Category Archives: cyber attacks

03/10/13

Finding the Bad Guy’s in Tor -triangulated irregular network

gAtO ThInKiNg - a car GPS works very simple, It takes the delay time from one geo-positioned satellite and compares is to another geo-positional satellite and estimates the position of the GPS in my CAR – I think they call it satellite triangulation or something cool, it’s been done with radios to guide pilots navigate ever since they developed radios. We do it with satellite and we can use networks too.

triangulated irregular network  -So now apply this to the Tor bad guy’s websites- a hidden service!math_clouadTag

With a simple command you can get the time it takes to crawl a website, so you have one server in the U.S one is South America, one in Europe and one in Asia and we run the same command getting the delays from each location. I bet with a little math and some basic network tools we could figure out the geo-location of any given website in Tor. One of my good mentors told me that in my crawls I was capturing timing information, we all see timing information with a simple ping command in the clear web but in Tor – UDP is unsupported so it does not work -//- we must take into account the Tor network thru-put and utilization bit that’s easy to get from a number of Tor tools.

Reverse triangulation of a network server should be easy to find with a little math, just take a good sample and the longer you wait the more data you collect and the better the chance you can find a geo-location of a website. We do this in the clear web all the time we can see bad areas of the world that are bad spammers, and other like mail from Africa Prince Scams offering you millions if you send them some money to cover the transfer, or Russian and Chinese phishing attacks. So we know geo-location and some IP are more prime to bad actors and we can draw a profile, a geo-location of a place and/or  country or an ISP so not having the IP of a Tor server may not be neededto find them we could use network triangulation. “triangulated irregular network  ” So the same thing can be done with networks and timing delays of data back and forth from a // client <–> Tor OR <–>server.

I got a crazy Idea that may or may-not work, but it sounds good—//  so— Now if I can only find a government grant and a good math major to help out and we have a big business model to find the bad guy’s geo-location even in Tor - gAtO oUt…

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/09/math_clouadTag.tiffDigg ThisSubmit to reddit
02/3/13

Offensive Cyber Capabilities

Companies Need Offensive Cyber Capabilities

gAtO hEaR - about banks seek U.S Help on Iran Cyberattack’s. We hear about cyber attacks in the financial sector, the oil and energy sectors, then Leon Panetta warned perpetrators to cease hacking the US while we have all kinds of sanctions against Iran -/ this is insanity. Your telling unknown hackers (we suspected Iran) to  just stop, or what. What can we do to prevent them from launching cyber attacks against America.

So Iran has only 3 NAT-access points and 1 submarine cable (Al-Faw, Iraq submarine cable)

 

Then you have all these security people putting up defenses without building a firewall so bad-ass that they cannot do business. If we keep building these defenses it will get to a point where it defeats the purpose of the Internet. So what is the logical next move, offensive cyber weapons and capabilities. We can find these attacks and pinpoint the IP of where they are coming from then all we need is offensive tools to find them and do a seal-team 6 extraction of something like that and get the word out that we will find you and hunt you down.

One little hacker can keep a bank tied up for days in the middle of the desert. They could go after our traffic system, our rail system we know that SCADA is so messed up and in some cases open with defaults passwords. So we beat our chest like some mad gorilla and hope to scare these hackers.

My friends we must take initiative and find ways to counter these attacks no more just defense and I don’t mean a Ddos attack that can be circumvented. We need to plant Bot-nets on these people’s machines and monitor them and if we have to go physical and bring them to justice. Forget about Iran and let’s just talk about Chinese hacker attacks of our intellectual property. They just denied it and go about planning the next attack. We seen Skynet were thousands of computers were given a disk wipe and the blue screen of death. Why don’t we do the same to these hackers going after our infrastructure.

We must change our tactics and be a little more aggressive and become real cyber warriors not just defenders but attacking them and destroying their machines, their servers and routers. How about we just monitor the 1 submarine cable and 3 access points in Iran that should lead us to some of these people. The US monitors our own people then we stand by and allow other hostile countries to go and hack us. This is cyber insanity - gAtO OuT

 

Share on TumblrSubmit to StumbleUponhttp://www.alliancedatacom.com/images/cw-world-map-large.gifDigg ThisSubmit to reddit
01/17/13

PEDO’s gAtO is Hunting YOU!

gAtO hAs - been meeting some very good people that have the ugly dirty job of going after pedophiles and gATO is sicken that this problem is becoming so big. I like most people hear of these sick wackos and my skin crawls but I am guilty of not doing anything to stop this. In my research into the Tor’s Dark Web I found so much ugly Pedo stuff but I always said to myself this is some else job but it’s not.

All cyber security professionals should work together to find and go after these sick bastards that haunt our children nightmare. When I first saw the “Pedo Bear Wiki” in Tor’s I was in shock at how they do business in plain site thinking that they are safe. This is also a big black eye for everyone because this does not just happen in Tor’s Dark Web but in the clear web were we all do work, and talk to friends. Facebook, Twitter is full of them, you may of added them as friends. In the normal Internet these people thrive and then they go into Tor and people start saying Oh well in Tor it’s all about these perverts. They give Tor a bad name because it works so well to mask you.

