Wisdom of the Anti Cyber Jihadist Crowd

Interesting opinion by Gerald at the Internet Anthropologist Warintel blog :

"And I want to call this the "Brilliant civilian sector". It included the likes of Bill Roggio, Dancho Danchev, Douglas Farah, Ray Robison, team at Counter terrorism Blog, Jamestown, Memri, SITE, and many many others. This "Brilliant sector " is missing part of the "Civilian War Effort Paradigm". The output has been voluminous and timely and very high quality. But it has been aimed at only part of the Demographic. The American or Western sector. The "Brilliant sector" recognizes the value of translating terrorist media, documents etc. And their analysis is top level. But they seem to have missed the value in translating their analysis into indigenous languages, or Arabic at least."

Wisdom of the opinionated crowds, the value added objectivity due to non-existing departamental budget allocation battles, combined with state of the art open source intelligence gathering for the world's intelligence community to take advantage of - all courtesy of the "Brilliant civilian sector". And why not? While I fully agree with Gerald's point on translating anti-terror PSYOPS material into Arabic, the way cyber jihadists are actively recruiting and winning the minds and hearts of English speaking/understanding web surfers, thus radicalizing them to the bottom of their brains, it's also worth mentioning that cyber jihadists are already doing it by actively translating English2Arabic the way I'm for instance translating Arabic2English - using commercial or free services. Moreover, the way the "brilliant civilian sector" is watching video material that they've uploaded, they're also watching news excerpts on YouTube, and following everything related to terrorism. Perhaps more research should be conducted on the cyber jihadists' counter surveillance practices, how decent is their level of situational awareness, which are their main sources for OSINT, and how influential they are so that adequate measures could be taken. One way to do is is by taking a rather big sample of outgoing links from their communities in order to better understand their main OSINT sources.

By the way, remember the Caravan of Martyrs which I first mentioned in June, and later on crawled knowing it will sooner or later dissapear? It's now gone with the summer wind, for good.

Multiple Firewalls Bypassing Verification on Demand

Next to the proprietary malware tools, malware as a web service, Shark2's built-in VirusTotal submission, the numerous malware crypting on demand services, the complete outsourcing of spam in the form of a "managed spamming appliance", and the built-in firewall and anti virus killing capabilities in commodity DIY malware droppers, all indicate that the dynamics of the malware industry are once again shifting towards a service based economy with a recently offered multiple firewall bypassing verification on demand service. The following is an automatically translated excerpt :

"Here are a new feature-check your files against popular firewalls. You send us a file, we run it in each individual fayrvole, after full you personal checking account. The cost of single use service is $3. A special service for developers, we check your software and your otpisyvaemsya subject to the results of the verification. File of our service to circumvent firewalls. The cost of the service so far is no different from the usual check. Testing takes about 30/40 minutes, the countdown begins once you responded Support "Doc passed ordering" Every fifth-free ordering. When paying full use prepaid services. Do not worry about sending stay online, with a corresponding demand will be organized kurglosutochnaya work 24/7/365! List of our firewalls at the moment: ZoneAlarm Pro v7.0; Sygate Personal Firewall 5.5; Ashampoo FireWall PRO; Sunbelt Personal Firewall; Outpost Internet Security 2008; Filseclab Personal Firewall Professional Edition; F-Secure Internet Security 2008; Comodo Firewall Pro.

Every feature is installed on a separate Windows XP Service PAck2, with all the critical updates for September 2007. All default. After each check all operatsionki regress back to the condition it was prior to the launch your executable file. None of the transferred files, we will not be forwarded to third parties, including anti-virus companies, to study the existence of malicious code. After verifying the files removed. Now the service does not work in the automatic mode, not around the clock, with breaks. We would be happy to cooperate and permanent clients."

Basically, they're testing whether or not a malware will "phone back home" by running it against the popular firewall products, and giving it a green or red light if it does, or if it does not pass the test. QA is vital to reliable and bug-free software, but when QA as a concept starts getting abused to improve the quality of a malware campaign itself it would improve its chances for success, and actually achive it given a bypassing confirmation is already anticipated.

Is this malware QA a trend, or is it a fad? I think it's a trend mostly because malware authors seem to have realized the potential of launching "quality assured malware", take storm worm for instance, and the possibility for crunching out DIY malware through commodity kits in enormous quantities in the form of a managed malware provider.