Category Archives: Cyber Strategy

05/10/12

MarkMonitor Internet Kill Switch or Wiretapping?

The Internet Kill Switch; With Global Wiretapping Capability?

One company to rule them all
One company to find them;
One company to bring them all
And in the darkness bind them

Recently run any whois queries on Google? No? How about Facebook? MSN, or
Hotmail? Yahoo? You might be surprised, comparing the results.

Nice, innit? See the “Last Updated” part also.

Domain Name: google.com
Updated: 4 hours ago - Refresh

Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Status: clientDeleteProhibited, clientTransferProhibited, clientUpdateProhibited, serverDeleteProhibited, serverTransferProhibited, serverUpdateProhibited

Expiration Date: 2020-09-14
Creation Date: 1997-09-15
Last Update Date: 2011-07-20

The brand-protecting, anti-piracy company MarkMonitor Inc. has had all these
DNS names under its control for several months now.

They also control the Wikimedia name services, even though that doesn’t show
up on the Wikimedia.org whois record. There are many others. Apple.com falls
under their jurisdiction, as does ubuntu.com. Nokia.com? Yep, under
MarkMonitor. See a pattern here?

MarkMonitor also is a trusted Certificate Authority; they have, in essence,
the means to fabricate safe-looking SSL connections for you, to whichever host
they want. Your browser will not sound any warnings of possible
man-in-the-middle attacks.

MarkMonitor is a company that can own most people’s “Internet” in minutes. It
now controls all three top free e-mail providers directly, and I suppose it’s
safe to say, most currently active social media sites too.

See for yourself. Whois yahoo.com, whois google.com, whois gmail.com, whois
facebook.com, whois fbcdn.com, whois hotmail.com, whois msn.com… the list
seems endless.

How’d all this happen?

This company has acquired complete access to monitor, eavesdrop, censor and
fake any user of these popular Internet services in about one year (2011). In
almost complete silence. For several of the sites, it also provides “firewall
proxy” services, which means it is actually paid to intercept all
communications. In and out.

The situation reminds me of Joseph Lieberman’s 2010 initiative to create an
“Internet kill switch” for the U.S.

The government only needs to control this one company, and most social media,
most free e-mail, most search engines will be under its control. Not to mention
most operating systems, for both computers and mobile devices.

Not only inside U.S., but globally. One company to rule them all.

I, for one, would like to ask; WTF is going on? How did these guys, this
relatively small domain-hogging and pirate-chasing company, get the resources
to simply acquire the DNS records of all the most popular Internet services?
How can this be so totally ignored by the media, and even privacy advocates?
Even conspiracy theorists seem to be completely ignoring the situation.

Secure communication is an illusion

Only one company to rule them all? As if all this doesn’t sound bad enough,
the problem is far more widespread. MarkMonitor could easily act as a global
“kill switch” for the sites under its rule. But as it turns out, most anyone
with some resources could just as easily impersonate MarkMonitor itself.

Because, as one might have noticed in the past few months, the whole SSL
certificate scheme is broken. Not in a technical sense – there’s no known
inherent weakness in the algorithms. But the whole SSL protection is based on
trust, and that trust has failed us.

According to several sources, SSL CA certs are routinely given out to anyone
willing to pay for them. As The Register points out in its analysis on
TrustWave spying scandal:

“Those defending Trustwave suggested that other vendors probably used the same
approach for so-called “data loss prevention” environments – systems that
inspect information flowing through a network to prevent leaks of commercially
sensitive data.”

“In fact Geotrust was openly advertising a ‘Georoot’ product on their website
until fairly recently.”

http://www.theregister.co.uk/2012/02/14/trustwave_analysis/

Oh, so the ability to impersonate anyone is normal day-to-day practise for big
business? Just imagine what government agencies must be doing – for example in
Sweden, where the military intelligence organisation FRA has the mandate to
monitor all traffic across borders.

Who can seriously claim they trust all the hundreds of different CA companies,
several of which have been caught red-handed with selling out their customers’
security, or covering up very serious breeches (up to and including their root
certificates being stolen).

http://nakedsecurity.sophos.com/2011/04/06/eff-uncovers-further-evidence-of-ssl-ca-bad-behavior/

MarkMonitor is a “brand-protecting” company. Traditionally its business has
been reserving domains to protect brands. You buy its service, it makes sure
that nobody else can have “mybrandsucks.com”.

