Taboo Terminology December 9, 2014 0

cointelproThe FBI began COINTELPRO—short for Counterintelligence Program—in 1956 to disrupt the activities of the Communist Party of the United States. In the 1960s, it was expanded to include a number of other domestic groups, such as the Ku Klux Klan, the Socialist Workers Party, and the Black Panther Party. All COINTELPRO operations were ended in 1971. Although limited in scope (about two-tenths of one percent of the FBI’s workload over a 15-year period), COINTELPRO was later rightfully criticized by Congress and the American people for abridging first amendment rights and for other reasons.

Read more
Recommendations for the Hacktivist Community

Statement of Purpose

I have been observing the hacker and hacktivist communities, at times very
closely, for many years. The exact definition of “hacker” and “hacktivist”
varies from author to author, so I shall make my interpretation of these words
very clear. Let us define a “hacker” as someone who utilizes their knowledge of
computers and of computer networks to make money via illegitimate means. Let us
define a “hacktivist” as someone who utilizes their knowledge of computers and
of computer networks to do justice when justice is not done by the state. I
have found that these two communities are inextricably linked, yet remain
completely separate entities. Many hackers double as hacktivists in their spare
time, although most hacktivists do not fancy themselves hackers.

Although hackers turned hacktivists have the very best of intentions, and their
input and expertise is of great value to the hacktivist community, they have
inadvertently suppressed the potential of the very community they are trying to
aid. The get-in-get-the-goods-get-out methodology of the stolen credit card
driven hacker community that has been transfered to the hacktivist community
via ideological osmosis has tragically affixed blinders to it. It has caused
the hacktivist community to think linearly and strive to do nothing more than
to blindly infiltrate target organizations and immediately leak whatever data
they happen to stumble across. This must change. Stealing and leaking data
makes a point, but it is sometimes necessary to do more than just make a point,
to inflict real, measurable damage. In certain, extreme cases an organization’s
disregard for human rights warrants its immediate and complete obliteration.

In this essay, I will discuss a multitude of ideological, operational, and
technical changes that ought to be made to the hacktivist community. These
proposed changes have been derived from my personal observations. Some will
find the ideas contained within this document to be the product of common
sense. I have found these people to be few in number. If the community accepts
my suggestions it will not only become more effective, but the risks associated
with participating in it will be drastically lowered. My intent in writing this
is not to aid criminals, but rather to aid people who wish to do battle with
governments and corporations that have become criminals. If freedom is to
remain on this earth, its people must be willing and able to take arms to
defend it, both physical and digital.









Personal Security

Sound operational security is the foundation from which all effective
cyber-offensives are launched. You should, at all times, put your own, personal
security above the success of your operations and interests. The security
precautions taken by most hacktivists I have met are mediocre at best, and
needlessly so. Maintaining sound personal security is by no means difficult. It
requires much caution but very little skill. I have devised a series of
security precautions that hactivists should take and divided them up into six
main categories: environmental, hardware, software, mental, pattern related,
and archaeological. We shall examine each individually.

(1) Environmental:

There are but two places you can work: at home or in public. Some people insist
that working at home is best and others insist that working in public is best.
The proper working environment debate has been raging on in the hacker
community for quite some time now, and has great relevance to the hacktivist
community, as most governments view hackers and hacktivists as one in the same.
Proponents of the “work in public” argument claim that by always working at a
different public location, you significantly lower your chances of being
apprehended. They argue that even if the authorities are able to trace many of
the cyber-attacks you took part in back to the public places where you took
part in them from, that does not bring them any closer to finding you. Most
retail stores and coffee shops do not keep surveillance footage for more than a
year at the most, and even if the authorities are able to get a photo of you
from some security camera, that does not necessarily lead them directly to your
front door, especially if you wore a hoody the entire time you where working
and the camera never got a clear shot of your face. On the other hand,
proponents of the “work at home” argument argue that the risk of being seen and
reported, or merely recorded while working in a public place far outweighs the
benefits of the significantly large increase in anonymity that working in
public provides. Both sides have legitimate points, and I urge you to consider
both of them.

If you decide to work in public, the number one threat you face is other
people. Numerous large criminal investigations have been solved using the
observations of average everyday citizens who just happened to remember seeing
something suspicious. If people sense that you are trying to hide something,
they will watch you more closely than they would otherwise. It is important to
always “keep your cool” as the old saying goes. Always try to sit in such a way
that your screen is facing away from the majority of the people in the room you
are sitting in. Corners are your friend. Try to blend in with the crowd. Dress
in plain cloths. Draw no attention. If you are in a coffee shop, sip some
coffee while you work. If you are in a burger joint, buy a burger. If you are
in a library or book store, set a few books beside your laptop. Also, be very
aware of security cameras, both inside the establishment you are working in as
well as on the street near it. Being captured on film is alright as long as the
camera can not see what is on your screen. Some store cameras are watched by
actual people who will undoubtedly report you if they find out what you are
doing. More and more governments are starting to place very high quality CCTV
cameras on their streets to monitor their citizens, and these devices can be a
problem if they are peering over your shoulder through a window you are sitting
beside. When working in public, it is possible that you may have to confront a
law enforcement officer face to face. Law enforcement officers can smell
uneasiness from a mile away, and if you look like you are up to no good it is
possible that a cop will come and talk to you. Always have some sort of cover
story made up before you leave home to explain why you are where you are. If
you are forced to confront a law enforcement officer you should be able to talk
your way out of the situation.

If you decide to work at home, the number one threat you face is your own ego.
Just because you are at home does not mean that your working environment is
secure. Be aware of windows in close proximity to your computer as well as your
security-illiterate or gossipy family members. Security issues in relation to
network configuration begin to come into play when you work at home. If your
computer were to somehow get compromised while you are working at home,
perhaps by your government, it would be nearly impossible for the person or
group of people rummaging around inside of your system to get your actual IP
address (provided that you adhere to the software security guidelines that we
will discuss later). However, if your wi-fi password (or the name of your
printer, or the name of another computer on the network) contains your actual
last name and part of your address, tracking you down becomes very easy. A lot
of people name their network devices and structure their network passwords in
this way.

It is also possible that if an attacker that has infiltrated your computer
notices other machines on your network they can pivot to them (infect them with
malware using your computer as a spring board of sorts) and use them to get
your IP address. A lot of Internet enabled household devices have cameras on
them (your smart TV, your Xbox, and your high tech baby monitor to name a few)
and said cameras can potentially be leveraged against you. It is in your best
interest to not have any other machines running on your home network while you
are working. Also, change your wi-fi password every once in awhile and make
sure that the password on the administrative interface of your router is
something other than the out-of-the-box default. If your computer gets
compromised, logging into your router using username “admin” and password
“admin” is elementary for a moderately skilled attacker. Most modern routers
list their WAN IP address on their control panels.

Regardless of where you decide to work, be aware of mirrors and glass picture
frames near your workplace. In the right light, both of these items have the
potential to reflect crystal clear images of your screen to onlookers across
the room. In addition to this, understand that modern cell phones are your
worst enemy. Not only are they always going to be the weakest link in your
security setup, but if they are somehow compromised they are equipped with a
camera and microphone. Recent studies suggest that it is possible for smart
phones to listen to the high pitched noise your CPU makes and deduce your PGP
private key. Furthermore, the metadata collected by your phone coupled with
pattern analysis techniques could potentially allow your government to link
your real life and online personas together after some time. We will discuss
this in depth later. Leave your phones at home and if possible keep all phones,
yours or otherwise, far away from your computer. Other portable devices such as
iPods and tablets potentially pose the same risk that phones do and should be
treated the same.

(2) Hardware:

Modern computers come equipped with microphones, speakers (which can be used as
microphones under the right circumstances), and cameras. All of these features
can potentially be leveraged to identify you if your computer is compromised.
To mitigate these risks, these features should be physically removed. Your
computer’s microphone and speakers should be ripped out of it, but you should
not rip out your web cam, as it will alter the outward appearance of your
computer and potentially draw attention to you. Instead, open your computer’s
screen and snip the wires that connect to your web cam. Wrap the ends of the
wires in electrical tape so sparks do not jump in between them. If you must
listen to an audio file while working, use headphones. Only keep your
headphones plugged into your computer when you are using them. The computer you
use for your hacktivist activities also should not contain a hard drive, as
they are unnecessary for our purposes.

(3) Software:

Always use a TOR enabled Linux live system when working. At the present moment,
Tails (The Amnesiac Incognito Live System) is by far the best live distribution
for your purposes. You can read more about TOR at and you
can read more about acquiring, setting up, and using Tails at
The Tails operating system lives on a USB flash drive. Every time you start up
your computer, you must first insert your Tails flash drive into it. The Tails
website will guide you through making said flash drive. Tails will
automatically direct all of your outgoing traffic into the TOR network in an
effort to hide your IP address. If you use Tails you will be completely
anonymous and be able to work with impunity provided that:

* You keep your Tails USB up to date. New versions of the Tails
operating system are released every few months.

* You do not login into your “real world” accounts while using Tails.
Do not check your Twitter feed while you are working.

* You do not use Tails to create an account with an alias that you have
used before. If you have been “0pwn” for the past seven years, now
is a good time to stop being 0pwn.

* You do not alter Tails’ default security settings. They are the way
they are for a reason.

* You do not use Tails to create an online account with a password that
you have used before. Doing this only makes deanonymizing you easier.

* You do not install and use random packages that “look cool”; they
could be miscellaneous. Only use packages and scripts that you trust.
Tails is not bullet proof.

* If you decide to set a sudo password when starting up Tails, make
sure that it is very strong.

* You stay conscious of metadata analysis techniques. We will discuss
these later.

* You switch exit nodes every ten to fifteen minutes. This can be done
by double clicking the little green onion in the upper right hand
corner of your Tails desktop and hitting the “Use a New Identity”

* You follow the communication guidelines laid out later in this

More information can be found on the Tails warning page:
doc/about/warning/index.en.html. Be aware that it is very easy for your ISP
(which is probably working closely with your government) to tell that you are
using both TOR and Tails. It is probably in your best interest to use something
called “TOR bridge mode”. You can read more about how to configure Tails to
use TOR bridges here:

Tails is unique in that it has a special feature that wipes your computer’s
memory before it shuts down. This is done in order to mitigate risks associated
with the dreaded “cold boot attack” (a forensics method in which a suspects RAM
is ripped out of his or her computer and then thrown into a vat of liquid
nitrogen to preserve its contents for later analysis). This feature is also
triggered if you pull your Tails flash drive out of your computer while you are
working. If while you are working you ever feel that the authorities are about
to move in on you, even if you have a seemingly irrational gut feeling, yank
your Tails flash drive out of your computer. Tails also has a feature that
allows it to disguises itself as a Windows desktop. Using this feature in
public will reduce your risk of capture significantly.

(4) Mental:

A skilled attacker is well disciplined and knows that he must keep his actions
and skills a secret in order to remain safe from harm. Do not flaunt the fact
that you are dissatisfied with your government, a foreign government, or a
particular corporation. Do not attend protests. Do not publicly advertise the
fact that you have an above average aptitude for computer security offensive or
otherwise. And whatever you do, do not tell anyone, even someone you think you
can trust, that you are planning to launch an organized cyber-attack on any
organization, big or small. If you draw attention to yourself no amount of
security precautions will keep you safe. Keep your “real” life mentally
isolated from your “hacktivist” life. One lapse in operational security could
end you.

