Monthly Archives: February 2012

02/28/12

FORENSIC IP-TRACING TECHNIQUES

WHAT YOU SHOULD KNOW ABOUT FORENSIC IP-TRACING TECHNIQUES IP SPOOFING

Various logging schemes have been proposed by computer forensic researchers to make tracing spoofed IP packets easy for investigators. None of these have become widespread, though it would be trivial for your ISP to detect IP spoofing using egress filtering. This is typically done at the border of the network, so in a large network the precise attacker would be difficult to determine the precise origin of quiet/short transmissions, particularly after they have ended.

quis custodiet ipsos custodes

US Cyber Labs - quis custodiet ipsos custodes

Noisey activities such as DoS attacks can be traced without infrastructure or ISP support by flooding upstream routers and observing the effect on the attacker’s stream. However, transient spoofed communications will remain difficult to detect until IP logging is implemented at intermediate routers.

Some forensic “experts” appear to be lacking knowledge about network protocols, making ridiculous suggestions such as appending unique router id’s into packets. Of course, these can be spoofed by any compromised router, falsely implicating uninvolved parties.

ENCAPSULATED TRAFFIC

Encapsulated traffic, such as proxies and IP over IP tunnels do not spoof source addresses, but rather scrub the source from packets at each bounce point. Long-lived connections can be traced by physically visiting (or compromising) each upstream bounce point. Dead connections can be traced if the next upstream bounce point is logged at the current bounce point. If not, the trail is cold.

Transient streams where the IP address is changed at each bounce point are at the very least difficult enough to trace that law enforcement won’t bother. Search the news; you won’t find any incidences of law enforcement tracking people down through bounces using amazing technical wizardy. This is not observation bias; law enforcement love to toot their own horn about their supposed feats in fighting “cybercrime”.

END-TO-END ATTACKS

There is some speculation that various intelligence agencies are monitoring Internet traffic at the major ISP’s. This is more or less to be expected. What is disputed is how this affects Tor’s anonymity. Certainly, if TCP handshakes are recorded and retained, then it could be used to retroactively identify Tor users and users of other encapsulated proxies. This is the timingcorrelation attack most Tor users have heard about. While this is a very realhole in Tor’s security, the fact is that it is still an expensive attack to carry out, requiring a great deal of data retention or proactive action on the part of the attacker. It is highly unlikely that this will be used on pirates in the near future. More than likely, these capabilities are reserved for counter-terrorism and monitoring of identifiable domestic groups the government finds objectionable. There is no credible evidence of a timing attack successfully being carried out on Tor.

SUMMARY

There is no credible information to suggest that LE are able to trace transient network traffic that has been bounced and scrubbed without fairly complete cooperation from all involved hosts, or massive data retention at the major ISP’s coupled with advanced traffic analysis. There is little evidence of law enforcement utilizing any kind of advanced traffic analysis or timing attacks, though the situation may change in the future.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
02/27/12

Gravitas Message to Anonymous

gAtO wAs - surfing the deep web looking around on the site qPasteBin a site something like PasterBin I see this message “Message to Anonymous[1]” As you read the message it’s like a joke from a self centered little jerk. It goes on to tell Anonymous what idiots they are and that they should go after the $$ and our financial infrastructure. When they have this financial info they should give it to the Alpha of financial world like Gravitas. I sent a letter to them informing them http://www.gravitastechnology.com giving them a chance to say something. At last they don’t think this is anything to worry about so I’ll just publish it and let the chips fall. Good luck gravitas - gAtO oUt-

jgolle@gravitastechnology.com

jtherrien@gravitastechnology.com

jschubin@walek.com

Jessica – Janet – Jon

Good Day my name is gAtO -uscyberlabs.com I am a security researcher while doing some research in the dark web I came apron a most interesting message addressed “message to Anonymous”. In the message (included below) it tell’s the group anonymous to go after the SEC, DTCC, CME, NYSE, NASDAQ Standard and Poor’s, US FED, IMF, ECB, JPMorgan, GoldmanSachs and to give this stolen hacked data to your company -gravitas.

I am including links for you to verify this information -(you even created a PGP public key for confidential-secret encrypted email). You company even create a gravitas tor e-mail. Who ever did this did a good job of getting the message out to Anonymous but to link it back to your company so directly.

This is against the law I hope you know, to solicit a hacker group like anonymous to hack the major banking infrastructure and to give you the stolen data.

I like to give you guy’s a chance to tell me why I shouldn’t post this.

Regards,

gatomalo

PS

I’m am no fbi-profiler put who ever wrote this is an nut case- who loves “the Fight Club” –This person has his PGP for encrypting documents and mail and a secret ToR email to get those secret emails… SO he can never get caught ..right yeah.. this person is more a problem for your company than any one else. This is your worse nightmare as an insider threat…

………by the way I may be able to find this person – I do security work too…

To get to the .onion links you must use ToR browser bundle to get to the dark web…

http://www.gravitastechnology.com/contact.html

Message on the qPasteBin -Dark Web – Site for hackers to leave messages

http://4eiruntyxxbgfv7o.onion/paste/browse.php

[1]

Posted by: Anonymous

Description: Message to Anonymous

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA512

This is a first installment of a call to arms directly addressing those who call themselves a part of ANONYMOUS.

Firstly, stop fucking with normal people including cops. So someone got their ass beat or sprayed with some condiment. Boo-fucking-hoo.

Fuck with the system. The only system that matters enables everything else. It is bought and paid for by the blood, sweat and tears of the people. It is the global financial system. It is controlled by a global economic oligarchy.

Secondly, if you are going to compromise information systems, compromise the RIGHT information systems and grab the RIGHT data. I can’t believe there are fucktards that think grabbing individual subscribers to some wannabe CIA service is going to make a fucking difference.  Retard.

And once you do grab the right shit, make good use of the intelligence.  The target list needs to include individuals that are often ignored. Persons that are in the right places, with the right access to information, for the right reasons. Examples include members of the SEC, DTCC, CME, NYSE, NASDAQ, any of the bank credit rating agencies like Moody’s and Standard and Poor’s, US FED, IMF, ECB, JPMorgan, GoldmanSachs, etc.

Once you have obtained sensitive financial data or communications there is a good chance you won’t understand shit. Be not afraid, be of good cheer. Drop all the info at the same time. Don’t be a douchelord and hold on to some of it while making stupid, sophomoric threats. Drop it into the public domain and let the subject matter experts like the Tyler Durden’s of the financial world examine the data.

- –Gravitas

- —–BEGIN PGP PUBLIC KEY BLOCK—–

Version: GnuPG v1.4.10 (GNU/Linux)

