07/12/12

OSx -Tor Web Crawler Project

OSx Curl .onion sites -how 2 guide- Tor Web Crawler Project

gATO hAs - been looking into mapping the Tor -.onion network crawling it from aA to zZ , from 1-7 all 16 digits. I use OSx for most of my work and I wanted to curl an .onion site and check it out. As I dug around I found that if I just check my Vidalia.app it will show me were everything is located. Then the fun begins

find your /TorBrowser_en-US-6.app then click and look at the file Info then go to: TorBrowser_en-US-6.app/Contents/MacOS/

cd - TorBrowser_en-US-6.app/Contents/MacOS/

once here :

- this will show you the files

ls -fGo

total 5976

drwxr-xr-x 7 richardamores 238 Jun 8 07:11 .

drwxr-xr-x 7 richardamores 238 Feb 19 06:54 ..

drwxr-xr-x 3 richardamores 102 Feb 19 06:54 Firefox.app

-rwxr-xr-x 1 richardamores 3045488 Feb 19 06:54 tor

-rwxr-xr-x 1 richardamores 1362 Feb 19 06:54 TorBrowserBundle

drwxr-xr-x 4 richardamores 136 Feb 19 06:54 Vidalia.app

-rw-r–r– 1 richardamores 6435 Jun 8 07:11 VidaliaLog-06.08.2012.txt

Now I fire up the tor application ./tor

Next open up another Terminal box and check to see if Tor port is open and LISTENing on port 9050

netstat -ant | grep 9050 # verify Tor is running

Once you can see port 9050 LISTEN then your ready to use curl—

curl -ivr –socks4a 127.0.0.1:9050 http://utup22qsb6ebeejs.onion/

curl -ivr –socks4a 127.0.0.1:9050 http://nwycvryrozllb42g.onion

curl -ivr –socks4a 127.0.0.1:9050 http://2qd7fja6e772o7yc.onion/

curl -ivr –socks4a 127.0.0.1:9050 http://5onwnspjvuk7cwvk.onion/

curl -ivr –socks4a 127.0.0.1:9050 http://6sgjmi53igmg7fm7.onion/

curl -ivr –socks4a 127.0.0.1:9050 http://6vmgggba6rksjyim.onion/

Here are a few site that you can check out:../ curl is just one of those tools that keeps on giving and of course if I can get one APP to work thru Tor on OSx, then I can get other apps to use Tor as a proxy for all my line command –time to have some fun- gATO oUt

Lab -Notes

sudo apt-get install tor
sudo /etc/init.d/tor start
netstat -ant | grep 9050 # verify Tor is running

here is a good crawler to play with

<?php

$ch = curl_init(‘http://google.com’);

curl_setopt($ch, CURLOPT_HEADER, 1);

curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

curl_setopt($ch, CURLOPT_PROXY, ‘https://127.0.01:9050/’);

curl_exec($ch);

curl_close($ch);

<?php

$ch = curl_init(‘http://google.com’);

curl_setopt($ch, CURLOPT_HEADER, 1);

curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

// Socks5

curl_setopt($ch, CURLOPT_PROXY, “localhost:9050″);

curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);

curl_exec($ch);

curl_close($ch);

Tor Web Crawler

http://stackoverflow.com/questions/9237477/tor-web-crawler

did not work – netstat shows it on socks4 not socks5

curl -s –socks5-local 127.0.0.1:9050 –user-agent “Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US;rv:1.9.2.3) \ Gecko/20100401 Firefox/3.6.3″ -I http://utup22qsb6ebeejs.onion/

turn on ToR

Run /Users/gatomalo/Downloads/TorBrowser_en-US-6.app/Contents/MacOS/tor

cd /Users/gatomalo/Downloads/TorBrowser_en-US-6.app/Contents/MacOS

./tor

now check for 9050 running proxy

netstat -ant | grep 9050

Now run your network commands thru socks port 9050

./Users/gatomalo/Downloads/TorBrowser_en-US-6.app/Contents/MacOS/tor

ls -fGo

total 5976

drwxr-xr-x 7 richardamores 238 Jun 8 07:11 .

drwxr-xr-x 7 richardamores 238 Feb 19 06:54 ..

drwxr-xr-x 3 richardamores 102 Feb 19 06:54 Firefox.app

-rwxr-xr-x 1 richardamores 3045488 Feb 19 06:54 tor

-rwxr-xr-x 1 richardamores 1362 Feb 19 06:54 TorBrowserBundle

drwxr-xr-x 4 richardamores 136 Feb 19 06:54 Vidalia.app

-rw-r–r– 1 richardamores 6435 Jun 8 07:11 VidaliaLog-06.08.2012.txt

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

curl -S –socks5-hostname 127.0.0.1:9050 -I http://utup22qsb6ebeejs.onion/

HTTP/1.1 200 OK

Date: Thu, 12 Jul 2012 17:49:49 GMT

Server: Apache/2.2.22 (Ubuntu)

X-Powered-By: PHP/5.3.10-1ubuntu3.2

Set-Cookie: fpsess_fp-a350e65d=8hg0upuuhcpuf4pgvg45l9c2b2; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Vary: Accept-Encoding

Transfer-Encoding: chunked

Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>

<head>

<title>My Hidden Blog</title>

<!– start of jsUtils –>

<!– end of jsUtils –>

<!– FP STD HEADER –>

<!– EOF FP STD HEADER –>

<!– FP STD STYLESHEET –>

<!– FP STD STYLESHEET –>

Some other curl switches =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

–connect-timeout <seconds>

Maximum time in seconds that you allow the connection to the server to take. This only limits the con-

nection phase, once curl has connected this option is of no more use. See also the -m/–max-time

option.

If this option is used several times, the last one will be used.

-D/–dump-header <file>

Write the protocol headers to the specified file.

This option is handy to use when you want to store the headers that a HTTP site sends to you. Cookies

from the headers could then be read in a second curl invocation by using the -b/–cookie option! The

-c/–cookie-jar option is however a better way to store cookies.

When used in FTP, the FTP server response lines are considered being “headers” and thus are saved

there.

If this option is used several times, the last one will be used.

-f/–fail

(HTTP) Fail silently (no output at all) on server errors. This is mostly done to better enable scripts

etc to better deal with failed attempts. In normal cases when a HTTP server fails to deliver a docu-

ment, it returns an HTML document stating so (which often also describes why and more). This flag will

prevent curl from outputting that and return error 22.

This method is not fail-safe and there are occasions where non-successful response codes will slip

through, especially when authentication is involved (response codes 401 and 407).

–ssl

(FTP, POP3, IMAP, SMTP) Try to use SSL/TLS for the connection. Reverts to a non-secure connection if

the server doesn’t support SSL/TLS. See also –ftp-ssl-control and –ssl-reqd for different levels of

encryption required. (Added in 7.20.0)

This option was formerly known as –ftp-ssl (Added in 7.11.0) and that can still be used but will be

removed in a future version.

-H/–header <header>

(HTTP) Extra header to use when getting a web page. You may specify any number of extra headers. Note

that if you should add a custom header that has the same name as one of the internal ones curl would

use, your externally set header will be used instead of the internal one. This allows you to make even

trickier stuff than curl would normally do. You should not replace internally set headers without know-

ing perfectly well what you’re doing. Remove an internal header by giving a replacement without content

on the right side of the colon, as in: -H “Host:”.

curl will make sure that each header you add/replace is sent with the proper end-of-line marker, you

should thus not add that as a part of the header content: do not add newlines or carriage returns, they

will only mess things up for you.

See also the -A/–user-agent and -e/–referer options.

This option can be used multiple times to add/replace/remove multiple headers.

-o/–output <file>

Write output to <file> instead of stdout. If you are using {} or [] to fetch multiple documents, you

can use ‘#’ followed by a number in the <file> specifier. That variable will be replaced with the cur-

rent string for the URL being fetched. Like in:

curl http://{one,two}.site.com -o “file_#1.txt”

or use several variables like:

curl http://{site,host}.host[1-5].com -o “#1_#2″

You may use this option as many times as the number of URLs you have.

See also the –create-dirs option to create the local directories dynamically. Specifying the output as

‘-’ (a single dash) will force the output to be done to stdout.

-r/–range <range>

(HTTP/FTP/SFTP/FILE) Retrieve a byte range (i.e a partial document) from a HTTP/1.1, FTP or SFTP server

or a local FILE. Ranges can be specified in a number of ways.

0-499 specifies the first 500 bytes

500-999 specifies the second 500 bytes

-500 specifies the last 500 bytes

9500- specifies the bytes from offset 9500 and forward

0-0,-1 specifies the first and last byte only(*)(H)

500-700,600-799

specifies 300 bytes from offset 500(H)

100-199,500-599

specifies two separate 100-byte ranges(*)(H)

-v/–verbose

Makes the fetching more verbose/talkative. Mostly useful for debugging. A line starting with ‘>’ means

“header data” sent by curl, ‘<’ means “header data” received by curl that is hidden in normal cases,

and a line starting with ‘*’ means additional info provided by curl.

Note that if you only want HTTP headers in the output, -i/–include might be the option you’re looking

for.

If you think this option still doesn’t give you enough details, consider using –trace or –trace-ascii

instead.

This option overrides previous uses of –trace-ascii or –trace.

Use -s/–silent to make curl quiet.

07/11/12

CyberPeace -not- CyberWar

gAtO sEe - In the last couple of days Gen. Keith Alexander has been pushing the Cyber War agenda. -The issues around warfare are very different in cyberspace than in the physical world, and the United States is looking into “alternative strategies,” said Alexander, while not offering further details. In another place he was telling us that the CIA will not use the new cyber laws to spy on our email. Ok so you gonna be a sheep and follow the word of the government. We won’t spy on you.

Alexander said “civil liberties and privacy can work harmoniously with cybersecurity”. Come on General your a nice guy, gAtO met you —/ you have a passion but every time you bring out —/ Oops there went the Power Grid, Oops.. there went the financial sector, scare me, scare me. I know it’s your job to secure our country to protect our nation cyber infrastructure. Don’t trample on our cyber right any more please.

Hay here is a solution for you use a Tor-.onion network-(any anonymized network) to tie your power grid, and/or your financial services. If you can’t close down Silk Road in onion-land your C&C for your power grid and financial services should be invisible to everyone except on a need to know. gAtO just save you 14 trillion in R&D…//

gAtO has not heard one word about Cyber Peace from any responsible government in the world. Everyone is looking for their own cyber posture, their own cyber weapons/ budget/ programs/ money// , but not one has said let’s work together to make it better for peace, guess there is no money in Cyber Peace. Espionage, spying is the job of governments why would they destroy their own tools, weapons and just tweak our cyber-rights a wee bit, for our cyber freedoms and safety, to protect our government and you -lol.

