NSA's Terrorist Records Database

Right on time! Inside sources -- this is a creative spoof -- at the NSA finally coordinated their intelligence sharing efforts with the Patriot Search, and came up with a public database giving you the opportunity to lookup your entire neighborhood for suspicious relations with the Middle East.

What's the bottom line? Keep your friends close, your intelligence buddies closer!

Interested in Anti-Terror tips? Follow these :

- Use email software with strong encryption to prevent terrorists from reading your email
- Encrypt the files on your computer using strong encryption such as PGP to prevent terrorists from accessing your files
- Browse the web using an anonymous proxy to prevent terrorists from seeing what sites you visit
- Insist that electronic voting machines provide you with a traceable paper receipt so you can ensure that terrorists haven't altered the electronic ballot
- Report all behavior, especially if it is suspicious

The Freedom Tower - 11th September 2006

That's of course how it's gonna look like in 2012 -- true leaders never look into the past, they're too busy defining the future. Time goes fast given you're busy and always up to something -- disruption! I still clearly remember the moment when 9/11 happened and realize how much I've changed since then. Mixed thoughts started buzzing around my mind, the type of thoughts Cryptome's Daily Photos smartly emphasises on. Anyway, someone or something always has to, either be the result, the consequence, or the foundation for the next stage. I'll leave it open to interpretations on what interacts with what :

Cold War <=> Defense/Intelligence spending/Innovation <=> Post 9/11 World
Terrorist <=> Ideology <=> War
Foreign policy <=> Terrorism <=> Geopolitical dominance
Terrorism <=> OSINT <=> Intelligence
Civil Liberties <=> Terrorism <=> Surveillance
Poverty <=> G8 <=> Developed world
Space exploration budget cuts <=> Terrorism <=> Alternative energy sources development
Paranoia <=> Terrorism <=> Security services/products market growth

I can keep on going, but that's not the point, the point is how globalisation is acting as a double edged sword, and so is paranoia, still, keep in mind that there're one million other ways to get killed compared to a terrorist attack.

There've always been and will always be "bad guys", "good guys", and "greyhat guys" -- barking dogs of course -- trouble is knowing whom to trust at a particular moment in time. I can easily argue that during the past five years, all the "bad guys" had to do was to go through the press and come up "future long term strategies" perceptional enough to shock and awe "the infidels". My point is that, OSINT is also a double edged sword, useful and dangerous to both parties. As far as the infidels are concerned, I'm not one - I believe in myself!

Underestimating an adversary is much worse than overestimating it, just cut using terrorism as the excuse for everything you do, or are about to do, which is as subjective as China's economy taking over the world -- something neither the "bad guys" nor China would do.

Related posts:
Terrorism
Data mining, terrorism and security
Terrorist Social Network Analysis
Benefits of Open Source Intelligence - OSINT
Visualization, Intelligence and the Starlight project
Cyber terrorism - don't stereotype and it's there!
Cyber terrorism - recent developments
Arabic Extremist Group Forum Messages' Characteristics
Tracking Down Internet Terrorist Propaganda
Cyber Terrorism Communications and Propaganda
Steganography and Cyber Terrorism Communications

A Study on The Value of Mobile Location Privacy

Right in between Flickr's introduction of geotagging, the term stalkerazzi got its necessary attention, then again it entirely depends on you to evolve as a Web 2.0 user and add more value to the ongoing folksonomy, or realize the possible privacy implications.

Yesterday, Danezis Cvrcek and Matyas Kumpost released an interesting study on The Value of Location Privacy :

"This paper introduces results of a study into the value of location privacy for individuals using mobile devices. We questioned a sample of over 1200 people from five EU countries, and used tools from experimental psychology and economics to extract from them the value they attach to their location data. We compare this value across national groups, gender and technical awareness, but also the perceived difference between academic use and commercial exploitation. We provide some analysis of the self-selection bias of such a study, and look further at the valuation of location data over time using data from another experiment."

While there're indeed privacy issues related to mobile devices, in the age of malware authors purchasing commercial IP Geolocation services to get a better grasp of the infected sample, and Google's growing concern on the use of networks such as Tor mimicking possible malicious bahavior you should ask yourself, what is it that you're trying to achive, Anonymity or Privacy preservation online and go for it without feeling like a hostage.

Email Spam Harvesting Statistics

Web application email harvesting has always represented an untapped threat, and it's not the basics of parsing or web application vulnerabilities I have in mind, but the already stored, in-transit, and saved contacts by infected people and their (insecure) platforms.