Be alert and focused. Remain mentally strong. Come to terms with the illegality
of your actions and what will happen to you if you are apprehended. As a wise
man once said, “A warrior considers himself already dead, so there is nothing
to lose. The worst has already happened to him, therefore he’s clear and calm;
judging him by his acts or by his words, one would never suspect that he has
witnessed everything.” It is perfectly acceptable to be paranoid, but do not
let that paranoia consume you and slow your work. Even if you are extremely
cautious and follow this document’s advice to the letter, you still may be
hunted down and incarcerated, tortured, or killed. Some countries do not take
kindly to hacktivists. It is best that you be honest with yourself from the
beginning. In order to operate effectively you must be able to think clearly
and see the world as it actually is.

(5) Pattern Related:

When your online persona is active your real life persona ceases to exist, and
an observant adversary can use this to their advantage. If your ISP, bank, and
mobile phone provider are “cooperating” with your government and allowing them
to browse through all of their records (a fair assumption in this day and age)
then, eventually, they will be able to deduce your real identity by comparing
everyone’s data to information about your online persona. If the government
looks backs on all of the records they have collected in the past year and
notice that you never make a credit card purchase, watch Netflix, go on your
Facebook, Google, or Twitter account, or change your physical location while
1337Hax0r64 is online on some anti-government forum on the deep web, they will
assume that you are 1337Hax0r64. Even information about your home network’s
bandwidth usage can give away your real identity.

Luckily, performing the type of metadata analysis attack described above takes
time, usually many months. It is very important that you change aliases often,
preferably every three or four months. Shed your old names like a snake sheds
its skin. When you do change your online name, make sure your new identity
can not be tied back to your old one.

DO NOT not launch cyber-attacks from your own computer. Launch attacks only
from hacked servers, servers purchased with washed bitcoins, or free shell
accounts. Certain types of cyber-attacks produce a large amount of traffic over
a short amount of time. If the bandwidth usage of your home network spikes at
the same instant that a government or corporate server is attacked, the time it
takes to deanonymize you is reduced significantly. This is especially true if
you launch multiple attacks on multiple occasions. Launching attacks in this
way can be mentally exhausting. Configuring a new attack server with your tool
set every time your old attack server is banned (an inevitable occurrence) can
be a tedious task indeed. I personally recommend creating a bash script to
automatically install your favorite tools to make this transition process
easier. Most hackers and offensive security professionals use under thirty
non-standard tools to do their job, so configuring a new server with everything
you need should not take very long if you know what you are doing. Consider
equipping your server with TOR and a VNC server (for tools that require GUIs
such as most popular intercepting proxies) as well.

(6) Archaeological:

You must insure that there is no forensics evidence of your actions, digital or
otherwise. If the government breaks into your house and rummages through your
things, they should find nothing interesting. Make sure that you never make any
physical notes pertaining to your hacktivist activities. Never keep any
computer files pertaining to your hacktivist activities in your home. Keep all
of your compromising files, notes, scripts, and unusual attack tools (the ones
that can not be installed with apt-get or the like), and stolen information in
the cloud. It is recommended that you keep all of your files backed up on
multiple free cloud storage providers so that in the event that one of the
providers bans your account you still have all of your data. Do not name your
cloud accounts in such a way that they can be connected back to your online
persona. Never, under any circumstances, mention the names or locations of your
cloud accounts to the people you work with. Always hit the “Use New Identity”
button on your TOR control panel after accessing your cloud storage solutions.
Every time you shed your old alias, shed your old cloud accounts.

Security of Communications

The majority of hacktivists I have met communicate via public IRC. Using IRC is
fine for meeting other hacktivists, but as soon as you muster a team of other
hacktivists who wish to attack the same target as you, move to another more
secure form of communication. Some means of communication are more secure than
others, but completely secure communication does not exist. The following
guidelines are meant to work in conjunction with the personal security
guidelines that where discussed in the previous section. If proper personal
security measures are implemented effectively, compromised communication will
result in operational failure at worst and not complete deanonymization. Since
operational failure may very well set you and your cause back several months,
it is in your best interest to attempt to communicate securely:

* Remember that any of the people you meet on the clearnet, deep web,
or public IRC channels who claim to be on your side could actually
be government agents trying to sabotage your operations.

* If possible, communicate mainly via privacy friendly email accounts
(not Gmail, Yahoo, AT&T, etc.) and encrypt all of your messages with
PGP. When a cyber-attack is being carried out it is often necessary
to be able to communicate with your accomplices instantaneously.
Since encrypting, sending, receiving, and decrypting messages by hand
takes time, using PGP in time sensitive situations like this is not
feasible. If you have to confer in an IM environment, use a program
like TorChat that uses its own form of asymmetric encryption to send
and receive messages instantly.

* Use strong passwords for all of your online accounts. The best way to
make a strong password is to pick eight or nine random words and
string them together. Passwords like this are easy to remember but
hard to guess.

* Never give away any personal information (such as country, interests,
hobbies, health, etc.) or give insight into your feelings or
emotions. Your fellow hacktivists are not your friends and should
never be talked to as such. Giving away this sort of information will
make tracking you easier.

* When you receive messages, do not retain them, even if they are
encrypted. Read them, make note of any hard to remember details
(like long server passwords for example), and then delete them.
Having a mile long digital paper trail can not lead to anything good.
In some cases deleted messages on email serves can be recovered via
computer forensics, but deleting messages quickly may reduce the odds
that they can be.

* When typing messages, do so in a word processor on your computer.
Never write your message inside of a communication program (such as
an online email client, forum PM box, etc.). People have been known
to accidentally send unencrypted messages before. The effects of such
an error can be devastating.

* If you find yourself writing large swaths of text intended for public
release (like essays or manifestos) use a tool like Anonymouth to
obscure your writing style. Your writing style is as unique as a
finger print and can be used to identify you.

* Never, under any circumstances, execute a file on your computer or on
your server that has been given to you by a fellow hacktivist. You
should never run into a situation where doing this is necessary.

* Do not disclose information about your involvement in previous
hacktivist operations to people who where not also part of the same

* If one of the people that you are working with gets captured, assume
that the people who have captured them know everything that they do.

Philosophy of Attacking

The hacktivist community, like every community, has its own unique set of
philosophical musings, taboos, and dogmas. While I do not advocate the severe
alteration of the principles and philosophies on which the community was built,
I do wish to point out a number of flaws in certain aspects of their
composition. These flaws serve only to hold back the community and should be
openly discussed.

(1) When hacktivists target an organization, their goal is more often than not
to force said organization to stop functioning permanently, or at least for the
longest time possible, in an effort to stall unjust actions from being carried
out or to seek retribution for unjust actions done in the past. Leaking
databases, DoXing influential individuals, defacing websites, and launching
massive DDoS campaigns, four of the modern hacktivist community’s favorite
activities, accomplish this goal – to an extent. Infiltrating a target
organization and sowing discord within its ranks is magnitudes more effective
than leaking credit card numbers or putting a CEO’s social security number on
Pastebin, yet it is rarely, if ever, considered to be a viable course of
action. Subtly and silently fostering suspicion and distrust inside of your
target will have a longer lasting impact than simply pointing out that its
security policy has some weak points.

(2) Hacktivists crave publicity, yet they are the most effective when they
operate undetected. Stay hidden. Although it may seem tempting at times, do not
destroy large amounts of information on your target’s computers or servers.
Doing so will announce your arrival inside of your target’s network rather
loudly. Flashy, public displays of power have no place in the hacktivist
community. Just because you are hiding behind TOR does not mean that you should
not make an effort to cover your tracks. Conceal your attack not to mask your
identity, but to convince your target that no attack was carried out in the
first place.

(3) Once your hacktivist collective has decided to attack an organization,
strike fast and strike hard. Overwhelm your target. A well disciplined and well
organized team of attackers can penetrate most networks within a few hours.
Far too often I have seen hacktivist collectives declare all out war on someone
and then attack them slowly and gain entry into their network days, sometimes
even weeks later. By attacking slowly, you give your target time to react and
strengthen their defenses. Detecting an attack from a large hacktivist
collective is a trivial task, but as history has shown detecting the presence
of one inside of a network, especially a large network, can be tricky.

(4) Cyber-attacks seldom go as planned. If you are attempting to do anything
that involves the coordination of more than two people, keep this in mind. It
is not uncommon for tools to stop working in the middle of an attack. It is not
uncommon for reverse shells to die unexpectedly. It is not uncommon for
seemingly simple actions to take hours to perform. You must be ready to think
on your feet and quickly adjust your attack plan to accommodate the ever
changing conditions within the network you are attacking. Predefined
contingency plans are mostly useless.

(5) Remember that no system is impenetrable. On more than one occasion I have
seen hacktivists give up on trying to infiltrate a target network because their
Nessus scan did not yield any useful results. As a hacktivist, you are not
bound by the typical constraints of a pentester. If you can not successfully
attack a website, try attacking its hosting provider. Try attacking the
administrator’s email account. Try going after random social accounts belonging
to the administrator’s family. Try planting iframes in websites you suspect the
administrator frequents in an effort to infect him. If you cause extensive
collateral damage, who cares? It is not your problem. Sometimes the ends
justify the means. Be creative.

(6) Many hacktivists possess unrealistic, self-constructed mental images of the
ideal cyber-attack. In the majority of these movie-induced delusions, the ideal
attack utilizes numerous 0days, an arsenal of home made tools, and highly
advanced, unimaginably complex network intrusion techniques. In reality, this
type of thinking is incredibly dangerous and causes some hacktivists to attempt
to perform convoluted, elaborate attacks to gain the respect of their peers.
When breaking into highly secured networks, such attacks only draw unnecessary
attention. The best attacks are the ones that work. They are usually simple and
take little time to execute. Using sqlmap to spawn a shell on your target’s
server by exploiting a flaw in their website’s search feature is a viable if
not ideal attack. It allows you to access the inside of your target’s network.
Exploiting a vulnerable FTP daemon on one of your target’s servers using public
exploit code is a viable if not ideal attack. It allows you to access the
inside of your target’s network. Using Metasploit in conjunction with a fresh
Gmail account to launch a phishing campaign against your target’s employees is
a viable if not ideal attack. It allows you to access the inside of your
target’s network. The media hates it when hacktivists use open source software
to do their work. Whenever a hacker or hacktivist is arrested for doing
something that involved using “someone else’s” tools, they are publicly
shammed. “Anyone could have done that” they say. “He’s just an unskilled script
kiddie” they say. Claiming that someone is less of a hacker solely because they
partially depend on someone else’s code borders on absurd. It amounts to
claiming that Picasso is a bad artist because he did not carve his own brushes,
synthesize his own paints, and weave his own canvas. Do not shy away from using
open source tools and publicly available information to accomplish your goals.
Hacking is an art, and nmap is your brush.