Here is a simple idea crowd-source our problems. The one major resource in cyber-space is number of people that can see the same message. In crowd-source we can give the facts and ask anyone to help solve city budgets, ways to harvest more vegetable/per vertical/ sq.ft. Ask people how would you protect our electric grid // you be surprised by the creative answers you get, OK some may be crazy but…//. It may not be the right solution, but the power of the minds of people collaborating is what this new technology is built for. FaceBook is about ME- Twitter is about the rest of the world- but the new winner is —/ Comments /— have become more important than the article-subject itself because the conversation within in the comments shows social communication and problem solving by the masses.

Let’s change the message to CyberPeace, everyone has a solution, but remember that all your comments are the new gold so watch what you say to that troll on huffpost— gAtO oUt

07/7/12

Cyber Jihad Intelligence last 6 months in 2012

Jihad Intelligence last 6 months in 2012

gAtO found the International Institute for Counter Terrorist pretty good site

Periodical Review: Summary of Information from Jihadi Forums

The Second Half of May 2012

This report summarizes notable events discussed on jhadist Web forums during the second half of May 2012. Following are the main points covered in the report:

Sheikh Ayman Al-Zawahiri calls on the residents of Saudi Arabia to organizemass protests to overthrow the Saudi regime.
The Pakistani Taliban publish a video of the storming of Bannu Prison, duringwhich nearly 400 Muslim prisoners were freed, among them Taliban involvedin an attempted assassination of the former president of Pakistan.
The Islamic State of Iraq exhorts Sunnis to realize that it is protecting theirinterests, while the Shiites are the real enemy, and must be fought.
Al-Qaeda in the Arabian Peninsula (AQAP) takes responsibility for an attack against Yemen’s minister of defense and US military officers at a military basenear Sana’a.
Ansar Al-Din and the National Movement for the Liberation of Azawad jointlyagree to establishment an Islamic state in Azawad, northern Mali.
A new Libyan Salafi-jihadist group, “The Imprisoned Sheikh Omar Abd Al-Rahman Brigades”, publishes its first announcement.
The Islamic Emirate of Afghanistan publishes the second issue of the Urdu-

language magazine Shariat.

Fatwas, March-April 2012

This review reports the main fatwas [religious-legal rulings] appearing in March and April 2012 on Minbar Al-Tawhid wal-Jihad, a Web site
run by the Salafist ideologue Abu Muhammad Al-
Maqdisi.1 The fatwas are issued by the prominent

Salafists who comprise the site’s Sharia Committee, in
response to Web surfers’ questions.
Among those we have chosen to highlight in this review
are fatwas covering the following: the religious-legal
obligation of every Muslim to join jihad in Syria;
affiliation with a Salafist political party; enlisting in an infidel army for the purpose of espionage; involvement in Libya’s National Transitional Council; and the status of the Free Syrian Army vis a vis the Salafist-jihadist Front for the Defense of the Syrian People.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Jihad Intelligence last 6 months in 2012

28/6/2012 Periodical Review: Summary from the Jihadi Forums – The Second Half of May 2012

ICT’s Jihadi Websites Monitoring GroupThis report summarizes the most prominent events brought up in the Jihadi online forums in the second half of May 2012. Following are the main issues raised in this report:
• Sheikh Ayman Al-Zawahiri calls on the residents of Saudi Arabia to organize mass protests to overthrow the Saudi regime.
• The Pakistani Taliban publish a video of the storming of Bannu Prison, during which nearly 400 Muslim prisoners were freed, among them Taliban involved in an attempted assassination of the former president of Pakistan.
• The Islamic State of Iraq exhorts Sunnis to realize that it is protecting their interests, while the Shiites are the real enemy, and must be fought.
• Al-Qaeda in the Arabian Peninsula (AQAP) takes responsibility for an attack against Yemen’s minister of defense and US military officers at a military base near Sana’a.
• Ansar Al-Din and the National Movement for the Liberation of Azawad jointly agree to establishment an Islamic state in Azawad, northern Mali.
• A new Libyan Salafi-jihadist group, “The Imprisoned Sheikh Omar Abd Al- Rahman Brigades”, publishes its first announcement.
• The Islamic Emirate of Afghanistan publishes the second issue of the Urdulanguage magazine Shariat.

14/6/2012 Periodical Review: Summary from the Jihadi Forums – The First Half of May 2012

This report summarizes the most prominent events brought up in the Jihadi online forums in the first half of May 2012. Following are the main issues raised in this report:
• Ayman Al-Zawahiri calls on the Muslims of Afghanistan, Somalia and Yemen to fight Western forces in the lands of Islam and revolt against “collaborator” regimes.
• Al-Qaeda again threatens to execute American-Jewish hostage Warren Weinstein.
• The Shura Council of the Islamic Emirate of Afghanistan declares “open season” against occupation forces in Afghanistan.
• Sheikh Fahd Al-Quso Al-Awlaki, a senior military leader of Ansar Al-Sharia, has been assassinated.
• The English-language jihadist magazine Inspire resumes publication after a hiatus with two issues on individual jihad.
• A new jihadist magazine about efforts to free Muslim women prisoners has hit the cyber newsstand: Majalat Al-Asirah [The Woman Prisoner].
• The second issue of the jihadist magazine Al-Qaeda Airlines appears.

ICT’s Jihadi Websites Monitoring Group26/5/2012 Periodical Review: Summary from the Jihadi Forums – The Second Half of April 2012

ICT’s Jihadi Websites Monitoring GroupThis report summarizes the most prominent events brought up in the Jihadi online forums in the second half of April 2012. Following are the main issues raised in this report:
• The leader of Al-Qaeda in the Islamic Maghreb (AQIM) calls on the Algerian people to boycott the coming elections in Algeria.
• AQIM threatens to attack Britain following its decision to extradite Abu Qatada Al-Filastini to Jordan.
• The Front for the Defense of the Syrian People steps up terrorist activity against Syrian government forces.
• Abd Al-Ghnai Jawhar, an explosives expert for Fath Al-Islam, is killed in Syria.
• Senior Salafi-jihadists in Egypt increase their propagandizing in Tahrir Square.
• A new series on preparing poisonous substances is published.
• Fursan Al-Balagh, a new jihadist media outlet, appears.

16/5/2012 Periodical Review: Fatwas – March – April 2012

ICT’s Jihadi Websites Monitoring GroupThis review reports the main fatwas [religious-legal rulings] appearing in March and April 2012 on Minbar Al-Tawhid wal-Jihad, a Web site run by the Salafist ideologue Abu Muhammad Al- Maqdisi. The fatwas are issued by the prominent Salafists who comprise the site’s Sharia Committee, in response to Web surfers’ questions. Among those we have chosen to highlight in this review are fatwas covering the following: the religious-legal obligation of every Muslim to join jihad in Syria; affiliation with a Salafist political party; enlisting in an infidel army for the purpose of espionage; involvement in Libya’s National Transitional Council; and the status of the Free Syrian Army vis a vis the Salafist-jihadist Front for the Defense of the Syrian People.

10/5/2012 Periodical Review: Summary from the Jihadi Forums – The First Half of April 2012

ICT’s Jihadi Websites Monitoring GroupThis report summarizes the most prominent events brought up in the Jihadi online forums in the first half of April 2012. Following are the main issues raised in this report:
• The leadership of Al-Qaeda and of its Somali affiliate Al-Shabab Al- Mujahideen threaten Britain with retribution for its intention to extradite al- Qaeda spiritual leader Abu Qatadah Al-Filastini to Jordan.
• Waliur Rehman, deputy commander of the Pakistani Taliban, threatens the UK with attack if it refuses to release Islamist prisoners – or at least improve their conditions.
• The Islamic Emirate of Afghanistan takes responsibility for a series of synchronized terrorist attacks against embassies and other targets throughout Afghanistan.
• Sheikh Abu Ubayda Yusuf Al-Annabi expresses solidarity with the Syrian people in their struggle against the regime of Bashar Al-Assad.
• A new jihadist series on military affairs, Al-Qaeda Airlines, is released.
• A new jihadist magazine is issued in Swahili.
• Evidence increases of the involvement of contributors to jihadist Web forums, such as Shumukh Al-Islam, in actual jihad and in terrorist activities.
• Leading jihadist Web forums Shumukh Al-Islam and Al-Fida resume operation after a temporary takedown last month.

21/4/2012 Periodical Review: Summary from the Jihadi Forums – The Second Half of March 2012

ICT’s Jihadi Websites Monitoring GroupThis report summarizes the most prominent events brought up in the Jihadi online forums in the second half of March 2012. Following are the main issues raised in this report:
• In two separate audio files, Al-Qaeda leader Ayman Al-Zawahiri exhorts the Pakistani people to oppose their army and government, and the Afghani people to join jihad and beware of Muslims who collaborate with the US.
• Muhammad Al-Zawahiri, brother of Ayman Al-Zawahiri, is released from prison in Egypt.
• The Pakistani Taliban will wreak vengeance on the Pakistani regime and gain control of Pakistan’s nuclear weapons, according to top Taliban commander in Mohmand tribal region Sheikh Omar Khaled Al-Khurasani.
• Al-Qaeda in the Islamic Maghreb (AQIM) will strike at the heart of Germany, it says, unless the German government frees a Muslim woman prisoner in exchange for the release of a German hostage being held by AQIM.
• Contributors to jihadist Web forums praise Mohammed Merah, the terrorist from Toulouse, and urge Muslim youth in the West to emulate him.
• Leading jihadist Web forums Al-Fida, Shumukh Al-Islam, and Ansar Al- Mujahideen cease functioning during the latter half of March 2012. Ansar Al- Mujahideen and Shumukh Al-Islam resume activity in early April.