Also, they’re an anti-piracy outfit. Their entire business is based on
protecting IP.

http://www.marketwatch.com/story/markmonitor-to-exhibit-at-internet-tech-policy-exhibition-and-reception-to-be-held-on-capitol-hill-2012-01-24

Just saying, someone should probably question them and their customers. Why
does Google, who always “do things themselves”, externalise these vital parts
of its network? How come all the competing phone and OS vendors, who sue each
other all the time, suddenly trust this one company?

And then there’s all those competing social media companies, who practically
thrive on what others call “IP theft”, including their users sharing text,
images, music, videos and links?

Big questions. Defy common sense. Need answers.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
04/21/12

ToR-Relays -DeepWeb Info

Inspector -information about ToR-Relays

gAtO iS hApPy pUpPy – found the ToR Inspector site in the .onion. This site has information about all ToR-Relays around the world and it indicates if this ToR-Relay is BAD-GOOD-ERROR-REJECT status. Let’s say that you are planning an adventure into ToR land the (paranoid security -techy-talk) thing about ToR that you have to remember is the Entry Node into ToR and the Exit Relay out of ToR. ToR- the .Onion is legal.

ToR security: When you go into ToR the .onion your computer must enter the -ToR-Matrix- so the first ToR-Relay is your entry point and when you leave the .onion your Exit-Relay is logged by your ISP. All they know is that you went into ToR and you left. They don’t know anything about your session in the deepWeb. Using the ToR network is not illegal so far today anywhere. In places like the middle east and China it’s becoming a problem for these governments so they try mess with the ToR-Relays all the time. On this site [1]ToR Relay Inspector you can see if your entry and exit -TOR-Relays are working good and have not been compromised.

IP - Router Details- Version-Platform Tor-Relay-information

 

 

 

With the tools on this page I can look at all the US ToR-Relays, or Russia, China I can see their status, I can see the current version of the relay so I know what can happened – Think of it as as Patch-management on the fly, we see the OS platform of the relay: Here is a clearWeb Example>of a ToR-Relay>

http://torstatus.blutmagie.de/router_detail.php?FP=bcc93397b50c1ac75c94452954a5bcda01f47215

 

Now that we know all this information about my ToR-Relay I may want to be active and select my own Entry-Exit ToR-Relay, on this page I can create an exclude-Entry-&-Exit-Node so when I can tell my ToR connection what to use. In a place like China were the government is always bring to find and corrupt ToR-Relays this is a great tool. As security people we need to look at this project which is Donation Only funding and help them. The DeepWeb is open just like Pandora the masses are exploring it and once they feel free and safe it may help them just like it did in the Arab Spring. gAtO know the deepWeb is being used by the bad guy’s too but just like a tool. With a hammer you can build a house or use it to hit mouses for gAtO dinner- This is a good page for any Security Reseracher to learn but some bad things are I can see the IP of all the Relays and maybe I can now do a DDoS attack to keep that Relays down – A government can use this tool to see every ToR-Relay in their country and DDoS them, maybe-sI-nO- gAtO oUt

 

InspecTor / ExcludeNodes generator

[1] http://xqz3u5drneuzhaeo.onion/users/badtornodes/

The following list provides information about relays that have been checked for injecting content over HTTP-connections.

Furthermore it allows you to create a string, that is used to prohibit your Tor client to use specific nodes when building circuits.

For more information you should read this useful HowTo.

If a relay is marked good, it doesn’t mean it is good at all, but the test went well. It could modify content under special circumstances.

This list is not complete (and won’t be), but will get updated regularly. New nodes appear every day and we also recheck known ones.

Note: This is not a real-time test, it was created a few hours or days ago.

 

For contact or to report suspicious nodes you know about, just use badtornodes@TorPM.

