[SecurityRatty] tag: tensions

The DDoS Attack Against Bobbear.co.uk

Wed, 19 Nov 2008 05:35:01 +0000

When you get the "privilage" of getting DDoS-ed by a high profile DDoS for hire service used primarily by cybercriminals attacking other cybercriminals, you're officially doing hell of a good job exposing money laundering scams.

The attached screenshot demonstrates how even the relatively more sophisticated countersurveillance approaches taken by a high profile DDoS for hire service can be, and were in fact bypassed, ending up in a real-time peek at how they've dedicated 4 out of their 10 BlackEnergy botnets to Bobbear exclusively.

Perhaps for the first time ever, I come across a related DoS service offered by the very same vendor - insider sabotage on demand given they have their own people in a particular company/ISP in question. Makes you think twice before considering a minor network glitch what could easily turn into a coordinated insider attack requested by a third-party. Moreover, now that I've also established the connection between this DDoS for hire service and one of the command and control locations (all active and online) of one of the botnets used in the Russia vs Georgia cyberattack, the concept of engineering cyber warfare tensions once again proves to be a fully realistic one.

Related posts:
A U.S military botnet in the works
DDoS Attack Graphs from Russia vs Georgia's Cyberattacks
Botnet on Demand Service
OSINT Through Botnets
Corporate Espionage Through Botnets
The DDoS Attack Against CNN.com
A New DDoS Malware Kit in the Wild
Electronic Jihad v3.0 - What Cyber Jihad Isn't

Who's Behind the Georgia Cyber Attacks?

Thu, 14 Aug 2008 06:16:34 +0000

Of course the Klingons did it, or you were naive enough to even think for a second that Russians were behind it at the first place? Of the things I hate most, it's lowering down the quality of the discussion I hate the most. Even if you're excluding all the factual evidence (Coordinated Russia vs Georgia cyber attack in progress), common sense must prevail.

Sometimes, the degree of incompetence can in fact be pretty entertaining, and greatly explains why certain countries are lacking behind others with years in their inability to understand the rules of information warfare, or the basic premise of unrestricted warfare, that there are no rules on how to achieve your objectives.

So who's behind the Georgia cyber attacks, encompassing of plain simple ping floods, web site defacements, to sustained DDoS attacks, which no matter the fact that Geogia has switched hosting location to the U.S remain ongoing? It's Russia's self-mobilizing cyber militia, the product of a collectivist society having the capacity to wage cyber wars and literally dictating the rhythm in this space. What is militia anyway :

"civilians trained as soldiers but not part of the regular army; the entire body of physically fit civilians eligible by law for military service; a military force composed of ordinary citizens to provide defense, emergency law enforcement, or paramilitary service, in times of emergency; without being paid a regular salary or committed to a fixed term of service; an army of trained civilians, which may be an official reserve army, called upon in time of need; the national police force of a country; the entire able-bodied population of a state; or a private force, not under government control; An army or paramilitary group comprised of citizens to serve in times of emergency"

Next to the "blame the Russian Business Network for the lack of large scale implementation of DNSSEC" mentality, certain news articles also try to wrongly imply that there's no Russian connection in these attacks, and that the attacks are not "state-sponsored", making it look like that there should be a considerable amount of investment made into these attacks, and that the Russian government has the final word on whether or not its DDoS capabilities empowered citizens should launch any attacks or not. In reality, the only thing the Russian government was asking itself during these attacks was "why didn't they start the attacks earlier?!".

Thankfully, there are some visionary folks out there understanding the situation. Last year, I asked the following question - What is the most realistic scenario on what exactly happened in the recent DDoS attacks aimed at Estonia, from your point of view? and some of the possible answers still fully apply in this situation :

- It was a Russian government-sponsored hacktivism, or shall we say a government-tolerated one

- Too much media hype over a sustained ICMP flood, given the publicly obtained statistics of the network traffic

- Certain individuals of the collectivist Russian society, botnet masters for instance, were automatically recruited based on a nationalism sentiments so that they basically forwarded some of their bandwidth to key web servers

- In order to generate more noise, DIY DoS tools were distributed to the masses so that no one would ever know who's really behind the attacks

- Don't know who did it, but I can assure you my kid was playing !synflood at that time

- Offended by the not so well coordinated removal of the Soviet statue, Russian oligarchs felt the need to send back a signal but naturally lacking any DDoS capabilities, basically outsourced the DDoS attacks

