Category Archives: cyber-spies

06/18/13

Weaponize the Tor Network:

weaponizing-the-web1-720x2808

Weaponize the Web

prism-01

if you got nothing to hide – you got nothing to worry about

 gAtO wAs - asked the Tor-Network is slow as heck, does not support sending outgoing email and does not support UDP packets of the TCP/IP protocol, so can it be weaponized? Maybe monitoring the Tor-Network like Prism and Nucleon or the Japan based Daedalus Monitoring program at the very least?

Data collection in Tor:

I guess this all depends on your definition of what a weaponize cyber weapon is-///-IP theft- here we have a vast collection of both /IP-(intellectual Property) and /copyright – /hacking /sql-i in Tor// -.- /hacktivism -how about /personal privacy online-collection of all internet transaction and data sharing with Google, Facebook, Microsoft and others— /government censorship of it’s people /Worldwide Internet monitoring-///  Like a room 641a for Tor only traffic.

prism-03

Daedalus Monitoring program

Mix a little more counter-offensive cyber class weapons like Stuxnet, Flame and DuKu – add a bit of misinformation and propaganda to the mix and we have a better question.

Next we have a more military type cyber weaponized solution. Control Drones planes in Tor -another one is dDos, attacks on the electric grid or sabotage satellites. Cyber attacks like power outage, hacking attacks on cell phones and wall street computers and add traffic lights and traffic in the northeast going wacko. Like they say trains, planes and automobiles are all connected to cyberspace from China to Canada… prism-02

Tor can also be used in all the above scenario- Yes big brother/sister it can. So the answer is Yes, but Tor is not the pony network that can do this work. There are other kinds of anonymized networks that can be used, and with your own relays all over the world you can create your own Tor-private network that only you use so it will be faster and side nobody can see it – well Tor is not the only network one to watch for cyber weaponized products - gAtO oUt

 

 

 

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2013/06/weaponizing-the-web1-720x2808.jpgDigg ThisSubmit to reddit
06/14/13

Cyber Illuminate – Prism

gAtO lOcO-  I know conspiracy theory’s but this one stop me cold.  I was looking at a newscast and the NSA Prism illuminate_dollarlogo came on, OK pink Floyd – dark side of the moon rip-off but something caught my eye – the triangle on the dollar bill and the Prism logo triangle ummmm…. – an all seeing triangle -what every one tells about the Illuminate logo. If you apply a prism to data -it’s the same thing you grab all the light/data and filter it down to different data streams, categories -colors. I can see the meaning of the logo for prism now, wonder how much they paid a no-bid contractor for that logo.  prism-logo-61013

—a new world order – cyberspace —

Then I remember the CISPA fight we had a while back and on one of them it said. “Cyber Intelligence Sharing & Protection Act” that was pretty much the same thing we find now in what Prism does with phone and data collection. So my question is, if Prism has been going on since the Patriot Act and the NSA has been doing this legally.

Why CISPA? Why SOPA? Why PIPA? Come on Prism is legal so why all this data sharing when the government was doing it under our nose. I think what this kid Shoden did was stupid, but it’s his choice and he will live with this one way or another. What he showed us has opened a discussion that I think was needed in the cyber world. cispa

Cyber society is the new norm and we older-people must accept that these young men and women know this technology and how to use it better than we do. Cyberspace belongs to everyone today and I hope we together can change things for the better. But I don’t think the powers that be will give over so easily. Prsim is a perfect example of how the cold war mentality has change with the digital domain becoming more real. We will not recognize the Internet 10 years from now, but if the Illuminate have there way they will be watching us -  gAtO lOcO oUt…      Illuminate

 

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2013/06/prism-logo-61013-300x225.jpgDigg ThisSubmit to reddit
06/12/13

Government use of Cyber Weaponized Exploits

gAtO rEaD- The government is buying hackers exploits – not to stop these sophisticated cyber exploits but to use these tools against it’s own people- they are using the tools to infiltrate computer networks worldwide, leaving behind spy programs and cyber-weapons that can disrupt data or damage systems.network

The core problem: Spy tools and cyber-weapons rely on vulnerabilities in existing software programs, and these hacks would be much less useful to the government if the flaws were exposed through public warnings. So the more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software remain unrepaired. So your computer is vulnerable and the governments knows it and will not disclose this information, but use it against you to place cookies,RAT’s or other spyware into your computer -maybe- I trust our government don’t you?

If you got nothing to hide, you should not be worried… right????

So our Tax dollars are going to Hackers and cyber criminals that sell these exploits all over the world. As a tax payer I don’t like this part at all. But the worst part is by us taking the lead of cyber offensive cyber tools -example.. Stuxnet – it is a plan book for other countries to do the same. So what we do in cyberspace has become socially acceptable to do in cyberspace and then we bitch about China. I don’t get it – mEoW

Officials have never publicly acknowledged engaging in offensive cyber-warfare, though the one case that has beenmost widely reported – the use of a virus known as Stuxnet to disrupt Iran’s nuclear-research program – was lauded in Washington. Officials confirmed to Reuters previously that the U.S. government drove Stuxnet’s development, and the Pentagon is expanding its offensive capability through the nascent Cyber Command.

Then you have the Prism disclosure and PoW- US Cyber Agents Disrupt Publication of Popular Al Qaeda Magazine – This means that Obama’s cyber military is potentially capable of more targeted attacks, specified at damaging particular pieces of information or infrastructure. I wonder where they got those vulnerabilities? maybe some bad guys—/Nato_cyber_plat

What worries me is as the U.S engages in these attacks our enemies are learning what is acceptable in cyberwar. So we must be careful not to lose the fact that everyone is watching what we do and how we treat cyberspace and others governments will follow, defensive and offensive, they are learning from the best the U.S. Government -gAtO oUt

ref: http://www.reuters.com/article/2013/05/10/us-usa-cyberweapons-specialreport-idUSBRE9490EL20130510

 

http://www.businessinsider.com/us-cyber-agents-disrupt-inspire-magazine-2013-6

 

 

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/12/network.pngDigg ThisSubmit to reddit
03/24/13

Tor is NOT the ONLY Anonymous Network

gAtO fOuNd – this very interesting and wanted to share -

Tor does some things good, but other anonymous networks do other things better. Only when used together do they work best. And of course you want to already know how to use them should something happen to Tor and you are forced to move to another network.fin_07

Try them! You may even find something interesting you cannot find on Tor!

Anonymous networks

These are well known and widely deployed anonymous networks that offer strong anonymity and high security. They are all open source, in active development, have been online for many years and resisted attack attempts. They run on multiple operating systems and are safe to use with default settings. All are well regarded.

  • Tor – Fast anonymous internet access, hidden websites, most well known.
  • I2P – Hidden websites, anonymous bittorrent, mail, out-proxy to internet, other services.
  • Freenet – Static website hosting, distributed file storage for large files, decentralized forums.

Less well known

Also anonymous networks, but less used and possibly more limited in functionality.

  • GnuNet – Anonymous distributed file storage.
  • OneSwarm – Bittorrent, has a non-anonymous mode, requires friends for anonymity.
  • RetroShare – File-sharing, chat, forums, mail. Requires friends, and not anonymous to those friends, only the rest of the network.
  • Omemo – Distributed social storage platform. Uncertain to what extent it is anonymous.

Non-free networks

These are anonymous networks, but are not open source. Therefore their security and anonymity properties is hard to impossible to verify, and though the applications are legit, they may have serious weaknesses. Do not rely on them for strong anonymity.

  • Osiris – Serverless portal system, does not claim to provide any real anonymity.

In development

  • Phantom – Hidden Services, native IPv6 transport.
  • GlobaLeaks – Open Source Whistleblowing Framework.
  • FreedomBox – Project to create personal servers for distributed social networking, email and audio/video communications.
  • Telex – A new way to circumvent Internet censorship.
  • Project Byzantium – Bootable live distribution of Linux to set up wireless mesh nodes with commonly available hardware.
  • Hyperboria A distributed meshnet built on cjdns.

Routing Platforms

These are internets overlaid on the internet. They provide security via encryption, but only provides weak to none anonymity on their own. Only standard tools such as OpenVPN and Quagga are required to connect. Responsibility for a sufficiently anonymous setup is placed on the user and their advertised routes. More suited for private groups as things out in the open can be firewalled by other participants. Can be layered above or below other anonymity nets for more security and fun.

  • Anonet – AnoNet2, a more open replacement for AnoNet1.
  • dn42 – Another highly technical routing community.
  • CJDNS, an IPV6 overlay network that provides end to end encryption. It is not anonymous by itself.

