Wednesday, July 31, 2013

Peek-A-Boo, the NSA and YOU!




These days this is a hot topic of discussion. There seems to be only two sides to this story, one side is crying ‘5th amendment’ and the other side is crying ‘who cares’, but I believe there are two sides to the solution to this issue. It’s easy to complain about an issue or ignore it, but it’s a lot harder to solve it! Let me explain my position…

I will address the ‘who cares’ crowd first, as this will be short and sweet. To those of you who don’t care what the NSA does is a fine position to take, but it actually does fly in the face of the 5th amendment and actually does violate Americans personal freedoms in a way that the founding fathers never intended, regardless of the passing of the USA Patriot Act. Just to be clear, just because Congress passed these laws, the President signed them and the SCOTUS hasn’t really weighed in on this issue, doesn’t mean that it’s unconstitutional. This fact is undeniable, so even though you feel it’s OK for the NSA to collect this data, it’s still anti-Constitutional. Period.

However, before those on the other side start cheering, you must understand, most serious people that believe this way, are also very careful with their personal information and protect themselves from the tactics of the NSA.

See, short and sweet.

Now to get to the meat of the issue, the people spouting the ‘5th amendment’ argument. Obviously, in the deep meaning of the Constitution, I understand and believe in this concept, but I take issue with people who ‘cry wolf’ and leave a slaughtered lamb on their doorstep. Again, let me explain…

Anyone that is spouting off this kind of rhetoric and are not being personally responsible for their own data security, needs to take a step back and look inwards before casting the stone. Even though you are holding the high ground with your Constitutional argument, if you aren’t taking responsibility to guard your own personal data, you are part of the problem. See, you might think the internet should be free of any kind of personal challenge, you must understand that the internet is the jungle and you’re either a lion or a lamb. So a lamb claiming that the lion is unfair, is just not right. Soul search those words.

Again, short and sweet.

But, to the point, this is a serious issue and it deserves more thought than just considering your own opinion, whether it be based on the Constitution or just the fact that you don’t care. There needs to be a dialogue on this among We the People, and not left up to the politicians and DC.

Ok, your turn…


Saturday, July 27, 2013

One Op, Two Op, Red Op, Blue Op





After watching a YouTube video a few nights ago about how one particular hacker uses HUMINT to infiltrate jihadist websites and his opinions about a certain other hacker that uses a different approach in the war against these same jihadist, I decided to write a little something about it. For now I’ll just call them hacker 1 and hacker 2 (in no particular order). This will be a non-technical article and concise, so don’t nitpick, just get the main points.

Before I start, I am making the assumption that hacker 1 and hacker 2 are not involved with the government in any way, like being directly connected to them through orders, pay or by any other means. As far as I am concerned, these two hackers are freelance, doing what they are doing for the love of our country and the safety of its people, both here and abroad.

Hacker 1’s MO is to develop various online identities using his knowledge of the Arab language and culture, the finer points of the Koran and lower level contacts he has made over several months. Hacker 1 then uses all of this cyber cred to infiltrate jihadist based websites, slowly gaining their confidence in hopes that he can get close enough to some of the power players on these sites, in hopes of gleaning some information that may be of use to the federal authorities.

Now this kind of intelligence gather is extremely difficult to pull off, taking a good amount of dedication, knowledge and patience, but the payoff can be worth it if the bait is taken and hacker 1 is welcomed into one of these jihadist communities. However, even though extreme measures are taken to infiltrate one of these sites, success is, by no means guaranteed. Hacker 1 may spends months trying to get accepted into one of these tight-knit online communities, only to find out that this particular group is just of bunch of big mouths, doing nothing but bloviating about the acts they would like to commit, without any real commitment or funding to actually follow through with any kind of threats made.

A dead end, so start all over again or maybe use this same persona to try to move into another site that is actually serious about the acts they intend to commit. Either way, it’s still just another shot in the dark (albeit an educated shot) in the hope of finding some real actionable intel. (I’m not even going to go into how some real actionable intel can be transferred to federal authorities, making sure it gets to the right people so it can be acted upon, that’s beyond the scope of this article.)

So, hacker 1 spends a tremendous amount of time and resources just trying to get in the front door of some of this sites, without even knowing if he’s is going to gain any type of information that can be used to thwart an attack or operation, although with proper recon, he will have a fairly good idea if he’s on the right track. But, when he does hit pay dirt, this kind of intel can be useful in many ways and, in the end, could possibly prevent another tragic terrorist attack.

Risk = low.
Reward = potentially high.
Success = somewhat random.

Now hacker 2 has just as much desire to have the same effect as hacker 1, he just goes about it in an entirely different manner. His method is much more direct and technical, but that does not mean that his research is any less taxing. Understanding the language, the culture, the intent behind certain website and forums is just a crucial in his targeting as it is for hacker 1, so we are already seeing some similarities between the two right from the start.

Hacker 2, some would say, takes a more heavy handed approach, though no less elegant, when it comes to dealing with these same sites that deal in hate and destruction. Hacker 2 will do a lot of the same research as hacker 1, finding people have these fundamentalist ideas and trace them to the some of the same sites that hacker 1 is targeting. However, once these sites are identified, the research of both hackers diverge, in that hacker 2 will start analyzing the technical aspects of the site, like who is hosting the site, what operating system they are using and then researching the vulnerabilities that will allow hacker 2 to breach the site, gain information about the users of a particular site, then, ultimately taking it down permanently or getting them kicked off the hosting domain.