- A foreign intelligence agency twisting the reality and engineering cyber warfare tensions did it, while taking advantage of the momentum and the overall public perception that noone else but the affected Russia could be behind the attacks

- I hate scenario building, reminds me of my academic years, however, yours are pretty good which doesn't necessarily mean I actually care who did it, and pssst - it's not cyberwar, as in cyberwar you have two parties with virtual engagement points, in this case it was bandwidth domination by whoever did it over the other. A virtual shock and awe

- I stopped following the news story by the time every reporter dubbed it the first cyber war, and started following it again when the word hacktivism started gaining popularity. So, hacktivists did it to virtually state their political preferences

Departamental cyber warfare would never reach the flexibity state of people's information warfare where everyone is a cyber warrior given he's empowered with access to the right tools at a particular moment in time.

Related posts:
People's Information Warfare Concept
Combating Unrestricted Warfare
The Cyber Storm II Cyber Exercise
Chinese Hacktivists Waging People's Information Warfare Against CNN
The DDoS Attacks Against CNN.com
China's Cyber Espionage Ambitions
North Korea's Cyber Warfare Unit 121

Chinese Hackers Attacking U.S Department of Defense Networks

Electronic Jihad v3.0 - What Cyber Jihad Isn't

Electronic Jihad's Targets List

Teaching Cyber Jihadists How to Hack

Empowering the Script Kiddies

OSINT Through Botnets

Corporate Espionage Through Botnets

Malware Infected Hosts as Stepping Stones

Hacktivism Tensions - Israel vs Palestine Cyberwars

The Current, Emerging, and Future State of Hacktivism

Internet PSYOPS - Psychological Operations

Coordinated Cyber Attacks Hit Websites Due To Russian-Georgian Conflict

Tue, 12 Aug 2008 11:05:04 +0000

Conflict between Georgia and Russia on the ground has been accompanied by the relaunch of cyber-attacks against Georgian government websites. The Georgian presidential (www.president.gov.ge) and other government websites (such as www.parliament.ge) were left inaccessible by assaults over the weekend, in a repeat of attacks in late July before tensions over the breakaway region of South [...]

The Ayyildiz Turkish Hacking Group VS Everyone

Fri, 18 Jul 2008 01:48:38 +0000

Certain hacktivist groups often come and go by the time the momentum of their particular cause is long gone. Excluding the hardcore hacktivists who are obliged to defend their country's infrastructure and reputation on the international scene, smart enough to do on one front, there are certain hacktivist groups who ensure their future existence by declaring war and every single country that has ever made statements in contradiction with their vision. Quite a stimulating factor for ensuring the future of your script kiddies group, isn't it?

One of these groups is the AYYILDIZ TEAM, a group of Turkish script kiddies who've been pretty active as of recently, targeting everyone, everywhere, leaving statements like the following :

"Me, as AYT-Admin Barbaros, swear to everything which is lovely and holy to me, that you will pay for your actions. We, AYT, as a Cyber Attacking Army will make it sure. Read right, what will we do:

* The government websites will be inaccessible an all lawsuits will be manipulated
* We will infiltrate the server of inland revenues for the manipulation of the data which are there.
* At the same time we will insist into the server of banks and will care for chaos
* Websites of the press will be extinguished.
* If the offence of our prophet (s.a.v.) called your press freedom, we will show you this press freedom
* Websites of divers shops will be hacked. Databank information's and the dates which are there, for example credit card dates, will be policed in this page. (Don't worry, we wouldn't taste one cent of your moneys, we aren't thieves like you. However we don't take care of what happens, if other hackers see this dates and empty your account)"

While this may sound inspiring, some of the group's members are also involved in SQL injections in between the web site defacements, which are naturally done by exploiting web application vulnerabilities. For instance, right after the defacement messages, they are also injecting the following fast-fluxed domains, part of the latest wave of SQL injections attacks.