Alternative Internet

  • Netsukuku – A project that aims to build a global P2P online network completely independent from the Internet by using Wi-Fi. The software is still in active development, although the site is no longer updated. A new site is in progress of being built.
  • Many other wireless communities building mesh networks as an alternative to the Internet, e.g. Freifunk, http://guifi.net and many more around the globe. see also

Alternative domain name systems

  • Namecoin – Cryptocurrency with the added ability to support a decentralised domain name system currently as a .bit.
  • OpenNIC – A user controlled Network Information Center offering a democratic, non-national, alternative to the traditional Top-Level Domain registries.
  • Dot-P2P – Another decentralized DNS service without centralized registry operators (at July 18, 2012 page is not accessible and has not known anything about the status of project from February 2011).

See Also

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/03/fin_07.tiffDigg ThisSubmit to reddit
11/30/12

Canadian MintChip and Bitcoins -Whats Up

gAtO’s bEeN - checking out digital currencies and I find that The Royal Mint of Canada was researching a digital currency, they had a contest for developers witch gave the winners over $50,000 in .9999 gold. —/ Stop here so the digital currencies developers were payed in GOld not in their own currency or canadian money. Silicone Valley works with stock options and stuff for their geeks but -// I’ll give you the full tour below but the similarity to Bitcoin is uncanny.

Ok-OK a government watching it’s people transactions -umm I don’t like that // the real killer – 0% transaction fees. Do you think that the “kings of making money off transactions” Visa-MC-AE- Paypal – 1 1/2 to 3% transaction fees and the banks behind this would allow it. Reducing the velocity of money and NOT making money with free 0% transactions on digital money – the bankers did the math and the politicians killed this quite like…//

 

So what happens with MintChip – Canada’s Digital currency-  it has disappeared into the Bermuda Triangle of digital currencies holes – a news blackout. The only thing I found was The MintChip Challenge website – http://mintchipchallenge.com/updates (sad the awards were Oct. 25 -Not a word) Not a sound about a digital currency that a government is trying to use. Why the news blackout??

Canadian commissioned social-Impact researchers requested the immediate halt of the project due to concerns over marginalizing technologically-deprived Canadians. http://en.wikipedia.org/wiki/MintChip

So a social-economic reason is the only thing they can come up with right!!! The government gives out food and cash to the poor why not MintChip and why the news blackout I ask again. So while a Country try’s to build it’s own digital currency and FAIL Bitcoing is going up 135% in the last 3 months this must mean the people rather put their trust in the “ether” of Bitcoins and Miners and all the problems than a government back digital currency. mEoW

 

Now that is a statement by the people and for the people – People just don’t true government anymore but the questions of why and is more important -HOW this was kept so quite -mEoW – gAtO OuT

Ref:

http://mintchipchallenge.com/updates

http://www.delib.net/dblog/

http://www.royalmint.com/?promocode=W13G&__ja=kw:the+royal+mint%7Ccgn:The+Royal+Mint%7Ccgid:2446467505%7Ctsid:38842%7Ccn:Brand+%7c+USA+%7c+_Brand%7Ccid:71526745%7Clid:13878890%7Cmt:Broad%7Cnw:search%7Ccrid:12338821465&gclid=CJuG6amT-LMCFSFyQgodNEsA1Q

http://en.wikipedia.org/wiki/MintChip

The MintChip System

The MintChip digital currency works on the Internet, in the physical store, on mobile devices, and enables easy person-to-person transactions. You can choose to register an account in the cloud, download an application or obtain a MintChip device to transact in online and offline environments. The MintChip system is based on a direct asset transfer model that moves value between trusted stores without the involvement of any intermediary. Each participant has a trusted store loaded in an account in the cloud, mobile device, USB stick on a PC or a tablet.

Whether in the cloud, or inserted into a device that you carry, the core of MintChip is an integrated circuit that holds electronic value and transfers value from one chip to another in a secure fashion.

Hosted MintChip (Cloud Account)

A Hosted MintChip Store allows consumers and merchants to transact and manage their MintChip value remotely via a ‘cloud account’.

The operator of the Hosted MintChip Store manages a user’s MintChip store (account). The operator authenticates the owner of the store, and acts upon their instructions to move value into and out of the owner’s MintChip store (account).

Transactions

Sender and Receiver

A complete MintChip transaction always consists of two MintChip devices, a Sender and Receiver. A Receiver’s MintChip ID must be known by the Sender, this is the main purpose of the MintChip Request transmission.

MintChip Value

On receiving the value request message, the Sender’s MintChip creates the value message that represents a monetary value in transition. The value message contains the requested monetary amount and can only be consumed by the Receiver’s MintChip identified by its unique ID. The value message is digitally signed to protect against any tampering. Once the value message is created by the Sender’s MintChip, the MintChip’s balance is decreased by the corresponding value. This transaction is irrevocable. The Sender cannot stop or cancel the

transaction after the value message has been created. On receiving the value message, the Receiver’s MintChip verifies the validity of the message using the digital signature and the Sender’s public certificate embedded in the message. It also verifies that the value message is not a duplicate using the challenge value. If the value message is valid, the Receiver’s MintChip balance gets incremented by the amount specified in the value message.

 

Sustainability 

Designed by the Royal Canadian Mint, MintChip has been architected with security and trust at its forefront. The MintChip solution delivers privacy and convenience to consumers and provides merchants with a cost effective payment option that can easily monetize digital content. Just like cash, the MintChip system is based on a direct asset transfer model that moves value between trusted entities without the involvement of any intermediary.

There is no need to provide any personal information when paying with MintChip. MintChip payments are irrevocable and secure.

Architecture 

The MintChip ecosystem has been designed to emulate the existing coin distribution model, i.e. MintChip is minted by the Royal Canadian Mint and distributed into the market by a Trusted Broker, to be used by consumers and merchants. 

The MintChip – Value Creation

 

The MintChip system models the attributes of cash.

The MintChip Minter is the trusted entity that creates the MintChip value and which it puts into circulation by selling value to the Broker. The Broker trades MintChip value with the users of the system and MintChip value is exchanged with consumers and merchants. The Broker debits and credits the merchant and consumer bank accounts in exchange for MintChip value. Senders and Receivers are users of MintChip value and may be consumers, merchants, businesses, Government, etc.

 

The MintChip – Security Overview

 

The MintChip chip is a Tamper Resistant Module (TRM), sometimes also called a Hardware Security Module (HSM). The Value Transfer Protocol cannot be modified without detection.

The integrity of the TRM must be assured and the cryptographic mechanisms protecting the Value Transfer Message are adequately resistant to attack.

 

The chip used for the MintChip store must adequately represent a TRM.

The security of the chip (including firmware and software) is the greatest vulnerability in a MintChip system; therefore MintChip will use security-hardened chips with regularly planned security upgrades.

The MintChip system is deliberately designed for changes to both the chips and cryptographic mechanisms in a transparent fashion. It is even possible to force the expiry of a particular MintChip platform version.

Unlike other conventional electronic payment systems, MintChip does not have the same threat model. MintChip can operate off-line or on-line unreferenced to any trusted party and the payment is instant and irrevocable.

Recap

 

FuzionApps would like to bring this offering to the US, using our mobile app DeMerchant MintChip. By using a technology that’s already in place, we can bring this to the US Market faster that starting from research and development. The demand for electronic transactions is on the rise. Of all the offerings in the market, we believe this to be the most viable, assessable and secure. Contact Laquitta at demerchant@fuzionapps.com for a demo of our mobile app prototype.

FuzionApps, Inc.

