HP's Surveillance Methods

Seems like it's not just Board of Directors' Phone Records that were obtained by HP under the excuse of enforcing an exemplary corporate citizenship, but on pretty much everyone that communicated with them or is somehow in their circle of friends -- no comments on the boring minutes of meetings shared with the press as the main reason all this. Besides passing the ball to the next board member over who's been aware of, more details on the exact methods used by HP emerge :

- HP obtained phone records for seven current or former HP board members, nine journalists, and their family members;

- HP provided investigators with the Social Security number of one HP employee, in addition the Social Security numbers of 4 journalists, 3 current and former HP board members, and 1 employee were also obtained by investigators;

- HP investigators attempted to use a tracer to track information sent to a reporter;

- The concept of sending misinformation to a reporter and the contents of that email were approved by Mr. Hurd, although no evidence was found to suggest that he approved the use of the tracer for surveillance;

- Investigators hired by HP monitored a board meeting, a trip to Boulder taken by a board member, as well as the board member's spouse and family members;

- In February of 2006, investigators watched a journalist at her residence and in February of 2006 “third party investigators may have conducted a search of an individual’s trash.”

By the time HP provided the associated parties SSNs, they've pretty much left them on the sharks to finish the rest, disinformation though, is something I previously thought they didn't do, but with dumpster diving in place as well, I guess they did order the entire all-in-one surveillance package.

Megacorp ownz your digitally accumulated life, and yes, it can also engineer and snoop on your real one. All they were so talkative about, is publicly available information that every decent analyst should have definitely considered starting from HP's historical performance as a foundation for future speculations. In between HP is (was) also sponsoring a Privacy Innovation Award.

Who's the winner at the bottom line? That's ex-CEO Carly Fiorina -- phone records also obtained -- whose upcoming book will profitably take advantage of the momentum. Continue reading →

Hezbollah's DNS Service Providers from 1998 to 2006

Nice visual representation trying to emphasize on the U.S hosting companies connection :

"In the following, we examine the Hizballah domains in light of which companies have provided DNS service. A domain's whois record specifies DNS servers, and the DNS servers tell browsers what IP address/server is currently hosting the domain. This is a mission critical service without which the domains in question would be unreachable. Despite the fact that Hizballah is a designated Terrorist entity in the United States, American companies have been, and continue to be the primary providers of service to Hizballah. We now know of 40 domains of Hizballah, based largely on a list provided by Hassan Nasrollah on a previous incarnation of his own web site. Of those 40 domains, 23 are now or have been provided DNS services by Alabanza Inc. of Baltimore, Maryland. No other provider comes close. Alabanza's domain name registration business, Bulkregister, is Hizballah's registrar of choice. See our report regarding the registrars of Hizballah's domains."

Who knew Hezbollah are indeed the rocket scientistics they pretend to be? UAVs, night vision gear, SIGINT gear, or has rocket science became so "outsourceable" nowadays?

Cyberterrorism isn't dead, it's just been silently evolving under the umbrella provided by the mainstream media -- wrongly understanding the concept, and stereotyped speculations. Continue reading →

Interesting Anti-Phishing Projects

Seven anti-phishing projects, I especially find the browser recon and countermeasures one as a trendy concept, as phishers are already taking advantage of vulnerabilities allowing them to figure out a browser's history, thus establish a more reputable communication with the victim -- adaptive phishing.

01. Social Phishing
The fundamental purpose of this study was to study the effects of more advanced techniques in phishing using context. Receiving a message from a friend (or corroborated by friends), we hypothesized the credibility of the phishing attempt would be greater

02. Browser Recon and Countermeasures
One can use a simple technique used to examine the web browser history of an unsuspecting web site visitor using Cascading Style Sheets. Phishers typically send massive amounts of bulk email hoping their lure will be successful. Given greater context, such lures can be more effectively tailored---perhaps even in a context aware phishing attack

03. Socially Transmitted Malware
People are drawn in by websites containing fun content or something humorous, and they generally want to share it with their friends. This is considered social transmission: referral to a location based on reccommendation of peers. We measured possible malware spread using social transmission

04. Phishing with Consumer Electronics: Malicious Home Routers
It is easy to "doctor" a wireless router like the ones found at home or at a local WiFi hotspot to misdirect legitimate browser links to phoney and often harmful website.

