Paradigm Intel on Government sponsored malware worms/rootkits.
Paradigm Intel on Government sponsored
If we IATT can do this:
malware worms/rootkits.
The speed in which the Stuxnet family
morphed and reconstituted after discovery
exposes some interesting facets of the beast.
In most instances 'they' were aware of the discovery,
and launched a new animal sometimes between the
discovery and patch, months.
This would indicate the use of a cyber sled
for delivery.
A holding mechanism where in they can swap
in and out components, different penetration
methods, payloads, and encryption engines.
And just launch. Sysadmins seem confident
in their ability to handle the problems, but
is that confidence justified.
The Stuxnet family has been on Irans air
gapped nuclear networks for 5 yrs now,
and they are building another intranet
not connected to the WWW.
Thats kind of like locking the doors with
an invisible burglar in the house.
Its getting hard to keep up with all
the sleds in operation.
New banking sled focused on Palestine
with an heavily encrypted payload.
Where most of Iran's proxy banking
takes place.
http://www.securelist.com/en/blog/208193781/The_Mystery_of_the_Encrypted_Gauss_Payload
Where most of Iran's proxy banking
takes place.
http://www.securelist.com/en/blog/208193781/The_Mystery_of_the_Encrypted_Gauss_Payload
And we have news of a brewing national
economic crises there.
http://durangoherald.com/article/20120819/NEWS03/708199946/-1/s
A new variant that erases key files
and takes them off line.
http://www.zdnet.com/shamoon-malware-infects-computers-steals-data-then-wipes-them-7000002807/
There are even more virulent strains
that KILL COMPUTERS, no reloading
OS and starting over.
http://warintel.blogspot.com/2012/05/we-got-fuked.html
economic crises there.
http://durangoherald.com/article/20120819/NEWS03/708199946/-1/s
A new variant that erases key files
and takes them off line.
http://www.zdnet.com/shamoon-malware-infects-computers-steals-data-then-wipes-them-7000002807/
There are even more virulent strains
that KILL COMPUTERS, no reloading
OS and starting over.
http://warintel.blogspot.com/2012/05/we-got-fuked.html
If we IATT can do this:
Our counter-surveillance team carries IT beyond the wire,correlating IPs vs cities,states,often admin drops in just looking with lower opsec. IPs are tracked to see where else they 'visit' & IP cross vectored for addy,& SOCIALLY EXPLOITED. We can be on their mach just from their recon, they go active, trip our rules of engagement and we pull their plug,we can sit with them almost indefinitely w/IPT, We may deploy BSU's for COW, (CYBER OVER WATCH)
What can a government sled do?
Marcus J. Ranum helped me put into perspective the value
of SYSADMIN against cyber operations. I have a new found respect for them.
Much of the current cyber paradigm is just hypothesis,
similar to the advent of Tanks or chem warfare in WWI.
of SYSADMIN against cyber operations. I have a new found respect for them.
Much of the current cyber paradigm is just hypothesis,
similar to the advent of Tanks or chem warfare in WWI.
Both were game changers.
DOD & Mil & sysadmin tend to view most cyber weapons
as cut and dried, both error on opposite end of the spectrum.
as cut and dried, both error on opposite end of the spectrum.
Mil has expectations that when they ‘destroy’ something it stays
destroyed, not an expectation sysadmin will be hanging armoured cables out the windows and over roof tops.
Sysadmin seems overly confident, if it doesn’t light up we know
how to fix it. My experience has been they look for a single cause
of the problem, multiple causes can really flummox them.
And they are supremely confident dealing with one problem
at a time, I think they can be overwhelmed maybe defeated
for weeks at a time, encrypting, erasing, nulling, rewritting,
false C2 orders,loss of com lines,active interference etc, may
befuddle them for long periods.
Add social engineering, unknown/undiscovered malware
and Kinetic strikes, should slow sysadmins weeks.
destroyed, not an expectation sysadmin will be hanging armoured cables out the windows and over roof tops.
Sysadmin seems overly confident, if it doesn’t light up we know
how to fix it. My experience has been they look for a single cause
of the problem, multiple causes can really flummox them.
And they are supremely confident dealing with one problem
at a time, I think they can be overwhelmed maybe defeated
for weeks at a time, encrypting, erasing, nulling, rewritting,
false C2 orders,loss of com lines,active interference etc, may
befuddle them for long periods.
Add social engineering, unknown/undiscovered malware
and Kinetic strikes, should slow sysadmins weeks.