1750 Northshore Drive Missouri City, TX 7459 (281) 403-1087

www.fuZionapps.com  – Point of Contact: Laquitta DeMerchant demerchant@fuzionapps.com

Share on TumblrSubmit to StumbleUpondata:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBhQSERQUExQVFBUVFhgaGBUXFxoXGhkZGhoYHBgYGRocHSceHRsjGhwaHy8gIycpLCwsFx4xNTAqNScrLCkBCQoKDgwOGg8PGjQkHyUsKiwsLyw1LDQtLCosKiksLCwsLzIwLCwsKSwsKSksKSwsLCwsKSksLCwpLyksLCksKf/AABEIANAA8gMBIgACEQEDEQH/xAAcAAACAgMBAQAAAAAAAAAAAAAABgQFAgMHAQj/xABOEAACAQIEAwMHBgoGCgIDAAABAhEAAwQSITEFBkETIlEHFDJhcYGRFSNCU1TRFhczUnKTlKGx0kNEYnTB8CQlNDWCkqKys8Lh8VVzhP/EABsBAQADAQEBAQAAAAAAAAAAAAABAgMEBQYH/8QAOBEAAgECAwQGCQMEAwAAAAAAAAECAxEEEiExQVFhUnGRodHwExQyQoGSscHSIqLhBVOCwiMzcv/aAAwDAQACEQMRAD8A7jNE1zThZuXEtNcxeLTtrl1cwuhLa5LmVVBKN3yNQpInKYPSp+EtWrsdnxHHOS0AKZOwOaBb9GCDPrrJVL7j0Z4HI2nLZye74ch8miaRvNU7kcQ4gc/Z5QDJPaBymgtzsjeyNaj4RAxh8djk0Q584Kd8uFGY2wR6BEkDUxT0nIj1LS+bul4HQZomkPEYZUKlsdjwj2luBs4nvMqquXJIJzDet1vh6M5QcQx8hxbPeA75Vmj0PBTU5+RHqitfN3S8B2miaQJsa/6zxulsP6Q9Eqrfmb5WUx6/Ua3cc4PctYO7iLeOxhK286hnAHqkZQaj0m+xKwazKLna7srqXgPNFaMCxNpCdSUUk+4VvrU4GrOwUjYhbV7H3bePYgKR5tZditlkgS86B3noTptr0eai8Q4ZavpkvW1uL4MAfePA+sVSUbnRh6ypN33q11tXNedm8WfwdxVtmOHe3bTM7IoJCw7CAVCwQqqIGsG448JnLw7FdoS7m4snKBcNuO8MjHIgmFBldQS21YHke2n5C/icMPzUukoP+F5FKfGOJ4kZrdvGvcSIzNatifHvATl9f8RS7W4s6VOTuqnzJ37s31GfC4XHq1le0DplTM8qZgJnzEpJklwIgnuyd5MTwfHZ2a3eEZ7rKGdiIdpAIIIIVVWB0zuNopD4fxDF2m+avZZPo5e6fapMe/f1004fE45oN3Fm0D1TDow95JkH10zPg+7xI9Xh/cj+78S0xHDMcS47VGU9plzqjfRAtSMkDaTAOp2iRVNzUMLgouYZxaxSx83bPddQRm7a2vdCxJmB6qu05P7UTdxmKvA9BcCIfcgHq61bcL5ew+HBFm0iTuYkn2sZJ95qsk5brG1GpSw7vmcuKWifXfd/iSMDxC3eXNbdLi+KMGH7q0cb42mFt9o4dgWVQEGZiWMCBIqBjeScO7dpbDYe79ZYY2z7wO6feKoOZsHi7Vu0t29bv2fOLEMUyXQe0EA5e6R696SlJLYKNCjVqRSlpfY9H8Grr6dRcnnhfsuN/Zz99A54X7Ljf2c/fV7jsILttkbYxPsBB/wqvTggGnatJ1MHKWIPeJjeS223eqbS4lIzw7WsO9kP8N1+yY79nP30fhuv2THfs5++rHBcJKGe1dgBAEmBoBtJGnT/ABrSmAnRcQ05SNCT0AJ9I+MjwLE6iAFpcSc2H6PeyEOekO2Fxp//AJz99e/hwv2XG/s5++p9vg4WfnW7wVRrBhSGIEHqAdo0J3oPAZBBu3DIjc+Os666EjX840tPiM+H6PeyD+G6/ZMd+zn76Pw3X7Jjv2c/fVne4QWM9q6nKB3SQBoBMTHQ/wDNXlnhBVlbtXMEkiTBkAAROwgxM+kdzrS0uJGfD29nvZE4ZzbbvXhZ7K/acqWHa28khSAYkz18KvaWsX/vex/dbv8A3pTLUxb1uZ4iMFlcFa6v3tfYKKKKucwkcpcIN7B2znKhbt7uxmUkXmIJWYMEAiQYIqxt8AVSqDEQbRBURqsqYUd6cpVT3B3YXbSk3BcSQYe0ovi26vfzgOg/pi9uQXUg51U7aqzDrUteL2c1tmuq5RkY5rlv0sl0XCPndJa4GH6ABrljJWR9BWo1HObT3y0tzf1GaxwC3bUXlvqqAK4uEDKAA+Ugs0BQtxoG0N7K0Yvl6zka22JVQ9tQQAsm2HlTEmQHbRo+lE1RYbjFhMNcsdqsPbtKPnLRAZFAdtbuzETpWq3xKypkXxIBVTntAraD2TbSRd+iqMD4l6m64FFRq3u5Pbw+K3bhyxvL5f07269n6ISVJnJ3WGhPTrtUE8FslyvnKF8yrAjMpUPlQQ0ppn7ogelpS4eKWZBN1Wh7bw122QWS7cafypj5tgun5o6RW63xyx2Vqy7obdq5mBFy2GcRcnN87o3eEwTME6bVOZMqqFWK0b7PPIZcNy2AXW3fIgKjBQViFXLIDelkCjNvEa1p5lwBs8LxKZgyrZIUBQuUAbab++lW/wAYBVV7cMcpBY3kEN2Nm2HEXZJDozj1kbEyGLmzmTDXOH30XEWmdrRAUXFLEwNIB39lM0bMKjWVWnfW8lu2Wa89Q1cO/JW/0F/gKkVH4d+St/oL/wBoqRXQjxpbWFeE17QRQqVWJ5mw6f0gb9GW/eNK5zxnFW2vkoSvaMxUR65Om0wZ0pj5o4Oq3XNoBIs54Gilg8ajbbwila1ftOwW+ptsD3WC5hJESCNRpp1qUC85fwCgB2gk7eG9Z8qY3NdxCk9oA2tzvAFpPcKtpIEbdIos3rNlAvam5G2UamSTUa5xx5ItWgs9XaCTtOUQf31JA8YLidoDJIQjSCIE+o7VZA1z3CYK9cNrtbjDPeyMtuE7uUHeM06+NPPD+HJYTJbBAmdWZjJ3JLEmqkkqlrn38ha/vWH/APIKZaoecuHXb1hRZUO63rT5SwWQjSdTVJ+yzpwjSrwb4otsdbVkYOYXcnTSCD103HXSqq/hMMvpOO9J9IdSFnQdCdzrpvppDxHEcc6lW4ehB3HnSj+C1HRsWDI4cg2/rY6agbbTrHjrUOS8pm0MPOPvL4Sh4lxcw2HKhO02YxDiZYiRp0BKnbSBWp8Hhfzx3tsrAnVRtA6qo9UCqxGxY24ag0j/AGsaCQ0DTQZhOnWfE14vnY1+TU6f1sGQAQAZG0HaozLh3MsqEl7y+aHiXeDwNjOpRwzLqoDKehUkADbU7bRpG1W9KVjE4xCCvDkBHXzpT0I6jw09lSPlniH2BP2lP5alSXlMznhpt7V80PEZaKWvlniH2BP2lP5aPlniH2BP2lP5anOvKZT1WfGPzR8Qxf8Avex/dbv/AHpTLSpgMPiruPt372HWyqWXTS6tySzKRtB6U10hvZOJVskbrSO5p73wCiiirnIQTwLD/UWf1afdXnyDh/qLP6tPuqfRUWRp6WfSZA+QcP8AUWf1afdR8g4f6iz+rT7qn0Ush6WfSZA+QcP9RZ/Vp91HyDh/qLP6tPuqfRSyHpZ9JkD5Bw/1Fn9Wn3UfIOH+os/q0+6p9FLIeln0meKsCBoBXtFFSZhRRWLpIjX3UBQ8fy9o0xrYI16nPtXPoLX7iFWAQqQWXQgk6q2xGm2469KbOOcq3FzPbLXFJzFSZYHxB6+yqjCqxiRIBieoPgfX++gPTgAmABCiZ6aT328KVVuXjZYFshLn0BlOWFhZTU9dz1p7xSf6EEyszDXKImMxPWBtXPMRzANVt2xvtGcg7R0Ubda0VralXc6vh1Aa0OvbTHqyxNM1c15c88xgzNbFkja6ysQw8VUQsz6zTFx2/iMNYsIl4G5cxFu12joDo+boI2Me4VlJ2VzalTdSagt40UUoFceHKHG2gQQNcNoZjY