mQINBE8GaKsBEADYKvUnbtxwfBr9rs0QhfxMSd3zTVzjWeFB6uhV7IhSs5m3UqsQ

okhipbaEVUTaw9S1ZioK2rDD3STk6z6OW8n9MAOn7ht+VZ4eNPDV0p7dBOCh2dOQ

s2PyVrgdkY1//HmKNVgC/5Ar3ducOAlWpuXal4Vt2SbvVcWkIAmn0dFgP0iGe4s/

Tk6YbxAkvS3Z7JtXOaCMkZCfWHZX8J3yBrpltnyOtRiwDRmd+4DijfTrzWgIvjwq

aAAf1v3kH/G5n468t8Ux2njaRPuSpLIF8Ri1weCRB3VLUQnt9l+52IxsImAuDWb9

NMUA1TLVvZYR85wjW/84h6Grqb1+aA6MMBp0Kc9XgB3xnM+riQTDI7o4URndJy1U

N0aYm78aJiMQB1avecfrIgXbFx0eEpnW3e10nL0D6U5dBSYNQ3CgnNaf1gP87MRZ

tkUVZOD4YGZFAfq1CVcG6WTc0OamsL1co7wPAGNcYQfqEFZvlQ2zx5GbwHdOLJ91

qGC1tTi4L/ZqeJfJOnLyEqXNYcu7fEc0twbXS33svoMa4nzrITPImXI3lJaoHz81

GbzXg2boJf0uZn5E+HoQf3FFdKu6wtduzHsj0d036DfqZr1Ey5mOJierT6Ovlaa9

NwA4KFYNNcZ+oHpWLfL9ZYirPpTmtU+piGVMrh1OfPCTcvUhLy9bAPQQwwARAQAB

tB9HcmF2aXRhcyA8Z3Jhdml0YXNAdG9ybWFpbC5uZXQ+iQI3BBMBCAAhBQJPBmir

AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEPog9e8SkOk1J24P/3NJDsuq

JLvy0pB1QcZjspApuG2Y4NhfwK+oxE0+J55i4j2t5/yncRxXO3c66RSQ4whVVVdH

hu/9tD3fxz2VWWF+yCXj39lCKrQJ550/xjMXw5YYhznpEir8ZeZw5YIHlDtuwMIg

KfmHyxnUKWvkC/PwNAqQhDbf57aCMV2nTtgJyHV2aL9N4E7zG7yFe6tJfiQTFAuW

sdUDMcOmU1QbkAETYLPolWxtUklNjoUJXOjzYkedASutA0XGXOvCA1C/30JjJYp1

9G0/mHuy4Mh+PPkILZ4Z+Tyfh3nKpoa/aWbmOhRPCZL7Wy2tiP7UqMygxOsYKUDe

C6k8t4UkTPw7tRRmPUV7Pbf/hyi1+gSh7H3GTw7ZYVdxAnyuNS6QZsS8J88OfiUy

4+8ck9ztgiN8aYejaLq2jdRdmiCj81GBGayumgyeHGE/X7xj/b42BsTQr5CpM/sL

EBqHexMsgAK1FJ4exZApiQCKnAryvI7FfNVPdLk1ERKt0ztexQh1eVAoS3Tak8S/

V1smtpe2g81c0GMCQgAiCMUQeEjUVNtqtg1lNdbua+9mkcB2TcoDMrofnUS1L4ch

/WPa1VeAhSJnu5QidTUNrAXMo3jeD4rGkvEgQloBBsj8HBQ0hJxglTqxPktcB6h9

fTM6fi5/R2NS2lD+QZTq1JODUIUSCBOcLA6SuQINBE8GaKsBEAC5RrFNYb1nom/A

PwHmUFuzCCJdV71vgdaeDt8VoLSnZN5olGbw1zYD6wJ/DmnJjuPx+PY11VKVZiZ0

yBsHUWsDUZ7UBwsRWTXjkrj0GRnXSgY6Ki8PmAqI+Mwd41j3jb0KKKCLMkx/2ZsC

CA0d6O4Xqc8+GMox/tzLydx2KGbOIQZ7T5V4RHifUBDbr4K5/3iLbQj0v7N22v3f

odJ66jtPjOoAKrTGD9i343N1yprlAloUOShp3k1VrNJd7S0/EtJnPESuY1GNlb8f

+jyPG2wOfZnOnNTgZFdUkk0IE5qCfiW/zHRB9P9brdh00YemYYmJKB9eL6Tmb0lK

q4Dqa2Z94JxPAHQXRW7qojavGnNBulzzv7CLouQ/tDC4YIFTiaBFGobd5MfKSWkk

Jpzh3j++bENl1hu/7g5Gtx4oIJFGcwbooxwE+YMY+SoXk6wjXA53FJblT/CnZlW3

sDnGXv/djndqBmzxotvKn4YRAcXNp8VZZLvH+3HVnNbdUcj7C2tthinGT8z0OSRP

aJgK3B4iyWUz0gagwZe1KXd7tsuNObPHxiDudeOaBTx7OJOUcIQx8vOZyfpBgQs1

iq8okSQIBY846WyGFEubb4AunH4+/9VQmAuIQ9qM/J5yNfeXH5Cd08CHEfDOspHR

KPyZn8L1gDz31vGcOVQgXPQKI13weQARAQABiQIfBBgBCAAJBQJPBmirAhsMAAoJ

EPog9e8SkOk1v00P/RMImXaulKS4Q7WA1YxmXaofandhXJfAQtUQgBIX4nMTGArT

JwYVlW2y/CpNBOWhSEjwejv76N9UjZQudcaMZvp8B73ifxvbppBhYCMLycczVCQy

N7zmRZqJzecUuiKwOhpVk0aaYNImQB1RYrsxg5GRQlerDMxJycBpMPeGDvJhFW5u

dzSpGXKOgt316KDVs1CCkFTZPHZro7Ck30g3ZBkmQh3qXfW8cNy7ZO9s9+Uc2GOO

tJzdAZwyvYYu4arvf0N5D3QaFJYGudey9AoAsepa8ddoCVY6CiSo9m0HGtAJc//4

yTeELE4hMgdjI3RFHdSEKGmpiznq/OQGjvWW8FtAIQQMbtOr/wa1Yi9c39s7FdYh

kCXMvfUzg5j8mMZGuTz9G1v/vDtmC2XDyzxU0jCHaq0IfWobEIEix7Vt50+HxosR

icXzOsoJ/QZ7Hz+jYREFCMH9TqLIkLVIH/0fRjnekb2T6hh2mdPedJlyxjLqPL2Y

YrC+fZrOEU4XIHNN5IR2DTqQDQhgE8Z5shSZNhPS0/okLwlE3S7KlPe7LxWNgCrn

KQJ78HQtpjDxhJ5GRjS3/Vuo0WMwltlRyNesn8je5ptB2T5z2ZjUqH4pfNRkhZ/j

Pox1sm4PB3AoGgyLsrpZ/Rk7jUkgF/Yt87F8UThYM0xcj46xflCHUDXlKSP5

=f0pJ

- —–END PGP PUBLIC KEY BLOCK—–

—–BEGIN PGP SIGNATURE—–

Version: GnuPG v1.4.10 (GNU/Linux)

 

iQIcBAEBCgAGBQJPBm7oAAoJEPog9e8SkOk18E0P/1whLcY2HP40o8bgisrqjzou

04wcT/QSRj+L8aZcQGwBq3/Ry2hoqq6lIIF3FmK36i/VO4WH3SvpzGzly7HUQiIE

ATwVoTojEhCUcRT0WsR/9ijYFzQRBIG54lizadpqyHrCUAmRQ1+Oh4Lms0tR1MOa

2Mj/uN1gi4/cYci6+lYbGOFFwp0OhfQtbAV2minryqZI9wvFflK9iGh2/hqiWK/m

GBAN589SkR7kAQpFGnjbE9fGUbX36BfOM/N+f6qunKUgu8YEA7OZdj23MGRh7elm

m6eWgYqttsgqBzs2mVMdUleJmm/5/8jdz9Jk3JJ9MlK9QJ7RRMytzbtaTrRMJTtS

cau/owRgH0x3wHTjqkaUAlsStYm2JvEj7nVPkaGDqQ8AGeNjyqArTa11Tc4UfVLd

zTzZhWshUbDXoHfvCKuhv8vhlNEERoLQhNJ7Ej9LCrwUD6+vGoVpj7k4Ynxrl740

zuUrhjD4C91Ov8oE6zPDStQ0Fw6FDfUdaIvNksXBU8qBBWXPOkyBogHtnDmXI6L6

HMwZZOfkX6r0VauAoUwk4NE8wMPiL8LK8sAOg6esUdDRfCIp7XUsm4s/kQwaWn2W

2RXIgnPTXKdJx/rVM9Ns7ler9ikvlWffZb1uT9JvmsWaHXmxuRKwRlrboOj95W8T

qWCUNwM8unc/AvAh09fs

=VD5d

—–END PGP SIGNATURE—–

 

 

http://4eiruntyxxbgfv7o.onion/paste/show.php?id=49689a2ddedb6517

 

Posted by: Gravitas

Description: Gravitas@tormail.net Pub Key

 

—–BEGIN PGP PUBLIC KEY BLOCK—–

Version: GnuPG v1.4.10 (GNU/Linux)

 

