09/9/13

Tor Bot Net realm=bitcoin-mining-proxy

update -: Here is the poop – Skynet is bitcoin c&c and the Tor Zombies are Bitcoin miners- Here is the Botnets – :–http://arxiv.org/pdf/1308.6768v1.pdf -so I ran my crawler on them and got this little hit on all the Skynet were Bitcoin c&c Server

qdzjxwujdtxrjkrz.onion Skynet -realm=”bitcoin-mining-proxy” -HTTP/1.1 401 Unauthorized

URL of the Site — : http://qdzjxwujdtxrjkrz.onion
HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm=”bitcoin-mining-proxy” Content-Type: text/plain Transfer-Encoding: chunked Date: Wed, 11 Sep 2013 16:16:57 GMT Proxy-Connection: keep-alive Sorry, I don’t know you.

on all the Skynet I get this realm – bit coin-mining-proxy- this is a secret hidden service that only if you have the right authorization in your torrc file the Tor website will reject you – So all the botnets have the right authorization name- pretty sweet setup I say- now 3million Tor Botnets turning Bitcoins – no wonder these zombies are real quite in Tor- got them-

Large botnet cause of recent Tor network overload – http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/

gAto sEe- ever since Aug 19, 2013 Tor has been getting a lot of users. First 1 million, then 2 million then over 3.5 NEW million Tor users in the last 25 days. So what is happening in Tor world is that they are going crazy, Tor relay operators have reported what looks like they are dDoS-ig their own relays sometimes. Lots of circuits built and broken and this has put a big strain on Tor.

Worst still these new 3.5 Million Tor users are just sitting idle and the Tor network is freaking out. To get a hidden service connection is almost impossible but I can still use Tor to use the clear-web with no problems. Thu Tor I can see my site- uscyberlabs and any other non-Tor site and it loads pretty fast. When I try the hidden Wiki – NO-GO

If I keep at it I will finally find a Tor-website- like my own that works and it loads.

my new toy in Tor- Secure Encrypted Tor Messaging website – http://tpgewiccpecsbajt.onion/ – so I know Tor is still working.

Tor Bot-Net -How to handle millions of new Tor clients – problem is messing with everyone.

Conspiracy theory

  • Left over FBI bonnet – from the Freedom Host Raid around Aug 5
  • Russian Bot-net
  • Some Tor Experiment gone -lOcO – NOT gAtO, at least this time.. mEoW
  • Was August 19 the starting date to run en masse from the NSA’s PRISM project?
  • Were European internet users downloading the latest American cable TV series via Tor only, thus overcoming blockades of sites like the Pirate Bay by European ISPs?
  • So some thought a botnet abusing the Tor network to hide its command and control server must be the reason of the sudden increase of Tor users.
  • The Mevade malware family downloaded a Tor component, possibly as a backup mechanism for its C&C communications.
  • TrendLabs says- “The actors themselves, however, have been a bit less careful about hiding their identities. They operate from Kharkov, Ukraine and Israel and have been active since at least 2010. One of the main actors is known as “Scorpion”. Another actor uses the nickname “Dekadent”. Together, they are part of a well organized and probably well financed cybercrime gang.”

The Tor network is overloaded – but they still have no idea what is going on in Tor and how to stop it and/or control it. So were do we go from here in Tor. I got my box working and some other tor websites may need to think about the version they use until we get this Tor-Bot net under control in Tor -gATO oUt

Client- Sep 09 09:56:05.868 [Notice] Tor v0.2.3.25

Server Tor v0.2.3.25 – on Linux – http://tpgewiccpecsbajt.onion/  – Testing my new site in Tor and I noticed

https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients

 

06/12/13

Government use of Cyber Weaponized Exploits

gAtO rEaD- The government is buying hackers exploits – not to stop these sophisticated cyber exploits but to use these tools against it’s own people- they are using the tools to infiltrate computer networks worldwide, leaving behind spy programs and cyber-weapons that can disrupt data or damage systems.network

The core problem: Spy tools and cyber-weapons rely on vulnerabilities in existing software programs, and these hacks would be much less useful to the government if the flaws were exposed through public warnings. So the more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software remain unrepaired. So your computer is vulnerable and the governments knows it and will not disclose this information, but use it against you to place cookies,RAT’s or other spyware into your computer -maybe- I trust our government don’t you?

If you got nothing to hide, you should not be worried… right????