5vWPiKwN3GDfH2I8fNjHxzR/8AR8DVc/L6eJ0eqr+4v3fiOVFJvaY37dZAkifNjGgUzObaGEHYz7KDdxkx5/YGhOuGI0Xfdvb/AMreBqM/L6eI9VXTX7vxHKik9TjSJGPsR4+bH83N+d0Gp8K8NzGjfH2B7cMR0kj0tx4biQOtTn5fTxHqq6a/d+I40Uq4fC49xKY2ww8Rh/UD+d4EVv5ax2IOIxVjEXFuGyLMMqZPTVmOkn1fCmbXYVlhrRlJTTtq0r32pb0uIx0UUVc5QooooAooooAooooAooooAooooAooooAoqq4lzAli4FuBguWc/SYY5R4tC+jvqIBAYrqtc1WiLrEMq2ghJIgnPMQp1mREGgLqiqRObrDZQmdizKB3GGjXBazyR6OcxNZvzXZDFe+WBIgW2MkOUgGIksrAeMTQFxVZxHgKXTnHccfSEa+phsR7fdUS1zph2UNLiQT+Tc6LGYyBBAY5SR19WtWPDuLJfzZMwymCGUqd2Xr/AGlYf8JoCGvLtuR2hzk7KTpp4Lt+6pOH5fw6OXSzbDH6QUT7R4e6ua88WsceYOHdletqCLnYoc2XKiZr4uwN7g7ukwFXqJrrIoD2lznT+pf36x/7Ux0uc6f1P+/WP/aqT9k6cJ/3R87ibisfazupt5mGjaL+aG1MzsB01gRMaR24hhwQBa6T6IEAGPGZBUAAa6aVOGJuC4V7Pulj3hIkZVMnSJnTf+FabfE70S1k7E6T4wNI8Pf1iKBLl3mi5j7AUTZ7pXOO4Ny2U6bToOu3qFbPO7BLTb2Dkyq/RgMN99f41kOIX/qZ7xHUdRB+HhPj0Ne3OI3FZlWwTBY6SJGve2jU+89J3oLebmpeI2WCKLWjMuXMFA70JO/QaRvA8NawXF4eSBZLFo0yr+gBJMD2dNZ10qUeIXu78zElZMloE97SN4k+Hv0rZjMXdVhkt51geMg94/DQDaZI3nQPO0z4XiEcEouXUTtvlUjUEzpA91VHBf8AeXEPZhv/ABtV/hnJUFhlJGoqg4L/ALy4h7MN/wCNqS2rr+zLUvZq/wDn/eIyUUUVc5AooooAooooAoqs47xB7SIbYUs9xEGeY70+Gu8VonHeGF+Nz7qq5a2LqF1cuqKpZx3hhfjc+6icd4YX43fuqM/IZOZdUVSzjvDC/G591E47wwvxuUzchk5l1RVLOO8ML8bn3UYDiF/znsbwta2i4NvN0YLBze/pTOMnMs7uBtsczIjGMslQTlMyJI21Onrqk5gu9gFW3hrdxXVsy5JEqFFkEARHaMo12EnoaYqKuUE0ca7isMEpZScvcywUIPdGQkSzjL4nNt19xvGVTOXw9u+gVfnEtEBsz3WYQwIy9yScxGZp1nRxrxlBBBEg7g0BV8LtWr1oP2FtZJ0yqQYlcwOUSCBoY2qxt2FWcqgTvAA6k/xJPvNbKSfKZ5SF4XaUKou4i7PZ2zsAN3eNcoJiBqT4QSAKTnLlriF3jmBu2bpFkB4udmh83GWLymVIOdSMuadWPQV1EV82W/Kpxu/cBRws6i2tlApHrzDb2tXRfJ55WbmJxHmWOs9hiYJRgCqvAkgqdVbKCQQSDB20Bi6LOEoq7R06lvnU6YP+/WP/AGpkpV54updVMIttb1+6ZRWmLYgg3nj6Ik77nxqtT2TowavWj38lvfwLXFXr0t2bWo+jJ16b6es/8o8dMTevEA50BlwRKiRICnWdSoJ9RYTMVXYLycYJLaq9lbjAAFzILHqdDFb/AMX+A+zJ8W/mqP18O/8Ag0fqy0Un8q/Ik3bl/MCHtR3Z10+jmIHjM7nY+NYZ8RBHaW9gAZWZymTtHpa7bR650/i/wH2ZPi381H4v8B9mT4t/NT9Xl/wL4fi/lX5F1ZxAyjMVnr3gaz7dfzl+Iqi/F/gPsyfFv5q8Pk+wH2ZPi331N5cPPYZ5cP0pfKvyL7zhfzl+Irn3FMTcXHY5rTkADD5sp6dmddOg/wAak8R5XwNp3Xze3ooIktJ1161NtcNsYRXa1aVRHeyzqBPiT4n40tJtXLKdCEJqDbbVtUlvT6T4CXiuJ3CZNxyQZBLtoehGtM/LflEEraxO50W6Bv6nA/iPfG9VGN4GrXGKnJbADETMSCdD4Rr76suGYazae2qKCbgntOvj7ehq5xnQAa9oFFAFFFFAUvM+2H/vNn+JqRjcNeN0G20LABEmN2nTx9H4H3x+Zz3bH95s/wATW3HWizFrd9UJULuCNCxnffX91Z72bx2L4mIt4rKBKzABOngJOg8c23XL0ms71nEG2wDLmJ0I0hSD1jcGNd4nrFeWUcOpbEKyiZXuiZGn7/8AD1zHTAsBpiBMblp1CZJkkn1n/JqSdOXYbiuL11t7GNNZ+6dt9N5NbsSuIzdwpHgemg6xr3pn1DTWtN5HZyRfVFgRBBkxvBOne1312rR5i+p84UHcdYOXKNz0HXc9dqXCtvt2Fvg1YIocywGp019egAqsP+8R/dT/AOQUDCsfSxAYEAEEiNvvgz6vXWIuA8REEH/RjsZ/pBUSewrbV9TLyiiitDEKKKV+YMQ+KvjA2WKrlDYm4N1tna2D0Z/4e+qydjWlS9JK17La3wXnteh7iOY7uIdrWACtlMXMS+tpD4KB6bezQUk8R5Xe7xG+mJvXLuSzZK3NEYm52hMETlVSphRp3utdWwWCS0i27ahEUQFGwH+etVXH8Pqr+rKf4isK0XkbZ10sRlnlpfpXHe+t/Zade0WOEcm4a0mUp2smS13vtr6zt7opc5y5f7HEYBsJbCF8SltmALZCxXI6692O8fDxp4W7UnhuH7S6p6Ic3v6Vyw1kjolXqxTeZ+eRCx/MuKwKN51bF9YIt37cKC30VuqT3J8RpVtyzwU2la9dYXMRfhrlwaiN1RP7Cjbx+EXF6yrqVYBlYEEESCDuCKV+FMcBiBhXJOHvEnDMSTkbrYJJ26r8PZ3Ws9dhgpqrSlGCtLa7e8lw4W2tLR7dyGyiisL19VBZiFA6kwK1POM6KRuN+VexavWbFi3cxL3myq6KTbXaSSO8wAZX7oMqykHUVD4ny9xPidrLdvnAW2KnJbnPEEsjBWEyHCGWicPIWH0AkcV8tnDcPce21y6z22ZWVbLyGUkMO8ANCKZ+W+YBjLIvLZvWkb0O2VUZx+cFDEhT0Jid9taTOX/ITgsLiReLPfCquW3dylQ4mXaAA3SFiBrvpHR2UERQCTzCs4m4wIIFsA+3MsfwNLXBcSxfFAmQ1tmiZ1DgSfXqfjXTr/B0boPeJ/fvVO/JtpSzJbVGYEEppIJk6HTesalNznCXRLwkoxkuJR2yTbuZV17K0QoEa5do6Vnwnh5LWGJJa0kMojLmOaZbrvsKtRwE5yO8cwAI20WNSZ9X7zV7guGBANtNgNh99btmSRIwt4sJK5ffNbqKKgsFFFFAR8ZgLd1ctxQ6zMHx/wAmoP4K4X6i38KtqKq4p7UWUpLYyq/BXC/UW/hR+CuF+ot/CrWimSPAnPLiVX4K4X6i38KPwVwv1Fv4Va0UyR4DPLiVX4K4X6i38K34Lglmy2a3bVCREgdNNP3Cp1FMsVuIc5PeFFFFWKkbiONWzauXW9G2jMfYomqjkvAFcP2rj53Ek3rh/T1VfYqkCPbWHPzE4Q2xveu2rXtzusge4Gr93VEJPdVRJPgAP8BVNsuo6vYw+nvPujb7vuRhjMdbtKXuultRuzsFA950pKv+UnDYrEpgsKxuNczzdiEBRGcKs+kSViRpB3NcU5p5lucQxL3rjNlLHs0J0tpPdAGwMbnqZrTyxxLsOIYa6dOzvpP6ObK3/STVmrqxzLR3O75yNwZqLf5/s8OxC2MUGUXbYuC4ozZJZlCso70ELMid9qs+J37/AJ9bRRbAbKQCAZGuct1JABiPVXG/K9xHtOLXdvmlt243EhQxH/M5rOOEdFqTd7rT+SVjY4jNCKayuzvxtfTtPoPhPHLGKTPh7qXV8UYGPURuD6jFRObuG9thLgkKyDtEeYyuneVp6bRPgTXzLgOJXsNdF6w7W7ixBU+OuVhsw8QdDX0/yzxkYvCWMQNO1tqxHg2