Internet Anthropologist Think Tank: 2/28/10 - 3/7/10

  • Search our BLOG

  • HOME
    Terrorist Names SEARCH:

    Saturday, March 06, 2010

    Terrorist Cyber Attack pending

    Terrorist Cyber Attack pending

    Our Paradigm Intel and OSINT forces have picked up the 
    pieces necessary for a WMD cyber 
    attack from the Terrorists.

    Paradigm Intel

    Proof of concept:

    The Spanish Intel busted:

    The Mariposa botnet.

    Background and sources:

    They were amateurs, next time could be al Qaeda or Iran.

    They bought it from Criminal sources. We suspect RBN, Russian Business Net.

    "The suspects weren't brilliant hackers but had underworld contacts who helped them build and operate the botnet, ...The three suspects were described as Spanish citizens with no criminal records. "

    "The Mariposa botnet, which has been dismantled, was easily one of the world's biggest. It spread to more than 190 countries, according to researchers. It also appears to be far more sophisticated than the botnet that was used to hack into Google Inc. and other companies in the attack that led Google to threaten to pull out of China."

    Dancho Danchev: The  CaaS Economics of criminals selling automated hacker packages, HERE. G )

    They, probably the RBN, ( Russian Business Net ) are selling the hacking technology
    to threaten the WWW and USA interests to amateurs. Terrorists or Iran? 


    "Centcom had a ghost in its machine for 3 days

    in November, the ghost sat there watching everything
    Centcom was doing for 3 days."
    "12 terabytes of data has been downloaded
    in 2007 from the State Dept, DOD, Dept of
    Commerce, Dept of Energy, NSA , etc."someone got into them. 
    Possible someone got into and fired rockets as proof of concept?

    Armatures can buy bot nets capable of penetrating Mil.nets.
    Includes Terrorists or other Nation States, Iran.
    The Mil.nets have been penetrated before,
    This bot net was more advanced than the one that got
    into Google.
    There maybe an indication US weapons were used
    by the " other."

    There is a possibility some one could get into and use US weapons 
    against US targets.
    Maybe even Nukes. 
    Its a question of how safe the Nuclear launch codes are.

    Tactical Internet Systems analyst.

    New Cyber Side Arm, G

    What we do.G

    A ray of light:
    From Jawa comment:
    Not buying that story. Yes, there was a huge botnet. Sure, someone might have got onto a CENTCOM computer. But computers and networks that control weapons systems are not physically connected to the Internet. If they find one that is, someone gets ziptied to a chain link fence and cut to pieces with broken bits of Microsoft Windows CDs. ( So someone at some time has hooked it to the net by accident. What about an inside operative plugging it in on purpose? G )

    The scenario implied can not, to the best of my knowledge, happen. The networks are simply not physically connected. Yes, someone could get a virus on a thumb drive and infect a network, but there would be no way for that network to communicate "back home" as it just isn't connected to the Internet.
    ( unless its a thumb drive 'coming out' in someones pocket, to communicate "back home" G )

    Don't go thinking you are going to get in from the Internet and launch a nuke.

    ( it would be almost impossible to break the launch codes, Hitlers Egnima Mach had over
    7 Trillion variables!!!  G.)
    ( Right they would have to hack into the Comm system and send out the right pass code before
    troops activate. G )

    and was cracked.
    Hope your right.

    Soul of Internet HACKED.g



    Terrorist Names SEARCH:

    Intelligence report 03.06.10

    Intelligence report

    Our BSU's have picked up a lot
    of interest on taking down the 
    Jahid on the Internet.

    A group in Romania
    is quite paranoid 
    about the Jahidies
    loosing ground.
    (Info redacted
    for sec-ops reasons. )


    Iran found a program we
    were using to monitor traffic
    in Iran and removed it.
    We were right about DDOS
    targeted at regime sites, attacks not 
    hurting their back bone.
    We are impressed by the script
    kiddies surveillance.


    We will be posting a BIG important
    report on a threat to the WWW and
    USA later today.

    Internet Anthropologist



    Terrorist Names SEARCH:

    Friday, March 05, 2010

    Interview with Cyber Warrior

    Interview with Cyber Warrior
    The Jester (th3j35t3r)

    A fellow cyber trooper: The Jester (th3j35t3r)
    He has a very interesting cyber side arm.
    A Cyber stun gun.

    I bumped into you on Twitter.
    And we've seen you take down terrorist sites for 30 min to n hour.
    And youv'e been doing this since Jan.

    Your Bio:
    "Bio Hacktivist for good. Obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, oppressive regimes and other general bad guys."

    And I'd like to ask you some questions for my readers.

    Why only 30 min?
    Well the idea of the 30-60 minute downtime here is to force the bad-guys to distrust their own technology. By hitting them randomly for short periods, rather than knocking them out totally, it will sooner or later make these services too unreliable for them to be of any real use to the bad guy.