Organization and Formation

Most of the hacker and hacktivist groups I have observed are unorganized and
undisciplined. They claim to perform actions as a collective, yet when it comes
time to actually launch an attack they attempt to infiltrate their targets as
individuals, each member launching attacks of their own without making the
faintest attempt to coordinate their actions with others. Here I shall describe
a schema that could be easily adopted by any hacktivist collective to allow it
to facilitate highly coordinated attacks involving large numbers of attackers
with great ease. It will be presented as a series of steps.

Step One: Organize yourselves into multiple small groups. These groups shall be
referred to as strike teams. The ideal strike team is composed of three parts
attack specialists, two parts social engineering specialists. Attack
specialists should at least be able to identify and competently exploit
potential vulnerabilities in websites and be able to exploit vulnerable or
misconfigured services. Social engineering specialists should have at least
some real world experience before participating in a strike team. Attack
specialists should only concern themselves with launching attacks and social
engineering specialists should only concern themselves with social engineering.
Well-defined roles are the key to a strike team’s success. This configuration
will often create an abundance of social engineering specialists, and that is
perfectly acceptable. Having the capability to immediately launch multiple well
planned social engineering campaigns is crucial. The size of a strike team
will be determined by the skill of its members. Highly skilled individuals
should work in very small strike teams (five member teams are acceptable)
whereas unskilled individuals should work in larger strike teams (up to a few
dozen). The organization of strike teams should be coordinated as a collective.
No one person should be given the authority to sort people themselves. Strike
teams should function as “sub collectives” and be autonomous. Hacktivist
collectives are composed of people around the world, most of whom can not be
online all the time. This means that all strike teams should set themselves up
knowing that their members will pop on and offline and that it is possible new
members will have to be annexed at a later time.

Step Two: Within each strike team, agree upon a stratagem; a broad, realistic,
nonspecific plan of action that aims to accomplishes one, very specific goal.
Strike teams should only execute one stratagem at a time. Multiple strike teams
within the same hacktivist collective can execute different stratagems at the
same time in an effort to accomplish some sort of final goal (perhaps to
destabilize an organization or to acquire trade secrets). The next section of
this essay is devoted solely to exploring the concept of stratagems and how to
best form and use them. Strike teams should be allowed to do what they want,
but their initial stratagem should be approved by the collective so that no two
strike teams attempt to do the same thing at the same time.

Step Three: As a strike team, map your target’s attack surface. If multiple
strike teams are all attacking the same network, they should share information
very closely in this step. It is very possible that multiple strike teams
working together to accomplish the same goal could actually be attacking
different networks, in which case mapping should be done within individual
strike teams. Each member of a given strike team should attempt to map the
target network themselves, and then members should compare information. It is
very unlikely that anything will be overlooked by every single member of the

Step Four: Divide your target network up into manageable chunks and assign
certain individuals within your team to each one of those chunks. Efficient
devision of labor is key to launching speedy attacks. Here is an example
involving a network composed of four servers (two SQL servers, a DNS server,
and a web server hosting a feature rich corporate site) and a strike team
composed of six attack specialists and four social engineering specialists:

* Have one attack specialist attack the SQL and DNS servers.

* Have one attack specialist attack the website’s multistage user
registration mechanism and login mechanism.

* Have one attack specialist attack the contact and session management

* Have one attack specialist attack any forms not assigned to other
attack specialists as well as any other potentially exploitable
scripts, pages, or mechanisms.

* Have one attack specialist and two social engineering specialists
attempt to launch some sort of phishing champaign against the
company’s employees.

* Have one attack specialist and two social engineering specialists
attempt to convince the company’s hosting provider that they are the
rightful owners of the company’s four servers and have been locked
out of their email account.

Step Five: Drill yourselves. This step is optional but highly recommended.
Procure a server with a large amount of RAM and multiple processors. Have one
member of your strike team set up a virtual network on it that, to the best of
your knowledge, mimics the network you are planning to attack. This one team
member should not participate in the drills themselves, and they should not
give other team members details pertaining to the virtual network. If you are
planning on attacking a large cooperation, set up the virtual network like a
large cooperate network with a labyrinth of firewalls, routers, switches, and
domain controllers. If you are planning on attacking a small cooperation or
home business, set up your network accordingly. You should never have to
visualize more than 12 workstations, even if your team is doing a complex
pivoting exercise. As a group, attempt to break into your virtual network and
execute your stratagem. The virtual network should be deliberately
misconfigured so that there is a way for your team to infiltrate it and
accomplish their simulated goal, but the misconfigurations should be extremely
subtle. The team should have to work very hard to find them. Run multiple
drills. After each drill, the misconfigurations in the network, and potentially
the layout of the network itself, should be altered to force your team to
attack it in a different way or to exercise a different skill. The purpose of
these drills are two fold. Firstly, they allow your team members to get
accustomed to working together. Secondly, they will prepare your team for the
day when they actually go up against your real target network.

Step Six: Execute your stratagem on your target network. Your strike team
should attack methodically and silently. Every member should know what they
need to do and how they need to do it. No mistakes should be made. Every tool
you use should be well honed and function flawlessly. Not a second should be
wasted. Use time to your advantage. Your target organization will be the most
unprepared for an attack in the middle of the night when all of its IT staff
are at home sound asleep. If your stratagem calls for being embedded in your
target network for a long period of time, tread very lightly once you
infiltrate it.

Interlocking Stratagems in Theory

In this section I will give multiple examples of stratagems that an actual
strike team could make use of. You should combine multiple stratagems to
accomplish your ultimate goal. Individual stratagems are like pieces of a
jigsaw puzzle, and are intended to be pieced together. A strike team should
execute multiple stratagems in succession, possibly in cooperation with other
strike teams in an effort to accomplish a common goal. This section is not
intended to be a play book. I encourage you to build off of my stratagems or,
better yet, devise your own. Some stratagems are:

(1) Collect information on individuals within the target organization. Mount a
phishing campaign against the organization and gain access to as many
workstations as possible. Once you have breached its network, do not pivot.
Attempt to locate any useful information on the workstations you have
compromised, and then remain in the network for as long as possible doing
nothing more than idly gathering intelligence.

(2) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Then, send a number of blatantly false
messages to one or more members of the organization using the credentials of
another member of the organization. Multiple false messages should be sent over
some period of time. When members of the organization begin to receive false
messages from their colleagues, distrust will begin to take root.

(3) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Then, devise some way to intercept and
inspect or modify messages in transit within the target organization
(essentially, perform a man in the middle attack). Every once in awhile, alter
a message in a subtle but disruptive way. Perhaps change a date or a time so
certain individuals do not arrive at their meetings on time or do not arrive at
all. Once you have reason to believe that your modifications have taken their
toll (i.e. the person you targeted missed their meeting), undo the changes you
made to the message you intercepted so upon audit it appears as though the
message was never tampered with. Doing this is usually hard to detect and will
slowly cause the target organization to destabilize itself as tensions between
individuals within it begin to rise and their employees begin to question their
own sanity.

(4) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Use the credentials of a high ranking
individual within the target organization to distribute a message that appears
to be from them that claims a terrible tragedy has occurred that warrants an
immediate, brash, resource intensive response from the rest of the
organization. You will most likely not be able to pull this off more than once.
This stratagem works especially well against militant groups with poorly
defined command structures but has other applications as well.

(5) Once inside of the target organization’s network, acquire a small amount of
classified data intended for the eyes of high ranking personnel only.
Strategically plant the data on the computer of one or more lower ranking
individuals. Make it look like an espionage attempt. If many key individuals
within the target organization are accused of trying to siphon out its secrets,
it will be forced to suspend a large portion of its operations while an
investigation is done.

(6) Use a DDoS attack to disrupt the target organization’s communications for a
short period of time when they are most in need of it. For a corporation, this
could be during an important international Skype call. For a government, this
could be immediately following a devastating attack from an insurgency group.
Doing this will cause panic, which will make the target organization
temporarily more susceptible to other kinds of attacks.

(7) Pose as a legitimate company selling legitimate software and befriend the
target organization. Create a piece of software with a very hard to detect
security flaw in it and sell it to them. The flaw could be as simple as a
poorly implemented encryption library or as complex as an insecure multistage
parsing algorithm. It must be incredibly subtle. So subtle that if it is
detected you will be able to write it off as unintentional. It should be
plausibly deniable. Once the target organization installs the vulnerable
software on their machines, leverage it to perform targeted attacks on key
individuals within it. Do not use it to infect entire subnets, as that will
draw to much attention.

(8) Locate a small software provider your target organization already does
business with and infiltrate their network by using other stratagems. Modify
their source code slightly so that their software becomes vulnerable to remote
attack. Do not modify just any code you come across, study the software
provider’s development process and target code that has already been checked
for bugs and is days away from being released to customers. When the target
organization installs the latest version of software from the company that you
have infiltrated, they will become vulnerable. Leverage this vulnerability to
perform targeted attacks on key individuals within the target organization. Do
not use it to infect entire subnets, as that will draw to much attention.

(9) Locate a small software provider your target organization already does
business with and infiltrate their network by using other stratagems. Most
software companies offer rewards to security researchers who find
vulnerabilities in their products. Determine how reported vulnerabilities are
managed by the company you have infiltrated and devise a way to monitor them
in real time. As soon as a security researcher reports a major vulnerability
in a product your target organization uses, use it to perform targeted attacks
on key individuals within it. Do not use it to infect entire subnets, as that
will draw to much attention.

(10) Using other stratagems, infiltrate the computers of a number of influential
individuals within the target organization. Monitor their activity constantly
and closely. If possible, listen to them through their computer’s microphone.
When you believe that one of them has left their computer, undo things they
have just done. Delete the last sentence they wrote. Hit the back button on
their web browser. Close the program they just opened. Over time, this will
lead them to question their sanity.

(11) Using other stratagems, infiltrate the computers of a number of influential
individuals within the target organization. Most modern governments and
corporations are at least partially corrupt. Find evidence of this corruption
and use it to compel one or more of these influential individuals to aid your
cause. If you are unable to find any evidence of corruption, do not be afraid
to bluff. If you make a mysterious window pop up on, say, a CFO’s computer that
alludes to some sort of dirty secret, it is very possible that the CFO will
assume that the hacker who caused the widow to appear knows something about
them that they actually do not. A lot of powerful people have skeletons in the
closet. The media has instilled a fear of hackers into the general populace,
and this fear can be used to your advantage. Most normal people, upon being
confronted by a hacker that has gained complete control of their computer, will
be inclined to believe plausible sounding white lies. Having an “inside man”
within your target organization can be extremely useful.

Interlocking Stratagems in Practice

In this section I shell present an example of a plausible situation that could
warrant the involvement of hacktivists and a corresponding attack loosely built
upon the stratagems from the last section. I have tried to make the situation
realistic, but it is very likely that if you use my writing to plan and execute
your own attack it will play out nothing like the attack depicted below. Most
actual attacks are far more complex than the one presented here. The purpose
of this example is to demonstrate the way in which multiple strike teams should
work together. Notice how at all times each team has one or more specific

Situation: A hacktivist collective has decided to attack the terrorist
organization Bina Al-ar-mal after they captured and executed a tourist in
Syria. Bina Al-ar-mal is believed to consist of over 40,000 people, has
hundreds of public Twitter feeds and Facebook accounts, and runs a small
terrorist news site hosted on a Russian server. It has three known leaders, who
we shall refer to as Head Terrorist 1, Head Terrorist 2, and Head Terrorist 3.
Twenty-seven hacktivists have joined the effort. They have been split into
three teams: team 1 consists of five of the most highly skilled hacktivists,
team 2 consists of seven moderately skilled hacktivists, and team 3 consists of
fifteen amateur hacktivists.