zL7mBHurRq6sTTm6clOO1HIOd/KXj8XbXD8Pw+JUFF7a9btuzMxALJbKg5VB+lufUN7rkzkPGYzLjOKYrEFmDAYUqbWSG7pIIAUhlW4MijVVM06cl93zuz0tYq6FHgrw4/iaZaiLujTEwUKslHZu6nqu4hcM4NZw65bNtbY/sjwAAk7mAABOwUDYCptFFWMApdbCYsElHEtduEkknKnaHs4BbLOTwURpMmmKigFpH4iSxi0sTlBggklBBIMhQM58dt+vl0Y8sAoAQsJYsgbLlWZAJAbOPo6EMfbTKTFJGI56v4t3tcJspfCHK+MusVwyt1Cx3rpHXLoNNwaAtLyY5TdyFSMzZAcpMFmI1JEd3KNdpJg7VqtjiCsx0YfOQpKRrmyHpoCVHTuq0iYmD+BuNvf7Vxa+J+hhVTDKOkBoZyN9Trt4VkPJnHocT4op8Tis+nsZCKAn4dOIAwSkZlGc5ScuguNAMZpgqAIjNOsVf4Iv2adpHaZVzxtmgZo9UzSc/DOMYXvWsTa4gg3s30WxcI8Eup3Z9biKuOV+c7WML28r2MRa/K4a6MtxP7QH0kPRhpqNpoBgooooAooooAooooAooooAoqFxhbhssLU5+7EQDGYZtyPoz1HtFUq4nHoqr2asc2XMQG0bIqscrEgpLu06QgUMScxAZ6K8Fe0As8+Nls2HOyYvDs3szxp8RVJiuP3cW9wI6LhyGTsnhHYRlJbMNQddAdulM/OeCN3A31G+TMOuqEMP3il3lXiT3LKFlUyNGQ6R0BDNII2MSNK8L+rVqlKyg7J7S+Ii6lGFnZKTvbmk19JdhWYjk7h64djetWEyrJuW9MoG5Jt+HrrjHEsKM7G0SVkhWIgkAkKSOhKwfjXdeYOLW7a3Cwa4AjE2wNSo1YakjYVxDz1WdmVQqMxIQGQoJJCg+oaT6qj+iznNTc23rpqYxmnotx2bDcw9tiMJfJ0NvD5j4Fll/gWPwrjvFL/nGJvX2/pLj3D7GYkD4ECmSxicuEZQdWgL7G8PZrStiLwGgr6vEyi401HdE4MDCcZ1nLfPTsR03lDlbAXsMtzKl64QM5uT3XiWXKe6In3iDTPhWuYS2EsG1btqSRbGXLqZIAGupnbxqh5B4nauYS2EQ2spytpozhRmcEETO+vrFNeOxgt2y0SFUmZA2E66/ea/P8RiK0a8kpPbxPqKcE4pWvc28jYkXXxt1QQtzECJ0OltJBFNdKvk4/wBkJIId7ju0iJLkEEeIyxTVX1tB3ppnJjdK8kt2nYrfYKKruNC8UUWPSz66gd3K25KtHeyiQpOtVHnvEIA7JdDb1hcxErmzDPlWVzElZynQBtDWxyDRRS3bx+PMTZtKSF11MEvDaZxsusTruD0q54XcutbBvKFeTIXbfTqenroBW8ol17zYXhyMU89uOLrruMPaXNeAPQsCFnbUjrTZgMAlm2lq0oREUKqqIAA2ApR8oM4e/geIwWt4W46XwBJWzfUI1yBJhGCkxrTnZvB1DKQysAQwMgg6ggjcEdaAXcTwvDurHzggKHJZGWQO0ukmRtldiJ6FR1qw4Ylu1m+fDm44IzODqwlVUT1GwHQDeKhXb2CUvmYgtnBk3ROZpYr7TADL/ZAO1beH8GwlxWa2mYMYJOcSV0Opgn1nYmfXUAuMNiluLmRgyyRIMiQSDr7RSj5SuEkWRj7AC4rAzdVts9pZN6y56oyZtPHaJNNuDwa2lCpMSTqSxkkkkkknc0q+U7ixTBthrYz4jGzh7Nvqe0GW458FVCSW2GkxUgZ+G45b1m3dT0bqK6+xlDD9xorDhOAFixZsrqLVtLYPiEUKD+6igJlFFa747rew/wAKhgpsfxkkwpgDr1P/AMVoscXKE6gydjVdasZjJmpvmSxt+6vN9LNu56PooJWL/BY0XBI0I3FSao+AIQzDpA/jp/jV5XdSk5RuziqRUZWQp4PlC9bKf6QYVbSGMwJS3nJUGZBJdtd4gdKzPK14qwa4rs6sO0YuWQt2k5NdJzjTYZdjoFZMTiVtozuyoqiWZiAAPEk7Clvmfyh4fBsLIzYjFNomFsDPcJ6Zo9Ae3WNga1MyRgeF4i3fLPezWhrqTtFwZSOpA7Ni5M9z1mqbivlL7S42G4XZOOvjRnBjD2vXcu7H2KdfGdKirynjuKd7idzzfDnUYDDtuPC/dGrfojTwymnnhfCbOGtLasW0tW12VBA9vrPrOpoCg5Z5YxSdrcx2LfEXb6ZWtp3LFsa6W1iZ1IzaTOo61X8M4d5nijhS0Wrsvh2OxP07RPiDqPEHxNPVV3HOCJirRtvIIIZHX0kcaqynxFc2Iw0K6tNXN6M4puM9j28uD+H0uigbA27OJzXi0KobuouQ5iVWQCXYyDpljSdqOK4DhLki7YsEj0mFmCvpAlmVRA7p1npWWG4sLdwWeIoi3IATEEfNXgskakQriTKnSSfEVeLy/hoHzVsiDGk6EyYnxO/j1qcPRpUo5aasZSwzoO1tHrfc+a86CoeA8JFtwlnMiW7l1srXYATKWUEuAG7w7siJ1idcMHy1wYDN5skiZD57kQzJqczJGZd5jUTEinL5Fs975te8hRp1lTGYHxmBPjlHgK8PA7H1SHWdRJJkmSdzqSdeproKi2y4J1tDDtbtSFK20t91g5AHdURMkaidDO2tRuNYFr11MChBzAPfZdktA7HT0nOw8PUal47H2u07DA2bd3EdSB81Z1JD3GGkg9Br/A3fL3ARhkaWNy7cOa7dO7v/AIAdB0rz6mCoVame2u9npU5zw8VOe33Vv63yW7i+VzPDcF7Ow9q3cdC2aLgglCRAKgyNNCAdK5jy/wAycU4c9y7xZMRfw2ZrfbIFK2sjEG61tVDZGgQ/hsDNdhrwrO9d0IKEVGOxHnSbk7soXxa4+1ZvYLEIVD5s6sYPcdSrAaz3pytsQDEgVEw/L+MW0qecxl7MAhjMKQSSxTMzEAbnXUHc1A4t5Mwlw4nhl04DEH0ggmxd9Vy1t7wNN4JrXw7ykvh7i4fi9nzO6dFvjvYa761ua5D6mOnUjarEFu/A8VvbuLb7uXLne4p01Y51OswdI6zMmbPgwvW7E4pxmADMSQcoyjNLAAHvBjoIAMaxJsbdwMAQQQRIIMgg7EHwqk57xJt8NxrgSRhruntQj90z7qA4Dzx5R7/ELrhXdMPJCWgxUFNgbgB1JGpmQJj2s3k8u4/hzYJWcHCYu+LfYOJZC6kh1MSkxOWfGRJMMHKXL+FOEwzizbPzVtgxRS0lQSxJEzM1cczcAGLsJbF1rDJdt3UuoO8rJOq6iDBInpPWuP0/6uR2ypLLoWXH+c+HYS52d50NxsxZEtm64BjOzqikgQomfzRvFQbXla4WDFp3djplt4W9mI1P1Y0Ek+80qeTzhYwPHsRh1zOt7Dm4HZszxmUy56ktmBPs8a7HFdcXdXRxyWV2Educ8diu7geH3LYP9Yx3zCL6+yBNxx7KsuWuSuwunE4m62KxjiDfcQEX6uymyJvtqZPjFM9FSQFFFFAFYXQcpjeDHtrOigOfYTg62lCdnbJURmYd4kaSxyyT4mdaMBwNLQYflg0H51mcgwA0Zs0KYkL0k+6644Mt46QGAM9CdQf8+uoLP4anoB1PSvLk3FtHpRSkkyy5S4YLZvMoCrcZTlXRQQoHdGw0AJMakmmOtOEsZEVfAfv6/vrdXo045YpM4JvNJtCv5QuU7vEcL5tbvjDqzA3DkLlwuoT0hAzQT+iK85C5Ft8NsBItvfM9pfVSGuSSRmLFjtGkxImNaYsLjrdzN2bq+RyjZSDldfSVo2YSNK31coFFFFAFFFFAacXg0uqUuIrqd1YAg+40vjk1rX+yYq9hx9WYu2h7Efb41c8T4qlgIXmHcJIiASCczSRCiDJquw3OVh0DfOAnL3CjFhm1AOWVBiTEz3T4VVxT2m1OvOmrRenDaux6Ec8P4mNBisOf7RsEH2kBomhuULl3/asZevL9WgFhD6mCake+ph5qtqFLq6K6G4rEAgqMkE5Scs51AzRrp4TtPMdnJnBJTNBOUiO6WBIYAwwAAImSwjeoyI09