bkpadd.mobi /ngg.js
usaadw.com /ngg.js
cliprts.com /ngg.js

They are monetizing their defacements by either compiling lists of sites known to be SQL injectable since they've managed to defaced them, then reselling these to the SQL injectors, or are in fact part of the whole process in this scammy ecosystem. Speaking of SQL injections, here's the most recent list of fast-fluxed SQL injected domains participating in the last wave that I've been keeping track of for a while :

pyttco .com/ngg.js
butdrv .com/ngg.js
gitporg .com/ngg.js
brcporb .ru/ngg.js
korfd .ru/ngg.js
adwnetw .com/ngg.js
wowofmusiopl .com.cn/456.js
adwbn .ru/ngg.js
btoperc .ru/ngg.js
nudk .ru/ngg.js
bkpadd .mobi/ngg.js
cliprts .com/ngg.js
adwr .ru/ngg.js
bnrc .ru/ngg.js
adpzo .com/ngg.js
iogp .ru/ngg.js
lodse .ru/ngg.js
usabnr .com/ngg.js
vcre .ru/ngg.js
sdkj .ru/ngg.js
rcdplc .ru/ngg.js
7maigol .cn/ri.js
j8heisi .cn/ri.js
usaadp .com/ngg.js
gbradp .com/ngg.js
cdrpoex .com/ngg.js
rrcs .ru/ngg.js
gbradw .com/ngg.js
hiwowpp .cn/ri.js
cdport .eu/ngg.js
nopcls .com/ngg.js
loopadd .com/ngg.js
tertad .mobi/ngg.js
gbradde .tk/ngg.js
tctcow .com/ngg.js
ausbnr .com/ngg.js
movaddw .com/ngg.js
grtsel .ru/ngg.js
sslwer .ru/ngg.js
destad .mobi/ngg.js
hdrcom .com/ngg.js
addrl .com/ngg.js
porttw .mobi/ngg.js
bnsdrv .com/ngg.js
drvadw .com/ngg.js
crtbond .com/ngg.js
usaadw .com/ngg.js

What used to be plain simple cooperating among every single participant in the underground marketplace, seems to be evolving into long-term business relationships.

Related posts:
Monetizing Compromised Web Sites
Monetizing Web Site Defacements
Underground Multitasking in Action
Right Wing Israeli Hackers Deface Hamas's Site
Pro-Serbian Hacktivists Attacking Albanian Web Sites
The Rise of Kosovo Defacement Groups
A Commercial Web Site Defacement Tool
Phishing Tactics Evolving
Web Site Defacement Groups Going Phishing
Hacktivism Tensions
Hacktivism Tensions - Israel vs Palestine Cyberwars
Mass Defacement by Turkish Hacktivists
Overperforming Turkish Hacktivists

Links List 7.11.08

Fri, 11 Jul 2008 19:48:16 +0000

The big news this week is of course Diane Greene’s surprising ousting as CEO of virtualization giant VMware. There was a lot of speculation about the reasoning behind this decision – from stock prices dropping for VMware and parent EMC to fighting Microsoft with Microsoft (new CEO Paul Maritz is an old MS exec) to tensions between VMware and EMC (communications, culture, tie-in to EMC storage/sales) to a possible cloud computing future for VMware that Maritz is better positioned to drive.

But in the end, it seems like Tucci didn’t have faith that Greene had the chops to run the successfully growing company anymore. So she could build it to the stature it has now but just as MS comes out of the gates, all of a sudden she’s no good? Boy, I can’t wait for Greene’s book on this. CEOs, take heed – don’t be too successful or the board will fire you. (Or alternatively don’t let the guy who doesn’t like you stack the board!)

So where does VMware go from here? Rachel Chalmers, Research Director for Infrastructure Management at The 451 Group, places a bet on cloud computing – saying that VMware plans to offer a new suite of cloud computing at the next VMworld Conference. And here’s a nice piece on the Burton Group’s Data Center Strategies Blog that suggests another multi-pronged winning strategy.

Oh no. The virtualization management space, if it didn’t before, is beginning to remind me of the Internet boom time when everyone and their brother (literally, ask me about it sometime) got into the act. Introducing, DynamicOps and their product, Virtual Resource Manager (VRM). The two-week old company and product are spinouts from Credit Suisse, where the original solution was home-grown and in production for more than 2 years, managing thousands of virtual machines. I’m really interested in taking a closer look at it and seeing just what VRM does differently to meet the unique requirements of virtualization management at such a scale.

Forrester Research released a research report on “the Five Essential Metrics for Managing IT.” The study relates the “Operational Health” metric to the measuring of IT failures. Dave will be happy to note that the report uses one of his favorite phrases – talking about the “dial-tone reliability of IT services”.

