Exposing Bulgaria - Or Who Build the Soviet Union's Virus Factories in the 90's? - An OSINT Analysis

March 30, 2021
Am image is worth a thousand words. Check out the original analysis here.













































Stay tuned!
Continue reading →

Exposing the "KGB Hack" a.k.a Operation EQUALIZER - An OSINT Analysis

0
March 30, 2021

Have you ever heard of Project RAHAB or Operation EQUALIZER also known as the first instance of cyber espionage in the form of having German citizens compromise U.S based networks to actually supply the information to the KGB? Keep reading. In this post I'll provide actionable intelligence and I'll discuss in-depth the infamous "KGB Hack" and include an in-depth and never discussed perspective on how Germany's Intelligence Services at the time began outsourcing their cyber espionage needs to third-parties in particular the production of viruses at the time. What is Project RAHAB? Project RAHAB was among the first international campaign to utilize hackers for cyber espionage including possible disruptive activities internationally courtesy of Germany's Intelligence Service largely relying on public sources of information in particular Germany's Chaos Club that was widely known to have been working with and consisting of hackers which later on matured into a separate project called Operation EQUALIZER which aims to supply the KGB with cyber espionage secrets by compromising U.S based government and proprietary networks with the group consisting of German hackers who successfully managed to compromise the networks but eventually got caught which led to the first known case of cyber espionage with German hackers supplying information and U.S government secrets to the KGB.

An excerpt:

"The Germans appear to have taken their cue from the success of such amateur hacker groups as the "Chaos Club" and the "Hannover Hackers" that worked with the KGB. According to Schweizer, the Germans created "Project Rahab," named after the biblical character who helped the Israelites infiltrate Jericho, in the mid 1980s to develop a "professional" hacking capability. The project was developed by the Bundes Nacrichten Dienst's (BND) Christian Stoessel, who wrote the initial "point paper" proposing hacking into foreign data bases for intelligence purposes. The project was joint effort between BND's Division I (HUMINT), Division II (SIGINT) and Division IV (HQ). In addition to the intelligence professionals, other technical experts from a variety of outside institutions were recruited, resulting in a staff of approximately 70 people. While focused initially on retrieving information, the Project Rahab staff soon turned to offensive measures that could be of use in a time of conflict, including a variety of viruses that could be inserted in to target computers. Schweizer claims that the Project has "accessed computer systems in the Soviet Union, Japan, France, the United States, Italy, and Great Britain,"67 Included in the "hacks" of the Rahab staff is penetration of the SWIFT network, a dedicated international banking network that carries there majority of worldwide bank transfers. The implications of this information falling into terrorist hands are clear."

Including the following excerpt:

"Bulgaria has been a "breeding ground" for computer viruses during and after Communist rule. In the early 1990s, the Bulgarians had developed thirty unique viruses with more than 100 different variations and were releasing them at a rate of one per week.60 The "Hannover hackers" of Cuckoo's Egg fame also identify the Bulgarians as active in computer intelligence. Madsen cites the National Intelligence Service (foreign and domestic intelligence), and Razuznavatelno Upravleniye na Ministerstvoto (RUMNO) (Military intelligence) as the Bulgarian intelligence organizations most likely to be involved in computer intelligence gathering.61 It has also been rumored that a new "virus library" that allows anyone, not just a skilled programmer, to write a virus by "picking and choosing" among several options was first developed in Bulgaria. This system has the potential to produce thousands of new viruses to be unleashed at random or specific targets. A cyberterrorist bent on bringing a system down could single-handily generate a flood of viruses to infect the targeted computer. Even if virus detection software was installed, the chances are good that a virus could be created to evade detection."

Consider going through the original "Exposing Bulgaria's Involvement in Cold War Espionage - Who Stole the PC and Build a Fake Pro-Western Empire? - An OSINT Analysis" analysis here.

Stay tuned!

Continue reading →

The "Russia Small Group" - A Step in the Right Direction or a Dangerous Game to Play With?

0
March 29, 2021

It has recently came clear that the U.S DoD in direct cooperation with the NSA have been busy working on the so called "Russia Small Group" which aims to analyze and properly respond to the growing threat of foreign influence operations launched and courtesy of Russia that also includes basically anything related to Russia in the world of information and cyber warfare including possibly botnet and malicious software attack campaigns including to further protect the U.S Elections from current and emerging cyber threats that also includes foreign influence operations launched or courtesy by Russia Iran or China.

