[SecurityRatty] tag: army

DTrace: The Reverse Engineer's Unexpected Swiss Army Knife

Thu, 14 Aug 2008 14:42:04 +0000

David Weston is a security engineer at Science Applications International Corporation. In this video, made at Black Hat Europe, David illustrates his research related to DTrace. Created by SUN and ori...

Who's Behind the Georgia Cyber Attacks?

Thu, 14 Aug 2008 06:16:34 +0000

Of course the Klingons did it, or you were naive enough to even think for a second that Russians were behind it at the first place? Of the things I hate most, it's lowering down the quality of the discussion I hate the most. Even if you're excluding all the factual evidence (Coordinated Russia vs Georgia cyber attack in progress), common sense must prevail.

Sometimes, the degree of incompetence can in fact be pretty entertaining, and greatly explains why certain countries are lacking behind others with years in their inability to understand the rules of information warfare, or the basic premise of unrestricted warfare, that there are no rules on how to achieve your objectives.

So who's behind the Georgia cyber attacks, encompassing of plain simple ping floods, web site defacements, to sustained DDoS attacks, which no matter the fact that Geogia has switched hosting location to the U.S remain ongoing? It's Russia's self-mobilizing cyber militia, the product of a collectivist society having the capacity to wage cyber wars and literally dictating the rhythm in this space. What is militia anyway :

"civilians trained as soldiers but not part of the regular army; the entire body of physically fit civilians eligible by law for military service; a military force composed of ordinary citizens to provide defense, emergency law enforcement, or paramilitary service, in times of emergency; without being paid a regular salary or committed to a fixed term of service; an army of trained civilians, which may be an official reserve army, called upon in time of need; the national police force of a country; the entire able-bodied population of a state; or a private force, not under government control; An army or paramilitary group comprised of citizens to serve in times of emergency"

Next to the "blame the Russian Business Network for the lack of large scale implementation of DNSSEC" mentality, certain news articles also try to wrongly imply that there's no Russian connection in these attacks, and that the attacks are not "state-sponsored", making it look like that there should be a considerable amount of investment made into these attacks, and that the Russian government has the final word on whether or not its DDoS capabilities empowered citizens should launch any attacks or not. In reality, the only thing the Russian government was asking itself during these attacks was "why didn't they start the attacks earlier?!".

Thankfully, there are some visionary folks out there understanding the situation. Last year, I asked the following question - What is the most realistic scenario on what exactly happened in the recent DDoS attacks aimed at Estonia, from your point of view? and some of the possible answers still fully apply in this situation :

- It was a Russian government-sponsored hacktivism, or shall we say a government-tolerated one

- Too much media hype over a sustained ICMP flood, given the publicly obtained statistics of the network traffic

- Certain individuals of the collectivist Russian society, botnet masters for instance, were automatically recruited based on a nationalism sentiments so that they basically forwarded some of their bandwidth to key web servers

- In order to generate more noise, DIY DoS tools were distributed to the masses so that no one would ever know who's really behind the attacks

- Don't know who did it, but I can assure you my kid was playing !synflood at that time

- Offended by the not so well coordinated removal of the Soviet statue, Russian oligarchs felt the need to send back a signal but naturally lacking any DDoS capabilities, basically outsourced the DDoS attacks

- A foreign intelligence agency twisting the reality and engineering cyber warfare tensions did it, while taking advantage of the momentum and the overall public perception that noone else but the affected Russia could be behind the attacks

- I hate scenario building, reminds me of my academic years, however, yours are pretty good which doesn't necessarily mean I actually care who did it, and pssst - it's not cyberwar, as in cyberwar you have two parties with virtual engagement points, in this case it was bandwidth domination by whoever did it over the other. A virtual shock and awe

- I stopped following the news story by the time every reporter dubbed it the first cyber war, and started following it again when the word hacktivism started gaining popularity. So, hacktivists did it to virtually state their political preferences

Departamental cyber warfare would never reach the flexibity state of people's information warfare where everyone is a cyber warrior given he's empowered with access to the right tools at a particular moment in time.

Related posts:
People's Information Warfare Concept
Combating Unrestricted Warfare
The Cyber Storm II Cyber Exercise
Chinese Hacktivists Waging People's Information Warfare Against CNN
The DDoS Attacks Against CNN.com
China's Cyber Espionage Ambitions
North Korea's Cyber Warfare Unit 121

Chinese Hackers Attacking U.S Department of Defense Networks

Electronic Jihad v3.0 - What Cyber Jihad Isn't

Electronic Jihad's Targets List

Teaching Cyber Jihadists How to Hack

Empowering the Script Kiddies

OSINT Through Botnets

Corporate Espionage Through Botnets

Malware Infected Hosts as Stepping Stones

Hacktivism Tensions - Israel vs Palestine Cyberwars

The Current, Emerging, and Future State of Hacktivism

Internet PSYOPS - Psychological Operations

Soldiers Receive All-in-One Nonlethal Warfare Kit

Fri, 08 Aug 2008 10:45:00 +0000

There are many ways to skin a cat without killing him, apparently, as the U.S. Army demonstrates with an array of new, nonlethal weapons designed for everything from checkpoint control to quelling rioters.

