Internet Anthropologist Think Tank: 9/26/10 - 10/3/10

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Thursday, September 30, 2010

    Syrian reactor PC's infected virus?



    The Israeli air force's Sky Crows squadrons, which on Sept. 6, 2007, deployed 10 F-15I fighter jets to attack Syria's purported nuclear reactor, built along the Euphrates River and modeled after the North Korean reactor in Yongbyon and financed with Iranian assistance...

    New hypothesis from our Paradigm engine.
    Did the Syrian reactor PC's have a virus?
    NKorean and Iranian secret project, so
    there was no pretense about peaceful
    uses, and on a all out schedule to produce
    nuclear bomb material, virus spotted nuke
    bomb use and the Syrian reactor was Green
    lighted for an attack?

    Stuxnet worm, rootkit, botnet: the worm’s 
    birthday—as February 3, 2009. Maybe,
    its just a date found on one of the files.
    ~wtr4141.tmp
    The payload could have been changed a 
    dozen times before it was discovered.



    G

    Israeli Attack On Syrian Reactor, Template For Iran Attack?


    NO no need to attack reactor, can be self destructed
    by worm, why risk Air Force?

    Of course the worm may have only had monitoring 
    software in 2007, time of the attack, and take over
    code added in 2010.

    Another assumption is that this worm CAN be
    removed, many parts not reverse engineered yet.


    NO NUKE FOR YOU.

    .

    Comment:


    The worm is, as a physical piece of code, very large. It’s written in multiple languages and weighs in at nearly half a megabyte, and it maybe an invalid assumption that
    it can all be read, if it came form NSA one would expect part of it is written
    in unbreakable encryption, there are still many pieces of it that we don’t understand.
    Stuxnet is already the most studied piece of malware ever, absorbing the attention of engineers and programmers across the globe, from private companies to academics, to government specialists. And yet despite this intense scrutiny, the worm still holds many secrets.
    Many are upset that a State may have created this worm, but in fact
    they have not found anything new. Just a new compilation
    of old malware concepts, and are worried about its future use
    in the hands of criminals. 
    All the ideas are already out there, this is just a new proof
    of concept, genius in its deployment and implementation.
    And it further proof of the state of insecurity on the WWW.
    Every year there are zero day exploits, and not fewer but more
    every year. Todate there must be millions of security vulnerabilities .
    And is a demonstration of the failure of Security Vendors and the fraud
    perpetrated on the public with their  security suites that don't work
    against all KNOWN exploits.
    The security vendor industry is a failure by every measure.
    There will be more surprises.
    And criminals, terrorist will exploit the WWW,
    and the world has no security currently.


    The WWW is at risk, and with it,
    Western civilization as we know it.
    This is the first proof of concept.
    It doesn't feel like we can defend the
    WWW, maybe encryption is the key?
    Defend the encryption engine, keys
    and screen? We can't keep them
    off our PC's but maybe locks on the
    data doors.



    G
    Tactical Internet Systems analyst.
    The amazing factor is the Imagination
    to create it and deploy it.
    .


    .

    Terrorist Names SEARCH:
    Loading

    Tuesday, September 28, 2010

    10 tabs 15 hrs of porno No waiting.

    10 tabs 15 hrs of porno No waiting.




    We have found a bug.

    It uses explorer.exe to collect and collate data.

    And uses ONENOTE,

    Tha Spooler,

    Moviemaker,

    sets up a Lanman server

    and Lanman workstation.



    Explorer.exe run for about 16 min.



    To check your system

    create a dump file of exporer

    about 8 min into boot up.



    If infected you will see

    items created text files

    from last session.



    We have been unable to track

    it back to the hacker as of yet,

    but we did manage to

    pass on a gifte.



    It was on one of our OSINT

    machines, and that is the only

    thing on that network.



    So we borough up an Incognito

    window on Chrome, we used

    Incognito so as not to mess

    up history files, for future

    searches.