mQINBE8GaKsBEADYKvUnbtxwfBr9rs0QhfxMSd3zTVzjWeFB6uhV7IhSs5m3UqsQ

okhipbaEVUTaw9S1ZioK2rDD3STk6z6OW8n9MAOn7ht+VZ4eNPDV0p7dBOCh2dOQ

s2PyVrgdkY1//HmKNVgC/5Ar3ducOAlWpuXal4Vt2SbvVcWkIAmn0dFgP0iGe4s/

Tk6YbxAkvS3Z7JtXOaCMkZCfWHZX8J3yBrpltnyOtRiwDRmd+4DijfTrzWgIvjwq

aAAf1v3kH/G5n468t8Ux2njaRPuSpLIF8Ri1weCRB3VLUQnt9l+52IxsImAuDWb9

NMUA1TLVvZYR85wjW/84h6Grqb1+aA6MMBp0Kc9XgB3xnM+riQTDI7o4URndJy1U

N0aYm78aJiMQB1avecfrIgXbFx0eEpnW3e10nL0D6U5dBSYNQ3CgnNaf1gP87MRZ

tkUVZOD4YGZFAfq1CVcG6WTc0OamsL1co7wPAGNcYQfqEFZvlQ2zx5GbwHdOLJ91

qGC1tTi4L/ZqeJfJOnLyEqXNYcu7fEc0twbXS33svoMa4nzrITPImXI3lJaoHz81

GbzXg2boJf0uZn5E+HoQf3FFdKu6wtduzHsj0d036DfqZr1Ey5mOJierT6Ovlaa9

NwA4KFYNNcZ+oHpWLfL9ZYirPpTmtU+piGVMrh1OfPCTcvUhLy9bAPQQwwARAQAB

tB9HcmF2aXRhcyA8Z3Jhdml0YXNAdG9ybWFpbC5uZXQ+iQI3BBMBCAAhBQJPBmir

AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEPog9e8SkOk1J24P/3NJDsuq

JLvy0pB1QcZjspApuG2Y4NhfwK+oxE0+J55i4j2t5/yncRxXO3c66RSQ4whVVVdH

hu/9tD3fxz2VWWF+yCXj39lCKrQJ550/xjMXw5YYhznpEir8ZeZw5YIHlDtuwMIg

KfmHyxnUKWvkC/PwNAqQhDbf57aCMV2nTtgJyHV2aL9N4E7zG7yFe6tJfiQTFAuW

sdUDMcOmU1QbkAETYLPolWxtUklNjoUJXOjzYkedASutA0XGXOvCA1C/30JjJYp1

9G0/mHuy4Mh+PPkILZ4Z+Tyfh3nKpoa/aWbmOhRPCZL7Wy2tiP7UqMygxOsYKUDe

C6k8t4UkTPw7tRRmPUV7Pbf/hyi1+gSh7H3GTw7ZYVdxAnyuNS6QZsS8J88OfiUy

4+8ck9ztgiN8aYejaLq2jdRdmiCj81GBGayumgyeHGE/X7xj/b42BsTQr5CpM/sL

EBqHexMsgAK1FJ4exZApiQCKnAryvI7FfNVPdLk1ERKt0ztexQh1eVAoS3Tak8S/

V1smtpe2g81c0GMCQgAiCMUQeEjUVNtqtg1lNdbua+9mkcB2TcoDMrofnUS1L4ch

/WPa1VeAhSJnu5QidTUNrAXMo3jeD4rGkvEgQloBBsj8HBQ0hJxglTqxPktcB6h9

fTM6fi5/R2NS2lD+QZTq1JODUIUSCBOcLA6SuQINBE8GaKsBEAC5RrFNYb1nom/A

PwHmUFuzCCJdV71vgdaeDt8VoLSnZN5olGbw1zYD6wJ/DmnJjuPx+PY11VKVZiZ0

yBsHUWsDUZ7UBwsRWTXjkrj0GRnXSgY6Ki8PmAqI+Mwd41j3jb0KKKCLMkx/2ZsC

CA0d6O4Xqc8+GMox/tzLydx2KGbOIQZ7T5V4RHifUBDbr4K5/3iLbQj0v7N22v3f

odJ66jtPjOoAKrTGD9i343N1yprlAloUOShp3k1VrNJd7S0/EtJnPESuY1GNlb8f

+jyPG2wOfZnOnNTgZFdUkk0IE5qCfiW/zHRB9P9brdh00YemYYmJKB9eL6Tmb0lK

q4Dqa2Z94JxPAHQXRW7qojavGnNBulzzv7CLouQ/tDC4YIFTiaBFGobd5MfKSWkk

Jpzh3j++bENl1hu/7g5Gtx4oIJFGcwbooxwE+YMY+SoXk6wjXA53FJblT/CnZlW3

sDnGXv/djndqBmzxotvKn4YRAcXNp8VZZLvH+3HVnNbdUcj7C2tthinGT8z0OSRP

aJgK3B4iyWUz0gagwZe1KXd7tsuNObPHxiDudeOaBTx7OJOUcIQx8vOZyfpBgQs1

iq8okSQIBY846WyGFEubb4AunH4+/9VQmAuIQ9qM/J5yNfeXH5Cd08CHEfDOspHR

KPyZn8L1gDz31vGcOVQgXPQKI13weQARAQABiQIfBBgBCAAJBQJPBmirAhsMAAoJ

EPog9e8SkOk1v00P/RMImXaulKS4Q7WA1YxmXaofandhXJfAQtUQgBIX4nMTGArT

JwYVlW2y/CpNBOWhSEjwejv76N9UjZQudcaMZvp8B73ifxvbppBhYCMLycczVCQy

N7zmRZqJzecUuiKwOhpVk0aaYNImQB1RYrsxg5GRQlerDMxJycBpMPeGDvJhFW5u

dzSpGXKOgt316KDVs1CCkFTZPHZro7Ck30g3ZBkmQh3qXfW8cNy7ZO9s9+Uc2GOO

tJzdAZwyvYYu4arvf0N5D3QaFJYGudey9AoAsepa8ddoCVY6CiSo9m0HGtAJc//4

yTeELE4hMgdjI3RFHdSEKGmpiznq/OQGjvWW8FtAIQQMbtOr/wa1Yi9c39s7FdYh

kCXMvfUzg5j8mMZGuTz9G1v/vDtmC2XDyzxU0jCHaq0IfWobEIEix7Vt50+HxosR

icXzOsoJ/QZ7Hz+jYREFCMH9TqLIkLVIH/0fRjnekb2T6hh2mdPedJlyxjLqPL2Y

YrC+fZrOEU4XIHNN5IR2DTqQDQhgE8Z5shSZNhPS0/okLwlE3S7KlPe7LxWNgCrn

KQJ78HQtpjDxhJ5GRjS3/Vuo0WMwltlRyNesn8je5ptB2T5z2ZjUqH4pfNRkhZ/j

Pox1sm4PB3AoGgyLsrpZ/Rk7jUkgF/Yt87F8UThYM0xcj46xflCHUDXlKSP5

=f0pJ

—–END PGP PUBLIC KEY BLOCK—–

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
02/24/12

Attacking The Web-new bogey man is Anonymous

Got your attention, this is how they play us in cyber space to control us. -ok this rant is from a lOcO KiTtY…back up

gAtO sAy’s- “power is not only what you have but what the enemy thinks you have” 

Attacking cyberspace has come of age. It’s cool and hip to say hay “hackers are going to shut down your electricity” all the players are using the same old tactic that they used with eco-terrorist back in 2006 wow 6 years ago, we have grown since then. We were worried about wacko-hippies chained to a tree, or a bulldozer. They fed us that kind of crap and we believe them.

The Rise and Fall of the Eco-Radical Underground

Rolling Stone’s 2006 feature on what the government calls the ‘the number-one domestic terrorism threat

http://www.rollingstone.com/culture/news/the-rise-fall-of-the-eco-radical-underground-20110621#ixzz1nJOTx8SM

Today congress and senators announced  Anonymous the number-one domestic terrorism threat is this just another political play to get money for non-compete contract with donor to the cause(their pockets). You don’t think all those silly little think tanks in Washington aren’t reading the tea leaves. The new bogey man is Anonymous and groups like them. it has Cyber Political Power – CPP how scare can you make them online- look at what happened when the web protested SOPA and went BLACK. History was created that day January-18-2012- the day cyberspace roared as one voice, and that scared the living shit out of the powers that be. You see it’s power that cyberspace holds and they want to keep that power, but we won’t let them. --mEoW mEoW

power is not only what you have but what the enemy thinks you have

With just a few knowledgeable active and passive agents-provocateur -anyone with a cause or worse money (Rupert Murdoch $$) can nudge cyberspace in one direction or another. Just think of a bot-master with a few thousand twitter accounts changing the tone of a conversation from right to middle or all the way to the left. Power to move the masses is something that powerful people want to control. This kind of social technology is the same old propaganda stuff the CIA threw at their puppet governments, with today’s technology countries like Iran and Syria cannot control the news, pictures and video that show the atrocities committed on their own. It will be used for good and evil, the genie has been let out of the bottle and cyberspace will only grow -gAtO oUt —stepping of the soapBox now……with a pirate song in my heart…AarGh

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
02/23/12

Syrian Electronic Army is Open to Hacking

gAtO SeEn- the news about Syria and the Homs murder of protesters and this is a bad thing for the people of Syria and the dissidents. While Russia and China think about this more and more killings have happened. So gAtO thought what is Syria doing in cyberspace? gAtO jimped in and started looking first at the Syrian Cyber Army website www.syrian-es.com  this is their main site now with google translator I started to read the site.:

http://translate.google.com/translate?hl=en&sl=&tl=en&u=http%3A%2F%2Fwww.syrian-es.com%2F

As I looked over the site I noticed that they use Joomla 1.5, this is an older version of Joomla full of holes and an easy hack. There is so much open on this site were you can get any of the scripts and look at the code, all this from any browser[1]. This is not rocket science.

Well if the Syrian Army uses this version of Joomla maybe some other government offices in Syria do:

www.raqqa.gov.sy/ar/index.php/local-news.feed

www.industrialbank.gov.sy/index.php?…91

www.uok.edu.sy/…/index.php?

www.reefnet.gov.sy/reef/index.php?

http://parliament.sy/

http://www.rtv.gov.sy/

http://www.addounia.tv/web/main.php

http://www.sana.sy/

Here are a few more sites that yes you guessed it they have the same Joomla 1.5 app running their websites. Knowing that this version has security holes why would a government use it. My only guess is they started in 2008 and if something works well keep it. If this department uses this Application well others will use it. The Syrian government is built on treats and intimidation so anything that is accepted no one will call attention to it, under fear of reprisal this is how all dictatorships work.

Now it comes to us the rest of the world to do something. gAtO contacted USSTRATCOM and Ya’akov Yehudi (Israel Security) to report this and I got nothing back from them so what do I do with information that can help people from getting murdered and killed by an oppressive state. Well here it is I am publishing this information and hope that someone will pick this up and do something with it. It’s a moral thing that gAtO must do, I have seen murder and killings like this in my former country and I could do nothing at that time so here it is, let the chips fall were they fall -gAtO Out

[1] Here are some links from their site and their CODE:

<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management” />

http://www.facebook.com/pages/%D8%A7%D9%84%D8%AC%D9%8A%D8%B4-%D8%A7%D9%84%D8%B3%D9%88%D8%B1%D9%8A-%D8%A7%D9%84%D8%A5%D9%84%D9%83%D8%AA%D8%B1%D9%88%D9%86%D9%8A/340192589337632?sk=wall

http://twitter.com/syriansoldier1

http://www.youtube.com/user/syrianes1

www.syrian-es.com/templates/jv-framework/favicon.ico

www.syrian-es.com/templates/jv-framework/themes/jv-melody/css/horizontal.css

www.syrian-es.com/templates/jv-framework/themes/jv-melody/css/vertical.css

www.syrian-es.com/templates/jv-framework/themes/jv-melody/css/accordion.css

www.syrian-es.com/templates/jv-framework/basethemes/css/typo.css

www.syrian-es.com/templates/jv-framework/themes/jv-melody/css/layout.css

www.syrian-es.com/templates/jv-framework/themes/jv-melody/css/template.css

www.syrian-es.com/templates/jv-framework/themes/jv-melody/css/css3.css

www.syrian-es.com/templates/jv-framework/themes/jv-melody/css/template_rtl.css

www.syrian-es.com/modules/mod_nice_social_bookmark/css/nsb.css

www.syrian-es.commodules/mod_yt_content_slideshowii/assets/style.css

http://www.syrian-es.com/modules/mod_jvhotnews/assets/css/jvhotnews.css

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
02/19/12

gAtO aLmOsT -got hacked

gAtO aLmOsT -got hacked WHY? after a nice kitty nap I woke up and found my site uscyberlabs.com was suspended. I could not get into my site or get any email so I called my hosting provider. We soon found out that someone was trying to do a brute force trying to get into my admin panel. (see logs—below) To top it off someone called my provider and tried to social engineer them into resetting my password. From my simple SEO plug-ins I could see that it was a ToR connection the IP 72.14.182.266 running a Python-urllib/2.7 script. You can see the timestamp and the delay’s give it away to a ToR connection. Of course my hosting Service is doing some research to see what they can find out but the IP as well as the phone call were non-traceable (or were they).

gAtOmAlO sAy's

Since gAto writes about Anonymous I assume at first that the FBI was going to kick down my door but that made no sense since everything I publish is available online Open-Source. I did notice a few days ago a tweet warning of a grayHat that needed a Dox – http://whatismyipaddress.com/ip/72.14.182.226 this is a little info about the IP address it shows Dallas, TX but my internal SEO places it in Newark, NJ.