(GnuPG Public Key with fingerprint BBE0 C6B1 1245 07C9 8C48 2D67 1B4F 850B 0E1A 29E8)

I won’t publish the source code of this service in its actual state. If you have no trust in this list, don’t use it.


http://xqz3u5drneuzhaeo.onion/users/badtornodes/

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
04/15/12

Latino Anonymous Phenomenon

gAtO hAs- been following the Anonymous Phenomenon since it began a few years ago but gATO have also seen this year especially an ever increasing Latino flavor to Anonymous. As the Arab spring has taught people that are oppressed to band together and fight Latino Nations have also been targeted more and more. I know

ViVa CYbEr LaTiNos

that Latino Nations like Brazil has a great digital infrastructure and it’s a fact that as more and more countries integrate their digital infrastructure to support business and commerce the population have also adapted to this especially in the Smart-Phone and game console market. These devices have enabled many who were digitally oppressed to venture into the web. As we move into the digital world we of course become more vulnerable to the pit-falls of the web.

bIg mEoWs 2 LaTiNoS – I am glad that we are doing something online to make it a better world

gAtO is Latino born and I can tell you in some Latin Nations the government is oppressive so I can see why Anonymous and hacktavism is attractive and we see this phenomenon all over pasterbin more and more posting of the “el presidente” and such get hacked. Below I have included some of the current hacks – Columbia, Mexico, Spain and Brazil all kinds of latinos have banned under the Anonymous umbrella and learned that together they can fight to change their country and the world. Another thing is Latinas (yes the ladies) are more and more pressing the hacks and “Tango Down” has become not only a dance but a chance to feel strong, to feel free and empowered to do better for their families and friends  -gAtO oUt

Columbia

Web Hive Operation Colombia

http://pastebin.com/dAAbY97X”>http://pastebin.com/dAAbY97X

Mexico

********HACKED BY XEESOFT & IDEPENDENCIA MEXICO #SECTOR404*********

http://pastebin.com/thRF8qSC”>http://pastebin.com/thRF8qSC

Mexico helps Colombia hackers

Spain

http://pastebin.com/SGVw1xHB”>http://pastebin.com/SGVw1xHB

Brazil

http://pastebin.com/3SaeLMVd”>http://pastebin.com/3SaeLMVd

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
04/6/12

Supply Chain Cyber Attack

gATO rEaDiNg - 2012 Maindiant “An Evolving Threat” and Trend-Micro LuckyCat ReDux reports. Great reading for any security geek but most important it’s about the business side of the hack. Take the old smash and grab of financial information and split town, process the financial windfall and party like it’s 2999. Now it’s more beneficial for the criminals to stay inside the victims servers and collect intelligence and espionage. Ok let the gAtO break it down for you, not as a criminal that’s easy, as a state actor I would go after AeroSpace, Energy, Shipping, Military Research, Engineering, India  and Tibetan Activist… Wait a minute a India, a Tibetan Activist group, oh yeah you know it’s China but this is to be expected from China. Now the new spin is why would they go into a banks and use advanced persistent threats (APTs) hacks, well as gAtO understands it the Chinese have a shit load of MONEY— follow the money is not only an american thing it’s for every player in the world.

We have to look at the data through 3 different set of eye’s (magnifying glass with gAtO’s old EyE’s) but it’s still the same – Your data (ALL- your little company secrets) needs protection.

Here is the Score-Card your Business — versus – Competition, Government, Criminals, Hacktavist, Economic Espionage, Nuisance Hackers. On top of all this 94% of victims were notified by an external entity that they were hacked. If that doesn’t send chills down every board member in every company in the world, nothing does.

Here you are doing your business and let’s be frank some business well they walk a thin line sometimes like dumping medical and radioactive waste on a beach in New Jersey ( I know Snooki lives there) . IS your company maybe polluting the ground water for a 100 mile radius of the plant. This is not the information that they want hackers, or the press to get a hold of. “Remmember Rudolf Murdock News Hacking Empire- hey hack anyone for a buck”

Protect Customer Data yeah companies and governments want to protect it, but their little illegal/legal stuff companies do like hiding the report of the of shore oil well that just blew up and spilled all kinds of stuff all over the Gulf coast. These are the real thing that keep business people up at night worrying about hackers, it’s plain and simple cover your ass and let’s get that no bid government contract after we pay off the senator and we better encrypt that information…..

Hackers come in all flavors but if you look at the LuckyCat crewz these are very unique. Not only real computer scientist but marketing campaign and project management. They dual tier C&C (Command and Control), they use the victims supply chain to move laterally across trusted networks in order to be more invisible. Invisible takes a new trend here these hacker hide their code in plain site, they used older malware as insertion points sometimes and of course social engineering to gain access.