    And in this Incognito window

    we ran 10 tabs, all porno.

    huge volumes of data and

    ran them 15 hrs a day.

    For weeks.
    (The PC developed some latency issues
    to be sure but we found a work around.)


    We used our OSINT engine to find

    a porno site that has a venture fund

    involved, its less likely to have

    any malware.



    We are not sure who this is,

    but I would liked to have been

    a fly on the wall when they

    said "they don't seem to do any

    work there just watch porno all day."

    HA tee hee.



    If it had been a bad guy we expected

    something to show up in the forums.



    It seems todays porno is more

    pornoier than I remember.



    And I am always amazed at how

    Homo Sapiens are wired.

    Just seeing other copulate

    slows the higher brain functions,

    and just viewing it makes them

    want to engage in sex, from

    the visualisation alone.

    A mechanism to insure continuation

    of the species.



    We will be posting more on this

    malware as we reverse engineer it.



    There is a huge stash of Porno

    that we are searching for stored

    on some server, watch for smoke.



    Gerald



    .

    Terrorist Names SEARCH:
    Loading

    Monday, September 27, 2010

    What is our mission at IATT?





    What is our mission at IATT?
    They center around 4 paradigms.
    #1) Info War getting the Truth out.
    #2) Collecting and Reporting actionable Intel
    #3) Policy change.
    #4) Limited defensive cyber warfare.
    We have been changing, re-inventing
    ourselves every couple of years.
    As needed.

    But from the first I felt like the 
    WWW was a dance.
    It isn't good unless both work.
    One leads and the other follows.
    If "she" doesn't follow good then
    you have problems.
    A dance is like one person in
    the same body, but two 
    dancing. I'm implying the
    give and take, a feed back loop.

    I guess they don't dance like
    that any more.

    I've felt the WWW was like that
    it would speak to you, if your
    plugged in right.

    It will even tell you what to do,
    if your listening.

    But this terrorist gig started out as
    a confrontation with Jahiddies
    in a forum.

    Bitch slapping them around was
    fun but counter productive.


    So we switched to attacking
    the NON-Muslim foundation
    of the alQaeda cult.
    And remained civil.
    And we spread those messages to the
    WWW. 
    It worked well, incontrovertible
    arguments about their positions
    on Islam and violations of the 
    Koran, the hard core, just got
    mad and made threats, but
    the undecided heard the arguments.

    To run that paradigm we had to be
    in the know and accurate, and I
    built an OSINT system.
    It educated us well.
    And by diligence we found
    ourselves coming into actionable
    Intelligence.
    And we started posting the Intel,
    and the FBI contacted us for follow
    up Info.


    Exclusive spotted al Qaeda hunting 341 lbs
    of nuke material.
     
    http://warintel.blogspot.com/2008/10/exclusiveal-qaeda-knew-341-lbs-nuke.html 

    And we felt the actionable intel
    was of more value than the small
    Info war we were running on Infovlad

    So I turned my hacker skills to working
    on collecting actionable Intel.
    And while we don't do any thing illegal,
    there are many things you can do because
    they are not specifically illegal.


    And the Bot Surveillance Units were born.
    BSU's.
    And we went hunting webmasters and 
    terrorist hackers.

    We eventually tracked down most of
    the Taliban webmastes and many of the
    alQaeda webmasters and made special
    effort to take down hackers.
    About 900 to 1,000 terrorist websites
    eventually went down.
    Reporting actionable Intel was working
    but it felt like the GWOT was having problems.

    One was the terms of the success of the GWOT.
    Press runs stories to sell headlines, or get 
    hits. 
    Good news just doesn't sell, and the press
    has a tendency to spin everything bad.
    Like US was loosing the GWOT.
    We were believing our own bad press,
    eating our own news feeds.
    Even the Military was doing this.
    And developed some un-positive
    attitudes against the facts.
    So again we changed our paradigm.
    We wanted to influence policy.
    We saw things we thought could be fixed.
    Better solutions. 
    And at least an obligation to put them
    "out there" for others consideration.
    So this is the third reinvention of the
    Internet Anthropologist.