11/4/2012 Periodical Review: Summary from the Jihadi Forums – The First Half of March 2012

ICT’s Jihadi Websites Monitoring GroupThis report summarizes the most prominent events brought up in the Jihadi online forums in the first half of March 2012. Following are the main issues raised in this report:
• Given what he calls the Iranian-Shiite conspiracy to attack and take over Saudi Arabia, Sheikh Abu Sufyan Al-Azdi Al-Shari, the deputy head of Al- Qaeda in the Arabian Peninsula (AQAP), urges Sunnis to wage jihad against the Shiite population of Saudi Arabia.
• Al-Qaeda in the Arabian Peninsula (AQAP) takes responsibility for assassinating an American military intelligence officer in Aden, Yemen.
• Ansar Al-Sharia declares Shabwa Province the Islamic Emirate of Yemen.
• Ahmad Faruq, Al-Qaeda’s head of the propaganda department of Al-Qaeda in Pakistan, calls for jihad against the Pakistani Army. He confirms the death of Ilyas Kashmiri, the operations officer of Al-Qaeda in Pakistan.
• Al-Balagh, a new jihadist magazine that focuses on events in Syria, is published.
• Majlat Al-Salafiyya, a new electronic Tunisian Salafi-jihadist weekly, is published.
• Leading jihadist forums embark on a massive campaign advocating Ansar Al- Sharia in Yemen.

30/3/2012 Periodical Review: Summary from the Jihadi Forums – The Second Half of February 2012

ICT’s Jihadi Websites Monitoring GroupThis report summarizes the most prominent events brought up in the Jihadi online forums in the second half of February 2012. Following are the main issues raised in this report:
• A new video clip was issued, in which Ayman Al-Zawahiri calls for the revolution in Egypt to continue until the representatives of the previous regime have been eliminated, ties to the US have been severed, and the peace treaty with Israel has been nullified.
• The Islamic Emirate of Afghanistan encouraged Afghans serving proximate to Western security forces to attack them, and cited the Afghani chef who poisoned American soldiers as an example.
• Propaganda has increased against the Syrian regime, as have appeals to assist the Syrian people in their struggle against the regime.
• Al-Qaeda in the Arabian Peninsula (AQAP) took responsibility for an attack on the presidential palace in Yemen on the eve of the transfer of power from Yemen’s former president, Ali Abdullah Saleh, to its former vice president, Abd-Rabbu Mansour Hadi.
• Two new jihadist media institutions have been established: Al-Tahadi, and Inform Foundation for Media Production.
• A new jihadist Web forum called Al-Qital has been established.

19/3/2012 Periodical Review: Fatwas – January – February 2012

ICT’s Jihadi Websites Monitoring GroupThe following report details the main fatwas published in January and February 2012 on Minbar Al-Tawhid wal- Jihad, a Web site run by the Salafi ideologue Abu Muhammad Al-Maqdisi. Web surfers’ questions are answered by the site’s Sharia Committee, which comprises a number of prominent Salafi sheikhs.This publication presents some of the religious-legal rulings [fatwas] handed down in January and February 2012. Among them, we highlight fatwas concerning the Islamic laws regulating participation in Libya’s National Transitional Council; the status of property looted from the estate of the deposed tyrant Muammar Qadhafi and, similarly, the status of property looted from members of the Syrian regime; the stance one should take toward Sunni soldiers fighting in the Syrian Army; and whether or not it is permissible under Islamic law for a Muslim to work for one of the security forces (police, military, FBI) in the West.

6/3/2012 Periodical Review: Summary from the Jihadi Forums – The First Half of February 2012

ICT’s Jihadi Websites Monitoring GroupThis report summarizes the most prominent events brought up in the Jihadi online forums in the first half of February 2012. Following are the main issues raised in this report:
• Ayman Al-Zawahiri, the leader of Al-Qaeda, announced that the Somali movement Al-Shabab Al-Mujahideen had officially joined Al-Qaeda.
• Al-Shabab Al-Mujahideen organized a large celebration in honor of its having joined the ranks of Al-Qaeda.
• Ansar Al-Sharia in Yemen executed three Yemeni citizens suspected of collaborating with US forces.
• The Islamic State of Iraq took responsibility for assassinating Mullah Nadim Al-Juburi, a former leader who had left the organization.
• Abu Muhammad Al-Tahawi, an influential Salafi-jihadist in Jordan, called for jihad against the regime of Bashar Al-Assad.
• A new volume was published of Al-Shamikha, a jihadist magazine for women.
• New volumes appeared of three publications that cover the jihad in Afghanistan.
• The Salafi-jihadist media outlet Al-Faroq, which focuses on Egypt, launched a new Facebook page.

28/2/2012 Periodical Review: Summary from the Jihadi Forums – The Second Half of January 2012

ICT’s Jihadi Websites Monitoring GroupThis report summarizes the most prominent events brought up in the Jihadi online forums in the second half of January 2012. Following are the main issues raised in this report:
• The Nigerian group Boku Haram has taken responsibility for a series of coordinated attacks perpetrated on January 20, 2012, against several police institutions in Kanu, the second-largest city in Nigeria.
• Using a car laden with explosives, the Somali group Al-Shabab Al-Mujahideen carried out a suicide terrorist attack against the regional headquarters of the Ethiopian Army in the city of Beledweyne.
• Ansar Al-Sharia has succeeded in taking over the city of Rada’a in Yemen.
• The Shari’a Council of Al-Qaeda in the Arabian Peninsula (AQAP) has ruled that the faithful may kill the Houthis in Yemen, and stating that, in fact, it is the duty of every Muslim to wage war against the Houthis.
• The spokesman for the Islamic State of Iraq has emphasized that the jihad in Iraq will continue even though the US has withdrawn its troops, and that now the majority of effort will be directed against Iran’s agents in Iraq and their Shi’ite allies.
• A new jihadist group called “The Aid Front for the Syrian People” has been established, with the central goal of overthrowing Bashar Al-Assad.
• A new Salafi group has been established in Egypt named “Followers of the Sunna for the Salvation of Egypt” and headed by Hani Al-Sibai and Tariq Abd Al-Halim.
• A new jihadist Turkish periodical, ?slam Dünyas?, has been published.

12/2/2012 Periodical Review: Summary from the Jihadi Forums – The First Half of January 2012

ICT’s Jihadi Websites Monitoring GroupThis report summarizes the most prominent events brought up in the Jihadi online forums in the first half of January 2012. Following are the main issues raised in this report: • The Chairman of Al-Qaeda in the Islamic Maghreb’s Political Committee addresses the Algerian people, telling them to bring down the Algerian regime.
• The Emir of the “Al-Tawhid wal-Jihad” Group in western Africa threatens France with war and claims responsibility for the abduction of three Europeans from south Algeria.
• The Emir of the Nigerian “Boko Haram” Group promises to continue with the operations against the Christians.
• The leader of the Kenya branch of the “Al-Shabab Al-Mujahideen” movement stresses that Kenya is a legitimate Jihad arena.
• The “Al-Qayrawan” Tunisian Salafi-Jihadi media institute expands its propaganda activity and is embraced by the “Shumukh Al-Islam” Jihadi forum.
• Three new issues of the Islamic Emirate of Afghanistan.
• A new newsletter called “Shahada”, focusing on the Somali jihadi arena.

22/1/2012 Periodical Review: Fatwas – November – December 2011

ICT’s Jihadi Websites Monitoring GroupThe following report details the main fatwas published in November and December, 2011 on Minbar Al-Tawhid wal-Jihad, a Web site run by the Salafi ideologue Abu Muhammad Al-Maqdisi. Web surfers’ questions are answered by the site’s Sharia Committee, which comprises a number of prominent Salafi sheikhs.This publication presents some of the religious-legal rulings [fatwas] handed down in November and December 2011. Among them, we highlight fatwas concerning joining the Free Syrian Army and the revolutionaries in Libya; participation in protests against the continued rule of the Supreme Council of the Armed Forces in Egypt; participation in demonstrations against the regime in Morocco, alongside elements whose principles contravene those of Islamic religious law [shari'a]; the appropriate response to a French newspaper’s having derided the prophet Muhammad; and the essence of the relationship with the Al-Nahdha Party in Tunisia.

16/1/2012 Periodical Review: Summary from the Jihadi Forums – The Second Half of December 2011

ICT’s Jihadi Websites Monitoring GroupThis report summarizes the most prominent events brought up in the Jihadi online forums in the second half of December 2011. Following are the main issues raised in this report: • Abu Yahya Al-Libi summarizes the key events of 2011.
• A new video clip in memory of Anwar Al-Awlaki is produced by Al-Qaeda in the Arabian Peninsula (AQAP), and a message is sent to Muslims living in the US to join the battlefields of jihad or to fight the US on its own soil.
• In an audio file, Ibrahim Al-Rubaysh discusses the achievements of the Arab revolutions, especially as reflected in the weakening of the US in the Middle East.
• A new jihadist organization, calling itself Ansar Al-Din, is established in northern Mali.
• Al-Tawhid wal-Jihad in West Africa takes responsibility for abducting three European citizens in Algeria.
• A new jihadist organization calling itself Ansar Al-Mujahideen is established in the Sinai Peninsula.
• Three new jihadist media outlets are established: Al-Ibda, Ibn Taymiyyah (identified with the Palestinian Salafi-jihadist Army of Islam), and Al-Faroq (based in Egypt).

References:

Online Security Basic -should I use encryption

gAto fOuNd - this -/ Basic Security Guide /- a while ago in the .onion and while I don’t agree with everything in this write-up I learned some new things. At the end of the day –/ they can’t take away what’s in your head -always be a critical thinker - gAtO oUt

Online Security Basic - link are .onionLand

Transcribed from http://g7pz322wcy6jnn4r.onion/opensource/generalguide.html on 2011-04-16.

Contents[hide]

Basic F.A.Q.

What is encryption?

Encryption is a method of encoding information in such a way that it is computationally difficult for eavesdroppers to decode, but computationally easy for the intended recipient to decode. In practical terms, encryption makes it almost impossible for you to be successfully wiretapped. Encryption can also make it essentially impossible for computer forensic teams to gather any data from your hard disk drive. Encryption is the process of making information difficult or impossible to recover with out a key. The key is either a passphrase or a huge random number protected by a passphrase. Encryption algorithms fall into two primary categories: communications and storage. If you use a program such as GPG to encrypt your E-mail messages, you are using encryption for communications. If you use a program such as Truecrypt to encrypt your hard disk drive, you are using encryption for storage.

Is there a big difference between storage and communication encryption?

Yes. Data storage encryption often uses only symmetric algorithms. Communication encryption typically uses a combination of asymmetric and symmetric algorithms. Asymmetric algorithms are generally far easier to break than symmetric algorithms. In practice this is not significant as the computing power required to break either strong asymmetric or strong symmetric algorithms is not likely in the grasp of any agency.

Should I use encryption?