bqL2bLqST7bfQmYDhtuwgS0i21HRRHvPifWak1T2uarBYrmIIBzAqe6VAZlPrAM6aeup+A4jbvrntNmWYmCPA9R4EH31c5m3J3ZJooooQFRuIcOtX7bW71tbiNujgMD7jUmigELDciYrAXVPDMSBh2cdpg8RmuW1UnvNZb0lIGuWdepO1PGJwy3EZHAZXUqynYqwgg+oithNK/GPKPhLEhX7Zx9G13vi3oj4n2UBT8PwvmreZnTspFmf6SzPcKn6RVYRuoKydGE2Ru1V4PFfKdh71y0hy3ShtEZgFAUo2v0hmbvCDr0qXwfgcAWrQKpJJ7zNAJk95iT7q82pFqbSPQpyThdl3wTl22l04op8+9sWy+ulsMWCxtvqT6h4Ve1z3hflUtqTbvowCsQLiDMMoJALLuNI1E05WOYMO9lr63rZtKCWfMAFAEnNPowOhr0IxypI4JSzO5YUUjcneVzCcQxN3DpNtlY9ln07ZANWUdGmTkOuWD4gPNWICiiigMWaK9FYHesxQEXiOBW4ve6bHqKh8N4SqtmOpG2mg9ftq2atGF2NUdOLeZrU0U5KLVzfXIvK75XvNs+Dwbzf1F28p/JeKKfrPE/R/S9G25/50xNw3cFwlDdxCKe3uoQOxEHuISRN4gHQSRBgT6PFMLwBcGRd4gtxXKJes2yPygaGBnYkEwyGCOs6irmZZ8kcVxXCQ2LLgKxXPhnaDeWddN1cTIMSIaRE19Gct8yWMdh0v4d8yN0+krdUcdGHh7CJBBr4/wCMcZfE3C7wN4UCAJMn3k6knU10PyBWsaccTYJGGj/SJ9AiDkH/AOydo1AnpMgfRmKZwjG2oZ4OVWYqCegLAEgT1g+yuV8E5k4+2KxavhLTFezi279nbRT2kG02vaZoMtJ9EbbV1miKAQ/lrjv2DCftNHy1x37BhP2mnyigOfYnH8auCH4bgnGujX5GoKnQ+Kkj2E1ozcW1/wBVYDUyfnhqYIn2wTr6zXSKKA5t/rbX/VWA13+eGuoMeyVUx/ZFZYV+L207NeGYIJIMecTLAghjO5BAMnwHhXR6KA5oLXFf/wATw/efyw32nbwAHsAqVh+I8atjKnDsGo8BiIFdBooBD+WuO/YMJ+00fLXHfsGE/aafKKA5NzFzJx9L2FCYS0rM7Ds7b9qtwQJFySMijQ55ETvrr1LAvcNtDdVUuFRmVWLqD1AYgSPXFb4ooBF8rHGzaw6WVMG8Tmj8xYzD3kqPZNcmtJv/AJ0/zFOXlcxWbGonRLK/FmYn90UnWHgj2f8AxUkD95LL7nzmyjZCyqwaJykSpIB0J1XfwqbyXxK8uGxl65fNxbebusc3eCElgTqJJWBtodKV+UOJeb4gvOhtXV/6Cy/9Sr8a1cL4uLWAxaEx2j2dSegzlz8EA99c83/yR+J6mHhfB1pcMv1KJiB6RgASxPgNzSbxPjdy+3Y2c2RiAVWfnCD3ZA3AOoHv9jfyzwuzxV74u4jsMPYUFgGVbjzPzkN/RoQCRv3h1iqe9jMNgLKXMFiEv3LyFLgdGW5adWPfX6JttoQrEmQp11A3PMI2Ls2cAhTvNijBDq4HZEQyuuUkjvQRqCcs6KQG7R5JvKyuPUYbEkLi1Gh2F4D6S9A4G69dxpIHzbfZixzSWkzO89ZrsPkV8lbvctcQxIKW0IewmxuMPRuHwQHUfnb7ekB36ivIr2gNROtbFrwpXqrFAY3j3T7KqeL4K7ew163YumxddCEugTlPj6vCRqJkaira6sgitVi0QdfCpLLYfOPAcbd4XZ4lhr2IbC4oAPbVraursuzW39IXGB0YaQZ1I0oeB8MxGMtocRcvvhbHdtoCW1JAK2gxyjcEneBABIgfQ3lD8ndniljK0JfQHsr0aj+y3ih6jpuPXwDmHi/ELDpgXQ2bltDZy2xrcD5V7kdHUKO76WvqCwVFviHCGXFXLFsi8y3CgNoFgxmITST3tBA16V9d8q8Ct4PCWrNq2LYVBI6lyBmLHqxO5pS8jvk8fhuHd78dvfyllAHzaiYTN1OsmNJjeJPQ6A8Jql4dzpg773UtYi23YkBzmAWTOisTDRGsSNatMbgkvW2t3FDo4IZWEgg7gikfh/kS4bae6TZ7VHIKo7MeziZVWBBKnTeTpuaAc/lix9da/WL99HyxY+utfrF++lv8UXCvsdv4v/NR+KLhX2O38X/moD2/nDs1vF2FkvJN4EtLMUkEELkBAjXMFgZJM4XDfJE46xoSRF1V1yMJjIZBYghT6Mbt0y/FFwr7Hb+L/wA1H4ouFfY7fxf+agJF7E3GNuMZYUBbYuQ6akE9qVlT6QiDIjKdO9I140sbtx7WLsoGje8CY7vojLC7HfPvplzNOv8AFFwr7Hb+L/zUfii4V9jt/F/5qAyuXL2kY6xpqZdJLHOGAOXRQMmXTQs5MwAdlnEXQ4Jxlgr2ikr2iRk1zD0Ac0RrIBImBMVp/FFwr7Hb+L/zUfii4V9jt/F/5qAZPlix9da/WL99HyxY+utfrF++lv8AFFwr7Hb+L/zUfii4V9jt/F/5qAZPlmx9da/WL99S1YESNQdjSh+KLhX2O38X/mpsw2HW2ioghUUKo8ABAHwoDmHlH5PxN3EtftJ2qMqiFIzKVEHuncddJ3Nc+v2GtmHVkI6MCp+Br6SZQd6i4jhiuIIBHgRIoD59w16dD1r1rYCMGAIOhB2I8K7TiOSMM29i0f8AgA/gBWk+T/DHeyh97ffVXFOSlwN4YicKUqS2Stf4Hz5bxZwCYlRYtX7GJtlCLigtaf6Dq0Zu60Ea6wNiAakctcuW8PZXFX7ttLjqWs5u8qAKXDtoZcwAAAxExoxWPoS3yNhApU4ezDAggoDIIgiTrtXGebvIZilxlu3hCbmFuMcjO2mHBMsH/s9QRq22+9jAWuCclXONYzEHBKlm0mVibjHQNoCQJOdiGfKO6NQCBFfUPCOH9hYs2Qc3ZW0TNETkULMdJiaquSuSrHDMOLNkSxg3LpHeuN4nwHguwHvJYKAKKKKAo+YFxZYebGFNpwfQ0clSrjN1AUqBt85J2qKbnECBKqoza5QmbLDyJZyMx7pBjcidJqdxvA37jL2NzJ3SJmIOZT4HUgbwYykfSNFi1iPOmLGbOUgd4RPzWWFAmRFwkmPykbKDQFbjMTjrYZraF11Kq4RnEAR6DLmkk93fQa1MxD40hSgQGFlTAki6J6nLNrfUxJgk1h8i4hfQuKpnV5Yl9Sc7ggiYMZBofzgFUDH5KxikZcQGhY753MgnZNOuuvQADegNF3EcR1KovSAcgmG2b5w5QyzJBbYRE6erw+9cxNi/ew9hntkqLmUZ0RlWWDdoY1LCI6GN9dlzguMjTFGTM7D6QIy9w5YHqPh1mtq8KxIcE3s4zITrEEXgzECAAOyzLGsyNhQDBRRRQBRRRQBRRRQBRRRQBRRRQBRRRQBRRRQHjMBvp/nSvar+M8MN9AocpBOoMHvI6SD0Iz5h61FQTy84fD5bgy2iZkvPjCgk7nTU6LA6UBq4zwu7iLrGzfCgKqModtCrF9l2MhF8cpceFa/kTFnJmvhgAMyZiit35K91B3SgVfe3sO+5yrIVReZQsBcqgEKCSCSDJfUjMdILaSxNazygR6F917pUaTuSeres7RqZMwBQGq/wjGKCbVwauD2ecmFyW0hHuIxGzkkz0IE6VvxXDMWWRxfUFLWQzIDEgl22yg5hbglDGU7ZiKxfkwdL1wEkk6nvSQe9DA6RIgiDB6RW+zyxl7SLrxctMhnUyxJzySdRJ0ETJmegELEpi8uZcTb9F2XvocwCgrBNsCAJBMwcwbubV6vC8dBK4hQWGknNlOmX+jhtJEgLJYGDlg7X5LVrNq01xiLa3FBgTkulcyaySMgNuSSSGkktqfU5OifnnO8ZpI1dG7wzREKU0yyjRQFnwmzdXtO0uC4pc5DIJC7QxCgaf/ZJ1qcXA6jTelq9yTIhb9xBLEhRElySxBmQSDB8QBWV3k0S5S5GbtdCNPnEyBTr6KqFjSe7EgUAy0ViFooD/9k=Digg ThisSubmit to reddit
11/16/12