05. Net Trust
Individuals are socialized to trust, and trust is a necessary enabler of e-commerce. The human element is the core of confidence scams, so any solution must have this element at its core. Scammers, such as phishers and purveyors of 419 fraud, are abusing trust on the Internet. All solutions to date, such as centralized trust authorities, have failed. Net Trust is the solution -- trust technologies grounded in human behavior

06. A Riddle
Could your browser release your personal information without your knowledge?

07. Phroogle
Exploiting comparison shopping engines to bait victims

You might also be interested in Google's Anti-Phishing Black and White Lists. Continue reading →

Airport Security Flash Game

Ever wanted to snoop through the luggage of others in exactly the same fashion yours gets searched through? Try this game, and make sure you keep an eye to the instantly updated "dangerous items" unless you want to be held responsible, and lose your badge. Continue reading →

Soviet Propaganda Posters During the Cold War

Posters are a simple, yet influential form of PSYOPS, and their type of one-to-many communication method successfully achieves a decent viral marketing effect. Here's an archive of Soviet propaganda posters against the U.S during the Cold War you might find entertaining -- here's part 2. "Capitalists from across the world, unite!"

North Korea's not lacking behind, and despite the end of the Cold War, is still taking advantage of well proven and self-serving psychological techniques to further spread their ideology.

Here are some collections of ITsecurity related ones as well. Continue reading →

Banking Trojan Defeating Virtual Keyboards

The folks behind VirusTotal, just released an analysis and an associated video of trojan generating video sessions of the infected end user's login process, thus bypassing the virtual keyboard many banks started providing with the idea to fight keyloggers.

"Today we will analyze a new banking trojan that is a qualitative step forward in the dangerousness of these specimens and a new turn of the screw in the techniques used to defeat virtual keyboards. The novelty of this trojan lies in its capacity to generate a video clip that stores all the activity onscreen while the user is authenticating to access his electronic bank.

The video clip covers only a small portion of the screen, using as reference the cursor, but it is large enough so that the attacker can watch the legitimate user's movements and typing when
using the virtual keyboard, so that he gets the username and password without going into further trouble. It would obviously be place a heavy burden on the resources of the computer to capture the complete screen, both when generating the video clip as well as sending it to the attacker. The main reason for doing only a small portion of the screen referenced to the cursor is that the trojan guarantees the speed of the capture to show all the sequence and activity with the virtual keyboard seamlessly."

Anything you type can be keylogged, but generating videos of possibly hundreds of infected users would have a negative effect on the malware author's productivity, which is good at least for now. Follow my thoughts, the majority of virtual keyboards have static window names, static positions, and the mouse tend to move over X and Y co-ordinates, therefore doing a little research on the most targeted bank sites would come up with a pattern, pattern that should be randomized as much as possible. Trouble is, the majority of phishing attacks are still using the static image locations of the banks themselves, when this should have long been randomized as well.
OPIE authentication, suspicious activity based on geotagging anomalies, and transparent process for the customer -- please disturb me with an sms everytime money go out -- remain underdeveloped for the time being. You might find Candid Wüest's research on "Phishing in the Middle of the Stream" - Today's Threats to Online Banking informative reading on the rest of the issues to keep in mind.