Yes! If you participate in the Internet underground it is essential for your continued freedom that you learn how to use encryption programs. All communications should be encrypted as well as all stored data. For real time communication encryption we suggest either Pidgin or Adium instant messages with the OTR plug-in. For non-real time communication encryption we suggest GPG. Truecrypt does a great job of encrypting stored data and can also encrypt the OS partition if you use Windows. Various flavors of Linux and Unix also allow for the OS partition to be encrypted although the particular program used will vary. If an alternative installation CD is used Ubuntu allows for OS partition encryption during the installation process.

What is plausible deniability?

When discussing stored data encryption plausible deniability means that an encrypted container can decrypt into two different sets of data depending on the key used. Plausible deniability allows for you to pretend to cooperate with authorities with out them being able to tell you are not cooperating. For example, perhaps they demand you give up your password so they can decrypt some of your communications or stored data. If you used a system with plausible deniability you would be able to give them a password that would indeed decrypt the encrypted data. However, the decrypted data they can now see will be non-sensitive data you intentionally allowed for them to decrypt. They can not see your sensitive information and they can not prove that you didn’t cooperate.

Do I need plausible deniability?

Possibly. It really depends on where you live. In the U.K. it is a crime to refuse to give law enforcement your encryption keys on demand. Refusal to reveal encryption keys is punishable by several years in prison, but this is quite possibly a lot less time than you would get if you did reveal your encryption keys. In the U.S.A. the issue has not yet gone to the supreme court and lower judges have ruled in both directions. In general it is a good idea to use plausible deniable encryption when possible. Truecrypt supports plausible deniability for all functions under Windows. For Linux there is no current software supporting out-of-the-box plausible deniability of the OS partition. With Linux you may be able to achieve a type of plausible deniability by encrypting your entire drive and putting the bootloader on another device. Then you can argue the drive was freshly wiped with a PRNG and there is no key to decrypt.

Of course the police can break encryption, right?!

If you are using a strong encryption program (such as GPG, OTR, Truecrypt, etc) and a long and random password (or automatically generated session key, such as OTR) the police are not going to be able to directly break the encryption. This is not to say they can not get your key in other ways! For example they could install a keylogger onto your keyboard or use various transient signal attacks to capture your key while you type it. An emerging method of encryption key compromise uses application layer exploits to remotely grab keys from RAM. These ‘side channel’ attacks need to have active measures taken against them (the best of which are using a strong anonymity solution and hardened OS).

What about the NSA?

The NSA is not going to be able to break strong data storage encryption algorithms (symmetric). They are also probably not able to break strong communication encryption algorithms (asymmetric). Very powerful quantum computers can be used to greatly reduce the bit strength of an encryption algorithm. Symmetric algorithms have their bit strength cut in half. Asymmetric algorithms are easily broken by such powerful computers. If you are using AES-256 a powerful quantum computer will reduce its bit strength to the still unbreakable 128. If you are using even a 4,096 bit RSA key with GPG, a powerful quantum computer can break the encryption. However, keep two things in mind; It is not likely that the NSA or anyone else has such a computer, and anyone sane will assure you that unless you are a foreign military or major terrorist the NSA will not act on any intelligence they gather by by breaking your communication encryption.

But anything can be hacked, right? Why not encryption?

Encryption algorithms are not hacked, they are cryptanalyzed. Not every single thing done with a computer can really be considered hacking. Hackers may be able to exploit the implemented code of a program using an encryption algorithm, but even the best hackers tend to know little about encryption. Hacking and cryptography are not the same field and most hackers who think they know a lot about encryption actually know very little about it. Encryption is a field of pure mathematics and good encryption algorithms are based firmly on the laws of mathematics as they are currently understood. Unless there is some very unlikely discovery in the field of mathematics the security claims made about most encryption algorithms will stand firm even if the best hackers (or even more impressively cryptographers) in the world try and attack them.

Note: Some hackers are skilled enough to side channel your encryption with application layer exploits unless you take hardening counter measures. This is not hacking the encryption algorithm although it is using hacking to counter encryption. Following our general security guide (later on this page!) will make it much harder for hackers to do this. To hack you through Open Source the attacker will first have to compromise Open Source, we have taken many security measures to make this very difficult to do.

Using encryption programs myself is difficult, but Hushmail, Safe-Mail or (Insert name here) will manage it for me!

Fully web based services can not really offer you strong encryption. They manage your keys for you and for this reason they have access to your keys. It does not matter what the company is named or what they promise, all of them are liars and some are probably honeypots. These services will not offer you strong encryption and law enforcement will be able to gain access to your communications. If you play with fire you need to learn how to protect yourself or you will be burned. It is not overly difficult to manage your own encryption and it is the only possible way for you to maintain your security.

What exactly is anonymity?

Anonymity is the property of being indistinguishable from a given set size (number of others). In the way the term is commonly used anonymity is the inability to be traced. A trace could mean that an attacker follows your communication stream from you to the end destination you are communicating with. A trace could also mean that an attacker follows a trail of logs from the end destination you communicate with back to your location. Anonymity solutions make it difficult to trace your communications and by doing so also make it harder to map out the networks you participate in. Anonymity can also be used to prevent censorship. If a server is hosted as part of an anonymity network and its location can not be determined then an attacker is incapable of demanding the censorship of the services hosted by the server.

Why do I need anonymity?

If you are not using an anonymity solution your presence on the Internet can be trivially traced back to your presence in real life. If you are participating in activities on the Internet which you would not want to be traced to your real life identity, you need anonymity. If you are participating in a network you need anonymity to protect yourself from network analysis. If no one on your network is using anonymity solutions and the police bust one of them, they will be able to see who all they communicated with as well as who all those people communicated with etc. Very quickly and with high precision the police will be able to map out the entire network, going ‘outward’ to many degrees. This may be useful for evidence (for use in court) and it is certainly useful for intelligence (so they know where to look next).

I already use encryption so there is no need for me to be anonymous!

Although encryption and anonymity highly compliment each other they serve two different goals. Encryption is used to protect your privacy, anonymity is used to hide your location and protect you from network analysis. Strong anonymity requires encryption, and encryption is greatly benefited when combined with anonymity (after all, it is hard to install a keylogger if you don’t know where the target is located!). If you use strong encryption but no anonymity solution the feds may not be able to see what you say but they will know who you are and who you are talking with. Depending on the structure and purpose of your network, a single compromised node may very well remove all benefits of using encrypted communications. Many of the most realistic and devastating attacks on encryption systems require the attacker to gain a physical presence; if you are not using an anonymity solution this is trivial for them to do. If the feds do not know where you are, they can’t bug your keyboard with a keylogger. Anyone who says you do not need anonymity if you use encryption should be looked at with great suspicion.

Tor exit nodes can spy on my communication streams so I should not use it!

If you use Tor to connect to the open Internet (.com instead of .onion) it is true that the exit node can spy on your communications. You can reduce the risk of this by making sure you only connect to SSL websites (https:// instead of http://). You can further reduce the risk of this by always checking the fingerprint of the SSL certificate and making sure it does not change with out an adequate reason being presented by the site administrator. You can eliminate the risk of a spying exit node in some contexts. For example if you encrypt a message yourself with GPG before you send it, the exit node will not be able to break the encryption even if they are spying.

Tor is not meant for privacy (unless you only access .onions) it is meant for anonymity! If you want privacy while using Tor you will need to either only access .onions or you will need to layer it on yourself by using GPG, SSL, OTR or other encryption on top of it. Using Tor to connect to the open Internet with out using any privacy tools yourself can actually reduce your privacy from some attackers. Remember, Tor to the open Internet is for anonymity it is not for privacy. Anonymity is just as important as privacy. Also, networking tools with a larger focus on privacy than anonymity (such as VPNs), will not offer you privacy from law enforcement anymore than Tor will and they also tend to offer substantially worse anonymity!

If I use Tor can I be traced by the feds?

So far, probably not unless you get very unlucky or misconfigure something. The feds are getting better at tracing people faster than Tor is getting better at avoiding a trace. Tor is for low latency (fast) anonymity, and low latency solutions will never have the ability to be as anonymous as high latency (very slow) solutions. As recently as 2008 we have documented proof that FBI working with various other international federal agencies via Interpol could not trace high priority targets using the Tor network. There is a large amount of information indicating that this is still the case. This will not be the case forever and better solutions than Tor are going to be required at some point in the future. This does not mean you should stop using Tor! It is quite possible that no VPN solution offers better anonymity than Tor, and the only low latency network which can be compared to Tor in terms of anonymity is I2P. Freenet is an anonymous datastore which possibly offers better anonymity than Tor or I2P. In the end it is very difficult to say what the best solution is or who it will hold up to, but most people from the academic anonymity circles say Tor, I2P or Freenet are the best three options. JAP is considered worse than the three previously suggested solutions, but better than most VPN services. You should at the very least use an encrypted two hop solution if you want a chance at remaining anonymous from the feds.

Traced is a very particular term. It means that the attacker either can observe your exit traffic and follow it back to your entry point or that the attacker can see your traffic enter a network and follow it to its exit point. Tor does a good job of protecting from this sort of attack, especially if you have not pissed off any signals intelligence agencies. Tor does not protect from membership revealment attacks! It is vital that you understand this attack and take measures to counter it if you are a vendor. To learn more about how to counter this attack keep reading this document, we discuss more in the applied security advice section on this page.

If I use Tor can I be traced by the NSA?

Probably. If you want a chance of being anonymous from the NSA you should research the Mixmaster and Mixminion remailer networks. NSA usually traces people by hacking them and doing a side channel attack. They have dozens of zero day exploits for every major application. This is also how they compromise GPG and FDE. Your best bet to remain anonymous/secure from the NSA is to use ASLR with a 64 bit processor to protect from hacking + Tor + Random WiFi location.Using airgaps can protect from them stealing encryption keys. This would involve using one machine with access to the internet to receive data, transfer the encrypted data to another machine with a CD which you then destroy, and decrypt on a machine with no access to the internet. Don’t reuse transfer devices or else they can act as compromise vectors to communicate between the machine with no internet connection and the machine with internet connection. Mixminion is better than mixmaster.

If I use hacked cable modems am I untraceable?

No, the cable company can trace you and so can the police and feds. However, it will make it more difficult for them to do so. People have been busted using this technique by itself!

If I use hacked or open WiFi am I untraceable?