Among the key factors that should be considered when establishing a proper "Russia Small Group" would eventually consist of monitoring for foreign influence operations and actually establishing the foundation for a proper proactive and active Technical Collection that also includes 4th party collection initiative for the purpose of establishing the foundations for a successful proactive and reactive response to the growing threat posed by Russia that also includes the good old fashioned cybercriminals threat that usually goes beyond the usual GRU-themed malware and cyber espionage type of campaigns.

The currently ongoing misunderstanding that Russia is actively utilizing active measures in cyberspace and the fact that information warfare operations are clearly making its way into the White House Cyberspace strategy should be considered a precedent which despite the fact that will clearly boost the funding and investment in the industrial military complex in particular cyber threat intelligence and foreign influence detection campaigns to actually boost the U.S Cyber Command and NSA's budget in an attempt to respond to the threat posed by Russia in cyberspace the use of information warfare and information operations in cyberspace that also includes foreign influence operations in the form of active measures should be considered and properly analyzed with caution as it blurs the lines between cyber warfare information warfare information operations and the newly emerged term called foreign influence operations which from the perspective of cybercrime research should be considered a basic rogue and bogus content farm which is capable of acquiring traffic and hijacking traffic using basic blackhat SEO (search engine optimization) techniques.

It used to be a moment in time when Russia and China were actively busy playing copycats from publicly obtainable and accessible U.S DoD and U.S Intelligence Community online documentation and material which basically helped them shape their modern information warfare and cyber warfare doctrines if any. The rest remains cybercrime as usual.

Stay tuned!

Image courtesy of:

Pillars of Russia’s Disinformation and Propaganda Ecosystem

Continue reading →

DoD's Cyber Strategy for 2018 - An Analysis

0
March 29, 2021

Going through the latest DoD Cyber Strategy for 2018 it should be clearly noted that several key new developments are continuing to take place which are worth discussing in the broader context of real-time cyber threat intelligence cyber attack attribution and cyber attack prevention mechanism which today are taking place primarily courtesy of the U.S DoD the NSA and the U.S Cyber Command.

In this post I'll discuss a newly emerged trend which is called "forward defense" where U.S based cyber warriors will actually bother to proactively respond to and prevent current and emerging cyber attacks by scouting foreign networks including foreign influence and information operation campaigns that also includes the use of botnets and cyber espionage type of campaigns to further protect U.S critical infrastructure from current and emerging cyber threats.

While the majority of the cyber threat intelligence work in the U.S is done by the commercial sector the U.S Cyber Command continues to actively apply basic U.S DoD military methodology including near real-time information sharing initiatives for the purpose of demonstrating the key operational capability in the context of targeting the online infrastructure that also includes to actively respond to information warfare including foreign influence operations.

Key summary points to consider:

  • Information Warfare is making its way into the White House official Cyberspace strategy document - I've already discussed this unique trend in a related article which you can check out here - which undoubtedly sets a unique precedent where we have the White House directly interfering with basic military concepts such as for instance information warfare and information operations that also includes the use of foreign influence operations which further empowers the U.S DoD and the NSA with unique capabilities to respond to these type of campaigns possibly directly interfering with Russia's information warfare concepts which believe it or not in another world are directly copied from publicly accessible U.S DoD and NSA publicly accessible papers throughout the years. In terms of information warfare operations that also includes foreign influence operations this is a dangerous game to play which may inevitably lead to actually catching some high-profile information warfare operations or eventually KGB or Russia's FSB operators which goes far beyond the usual duties of the U.S Cyber Command the U.S DoD and the NSA in general which has to do with far more high-profile cyber threats that also includes cyber warfare campaigns and possible direct threats against U.S critical infrastructure
  • Foreign influence operations - it still remains unclear as to the extend of this basic misconception which basically relies on the use of social media or the so called rogue and bogus content farms which are pretty similar to high-profile and relevant cybercrime-friendly blackhat SEO (search engine optimization) campaigns in the context of traffic acquisition and traffic hijacking which basically has nothing to do with Russia's active measures in Cyberspace which is a dangerous word to play with in particular in the context of having the U.S Cyber Command the U.S DoD and the NSA hunt down and track down foreign influence operations. It should be also clearly noted that a direct response should be issues on a systematic and persistent basis which basically represents the U.S Cyber Command and the U.S DoD including the NSA's basic principles and mode of operation where the virtual assets of a specific foreign influence operator can either can directly exposed or shut down or actually a direct DoS (Denial of Service) launched against them which shouldn't be surprising in the broader context of fighting cybercrime and responding to cyber warfare incidents and campaigns online
  • Sock puppetry and foreign influence operations - yet another dangerous word which should be used with caution remains the use of "sock puppets" which are basically foreign influence operators positioned by the U.S Cyber Command the U.S DoD and the NSA as a possible National Security risk which should be properly monitored and actions taken against it in one form or another in particular a direct attempt to expose the operator behind the rogue and bogus content farm including to actually attempt to launch a DoS (Denial of Service) attacks against their infrastructure
Stay tuned!