So our Tax dollars are going to Hackers and cyber criminals that sell these exploits all over the world. As a tax payer I don’t like this part at all. But the worst part is by us taking the lead of cyber offensive cyber tools -example.. Stuxnet – it is a plan book for other countries to do the same. So what we do in cyberspace has become socially acceptable to do in cyberspace and then we bitch about China. I don’t get it – mEoW

Officials have never publicly acknowledged engaging in offensive cyber-warfare, though the one case that has beenmost widely reported – the use of a virus known as Stuxnet to disrupt Iran’s nuclear-research program – was lauded in Washington. Officials confirmed to Reuters previously that the U.S. government drove Stuxnet’s development, and the Pentagon is expanding its offensive capability through the nascent Cyber Command.

Then you have the Prism disclosure and PoW- US Cyber Agents Disrupt Publication of Popular Al Qaeda Magazine – This means that Obama’s cyber military is potentially capable of more targeted attacks, specified at damaging particular pieces of information or infrastructure. I wonder where they got those vulnerabilities? maybe some bad guys—/Nato_cyber_plat

What worries me is as the U.S engages in these attacks our enemies are learning what is acceptable in cyberwar. So we must be careful not to lose the fact that everyone is watching what we do and how we treat cyberspace and others governments will follow, defensive and offensive, they are learning from the best the U.S. Government -gAtO oUt

ref: http://www.reuters.com/article/2013/05/10/us-usa-cyberweapons-specialreport-idUSBRE9490EL20130510

 

http://www.businessinsider.com/us-cyber-agents-disrupt-inspire-magazine-2013-6

 

 

03/10/13

Finding the Bad Guy’s in Tor -triangulated irregular network

gAtO ThInKiNg - a car GPS works very simple, It takes the delay time from one geo-positioned satellite and compares is to another geo-positional satellite and estimates the position of the GPS in my CAR – I think they call it satellite triangulation or something cool, it’s been done with radios to guide pilots navigate ever since they developed radios. We do it with satellite and we can use networks too.

triangulated irregular network  -So now apply this to the Tor bad guy’s websites- a hidden service!math_clouadTag

With a simple command you can get the time it takes to crawl a website, so you have one server in the U.S one is South America, one in Europe and one in Asia and we run the same command getting the delays from each location. I bet with a little math and some basic network tools we could figure out the geo-location of any given website in Tor. One of my good mentors told me that in my crawls I was capturing timing information, we all see timing information with a simple ping command in the clear web but in Tor – UDP is unsupported so it does not work -//- we must take into account the Tor network thru-put and utilization bit that’s easy to get from a number of Tor tools.

Reverse triangulation of a network server should be easy to find with a little math, just take a good sample and the longer you wait the more data you collect and the better the chance you can find a geo-location of a website. We do this in the clear web all the time we can see bad areas of the world that are bad spammers, and other like mail from Africa Prince Scams offering you millions if you send them some money to cover the transfer, or Russian and Chinese phishing attacks. So we know geo-location and some IP are more prime to bad actors and we can draw a profile, a geo-location of a place and/or  country or an ISP so not having the IP of a Tor server may not be neededto find them we could use network triangulation. “triangulated irregular network  ” So the same thing can be done with networks and timing delays of data back and forth from a // client <–> Tor OR <–>server.

I got a crazy Idea that may or may-not work, but it sounds good—//  so— Now if I can only find a government grant and a good math major to help out and we have a big business model to find the bad guy’s geo-location even in Tor - gAtO oUt…

02/3/13

Offensive Cyber Capabilities

Companies Need Offensive Cyber Capabilities

gAtO hEaR - about banks seek U.S Help on Iran Cyberattack’s. We hear about cyber attacks in the financial sector, the oil and energy sectors, then Leon Panetta warned perpetrators to cease hacking the US while we have all kinds of sanctions against Iran -/ this is insanity. Your telling unknown hackers (we suspected Iran) to  just stop, or what. What can we do to prevent them from launching cyber attacks against America.

So Iran has only 3 NAT-access points and 1 submarine cable (Al-Faw, Iraq submarine cable)

 

Then you have all these security people putting up defenses without building a firewall so bad-ass that they cannot do business. If we keep building these defenses it will get to a point where it defeats the purpose of the Internet. So what is the logical next move, offensive cyber weapons and capabilities. We can find these attacks and pinpoint the IP of where they are coming from then all we need is offensive tools to find them and do a seal-team 6 extraction of something like that and get the word out that we will find you and hunt you down.

One little hacker can keep a bank tied up for days in the middle of the desert. They could go after our traffic system, our rail system we know that SCADA is so messed up and in some cases open with defaults passwords. So we beat our chest like some mad gorilla and hope to scare these hackers.