The degree of untraceability you get by using WiFi access points depends largely on how you are using them. If you always use your neighbors connection, the trace will go to your neighbor before it goes to you. However, if law enforcement make it to your neighbors house before you stop the pattern of behavior, they can use WiFi analysis equipment to trace the wireless signal from your neighbors router and back to you. Many people have been busted this way. Also, if you use many different WiFi access points but they fit into a modus operandi (such as always from a particular type of location, maybe coffee shop) , you can eventually be identified if law enforcement put enough effort into doing so. Some people have been busted using this technique. If you use a brand new random location (harder than it sounds) every time you make a connection your identity can still be compromised, but the amount of effort required increases tremendously (assuming you are protected from side channel attacks anyway, be they CCTV cameras or remote WPS infections). We have not heard of anyone being busted if they used a brand new randomly selected WiFi access point for every connection.

If I send a package domestic to the USA with USPS do they need a warrant to open the package?

Yes, if it is sent in such a way that it could contain communications. For example, a letter will require a warrant but perhaps a very large and heavy box will not. For the most part, they need a warrant. No other mailing company requires a warrant to open any sort of packages. International packages can be inspected by customs with no need for a warrant.

Should I use masking scents, such as perfumes etc?

No, masking scents will not prevent a dog from hitting on the package. Masking scents will however make the package seem more suspicious to humans. Vacuum seal the product and be very careful to not leave any residues.

Applied Security Guide

Step Zero: Encrypt your hosts HDD

If you use Windows this can be done with Truecrypt

If you use Linux there are various ways you can accomplish this, usually an install time option

Step One: Configure the base system, harden OS

Application layer attacks exploit programming or design flaws of the programs you use, in general the goal of such attacks is to take over your system. For a deeper look at application layer exploits please check out the this page. These attacks are very dangerous because they can circumvent a lot of the other security you use, like encryption and anonymity solutions. The good news is that Open Source acts as an application layer firewall between you and everyone you communicate with through Open Source. We have taken great care to harden our server from attack and even if you take no precautions yourself it should not be trivial for you to be hacked through our server. However it is still a good idea for you to harden your own system. You don’t know for sure if you can trust us and there is no reason to be a sitting duck if our server is indeed compromised.

The first step you should take is running the operating system you use to connect to Open Source in a Virtual Machine. We suggest that you use Virtualbox. Virtual machines like Virtualbox create virtual hardware and allow you to run an operating system on this virtual hardware. It sounds complex but you really don’t need to know a lot about the theory, Virtualbox does all the work for you. There are a few reasons why you should use a virtual machine. The primary reason is that if the browser in your virtual machine is hacked the attacker is stuck inside of the virtual machine. The only way they can get to your normal OS is if they find a vulnerability in the virtual machines hypervisor, this adds complexity to their attack. The second reason you should use a virtual machine is because it makes it easier to use Linux if you are used to Windows or Mac OSX. Linux is a lot easier to secure than those operating systems but it is also harder to use. By using a virtual machine you can use your normal OS and Linux at the same time, Linux runs as a guest OS in a window on your normal (host) OS.

It is very simple to set up a virtual machine. Download and install Virtualbox. After launching it you will need to create a new VM. It is pretty simple and the program will walk you through the steps. Make sure to create a large enough virtual drive to install an OS, I suggest around ten gigabytes. You will need an install image so you can put the OS of your choice on the VM. Download the most recent Ubuntu ISO and use this. Remember, it doesn’t really matter if you don’t know how to use Linux. All you are using this VM for is using Firefox to browse Open Source, security comes before ease of use! Now that your virtual machine has been created you need to point it to your Ubuntu install CD. You can do this by going to the machines storage tab in the Virtualbox manager and pointing the CD drive to your install ISO. You will possibly be required to configure your virtual machine to connect to the internet if the default settings do not work for you, but chances are high that they will. Now you need to boot the virtual machine and install Ubuntu. Installing Ubuntu takes a little over half an hour and is very easy, you can simply select to use the default options for almost all of the steps.

Now that Ubuntu has been installed in a virtual machine it is time to start hardening it. The first step is to make sure it is fully patched and up to date. You can do this by going to System -> Administration -> Update manager from the bar on the top of your screen. Make sure you install all new updates because the updates include important security patches. It will take a while to update your system.

Now it is time to do some more advanced hardening steps. These steps may seem to be difficult if you are not very advanced technically, but don’t worry it is all just following instructions and you only have to do it once. Go to Applications -> Accessories -> Terminal from the top bar on your screen. This will launch a command line interface. Now type in the following commands hitting enter after each:

sudo aa-enforce /etc/apparmor.d/*

This command enables every AppArmor profile that Ubuntu ships with, including one for Firefox. AppArmor is an application layer firewall and makes it a lot harder for a hacker to compromise an application configured with a profile.

sudo apt-get install bastille

This downloads a generic hardening script that will walk you through some automated steps to make your system more secure.

sudo bastille -c

This launches the bastille hardening script. It will walk you through every step, in general you should select the default option. Make sure you at least read every step, there might be some things you don’t want it to do but in general the default options are good.

Step Two: Configure Tor and GPG, harden Firefox

Follow these simply step by step guides in order

Install Tor … Install GPG … Configure Firefox with Tor and Harden it

Although it is not required for customers to know how to use GPG they still should. Our system will protect your communications in some ways. Your messages are stored in encrypted containers set to dismount if an intrusion is detected. Our server is highly hardened and resistant to hackers infiltrating it and spying on your messages. We are also a Tor hidden service and therefor offer encryption from you to us and from us to the people you communicate with. Our server is still the weak point in this system, a particularly skilled hacker could compromise the server and manage to spy on your communications undetected. The server could be traced by an attacker who could then flash freeze the RAM and dump the encrypted container keys. As far as you know we could even be law enforcement, or law enforcement could compromise us at a later date (the first is not true and the second is not likely, but do you really know this?). Our system does not hide your communications from us if we are your adversary, the same is true for Hushmail and Safe-mail. You can protect your communications with high grade encryption algorithms simply by learning to use GPG and it isn’t hard so we highly suggest you do it. Vendors are required to accept GPG encrypted orders!

Step Three: Conceal your membership (VERY IMPORTANT FOR VENDORS)

Using Tor by itself is not enough to protect you, particularly if you are a vendor. Membership revealment attacks combined with rough geolocation intelligence can lead to a compromise! The gist of a membership revealment attack is easy to understand. The attacker merely determines everyone who is connecting to a particular network, even if they are incapable of determining where the traffic being sent through the network is destined for. Tor does a good job of preventing an attacker who can see exit traffic from following the stream back to your location. Unfortunately, if you ship product the attacker can determine your rough geolocation merely by determining where you ship product from. If the attacker already knows your rough geolocation and they are capable of doing a membership revealment attack to determine who all in your area is connected to Tor, they can likely narrow down your possible identity to a very small set size, possibly even a set size of one.

This is not likely to be useful for evidence but it will provide strong intelligence. Intelligence is the first step to gathering evidence. The attacker may put everyone in your area who they detect are connecting to the Tor network under meatspace surveillance looking for evidence of drug trafficking activity. For this reason it is highly important that you protect yourself from membership revealment attacks!

Membership revealment attacks are less a worry for customers (provided financiall intelligence is properly countered to avoid an attacker finding rough customer geolocations!) than they are for vendors. There are a few reasons why this is true. First of all a customer is likely to reveal more about their identity when they place an order than the attacker will be able to determine with a geolocation + membership revealment attack. Secondly, the vendors allowed to operate on Open Source have been highly screened to significantly reduce the probability that any of them are federal agents, but the customers on Open Source are not only anonymous but they are also not screened at all. Third of all, the organizational structure reduces the risk for customers; a customer may work with a few vendors but each vendor is likely to be working with hundreds or thousands of customers. Customers sourcing from Open Source are at minimal risk even if they have products delivered directly to there own residence, vendors working on Open Source at particularly vulnerable to membership revealment attacks due to the open nature of the site.

The primary concern for customers is that they load finances anonymously and the vendor decentralizes their financial network. If a vendor is using a star network (centralized) financial topology there is a risk that an attacker could map out the geographic locations where customers loaded funds. After determining where funding was loaded the attackers could do anonymizer membership revealment attacks in an area around the load point and filter out everyone who is not using an anonymizer. This will likely leave the customer and few others. The attacker may even be able to compare CCTV footage of the load to the users of anonymizers in the area and look for a facial recognition match. To counter this it is important for customers to make use of good financial counter intelligence techniques (E-currency layering being one). Customers may also choose to utilize transients by paying them a fee to load currency, this way the customer avoids being on CCTV at any point. If vendors decentralize funding points (ditch the star network topology) customers will be strongly protected from such attacks, however it is impossible for a customer to ensure that a vendor is using a 1:1 customer to account/pseudonym identification ratio.

There are several ways you can protect yourself from a membership revealment attack, if you are a vendor it would be foolish to not take one of these countermeasures. The primary way to protect from a membership revealment attack is to make sure you do not enter traffic through the same network you exit traffic through. As all traffic to Open Source ‘exits’ through the Tor network, entering your traffic through a VPN first will reduce your vulnerability to membership revealment attacks. The attacker will have to determine who all in your area uses any anonymizing technology and put all of them under meatspace surveillance, there are likely to be far more people in your area using some sort of proxy system than there are people using Tor in particular. This will substantially increase the cost of putting all ‘potential targets’ under surveillance.

Using a VPN is helpful but it is not the most ideal solution. Your crowd space against a membership revealment attack will increase but perhaps not by much depending on the particular area you work out of. Also, a particularly skilled attacker may be able to determine you are using a VPN to connect to Tor by fingerprinting traffic streams. Tor traffic is padded to 512 byte size packets, normal VPN traffic is not. By filtering for 512 byte streams, an attacker can determine who all is using Tor in a given area. VPN’s protect from IP routing based membership revealment attacks but not from traffic fingerprinting membership revealment attacks. However, it is less likely that an attacker will be able to do a traffic fingerprinting membership revealment attack. The Chinese intelligence services apparently are still using IP address based attacks to block access to the Tor network. This is not nearly as effective as traffic fingerprinting based attacks. This could be an indication that traffic fingerprinting membership revealment attacks are more difficult to carry out (likely), however it could also be due to a lack of skill on the part of Chinas intelligence services. It could also be that China is not particularly interested in blocking/detecting all Tor traffic and IP address based attacks meet their requirements.

A better option than using a VPN would be to set up a private VPS and then enter all of your Tor traffic through this. Doing this will make you much more resistant to IP address based membership revealment attacks because now the attacker will not even be able to narrow you down to all people in your area using any anonymity technology. This is still weak to traffic fingerprinting membership revealment attacks!