No Anti Virus Software, No E-banking for You, or are Projection Keyboards an alternative? Continue reading →

Results of the Cyber Storm Exercise

The Cyber Storm exercise conducted in January "simulated a sophisticated cyber attack campaign through a series of scenarios directed at several critical infrastructure sectors. The intent of these scenarios was to highlight the interconnectedness of cyber systems with physical infrastructure and to exercise coordination and communication between the public and private sectors. Each scenario was developed with the assistance of industry experts and was executed in a closed and secure environment. Cyber Storm scenarios had three major adversarial objectives:

- To disrupt specifically targeted critical infrastructure through cyber attacks
- To hinder the governments' ability to respond to the cyber attacks
- To undermine public confidence in the governments' ability to provide and protect services"

Seems like the results from the exercise are already available and among the major findings are related to :

- Interagency Coordination
- Contingency Planning, Risk Assessment, and Roles and Responsibilities
- Correlation of Multiple Incidents between Public and Private Sectors
- Training and Exercise Program
- Coordination Between Entities of Cyber Incidents
- Common Framework for Response and Information Access
- Strategic Communications and Public Relations Plan
- Improvement of Processes, Tools and Technology

Frontal attacks could rarely occur, as cyberterrorism by itself wouldn't need to interact with the critical infrastructure, it would abuse it, use it as platform. However, building confidence within the departments involved is as important as making them actually communicate with each other.

Go through a previous post on the Biggest Military Hacks of All Time in case you're interested in knowing more on specific cases related to both, direct and indirect attacks. Continue reading →

Examining Internet Privacy Policies

Accountability, public commitment, or copywriters charging per word, privacy policies are often taken for fully enforced ones, whereas the truth is that actually no one is reading, bothering to assess them. And why would you, as by the time you've finished you'll again have no other choice but to accept them in order to use the service in question -- too much personal and sensitive identifying information is what I hear ticking. That's of course the privacy conscious perspective, and to me security is a matter of viewpoint, the way you perceive it going beyond the basics, the very same way you're going to implement it -- Identity 2.0 as a single sign on Web is slowly emerging as the real beast. The marketing perspective, offers unprecedented and fresh data whose value may be the next big project, balance is the key.

Here's an interesting research on "Examining Internet Privacy Policies Within the Context of Use Privacy Values" :

"In this paper, we present research bridging the gap between management and software requirements engineering. We address three research questions. 1) What are the most stringently regulated organizations (health care related organizations including health insurance, pharmaceutical, and drugstores) saying in their privacy policy statements? 2) What do consumers value regarding information privacy? 3) Do the privacy policy statements provide the information that consumers want to know?

Results from this study can help managers determine the kinds of policies needed to both satisfy user values and ensure privacyaware website development efforts. This paper is organized as follows. First, we discuss relevant research on privacy, policy analysis, and software requirements engineering. Next, we cover the research methodologies of content analysis and survey development, and then the survey results. Finally, we discuss the results and implications of this work for privacy managers and software project managers."

The only time privacy policies get read is whenever a leak like AOL's one happens, and mostly for historical purposes, where's the real value, not the perceived one? Don't responsibly generate privacy policies, consider preemptively appointing chief privacy officers, thus commiting yourself to valuing your users's privacy and having a strategy in mind.

Related resources:
Privacy
Snooping on Historical Click Streams
A Comparison of US and European Privacy Practices Continue reading →

Cyber Intelligence - CYBERINT

HUMINT, SIGINT, TECHINT, all concepts for gathering intelligence and supporting decision makers on emerging trends are invaluable by their own definitions, yet useless if not coordinated for achieving the ultimate objective. Cyberspace is so much more than a social phenomenon or the playground of countless pseudo personalities. Info-warriors and analysts are realizing that Cyberspace is becoming so disperse and versatile, that a seperate practice of Cyber Intelligence is necessary to proactively respond -- and always be a step ahead of developing new capabilities -- of emerging players, threats, and tactics. Virtual situational awareness is as important to intelligence analysts, as it is important to security professionals wanting to remain competitive.

What's Cyber Intelligence, or Intelligence analysis for Internet security, can we model it, how long would the model survive before what used to static turns into a sneaky variable knowing its practices has been exposed? What would the ultimate goal of CYBERINT be? To map the bad neighborhoods and keep an eye on them, to profile the think-tanks and assess their capabilities, background motivations for possible recruitment? Or to secure Cyberspace, no matter how megalomanic it may sound, or to basically acquire know-how to be used in future real-life or cyber conflicts?

