? G

.

I