My friends we must take initiative and find ways to counter these attacks no more just defense and I don’t mean a Ddos attack that can be circumvented. We need to plant Bot-nets on these people’s machines and monitor them and if we have to go physical and bring them to justice. Forget about Iran and let’s just talk about Chinese hacker attacks of our intellectual property. They just denied it and go about planning the next attack. We seen Skynet were thousands of computers were given a disk wipe and the blue screen of death. Why don’t we do the same to these hackers going after our infrastructure.

We must change our tactics and be a little more aggressive and become real cyber warriors not just defenders but attacking them and destroying their machines, their servers and routers. How about we just monitor the 1 submarine cable and 3 access points in Iran that should lead us to some of these people. The US monitors our own people then we stand by and allow other hostile countries to go and hack us. This is cyber insanity - gAtO OuT

 

11/16/12

White Hat Bot-Nets

gAtO wAs - reading Bloomberg BusinessWeek “ The Hacker of Damascus” Karin a 31-year-old doctor had spent the previous months protesting against the government of Damascus, he refuse to give up his friends names.

Before the arrest-/ before the torture/- they found a simple vulnerability thru Skypes they also got into his hard drive and as Karin said they arrested his computers data first them him. So now we see the black hats, spammer, cyber criminal tricks against people from their own governments. Is this the way it’s going to happen, we see the news today about 2 ladies and their General boy toys and WOW -mEoW.

In Georgia detains ministry for using malware to access opposition leaders computers – This is just another example of governments using criminal cyber tactics to gain intelligence from it’s own people.

 

 

The other side of the cyber struggles in Syria is Anonymous and their role in all this: On the other side, the hacktivist group Anonymous has infiltrated at least 12 Syrian government websites, including that of the Ministry of Defense, and released millions of stolen e-mails.  

Cyberspace and it’s tools (weapons) like Facebook, Twitter – can be used by both sides  in this evolving landscape of digital warriors. That is why gATo is sadden by how basic normal Internet tools can become killers and liberators. I guess I see the fog of cyberwar thru gATO eYe’S we have only seen defensive cyber tools so far Suxnet and others are only the beginning and the new economies that had no choice but a digital path into their infrastructure need to look at their own security a wee bit more close. DId Huawei (China’s Telecom Giant accused of having backdoor ) sell you those Network infrastructure pieces at a very cheap price -(lowest bidder (or a no-bid)contract) -well guess who is watching you…

SCADA cyber controls security SUCKs = infrastructure things (energy/transportation/communication/water/air) = fix them NOW

Since no Cyber Bill has gone before congress -President Obama after a major election went and signed  a-

US secret CYber Law singed by Pres. Obama -Nov 15, 2012

Rather, the directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the fully array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.

This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the U.S. Constitution, including the President’s role as commander in chief, and other applicable law and policies. http://killerapps.foreignpolicy.com/posts/2012/11/14/the_white_houses_secret_cyber_order

So now even 31-year-old doctors need to worry what they do and who they talk to and WHAT they talk about -/ also- in Facebook, Skype or any other web-App-  By the way —>These basic vulnerabilities can be found and exploited in any web-app – So this person may of worked at the water plant – or the electric plant what could these White Hat Bots have obtained?? These little White Hat BotNets may go rouge or may be captured this is about virtual digital world with a click of a mouse I GOT YOU!!! -PWN

Will this become the standard? The good and bad guy’s do it NOW- plant a virus suck up your disk / then check it out – BUT “if you got nothing to hide” well it’s OK then — right - gAtO oUt

02/1/12

McConnell, Chertoff and Lynn: Chinas Cyber Thievery Is National Policy—And Must Be Challenged – WSJ.com

By MIKE MCCONNELL, MICHAEL CHERTOFF AND WILLIAM LYNNOnly three months ago, we would have violated U.S. secrecy laws by sharing what we write here—even though, as a former director of national intelligence, secretary of homeland security, and deputy secretary of defense, we have long known it to be true. The Chinese government has a national policy of economic espionage in cyberspace. In fact, the Chinese are the worlds most active and persistent practitioners of cyber espionage today.Evidence of Chinas economically devastating theft of proprietary technologies and other intellectual property from U.S. companies is growing. Only in October 2011 were details declassified in a report to Congress by the Office of the National Counterintelligence Executive. Each of us has been speaking publicly for years about the ability of cyber terrorists to cripple our critical infrastructure, including financial networks and the power grid. Now this report finally reveals what we couldnt say before: The threat of economic cyber espionage looms even more ominously.

via McConnell, Chertoff and Lynn: Chinas Cyber Thievery Is National Policy—And Must Be Challenged – WSJ.com.

