Internet Anthropologist Think Tank: 10/17/10 - 10/24/10

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Saturday, October 23, 2010

    Cyber snipers attack wikileaks

    Cyber Snipers take on Wikileaks, Wikileaks guilty of espionage.





    Several instances crippling Wikeleaks servers and functions,
    some reported some not.
    They have to relocate serves several times.

    Penetrations, data leaks, private keys got out, massive
    security leaks.

    “communications infrastructure is currently under attack,” adding the cryptic message “Project BO move to coms channel S. Activate Reston5.”

    A Wikileaks source who asks to remain anonymous now says that the organization’s XMPP server in Amsterdam, used to host its encrypted instant messaging communications, was compromised earlier this week by an unknown attacker, and the chat service had to be relocated to another server in Germany.

    Wikileaks’ site has been largely disabled over the last several weeks, displaying only a note that the site is “undergoing scheduled maintenance” and “will be back online as soon as possible.” 

    If a major leak is in the works, it wouldn’t the first time Wikileaks’ site has suffered technical issues and recovered in time to regain the spotlight. Last June its submissions page ceased to function, but was fixed in time for the release of the so-called “Afghan War Diary” in July.

    Aside from digital sabotage, the site has also faced financial sniping. Wikileaks had one of its accounts frozen by the donation-collecting company Moneybookers, and claims the freeze was a result of the organization being placed on a U.S. government watchlist and an Australian government blacklist.


    SOURCED form:
    http://blogs.forbes.com/andygreenberg/2010/10/22/wikileaks-hacked-by-very-skilled-attackers/

    Wikileaks guilty of Blackmail.
    On Tuesday, the site’s twitter feed recommended that followers copy the encrypted “insurance” file that it posted to the site in July.
    Threating the release of Un-redacted stolen documents putting Iraqi, Afghan and Paki civilians with the release of
    their names.

    Wikileaks founder has been accused of Rape and sexual offenses.

    Will supporters continue to support wikileaks with these security breaches and release of their Secret Info?

    More to follow.



    Gerald
    Anthropologist

    .

    Terrorist Names SEARCH:
    Loading

    Friday, October 22, 2010

    Genius surfers 10.22.10


    CHINA...G


    .

    Terrorist Names SEARCH:
    Loading

    The day Google almost took over the World.







    There is an universal adaptation force by humanity
    that changes human kind. The penultimate buy point.

    The phone was such an adaptation.
    The TV and WWW also.
    Human kind saw it and bought the paradigm.

    All of these paradigms changed humanity.
    Moved power to the people.
    The right to know, the right to have access to
    the world has been a clarion call.

    The phone TV and WWW have all been
    seminal in advancing this deeply seated
    human need.

    A penultimate buy point, isn't a selling point.
    None of us like to be "sold"
    but we all love "buying".

    These technologys all have been 
    penultimate buy points, universal 
    human adaptation to these technologys.

    Now of course "selling" has been used
    to get us to buy "the brand of TV" etc
    we use, but we "bought " the technology
    as a human species.

    The movement along this paradigm is
    unstoppable and convergent vectors in 
    expanding the human mind.

    Googles penultimate buy point key,
    has been "free service", a very powerful
    inducement to be a early user.

    Google's user knowledge data base
    encompasses the human movement
    like nothing we have ever seen, except
    maybe in history books 5 years after
    the fact. Google's data user data bases
    provide the same perspective on a
    real time basis.

    As an anthropologist I would love to have 
    access to Googles user data bases.
    To see human kind's paradigm,
    The desires of the "id, ego, superego"
    for the human paradigm.

    I have long ago given up on trying to keep
    my psyche secret form Google.

    The exchange of my desires for the Google
    information and services seems a fair exchange
    so far, and I know I might be sorry later.

    But with Google TV they almost took over the 
    world.

    Google has its WWW services which are 
    amazing and empowering.
    They have also moved into phones with
    android.
    And now TV.

    The Google TV could have been a human
    kind paradigm changer. But they dropped the
    ball, it has an $400 buy in fee.
    Its not free.

    In and of its self its cute.
    But putting them all together, phone, WWW
    and TV, it has a power undefined thus far.

    With this combination properly configured
    they would be set to take over the world
    at a seminal penultimate buy point by humanity.

    To take over the world they only need the
    penultimate buy point technology.

    Something I call conclusive fundamental
    technology.

