Thursday, January 31, 2019

Undermining Underground Black Markets - An Analysis

Sometimes, too much rationalism is precisely the worst possible mode of thinking next to apathy, and as it usually happens, great and socially oriented visions never materialize due to their poor execution or wrongly perceived critical success factors.

A recently proposed model to disrupt the computer underground's black markets by impersonating the traders and undermining their reputations by making them look like "leechers" and "rippers", is applaudible, but futile at least in respect to the proposed undermining approaches against these communities :

""

The concepts discussed are like fighting child pornography by pretending to be a child pornographer who when supposedly exchanging child porn, sends back 70+ video footage - definitely outrageous.

How do you get inside an online child porn exchange ring? Theoretically, by demonstrating how sick you are by proving you a have collecting, and are "contributing" to the growth of the scene in order to prove you're

If you just think over the idea of disrupting the communications channels by which illegally obtained data gets transfered online, you'll end up with the realistic answer that all such attempts are futile, that's the nature of the Web, to stimulate communication and interaction in news gets that get discovered on a monthly basis.

Moreover, the way cyber jihadists are already embracing the Dark Web and hiding behind crawlers are not welcome here authentication based sites, underground markets for such goods have.

The tactics mentioned

Here's another interesting description of the people's information warfare concept :

"I don’t see in this a big tragedy,” said a respondent who used the name Lightwatch. “Western countries played not the smallest role in the fall of the Soviet Union. But the Russians have a very amusing feature — they are able to get up from their knees, under any conditions or under any circumstances. As for the West? “You are getting what you deserve.”

Sunday, January 27, 2019

Historical OSINT - Inside the Pay-Pay-Install (PPI) Spyware/Adware Affiliate Business

Thursday, January 24, 2019

The Threat Intelligence Market Segment - A Complete Mockery and IP Theft Compromise - An Open Letter to the U.S Intelligence Community

I recently came across to the most recently published DoD Cyberspace Strategy 2018 which greatly reminded me of a variety of resources that I recently took a look at in terms of catching up with some of the latest cyber warfare trends and scenarios. Do you want to be a cyber warrior? Do you want to "hunt down the bad guys"? Watch out - Uncle Sam is there to spank the very bottom of your digital irrelevance. How come?

It appears that the U.S is re-claiming back the dominance over the "communication channel" using a variety of real-life oriented cyber threats including referencing and citing security researchers and NGOs (Non-Profit Organization) as potential threats. Takes you back - doesn't it? If it's going to be massive it better be good.


It's been several years since I last posted a quality update following my disappearance and possible kidnapping attempt circa 2010. What really took place during that period of time? The rise of ransomware? The rise of Tech Support Scams? Yet another botnet currently spreading In The Wild? A market-driven buzz-word generation? Take that - ransomware is there to take care, hundreds of thousands of supposedly relevant IOCs (Indicators of Compromise) TTPs (tactics techniques and procedures) discussed to the bottom of your PR-relevant online presence. The Rise of the Threat Hunter job career opportunity basically empowering with you with the almighty skills to "track down" and "shut down" the bad guys? You wish - Uncle Sam is always there to take care.

Let's discuss the Threat Intelligence market segment and offer an in-depth discussion on its inner working including a possible discussion on the Threat Intelligence market segment in today's modern Intelligence Community successfully realizing the consequences of what was once a proprietary network known as the Internet - today's modern cyber warfare operational battlefield.


Many of my blog readers are familiar with my work throughout the years however what you might not be aware of is the fact that throughout the 90's I used to pioneer the position of Technical Collector in the context of processing hundreds of malicious and user-friendly Trojan Horses also known as Remote Backdoors what would be later on described as Remote Access Tools through my hacker enthusiast years as an independent contractor and novice hacker working with the market-leading LockDownCorp anti-trojan horse software including leading to what would be later on better described as the foundations of the Threat Intelligence market qualitative Technical Collection including the very basics of the foundations of CYBERINT.

Let's discuss in-depth the current state of the Threat Intelligence market segment including an in-depth discussion on the Threat Intelligence market segment in the context of today's modern U.S Intelligence Community.