Intelligence Analysis for Internet Security proposes an intelligence model for the development of an overall systems security model, here's an excerpt :

"Obtaining prior knowledge of both threats and vulnerabilities – as well as sensitivity to possible opportunities to exploit the vulnerabilities - is essential. Intelligence analysis, of course, operates at different levels, ranging from the specific to the general, and from short-term incidents and operations to long term patterns and challenges. Each form or level of analysis is crucial, and complements and supplements the others. Nevertheless, it is important to distinguish them from one another and to be clear at which level the activities are taking place. It is also important to recognize that the most critical insights will be obtained from fusion efforts that combine these different levels. The several complementary levels of intelligence analysis are strategic analysis, tactical analysis and operational analysis. In practice, these categories shade into each other and are not always sharply differentiated, and differing definitions for these terms exist in the intelligence community. Nevertheless, they offer a useful framework within which intelligence tasks and requirements can initially be delineated."

A very informative and relevant research emphasizing on strategic intelligence analysis, tactical intelligence analysis, operational intelligenec analysis, and how cyber intelligence intersects with traditional approaches.

What's the core of CYBERINT?

- the maturing concept of cyberterrorism, propaganda and communications online, thus huge amounts of data to be aggregated and analyzed
- an early warning system for new attack tools, their easy of use, availability, ability to be tracked down, and level of sophistication
- offensive CYBERINT is perhaps the most interesting and aggresive approach I consider fully realistic nowadays. Operational initiatives such as nation-wide pen testing, OS and IP space mapping for instant exploitation, segmented economic espionage attacks -- ip theft worms achieving efficiency -- passive google hacking and reconnaissance, tensions engineering, zero day vulnerabilities arms race

Outsourcing to objective providers of intelligence and threats data should also be considered, but then again it's just a tiny portion of what can actually be achieved if a cross-functional team is acting upon a common goal - to be a step ahead of tomorrow's events, and pleasently going through threat analysis conducted year ago predicting and responding to them.

If you don't have enemies, it means you're living in a world of idleness, the more they are, the more important is what you're up to.

Related resources and posts:
Information Warfare
Cyberterrorism
Intelligence
Benefits of Open Source Intelligence - OSINT Continue reading →

Leaked Unmanned Aerial Vehicle Photo of Taliban Militants

Missed shot from a predator drone due to moral concerns, remarkable move and one visionary enought not to provoke another media fiasco of killed civilians for the sake of killing alleged militants. "U.S. Military Investigates Leaked Photo"

"The grainy black and white photo shows what NBC says are some 190 Taliban militants standing in several rows near a vehicle in an open area of land. Gunsight-like brackets were positioned over the group in the photo. NBC quoted one Army officer who was involved with the spy mission as saying "we were so excited" that the group had been spotted and was in the sights of a U.S. drone. But the network quoted the officer, who was not identified, as saying that frustration soon set in after the officers realized they couldn't bomb the funeral under the military's rules of engagement."

Hezbollah are also known to be able of operating drones, as well as their "window-shopping" purchasing capabilities for night vision gear but how come? Politically independent parties whose revenues get generated by their ability to be totally neutral and, of course, tactics for bypassing gear embargoes.

However, it would be naive to assume everyone is as rational as you are, as it's a rather common practice for various military forces to build up their foundations near highly populated areas, schools and hospitals. Insider leaks like these show certain weaknesses, namely operatives with access to information whose significance slightly devaluated, so why not generate some buzz on the findings.

Naturally, the Pentagon is taking measures to limit the potential of yet another media fiasco, taking into consideration the growing use of gadgets in the military. Moreover, successfully realizing the power of OSINT, an information security/web site alert was issued during August on what can't be posted at .mil sites.