Time Line:

(Day 1, Hour 1) Team 1 is initially tasked by the collective with infiltrating
as many terrorist Twitter and Facebook accounts as possible. The team starts
enumerating the accounts immediately. They decide that no drill will be
executed, as breaking into Facebook and Twitter accounts is a trivial task.

(Day 1, Hour 1) Team 2 is initially tasked by the collective with infiltrating
the web hosting provider hosting the terrorist group’s website. They begin

(Day 1, Hour 1) Team 3 is initially tasked by the collective with attacking
Bina Al-ar-mal’s website directly. They begin to map the website.

(Day 1, Hour 2) Team 1 finishes enumerating the terrorist Facebook and Twitter
accounts. They begin attempting to break into them.

(Day 1, Hour 2) Team 3 finishes mapping Bina Al-ar-mal’s website and begins to

(Day 1, Hour 3) Team 1 has breached a few terrorist Facebook and Twitter
accounts. After examining their contents they determine that the terrorists
are using SpookyMail email service to communicate off of social media. A few
terrorist email accounts are identified and the team begins to try to break
into those as well.

(Day 1, Hour 3) Team 3 gains read/write access to a limited portion of the
server Bina Al-ar-mal’s website is hosted on. The other teams are alerted.
They set up a simple php based IP logger script to capture the IP addresses of
Bina Al-ar-mal members attempting to check their organization’s news feed.

(Day 1, Hour 6) Team 2’s reconnaissance ends. They have located the web hosting
provider and gathered information on said provider’s website and servers. They
begin attacking them.

(Day 1, Hour 7) Team 1 breaches their first few terrorist email accounts.

(Day 1, Hour 9) Team 2 locates a vulnerability in the the terrorist’s web
hosting provider’s website. They are not able to fully compromise any of their
servers, but they are able to get a list of customer names, domain names, and
billing addresses by exploiting a flaw in the website’s shopping cart feature.
Upon inspecting the list, they discover that the person paying Bina Al-ar-mal’s
hosting bill has a British billing address. The other teams are alerted and
Scotland Yard is notified of the terrorist threat immediately.

(Day 1, Hour 23) Team 1 is able to get Head Terrorist 1’s email address off of
the “contact” pane of one of the hacked terrorist email accounts. They make
ready for a spear phishing attack against him, but decide to wait some time to
launch it, as it is currently the middle of the night where Head Terrorist 1 is
believed to be.

(Day 2, Hour 3) Team 3 has gathered over seven thousand IP addresses of people
viewing Bina Al-ar-mal’s news feed and tries to attack them all using known
router vulnerabilities. When all is said and done they have infected
thirty-seven routers and forty-six workstations. They determine that
thirty-four of these work stations belong to active members of Bina Al-ar-mal.
They observe these workstations passively, hoping to gather information. The
other two teams are briefed on their success.

(Day 2, Hour 8) Team 1 launched a spear phishing attack against Head Terrorist
1 using the hacked email account of another terrorist.

(Day 2, Hour 9) Team 1’s spear phishing attack against Head Terrorist 1 is a
success. They now have full control over his Windows XP laptop and inform the
other two teams of their success. After searching the laptop’s hard drive and
downloading a half gigabyte of confidential documents and IM logs, the team
decides to plant a PDF of the Christian Bible on it along with some real
looking fake papers from the CIA. After gleaning Head Terrorist 2’s and Head
Terrorist 3’s email addresses from the stolen IM logs, the team sends them both
emails from the hacked email account of a lower level terrorist claiming that
Head Terrorist 1 is dirty.

(Day 2, Hour 9) Team 3 decides to take the sensitive information stolen from
Head Terrorist 1’s computer stolen by Team 1 along with other fake CIA
documents and place it on all thirty-four of the terrorist workstations they
control. They use a hacked email account belonging to an uninvolved terrorist
to inform Head Terrorist 2 and Head Terrorist 3 that Head Terrorist 1 is a
traitor an he has at least thirty-four moles inside of their organization, all
of whom they mention by name.

(Day 2, Hour 10) Head Terrorist 1’s laptop is searched by security forces under
the control of Terrorist 2. Head Terrorist 1 is determined to be part of the
CIA and is placed into a cell to be used as leverage against the United States.

(Day 2, Hour 17) Head Terrorist 2 and Head Terrorist 3 raid all thirty-four of
the suspected moles and find the planted documents. They begin to interrogate
all thirty-four of them in order to find out how deep the CIA has penetrated
their organization. None of them know anything but most of them make up real
sounding false information to make the interrogations end.

(Day 3, Hour 3) Team 1 determines that most remaining Facebook and Twitter
accounts can not be breached. Several team members leave and a few stick around
to try and finish off the remaining accounts.

(Day 6, Hour 17) Scotland Yard arrests the person allegedly paying for Bina
Al-ar-mal’s web hosting. It is later determined that the person is actually
part of a London-based Bina Al-ar-mal cell.

(Day 6, hour 20) Team 2 destroys Bina Al-ar-mal’s web site after catching word
of the Scotland Yard raid.

End Result: One of three head terrorists is being held by their own
organization as a traitor and thirty-four unrelated terrorists are being held
by their own organization and brutally interrogated about actions they did not
commit. One terrorist is in the custody of the Scotland Yard, and a British
terror cell has been exposed. Bina Al-ar-mal’s entire communication network is
compromised (but they do not know that yet), and their website has been taken
offline permanently. All members of Bina Al-ar-mal are now becoming
increasingly suspicious of their fellow members and the hacktivist collective
is now in a position to launch further attacks on Bina Al-ar-mal (using the
compromised email and social media accounts) at a later time. This has all been
accomplished in under a week.


My public key is available here:

SHA1: cb36db996bb684e569663ca7b0d93177ecc561be

Grab it while you still can.

Disclaimer: All information provided in this document is for educational
purposes only. The ideas presented here are solely academic and should never be
acted upon or put into practice. The author of this document will not be held
responsible in the event any criminal or civil charges be brought against any
individuals misusing the information in this document to break the law.



Read more
Science Faction?

technology-based-future-bradbury-orwellIn a somewhat disturbing case of life imitating art, it seems that real world turmoil is catching up with classic science fiction projections of a dystopian future as envisioned by writers like George Orwell and Ray Bradbury — a world where the general populace is under constant surveillance, and the technology that we’ve become overly dependent on has become our greatest liability.

If the recent NSA debacle wasn’t alarming enough for you, Google recently acquired Nest, the smart device firm and home automation pioneer. Home automation, of course, means having  multiple devices (kitchen appliances, thermostats, locks and security cameras, etc.) equipped with wireless capability and controllable through an app on a smart device. Your phone, in essence, becomes a remote control for your entire house. Some systems, like the one which Samsung recently premiered at CES 2014, will only enable the company’s own products to interact with one another, and the more glitzy products like the ADT home security systems allow homeowners to control their thermostats and other electronics (regardless of brand) with their smart phone.

If it sounds too good to be true…that’s because it potentially is, as this article from Trend Labs explains. The IP configuration on the devices is simple and the security options are quite limited, leaving them easily penetrable by hackers and thieves. Part of the risk, of course, is that if you have a home security system that can be entirely disabled through a smartphone, a thief could hack into your accounts, deactivate your entire security system with the push of a mere button, and enter your home freely. All of your data becomes more accessible to hackers, and now Google will have even more comprehensive data to sell to third party candidates who can market products even more aggressively to you.

Orwell and Bradbury basically called the whole thing…

One of the great things about science-fiction is that, whatever paranoid projections it makes about future global conditions, it’s always very much a product of its own time.This news raises all sorts of issues for an overly imaginative person.

The situation is like George Orwell’s 1984, where the general public can’t even so much as think in privacy. Everyone is under constant surveillance, and the entire system is under the pretense that this is somehow what’s best for society.

The citizens of Orwell’s fictional Oceania all have “telescreens” in their apartments, which enables Big Brother (whether that’s merely a governmental agency monitoring the public or one chief observer is never entirely clear) to supervise every given moment of everyone’s lives, and to possess an absurd level of intel on every given person under the jurisdiction of their central government. Replace telescreens with tablets, and Big Brother with Facebook and Google, and ask yourself how much of a deviation this setup is from life as we know it today.

It also calls to mind a particularly eerie story penned by Ray Bradbury 1950 entitled August 2026: There Will Come Soft Rains. The story focuses on “a-day-in-the-life” of a fully automated home after the extinction of the human race. The house prepares meals, recites important dates and reminders through an intercom system with a pre-recorded voice. We come to learn, throughout the course of the story, that the family who owned the house have been wiped out. We hear about silhouettes permanently fixed unto the side of the homes, in a manner that evoked the victims of Hiroshima and Nagasaki who were vaporized in an atomic blast.

So Bradbury’s grim musings couldn’t have been more fitting for his time, and they are startlingly relevant now. Just as humans channel their ingenuity and creativity into constructive things, or things which enhance life for humanity (all of the advancements in home technology, for instance) the misapplication of that creativity — and the misapplication of technology itself– can have dire, even catastrophic, consequences on humanity.

Is it really as bad as all of that?

Only time will tell, but it does seem more and more likely that whatever minor conveniences the technology yields will hardly justify the potential security risks.

You would hope that, in some cases, paranoid science-fiction literature would help prevent future atrocities from occurring by anticipating them. It’s sort of comforting that we’ve not yet reached the place anticipated by Arthur C. Clarke, where computers have superior intellect to humans and can function, not only with autonomy, but willfully against people. It’s pretty disconcerting, however, that we seem to be drawing nearer and nearer to those imagined realities, not merely a novel thought and fodder for pop literature, but a grim facet of our day to day lives.

Read more
Bribe or ‘Tax’? NSA gives 10milion to RSA for Backdoor Access

Hmm. Hold up. So if we go by this Wikipedia entry..

“Founded as an independent company in 1982, RSA Security, Inc. was acquired by EMC Corporation in 2006 for US$ 2.1 billion and operates as a division within EMC.[5]

People need to understand, this means RSA took around 2% of what they’d make in one year. FOR A BACK-DOOR OMG. Does this not sound more like a tax, than a payment (never mind a bribe!)? How much would you care about an extra 2% per year? Exactly. Thats all I got. Someone else needs to close that gap.     -Max

RSA-NSA-Backdoor-TaxWhat’s an encryption backdoor cost? When you’re the NSA, apparently the fee is $10 million.

Intentional flaws created by the National Security Agency in RSA’s encryption tokens werediscovered in September, thanks to documents released by whistleblower Edward Snowden. It has now been revealed that RSA was paid $10 million by the NSA to implement those backdoors, according to a new report in Reuters.

Two people familiar with RSA’s BSafe software told Reuters that the company had received the money in exchange for making the NSA’s cryptographic formula as the default for encrypted key generation in BSafe.

“Now we know that RSA was bribed,” said security expert Bruce Schneier, who has been involved in the Snowden document analysis. “I sure as hell wouldn’t trust them. And then they made the statement that they put customer security first,” he said.