Continue reading →

Sock Puppetry - Exposing Foreign Influence Operations or the Basics of Information Warfare Operations - An Analysis

0
March 27, 2021
Continue reading →

Current and Future Assessment of U.S U.K and German Cyber Intelligence and Cyber Surveillance Programs and Tradecraft - An Analysis

March 26, 2021
Spooked by evil aliens? Did the Klingons did it again? Worry about your latest and very greatest porn collection leaking online? Thinking about your IP (Intellectual Property) as if it were U.S National Security? Want to find a meaningful way to contribute to a bigger cause - The U.S Intelligence community. Keep reading.

In this rather long analysis I'll walk you though all the currently relevant U.S Intelligence Community Cyber Intelligence and Cyber Surveillance programs in non-alphabetical order with the idea to provoke a meaningful discussion on current tactics techniques and procedures courtesy of the U.S Intelligence community how you can protect yourself and most importantly how the U.S Intelligence community can "perform better" including practical software applications and services solution based recommendations for general users and organizations.

The data in this research has been obtained from Cryptome.org the Snowden archive and the Electrospaces.net research blog including the following archive.

For this purpose of this article I'll discuss the ABSOLINE EPILSON Top Secret and Classified program and use it as example into how modern cyber surveillance and eavesdropping courtesy of the U.S Intelligence Community and nation-state including rogue actors works for the purpose of establishing the foundations for a successful discussion on the basis of which I'll offer practical and relevant examples on the basics of how you can properly protect yourself from modern cyber surveillance and eavesdropping campaigns courtesy of nation-state actors including rogue actors.

Program name: ABSOLINE EPILSON - PDF - "This paper describes standard analysis techniques that have been used to both discover iPhone target end point machines and implant target iPhones directly using the QUANTUM system. It shows that the iPhone Unique Device Identifier (UDID) can be used for target tracking and can be used to correlate with end point machines and target phone. It highlights the exploits currently available and the CNE process to enable further targeting."

Current status: The current status of the program is active in terms of possible collerations between iPhone user ID's including an end user's end point Internet user activities in terms of traffic and Web site cookie acquisition for the purpose of interception profiling and active monitoring.

How it works: Every mobile has a unique ID? The problem? It tends to "phone back" to a manufacturers infrastructure and can be uniquely attributed to an end user including -- possibly -- to their end point potentially acting as the "weakest link" potentially exposing and end user's end point Internet activities to the U.S Intelligence community.

The digitally naughty part: Data colleration on a third-party device for the purpose of exposing the actual infrastructure behind the device including related end-points and related devices associated with the user in question - is nothing new. The digitally naughty part? It can be done - and the mobile device in question -- an iPhone -- in this particular case can be easily labeled as the "weakest link" in a possible corporate and end user private environment.

