Internet Anthropologist Think Tank: Paradigm Intel on Government sponsored malware worms/rootkits.

  • Search our BLOG

  • HOME
    Terrorist Names SEARCH:

    Monday, August 20, 2012

    Paradigm Intel on Government sponsored malware worms/rootkits.

    Paradigm Intel on Government sponsored
    malware worms/rootkits.

    The speed in which the Stuxnet family 
    morphed and reconstituted after discovery
    exposes some interesting facets of the beast.

    In most instances 'they' were aware of the discovery,
    and launched a new animal sometimes between the 
    discovery and patch, months.

    This would indicate the use of a cyber sled 
    for delivery.

    A holding mechanism where in they can swap 
    in and out components, different penetration
    methods, payloads, and encryption engines.

    And just launch. Sysadmins seem confident
    in their ability to handle the problems, but
    is that confidence justified.

    The Stuxnet family has been on Irans air
    gapped nuclear networks for 5 yrs now,
    and they are building another intranet
    not connected to the WWW.

    Thats kind of like locking the doors with
    an invisible burglar in the house.

    Its getting hard to keep up with all
    the sleds in operation.

    New banking sled focused on Palestine
    with an heavily encrypted payload.
    Where most of Iran's proxy banking
    takes place.
    And we have news of a brewing national
    economic crises there.

    A new variant that erases key files 
    and takes them off line.

    There are even more virulent strains
    that KILL COMPUTERS, no reloading
    OS and starting over.

    If we IATT can do this:

    Our counter-surveillance team carries IT beyond the wire,correlating IPs vs cities,states,often admin drops in just looking with lower opsec. IPs are tracked to see where else they 'visit' & IP cross vectored for addy,& SOCIALLY EXPLOITED. We can be on their mach just from their recon, they go active, trip our rules of engagement and we pull their plug,we can sit with them almost indefinitely w/IPT, We may deploy BSU's for COW, (CYBER OVER WATCH)
    What can a government sled do?

    Marcus J. Ranum helped me put into perspective the value
    of SYSADMIN against cyber operations. I have a new found respect for them.
    Much of the current cyber paradigm is just hypothesis,
    similar to the advent of Tanks or chem warfare in WWI.
    Both were game changers.
    DOD & Mil & sysadmin tend to view most cyber weapons
    as cut and dried, both error on opposite end of the spectrum.
    Mil has expectations that when they ‘destroy’ something it stays
    destroyed, not an expectation sysadmin will be hanging armoured cables out the windows and over roof tops.
    Sysadmin seems overly confident, if it doesn’t light up we know
    how to fix it. My experience has been they look for a single cause
    of the problem, multiple causes can really flummox them.
    And they are supremely confident dealing with one problem
    at a time, I think they can be overwhelmed maybe defeated
    for weeks at a time, encrypting, erasing, nulling, rewritting,
    false C2 orders,loss of com lines,active interference etc, may
    befuddle them for long periods.
    Add social engineering, unknown/undiscovered malware
    and Kinetic strikes, should slow sysadmins weeks.
    Without consideration of ethics, payloads could
    target electrical grids, (much fear of this in USA) or banks,
    locking up funds, encryption of data bases a temporary
    situation, or erasing them and backups.
    Iran’s nuclear network was air gapped, and it didn’t protect them,
    all backups could also be compromised, Stuxnet etal has
    had near 5 yrs on Iran’s networks mapping and collecting intel,
    from networks,emails,irc chats, vid cams,speaker/microphones etc.
    Irans mil networks, phone & cell phones.
    Sysadmin without a phone would be at a very considerable
    disadvantage, no back up or experts.
    Change missile coordinates from CC by one integer,
    or order Iran’s Mil to stand down through compromised CC.
    Cut WWW cables to Iran use Confliker to target key sites,
    broadcast psyops on their radio, TV.
    false orders thru CC to execute @khamenei_ir ,
    or order Iran Navy to surrender.
    Or order IRCG to destroy nuke facilities themselves.
    A cyber attack capability for mischief is limited
    only by your imagination.
    I tend to believe this IS a whole new domain,
    and is usable by its self or with traditional attacks.
    I would seem to be more than just a force multiplier.

    But its a two sided sword, as actual human blood and
    guts casualties are likely to be minimal, it will be used in
    place of traditional military strikes, but has the potential
    to make life hell for civilian victims.
    I’ve read extensively on the 13th Imam, the experts, and
    I see nothing to suggest Iran wouldn’t push the button as it would bring the 13 Imam and a grand new Islamic Persian
    calaphate, both K and the Iranian pres have hinted at it and said
    so in private & public, “destroy Israel”.
    They took over an US Embassy and held them hostage
    444 days. I didn’t think that a rational decision either.
    It would seem these Gov cyber sleds
    turn around times are a matter of days or weeks.
    And Iran's air gapped networks are loaded
    and Iran functions only at the will of NSA.

    While I wish Iran would just give up
    their nuke program I am also hot to
    see the payloads in action and how
    they work with air strikes, its a new paradigm.
    And scary, war without blood and guts civilian
    injuries. And I'm afraid as we have seen 
    much more use of cyber weapons in more
    frequent wars.

    The other end of this spectrum is defence.
    And our Paradigm Intel postulates, based 
    on the use of offensive weapons, that
    NSA has defence covered.

    We see two ways to do this.
    One is through the use of Cows.
    Cyber Over watch. Non-intrusive,

    Proof of concept:

    Once the attack is spotted the attacking 
    PC can be taken off line temporarily or

    Second is advance persistence:
    NSA has been on Iran's networks for
    5 yrs and know in advance what and how
    they plan to counterstrike.
    And have the ability to watch the counter
    attack being deployed and the capability
    to intervene.

    We think the Iran attack is eminent,
    Iran will trigger it when it moves to
    build a nuke, or thinks it can do so
    in secret.

    We watch with anticipation.

    War Anthropologist



    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home