  • Indicators of Compromise - the vary basics of formulating a new buzz-word for what was once a proprietary-term coined by the Intelligence Community to populate and disseminate actionable nation-state Cyberspace data to a variety of defensive and offensive Cyber Warfare Units can be best described as a New Age in the area of responsive and proactive OSINT type of acquisition methodologies that can be best described as a new way to acquire leaked and potentially data-and-resource exposure in a variety of automated ways. Generalizing the very basics of the Threat Intelligence market segment in the context of potential Indicators of Compromise leaks can be best tackled in a way of offering central repositories including "government-free" access including a nation-state Early Warning System for potential Cyberspace threat data including a variety of Indicators of Compromise to prevent wide-spread data and information leaks further protecting the U.S Government from current and emerging threats.
  • Corporate Sector Data Mining Should Considered - what was once best known as "conducting cyber espionage through botnets" including the conducting of "cyber espionage through data mining of malware-infected corporate networks" can be best described as today's proposed central Incident Response based central-repository empowering the U.S Intelligence Community with the necessary data and expertise to stay ahead and act upon current and emerging cyber threats.
  • Private Sector Cooperation and the "You Wish" mentality - the general assumption that the private sector will continue to cooperate and empower the U.S Intelligence Community with the necessary data information and knowledge should be considered a wrong approach on the U.S Intelligence Community's way to further protect the U.S national infrastructure including the proactive response to current and emerging cyber threats. What can be best done to further protect the U.S Government from current and emerging threats can be best described as a modern central-repository of "government-free" access based Cyber Threat Data type of platform.
  • Slicing the Threat on Pieces Should be Ignored - What can be best described as the process of slicing the threat "on pieces" is today's modern World of PR agencies and Threat Intelligence market segment intermediaries including the active labeling of a particular group of interest or an individual as a separate entry leading to an overall mis-confusion in the context of actually providing actionable Threat Intelligence to the U.S Intelligence Community that could ultimately better protect the U.S National Infrastructure. With the mainstream media continuing to raise the buzz around popular terms and newly coined cyber threat actor groups in the face of the rise of the advanced persistent threat media-buzz generating initiative it should be clearly noted that the overall irrelevance of labeling a specific cyber threat actor in the public domain should be considered as an irrelevant exercise in the broad context of providing the U.S Intelligence Community with the necessary data information and knowledge to stay ahead of current and emerging cyber threats.
  • Tactics Techniques and Procedures Should Be Buzz-Word Ignored - The very basics of coining a term term for the purpose of describing what can be best described as a general cyber threat methodology known as qualitative assessment should be considered as a possible flag raising operation that should be considered as a possible source for mis-confusion in terms of the broader context of discussing and reacting to current and emerging cyber threats.
  • The Rise of the "Threat Hunter" Cyber Security Career Position Is Already Causing Headaches - The rise of the "Threat Hunter" career position can be best described as a complete failure to understand the basics that drive today's modern Cyber Warfare Team including possible defensive and offensive Cyber Warfare Units and Cyber Operations Groups. With everyone "interested" in becoming a Cyber Warrior including a possible "Threat Hunter" it should be noted that the over-supply of private-sector companies stealing revenue from Uncle Sam for the purpose of enriching and disseminating actionable Threat Intelligence is overly increasing resulting in the overall demise of what was once a proprietary technology and know-how in the hands of a few that truly grasped the market and its potential successfully serving the needs of the U.S government for years to come.
  • The Rise of Secondary Markets for IOCs Should Provide "Government-free" Access - The general over-supply of market-segment driven repositories of actionable Threat Intelligence data should be greatly attributed to a variety of factors including the rise of the Threat Intelligence market segment and should be considered as a way for the U.S Intelligence Community to clearly seek a technical and potentially market-segment relevant way to populate a potential Cyber Threats data-base using public and proprietary sources with a clear "government-free" access in mind.



Current Proposals to U.S Intelligence Community in Terms of Threat Intelligence and Nation-State Actors:

  • Clusted Activity - Taking into consideration the fact that on the majority of occasions the majority of quality Threat Intelligence type of data is publicly obtainable using a variety of public and potentially proprietary sources is should be considered feasibly possible for the U.S Intelligence community to build manage and operate a proactive-based Cyber Threats anticipating platform including a possible Early Warning Based type of OSINT-capable system able to anticipate and act upon current and emerging threats with a possible cluster-based type of data mining and information processing capabilities potentially serving the needs of the U.S Intelligence Community.
  • Government-free Access - The very notion that an Indian-based company will successfully manage launch and operate a Threat Intelligence business should be largely ignored for the very sake of figuring out a way to obtain access to a particular company's Threat Intelligence data information and knowledge citing potential Nation Security issues. What should be considered in terms of obtaining access to a company's data-base citing potential National Security issues is the so called notion of "government-free" access based type of private sector partnership.
  • Talent Acquisition Roles - In today's modern Talent Acquisition Wars it should be clearly noted that a select set of key individuals can greatly contribute to the overall demise of cybercrime internationally taking into consideration the overall demise of the "Wisdom of the Crowds" market-segment driven-concept. What should be considered when hiring a potential top-notch Cyber Warfare and Information Warfare-based type of personnel shouldn't be necessary years and decades worth of experience but the overall disruptive degree of the individual in terms of "making a change" and "making an impact" compared to a certification-based-driven crowd of individuals.
  • Central Repository - What the modern U.S Intelligence Community can better do to better protect the nation's Infrastructure should be considered in something in the lines of a central-private-sector driven repository of Threat Intelligence type of data including the notion of a "government-free" access in terms of obtaining access to a public or a proprietary company information and data assets.