Predator UAV image of Serbian fighters surrendering in Kosovo, courtesy of Military Intelligence Satellites. Continue reading →

Internet PSYOPS - Psychological Operations

Psychological operations or PSYOPS is an indirect use of information warfare methods to deceive, shape and influence the behavior and attitude of the targeted audience -- military marketers with greater access to resources and know-how. The Internet acting as a global-reaching, cost-effective platform for dissemination of a message, rumor, lie, inside information is directly influencing the evolution of the concept.

You may find this research conducted back in 2001, still relevant on the basics of psychological operations and propaganda online. A brief summary of The Internet and Psychological Operations :

"As an information medium and vehicle of influence, the Internet is a powerful tool, in both open societies as well as in those whose only glimpse of the outside world is increasingly viewed and shaped through webpages, E-mail, and electronic chat rooms. Moreover, the sword cuts both ways, as unconstrained (legally, socially, politically) adversaries find the Internet an effective vehicle for influencing popular support for their cause or inciting the opposite against the U.S. or its interests. Consequently, the realm of military psychological operations (PSYOP) must be expanded to include the Internet. Just as obvious is the need for action to remove or update current policy and legal constraints on the use of the Internet by military PSYOP forces, allowing them to embrace the full range of media, so that the U.S. will not be placed at a disadvantage. Although current international law restricts many aspects of PSYOP either through ambiguity or noncurrency, there is ample legal room for both the U.S. and others to conduct PSYOP using modern technology and media such as the Internet. Existing policy and legal restrictions, however, must be changed, allowing military PSYOP forces to both defend and counter adversarial disinformation and propaganda attacks which impact on the achievement of military objectives. By examining this issue, I hope to highlight the importance of the Internet for PSYOP and foment further discussion."

Undoubtedly, Abu Ghraib's fiasco is among the most relevant cases of unintentional PSYOPS in reverse, where the leak's echo effect would continue to spell sskepticism towards what democracy really is. And while there're indeed legal issues to consider when using such operations, what is legal and illegal in times of war is questionable.

Some basic examples:
- your web sites spread messages of your enemies
- sms messages and your voice mail say you're about to lose the war
- your fancy military email account is inaccessible due to info-warriors utilizing the power of the masses, thus script kiddies to distract the attention
- you gain participation, thus support
- you feel like Johnny Mnemonic taking the elevator to pick up the 320 GB of R&D data when a guerilla info-warrior appears on the screen and wakes you up on your current stage of brainwashing
- starting from the basics that the only way to ruin a socialist type of government is to introduce its citizens to the joys of capitalism -- it always works
- hacktivism - traffic acquisition plus undermining confidence
- propaganda - North Korea is quite experienced
- self-serving news items, commissioned ones
- achieving Internet echo as a primary objective
- introducing biased exclusiveness
- stating primary objectives as facts that have already happened
- impersonation

The evolution of online PSYOPS is on its way and is actively utilized by both adversaries, and everyone in between, it's entirely up to you to be either objective, or painfully subjective. Continue reading →

Prosecuting Defectors and Appointing Insiders

In the year 2006, those who control Russia's energy reserves control a huge portion of the world's energy market -- renewable energy is the future. And as you can imagine they're for sure not controlled by some newly born Russian millionaires -- a great benchmark for how vibrant a country's economy or level of corruption really is. Seems like the long-term effects of a planned economy are still a political doctrine, and the invisible hand of the market is still short enough to feel the Russian energy sector as Russian intelligence chief's son has been named adviser to oil company chairman :

"A son of the head of Russia's main intelligence agency has been named an adviser to the chairman of state oil company OAO Rosneft, the daily newspaper Kommersant reported Wednesday, citing an unidentified source on Rosneft's board of directors. Andrei Patrushev, the 25-year-old son of Federal Security Service (FSB) director Nikolai Patrushev, had previously been an FSB official himself, working in the department that keeps tabs on the Russian oil industry, according to Kommersant."

The courage to rise above shown by Mikhail Khodorkovsky has its own butterfly effect, and it's so easily predictable one. Here's a Google bomb for you -- it means enemy of the people. Here's another. Враг народа or a vivid protectionist? Continue reading →

Malware on Diebold Voting Machines

Continuing the previous post on "How to Win the U.S Elections" seems like malware is indeed diebold voting machines compatible -- related videos.

