Cyber Security Notebook

Cyber Security Notebook


  • Category Archives Cyber Dissident
  • Cyber Militia Models -Offensive

    Offensive Cyber Militia Models

    Volunteer based non-state actors have played an important part in many international cyber conflicts of the past two decades. In order to better understand this threat I describe three theoretical models for volunteer based offensive cyber militias: the Forum, the Cell and the Hierarchy. The Forum is an ad-hoc cyber militia form that is organized around a central communications platform, where the members share information and tools necessary to carry out cyber attacks against their chosen adversary. The Cell model refers to hacker cells, which engage in politically motivated hacking over extended periods of time. The Hierarchy refers to the traditional hierarchical model, which may be encountered in government sponsored volunteer organizations, as well as in cohesive self-organized non-state actors. For each model, I give an example and describe the model’s attributes, strengths and weaknesses using qualitative analysis. The models are based on expert opinion on different types of cyber militias that have been seen in cyber conflicts. These theoretical models provide a framework for categorizing volunteer based offensive cyber militias of non-trivial size.

    1. Introduction

    The widespread application of Internet services has given rise to a new contested space, where people with conflicting ideals or values strive to succeed, sometimes by attacking the systems and services of the other side. It is interesting to note that in most public cases of cyber conflict the offensive side is not identified as a state actor, at least not officially. Instead, it often looks like citizens take part in hactivist campaigns or patriotic hacking on their own, volunteering for the cyber front.

    Cases like the 2007 cyber attacks against Estonia are a good example where an informal non-state cyber militia has become a threat to national security. In order to understand the threat posed by these volunteer cyber militias I provide three models of how such groups can be organized and analyze the strengths and weaknesses of each.

    The three models considered are the Forum, the Cell and the Hierarchy. The models are applicable to groups of non-trivial size, which require internal assignment of responsibilities and authority.

    1.1 Methodandlimitations

    In this paper I use theoretical qualitative analysis in order to describe the attributes, strengths and weaknesses of three offensively oriented cyber militia models. I have chosen the three plausible models based on what can be observed in recent cyber conflicts. The term model refers to an abstract description of relationships between members of the cyber militia, including command, control and mentoring relationships, as well as the operating principles of the militia.

    Note, however, that the description of the models is based on theoretical reasoning and expert opinion. It offers abstract theoretical models in an ideal setting. There may not be a full match to any of them in reality or in the examples provided. It is more likely to see either combinations of different models or models that do not match the description in full. On the other hand, the models should serve as useful frameworks for analyzing volunteer groups in the current and coming cyber conflicts.

    In preparing this work, I communicated with and received feedback from a number of recognized experts in the field of cyber conflict research. I wish to thank them all for providing comments on my proposed models: Prof Dorothy Denning (Naval Postgraduate School), Dr Jose Nazario (Arbor Networks), Prof Samuel Liles (Purdue University Calumet), Mr Jeffrey Carr (Greylogic) and Mr Kenneth Geers (Cooperative Cyber Defence Centre of Excellence).

    2. The forum

    The global spread of the Internet allows people to connect easily and form „cyber tribes“, which can range from benign hobby groups to antagonistic ad-hoc cyber militias. (Williams 2007, Ottis 2008, Carr 2009, Nazario 2009, Denning 2010) In the case of an ad-hoc cyber militia, the Forum unites like- minded people who are “willing and able to use cyber attacks in order to achieve a political goal.“ It serves as a command and control platform where more active members can post motivational materials, attack instructions, attack tools, etc. (Denning 2010)

    This particular model, as well as the strengths and weaknesses covered in this section, are based on (Ottis 2010b). A good example of this model in recent cyber conflicts is the stopgeorgia.ru forum during the Russia-Georgia war in 2008 (Carr 2009).

    2.1 Attributes

    The Forum is an on-line meeting place for people who are interested in a particular subject. I use Forum as a conceptual term referring to the people who interact in the on-line meeting place. The technical implementation of the meeting place could take many different forms: web forum, Internet Relay Chat channel, social network subgroup, etc. It is important that the Forum is accessible over Internet and preferably easy to find. The latter condition is useful for recruiting new members and providing visibility to the agenda of the group.

    The Forum mobilizes in response to an event that is important to the members. While there can be a core group of people who remain actively involved over extended periods of time, the membership can be expected to surge in size when the underlying issue becomes “hot“. Basically, the Forum is like a flash mob that performs cyber attacks instead of actions on the streets. As such, the Forum is more ad-hoc than permanent, because it is likely to disband once the underlying event is settled.

    The membership of the Forum forms a loose network centered on the communications platform, where few, if any, people know each other in real life and the entire membership is not known to any single person (Ottis 2010b). Most participate anonymously, either providing an alias or by remaining passive on the communication platform. In general, the Forum is an informal group, although specific roles can be assumed by individual members. For example, there could be trainers, malware providers, campaign planners, etc. (Ottis 2010b) Some of the Forum members may also be active in cyber crime. In that case, they can contribute resources such as malware or use of a botnet to the Forum.

    The membership is diverse, in terms of skills, resources and location. While there seems to be evidence that a lot of the individuals engaged in such activities are relatively unskilled in cyber attack techniques (Carr 2009), when supplemented with a few more experienced members the group can be much more effective and dangerous (Ottis 2010a).

    Since most of the membership remains anonymous and often passive on the communications platform, the leadership roles will be assumed by those who are active in communicating their intent, plans and expertise. (Denning 2010) However, this still does not allow for strong command and control, as each member can decide what, if any, action to take.

    2.2 Strengths

    One of the most important strengths of a loose network is that it can form very quickly. Following an escalation in the underlying issue, all it takes is a rallying cry on the Internet and within hours or even minutes the volunteers can gather around a communications platform, share attack instructions, pick targets and start performing cyber attacks.

    As long as there is no need for tightly controlled operations, in terms of timing, resource use and targeting, there is very little need for management. The network is also easily scalable, as anyone can join and there is no lengthy vetting procedure.

    The diversity of the membership means that it is very difficult for the defenders to analyze and counter the attacks. The source addresses are likely distributed globally (black listing will be inefficient) and the different skills and resources ensure heterogeneous attack traffic (no easy patterns). In addition, experienced attackers can use this to conceal precision strikes against critical services and systems.

    While it may seem that neutralizing the communications platform (via law enforcement action, cyber attack or otherwise) is an easy way to neutralize the militia, this may not be the case. The militia can easily regroup at a different communications platform in a different jurisdiction. Attacking the Forum directly may actually increase the motivation of the members.

    Last, but not least, it is very difficult to attribute these attacks to a state, as they can (seem to) be a true (global) grass roots campaign, even if there is some form of state sponsorship. Some states may take advantage of this fact by allowing such activity to continue in their jurisdiction, blaming legal obstacles or lack of capability for their inactivity. It is also possible for government operatives to “create” a “grass roots” Forum movement in support of the government agenda. (Ottis 2009)

    2.3 Weaknesses

    A clear weakness of this model is the difficulty to command and control the Forum. Membership is not formalized and often it is even not visible on the communication platform, because passive readers can just take ideas from there and execute the attacks on their own. This uncoordinated approach can seriously hamper the effectiveness of the group as a whole. It may also lead to uncontrolled expansion of conflict, when members unilaterally attack third parties on behalf of the Forum.

    A problem with the loose network is that it is often populated with people who do not have experience with cyber attacks. Therefore, their options are limited to primitive manual attacks or preconfigured automated attacks using attack kits or malware. (Ottis 2010a) They are highly reliant on instructions and tools from more experienced members of the Forum.

    The Forum is also prone to infiltration, as it must rely on relatively easily accessible communication channels. If the communication point is hidden, the group will have difficulties in recruiting new members. The assumption is, therefore, that the communication point can be easily found by both potential recruits, as well as infiltrators. Since there is no easy way to vet the incoming members, infiltration should be relatively simple.

    Another potential weakness of the Forum model is the presumption of anonymity. If the membership can be infiltrated and convinced that their anonymity is not guaranteed, they will be less likely to participate in the cyber militia. Options for achieving this can include “exposing” the “identities” of the infiltrators, arranging meetings in real life, offering tools that have a phone-home functionality to the members, etc. Note that some of these options may be illegal, depending on the circumstances. (Ottis 2010b)

    3. The cell

    Another model for a volunteer cyber force that has been seen is a hacker cell. In this case, the generic term hacker is used to encompass all manner of people who perform cyber attacks on their own, regardless of their background, motivation and skill level. It includes the hackers, crackers and script kiddies described by Young and Aitel (2004). The hacker cell includes several hackers who commit cyber attacks on a regular basis over extended periods of time. Examples of hacker cells are Team Evil and Team Hell, as described in Carr (2009).

    3.1 Attributes

    Unlike the Forum, the Cell members are likely to know each other in real life, while remaining anonymous to the outside observer. Since their activities are almost certainly illegal, they need to trust each other. This limits the size of the group and requires a (lengthy) vetting procedure for any new recruits. The vetting procedure can include proof of illegal cyber attacks.

    The command and control structure of the Cell can vary from a clear self-determined hierarchy to a flat organization, where members coordinate their actions, but do not give or receive orders. In theory, several Cells can coordinate their actions in a joint campaign, forming a confederation of hacker cells.

    The Cells can exist for a long period of time, in response to a long-term problem, such as the Israel- Palestine conflict. The activity of such a Cell ebbs and flows in accordance with the intensity of the underlying conflict. The Cell may even disband for a period of time, only to reform once the situation intensifies again.

    Since hacking is a hobby (potentially a profession) for the members, they are experienced with the use of cyber attacks. One of the more visible types of attacks that can be expected from a Cell is the website defacement. Defacement refers to the illegal modification of website content, which often includes a message from the attacker, as well as the attacker’s affiliation. The Zone-H web archive lists thousands of examples of such activity, as reported by the attackers. Many of the attacks are clearly politically motivated and identify the Cell that is responsible.