Now even with some of the same research techniques that hacker 1 uses, success is by no means guaranteed, however, leveraging some of the new tools available on the web, hacker 2 can make some logical assumptions that hacker 1, while using these same new methods, must further study before actually deciding whether or not to pursue some of these same sites, just purely due to the extraordinary time hacker 1 has to invest in a target. A decided advantage for hacker 2 as far as target selection goes, in that he can be relatively sure that his target is involved in some nefarious activity and act out on that intel in a rather shorter life cycle. 

However, even though hacker 2 can strike more quickly and more decisively, the risks are much greater, in that most of the time hacker 2 is attacking a system directly, thereby exposing himself to discovery and ultimately being ‘made’ or his true identity being discovered, with the possibility of criminal charges, death threats or both.

Risk: High.
Reward = potentially high.
Success = somewhat random as well.


As I said in the beginning, both hacker 1 and hacker 2 have many of the same goals in mind, which is a credit to both of them, however, there are those times when both of their paths cross, unbeknownst to either of them. For instance, hacker 1 has spent months gaining access to a particular site, only to find out, that within a few weeks’ time, hacker 2 has targeted this site and subsequently takes said site down. Now hacker 2 had no idea that hacker 1, a member of the site, was infiltrating this site, but by taking the site down has destroyed months of work by hacker 1. And thus, an animosity develops, even though nothing was intentional as neither of them were aware that they were both targeting the same site, through different methods.

At the outset, hacker 1 and hacker 2 don’t know each other at all, but because hacker 2’s approach is much more straightforward, hacker 2 can announce the particular site he has taken down and on the internet, it doesn’t take long for hacker 1 to realize who just blew his op, unintentional or not. I’m no hacker by any stretch of the imagination, but people are people and when someone thinks they have been slighted, then tempers flare, words are exchanged and suddenly, two people who are on the same side are now having issues with one another, even though neither of them even know each other or what their overarching goals are.

So what’s the solution? Seems logical to me, just talk to one another. Both have the same goals, just use different techniques to achieve their goals. They don’t have to know each other, or even like each other, but in order to avoid the type of overlapping that can occur, especially with such a limited target field, communication is a must.

Two sides of the same coin…


Wednesday, July 17, 2013

The dichotomy of irony…



There are very strange goings on in the world of the internet these days, or more precisely, cyber intelligence. It seems that some people believe that a certain ‘whistleblower’ is some kind of hero because he pointed out certain programs that have been in place for years, which our duly elected officials knew all about all along. And, those same certain people will look at a person that is actually trying to use his knowledge for the betterment of America as some sort of outlaw.

If you are reading this and you know me from my Twitter account, then you know of whom I speak. However, if you don’t know of whom I speak, I am talking about the traitor that is Mr. Snowden and the patriot that is only know as th3j35t3r.

Most of you probably know who Mr. Snowden is by now and contrary to what you may believe, he is no hero. Now if he would have just presented his case about the NSA collecting more data than they ever claimed, fine, he’s a whistleblower. However, it is obvious by the level of intelligence he collected during his short time as a subcontractor with the NSA, shows that his intentions seem to be more nefarious than was first perceived. The amount of intelligence that he claims to have, and the ways and means that he intends to use this information says a lot about his character. 

While on the other side of the coin we have th3j35t3r. A self-proclaimed hacktivist and, as such, he has claimed and succeeded in taking down numerous website that are, in the least, anti-American. Mostly these sites are jihadist recruiting websites, but every so often there is a domestic site or two that may be targeted, such as the Westborough Baptist church, but mainly the websites he targets are foreign sites that are dedicated to fomenting hatred towards the US, even targeting some of the countries that have offered Mr. Snowden asylum.

So the dichotomy is, why would a person threatening to expose our most secretive intelligence collecting capabilities, not just on Americans, but on operations being conducted all around the world, potentially endangering the lives of other Americans we have in the field, considered a hero, while fairly modest person, operating wholly on his own, under duress of potential blowback of the most serious cybercrimes and even death threats, take a chance to do what he does?

Seems like two different sides of the same coin, but there is a difference, so search your soul and figure out what side you are really on. The side that seems to be on the side of the American people, exposing privacy rights issue, but yet threatens to hold the same Americans hostage because he choose to run to our non-official enemies, or the one that declares himself loyal to the United States of America, and proves it by his actions, by taking down site where people gather to discuss the demise of our country.

In the end, the choice is simple, choose the person that is looking out for OUR country and not looking out for himself, claiming otherwise. In the end, it is always up to the individual to think for themselves, not to have someone tell you what to think. But remember this, Americans have always had internal differences and the main thing that has always separated us from the rest of the world is that even when we disagree among ourselves, we always settle things internally, not airing by our dirty laundry to the world.

So I ask you again…

“You take the blue pill – the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill – you stay in Wonderland, and I show you how deep the rabbit hole goes. Remember, all I'm offering is the truth – nothing more.” - Morpheus