The main findings of the study are:

- Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss. We have constructed demonstration software that carries out this vote-stealing attack.

- Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.

- AccuVote-TS machines are susceptible to voting-machine viruses — computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity. We have constructed a demonstration virus that spreads in this way, installing our demonstration vote-stealing program on every machine it infects.

- While some of these problems can be eliminated by improving Diebold's software, others cannot be remedied without replacing the machines' hardware. Changes to election procedures would also be required to ensure security.

IP enabled, Windows running ATM's with anti-virus, IPv6 enabled fridges with anti-virus, smart phones with anti-virus, Play Stations with anti-virus, birds as early warning systems for an epidemic, so where's my signature, dude? Continue reading →

Vulnerabilities in Emergency SMS Broadcasting

There's been a recent test of emergency cell phone alert in the Netherlands -- original article was here -- and while broadcasting supposidly reaches the largest number of people in the surrounding area, timing and countless number of factors also matter :

"Cell phones throughout a downtown hotel beeped simultaneous Tuesday with an alert: there is a suspicious package in the building. It was a drill, run by Dutch authorities testing an emergency "cell broadcasting" system that sends a text message to every mobile phone in a defined area. Representatives from 21 national governments, New York City and the U.S. Federal Emergency Management Agency, or FEMA, watched the signal go out to cell phones throughout the Sofitel hotel in Amsterdam. About half the people in the building then followed instructions and evacuated. "We want to see what worked and what didn't," said David Webb, of FEMA's Urban Search and Rescue Program. "The EU (European Union) is really leading the way with this technology."

What if :

- Even in case that key emergency personal were to use a seperate communication network, radio for instance, broadcasting to anyone accepting could result in significant delays, and even though the message is sent, it doesn't mean it would take advantage of the momentum

- cell phone jammers are often used by hotels to preserve the unique atmosphere and undisturbed conference meetings can prove contradictive, excluding the fact that the parties supposidly plotting the attack don't use one by themselves

- despite the fact that one in five will pick up their mobile during sex, how many obsessively check for newly arrived sms messages?

- how would a tourist know how the successfully authenticate the local authories at the first place, in case of emergencies watch out for an sms from 010101, now I assume you know how easily I can sms you from the same number and impersonate the number

- what should the user be mostly aware of be aware of, mobile malware, SMSishing, or "call this 0 900 or else I won't tell you where's the attack" type of messages

- from a multilingual point of view, will it be using English by default, and how many would be still enjoying their meals while everyone's leaving

Great idea, but it may prove challenging to evaluate the actual results in a timely manner. Sent doesn't mean received or read on time, even actioned upon.

Recommended reading:
SMS disaster alert and warning systems - don't do it !
Revisiting SMS during Disasters
Concept Paper on Emergency Communications during Natural Disasters
Exploiting Open Functionality in SMS- Capable Cellular Networks
The Role of Mobiles in Disasters and Emergencies Continue reading →

Testing Intrusion Prevention Systems

Informative testings results of various IPSs such as Juniper IDP 200, Cisco IPS 4240, eSoft ThreatWall 200, ForeScout ActiveScout 100, McAfee IntruShield 2700.

Here's how they tested :

"In order to create a base environment in which to compare the different appliances, we set up a single system within our test network to be the target of Core Impact’s simulated attacks. We chose a system running the most vulnerable operating system we could think of—Windows 2000 Service Pack 2 with no additional service packs or security updates. We temporarily opened the channels on the test network’s firewall and installed Core Impact on a system outside the network. We then proceeded to detect and “attack” the Windows 2000 system to identify its vulnerabilities. Of the hundreds of attack modules available, we picked 85 of the most applicable. Knowing how our target system was vulnerable and the attacks we could launch against it, we connected each IPS in turn according to its recommended configuration. We then allowed each IPS to function in a real-world network environment for a day or more. Eventually we rebooted the Windows 2000 machine and ran Core Impact to simulate a barrage of intrusions. Finally, we adjusted the security profiles of each IPS and ran the tests one more time. The result was a complete picture of how effective each IPS was at preventing attacks—both out of the box and after fine-tuning. The good news is, we were able to tweak each IPS to completely shut down the Core Impact attacks."

