Tag Archives: hackers

Welcome to the Jungle – Adolescent Hackers With Very Adult Problems

I won’t try to write about what those who are far better qualified * than me have already written ** or engage in debate about the pedigree of Marcus Hutchins ***. I am not a security researcher, I am not a hacker, I am not a programmer (anymore), and I am incredibly disinterested in trying to compete with far cleverer teenagers and young adults who would have me “pwned” in a matter of minutes.

The New Criminals

What many of the recently infamous hackers have in common, aside from being bright with little relevant experience which would make them capable of handling serious jail time, is that they do not know the way the world really works.

They seem to be unfamiliar with cause and effect. Many of them unknowingly thread the thin line between legality and illegality. In the evolving landscape of cyber-crime legislation what was quasi-legal and unregulated yesterday may be highly illegal tomorrow.

Most “security researchers” stay on the right side of the street but even in doing so they inevitably rub shoulders with those who are not. Something that aspiring researchers should remember is that “ignorance” is never a defence in a court of law. If and when someone chooses to wander across to the shadier side of the street (knowingly or unknowingly) they find themselves way out of their depth.

There is a very big gulf of reality between facing down a virtual opponent in a chatroom and eyeballing a professional interrogator in an “interview suite”. I have sat on both sides of that particular table, sometimes in places that the most intrepid backpacker wouldn’t consider going, and it is not a place that you want to be.

These are kids with very adult problems.

Dmitry Bogatov

Picture: Dmitry Bogatov

Welcome To The Jungle

Being a criminal or a member of an organized crime gang used to involve certain stages or rituals. It was a way of life sometimes forced on people as a result of their environment or poverty or family history or simply a conscious decision. Criminals are not always victims of circumstance.

For serious criminals it was an informed choice of sorts. It normally began with petty crime and graduated into more serious categories of crime as time passed. As the scale, sophistication, and seriousness of the crimes being committed grew so too did the tariff.

But the career criminal was more or less aware of this and the risk-return ratio. Also, to be effective in crime at the levels where it potentially attracted a forty year prison term, one had to have a network, contacts, tools, “pedigree”, and lots of other stuff. Not any more.

Jail sentences of these types for these hackers are not jail sentences, they are death sentences. Warming a concrete mattress in a concrete cage for twice as long as you have already been on the planet leaves these people with few choices.

They find themselves sharing space with men who have committed all sorts of crimes that actually involve leaving their mothers house. All of the lobbying and strongly worded letters from the Electronic Frontier Foundation, Amnesty International, family run crowd funding efforts, and emotional tweet storms will not help them when that door closes.

The phenomenon of the new criminals is highly contradictory. We now see fresh faced “deer in the headlights” types facing the sort of time that would make harder men cry for their mother.

Kimberly Crawley‍; 4th Aug 2017; “MalwareTechBlog and the Cybersecurity Community versus the FBI“; Peerlyst

** Kevin Beaumont; 5th Aug 2017; Regarding Marcus Hutchins aka MalwareTech; DoublePulsar

*** IPostYourInfo; 4th Aug 2017; The Marcus Hutchins I Knew; Medium

ENDS

The “FVEY” SIGINT Espionage Alliance

The French, Belgian, Egyptian and Yemeni authorities have all in the last 12 months failed to connect the dots on available data that might have prevented or lessened the Hebdo, Bataclan, Zaventem & Maalbeek atrocities.

Some of their foreign counterparts however are part of an exclusive alliance that shares intelligence that does in many cases provide insights that the individual portions do not.

The Five Eyes intelligence alliance is led by the USA. Often abbreviated as “FVEY” the alliance comprises Australia, Canada, New Zealand, the United Kingdom, and the United States. They are bound by the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.

STASI - FIVE EYES

FVEY’s origins can be traced back to the Atlantic Charter issued by the Allies to lay out their goals for a post-war world in 1945. During the Cold War, the ECHELON surveillance system was initially developed by the FVEY to monitor the communications of the former Soviet Union and the Eastern Bloc. Later, it was alleged that it was also used to monitor billions of private communications worldwide.

ECHELON’s existence was disclosed in the late 1990’s and it triggered a major debate in the European Parliament. As part of efforts in the so called War on Terror the FVEY further expanded their surveillance capabilities, with much emphasis placed on monitoring internet communications.

Snowden describes the Five Eyes as a “supra-national intelligence organisation that doesn’t answer to the known laws of its own countries”. Documents leaked by Snowden in 2013 revealed that the FVEY have been spying on one another’s citizens and sharing the collected information with each other in order to circumvent restrictive domestic regulations on surveillance of citizens.

The leaked documents also revealed the existence of numerous surveillance programs jointly operated by the Five Eyes including:

  • PRISM – Operated by the NSA together with the GCHQ and the ASD;
  • XKeyscore – Operated by the NSA with contributions from the ASD and the GCSB;
  • Tempora – Operated by the GCHQ with contributions from the NSA;
  • MUSCULAR – Operated by the GCHQ and the NSA;
  • STATEROOM – Operated by the ASD, CIA, CSEC, GCHQ, and NSA.

Despite the disclosures no amount of outrage will affect the Five Eyes which remains the most extensive known espionage alliance in history.

END.