Anthrax Scientist Kills Self as Feds Close In

Fri, 01 Aug 2008 10:40:00 +0000

An Army microbiologist, who U.S. officials believe was responsible for the 2001 anthrax attacks that killed five people, has apparently committed suicide just as prosecutors were getting ready to arrest him.

How to Do Business With a Blacklisted Russian Weapons Company

Mon, 28 Jul 2008 13:16:00 +0000

The U.S. Army indirectly handed out $325 million to the blacklisted Russian weapons agency to buy nearly two dozen Russian Mi-17 helicopters for the Iraq war. Did officials knowingly violate government sanctions?

Did the U.S. Army Arrange a 'Sweetheart' Deal to Sell Russian Helicopters to Iraq?

Fri, 25 Jul 2008 08:00:00 +0000

Earlier this year, the Defense Department quietly gave a U.S. company a contract to provide 22 new Russian-made Mi-17 troop transport helicopters to the Iraqi military in a deal worth an eye-brow raising $325 million, DANGER ROOM learns.

Washington Post Comments on Terrorist Plots

Fri, 25 Jul 2008 02:48:10 +0000

From this article, published last April:

Batiste confided, somewhat fantastically, that he wanted to blow up the Sears Tower in Chicago, which would then fall into a nearby prison, freeing Muslim prisoners who would become the core of his Moorish army. With them, he would establish his own country.

Somewhat fantastically? What would the Washington Post consider to be truly fantastic? A plan involving Godzilla? Clearly they have some very high standards.

I'm sick of people taking these idiots seriously. This plot is beyond fantastic, it's delusional.

On Government Employees, Culture, and Survivability

Mon, 21 Jul 2008 09:46:05 +0000

A couple of months before I was activated and went to Afghanistan, I got a briefing from a Special Forces NCO who had done multiple tours in the desert. One thing he said still sticks in my mind (obviously paraphrased):

“The Afghanis, they live in mud huts, they don’t have electricity, they are stick-people weighing 85 lbs, and to say that we could bomb them into the stone age would be an advancement in their technology level. But never underestimate these people, they’re survivors. They’ve survived 35 years of warfare, starting with the Soviets, then they fought a civil war before we arrived on the scene. Never underestimate their ability to survive, and have respect for them because of who they are.”

Today, I feel the same way about government employees, even more so because it’s an election year: they’re survivors.

Now time for what I see is the “real” reason why the government is doing badly (if that’s what you believe–opinions differ) at security: it’s all an issue of culture. I have a friend who converted a year ago to a GS-scale employee and took a class on what motivates government employees. Some of these are obvious:

Pride at making a difference
Helping people
Supporting a cause
Gaining unique experience on a global-class scope
Job stability
Retirement benefits

And one thing is noticeably absent: better pay and personal recognition. Hey, sounds like me in the army.

The Companion Family Plan for Survival at Home photo by Uh … Bob.

Now I’m not trying to stereotype, but you need to know the organizational behavior pieces to understand how government security works. And in this case, the typical government employee is about as survival-aware as their Afghani counterpart.

Best advice I ever heard from a public policy wonk: the key to survival in this town is to influence everything you can get your hands on and never have your name actually written on anything.

In other words, don’t criticize, be nice to everybody even though you think they are a jerk, and avoid saying anything at all because you never know when it will be contrary to the political scene. The Government culture is a silent culture. That’s why every day amazing things happen to promote security in the Government and you’ll never hear about it on the outside.

One of the reasons that I started blogging was to counter the naysayers who say that FISMA is failing and that the Government would succeed if they would just buy their product for technical policy compliance or end-to-end encryption. Sadly, the true heroes in Government, the people who just do their job every day and try to survive a hostile political environment, are giving credit to the critics because of their silence.

Which brings me to my point:

Yes, my name is Rybolov and I’m a heretic, but this is the secret to security in the Government: it’s cultural at all layers of the personnel stack. Security (and innovation, now that I think about it) needs a culture of openness where it’s allowable to make mistakes and/or criticize. Doesn’t sound like any government–local, state, or federal–that I’ve ever seen. However, if you fix the culture, you fix the security.

