Able Danger's Intelligence Unit Findings Rejected

The much hyped Able Danger Intelligence unit which has supposedly collected and identified information on the 9/11 terrorist attacks claim was officially rejected :

The report found that the recollections of most of the witnesses appeared to focus on a “single chart depicting Al Qaeda cells responsible for pre-9/11 terrorist attacks” that was produced in 1999 by a defense contractor, the Orion Scientific Corporation.

While witnesses remembered having seen Mr. Atta’s photograph or name on such a chart, the inspector general said its investigation showed that the Orion chart did not list Mr. Atta or any of the other Sept. 11 terrorists, and that “testimony by witnesses who claimed to have seen such a chart varied significantly from each other.” The report says that a central witness in the investigation, an active-duty Navy captain who directed the Able Danger program, had changed his account over time, initially telling the inspector general’s office last December that he was “100 percent” certain that he had seen “Mohamed Atta’s image on the chart.”

Issues to keep in mind:
- the chaotic departamental information sharing or the lack of such, budget-deficit arms race, thus departments wanting to get credited for anything ground breaking
- prioritizing is sometimes tricky, wanting to expand a node, thus gather more intelligence and more participants might have resulted in missing the key ones, marginal thinking fully applies
- OSINT as this Social Network Analysis of the 9-11 Terror Network shows, is an invaluable asset and so is the momentum and actual use of the data

Despite that if you don't have a past, you're not going to have a future, true leaders never look into the past, they shape the future and don't mind-tease what they could have done. Necessary evil moves the world in its own orbit now more than ever, and if you really don't have a clue what I'm trying to imply here, then you're still not ready for that mode of thinking.

So, the man who knew, but no one reacted upon his findings in a timely manner, or a case-study of how terrabytes of mixed OSINT and Intelligence data weren't successfully data mined? I go for the first point.

Able Danger chart courtesy of the Center for Cooperative Research.

HP's Surveillance Methods

Seems like it's not just Board of Directors' Phone Records that were obtained by HP under the excuse of enforcing an exemplary corporate citizenship, but on pretty much everyone that communicated with them or is somehow in their circle of friends -- no comments on the boring minutes of meetings shared with the press as the main reason all this. Besides passing the ball to the next board member over who's been aware of, more details on the exact methods used by HP emerge :

- HP obtained phone records for seven current or former HP board members, nine journalists, and their family members;

- HP provided investigators with the Social Security number of one HP employee, in addition the Social Security numbers of 4 journalists, 3 current and former HP board members, and 1 employee were also obtained by investigators;

- HP investigators attempted to use a tracer to track information sent to a reporter;

- The concept of sending misinformation to a reporter and the contents of that email were approved by Mr. Hurd, although no evidence was found to suggest that he approved the use of the tracer for surveillance;

- Investigators hired by HP monitored a board meeting, a trip to Boulder taken by a board member, as well as the board member's spouse and family members;

- In February of 2006, investigators watched a journalist at her residence and in February of 2006 “third party investigators may have conducted a search of an individual’s trash.”

By the time HP provided the associated parties SSNs, they've pretty much left them on the sharks to finish the rest, disinformation though, is something I previously thought they didn't do, but with dumpster diving in place as well, I guess they did order the entire all-in-one surveillance package.

Megacorp ownz your digitally accumulated life, and yes, it can also engineer and snoop on your real one. All they were so talkative about, is publicly available information that every decent analyst should have definitely considered starting from HP's historical performance as a foundation for future speculations. In between HP is (was) also sponsoring a Privacy Innovation Award.

Who's the winner at the bottom line? That's ex-CEO Carly Fiorina -- phone records also obtained -- whose upcoming book will profitably take advantage of the momentum.

Hezbollah's DNS Service Providers from 1998 to 2006

Nice visual representation trying to emphasize on the U.S hosting companies connection :

"In the following, we examine the Hizballah domains in light of which companies have provided DNS service. A domain's whois record specifies DNS servers, and the DNS servers tell browsers what IP address/server is currently hosting the domain. This is a mission critical service without which the domains in question would be unreachable. Despite the fact that Hizballah is a designated Terrorist entity in the United States, American companies have been, and continue to be the primary providers of service to Hizballah. We now know of 40 domains of Hizballah, based largely on a list provided by Hassan Nasrollah on a previous incarnation of his own web site. Of those 40 domains, 23 are now or have been provided DNS services by Alabanza Inc. of Baltimore, Maryland. No other provider comes close. Alabanza's domain name registration business, Bulkregister, is Hizballah's registrar of choice. See our report regarding the registrars of Hizballah's domains."

Who knew Hezbollah are indeed the rocket scientistics they pretend to be? UAVs, night vision gear, SIGINT gear, or has rocket science became so "outsourceable" nowadays?

Cyberterrorism isn't dead, it's just been silently evolving under the umbrella provided by the mainstream media -- wrongly understanding the concept, and stereotyped speculations.

Interesting Anti-Phishing Projects

Seven anti-phishing projects, I especially find the browser recon and countermeasures one as a trendy concept, as phishers are already taking advantage of vulnerabilities allowing them to figure out a browser's history, thus establish a more reputable communication with the victim -- adaptive phishing.

01. Social Phishing
The fundamental purpose of this study was to study the effects of more advanced techniques in phishing using context. Receiving a message from a friend (or corroborated by friends), we hypothesized the credibility of the phishing attempt would be greater

02. Browser Recon and Countermeasures
One can use a simple technique used to examine the web browser history of an unsuspecting web site visitor using Cascading Style Sheets. Phishers typically send massive amounts of bulk email hoping their lure will be successful. Given greater context, such lures can be more effectively tailored---perhaps even in a context aware phishing attack

03. Socially Transmitted Malware
People are drawn in by websites containing fun content or something humorous, and they generally want to share it with their friends. This is considered social transmission: referral to a location based on reccommendation of peers. We measured possible malware spread using social transmission

04. Phishing with Consumer Electronics: Malicious Home Routers
It is easy to "doctor" a wireless router like the ones found at home or at a local WiFi hotspot to misdirect legitimate browser links to phoney and often harmful website.

05. Net Trust
Individuals are socialized to trust, and trust is a necessary enabler of e-commerce. The human element is the core of confidence scams, so any solution must have this element at its core. Scammers, such as phishers and purveyors of 419 fraud, are abusing trust on the Internet. All solutions to date, such as centralized trust authorities, have failed. Net Trust is the solution -- trust technologies grounded in human behavior

06. A Riddle
Could your browser release your personal information without your knowledge?

07. Phroogle
Exploiting comparison shopping engines to bait victims

You might also be interested in Google's Anti-Phishing Black and White Lists.

Airport Security Flash Game

Ever wanted to snoop through the luggage of others in exactly the same fashion yours gets searched through? Try this game, and make sure you keep an eye to the instantly updated "dangerous items" unless you want to be held responsible, and lose your badge.

Soviet Propaganda Posters During the Cold War

Posters are a simple, yet influential form of PSYOPS, and their type of one-to-many communication method successfully achieves a decent viral marketing effect. Here's an archive of Soviet propaganda posters against the U.S during the Cold War you might find entertaining -- here's part 2. "Capitalists from across the world, unite!"

North Korea's not lacking behind, and despite the end of the Cold War, is still taking advantage of well proven and self-serving psychological techniques to further spread their ideology.

Here are some collections of ITsecurity related ones as well.