Wednesday, January 16, 2019

Exposing Iran's Most Wanted Cybercriminals - FBI Most Wanted Checklist - OSINT Analysis

Remember my most recently published "Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran - Report"? The report details and discusses in-depth the most prolific Iran-based government-sponsored and tolerated hacking groups including the following groups:

- Ashiyane Digital Security Team
- Iranhack Security Team
- Iranian Datacoders Security Team
- Iran Security Team a.k.a SEPANTA Team/Iran Cyber Army 2012/2013
- IDH Security Team
- Bastan Security Team
- NOPO Digital Security Team
- Shekaf Security Team
- Mafia Hacking Team
- Iran Black Hats Team
- Delta Hacking Security Team
- Digital Boys Underground Team
- IrIst Security Team

I recently came across to FBI's Most Wanted Cybercriminals List and decided to elaborate more by providing actionable Threat Intelligence on some of the most Wanted Iranian cybercriminals with the idea to help law enforcement and to inform the security industry and to ensure that the cybercriminals behind these campaigns can be properly tracked down and prosecuted.

I can be reached at dancho.danchev@hush.com

In this OSINT analysis I'll provide actionable intelligence including personally identifiable information some of FBI's Most Wanted Iranian cybercriminals including Ahmad FathiHamid FirooziAmin ShokohiMohammad Sadegh AhmadzadeganOmid GhaffariniaSina KeissarNader Saedi including the infamous ITSec Team and the Mersad Co. company.








Personally Identifiable Information regarding Sun Army Team Members including ITSec Team and the Mersad Co. company:

Sun Army Team Members:
Nitrojen26, Mehdy007, MagicCoder, tHe.Mo3tafA, Plus, BodyGuard

Sample Network Infrastructure Reconnissance:
hxxp://sun-army.org - 185.53.179.10 - Email: Sun.Army@asia.com; Lord.private@ymail.com

Name: Omid Ghaffarinia
Handle: Plus
Email: omid.ghaffarinia@gmail.com; plus.ashiyane@gmail.com; omid.ghaffarinia@alum.sharif.edu
Phone: 091 2444 9002
Web Site: http://alum.sharif.ir/~omid.ghaffarinia/; http://alum.sharif.ir/~omid.ghaffarinia/; http://omidplus.persiangig.com/;
Social Media Accounts: https://plus.google.com/109226633947780718251; https://plus.google.com/109226633947780718251

Personal Photos of Omid Ghaffarinia a.k.a Plus:





Sample Personal Photos from a Train Trip:






Handle: MagicCoder
Email: MagicC0d3r@gmail.com
Web Site: http://magiccoder.ir

Handle: Mehdy007
Email: mehdy007@hotmail.fr
Web Site: http://mehdy007.persiangig.com

Sample Sun Army Cover Art Photos:







ITSec Team a.k.a Amn pardazesh kharazmi a.k.a Pooya Digital Security Group Members:
Pejvak, M3hr@n.S, Am!rkh@n, Doosib, H4mid@Tm3l, R3dm0ve, Provider, ahmadbady


Sample Team Member Personally Identifiable Information:
Name: Amin Shokohi
Handle: Pejvak
Email: pejv4k@yahoo.com
Web Site: http://pejv4k.persiangig.com; http://pejv4k.110mb.com

Handle: Mehr@n.S
Email: M3hran.S@gmail.com

Sample Network Infrastructure Reconnaissance:
http://itsecteam.com/

Social Network Graph of Sun Army Team Members including ITSec Team Members and the Mersad Co. company:



Name: Mohammad Sagegh Ahmadzadegan
Handle: Nitrojen26
Email: nitr0jen26@asia.com; Nitrojen26@yahoo.com; me@sadahm.net
Web Site: hxxp://sadahm.com
Social Media Accounts: https://twitter.com/nitrojen26

Sample Personal Photos of Mohammad Sagegh Ahmadzadegan a.k.a Nitrojen26:




Sample Mersad Co. Company Logo:


Sample Network Infrastructure reconnaissance:
hxxp://mersad.co/ - 188.40.112.196
hxxp://mersadco.ir

Mohammad’s life has strongly tied with programming. After graduation of Computer Engineering, he studied IT (E-Commerce) for his Master to know more about the relation of business and technology. You can find some large scale software projects managed by him like Iran’s SOC, SDIDS, Jolfa Vulnerability DB and etc. Now he is a university lecturer and also CEO of Mersad Co. and one of TKJ Co. consultants. Mohammad is here to help you how to manage a good develop team and guide you to have better usage of technology to achieve your business goals.

Personal Photos of Mersad Co.CEO Mohammad Hamidi Esfahani:




Personally Identifiable Information regarding Mersad Co. Company CEO Mohammad Hamidi Esfahani:

Name: Mohammad Hamidi Esfahani
Email:'m.hamidi.es@gmail.com
Phone: 0913-304-7591
Web Sites: http://www.mohammadhamidi.ir/
Social Media Accounts: https://www.facebook.com/mohammad.hamidi; https://twitter.com/haj_mamed; https://github.com/mohammadhamidi; https://medium.com/@haj_mamed; https://medium.com/@haj_mamed; https://plus.google.com/+mohammadhamidiEsfahani; 

Sample Mersad Co. Personal Company Photos:

















































Stay tuned!