    Some members of the Cell may be involved with cyber crime. For example, the development, dissemination, maintenance and use of botnets for criminal purposes. These resources can be used for politically motivated cyber attacks on behalf of the Cell.

    3.2 Strengths

    A benefit of the Cell model is that it can mobilize very quickly, as the actors presumably already have each other’s contact information. In principle, the Cell can mobilize within minutes, although it likely takes hours or days to complete the process.

    A Cell is quite resistant to infiltration, because the members can be expected to establish their hacker credentials before being allowed to join. This process may include proof of illegal attacks.

    Since the membership can be expected to be experienced in cyber attack techniques, the Cell can be quite effective against unhardened targets. However, hardened targets may or may not be within the reach of the Cell, depending on their specialty and experience. Prior hacking experience also allows them to cover their tracks better, should they wish to do so.

    3.3 Weaknesses

    While a Cell model is more resistant to countermeasures than the Forum model, it does offer potential weaknesses to exploit. The first opportunity for exploitation is the hacker’s ego. Many of the more visible attacks, including defacements, leave behind the alias or affiliation of the attacker, in order to claim the bragging rights. (Carr 2009) This seems to indicate that they are quite confident in their skills and proud of their achievements. As such, they are potentially vulnerable to personal attacks, such as taunting or ridiculing in public. Stripping the anonymity of the Cell may also work, as at least some members could lose their job and face law enforcement action in their jurisdiction. (Carr 2009) As described by Ottis (2010b), it is probably not necessary to actually identify all the members of the Cell. Even if the identity of a few of them is revealed or if the corresponding perception can be created among the membership, the trust relationship will be broken and the effectiveness of the group will decrease.

    Prior hacking experience also provides a potential weakness. It is more likely that the law enforcement know the identity of a hacker, especially if he or she continues to use the same affiliation or hacker alias. While there may not be enough evidence or damage or legal base for law enforcement action in response to their criminal attacks, the politically motivated attacks may provide a different set of rules for the local law enforcement.

    The last problem with the Cell model is scalability. There are only so many skilled hackers who are willing to participate in a politically motivated cyber attack. While this number may still overwhelm a small target, it is unlikely to have a strong effect on a large state.

    4. The hierarchy

    The third option for organizing a volunteer force is to adopt a traditional hierarchical structure. This approach is more suitable for government sponsored groups or other cohesive groups that can agree to a clear chain of command. For example, the People’s Liberation Army of China is known to include militia type units in their IW battalions. (Krekel 2009) The model can be divided into two generic sub- models: anonymous and identified membership.

    4.1 Attributes

    The Hierarchy model is similar in concept to military units, where a unit commander exercises power over a limited number of sub-units. The number of command levels depends on the overall size of the organization.

    Each sub-unit can specialize on some specific task or role. For example, the list of sub-unit roles can include reconnaissance, infiltration/breaching, exploitation, malware/exploit development and training. Depending on the need, there can be multiple sub-units with the same role. Consider the analogy of an infantry battalion, which may include a number of infantry companies, anti-tank and mortar platoons, a reconnaissance platoon, as well as various support units (communications, logistics), etc. This specialization and role assignment allows the militia unit to conduct a complete offensive cyber operation from start to finish.

    A Hierarchy model is the most likely option for a state sponsored entity, since it offers a more formalized and understandable structure, as well as relatively strong command and control ability. The control ability is important, as the actions of a state sponsored militia are by definition attributable to the state.

    However, a Hierarchy model is not an automatic indication of state sponsorship. Any group that is cohesive enough to determine a command structure amongst them can adopt a hierarchical structure. This is very evident in Massively Multiplayer Online Games (MMOG), such as World of Warcraft or EVE Online, where players often form hierarchical groups (guilds, corporations, etc.) in order to achieve a common goal. The same approach is possible for a cyber militia as well. In fact, Williams (2007) suggests that gaming communities can be a good recruiting ground for a cyber militia.

    While the state sponsored militia can be expected to have identified membership (still, it may be anonymous to the outside observer) due to control reasons, a non-state militia can consist of anonymous members that are only identified by their screen names.

    4.2 Strengths

    The obvious strength of a hierarchical militia is the potential for efficient command and control. The command team can divide the operational responsibilities to specialized sub-units and make sure that their actions are coordinated. However, this strength may be wasted by incompetent leadership or other factors, such as overly restrictive operating procedures.

    A hierarchical militia may exist for a long time even without ongoing conflict. During “peacetime“, the militia’s capabilities can be improved with recruitment and training. This degree of formalized preparation with no immediate action in sight is something that can set the hierarchy apart from the Forum and the Cell.

    If the militia is state sponsored, then it can enjoy state funding, infrastructure, as well as cooperation from other state entities, such as law enforcement or intelligence community. This would allow the militia to concentrate on training and operations.

    4.3 Weaknesses

    A potential issue with the Hierarchy model is scalability. Since this approach requires some sort of vetting or background checks before admitting a new member, it may be time consuming and therefore slow down the growth of the organization.

    Another potential issue with the Hierarchy model is that by design there are key persons in the hierarchy. Those persons can be targeted by various means to ensure that they will not be effective or available during a designated period, thus diminishing the overall effectiveness of the militia. A hierarchical militia may also have issues with leadership if several people contend for prestigious positions. This potential rift in the cohesion of the unit can potentially be exploited by infiltrator agents.

    Any activities attributed to the state sponsored militia can further be attributed to the state. This puts heavy restrictions on the use of cyber militia “during peacetime“, as the legal framework surrounding state use of cyber attacks is currently unclear. However, in a conflict scenario, the state attribution is likely not a problem, because the state is party to the conflict anyway. This means that a state sponsored offensive cyber militia is primarily useful as a defensive capability between conflicts. Only during conflict can it be used in its offensive role.

    While a state sponsored cyber militia may be more difficult (but not impossible) to infiltrate, they are vulnerable to public information campaigns, which may lead to low public and political support, decreased funding and even official disbanding of the militia. On the other hand, if the militia is not state sponsored, then it is prone to infiltration and internal information operations similar to the one considered at the Forum model.

    Of the three models, the hierarchy probably takes the longest to establish, as the chain of command and role assignments get settled. During this process, which could take days, months or even years, the militia is relatively inefficient and likely not able to perform any complex operations.

    5. Comparison

    When analyzing the three models, it quickly becomes apparent that there are some aspects that are similar to all of them. First, they are not constrained by location. While the Forum and the Cell are by default dispersed, even a state sponsored hierarchical militia can operate from different locations.

    Second, since they are organizations consisting of humans, then one of the more potent ways to neutralize cyber militias is through information operations, such as persuading them that their identities have become known to the law enforcement, etc.

    Third, all three models benefit from a certain level of anonymity. However, this also makes them susceptible for infiltration, as it is difficult to verify the credentials and intent of a new member.

    On the other hand, there are differences as well. Only one model lends itself well to state sponsored entities (hierarchy), although, in principle, it is possible to use all three approaches to bolster the state’s cyber power.

    The requirement for formalized chain of command and division of responsibilities means that the initial mobilization of the Hierarchy can be expected to take much longer than the more ad-hoc Forum or Cell. In case of short conflicts, this puts the Hierarchy model at a disadvantage.

    Then again, the Hierarchy model is more likely to adopt a “peace time” mission of training and recruitment in addition to the “conflict” mission, while the other two options are more likely to be mobilized only in time of conflict. This can offset the slow initial formation limitation of the Hierarchy, if the Hierarchy is established well before the conflict.

    While the Forum can rely on their numbers and use relatively primitive attacks, the Cell is capable of more sophisticated attacks due to their experience. The cyber attack capabilities of the Hierarchy, however, can range from trivial to complex.

    It is important to note that the three options covered here can be combined in many ways, depending on the underlying circumstances and the personalities involved.

    Conclusion

    Politically motivated cyber attacks are becoming more frequent every year. In most cases the cyber conflicts include offensive non-state actors (spontaneously) formed from volunteers. Therefore, it is important to study these groups.

    I have provided a theoretical way to categorize non-trivial cyber militias based on their organization. The three theoretical models are: the Forum, the Cell and the Hierarchy. In reality, it is unlikely to see a pure form of any of these, as different groups can include aspects of several models. However, the strengths and weaknesses identified should serve as useful guides to dealing with the cyber militia threat.

    Disclaimer: The opinions expressed here should not be interpreted as the official policy of the Cooperative Cyber Defence Centre of Excellence or the North Atlantic Treaty Organization.

    References

    Carr, J. (2009) Inside Cyber Warfare. Sebastopol: O’Reilly Media.
    Denning, D. E. (2010) “Cyber Conflict as an Emergent Social Phenomenon.” In Holt, T. & Schell, B. (Eds.)

    Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications. IGI Global, pp 170-

    186.
    Krekel, B., DeWeese, S., Bakos, G., Barnett, C. (2009) Capability of the People’s Republic of China to Conduct

    Cyber Warfare and Computer Network Exploitation. Report for the US-China Economic and Security

    Review Commission.
    Nazario, J. (2009) “Politically Motivated Denial of Service Attacks.” In Czosseck, C. & Geers, K. (Eds.) The Virtual

    Battlefield: Perspectives on Cyber Warfare. Amsterdam: IOS Press, pp 163-181.

    Ottis, R. (2008) “Analysis of the 2007 Cyber Attacks Against Estonia from the Information Warfare Perspective.” In Proceedings of the 7th European Conference on Information Warfare and Security. Reading: Academic Publishing Limited, pp 163-168.

    Ottis, R. (2009) ”Theoretical Model for Creating a Nation-State Level Offensive Cyber Capability.” In Proceedings of the 8th European Conference on Information Warfare and Security. Reading: Academic Publishing Limited, pp 177-182.