RSA, now owned by computer storage firm EMC Corp, has a long history of entanglement with the government. In the 1990s, the company was instrumental in stopping a government plan to include a chip in computers that would’ve allowed the government to spy on people.

It has also had its algorithms hacked before, as has RSA-connected VeriSign.

The new revelation is important, Schneier said, because it confirms more suspected tactics that the NSA employs.

“You think they only bribed one company in the history of their operations? What’s at play here is that we don’t know who’s involved,” he said.

Other companies that build widely-used encryption apparatus include Symantec, McAfee, and Microsoft. “You have no idea who else was bribed, so you don’t know who else you can trust,” Schneier said.

RSA did not return a request for comment, and did not comment for the Reuters story.

via CNet


Read more
U.S. Forces, Intelligence Agents and American Security Agents (MERCs) clandestine war in Yemen

obama-in-yemenSaudi militants were behind the massive car bombing and assault on Yemen’s military headquarters that killed more than 50 people, including foreigners, investigators said in a preliminary report released Friday.

Al-Qaeda claimed responsibility for the attack, saying it was retaliation for US drone strikes that have killed dozens of the terror network’s leaders.

The attack – the deadliest in Sanaa since May 2012 – marked an escalation in the terror network’s battle to undermine the US-allied government and destabilise the impoverished Arab nation despite the drone strikes and a series of US-backed military offensive against it.

US forces also have been training and arming Yemeni special forces, and exchanging intelligence with the central government.

Military investigators described a two-stage operation, saying heavily armed militants wearing army uniforms first blew up a car packed with 500 kilograms of explosives near an entrance gate, then split into groups that swept through a military hospital and a laboratory, shooting at soldiers, doctors, nurses, doctors and patients.

Officials earlier said 11 militants were killed, including the suicide bomber who drove the car. It was not clear if the 12th attacker was captured or escaped.

The investigative committee led by Yemen’s Chief of Staff Gen. Ahmed al-Ashwal, said militants shot the guards outside the gates of the military hospital, allowing the suicide bomber to drive the car inside, but a gunfight forced him to detonate his explosives before reaching his target.

It said the 12 militants killed, included Saudis.

Two military officials told The Associated Press that wounded soldiers had told them the assailants who stormed the hospital separated out the foreigners and shot everybody in the head.

Other military officials said American security agents were helping with the investigations, but that could not be confirmed. All officials spoke on condition of anonymity because they were not allowed to brief reporters.

Yemeni commandos and other security forces besieged the militants before they could reach the ministry’s main building, preventing them from going further than the ministry’s entrance gate. All the attackers were killed by 4:30 pm Thursday, according to the committee.

Yemeni security forces launched a manhunt in the capital to find the perpetrators, sparking gun battles that killed five suspected militants and a Yemeni commando, officials said.

The committee, which sent its report to Yemeni President Abed Rabbo Mansour Hadi, did not explain how it came to its conclusions.

The report, read on state TV, raised the death toll to 56 and said more than 200 people were wounded.

The foreigners killed included two aid workers from Germany, two doctors from Vietnam, two nurses from the Philippines and a nurse from India, according to Yemen’s Supreme Security Commission.

But a spokesman for the Philippines’ Department of Foreign Affairs, Raul Hernandez, said on Friday that seven Filipinos were killed in the attack, including a doctor and nurses, while 11 others were wounded.

The victims were among 40 Filipino workers in the hospital. Hernandez said that the Philippines’ honorary consul reported that the others survived by pretending to be dead.

It was not immediately possible to reconcile the conflicting accounts. But officials from the military hospital said Friday that at least 10 foreigners had been killed.

The United States considers the Yemeni al-Qaeda branch to be the most active in the world and it has escalated drone attacks against the militants in Yemen.


via SkyNews

Read more
DARPA Hackers Show How Cars Can Be Remotely Controlled


Hackers Chris Valasek and Charlie Miller have demonstrated from the backseat of a Toyota Prius that all you need is a Macbook and a USB cable in order to hack into a computer-controlled car.

Valasek is the director of security intelligence for IOActive and Miller is a security engineer for Twitter.

These two security researchers showed that they can turn off the breaks, for example, even if the driver is at the helm.

Using a grant from the Defense Advanced Research Projects Agency (DARPA), Miller and Valasek have been researching computerized car vulnerabilities since 2012 and will be displaying their findings at DEF CON, a hacker’s conference in Las Vegas next month.

Miller asserted that they “had full control of braking” and that they “disengaged the brakes so if you were going slow and tried to press the brakes they wouldn’t work. We could turn the headlamps on and off, honk the horn. We had control of many aspects of the automobile.”

• Turn off power to the steering
• Have the onboard GPS give incorrect directions
• Change the numbers on the speedometer
• Force the car to change direction

Miller explained: “At the moment there are people who are in the know, there are nay-sayers who don’t believe it’s important, and there are others saying it’s common knowledge but right now there’s not much data out there. We would love for everyone to start having a discussion about this, and for manufacturers to listen and improve the security of cars.”

Using the vehicle’s electronic control unit (ECU) and the on-board diagnostics port (OBD), Miller and Valasek gained control over a 2010 Ford Escape and Toyota Prius.

ECUs are embedded systems that “controls one or more of the electrical system or subsystems in a motor vehicle.”

The OBD is the “vehicle’s self-diagnostic and reporting” apparatus that “gives the vehicle owner or repair technician access to the status of the various vehicle sub-systems.”

A representative from Toyota explained that the hacker would have to be in the car to manipulate its systems.

He said: “Altered control can only be made when the device is connected. After it is disconnected the car functions normally. We don’t consider that to be ‘hacking’ in the sense of creating unexpected behavior, because the device must be connected – ie the control system of the car physically altered. The presence of a laptop or other device connected to the OBD [on board diagnostics] II port would be apparent.”

Hacking into cars that are remotely controlled, such as Google’s self-driving vehicles, is a concern and this researcher could uncover implications for security purposes.

In 2010, teams from the University of Washington (UW) and the University of California (UC) were able to breach the computer systems of cars using cellular phone connections, Bluetooth headsets and a CD.

Stefan Savage from UC explained that their research “explores how hard it is to compromise a car’s computers without having any direct physical access to the car.”

Computerized cars “contain cellular connections and Bluetooth wireless technology” that could be tapped into remotely and used to take over the controls of the vehicle, listen into the conversations taking place in the cab of the car and completely compromise the safety of the vehicle.

Because computer connections to cars are virtually indistinguishable from internet-connected computers, their propensity toward vulnerabilities from outside influences are similar.

Using an On-Star navigation unit, a hacker could utilize the controls a remote technician at the GPS corporation’s on-call center because they are fully capable of controlling a vehicle in the event of an accident or call from a customer.

With complete disregard for driver privacy, the Obama administration gave their consent to the National Highway Traffic Safety Administration (NHTSA) to mandate black box event data recorders (EDR) be installed in all new cars in the US.

The NHTSA says that by September 2014 all car and light trucks will be equipped with EDRs that will silently “record the actions of drivers and the responses of their vehicles in a continuous information loop.”

The information recorded by EDRs includes:

• vehicle speed
• whether the brake was activated in the moments before a crash
• crash forces at the moment of impact
• information about the state of the engine throttle
• air bag deployment timing and air bag readiness prior to the crash
• whether the vehicle occupant’s seat belt was buckled

The NHTSA claims that “EDRs do not collect any personal identifying information or record conversations and do not run continuously.”

Advanced EDRs can collect detailed information about drivers and their driving habits; including the size and weight of the driver, the seat position, the habits of the driver as well as passengers.

The excuse is the EDRs gather information about car crashes in the moments leading up to the accident that manufacturers can use to improve their safety measures when constructing vehicles. However, the government regulation utilizes surveillance technology with policies that do not outline the expressed use of the data collected in the EDRs.

Read More here.

Read more
Information Technology – Higher Education… or?


Information security, especially at schools that provide training on the subject, in for-profit higher education should not be a premium. It would make a really great story to send an “undercover” technician to DeVry and Rasmussen campuses to observe their incredible service delivery.

Rasmussen’s portal has long had a SQL injection vulnerability that has been published on the internet several times. It still remains uncorrected.

Rasmussen College and DeVry Institute of Technology are both HLC accredited schools with for-profit business models. Both schools often claim, “the same accreditation as Harvard” and other quality Universities. Surprisingly, the two institutions have a lot more in common. From sharing questionable leadership to providing questionable placement practices for students and even extremely questionable security policies, these institutions are the embodiment of the flaws of American education.

The curriculum, and curriculum for partner schools as mentioned later, is created by individuals that rarely have any current knowledge in the subjects. Course material is often incorrect or misunderstood by the instructors. The policy of both institutions require instructors with Masters Degrees, but because they do not invest in qualified candidates they will allow, for example, an individual with a Masters Degree in Business to teach OpenGL Programming based on course material created by an individual with no programming experience.

Rasmussen and DeVry not only share the same accreditation, but the sponsorship was provided with the same seed money. The two institutions share employees, transferring their employees back and forth. One such employee is Todd Pombert, a newly appointed Vice President of Infrastructure and Technology for Rasmussen College. Having very little professional experience when compared to individuals at similar roles, it was insisted Todd be given this role by Gerald Gagliardi. Gerald Gagliardi is on the board of directors for businesses like NetWolves and Rasmussen College itself. A shrewd investor from Boca Raton, Mr. Gagliardi is shrewd investor that has used his resources to create successful people and businesses as he decides. There is no altruism here.

Rasmussen College, Inc. itself, along with it’s sister company Deltak Innovation which is now owned by John Wiley & Sons in an attempt to break into online courseware, is reorganizing. Rasmussen Collge will be its own entity with I.T. services provided by Collegis Managed Services. These are the same employees but now with a different title. Services provided include lead generation, hosting online courses with the Angel, Blackboard and Moodle LMS systems; retaining student data and more. Customers of Collegis include Purdue University, University of Florida, Gonzaga, Benedictine, Lubbock, Anna Maria College and more – if a school’s online URL includes it is a Rasmussen (now Collegis) resource. Similarly, if the URL begins with “engage” then it is most likely a Collegis resource. These schools are outsourcing to Collegis hosting some of their online courses. There are no operational controls, no security officer and no practice in providing even the smallest amount of protection for the data these schools have hosted with Collegis. In particular, many colleges are Jesuit schools that are preyed upon for their association to other Jesuit colleges.

In the case of Todd Pombert this individual was promoted to a very senior role with no practical or noticeable work experience that should be required for a leader in an industry requiring critical care in student information security. A drop-out from his Master’s Degree, this individual maintains this position only because of the multi-level-marketing that DeVry and Rasmussen consider as qualifications for employment. There is no Security Officer for Rasmussen College. There is no reputable third party providing those services. Todd Pombert does not have the qualifications to adhere to industry practices that provide protection, confidentiality and integrity to managed services exposing flaws to their customers. Worse, an educational institution cannot provide and does not insist on the training required to keep students of Rasmussen and its partners safe. The lack of knowledge is so blatant that Todd Pombert keeps an archive of every email he received at DeVry to use as reference at Rasmussen. From confidential information, business plans, document templates and even financial data, much of DeVry’s history and future decisions are recorded unsecured on a “competitor” owned laptop with no disk encryption.

