Cyber snipers attack wikileaks

Cyber Snipers take on Wikileaks, Wikileaks guilty of espionage.

Several instances crippling Wikeleaks servers and functions,

some reported some not.

They have to relocate serves several times.

Penetrations, data leaks, private keys got out, massive
security leaks.

“communications infrastructure is currently under attack,” adding the cryptic message “Project BO move to coms channel S. Activate Reston5.”

A Wikileaks source who asks to remain anonymous now says that the organization’s XMPP server in Amsterdam, used to host its encrypted instant messaging communications, was compromised earlier this week by an unknown attacker, and the chat service had to be relocated to another server in Germany.

Wikileaks’ site has been largely disabled over the last several weeks, displaying only a note that the site is “undergoing scheduled maintenance” and “will be back online as soon as possible.” 

If a major leak is in the works, it wouldn’t the first time Wikileaks’ site has suffered technical issues and recovered in time to regain the spotlight. Last June its submissions page ceased to function, but was fixed in time for the release of the so-called “Afghan War Diary” in July.

Aside from digital sabotage, the site has also faced financial sniping. Wikileaks had one of its accounts frozen by the donation-collecting company Moneybookers, and claims the freeze was a result of the organization being placed on a U.S. government watchlist and an Australian government blacklist.


SOURCED form:
http://blogs.forbes.com/andygreenberg/2010/10/22/wikileaks-hacked-by-very-skilled-attackers/

Wikileaks guilty of Blackmail.

On Tuesday, the site’s twitter feed recommended that followers copy the encrypted “insurance” file that it posted to the site in July.

Threating the release of Un-redacted stolen documents putting Iraqi, Afghan and Paki civilians with the release of

their names.

Wikileaks founder has been accused of Rape and sexual offenses.

Will supporters continue to support wikileaks with these security breaches and release of their Secret Info?

More to follow.

Gerald

Anthropologist

.

Genius surfers 10.22.10

CHINA...G

.

The day Google almost took over the World.

There is an universal adaptation force by humanity

that changes human kind. The penultimate buy point.

The phone was such an adaptation.

The TV and WWW also.

Human kind saw it and bought the paradigm.

All of these paradigms changed humanity.

Moved power to the people.

The right to know, the right to have access to

the world has been a clarion call.

The phone TV and WWW have all been

seminal in advancing this deeply seated

human need.

A penultimate buy point, isn't a selling point.

None of us like to be "sold"

but we all love "buying".

These technologys all have been 

penultimate buy points, universal 

human adaptation to these technologys.

Now of course "selling" has been used

to get us to buy "the brand of TV" etc

we use, but we "bought " the technology

as a human species.

The movement along this paradigm is

unstoppable and convergent vectors in 

expanding the human mind.

Googles penultimate buy point key,

has been "free service", a very powerful

inducement to be a early user.

Google's user knowledge data base

encompasses the human movement

like nothing we have ever seen, except

maybe in history books 5 years after

the fact. Google's data user data bases

provide the same perspective on a

real time basis.

As an anthropologist I would love to have 

access to Googles user data bases.

To see human kind's paradigm,

The desires of the "id, ego, superego"

for the human paradigm.

I have long ago given up on trying to keep

my psyche secret form Google.

The exchange of my desires for the Google

information and services seems a fair exchange

so far, and I know I might be sorry later.

But with Google TV they almost took over the 

world.

Google has its WWW services which are 

amazing and empowering.

They have also moved into phones with

android.

And now TV.

The Google TV could have been a human

kind paradigm changer. But they dropped the

ball, it has an $400 buy in fee.

Its not free.

In and of its self its cute.

But putting them all together, phone, WWW

and TV, it has a power undefined thus far.

With this combination properly configured

they would be set to take over the world

at a seminal penultimate buy point by humanity.

To take over the world they only need the

penultimate buy point technology.

Something I call conclusive fundamental

technology.

The WWW, TV all searchable on a 

cell phone with Hi Res connection to

Iglasses.It's a set of glasses, ( a 70inch virtual projection screen

in eye glasses from a cell phone. )

The ability to ultimately empower humans.

They failed with the abandonment of their

free principal in Google TV, they have not

taken over the world, yet.