Why is the question did I piss someone off, was I getting close. I HAVE a lot of information about Anonymous and the crew(z) that I do not publish, just because “gAtO is No SnItCh”. Maybe @MissRevolution_ got pissed because of her money problems or Xgirlfriend, in Chi-town I could go on and on but The OpCashBack Twitter of Banks that I published was to get the world out. Why so many banks have twitter I still find that interesting. Oh Well back to the SaltMines -

Ok so is GaTo’s words so powerful that  you want to hack his site…. gAtO feel so important —naw.. just messing.. -gAtO oUt 

http domain  72.14.182.226 Hostip (subject) more info

Country: UNITED STATES (US)

City: Newark, NJ

IP: 72.14.182.226

,

li45-226.members.linode.com

Python-urllib/2.7

February 19, 2012 15:06:44

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:06:43

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:06:42

/blog/?p=1915

February 19, 2012 15:06:40

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:06:39

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:06:38

/blog/?p=1915

February 19, 2012 15:06:34

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:06:33

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:06:32

/blog/?p=1915

February 19, 2012 15:02:53

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:02:53

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:02:51

/blog/?p=1915

February 19, 2012 15:02:50

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:02:49

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:02:48

/blog/?p=1915

February 19, 2012 15:02:45

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:02:43

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 15:02:42

/blog/?p=1915

February 19, 2012 14:59:44

/blog/2012/02/17/banks-twitter-opcashback/

February 19, 2012 14:59:44


Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
02/17/12

Banks on Twitter -OpCashBack

gAtO FoUnD - this little fact from MissrEvolution @MissRevolution_  great job for the cause. Why are there so many BanCoS on twitter???? -gAtO oUt