The school has all of the students in the same domain as contractors, faculty, staff and the board of directors. Not only does this create conflicts, but it allows any domain user (ie: student, contractor, etc) to browse the domain for information about any other user. Students are free to attempt to brute force Executive passwords giving them access to unencrypted financial information of other students and more. The network services between campus and the datacenter is the same class A network – you can reach the Chicago based datacenter from a school in Fargo from any ethernet jack. There are no standard, practical security mechanisms in place to prevent such a thing.

Students are forced to use a password convention that they often can’t change – firstname.lastname password: fl1234. This 6 character password utilizes the last four digits of the student’s social security number. None of the websites have any protection from common brute force attacks. If you know the name of a student (Joe Smith) then you know 1/3 of his password (jsXXXX) and it is trivial to use the portal, online courses or other services to continually guess 0000-9999. This exposes the student to possible fraud from someone acquiring their personal identifying information as well as allows an intruder to view the student’s grades, financial data email to the student with the same password and any academic work the student has previously submitted.

Staff manage students through a public RDP system at There is no password policy assigned. Staff are free to use passwords including their own names and more. If an intruder gains access to the RDP system all student financial data is stored unencrypted on a Windows file share.

The wireless network for Rasmussen is WEP. WEP is a long outdated mechanism for securing a wireless network. Modern approaches to attacking WEP networks can allow an intruder to gain access within minutes. Again, financial data for students and the school itself are not encrypted in-place or in-flight. An attacker is able to gain access to any information just by being near a campus or corporate site.

There is no NAP, no RADIUS no 802.1X. The networks are completely unprotected. Coincidentally, both schools teach courses that promote the use of tools capable of easily harvesting corporate, student and financial data like Wireshark and Snort.

Even basic controls have been neglected. The printers and copiers throughout all sites run default settings with no authentication and the web interface enabled. Anyone can request a re-print of jobs including social security numbers or financial data.

The employee portal itself did not follow practical standards and did not have SSL protecting employee information from being broadcast in plain text. That includes the passwords of financial aid employees as well as C-level visitors to local campuses.

These points above may not even be considered the most critical flaws in the service provided. The practices of Rasmussen and DeVry are a blight on Higher Education as a whole. Their practices should be considered, and some are outright, criminally negligent.

Rasmussen and DeVry continue to pay their questionable leadership large amounts of money. This is a clear misappropriation. If even a fraction of Todd Pombert’s salary was spent on security reviews, operational controls or educating Todd Pombert then these schools would not be risking disastrous consequences for their students and students of large, responsible institutions like Purdue and the University of Florida.

For Rasmussen (Collegis) hosted instances of online platforms nearly all of the content has the same ACL. There is nothing protecting content from one school from being used in another school’s offering or worse – being copied by an intruder.

Finally, to add insult to injury, while these schools are raking in student tuition to pay higher amounts of money to irresponsible leadership, they are placing students with Bachelor’s degrees as minimum wage Gamestop clerks. They claim this to be “in-field” placement for Information Technology students. The subject of ballooning student loans is covered in-depth lately and there is no need to remind you that these students will never be able to pay their debt for an education they received at profit for individuals just as qualified as graduates.

-Anonymous Email Submission-

Read more

City Dome Discovered On Mars In Juventae Chasma, Video & Photos

The Sixth Day of Fire, Tear Gas, and Blood in Istanbul

Woolwich murder: Younger brother of Michael Adebolajo ‘was paid thousands to spy in Middle East’ by MI6

Any iOS Device Can Be Compromised Within One Minute


North Carolina Law Would Make It Illegal to Expose Monsanto

Taxpayer dollars used by U.S. government to promote GMOs in other countries

Nutrition Information Every Cancer Patient Should Know

Every Week Night 12-1am EST (9-10pm PST)

– Click Image to Listen LIVE -

Read more
DynCorp Gets $72.8 Million Contract Despite History of Child Trafficking

DynCorp is one of the most lucrative and infamous military contractors in the world, perhaps only surpassed by Halliburton. They both have a documented history of gunrunning, drug dealing, and human trafficking.

In addition, the actual work that they do on the record is sub par and their rebuilding efforts have gotten terrible reviews, especially DynCorp.

Despite this history of nefarious behavior and poor work, Dyncorp was just awarded a brand new $72.8 million dollar contract by the US government. Not only that, but they have also been given an advance exoneration from any liability.

That’s right, our wonderful government has just given DynCorp almost $73 million to continue what many believe will be shabby work that may only be used as a front for more sinister operations.

According to

“DynCorp of West Virginia, one of the largest military contractors in Afghanistan, was awarded a $72.8 million contract to train pilots for the Air Force about one week after the special inspector general for reconstruction called the company’s earlier work at the Kunduz army base “unsatisfactory.”

The Special Inspector General for Afghanistan Reconstruction (SIGAR) wrote a scathing report in 2010 and a followup this year which found “serious soil stability issues . . . structural failures, improper grading, and new sink holes” that threatened the well-being of troops stationed there.

One sink hole was found near an electrical power transformer, whose failure “would result in a loss of electrical power over a large portion of Camp Pamir, causing significant financial loss and increasing the risk of injury through fire and electrical shock,” the report said.”

Dyncorp’s crimes go way deeper than this wasteful and careless construction work, as was mentioned earlier they are also heavily involved in clandestine operations that would make your average citizen cringe if they heard any of the details.

The Project on Government Oversight (POGO) did an investigation of the company and found 10 instances of misconduct, including a whistleblower lawsuit in which DynCorp agreed to pay $7.7 million to resolve allegations that it submitted inflated claims for the construction of camps in Iraq.

This same sort of behavior was reported from Halliburton when they destroyed hundred thousand dollar trucks to get them off the books and spent millions on air conditioning for empty tents, all in order to inflate their budgets.

The State Department’s own inspector general even filed a report claiming that DynCorp should pay the government $157,000 to reimburse them for food shortages at Camp Falcon in Kabul, Afghanistan, between November 2009 and January 2010.

These official reports are only scratching the surface though, there is a much darker side to these defense contractors.

As I discussed in my book Alchemy of the Modern Renaissance:

“Some of the world’s largest multinational corporations such as DynCorp and Halliburton were exposed as major players in the global human trafficking market.

These companies did not work alone, but cooperated with each other through various subsidiaries and had the luxury of government protection.

When suspicion was brought upon these companies it was swept under the rug by government officials, even high-ranking members of the establishment such as Donald Rumsfeld were implicit in covering up this scandal.

On March 11th 2005 he was questioned by Congresswoman Cynthia McKinney and he admitted on the record that the allegations did have credibility, but he pushed the blame off onto a few “rogue” employees.

He used the “few bad apples” line that the government always dishes out when they are caught up in scandal.

Although Rumsfeld and other high ranking officials claimed that they would look into the case, they actually prevented any serious investigations from taking place.

This happens every day, even organizations like the UN and NATO have come under fire for running slave rings out of third world countries when they are on “peacekeeping missions”

When Rumsfeld was questioned by Cynthia McKinney about Dyncorp and their supposed child sex/slavery ring and why our country keeps giving this company more and more money, Rumsfeld of course shifted all blame away from the government and Dyncorp as a whole.

“Mr. Secretary, I watched President Bush deliver a moving speech at the United Nations in September 2003, in which he mentioned the crisis of the sex trade. The President called for the punishment of those involved in this horrible business.

But at the very moment of that speech, DynCorp was exposed for having been involved in the buying and selling of young women and children. While all of this was going on, DynCorp kept the Pentagon contract to administer the smallpox and anthrax vaccines, and is now working on a plague vaccine through the Joint Vaccine Acquisition Program.

Mr. Secretary, is it [the] policy of the U.S. Government to reward companies that traffic in women and little girls?”

A RICO lawsuit filed in 2002 on behalf of a former Dyncorp employee directly claimed that children were being sold by employees in Bosnia.

Middle-aged men having sex with 12- to 15-year-olds was too much for Ben Johnston, a hulking 6-foot-5-inch Texan, and more than a year ago he blew the whistle on his employer, DynCorp, a U.S. contracting company doing business in Bosnia.

According to the Racketeer Influenced Corrupt Organization Act (RICO) lawsuit filed in Texas on behalf of the former DynCorp aircraft mechanic, “in the latter part of 1999 Johnston learned that employees and supervisors from DynCorpwere engaging in perverse, illegal and inhumane behavior [and] were purchasing illegal weapons, women, forged passports and [participating in other immoral acts. Johnston witnessed coworkers and supervisors literally buying and selling women for their own personal enjoyment, and employees would brag about the various ages and talents of the individual slaves they had purchased.”

Rather than acknowledge and reward Johnston’s effort to get this behavior stopped, DynCorp fired him, forcing him into protective custody by the U.S. Army Criminal Investigation Division (CID) until the investigators could get him safely out of Kosovo and returned to the United States.

The quote from the whistleblower below pretty much sums up the horrors we are dealing with.

“My main problem,” he explains, “was [sexual  misbehavior] with the kids, but I wasn’t too happy with them ripping off the government, either. DynCorp is just as immoral and elite as possible, and any rule they can break they do.”

Although most employees of DynCorp are obviously just trying to do their job, the fact that this company has such a horrific past should be reason enough not to award them contract after contract with no real investigation of the past allegations levied against them.

via TheIntelHub


For a dose of ‘entertainment’ on this subject, see movie “The Whistleblower” which is based on this true story of Sex Trafficking corruption in Bosnia


Read more
Cryptoparty Goes Viral: Pen testers, Privacy Geeks Spread Security to the Masses

Security professionals, geeks and hackers around the world are hosting a series of cryptography training sessions for the general public.

The ‘crytoparty’ sessions were born in Australia and kicked off last week in Sydney and Canberra along with two in the US and Germany.

Information security experts and privacy advocates of all political stripes have organised the causal gatherings to teach users how to use cryptography and anonymity tools including Tor, PGP and Cryptocat.

Multiple sessions were proposed in Melbourne, Sydney, Adelaide, Canberra, Perth and two in Queensland. A further 10 were organised across Europe, Asia, Hawaii and North America, while dozens of requests were placed for sessions in other states and countries.

The cryptoparties were born from a Twitter discussion late last month between security researchers and Sydney mum and privacy and online activist known by her handle Asher Wolf.

For Wolf, the sessions were a way to reignite technical discussions on cryptography.

“A lot of us missed out on Cypherpunk (an electronic technical mailing list) in the nineties, and we hope to create a new entry pathway into cryptography,” Wolf said.

“The Berlin party was taught by hardcore hackers while Sydney had a diverse range of people attending. The idea is to teach people who don’t crypto how to use it.”

The concept resonated with the online security and privacy community.

It took only hours for about a dozen sessions to spring up around the world on a dedicated wiki page following what was only a casual Twitter exchange between Wolf and others — now cryptoparty organisers.

“When I woke up in the morning, they were all there,” Wolf said.

There was no formal uniformity between each crytoparty. Some were hands-on, with users practising on laptops and tablets, while others were more theory-based with some organisers.

Each session runs for around five hours.

The free classes could accommodate a maximum of about 30 to 40 attendees. One of the first parties in the Southeastern US state of Tennessee had more than 100 people turn up to its afterparty, an event complete with music, beer and fire-twirling.