    The WWW, TV all searchable on a 
    cell phone with Hi Res connection to
    Iglasses.It's a set of glasses, ( a 70inch virtual projection screen
    in eye glasses from a cell phone. )

    The ability to ultimately empower humans.

    They failed with the abandonment of their
    free principal in Google TV, they have not
    taken over the world, yet.

    The human species is set for the next
    evolutionary jump, not biological but
    mental, access to the worlds knowledge
    universally.

    Its a great time to be alive and part of
    this evolutionary change.


    Gerald
    Internet Anthropologist

    Thank you Google.


    .

    Terrorist Names SEARCH:
    Loading

    Ops and Intel update 10,22,10





    Stuxnet:
    Paradigm Intel Ancillary Root kit undiscovered,
    Non affiliated PC's infected,awaiting insertion
    of key mem stick. To launch infection all over
    again, 4 months now Iran still hasn't defeated
    stuxnet. Stuxnet evoloving, 4th generation now,
    fighting back. Stuxnet team GENIUSES.
    Most knowledgeable and advanced hacker
    ever. Stuxnet work of art.
    I've never seen any thing this complicated and
    elegant, so au courant.

    Some code still not understood, junk code
    NOT.

    Stuxnet 1.0 still undiscovered.
    Stuxnet 3.0 in the wings, awaiting deployment..

    Stuxnet not just for IRANIANS.
    NKorea also, all nuke and material enrichment
    world wide monitoring. Awaiting news breaks
    on other facilities.


    Stop Stuxnet?


    xxxxxxxxxxxxx



    Think Tank assault  perp still unknown,
    Think Tank virus, cyber assault
    Four possibilities, Feds. Iran or Taliban
    or Wall St Banks..
    The timing suggest one team.
    Bot probe, 100 bots
    PC infection.
    Ghost rider.

    Infection to sloppy to be Feds, and they
    would use more than 100 bots.
    But ghost rider might be them.
    But they could get same info
    with a letter to ISP.

    Taliban has been most damaged
    by our ops, but doubt they have 
    the technology.

    Wall St Banks, work of individual 
    gun/hacker, derail attempt, side
    track us? Not likely they could
    have crashed PC.

    Most probable,
    Iran has the technology and Ghost rider, but could be proxy.
    BSU's probing.

    Its fun to explore your paranoia.

    XXXXXXXXX

    Mexican Convoy to deliver checks.



    With an escort of 60 officers with assault rifles, a convoy heads off to deliver pensions to people caught behind the siege line as one drug cartel tries to wait out another in a sinister battle for scores of human and drug trafficking routes into Arizona.



    XXXXXXXXXXXXXXXX

    Hackers hacking clients, and using cloud for
    storage of stolen data. Changing criminal BIZ models,
    and marketing hacks in the Dark .

    XXXXXXXXXXXXXXXX

    Passwords not a secure paradigm,
    anymore not even 20 characters.



    Gerald

    Tactical Internet Systems analyst.

    All this and much more in our
     Our WAR OSINT on Twitter

    .

    Terrorist Names SEARCH:
    Loading

    Thursday, October 21, 2010

    NATO takes the Gloves off

    NATO kicking the Taliban's Ass.
    Driving them out of Kandahar.
    Some of the gains seem to have come from a new mobile rocket that has pinpoint accuracy — like a small cruise missile — and has been used against the hideouts of insurgent commanders around Kandahar. That has forced many of them to retreat across the border into Pakistan. Disruption of their supply lines has made it harder for them to stage retaliatory strikes or suicide bombings, at least for the moment, officials and residents said.
    SOURCE:



    Taliban bleeding bad.

    G

    .

    Terrorist Names SEARCH:
    Loading

    Rules to engage cyber attack

    Pentagon Will Help Homeland Security Department Fight Domestic Cyberattacks

    The system would mirror that used when the military is called on in natural disasters like hurricanes or wildfires. ( 5 hrs, ? G )A presidential order dispatches the military forces, working under the control of the Federal Emergency Management Agency.
    Under the new rules, the president would approve the use of the military’s expertise in computer-network warfare, and the Department of Homeland Security would direct the work. ( one hr, G )
     The new approach will begin with a Department of Homeland Security team deploying to Fort Meade, Md. ( 3 hrs, G ), home to both the National Security Agency, which specializes in electronic espionage, and the military’s new Cyber Command. In exchange, a team of military networking experts would be assigned to the operations center at the Homeland Security Department.( another couple of hrs, G )
     SOURCE:

    Six to 10 hrs later US ready to respond, cyber attack has already crippled infrastructure and  WWW down.
    GREAT RULES.


