There’s a new game in town
Mini ‘how-to’ Bluetooth/Wifi combo for Raspberry PI
Stick’em with the pointy end
Virtual and not so Virtual Space
Be Still my Bleeding Heart …
The Never-ending Privacy Battle
The Many Sides of Bitcoin
Cyber Jihadists
Hacker Gangs
The New Old War
The Sacred Executioner
Scripting Aphrodites
There’s a new game in town My first foray into role playing games (RPGs) wasn’t actually an RPG at all. Rather, it was a computer based word puzzle, “The Colossal Cave” aka “Adventure.” I stumbled upon this game during a computer job back in the late 1970s. The game was written in Basic and ran on a PDP-11. I spent hours […]
Read the Full Story
Mini ‘how-to’ Bluetooth/Wifi combo for Raspberry PI I recently purchased the Cirago USB Bluetooth/Wifi combo to use with my raspberry pi. All things considered, I am quite pleased. Being reasonably versed in google-fu, helped, of course. Since I want the freedom to do some mobile tinkering, I need to access the pi sans a lan. That, and my latest wild hair project […]
Read the Full Story
Stick’em with the pointy end Since I have been spending a great deal of my time playing in the field of 3D design and printing, I have only recently stumbled upon, and had time to read, “Privacy for Me and Not for Thee,” penned by Catherine A. Fitzpatrick, a human rights activist whom I first encountered in the virtual world […]
Read the Full Story
Virtual and not so Virtual Space Not long ago, someone asked if I liked 3D printing better than virtual worlds. The short answer is, equally but differently.
Read the Full Story
Be Still my Bleeding Heart … “Secure web servers are the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges. Further, the roads are subject to random detours, anyone with a screwdriver […]
Read the Full Story
The Never-ending Privacy Battle This brings me back to the Hundredpercent American. To some extent he is a pet of mine. I have always rather liked him, because he has some promising qualities. For instance, he has enormous hospitality. I used to feel personally complimented by the amazing warm-hearted hospitality showered on me by Americans. […] When I realized […]
Read the Full Story
The Many Sides of Bitcoin Pariah, darling, or somewhere in between. Bitcoin has continued to linger in the daily media spotlight since the shuttering of darknet’s black-market drug bazaar, Silk Road, and the subsequent announcement of the arrest of its alleged owner, Ross William Ulbricht (aka DPR), on October 2, 2013. Media mavens have long cast bitcoin as a sort […]
Read the Full Story
Cyber Jihadists “We’re facing a very great threat of loosely-coupled, organizational networks that increasingly rely on IT infrastructure to coordinate their movements and recruit young disenfranchised, apathetic guys as suicidal pawns in a sophisticated, dispersed movement. (…)” (AHM, Usenet, September 21, 2001)
Read the Full Story
Hacker Gangs Meet Jim Script Kiddie (skiddie). He is the guy (usually in his early to mid teens) who comes into a hacker forum, asking inane questions like, “how can I be a hacker?” He also tends to over-indulge in “hacker speak” making him look pretty much like a moron to seasoned (and not so) computer netizens.
Read the Full Story
The New Old War In 1956, FBI Director, J. Edgar Hoover initiated a program, code-named COINTELPRO (counter intelligence program) ushering in what would become the mainstay for how intelligence communities dealt with domesitic affairs. The sole directive of this program was “to expose, disrupt, misdirect, discredit, or otherwise neutralize” the activities of various dissidents and their leaders. COINTELPRO was, […]
Read the Full Story
The Sacred Executioner In his book, “The Sacred Executioner,” Hyam Maccoby notes: “A figure in mythology that has received little attention is that of the Sacred Executioner. […] By taking the blame for the slaying, he is performing a great service to society, for not only does he perform the deed, but he takes upon himself the blame […]
Read the Full Story
Scripting Aphrodites On Wednesday, April 13, 2006, 10-year-old Jamie Rose Bolin was reported missing by her father. Investigators thought she may have been abducted by someone she met online. Oklahoma law enforcement suspected her abductor might be heading just across the border to Texas and requested Texas issue an Amber alert.
Read the Full Story
image There’s a new game in town
image Mini ‘how-to’ Bluetooth/Wifi combo for Raspberry PI
image Stick’em with the pointy end
image Virtual and not so Virtual Space
image Be Still my Bleeding Heart …
image The Never-ending Privacy Battle
image The Many Sides of Bitcoin
image Cyber Jihadists
image Hacker Gangs
image The New Old War
image The Sacred Executioner
image Scripting Aphrodites

The New Old War

Saturday, 12 February 2011 03:46 Written by xɐɥɹʌ 0 Comments

In 1956, FBI Director, J. Edgar Hoover initiated a program, code-named (counter intelligence program) ushering in what would become the mainstay for how intelligence communities dealt with domesitic affairs. The sole directive of this program was “to expose, disrupt, misdirect, discredit, or otherwise neutralize” the activities of various dissidents and their leaders.

was, of course, nothing more than the little brother to its older sibling, (the sanitized word for Propaganda) which was primarily directed toward international affairs. It would later be renamed PSYWAR (psychological warfare). The late 1980s ushered in another type of war, coined CYBERWAR by early researchers. Some, who have been proclaiming for almost two decades that “Cyber War is Coming!

Now that it seems to have… arguably… arrived, let’s take a look at what this may mean.

The common factor between , ,  , and involves using information to sway public opinion. While each of these may rely upon their own means, the end goal is to create a common enemy. There is nothing afterall, that galvanizes people to act more than a common enemy. And said enemy can bear many and diverse faces depending upon the climate of the times and the road a person has traveled. Be these faces drugs, terrorism, child pornography, corporations, and/or governments. In 2001, that face was . Today, that face appears to be (founded, in October of 2006), (a self-described activist), and to a lesser extent, (referred to as by some). The backstory to the birth of Wikileaks plays an important role, as it sets the stage for what was to come.

From a June 2010 New Yorker article (emphasis added, mine),

Before launching the site, Assange needed to show potential contributors that it was viable. One of the WikiLeaks activists owned a server that was being used as a node for the Tor network. Millions of secret transmissions passed through it. The activist noticed that hackers from China were using the network to gather foreign governments’ information, and began to record this traffic. Only a small fraction has ever been posted on WikiLeaks, but the initial tranche served as the site’s foundation, and Assange was able to say, “We have received over one million documents from thirteen countries.”

So… what is Tor? From their site (emphasis added, mine):

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

And, from the (emphasis added, mine):

It is intended to protect users’ personal freedom, privacy, and ability to conduct confidential business, by keeping their internet activities from being monitored. The software is open-source and the network is free of charge to use.

And yet, very existence involved the monitoring of Chinese dissidents’ communications that were passing through a Tor node. This, in itself raises numerous implications, the least involving the question of ethics, the greatest involving risks of exposure for any activist choosing to use Tor as their primary communication channel.

This article however, is not about the risks posed for activist choosing to rely upon Tor. Nor is about the quite obvious logical fallacy in the repeated “open source is safer” mantra that is regularly uttered within the halls of the open source. Nor is it, for that matter, about the fact that Tor is published by the Electronic Frontier Foundation, thus placing the foundation in two opposing camps. One, whose public face speaks of freedom of expression, the other, that involves, publishing software that can be used and has been used to monitor said “free expression.” These, while certainly important, and worthy of further scrutiny, are not the focus of this article. I’ll leave such pickings for those who are interested in exploring the finer points of whether or not Tor actually exposes people to risks from dangerous regimes.

Moving on.

Prior to law enforcement primarily focused upon issues of identity theft and child pornography, while security firms focused upon malware and intrusion detection. The arrival of changed that, and the above set the stage for what would become a marriage in the mind of many. That was comprised of a network of hackers (aka ). This union was sealed with the attack against Mastercard and Paypal on December 8, 2010. Even though only a handful of the people involved in various activities are Hackers in the true sense of the word.

Security firms love hackers. They are, after all, their bread and butter. They also like to pit themselves against the hacker community. And, in many cases, they will even hire from within the hacker community. Not so, in the case of HBGary Federal, whose CEO, Aaron Barr, was an ex-navy cryptologist. This tiny, little-known, startup rose quickly to fame with the “revelation” that Barr had “penetrated Anonymous.” Not only would their short-lived fame fizzle but the company will not likely recover from what was to follow. Within hours of the Financial Times article claiming that Barr had ID’d the group’s “Hierarchy and Leaders,” the company’s computers were “breached” and a data dump of executive emails and their rootkit mysql database were placed on a well-known and popular file share. Initial reports attempted to paint Mr. Barr and his company as a victim. As did the parent company’s president, Penny Leavy, wherein she stated:

“Today’s sophisticated cybercriminals require a sophisticated approach to network security.”

When it was learned that not only had company servers been breached but corporate emails were being distributed, Leavy attempted to manage blowback by engaging participants of the anon IRC chat. She begged them not to release the parent company’s founder and CEO, Greg Hoglund’s, emails, while claiming Barr was simply researching them and had no intentions of releasing their identities, or rather, the identities he was claiming to have found through a combination of social network scraping and best-guess correlation. Yet his email of February 5, 2011, wherein he copies Leavy states otherwise.

Shortly thereafter, Mr Hoglund jumped into the frey, in support of Leavy. And yet, this email indicates he was as much on the media bandwagon as Barr. So, while these people were claiming innocence on the channel, just hours before, they were preening and preparing to “wow” the public with their cyber prowess: “They had Unmasked Anonymous!” Amidst Leavy and Hoglund’s deception, chatters were putting forth their own threats, “Get rid of Barr or we’ll release Greg’s emails!” they seemed to chime in unison.

When considering Leavy’s pleas, it is only natural to wonder what sort of damaging information could be contained within Hoglund’s emails. Afterall, within a day of the original dump, quite damaging information was already coming out. For example, it was revealed that HBGary Federal, Palantir Technologies, and Berico Technologies had formed an alliance, code-named “Team Themis” whose primary purpose would be to:

Develop a corporate information reconnaissance service to aid legal investigations through the open source collection of information on target groups and individuals that appear organized to extort specific concessions through online slander campaigns.

That is, some of the “dirty tricks” were revealed, and seemingly right out of the government’s manual for dealing with dissidents: “to expose, disrupt, misdirect, discredit, or otherwise neutralize.”

WikiLeaks was naturally one of their targets. Another “Team Themistarget were Unions and individuals protesting the U.S. Chamber of Commerce.

When perusing the various “Team Themis” presentations, they come across as over-grown kids trying to pretend they’re . That is, their cloak and dagger terminology belies a tendency toward over-exaggeration in a somewhat melodramatic exhale that arguably borders on the ridiculous. Then again, this isn’t the first time Government contractors have engaged in practices that .  Importantly, are you interested in looking into the mind of a cyberpath? Read the doc dumps. In those files, you will witness everything from blatant racism to ethically bereft proposals to appalling arrogance. HBGary Federal employee, Mark Traynor was right on when he stated (emphasis added, mine):

He’s on a bad path. He’s talking about his analytics and that he can prove things statistically but he hasn’t proven anything mathematically nor has he had any of his data vetted for accuracy, yet he keeps briefing people and giving interviews. It’s irresponsible to make claims/accusations based off of a guess from his best gut feeling when he has even told me that he believes his gut, but more often than not it’s been proven wrong. I feel his arrogance is catching up to him again and that has never ended well…for any of us.

The proverbial fan hitting blowback occurred the following day. And by the end of the week, both Palantir Technologies and Berico Technologies had severed ties with HBGary Federal in a very public way.

As for ? Are they Leavy’s “sophisticated cybercriminals?” Extremely doubtful. Are they cyberpaths? Some are, no doubt. Just as some are in any place where people gather. Are they the organized group that companies such as HBGary, who stands to make money off such a hypothesis, would have you believe? Again doubtful.