Copyright © SC Magazine, Australia

Read more
August 3, 2012 – DCMX Radio: Re-cap Week’s Alternative News, Intro to CyberWar: Viruses, Hacking, & Black Security Breaches, Protecting Your Computer, Securing Your Internet Connection & Maintaining Privacy Online

Cyber Security Industry Explosion, Intelligence Spying, Data-mining, Black-Hats, White-Hats, Gray-Hats abound. Alphabet Agencies, Corrupt Globalist Corporations exploiting your info. Micro Tutorial on Protecting Your Computer, Securing Your Internet Connection, Maintaining ‘some’ Privacy Online

Every Week Night 12-1am EST (9-10pm PST)

– Click Image to Listen LIVE -

Read more
Undercover Reporter Infiltrates Security Firm to Expose London Olympics

Highlights: Foreign troops drafted in; drug deals in training classroom; ineffective screening processes and detection technology; photographs of sensitive mock-up screening areas taken by un-screened trainees; 200k ‘casket linings’ delivered; uniforms being stolen; plan for an evacuation of London; drones on-line (incl. armed); poor standard of security recruits — cant speak English.

Exclusive interview with investigative journalist Lee Hazledean who is training undercover as a security guard for the London olympics with private security firm G4S. Lee is a filmmaker and investigative TV journalist. He has also been involved in major stories on the IRA and how British Army infiltrated the organisation and carried out false flag operations. He has managed to get undercover as part of the security team at the 2012 Olympics with G4S. He has found there is a media black out on all major news outlets to do with the Olympics unless the story is broken in a news paper or foreign news agency it’s unlikely to see the light of day. Security training and officers are so appaling that the safety and security of the London 2012 Olympics are in jeopardy.

A few example’s: During an exercise he was asked to pose as a would-be terrorist and managed to get knives, guns and IED’s through security screening on every occasion and every exercise. The X-Ray operators have only two days of training, they aren’t trained properly and miss the most obvious prohibited items gun’s, knives, IED’s, ammunition etc. Bag and physical searchers again are missing dangerous weapons, trainees can’t use vital security equipment like the HHMD (Hand Held Metal detectors) they can’t even communicate properly with the public on a basic level. Worryingly the ‘Rapiscan’ walk through metal detectors don’t work properly and aren’t sensitive enough to pick up large knives, ammunition and other metallic threats. He was told that they would be set to go off only after 50 people have walked through to limit queuing time and to get spectators into the venue. So a Terrorist if they basically queued up would probably get through wearing a suicide vest. In classes there are drug deals going down, people can’t speak any English. People who haven’t even completed their SIA licenses yet are being picked to be Team Leaders over highly trained security officers, ex soldiers and ex police. Lee is concerned that weapons or worse will be getting into the games. However, what’s more disturbing is that uniforms are already going missing or being stolen. The training facility is an accurate mock-up of the actual security measures at the Olympic venues. Lee has witnessed several people taking photos on their mobile phones in the training facility and whilst they have been a few people caught by trainers most aren’t noticed. We know that terrorists take surveillance photos to gain intelligence. Contemporary International claim that they have mobile phone ‘jammers’ in the facility, however trainers admitted to Lee that there were no ‘jammers’ at all, it was a verbal deterrent.

Also there are plans for the evacuation of London, G4S are going to be at the forefront, as well as 100,000 troops coming in via Woolwich barracks made up of regular British Forces, American regular army and European troops. Lee was not told why there would be any need for an evacuation of the whole of London, they just said it was to be a “defining moment in the history of London”. This could just be a precaution but the public should be made aware of the foreign invasion which is taking place right now. The troops are being held across London in various barracks once they’ve been through Woolwich. Lee also had this information confirmed by an army doctor who was shocked at all the foreign troops coming into London. There is also a shipment of what are being described as casket linings, each casket can hold four or five people and 200,000 casket linings have been delivered we believe from America. Also we were shown videos of drones attacking targets in Afghanistan and were told that drones will be patrolling the sky’s over London during the Olympics carrying out surveillance and search and destroy missions if necessary.

London 2012 Olympics: ‘Missiles Left Unguarded’ Outside East London Flats:-…

London 2012 Olympics: Public Given Access to Blackheath Anti-aircraft Missile Launcher:-…

The Link Between Olympics’ Security and FEMA Concentration Camps:-…


Read more
VPN vs. SSH Tunnel: Which Is More Secure?


VPNs and SSH tunnels can both securely “tunnel” network traffic over an encrypted connection. They’re similar in some ways, but different in others – if you’re trying to decide which to use, it helps to understand how each works.

An SSH tunnel is often referred to as a “poor man’s VPN” because it can provide some of the same features as a VPN without the more complicated server setup process – however, it has some limitations.

How a VPN Works

VPN stands for “virtual private network,” – as its name indicates, it’s used for connecting to private networks over public networks, such as the Internet. In a common VPN use case, a business may have a private network with file shares, networked printers, and other important things on it. Some of the business’s employees may travel and frequently need to access these resources from the road. However, the business doesn’t want to expose their important resources to the public Internet. Instead, the business can set up a VPN server and employees on the road can connect to the company’s VPN. Once an employee is connected, their computer appears to be part of the business’s private network – they can access file shares and other network resources as if they were actually on the physical network.

The VPN client communicates over the public Internet and sends the computer’s network traffic through the encrypted connection to the VPN server. The encryption provides a secure connection, which means the business’s competitors can’t snoop on the connection and see sensitive business information. Depending on the VPN, all the computer’s network traffic may be sent over the VPN – or only some of it may (generally, however, all network traffic goes through the VPN). If all web browsing traffic is sent over the VPN, people between the VPN client and server can’t snoop on the web browsing traffic. This provides protection when using public Wi-Fi networks and allows users to access geographically-restricted services – for example, the employee could bypass Internet censorship if they’re working from a country that censors the web. To the websites the employee accesses through the VPN, the web browsing traffic would appear to be coming from the VPN server.

Crucially, a VPN works more at the operating system level than the application level. In other words, when you’ve set up a VPN connection, your operating system can route all network traffic through it from all applications (although this can vary from VPN to VPN, depending on how the VPN is configured). You don’t have to configure each individual application.

To get started with your own VPN, see our guides to using OpenVPN on a Tomato router, installing OpenVPN on a DD-WRT router, or setting up a VPN on Debian Linux.

How an SSH Tunnel Works

SSH, which stands for “secure shell,” isn’t designed solely for forwarding network traffic. Generally, SSH is used to securely acquire and use a remote terminal session – but SSH has other uses. SSH also uses strong encryption, and you can set your SSH client to act as a SOCKS proxy. Once you have, you can configure applications on your computer – such as your web browser – to use the SOCKS proxy. The traffic enters the SOCKS proxy running on your local system and the SSH client forwards it through the SSH connection – this is known as SSH tunneling. This works similarly to browsing the web over a VPN – from the web server’s perspective, your traffic appears to be coming from the SSH server. The traffic between your computer and the SSH server is encrypted, so you can browse over an encrypted connection as you could with a VPN.

However, an SSH tunnel doesn’t offer all the benefits of a VPN. Unlike with a VPN, you must configure each application to use the SSH tunnel’s proxy. With a VPN, you’re assured that all traffic will be sent through the VPN – but you don’t have this assurance with an SSH tunnel. With a VPN, your operating system will behave as though you’re on the remote network – which means connecting to Windows networked file shares would be easy. It’s considerably more difficult with an SSH tunnel.

For more information about SSH tunnels, see this guide to creating an SSH tunnel on Windows with PuTTY. To create an SSH tunnel on Linux, see our list of cool things you can do with an SSH server.

Which Is More Secure?

If you’re worried about which is more secure for business use, the answer is clearly a VPN — you can force all network traffic on the system through it. However, if you just want an encrypted connection to browse the web with from public Wi-Fi networks in coffee shops and airports, a VPN and SSH server both have strong encryption that will serve you well.

There are other considerations, too. Novice users can easily connect to a VPN, but setting up a VPN server is a more complex process. SSH tunnels are more daunting to novice users, but setting up an SSH server is simpler – in fact, many people will already have an SSH server that they access remotely. If you already have access to an SSH server, it’s much easier to use it as an SSH tunnel than it is to set up a VPN server. For this reason, SSH tunnels have been dubbed a “poor man’s VPN.”

Businesses looking for more robust networking will want to invest in a VPN. On the other hand, if you’re a geek with access to an SSH server, an SSH tunnel is an easy way to encrypt and tunnel network traffic – and the encryption is just as good as a VPN’s encryption.



Read more
How to secure your computer and surf fully Anonymous BLACK-HAT STYLE

This is a guide with which even a total noob can get high class security for his system and complete anonymity online. But its not only for noobs, it contains a lot of tips most people will find pretty helpfull. It is explained so detailed even the biggest noobs can do it^^ :

=== The Ultimate Guide for Anonymous and Secure Internet Usage v1.0.1 ===

Table of Contents:

  1.   Obtaining Tor Browser
  2.   Using and Testing Tor Browser for the first time
  3.   Securing Your Hard Drive
  4.   Setting up TrueCrypt, Encrypted Hidden Volumes
  5.   Testing TrueCrypt Volumes
  6.   Securing your Hard Disk
  7.   Temporarily Securing Your Disk, Shredding Free Space
  8.   Installing VirtualBox
  9.   Installing a Firewall
  10.   Firewall Configuration
  11.   Installing Ubuntu
  12.   Ubuntu Initial Setup
  13.   Installing Guest Additions
  14.   Installing IRC (Optional)
  15.   Installing Torchat (Optional)
  16.   Creating TOR-Only Internet Environment
  17.   General Daily Usage

By the time you are finished reading and implementing this guide, you will be able to securely and anonymously browse any website and to do so anonymously. No one not even your ISP or a government agent will be able to see what you are doing online. If privacy and anonymity is important to you, then you owe it to yourself to follow the instructions that are presented here.

In order to prepare this guide for you, I have used a computer that is running Windows Vista. This guide will work equally well for other versions of Windows. If you use a different operating system, you may need to have someone fluent in that operating system guide you through this process. However, most parts of the process are easily duplicated in other operating systems.

I have written this guide to be as newbie friendly as possible. Every step is fully detailed and explained. I have tried to keep instructions explicit as possible. This way, so long as you patiently follow each step, you will be just fine.

In this guide from time to time you will be instructed to go to certain URLs to download files. You do NOT need TOR to get these files, and using TOR (while possible) will make these downloads very slow.

This guide may appear overwhelming. Every single step is explained thoroughly and it is just a matter of following along until you are done. Once you are finished, you will have a very secure setup and it will be well worth the effort. Even though the guide appears huge, this whole process should take at the most a few hours. You can finish it in phases over the course of several days.

It is highly recommended that you close *ALL* applications running on your computer before starting.


Read more
Hacks of Valor: Why Anonymous Is Not A Threat to National Security

Over the past year, the U.S. government has begun to think of Anonymous, the online network phenomenon, as a threat to national security. According to The Wall Street Journal, Keith Alexander, the general in charge of the U.S. Cyber Command and the director of the National Security Agency, warned earlier this year that “the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.” His disclosure followed the U.S. Department of Homeland Security’s release of several bulletins over the course of 2011 warning about Anonymous. Media coverage has often similarly framed Anonymous as a threat, likening it to a terrorist organization. Articles regularly refer to the Anonymous offshoot LulzSec as a “splinter group,” and a recent Fox News report uncritically quoted an FBI source lauding a series of arrests that would “[chop] off the head of LulzSec.”

