White Hat Bot-Nets

gAtO wAs – reading Bloomberg BusinessWeek “ The Hacker of Damascus” Karin a 31-year-old doctor had spent the previous months protesting against the government of Damascus, he refuse to give up his friends names.

Before the arrest-/ before the torture/- they found a simple vulnerability thru Skypes they also got into his hard drive and as Karin said they arrested his computers data first them him. So now we see the black hats, spammer, cyber criminal tricks against people from their own governments. Is this the way it’s going to happen, we see the news today about 2 ladies and their General boy toys and WOW -mEoW.

In Georgia detains ministry for using malware to access opposition leaders computers – This is just another example of governments using criminal cyber tactics to gain intelligence from it’s own people.



The other side of the cyber struggles in Syria is Anonymous and their role in all this: On the other side, the hacktivist group Anonymous has infiltrated at least 12 Syrian government websites, including that of the Ministry of Defense, and released millions of stolen e-mails.  

Cyberspace and it’s tools (weapons) like Facebook, Twitter – can be used by both sides  in this evolving landscape of digital warriors. That is why gATo is sadden by how basic normal Internet tools can become killers and liberators. I guess I see the fog of cyberwar thru gATO eYe’S we have only seen defensive cyber tools so far Suxnet and others are only the beginning and the new economies that had no choice but a digital path into their infrastructure need to look at their own security a wee bit more close. DId Huawei (China’s Telecom Giant accused of having backdoor ) sell you those Network infrastructure pieces at a very cheap price -(lowest bidder (or a no-bid)contract) -well guess who is watching you…

SCADA cyber controls security SUCKs = infrastructure things (energy/transportation/communication/water/air) = fix them NOW

Since no Cyber Bill has gone before congress -President Obama after a major election went and signed  a-

US secret CYber Law singed by Pres. Obama -Nov 15, 2012

Rather, the directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the fully array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.

This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the U.S. Constitution, including the President’s role as commander in chief, and other applicable law and policies. http://killerapps.foreignpolicy.com/posts/2012/11/14/the_white_houses_secret_cyber_order

So now even 31-year-old doctors need to worry what they do and who they talk to and WHAT they talk about -/ also- in Facebook, Skype or any other web-App-  By the way —>These basic vulnerabilities can be found and exploited in any web-app – So this person may of worked at the water plant – or the electric plant what could these White Hat Bots have obtained?? These little White Hat BotNets may go rouge or may be captured this is about virtual digital world with a click of a mouse I GOT YOU!!! -PWN

Will this become the standard? The good and bad guy’s do it NOW- plant a virus suck up your disk / then check it out – BUT “if you got nothing to hide” well it’s OK then — right – gAtO oUt


Hide SCADA in the ToR network – ..-hiding in plain site..

Hide SCADA in the ToR network – ..FREE-hiding in plain site..

any internet connection 2-ToR

gAtO cAn -now provide your company a FREE .onion network – reliable 24/7 secure / encrypted / untraceable communication between your SCADA systems talking to each other and the main office giving you real-time data from any remote SCADA  site. As an example from Scheider Electric white paper on – Video Surveillance Integrated with SCADA – White Paper  – we can now take that physical video security of all your remote video assets and transmit them securely, encrypted and untraceable to anyplace in the world to your datacenter. When going in and out of the invisible .onion network, you can control the entry and exit relays so picking safe verified relays to use is easy, or you can use your own relays, the more relays the better the system becomes at making you more invisible. The more people that use it the more untraceable and unmonitored it becomes. This kind of SCADA  communication in the ToR- onion network redefines geo-political digital boundaries. Since it rides on any Internet connection it can be used anywhere.

in the ToR-.onion network merchants can’t spy on you and they can’t steal your information

Not if but when —business take over the ToR- .onion network it will change the landscape and give it more order but it will still give the user anonymity thats the key to this network your signal, your voice cannot be found but you can still communicate. The ToR- .onion network rides not on top or the bottom of the digital super-highway but thru it.

Let’s keep in mind that access to the ToR-.onion network is FREE to anyone and your company’s use of the network makes it safer for everyone since the more people use it the more unreachable-undetectable you become. But in business you also have to deal with hostile governments and protecting your people and assets thru a ToR .onion network becomes even more critical. You can still operate but be safe and secure in your business communications.

The ToRProject.org is something that is making an impact on the very lives of people that want to have a free safe secure voice. Just look at Mr Chen a dissident from China he was jailed because he spoke up about the disable in China. The ToRProject.com helps people like Mr. Chen speak and to remain in anonymity. But by adding real business -reays into the ToR- .onion network we will give these people and the business more transparency, it makes you more invisible on the internet. You can donate to the ToR project and it’s a 501(c), so it’s deductible. Look at the donors list and see who support this invisible network. U.S Naval Research, National Science Foundation- DARPA – National Christian Foundation are some of the people supporting the ToR Project, it’s not so bad if they use it— see lab Notes below –

How you gonna hack what you can’t find, can’t see and can’t trace to you?

Just think mr. bankers a free secret untraceable encrypted-communication place were you can do your banking deals -in secret- and nobody but you and your closes friends know it even exist, not the government, not your spouse and harder for criminals to find your valuable data. It hides you in an Internet bubble of packets were nobody knows who you are or how to find you. Try can’t even tell it’s a ToR- .onion network it hides it’s signal to blend into the bit’s and bytes of the landscape in the digital noise.

Technically it pretty cheap get the free software as many copies as you need FREE!!! No volume pricing no updates FREE!!! Once your computer that talks to the internet hooks up to a ToR- Relays it’s in the matrix. If you add your own ToR-Relays you can use trusted Relays as entry and exit nodes into the ToR-.onion network so you can let the program use it randomness or choose a path into a FREE invisible communication media accessible from any Internet connection. –

The ToRProject.org is currently still fighting censorship and monitoring in China, Iran, Syria and others were people are being killed and sent home in small boxes to their relatives. Because that person could not use a ToR-network access to his gmail account that was monitored they showed him his emails and his guilt and killed him. That’s how brutal it can become if you cannot have a safe secure access to a basic email to communicate with the world. Government will kill you for what you say. Donate to the ToRProject.org

It’s easy -if all else fails call the gAtO I can help your business become invisible in/on the Internet– gATO oUt.

We use the ToR network for all communication in SCADA systems.  Here are a few SCADA White papers try them with ToR- .onion Networks.


lab Notes— gAtO 5/29/12

Tor: Sponsors

The Tor Project’s diversity of users means we have a diversity of funding sources too — and we’re eager to diversify even further! Our sponsorships are divided into levels based on total funding received:

Magnoliophyta (over $1 million)

Liliopsida (up to $750k)

Asparagales (up to $500k)

Alliaceae (up to $200k)

  • You or your organization?

Allium (up to $100k)

Allium cepa (up to $50k)

Past sponsors

We greatly appreciate the support provided by our past sponsors in keeping the pre-501(c)(3) Tor Project progressing through our ambitious goals:



SCADA (supervisory control and data acquisition) generally refers to industrial control systems (ICS): computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:

  • Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
  • Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems.
  • Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption.