Bottom line these new hackers- they  are business-men, -they are governments, -they are commercial criminals, -they are hacktivist or -they are a lone wolf hacker. Companies are finally getting the message. Protect your data, not just your customer’s data, but all your little secrets because if your online– someone is watching you and these can be a 15 year old kid or a Dual Master degree in computer technology that is unemployed or works for a government. Trust but verify takes on a new meaning now -gAtO oUt

lab notes - The report, which is based on hundreds of advanced threat investigations conducted over the past year, includes analysis, statistics and case studies that highlight how advanced and motivated attackers are stealing sensitive intellectual property and financial assets.

Malware Only Tells Half of the Story Organizations’ investments in malware detection and antivirus capabilities, while effective in detecting characteristics associated with common worms, botnets, and drive-by downloads, do little to help defend against targeted intrusions.

The use of these publicly available tools has added some complexity to identifying threat actors because when organizations identify a piece of publicly available malware they often cleanse the file and — in the process — obscure what could be a larger incident.

It’s unclear why banks wouldn’t already be looking for unusual settlement activity and conducting daily monitoring, but there it is. At any rate,  “high-risk” merchants generally handle the dicey and vicey types of online commerce, such as Internet gaming, adult Web sites, rogue anti-virus software sales and online pharmacies. Might be a good idea to keep an extra close eye out for these types of unauthorized charges over the next few days

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
04/2/12

Cyber-Criminals -You got to change your evil ways

gAtO rEaD – Cyber-criminals are slowing their web app attack and working there VoDoo with social networks and mobile devices. IBM’s semiannual report show’s interesting trends. On the Spam email attacks front +++ we are on the decline compare to 2010 but APT (Advance persistent Threats) were up. Commercial Criminals are quickly adapting to lateral and supply china intrusions. 

This is now true for the financial sector traditional Dump and run – the method of grabbing as much financial data and running now they put in time to stay persistent in the system shadows to draw out not just the CC (Credit Cards $$ data) but the PII (personal Identifiable Information) and the company’s intellectual property is becoming more lucrative than hard cash scams. IBM also found that 36% of the companies it compared previously identified vulnerabilities were still unpatched by the end of the year, compared to 43 percent in 2010.

** — “if the patches were maintained then they wouldn’t of hack the network”. always test your patch first with everything on your network or else your putting your company on the line. — **

Web applications are safer, with the number of applications vulnerable to cross-site scripting attacks down 50 percent compared with 2007. SQL injection attacks, in particular, continue to be a thorn in the side of Web applications due to the availability of automated tools. IBM also detected a 200 to 300 percent jump in so-called “shell injection” attacks from January to December. And toward the end of the year, IBM researchers noticed a spike in SSH password cracking attempts.

The decline in vulnerabilities belies the rise in security breaches, and raises the question: Are cyber-criminals getting smarter than the IT professionals charged with securing their company’s IT systems? Or maybe we’re just expecting too much from the security pros? It may be the latter. In February, security software firm LogRhythm declared that 75 percent of security professionals “lack confidence in their ability to address cyber threats.” The number is the result of an unscientific study of only 200 people who answered a questionnaire online. But it does hint at the existence of a skills gap when it comes to defending corporate IT systems.

Just as the tools and tactics are changing in the ongoing IT cyber war, so is the battleground. In the future, corporate security pros will need to focus a lot more on social media and mobile computing than they are now–especially as corporations continue to connect their core business systems to mobile devices and social networking tools.-gAtO oUt

For a copy of the X-Force 2011 Trend and Risk Report, see www.ibm.com/security/xforce

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
03/20/12

Keywords Searched for by DHS- on social media

Long List of Keywords Searched for by DHS & Other Agencies on social media networking sites.