How you can make it work better: Shipping and delivery including supply chain infiltration tactics for the purpose of collerating unique mobile device IDs to a specific isn't new including possible "purchase-order-to-user-ID" colleration and data infiltration through basic social engineering and offensive CNO-based tactics. Potentially launching a targeted and geo-located phishing campaign on a per country city-basis could definitely lead to a positive results in terms of good old fashioned social engineering campaigns in terms of exfiltrating the necessary data including mobile device IDs including possible browser-based Web-based decoys for the purpose of further exposing an end user or an organization's private network and the necessary collerated end point devices.
  • Target application-isolation software and service solution providers and owners - launching a variety of malicious and fraudulent potentially disruptive type of attack campaigns should be considered as as option for the purpose of ensuring that the project owner's time remains spend on fighting the malicious attacks including the eventual slowing down of the project development including the project's eventual shutdown. Possible portfolio of attacks might include online identity discrimination including spear phishing campaigns DDoS attack campaigns including possibly mail-flood attacks including possibly TDoS (Telephony Denial of Service attacks) against a variety of tailored and predefined project owner's contact points.
  • Develop an internal bug-bounty program for sand-boxing and application isolation software and service providers - crowd-sourcing the bug bounty through public and official channels including the possible outsourcing of the bug hunting process through third-parties while offering the necessary financial incentives might be the best approach to undermine the credibility of the project including the actual owner's credibility and reputation to maintain and operate the project.
  • Aim to wage disruptive warfare against private project owners - it should be clearly noted that modern Intelligence Agencies have the capacity to wage disruptive warfare against private project and software owners using a variety of means which include a variety of technical and human-oriented online disruption tactics which should be easily considered as a threat to the project and software owner's existence where the appropriate measures to protect their online assets should be taken into consideration
  • Passively measuring and estimating product market-share for Targets of Opportunity - modern Intelligence Agencies have the potential to easily measure the product or project that also includes the software's market share in an attempt to better position a disruptive campaign targeting the project owner including the software owner in a variety of ways and positioning the project owner including the actual software owner as a Target of Opportunity to participate in related mass surveillance and eavesdropping campaigns
How you can take measures to protect yourself: Consider obtaining one of the following "stripped" mobile devices in terms of hardened mobile OS offering in-depth and multi-layered security and privacy protection features for the purpose of bypassing wide-spread surveillance techniques and techniques. Ensuring that you possess a "stripped" mobile device is crucial for ensuring the necessary degree of personal privacy to stay ahead of current and emerging Cyber Threats including wide-spread privacy violations courtesy of the U.S Intelligence Community and various other nation-state and rogue actors including cybercriminals.

On the majority of occasions modern cyber surveillance and eavesdropping campaigns on passive or active SIGINT which has to do with legal and passive lawful surveillance techniques which also includes offensive techniques such as for instance direct attempts to interact with someone's online infrastructure in place for the purpose of compromising and obtaining direct access to their digital assets including personal information.

Among the first things that a concerned user should take into place would be to ensure that a proper network security is taking place going beyond your ISP's supplied network router which "definitely" comes with a built-in antivirus and anti-malware solution in place in particular the use of pfSense which offers advanced and market relevant security and IDS/IPS (Intrusion Detection System and Intrusion Prevention System) including build-in sophisticated malicious Web site blocking features which also includes a modern and relevant geolocation-based security solution in place. The same goes for Cisco Firepower ASA which is a highly recommended and market relevant network-based protection including IDS/IPS solution in place. Both devices are easily adoptable and a cost-effective solution for basic network level protection mechanisms that can greatly assist against widespread nation-state surveillance and eavesdropping including active computer network exploitation (CNE) attempts.

Among the key benefits of using such type of device would be to ensure that no incoming traffic is allowed to enter the network using a basic network level access policy which has the potential to greatly mitigate a huge number of attack campaigns including active network reconnaissance campaigns. The second logical approach would be to utilize publicly accessible that also included proprietary sources of real-time threat intelligence information for the purpose of ensuring that current and emerging threats are properly taken care of such as for instance publicly accessible Web site blocking and URL reputation lists that also included proactive and reactive solutions as for instance Snort which offers a pretty good coverage of current and emerging cyber threats that also includes a variety of high-profile and relevant network-based including DoS (Denial of Service) and network reconnaissance type of threats. 