ShareThis

Lithuania Attacked by Russian Hacktivists, 300 Sites Defaced

Sun, 06 Jul 2008 21:19:13 +0000

Last week's mass defacement of over 300 Lithuanian sites hosted on the same ISP, an upcoming attack that was largely anticipated due to the on purposely escalated online tensions out of Lithuan's accepted legislation banning communist symbols across the counry, once again demonstrates information warfare building capabilities in action.

Moreover, the attack is again relying on common prerequisites for a successful information warfare campaign, used in the Russia vs Estonia cyberattack last year. These very same Internet PSYOPS tactics ensure the success of the information warfare as a whole :

- start publicly justifying upcoming attacks based on nationalism sentions, which in a bandwidth empowered (botnets) collectivist society ensures a decent degree of cyber mobilization. In Lithuania's case, the discussions across web forums were on purposely escalated to the point where "if you don't take action, you're not loyal to your country"

- the media as the battleground for winning the hears and minds of the bandwidth empowered botnet masters, and position the insult against loyal nationalists next to the daily basis, thereby putting the nationalists in a "stand by" mode prompting them to take actions and to break even. In Estonia's case for instance, news broadcasts of the riots on the streets were on purposely broadcast as often as possible, mostly emphasizing on the nationalist sentiments within the crowds

- prioritizing the attack targets, distributing the targets list and ensuring the coordination in terms of the exact time and data for the attacks to take place is something that didn't happen in the public domain for the mass defacement of Lithuanian sites, the way it happened in the Estonia attack

- utilizing a people's information warfare tactic known as the malicious culture of participation, when everyone's consciously contributing bandwidth to be used/abused by those coordinating the attacks

Also, it's important to point out that by the time they announced their ambitions to attack Lithuania and other countries such as Latvia, Ukraine, and again Estonian sites, they literally put these countries in a "stay tune" mode. Here's a translated statement :

"All the hackers of the country have decided to unite, to counter the impudent actions of Western superpowers. We are fed up with NATO's encroachment on our motherland, we have had enough of Ukrainian politicians who have forgotten their nation and only think about their own interests. And we are fed up with Estonian government institutions that blatantly re-write history and support fascism," says the appeal that is being circulated on Russian Internet forums."

But why did they signalled their intentions, compared to keeping them quiet and attack Lithuania surprisingly? Another relevant use of PSYOPS, namely the biased exclusiveness and keeping a non-existent status bar for the upcoming attacks. And since they can launch a coordinated attack at the country at any time without warning about it, this warning was aiming to cause confusion prompting country officials to make public statements that could later on be analyzed and a better attack strategy formed on the basis of what they said they've done to ensure the attacks don't succeed.

If they did launch DDoS attacks compared to defacing over 300 sites hosted on a single ISP, and had warned about the upcoming attacks about a week earlier, successfully shutting down the country's Internet infrastructure would have achieved a double effect, since they did warn them about the attacks, and despite that they countries couldn't prepate to fight back even though fighting back was futile right from the very beginning.

At least, that's the level of confidence they've build into capabilities.

Related posts:
Right Wing Israeli Hackers Deface Hamas's Site
Monetizing Web Site Defacements
Pro-Serbian Hacktivists Attacking Albanian Web Sites
The Rise of Kosovo Defacement Groups
A Commercial Web Site Defacement Tool
Phishing Tactics Evolving
Web Site Defacement Groups Going Phishing
Hacktivism Tensions
Hacktivism Tensions - Israel vs Palestine Cyberwars
Mass Defacement by Turkish Hacktivists
Overperforming Turkish Hacktivists

Right Wing Israeli Hackers Deface Hamas's Site

Thu, 26 Jun 2008 11:36:44 +0000

Compared to historical hacktivism tensions between different nations, Israeli and Palestinian hacktivists seem to be most sensitive to "virtual fire exchange" like this one, and consequently, just like in real-life, always look and find for an excuse to engage in a conflict. Israeli hackers penetrate Hamas website :

"Israeli hackers boasted Thursday about breaking into the website of Izz al-Din al-Qassam, Hamas’ military wing, which now displays a white screen and words in Arabic announcing technical difficulties. The hacker group, which calls itself Fanat al-Radical (the fanatical radicals), also said that it broke into additional terror organizations’ sites and those of various leftist movements. In a Ynet interview, a group representative who refused to reveal his name said, “We searched for relevant sites with the criteria we look for, whether leftist or anti-Zionist, and looked for loopholes. Our emphasis was always on the al-Qassam site. "The criteria are defined as anti-Zionist or anti-Jewish sites that support or assist in harming Zionism and the existence of Israel as a Zionistic, Jewish state."