Perhaps the best option to avoid membership revealment attacks is to use open or cracked WiFi from a different location + Tor every single time you connect. You could even use open Wifi + VPN/VPS + Tor for very high security from membership revealment attacks. Using random (not your neighbors) open/cracked WiFi greatly increaces your resistance to a wide variety of identity revealing attacks. An attacker can still do membership revealment attacks on users of open WiFi but they can no longer gain useful intelligence from the attack. If they detect that an open WiFi connection unrelated to you is using Tor it can not be used to put you under meatspace surveillance unless they manage to identify you (facial recognition from CCTV cameras, etc).

If you are operating as part of a group you can avoid membership revealment attacks via smart organizational policy. The person responsible for communicating with customers should be different from the person shipping orders. Now the customers are incapable of determining where your actual rough geolocation is because product is sent from a different geographic area than you communicate from. Your shipper should be aware that they will potentially come under scrutiny via a geolocation + membership revealment attack, especially if they use Tor to enter traffic.

nother option is to configure Tor to use a bridge. Tor bridges are designed to allow people in nations such as China the ability to connect to the Tor network. China uses IP address based blocking to prevent users from connecting to known Tor nodes. Bridges are Tor entry guards that are not publicly listed and have a limited distribution mechanism. You can get some Tor bridge IP addresses from the Tor website. We do not suggest you use Tor bridges because they replace your entry guard and they are under crowded. This will lead to a lot less multiplexing on your Tor circuit and can hurt your anonymity in other ways, although it will indeed offer some level of protection from membership revealment attacks. China has managed to detect about 80% of Tor bridges, it is likely that NSA knows all of them. Police agencies in the West are probably not yet particularly worried about locating bridge nodes but they can probably do so with near the same accuracy as China. In our opinion it is not smart to rely on a Tor bridge to protect you from membership revealment attacks in most cases.

Step Four: Know how to do safe product transfer, handle finances safe

Note: Although customers sourcing from Open Source are encouraged to take the best security measures they can, it is not likely required for them to utilize advanced operational security regarding mail (such as fake ID boxes, tactical pick utechniques, etc). Because the vendors allowed to be listed here have been highly screened it is likely safe for customers to have product delivered directly to their homes. If you only work with highly trusted and trusted vendors your biggest concern will be a package being intercepted!

07/5/12

The Deep Dark Web -Book

gAtO sAy -mEoW you all- we have a new book coming out soon “The Deep Dark Web” and just wanted to write this as the foreword for the book, I thought it was interesting …//looking for peer review of book…write us

This book is to inform you about “The Deep Dark Web”. We hear that it’s a bad place full of crooks and hackers, but it is more a place were you have total anonymity as an online-user and yes there are ugly places in the dark web but it’s a small part of it. What it really is all about it’s freedom of expression, freedom of speech worldwide, supported by “us/we” the users of the network. It’s not controlled by any government, but blocked by a few like Syria, Iran, Ethiopia, China to name a few governments that want to deny their own people free access to information, to speak freely about their grievances and unite to tear down there walls of oppression.

Pierluigi and I (gAtO) share a passion for cyber security we write different blogs Pierluigi has http://securityaffairs.co/wordpress/ and my site is uscyberlabs.com . We also write at other blogs and print media. We did’nt know it at the time but, we were writing cyber history as the 2011- 2012 cyber explosion took off we were at ground zero writing about Stuxnet, HBGrays, the LulzPirates, Anonymous but the Arab Spring was an awaking :

The recent revolution in Egypt that ended the autocratic presidency of Hosni Mubarak was a modern example of successful nonviolent resistance. Social Media technologies provided a useful tool for the young activist to orchestrate this revolution. However the repressive Mubarak regime prosecuted many activists and censored a number of websites. This made their activities precarious, making it necessary for activists to hide their identity on the Internet. The anonymity software Tor was a tool used by some bloggers, journalists and online activists to protect their identity and to practice free speech.

Today we have lot’s of anonymity communication tools I2P, Freenet, Gnunet and Tor to name a few. Why did the TorProject.org Tor-.onion network become the facto application to get free, private, anonymized Internet access. My conclusion is it’s humble beginnings with “Naval Research Project & DARPA (Defense Advanced Research Project Agency) ” sponsored, maybe you heard of DARPA they kinda created the Internet a long time ago. The government wanted to have a communication secure media that would piggy-bak on the establish Internet. From my point of view when they saw how good this worked the government used it to allow it’s agents to quietly use the network for CIA covert operations (just to name a few alphabet soup government agencies that use it). For example a branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

Journalist got a hold of this tool and they too were able to file reports before governments agents censored their interviews and film footage. The EFF (Electronic Frontier Foundation) got a hold of the Tor-networks and promoted it to maintaining civil liberties online. When the common business executive visited a foreign country (like China know to monitor foreigners Internet access) they now had a way to securely connect to their corporate HQ data-center without being monitored and giving away IP (Intellectual Properties). The Tor-Network became to good and the bad guy’s moved in to keep their illegal business safer from the law. The Internet Cyber-criminal has used the claer-web since the start so of course they went over to the Tor-.onion network because it works if you use it right and keeps you anonymous online.

With all this happening and the “Year of the Hack 2011” you can see why security geeks like Pierluigi and I became intrigued with this subject and we teamed up to write this manuscript hoping to answer some of the questions our friends, and peers were asking us about this mysterious hidden world call the deep dark web. We outlined a table of content and started to write about it in our blogs and the story unfolds from here to you. We hope to educate you on how this network works without too much geek talk (ok just a little). We cover the cyber criminals and their ecosystem we cover the financial currency (bitCoins) that is replacing fiat currencies all over the world during this unstable financial times. We tried to cover all the good , the bad and the ugly of the .onion network. We hope it will answer some of your questions but I am sure that more question will come up so feel free to come to our websites and give us a shout and ask your questions about the deep dark web…. - gAtO oUT

06/20/12

NATO and Cyber WarFare

“The world has changed. Now we’re living in the era of cyber weapons”, said Eugene Kaspersky whose laboratory uncovered the virus, or cyber weapon, believed to have been used by the United States and Israel to attack Iran’s nuclear programme. From criminal activity, to international terrorism and inter-governmental warfare, he fears the worst and called for an international treaty to combat it at the Reuters Global Technology, Media and Telecoms summit held in London recently.

NATO Secretary General Anders Fogh Rasmussen while on a visit to Australia this week said that NATO and its partners face increasingly complex and unpredictable security challenges. He pointed to terrorism, cyber attacks and piracy as examples of the global security challenges that both NATO and Australia face. He said that a cyber attack disrupted the Parliament House website two years ago and that Australian government departments and ministerial offices are regularly subjected to similar attacks. In recent months financial institutions have been targeted as well. “I am convinced that our cooperation should also encompass maritime security and cyber security”, the Secretary General said.

NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) was formally established in May 2008 in order to enhance NATO’s cyber defence capability. Based in Tallinn, Estonia, the Centre is an international effort that currently includes Estonia, Latvia, Lithuania, Germany, Hungary, Italy, Poland, Slovakia, Spain, the Netherlands and USA as Sponsoring Nations.

23 NATO and six partner nations were involved in Cyber Coalition 2011, NATO’s main yearly cyber exercise. Assistant Secretary General for Emerging Security Challenges, Ambassador Gabor Iklodysaid:

I am delighted to see so many participants joining us for NATO’s major annual cyber coalition exercise. The number of players and observers is growing every year. This demonstrates the high importance that Allies and partners attach to achieving better protection against rapidly increasing cyber threats and also confirms NATO’s recognition as a key player in cyber defence.

In February 2012, a 58 million Euro contract was awarded to establish a NATO Cyber Incident Response Capability (NCIRC), to be fully operational by the end of 2012. A Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness. In March the NATO Consultation, Command and Control Agency (NC3A) was awarded the contract for upgrading NATO’s cyber defence capabilities. Private industrial companies will enable the NCIRC to achieve full operational capability.

On 26 April, Spiegel Online reported that ‘NATO Faced with Rising Flood of Cyberattacks’. “Each day, we are seeing up to 30 significant attacks on our digital networks or on individual computers, mostly by way of emails infected by spyware and sent to individual NATO employees,” said Lieutenant General Kurt Herrmann from NCSA, which was founded in 2004 and has been operational since 2005. A further expansion of NC3A is anticipated next year. It was two years ago, that NATO officially identified the danger of cyber attack against member states as a strategic threat.

Earlier this month, 400 experts from all over the world gathered in Tallinn for the fourth International Conference on Cyber Conflict (CyCon 2012) organised by the NATO Cooperative Cyber Defence Centre of Excellence. The conference topic was Military and Paramilitary Activities in Cyberspace, and focused on aspects of law and policy, strategy and technology.

Author of ‘Virtual War’ and University of Toronto professor Michael Ignatieff writes in the Financial Times that:

Virtual technologies make it easier for democracies to wage war because they eliminate the risk of blood sacrifice that once forced democratic peoples to be prudent…Drones and cyberwar technologies are so cheap that it will be impossible to keep them under the lock and key of the sovereign. The age of the super-empowered, and therefore super-dangerous, individual has arrived.

Our cybersystems are now under constant attack and it is in responding to these attacks that they become more secure. States will have to allow the global community of coders and engineers who built and maintain the internet the freedom to keep the malware at bay and keep the system open for the rest of us….The new technologies are so easy and cheap to produce that the best international law and state action can hope for is to generate a limited set of shared norms to prohibit their most harmful uses.

NATO Policy on Cyber Defence, ‘Defending the Networks’ is available on the alliance’s website. It states that:

The 2010 NATO Strategic Concept highlighted the need to “develop further our ability to prevent, detect, defend against and recover from cyber-attacks…”. Threats are rapidly evolving both in frequency and sophistication. Threats emanating from cyberspace – whether from states, hacktivists or criminal organisations, among many others – pose a considerable challenge to the Alliance and must be dealt with as a matter of urgency.

A NATO Concept on Cyber Defence was first drafted for Defence Ministers in March 2011, which formed the conceptual basis of the revised NATO Policy on Cyber Defence. The Policy itself was then developed and approved by the NATO Defence Ministers on 8 June.

Cyber threats transcend state borders and organisational boundaries. Their vulnerabilities and risks are shared by all. Recognising the truly global nature of cyberspace and its associated threats, NATO and Allies will work with partners, international organisations, academia and the private sector in a way that promotes complementarity and avoids duplication. NATO will tailor its international engagement based on shared values and common approaches. Cooperation in the field of cyber defence could encompass activities including awareness-raising and sharing of best practices.