    Ottis, R. (2010a) “From Pitch Forks to Laptops: Volunteers in Cyber Conflicts.” In Czosseck, C. and Podins, K. (Eds.) Conference on Cyber Conflict. Proceedings 2010. Tallinn: CCD COE Publications, pp 97-109.
    Ottis, R. (2010b) “Proactive Defence Tactics Against On-Line Cyber Militia.” In Proceedings of the 9th European

    Conference on Information Warfare and Security. Reading: Academic Publishing Limited, pp 233-237. Williams, G., Arreymbi, J. (2007) Is Cyber Tribalism Winning Online Information Warfare? In Proceedings of

    ISSE/SECURE 2007 Securing Electronic Business Processes. Wiesbaden: Vieweg. On-line:

    http://www.springerlink.com/content/t2824n02g54552m5/n

    Young, S., Aitel, D. (2004) The Hacker’s Handbook. The Strategy behind Breaking into and Defending Networks. Boca Raton: Auerbach.

    Keywords: cyber conflict, cyber militia, cyber attack, patriotic hacking, on-line communities

    Rain Ottis
    Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia 
    rain.ottis@ccdcoe.org

    Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

  • Recon the Deep Web

    Tools – NAT FW – Lil’Snitch – VPN – ToR —> Bandwidth Graph – View Network -Message Log

    See bottom for UpDaTe 2/22/11

    gAtO wAnTeD -to explore the Deep Web to see what all the chatter is all about. So I went to torproject.org to see what tools were available. Tor has many tools like -Tails is a Live CD/USB distro preconfigured to use Tor safely and easily. gAtO has used Vidalia and firefox before just for a test drive but the slowness stopped me the first time. I have noticed Anonymous and others using the Deep Web to re-launch the LulzBoat on one of the taunts they made they gave an .onion chat room were you need to register to get in. So what is different from any other Chat room not on .onion.

    First the mechanics of a Tor network hides you from anyone the good the bad and the ugly that simple. With a VPS (Virtual Private Network) from any hosting service you can create a website and deploy it in the .onion only visible Deep Web. Now even popular WebSite tools like Drupal and WordPress can publish to the deep web so people under censorship can still see your websites thru ToR. For a dissident who is monitored they can go into a Tor network and publish a site were other like mined can share information without their government or anyone else knowing. No trace. Yes the bad guy’s uses the Deep Web to peddle their wear but there is a lot of good stuff —if you can find it.

    gAtO went into the Deep Web testing the water but verifying[1] that I had my shields on at all times. First it’s slow so take your time when you hit a wiki they but first check yourself http://torcheck.xenobite.eu/ this will check your safe and sound. 

    First stop is TorDir http://suw74isz7wqzpmgu.onion [2] This will give you a chance to look and the tip of the iceberg. When you get to this first site – I right away went to Hacking and Related Section( to see what is out there) As you can see this is different than google search :

    Comments: 5 read or add comments about this link (Anonymous) | Rating: *****

    Last check: 04-02-2012 16:54:21 | Result: On | Lag: 19 seconds

    Here are a few different thing about this site 1st it has comments(read Them) You should read these so you know what’s in these site. 2nd Last checked and Results and Lag Time these vary some in places I seen have 50 second lag time. Remember these are .onion sites and sometimes there on and sometimes there not. A nefarious website may not keep normal times of business so if you really thing that that site is real check back it may come back on the air. 

    If you want to do more than look I recommend us a boot CD/USB with NO WRITE to your hard drive. These are tech savvy people and they may try to put a bot,worm,spy, whatever on your device as for the .onion on my personal Mobile device-NoWayDude.

     

    Example of a BAD Site: do not click

    CardersPlanet

    First carding service from russian community. Credit cards, bank accounts, DDoS service.

    http://wihwaoykcdzabadd.onion

    Last check: 03-02-2012 04:41:02 | Result: Off

    Just look at this site Carders Planet would you really enter this site without your bells and whistles all tight as a submarine. By the way Results:Off (so the site is Off). Then there is the monetary part BitCoins looks to be all right but I have not used them so until I experience them I will not comment. Anyway try http://k4bmdpobhqdguh2y.onion/ This has a basic list to a few site that are rather safe. I listed a few sites I found most all of them work at least when I tried them as security people we need to understand the deep web so we can use it as another tool on our belts. USCYberLabs.com/blog will be adding a .onoin site in the coming weeks and we will also use Tor-Bridge to publish to both worlds. The Deep Web needs good solid content sometimes depending on the time and place their is no other way to read information that may save a life. Freedom must be preserve the .onion network is no Dark Web it just different let work to make it better -gAtO oUt

    What is a .onion site?

    .onion, for all intents an purposes, acts like a top level domain (like your .com’s, .org’s, etc), but is not accessible like a normal webpage. For this reason, it’s called a pseudo top level domain. .onions are run through the Tor network (there are at least two text files on that subject, here, by Mr_Scotty and in the second section of the text here, by myself). Not only does this encrypt server-side data, but increases anonymity as well. On your normal web, a website hosting illegal content would be shut down by the country’s government that governs the host. But on your Tor Network, not only is it impossible to tell where the site is hosted – it’s impossible to take it down, as well.

    References:

    Tor Services

    [2] Messaging – Activism, Political and Revolutionary – Adult – Blogs – Business – Email, IM, Communications – Gambling – Hacking and Related – Hosting and Content Share – Librarys – Personal Pages – Reference  – Security – Social- Social File/happiness sharing

    Software

    Normal Web:

    Virtual Private Server (VPS)  http://en.wikipedia.org/wiki/Virtual_private_server

    Wiki Tor http://en.wikipedia.org/wiki/Tor_(anonymity_network)

    Tor Onion Sites

    [1]Tor Check torcheck.xenobite.eu <http://torcheck.xenobite.eu/

    Torando:  http://b6kpigzhrdhibmos.onion/d6/

    Qpastebin http://4eiruntyxxbgfv7o.onion/paste/browse.php

    PasteOnion http://xqz3u5drneuzhaeo.onion/users/boi/

    The Hidden Wiki – contains all SORTS of info on tor sites http://xmh57jrzrnw6insl.onion/

    TORCH, a tor search engine http://eqt5g4fuenphqinx.onion/

    Core .onion, a tor site directory http://4jbxjjrbakmdcmvb.onion/

    Tor Check torcheck.xenobite.eu <http://torcheck.xenobite.eu/

    AntiSec Embacy -http://ibhg35kgdvnb7jvw.onion/

    Odd K5: http://k5oddprhqyfvhwh4.onion

    Search Engine Torgler: http://oqznfi3tdo6nwg3f.onion

    Leaks: Wikileaks: http://suw74isz7wqzpmgu.onion

    Messaging: TorPM: http://4eiruntyxxbgfv7o.onion/pm/

    File Hosting: sTORage: http://utovvyhaflle76gh.onion/

    BLOLYLO: http://46lm7zhgildryehk.onion

    ES Uploader: http://i7hknwg4up2jhdkx.onion

    AnonyShares: http://4eiruntyxxbgfv7o.onion

    Gatways to I2P Susi Mail: 

    German http://a5ec6f6zcxtudtch.onion

    The Silk Road where u can buy drugs  http://ianxz6zefk72ulzz.onion/index.php

    The Hidden Wiki! Can potentially find everything from here! http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page

    Contains Tor Library http://am4wuhz3zifexz5u.onion/

    The General Store (more drugs) http://xqz3u5drneuzhaeo.onion/users/generalstore/

    A bunch of rather popular boards (like Intel Exchange) http://4eiruntyxxbgfv7o.onion/snapbbs/sitedex.php


    ‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡‡

    2/22/11 -Update:

    gAtO found this list it is still raw and some nasty shit is on this that gAtO will never need to go,, sick bastard..

     

    Here’s the hidden wiki that you can access when on Tor

    http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page

     

    • Assassination Market – Anonymous assassination market using Tor Bank and TorPM
    • TOR Free For All – Unmoderated area for political and other topics. Anything goes. (Guest account: user=public01 pass=public01)
    • TorTSE – A continuation of the infamous TOTSE forum which has existed since the late 80s covering almost every topic.
    • Democrat Watch – Right-wing board dedicated to criticizing Democrats (registration required)
    • The Intel Exchange – Know or need to know something? Ask and share at this underground intelligence gathering network…
  • talk.masked, clearnet version (read only) – Talks/Notes. A Janitor Joint. Mirror: rsync://ci3hn2uzjw2wby3z.onion:873/
  • K5 Odd Forums – Forum with a different interface than the common ones. Poop’s joint. (Requires HTTP referrers)
  • OnionWarez – Uncensored warez/multimedia forum. Eng/Pol. Pedo/necro/bestia/murder talk only in allowed channels.
  • anonymous bbs, gopher interface, telnet interface – Another variation of the talks style of board.
  • Tajna Community – A WIP Underground forum & file dump. Caters for most tastes. (LUP 2010-12-06)
  • TextForest – Kinda like talk.masked, but personalized. A Janitor Joint.
  • Hosted by: Freedom Hosting
  • Muchan – Imageboard for discussing music and random stuff. Boards : /b/ (random)
  •  

     

     