The message they left :

"Hacked by XcxooXL and FENiX from Fanat Al Radical Greets: Sn4k3 Contact: Fanat.al.Radical@gmail.com "

These script kiddies using SQL injection vulnerabilities within the affected sites, since they indeed managed to deface several other as well, seem to have also participated in the 2006 cyber conflict sparkled due to the the kidnapping of three soldiers. One of their defacements remains still active (aviv.perffect-x.net/deface.html)

"We will stand against the Islam until the kidnapped soldiers, Gilad Shalit, Eldad Regev and Ehod Goldvaser will be return, We will attack arabic servers and site which support the Islam and protest against the zionism"

What if every script kiddie with a SQL injection scanners goes into politics? It's a mess already.

Related posts:
Monetizing Web Site Defacements
Pro-Serbian Hacktivists Attacking Albanian Web Sites
The Rise of Kosovo Defacement Groups
A Commercial Web Site Defacement Tool
Phishing Tactics Evolving
Web Site Defacement Groups Going Phishing
Hacktivism Tensions
Hacktivism Tensions - Israel vs Palestine Cyberwars
Mass Defacement by Turkish Hacktivists
Overperforming Turkish Hacktivists

Monetizing Web Site Defacements

Fri, 13 Jun 2008 07:54:20 +0000

What used to be a harmless web site defacements back in the old school days, is today's ongoing monetization of defaced web sites, a logical development given the consolidation between different underground parties, evidence of which can be seen in the majority of incidents I've been analyzing recently.

The Africa Middle Market Fund' site is the latest example of a web site defacer is abusing the access to the web server to generate and locally host blackhat SEO pages, which when once access only by searching for the keywords and consequently returning 404 if traffic isn't coming from a search engine, redirect to known rogue security software, in this case, the XP antivirus protection (securityscannersite.com) which you must be familiar with if you were following the assessments of the massive IFRAME SEO poisoning attacks that took place during March this year. More about the found :

"The Africa Middle Market Fund is a private capital fund that invests in small and medium sized African businesses who need from $500,000 up to $2 million to grow and succeed to their full potential. We are a "double bottom-line" or "impact investment" fund, meaning that we care equally about financial performance and social benefit. We are for-profit and insist on our investees employing world standards of financial and business management to maximize their chances of success"

Most of the outgoing links from a sample of over 50 blackhat SEO pages at the site point to 23search.org, which is an invitation-only affiliate based network for traffic exchange, connecting different malicious parties together :

"What is this site? This site helps webmasters to earn money with their sites. How it works? Our program generate traffic from search engines and display advertising. What shell I do to start with you? Signup, get php file from member area, put file into your website directory, modify or create .htaccess in the same directory, and receive money!"

The session is then redirected to drivemedirect.com/soft.php?aid=0195&d=3&product=XPA, as well as to drivemedirect.com/soft.php?aid=0263&d=2&product=XPC to ultimately redirect the user to online-xpcleaner.com/2/freescan.php?aid=880263

Moreover, the majority of blackhat SEO campaigns are also starting to apply evasive techniques to make it harder to analyze them. In this particular campaign for instance, only traffic comming from search engines would get the chance to see the SEO page due to the use of document.referrer tags. Here are some sample monitization practices from what I've seen between the lines of recently defaced sites :

- installing web backdoors and reselling the access to phishers, spammers and malware authors who would have full control over the content, and can therefore do whatever they to with the web server

- installing web based spamming tools that later on will be either used directly by the defacers, or access to the tools sold to those interested in using them

- participating in an affiliate based blackhat SEO networks, where revenue coming of the victims who installed the rogue software is shared among the defacer and the affiliate based network, which doesn't really care how and where is all the traffic coming from

- forwarding the responsibility of hosting phishing pages to the legitimate site by hosting them locally in between sending the phishing emails again using the same host

- selling the access by promoting it based on its page rank

Web site defacements in times when traffic suppliers are efficiently coordinating campaigns with traffic seekers, will mature into a tool for providing malicious infrastructure on demand, just like botnets did. Then again, the endless possibilities provided by insecure web applications are already blurring the lines between web site defacements and SQL injections.