    Gerald
    Anthropologist


    .

    Terrorist Names SEARCH:
    Loading

    Genius Readers, 10.21.10


    G

    .

    Terrorist Names SEARCH:
    Loading

    Wednesday, October 20, 2010

    Think Tank virus, cyber assault

    The COWs and counter surveillance have been
    very busy.
    We have had Ghost riders, on one PC,
    following it everywhere it goes.
    We sent cyber troops in and they
     switched IP to a hardened server.
     Is Charter Communications Spying?

    A PC infected, spooler, server, work station,
    etc.
    More info on the infection.

     
    And bot attacks.

    Internet Anthropologist Think 

    Tank: WarIntel Bot probe

    We have deployed Cyber sniper teams and BSU's.
    and backed them off.
    Wonder if we are the only Think Tank hit?
     Cyber operations against us have been relatively
    stealthy.

    And its discovered Stuxnet has been
    programmed to walk through all firewalls
    and bypasses all Security Suites.
    Sigh, proof of concept.
    http://warintel.blogspot.com/2010/10/stuxnet-update-102010.html


     Just not my week.


    Gerald
    Tactical Internet Systems analyst.
     http://warintel.blogspot.com/2009/03/www-security-getting-impossible.html
    .

    Terrorist Names SEARCH:
    Loading

    Stuxnet update 10.20.10

    Our paradigm Intel has been right on target.
    • To escape detection while targeting every Windows OS from 2000 to 7, the attack team purchased each and every version of all antivirus products for each OS and then designed Stuxnet to ensure they wouldn't be noticed by any of them.
    • Stuxnet is evolving its capabilities to infect systems and replicate within an organization, yet its payload remains unchanged. Meaning: the target remains the same ... and maybe the attackers aren't yet satisfied they've accomplished their mission.
    • On the human-interest side, he noted that the reverse engineering paths he and his colleagues have been following are the same or similar to those blazed by the team who crafted the attack. Though lots of evidence points that way, Symantec (unlike Ralph Langner and others) is not ready to say that Iran's nuclear operations are the only or primary target of Stuxnet. There are still several parts of Stuxnet they've yet to crack and their research continues.
    • In addition to phenomenal antivirus evasion techniques, Stuxnet includes lots of other stealth approaches and myriad attack strategies for getting past OS defenses, through firewalls, increasing its privileges, and much, much more.
     SOURCE:
    Lots more to come out of the reverse engineering.G

    Definitive research:
    Self-replicates through removable drives exploiting a vulnerability allowing auto-execution.
    • Microsoft Windows Shortcut ‘LNK/PIF’ Files Automatic File Execution Vulnerability (BID 41732)
    Spreads in a LAN through a vulnerability in the Windows Print Spooler.
    • Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (BID 43073)
    Spreads through SMB by exploiting the • Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874).
    Copies and executes itself on remote computers through network shares.•
    Copies and executes itself on remote computers running a WinCC database server.•
    Copies itself into Step 7 projects in such a way that it automatically executes when the Step 7 project is loaded.
    Updates itself through a peer-to-peer mechanism within a LAN.•
    Exploits a total of four unpatched Microsoft vulnerabilities, two of which are previously mentioned vulnerabilities for self-replication and the other two are escalation of privilege vulnerabilities that have yet to be disclosed.
    Contacts a command and control server that allows the hacker to download and execute code, including up• dated versions.
    Contains a Windows rootkit that hide its binaries.•
    Attempts to bypass security products.•
    Fingerprints a specific industrial control system and modifies code on the Siemens PLCs to potentially sabo• tage the system.
    Hides modified code on PLCs, essentially a rootkit for PLCs.•
    Enhanced by Zemanta

    Terrorist Names SEARCH:
    Loading

    Genius Readers, 10.20.10

    Terrorist Names SEARCH:
    Loading

    MS OS complacent. Security risk.

    Why is Micro Soft on the cusps of loosing its market
    share?
    The obvious answer is security.
    MS OS doesn't offer security.
    There are new exploits every month,
    the OS leaks like sieve.