    1. OnionIB: b4yrk2nkydqfpzqm.onion/onionib
    2. The Tor Library: am4wuhz3zifexz5u.onion
    3. Hidden Wiki: http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page
    4. TORDIR: http://dppmfxaacucguzpc.onion/
    5. Torch: http://xmh57jrzrnw6insl.onion/
    6. TorStatus: http://lotjbov3gzzf23hc.onion/
    7. Intel exchange boards (nothing really useful, except for gathering links) – Channers present
    8. http://4eiruntyxxbgfv7o.onion/snapbbs/736364f4/threadlist.php?
    9. Hidden Wiki
    10. http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page
    11. LiberaTor (info dump site – pdf files, risk to security)
    12. http://p2uekn2yfvlvpzbu.onion/
    13. Dangler’s site – hired thief
    14. http://627kx22vati6uqkw.onion/
    15. cheese pizza sites
    16. Secret Corner – imageboard
    17. 7cov2loswjrmaqot
    18. Image gallery
    19. 6x77gb7ngu6nymwl
    20. video hosting
    21. opva2pilsncvtwmh
    22. http://b4yrk2nkydqfpzqm.onion/girls/topic/1045+full/
    23. lolitas
    24. http://m3hjrfh4hlqc67gb.onion/inliner.php?num=50&size=120&filter=00
    25. Core onion – directory
    26. http://eqt5g4fuenphqinx.onion/
    27. Onion chan – Captain piccard everywhere
    28. http://b4yrk2nkydqfpzqm.onion/
    29. Ebook colection
    30. https://w4dzvkf6hu5d5pha.tor2web.org/index.html
    31. Pastebin
    32. http://4eiruntyxxbgfv7o.onion/paste/browse.php
    33. List of bbs
    34. http://4eiruntyxxbgfv7o.onion/snapbbs/sitedex.php
    35. OnionIRC file host? Contains cherry pie
    36. http://nissehqau52b5kuo.onion/
    37. * axqzzpkfwezf3kku.onion – Tor Project: Anonymity Online
    38. * dppmfxaacucguzpc.onion – TORDIR – Link List
    39. * eqt5g4fuenphqinx.onion – Core.onion
    40. * oqznfi3tdo6nwg3f.onion – Tor network search – Torgle v3
    41. * xqz3u5drneuzhaeo.onion – Freedom Hosting
    42. * 4jbxjjrbakmdcmvb.onion – TorMarks Tor Directory
    43. * a5ec6f6zcxtudtch.onion – Webinterface of “awxcnx”
    44. * c4wcxidkfhvmzhw6.onion – PrivacyBox
    45. * taswebqlseworuhc.onion – TasWeb
    46. * vdyrqdwjyx7kfnhy.onion – Welcome to vescum!
    47. * wf4df37hrebhwzts.onion – Web Design Guidelines: Onionland Style
    48. * torbankofpucsfo6.onion – Tor Bank is obsolete
    49. * vms43o4cqysakvyb.onion – The Bitcoin 4 Cash Service – Home
    50. * xqzfakpeuvrobvpj.onion – MyBitcoin – A web-based transaction processor for Bitcoin
    51. * 5pyq73pxm423mgzx.onion – potaoto – anonymous image hosting
    52. * i7hknwg4up2jhdkx.onion – ES Simple Uploader
    53. * xfq5l5p4g3eyrct7.onion – Onion Image Uploader
    54. * 6eranjd7c4f5rncf.onion – Public timeline – twat
    55. * ms4kc75hlvnfcxgz.onion – blog.masked
    56. * ci3hn2uzjw2wby3z.onion – talk.masked
    57.     * k5oddprhqyfvhwh4.onion – K5 Odd Forums
    58.     * qm3monarchzifkwa.onion – anonymous bbs
    59.     * tzdp6xe2upfbh5qv.onion – ^/\ TextForest
    60.     * 7ymfzygewl4n6usp.onion – Index of /
    61.     * clsvtzwzdgzkjda7.onion – HackBB » Index page
    62.     * cx4vwijytopjvedi.onion – A website
    63.     * 3terbsb5mmmdyhse.onion – hashparty ~ password cracking
    64.     * voba3xuuqisvloqe.onion – FirstSale | Convert your e-books for use on another Kindle™
    65.     * 2c2na76zih6lxmeo.onion – Index of /
    66.     * nwycvryrozllb42g.onion – Destination Unknown
    67.     * w4dzvkf6hu5d5pha.onion – BookPusher’s eBook Collection
    68.     * p2uekn2yfvlvpzbu.onion – LiberaTor
    69.     * wxbsxbatlwtdhvvo.onion – The Occupied Potty
    70.     * s7nbvdbky4xqim7h.onion – Male animal genitalia gallery – Makloo’s Free online pictures
    71. - galleries of male horses, dogs, stallions, elephants, bulls, and other male animal …
    72.     * 3g2upl4pq6kufc4m.onion – DuckDuckGo
    73.     * if65je4uxyznpbjk.onion – Television Downloads And Flash Streaming
    74. @ TV-DUMP.ORG – 1 file downloads
    75. * kpynyvym6xqi7wz2.onion – main.paraZite.org # Anarchy files and Underground links
    76. * mlz3apezci5ya6k6.onion – Moralize.us
    77. * 2ddjd7xsni7pefcx.onion – PURE EUROPE
    78. * iwdmsbpxclyjhi4e.onion – The LG enV2
    79. * naot2jryja6iyrp5.onion – Neutering NOT Org
    80. * ybi5yfcdw6mxqlvn.onion – Welcome to Onion Desktop
    81. * ie4hf3qxzoazywoi.onion – Index of /
    82. * zqiirytam276uogb.onion – Thorlauta
    83. * ar3ubs6cg6an4ylt.onion – beaglesnoop
    84. Lots of articles on searching – applicable to the deep web
    85. http://nwycvryrozllb42g.onion/searchlores/news.htm
    86.     * j4ddjgxetfx2ybcx.onion – Geheimkanal – Anal Fatal
    87.     * xiwayy2kn32bo3ko.onion – ONION Channel
    88.     * n2qxamb4ujm53cas.onion – .:: Strona posÅ‚a na Sejm RP Krzysztofa Brejzy ::.
    89.     * nemlq3kd36frgvzp.onion – TorPortal – bo wolność to wolność.
    90.     * ont6bv4bg7rtgaos.onion – Polska ukryta strona w sieci Tor
    91.     * qubsrxat5qsaw5u5.onion – Polska Cebulka
    92.     * uaga3aoawaj6hohg.onion – Index of /
    93.     * xlmg6p4ueely7mhh.onion – TorKnight forum – Polskie forum wielotematyczne – Indeks
    94.     * ximqy45aat273ha5.onion – ?????-??????
    95.     * rusinfoik4z4rgi3.onion – РИР Ð ÑƒÑ ÑŒÐ˜Ð½Ñ„Ð¾ | Ð Ð¾Ð²Ð¾Ñ Ñ‚Ð¸ Ð ÑƒÑ Ñ ÐºÐ¾Ð³Ð¾
    96. Рарода
    97.     * y4bzva6k3l2l7rla.onion – Detská pornografia – je to len zámienka
    98.     * honeynetvg7i4lc6.onion – Welcome to HoneyNet
    99.     * dg6exbqq42btatnw.onion – GNUnet files sharing
    100.     * taswebqlseworuhc.onion – TasWeb
    101.     * xfq5l5p4g3eyrct7.onion – Onion Image Uploader
    102.     * pdjfyv7v3pn34w4f.onion – House of Anonymous
    103.     * pdjfyv7v3pn34w4f.onion – House of Anonymous
    104.     * dsyghxm2xtmffaxx.onion -
    105.     * qubsrxat5qsaw5u5.onion – Polska Cebulka
    106.     * i7hknwg4up2jhdkx.onion – ES Simple Uploader
    107.     * pibn3ueheubjxv2z.onion – U kocurka
    108.     * y4bzva6k3l2l7rla.onion – Detská pornografia – je to len zámienka
    109.     * ar3ubs6cg6an4ylt.onion – beaglesnoop
    110.     * x64n42mkjidmy2zr.onion – Boy Vids V1.1 – Index
    111.     * 5cez64xymwnci47y.onion – Capri
    112.     * 7taxwkbteb6raduz.onion – CPHunter : Home
    113.     * c7lt62zuq46uywrn.onion – Index of /
    114.     * waivt2ksvjukhsps.onion – Imageboard Gateway
    115.     * yl2wafirpac6rtqz.onion – KindzazaChan
    116.     * c7jh7jzl3taek4eh.onion – Onion II
    117.     * b4yrk2nkydqfpzqm.onion – OnionIB
    118.     * opva2pilsncvtwmh.onion – OnionPedo Video Archive
    119.     * ke56zgxebernbbpz.onion – Pedofilska strona MichaÅ‚a BraÅ„skiego
    120.     * 6x77gb7ngu6nymwl.onion – TorPedo 2.0 – Tor Pedo Gallery > 9KPix > 2GB
    121.     * kdq2y44aaas2aiu4.onion – Proxy error: 502 Couldn’t parse server status line.
    122.     * vs5hb2ybldb4gfja.onion – 3D Boys • Index page
    123.     * 7bm7p4ttba5tanme.onion – Login :: 7bm7p4ttba5tanme.onion
    124.     * x3zrcuuaa3oryn3h.onion – Welcome To Paradise Village
    125.     * 7ufb532zwap5gpyc.onion -
    126.     * w4b46jaqe3pgsvnf.onion – FreedomChan – Redirecting to Gallery..
    127.     * acdcoduomhlthume.onion – Index of /
    128.     * nk3amln4w62pepqt.onion -
    129.     * aiw2jgiqm5n2v77s.onion – KINDZAZA ::
    130.     * rtfl7xrmcsc4pdvk.onion -
    131.     * 5sdehmaqvrjho7xn.onion -
    132.     * 4fj7juxplvsxgocy.onion -
    133.     * l6nvqsqivhrunqvs.onion -
    134.     * ms4kc75hlvnfcxgz.onion – blog.masked
    135.     * qx7j2selmom4ioxf.onion – main.paraZite.org # Anarchy files and Underground links
    136.     * ci3hn2uzjw2wby3z.onion – talk.masked
    137.     * xqz3u5drneuzhaeo.onion – Freedom Hosting
    138.     * 5cez64xymwnci47y.onion – Capri
    139.     * 6p7rd57bd6ph3hlp.onion – KindzazaNew
    140.     * oivabkctz4ajdnwa.onion – Index of /
    141.     * oivabkctz4ajdnwa.onion – Index of /
    142.     * clsvtzwzdgzkjda7.onion – HackBB » Index page
    143.     * c7jh7jzl3taek4eh.onion – Onion II
    144.     * waivt2ksvjukhsps.onion – Imageboard Gateway
    145.     * 6x77gb7ngu6nymwl.onion – TorPedo 2.0 – Tor Pedo Gallery > 9KPix > 2GB
    146.     * b4yrk2nkydqfpzqm.onion – OnionIB
    147.     * yl2wafirpac6rtqz.onion – KindzazaChan
    148.     * x64n42mkjidmy2zr.onion – Boy Vids V1.1 – Index
    149.     * opva2pilsncvtwmh.onion – OnionPedo Video Archive
    150.     * 7taxwkbteb6raduz.onion – CPHunter : Home
    151.     * eqt5g4fuenphqinx.onion – Core.onion
    152.     * hkfjbmo2rdjun56b.onion -
    153.     * wuvdsbmbwyjzsgei.onion -
    154.     * juzocitzjuqpo2rx.onion -
    155.     * mlz3apezci5ya6k6.onion – Moralize.us
    156.     * 5pyq73pxm423mgzx.onion – potaoto – anonymous image hosting
    157.     * mf7ww4oo2ztz3xuv.onion – Browse Album :: TorGallery
    158.     * curatorqztgkvf34.onion – Curator – Sort, Search, Share.
    159. http://xqz3u5drneuzhaeo.onion/users/mister/
    160. http://xqz3u5drneuzhaeo.onion/users/library/ another Tor library
    161. http://xqz3u5drneuzhaeo.onion/users/dosbox2/
    162. http://g7pz322wcy6jnn4r.onion/opensource/polyfront/index.html
    163. http://am4wuhz3zifexz5u.onion/ tor library
    164. http://wuvdsbmbwyjzsgei.onion/DOWNLOAD/ music downloads
    165. http://xqz3u5drneuzhaeo.onion/users/iskanderarchiv/ free bibliotheca alexandrina
    166. Lolita:
    167. http://m3hjrfh4hlqc67gb.onion/search.php?sort=newest