NATO is in the process of drafting an international law manual which will address concerns surrounding the prospect of cyber warfare, and how member states can best cooperate to mitigate mounting threats to network security. Publication is expected by the end of 2012. Colonel Ilmar Tamm, Director of the NATO Cooperative Cyber Defence Centre of Excellence said:

“Various states have managed to agree on laws that govern borders, international sea and air space, even outer space – but now we are faced with the task of adapting or creating laws and precedents for cyberspace…”

Speaking at CyCon 2012, Major General Jaap Willemse, Assistant Chief of Staff Command, Control, Communication, Intelligence, Allied Command Transformation said that NATO is not considering launching a barrage of computer-based attacks. There are huge political, legal and diplomatic objections.”…”NATO does not have the doctrine, command and control, educational support or other factors needed to run an offensive capability.”

Reference — http://www.natowatch.org/

http://uscyberlabs.com/blog/wp-content/uploads/2012/06/NATO_cyber_logo.jpg

06/5/12

Iran Cyber Problems -bad antivirus software

Iran Cyber Problems

gAtO mOnItOrEd – Iran Tor-Relays last night they had blocked all public relays so nobody could use the ToR network. Of course as long as you have private unlisted ToR relay people from Iran could still use the ToR network on the Internet. On the other side of Iran’s Cyber Warfare the Flame cyber worm – is still kicking ass and taking names in Iran. U.S and Israel have accepted the role of chief cyber warrior of the Stuxnet, DuQu and Flame. Some of the first cyber weapons ever made and deployed on a covert mission’s. Do you think that this cyber weapons did not use ToR networks to hide their C&C server never to be found??? So here we have a country suppressing ToR communication (and suppressing Flame, DuQu and StuxNet C&C ToR Communication) and being attacked by 2 of the largest countries in the world. gAtO would call this cyber warfare.

cyber war profiteers –> Who stands to make the most business ($$$) in this cyber warfare. We in the west have Norton, McAfee and other’s to protect our computers and business and government computer enterprise systems – but they cannot do business with Iran- We just had Symantec pull out of a deal with China’s Huawei because of a U.S-DOD contracts-/ a friend pointed to eset.com as the number one anti-virus software distributor to Iran./ When the Iranian government want’s to protect their computers they turn to Eset corporation for their enterprise cyber security support and service. So who are they?

Alexa the number one SEO company – http://www.alexa.com/siteinfo/eset.com – shows Iran is their number one customer—. Why? Eset is based out of the Slovak Republic , Bratislava the capital of Slovakia. It’s not silicone valley – I never heard of a high tech center and educated cyber security experts from that side of the world— We know this area more for cyber criminals but now this little company out in the middle of know-where has some interesting customer. Those countries that nobody wants are becoming their cyber customers, and it looks like Eset is a growing business.

Eset – Contact info: – http://www.eset.com/us/about/contact/ – They have offices in Czech Republic, Singapore, Argentina and the U.S.A – —/$#@! – So the company that is providing the anti-virus software for Iran has offices in America, with American business as customers- gAtO don’t like that much that is why I mentioned it.

Anti-virus software controls every aspect of the safety and security of your computer, your anti-virus software has deep ties to your computers. So this little anti-virus company is now a world player. It could also be our allied and work with us.

From a business point of view – First of all I would fire them. If I was the Iranian government, Stuxnet, DuQu and Flame the same MO and my anti-virus software does not catch it -new business but, oh well if Iran fires them who else would step into this position. This show to gAtO that the old weapon dealers have turn to legit, cyber counter weapons dealers/

customers metric’s: Imagine the statistics from Eset on Iranian government sites?

As a security researcher I just don’t like that Eset is in the U.S.A if they get American customers they can maybe sell their stats to Iran. Security companies like anti-virus have a lot of power. Just a simple update and the new spy-ware can get in and turn on your camera or just record your speech in your house or office. I would stay away from Eset anti-virus software solution – just for me gAtO oUt…

Reference:

Iran Top Sites : http://www.alexa.com/topsites/countries;0/IR

Bratislava: http://en.wikipedia.org/wiki/Bratislava

Alexa-Eset – http://www.alexa.com/siteinfo/eset.com

Eset about page - http://www.eset.com/us/about/contact/ .

WhoIs - http://whois.domaintools.com/eset.com

Registrant:

ESET, spol. s r.o.

Peter Pasko

Einsteinova 24 Aupark Tower, 16th Floor

Bratislava, 85101

Phone: +421.232244111

Email: sysadmin@eset.com

Registrar Name….: Register.com

Registrar Whois…: whois.register.com

Registrar Homepage: www.register.com

Domain Name: eset.com

Created on…………..: 2001-04-18

Expires on…………..: 2013-04-18

Administrative Contact:

ESET, spol. s r.o.

Anton Zajac

610 W Ash St, Ste 1900 Suite 1900

San Diego, CA 92101

Phone: +1.6198765404

Email: sysadmin@eset.com

Technical Contact:

ESET, spol. s r.o.

Anton Zajac

610 W Ash St Suite 1900

San Diego, CA 92101

Phone: +1.6198765404

Email: sysadmin@eset.com

DNS Servers:

e.ns.lanechange.info

ns4.lanechange.net

ns2.lanechange.net

ns3.lanechange.net

ns1.lanechange.net

http://uscyberlabs.com/blog/wp-content/uploads/2012/06/eset_traffic.tiff

05/31/12

Monitoring Cyber Iran and Syria in the ToR network

gAtO wAs mOnItOrInG – bad ToR-Relays and found that during this unrest in Iran and Syria. We have 17 bad ToR-Relays 95% in Iran and Syria. This is how the shut down the network to suppress information communication securely to the outside world. Time stamp is 05-31-2012 00:52:05 MET.
Tor Network Status – http://torstatus.blutmagie.de/index.php you can find all kinds of information about the .onion relays that make up the networks.
While back in cyber world —:Stuxnet – Flame – I can tell you that lot’s of Iranian site use older web apps , cms, jommla and they have vulnerabilities.
http://uscyberlabs.com/blog/2012/02/10/1890/
But they are educated and everyone learns from being attacked. When you underestimate your enemy you are going to lose.
Example :-gAtO been working on a ToR project and last night I was monitoring the ToR-Relays for bad ones and 15 out of 17 -ToR-Relays all doing exit node were Iranian and Syrians all bad and compromised. With the unrest in the news with Iran and Syria these two countries were playing with Tor-Relay nodes to extract exit information on dissidents. If they catch some dissident posting anti-Iran, anti-syria online and they will find their IP and kill them. In the middle-east hacktivist may pay the ultimate price and the CIA and others are communicating with the rebels using the ToR-.onion network the invisible web takes on a new importance during crisis time.

All goes underground under the radar but it show’s that they have an active cyber policy, with countermeasure and surveillance. These guy are fighting back anyway they can.

Cyber and culture must be understood, the more you invest in your infrastructure the more vulnerable you will become and how a society integrates the technology into it’s culture will make changes, trust me business will love it but in the middle east religion is very important geo-political tool and propaganda is the number one thing I see while surfing the Iran. Syria websites.

Today I see “cyber ambiguity” from Israel –On Tuesday, a day after a Moscowbased security company revealed that a new cyber weapon called “Flame” had struck Iran, Vice Premier and Minister of Strategic Affairs Moshe Ya’alon fueled speculation of Israeli involvement by praising Israeli technological prowess in response to a radio interview on the issue.

Israel, he said, was blessed with superior technology. “These achievements of ours open all kinds of possibilities for us,” he said.

Prime Minister Binyamin Netanyahu said when he spoke that evening that when it comes to cyberspace, the size of a country is insignificant – but that there is great significance to a country’s “scientific strength, and with that Israel is blessed.”
http://www.jpost.com/Features/FrontLines/Article.aspx?id=272264
As all these state actor play cyber games with cyber war, gATo will keep monitoring the ToR network to look and see and learn about societies in cyberspace -gATO oUt

http://uscyberlabs.com/blog/wp-content/uploads/2012/05/iran_Tor_01.tiff

05/30/12

Hide SCADA in the ToR network – ..-hiding in plain site..

Hide SCADA in the ToR network – ..FREE-hiding in plain site..

any internet connection 2-ToR

gAtO cAn -now provide your company a FREE .onion network – reliable 24/7 secure / encrypted / untraceable communication between your SCADA systems talking to each other and the main office giving you real-time data from any remote SCADA site. As an example from Scheider Electric white paper on – Video Surveillance Integrated with SCADA – White Paper – we can now take that physical video security of all your remote video assets and transmit them securely, encrypted and untraceable to anyplace in the world to your datacenter. When going in and out of the invisible .onion network, you can control the entry and exit relays so picking safe verified relays to use is easy, or you can use your own relays, the more relays the better the system becomes at making you more invisible. The more people that use it the more untraceable and unmonitored it becomes. This kind of SCADA communication in the ToR- onion network redefines geo-political digital boundaries. Since it rides on any Internet connection it can be used anywhere.

in the ToR-.onion network merchants can’t spy on you and they can’t steal your information

Not if but when —business take over the ToR- .onion network it will change the landscape and give it more order but it will still give the user anonymity thats the key to this network your signal, your voice cannot be found but you can still communicate. The ToR- .onion network rides not on top or the bottom of the digital super-highway but thru it.

Let’s keep in mind that access to the ToR-.onion network is FREE to anyone and your company’s use of the network makes it safer for everyone since the more people use it the more unreachable-undetectable you become. But in business you also have to deal with hostile governments and protecting your people and assets thru a ToR .onion network becomes even more critical. You can still operate but be safe and secure in your business communications.

The ToRProject.org is something that is making an impact on the very lives of people that want to have a free safe secure voice. Just look at Mr Chen a dissident from China he was jailed because he spoke up about the disable in China. The ToRProject.com helps people like Mr. Chen speak and to remain in anonymity. But by adding real business -reays into the ToR- .onion network we will give these people and the business more transparency, it makes you more invisible on the internet. You can donate to the ToR project and it’s a 501(c), so it’s deductible. Look at the donors list and see who support this invisible network. U.S Naval Research, National Science Foundation- DARPA – National Christian Foundation are some of the people supporting the ToR Project, it’s not so bad if they use it— see lab Notes below -

How you gonna hack what you can’t find, can’t see and can’t trace to you?

Just think mr. bankers a free secret untraceable encrypted-communication place were you can do your banking deals -in secret- and nobody but you and your closes friends know it even exist, not the government, not your spouse and harder for criminals to find your valuable data. It hides you in an Internet bubble of packets were nobody knows who you are or how to find you. Try can’t even tell it’s a ToR- .onion network it hides it’s signal to blend into the bit’s and bytes of the landscape in the digital noise.