Related posts:
Pro-Serbian Hacktivists Attacking Albanian Web Sites
The Rise of Kosovo Defacement Groups
A Commercial Web Site Defacement Tool
Phishing Tactics Evolving
Web Site Defacement Groups Going Phishing

Hacktivism Tensions

Hacktivism Tensions - Israel vs Palestine Cyberwars

Mass Defacement by Turkish Hacktivists

Overperforming Turkish Hacktivists
Blackhat SEO Campaign at The Millennium Challenge Corporation
Massive IFRAME SEO Poisoning Attack Continuing
Massive Blackhat SEO Targeting Blogspot
The Invisible Blackhat SEO Campaign
Attack of the SEO Bots on the .EDU Domain
p0rn.gov - The Ongoing Blackhat SEO Operation
The Continuing .Gov Blackat SEO Campaign
The Continuing .Gov Blackhat SEO Campaign - Part Two
Compromised Sites Serving Malware and Spam

Pro-Serbian Hacktivists Attacking Albanian Web Sites

Tue, 20 May 2008 11:21:47 +0000

The rise of pro-kosovo web site defacement groups was marked in April, 2008, with a massive web site defacement spreading pro-kosovo propaganda. The ongoing monitoring of pro-kosovo hacktivists indicates an ongoing cyberwar between pro-serbian supporting hacktivists successfully defacing Albanian sites, and building up capabilities by releasing a list of vulnerable Albanian sites (remote SQL injections for remote file inclusion, defacements or installing web shells/backdoors) to assist supports into importing the list within their do-it-yourself web site defacement tools.

Go through the complete post - Pro-Serbian hacktivists attacking albanian web sites.

Related posts:

Hacktivism Tensions

Hacktivism Tensions - Israel vs Palestine Cyberwars

Mass Defacement by Turkish Hacktivists

Overperforming Turkish Hacktivists

"The Kite Runner" will change how you think about Afghanistan

Tue, 29 Apr 2008 07:16:44 +0000

My wife Bonnie and I don't get out to the movies as much as we used to. When we do it is often with the kids, so we miss out on many of the adult (no, I don't mean those kind of adult) themed movies that come out. We wait for the DVD, but even than I miss many. I compensate by watching movies on planes a lot. Recently I caught The Kingdom with Jaime Fox and We Own the Night with Marc Wahlberg and Joaquin Phoenix. Both good, powerful movies. However, last night on my way out to Vegas for Interop I watched a movie that will change my life. It is the Kite Runner, based on the book of the same title by Khaled Hosseini.

The movie tells the story of two boys growing up in pre-Soviet invasion Kabul, Afghanistan all the way up to the year 2000, with a pre-9/11 Taliban regime in charge. You can read the Wikipedia article I linked to or better yet go rent the movie or read the book (I am going to read it next) for all of the dramatic details. However, let me talk a bit about my take away from this film. First of all, like many Americans I had a pre-concieved notion of Afghanistan as a poor, backwater, backwards place that welcomed a repressive regime like the Taliban to power and were part of the Muslim world that runs from the Med through to Pakistan. Nothing distinctive and in fact lets face it, I am not sure we humanize the people who live in that part of the world, as we do Europeans or our fellow Americans. I knew little to nothing of Afghan history or lifestyle. Our American view of the world makes it hard for us to remember that children are children the world over and their lives are special. Whether it be something as simple as flying a kite or aspiring to be a writer, all children share the same dreams, hopes and challenges. Yes, in a place like Afghanistan with its ethnic tensions, there is room for a level of violence we don't often see here (but even that is BS, me living in Boca doesn't see it, but live in an inner city bad neighborhood in the US and is life any better for a child?). But parents are parents the world over and they love their children and have hopes for their children the same way you and I do. People have values they believe in and may not be the most religous, but are never the less good people.

The movie made me think about my role as a father, husband and American. The whole American immigration experience is such a great influence on the world. We have the ability to take people from anywhere and they become Americans. The father in the movie goes from being a man of power and wealth in Kabul, to working in a gas station here. The father-in-law was a general in Afghanistan, but just a lower middle class worker here. But they don't lose their identity or the pride and sense of who they are and most of all their values. They don't lose their identity into the melting pot, but we add their identities to our tapestry of life here in this country. That is the real special sauce in what makes America

That part of the world is not just full of religous extremists. There are real live human beings there who think and feel very much like we do. Yes there are incredible challenges with religous extremism to overcome, but there is a core of real people who are worthy of our efforts. At the end of the day, that is what the movie has succeeded in doing for me. It has made the Afghan people real.