This is the wrong approach. Seeing Anonymous primarily as a cybersecurity threat is like analyzing the breadth of the antiwar movement and 1960s counterculture by focusing only on the Weathermen. Anonymous is not an organization. It is an idea, a zeitgeist, coupled with a set of social and technical practices. Diffuse and leaderless, its driving force is “lulz” — irreverence, playfulness, and spectacle. It is also a protest movement, inspiring action both on and off the Internet, that seeks to contest the abuse of power by governments and corporations and promote transparency in politics and business. Just as the antiwar movement had its bomb-throwing radicals, online hacktivists organizing under the banner of Anonymous sometimes cross the boundaries of legitimate protest. But a fearful overreaction to Anonymous poses a greater threat to freedom of expression, creativity, and innovation than any threat posed by the disruptions themselves.

Hackers inserted a prank article on the PBS Web site declaring that the deceased rapper Tupac Shakur was “alive and well” in New Zealand.

No single image better captured the way that Anonymous has come to signify the Internet’s irreverent democratic culture than when, in the middle of a Polish parliamentary session in February 2012, well-dressed legislators donned Guy Fawkes masks — Anonymous’ symbol — to protest their government’s plan to sign the Anti-Counterfeiting Trade Agreement (ACTA). The treaty, designed to expand intellectual-property protection, involved years of negotiation among the United States, Japan, and the European Union, which are all like-minded on copyright law. It had the support of well-organized and well-funded companies, particularly in Hollywood and the recording industry. Although originally negotiated in secret, its contents were exposed by WikiLeaks in 2008. As a result, public pressure caused the treaty’s negotiators to water down many of its controversial provisions. But the final version still mimicked the least balanced aspects of U.S. copyright law, including its aggressive approach to asset seizure and damages. And so a last-minute protest campaign across Europe, using the symbolism of Anonymous, set out to stop the agreement from coming into force. So far, it has succeeded; no signatory has ratified it.

That is power — a species of soft power that allows millions of people, often in different countries, each of whom is individually weak, to surge in opposition to a given program or project enough to shape the outcome. In this sense, Anonymous has become a potent symbol of popular dissatisfaction with the concentration of political and corporate power in fewer and fewer hands.

It is only in this context of protest that one can begin to assess Anonymous’ hacking actions on the Internet. Over the last several years, the list of Anonymous’ cyber targets has expanded from more-or-less random Web sites, chosen for humor’s sake, to those with political or social meaning. In 2010, Anonymous activists launched a distributed denial of service (DDoS) attack — an action that prevents access to a Web site for several hours — against Web sites of the Motion Picture Association of America and the International Federation of the Phonographic Industry, the major trade groups for the film and music industries. The action came in response to revelations that several Indian movie studios had used an Indian company called Aiplex to mount vigilante DDoS attacks against illegal file-sharing sites.


By: Yochai Benkler, April 4, 2012

Read more
Facebook Spies on Phone users Text Messages, Emails report says

INTERNET giant Facebook is accessing smartphone users’ personal text messages, an investigation revealed today.

Facebook admitted reading text messages belonging to smartphone users who downloaded the social-networking app and said that it was accessing the data as part of a trial to launch its own messaging service, The (London) Sunday Times reported.

Other well-known companies accessing smartphone users’ personal data – such as text messages – include photo-sharing site Flickr, dating site Badoo and Yahoo Messenger, the paper said.

It claimed that some apps even allow companies to intercept phone calls – while others, such as YouTube, are capable of remotely accessing and operating users’ smartphone cameras to take photographs or videos at any time.

Security app My Remote Lock and the app Tennis Juggling Game were among smaller companies’ apps that may intercept users’ calls, the paper said.

Emma Draper, of the Privacy International campaign group, said, “Your personal information is a precious commodity, and companies will go to great lengths to get their hands on as much of it as possible.”

More than 400,000 apps can be downloaded to Android phones, and more than 500,000 are available for iPhones – with all apps downloaded from Apple’s App Store covered by the same terms and conditions policy.

According to a YouGov poll for the newspaper, 70 per cent of smartphone users rarely or never read the terms and conditions policy when they download an app.


By: NewsCore, February 26, 2012


Read more
Here’s How Law Enforcement Cracks Your iPhone’s Security Code

Update: I’ve clarified two aspects of this story below. First, Micro Systemation’s XRY tool often requires more than two minutes to crack the iPhone’s password. The two minutes I originally cited were a reference to the time shown in the video (now removed by Micro Systemation) below. Given that, as I originally wrote, the phone in the video used the simplest possible password (0000), the process often takes far longer.

Second, Micro Systemation had told me that XRY can gain access to phones that run the latest version of iOS. But in fact, it can only gain access to older iPhones and iPads running the latest version of the operating system, and can’t access the iPhone 4S or the iPad 2 or later. Apologies for this oversight.

Set your iPhone to require a four-digit passcode, and it may keep your private information safe from the prying eyes of the taxi driver whose cab you forget it in. But if law enforcement is determined to see the data you’ve stored on your smartphone, those four digits will slow down the process of accessing it as little as two minutes.

Here’s a video posted last week by Micro Systemation, a Stockholm, Sweden-based firm that sells law enforcement and military customers the tools to access the devices of criminal suspects or military detainees and siphon off their personal information.

Update: After this post brought widespread attention to Micro Systemation’s video, the company has removed it from YouTube.

As the video shows showed, a Micro Systemation application the firm calls XRY can quickly crack an iOS or Android phone’s passcode, dump its data to a PC, decrypt it, and display information like the user’s GPS location, files, call logs, contacts, messages, even a log of its keystrokes.

Mike Dickinson, the firm’s marketing director and the voice in its videos, says that the company sells products capable of accessing passcode-protected iOS and Android devices in over 60 countries. It supplies 98% of the U.K.’s police departments, for instance, as well as many American police departments and the FBI. Its largest single customer is the U.S. military.  ”When people aren’t wearing uniforms, looking at mobile phones to identify people is quite helpful,” Dickinson says by way of explanation.

With smartphone adoption rocketing around the world, Dickinson says Micro Systemation’s “business is booming.” The small company has grown close to 25% in revenue year-over-year, earned $18 million in revenue in 2010 up from $12 million the year before, and doubled its employees since 2009.

“It’s a massive boom industry, the growth in evidence from mobile phones,” says Dickinson. “After twenty years or so, people understand they shouldn’t do naughty things on their personal computers, but they still don’t understand that about phones. From an evidential point of view, it’s of tremendous value.”

“If they’ve done something wrong,” he adds.


XRY works much like the jailbreak hacks that allow users to remove the installation restrictions on their devices, Dickinson says, though he wouldn’t say much about the exact security vulnerability that XRY exploits to gain access to the iPhone. He claims that the company doesn’t use backdoor vulnerabilities in the devices created by the manufacturer, but rather seeks out security flaws in the phone’s software just as jailbreakers do, one reason why half the company’s 75 employees are devoted to research and development. “Every week a new phone comes out with a different operating sytems and we have to reverse engineer them,” he says. “We’re constantly chasing the market.”

Update: Mike Dickinson has clarified that Micro Systemation’s XRY tool doesn’t support the iPhone 4S, iPad 2 or iPad 3. It does, however, support the latest version of Apple’s iOS operating system, so he says that older devices that have the latest software installed are still vulnerable.

After bypassing the iPhone’s security restrictions to run its code on the phone, the tool “brute forces” the phone’s password, guessing every possible combination of numbers to find the correct code, as Dickinson describes it. In the video above, the process takes seconds. (Although admittedly, the phone’s example passcode is “0000″, about the most easily-guessed password possible.)

Dicksinson acknowledges that users who set longer passcodes for devices can in fact make the devices far tougher to crack. “The more complex the password, the longer and harder it’s going to be to access the phone,” he says. “In some cases, it takes so long to brute force that it’s not worth doing it.” That may have been the situation, for instance, in one recent case involving the phone of Dante Dears, a paroled convict accused of running a prostitution ring known as “Pimping Hoes Daily” from his Android phone; The FBI, apparently unable or unwilling to crack the phone, asked Google to help in accessing it.


By: Andy Greenberg, March 27, 2012

Read more
Anonymous reveals Haditha massacre emails

Anonymous have unveiled their second major release for this week’s installment of FuckFBIFriday. Their target this time around is Frank Wuterich, the US Marine that admitted to killing Iraqi civilians — and received no jail time for his crime.

Early Friday afternoon, members of the loose-knit online collective Anonymous began circulating news that the website for Puckett and Faraj, the high-profile attorneys that represented Sgt. Frank Wuterich in his recent trial, had been hacked. Wuterich admitted to leading Marines into two civilian homes in Haditha, Iraq in 2005, massacring 24 civilians including women, children and an elderly man confined to a wheelchair.

In response, hacktivists with Anonymous have uncovered gigabytes worth of correspondence from Sgt. Wuterich’s attorneys and affiliated parties.

Last month, a military tribunal finally finished their hearing on Sgt. Wuterich, more than six years after the notorious slaughter. Insiders reported before his sentencing that he was expected to receive only 90 days behind bars. When the case ended, he was sentenced to zero.

Anonymous members have hacked into the website for Sgt. Wuterich’s attorneys and have since defaced it with a detailed message explaining how the self-proclaimed “cold-blooded killer” became their latest target.

“As part of our ongoing efforts to expose the corruption of the court systems and the brutality of US imperialism, we want to bring attention to USMC SSgt Frank Wuterich who along with his squad murdered dozens of unarmed civilians during the Iraqi Occupation,” reads a message now on the homepage of his attorney’s website. “Can you believe this scumbag had his charges reduced to involuntary manslaughter and got away with only a pay cut?”

“Meanwhile,” adds the Anonymous-penned message, “Bradley Manning who was brave enough to risk his life and freedom to expose the truth about government corruption is threatened with life imprisonment.”

“When justice cannot be found within the confines of their crooked court systems, we must seek revenge on the streets and on the internet – and dealing out swift retaliation is something we are particularly good at. Worry not comrades, it’s time to deliver some epic ownage.”

In addition to defacing the website of his attorneys, nearly 3 gigabytes of email correspondence belonging to his attorneys have been leaked online.

Anonymous reveals Haditha massacre emails“And to add a few layers of icing to this delicious caek, we got the usual boatloads of embarrassing personal information. How do you think the world will react when they find out Neal Puckett and his marine buddies have been making crude jokes about the incident where marines have been caught on video pissing on dead bodies in Afghanistan? Or that he regularly corresponds with and receives funding from former marine Don Greenlaw who runs the racist blog We believe it is time to release all of their private information and court evidence to the world and conduct a People’s trial of our own,” writes Anonymous

The announcement this afternoon comes only hours after Anonymous operatives posted a recorded phone message that they intercepted from the FBI and Scotland Yard. Hours later, The Associated Press reports that the FBI confirmed the interception and says it is going after the parties responsible.



Read more