    But every thing accumulates.

    We have a very sharp OSINT system,
    Moles and mole school.
    At one point a mole was so far in al qaeda,
    they offered us money.
    I liked that, but the FBI killed it.

    And I know there are spelling errors,
    and some times my blog reads
    more like a flow of conciseness rather
    than like academic prose..
    Please try and keep up.

    But thats OK, most of the time it 
    comes so fast I have to pick and
    chose what will be the best use of
    our time, and what we can work best.
    And I can spend my time fixing the prose
    and spelling or increase production.

    I chose production even if it makes
    me look less professional.

    So we still have the skills for ferreting
    out false news and OSINT machine,
    Company "C" and the rest of the 
    Battalion, moles and BSU's and 
    accumulated accessories.
    And we make use of them all.

    Our paradigm work keeps us 
    ahead of our selves, we track and
    monitor our own work and production,
    and develop metrics for same.

    So currently we are trying to positively
    influence policy, but still have the skills
    and equipment to engage in Info Wars,
    collection of actionable Intel,
    and engage in defensive limited Cyber War.
    I assert my right to Cyber self defense
    and have Cyber arms.
    I am a Cyber Warrior
    I did what the WWW told me to do.

    The work is difficult, exhilarating, thankless,
    demanding, changeling and I love it.
    We think we have contributed to the GWOT
    effort.

    I do it because I can.
    A huge Salute to all those
    that spend their time and efforts
    so engaged. THANK YOU.



    Gerald one of the Civilian cyber warroirs



    Gerald
    Internet Anthropologist

    .

    Terrorist Names SEARCH:
    Loading

    Sunday, September 26, 2010

    Genius Readers 09.26.10




    Geraldanthro 
    Iran's OSINT team has been redeployed, the worm problem, Iran is bind for next few days, G #deptofdefense #statedept#iaeaorg #usairforce G




    G


    .

    Terrorist Names SEARCH:
    Loading

    Saturday, September 25, 2010

    Stuxnet Non-Proliferation Treaty rootkit Enforcer


    Stuxnet Maybe the first Non-Proliferation Treaty rootkit
    Enforcer, not meant only for Iran either.

    Hello N. Korea, Syria etc.

    So far everything points to a universal 
    "Trust but verify, and turn it off if it violates
    Non-Proliferation Treaty" rule set.

    It monitors reactor production and
    radiation levels, gathers size, location
    and other identifying and quantitative data
    and periodical sends this data through one
    of the backdoors thru a maze of IPs
    till it delivers said data to a repository.
    ( To be clear, it is a bot, they talk to each
    other P2P. G )

    And the production of that reactor
    is tracked in detail, and reports same.

    Now even if the worm/rootkit is cut
    off from the web it still operates.

    With its own artificial intelligence it
    tracks the data and if given limits are
    crossed, production of weapon grade
    material then the actions are tripped.

    A big disaster would be if it caused
    a Chernobyl, so it has been tested
    and has paradigms to keep out
    put as safe levels. It will take over
    a out of control hot reactor and shut
    it down if need be.

    But its main defense against violations
    of the non-proliferation treaty is to
    corrupt the material rendering it incapable
    of further processing. Destroy the product
    for weapons but safely.

    It in no way will damage a system,
    as it is capable of taking over a reactor
    and running it. Any civilian collateral
    damage would be catastrophic  for
    the policy.

    But it can on its own stop the violation.
    In the case of a nuclear member, it
    can just watch, with no interference.
    Its artificial Intelligence working to
    id the location and identifying data.

    Of the 30,000 or 300,000 computers
    it has penetrated in Iran it only has
    to survive  on 'one' to pick up new
    instructions and or new infection
    vectors to re infect Iran's entire net
    work again.