Technically it pretty cheap get the free software as many copies as you need FREE!!! No volume pricing no updates FREE!!! Once your computer that talks to the internet hooks up to a ToR- Relays it’s in the matrix. If you add your own ToR-Relays you can use trusted Relays as entry and exit nodes into the ToR-.onion network so you can let the program use it randomness or choose a path into a FREE invisible communication media accessible from any Internet connection. -

The ToRProject.org is currently still fighting censorship and monitoring in China, Iran, Syria and others were people are being killed and sent home in small boxes to their relatives. Because that person could not use a ToR-network access to his gmail account that was monitored they showed him his emails and his guilt and killed him. That’s how brutal it can become if you cannot have a safe secure access to a basic email to communicate with the world. Government will kill you for what you say. Donate to the ToRProject.org

It’s easy -if all else fails call the gAtO I can help your business become invisible in/on the Internet- gATO oUt.

We use the ToR network for all communication in SCADA systems. Here are a few SCADA White papers try them with ToR- .onion Networks.

lab Notes— gAtO 5/29/12

Tor: Sponsors

The Tor Project’s diversity of users means we have a diversity of funding sources too — and we’re eager to diversify even further! Our sponsorships are divided into levels based on total funding received:

Magnoliophyta (over $1 million)

An anonymous North American NGO (2008-2012)
Broadcasting Board of Governors (2006-2011)

Liliopsida (up to $750k)

Sida – Swedish International Development Cooperation Agency (2010-2012)

Asparagales (up to $500k)

Internews Europe (2006-2008)
National Science Foundation via Drexel University (2009-2011)

Alliaceae (up to $200k)

You or your organization?

Allium (up to $100k)

NLnet Foundation (2008-2009)
Naval Research Laboratory (2006-2010)
An anonymous North American ISP (2009-2012)

Allium cepa (up to $50k)

More than 2700 personal donations from individuals like you (2006-2012)
Google (2008-2009)
Google Summer of Code (2007-2011)
Human Rights Watch (2007)
Torfox (2009)
Shinjiru Technology (2009-2011)
National Christian Foundation (2010-2012)

Past sponsors

We greatly appreciate the support provided by our past sponsors in keeping the pre-501(c)(3) Tor Project progressing through our ambitious goals:

Electronic Frontier Foundation (2004-2005)
DARPA and ONR via Naval Research Laboratory (2001-2006)
Cyber-TA project (2006-2008)
Bell Security Solutions Inc (2006)
Omidyar Network Enzyme Grant (2006)
NSF via Rice University (2006-2007)

WiKi-Pedia

http://en.wikipedia.org/wiki/SCADA

SCADA (supervisory control and data acquisition) generally refers to industrial control systems (ICS): computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:

Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems.
Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption.

A SCADA system usually consists of the following subsystems:

A human–machine interface or HMI is the apparatus or device which presents process data to a human operator, and through this, the human operator monitors and controls the process.
A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process.
Remote terminal units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.
Programmable logic controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.
Communication infrastructure connecting the supervisory system to the remote terminal units.
Various process and analytical instrumentation

http://uscyberlabs.com/blog/wp-content/uploads/2012/05/Scada_Comm_01-300x258.png

05/27/12

Information Leakage -Scrubbing Document Formats

gAtO tHiNk - that our documents have too much information about us – it’s called metadata and it’s embedded in the picture you just took with your iPhone/android phone. It has your geo-location and other information that you should clean up before you post it on Facebook or Pintrest -so here a re a few tips to keep you paranoid.

Many document formats conveniently embed personally identifying attributes, and sometimes even attempt to limit redistribution. This can be problematic to whistle blowers who need to produce/deliver incriminating memos and photos to journalists, and also to academic researchers who wish to electronically publish their work anonymously.

Microsoft Office

Microsoft Office embeds your name, machine name, initials, company name, and revision information in documents that you create.

According to Microsoft’s knowledge base article on the Metadata, the best way to remove all personal metadata from a document is to go to Tools | Options | Security Tab | “Remove personal information from this file on save”. Be warned that this does NOT remove hidden text and comment text that may have been added, but those tasks are also covered in that article.

Microsoft also provides the Remove Hidden Data Tool that apparently accomplishes those same functions but from outside of Microsoft Office.

This NSA Guide to sanitizing documents might also be of some interest, but I think the Microsoft KB articles cover the info better and in more depth.

StarOffice/OpenOffice

By default, users of StarOffice/OpenOffice are not safe either. Both of these programs will save personal information in XML markup at the top of documents. It can be removed by going to File | Properties and unchecking “Apply User Data”, and also clicking on “Delete”. Unfortunately it does not remove creation and modification times. It’s not clear how to do this without editing the file raw in a plain text editor such as notepad.

Document DRM – Digital Rights Mangement

Document DRM can come in all shapes and sizes, mostly with the intent to restrict who can view a document and how many times they can view or print it (in some cases even keeping track of everyone who has handled a document). For whistleblowers who need to circumvent DRM to distribute a document, the most universal approach is to use the “Print Screen” key to take a screenshot of your desktop with each page of the document and paste each screenshot into Windows Paint and save it. Some DRM software will attempt to prevent this behavior. This can be circumvented by installing the 30 day trial of the product VMWare Workstation and installing a copy of Windows and the DRM reader onto it. You can then happily take screenshots using VMWare’s “Capture Screen” or even the “Capture Movie” feature, and the DRM software will be none the wiser. With a little image cropping, you can produce a series of images that can be distributed or printed freely.

The VMWare approach may be problematic for DRM that relies on a TPM chip. The current versions of VMWare neither emulate nor provide pass-through access to the TPM. However, TPM-based DRM systems are still in the prototype stage, and since it is possible to emulate and virtualize a TPM, it should only be a matter of time before some form of support is available in VMWare.

Depending on the DRM software itself, cracks may also be available to make this process much more expedient. Casual searching doesn’t turn up much, most likely due the relative novelty (and public scarcity) of document-oriented DRM. Note that when doing your own google searching for this type of material, be sure to check the bottom of the page for notices of DMCA 512 takedowns censoring search results. It is usually possible to recover URLs from chillingeffects’ C&D postings. That, or use a google interface from another country such as Germany.

Image Metadata

Metadata automatically recorded by digital cameras and photo editing utilities may also be problematic for anonymity. There are three main formats for image metadata: EXIF, IPTC, and XMP. Each format has several fields that should be removed from any image produced by a photographer or depicting a subject who requires anonymity. Fields such as camera model and serial numbers, owner names, locations, date, time and timezone information are all directly detrimental to anonymity. In fact, there is even a metadata spec for encoding GPS data in images. Camera equipped cell phones with GPS units installed for E911 purposes could conceivably add GPS tags automatically to pictures.

The WikiMedia Commons contains a page with information on programs capable of editing this data for each OS. My preferred method is to use the perl program ExifTool, which can strip all metadata from an image with a single command: exiftool -All= image.jpg. MacOS and Linux users should be able to download and run the exiftool program without any fuss(for Ubuntu install package libimage-exiftool-perl). Windows users will have to install ActivePerl and run perl exiftool -All= image.jpg instead. Running exiftool without the -All= switch will display existing metadata. The -U switch will show raw tags that the tool does not yet fully understand. As far as I can tell, the -All= switch is in fact able remove tags that the tool does not fully understand.

Another easy way to remove all metadata from an image it to open it in MS Paint, copy it, and paste it into another copy of paint. The Windows clipboard only copies the raw pixels and leaves the metadata behind. -gAtO oUt

contraseña vIeJa

Weaponize the Tor Network:

Mapping Tor Relays

Cyber Illuminate – Prism

Government use of Cyber Weaponized Exploits

Stopping Pedophile websites in Tor

Tor friendly ISP

Tor Websites over 1/3 TANGO DOWN

Do You Want To Play a Cyber War Game China?

Tor OR-relay map of Italy

Finding Tor Websites –geo-location

Tor – Unix Commands

Tor Tells It’s Secrets

Tor is NOT the ONLY Anonymous Network

China Hackers found in Tor

Finding the Bad Guy’s in Tor -triangulated irregular network

Tor Website 36% are Criminals Sites

Mapping Tor Websites

Currency of the Cyber Economy

Cyber Women and Hollywood

China Cyber Attack -AGAIN

@gAtOmAlO2 tweets
Loading tweets ...
Follow @gatomalo2 on twitter.

-0-1-0-1-0-1-0-1-0-1-0-1-
.onion network Anonymous Banks BitCoins Black Hats China Attacks china cyber china espionage China Hack China security Chinese Goverment cyber-spies cyber-thieves Cyber Criminals Cyber Dissident Cyber Espionage Cyber Financial Cyber Intelligence Cyber Monitoring Cyber Notebook Cyber Policies Cyber Politics Cyber Reputation Cyber Revenue Cyber Strategy Cyber Study Cyber Threats Cyber Tools Cyber War Cyber Warfare Cyber Weapon Dark Web Deep Web Goverment Hackers Hacks Hacktivist human rights Information Warefare Infrastructure Notes to Myself Onion Web Social Media ToR Tor Network

mUsIcA by gAtO

Celtic Salsa

d-beat of my heart

classical Maggie

alissa's song

gAtO_jam 01

gravity down

mandy's soundsbox

gAtO_jam 02

1-cry-4-d-night

Copyright Notice 2012

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of USCyberLabs.com and the USCyberLabs member that posted this content--this includes using our RSS feed for any purpose other than personal use. ©Copyright ™uscyberlabs.com 2012

USCyberLabs

Cyber Security Notebook

Category Archives: cyber-spies

OSx -Tor Web Crawler Project

CyberPeace -not- CyberWar

Cyber Jihad Intelligence last 6 months in 2012

Jihad Intelligence last 6 months in 2012

Jihad Intelligence last 6 months in 2012

Online Security Basic -should I use encryption

NATO and Cyber WarFare

Iran Cyber Problems -bad antivirus software

Monitoring Cyber Iran and Syria in the ToR network

Hide SCADA in the ToR network – ..-hiding in plain site..

Tor: Sponsors

Magnoliophyta (over $1 million)

Liliopsida (up to $750k)

Asparagales (up to $500k)

Alliaceae (up to $200k)

Allium (up to $100k)

Allium cepa (up to $50k)

Past sponsors

Information Leakage -Scrubbing Document Formats

Microsoft Office

StarOffice/OpenOffice

Document DRM – Digital Rights Mangement

Image Metadata