Department of Homeland Security (DHS)
Federal Emergency Management Agency (FEMA)
Coast Guard (USCG)
Customs and Border Protection (CBP)
Border Patrol
Secret Service (USSS)
National Operations Center (NOC)
Homeland Defense
Immigration Customs Enforcement (ICE)
Agent
Task Force
Central Intelligence Agency (CIA)
Fusion Center
Drug Enforcement Agency (DEA)
Secure Border Initiative (SBI)
Federal Bureau of Investigation (FBI)
Alcohol Tobacco and Firearms (ATF)
U.S. Citizenship and Immigration Services (CIS)
Federal Air Marshal Service (FAMS)
Transportation Security Administration (TSA)
Air Marshal
Federal Aviation Administration (FAA)
National Guard
Red Cross
United Nations (UN)

Domestic Security

Assassination
Attack
Domestic security
Drill
Exercise
Cops
Law enforcement
Authorities
Disaster assistance
Disaster management
DNDO (Domestic Nuclear Detection Office)
National preparedness
Mitigation
Prevention
Response
Recovery
Dirty Bomb
Domestic nuclear detection
Emergency management
Emergency response
First responder
Homeland security
Maritime domain awareness (MDA)
National preparedness initiative
Militia
Shooting
Shots fired
Evacuation
Deaths
Hostage
Explosion (explosive)
Police
Disaster medical assistance team (DMAT)
Organized crime
Gangs
National security
State of emergency
Security
Breach
Threat
Standoff
SWAT
Screening
Lockdown
Bomb (squad or threat)
Crash
Looting
Riot
Emergency Landing
Pipe bomb
Incident
Facility

HAZMAT & Nuclear

Hazmat
Nuclear
Chemical Spill
Suspicious package/device
Toxic
National laboratory
Nuclear facility
Nuclear threat
Cloud
Plume
Radiation
Radioactive
Leak
Biological infection (or event)
Chemical
Chemical burn
Biological
Epidemic
Hazardous
Hazardous material incident
Industrial spill
Infection
Powder (white)
Gas
Spillover
Anthrax
Blister agent
Exposure
Burn
Nerve agent
Ricin
Sarin
North Korea

Health Concern + H1N1

Outbreak
Contamination
Exposure
Virus
Evacuation
Bacteria
Recall
Ebola
Food Poisoning
Foot and Mouth (FMD)
H5N1
Avian
Flu
Salmonella
Small Pox
Plague
Human to human
Human to ANIMAL
Influenza
Center for Disease Control (CDC)
Drug Administration (FDA)
Public Health
Toxic
Agro Terror
Tuberculosis (TB)
Agriculture
Listeria
Symptoms
Mutation
Resistant
Antiviral
Wave
Pandemic
Infection
Water/air borne
Sick
Swine
Pork
Strain
Quarantine
H1N1
Vaccine
Tamiflu
Norvo Virus
Epidemic
World Health Organization (WHO and components)
Viral Hemorrhagic Fever
E. Coli

Infrastructure Security

Infrastructure security
Airport
CIKR (Critical Infrastructure & Key Resources)
AMTRAK
Collapse
Computer infrastructure
Communications infrastructure
Telecommunications
Critical infrastructure
National infrastructure
Metro
WMATA
Airplane (and derivatives)
Chemical fire
Subway
BART
MARTA
Port Authority
NBIC (National Biosurveillance Integration Center)
Transportation security
Grid
Power
Smart
Body scanner
Electric
Failure or outage
Black out
Brown out
Port
Dock
Bridge
Canceled
Delays
Service disruption
Power lines

Southwest Border Violence

Drug cartel
Violence
Gang
Drug
Narcotics
Cocaine
Marijuana
Heroin
Border
Mexico
Cartel
Southwest
Juarez
Sinaloa
Tijuana
Torreon
Yuma
Tucson
Decapitated
U.S. Consulate
Consular
El Paso
Fort Hancock
San Diego
Ciudad Juarez
Nogales
Sonora
Colombia
Mara salvatrucha
MS13 or MS-13
Drug war
Mexican army
Methamphetamine
Cartel de Golfo
Gulf Cartel
La Familia
Reynose
Nuevo Leon
Narcos
Narco banners (Spanish equivalents)
Los Zetas
Shootout
Execution
Gunfight
Trafficking
Kidnap
Calderon
Reyosa
Bust
Tamaulipas
Meth Lab
Drug trade
Illegal immigrants
Smuggling (smugglers)
Matamoros
Michoacana
Guzman
Arellano-Felix
Beltran-Leyva
Barrio Azteca
Artistics Assassins
Mexicles
New Federation