It should be clearly noted that both the public and free instance of Snort offers an in-depth network-based and sophisticated current and emerging threats type of protection and that the rule set gets properly updated on a daily basis with relevant signatures for a variety of threats which should be considered as a must use including Cisco's proprietary Snort rule set which also gets updated on a periodic basis which also includes that use of Cisco's Threat Grid in terms of offering real-time protection against current and emerging threats including the geolocation-based firewall which basically allows a user to only allow access to a specific country's online assets and to also deny access to the majority of countries internationally potentially mitigating a possible breach and intrusion scenario where an attacker would attempt to phone back and actually attempt to access the compromised network which is a where a geolocation based firewall comes into play properly protecting a network and its infrastructure from possible leaks and malicious software attempting to phone back including possible IP (Intellectual Property) leaks which could easily allow a nation-state or a sophisticated online to easily map and attempt to build a bigger picture in terms of a company or an end user's online activity for the purpose of establishing the foundation for successful and related type of malicious attack campaigns launched against a specific network or an end user.

Among the basic principles that should drive an individual or an organization that seeks to protect itself from modern nation-state or rogue actors type of threats should include the use of community driven and basically commercially free services and products which also include the use of Snort including the use of Cisco's global threat intelligence grid for the purpose of preventing and responding to modern cyber attack outbreaks including currently active and live threats.

Yet another highly recommended and extremely relevant in  terms of proactive and reactive protection feature courtesy of Cisco's Firepower ASA appliance is the Botnet Traffic Filter feature which offers an additional set of botnet traffic mitigation features which basically protects a compromised network from possible data leaks and possible attempts for the malicious software to actually phone back to a rogue and malicious infrastructure.

For users interested in protecting their mobile device from possible mass surveillance and eavesdropping campaigns there are several scenarios which should be considered such as for instance the use of VPN on a mobile device including actual real-time and email communication which should be properly encrypted using for instance PGP including modern real-time communication protections mechanisms such as for instance the use of XMPP/Jabber's OMEMO real-time encryption feature including the use of stripped and proprietary mobile devices which greatly mitigate the threat posed by modern mobile malware in the context of using a proprietary operating system which often offers an additional layer of security and privacy for the user.

Recommended "stripped" mobile devices to use potentially preventing widespread surveillance efforts including personal privacy violations:
The next logical step would be to ensure that the metadata on the device in terms of Web browsing including possible public and proprietary service use is properly obfuscated. Among the primary concerns whenever you choose to obfuscate a particular set of data would be possible supply-chain infiltration on behalf of the U.S Intelligence community in particular purchase orders that would further allow me to collerate and potentially identify a particular end user based on the actual supply-chain infiltration. One of the primary concerns in today's modern Internet world largely dominated by wide-spread surveillance courtesy of the U.S Intelligence Community including rogue and potentially malicious actors including nation-state and cybercriminals is the direct exposing of an individual's private network including possible collerated-based events that could potentially identify and track down a particular individual. 

In terms of mobile device obfuscation the end user is largely advised to take advantage of personal firewall for the purpose of monitoring outgoing and incoming connections on the device in particularly blocking all-incoming connections and closely monitoring outgoing connections. Furthermore, what an end user can potentially do in terms of hardening their mobile device is to ensure that it does not leak back any internal IP addresses including possibly the device MAC address potentially exposing the device user's internal and private network potentially falling victim to "ABSOLINE EPILSON" type of end point and mobile device targeting type of attacks and campaigns courtesy of the U.S Intelligence Community including other rogue factors including nation-state actors and cybercriminals in general. How you should proceed in order to archive this process? Keep reading.

Next to the general use of "stripped" mobile devices end users should also consider the following highly recommended tactics techniques and procedures for the purpose of protecting their IP (Intellectual Property) including their mobile device and end point device's confidentiality availability and integrity:
  • WebCRT - Among the most common privacy-exposing scenarios in terms of "ABSOLINE EPILSON" remains the active utilization of unsecure browsing habits namely a misconfigured browser in terms or browser extension including the newly introduced "local IP exposing" WebCRT feature found in a variety of browsers. What should end users better do to protect their local IP including adding additional privacy and security features to their browser? Keep reading. The first thing a user should ensure from a network-based perspective is that their browser fingerprint remains as private as possible including the inability of the U.S Intelligence Community.
  • Personal Host Based Firewall - the first thing to look for in a personal firewall is a bi-directional firewall functionality allowing you to block all incoming traffic and successfully allowing you to allow all ongoing traffic based on a variety of rules including possible white-listing. The next logical step would be to implement basic ARP-spoofing prevention solution for the purpose of ensuring that your ISP including VPN provider cannot perform basic ARP-spoofing attack campaigns which could compromise the confidentiality of the targeted host and expose to it a multitude of network-based attack deception attack campaigns.