the last graph bar is cut off, it just shows when their last tweet was great job

2nd column is the account without the @

  Bank Account Followers Following Tweets Last Tweet
1 AmEx AmericanExpress 197,056 17,208 9,992 1 hour
2 AmEx OPENForum 49,278 2,001 4,775 1 hour
3 BofA BofA_Community 31,016 73 295 2 hours
4 Chase ChaseGiving 22,184 17 113 1 day
5 USAA usaa 20,460 7,481 1,357 1 day
6 ING Direct INGDIRECT 18,922 9,713 3,077 1 day
7 BofA BofA_Help 17,868 15,850 48,106 1 hour
8 Wells Fargo WellsFargo 12,957 31 575 1 day
9 BofA BofA_Careers 12,333 531 5,042 1 hour
10 AmEx AskAmex 11,922 37 24,883 1 hour
11 Citi Citi 10,034 4,428 2,788 1 hour
12 Wachovia Wachovia 9,754 7,120 8,186 1 day
13 Wells Fargo Aks_WellsFargo 8,900 7,829 20,317 1 hour
14 Westpac westpac 7,219 705 2,642 1 hour
15 MasterCard MasterCardNews 7,053 1,329 2,151 1 day
16 BofA BofA_News 6,980 55 295 1 week
17 NAB NAB 6,768 1,946 3,706 1 hour
18 Deutsche Deutsche_News 6,609 506 1,018 2 hours
19 ING Direct CEO_INGDIRECT 6,523 1,097 4,310 1 hour
20 Barclays BarclaysWealth 6,377 17 1,494 1 hour
21 Commonweatlh NetBank 6,093 1,333 1,886 2 hours
22 Citi AskCiti 6,077 6,497 8,590 1 hour
23 TD TD_Canada 6,055 4,711 3,693 1 hour
24 Guaranty Trust gtbank 5,800 14 2,299 2 days
25 Pinnacle PinnacleBankSC 5,480 5,543 1,553 1 hour
26 RBC RBC 5,464 629 476 1 day
27 UBank Ubank 4,522 4,358 3,203 1 day
28 USAA USAA_help 4,498 1,210 1,881 1 hour
29 Banco Sabadell BancoSabadell 4,483 1,475 8,945 4 hours
30 Citi CitiJobs 4,478 3,855 688 1 day
31 TD TDBank_US 4,271 3,802 7,909 1 hour
32 Standard StandardBankGrp 4,217 2,908 7,967 1 hour
33 Barclays BarclaysCycle 4,216 56 137 1 hour
34 ING Direct SuperStarSaver 3,885 3,647 3,739 4 hours
35 ASB ASBBank 3,859 2,597 3,597 6 hours
36 FNB Rbjacobs 3,720 2,259 14,069 1 hour
37 Halifax Halifax_Online 3,655 2,147 3,573 2 hours
38 Grameen grameenbank 3,468 0 1 2 years
39 Lloyds TSB LloydsTSBOnline 3,323 1,020 3,032 1 hour
40 ICICI ICICIBank_Care 3,231 2,243 5,807 2 hours
41 Citi citibankaus 3,056 3,147 428 1 day
42 Barclays wealthinsights 2,895 1 443 1 week
43 ANZ anzmoneymanager 2,642 2,160 359 1 month
44 North Shore NorthShoreBank 2,572 1,507 2,893 1 hour
45 First Direct first_direct 2,530 670 929 1 day
46 Wells Fargo WellsFargoBank 2,368 0 0 never
47 Ally AllyBank 2,276 489 4,844 1 hour
48 Arvest ArvestBank 2,249 34 1,135 1 day
49 CIBC CIBCnews 2,246 7 582 1 hour
50 Barclays BarclaysStockbroker 2,215 54 371 3 days
  Bank Account Followers Following Tweets Last Tweet
51 PNC PNCVWallet 2,179 2,184 1,254 1 hour
52 Aegon aegonbank 2,168 1,417 1,701 6 hours
53 Kiwibank KiwibankNZ 2,126 1,866 1,361 1 day
54 PNC PNCNews 2,103 33 1,189 1 day
55 CapitalOne AskCapitalOne 2,039 923 3,697 1 hour
56 SunTrust AskSunTrust 2,008 624 17,441 1 hour
57 Umpqua umpquabank 1,972 44 1,908 1 day
58 Gulf Gulf_Bank 1,887 1,336 1,133 1 hour
59 BMO BMO 1,882 315 1,264 1 hour
60 Bank of the West BankoftheWestCI 1,858 323 744 3 weeks
61 Barclays BarclaycardNews 1,829 680 1,180 2 hours
62 BofA BofA_Tips 1,827 85 343 1 week
63 Bank of Oklahoma BankofOklahoma 1,808 1,580 913 1 day
64 Union First WeBankAtUnion 1,689 674 3,398 1 hour
65 Webster WebsterBank 1,661 1,500 1,212 1 hour
66 1st Mariner 1stMarinerBank 1,639 446 1,768 1 day
67 BBVA Compass bbvacompass 1,625 3 1,816 1 hour
68 SunTrust livesolid 1,594 1,987 2,007 1 hour
69 Citi Citi_Forward 1,572 230 342 1 year
70 Foster FosterBank 1,517 1,246 57 2 weeks
71 SunTrust SunTrust 1,486 49 264 1 day
72 ABN AMRO ABNAMROTV 1,334 1 400 1 week
73 Winbank winbank_tweets 1,287 1,027 463 5 hours
74 Fidelity Fidelity_Bank 1,247 230 217 4 hours
75 BMO BMOCM 1,107 2 543 2 days
76 RBC RBC_Online_Bkg 1,071 11 127 1 hour
77 M&T MandT_Bank 1,063 835 322 1 day
78 Ally ally 1,008 655 257 1 day
79 Citizens CitizensBank 1,000 987 1,524 1 hour
80 Rabo Direct RaboDirectAU 990 590 811 1 day
81 HSBC hsbc_uk_press 972 503 208 1 day
82 Venture venturebank 961 1,097 576 1 day
83 Chase ChasePaymentech 951 45 106 1 month
84 Bremer BremerBank 948 542 1,451 4 hours
85 CapFed CapFed 943 933 1,204 1 day
86 People’s Choice peopleschoiceAU 896 87 288 1 month
87 St. George stgeorgecareers 866 884 262 1 year
88 Susquehanna SusquehannaBank 861 507 744 1 hour
89 Bank of Queensland BOQ 844 527 373 1 day
90 Citi CitiGTS 842 988 616 1 week
91 Bank of Melbourne BankofMelb 830 350 1,496 1 day
92 DBS dbsbank 821 176 83 2 weeks
93 First Tennessee FirstTennessee 811 35 600 1 day
94 Northeast Northeast_Bank 807 36 227 3 weeks
95 First Federal firstfederal 798 466 421 6 months
96 Citizens Citizens_Bank 771 0 0 never
97 e3 e3bank 757 492 127 5 months
98 ANZ ANZ_AU 751 777 378 1 hour
99 UMB UMBFinancial 750 1 696 1 month
100 Home Street HomeStreetBank 747 435 373 2 days
  Bank Account Followers Following Tweets Last Tweet
101 State Bank of CP statebankofcp 742 702 1,052 1 day
102 Rabo Direct RaboDirectNZ 737 18 323 3 months
103 Metro Metro_Bank 724 932 302 2 hours
104 Virgin Money VirginMoneyAU 709 426 150 1 day
105 Landmark landmarkbank 708 995 950 1 hour
106 First American BankFAB 705 165 283 1 month
107 Royal Bank America SpurTheEconomy 702 401 319 2 weeks
108 Beneficial BeneficialBank 693 796 711 1 hour
109 Huntington Huntington_Bank 670 361 262 1 hour
110 Peoples State peopleswi 667 215 810 1 day
111 ING Direct INGDIRECTAUS 665 117 94 1 day
112 Barclays BarCorp_News 626 136 118 3 days
113 RBC rbcbank 608 668 578 1 day
114 Bank of Scotland BankofScot_help 603 356 492 2 hours
115 Bank of Ann Arbor bankofannarbor 588 275 439 1 day
116 Rabo Direct RaboDirectIE 564 76 296 2 weeks
117 Enterprise EnterpriseBan 563 387 130 3 months
118 Zions ZionsBank 561 126 690 1 hour
119 Fifth Third FifthThird 554 0 7 2 months
120 Bank Altantic BankAtlantic 548 407 617 3 hours
121 Chesapeake chesbank 536 54 126 1 day
122 Commerce Bank TNCommerceBank 532 808 794 1 month
123 First GREEN Bank FirstGREENBank 525 143 142 1 day
124 Paducah PaducahBank 512 1 69 2 months
125 ING Direct FeeTweeter 504 313 82 2 years
126 Northwest Savings NWSB 503 374 282 1 day
127 Monadnock MonadnockBank 486 454 532 1 month
128 Hampshire First HampshireFirst 478 424 181 1 week
129 KeyBank KeyBank_Help 464 157 375 2 hours
130 Suncorp SuncorpBank 462 4 0 never
131 Square1 Square1Bank 440 357 123 2 days
132 Five Star fivestarbank 438 262 457 1 week
133 Colorado Bank colobank 433 19 384 2 weeks
134 Air Bank Air_Bank 431 0 66 1 week
135 Westpac Westpac_help 419 1 2 2 years
136 ShoreBank SBPacific 418 180 283 6 months
137 Sun National SunNationalBank 416 886 330 2 hours
138 Citizens citizensbanker 407 335 273 3 years
139 Bank of Commerce bankofcommerce 402 835 702 1 hour
140 Orrstown OrrstownBank 395 42 249 1 week
141 Celtic CelticBank 392 713 646 2 months
142 Hancock HancockBank 387 2 7 2 years
143 Nittany NittanyBank 384 271 143 2 weeks
144 Gate City GateCityBank 383 271 331 2 weeks
145 Happy State HappyStateBank 380 61 317 1 week
146 Standard Chartered StanChartUAE 374 114 957 1 day
147 National Coop Bank coopbanking 368 105 249 1 hour
148 Mercantile MercBank 368 288 644 3 hours
149 Barrington BarringtonBank 365 538 64 2 weeks
150 RBC rbcinnovator 365 31 496 1 month
  Bank Account Followers Following Tweets Last Tweet
151 Union UnionBank 362 113 129 2 months
152 First Independent firstindy 360 302 408 2 days
153 3rd Federal 3rdFederalBank 354 374 243 1 day
154 Lake Forest LakeForestBank 345 503 72 2 weeks
155 HomeTown HomeTownBankVa 342 471 241 2 months
156 BMO BMOmedia 341 2 246 2 days
157 Standard StandardBanks 339 533 1,625 1 day
158 Marquette Bank MarquetteBank 332 0 298 2 days
159 Beach Bank beachbank 330 164 753 1 day
160 Bank Hawaii bankhawaii 329 64 136 2 days
161 First Niagara firstniagara 326 160 148 3 weeks
162 First Community FirstCommunity 324 238 242 1 week
163 Nicolet NicoletMortgage 321 0 201 1 week
164 Hinsdale HinsdaleBank 321 420 95 2 weeks
165 Washington Fed WaFed 320 137 382 1 day
166 Renasant renasant 316 75 121 2 days
167 Callaway CallawayBank 300 530 804 1 day
168 Legacy LegacyBank 296 444 264 1 day
169 Horizon Horizon_Bank 294 594 454 1 hour
170 Choice choicebank 293 197 326 3 weeks
171 Texas First texasfirstbank 291 237 717 1 day
172 Independent IndependentBank 286 212 785 1 hour
173 Libertyville LibertyvilleBnk 283 461 61 2 weeks
174 Anchor AnchorBank 282 70 766 1 hour
175 Pan American PanAmericanBank 275 244 846 1 day
176 Wash. Savings WashSavingsBank 274 742 817 1 hour
177 St. Charles BankStCharles 271 499 79 2 weeks
178 Lead Bank Lead_Bank 269 73 19 3 months
179 Forcht ForchtBank 257 137 315 1 day
180 Centennial MY100BANK 255 1 76 5 months
181 Ohio Valley OhioValleyBank 251 83 287 1 hour
182 Peoples ThePeoplesBank 250 73 258 1 month
183 New Resource NewResourceBank 250 0 3 2 months
184 Secure Trust Securetrustbank 247 92 43 2 years
185 Worthington WorthingtonBank 243 154 362 1 day
186 Crystal Lake CrystalLakeBank 243 481 59 2 weeks
187 WaterStone WaterStoneBank 242 77 201 2 days
188 Salem Five SalemFive 241 141 438 1 hour
189 Gorham Savings GSBMaine 241 171 478 3 hours
190 Community First CFBK 241 53 238 1 week
191 Johnson Bank JohnsonBank 240 163 102 2 weeks
192 Viking VikingBank 237 35 185 1 day
193 First Security FirstSecurityMT 235 106 82 1 month
194 Washington Trust Watrustbank 233 40 168 3 months
195 Associated AssociatedBank 232 441 312 1 day
196 Illinois State Bank ILStateBank 228 77 150 1 month
197 Sterling SterlingBank 227 0 0 never
198 First National FNBSF 226 83 694 1 hour
199 NexTier NexTier 223 235 294 1 day
200 Stoneham StonehamBank 222 122 207 1 week
  Bank Account Followers Following Tweets Last Tweet
201 Village BankAtVillage 221 495 83 2 weeks
202 Monarch Community monarchcb 220 38 358 1 day
203 Ossian State OssianStateBank 220 10 38 1 month
204 Live Oak LiveOakBank 218 140 261 2 days
205 1st State 1stStateBank 215 14 1 2 years
206 Seacoast Seacoastnb 213 43 742 1 day
207 FNB FNBMWC 207 141 231 1 week
208 Old Missouri oldmissouribank 206 394 305 1 week
209 Columbia TheColumbiaBank 206 0 212 3 weeks
210 Gulf Coast Comm. MYGULFBANK 206 22 52 1 year
211 Liberty Bank MyLibertyBank 204 82 117 2 weeks
212 First Federal FirstFederalSB 199 52 132 1 day
213 Mechanics mechanicsbank 197 183 152 1 week
214 Baylake BaylakeBank 195 81 176 2 days
215 Suburban sbtTweets 194 92 942 1 day
216 OCBC frankbyocbc 192 72 647 1 day
217 Bank of the SW bankofsw 189 76 6 2 years
218 Hawaii National hawaiinational 185 43 147 1 month
219 ING Direct charles_writes 185 96 453 4 months
220 First Bank bankthewayulive 184 144 120 1 year
221 Peoples United PeoplesUnited 183 81 213 1 day
222 First Federal FFSB 181 0 174 1 day
223 Synovus synovus 181 0 0 never
224 Carolina Alliance CABankNews 180 157 1,159 1 day
225 National Bank NBKC 180 12 141 2 days
226 Community First CFBank1 178 59 32 1 month
227 MB Financial mbfinancialbank 175 177 372 1 hour
228 BofA BofA_Speakers 175 0 66 1 year
229 ATB atbfinancial 174 203 124 1 day
230 Bank of Luxemburg BankOfLuxemburg 172 164 287 1 week
231 River Valley RiverValleyBank 171 30 20 1 hour
232 First Federal FirstFederalFL 170 29 231 1 week
233 First National FirstNationalIA 168 11 5 6 months
234 Kansas Fidelity KSfidelitybank 168 36 1 2 years
235 Sound Community SoundCommunity 168 10 0 n/a
236 Nicolet NicoletBank 166 8 23 6 months
237 Chemical ChemicalBank 165 95 252 2 days
238 City Bank citybanktexas 164 0 187 1 day
239 Belmont BelmontSavings 163 162 191 2 days
240 Home Federal homefederalbank 160 33 147 1 day
241 Cheviot Savings cheviotsavings 160 38 76 1 week
242 The Bank TheBankOnline 160 0 154 1 month
243 Family Bank FamilyBankKenya 157 7 198 2 days
244 Wynnewood State sbwok 156 102 2,728 1 hour
245 Avidia AvidiaBank 156 97 488 2 hours
246 Peach State peachstatebank 156 5 33 1 year
247 Baytree BaytreeBank 155 209 330 3 hours
248 Arvest Arvest_Bank 154 0 3 2 years
249 Vision Bank VBOK 153 86 186 1 week
250 Northbrook NorthbrookBank 153 31 84 1 week
  Bank Account Followers Following Tweets Last Tweet
251 Pilgrim PilgrimBank 152 7 826 1 day
252 Midstate Federal MidstateFederal 149 88 300 1 day
253 Bendigo BendigoWealth 148 204 36 1 week
254 Gulf Coast Bank GulfCoastBank 148 14 21 1 month
255 Coulee CouleeBank 146 147 261 1 hour
256 First Cherokee Acru 145 35 95 1 week
257 Horicon horiconbank 145 164 341 3 weeks
258 Prairie BankPrairie 144 188 57 1 month
259 Peoples ptsbank 143 49 251 2 hours
260 North Jersey NJCBank 143 207 214 1 day
261 American Fork BankAF 141 81 190 2 days
262 Peoples BankAtPeoples 140 103 195 1 hour
263 Bank of Springfield bankwithBOS 140 0 381 1 day
264 NSC NSCBank 140 23 64 2 weeks
265 Citizens Bank citizensardmore 140 13 43 3 months
266 First National fnbsotx 138 43 61 3 months
267 First Montana FirstMontana 131 70 167 1 week
268 Community State CSBtweets 131 50 118 2 weeks
269 United Community ucbankmn 130 21 215 2 days
270 Citizens National cnbsomerset 130 18 125 1 week
271 Pinnacle PinnacleBank 128 66 132 1 hour
272 Community Trust CommunityTrustB 128 56 163 1 week
273 Old Plank OldPlankBank 127 45 74 2 weeks
274 Regent regentbank 126 73 23 2 years
275 Jeff Davis Bank jeffdavisbank 125 18 179 1 week
276 First Community firstcbt 124 4 163 1 day
277 Richwood RichwoodBank 124 53 101 1 week
278 Community Bank CBdotNet 124 0 48 3 weeks
279 F&M myfmbank 123 2 371 2 weeks
280 CNB cnbbankdirect 121 63 195 2 days
281 Alliance Alliance_Bank 121 6 55 4 months
282 Bank of Cashton bankofcashton 121 1 2 2 years
283 Washington Trust watrust 120 156 420 1 day
284 Citizens Citizensstatebk 120 14 238 1 day
285 First National OKFNB 118 5 84 3 months
286 Community First CommFirstBank 118 23 44 2 years
287 First National e_fnb 116 60 277 1 hour
288 BSNB BSNB 115 32 85 2 days
289 Reliant ReliantBank 115 0 18 2 years
290 Amcore AMCORE_Bank 114 0 0 never
291 Metairie Metairie_Bank 113 2 7 1 week
292 First National FNBNewton 113 0 63 1 month
293 Beverly theBeverlyBank 112 22 87 2 weeks
294 Missouri missouribank 111 86 37 2 weeks
295 Bank of Napa BankofNapa 111 1 63 3 weeks
296 UFB Direct UFBDirect 111 9 10 2 years
297 Clear Mountain ClearMtBank 109 26 95 3 days
298 First State firststatetexas 108 91 62 2 weeks
299 Northwoods northwoodsbank 108 53 59 2 months
300 Bank of Elk River TheBankofER 108 4 2 2 years
  Bank Account Followers Following Tweets Last Tweet
301 Century Century_Bank 107 0 37 2 hours
302 First Victoria firstvictoria 107 44 19 1 year
303 Citizens CitizensAda 106 8 222 1 day
304 FNB FNBAlaska 105 1 10 1 year
305 FNB FNBBerryville 104 7 6 1 year
306 Machias MachiasSavings 103 70 280 1 hour
307 Union Community unioncommbank 103 34 412 1 hour
308 Farmer State farmerstatebank 103 18 66 2 weeks
309 Franlin Savings FSB_Maine 102 9 163 1 week
310 Redwood Capital RedwoodCapital 102 22 79 2 months
311 Bruning State BruningStBank 99 5 80 1 hour
312 Voyager VoyagerBank 99 69 70 2 hours
313 Alpine bankalpine 99 0 1 2 years
314 First Security FirstSecurityBa 98 154 332 2 weeks
315 Town Bank TownBankUS 98 101 105 2 weeks
316 Citizens citizensbankrb 98 12 306 2 weeks
317 First National FNB_Muscatine 95 13 181 1 day
318 Cambridge Savings CSBinspired 94 140 321 1 hour
319 Abington AbingtonBank 94 6 205 1 day
320 Lincoln Savings MyLSB 94 14 39 2 days
321 First Harrison FirstHarrison 93 9 51 1 week
322 PNA PNABank 93 0 53 8 months
323 AmBank AmBank 93 1 4 1 year
324 Waumandee State waumandeebank 92 38 633 2 hours
325 Capital CapitalBankGA 92 5 40 1 month
326 First National FNBT 92 11 7 2 years
327 First Security FSBNV 91 1 2 2 years
328 Belmont BelmontBank 88 0 83 3 weeks
329 Beverly National BevNatBank 88 2 8 2 years
330 Middleton MiddletonBank 88 32 0 never
331 Metro National gladwemet 87 0 5 2 years
332 Bank of Urbana bankofurbana 86 18 171 1 week
333 First Guaranty FirstGuaranty 84 0 27 6 months
334 Point Loma PointLomaBank 84 76 103 2 years
335 Fifth Third Ryanat53 83 0 660 1 hour
336 1st Mariner FirstAccess 83 2 10 2 years
337 Start Community StartComBank 82 10 71 1 week
338 Solera solerabank 81 122 71 1 week
339 1st Oklahoma 1stOklahomaBank 81 26 1 2 years
340 Hastings City HastingsCtyBank 80 0 66 1 week
341 First State KeysBank 78 17 70 2 weeks
342 Reliabank Reliabank 78 15 32 6 months
343 Columbia Comm. banklocally 78 9 11 1 year
344 First Community FCBOHIO 78 0 1 2 years
345 TruPoint TruPointBank 77 84 135 1 week
346 uBank ubankSA 76 22 14 1 year
347 Boone County boonebank 74 17 155 2 days
348 Baker Boyer BakerBoyerBank 74 7 23 2 months
349 SIS banksisonline 73 4 177 2 hours
350 Charter Oak charteroakbank 73 23 93 7 months
  Bank Account Followers Following Tweets Last Tweet
351 Planters PlantersBank 73 31 0 n/a
352 Peoples PeoplesBank 70 33 132 2 days
353 First State FirstStateBank 70 8 275 3 weeks
354 Commerce CommBankCKTM 69 16 152 1 week
355 Community Bank CBBCNJ 69 0 1 1 year
356 Lincoln Park LincolnParkBank 68 356 10 2 weeks
357 Citizens State csbtx 68 8 0 n/a
358 First Community FCMLENDING 66 42 110 1 day
359 Rabo Direct RaboDirect 65 34 28 1 month
360 First Capital fcbanker 65 0 163 1 month
361 Sonoran SonoranBank 65 45 137 1 year
362 Banc First BancFirstOK 64 12 2 4 months
363 ING Direct ING_CompareMe 64 40 24 2 years
364 Independence 1776Bank 62 49 72 2 days
365 Mainstreet MainstreetBank 62 24 274 2 months
366 Fahey FaheyBank 61 38 57 1 day
367 Springfield Com. SFCbank 60 0 2 1 year
368 FNBO Direct fnbodirect 59 10 12 2 years
369 River Bank River_Bank 59 1 1 2 years
370 Centennial Centbank 59 0 6 2 years
371 West Plains WestPlainsBank 58 5 242 1 day
372 Conestoga ConestogaBank 57 76 20 1 day
373 Watertown BankOfWatertown 55 61 344 1 week
374 Northrim northrimbank 55 4 2 1 month
375 Franklin County fcbankva 49 3 25 5 months
376 First Financial FFBTexas 48 0 1 2 years
377 New Horizon NewHorizonBank 47 47 11 1 month
378 Heartland heartlandbank 47 0 0 n/a
379 1st Midwest 1stMidwestBank 44 6 178 1 day
380 Wolverine WolverineBank 44 38 112 1 week
381 Biddeford biddeford 41 7 80 2 weeks
382 United UnitedBankMI 40 2 80 2 weeks
383 Huntington Bank_With_HNB 40 0 1 1 year
384 Quatum National QuantumNatlBank 38 25 66 1 week
385 First Hope FirstHopeBank 37 10 91 1 day
386 Comm. National ComNatBankVT 35 24 26 2 days
387 FAB&T ilovecash 35 17 31 1 year
388 Standard SBandTrustCo 35 0 2 1 year
389 Bank of Pontiac bankofpontiacil 34 3 226 2 days
390 United of Union unitedbankunion 34 1 69 1 week
391 First Security FSBNV_HomeLoans 23 7 28 2 years
392 Affinity AffinityBank 22 29 77 2 hours
393 3rd Federal 3rdFred 22 0 60 2 days
394 Bank Texas BankTexas 21 2 6 5 months
395 Citizens Tri-Co. CTCBonline 19 0 3 5 months
396 Macon Bank maconbank 13 0 0 never
397 Community Bank communitybank 11 1 0 never
398 First Merit FirstMerit 10 57 1 n/a
399 Pathway Pathway_Bank 3 0 0 never
400 First Financial FFINTexas