     

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

  • Is DDoS a Legitimate Civil Disobedience

    gAtO’s -Digital Sit-insDistributed denial of service (DDOS) is a favorite tactic of Anonymous. While the media likes to call DDOS a form of ‘hacking’, this is at best a technical misunderstanding. DDOS does no permanent damage and doesn’t involve breaking into servers or stealing data. Rather, it simply overwhelms a server with UDP traffic – the online equivalent of fans at a football game yelling so loud that the offensive line can’t hear the quarterback. This XKCD comic explains it best:

    In the US, DDOS has been treated as a felony under the Computer Fraud and Abuse Act punishable by a mandatory 10 years in prison. Given its similarity to long-accepted civil disobdience tactics such as sit-ins and blocking building entrances, this harsh penalty is outrageous and unfair.

    Anonymous is not unanimous, and opinion on DDOS is perhaps more divided than any other tactic. Indeed, this very faction, in consultation with anti-ACTA NGOs, has been calling for a halt to DDOS for the last several days.

    But after this photo of Polish politicians protesting ACTA went viral yesterday, is it time we all re-evaluate the role & legitimacy of DDOS. These Parlimentarians were wearing Anonymous Guy Fawkes mask while the Parliament’s website was down due to DDOS by Anonymous. They can’t emphasize that point enough – this is a game-changer.

     

    DDOS has been a remarkably effective tactic for bringing the world’s attention to injustice, from repression in Tunisia and Egypt to censorship by SOPA and ACTA. A symbolically rich response, DDOS says “If you silence us, we will silence you”. In that respect, it works.

    But DDOS is a single tool in our arsenal of protest, not the only one. Hacktivist need to engage in the mainstream political process as well – and for many of us, deeply frustrated by decades of corruption and unresponsiveness, this will require holding our nose.

    As events in Poland have shown, protesters have allies in unexpected places. There comes a time when dissident must use words to articulate their demands and desires, instead of UDP packets. There are still many ways to protest- in the form of mass emails, fax blasts and overloaded telephone switchboards.

    Protesters everywhere therefore call on dissidents, talkers, Dem, Rep and all freedom loving Internauts to contact your politicians directly;  “No SOPA, No ACTA!

    Hands off the Internet! - YOU CAN’T HAVE IT BACK!

    Europe

    United States

    Global

    -gAtO oUt

    Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

  • Predictive Behavioral Security Analysis part 1:

    Predictive Behavioral Security Analysis part 1:

    gAtO bEeN -watching a mouse hole called Twitter lately, it’s an OSINT Open Source Intelligence source that monitors real events in real time. OSINT – is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.

     

    cool dashboard – internet Storm Center - http://isc.sans.edu/dashboard.html

    gAtO bEeN -watching World Web War (WWW) hacktivismn has jumped started this new year, #OpMegaUpload upset lot’s of people and the organization structure of Anonymous is getting more refine. Things happened in #poland #ireland and during the middle of a DoS attack Anonymous told their warrior on twitter:

     

    http://trendsmap.com/

    @AnonyOps: #DDOS of European Parliament must stop NOW. They’re not the ones #ACTA

    Later they tweeted this:@AnonyOps: europarl.europa.eu back up after #DDOS. Thanks for listening to logic #Anonymous.go persuade the MEPs:

    http://www.msisac.org/apps/dashboard/

    Command and Control in your face and people responded to this organized movement. Each new attack everyone get’s better more coordination Anonymous is growing up. Just look at the causes #SOPA #PIPA  #ACTA #OpMegaUpload #poland #Ireland #SOPAIreland #France #Belgium  #FreeTopiary. The Anonymous thingy has grown up it’s a social conscious mindset created, manipulated, organic, ???? leaderless ????. The evolution of this movement has spawned OWS the Occupy Wall Street political movement has it’s roots in Anonymous, but you can see the worldwide community support for this group that is anyone. This movement will grow and mature.

    http://www.fsisac.com/

    Think about it.

    This Week gAtO Learned mUcHo-mUcHo, we have not only the technical means but now the social monitoring needs that can be used to gather information like no other time before. Of course our governments are getting in on the fun.

    Homeland Security DHS- Human Factors/Behavioral Sciences Projects:

    • Actionable Indicators and Countermeasures Project
    • Biometric Detector Project
    • Community Perceptions of Technology Panel Project
    • Community Resilience Project
    • Enhancing Public Response and Community Resilience Project
    • Future Attribute Screening Technology (FAST) Project
    • Hostile Intent Detection – Automated Prototype Project
    • Hostile Intent Detection – Validation of Observable Indicators of Suspicious Behavior Project
    • Human Systems Engineering Project
    • Human Systems Research Project
    • Insider Threat Detection Project
    • Mobile Biometrics System Project
    • Multi-modal Biometrics Project
    • Passive Methods for Precision Behavioral Screening Project
    • Predictive Screening Project
    • Quantitative Psychosocial Impacts Index Project
    • Rapid DNA Project
    • Risk Prediction Project
    • Violent-Intent Modeling and Simulation Project

    http://www.dhs.gov/files/programs/gc_1218480185439.shtm

    http://k.root-servers.org/

    And the CIA got into the fun[1] way before it was hip to monitor the web. We know the government has all kinds of databases of all kinds of things they collect remember echelon and carnivore the FBI first grab at data. Then we yell at the CHinese for doing the same thing we did, they learned from us about gathering information about people. Now cyberspace ties us in even tighter with SMS, streaming video, encrypted mobile chats for the masses. But as more is piled on more tools are developed. Recorded Future[2] was a little geek company sucking in the data and developing Analytical tools for Intelligence forecasting and the CIA loves them.

    Predictive Behavioral Security Analysis is just monitoring choice which is freedom for it is predictive and can then be manipulated to plant an idea, a spark, a tweet. “Egypt can be free” this little spark is setting the fuel for the flames that will burn in Cairo by it’s people via Twitter, Facebook and any other social media. The Arab Awakening -Arab Spring was an simple idea, manipulated in cyberspace by protester, dissidents and governments in Tunisia, Bahrain, Syria and others, we will see Iraq’s move in March of this years with it’s election, they are closing down their Internet but will the idea of freedom explode anyway. We will be monitoring this – gAtO OuT

     

    References:

    [1] CIA Invest in ‘Future’ of Web Monitorin http://www.wired.com/dangerroom/2010/07/exclusive-google-cia/

    [2] https://www.recordedfuture.com/

     

    Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

  • Underground Cyber War-TangoDown OpMegaupload

    gAtO wItNeSs – LIVE International Underground Cyber War via  Twitter this weekend. #Anonymous #Megaupload #OpMegaupload #TangoDown …

    If you haven’t heard, police in New Zealand raided MegaUpload.com took down the site and confiscated the servers and all the materials, copyrighted or original content. Remember SOPA protest last week this raid was a SOPA raid by the New Zealand government. They used (Low Orbit Ion Canon) and other tools plus  Twitter (Twitter follower could click on a link and that would launch a dDoS attack -live crowd-source enabled TangoDown attack.

    http://pastebin.com/WEydcBVV

    1. Twitter – @AnonymousWiki - January 19th, 2012
    2. Popular file-sharing website megaupload.com gets shutdown by U.S Justice – FBI and charged its founder with violating piracy laws. Four Megaupload members were also arrested. The FBI released a press release on its website which you can view here:

      German Internet millionaire Kim Schmitz (Kim Dotcom) arrives for. a trial at a district court in Munich in these May 27, 2002 file photos. New Zealand police broke through electronic locks and cut their way into a mansion safe room to arrest the alleged kingpin of an international Internet copyright theft case and seize millions of dollars worth of cars, artwork and other goods. German national Schmitz, also known as Kim Dotcom, was one of four men arrested in Auckland on January 20, 2012, in an investigation of the Megaupload.com website led by the U.S. Federal Bureau of Investigation. Reuters

    3. http://www.fbi.gov/news/pressrel/press-releases/justice-department-charges-leaders-of-megaupload-with-widespread-online-copyright-infringement
    4. We Anonymous are launching our largest attack ever on government and music industry sites. Lulz. The FBI didn’t think they would get away with this did they? They should have expected us.