    Why not 24 hrs or take it down completely?
    This approach is about disruption not destruction, XerXeS could quite happily drop a site (or multiple sites simultaneously) for any period. However, I need to also allow room for any spooks out there to collect intelligence (if any there is anything actionable). It's a big enough arena for us all to play nicely.

    How did you get involved in CT.
    No Comment

    Are you University trained or self taught?
    I am self-taught mainly, I have never found a use for anything I learned on a course in a real world situation. Nothing more to say here G.

    How did you discover this vector?
    I need to be careful here, but basically I was messing around with Web Service Server Hardening stuff, and stumbled across it. I decided to develop it further, into what is now known as XerXeS. Once I realized it's effects I decided to make use of it against the people who recruit your 'homegrown' terrorist. Make no mistake, there is no need for any face-to-face contact now for a jihadi recruiter to zero in on a young muslim in your country and groom him to carry out acts of violent jihad on your own soil. And that goes from initial contact to, support, to providing instructional materials, to prepping and 'arming' the groomed person seconds before the attack. Its all done over the internet.

    And its not bot driven or a DDOS attack?
    Right. No definitely no bots, or Zombie PC's, this can run on a low powered netbook, over a 3G internet connection on your cellphone.

    How do you select what sites to down?
    I get fed possible marks from the general concerned public and other hacktivist types. But I have to be careful, firstly I look at where/who the tip came from, then I verify that the site is actively working to support violent jihad in some way, then I tentativley probe looking for signs of a honeytrap, after that it's weapons hot, weapons away. But to disrupt not destroy. It's the same tactics the any terrorist organization strives for, the death bombs create, is second to the disruption to public services they create.

    Can you target an IP adr?
    Yes, XerXeS treats a raw IP address exactly the same..

    How long can you keep a site down?
    Indefinitley. Actually XerXeS is now more effective, it will take out up to 20 target sites simultaneously all from one box.

    Have you received many death threats?
    I have received a few, but I am not really too concerned with them. I have taken every conceivable measure to protect myself.

    XerXeS is developing into a fully loaded multi-vector attack platform, so if it can't get you via one angle, it will get you via another. Everything from DNS cache poisoning, DOS, to exploiting backend databases like SQL, MySQL, etc. .

    Thanks for answering some of our Qs
    Love your work.

    XerXes Cyber side arm video.


    Tactical Internet Systems analyst.

    Paradigm Intel :
    Its one hell of a Cyber Side Arm.

    Overwatch is looking for signs of any attack.
    and moves to place over watch offensive teams
    in place or  positions against any threat.
    With standing orders for engagement.
    IF XYZ  happens then the response is 
    GHJ, no need to get permission.

    The COW teams have a myriad of responses at their disposal 
    and contacts up stream for backup.
    Their primary offensive capability is the ability to take 
    the threat off line with a cyber side arm.

    UPDATE 12.01.10 jESTER RAIDED:



    Terrorist Names SEARCH:

    USA's Cyber Generals

    USA's Cyber General....
    NSA's Information Assurance Director.
    Dickie George

    Listen to him here, he doesn't lie and has a good handle
    on the Cyber Attacks and threats.
    He's very good.

    At the end he is asked if USA is winning?
    He says were not loosing.
    He didn't say winning.
    I think maybe a tie.
    Sometimes they get in.


    Another Cyber General...

    Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.
    “There is no cyberwar,” Schmidt told in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.
    ( There is no war, just attacks on USA, they can't prove who is attacking.
    If USA knew there might be a Cyber War then. G )
    “I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”
    Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.
    One of his first moves in his new job was to publish an unclassified summary of the country’s 12-point cybersecurity plan, known as the Comprehensive National Cybersecurity Initiative, a move toward transparency that he announced Monday as the keynote speaker at the world’s premier security conference. ( ANY ONE KNOW WHERE i CAN GET A COPY OF THIS 12 POINT PLAN? G )


    The Third Cyber General...
    Mike McConnell

    Much of the authority and the funds under that initiative fell to the National Security Agency, the military’s premier spying agency that also has responsibility for locking down the government’s classified networks. Not surprisingly, McConnell, as DNI, held power over the NSA.
    McConnell rejoined Booz Allen Hamilton, a defense contractor who made more than $4 billion in 2008, mostly in government contracts, including secret ones. A former NSA director, McConnell now servers as the vice president for national security business at Booz Allen Hamilton. It was recently acquired by the powerful and politically connected Carlyle Group,

    The United States must also translate our intent into capabilities. We need to develop an early-warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options -- and we must be able to do this in milliseconds. More specifically, we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment -- who did it, from where, why and what was the result -- more manageable. The technologies are already available from public and private sources and can be further developed if we have the will to build them into our systems and to work with our allies and trading partners so they will do the same.



    So there is a solution to a secure WWW,
    But what we gain in Security
    We give up in Privacy.

    Internet Anthropologist
    Tactical Internet Systems analyst.

    Our Threat Analysis.



    Terrorist Names SEARCH:

    Wednesday, March 03, 2010

    amateur BOT masters

    The Mariposa botnet.
    Run by amateurs, not hackers.