Terrorism

Terrorism
Al Queda (all spellings)
Terror
Attack
Iraq
Afghanistan
Iran
Pakistan
Agro
Environmental terrorist
Eco terrorism
Conventional weapon
Target
Weapons grade
Dirty bomb
Enriched
Nuclear
Chemical weapon
Biological weapon
Ammonium nitrate
Improvised explosive device
IED (Improvised Explosive Device)
Abu Sayyaf
Hamas
FARC (Armed Revolutionary Forces Colombia)
IRA (Irish Republican Army)
ETA (Euskadi ta Askatasuna)
Basque Separatists
Hezbollah
Tamil Tiger
PLF (Palestine Liberation Front)
PLO (Palestine Libration Organization)
Car bomb
Jihad
Taliban
Weapons cache
Suicide bomber
Suicide attack
Suspicious substance
AQAP (Al Qaeda Arabian Peninsula)
AQIM (Al Qaeda in the Islamic Maghreb)
TTP (Tehrik-i-Taliban Pakistan)
Yemen
Pirates
Extremism
Somalia
Nigeria
Radicals
Al-Shabaab
Home grown
Plot
Nationalist
Recruitment
Fundamentalism
Islamist

Weather/Disaster/Emergency

Emergency
Hurricane
Tornado
Twister
Tsunami
Earthquake
Tremor
Flood
Storm
Crest
Temblor
Extreme weather
Forest fire
Brush fire
Ice
Stranded/Stuck
Help
Hail
Wildfire
Tsunami Warning Center
Magnitude
Avalanche
Typhoon
Shelter-in-place
Disaster
Snow
Blizzard
Sleet
Mud slide or Mudslide
Erosion
Power outage
Brown out
Warning
Watch
Lightening
Aid
Relief
Closure
Interstate
Burst
Emergency Broadcast System

Cyber Security

Cyber security
Botnet
DDOS (dedicated denial of service)
Denial of service
Malware
Virus
Trojan
Keylogger
Cyber Command
2600
Spammer
Phishing
Rootkit
Phreaking
Cain and abel
Brute forcing
Mysql injection
Cyber attack
Cyber terror
Hacker
China
Conficker
Worm
Scammers
Social media

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
03/7/12

Reporting Open System in the Wild: Like NASA JPL OPEN

gAtO sAy – we have a big problem for anyone that has cyber information and want to report it. This is not a US problem but an International one. We all know that companies do not want to report that their site is open, or they been hacked for a number of reasons. Their reputation will be damage, clients will not trust them and sad but companies sometimes even pay hackers to keep the information from being leaked. You have hacktivist, commercial criminals and state actors. But a few security researcher find information about a company and want to report it and get the problem fixed the reasons vary but the intentions are good. Were do we go to report this. The FBI, our Senators or maybe Homeland security nah they don’t care.

gAtO and other researcher like ntiSec have found a number of SCADA systems open in the wild and from all the shouting from the powers that be you would think they would want to help. SCADA system control pump, elevators, nuclear power plants and if someone plays with these systems it could have a very bad effect on physical infrastructure of a country. Political people yell their going to hack out electric system but when we find one and try to tell the company they don’t listen.

One reason is ego – let say you contact a webmaster and tell them hay your system is open and has this problem – well that webmaster may just think “oh shit if my boss finds out it’s gonna be my ass”and he/she does not report it. Maybe they will try to fix it but admitting to anyone in the IT department could make them tell the boss and with the job market the way it is people are afraid that they may get fired.

gAtOmAlO sAy's

Next if you go to the C-Suite folks you know the executives well they say “oh shit this could have an effect on my bonus” or profits or they may lose clients if people find out that maybe their client information has not been encrypted or maybe compliance and regulatory reports and they get a heavy fines, this will effect the bottom line. So as you can see these people have a vested interest not to tell anyone how bad their systems are or fix them. But their sites are still open.