White Hat Bot-Nets

gAtO wAs - reading Bloomberg BusinessWeek “ The Hacker of Damascus” Karin a 31-year-old doctor had spent the previous months protesting against the government of Damascus, he refuse to give up his friends names.

Before the arrest-/ before the torture/- they found a simple vulnerability thru Skypes they also got into his hard drive and as Karin said they arrested his computers data first them him. So now we see the black hats, spammer, cyber criminal tricks against people from their own governments. Is this the way it’s going to happen, we see the news today about 2 ladies and their General boy toys and WOW -mEoW.

In Georgia detains ministry for using malware to access opposition leaders computers – This is just another example of governments using criminal cyber tactics to gain intelligence from it’s own people.

 

The Hacker of Damascus – http://www.businessweek.com/articles/2012-11-15/the-hackers-of-damascus  

Georgia detains Dozen Interior Ministry “Cyber Spies” http://www.brecorder.com/world/europe/91030-georgia-detains-dozen-interior-ministry-cyber-spies.html 

The other side of the cyber struggles in Syria is Anonymous and their role in all this: On the other side, the hacktivist group Anonymous has infiltrated at least 12 Syrian government websites, including that of the Ministry of Defense, and released millions of stolen e-mails.  

Cyberspace and it’s tools (weapons) like Facebook, Twitter – can be used by both sides  in this evolving landscape of digital warriors. That is why gATo is sadden by how basic normal Internet tools can become killers and liberators. I guess I see the fog of cyberwar thru gATO eYe’S we have only seen defensive cyber tools so far Suxnet and others are only the beginning and the new economies that had no choice but a digital path into their infrastructure need to look at their own security a wee bit more close. DId Huawei (China’s Telecom Giant accused of having backdoor ) sell you those Network infrastructure pieces at a very cheap price -(lowest bidder (or a no-bid)contract) -well guess who is watching you…

SCADA cyber controls security SUCKs = infrastructure things (energy/transportation/communication/water/air) = fix them NOW

Since no Cyber Bill has gone before congress -President Obama after a major election went and signed  a-

US secret CYber Law singed by Pres. Obama -Nov 15, 2012

Rather, the directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the fully array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.

This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the U.S. Constitution, including the President’s role as commander in chief, and other applicable law and policies. http://killerapps.foreignpolicy.com/posts/2012/11/14/the_white_houses_secret_cyber_order

So now even 31-year-old doctors need to worry what they do and who they talk to and WHAT they talk about -/ also- in Facebook, Skype or any other web-App-  By the way —>These basic vulnerabilities can be found and exploited in any web-app – So this person may of worked at the water plant – or the electric plant what could these White Hat Bots have obtained?? These little White Hat BotNets may go rouge or may be captured this is about virtual digital world with a click of a mouse I GOT YOU!!! -PWN

Will this become the standard? The good and bad guy’s do it NOW- plant a virus suck up your disk / then check it out – BUT “if you got nothing to hide” well it’s OK then — right - gAtO oUt

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/11/black_bots_-300x168.jpgDigg ThisSubmit to reddit
11/13/12

CYber Investigation over General Patraeus

CYber Investigation over General Patraeus

gAtO rEaD – NO CRIME committed- that the investigation for the top CIA general was because someone sent an eMail that said” I saw you touching the Generals leg at Dinner -Stop It” Yeah so one lady said to another lady – STOP MESSING WITH MY MAN – Pow – ZAP they get a court order to go thru someones eMail.

So if we take this premise that Judges will sign -COURT ORDERS to search your emails and any other emails that link it because of a jealous lover. It looks to gAtO that they have to much POWER – or the FBI is gonna search everyones emails now – legally. Court Ordered

This should send shock waves thru our industry – everyone is now warned that anyone’s email can be open to LE anytime and just about for any reason. I trusted the system, I trusted the Judges but lack of a crime should of not happened. There was NO CRIME committed the investigation turned out. But it has now taken down the reputation of 2 generals. NO CRIME

Now these are 2 famous generals what chance do mere mortals have that our eMails are going to be court order to investigate why simply because they can now. This shows to me the lack of justice or the erosion of justice that is coming down the cyber pipelines. If this is now a wake up call for security professionals to wake up and smell the coffee. Your email will be next unless we support less government control of our digital rights.

Freedom of Speech in cyberspace is a right not a privilege -gAtO oUt

http://www.cbsnews.com/8301-18563_162-57548694/fbi-role-in-petraeus-investigation-questioned/

mEoW

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
10/25/12

The deep Dark Web -Book Release

gATO hApPy

AVAILABLE @ AMAZON - http://www.amazon.com/dp/B009VN40DU

AVAILABLE @SmashWords website  @http://www.smashwords.com/books/view/247146

I learned that I hate WORD: – but it’s the general format for publishing  - text boxes- get imbedded and you can’t format to EPUB or .mobi or anything – solution after going lOcO gAtO - was copy and paste into txt editor – save as RTF then copy paste back into a new WORD document and then reformat everything from scratch – and copy over the pictures – as you can tell I had fun-..-ugh mEoW F-F-F-F as much fun as a hairball but if it get’s the message out “FREEDOM OF SPEECH IN CYBERSPACE” then we done our job, anyway I hope you read it - Thank you Pierluigi a best friend a security gAtO ever had - gATO oUt

This Book covers the main aspects of the fabulous and dangerous world of -“The Deep Dark Web” . We are just two cyber specialists Pierluigi Paganini & Richard -gAtO- Amores, with one passion and two souls we wanted to explain the inner working of the deep dark web. We have had a long collaboration in this efforts to document our findings we made infiltrations into the dark places inaccessible to many to give a you the reader a clear vision on the major mystery of the dark hidden web that exist today in the Tor Onion network..

The Web, the Internet, mobile cell devices and social networking has become commonly used words that identify technological components of daily Internet user’s experience in the cyberspace. But how much do we really know about cyberspace? Very, very little, Google / Yahoo / Bing only show us 20% of the Internet the other 80% is hidden to the average user unless you know were to look.

The other 80% of the Internet is what this book is about the “Deep Dark Web”, three words with millions of interpretations, mysterious place on the web, the representation of the hell in the cyberspace but also the last opportunity to preserve freedom of expression from censorship. Authorities and corporation try to discourage the use of this untapped space because they don’t control it. We the people of the free world control this network of Tor -Onion Routers by volunteer around the world.