Be on Notice pedo’s that gATO has found ways to find you in the Tor-onion network. I can find the IP of your hidden-service website, I can also find your clients if your not careful. I am launching some Tor tools that I am developing that may allow me to find your IP and then your -geo location. I am working on some other offensive cyber tools to go after these Pedo Sites in the clear web and especially in Tor. So the hunt begins pedophiles you have been warned this coming year we will find you and destroy you then give the police a chance to lock you up for life. Yeah your safe in Tor, keep thinking that – gATO hunts for RaTz like yOu.

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
11/16/12

White Hat Bot-Nets

gAtO wAs - reading Bloomberg BusinessWeek “ The Hacker of Damascus” Karin a 31-year-old doctor had spent the previous months protesting against the government of Damascus, he refuse to give up his friends names.

Before the arrest-/ before the torture/- they found a simple vulnerability thru Skypes they also got into his hard drive and as Karin said they arrested his computers data first them him. So now we see the black hats, spammer, cyber criminal tricks against people from their own governments. Is this the way it’s going to happen, we see the news today about 2 ladies and their General boy toys and WOW -mEoW.

In Georgia detains ministry for using malware to access opposition leaders computers – This is just another example of governments using criminal cyber tactics to gain intelligence from it’s own people.

 

The Hacker of Damascus – http://www.businessweek.com/articles/2012-11-15/the-hackers-of-damascus  

Georgia detains Dozen Interior Ministry “Cyber Spies” http://www.brecorder.com/world/europe/91030-georgia-detains-dozen-interior-ministry-cyber-spies.html 

The other side of the cyber struggles in Syria is Anonymous and their role in all this: On the other side, the hacktivist group Anonymous has infiltrated at least 12 Syrian government websites, including that of the Ministry of Defense, and released millions of stolen e-mails.  

Cyberspace and it’s tools (weapons) like Facebook, Twitter – can be used by both sides  in this evolving landscape of digital warriors. That is why gATo is sadden by how basic normal Internet tools can become killers and liberators. I guess I see the fog of cyberwar thru gATO eYe’S we have only seen defensive cyber tools so far Suxnet and others are only the beginning and the new economies that had no choice but a digital path into their infrastructure need to look at their own security a wee bit more close. DId Huawei (China’s Telecom Giant accused of having backdoor ) sell you those Network infrastructure pieces at a very cheap price -(lowest bidder (or a no-bid)contract) -well guess who is watching you…

SCADA cyber controls security SUCKs = infrastructure things (energy/transportation/communication/water/air) = fix them NOW

Since no Cyber Bill has gone before congress -President Obama after a major election went and signed  a-

US secret CYber Law singed by Pres. Obama -Nov 15, 2012

Rather, the directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the fully array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.

This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the U.S. Constitution, including the President’s role as commander in chief, and other applicable law and policies. http://killerapps.foreignpolicy.com/posts/2012/11/14/the_white_houses_secret_cyber_order

So now even 31-year-old doctors need to worry what they do and who they talk to and WHAT they talk about -/ also- in Facebook, Skype or any other web-App-  By the way —>These basic vulnerabilities can be found and exploited in any web-app – So this person may of worked at the water plant – or the electric plant what could these White Hat Bots have obtained?? These little White Hat BotNets may go rouge or may be captured this is about virtual digital world with a click of a mouse I GOT YOU!!! -PWN

Will this become the standard? The good and bad guy’s do it NOW- plant a virus suck up your disk / then check it out – BUT “if you got nothing to hide” well it’s OK then — right - gAtO oUt

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/11/black_bots_-300x168.jpgDigg ThisSubmit to reddit
02/1/12

McConnell, Chertoff and Lynn: Chinas Cyber Thievery Is National Policy—And Must Be Challenged – WSJ.com

By MIKE MCCONNELL, MICHAEL CHERTOFF AND WILLIAM LYNNOnly three months ago, we would have violated U.S. secrecy laws by sharing what we write here—even though, as a former director of national intelligence, secretary of homeland security, and deputy secretary of defense, we have long known it to be true. The Chinese government has a national policy of economic espionage in cyberspace. In fact, the Chinese are the worlds most active and persistent practitioners of cyber espionage today.Evidence of Chinas economically devastating theft of proprietary technologies and other intellectual property from U.S. companies is growing. Only in October 2011 were details declassified in a report to Congress by the Office of the National Counterintelligence Executive. Each of us has been speaking publicly for years about the ability of cyber terrorists to cripple our critical infrastructure, including financial networks and the power grid. Now this report finally reveals what we couldnt say before: The threat of economic cyber espionage looms even more ominously.

via McConnell, Chertoff and Lynn: Chinas Cyber Thievery Is National Policy—And Must Be Challenged – WSJ.com.

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
01/14/12

Sykipot Trojan targets US DoD smart cards

SECURITY RESEARCH OUTFIT Alienvault has revealed that Chinese cyber criminals are using malware to hack smart cards used by the US Department of Defence (DoD).

The latest strain of the backdoor access Trojan called Sykipot is being used to gain remote access to protected resources. A spear phishing technique is used to persuade the target to open a pdf file that lets the malware loose. It then uses a basic keylogger to steal credentials of cards used in the reader.

via Sykipot Trojan targets US DoD smart cards – The Inquirer.

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
01/8/12

“Cyber China” From Operation Aurora to China Cyber attacks Syndrome | Security Affairs

When we think of China in relation to cyber warfare, we imagine an army of hackers hired by the government in a computer room ready to successfully attack any potential target. China is perceived as a cyber power and ready to march against any insurmountable obstacle using any means. In this connection we read everything and its opposite, and we are ready to blame all sorts of cyber threats to the Country of the Rising Sun. The truth, however, is quite different, at least in my opinion, and understands that the Chinese people before others have understood the importance of a strategic hegemony in cyber space. However, many doubts are beginning to gather on the real technological capabilities of China.

It certainly has a high potential for cyber offensive but its quality is really arguable. China has the most extensive cyber-warfare capabilities. It began to implement an Information Warfare strategy in 1995 conducting a huge quantity of exercises in which computer viruses have been used to interrupt military and private communications. In 2000, China established a strategic Information Warfare unit, Net Force, which is responsible for “wage combat through computer networks to manipulate enemy information systems spanning spare parts deliveries to fire control and guid ance systems.” Today The PLA GSD Third Department and Fourth Departments are considered to be the two largest players in China‘s burgeoning cyber-infrastructure.  In November 2011, Desmond Ball, a professor in the Strategic and Defense Studies Centre at Australia’s National University argues that the Chinese offensive capabilities today are pretty limited and he has also declared that the internal security has a bunch of vulnerabilities.

via “Cyber China” From Operation Aurora to China Cyber attacks Syndrome | Security Affairs.

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
07/20/11

Hackers Linking Geeks and Wonks to Respond to National Security Incidents | Atlantic Council

There are many reasons why cyber conflict is considered an awkward and destabilizing national security problem. One of the more overlooked is the gap between the technical elite and senior politicians and policymakers, a disconnect that could become tragic during fast-moving cyber conflicts.   While this gap is shrinking in the United States, the United Kingdom, and Russia, it still is very significant elsewhere. China in particular needs to create better ways to connect their national security decision-makers with their technical incident responders – linking geeks and wonks – to help ensure technical incidents do not escalate out of political control.

via Cyber Statecraft: Linking Geeks and Wonks to Respond to National Security Incidents | Atlantic Council.

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
07/9/11

Reports of China’s cyber assault on America are skewed?Politics?News?WantChinaTimes.com

In response to Richard Clarke’s article published on the Wall Street Journal, entitled ‘China’s Cyber assault On America,’ Jeffrey Carr, author of Inside Cyber Warfare: Mapping the Cyber Underworld, said on The Diplomat Blogs that the story is full of mistakes, logical inconsistencies and a serious lack of understanding of how targeted cyber attacks work at a granular level.

Carr criticized that Clarke tries to draw a parallel between the Obama administration’s protection of Libyan dissidents from Gaddafi and his lack of protection for US citizens from cyber attacks in China, when he obviously knows that although the president has authority over military actions as commander-in-chief, he doesn’t have any authority over US corporations.

From Clarke’s point of view: “cyber criminals don’t hack defence contractors — they go after banks and credit cards.” Carr also has words to say, taken Zeus and Hilary Kneber hacker crews for example, they have been conducting cyber espionage attacks against government and military employees using the same malware that they use in financial crime since at least February 2010. Carr alone has been attacked by those same crews because of it, and he believed that it is the modus operandi of the Russian and Ukrainian governments.

It is a known fact that governments around the world have informal relationships with criminal hackers that allow them a safe harbour to conduct cybercrime as long as they also conduct cyber espionage or other types of cyber ops for their host government as needed. The Russian Federation have been known to conduct cyber espionage against foreign firms for years and yet their name is almost never mentioned in conjunction with attacks from which they would clearly benefit.

Carr said he is not trying to defend China, as the country is vacuuming huge amounts of intellectual property and sensitive data from around the world, but these are also many other countries have done. They all have the technical capability of crafting a targeted spear phishing letter and gaining access to valuable data.

He further indicates that anyone who says that only China is conducting these types of attacks couldn’t be more wrong and such views are harming, not helping, the cyber security posture of the United States.

via Reports of China’s cyber assault on America are skewed?Politics?News?WantChinaTimes.com.

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2011/06/113643-a-chinese-national-flag-waves-in-front-of-the-former-headquarters-of-g.jpg?w=150Digg ThisSubmit to reddit