Without consideration of ethics, payloads could
target electrical grids, (much fear of this in USA) or banks,
locking up funds, encryption of data bases a temporary
situation, or erasing them and backups.
Iran’s nuclear network was air gapped, and it didn’t protect them,
all backups could also be compromised, Stuxnet etal has
had near 5 yrs on Iran’s networks mapping and collecting intel,
from networks,emails,irc chats, vid cams,speaker/microphones etc.
Irans mil networks, phone & cell phones.
Sysadmin without a phone would be at a very considerable
disadvantage, no back up or experts.
Change missile coordinates from CC by one integer,
or order Iran’s Mil to stand down through compromised CC.
Cut WWW cables to Iran use Confliker to target key sites,
broadcast psyops on their radio, TV.
false orders thru CC to execute @khamenei_ir ,
or order Iran Navy to surrender.
Or order IRCG to destroy nuke facilities themselves.
A cyber attack capability for mischief is limited
only by your imagination.
I tend to believe this IS a whole new domain,
and is usable by its self or with traditional attacks.
I would seem to be more than just a force multiplier.
target electrical grids, (much fear of this in USA) or banks,
locking up funds, encryption of data bases a temporary
situation, or erasing them and backups.
Iran’s nuclear network was air gapped, and it didn’t protect them,
all backups could also be compromised, Stuxnet etal has
had near 5 yrs on Iran’s networks mapping and collecting intel,
from networks,emails,irc chats, vid cams,speaker/microphones etc.
Irans mil networks, phone & cell phones.
Sysadmin without a phone would be at a very considerable
disadvantage, no back up or experts.
Change missile coordinates from CC by one integer,
or order Iran’s Mil to stand down through compromised CC.
Cut WWW cables to Iran use Confliker to target key sites,
broadcast psyops on their radio, TV.
false orders thru CC to execute @khamenei_ir ,
or order Iran Navy to surrender.
Or order IRCG to destroy nuke facilities themselves.
A cyber attack capability for mischief is limited
only by your imagination.
I tend to believe this IS a whole new domain,
and is usable by its self or with traditional attacks.
I would seem to be more than just a force multiplier.
But its a two sided sword, as actual human blood and
guts casualties are likely to be minimal, it will be used in
place of traditional military strikes, but has the potential
to make life hell for civilian victims.
guts casualties are likely to be minimal, it will be used in
place of traditional military strikes, but has the potential
to make life hell for civilian victims.
I’ve read extensively on the 13th Imam, the experts, and
I see nothing to suggest Iran wouldn’t push the button as it would bring the 13 Imam and a grand new Islamic Persian
calaphate, both K and the Iranian pres have hinted at it and said
so in private & public, “destroy Israel”.
They took over an US Embassy and held them hostage
444 days. I didn’t think that a rational decision either.
It would seem these Gov cyber sledsI see nothing to suggest Iran wouldn’t push the button as it would bring the 13 Imam and a grand new Islamic Persian
calaphate, both K and the Iranian pres have hinted at it and said
so in private & public, “destroy Israel”.
They took over an US Embassy and held them hostage
444 days. I didn’t think that a rational decision either.
turn around times are a matter of days or weeks.
And Iran's air gapped networks are loaded
and Iran functions only at the will of NSA.
While I wish Iran would just give up
their nuke program I am also hot to
see the payloads in action and how
they work with air strikes, its a new paradigm.
And scary, war without blood and guts civilian
injuries. And I'm afraid as we have seen
much more use of cyber weapons in more
frequent wars.
The other end of this spectrum is defence.
And our Paradigm Intel postulates, based
on the use of offensive weapons, that
NSA has defence covered.
We see two ways to do this.
One is through the use of Cows.
Cyber Over watch. Non-intrusive,
invisible.
Proof of concept:
Once the attack is spotted the attacking
PC can be taken off line temporarily or
permanently.
Second is advance persistence:
NSA has been on Iran's networks for
5 yrs and know in advance what and how
they plan to counterstrike.
And have the ability to watch the counter
attack being deployed and the capability
to intervene.
We think the Iran attack is eminent,
Iran will trigger it when it moves to
build a nuke, or thinks it can do so
in secret.
We watch with anticipation.
Gerald
War Anthropologist
posted by gerald at
8/20/2012 01:59:00 AM
READ MORE
READ OR SUBSCRIBE, Our WAR OSINT on Twitter
Tweet
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home