    Even outside vendors have made an entire industry
    trying to secure their OS.
    And it has never been done.

    They lost the browser market because
    of security issues and their operating System
    will be the downfall of MicroSoft,just as
    Walmart over took Sears.
    The browser war is an attempt to secure the
    interface to the WWW because the OS isn't
    secure.

    MS hasn't revised their core paradigm
    since its inception.

    They had the only OS and it was theirs.
    They still think the MicroSoft Operating
    system we BOUGHT belongs to them.

    While it has many bells and whistles
    it is Obtuse, you go to the Start button
    to turn it off.

    Indexer runs whether you want it to or not.

    Explorer.exe runs for 30 min + at boot up.

    And the cursor jumps around like I'm spastic.

    Hidden security programs are hidden and very difficult
    to use and not centralized.
    You practically have to be an insider to know where
    they are and what they do.
    Netstat -B for example doesn't run unless you
    disable some security, but they don't tell you that.

    They discovered 6,000,000 Java attempted intrusions.
    FROM your system, were you notified, NO.

    They won't upgrade illegal MicroSoft OS opening
    those illegal system to bot farms, no tickee,
    no patatchee, to the risk of the rest of us.

    And their security systems "silver light"
    and "defender" do not report to you, has any one ever
    got a warning of infection from their programs?

    Security logs, MS maintains them on your PC, but you need to
    set up your own logs to vies anything, and they are
    OBTUSE, NO instructions, and user abusive.

    The logs that you can find the OS will not allow
    you to view them even with administrator privileges.
    The OS has outstanding research and security systems
    all out of reach of the average user.

    MS is still operating like they are the only
    Operating System available.

    Our paradigm forecast indicates a new more secure
    OS in the future which MS will ignore at its own peril.

    Unless you are a geek you can't use the security and
    forensic programs built into MS OS.
    Which makes them useless to the average user.

    And the update patches are another example of
    who they think owns your system. URGENT patches for
    MS software not even on my system.

    Having to redo "authenticate" valid MS OS is another
    example of wasted time effort and space.
    They upload reams of code to my pc like they own
    my hard drive, and recently without my permission.

    The lack of security and privacy on the WWW is in a major
    part MicroSofts doing, or lack of doing.

    But their impudence and arrogance will lead to
    the down fall of MS. ie Sears.

    The US Government doesn't need stronger walls, they
    need a better OS than MS offers.
    MS does not have security as the priority, but a secondary
    or even tericary goal.

    Security is an add on not a built in for MS.
    The lack of competition has dulled MS's edge,
    and live too comfortably as THE fat cat.
    Gerald
    .
    Enhanced by Zemanta

    Labels:

    Terrorist Names SEARCH:
    Loading

    Tuesday, October 19, 2010

    Paki blackmail?

    Sats Spot 3 Miles of NATO Supply Trucks Bottlenecked in Pakistan

    Read More http://www.wired.com/dangerroom/2010/10/sats-spot-3-miles-of-nato-supply-trucks-bottlenecked-in-pakistan/#ixzz12r6XQJ1C






    Click on pic to enlarge.




    Paki getting as much as $2 billion over the next five years

    Read More http://www.wired.com/dangerroom/2010/10/will-pakistan-use-new-u-s-military-gear-against-terrorists/#ixzz12r74vEwD



    Wired asks if weapons will be used against Terrorist?
    Better question is will they be used against Afghan 
    terrorist operating out of Paki?


    150,000 tanker trucks a month used to pass through the blockade .
    Pakistan’s 10-day blockade against NATO convoys has ended

    And few days later US announces $2 billion aid package.



    Hmmm.




    Gerald
    Anthropologist




    .



    Terrorist Names SEARCH:
    Loading

    MS "unprecedented wave" Java malware exploits

    Over 6,000,000 in month .


    Disable java?
    No way to disable Jave in Google Chrome?