The Deep Dark Web seems to be full of crooks and cyber criminals, it is the hacker’s paradise, where there are no rule, no law, no identity in what is considered the reign of anonymity, but this is also the reason why many persecuted find refuge and have the opportunity to shout to the world their inconvenient truths.

The Deep Dark Web is a crowded space with no references but in reality it is a mine of information unimaginable, a labyrinth of knowledge in the book we will try to take you by the hand to avoid the traps and pitfalls hopefully illuminating your path in the dark.

Cybercrime, hacktivism, intelligence, cyber warfare are all pieces of this complex puzzle in which we will try to make order, don’t forget that the Deep Dark Web has unbelievable opportunity for business and governments, it represents the largest on-line market where it is possible to sell and acquire everything, and dear reader where there is $money$  you will find also banking, financial speculators and many other sharks.

Do you believe that making  money in Deep Web is just a criminal prerogative? Wrong, the authors show you how things works in the hidden economy and which are the future perspectives of is digital currency, the Bitcoin.

This manuscript proposes both faces of the subject, it illustrates the risks but also legitimate use of anonymizing networks such as TOR adopted by journalist to send file reports before governments agents censored his work .

Here are some question we may answers to:

How many person know about the cyber criminals and their ecosystem in the deep web? 

How many have provided information on the financial systems behind the “dirty affairs”? 

How the law enforcement and governments use Dark Web?

Let’s hold your breath and start the trip in the abyss of knowledge to find answers to the above questions. We hope that with this book you can learn something new about – The Deep Dark Web.

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/10/cover_thumb.jpgDigg ThisSubmit to reddit
09/24/12

Dark Heart botnet ToR-C2 BULLET proof server collector

gAtO fOuNd - this –// it’s crook selling to crooks take it at face value -/ but it does have some interesting ideas on what is out there in criminals hands and what is going on in the dark web. Now these are 10,000 yes 10k botnets can work in the clearWeb as well as Tor and i2p anonymized networks should cause some concern because normally we don’t monitor them.  Tor Domain-flux for both clearWeb and Tor – ( Tor Domain-flux- this is so easy to do but it’s a big feature) – VPN then Tor that will make this harder to find the botMaster. But the coolest feature is the i2p connection. Sorry boy’s and Ladies but Tor is getting old, i2p is beginning to glow and it’s a little different but very safe. It goes after (scanning)  WiFi and GPS tracking – So people sync your phone data to your computers data please…C&C and // one- BULLET proof server collector -

It not very hard to do this but – C&C and // one- BULLET proof server collector – is the sales pitch anyway I have obfuscated some links and names -find it your self – I know gAtO can build this so anyone can with some light reading – that comes out to .80 cents per bot for 10,000 bots -0ne c&c panel for $8,000 bucks – pretty cheap – oh yeah the readme comes in english too.

This modified Dark Heart bots and c&c in Tor ?12p ? 256-EAS encryption- We already have reports of it by different names but this was posted around Aug 7 2012.   Here is the –/ poor mans –Tor Domain-flux is so easy when you generate a hidden service it produces a key for your address in Tor onion land / just move the key to another directory and generate your new net key and so on and so on… Some of this is really well though out —/ but I don’t trust anyone and it’s so easy to build from scratch- gAtO oUt

—— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ———

Dark Heart botnet— NOT – for sale $8000

Run on windows clients – I need 3 C&C server IP addresses to hardcode and obfuscate

bot coded in assembly no dependencies

Each build has maximum of 10k bots to ovoid widespread av detection.

Basic bot uses socks5.

built in ssh client

(fast-flux)

Bot is built with 30k pre generated 256 bit AES keys.

1 256 bit AES key for logs

1 256 bit AES key ssh

1 256 bit AES key socks 5

hwid it selects a pre-generated key 256 bit AES key.

Bot writes encrypted data into common file using stenography process injection

Download/Upload Socks5

Bot sends data to a collector bot via socks5 through ipv6 which makes NAT traversal a trivial matter.

Using ipv6 in ipv4 tunnel.

Collector bot assembly /tor and i2p Plug-ins C++ /Assuming 10k bots

Bots will be assigned into small groups of 25. And are assigned 400 collectors bots which is evenly 200 tor and 200 i2p.

Collector packages the encrypted logs and imports them into a .zip or rar archive and uses sftp to upload through tor to a bullet proof server Note the Ukraine is best know.

(Domain-flux .onion panel can be easily moved)

Using a Ubuntu Server on bullet proof server.  / Using tor and Privoxy. Panel can be routed through multiple cracked computers using proxychains and ssh.  / Server uses a simple .onion panel with php5 and apache2 and mysql. You might ask what happens if bullet proof server is down. The collector bots can be loaded with 5 .onion panels. If panel fails for 24 hours its removed from all Collectors and bot will go to the next one and so forth. A python Daemon runs and unzip the data and Imports it into a mysql database were it remains encrypted.

The bot master uses my Dark Umbrella.net panel to connect to the remote Bullet Proof server through a vpn and then through tor using ssh to run remote commands on server and sftp to upload and download. Running tor through a log less vpn through with a trusted exit node on the tor network. .net panel connects to mysql database database is decrypted on .NET panel (Note must real Bullet Proof hosting is not trust worthy this solves that issue) and imported into a local .mdb database. Then later the bot Master should encrypt database folder on true crypt. Commands are sent to bots individually rather then corporately like most bot nets. This allows for greater anonymity It will be possible to send commands corporately but strongly discouraged. Collector bots download and upload large files through i2p.

1.Connects remotely to rpc daemon through backconect and simplifying metasploit (Working)

2.Social network cracker. (Beta)

3.Statics. (Working)

4.Anonymity status. (Working)

5.Decrypt-er. Decryption codes in highly obfuscated.net limiting each build to 10k bots. (Working)

6.Daemon status (Working)

7.logs (Working)

8.Metasploit connects via rpc. (working)

9. GPS tracked Assets by Google maps and using net-book with a high powered external usb wifi attenas.

Starts an automatic attack if wep if wpa2 grabes handshake. If open starts basic arp spoofing attack. Common browser exploits. (alpha)

10.Teensy spread. (in development)

11.vnc back connect. (working)

12. Advanced Persistent threat. Fake Firefox, Fake Internet Explorer, Fake Chrome. Fake Windows Security Essentials. (in development allows for excellent custom Bot-master defined keyloging)

13. Dark search bot index file is downloaded allowing easy searching of hard drives. (Working)

14. voip logic bomb. bot computer is sent via a voip call file once played through voip the microphone hears mp3 file and the dormant payload is activated in bot that is the logic bomb. (Extra- Alpha)

Each Panel is hwid

1 unique build per Copy embedded into panel.

Everything is provided in English only manuals for setup: you need 3 servers for C&C and // one- BULLET proof server collector for -/ everything is working and can be setup within hours: Only serious players -  for sale $8000 -bitcoin – (obfuscated )1A9nBLgdhf4NJadXiBppqqU96AhbMBQrgV -

—— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ———

 

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/09/hax_01.jpgDigg ThisSubmit to reddit
07/25/12

Profiling a Corporation -metadata attack vector

gAtO sEe - that in todays world getting a corporate profile for an attack plan has become easy thanks due to their own fault. This leads down the road to ruin corporate reputation, stolen IP-Intellectual property, competitive advantage and loss of data. Of course for social activist, criminals, competitor and national governments who use the technology against them to make available unhidden access to your networks. How? 

Metadata Information leaks by the corporation and their employees. According to retrieve information and the metadata in company documents 71% of Forbes 2000 companies may be using vulnerable and out of date version of Microsoft Office and Adobe software that allows hackers to Identify —>

Usernames – emails addresses network details and vulnerable software versions to implement a Advance Persistant Threat (APT).

Metadata in documents that your company distributes constitute information leaks and it can provide all kinds of information to any attacker. The high tech sector publishes more documents across websites than any other industry. Something else your employee on LinkedIn give all kinds of information about your company and your plans, even employment adds can help a potential hacker know what you are doing and maybe design the APT geared towards that subject.

Remember todays cyber attacker have support from lot’s of eye’s and ears, like hacktivist they have many people that can scan your website and look for information that can help the attack. You have 3 different attack vectors to worry about today:

  • IP based attacks
  • Web-Software attacks
  • Information Attacks

Corporate American take care of your metadata or it will bite you hard -gAtO oUt

Share on TumblrSubmit to StumbleUponhttp://uscyberlabs.com/blog/wp-content/uploads/2012/07/a_leaking-Data.tiffDigg ThisSubmit to reddit