A SCADA system usually consists of the following subsystems:

  • A human–machine interface or HMI is the apparatus or device which presents process data to a human operator, and through this, the human operator monitors and controls the process.
  • A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process.
  • Remote terminal units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.
  • Programmable logic controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.
  • Communication infrastructure connecting the supervisory system to the remote terminal units.
  • Various process and analytical instrumentation



Admin Password List -Router- Bios – Cameras – Oracle

Cyber List of Admin default Password List

gATO wAnTeD – to know the default password to my router. I found the symfony project  a place were people keep all the defaults passwords. It’s listed as Default passwords list – Select manufacturer

I also found default admin password list for :

Cyber Hippy

gAtOmAlO - Richard A. - Cyber Hippy

Router – Firewals and switches, plus bios chips on your computer, how about IP cameras the new surveillance devices have default password and I bet in the government installs they are left on default passwords, and last but not least is Oracle default  admin password. This should let you sleep at nights if your the security officer of a major company.

Why because we are lazy in security and we use weak passwords and default passwords are even better, because the criminal would never get this information. Maybe not – gATO oUt  

Default Password for all Router/switches – http://www.default-password.info/

Router -Firewall – switchhttp://www.anameless.com/blog/default-passwords.html

another list – http://www.duniapassword.com/2008/11/list-bios-default-backdoor-password.html

IP cameras Default Passwords – http://www.phenoelit-us.org/dpl/dpl.html

Oracle Default Password List – http://seclists.org/nmap-dev/2011/q3/559



USCyberLabs -New Site in the Deep Web

gAtO JuSt –wanted to invite you to a new place in the Deep, Dark Web — sounds nefarious (;-) nah – The .onion network is just a place to stay anonymous – there are legit reasons why someone may want to see information in a more private way, so I have just started the new site in the ToR Network:

Deep Web gAtO - mEoW

http://4eiruntyxxbgfv7o.onion/snapbbs/19cc6d6e/ =+ USCyberlabs.com

On this BBS board I will post everything I do in the clearWeb uscyberlabs.com . Since it’s open to anyone I wonder what and who will see it and post in it – it should be fun… Please feel free to stop and visit if your in the deepWeb and want to come in and tell me secrets or tell me that I’m full of it. It is open to the public and anyone can come in and browse and post. I want to keep it clean a Gray-White Hat place to distribute information. But I will try not to edit stuff gATO oUt


Cyber Weapons and Cyber Attacks

gAtO wAs -reading my friend Pierluigi Paganini’s Security Affairs blog – http://securityaffairs.co –  about “Google Used as Cyber Weapons and it got me thinking. To put it in todays terms, cyber Iran is in the news lately and they do control oil coming from the middle east. Their oil fields are controlled by the Internet (SCADA) and thus vulnerable to a cyber attack. So talking about cyber weapons is not far fetched.. so.. What are Cyber weapons and how do we use them in today’s digital infrastructure. Cyber weapons today are not just about security but also as a geo-political tool and it’s power to control the price of oil as well as an a attack vector. 

We have targeted and un-targeted cyber weapons. If we look at Stuxnet and DuQu style of targeted attacks we have a cyber weapon that is guided to make sure it has the right target then uses unpublished certificates to give the software a trusted attack vector, then it goes about doing it’s dirty work. DuQu is different and these two codes do different things one is a computer to kinetic cause and effect like messing with their centrifuges in their enrichment plant and telling the monitoring stations that everything was cool and dandy and then deletes itself from the face of the earth after a self-kill date.

One lone person can with today’s tools develop, control and execute a massive cyber attack to any physical device that is connected to the Internet.


What is a Cyber Weapon? – http://hackmageddon.com/2012/04/22/what-is-a-cyber-weapon/

On the other hand DuQu goes and does recon and gathering of information to make an attack transmit it back to Command & Control, then sits back and waits quietly and undetected. What a dynamic dual these two are, why mention these two because, Stuxnet was the first and DuQu was the son of…stuxnet. We now have an evolving Code-Based warrior class of cyber weapons that using this framework other cyber weapons can be created.


The Internet was design as a weapons-class communication medium.

Spammers and phising criminals have got a new tool social engineering: it is used in:Advanced Persistent Threat (APT) style attacks just a simple email attachment and your their next victim. Then the Chinese did a clever legal plain overt in your face thing— they created an FACEBOOK account for “James Stavridis”  who happens to be an American Admiral in the Minister of Defence in NATO and then other officials from NATO accepted his Friend request and gathered tons of personal information about high ranking NATO officials.

This is the plain in sight social engineering planning that goes into today’s complex cyber operations. It’s a numbers game. The question needs to be asked. How many dead unknown family relatives have died and left me billion of dollars from Nigeria? Like I said someone will click on the link, greed, stupidity or just drunk, they just created another zombie computer. This zombie can now be given a dictionary attack code to hack your site and the hack begins a new. The life-cycle of hacking botNet.

The bad guy’s are everywhere –  The social engineer aspect in today’s social networks is so new that nobody has the rules. 

Let’s go into a hackers mind. I’m a game player and we figure out the games and then find the weak spot and slide right in and killing that monster to that level 22 knight elf warrior. To make it more fun Google and Facebook are changing their security policy to allow more and more information about ourselves is available online. Make sure you know that anything you say online is stored, collected and examined until you go down the rabbit hole like ToR “Smile your on candid camera” – all the time.


In today’s digital matrix just about anything can be used to hack you. 

We today have attacks like the LuckyCat attack from China that has a Chinese professor with a masters and PHD in computer science leading the team. The LuckyKat hack was very well though out and planned with “state-sponsored individuals in China”. Lucky Cat:

To avoid detection, the hackers used a diverse set of infrastructure and anonymity tools. Each attack used a unique campaign code to track which victims were compromised by which malware, illustrating that the attackers were both very aggressive and continually targeted intended victims with several waves of malware, according to Trend Micro’s report.

The security company was able to connect an email address used to register one of the group’s command-and-control servers to a hacker in the Chinese underground community.

The hacker has been using aliases “dang0102” or “scuhkr” and has been linked to the Information Security Institute of the Sichuan University in Chengdu, China, where he was involved in a research project on network attack and defense.

The person behind the aliases and the email address is Gu Kaiyuan, who is now apparently an employee at Tencent, China’s leading Internet portal company, The New York Times reported on Thursday.

While we spend time on low hanging fruits like the Anonymous attack from the LulzSec crewz and Sabu. Come on this was an embarrassment and the FBI took it personal while the RSA (March 27, 2012 NSA Chief:China behind RSA Attacks: ( http://www.informationweek.com/news/government/security/232700341 ) and Locckheed Martin (May 31, 2011- Lockheed Martin Suffers Massive Cyber attack – http://www.informationweek.com/news/government/security/229700151 ) hacks from foreign nationalist hacking into our defense contractors was a much bigger deal but we ate up the LuLz and three months later we gave Loockheed Martin a National contract to protect our National electrical grid(July 27, 2011 – Lockheed Promised Electric Grid Security Contract – http://uscyberlabs.com/blog/2011/07/27/lockheed-promises-electric-grid-security/ ).

Now why is “gAtO going LoCo” over all this is because while all this madness is going on these professional hacks are being given to smaller countries and even smaller terrorist cells that can use these same tools professionaled managed and all in a box. How to Hack a Box going to your local nut case living in mama’s basement, another unemployed person with time on their hands and reading all about it. This is the bottom of the connect the dot contest. One lone person can with today’s tools develop, control and execute a massive cyber attack to any physical device that is connected to the Internet now that’s a cyber weapon


How many devices connected to the Internet that you know about??? -?— gAtO oUt. .



Keywords Searched for by DHS- on social media

Long List of Keywords Searched for by DHS & Other Agencies on social media networking sites.

Department of Homeland Security (DHS)
Federal Emergency Management Agency (FEMA)
Coast Guard (USCG)
Customs and Border Protection (CBP)
Border Patrol
Secret Service (USSS)
National Operations Center (NOC)
Homeland Defense
Immigration Customs Enforcement (ICE)
Task Force
Central Intelligence Agency (CIA)
Fusion Center
Drug Enforcement Agency (DEA)
Secure Border Initiative (SBI)
Federal Bureau of Investigation (FBI)
Alcohol Tobacco and Firearms (ATF)
U.S. Citizenship and Immigration Services (CIS)
Federal Air Marshal Service (FAMS)
Transportation Security Administration (TSA)
Air Marshal
Federal Aviation Administration (FAA)
National Guard
Red Cross
United Nations (UN)

Domestic Security

Domestic security
Law enforcement
Disaster assistance
Disaster management
DNDO (Domestic Nuclear Detection Office)
National preparedness
Dirty Bomb
Domestic nuclear detection
Emergency management
Emergency response
First responder
Homeland security
Maritime domain awareness (MDA)
National preparedness initiative
Shots fired
Explosion (explosive)
Disaster medical assistance team (DMAT)
Organized crime
National security
State of emergency
Bomb (squad or threat)
Emergency Landing
Pipe bomb

HAZMAT & Nuclear

Chemical Spill
Suspicious package/device
National laboratory
Nuclear facility
Nuclear threat
Biological infection (or event)
Chemical burn
Hazardous material incident
Industrial spill
Powder (white)
Blister agent
Nerve agent
North Korea

Health Concern + H1N1

Food Poisoning
Foot and Mouth (FMD)
Small Pox
Human to human
Human to ANIMAL
Center for Disease Control (CDC)
Drug Administration (FDA)
Public Health
Agro Terror
Tuberculosis (TB)
Water/air borne
Norvo Virus
World Health Organization (WHO and components)
Viral Hemorrhagic Fever
E. Coli

Infrastructure Security

Infrastructure security
CIKR (Critical Infrastructure & Key Resources)
Computer infrastructure
Communications infrastructure
Critical infrastructure
National infrastructure
Airplane (and derivatives)
Chemical fire
Port Authority
NBIC (National Biosurveillance Integration Center)
Transportation security
Body scanner
Failure or outage
Black out
Brown out
Service disruption
Power lines

Southwest Border Violence

Drug cartel
U.S. Consulate
El Paso
Fort Hancock
San Diego
Ciudad Juarez
Mara salvatrucha
MS13 or MS-13
Drug war
Mexican army
Cartel de Golfo
Gulf Cartel
La Familia
Nuevo Leon
Narco banners (Spanish equivalents)
Los Zetas
Meth Lab
Drug trade
Illegal immigrants
Smuggling (smugglers)
Barrio Azteca
Artistics Assassins
New Federation


Al Queda (all spellings)
Environmental terrorist
Eco terrorism
Conventional weapon
Weapons grade
Dirty bomb
Chemical weapon
Biological weapon
Ammonium nitrate
Improvised explosive device
IED (Improvised Explosive Device)
Abu Sayyaf
FARC (Armed Revolutionary Forces Colombia)
IRA (Irish Republican Army)
ETA (Euskadi ta Askatasuna)
Basque Separatists
Tamil Tiger
PLF (Palestine Liberation Front)
PLO (Palestine Libration Organization)
Car bomb
Weapons cache
Suicide bomber
Suicide attack
Suspicious substance
AQAP (Al Qaeda Arabian Peninsula)
AQIM (Al Qaeda in the Islamic Maghreb)
TTP (Tehrik-i-Taliban Pakistan)
Home grown


Extreme weather
Forest fire
Brush fire
Tsunami Warning Center
Mud slide or Mudslide
Power outage
Brown out
Emergency Broadcast System

Cyber Security

Cyber security
DDOS (dedicated denial of service)
Denial of service
Cyber Command
Cain and abel
Brute forcing
Mysql injection
Cyber attack
Cyber terror
Social media


Phone Hacking Timeline-Is Rupert Murdoch a Criminal

News of the World: UK Police Put Phone-Hacking Victims At Around 800

LONDON — The total number of people whose phones were hacked by journalists at the News of the World tabloid is around 800, British police said Saturday.

Scotland Yard said investigators have spoken with 2,037 people, of whom “in the region of 803 are victims” whose names appeared in notes seized from a private investigator working for Rupert Murdoch’s now-shuttered News of the World.

“We are confident that we have personally contacted all the people who have been hacked or who are likely to have been hacked,” it said.

Police had identified 5,795 potential phone-hacking victims in material collected from Glenn Mulcaire, the private investigator at the center of the scandal who was jailed in 2007.

Scotland Yard said Saturday that while there are still “a raft of people” it needs to speak to who were identified as potential targets, those individuals are unlikely to have been hacked.

What had for several years been a trickle of allegations by people who claimed to have been hacked by the News of the World – from celebrities like Sienna Miller and Jude Law to politicians including former Deputy Prime Minister John Prescott – exploded this summer with the revelation that the paper had hacked into the phone of a 13-year-old murder victim, Milly Dowler, in hopes of getting material for news stories.

Two top London police officers and several senior Murdoch executives resigned in the scandal, and the investigation into phone-hacking has seen more than a dozen News of the World journalists arrested, including former editor Andy Coulson, who resigned his post as Prime Minister David Cameron’s media chief as the scandal widened.

It also has prompted multiple investigations and an official inquiry into media ethics, which has heard from the Dowler family and celebrities such as Hugh Grant about the effects of media intrusion on their lives.

News of the World is first published, by John Browne Bell

Australian Rupert Murdoch buys the newspaper, his first toehold in Great Britain

Murdoch revamps News of the World from a broadsheet to a tabloid format

Rebekah Wade
(she married horse trainer Charlie Brooks in 2009 and took his name) is hired at News of the World, as a secretary

March 2002: 

British tabloid News of the World began intercepting Dowler’s voicemail messages

Days after the disappearance of 13-year old Milly Dowler, British tabloid News of the World began intercepting Dowler’s voicemail messages. The paper deleted old messages to make room for new ones, leading some to speculate that she was alive. The Guardian reports: “The Dowler family then granted an exclusive interview to the News of the World in which they talked about their hope, quite unaware that it had been falsely kindled by the newspaper’s own intervention. Sally Dowler told the paper: ‘If Milly walked through the door, I don’t think we’d be able to speak. We’d just weep tears of joy and give her a great big hug.'”

April 2002:

Police first became aware that the paper was listening to Dowler’s messages after it reported that an employment agency had called Dowler about a job vacancy, but didn’t take action “partly because their main focus was to find the missing schoolgirl and partly because this was only one example of tabloid misbehaviour,” according to the Guardian.

November 2005:

A News of the World item about his knee injury lead Prince William to believe that his aides’ voicemail messages were being listened to by a third party. Three royal aides also noticed that new voicemails were showing up as old. Months later, the New York Times reported, News of the World editor Clive Goodman wrote a piece about Prince Harry’s visit to a strip club that quoted a voice mail message from his brother William word-for-word.

January 2007:

Goodman (right) and private investigator Glenn Mulcaire (left) received jail time for intercepting hundreds of voicemail messages meant for royal aides. The pair accessed the voice mailboxes of three aides 609 times, according to BBC News. An earlier search of Mulcaire’s home turned up “dozens of notebooks and two computers containing 2,978 complete or partial mobile phone numbers and 91 PIN codes; at least three names of other News of the World journalists; and 30 tape recordings made by Mulcaire,” reports the Times, but the pair were only charged for hacking the royal aides.

July 2009:

New allegations from the Guardian that NoW paid £1m to suppress evidence of phone hacking prompted Parliament to hold new hearings two years after News International exec Les Hinton (bottom left next to Murdoch) first testified that Goodman was the only person at NoW who knew about the hacking. At the new hearing, Coulson (top left) maintained that he was unaware of phone hacking during his time at NoW.

September 2010:

A New York Times piece alleged that phone hacking was pervasive at NoW and Coulson was aware of conversations about the practice, despite denying any knowledge about it. According to the Times: “‘Everyone knew,’ one longtime reporter said. ‘The office cat knew,'” and reporters “described a frantic, sometimes degrading atmosphere in which some reporters openly pursued hacking or other improper tactics to satisfy demanding editors.”

January 2011:

Coulson stepped down as communications chief, blaming media speculation that he knew about phone hacking during his tenure of NoW. News editor Ian Edmondson was fired after allegations of phone hacking, and new information prompted police to re-open the investigation on NoW.

April 2011:

The News of the World admitted its role in phone hacking in a public apology on its website and paper. Former editor Edmondson and reporters James Weatherup and Neville Thurlbeck were arrested on charges of intercepting voicemail messages.

June 2011:

Levi Bellfield was found guilty of murdering Milly Dowler, but a second charge that he had attempted to abduct another schoolgirl was abandoned after tabloid publicity made it impossible for the jury to reach a fair verdict. News of the World paid Sienna Miller £100,000 in damages after publishing 11 articles that used private information from her messages in 2005 and 2006, according to the Guardian.

July 2011:

Police notified Milly Dowler’s family that NoW intercepted and deleted the young woman’s voice mail messages, destroying possible evidence in the search for her killer. New evidence also shows that NoW targeted families of London’s 7/7 bombings.

July 8, 2011:

Andy Coulson, former communications chief to David Cameron and ex-editor of News of the World, was arrested in the investigation on phone hacking at NoW.

July 10, 2011:

The News of the World released its final issue after James Murdoch, head of parent company News Corp’s operations in Europe, made the decision to shutter the paper. The move was expected to “take some of the heat off immediate allegations about journalistic behavior and phone hacking.”

July 11, 2011:

Multiple news outlets reported that the Sun and the Sunday Times, also owned by parent company News International, had been hacking the voice mail box and other records of former Prime Minister Gordon Brown for years. The Sunday Times allegedly posed as Brown to obtain his financial records, and the Sun allegedly received details about Brown’s son’s cystic fibrosis. The revelations mark the first time allegations have targeted News International’s other papers.

July 11, 2011:

News Corp referred its bid to take over satellite broadcaster BSkyB to the Competition Commission, which will delay the deal by at least six months as the company awaits regulatory clearance. British leaders have called for Murdoch to drop the bid, with Labor Party leader Ed Millibrand calling the deal “untenable” and Liberal Democrat Nick Clegg calling on News Corp to “do the decent and sensible thing.”

July 13, 2011:

Rupert Murdoch withdrew its $12 billion bid for BSkyB, the largest pay-TV broadcaster in Britain, after the British government withdrew its support the day before. The deal, which would have substantially increased Murdoch’s foothold in the British media, appeared like it would sail through until last week. News Corp, which began to seek full ownership of BSkyB in March 2011, will keep its 39% stake in the company.

July 14, 2011:

The FBI launched a probe into allegations that News Corp. attempted to hack the phones of September 11 victims after Representative Peter King and other members of Congress wrote to FBI Director Robert Mueller demanding an investigation. Murdoch also agreed give evidence before a parliamentary committee. He had previously said that he was not available to attend the hearing, but relented after receiving a personal summons delivered to him and his son by a deputy sergeant-at-arms.

July 15, 2011:

Les Hinton announced his resignation as Dow Jones CEO, and Rebekah Brooks stepped down as chief executive of News International. Brooks presided over the News of the World during the phone hacking of murder victim Milly Dowler, and is scheduled to appear before a parliamentary committee next week. Murdoch also met with Dowler’s family to apologize.

July 17, 2011:

Brooks was arrested in connection with the scandal, throwing her scheduled appearance before Parliament on Tuesday into serious doubt. In addition, Sir Paul Stephenson, the head of Scotland Yard, resigned his position, becoming the highest-profile public official yet to lose his job because of the scandal. (The Met has itself been plunged into crisis for its lax handling of the scandal and for the corrupt ties police officers developed to News International.)

July 18, 2011:

John Yates, assistant commissioner of the British Metropolitan Police, stepped down after the resignation of chief Paul Stephenson the previous night. The scandal has focused on British police for failing to investigate evidence of News of the World’s phone hacking activities and for accepting bribes for information from tabloid writers. Yates decided not to reopen the investigation two years ago, saying he did not believe there was new evidence to consider.

July 19, 2011:

Rupert Murdoch, son James and former News of the World editor Rebekah Brooks testified in front of a parliamentary committee. All three insisted that they were not aware of phone hacking activities at the tabloid. Rupert Murdoch also made clear that he would not resign. Someone attempted to pie Murdoch in the face with shaving cream.

July 21, 2011:

A former editor and a top lawyer for the News of the World accused Murdoch of lying in his testimony that he had no knowledge of phone hacking at the tabloid. The two recall showing him an email between private investigation Glenn Mulcaire and then-reporter Neville Thurlbeck with transcripts of hacked voice messages. Sun editor Matt Nixson was fired following allegations that he knew about phone hacking during his time at the News of the World. The investigation also threatened to spread to other newspapers that were named for using a private investigator to illegally obtain information.

July 28, 2011:

The Guardian reported that the News of the World hacked the phone of Sara Payne, the mother of an 8 year old girl who was abducted and killed by a pedophile. The 2000 murder had prompted Rebekah Brooks to launch a campaign for a sex offender’s law in Britain now known as “Sarah’s Law.” The phone that the tabloid hacked may have been one that Brooks personally gave to Payne in the aftermath of the tragedy, which Payne had praised as for helping her “stay in touch with my family, friends and support network.”

August 16, 2011:

Clive Goodman, a former News of the World reporter, has alleged that there was a massive coverup of phone hacking at the tabloid. He was arrested for phone hacking in 2007, and now claims that former editor Andy Coulson offered to let him keep his job in exchange for saying that he was the only person at the tabloid who hacked phones. The allegations are deeply damaging to Coulson and Rupert and James Murdoch, who have all maintained that they knew nothing about phone hacking.

August 18, 2011:

Glenn Mulcaire, the private investigator hired by the News of the World to intercept voicemails, sued News Corp. over the payment of his legal fees. The company had been paying his fees since 2007 when he was found guilty of hacking the phones of aides to the royal family, but recently terminated the arrangement after Rupert and James Murdoch’s testimonies in Parliament. Mulcaire himself is the target of dozens of civil lawsuits filed by suspected victims of phone hacking.

August 19, 2011:

Glenn Mulcaire has been ordered to release the names of people who ordered him to hack the phones of six public figures. He is due to make the disclosure by the end of next week, as part of actor Steve Coogan’s lawsuit against News Group. The revelations threaten to blow the defense presented by News of the World editors, who claim they knew nothing about phone hacking.

August 22, 2011:

News breaks that the News of the World hacked even more of Milly Dowler’s voicemails than previously assumed.

August 26, 2011:

News International is continuing to pay Glenn Mulcaire’s legal fees, despite the company’s insistence that it would stop. The previous month, the private investigator had released the names of people who ordered him to hack phones, but the names were kept confidential.

September 13, 2011:

News International announces the discovery of thousands of new documents related to phone hacking.

September 19, 2011:

Milly Dowler’s family is slated to receive £3 million in a settlement with News Corp.

September 30, 2011:

Neville Thurlbeck, a former News of the World reporter, insists that he is innocent and was unfairly dismissed. His account contrasts News Corp.’s defense, which places Thurlbeck as the single rogue reporter responsible for phone hacking at the News of the World

October 5, 2011:

News International faces a lawsuit from the parent of a 7/7 London bombing victim, among at least 60 other lawsuits.

October 19, 2011:

Yet another lawyer has accused News International of misleading Parliament over its knowledge of phone hacking. Julian Pike, a partner of the firm that used to represent the company, said that he saw evidence that there were more journalists involved in phone hacking in 2008. His testimony came after the company signed with a new law firm and Pike was no longer bound by client-attorney privilege.

October 21, 2011:

Rupert Murdoch faced angry shareholders at News Corp.’s annual meeting. Shareholder after shareholder vented frustration with the company, and Murdoch struggled to remain calm, losing his temper at one point.

October 24, 2011:

James Murdoch has been called back to testify in front of Parliament for the second time on November 10. His testimony will focus on discrepancies in his account, given witnesses who have said that he signed off on phone hacking payouts to Gordon Taylor.

October 24, 2011:

Les Hinton, the former CEO of Dow Jones, testified about phone hacking in front of Parliament. The former publisher of the Wall Street Journal, who had previously testified on phone hacking in 2007 and 2009, denied that he misled Parliament in his past testimonies. He resigned in the summer, and was the most senior executive claimed by the scandal.

October 25, 2011:

James, Lachlan and Rupert Murdoch were all re-elected to the board of News Corp. despite huge shareholder opposition to their leadership. Their tenure was never in doubt, due to the company’s shareholder structure, but the majority of shareholders voted against James and Lachlan.

November 1, 2011:

A series of internal News International memos could be damning for James Murdoch, who is set to testify in front of Parliament for the second time next week. One of the documents was prepared for a meeting between James Murdoch and Colin Myler, the former editor who challenged his account of events, and specifically discusses the hacked voice mails. The notes of Julian Pike, then-lawyer for the company, also contain incriminating phrases like “paying them off.

November 10, 2011:

James Murdoch testified on phone hacking in Parliament for a second time. The younger Murdoch faced new evidence that he may have been aware of phone hacking at the time of his company’s settlement with footballer Gordon Taylor. He maintained his innocence, claiming that he was aware that Taylor had been hacked, but that he was unaware the News of the World had targeted others.


RQ-170 Sentinel Drone – How Was it Hacked?

RQ-170 Sentinel Drone hacked – Discussion Group – This is some of the threads from a security discussion groups about the RQ-170 that Iran has and how was it hacked.

gAtO – tHiNk-  Maybe you’all heard of the RSA hacking that happened this year. Well guess what- Military-band GPS (M-code) is protected against spoofing by the RSA cipher. Can we start to connect the dots. The RQ -170 was guided down by Russianequipment.

developed by Lockheed Martin - Hacked this Summer 2011 along w/ RSA

The aircraft’s presence was detected by peripheral installations that are part of the S300 antiaircraft system, and it was forced to land at a base in the desert region of Tabas, some 250km from the frontier with Afghanistan. Relations between Iran’s military industrial system, linked to the Guardians of the Revolution, or Pasdaran, and Russia’s GRU make it probable that Iran will share the drone’s secrets with the Russians. Did the Chinese or the Russian hack us this spring and summer.

It’s actually less likely that a stealth drone was using C-code GPS than it is that Iran stole the RSA red key to M-code GPS, but are we really talkin’ odds here?

Crypto-systems provide integrity & assurance, so we are either assured that the drone was not landed with GPS spoofing, or we are assured that the use of classified red-key RSA is compromised.

It isn’t well-known that M-code uses RSA, but it isn’t exactly a secret either, so I’m just surprised that apparently I’m the only person alive openly wondering about the relation of RSA integrity to the continuing claims of military GPS spoofing by Iran &/or Russia.
M-code was designed for an improved key distribution system, so they can ultimately recover integrity of GPS guidance so long as the keys were stolen and not compromised through advancements in factoring techniques.






Ron Started the discussion:

While it is reported that intercepting unencrypted drone communication data streams had first been known to US military since the mid-1990’s, this exploitation continued on into 2009 where militant laptops were found with drone data and unencrypted video feeds from Predator drones…

https://www.infosecisland.com/blogview/18778-How-the-RQ-170-Was-Hijacked.htmlby Ron Baklarz

Ray– If, as the CS Monitor claims, the effect was achieved through GPS, then I can think of three possible scenarios. I make no claim that these are reality – more information would probably change my hypotheses. All of these assume that the UAV’s control link was jammed – since this is a satellite link and satellites have weak transmission capability this is not difficult once the correct frequency is identified. Once the control link is severed, the UAV was probably programmed to return to base (although circling until the link is restored is another reasonable response).

Hypothesis #1. The Iranians have developed or gained the ability to spoof P-mode GPS transmissions, having cracked the three-(or is it six?) week Gold code protecting those transmissions. This would only work if the programmers who wrote the UAV software failed to put in a check that would notice the sudden change of position from Iran to hundreds of miles away in Afghanistan (systems and software error #1).

Hypothesis #2. The Iranians have acquired (possibly from the Internet) the capability to jam P-mode and spoof C/A-mode [1]. The UAV could not get a position fix using P-mode and fell back to C/A mode – this is like negotiating SSL down to no encryption while leaving the lock symbol in the victim’s browser. This type of ungraceful degradation, if it exists, would be systems and software error #2.

Hypothesis #3. The Iranians realized that the original developers and System Program Office of the UAV committed systems and software error #3 and used commercial GPS (i.e. C/A mode) in the UAV. This would allow the Iranians to hijack the vehicle with the least amount of capability – control link jamming and easily obtainable C/A spoofing. If this is the case, the developers and SPO were almost criminally negligent and the operations planners exhibited the arrogance of ignorance in risking the asset.

All three hypotheses depend upon systems and software engineering errors, some on multiple errors. Some folks will probably claim that these are not errors because they do not relate to the drone function. However, good systems engineering involves anticipating as many as possible of the future environments and circumstances of the system and preventing bad results up to the limit of the project resources.

Given the record of security problems in the UAV program (encrypting broadcast imagery with satellite TV encryption for which commercial cracks existed and running software environments susceptible to ordinary malware in control centers) my guess is that the third hypothesis is correct. After all, many of the UAV designs are from General Atomics, which got into this field based on their 70+ year history of building target drones. Target drones do not require security.

[1] Garmin and others sell reference transmitters for use in developing GPS equipment that could be repurposed to spoof C/A mode.

Andrei – The comms are also radio based .the encryption its breakable . Seems that the gps system was flawed – somebody admitted that was an known flaw and also admitted that it was matter of time till first drone will be “secluded ” by the enemy .

So the third option its viable in my opinion
Ps.Another question arise – if the gps hacking its true ( personally i have huge doubts that the drone was hijacked in this way) then what about the DGPS NAV ‘s security – its compromised ?( just asking – i dont need an answer)

Matt – DailyTech article [1] mentions GPS and links to the CCS’11 paper “On the Requirements for Successful GPS Spoofing Attacks” [2]. One comment may be of particular interest (?) [3]:

“If you look carefully, the wings were torn off and reattached. They’ve continually covered up the bottom, so it’s probably all torn up too. Maybe from a wheels-up belly landing.

These things are programmed to fly and land themselves. Depending on how those behaviors were layered, you can get all sorts of unintentional behavior in unusual circumstances. We ran into similar problems with our autonomous submarine while I was in grad school. Someone wanted sonar measurements of the ocean floor from 5 meters, so he went and changed the priority of the safety behavior keeping it more than 10 m from the bottom. The new priority resulted in the sub performing its entire mission with the nose buried in the mud. Turns out someone had forgotten to remove a behavior from an open-ocean mission. So the sub was now trying to dive down to 200 m in 20 m of water, without the safety behavior keeping it at least 10 m from the bottom.

I’m rather skeptical. You can’t just send a GPS signal telling the drone it’s in Afghanistan. GPS location works based on the time those signals arrive at the drone. To successfully pull this off would require tracking the locations of all the GPS satellites overhead at the time (they are moving at about 7 km/sec), correctly guessing at the drone’s location and velocity, then successfully spoofing the correct GPS signals at the correct time down to a few microseconds if not nanoseconds, while simultaneously blocking the real signals.

If you’re off by a few milliseconds, the GPS will say it’s over India. And if you’re off by a few nanoseconds, the GPS will tell the drone it’s flying sideways or backwards, or up or down. If you don’t transmit all the satellite signals correctly for the correct location and movement, the UAV will calculate one position from some satellites, a different position from others. Only 3 satellites are needed for a lock; any more are used to further refine the accuracy of the position. But if you don’t predict the drone’s location and spoof all these other satellites correctly, all these other spoof satellites would result in decreased accuracy, resulting in the AI deciding the GPS has failed and discounting the position it’s reporting.

All aircraft I’ve seen have multiple navigation systems (including inertial, which can’t be jammed), and any programmer worth his salt would put the UAV into a failsafe mode if the positions reported by these deviated significantly from each other. Large or inconsistent fluctuations in the GPS position would be grounds for the AI distrusting the GPS readings and prioritizing other navigational measurements like inertial. And to top it off, the military GPS signal is encrypted. You can jam it, but spoofing it is a whole nother ball of wax.

A malfunction still seems like the most likely cause. The spoofed GPS claim really sounds to me like BS by someone who’s never worked with navigation systems based on signal arrival times from beacons.”

[1] http://www.dailytech.com/Iran+Yes+We+Hacked+the+USs+Drone+and+Heres+How+We+Did+It/article23533.htm

[2] http://www.syssec.ethz.ch/research/ccs139-tippenhauer.pdf

[3] http://www.dailytech.com/article.aspx?newsid=23533&commentid=738000&threshhold=1&red=2520#comments

Andyhttp://youtu.be/rSLG3AS2YUw |

Public info
http://www.theregister.co.uk/2009/12/17/us_drones_hacked/ |
The Drone was not hijacked by GPS .It was a combination of ELINT ,HUMINT and a smart geek

Ray@Andy – the video downlink is an old issue we discussed on this forum a long time ago. That has nothing to do with the control and data links back to the operators.

Mathjis has made some good points about GPS hijacking. It might be possible if the ground reference transmitters were fed accurate information from a radar and the UAV was using C/A mode. Although C/A mode is normally as accurate as P mode, it can be degraded. GPS receivers make allowance for that degradation possibility. That gives a slightly larger margin of error for the spoofing. Normally, fast vehicles like aircraft have from six to twelve receiver “stacks” (originally separate receivers but now that separation is done in software). As Mathjis said, three satellites are used to obtain a fix – usually receivers use the three best signals (although geometry does enter into the calculation). The remaining receivers track other satellites so they’re ready when one of the top three is lost. Clearly, three ground reference transmitters are going to have the best signals. If the spoofing is done fast enough, the satellites they are “replacing” won’t be over the horizon before the receiver notices and the aircraft is not down. Of course, it’s possible that the receiver is programmed to accept ground reference transmitters – this is a common method to improve GPS in a local area. So far as I know, only commercial (C/A mode) receivers support this function.

Tony – Scot has a good writeup:
The RQ170 Affair: Spoofing, Jamming, and The GBAS

MAXIntel says Iran pointed a laser at the CIA satellite control node of the drone, and then used a program similar to skygrabber to lower the drone. Intel provides the Iranians picked up the crashed drone, after the satellite was jammed, and then used media to promote their propaganda it was intact when recovered. They also say they have a commander from Baghram Airfield they tracked from that air field that was an Iranian sent to penetrate into Iran for HUMINT data on this operation. I do know this. Irans capabilities as a military is growing innumerate. Do not underestimate a sale of laser jamming satellite equipment sold from Communist superpowers developing this technology. We are looking at a big mess here. While I have been away some things are not being resolved. I’m back. I suggest a team get on google chrome tv in the Iran media and get more data past what has been rebroadcast by Iran already to test our EWS systems. OK

We could start testing THEOL upwards instead of at missile ICBM’s.
Beware Iranian birds.
AngryBirds is coming to a THEOL drone near you.

Suj – I was wondering if the Iranians simply fried some of the key electronics. It was in their airspace after all. The UAV would simply come down reasonably hard — as it apparently did. What do you think?

Joel-WAY too many assumptions here, poor open source intelligence and not enough attention to simple physics.

One jams receivers, it is nearly impossible to jam a transmitter, DEW being the sole exception. Jamming the satellite transmitters on the satellite is nearly impossible and to jam three or more transmitters from GPS satellites simultaneously would have been international news front headlines.

If a directional antenna points upwards, at a satellite, it is very, very difficult to overwhelm an intended signal from a satellite from a ground transmission. SHF, VHF and UHF frequencies from the birds are line of sight transmissions and ‘bleed over’ does not occur, and certainly not from a ground transmission.
Geolocating a stealthy (can’t say stealth) RQ-170 while in flight is very difficult, targeting it with multiple systems is nearly impossible.
Read my blog, I’ve listed a number of other ‘laws of physics’ problems with this scenario. Occam’s razor: the controllers lost control or the bird developed an electrical or mechanical malfunction and glided to a landing.

@Sujeet, you might have a point, but the downward pointing sensors are not connected to the flight controllers. Using DEW on the aircraft as a whole might have blinded or disabled the craft, but I have not seen reports of a successful DEW program in Iran.

Max, DEW includes laser, but the power needed to overwhelm a receiving antenna is much greater than you can imagine. The physics needed to get a receiver to process the signal is not complex, but at the beginning of the equation “power” is practically off the charts to do what I outlined above. Then we’re thinking exact frequency (not in the lazer’s capacity), harmonics and still using it as a carrier wave. It is not ‘wave of the hand’ physics.

Also, the bird was controlled by proprietary software, the signal encrypted and ‘skygrabber’ is not the appropriate program.

Gee, wasn’t that easy?

Lory – ok maybe joel is right but then how did the bird land right near a battalion of guards that were waiting for it to land?
next question – someone on the inside, seems like the wheel are gone, but now they can see the electronics and figure some things out , no?
third question – what now? besides give it back what are the dangers?

Joel – Thanks, Lori! That’s probably the nicest thing anyone’s said about me in years, ‘I might be right!’

‘curious… I haven’t read the report about a battalion of guards. Kindly share a source? I’d be curious as to what kind of guards, were they part of the ‘EW unit’?

My guess? A roving patrol found it. I don’t think they have seismic detectors in enough places to detect a hard landing. Bottom line, until we see more details we’ll be left with more questions than answers.

Again, my guess, they haven’t figured out how to lower the wheels. It sure would look cool to have that puppy held up by its wheels, it made it look like the nicknamed “Beast of Kandahar”. They’re supposed to be figuring out the code, when they figure out how to control the wheels I suspect we’ll see a new picture. Was it just me or did the RQ-170 seem a little off on height compared with the pictures from Qandahar?

No way in H-E-Double Hockey sticks we’ll ever get that puppy back. It’s going to be dismantled and pored over for years and then put into some really neat museum “look how good we are!”.

Paul – “near a battalion of guards that were waiting for it to land” It would be great if you could expand on this important detail. Please feel free to contact me.

Thanks for the comments everybody!

Lorythat was what was written in the Israeli papers

HI Paul,
See the original quote from the Israeli media with translation.
google translate:
The Air Force Commander of the Revolutionary Guards, General Amir Ali Haz’izda, claimed that “recently, information-gathering intelligence and our means of tracking the electronics in this plane revealed a plan to penetrate the airspace of the country for espionage. After it entered the eastern parts of the country, the plane fell into the trap of our armed forces and landed in Iran with minimal damage. ”

Hope that helps.

By the way, i am gaining expertise in this field and would be happy to take part in “think tanks”. I wrote some articles that may be of interest. Thank you Lori

TonyI remember seeing my hapless cat sitting in front of our large glass windows when a bird ran into them and dropped at his feet. He looked around, picked up the bird in his mouth, and trotted off happily as if he had just made the kill himself. Point: given the source was the Iranian RG, I would take that info with a pound of salt.

gAtO– Joel is wrong again. It’s a know fact for years that weak GPS signals can be over-written, you don’t need signal coming from the top (satellite) jamming is an old technology and every military knows of this. The reason why the RQ-170 Sentinel crashed was because the altimeter was incorrect as Matthijs explained about the sub with it’s nose in the mud. The military is working on a private military-GPS network to correct these problems. Just a few years ago you could buy of the shelf software for 30$ and capture live video feeds from drones as the Iranians show us.

Remote control devices can be hacked it’s the nature of the beast simple encryption of all telemetry data could resolve this problem. As Mr Freed said the cat got the bird and a cat smile is all were going to get from Iran. China and the Russian will pay big bucks to get a look at this drone. The Iranians military were waiting for the drone the right place but barometric pressure messed up the landing cycle.

from one source –http://www.ufppc.org/us-a-world-news-mainmenu-35/10757-news-how-they-did-it-iran-landed-supersecret-rq-170-drone-by-overriding-weak-gps-signals.html

“The GPS navigation is the weakest point,” the Iranian engineer told the Monitor, giving the most detailed description yet published of Iran’s “electronic ambush” of the highly classified U.S. drone. “By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain.”

The “spoofing” technique that the Iranians used — which took into account precise landing altitudes, as well as latitudinal and longitudinal data — made the drone “land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the U.S. control center, says the engineer.

Our satellites use old outdated electronics and the software is older. The project life of a satellite is over 3 years to build and then launch into space orbit, longer in some cases. If you simply apply Morres law in 3 years time the electronics of that satellite is absolete before they launch it. Red Tape is one problem. That someone can hack older technology with systems 3 times faster and better should not surprise us. I worked on 2 satellites and one had a navigation system that could only be certified with a computer that used boolean gates as schematic and all transistors for every AND, NAND and OR gate.

Other countries ramp up and if somethings new comes they try it. I know their failure rate will increase without these safe guards but we can do a better job with CIA operation.

JoelgAtO, as earlier stated, Skygrabber is one of the programs available to download video, etc from a UAV. I’m not disputing that unencrypted video can be copied. My contention is it is far more difficult to hack a signal emanating from a UAV and somehow magically hack back into a transmitter. Physically impossible, sorry. I wrote a textbook on Electronic Warfare and have been working in EW for many decades. Now, remembering the laws of physics, once again, that video signal is not being transmitted to a local ground station, as in the case of Skygrabber utility, but to a satellite. After a bounce or two it is downlinked to a ground station. Incidentally, that ground station is not in the US and not where you might guess, I just confirmed this with one of the engineers working near the project, but not on it.

The altimeter was incorrect? Cool. How? Again, in this formula, stating “and then a miracle occurs” will not suffice. How was it hacked? Putting on a wizard’s hat and thinking ‘make it so’ will not a hack make. I challenged my last class of graduate students, all IT and IA professionals, to explain exactly which exploit they would use to hack into a number of unclass systems, I gave them four months, and not one single hack emerged. Just because a conspiracy theorist says ‘they hacked the system’ does not make it true, and I trust an Iranian engineer’s obviously ‘unbiased and totally uncoerced’ musings even less. Anything and everything emanating from Iranian sources is widely regarded by most professionals as complete rubbish.

About the GPS signals, they’re currently in Block II and Block III is being fielded (completion in 2014). All the assumptions I’ve read about GPS jamming have been addressed – for all US Intelligence Community and military systems. “United for Peace of Pierce County” is not a credible source, the Iranian engineer in that article is out to lunch and after speaking with four different seniors in the IC and Pentagon in the past week, the Christian Science Monitor article is complete hogwash.

As for the spoofing techniques, once again, the signal the GPS for this particular bird uses is encrypted, I’ve confirmed that. How in the heck do you spoof an encrypted signal coming from a minimum of three and up to nine satellites in near real time?

gAtO – Joel:

Bread goes in toast comes out – You can’t explain that!

I put the garbage at the end of the driveway, Gone when I get home – You can’t explain that!

If evolution were true, Why are there still monkeys? -You can’t explain that!

I understand your cavalier stance that all Iranian sources are just camel herders and know nothing about computer, programing or hacking. People from the middle-east know nothing but wear burkas and go around with swords and cut peoples heads off. For an educated person and a professor you sure show bigotry, being born in another country you would of failed me because all Cuban are “mango munchers” and know nothing about the laws of Physics like your (I’ll make a guess) white students do.

Every person not from the US is wrong they are all dumb foreigner who know nothing. This is exactly what the enemy wants to see a bigot so tight in his perfect box that nothing can change, nothing can go wrong in his perfect world. But the facts are they (the illiterate, uneducated Iranian) got the bird.
capital I – for respect not all Iranian are evil, just like all American were not baby killers (from the Vietnam days).

“You have back access to confirmed this with one of the engineers working near the project”.

People in TS government project just talk to anyone and all this information you quote has been cleared for this forum. I’m just a dumb Cuban boy, that defies the laws of physics, I am not your TOP students with a 220 IQ. To tell you the truth I do have a GED education nothing more nothing less, so I’m a nobody that knows nothing and will learn from my betters like yourself.

“That particular bird uses is encrypted, I’ve confirmed that”

Boy you seen to have all sorts of people that work on secrets project that blab to anyone and they post it on LinkedIn, that’s scary to throw government secrets out like that.

I guess I’m a wizard with a hat (sombrero) and hacked, the FBI, CIA, State Department, US Sanate, The Pentagon, Lockheed, RSA (ever heard of these guys) and many other companies that have such a secure network that they had a RAT in the DOD for over 2 years. Oh by the way some of these were 15-18 years old kiddies (LuzSec) with no knowledge of the “Laws of Physics taught by you” They just hacked them.

If you think everyone else is an idiot and your the only one right then – -I can’t explain that!

Drone goes up crashes down in enemy territory, -I can’t explain that!

You got gAtO – -I can’t explain that!

gAtO is sometimes a jerk, ah well.. mEoW mEoW


Verify Performance of SSL

THC-SSL-DOS is a tool to verify the performance of SSL.

Establishing a secure SSL connection requires 15x more processing power on the server than on the client.

uscyber labs - Cyberspace controls kinetic devices

Performance of SSL

THC-SSL-DOS exploits this asymmetric property by overloading the

server and knocking it off the Internet.

This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed.

This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via single TCP connection.


Windows binary: thc-ssl-dos-1.4-win-bin.zip

Unix Source   : thc-ssl-dos-1.4.tar.gz

Use “./configure; make all install” to build.


./thc-ssl-dos 443

Handshakes 0 [0.00 h/s], 0 Conn, 0 Err

Secure Renegotiation support: yes

Handshakes 0 [0.00 h/s], 97 Conn, 0 Err

Handshakes 68 [67.39 h/s], 97 Conn, 0 Err

Handshakes 148 [79.91 h/s], 97 Conn, 0 Err

Handshakes 228 [80.32 h/s], 100 Conn, 0 Err

Handshakes 308 [80.62 h/s], 100 Conn, 0 Err

Handshakes 390 [81.10 h/s], 100 Conn, 0 Err

Handshakes 470 [80.24 h/s], 100 Conn, 0 Err

Comparing flood DDoS vs. SSL-Exhaustion attack:

A traditional flood DDoS attack cannot be mounted from a single DSL connection. This is because the bandwidth of a server is far superior to the bandwidth of a DSL connection: A DSL connection is not an equal opponent to challenge the bandwidth of a server.

This is turned upside down for THC-SSL-DOS: The processing capacity for SSL handshakes is far superior at the client side: A laptop on a DSL connection can challenge a server on a 30Gbit link.

Traditional DDoS attacks based on flooding are sub optimal: Servers are prepared to handle large amount of traffic and clients are constantly sending requests to the server even when not under attack.

The SSL-handshake is only done at the beginning of a secure session and only if security is required. Servers are _not_ prepared to handle large amount of SSL Handshakes.

The worst attack scenario is an SSL-Exhaustion attack mounted from thousands of clients (SSL-DDoS).

Tips & Tricks for whiteouts

1. The average server can do 300 handshakes per second. This would require

10-25% of your laptops CPU.

2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.

3. Be smart in target acquisition: The HTTPS Port (443) is not always the

best choice. Other SSL enabled ports are more unlikely to use an SSL

Accelerator (like the POP3S, SMTPS, …  or the secure database port).

Counter measurements:

No real solutions exists. The following steps can mitigate (but not solve) the problem:

1. Disable SSL-Renegotiation

2. Invest into SSL Accelerator

Either of these countermeasures can be circumventing by modifying THC-SSL-DOS. A better solution is desireable. Somebody should fix this.



FBI GSA fight over Cyber Security

According to FBI and GSA assessments, the FBI’s headquarters facilities—the Hoover Building and the headquarters annexes—do not fully support the FBI’s long-term security, space, and building condition requirements. The FBI has addressed many security concerns at the Hoover Building by implementing protective measures. Furthermore, in response to a recommendation GAO made in a law enforcement sensitive version of this report issued in July 2011, the FBI has updated its security assessment of the Hoover Building in accordance with security standards issued in 2010. The assessment includes recommendations but does not indicate whether recommended actions will be implemented. While this is reasonable given the short period of time since GAO’s July 2011 report, documentation of decisions on the recommendations and tracking implementation is important because of facility planning and budget implications—for both the Hoover Building and a new headquarters—and time needed to coordinate with GSA. FBI officials told GAO that the annexes will be assessed against the 2010 security standards. The officials noted, though, that the dispersion of staff in annexes creates security challenges. The Hoover Building’s original design is inefficient, according to GSA assessments, making it difficult to reconfigure space to promote staff collaboration. Staff dispersion across annexes likewise hampers collaboration and the performance of some classified work. Furthermore, the condition of the Hoover Building is deteriorating, and GSA assessments have identified significant recapitalization needs. However, GSA has decided to limit investments in the Hoover Building to those necessary to protect health and safety and keep building systems functioning while GSA assesses the FBI’s facility needs. This decision increases the potential for building system failures and disruption to the FBI’s operations.

Through studies conducted over the past decade, the FBI and GSA have considered three broad alternatives, each with variations, to try to meet the FBI’s facility needs—(1) modernize the Hoover Building, (2) demolish the Hoover Building and construct a new headquarters on the existing site, and (3) acquire a new headquarters on a new site. In doing so, the FBI and GSA thus far have generally followed leading practices for capital decision making. To varying degrees, these alternatives would improve security, space, and building conditions, but each would take several years to implement. Estimates of the alternatives’ costs, developed in the studies, are not comparable because they were prepared at different times and for different purposes. The FBI and GSA plan to discuss the FBI’s facility needs with the Office of Management and Budget, and GSA and the FBI will need to present a business case, including current, comparable cost estimates, to support the choice of a preferred alternative and financing strategy. The FBI’s 2011 security assessment of the Hoover Building, as well as information on any security improvements that may be needed at the annexes, could inform the agencies’ decisions and help ensure that limited budgetary resources are allocated effectively.

This is a public version of a law enforcement sensitive report that GAO issued in July 2011, which has been updated, including a modification to a recommendation, to reflect recent FBI actions. Information that the FBI and the Department of Homeland Security deemed sensitive has been omitted.