01/14/12

Sykipot Trojan targets US DoD smart cards

SECURITY RESEARCH OUTFIT Alienvault has revealed that Chinese cyber criminals are using malware to hack smart cards used by the US Department of Defence (DoD).

The latest strain of the backdoor access Trojan called Sykipot is being used to gain remote access to protected resources. A spear phishing technique is used to persuade the target to open a pdf file that lets the malware loose. It then uses a basic keylogger to steal credentials of cards used in the reader.

via Sykipot Trojan targets US DoD smart cards – The Inquirer.

01/8/12

“Cyber China” From Operation Aurora to China Cyber attacks Syndrome | Security Affairs

When we think of China in relation to cyber warfare, we imagine an army of hackers hired by the government in a computer room ready to successfully attack any potential target. China is perceived as a cyber power and ready to march against any insurmountable obstacle using any means. In this connection we read everything and its opposite, and we are ready to blame all sorts of cyber threats to the Country of the Rising Sun. The truth, however, is quite different, at least in my opinion, and understands that the Chinese people before others have understood the importance of a strategic hegemony in cyber space. However, many doubts are beginning to gather on the real technological capabilities of China.

It certainly has a high potential for cyber offensive but its quality is really arguable. China has the most extensive cyber-warfare capabilities. It began to implement an Information Warfare strategy in 1995 conducting a huge quantity of exercises in which computer viruses have been used to interrupt military and private communications. In 2000, China established a strategic Information Warfare unit, Net Force, which is responsible for “wage combat through computer networks to manipulate enemy information systems spanning spare parts deliveries to fire control and guid ance systems.” Today The PLA GSD Third Department and Fourth Departments are considered to be the two largest players in China‘s burgeoning cyber-infrastructure.  In November 2011, Desmond Ball, a professor in the Strategic and Defense Studies Centre at Australia’s National University argues that the Chinese offensive capabilities today are pretty limited and he has also declared that the internal security has a bunch of vulnerabilities.

via “Cyber China” From Operation Aurora to China Cyber attacks Syndrome | Security Affairs.

07/20/11

Hackers Linking Geeks and Wonks to Respond to National Security Incidents | Atlantic Council

There are many reasons why cyber conflict is considered an awkward and destabilizing national security problem. One of the more overlooked is the gap between the technical elite and senior politicians and policymakers, a disconnect that could become tragic during fast-moving cyber conflicts.   While this gap is shrinking in the United States, the United Kingdom, and Russia, it still is very significant elsewhere. China in particular needs to create better ways to connect their national security decision-makers with their technical incident responders – linking geeks and wonks – to help ensure technical incidents do not escalate out of political control.

via Cyber Statecraft: Linking Geeks and Wonks to Respond to National Security Incidents | Atlantic Council.

07/9/11

Reports of China’s cyber assault on America are skewed?Politics?News?WantChinaTimes.com

In response to Richard Clarke’s article published on the Wall Street Journal, entitled ‘China’s Cyber assault On America,’ Jeffrey Carr, author of Inside Cyber Warfare: Mapping the Cyber Underworld, said on The Diplomat Blogs that the story is full of mistakes, logical inconsistencies and a serious lack of understanding of how targeted cyber attacks work at a granular level.

Carr criticized that Clarke tries to draw a parallel between the Obama administration’s protection of Libyan dissidents from Gaddafi and his lack of protection for US citizens from cyber attacks in China, when he obviously knows that although the president has authority over military actions as commander-in-chief, he doesn’t have any authority over US corporations.

From Clarke’s point of view: “cyber criminals don’t hack defence contractors — they go after banks and credit cards.” Carr also has words to say, taken Zeus and Hilary Kneber hacker crews for example, they have been conducting cyber espionage attacks against government and military employees using the same malware that they use in financial crime since at least February 2010. Carr alone has been attacked by those same crews because of it, and he believed that it is the modus operandi of the Russian and Ukrainian governments.

It is a known fact that governments around the world have informal relationships with criminal hackers that allow them a safe harbour to conduct cybercrime as long as they also conduct cyber espionage or other types of cyber ops for their host government as needed. The Russian Federation have been known to conduct cyber espionage against foreign firms for years and yet their name is almost never mentioned in conjunction with attacks from which they would clearly benefit.

Carr said he is not trying to defend China, as the country is vacuuming huge amounts of intellectual property and sensitive data from around the world, but these are also many other countries have done. They all have the technical capability of crafting a targeted spear phishing letter and gaining access to valuable data.

He further indicates that anyone who says that only China is conducting these types of attacks couldn’t be more wrong and such views are harming, not helping, the cyber security posture of the United States.

via Reports of China’s cyber assault on America are skewed?Politics?News?WantChinaTimes.com.