    There has been an "unprecedented wave" of exploits against vulnerabilities in Oracle's Java during the third quarter of this year, according to data from the Microsoft Malware Protection Center. The software giant provided the following data to back its claims, outlining three specific vulnerabilities (all of which have patches available) that are being exploited en masse:
    Over the last few years, the main focus of vulnerability protection has been steadily moving away from the OS and instead to the browser,( BAD MOVE BUT EASY ON MS, G ) and the applications that it depends on. Last year, Adobe Reader took the crown away from Microsoft Office as the software with the most vulnerabilities. Brad Arkin, Senior Director of Product Security & Privacy for Adobe Systems, announced in May 2009 that a major Adobe Reader and Acrobat security initiative was underway: code hardening, incident response process improvements, and a shift to a regular security update schedule.
    SOURCE:



    Risks:
    Examination of "source" page above.
    http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars

    Combine external JavaScript (11)
    Enable gzip compression (2)
    Leverage browser caching (77)
    Leverage proxy caching (40)
    Minimize cookie size
    Serve static content from a cookieless domain (8)
    Specify image dimensions (1)
    Web Page Performance
    Optimize the order of styles and scripts (5)
    Put CSS in the document head (1)
    Remove unused CSS rules (776)

    empty.htmlFailed to load resource
    b:-1Resource interpreted as image but transferred with MIME type text/plain.
    count:-
    1Resource interpreted as script but transferred with MIME type application/json.
    count.json:-
    1Resource interpreted as script but transferred with MIME type application/json.

    Unsafe JavaScript attempt to access frame with URL
     http://static.addtoany.com/menu/sm1.html#page;http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL
    http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://www.reddit.com/static/button/button1.html?width=120&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&title=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&bgcolor=fff&bordercolor=eee from frame with URL
     http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&layout=button_count&show_faces=false&width=85&action=like&font=arial&colorscheme=light&height=21 from frame with URL
    http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://platform0.twitter.com/widgets/tweet_button.html?_=1287481343826&count=horizontal&counturl=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars〈=en&text=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&url=http%3A%2F%2Farst.ch%2Fmuc&via=arstechnica from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/connect/connect.php?id=19374573752&connections=10&stream=0&css&locale=en_US&logobar=0 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://static.arstechnica.net//public/v6/footer.html?1287260854 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL
    http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL http://ad.adlegend.com/iframe?spacedesc=2000398_1090258_728x90_1201153_2000398&target=_blank&@CPSC@=http://ad.doubleclick.net/click%3Bh%3Dv8/3a38/3/0/%2a/w%3B229161266%3B0-0%3B0%3B31555509%3B3454-728/90%3B38708792/38726549/1%3B%3B%7Eaopt%3D3/1/96/0%3B%7Esscs%3D%3f. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://static.addtoany.com/menu/sm1.html#page;http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://www.reddit.com/static/button/button1.html?width=120&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&title=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&bgcolor=fff&bordercolor=eee from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&layout=button_count&show_faces=false&width=85&action=like&font=arial&colorscheme=light&height=21 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://platform0.twitter.com/widgets/tweet_button.html?_=1287481343826&count=horizontal&counturl=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars〈=en&text=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&url=http%3A%2F%2Farst.ch%2Fmuc&via=arstechnica from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/connect/connect.php?id=19374573752&connections=10&stream=0&css&locale=en_US&logobar=0 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://static.arstechnica.net//public/v6/footer.html?1287260854 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://www.reddit.com/static/button/button1.html?width=120&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&title=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&bgcolor=fff&bordercolor=eee from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&layout=button_count&show_faces=false&width=85&action=like&font=arial&colorscheme=light&height=21 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/connect/connect.php?id=19374573752&connections=10&stream=0&css&locale=en_US&logobar=0 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://static.arstechnica.net//public/v6/footer.html?1287260854 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://platform0.twitter.com/widgets/tweet_button.html?_=1287481343826&count=horizontal&counturl=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars〈=en&text=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&url=http%3A%2F%2Farst.ch%2Fmuc&via=arstechnica from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://static.addtoany.com/menu/sm1.html#page;http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

    Unsafe JavaScript attempt to access frame with URL http://ad.adlegend.com/iframe?spacedesc=2000398_1090258_728x90_1201153_2000398&target=_blank&@CPSC@=http://ad.doubleclick.net/click%3Bh%3Dv8/3a38/3/0/%2a/w%3B229161266%3B0-0%3B0%3B31555509%3B3454-728/90%3B38708792/38726549/1%3B%3B%7Eaopt%3D3/1/96/0%3B%7Esscs%3D%3f from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.


    G
    Tactical Internet Systems analyst.
    .

    Terrorist Names SEARCH:
    Loading

    Monday, October 18, 2010

    Is Charter Communications Spying?

    Is Charter Communications  Spying?






    Maybe its just coincidence every spy has been on 
    a charter IP 3X from locations all over the country.
    We deployed counter surveillance.
    We spotted them months ago, at first we thought
    they might be insurgents and fed them a diet of
    Porn.
    In the most recent case we sent out a cyber 
    sniper team and they moved to a more hardened
    IP.
    There is no doubt we have a spy on one of
    our OSINT collection PC's.
    The COWs picked them up as an anomaly,
    Don't have a COW man., Cyber Over Watch
    But a statistical check indicated the phenomenon
    was beyond coincidence.
    IPS-TIME-PAGES-TIME ON SITE
    Every time that PC viewed our Blog, somebody
    else was there looking at the same pages, for
    the same amount of time. time after time,
    for days, maybe 50 instances.
    Does Charter Spy?
    YES
    Do other Internet Service Providers SPY?
    YES
    Proofs:
    One instance:
    US
    Domain Namecharter.com ? (Commercial)
    IP Address24.xxx.xxx.# (CHARTER COMMUNICATIONS)
    ISPCHARTER COMMUNICATIONS
    Location
    Continent : North America
    Country : United States  (Facts)
    State : xxxxxxx
    City : xxxxxx
    Lat/Long : xx.xxxx, xxx.xxxx (Map)
    Distance : xxx miles
    LanguageEnglish (U.S.)
    en-us
    Operating SystemMacintosh WinNT
    Browserdeleted
    Javascriptversion 1.5
    Monitor










    Resolution : 1280 x 800
    Color Depth : 32 bits
    Time of VisitOct 18 2010 5:54:48 pm
    Last Page ViewOct 18 2010 6:21:10 pm
    Visit Length26 minutes 22 seconds
    Page Views4
    Referring URLhttp://warintel.blog...ful-weapon-ever.html
    Visit Entry Pagehttp://warintel.blog...of-cyber-threat.html
    Visit Exit Pagehttp://warintel.blog...si-and-al-qaeda.html
    Out Clickhttp://img2.blogblog.com/img/icon18_edit_allbkg.gif
    http://www.blogger.c...=4342756413990641891
    Time ZoneUTC-5:00
    Visitor's TimeOct 18 2010 5:54:48 pm
    Visit Number355,181
    HIGHLIGHT TO SEE ALL TEXT, G
    THEM:

    Domain Namecharter.com ? (Commercial)
    IP Address24.180.142.# (CHARTER COMMUNICATIONS)
    ISPCHARTER COMMUNICATIONS
    Location
    Continent : North America
    Country : United States  (Facts)
    State : Minnesota
    City : Rochester
    Lat/Long : 44.0301, -92.4622 (Map)
    Distance : 931 miles
    Languageunknown
    Operating SystemMacintosh WinNT
    BrowserSafari 1.3
    Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
    Javascriptdisabled
    Time of VisitOct 18 2010 5:54:45 pm
    Last Page ViewOct 18 2010 6:22:35 pm
    Visit Length27 minutes 50 seconds
    Page Views5
    Referring URLunknown
    Visit Entry Pagehttp://warintel.blog...of-cyber-threat.html
    Visit Exit Pagehttp://warintel.blog...si-and-al-qaeda.html
    Out Click
    Time Zoneunknown
    Visitor's TimeUnknown
    Visit Number355,180
    Note the same approximate start and end times.
    The same amount of time on line.
    The same entry and exit pages.
    There are some differences which they are not sending
    actual screen views from the infected PC, just the pages
    visited. We have documented many instances of
    this Ghost riding.
    Internet Anthropologist Think Tank: 
    CYBER Ghost Riding is very ...
    This meets our requirements of an attack.
    And "rules of engagement " apply.
    Gerald
    Tactical Internet Systems analyst.
    My Email:
    InternetAnthropologistTT@gmail.com
    UPDATE:
    Charter visited this post at 11:40:50
    and our logging of all Charter hits quit,
    Site meter now doesn't register hits
    from out infected PC or the Ghost
    rider at charter IP.
    Incidently the hit at 11:40 came from
    the same city as the Ghost, but different
    IP, Rochester, Minnesota .
    anyone know where Charters security services
    are located? Rochester, Minnesota ?


    2:28 am EST hit recording back on.
    They are stil there. alternate method to track them. 


    Now their pissing me off, they think I'm stupid? 7:56 am EST



    More info on the infection.
    Enhanced by Zemanta