Malware is already averaging 1 piece in 600 social networking pages, which isn't surprising and is greatly proportional with the rise of web application vulnerabilities. Compared to personal data security breaches capable of providing the freshest and most recent emails of the parties involved, thus reseting a spammer's activities lifecycle, web email harvesting is still a rather common event.

Thankfully, there're already scaled initiatives such as the Distributed Spam Harvester Tracking Network making an impact :

"Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.

To participate in Project Honey Pot, webmasters need only install the Project Honey Pot software somewhere on their website. We handle the rest — automatically distributing addresses and receiving the mail they generate. As a result, we anticipate installing Project Honey Pot should not increase the traffic or load to your website."

Some current project statistics:
- Spam Trap Addresses Monitored - 1,354,582
- Total Spam Received - 1,464,090
- Total Spam Servers Identified - 499,310
- IPs Monitored - 611,368
- Total Harvesters Identified - 10,653

Donate a MX record, or get yourself an account and start contributing. On the other hand, the host that's web crawling for fresh emails today, will definitely match with the one found in a phishing email at a later stage -- the growing transparency and the pressure put on spammers inevitably results in the Ecosystem I mentioned in my Malware - Future Trends research.

Related posts:
The Beauty of the Surrealistic Spam Art
Real-Time PC Zombie Statistics
The current state of IP spoofing
Dealing with Spam - The O'Reilly.com Way

Benchmarking and Optimising Malware

With the growth and diversity of today's malware, performance criteria for a malicious code is reasonably neglected as a topic of interest, but that shouldn't be the case, as "the enemy you know is better than the enemy you don't know". As information warfare and malware often intersect for the purpose of balancing asymmetric forces, or conducting espionage, there're already research initiatives for multi-platform, multi-communication-environment code.
José M. Fernandez and Pierre-Marc Bureau constructively build awareness on how "the best is yet to come" in their research on Optimising Malware :

"In this paper, we address and defend the commonly shared point of view that the worst is very much yet to come. We introduce an aim-oriented performance theory for malware and malware attacks, within which we identify some of the performance criteria for measuring their “goodness” with respect to some of the typical objectives for which they are currently used. We also use the OODA-loop model, a well known paradigm of command and control borrowed from military doctrine, as a tool for organising (and reasoning about) the behavioural characteristics of malware and orchestrated attacks using it. We then identify and discuss particular areas of malware design and deployment strategy in which very little development has been seen in the past, and that are likely sources of increased future malware threats. Finally, we discuss how standard optimisation techniques could be applied to malware design, in order to allow even moderately equipped malicious actors to quickly converge towards optimal malware attack strategies and tools fine-tuned for the current Internet."

They've successfully distinguished the following generic and specific aim-oriented performance criteria :

Generic
- Number of hosts
- Persistence
- Anonymity

Fraud
- Money
- Credibility

Information theft
- Penetration
- Stealth
- Amount of information
- Host location

Access sale
- Upstream bandwidth
- Security

Destruction
- Propagation
- Upstream bandwidth
- Host location
- Damage

Information Warfare
- Speed
- Host Location
- Damage
- Exposure

Taking into consideration the OODA loop concept -- Observation, Orientation, Decision, Action -- the characteristics would get definitely improved with the time.

Related resources and recent posts:
Malware
Virus Outbreak Response Time
Malware Bot Families - Technology and Trends
Malware Statistics on Social Networking Sites

Google Hacking for Cryptographic Secrets

Interesting perspective, for sure could prove handy on a nation-wide scale. The concept of googling for private keys has been around for quite a while, and here's an informative paper emphasising on how Google can Reveal Cryptographic Secrets taking the topic even further :

"Google hacking is a term to describe the search queries that find out security and privacy flaws. Finding vulnerable servers and web applications, server fingerprinting, accessing to admin and user login pages and revealing username-passwords are all possible in Google with a single click. Google can also reveal secrets of cryptography applications, i.e., clear text and hashed passwords, secret and private keys, encrypted messages, signed messages etc. In this paper, advanced search techniques in Google and the search queries that reveal cryptographic secrets are explained with examples in details."

Comments on : Hashed passwords, Secret Keys, Public Keys, Private Keys, Encrypted Files, Signed Messages -- external comments on packed binary patterns, malware functions, and the malware search engine itself.

Google is so not the root of the problem, althrough at least theoretically malicious web crawling is indeed possible. Seems like patterns come useful to both sides of the front -- and everyone in between.