There are, however, hidden costs related to IPSs, and that's increased maintainance and reconfiguration time, possible decline in productivity. The key is understanding the pros and cons of your solution, educating the masses of users, and run a departamental, compared to a comany-wide enforcement at the first place as far as host based IPS are concerned. Network based IPSs sensitivity is proportional to the level of false alerts generated, so figure out how to balance and adapt the solution to your network.

Suspicious system behaviour is such an open topic term to the majority of end users, keep it in mind whatever you do when dealing with HIPS. And do your homework of course.

Continue reading →

Google Anti-Phishing Black and White Lists

Can the world's most effective search engine manage to keep questionable sites away from the search results of its users? Seems like its toolbar users are also warned about such. Google for sure got the widest and most recent snapshot of the Web to draw up conclusions from, and seems like starting from the basics of keeping a black and white list with questionable sites/URLs is still taken into consideration. Googling Google proves handy sometimes and you can stumble upon interesting findings such as Google's Black -- cache version -- and White lists of phishing and possible fraudelent sites -- there's still a cached version of the White list available and the white domains as well.

As I often say that the host trying to 6667 its way out of the network today, will be the one sending phishing and spam mails tomorrow, therefore in order to verify I took a random blacklisted host such as http://219.255.134.12/fdic.gov/index.html.html and decided to first test it at TrustedSource, and of course, at the SORBS to logically figure out that the host's has been indeed :

"Spam Sending Trojan or Proxy attempted to send mail from/to from= to="

What's ruining the effect of black and white lists? With today's modular malware -- and DIY phishing toolkits -- the list of IP's currently hosting phishing sites can become a decent time-consuming effort to keep track of, namely black lists can be sometimes rendered useless given how malware-infected hosts increasingly act as spamming, phishing, and botnet participating ones -- if ISPs were given the incentives or obliged to take common sense approaches for dealing with malware infected hosts, it would make a difference. As far as the white lists are concerned, XSS vulnerabilities on the majority of top domains, and browser specific vulnerabilities make their impact, but most of all, it's a far more complex issue than black and white only.

Another recent and free initiative I came across to, is the Real-Time Phishing Sites Monitor, which may prove useful to everyone interested in syndicating their findings.

Third-party anti-phishing toolbars, as well as anti-phishing features build within popular toolbars are not the panacea of dealing with phishing attacks. A combination of them and user awareness, thus less gullible user is the way. Continue reading →

Visualizing Enron's Email Communications

In a previous post "There You Go With Your Financial Performance Transparency" I mentioned the release of Enron's email communications between 2000/2002, mind you, by Enron's ex-risk management provider. Continuing the series of resourceful posts on visualizing terrorists, intelligence data sharing, security and new media, here's Jeffrey Heer's visual data mining of Enron's email communications sample :

"Using the Enron e-mail archive as a motivating dataset, we are attempting the marriage of visual and algorithmic analyses of e-mail archives within an exploratory data analysis environment. The intent is to leverage the characteristic strengths of both man and machine for unearthing insight. Below are a few sketches from a preliminary exploration into the design space of such tools."

And here's how he visualized the social network, invaluable "big picture". Continue reading →

Secret CIA Prisons

It's official, there're indeed (publicly) secret CIA prisons, and a public commitment towards improvement :

"All suspects will now be treated under new guidelines issued by the Pentagon on Wednesday, which bring all military detainees under the protection of the Geneva Convention. The move marks a reversal in policy for the Pentagon, which previously argued that many detainees were unlawful combatants who did not qualify for such protections. The new guidelines forbid all torture, the use of dogs to intimidate prisoners, water boarding - the practice of submerging prisoners in water - any kind of sexual humiliation, and many other interrogation techniques."