    Anonymous Twitter feeds kept everyone informed, supporters retweeted it,  joined in the attack  and soon you could see the traffic increase 100% over the course of the event. The attack vector was dDoS but they manage to delete sites like cbs.com down to the bone. Another defiance stance from Anonymous and their crew(z) this weekend showing who has bad security. This is a way for Anonymous to be job creators (mEoW), because these companies need more security people fast…  

    **- Will these companies try and hide these attacks? Will these organization disclose if any identifiable USER INFO was compromised? – Will we see unencrypted USER INFO (credit cards -mastercard.com was tango down)in the wild of cyberspace? -**

    When gAtO saw Justice.gov and http://justinbieberweb.com/ got TangoDown gAtO kNeW they meant business. When the .gov took a hit you saw thing start to happened…like Anonymous.action-24.com is a fake forum created by the authorities (FBI).

    “A security expert (name withheld -Tweeted)” *** Is the (fully unsecure) #AnonGroup social network really run by #AnonOps / #Antisec ?

    gAtO sEe- conspiracy theory (FBI vs Anonymous) all around this, but if this was true, or maybe a plant to throw distress amongst the Anons or to capture participants IP address. \I see some links to news Items pop up in pasterBin all the time to a blank post, one way of seeing who is following the #OpMegaupload / I still haven’t found out but I’m sure people are looking into this. Trust in the crowd-sourcing communication and tracking tools coordinating attacks and status is something any dissident groups is concern about, but that the FBI and other’s took notice of these attacks thats for sure Dude:

    GOV TANGO DOWN! #Megaupload. » anonops AnonOps. “The Internet Strikes Back” is TT! » anonops AnonOps. The Internet Strikes Back #Megaupload info

    At the end of the day we see the power of the people in cyber space, a world wide movement like the SOPA, OWS support. Most people don’t have a clue what’s been happening in the underground cyber war to keep it FREE.  |gAtO is no judge as to the protesters wether it’s right or wrong first #SOPA blackout then this massive attack on some major companies -movers and skaters bAbY. I just want these companies to come clean and do the responsible thing, full Disclosure  what happened. Protect my data or else I will not do business with you. Hacktivismn has taken a new turn and people want to belong, they want to be empowered, some are hipsters but the majority are real protesters, the new breed of (hacktivist ) that comes after this one will blow our minds.

     **- 5:17 P.M. Update: RIAA.org is now down.

    5:55 Update 3: Tweets indicate there may be more attacks to come this evening.

    5:55 Update 3: Tweets indicate there may be more attacks to come this evening.

    7:47 Update 4: Anonymous is reporting FBI.gov as down. Some people report being able to get through, but the site is clearly under a lot of stress.

    8:19 Update 5: Now it’s definitely down. FBI.gov, that is. MPAA and RIAA sites are back now though

    - **

     A masked hacker, part of the Anonymous group, hacks the French presidential Elysee Palace website on January 20, 2012 near the eastern city of Lyon. Anonymous, which briefly knocked the FBI and Justice Department websites offline in retaliation for the US shutdown of file-sharing site Megaupload, is a shadowy group of international hackers with no central hierarchy. On the left screen, an Occupy mask is seen. Getty

    Expect Us! is their motto, we better be prepared - gAtO oUt

    Until this mess is clear , I hope you saved copies and can upload them to alternative sites like megaupload.com like Putlocker.comFilebox.com or Depositfiles.com or one of the many other cyberlockers available so that people can continue to enjoy them while Megaupload is not working. 

    References:

    Universal, RIAA, FBI, MPAA and Department of Justice Sites Go Down, Anonymous Claims Responsibility -http://www.geekosystem.com/anon-justice-universal/

    Anonymous deletes CBS: Operation Megaupload continues -http://www.examiner.com/anonymous-in-national/anonymous-deletes-cbs-operation-megaupload-continues?@anonymouspress

    If Megaupload is not working what happens to the files? http://www.examiner.com/video-game-in-honolulu/if-megaupload-is-not-working-what-happens-to-the-files?@anonymouspress

    Anonymous tricked people into joining Web site attacks - http://news.cnet.com/8301-27080_3-57363103-245/anonymous-tricked-people-into-joining-web-site-attacks/

    MegaUpload Photo’s of the Bust  - http://cryptome.org/2012-info/megaupload/0051.htm

    TangoDown 4 opMegaUpload -List

    CBS.com

    http://warnerbros.com

    http://www.vivendi.com/

    mastercard.com

    fightprivacy.com

    universalmusic.com

    http://paidcontent.co.uk/

    http://store.warnerbrosshop.com/

    wando.com.br

    Justice.gov

    http://justinbieberweb.com/

    http://www.europarl.europa.eu/

    http://ms.gov.pl/ Poland

    http://universalmusic.es/

    http://www.brasilia.df.gov.br/

    http://www.fbi.gov/

    Department of Justice http://www.justice.gov/

    http://www.riaa.com/

    http://www.universalmusic.com/

    http://www.wmg.com/

    http://www.BMI.com/

    http://www.mpaa.org/

    Motion Picture Association of America (MPAA.org) Universal Music (UniversalMusic.com) Belgian Anti-Piracy Federation (Anti-piracy.be/nl/) Recording Industry Association of America (RIAA.org) Federal Bureau of Investigation (FBI.gov) HADOPI law site (HADOPI.fr) U.S. Copyright Office (Copyright.gov) Universal Music France (UniversalMusic.fr) Senator Christopher Dodd (ChrisDodd.com) Vivendi France (Vivendi.fr) The White House (Whitehouse.gov) BMI (BMI.com) Warner Music Group (WMG.com)

    Brazil - MEGA TANGO DOWN

    http://pastebin.com/H4NpqCDC -

    Invadimos denovo : http://imgur.com/6bmFe. Havittaja – @Havittaja – www.twitter.com/Havittaja -The evilc0de – @theevilc0de – www.twitter.com/theevilc0de -Todos os servidores foram desligados -MEGA TANGO DOWN -(TODOS DEVEM ESTAR OFFLINE AGORA 22/01/2012 19:47)

    ?antigo.se.df.gov.br (OFFLINE)

    ?brasiliasustentavel.seduma.df.gov.br (OFFLINE)

    ?www.admjardimbotanico.df.gov.br (OFFLINE)

    ?www.agecom.df.gov.br (OFFLINE)

    ?www.agenciabrasilia.df.gov.br (OFFLINE)

    ?www.aguasclaras.df.gov.br (OFFLINE)

    ?www.arpdf.df.gov.br (OFFLINE)

    ?www.bandeirante.df.gov.br (OFFLINE)

    www.brasilia.df.gov.br (OFFLINE)

    www.brasiliatur.df.gov.br (OFFLINE)

    www.brazlandia.df.gov.br (OFFLINE)

    www.candangolandia.df.gov.br (OFFLINE)

    www.capitaldigital.df.gov.br (OFFLINE)

    www.carnaval.df.gov.br (OFFLINE)

    www.cbhparanaiba.seduma.df.gov.br (OFFLINE)

    www.ceasa.df.gov.br (OFFLINE)

    www.ceilandia.df.gov.br (OFFLINE)

    www.cepceilandia.df.gov.br (OFFLINE)

    www.codeplan.df.gov.br (OFFLINE)

    www.codhab.df.gov.br (OFFLINE)

    www.coorsep.seg.df.gov.br (OFFLINE)

    www.cruzeiro.df.gov.br (OFFLINE)

    www.defensoria.df.gov.br (OFFLINE)

    www.defesacivil.df.gov.br (OFFLINE)

    www.der.df.gov.br (OFFLINE)

    www.detran.df.gov.br (OFFLINE)

    www.df.gov.br (OFFLINE)

    www.dfdigital.df.gov.br (OFFLINE)

    www.distritofederal.df.gov.br (OFFLINE)

    www.educacaointegral.df.gov.br (OFFLINE)

    www.emater.df.gov.br (OFFLINE)

    www.escoladegoverno.seplag.df.gov.br (OFFLINE)

    www.esporte.df.gov.br (OFFLINE)

    www.etc.se.df.gov.br (OFFLINE)

    www.etc.sect.df.gov.br (OFFLINE)

    www.fap.df.gov.br (OFFLINE)

    www.fhb.df.gov.br (OFFLINE)

    www.gama.df.gov.br (OFFLINE)

    www.gdf.df.gov.br (OFFLINE)

    www.gdfdireto.df.gov.br (OFFLINE)

    www.governo.df.gov.br (OFFLINE)

    www.guara.df.gov.br (OFFLINE)

    www.hbdf50anos.df.gov.br (OFFLINE)

    www.ibram.df.gov.br (OFFLINE)

    www.inas.df.gov.br (OFFLINE)

    www.iprev.df.gov.br (OFFLINE)

    www.itapoa.df.gov.br (OFFLINE)

    www.jardimbotanico.df.gov.br (OFFLINE)

    www.juventude.df.gov.br (OFFLINE)

    www.lagonorte.df.gov.br (OFFLINE)

    www.lagosul.df.gov.br (OFFLINE)

    www.matricula.df.gov.br (OFFLINE)

    www.metro.df.gov.br (OFFLINE)

    www.nahora.df.gov.br (OFFLINE)

    www.novacap.df.gov.br (OFFLINE)

    www.orgaos.df.gov.br (OFFLINE)

    www.ouvidoriageral.df.gov.br (OFFLINE)

    www.paranoa.df.gov.br (OFFLINE)

    www.parceirosdaescola.df.gov.br (OFFLINE)