 

http://opcashback.wordpress.com/banks-on-twitter/

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
02/16/12

PennTest Threat Intelligence

PennTest Threat Intelligence - part-1

gAtO bEen ThInKiNg - In the hyper connected world we live in Pen-Testers have a lot on their hand, hardware, firmware, OS, web-apps. The facts are that a simple web-app upgrade, may open new holes that off-set the problem they had to begin with. A pen-test, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders. Who are the outsider? How do the outsiders pen-test your system? Non-state actors have played an important part in many international cyber conflicts in the past two years- game changers. With the Anonymous crew(z), China, Russia, India, Iran out in force in cyberspace a company needs to know if they are the target from a political, competition or worse yet a loneWolf or activist.

Many think that with BackTrack anyone can be a tester, but it’s different today. Companies need to understand the Geo-Political aspect of their company and who are their markets and how does it play out in the real world. Look at Sony, HBGrays these are two different companies but their reputation has been tarnish by what, a bunch of kids, naw, these boy’s and girls are the new breed, smart, educated and connected. These people are System Admin in their day job and Anonymous during off-hours. They know how to work in the box and also see out-of-the-box tips and tricks and have thousands that want to try their game and imitate them. Whatever you think these new boy’s and girls will multiply, it’s a fab, a movement but they all want to be a cool hackers and the next generation of hacktivist will make these people look like amateurs.

Who knew that a Low Orbit Ion Cannon (LOIC) used to test how many connection your server will handle, would be used by the attackers themselves. A long time ago in cyber years (2-3 years ago) only the geeks had the knowledge and skills to do some of the hacks that we see today. Today Anonymous is not only a social movement but it’s a cause celeb, people want to belong and these social 4chan outcast have started a revolution in cyberspace that governments and corporations now are worried about, and well they should be.

Break out Backtrack and do some pen-testing and yes you may find misconfigured servers like gAtO hAs -(SCADA systems to boot) and such but if you can see what your enemy is looking at, planning. Nothing is better than threat intelligence to guide you in mitigating your company as to future attacks.

Look at the RSA and Diginotar APT attacks, the bad guy’s went after the certificate authority how does a typical pen-test tools know that, they don’t if you don’t have your pulse on the game your in, you may be next.

Remember the technical aspect is one thing but if you have many, many hands trying new things on your site guess what, they will hack you if your connected to the Internet. Your company cannot live in a bubble and so must expose themselves to customers, vendors and business partners your company cannot control all those aspects. When a simple email attachment to the c-Suite boys just like with the Nortel hack they got you big time, in Nortel chase they were inside their network for 10 years. The reputation, the technical all this means nothing if you don’t have good solid threat intelligence to know what’s going on in the world.

If you don’t have a team to look at threat intelligence for your company, get some people fast. If your connected you can be hacked, learn and be silent – Can’t stop the signal. Everything goes somewhere, and I go everywhere…. -gAtO oUt

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
02/15/12

Cyber Militia Models -Offensive

Offensive Cyber Militia Models

Volunteer based non-state actors have played an important part in many international cyber conflicts of the past two decades. In order to better understand this threat I describe three theoretical models for volunteer based offensive cyber militias: the Forum, the Cell and the Hierarchy. The Forum is an ad-hoc cyber militia form that is organized around a central communications platform, where the members share information and tools necessary to carry out cyber attacks against their chosen adversary. The Cell model refers to hacker cells, which engage in politically motivated hacking over extended periods of time. The Hierarchy refers to the traditional hierarchical model, which may be encountered in government sponsored volunteer organizations, as well as in cohesive self-organized non-state actors. For each model, I give an example and describe the model’s attributes, strengths and weaknesses using qualitative analysis. The models are based on expert opinion on different types of cyber militias that have been seen in cyber conflicts. These theoretical models provide a framework for categorizing volunteer based offensive cyber militias of non-trivial size.

1. Introduction

The widespread application of Internet services has given rise to a new contested space, where people with conflicting ideals or values strive to succeed, sometimes by attacking the systems and services of the other side. It is interesting to note that in most public cases of cyber conflict the offensive side is not identified as a state actor, at least not officially. Instead, it often looks like citizens take part in hactivist campaigns or patriotic hacking on their own, volunteering for the cyber front.