In fact, having spent decades in various tech and hacker communities as well as following the chatter in this group’s IRC channel, the tech types seems to be pretty much what they have always been. An amorphous and leaderless group of individuals, who, for reasons known only to each individual, have chosen to engage in largely illegal activities. Whether said activities involve executing a DDoS on a company in the name of “free speech” or so-called “Social engineering” in response to a disk sizing contest ala, “look at me. I’m so 1337!” or simply for the “lulz.”

Importantly however is the drama factor. This is the one constant that draws people in. That engages them. There is afterall nothing like a metaphorical “kill” to get a feeding frenzy going. In the case of , it was the cables. In this case, it is the HBGary data dump. Which, at this point, is far from over, per AnonymousIRC’s tweet that the group plans to release Greg Hoglund’s 27K emails shortly.

And of course, there is the cause.

Though, by the time you’ve reached this stage, the game, the verbal parries and lunges, as opposed to the actual cause tends to be as much, if not the more compelling draw.

When considering the players, both the security people involved as well as those who breached the company’s servers reveal themselves for who they are. Both are willing to engage in extremely unethical practices. Both appear to be driven by self-importance and promises of fame. And neither appear to consider, or for that matter, care about, the larger unintended consequences of their actions. They are, in reality, two sides of the same coin.

So what exactly are these unintended consequences? This is not about Grand Jury investigations or tarnished reputations. After all, both are assumed and calculated risks. Regardless of how far off individual calculations may or not be. Nor can we invoke those caught in the blowback. It is pretty standard to assume there will be some collateral damage.

The unintended consequences could involve Mr Barr’s rather myopic view that playing connect the social dots will result in valid and reliable data. Data that can withstand the scrutiny of the federal rules of evidence in a court of law. Otherwise put, while he was prepared to go public with names, anon beat him to the punch, and neither parties considered that some innocents could get caught up in this media maelstrom at best, or find themselves the recipients of cyber stalking at worst. Though, hopefully the media, and the public, for that matter, will be satisfied to feed at the HBGary trough, as opposed to gnawing on the metaphorical bones of Joe Public.

Still, it is arguable that any misidentification would be nothing more than a variation of the aforementioned collateral damage. Predictable, due to the question of accuracy. As it is arguable that contact information of various Government personnel is now in the wilds. Also predictable due to the nature of their work.

No, the unintended consequences is much larger than any of the aforementioned combined: the revelation of classified material as a result of mining the data dump. Otherwise put, considering that HBGary worked on projects that required security clearance, there is a fairly strong likelihood that at least some classified material is contained therein. And perhaps, in light of Leavy’s strenuous protestations, even moreso in Hoglund’s massive 27K emails. The question of course remains, would the revelation of such material hurt our country, or would it open our eyes?

This is the true moral dilemma of the situation. One that not one of the participants appear to have considered before recklessly engaging in their disk sizing contest. One that may purchase a few moments of fame, while having far reaching unintended consequences that are yet to be known.

In the mean time, various US government bodies have been gearing up for the onset of . Contract after contract, and job listing after job listing, are looking for “cyber warfare” personnel. Though, from the job postings listed, their does not appear to involve maurading hackers or Joe Public activists, ala “.” Rather, their focus has been on securing our nation’s infrastructure against enemy attack. Where the enemy involves military hackers from unfriendly countries.

Then again, the military industrial complex may see this doc dump as a blessing in disguise. After all, it is much easier to convince a fearful public to hand over hard-earned tax dollars in order to protect them against… oh, say… Stuxnet. The Cold War, redux, I suppose. Though, instead of the “” we get the “” scare. And sadly, they will be no more prepared to fight that particular war than Aaron Barr and HBGary Federal were prepared to battle .

This entry was posted on Saturday, February 12th, 2011 at 3:46 am and is filed under Bits-n-Bytes, Hacks-n-Cracks, Showcase, Surfing the Hackpocalypse. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.