    www.parkway.df.gov.br (OFFLINE)

    www.pedala.df.gov.br (OFFLINE)

    www.pg.df.gov.br (OFFLINE)

    www.planaltina.df.gov.br (OFFLINE)

    www.prg.df.gov.br (OFFLINE)

    www.procon.df.gov.br (OFFLINE)

    www.protec.df.gov.br (OFFLINE)

    www.recanto.df.gov.br (OFFLINE)

    www.revista.seduma.df.gov.br (OFFLINE)

    www.riachofundo.df.gov.br (OFFLINE)

    www.riachofundoii.df.gov.br (OFFLINE)

    www.sa.df.gov.br (OFFLINE)

    www.samambaia.df.gov.br (OFFLINE)

    www.santamaria.df.gov.br (OFFLINE)

    www.saosebastiao.df.gov.br (OFFLINE)

    www.saude.df.gov.br (OFFLINE)

    www.scia.df.gov.br (OFFLINE)

    www.scs.df.gov.br (OFFLINE)

    www.sde.df.gov.br (OFFLINE)

    www.sdet.df.gov.br (OFFLINE)

    www.se.df.gov.br (OFFLINE)

    www.seade.df.gov.br (OFFLINE)

    www.seapa.df.gov.br (OFFLINE)

    www.sect.df.gov.br (OFFLINE)

    www.sedest.df.gov.br (OFFLINE)

    www.seduma.df.gov.br (OFFLINE)

    www.sehab.df.gov.br (OFFLINE)

    www.sejus.df.gov.br (OFFLINE)

    www.semarh.df.gov.br (OFFLINE)

    www.seops.df.gov.br (OFFLINE)

    www.seplag.df.gov.br (OFFLINE)

    www.setur.df.gov.br (OFFLINE)

    www.sga.df.gov.br (OFFLINE)

    www.sia.df.gov.br (OFFLINE)

    www.slu.df.gov.br (OFFLINE)

    www.so.df.gov.br (OFFLINE)

    www.sobradinho.df.gov.br (OFFLINE)

    www.sobradinhoii.df.gov.br (OFFLINE)

    www.ssp.df.gov.br (OFFLINE)

    www.st.df.gov.br (OFFLINE)

    www.sudoeste.df.gov.br (OFFLINE)

    www.taguatinga.df.gov.br (OFFLINE)

    www.tcb.df.gov.br (OFFLINE)

    www.varjao.df.gov.br (OFFLINE)

    www.vice.df.gov.br (OFFLINE)

    www.visitbrasilia.df.gov.br (OFFLINE)

    www.vlt.df.gov.br (OFFLINE)

    Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

  • Middle East CyberWar has Begun

    gAtO tHiNkInG – a nineteen (19) year old kid named oxOmar has started a cyber war between Israel and Saudi Arabia. oxOmar and his pals from the group-xp a Saudi Arabian hacker team posted on a hacker posting site thousand of Israeli credit cards. A few day later an Israeli named 0xOmer countered by posting Saudi credit cards. This all started about the 6 of January, Today 16 days into the new year we have the Tel Aviv Stock Exchange and El Al Israel’s national airline their websites hacked (dDoS).

    In the muslin world a new cyber empowerment has been born, with it’s history last year of the Arab Spring the ruling parties are worried now about the power of cyberspace. Every country is face with empowering it’s people with the technology they want knowing that these new communication tools can bring down their regimes. The more they continue building their digital infrastructure they become more vulnerable to cyber attacks themselves.

    a 19 year old kid starts a cyber war – It’s a cyber catch 22.

    Israel has great offensive cyber weapons like “Stuxnet and DuQu virus” which are the new cyber weapon framework of covert and overt attacks. These new cyber weapons are like drone airplanes inside an enemies computer system. Uploading new attack vectors as it learns and communicates with it’s command and control centers were the generals use it in tactical operation. But Israel has no real defensive cyber walls because it’s an open free society.

    The cyber tensions in the middle east have escalated with America and Israel joining together and going after Iran and Syria in cyberspace with probes and attacks. Iran is currently building a cyber fortress to keep everyone in and keep everyone else out. Now you add the Saudi’s our friends going after Israel our other friends. -gAtO ThInK iT’S aLl cRaZy

    Now a pro-Palestinian hacker group calling themselves “Nightmare” teamed up with Gaza Hacker Team and Anonymous to go after Israel. Meanwhile conventional groups like Hamas has become a cheerleader on the sidelines. The Israeli Defense Minister is to establish a special cyber warfare administration to support it’s country’s websites.

    What the gAtO doesn’t understand is how do children set the tone for cyber warfare in the middle east- were are the grown ups?  meanwhile back at the ranch Iran is pushing the nuclear agenda, while it play’s with oil disruption. Now people are saying these kids (oxOmar) will bring down our power supplies, our water treatment plants just to scare the population into giving them more money to do. What? Israel as well as other need to learn that the power of the internet cannot be stopped the people will find a way to get their voices heard. Countries that do not treat it’s citizens right can expect more and more hacking by kids, but wait until the grown-ups start then it’s going to be one major cluster-fuck -gAtO OuT  

    References:

    http://www.israelnationalnews.com/News/News.aspx/151713#.TxWPW5gUhnd

    Now you got people like “.oO HANNIBAL Oo.” joining in the fun:

    http://pastebin.com/yArqhA7V

     

     

    Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

  • Internet Usage in the Middle East

    gAtO fOuNd -this chart while chasing a mouse. When I saw this chart it’s a mirror of who and how the middle east is doing in cyberspace. First let’s look at who is not letting it’s people use the internet without restrictions. Iran, Syria and Gaza Strip as you can see they are not allowed to use Facebook. Iran has 46% of it’s people using the internet but it’s cut off and monitored (intranet only mAyBe). In Syria you can see the elite use the Internet and the local population is stopped flat. The disparity of who has and who hasn’t can be seen by this little chart.

    http://www.internetworldstats.com/stats5.htm
    Middle East Internet Usage and Population Statistics
    MIDDLE EAST Population
    ( 2011 Est. )
    Users, in
    Dec/2000
    Internet Usage,
    Latest Data
    % Population
    (Penetration)
    Users
    % Region
    Facebook
    Subscribers
    Bahrain 1,214,705 40,000 649,300 53.5 % 0.9 % 287,020
    Iran 77,891,220 250,000 36,500,000 46.9 % 50.3 % n/a
    Iraq 30,399,572 12,500 860,400 2.8 % 1.2 % 860,400
    Israel 7,473,052 1,270,000 5,263,146 70.4 % 7.3 % 3,442,680
    Jordan 6,508,271 127,300 1,741,900 26.8 % 2.4 % 1,675,780
    Kuwait 2,595,628 150,000 1,100,000 42.4 % 1.5 % 822,640
    Lebanon 4,143,101 300,000 1,201,820 29.0 % 1.7 % 1,201,820
    Oman 3,027,959 90,000 1,465,000 48.4 % 2.0 % 285,080
    Palestine (West Bk.) 2,568,555 35,000 1,379,000 53.7 % 1.9 % 599,520
    Qatar 848,016 30,000 563,800 66.5 % 0.8 % 245,580
    Saudi Arabia 26,131,703 200,000 11,400,000 43.6 % 15.7 % 4,034,740
    Syria 22,517,750 30,000 4,469,000 19.8 % 6.2 % n/a
    United Arab Emirates 5,148,664 735,000 3,555,100 69.0 % 4.9 % 2,340,880
    Yemen 24,133,492 15,000 2,349,000 9.7 % 3.2 % 329,040
    Gaza Strip 1,657,155 n/a n/a n/a n/a n/a
    TOTAL Middle East 216,258,843 3,284,800 72,497,466 33.5 % 100.0 % 16,125,180

    In places like Jordan almost every one in the country that has Internet access has an account in Facebook, Lebanon is also 100% online and on Facebook. Facebook and other social media is taking over the middle east. Their leaders will have to be careful in the muslin world the young are becoming more digitized every second. The smart phone has opened door to freedom more than any other device today -gAtO oUt.

    Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

  • How Can Iran Censor Cyberspace

    How does Iran censor cyberspace? -iranian cyber army

    gAtO tHiNk the same software that we might use to prevent our children from looking at porn on the Internet is basically the same software that is “sold to regimes everywhere”, but instead of entering pornography-related terms, you put in terms like student union, protest or democratization. or Deep Packet Inspection which I’ll explain later.

    ** Some of the best commercial grade censorship software sold “to regimes everywhere” comes from Nokia-Siemens and out of Silicon Valley **

    The gathering of information as well as covert action against computer networks that occurred in Iran in 2011 can be expected to continue and grow during 2012. Iranian counter-action in the form of a stepped-up cyber and sabotage campaign of their own citizens and against American installations in the Gulf will continue

    ** Control over the flow of information is a key issue for Iran — home to most Internet users in the Middle East with more than 36 million people of the 75 million populace. **

    June 2009 Was the first time Iran Internet was turned off – Following the controversial re-election of President Mahmoud Ahmadinejad in June 2009, the country was cut off for about 24 hours.

    Iran-Cyber-Guard Network

    The Iranian government asked the three (3) largest Internet service providers to shut down, the problem was they didn’t bother with the smaller ones and a few activists with satellite phoneswere ready and connections to Internet service were providers thru friend and activist in Europe, Dubai or Cyprus.

    The technical underground is available to the younger people and they are spreading the word, the pictures, the videos and news from the world that they matter, their voices are being heard. gAtO tHiNk that is the best example of “power to the people” in cyberspace.

    ** What the west has yet to learn is, there are not many Muslim countries which have a population as networked as that of Iran. :—: The good news is that the more Iran uses cyberspace the more vulnerable they will become **

    Instead of using landlines, some Iranian bloggers have taken to using satellite dishes to access the Internet, but they are increasingly being destroyed by special police units. Some of the problems that the Iranian government is facing is that Universities often have their own distinct connections to one another Universities. Major trading houses or major financial centers also sometimes have backup connections.

