Recommended High-Profile Espionage Movie for Watching!

Dear blog readers,

Remember the DVD of the Weekend blog post series? I've decided to resume posting high-quality YouTube video and movies worth watching with the idea to continue the series. In this post I've decided to share the Red Joan movie trailer which is a high-profile espionage movie which you should definitely consider watching.

Stay tuned!

Exposing Bulgaria's "Durzhavna Sigurnost" - The Complete Technical and Scientific Collection Archive During the Cold War - An OSINT Analysis

Dear blog readers,

Have you ever wanted to take a peek inside Bulgaria's "Durzhavna Sigurnost" archive? It's currently available on Cryptome.org including in particular - "State Security and the Scientific and Technical Intelligence" where you can check out the original - "Exposing Bulgaria - Or Who Build the Soviet Union's Virus Factories in the 90's? - An OSINT Analysis" including the original "Exposing Bulgaria's Involvement in Cold War Espionage - Who Stole the PC and Build a Fake Pro-Western Empire? - An OSINT Analysis" including "Exposing the "KGB Hack" a.k.a Operation EQUALIZER - An OSINT Analysis".

Stay tuned!

Watch Dancho Danchev's Keynote at CyberCamp 2016 - Exposing Koobface - The World's Largest Botnet!

Dear blog readers,

I've decided to share a copy of my YouTube Keynote presentation presented at CyberCamp 2016 discussing in-depth my research into the Koobface botnet including the actual details on how I eventually attempted to monitor and take it offline including the actual PPT. Enjoy!

Stay tuned!

Exposing Bulgaria - Or Who Build the Soviet Union's Virus Factories in the 90's? - An OSINT Analysis

Am image is worth a thousand words. Check out the original analysis here.

Stay tuned!

Exposing the "KGB Hack" a.k.a Operation EQUALIZER - An OSINT Analysis

Have you ever heard of Project RAHAB or Operation EQUALIZER also known as the first instance of cyber espionage in the form of having German citizens compromise U.S based networks to actually supply the information to the KGB? Keep reading. In this post I'll provide actionable intelligence and I'll discuss in-depth the infamous "KGB Hack" and include an in-depth and never discussed perspective on how Germany's Intelligence Services at the time began outsourcing their cyber espionage needs to third-parties in particular the production of viruses at the time. What is Project RAHAB? Project RAHAB was among the first international campaign to utilize hackers for cyber espionage including possible disruptive activities internationally courtesy of Germany's Intelligence Service largely relying on public sources of information in particular Germany's Chaos Club that was widely known to have been working with and consisting of hackers which later on matured into a separate project called Operation EQUALIZER which aims to supply the KGB with cyber espionage secrets by compromising U.S based government and proprietary networks with the group consisting of German hackers who successfully managed to compromise the networks but eventually got caught which led to the first known case of cyber espionage with German hackers supplying information and U.S government secrets to the KGB.

An excerpt:

"The Germans appear to have taken their cue from the success of such amateur hacker groups as the "Chaos Club" and the "Hannover Hackers" that worked with the KGB. According to Schweizer, the Germans created "Project Rahab," named after the biblical character who helped the Israelites infiltrate Jericho, in the mid 1980s to develop a "professional" hacking capability. The project was developed by the Bundes Nacrichten Dienst's (BND) Christian Stoessel, who wrote the initial "point paper" proposing hacking into foreign data bases for intelligence purposes. The project was joint effort between BND's Division I (HUMINT), Division II (SIGINT) and Division IV (HQ). In addition to the intelligence professionals, other technical experts from a variety of outside institutions were recruited, resulting in a staff of approximately 70 people. While focused initially on retrieving information, the Project Rahab staff soon turned to offensive measures that could be of use in a time of conflict, including a variety of viruses that could be inserted in to target computers. Schweizer claims that the Project has "accessed computer systems in the Soviet Union, Japan, France, the United States, Italy, and Great Britain,"67 Included in the "hacks" of the Rahab staff is penetration of the SWIFT network, a dedicated international banking network that carries there majority of worldwide bank transfers. The implications of this information falling into terrorist hands are clear."

Including the following excerpt:

"Bulgaria has been a "breeding ground" for computer viruses during and after Communist rule. In the early 1990s, the Bulgarians had developed thirty unique viruses with more than 100 different variations and were releasing them at a rate of one per week.60 The "Hannover hackers" of Cuckoo's Egg fame also identify the Bulgarians as active in computer intelligence. Madsen cites the National Intelligence Service (foreign and domestic intelligence), and Razuznavatelno Upravleniye na Ministerstvoto (RUMNO) (Military intelligence) as the Bulgarian intelligence organizations most likely to be involved in computer intelligence gathering.61 It has also been rumored that a new "virus library" that allows anyone, not just a skilled programmer, to write a virus by "picking and choosing" among several options was first developed in Bulgaria. This system has the potential to produce thousands of new viruses to be unleashed at random or specific targets. A cyberterrorist bent on bringing a system down could single-handily generate a flood of viruses to infect the targeted computer. Even if virus detection software was installed, the chances are good that a virus could be created to evade detection."

Consider going through the original "Exposing Bulgaria's Involvement in Cold War Espionage - Who Stole the PC and Build a Fake Pro-Western Empire? - An OSINT Analysis" analysis here.

Stay tuned!

The "Russia Small Group" - A Step in the Right Direction or a Dangerous Game to Play With?