  • HIPS-based firewall - a decent and highly recommended solution to protect end points from malicious software including web-based client-side exploits who might attempt to drop malicious software on the affected hosts include the use of host-based intrusion prevention system which has the potential to stop a wide variety of threats that have the potential to expose an end point to a multi-tude of malicious software such as for instance the use of Comodo Firewall which is a highly relevant and recommended solution for a huge number of end points in terms of offering advanced and sophisticated malware protection mechanisms.
  • Basic Network Deception - it should be clearly noted that every network is a subject to possibly compromise including automated and targeted attacks which could be easily prevented and actually allow a network operator or a network user to gather the necessary cyber attack information which could easily offer an in-depth peek inside the activities of the cyber attacker in particular the type of information that they're interested in obtaining. Case in point would be the use of a proprietary network-based deception appliance such as for instance Thinkst Canary including the use of the Nova Network Deception Appliance which empowers a network operator with a sophisticated network deception techniques which allows them to trick a cyber attacker into falling victim into a rogue network-based assets with the actual network operator in a perfect position to gather intelligence on the real intentions of the cyber attacker while properly protecting their infrastructure from malicious attackers
  • Custom-Based DNS-based DNSSEC-based servers with no logs policy - worry about the U.S Intelligence Community and your ISP eavesdropping on your traffic and Web browsing history potentially launching man-in-the-middle attacks? Consider utilizing basic free privacy-conscious DNS service provider with DNSSEC-enabled no-logs policy such as for instance - DNS Watch - which you can freely use without worry that your Web browsing history and DNS request history will be logged and potentially abused. A possible logical recommendation in the context of improving an end-point's in-depth security strategy might be the utilization of the so called protective DNS which offers an in-depth protection techniques and is often available online for free. Case in point is the use of Cisco's Umbrella solution which offers an in-depth protection mechanism and is available to end users and organizations online for free.

Windows-based users should definitely consider using and learning how to use the Advanced Tor Router application which basically offers a diverse set of unique privacy-enhancing and privacy-preserving featuring while utilizing the Tor Network further ensuring and offering a free solution for end users interested in preserving their Web browsing activities including possible network-wide Tor Network adoption on per OS and on per application-based basis. What does this application has to offer in terms of unique privacy-preserving features? Basically it offers a variety of unique and never presented or discussed before type of Tor-Network and end-point privacy-enhancing or preserving features further ensuring that the end user will remain properly protected from sophisticated network-based and client-based type of attack campaigns potentially aiming to identify and expose their identity. What's worth emphasizing on in terms of the application is the unique set of privacy-preserving and oriented client-side feature in terms of possibly privacy-oriented and secure browsing experience.

Sample Screenshot of the Privacy-Preserving Browser-Based Advanced Tor Router features:

  • Anti-forensics - it used to be a moment in time when users were primarily concerned with their browsing habits and use of online resources which is where specific browsers that don't log anything on the hard drive come into play. A possible solution and recommendation here include the use of the Sphere anti-forensics browser which doesn't log anything on the hard drive and should be considered as a decent anti-forensics solution for anyone who's interested.
  • VeraCrypt containers - a proper full-disk encryption solution should be taken into consideration in case the user wants to protect their information and intellectual property from physical type of attacks that also includes the use of Virtual Desktops with built-in security and privacy mechanisms in place such as for instance the use of Comodo Secure Desktop
  • Application isolation - it should be clearly noted that a modern and in-depth defense strategy should include the use of application sandboxing solutions which has the potential to prevent a huge number of client-side based exploitation attempts including to actually protect an end user from a variety of Web based client-side exploits serving threats such as for instance the use of Sandboxie which is a free solution that actually works and has the potential to prevent a huge number of Web based threats that expose users to a variety of threats
  • Hardware-Based Isolation - a proper network based strategy should consist of a basic hardware-isolation methodology where for instance malicious attackers would have hard time trying to penetrate and compromise due an additional level of hardware-isolation applied methodologies and techniques
  • Whitelisting - although this approach has been widely discussed throughout the years it should be clearly noted that modern anti-malware solutions should be also providing a possible application whitelisting feature where users should only whitelist a basic application which would allow them to still perform their activities and basically block and prevent and execution of related applications
Sample tips for the purpose of ensuring a proper and secure installation of end-point security solutions include:
  • always password-protect your end-point software including possibly ensuring that the end-point security software can self-protect from having it shut down
  • always ensure that a manual update is properly taking place compared to automatic updates which leaves a window of opportunity for a possible network traffic colleration including possibly rogue and bogus update entering your network
  • ensure that you're not utilizing the cloud-database feature for the purpose of looking up your Web browsing history including possible host-based application execution which could lead to a possible data and end-point inventory colleration which basically leaves you with a properly secured "stripped" security solution that you can use to properly secure your end-point without the risk of having your Web browsing history exposes including your end-point application inventory which could lead to possible fingerprinting and inventory-mapping which could lead to possible targeted attacks

What would be an appropriate choice for a VPN-provider basically offering the necessary peace of mind in terms of network-based connectivity with privacy-enabled solutions in mind in terms of possible no-logs policy including related value-added features further enhancing the necessary privacy-based no-logs policy in today's modern Internet World with widespread surveillance and privacy-violations courtesy of the U.S Intelligence Community and various other rogue actors including nation-state and cybercriminals in general? Keep reading.

The next logical step would be to stay away from mainstream mobile devices citing potential Security and Privacy in mind including the use of a properly selected VPN service provider for the purpose of applying basic traffic obfuscation techniques including end-point network isolation in this particual context the end user and the organization should definitely look forward to implement a possible VPN provider actually "mixing" public legitimate jurisdiction-aware infrastructure with privacy-aware public or proprietary network technology - in this particular case VPN2Tor type of technology.

Mainstream VPN provider as an entry point to a proprietary hardened and privacy-features tailored network - such as for instance the Tor network - NordVPN is a highly recommended solution against "ABSOLINE EPILSON" type of end-point colleration-based targeting type of attacks. What do I have in mind? Basically the off-the-shelf commercial vendor is also currently capable of offering VPN2Tor type of access which basically offers a variety of privacy-enhancing features which basically can offer stealth and commercially-relevant solution which basically combines VPN functionality with access to the Tor Network which basically offers a high-degree of security and anonymity which can be used to protect against "ABSOLINE EPILSON" type of attacks in terms of traffic and geographical location deniability including possibly offering limited data-colleration capabilities on behalf of U.S Intelligence Agencies.


A proprietary off-the-shelf VPN service provider basically taking you a step higher in preserving your online privacy by introducing and actually providing a unique set of no-logs jurisdiction-aware type of encryption-protocols and basic traffic-mixing tactics and strategies - Cryptohippie.

Want to find out more? Are you interested in a possible evaluation of your organization's Security Project or Security Product in terms of a Security Assessment or a possible OPSEC (Operational Security) based Privacy Features Evaluation? Interested in inviting me to speak at your event including possible sensitive and classified project involvement?

Feel free to reach me at dancho.danchev@hush.com

Stay tuned!
Continue reading →

Exposing a Currently Active Stolen Credit Cards E-Shop - An OSINT Analysis

0
March 25, 2021

I've recently came across to a currently active cybercrime-friendly online E-shop for stolen credit cards which basically empowers its customers with the necessary information including actual stolen and compromised credit cards information for the purpose of allowing them to obtain access to such type of information and I've decided to offer an exclusive peek inside the inner workings of the E-Shop with the idea to assist U.S Law Enforcement and the U.S Intelligence Community on its way to track down and prosecute the cybercriminals behind these campaigns.

Sample screenshots of the cybercrime-friendly E-shop offering access to stolen and compromised credit cards information:
 






Related URLs known to have participated in the campaign:
hxxp://thefreshstuffs.at
hxxp://thefreshstuffs.ru

We'll continue monitoring the campaign and post updates as soon as new developments take place.

Continue reading →
Subscribe to: Comments (Atom)