    ** Ali Hakim Javadi, Iran’s deputy minister for communications and information technology **

    If Iran shuts down the Internet, the price wouldn’t just be political (€€€-$$$). Were Iran to disconnect its oil industries from global information flows, the impact on those industries’ ability to deliver what little they can sell would be enormous. When Hosni Mubarak shut off the Internet in Egypt during the protests there, the impact was disastrous. The five days offline cost the Egyptian economy an estimated €250 million.

    Another problem for Iran is other countries are helping the dissidents hide in cyberspace, the US is working on developing the ability to send digital packets that are invisible and are only interpretable for other machines that you set up on the network that know what to look for. It’s called a dark Web infrastructure.

    ** Tor Project is another source that enables anyone to be anonymous in cyberspace and gain access to otherwise blocked sites **

    One way that Iran may be able to control cyberspace in Iran is Deep Packet Inspection (DPI) (also called complete packet inspection and Information eXtraction – IX -). The idea is to slow down the Internet traffic so much that you can use a program to inspect each piece of information that comes and goes.

    President Ahmadinejad has indicated he wants to provide an alternative, a so-called intranet (internal network Iranians only) which will allow Iranians to communicate among themselves, as the song said recording “every word you said”. China has the best example of a national network that is relatively disconnected from the rest of the global information infrastructure. The Chinese have built software that basically mimics anything we develop in the West and embed surveillance algorithms deeply into them. But I’d be very surprised if the Iranians were able to launch all of this.

    ** It’s a lot easier to say “you have a cyber army and have defenses to do battle in cyberspace” and let them prove other wise. We are talking about diplomatic bull-shit -mEoW -mEoW gOsE gAtO**

    Proxy servers are one of the things that activists have put to work for themselves. So when the state tries to shut down the Internet or when you learn that an authoritarian regime is watching particular sites or trying to disable YouTube or Twitter, proxy servers are very helpful as ways of getting around some of those barriers. They open doors where other doors have been shut.  Gaming consoles such as PlayStation or Xboxes can be turned into devices for sending out information without having to go through Internet exchange points. Learn from the young they know the technology and they will out live you anyway.

    As long are there are ways for freedom of speech to get out it’s OK “the world is watching you now”. gAtO oUt

    References:

    http://www.gatewaygulf.net/teleport.php

    http://en.wikipedia.org/wiki/List_of_Internet_exchange_points

    http://www.payvand.com/news/11/dec/1273.html

    http://en.wikipedia.org/wiki/Deep_packet_inspection

     

     

    Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

  • Anonymous Hacks Again Hackmas Gift 4 Charities

    UPDATE: 12-30-2011 (CentOS) is the OS that the Victims of the Duqu worm -Diagram -(son of Stuxnet).

    Anonymous hacks Security Firm Stratfor Global Intelligence

    Provides strategic intelligence on global business, economic, security and geopolitical affairs.

    gAtO sMiLe - Hackers Breach the Web Site of Stratfor Global Intelligence. gATo did a goole search on Stratfor_com. As you can see the site as of Sunday night (12-25-2012) 2310 hundred hours it’s still down. The part that got gAtO 2 sMiLe is that the other links from google point to “default- error page”.  For a security firm they have done everything WRONG that they could after the HACK.

    These error pages from a Google search gives away the OS  ((CentOS) Server) that they are using the Version of  (Apache/2.2.15)  also the the nomenclature they use in their Directory structure. This is a wealth of information to give any hacker to start hacking then next time (there will be a next time 4 Stratfor ) . A security firm should at least have a disaster recovery plan well Stratfor Global Intelligence has none.

    Example: From Google click on Careers, ABOUT Stratfor, Geopolitical Weekly or any othe rpage and you get an error page with all kinds of information for any hacker during information gathering before the hack. 

    From a simple google search:

    (CentOS) Server

     

     

     

     

    They use CentOS: – Check out their bug report page: -http://bugs.centos.org/view_all_bug_page.php

    stratfor.com/subscibe error code show lots of Information about any site. A good web designer would of hiding this information to keep a hacker from knowing my information

    This site list the bug reports for Cent(OS). A wealth of information for a hacker.

    Apache/2.2.15

    http://httpd.apache.org/security/vulnerabilities_22.html

    You can see that if you need to hack Apache just scan for CVE-2022-3368 and CVE-2011-3348 and these are for version 2.21 and 2.2.22 they are running 2.215. To gAtO it looks like they may not of done proper Patch management to keep up with updates.

     

     

    “Anonymous” claimed Sunday to have stolen thousands of credit card numbers and other personal information belonging to clients of U.S.-based security think tank Stratfor

     

    I read that they did not encrypt their subscribers credit card so a few people have made charitable contribution from their credit cards on .stratfor. Why do companies that have credit and personal information not encrypt them. This is a no brainer, if I have customers information and I’m a security company why is my website so bad and open to hacking so easily.

     

    Anonymous said the client list it had already posted was a small slice of the 200 gigabytes worth of plunder it stole from Stratfor and promised more leaks. It said it was able to get the credit card details in part because Stratfor didn’t bother encrypting them – an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.

     

    Hours after publishing what it claimed was Stratfor’s client list, Anonymous tweeted a link to encrypted files online with names, phone numbers, emails, addresses and credit card account details.

     

    Anyway gAtO just wanted to point some of these things out I just don’t understand it why these big shot Security firms scream so loud about hackers, maybe because they do such a bad job that they think that laws may help them but this damage of reputation may bring this company down.

    The problem that gAtO has found is these big shots thing that they hire anyone that has a security clearance or a certification. These people have no real knowledge of what a hacker does but what’s in the book. When you read it from a book today it’s outdated before it’s been printed and the hackers are on to newer stuff. Companies cannot think if they are compliant and within regulatory that will stop a hacker, they think that just because it has n0t happened before and it looks impossible to you the hackers know all the same in-the-box stuff that everyone else does. So you better understand were the new information is coming from and keep learning every day. Cyberspace is not going to stop evolving so security people better not stop and, they need to always keep an open mind and think of the impossible and protect you data. It may be what keeps your company from going under with just one hack

    gAtO_oUt

    Directory Structure: just add strafer.com/xxx

    /weekly/friedman_on_geopolitics

    /analysis/20111028-mexicos-cartels-draw-online-activists-ire

    Not Found

    The requested URL /analysis/20111028-mexicos-cartels-draw-online-activists-ire was not found on this server.

    Apache/2.2.15 (CentOS) Server at www.stratfor.com Port 80

    Not Found

    The requested URL /careers was not found on this server.

    Apache/2.2.15 (CentOS) Server at www.stratfor.com Port 80

    Not Found

    The requested URL /weekly/20111212-russias-plan-disrupt-us-european-relations was not found on this server.

    Apache/2.2.15 (CentOS) Server at www.stratfor.com Port 80

    Read More:

    http://www.huffingtonpost.com/2011/12/25/anonymous-stratfor-hack-hackers-hacking_n_1169268.html

    http://www.nytimes.com/2011/12/26/technology/hackers-breach-the-web-site-of-stratfor-global-intelligence.html?_r=1&hp

    Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

  • Cyber China Spy Threat | Cyber Espionage and Influence

    China’s growing spy threat is a great article. It points to everything I have said before.

    The top priority of Chinese

    •            Industrial espionage aimed at defense industry and high tech sectors

    •            Infiltration of critical infrastructure and military targets

    •            Nexus of organized cybercrime and terrorist fundraising

    •            Monitoring and Disrupting Dissidents

    We need to understand the Chinese government mindset to understand them, paranoia, saving face and economic these are the 3 pillars of the new communism in China. Let’s start with paranoia. One of China’s prime paranoia, lack of trust of anything not created in China it must have back doors. Look at all the discussion on the Chinese company Huawei, installing back doors in our telecom infrastructure. We did it to them and nowel gatoMalo they’re paying us back. The Chinese know they are putting backdoors in our electronics because they can, they own our manufacturing. China worked very hard in creating kylin (Unix). They have to use Microsoft because some applications only run on it but it’s too easy to hack and “made in America” didn’t make them happy. This is why Google left; they refuse to give the Chinese the keys to the code.

    On the same paranoia crazy train.  One of the top priorities of Chinese espionage efforts—foreign and domestic—is monitoring and disrupting dissidents, according to defectors, experts, and official documents.

    Anyone who talks bad about China will pay the price, monitoring, I’m currently on there radar (popular posts, referrers and keywords stats on my blogs & sudden twitter followers, say so much) and so is everyone who write about China especially cyber security.

    Let’s talk economics. China has been looked at as a source of cheap labor only, they don’t want our breadcrumbs, they want to become leaders not followers and I can’t blame them. As a nation I want to be seen as a leader in Technology, in Finance not the errand boy of the west. (Saving face). The facts are that the last 10 years China has been using it’s money wisely investing in companies around the world (influence), while America has been bombing people all over the world. They create new alliances we destroy our alliance with drone planes. And to top it off they are going after our political elite. According to experts, China uses bribes, blackmail, women, lavish vacations in China, and other means to compromise officials worldwide. I just wrote about this about our current presidential front runner Rick Perry in bed with the Chinese companies – Huawei just opened it’s door in Texas and so did 12 other Chinese corporations, what do you think there doing in the U.S.( http://uscyberlabs.com/blog/2011/09/11/cyber-warfare-rick-perry-mitt-romney-opening-u-s-cyber-infrastructure-china-huawei/).

    Sorry I just had to put down these words after reading the article.

     

    Time to get down of the soapbox.

     

    Read More -

    http://the-diplomat.com/2011/09/19/chinas-growing-spy-threat/5/

    Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit



  • ©2012 US Cyber Labs - Blog Entries (RSS) and Comments (RSS)  Raindrops Theme  
    gAtO had -15097 visitors