Cases like the 2007 cyber attacks against Estonia are a good example where an informal non-state cyber militia has become a threat to national security. In order to understand the threat posed by these volunteer cyber militias I provide three models of how such groups can be organized and analyze the strengths and weaknesses of each.

The three models considered are the Forum, the Cell and the Hierarchy. The models are applicable to groups of non-trivial size, which require internal assignment of responsibilities and authority.

1.1 Methodandlimitations

In this paper I use theoretical qualitative analysis in order to describe the attributes, strengths and weaknesses of three offensively oriented cyber militia models. I have chosen the three plausible models based on what can be observed in recent cyber conflicts. The term model refers to an abstract description of relationships between members of the cyber militia, including command, control and mentoring relationships, as well as the operating principles of the militia.

Note, however, that the description of the models is based on theoretical reasoning and expert opinion. It offers abstract theoretical models in an ideal setting. There may not be a full match to any of them in reality or in the examples provided. It is more likely to see either combinations of different models or models that do not match the description in full. On the other hand, the models should serve as useful frameworks for analyzing volunteer groups in the current and coming cyber conflicts.

In preparing this work, I communicated with and received feedback from a number of recognized experts in the field of cyber conflict research. I wish to thank them all for providing comments on my proposed models: Prof Dorothy Denning (Naval Postgraduate School), Dr Jose Nazario (Arbor Networks), Prof Samuel Liles (Purdue University Calumet), Mr Jeffrey Carr (Greylogic) and Mr Kenneth Geers (Cooperative Cyber Defence Centre of Excellence).

2. The forum

The global spread of the Internet allows people to connect easily and form „cyber tribes“, which can range from benign hobby groups to antagonistic ad-hoc cyber militias. (Williams 2007, Ottis 2008, Carr 2009, Nazario 2009, Denning 2010) In the case of an ad-hoc cyber militia, the Forum unites like- minded people who are “willing and able to use cyber attacks in order to achieve a political goal.“ It serves as a command and control platform where more active members can post motivational materials, attack instructions, attack tools, etc. (Denning 2010)

This particular model, as well as the strengths and weaknesses covered in this section, are based on (Ottis 2010b). A good example of this model in recent cyber conflicts is the stopgeorgia.ru forum during the Russia-Georgia war in 2008 (Carr 2009).

2.1 Attributes

The Forum is an on-line meeting place for people who are interested in a particular subject. I use Forum as a conceptual term referring to the people who interact in the on-line meeting place. The technical implementation of the meeting place could take many different forms: web forum, Internet Relay Chat channel, social network subgroup, etc. It is important that the Forum is accessible over Internet and preferably easy to find. The latter condition is useful for recruiting new members and providing visibility to the agenda of the group.

The Forum mobilizes in response to an event that is important to the members. While there can be a core group of people who remain actively involved over extended periods of time, the membership can be expected to surge in size when the underlying issue becomes “hot“. Basically, the Forum is like a flash mob that performs cyber attacks instead of actions on the streets. As such, the Forum is more ad-hoc than permanent, because it is likely to disband once the underlying event is settled.

The membership of the Forum forms a loose network centered on the communications platform, where few, if any, people know each other in real life and the entire membership is not known to any single person (Ottis 2010b). Most participate anonymously, either providing an alias or by remaining passive on the communication platform. In general, the Forum is an informal group, although specific roles can be assumed by individual members. For example, there could be trainers, malware providers, campaign planners, etc. (Ottis 2010b) Some of the Forum members may also be active in cyber crime. In that case, they can contribute resources such as malware or use of a botnet to the Forum.

The membership is diverse, in terms of skills, resources and location. While there seems to be evidence that a lot of the individuals engaged in such activities are relatively unskilled in cyber attack techniques (Carr 2009), when supplemented with a few more experienced members the group can be much more effective and dangerous (Ottis 2010a).

Since most of the membership remains anonymous and often passive on the communications platform, the leadership roles will be assumed by those who are active in communicating their intent, plans and expertise. (Denning 2010) However, this still does not allow for strong command and control, as each member can decide what, if any, action to take.

2.2 Strengths

One of the most important strengths of a loose network is that it can form very quickly. Following an escalation in the underlying issue, all it takes is a rallying cry on the Internet and within hours or even minutes the volunteers can gather around a communications platform, share attack instructions, pick targets and start performing cyber attacks.

As long as there is no need for tightly controlled operations, in terms of timing, resource use and targeting, there is very little need for management. The network is also easily scalable, as anyone can join and there is no lengthy vetting procedure.

The diversity of the membership means that it is very difficult for the defenders to analyze and counter the attacks. The source addresses are likely distributed globally (black listing will be inefficient) and the different skills and resources ensure heterogeneous attack traffic (no easy patterns). In addition, experienced attackers can use this to conceal precision strikes against critical services and systems.

While it may seem that neutralizing the communications platform (via law enforcement action, cyber attack or otherwise) is an easy way to neutralize the militia, this may not be the case. The militia can easily regroup at a different communications platform in a different jurisdiction. Attacking the Forum directly may actually increase the motivation of the members.

Last, but not least, it is very difficult to attribute these attacks to a state, as they can (seem to) be a true (global) grass roots campaign, even if there is some form of state sponsorship. Some states may take advantage of this fact by allowing such activity to continue in their jurisdiction, blaming legal obstacles or lack of capability for their inactivity. It is also possible for government operatives to “create” a “grass roots” Forum movement in support of the government agenda. (Ottis 2009)

2.3 Weaknesses

A clear weakness of this model is the difficulty to command and control the Forum. Membership is not formalized and often it is even not visible on the communication platform, because passive readers can just take ideas from there and execute the attacks on their own. This uncoordinated approach can seriously hamper the effectiveness of the group as a whole. It may also lead to uncontrolled expansion of conflict, when members unilaterally attack third parties on behalf of the Forum.

A problem with the loose network is that it is often populated with people who do not have experience with cyber attacks. Therefore, their options are limited to primitive manual attacks or preconfigured automated attacks using attack kits or malware. (Ottis 2010a) They are highly reliant on instructions and tools from more experienced members of the Forum.

The Forum is also prone to infiltration, as it must rely on relatively easily accessible communication channels. If the communication point is hidden, the group will have difficulties in recruiting new members. The assumption is, therefore, that the communication point can be easily found by both potential recruits, as well as infiltrators. Since there is no easy way to vet the incoming members, infiltration should be relatively simple.

Another potential weakness of the Forum model is the presumption of anonymity. If the membership can be infiltrated and convinced that their anonymity is not guaranteed, they will be less likely to participate in the cyber militia. Options for achieving this can include “exposing” the “identities” of the infiltrators, arranging meetings in real life, offering tools that have a phone-home functionality to the members, etc. Note that some of these options may be illegal, depending on the circumstances. (Ottis 2010b)

3. The cell

Another model for a volunteer cyber force that has been seen is a hacker cell. In this case, the generic term hacker is used to encompass all manner of people who perform cyber attacks on their own, regardless of their background, motivation and skill level. It includes the hackers, crackers and script kiddies described by Young and Aitel (2004). The hacker cell includes several hackers who commit cyber attacks on a regular basis over extended periods of time. Examples of hacker cells are Team Evil and Team Hell, as described in Carr (2009).

3.1 Attributes

Unlike the Forum, the Cell members are likely to know each other in real life, while remaining anonymous to the outside observer. Since their activities are almost certainly illegal, they need to trust each other. This limits the size of the group and requires a (lengthy) vetting procedure for any new recruits. The vetting procedure can include proof of illegal cyber attacks.

The command and control structure of the Cell can vary from a clear self-determined hierarchy to a flat organization, where members coordinate their actions, but do not give or receive orders. In theory, several Cells can coordinate their actions in a joint campaign, forming a confederation of hacker cells.

The Cells can exist for a long period of time, in response to a long-term problem, such as the Israel- Palestine conflict. The activity of such a Cell ebbs and flows in accordance with the intensity of the underlying conflict. The Cell may even disband for a period of time, only to reform once the situation intensifies again.

Since hacking is a hobby (potentially a profession) for the members, they are experienced with the use of cyber attacks. One of the more visible types of attacks that can be expected from a Cell is the website defacement. Defacement refers to the illegal modification of website content, which often includes a message from the attacker, as well as the attacker’s affiliation. The Zone-H web archive lists thousands of examples of such activity, as reported by the attackers. Many of the attacks are clearly politically motivated and identify the Cell that is responsible.

Some members of the Cell may be involved with cyber crime. For example, the development, dissemination, maintenance and use of botnets for criminal purposes. These resources can be used for politically motivated cyber attacks on behalf of the Cell.

3.2 Strengths

A benefit of the Cell model is that it can mobilize very quickly, as the actors presumably already have each other’s contact information. In principle, the Cell can mobilize within minutes, although it likely takes hours or days to complete the process.

A Cell is quite resistant to infiltration, because the members can be expected to establish their hacker credentials before being allowed to join. This process may include proof of illegal attacks.

Since the membership can be expected to be experienced in cyber attack techniques, the Cell can be quite effective against unhardened targets. However, hardened targets may or may not be within the reach of the Cell, depending on their specialty and experience. Prior hacking experience also allows them to cover their tracks better, should they wish to do so.

3.3 Weaknesses

While a Cell model is more resistant to countermeasures than the Forum model, it does offer potential weaknesses to exploit. The first opportunity for exploitation is the hacker’s ego. Many of the more visible attacks, including defacements, leave behind the alias or affiliation of the attacker, in order to claim the bragging rights. (Carr 2009) This seems to indicate that they are quite confident in their skills and proud of their achievements. As such, they are potentially vulnerable to personal attacks, such as taunting or ridiculing in public. Stripping the anonymity of the Cell may also work, as at least some members could lose their job and face law enforcement action in their jurisdiction. (Carr 2009) As described by Ottis (2010b), it is probably not necessary to actually identify all the members of the Cell. Even if the identity of a few of them is revealed or if the corresponding perception can be created among the membership, the trust relationship will be broken and the effectiveness of the group will decrease.

Prior hacking experience also provides a potential weakness. It is more likely that the law enforcement know the identity of a hacker, especially if he or she continues to use the same affiliation or hacker alias. While there may not be enough evidence or damage or legal base for law enforcement action in response to their criminal attacks, the politically motivated attacks may provide a different set of rules for the local law enforcement.