It has recently came clear that the U.S DoD in direct cooperation with the NSA have been busy working on the so called "Russia Small Group" which aims to analyze and properly respond to the growing threat of foreign influence operations launched and courtesy of Russia that also includes basically anything related to Russia in the world of information and cyber warfare including possibly botnet and malicious software attack campaigns including to further protect the U.S Elections from current and emerging cyber threats that also includes foreign influence operations launched or courtesy by Russia Iran or China.

Among the key factors that should be considered when establishing a proper "Russia Small Group" would eventually consist of monitoring for foreign influence operations and actually establishing the foundation for a proper proactive and active Technical Collection that also includes 4th party collection initiative for the purpose of establishing the foundations for a successful proactive and reactive response to the growing threat posed by Russia that also includes the good old fashioned cybercriminals threat that usually goes beyond the usual GRU-themed malware and cyber espionage type of campaigns.

The currently ongoing misunderstanding that Russia is actively utilizing active measures in cyberspace and the fact that information warfare operations are clearly making its way into the White House Cyberspace strategy should be considered a precedent which despite the fact that will clearly boost the funding and investment in the industrial military complex in particular cyber threat intelligence and foreign influence detection campaigns to actually boost the U.S Cyber Command and NSA's budget in an attempt to respond to the threat posed by Russia in cyberspace the use of information warfare and information operations in cyberspace that also includes foreign influence operations in the form of active measures should be considered and properly analyzed with caution as it blurs the lines between cyber warfare information warfare information operations and the newly emerged term called foreign influence operations which from the perspective of cybercrime research should be considered a basic rogue and bogus content farm which is capable of acquiring traffic and hijacking traffic using basic blackhat SEO (search engine optimization) techniques.

It used to be a moment in time when Russia and China were actively busy playing copycats from publicly obtainable and accessible U.S DoD and U.S Intelligence Community online documentation and material which basically helped them shape their modern information warfare and cyber warfare doctrines if any. The rest remains cybercrime as usual.

Stay tuned!

Image courtesy of:

Pillars of Russia’s Disinformation and Propaganda Ecosystem

DoD's Cyber Strategy for 2018 - An Analysis

Going through the latest DoD Cyber Strategy for 2018 it should be clearly noted that several key new developments are continuing to take place which are worth discussing in the broader context of real-time cyber threat intelligence cyber attack attribution and cyber attack prevention mechanism which today are taking place primarily courtesy of the U.S DoD the NSA and the U.S Cyber Command.

In this post I'll discuss a newly emerged trend which is called "forward defense" where U.S based cyber warriors will actually bother to proactively respond to and prevent current and emerging cyber attacks by scouting foreign networks including foreign influence and information operation campaigns that also includes the use of botnets and cyber espionage type of campaigns to further protect U.S critical infrastructure from current and emerging cyber threats.

While the majority of the cyber threat intelligence work in the U.S is done by the commercial sector the U.S Cyber Command continues to actively apply basic U.S DoD military methodology including near real-time information sharing initiatives for the purpose of demonstrating the key operational capability in the context of targeting the online infrastructure that also includes to actively respond to information warfare including foreign influence operations.

Key summary points to consider:

• Information Warfare is making its way into the White House official Cyberspace strategy document - I've already discussed this unique trend in a related article which you can check out here - which undoubtedly sets a unique precedent where we have the White House directly interfering with basic military concepts such as for instance information warfare and information operations that also includes the use of foreign influence operations which further empowers the U.S DoD and the NSA with unique capabilities to respond to these type of campaigns possibly directly interfering with Russia's information warfare concepts which believe it or not in another world are directly copied from publicly accessible U.S DoD and NSA publicly accessible papers throughout the years. In terms of information warfare operations that also includes foreign influence operations this is a dangerous game to play which may inevitably lead to actually catching some high-profile information warfare operations or eventually KGB or Russia's FSB operators which goes far beyond the usual duties of the U.S Cyber Command the U.S DoD and the NSA in general which has to do with far more high-profile cyber threats that also includes cyber warfare campaigns and possible direct threats against U.S critical infrastructure
• Foreign influence operations - it still remains unclear as to the extend of this basic misconception which basically relies on the use of social media or the so called rogue and bogus content farms which are pretty similar to high-profile and relevant cybercrime-friendly blackhat SEO (search engine optimization) campaigns in the context of traffic acquisition and traffic hijacking which basically has nothing to do with Russia's active measures in Cyberspace which is a dangerous word to play with in particular in the context of having the U.S Cyber Command the U.S DoD and the NSA hunt down and track down foreign influence operations. It should be also clearly noted that a direct response should be issues on a systematic and persistent basis which basically represents the U.S Cyber Command and the U.S DoD including the NSA's basic principles and mode of operation where the virtual assets of a specific foreign influence operator can either can directly exposed or shut down or actually a direct DoS (Denial of Service) launched against them which shouldn't be surprising in the broader context of fighting cybercrime and responding to cyber warfare incidents and campaigns online
• Sock puppetry and foreign influence operations - yet another dangerous word which should be used with caution remains the use of "sock puppets" which are basically foreign influence operators positioned by the U.S Cyber Command the U.S DoD and the NSA as a possible National Security risk which should be properly monitored and actions taken against it in one form or another in particular a direct attempt to expose the operator behind the rogue and bogus content farm including to actually attempt to launch a DoS (Denial of Service) attacks against their infrastructure

Stay tuned!