    Authorities have smashed one of the world's biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs.
    The "botnet" of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators.

    The suspects weren't brilliant hackers but had underworld contacts who helped them build and operate the botnet, ...The three suspects were described as Spanish citizens with no criminal records. 

    Authorities identified them by their Internet handles and their ages: "netkairo," 31; "jonyloleante," 30; and "ostiator," 25.

    The Mariposa botnet, which has been dismantled, was easily one of the world's biggest. It spread to more than 190 countries, according to researchers. It also appears to be far more sophisticated than the botnet that was used to hack into Google Inc. and other companies in the attack that led Google to threaten to pull out of China.

    For instance, there have been no busts yet in the spread of the Conficker worm, which infected 3 million to 12 million PCs running Microsoft Corp.'s Windows operating system and caused widespread fear that it could be used as a kind of Internet super weapon. The Conficker botnet is still active, but is closely watched by security researchers. The infected computers have so far been used to make money in ordinary ways, pumping out spam and spreading fake antivirus software.



    This is screaming VECTORS.......


    Big problems.........


    Terrorist Names SEARCH:

    Cyber War misunderstood

    Cyber WAR in the Air?

    There is a lot of confusion about Cyber warfare
    and just what it is.

    His post reveals alot of the Confusion about terms
    and definitions and how and what Cyber War is.

    Cyber war and cyber crime are intertwined.
    You can see how they build on each other.
    Paradigm Intel points to the old
    RBN Bussian Business Net in the
    latest Google intrusion.

    On the Bottom level we have phishers,
    pushing fake security scans and
    fake security software, my last count
    was around 500 sites.

    Then we have the Money launders,
    scamming retailers and Ebay users,

    And we have ID thieves, with key loggers
    and scams to collect credit card info.
    An American has their ID stolen
    every 8 seconds.
    And while credit reporting agencys
    know about and see the ID theft they do nothing,
    unless you pay them $10 a month for every
    family member.
    They see the Mortgage in your 8 year old
    daughters name but they won't tell you about
    it. They see it in all the data they collect about
    you and sell for billions of dollars a year.
    But the credit reporting agencys do not
    have the integrity to tell the people they
    collect credit info on that their ID has
    been stolen.

    The price of stolen IDs have come down
    over the past 10 years because of the
    ease of stealing IDs.

    And then we have hackers doing the Banks
    for hundreds of millions of dollars.

    The FBI just reported the drop in physical
    bank robberies. But the amount of the 
    thefts have rose to new all time highs.

    And a step up from that are the guys that
    walk through the best cyber security 
    in the USA, or any where in the world.

    They walked into Google, ( and our paradigm 
    intel says, Micro soft ) the Department of Defense,
    State Department and thousands of US corporations.

    Just scooped up what they wanted.
    They have even been into the computers of some
    of the Top security vendors.
    Stealing trade secrets and classified info.

    Then we have " deniers" they deny access to
    the Internet, in Georgia their DDos attacks
    blocked people from some Government web sites.

    And a few corporations have have been victims of
    DDOS attacks.

    Now here is where the Bot nets come in,
    Using millions of zombie PCs to send out
    emails to create sales and scams.

    And Bot nets can do DDOS attacks also.
    Which brings us to the Biggest Bot net.
    Cornfliker, which the top minds in USA
    has been working against for a year now.
    And its still there.

    Bots have it easy on the WWW as
    Micro Soft refused to up date
    illegal OS, where most bots live.

    Confliker maybe big enough to attack the 
    13 internet nodes with forms of a DDOS
    attacks to actually bring the WWW 
    While that would not be the goal of most
    state actors it might be the goal of terrorist
    and a few suicidal state nations.

    And one of the goals in a cyber war would
    be to cut off the other guy from the WWW 
    while leaving it up for the Rest of the world.

    Or in defensive mode to take threats off the
    net, crashing them or blocking them from

    Currently the terrorist top hackers are 
    under close observation and don't
    pose a threat, but at some point

    The terrorist are diligent working on acquiring
    significant  hacking capabilities.
    Our BSU's see indications of it daily.

    The law of unintended consequences 
    will play a big part in Cyber Warfare.

    No one is sure how far into the worlds
    infrastructures and cultures a shut down
    of the WWW will extend.

    We are just not certain.

    To review :
    There is NO privacy on the web,
    However you may be able to hide among the
    millions of surfers.

    Every one is running NAKED.
    There is no absolute security.

    The technology exists to bring
    down the WWW.
    And keep it down.

    The credit reporting agencys
    are allowing financial rape of
    the people they collect info on.

    No one can tell who is attacking 
    and they can be, and remain invisible.

    You have not been safe
    and are not safe on the
    WWW now.
    Attacks are  no longer targeted but are automated and target every thing.

    An unremovable invisible rootkit, with stealth backdoors,
    reading and copying everything.

    Internet Anthropologist
    Tactical Internet Systems analyst.
    ( If I had $20 thousand I could move that
    comprehension from Tactical to Strategic .G )