The last problem with the Cell model is scalability. There are only so many skilled hackers who are willing to participate in a politically motivated cyber attack. While this number may still overwhelm a small target, it is unlikely to have a strong effect on a large state.

4. The hierarchy

The third option for organizing a volunteer force is to adopt a traditional hierarchical structure. This approach is more suitable for government sponsored groups or other cohesive groups that can agree to a clear chain of command. For example, the People’s Liberation Army of China is known to include militia type units in their IW battalions. (Krekel 2009) The model can be divided into two generic sub- models: anonymous and identified membership.

4.1 Attributes

The Hierarchy model is similar in concept to military units, where a unit commander exercises power over a limited number of sub-units. The number of command levels depends on the overall size of the organization.

Each sub-unit can specialize on some specific task or role. For example, the list of sub-unit roles can include reconnaissance, infiltration/breaching, exploitation, malware/exploit development and training. Depending on the need, there can be multiple sub-units with the same role. Consider the analogy of an infantry battalion, which may include a number of infantry companies, anti-tank and mortar platoons, a reconnaissance platoon, as well as various support units (communications, logistics), etc. This specialization and role assignment allows the militia unit to conduct a complete offensive cyber operation from start to finish.

A Hierarchy model is the most likely option for a state sponsored entity, since it offers a more formalized and understandable structure, as well as relatively strong command and control ability. The control ability is important, as the actions of a state sponsored militia are by definition attributable to the state.

However, a Hierarchy model is not an automatic indication of state sponsorship. Any group that is cohesive enough to determine a command structure amongst them can adopt a hierarchical structure. This is very evident in Massively Multiplayer Online Games (MMOG), such as World of Warcraft or EVE Online, where players often form hierarchical groups (guilds, corporations, etc.) in order to achieve a common goal. The same approach is possible for a cyber militia as well. In fact, Williams (2007) suggests that gaming communities can be a good recruiting ground for a cyber militia.

While the state sponsored militia can be expected to have identified membership (still, it may be anonymous to the outside observer) due to control reasons, a non-state militia can consist of anonymous members that are only identified by their screen names.

4.2 Strengths

The obvious strength of a hierarchical militia is the potential for efficient command and control. The command team can divide the operational responsibilities to specialized sub-units and make sure that their actions are coordinated. However, this strength may be wasted by incompetent leadership or other factors, such as overly restrictive operating procedures.

A hierarchical militia may exist for a long time even without ongoing conflict. During “peacetime“, the militia’s capabilities can be improved with recruitment and training. This degree of formalized preparation with no immediate action in sight is something that can set the hierarchy apart from the Forum and the Cell.

If the militia is state sponsored, then it can enjoy state funding, infrastructure, as well as cooperation from other state entities, such as law enforcement or intelligence community. This would allow the militia to concentrate on training and operations.

4.3 Weaknesses

A potential issue with the Hierarchy model is scalability. Since this approach requires some sort of vetting or background checks before admitting a new member, it may be time consuming and therefore slow down the growth of the organization.

Another potential issue with the Hierarchy model is that by design there are key persons in the hierarchy. Those persons can be targeted by various means to ensure that they will not be effective or available during a designated period, thus diminishing the overall effectiveness of the militia. A hierarchical militia may also have issues with leadership if several people contend for prestigious positions. This potential rift in the cohesion of the unit can potentially be exploited by infiltrator agents.

Any activities attributed to the state sponsored militia can further be attributed to the state. This puts heavy restrictions on the use of cyber militia “during peacetime“, as the legal framework surrounding state use of cyber attacks is currently unclear. However, in a conflict scenario, the state attribution is likely not a problem, because the state is party to the conflict anyway. This means that a state sponsored offensive cyber militia is primarily useful as a defensive capability between conflicts. Only during conflict can it be used in its offensive role.

While a state sponsored cyber militia may be more difficult (but not impossible) to infiltrate, they are vulnerable to public information campaigns, which may lead to low public and political support, decreased funding and even official disbanding of the militia. On the other hand, if the militia is not state sponsored, then it is prone to infiltration and internal information operations similar to the one considered at the Forum model.

Of the three models, the hierarchy probably takes the longest to establish, as the chain of command and role assignments get settled. During this process, which could take days, months or even years, the militia is relatively inefficient and likely not able to perform any complex operations.

5. Comparison

When analyzing the three models, it quickly becomes apparent that there are some aspects that are similar to all of them. First, they are not constrained by location. While the Forum and the Cell are by default dispersed, even a state sponsored hierarchical militia can operate from different locations.

Second, since they are organizations consisting of humans, then one of the more potent ways to neutralize cyber militias is through information operations, such as persuading them that their identities have become known to the law enforcement, etc.

Third, all three models benefit from a certain level of anonymity. However, this also makes them susceptible for infiltration, as it is difficult to verify the credentials and intent of a new member.

On the other hand, there are differences as well. Only one model lends itself well to state sponsored entities (hierarchy), although, in principle, it is possible to use all three approaches to bolster the state’s cyber power.

The requirement for formalized chain of command and division of responsibilities means that the initial mobilization of the Hierarchy can be expected to take much longer than the more ad-hoc Forum or Cell. In case of short conflicts, this puts the Hierarchy model at a disadvantage.

Then again, the Hierarchy model is more likely to adopt a “peace time” mission of training and recruitment in addition to the “conflict” mission, while the other two options are more likely to be mobilized only in time of conflict. This can offset the slow initial formation limitation of the Hierarchy, if the Hierarchy is established well before the conflict.

While the Forum can rely on their numbers and use relatively primitive attacks, the Cell is capable of more sophisticated attacks due to their experience. The cyber attack capabilities of the Hierarchy, however, can range from trivial to complex.

It is important to note that the three options covered here can be combined in many ways, depending on the underlying circumstances and the personalities involved.

Conclusion

Politically motivated cyber attacks are becoming more frequent every year. In most cases the cyber conflicts include offensive non-state actors (spontaneously) formed from volunteers. Therefore, it is important to study these groups.

I have provided a theoretical way to categorize non-trivial cyber militias based on their organization. The three theoretical models are: the Forum, the Cell and the Hierarchy. In reality, it is unlikely to see a pure form of any of these, as different groups can include aspects of several models. However, the strengths and weaknesses identified should serve as useful guides to dealing with the cyber militia threat.

Disclaimer: The opinions expressed here should not be interpreted as the official policy of the Cooperative Cyber Defence Centre of Excellence or the North Atlantic Treaty Organization.

References

Carr, J. (2009) Inside Cyber Warfare. Sebastopol: O’Reilly Media.
Denning, D. E. (2010) “Cyber Conflict as an Emergent Social Phenomenon.” In Holt, T. & Schell, B. (Eds.)

Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications. IGI Global, pp 170-

186.
Krekel, B., DeWeese, S., Bakos, G., Barnett, C. (2009) Capability of the People’s Republic of China to Conduct

Cyber Warfare and Computer Network Exploitation. Report for the US-China Economic and Security

Review Commission.
Nazario, J. (2009) “Politically Motivated Denial of Service Attacks.” In Czosseck, C. & Geers, K. (Eds.) The Virtual

Battlefield: Perspectives on Cyber Warfare. Amsterdam: IOS Press, pp 163-181.

Ottis, R. (2008) “Analysis of the 2007 Cyber Attacks Against Estonia from the Information Warfare Perspective.” In Proceedings of the 7th European Conference on Information Warfare and Security. Reading: Academic Publishing Limited, pp 163-168.

Ottis, R. (2009) ”Theoretical Model for Creating a Nation-State Level Offensive Cyber Capability.” In Proceedings of the 8th European Conference on Information Warfare and Security. Reading: Academic Publishing Limited, pp 177-182.

Ottis, R. (2010a) “From Pitch Forks to Laptops: Volunteers in Cyber Conflicts.” In Czosseck, C. and Podins, K. (Eds.) Conference on Cyber Conflict. Proceedings 2010. Tallinn: CCD COE Publications, pp 97-109.
Ottis, R. (2010b) “Proactive Defence Tactics Against On-Line Cyber Militia.” In Proceedings of the 9th European

Conference on Information Warfare and Security. Reading: Academic Publishing Limited, pp 233-237. Williams, G., Arreymbi, J. (2007) Is Cyber Tribalism Winning Online Information Warfare? In Proceedings of

ISSE/SECURE 2007 Securing Electronic Business Processes. Wiesbaden: Vieweg. On-line:

http://www.springerlink.com/content/t2824n02g54552m5/n

Young, S., Aitel, D. (2004) The Hacker’s Handbook. The Strategy behind Breaking into and Defending Networks. Boca Raton: Auerbach.

Keywords: cyber conflict, cyber militia, cyber attack, patriotic hacking, on-line communities

Rain Ottis
Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia rain.ottis@ccdcoe.org

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
02/13/12

tor-talk- Help Users in Iran Reach the internet

Hi,

In the last 48 hours a major campaign of filtering has started in Iran -
it started slow and now appears to be that nearly all SSL/TLS traffic is
blocked on a few major Iranian ISPs. Details are rather rough but we're
working on some solutions - we've long had an ace up our sleeves for
this exact moment in the arms race but it's perhaps come while the User
Interface edges are a bit rough still.

Here's the deal - we need people to run Tor bridges but a special kind
of Tor bridge, one that does a kind of traffic camouflaging - we call it
an obfuscated bridge. It's not easy to set up just yet because we were
not ready to deploy this for everyone yet; it lacks a lot of analysis
and it might even only last for a few days at the rate the arms race is
progressing, if you could call it progress.

There are highly technical instructions here:
tor-assistants at torproject.org ) about it or you'll need
to share these bridges with people you want to help directly. It's a
pain and we're working on it.

Here's a bug report where we're working around the clock to get stuff
going in a user friendly manner:
https://metrics.torproject.org/users.html?graph=direct-users&start=2011-11-12&end=2012-05-10&country=ir&events=on&dpi=72#direct-users

Here's the same graph but for Tor bridge users in Iran:
help at rt.torproject.org. We'll try to
get you a working obfsproxy bridge address and working client software.

All the best,
Jacob Appelbaum jacob at appelbaum.net 
Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit