534 Biographies of Jihadist Fighters

On the look for patterns of terrorist behaviour researchers often stereotype in order to portrait a terrorist. The Book of Martyrs (compiled in English on June 9th, 2007) is a great OSINT source for analysts and intelligence agencies wanting to obtain data regarding the lifetime or jihadist martyrs, segmented on a per country basis, including photos, poems, interviews, transcripts, and links to multimedia files. Much like the Technical Mujahid E-zine, the Mujahideen Harvest magazine, and the Jihadist Security Encyclopedia, this E-book is a yet another handy source of OSINT data, at least in respect to jihadist social networks :

“Therefore, out of these 81 names: 40 are from the Arabian Peninsula, 7 from Yemen, 7 from Syria, 5 from Algeria, 4 from Kuwait, 4 from Iraq, 3 from Turkey, 1 each from Bahrain, Bangladesh, Tunisia, Libya, France and the USA whilst the nationalities of the remainder are unknown. Theses figures correspond to the relative contribution of the Muslim Ummah towards the Jihad in the world today. Sadly, there are hardly any Muslims from Western nationalities and usually they are the most vocal in their slogans for Jihad.”

A link to a video entitled "Russian Hell in the year 2000, Jihad in Chechnya Part One" 511MB is included :

"At the time of release of this CD, (July 2000), nine months of the War have passed with no end in sight. Russian casualties stand at over 15,000 killed or missing in action (MIA) and over 30,000 injured. They have lost hundreds of battle tanks, fighting vehicles and trucks and tens of fighter aircraft and helicopter gunships."

To a second video entitled "Russian Hell in the year 2000, Jihad in Chechnya Part Two" :

"Exclusive, live film footage of two martyrdom operations carried out against Russian Barracks in Argun and Gudermes in July 2000 Combat footage of Mujahideen operations, ambushes and remote-control detonation of Russian Military vehicles throughout the Year 2000 Video of the nine OMON troops after they were executed due to the failure of the Russian Government to hand over the Russian War Criminal Colonel Yuri Budanov to the Mujahideen (April 2000)"

And to a third one entitled "The Martyrs of Bosnia Part One and Part Two" :

"This unique video by Azzam Publications, the first of its kind in the English language with real-life combat footage and the first of a four part series, narrates the biographies of some of these magnificent individuals, who sacrificed their own lives in order to bring life to those around them."

Some interesting sections related to ITsecurity and anonymity as well :

- Useful programs to protect personal information on computer and on-line

Tor [Anonymous web-surfing] ; True crypt [File & disk encryption - better than PGP] ; Window Washer [Shred free space and files] ; Spy Sweeper [Spyware remover] ; Avast [Anti-virus protection] ; Outpost [Computer Firewall] ; Winpt [secure encrypted email - better than PGP] ; Ad-aware professional [ Another spyware remover ] ; AbiWord [Open source - Better alternative to Word] ; Enigmail

- Best method to protect your chat!

Use Gaim with OTR plugin and and configure to use TOR network ; Gaim [Encrypt your chat conversations]; Off-the-Record Messaging [OTR Plug-in]

- Must have programs for your USB drive

Mobility Email - Best option for sending secure encrypted emails ; GAIM - for secure chat conversation ; Portable Firefox ; TorPark - for anonymous web browsing ; True Crypt - Best disk encryption & file protection program ; Tutorial for securing a USB drive using True Crypt ; Cyber Shredder : File wiping utility ; ClamWin [Open source anti-Virus Program] ; Greatnews - The Intelligent RSS Reader ; Foxit PDF Reader opens PDF files ; Abiword - full featured open source word processor ; Portable Open Office is really the only option for an Office Suite

Propaganda and twisted reality and its best hosted at Archive.org, courtesy of Azzam Publications.

