02.22.11

Eat S— & Die: US uses rubbish jihad docs on poisoning to distribute malware

Posted in Cyberterrorism, Extremism, War On Terror at 1:40 pm by George Smith

The e-mail dump from HBGary Federal, carried out by the Anonymous hacking group, has most famously exposed corporate plots to attack and discredit WikiLeaks, Glenn Greenwald and ThinkProgress.

Perhaps less publicized was Ars Technica’s story on the corporate development of malware for the US government.

The publication introduces the story:

On November 16, 2009, Greg Hoglund, a cofounder of computer security firm HBGary, sent an e-mail to two colleagues. The message came with an attachment, a Microsoft Word file called AL_QAEDA.doc, which had been further compressed and password protected for safety. Its contents were dangerous.

“I got this word doc linked off a dangler site for Al Qaeda peeps,” wrote Hoglund. “I think it has a US govvy payload buried inside. Would be neat to [analyze] it and see what it’s about. DONT open it unless in a [virtual machine] obviously… DONT let it FONE HOME unless you want black suits landing on your front acre. :-)”

The attached document, which is in English, begins: “LESSON SIXTEEN: ASSASSINATIONS USING POISONS AND COLD STEEL (UK/BM-154 TRANSLATION).”

It purports to be an Al-Qaeda document on dispatching one’s enemies with knives (try “the area directly above the genitals”), with ropes (“Choking… there is no other area besides the neck”), with blunt objects (“Top of the stomach, with the end of the stick.”), and with hands (“Poking the fingers into one or both eyes and gouging them.”).

But the poison recipes, for ricin and other assorted horrific bioweapons, are the main draw. One, purposefully made from a specific combination of spoiled food, requires “about two spoonfuls of fresh excrement.” The document praises the effectiveness of the resulting poison: “During the time of the destroyer, Jamal Abdul Nasser, someone who was being severely tortured in prison (he had no connection with Islam), ate some feces after losing sanity from the severity of the torture. A few hours after he ate the feces, he was found dead.”

It immediately caught DD’s eye because al_Qaeda.doc has been jihadi sucker bait for about a decade.

It’s a well-known fragment taken from the old Manual of Afghan Jihad, a copy originally seized from an old member of the Taliban in England and subsequently typed by the US and British government into a number of similar forms, and presented over the course of the war on terror as evidence at a number of terror trials.

A larger form of it, sans the poisons recipes, was even sequestered on a White House server during the Bush administration, part of an unintentionally hilarious argument made by that president that al Qaeda used torture but that the US did not.

I put the same fragment on the old DD blog years ago in connection with ongoing discussions on these matters, most notably because it was connected with the infamous London ricin trial and the resulting verdict, a time span between 2005-2006.

It is here.

Since it has been an object of keen interest, it’s no surprise the US government might use it in an archive as bait to pass malicious rootkit software.

However, it should be noted that, over the years, it is not just the random wanna-be jihadis and terrorists who have been attracted to it. Even seeding it onto a “dangler site for jihadi peeps” probably guaranteed that not just “bad guys” would get it.

In fact, there has long been an array of US private sector intel businesses, not necessarily adept at computer security and defending themselves from malware, who scour such sites for these things. So they can sell them to their clients. Or back to the US government.

It’s also worth mentioning that the poison-making recipes in it are rubbish.

The “two spoonfuls of excrement” formula is basically the old crap recipe for botox, first published on the fringes of the neo-Nazi survivalist right in the US in the Eighties, specifically in Maxwell Hutchkinson’s “The Poisoner’s Handbook.”

The definitive story on that, along with screen snapshots and pictures, is here.

The recipe for ricin, actually just a procedure for pounding and degreasing castor seeds, originally stems from Kurt Saxon’s Poor Man’s James Bond.

“According to Hoglund, the recipes came with a side dish, a specially crafted piece of malware meant to infect Al-Qaeda computers,” reported Ars Technica.

“Is the US government in the position of deploying the hacker’s darkest tools—rootkits, computer viruses, trojan horses, and the like? Of course it is, and Hoglund was well-positioned to know just how common the practice had become. Indeed, he and his company helped to develop these electronic weapons.

“Thanks to a cache of HBGary e-mails leaked by the hacker collective Anonymous, we have at least a small glimpse through a dirty window into the process by which tax dollars enter the military-industrial complex and emerge as malware.”

The rest of the Ars Technica story is here.

(Thanks to RMS for the tip.)

1 Comment

  1. Dick Destiny » Brag about your trivial plan against al Qaeda to US newspapers said,

    June 3, 2011 at 1:00 pm

    […] the time since, western intelligence — most notably the US, though contractors (see here), has actually moved into the business of making old jihadi electronic documents into malicious […]