Then you have governments which are responsible to protect the people but these folks have so many rules and regulations that actually prevent them from doing the right thing and fixing the problems. Example:

You all heard that NASA has been hacked by the Chinese and yet gAtO tried to report that there systems were wide open:

http://starbase.jpl.nasa.gov/

http://starbase.jpl.nasa.gov/mgn-v-rdrs-5-dim-v1.0/mg_1193/fl06s186/

http://starbase.jpl.nasa.gov/mgn-v-rdrs-5-dim-v1.0/mg_1193/

http://starbase.jpl.nasa.gov/mgn-v-rdrs-5-dim-v1.0/

You would think that this would get top priority. I could not get anyone to listen. I tried the FBI, Senator Reed, Senator Whitehouse, even Homeland Security they could not or would not help. Here is NASA . Jet Propulsion Laboratory (JPL) the people that control our satellite and still they did not close up the sites for over a week.  A hacktivist or a foreign state actor like China, Iran, North Korea could access these systems and bring down a satellite and kill millions of people. They still don’t care.

When gAtO tried to report this to his representatives he got hung up by his office, they took no action. Here is our government doing nothing when something goes wrong. Email them or call them and ask them why they don’t want to help -gAtO oUt

Steven_Usler@reed.senate.gov  (401) 943-3100

james.langevin@mail.house.gov (401) 732-9400

jim@jimlangevin.com

sheldon_whitehouse@whitehouse.senate.gov (401) 453-5294

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
02/16/12

PennTest Threat Intelligence

PennTest Threat Intelligence - part-1

gAtO bEen ThInKiNg - In the hyper connected world we live in Pen-Testers have a lot on their hand, hardware, firmware, OS, web-apps. The facts are that a simple web-app upgrade, may open new holes that off-set the problem they had to begin with. A pen-test, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders. Who are the outsider? How do the outsiders pen-test your system? Non-state actors have played an important part in many international cyber conflicts in the past two years- game changers. With the Anonymous crew(z), China, Russia, India, Iran out in force in cyberspace a company needs to know if they are the target from a political, competition or worse yet a loneWolf or activist.

Many think that with BackTrack anyone can be a tester, but it’s different today. Companies need to understand the Geo-Political aspect of their company and who are their markets and how does it play out in the real world. Look at Sony, HBGrays these are two different companies but their reputation has been tarnish by what, a bunch of kids, naw, these boy’s and girls are the new breed, smart, educated and connected. These people are System Admin in their day job and Anonymous during off-hours. They know how to work in the box and also see out-of-the-box tips and tricks and have thousands that want to try their game and imitate them. Whatever you think these new boy’s and girls will multiply, it’s a fab, a movement but they all want to be a cool hackers and the next generation of hacktivist will make these people look like amateurs.

Who knew that a Low Orbit Ion Cannon (LOIC) used to test how many connection your server will handle, would be used by the attackers themselves. A long time ago in cyber years (2-3 years ago) only the geeks had the knowledge and skills to do some of the hacks that we see today. Today Anonymous is not only a social movement but it’s a cause celeb, people want to belong and these social 4chan outcast have started a revolution in cyberspace that governments and corporations now are worried about, and well they should be.

Break out Backtrack and do some pen-testing and yes you may find misconfigured servers like gAtO hAs -(SCADA systems to boot) and such but if you can see what your enemy is looking at, planning. Nothing is better than threat intelligence to guide you in mitigating your company as to future attacks.

Look at the RSA and Diginotar APT attacks, the bad guy’s went after the certificate authority how does a typical pen-test tools know that, they don’t if you don’t have your pulse on the game your in, you may be next.

Remember the technical aspect is one thing but if you have many, many hands trying new things on your site guess what, they will hack you if your connected to the Internet. Your company cannot live in a bubble and so must expose themselves to customers, vendors and business partners your company cannot control all those aspects. When a simple email attachment to the c-Suite boys just like with the Nortel hack they got you big time, in Nortel chase they were inside their network for 10 years. The reputation, the technical all this means nothing if you don’t have good solid threat intelligence to know what’s going on in the world.

If you don’t have a team to look at threat intelligence for your company, get some people fast. If your connected you can be hacked, learn and be silent – Can’t stop the signal. Everything goes somewhere, and I go everywhere…. -gAtO oUt

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
02/12/12

Cyber Iran

gAtO hEaR- In Iran the nation’s telecommunications ministry publicized in early 2011, it would disconnect Iran from the rest of the world and run a parallel internal service (“Islamically permissible  ‘halal’ network”) that would automatically censor material and block popular global sites. In Iran two-thirds of the country’s 78 million people are under the age of 35, and about 40 percent of the population have Internet in their homes, according to Internet World Stats, making Iran one of the highest per capita cyber-connected populations in the world. Iran has a pollution of about 77 million people, about 53% of the people are on the Internet and not one of them is a Facebook user. In nearby Jordans they have 1.7 million users and 1.6 millions of them are on Facebook.