Bookmark to:

The Langley Files

Sun, 20 Jul 2008 20:00:00 +0000

The Central Intelligence Agency doesn't like to talk about its mistakes. It's not just embarrassing, but officials believe exposing details about how an operation went wrong reveals too much about how it captures enemy secrets. But published statements and news reports suggest one recent error-the U.S. bombing of the Chinese embassy in Belgrade during the Kosovo war last year, which killed three and injured 20-happened in part because CIA officers targeted what they thought was a Yugoslav Army warehouse based on outdated maps, and others failed to catch the mistake before the proposal was passed to the military.

The Ayyildiz Turkish Hacking Group VS Everyone

Fri, 18 Jul 2008 01:48:38 +0000

Certain hacktivist groups often come and go by the time the momentum of their particular cause is long gone. Excluding the hardcore hacktivists who are obliged to defend their country's infrastructure and reputation on the international scene, smart enough to do on one front, there are certain hacktivist groups who ensure their future existence by declaring war and every single country that has ever made statements in contradiction with their vision. Quite a stimulating factor for ensuring the future of your script kiddies group, isn't it?

One of these groups is the AYYILDIZ TEAM, a group of Turkish script kiddies who've been pretty active as of recently, targeting everyone, everywhere, leaving statements like the following :

"Me, as AYT-Admin Barbaros, swear to everything which is lovely and holy to me, that you will pay for your actions. We, AYT, as a Cyber Attacking Army will make it sure. Read right, what will we do:

* The government websites will be inaccessible an all lawsuits will be manipulated
* We will infiltrate the server of inland revenues for the manipulation of the data which are there.
* At the same time we will insist into the server of banks and will care for chaos
* Websites of the press will be extinguished.
* If the offence of our prophet (s.a.v.) called your press freedom, we will show you this press freedom
* Websites of divers shops will be hacked. Databank information's and the dates which are there, for example credit card dates, will be policed in this page. (Don't worry, we wouldn't taste one cent of your moneys, we aren't thieves like you. However we don't take care of what happens, if other hackers see this dates and empty your account)"

While this may sound inspiring, some of the group's members are also involved in SQL injections in between the web site defacements, which are naturally done by exploiting web application vulnerabilities. For instance, right after the defacement messages, they are also injecting the following fast-fluxed domains, part of the latest wave of SQL injections attacks.

bkpadd.mobi /ngg.js
usaadw.com /ngg.js
cliprts.com /ngg.js

They are monetizing their defacements by either compiling lists of sites known to be SQL injectable since they've managed to defaced them, then reselling these to the SQL injectors, or are in fact part of the whole process in this scammy ecosystem. Speaking of SQL injections, here's the most recent list of fast-fluxed SQL injected domains participating in the last wave that I've been keeping track of for a while :

pyttco .com/ngg.js
butdrv .com/ngg.js
gitporg .com/ngg.js
brcporb .ru/ngg.js
korfd .ru/ngg.js
adwnetw .com/ngg.js
wowofmusiopl .com.cn/456.js
adwbn .ru/ngg.js
btoperc .ru/ngg.js
nudk .ru/ngg.js
bkpadd .mobi/ngg.js
cliprts .com/ngg.js
adwr .ru/ngg.js
bnrc .ru/ngg.js
adpzo .com/ngg.js
iogp .ru/ngg.js
lodse .ru/ngg.js
usabnr .com/ngg.js
vcre .ru/ngg.js
sdkj .ru/ngg.js
rcdplc .ru/ngg.js
7maigol .cn/ri.js
j8heisi .cn/ri.js
usaadp .com/ngg.js
gbradp .com/ngg.js
cdrpoex .com/ngg.js
rrcs .ru/ngg.js
gbradw .com/ngg.js
hiwowpp .cn/ri.js
cdport .eu/ngg.js
nopcls .com/ngg.js
loopadd .com/ngg.js
tertad .mobi/ngg.js
gbradde .tk/ngg.js
tctcow .com/ngg.js
ausbnr .com/ngg.js
movaddw .com/ngg.js
grtsel .ru/ngg.js
sslwer .ru/ngg.js
destad .mobi/ngg.js
hdrcom .com/ngg.js
addrl .com/ngg.js
porttw .mobi/ngg.js
bnsdrv .com/ngg.js
drvadw .com/ngg.js
crtbond .com/ngg.js
usaadw .com/ngg.js

What used to be plain simple cooperating among every single participant in the underground marketplace, seems to be evolving into long-term business relationships.

Related posts:
Monetizing Compromised Web Sites
Monetizing Web Site Defacements
Underground Multitasking in Action
Right Wing Israeli Hackers Deface Hamas's Site
Pro-Serbian Hacktivists Attacking Albanian Web Sites
The Rise of Kosovo Defacement Groups
A Commercial Web Site Defacement Tool
Phishing Tactics Evolving
Web Site Defacement Groups Going Phishing
Hacktivism Tensions
Hacktivism Tensions - Israel vs Palestine Cyberwars
Mass Defacement by Turkish Hacktivists
Overperforming Turkish Hacktivists