The human species is set for the next

evolutionary jump, not biological but

mental, access to the worlds knowledge

universally.

Its a great time to be alive and part of

this evolutionary change.

Gerald

Internet Anthropologist

Thank you Google.

http://www.google.com/tv/spotlight.html

.

Ops and Intel update 10,22,10

Stuxnet:

Paradigm Intel Ancillary Root kit undiscovered,

Non affiliated PC's infected,awaiting insertion

of key mem stick. To launch infection all over

again, 4 months now Iran still hasn't defeated

stuxnet. Stuxnet evoloving, 4th generation now,

fighting back. Stuxnet team GENIUSES.

Most knowledgeable and advanced hacker

ever. Stuxnet work of art.

I've never seen any thing this complicated and

elegant, so au courant.

Some code still not understood, junk code

NOT.

Stuxnet 1.0 still undiscovered.

Stuxnet 3.0 in the wings, awaiting deployment..

Stuxnet not just for IRANIANS.

NKorea also, all nuke and material enrichment

world wide monitoring. Awaiting news breaks

on other facilities.

Very scary, Stuxnet is China's creation?

Stuxnet update 10.20.10

Stop Stuxnet?

SOURCE:

xxxxxxxxxxxxx

Think Tank assault  perp still unknown,
Think Tank virus, cyber assault

Four possibilities, Feds. Iran or Taliban

or Wall St Banks..

The timing suggest one team.

Bot probe, 100 bots

PC infection.

Ghost rider.

Infection to sloppy to be Feds, and they

would use more than 100 bots.

But ghost rider might be them.

But they could get same info

with a letter to ISP.

Taliban has been most damaged

by our ops, but doubt they have 

the technology.

Wall St Banks, work of individual 

gun/hacker, derail attempt, side

track us? Not likely they could

have crashed PC.

Most probable,

Iran has the technology and Ghost rider, but could be proxy.

BSU's probing.

Its fun to explore your paranoia.

XXXXXXXXX

Mexican Convoy to deliver checks.

Reporting from Altar, Mexico — 

With an escort of 60 officers with assault rifles, a convoy heads off to deliver pensions to people caught behind the siege line as one drug cartel tries to wait out another in a sinister battle for scores of human and drug trafficking routes into Arizona.

SOURCE:

XXXXXXXXXXXXXXXX

Hackers hacking clients, and using cloud for
storage of stolen data. Changing criminal BIZ models,

and marketing hacks in the Dark .

SOURCE:

XXXXXXXXXXXXXXXX

Passwords not a secure paradigm,

anymore not even 20 characters.

SOURCE:

Gerald

Tactical Internet Systems analyst.

All this and much more in our
 Our WAR OSINT on Twitter

.

NATO takes the Gloves off

NATO kicking the Taliban's Ass.
Driving them out of Kandahar.
Some of the gains seem to have come from a new mobile rocket that has pinpoint accuracy — like a small cruise missile — and has been used against the hideouts of insurgent commanders around Kandahar. That has forced many of them to retreat across the border into Pakistan. Disruption of their supply lines has made it harder for them to stage retaliatory strikes or suicide bombings, at least for the moment, officials and residents said.
SOURCE:



Taliban bleeding bad.

G

.

Rules to engage cyber attack

Pentagon Will Help Homeland Security Department Fight Domestic Cyberattacks

The system would mirror that used when the military is called on in natural disasters like hurricanes or wildfires. ( 5 hrs, ? G )A presidential order dispatches the military forces, working under the control of the Federal Emergency Management Agency.
Under the new rules, the president would approve the use of the military’s expertise in computer-network warfare, and the Department of Homeland Security would direct the work. ( one hr, G )
 The new approach will begin with a Department of Homeland Security team deploying to Fort Meade, Md. ( 3 hrs, G ), home to both the National Security Agency, which specializes in electronic espionage, and the military’s new Cyber Command. In exchange, a team of military networking experts would be assigned to the operations center at the Homeland Security Department.( another couple of hrs, G )
 SOURCE:

Six to 10 hrs later US ready to respond, cyber attack has already crippled infrastructure and  WWW down.
GREAT RULES.


Gerald
Anthropologist


.

Genius Readers, 10.21.10

G

.

Think Tank virus, cyber assault

The COWs and counter surveillance have been
very busy.