PayPal's Security Key

PayPal's recently introduced Security Key two-factor authentication for the millions of its customers in cooperation with VeriSign's growing centralization of two-factor authentication in a typical OpenID style -- Ebay's also a partner -- is adding an extra layer of security to the authentication process, it's a fact. The entire strategy relies on the fact that, if a customer's accounting details get keylogged, or they fall victims into a phishing scam and provide the accounting data themselves, the phishers or malware authors wouldn't be able to login since the key generated in the time of keylogging wouldn't be active by the time the malicious parties use it the next time. PayPal's Security Key :

"Generates a unique six-digit security code about every 30 seconds. You enter that code when you log in to your PayPal or eBay account with your regular user name and password. Then the code expires – no one else can use it. Watch the demo"

However, given the spooky commitment from phishers and malware authors we've been witnessing for the last several years years, wouldn't they entirely bypass this extra layer for authentication by basically purchasing the $5 Security Key and like legitimate customers, start generating security codes ending up with having both the accounting data, and the ability to generate valid access codes as well? Take E-banking for instance, the pseudo random key generators issued by different banks are supposed to have different algorithms for generating the codes, so that we never get the chance to discuss monocultural insecurities in two-factor authentication. Malicious parties are no longer interested in showing off as rocket scientists, but as a pragmatic and efficiency centered crowd. The way keylogging evolved into "form grabbing" and entire sessions hijackings of malware infected PCs right after the user herself authenticates though several factors based authentication, in this very same way malicious parties started coming up with ways of bypassing compared to directly confronting the security measures put in place.

The flexibility of notifications for financial transactions via alert based system and static receipt of notices sent to a mobile are an alternative. For instance, via the web interface of my E-banking provider I can set to receive an SMS when a given range of money come and go out of the account, sort of an early warning system for self-vigilance. What I'm missing is a historical "last logged from" feature, and the option to receive an SMS each and every time, I or maybe not me logs into the account. Features like these should be provided on an opt-in basis, and those customers truly perceiving the value of them will pay for the service. As always, the market delivers what the customer wants - two-factor authentication, and the irony from a psychological perspective is that in fact, those with less income are more vigilant for possible fraud attempts, than those with more income who are more gullible since they can afford the losses.

The Shark 2 DIY Malware

The Shark2 DIY malware (screenshots, its features, checksums of the builder, and the detection rates as of Saturday, 28th of July) finally made it though the mainstream media, as yet another DIY malware builder in the wild, despite that the what's promoted as a RAT but is actually a malware, has been around since November, 2006 :

"The tool is being distributed via several underground internet forums. Software development is almost equivalent to that available from legitimate software vendors with regular updates to the code bringing the latest detected version up to version 2.3.2. Virus creation toolkits have been available for years, but have mostly been restricted to the creation of mass mailing worms and their ilk. DIY phishing kits that dumb down the process of constructing fraudulent websites began about two years ago. Shark 2 makes the process of infecting targets for phishing attacks or performing other malign actions easier than ever. It means money making malware rackets are no longer the preserve of those with at least some programming skills."

As I've already pointed out in numerous posts, the ongoing trend of disseminating DIY malware is mainly done in order to generate as much noise as possible thought the easy of use of such builders by the average script kiddies. And while the infamous Sub7 DIY malware had the same features within its builder without, of course, Shark2's anti-sandboxing capabilities, back in 2003 Sub7's mission was more of a intellectual opportunism one, compared to today's noise generation mindset of sophisticated malware authors wanting to remain as untraceable as possible. DIY malware builders evolved proportionally with the malware authors' needs for diversity of the way the malware "phones home" in order to get efficiently controlled and the data within the infected host efficiently abused.

Every newly configured trojan variant thought the builder is an undetected piece of malware in terms of signatures based scanning, and always in the nasty combination with malware packers and crypters. Even more interesting is the fact that the authors behind the trojan are also reading the news, and as always, periodically verifying the detecting rates of the builder, namely, the checksums of the new builder compared to the one as of 28th of July that I provided have changed, and so is the detection rate for the latest release (15th of August) :

Detection rate : 4 AVs out of 32 (12.5%) detect it

AntiVir 2007.08.15 TR/Sniffer.VB.C.2

F-Secure 2007.08.15 Backdoor.Win32.VB.bax

Kaspersky 2007.08.16 Backdoor.Win32.VB.bax

Webwasher-Gateway 2007.08.15 Trojan.Sniffer.VB.C.2

File size: 2506752 bytes

MD5: e63498f392eed84b1c8a66dbb288d459

SHA1: 5aa39b70d17d16055d8084e534806d8e26a37fda