I assume operating such facilities in the Twilight Zone is flexible from an interrogation point of view, what makes me wonder though is how justified kidnappings of alleged terrorists by recruiting local intelligence agents are. Guess a guy I had a hot discussion with the other night was right, no more Russian skirmishes in guerilla warfare, the adversary leaders just dissapear and no one, even their forces ever hear anything of them -- spooky special forces stealing the hive's queen.

In case you're also interested in DoD's New Detainee Interrogation Policy, it's already available at the FAS's blog, plus "biographies" of 14 detainees.

However, there's one thing the entire synthetic community would always be thankful to the CIA though, and that's the LSD, a proven "ice breaker" during the decades.

Graph courtesy of Spiegel.de Continue reading →

NSA's Terrorist Records Database

Right on time! Inside sources -- this is a creative spoof -- at the NSA finally coordinated their intelligence sharing efforts with the Patriot Search, and came up with a public database giving you the opportunity to lookup your entire neighborhood for suspicious relations with the Middle East.

What's the bottom line? Keep your friends close, your intelligence buddies closer!

Interested in Anti-Terror tips? Follow these :

- Use email software with strong encryption to prevent terrorists from reading your email
- Encrypt the files on your computer using strong encryption such as PGP to prevent terrorists from accessing your files
- Browse the web using an anonymous proxy to prevent terrorists from seeing what sites you visit
- Insist that electronic voting machines provide you with a traceable paper receipt so you can ensure that terrorists haven't altered the electronic ballot
- Report all behavior, especially if it is suspicious Continue reading →

The Freedom Tower - 11th September 2006

That's of course how it's gonna look like in 2012 -- true leaders never look into the past, they're too busy defining the future. Time goes fast given you're busy and always up to something -- disruption! I still clearly remember the moment when 9/11 happened and realize how much I've changed since then. Mixed thoughts started buzzing around my mind, the type of thoughts Cryptome's Daily Photos smartly emphasises on. Anyway, someone or something always has to, either be the result, the consequence, or the foundation for the next stage. I'll leave it open to interpretations on what interacts with what :

Cold War <=> Defense/Intelligence spending/Innovation <=> Post 9/11 World
Terrorist <=> Ideology <=> War
Foreign policy <=> Terrorism <=> Geopolitical dominance
Terrorism <=> OSINT <=> Intelligence
Civil Liberties <=> Terrorism <=> Surveillance
Poverty <=> G8 <=> Developed world
Space exploration budget cuts <=> Terrorism <=> Alternative energy sources development
Paranoia <=> Terrorism <=> Security services/products market growth

I can keep on going, but that's not the point, the point is how globalisation is acting as a double edged sword, and so is paranoia, still, keep in mind that there're one million other ways to get killed compared to a terrorist attack.

There've always been and will always be "bad guys", "good guys", and "greyhat guys" -- barking dogs of course -- trouble is knowing whom to trust at a particular moment in time. I can easily argue that during the past five years, all the "bad guys" had to do was to go through the press and come up "future long term strategies" perceptional enough to shock and awe "the infidels". My point is that, OSINT is also a double edged sword, useful and dangerous to both parties. As far as the infidels are concerned, I'm not one - I believe in myself!

Underestimating an adversary is much worse than overestimating it, just cut using terrorism as the excuse for everything you do, or are about to do, which is as subjective as China's economy taking over the world -- something neither the "bad guys" nor China would do.

Related posts:
Terrorism
Data mining, terrorism and security
Terrorist Social Network Analysis
Benefits of Open Source Intelligence - OSINT
Visualization, Intelligence and the Starlight project
Cyber terrorism - don't stereotype and it's there!
Cyber terrorism - recent developments
Arabic Extremist Group Forum Messages' Characteristics
Tracking Down Internet Terrorist Propaganda
Cyber Terrorism Communications and Propaganda
Steganography and Cyber Terrorism Communications Continue reading →