We have had Ghost riders, on one PC,
following it everywhere it goes.
We sent cyber troops in and they
 switched IP to a hardened server.
 Is Charter Communications Spying?

A PC infected, spooler, server, work station,
etc.
More info on the infection.

 
And bot attacks.

Internet Anthropologist Think 

Tank: WarIntel Bot probe

We have deployed Cyber sniper teams and BSU's.
and backed them off.

Wonder if we are the only Think Tank hit?
 Cyber operations against us have been relatively
stealthy.

And its discovered Stuxnet has been
programmed to walk through all firewalls
and bypasses all Security Suites.
Sigh, proof of concept.
http://warintel.blogspot.com/2010/10/stuxnet-update-102010.html


 Just not my week.


Gerald
Tactical Internet Systems analyst.

 http://warintel.blogspot.com/2009/03/www-security-getting-impossible.html
.

Stuxnet update 10.20.10

Our paradigm Intel has been right on target.

• To escape detection while targeting every Windows OS from 2000 to 7, the attack team purchased each and every version of all antivirus products for each OS and then designed Stuxnet to ensure they wouldn't be noticed by any of them.
• Stuxnet is evolving its capabilities to infect systems and replicate within an organization, yet its payload remains unchanged. Meaning: the target remains the same ... and maybe the attackers aren't yet satisfied they've accomplished their mission.
• On the human-interest side, he noted that the reverse engineering paths he and his colleagues have been following are the same or similar to those blazed by the team who crafted the attack. Though lots of evidence points that way, Symantec (unlike Ralph Langner and others) is not ready to say that Iran's nuclear operations are the only or primary target of Stuxnet. There are still several parts of Stuxnet they've yet to crack and their research continues.
• In addition to phenomenal antivirus evasion techniques, Stuxnet includes lots of other stealth approaches and myriad attack strategies for getting past OS defenses, through firewalls, increasing its privileges, and much, much more.

 SOURCE:
Lots more to come out of the reverse engineering.G

Definitive research:
Self-replicates through removable drives exploiting a vulnerability allowing auto-execution.
• Microsoft Windows Shortcut ‘LNK/PIF’ Files Automatic File Execution Vulnerability (BID 41732)
Spreads in a LAN through a vulnerability in the Windows Print Spooler.
• Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (BID 43073)
Spreads through SMB by exploiting the • Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874).
Copies and executes itself on remote computers through network shares.•
Copies and executes itself on remote computers running a WinCC database server.•
Copies itself into Step 7 projects in such a way that it automatically executes when the Step 7 project is loaded.
Updates itself through a peer-to-peer mechanism within a LAN.•
Exploits a total of four unpatched Microsoft vulnerabilities, two of which are previously mentioned vulnerabilities for self-replication and the other two are escalation of privilege vulnerabilities that have yet to be disclosed.
Contacts a command and control server that allows the hacker to download and execute code, including up• dated versions.
Contains a Windows rootkit that hide its binaries.•
Attempts to bypass security products.•
Fingerprints a specific industrial control system and modifies code on the Siemens PLCs to potentially sabo• tage the system.
Hides modified code on PLCs, essentially a rootkit for PLCs.•

Related articles

• Microsoft Confirms It Missed Stuxnet Print Spooler 'Zero-Day' (pcworld.com)
• Microsoft aims barrage of fixes at Stuxnet and more (newsinfo.inquirer.net)
• Stuxnet 1.0, 2.0, 3.0 (warintel.blogspot.com)
• update stuxnet, 10.03.10 (warintel.blogspot.com)

• Internet Anthropologist Think Tank: Russian view of Stuxnet.

  Internet Anthropologist Think Tank: Stuxnet Non-Proliferation enforcer...

  Internet Anthropologist Think Tank: Stuxnet 3.0 most powerful ...

  Oct 17, 2010 ... Stuxnet 3.0 most powerful weapon EVER. The Ultimate War Weapon. ... But stuxnet has the capability. to control anything connected ...

• Internet Anthropologist Think Tank: Iran's future Nuclear program. NOT

  Internet Anthropologist Think Tank: The world is a safer place ...

   .

Genius Readers, 10.20.10

MS OS complacent. Security risk.