Stuxnet was deployed and stopped their nuclear weapons program. 2 leading scientist were killed Iran blames Massad -CIA. Iran is spending billion on cyber Hardware. Arab Spring. Iran took down U.S Drones. Iran threatens closing down the Straits of Hormuz. Iran claims new Cyber Army is ready for war in Cyberspace.

Now with the March 2, 2012 parliamentary elections we see official of Iran’s Judiciary announced “new limitations” on using cyber space and content publishing on the internet. A task force of 250,000 cyber police currently monitors the Internet, specific sites, blogs and individuals suspected of using circumvention tools. Israeli intelligence officials have revealed that they believe Iran has, in the last few years, spent over a billion dollars to upgrade their Cyber War capabilities.

Iranians have friends like Venezuela and China-based Hauwei corporation which is being investigated by Senators like Rhodes Islands Sheldon’s Whitehouse (“gAtO knows Senator Sheldon Whitehouse he is one of several leaders that understand the complex cyber security issues”) for supplying critical cyber infrastructure to Iran while it supplies equipment and supports the (TS)Top Secret DOD projects. This is clearly a violation when a communist country is providing TS support to our governments and we hear that some of the equipment may have digital backdoors into the infrastructure defeating  all virus scanning software. On the other side of friendships Univision uncovered Iranina and Venezuelan diplomats working on launching cyber-strikes against energy facilities and to other U.S assets (NYT 12-13-2011).

Iran’s leaders saw what the Arab Spring brought down last year and they see the Parliamentary elections in March as the most sensitive in the history of the Islamic republic and they will do everything to control it. Beacause of the March 2 elections Iran has ordered all Internet Cafe implement all cyber security monitoring software installed and functioning by Jan. 18. The monitoring include requiring a user to provide full name, father’s name, Iranian identification number, zip code and telephone number, in addition to presenting photo identification. The laws require cafes to install closed-circuit surveillance cameras that must be checked at the end of every business day. Cafes also must keep records of all websites and browsing history, along with surveillance tapes, for six months.

The new restrictions forbid cafes to allow the use of any circumvention technology, such as Virtual Private Networks (VPNs) or proxy servers, the devices Iranians typically use to access blocked sites.

This latest attack on Internet users comes amid increasing tensions between Iran and the West and deteriorating economic conditions as the Islamic Republic preemptively prepares for possible civilian unrest during its parliamentary elections. The Iranian people use tools like TOR to circumvent authorities to get their message thru even though these free TOR networks are getting hammered by the Iranians to try and take them down or get the information of the dissidents.

Let’s support these projects and keep Freedom of Speech open in cyberspace -gAtO oUt.

References:

Internet cafes to install surveillance cameras,

U.S. Expels Venezuelan Diplomat Reportedly Involved in Cyber Attack Plot

http://www.nti.org/gsn/article/us-expels-venezuelan-diplomat-reportedly-involved-cyber-attack-plot/

Parliamentary elections in March seen as the most sensitive in the history of the Islamic republic

http://www.guardian.co.uk/world/2012/jan/08/iran-upcoming-parliamentary-elections-march

Huawei’s Work in Iran May Violate U.S. Sanctions, Lawmakers Say

http://www.businessweek.com/news/2012-01-10/huawei-s-work-in-iran-may-violate-u-s-sanctions-lawmakers-say.html

Iran blocks Tor; Tor releases same-day fix

https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix

Iran’s strict cyber regulations lay groundwork for ‘halal’ network

http://www.foxnews.com/world/2012/01/11/irans-strict-cyber-regulations-lay-groundwork-for-halal-network/#ixzz1jYfN3DAV

Iran Sets Cyber Crime Policy ahead of New Elections

http://www.stopfundamentalism.com/index.php?option=com_content&view=article&id=1299:iran-sets-cyber-crime-policy-ahead-of-new-elections&catid=70:iran-uprising&Itemid=80

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit