Category Archives: B&W Hat Hacking

Welcome to the Jungle – Adolescent Hackers With Very Adult Problems

I won’t try to write about what those who are far better qualified * than me have already written ** or engage in debate about the pedigree of Marcus Hutchins ***. I am not a security researcher, I am not a hacker, I am not a programmer (anymore), and I am incredibly disinterested in trying to compete with far cleverer teenagers and young adults who would have me “pwned” in a matter of minutes.

The New Criminals

What many of the recently infamous hackers have in common, aside from being bright with little relevant experience which would make them capable of handling serious jail time, is that they do not know the way the world really works.

They seem to be unfamiliar with cause and effect. Many of them unknowingly thread the thin line between legality and illegality. In the evolving landscape of cyber-crime legislation what was quasi-legal and unregulated yesterday may be highly illegal tomorrow.

Most “security researchers” stay on the right side of the street but even in doing so they inevitably rub shoulders with those who are not. Something that aspiring researchers should remember is that “ignorance” is never a defence in a court of law. If and when someone chooses to wander across to the shadier side of the street (knowingly or unknowingly) they find themselves way out of their depth.

There is a very big gulf of reality between facing down a virtual opponent in a chatroom and eyeballing a professional interrogator in an “interview suite”. I have sat on both sides of that particular table, sometimes in places that the most intrepid backpacker wouldn’t consider going, and it is not a place that you want to be.

These are kids with very adult problems.

Dmitry Bogatov

Picture: Dmitry Bogatov

Welcome To The Jungle

Being a criminal or a member of an organized crime gang used to involve certain stages or rituals. It was a way of life sometimes forced on people as a result of their environment or poverty or family history or simply a conscious decision. Criminals are not always victims of circumstance.

For serious criminals it was an informed choice of sorts. It normally began with petty crime and graduated into more serious categories of crime as time passed. As the scale, sophistication, and seriousness of the crimes being committed grew so too did the tariff.

But the career criminal was more or less aware of this and the risk-return ratio. Also, to be effective in crime at the levels where it potentially attracted a forty year prison term, one had to have a network, contacts, tools, “pedigree”, and lots of other stuff. Not any more.

Jail sentences of these types for these hackers are not jail sentences, they are death sentences. Warming a concrete mattress in a concrete cage for twice as long as you have already been on the planet leaves these people with few choices.

They find themselves sharing space with men who have committed all sorts of crimes that actually involve leaving their mothers house. All of the lobbying and strongly worded letters from the Electronic Frontier Foundation, Amnesty International, family run crowd funding efforts, and emotional tweet storms will not help them when that door closes.

The phenomenon of the new criminals is highly contradictory. We now see fresh faced “deer in the headlights” types facing the sort of time that would make harder men cry for their mother.

Kimberly Crawley‍; 4th Aug 2017; “MalwareTechBlog and the Cybersecurity Community versus the FBI“; Peerlyst

** Kevin Beaumont; 5th Aug 2017; Regarding Marcus Hutchins aka MalwareTech; DoublePulsar

*** IPostYourInfo; 4th Aug 2017; The Marcus Hutchins I Knew; Medium

ENDS

Quick Reference Resource Introduction: WikiLeaks CIA Vault 7 Leaks

This series covers links to and analysis of each of the WikiLeaks CIA Vault 7 leaks including:

  1. The WikiLeaks pages;
  2. The associated CIA documents – Specification Documents, Systems Requirements, Installation Guides, User Guides, User Manuals, Test Plans, Tactics Documents, Slides and so on;
  3. Links to external references and sources including The Hacker News (Twitter @TheHackersNews), HackRead (Twitter @HackRead), and Pierluigi Paganini at “Security Affairs”; 
  4. Analysis by other third party publications of each leak;
  5. General comments, notes, and links added by AirGap Anonymity Collective as each leak and its previous deployment is more clearly understood;
  6. How these posts will evolve over time:
    1. The first post will be a generic description of each leak including 1-3 above; 
    2. Content will be added over time and date-stamped to include:
      1. Articles, external resources, and commentary that augment the knowledge base with respect to the basic content of each leak; 
      2. Advice on counter-measures / new research; 
      3. Analysis and examples of the subsequent deployment (in the original form or altered) of these hacking tools by cyber criminals, cyber terrorists, state actors, hackers, and others;
      4. Other information that does not emanate from generic or main stream media sources; 

These documents are marked with various security classifications. To understand what these classifications mean see Understanding NSA / INR Security Classifications on Intelligence Assessments;

Posts in this series to date:

Quick Reference Resource: WikiLeaks CIA Vault7 Leak #14 – OutlawCountry;

Quick Reference Resource: WikiLeaks CIA Vault7 Leak #15 – BothanSpy & Gyrfalcon;

Quick Reference Resource: WikiLeaks CIA Vault7 Leak #16 – HighRise;

Quick Reference Resource: WikiLeaks CIA Vault7 Leak #17 – Imperial: Achilles, SeaPea, & Aeris

Quick Reference Resource: WikiLeaks CIA Vault7 Leak #18 – UCL / Raytheon

Quick Reference Resource: WikiLeaks CIA Vault7 Leak #19 – Dumbo

Quick Reference Resource: WikiLeaks CIA Vault7 Leak #20 – CouchPotato

All third party content is explicitly acknowledged and content or imagery that has been altered or amended for ease of use is clearly marked.  

ENDS

Software Industry Greed is Driving the Assault on our Privacy & Security

The motivation to release software, without proper testing, in order to generate a quick buck is as much of a threat to our security and privacy as the activities of hackers and alphabet agencies. It is time that software companies started to pay the price for the sorry mess that their greed is helping to create.

Once upon a time these matters could be considered in isolation but with the “Internet of Things” connecting millions more devices every day we are headed for a world that will have 28 billion IoT devices by 2020.

Consumer concern will not halt the rollout. A staggeringly high number of consumers hold serious concerns about the possibility of their information getting stolen from everyday devices – their smart home, their tablet, their laptop. One would think therefore that this concern would pressure software manufacturers to be more rigorous in their pre-GA testing activities. Not so.

Why? Because so much of this IoT stuff is embedded and consumer awareness is mainly limited to the high profile exposures. Consumers are not hesitating to purchase connected devices because consumers do not know that the devices are connected.

Samsung’s SmartThings smart home platform is a leaky colander of loosely connected hack prone software. IoT security hardening is not just about the particular application but also about building security into the network connections that link applications and that link devices.

And then there is the “Data”. The amount of this stuff that is generated by IoT is intractably large. As few as 10,000 households can generate 215 million discrete data points every day. This creates more entry points for hackers and leaves sensitive information vulnerable.

The number and variety of privacy attack vectors becomes unmanageable very quickly. From the CIA hacking your Samsung TV, uBeacons doing their bit (uXDT & Audio Beacons – Introduce your Paranoia to your Imagination), hackers controlling your car, it’s a worryingly real threat to the personal security and privacy of every one of us.

If the CIA’s Directorate of Digital Innovation (DDI), who are tasked with delivering cyber-espionage tools and intelligence gathering capabilities, cannot even secure their own USB drives then what chance do the rest of us have.

Unfortunately the answer is that we have no chance.

ENDS 

Hijacked Jihadi Forum “Asrar Al­Ghurabaa’“ – Offense & Exploitation

In late 2013, following on from the general panic surrounding the reliability of previously trusted technologies – as a direct result of the revelations made by snowden‍ and greenwald‍ – ISIS‍ “declared” that they had launched a new encryption‍ service called Asrar Al­ Ghurabaa’.

It was described as being the first website for secure communications. A forum used by jihadists calledShabakat Al Iraq Wal Sham announced the launch. The announcement declared that the new resourcefor jihadis would be a rival to Asrar AlMujahideen (Mujahedeensecrets which was launched circa 2007).

The new service was an NSA‍ front and was to be found at asrar006.com. It allowed the input of text which was then encrypted‍ or decrypted‍ , as required. Simply put, rather like the google translate service it applied the required encryption keys to inputted text strings resulting in a “translation”.

It did not allow for message transmission but was more “accurate, secure, and user friendly than Asrar Al­Mujahideen” according to the statement. The service required no software downloads or installations and therefore removed several points of potential risk associated with the Asrar Al­Mujahideen alternative. No code could be injected, files infected and so on.

Within a couple of days the Global Islamic Media Front (GIMF‍ ) denounced the new encryption platform in a statement “Warning About the Use of the Program ‘Asrār al-Ghurabā” stating:

“We warn all the brothers using the new encryption program called “Asrar al-Ghurabaa” – the program is suspicious and its source is not trusted. Likewise, we confirm that there wasn’t any relationship between the program “Asrar al-Ghurabaa” and the Front’s encryption program “Asrar al-Mujahdeen”, and therefore, we advise and warn the brothers not to use the program “Asrar al-Ghurabaa” entirely!

We also warn of using any encryption program which hasn’t been published through the Global Islamic Media Front or Al-Fajr Center for Media. And lastly, we remind that the sole source to download all of the technical programs for the Media Front: Mobile Encryption Program Asrar al-Dardashah Plugin Asrar al-Mujahideen Program”

END

Overwatch – The Five Eyes Espionage Alliance

The “Five Eyes” (FVEY‍) is an intel‍ alliance that unifies elements of the national alphabet agencies of theunited Kingdom, the United States, Australia, canada and New Zealand and their intel gathering infrastructures.

The AA’s in each member country and the terms of their information exchange mandate is encapsulated in the multilateral‍ agreement called the “UKUSA Agreement”.

The origins of the FVEY can be traced to the closing months of World War II when the Atlantic Charter was issued by the Allies to lay out their “goals” for a post-war world.

Signals Intelligence (SIGINT)

The espionagealliance‍ was conceived in order to deliver trans- jurisdictionalcoordination‍ andcooperation‍ for signals intelligence (SIGINT‍) but has expanded into many other areas especially in the last 20 years and most aggressively since the beginning of the vaguely defined parameters of the ” War‍ on Terror‍ “.

Not just a reactive program it is specifically proactive. The FVEY can count in many thousands theirdeployment of various rootkit‍ hacks, backdoors‍ , trojans‍ , worms‍ , spyware‍ , malware‍ , keystroke logging, PGP private key reversal and voice comms undermining projects. It has an eye watering arsenal of BH tactics‍ at its disposal. Take a peak at a tiny subset of them here .

GEMALTO & Public Scrutiny

But probably their most effective hack was undermining the integrity of sim card encryption after the highly successful (for them) Gemalto hack.

No citizen based protests or national laws or international regulations or Privacy advocates or leaks or “net neutrality” activists or whistleblowers will ever affect the activities of the Five Eyes.

It is and will remain the most pervasive, extensive, expansive and secretive (independent and to the large part unregulated) espionage alliance in history.

The ECHELON Program

During the course of the Cold War, the ECHELONsurveillance‍ system was initially developed by the FVEY to monitor the communications of the USSR‍ and European countries on the wrong side of the Iron Curtain.

The FVEY has been accused of monitor trillions of privatecommunications‍ worldwide.

In the late 1990s, the existence of ECHELON was disclosed and triggered a major debate in brusselsand to a lesser extent in Congress. As part of efforts in the ongoing, vaguely defined, War on Terror since 2001, the FVEY further expanded their surveillance‍ capabilities.

Internet Backbone

The bulk of the current focus is placed on monitoring digital comms across the internet backbones and much if not all of the cables delivering the service have FVEY listeners at the receiving stations and national termination points and not just in the member countries.

The current face-off between the US and china in South East asia – aside from the sabre rattling over the Paracel & Spratly issue and Chinese territorial claims in the South China Sea – is who will get to deliver and therefore control the internet backbone to Cambodia, terminating in Sihanoukville.

That cable will service the needs of the region (Laos, Myanmar, Thailand, Vietnam, Cambodia, and unofficially parts of China, Malaysia, Indonesia and Singapore)

Snowden (Again)

NSAwhistleblower / traitor (depending on your viewpoint) edward snowden described the Five Eyes as asupranational‍ intelligence organisation that doesn’t answer to the known laws of its own countries”.

Snowden’s leaks revealed that the alliance were spying on one another’s citizens and sharing the collected information with each other in order to circumvent restrictive domesticregulations‍ on surveillance of sovereign nations’ citizens in “peace time”.

Again the definition of “peace time” and its current status is in the eye of the beholder so to speak.

The Main Surveillance Programs

The main surveillance programs jointly operated by the Five Eyes are:

  • PRISM‍ – Operated by the NSA‍ together with the GCHQ‍ and the ASD
  • XKEYSCORE‍ – Operated by the NSA with contributions from the ASD and the GCSB
  • Tempora‍ – Operated by the GCHQ with contributions from the NSA
  • MUSCULAR‍ – Operated by the GCHQ and the NSA
  • STATEROOM‍ – Operated by the ASD, CIA‍ , csec‍ , GCHQ, and NSA

END

Privacy‍ , National Security