    How detailed and extensive is the
    monitoring the worm does?
    Here are some details.
    http://www.symantec.com/connect/blogs/exploring-stuxnet-s-plc-infection-process
    Very extensive monitoring and
    control abilities. Plus an artificial Intelligence.
    If it looses contact.
    If Iran isn't sure of 100% eradication
    then they might want to leave it connected.
    I would prefer real humans to artificial Intelligence
    running a reactor any time.

    But all this depends on Iran's regime.
    And Irans IT experts.
    With a switch of pay loads this could
    go after the banks or power plants,
    manufacturing lots of options.

    Iran may have been check mated here.
    This one was easy to find.
    Are there others Invisible persistent
    Rootkits? also on those PCs?

    I would be hard put to say no
    with any assurance or certainty.





    Remarkable concept.
    Paradigm Intel says it has artificial Intelligence
    craft, so it would know difference between China's
    reactor and Iran's reactor.

    This display will also serve as a big deterrent, 
    and warning shot to any other cyber Pirates.

    Next demonstration maybe to take down
    an entire bot net in seconds.

    There is little doubt about who is behind
    this, but there will be NO evidence either.
    Lots of knowledge but no Proof.

    And a very powerful deterrent against
    cyber strikes on US.

    Like when USA had the only nukes.
    Then Russia got them.

    Ok who is next to hit Iran, prove
    they have the Cyber Power?


    Gerald
    Tactical Internet Systems analyst.

    .

    Terrorist Names SEARCH:
    Loading

    Stuxnet development Paradigm Intel



    Stuxnet Paradigm Intel
    Stuxnet is a joint effort.




    An extraordinary piece of professional craft.
    Multi State craft.

    The expertise required for this effort is remarkable.
    Just assembling the required experts was a huge effort.
    We have identified outside Uber hackers,
    State hackers, nuclear experts, and using state of the art
    programing/exploits/hacking.

    This worm is based on past well tested and proven
    malware fitted with unknown zero day exploits four of them.
    One would have been sufficient.

    It required experts with intimate knowledge of the nuclear systems.

    The Teams were organized around these tasks.

    #1) Penetration methods and vectors 4 
    #2) Worm, security, backdoors and reporting
    #3) Controlling nuclear processes
    #4) Fingerprinting exact targets
    #5) Rootkit paradigms
    #6) Security team for counter strike
    #7) ARTIFICIAL INTELLIGENCE ENGINE

    And NSA used outside Uber Hackers, 
    other State experts, Nuclear Scientists,
    and pre-tested it over and over.
    And maintained Opsec.

    As we have said "the new
    paradigms will be discovered
    with in new contexts.

    This opens a new era in
    warfare in a new domain.

    Hope they are ready for 
    the counter strike.
    Its coming.

    Iran doesn't have the craft
    and won't have for years.

    But there are others who
    do.
    But this shows that NSA is at the
    top of the Game world wide,
    and they learn from every attack 
    on US systems. 
    This deluxe combo relies on
    old stand-bys and cutting edge
    craft, and even 4 unknown zero 
    day exploits. The data they have
    collected on this would fill several
    blogs already, and there is a lot
    more to reverse engineer.


    There are Gov. guys out there
    that are buying unknown zero
    day exploits, I've talked to
    one. He was interested in 
    our BSU's.


    We are scanning for the application
    of the "Law of Untended Consequence."


    We may not see that until a counter
    strike.


    One nice "LUC" maybe the expulsion
    of Abberjonny as Iranian President
    from the discovery of Stuxnet.
    Some of the file names are
    very illuminating.


    This surprised me, I knew it was
    possible, but didn't think NSA
    had the imagination, originality
    or Guts to do it.
    VERY IMPRESSIVE.
     true masters of their craft,
    on every level, well thought
    out Paradigm, GENIUS.
    This isn't the first one they've
    done just the first discovered.
    And they may have meant for it to
    be found? At this point, most common 
    malware detection tools will detect this.)


    Iran can get FUCKED very hard
    if they mishandle this Nuke thing.






    Gerald
    Tactical Internet Systems analyst.