Why is Micro Soft on the cusps of loosing its market
share?

The obvious answer is security.
MS OS doesn't offer security.
There are new exploits every month,
the OS leaks like sieve.

Even outside vendors have made an entire industry
trying to secure their OS.
And it has never been done.

They lost the browser market because
of security issues and their operating System
will be the downfall of MicroSoft,just as
Walmart over took Sears.
The browser war is an attempt to secure the
interface to the WWW because the OS isn't
secure.

MS hasn't revised their core paradigm
since its inception.

They had the only OS and it was theirs.
They still think the MicroSoft Operating
system we BOUGHT belongs to them.

While it has many bells and whistles
it is Obtuse, you go to the Start button
to turn it off.

Indexer runs whether you want it to or not.

Explorer.exe runs for 30 min + at boot up.

And the cursor jumps around like I'm spastic.

Hidden security programs are hidden and very difficult
to use and not centralized.
You practically have to be an insider to know where
they are and what they do.
Netstat -B for example doesn't run unless you
disable some security, but they don't tell you that.

They discovered 6,000,000 Java attempted intrusions.
FROM your system, were you notified, NO.

They won't upgrade illegal MicroSoft OS opening
those illegal system to bot farms, no tickee,
no patatchee, to the risk of the rest of us.

And their security systems "silver light"
and "defender" do not report to you, has any one ever
got a warning of infection from their programs?

Security logs, MS maintains them on your PC, but you need to
set up your own logs to vies anything, and they are
OBTUSE, NO instructions, and user abusive.

The logs that you can find the OS will not allow
you to view them even with administrator privileges.
The OS has outstanding research and security systems
all out of reach of the average user.

MS is still operating like they are the only
Operating System available.

Our paradigm forecast indicates a new more secure
OS in the future which MS will ignore at its own peril.

Unless you are a geek you can't use the security and
forensic programs built into MS OS.
Which makes them useless to the average user.

And the update patches are another example of
who they think owns your system. URGENT patches for
MS software not even on my system.

Having to redo "authenticate" valid MS OS is another
example of wasted time effort and space.
They upload reams of code to my pc like they own
my hard drive, and recently without my permission.

The lack of security and privacy on the WWW is in a major
part MicroSofts doing, or lack of doing.

But their impudence and arrogance will lead to
the down fall of MS. ie Sears.

The US Government doesn't need stronger walls, they
need a better OS than MS offers.
MS does not have security as the priority, but a secondary
or even tericary goal.

Security is an add on not a built in for MS.
The lack of competition has dulled MS's edge,
and live too comfortably as THE fat cat.

Gerald
.

Related articles

• Internet Security, Whats Next? (warintel.blogspot.com)
• Microsoft calling kettle Black (warintel.blogspot.com)

Paki blackmail?

Sats Spot 3 Miles of NATO Supply Trucks Bottlenecked in Pakistan

Read More http://www.wired.com/dangerroom/2010/10/sats-spot-3-miles-of-nato-supply-trucks-bottlenecked-in-pakistan/#ixzz12r6XQJ1C

Click on pic to enlarge.

Paki getting as much as $2 billion over the next five years

Read More http://www.wired.com/dangerroom/2010/10/will-pakistan-use-new-u-s-military-gear-against-terrorists/#ixzz12r74vEwD


Wired asks if weapons will be used against Terrorist?
Better question is will they be used against Afghan 
terrorist operating out of Paki?


150,000 tanker trucks a month used to pass through the blockade .
Pakistan’s 10-day blockade against NATO convoys has ended

And few days later US announces $2 billion aid package.


Hmmm.




Gerald
Anthropologist




.

MS "unprecedented wave" Java malware exploits

Over 6,000,000 in month .

Disable java?
No way to disable Jave in Google Chrome?


There has been an "unprecedented wave" of exploits against vulnerabilities in Oracle's Java during the third quarter of this year, according to data from the Microsoft Malware Protection Center. The software giant provided the following data to back its claims, outlining three specific vulnerabilities (all of which have patches available) that are being exploited en masse:
Over the last few years, the main focus of vulnerability protection has been steadily moving away from the OS and instead to the browser,( BAD MOVE BUT EASY ON MS, G ) and the applications that it depends on. Last year, Adobe Reader took the crown away from Microsoft Office as the software with the most vulnerabilities. Brad Arkin, Senior Director of Product Security & Privacy for Adobe Systems, announced in May 2009 that a major Adobe Reader and Acrobat security initiative was underway: code hardening, incident response process improvements, and a shift to a regular security update schedule.
SOURCE:


Risks:
Examination of "source" page above.
http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars

Combine external JavaScript (11)
Enable gzip compression (2)
Leverage browser caching (77)
Leverage proxy caching (40)
Minimize cookie size
Serve static content from a cookieless domain (8)
Specify image dimensions (1)
Web Page Performance
Optimize the order of styles and scripts (5)
Put CSS in the document head (1)
Remove unused CSS rules (776)

empty.htmlFailed to load resource
b:-1Resource interpreted as image but transferred with MIME type text/plain.
count:-
1Resource interpreted as script but transferred with MIME type application/json.
count.json:-
1Resource interpreted as script but transferred with MIME type application/json.

Unsafe JavaScript attempt to access frame with URL
 http://static.addtoany.com/menu/sm1.html#page;http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL
http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.reddit.com/static/button/button1.html?width=120&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&title=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&bgcolor=fff&bordercolor=eee from frame with URL
 http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&layout=button_count&show_faces=false&width=85&action=like&font=arial&colorscheme=light&height=21 from frame with URL
http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://platform0.twitter.com/widgets/tweet_button.html?_=1287481343826&count=horizontal&counturl=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars〈=en&text=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&url=http%3A%2F%2Farst.ch%2Fmuc&via=arstechnica from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/connect/connect.php?id=19374573752&connections=10&stream=0&css&locale=en_US&logobar=0 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://static.arstechnica.net//public/v6/footer.html?1287260854 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL
http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL http://ad.adlegend.com/iframe?spacedesc=2000398_1090258_728x90_1201153_2000398&target=_blank&@CPSC@=http://ad.doubleclick.net/click%3Bh%3Dv8/3a38/3/0/%2a/w%3B229161266%3B0-0%3B0%3B31555509%3B3454-728/90%3B38708792/38726549/1%3B%3B%7Eaopt%3D3/1/96/0%3B%7Esscs%3D%3f. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://static.addtoany.com/menu/sm1.html#page;http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.reddit.com/static/button/button1.html?width=120&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&title=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&bgcolor=fff&bordercolor=eee from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&layout=button_count&show_faces=false&width=85&action=like&font=arial&colorscheme=light&height=21 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://platform0.twitter.com/widgets/tweet_button.html?_=1287481343826&count=horizontal&counturl=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars〈=en&text=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&url=http%3A%2F%2Farst.ch%2Fmuc&via=arstechnica from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/connect/connect.php?id=19374573752&connections=10&stream=0&css&locale=en_US&logobar=0 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://static.arstechnica.net//public/v6/footer.html?1287260854 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.reddit.com/static/button/button1.html?width=120&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&title=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&bgcolor=fff&bordercolor=eee from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&layout=button_count&show_faces=false&width=85&action=like&font=arial&colorscheme=light&height=21 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/connect/connect.php?id=19374573752&connections=10&stream=0&css&locale=en_US&logobar=0 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://static.arstechnica.net//public/v6/footer.html?1287260854 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://platform0.twitter.com/widgets/tweet_button.html?_=1287481343826&count=horizontal&counturl=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars〈=en&text=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&url=http%3A%2F%2Farst.ch%2Fmuc&via=arstechnica from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://static.addtoany.com/menu/sm1.html#page;http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://ad.adlegend.com/iframe?spacedesc=2000398_1090258_728x90_1201153_2000398&target=_blank&@CPSC@=http://ad.doubleclick.net/click%3Bh%3Dv8/3a38/3/0/%2a/w%3B229161266%3B0-0%3B0%3B31555509%3B3454-728/90%3B38708792/38726549/1%3B%3B%7Eaopt%3D3/1/96/0%3B%7Esscs%3D%3f from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.


G
Tactical Internet Systems analyst.
.

Is Charter Communications Spying?

Is Charter Communications  Spying?

Maybe its just coincidence every spy has been on 

a charter IP 3X from locations all over the country.

We deployed counter surveillance.

We spotted them months ago, at first we thought

they might be insurgents and fed them a diet of

Porn.

10 tabs 15 hrs of porno No waiting.

In the most recent case we sent out a cyber 

sniper team and they moved to a more hardened

IP.

There is no doubt we have a spy on one of

our OSINT collection PC's.

The COWs picked them up as an anomaly,
Don't have a COW man., Cyber Over Watch

But a statistical check indicated the phenomenon

was beyond coincidence.

IPS-TIME-PAGES-TIME ON SITE

Every time that PC viewed our Blog, somebody

else was there looking at the same pages, for

the same amount of time. time after time,

for days, maybe 50 instances.

Does Charter Spy?

YES

http://warintel.blogspot.com/2008/05/charter-isp-to-spy-on-users.html

Do other Internet Service Providers SPY?

YES

http://warintel.blogspot.com/2008/05/comcast-spying-1000-day.html

Proofs:

One instance:

US

Domain Name		charter.com ? (Commercial)
IP Address		24.xxx.xxx.# (CHARTER COMMUNICATIONS)
ISP		CHARTER COMMUNICATIONS
Location		Continent  :  North America Country  :  United States  (Facts) State  :  xxxxxxx City  :  xxxxxx Lat/Long  :  xx.xxxx, xxx.xxxx (Map) Distance  :  xxx miles
Language		English (U.S.) en-us
Operating System		Macintosh WinNT
Browser		deleted
Javascript		version 1.5
Monitor		Resolution  :  1280 x 800 Color Depth  :  32 bits
Time of Visit		Oct 18 2010 5:54:48 pm
Last Page View		Oct 18 2010 6:21:10 pm
Visit Length		26 minutes 22 seconds
Page Views		4
Referring URL		http://warintel.blog...ful-weapon-ever.html
Visit Entry Page		http://warintel.blog...of-cyber-threat.html
Visit Exit Page		http://warintel.blog...si-and-al-qaeda.html
Out Click		http://img2.blogblog.com/img/icon18_edit_allbkg.gif http://www.blogger.c...=4342756413990641891
Time Zone		UTC-5:00
Visitor's Time		Oct 18 2010 5:54:48 pm
Visit Number		355,181

HIGHLIGHT TO SEE ALL TEXT, G

THEM:

Domain Name		charter.com ? (Commercial)
IP Address		24.180.142.# (CHARTER COMMUNICATIONS)
ISP		CHARTER COMMUNICATIONS
Location		Continent  :  North America Country  :  United States  (Facts) State  :  Minnesota City  :  Rochester Lat/Long  :  44.0301, -92.4622 (Map) Distance  :  931 miles
Language		unknown
Operating System		Macintosh WinNT
Browser		Safari 1.3 Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Javascript		disabled
Time of Visit		Oct 18 2010 5:54:45 pm
Last Page View		Oct 18 2010 6:22:35 pm
Visit Length		27 minutes 50 seconds
Page Views		5
Referring URL		unknown
Visit Entry Page		http://warintel.blog...of-cyber-threat.html
Visit Exit Page		http://warintel.blog...si-and-al-qaeda.html
Out Click
Time Zone		unknown
Visitor's Time		Unknown
Visit Number		355,180

Note the same approximate start and end times.

The same amount of time on line.

The same entry and exit pages.

There are some differences which they are not sending

actual screen views from the infected PC, just the pages

visited. We have documented many instances of
this Ghost riding.
Internet Anthropologist Think Tank: 
CYBER Ghost Riding is very ...

This meets our requirements of an attack.

And "rules of engagement " apply.

Gerald

Tactical Internet Systems analyst.

My Email:

InternetAnthropologistTT@gmail.com
UPDATE:
Charter visited this post at 11:40:50
and our logging of all Charter hits quit,
Site meter now doesn't register hits
from out infected PC or the Ghost
rider at charter IP.
Incidently the hit at 11:40 came from
the same city as the Ghost, but different
IP, Rochester, Minnesota .
anyone know where Charters security services
are located? Rochester, Minnesota ?


2:28 am EST hit recording back on.
They are stil there. alternate method to track them. 


Now their pissing me off, they think I'm stupid? 7:56 am EST



More info on the infection.
.