02.24.11
Posted in Crazy Weapons, Cyberterrorism at 9:11 am by George Smith
Everything about the Cult of Electromagnetic Pulse Crazy is odious. Accordingly, one of its new chieftains is Trent Franks, a relatively unimportant Republican congressman famous only for his extremist beliefs.
These include:
The president is not an American, global warming and evolution are hoaxes, African Americans had it better under slavery, shariah law is poisoning the precious bodily fluids of the US judicial system, and extended ammo magazines are an American right.
This kind of general world view of the people pushing protection against electromagnetic pulse doom has bearing on the way one regards their argument. Even with the most gentle interpretation, they’re dodgy and glabrous characters. And they are only interested in things the GOP is now notorious for, like blocking progress and siphoning money to the plutocracy and various corporate pals.
So it’s not a surprise when you see a Washington law firm whose business is basically siphoning money to the plutocracy — promoting outsourcing, homeland security and Wall Street financial services — support the Cult’s hobby horse.
Such firms see protection against EMP doom as just another way to suck taxpayer dollars into client coffers, in this case Wall Street investment firms like Goldman Sachs.
A .pdf here explains elliptically why such firms are interested in the mischief being created by Franks.
What it boils down to is simpler than it reads.
Any legislation adopted, and I’ve stated before there’s not a lot of chance Franks’ bill will survive, would nevertheless present an opportunity for further legal amendment. Since it might affect large portions of the power-transmitting infrastructure in the country, the private sector must be involved. Therefore opportunities will exist to divert potentially large taxpayer sums to the usual corporate parties.
It is also unsurprising that the same memo, authored by the Sutherland, Asbill & Brennan legal firm, also supports Susan Collins’ Orwellian-named Cyber Security and Internet Freedom act, previously stalled because of resistance to Internet “kill switch” powers.
Collins has resubmitted it accompanied by blandishments that the new bill doesn’t give the president “kill switch” power. Critics in the technology sector, and there are many, aren’t having it. They still consider it a rotten fish.
It is.
A recent news article reads:
Republican U.S. Sen. Susan Collins’ latest proposal to beef up the country’s cyber security has a new name and language explicitly denying the president the so-called “kill switch” power to unilaterally shut down the Internet.
But so far the legislation’s makeover has failed to win over the technology community, libertarians and civil rights advocates, who worry the bill still gives the president and the government too much power to disrupt Internet communications.
Permalink
02.22.11
Posted in Cyberterrorism, Extremism, War On Terror at 1:40 pm by George Smith
The e-mail dump from HBGary Federal, carried out by the Anonymous hacking group, has most famously exposed corporate plots to attack and discredit WikiLeaks, Glenn Greenwald and ThinkProgress.
Perhaps less publicized was Ars Technica’s story on the corporate development of malware for the US government.
The publication introduces the story:
On November 16, 2009, Greg Hoglund, a cofounder of computer security firm HBGary, sent an e-mail to two colleagues. The message came with an attachment, a Microsoft Word file called AL_QAEDA.doc, which had been further compressed and password protected for safety. Its contents were dangerous.
“I got this word doc linked off a dangler site for Al Qaeda peeps,” wrote Hoglund. “I think it has a US govvy payload buried inside. Would be neat to [analyze] it and see what it’s about. DONT open it unless in a [virtual machine] obviously… DONT let it FONE HOME unless you want black suits landing on your front acre. :-)”
The attached document, which is in English, begins: “LESSON SIXTEEN: ASSASSINATIONS USING POISONS AND COLD STEEL (UK/BM-154 TRANSLATION).”
It purports to be an Al-Qaeda document on dispatching one’s enemies with knives (try “the area directly above the genitals”), with ropes (“Choking… there is no other area besides the neck”), with blunt objects (“Top of the stomach, with the end of the stick.”), and with hands (“Poking the fingers into one or both eyes and gouging them.”).
But the poison recipes, for ricin and other assorted horrific bioweapons, are the main draw. One, purposefully made from a specific combination of spoiled food, requires “about two spoonfuls of fresh excrement.” The document praises the effectiveness of the resulting poison: “During the time of the destroyer, Jamal Abdul Nasser, someone who was being severely tortured in prison (he had no connection with Islam), ate some feces after losing sanity from the severity of the torture. A few hours after he ate the feces, he was found dead.”
It immediately caught DD’s eye because al_Qaeda.doc has been jihadi sucker bait for about a decade.
It’s a well-known fragment taken from the old Manual of Afghan Jihad, a copy originally seized from an old member of the Taliban in England and subsequently typed by the US and British government into a number of similar forms, and presented over the course of the war on terror as evidence at a number of terror trials.
A larger form of it, sans the poisons recipes, was even sequestered on a White House server during the Bush administration, part of an unintentionally hilarious argument made by that president that al Qaeda used torture but that the US did not.
I put the same fragment on the old DD blog years ago in connection with ongoing discussions on these matters, most notably because it was connected with the infamous London ricin trial and the resulting verdict, a time span between 2005-2006.
It is here.
Since it has been an object of keen interest, it’s no surprise the US government might use it in an archive as bait to pass malicious rootkit software.
However, it should be noted that, over the years, it is not just the random wanna-be jihadis and terrorists who have been attracted to it. Even seeding it onto a “dangler site for jihadi peeps” probably guaranteed that not just “bad guys” would get it.
In fact, there has long been an array of US private sector intel businesses, not necessarily adept at computer security and defending themselves from malware, who scour such sites for these things. So they can sell them to their clients. Or back to the US government.
It’s also worth mentioning that the poison-making recipes in it are rubbish.
The “two spoonfuls of excrement” formula is basically the old crap recipe for botox, first published on the fringes of the neo-Nazi survivalist right in the US in the Eighties, specifically in Maxwell Hutchkinson’s “The Poisoner’s Handbook.”
The definitive story on that, along with screen snapshots and pictures, is here.
The recipe for ricin, actually just a procedure for pounding and degreasing castor seeds, originally stems from Kurt Saxon’s Poor Man’s James Bond.
“According to Hoglund, the recipes came with a side dish, a specially crafted piece of malware meant to infect Al-Qaeda computers,” reported Ars Technica.
“Is the US government in the position of deploying the hacker’s darkest tools—rootkits, computer viruses, trojan horses, and the like? Of course it is, and Hoglund was well-positioned to know just how common the practice had become. Indeed, he and his company helped to develop these electronic weapons.
“Thanks to a cache of HBGary e-mails leaked by the hacker collective Anonymous, we have at least a small glimpse through a dirty window into the process by which tax dollars enter the military-industrial complex and emerge as malware.”
The rest of the Ars Technica story is here.
(Thanks to RMS for the tip.)
Permalink
02.17.11
Posted in Cyberterrorism at 9:30 am by George Smith
From Cryptome, worth reading in entirety:
The exploits of Anonymous to hack the systems of firms providing spying services to governments and corporations suggest that the WikiLeaks mini-era has been surpassed.
Much of WikiLeaks promise to protect sources is useless if the sources are not whistleblowers needing a forum for publication. Instead publishers of secret information grab it directly for posting to Torrent for anybody to access without mediation and mark-up by self-esteemed peddlers of protection, interpretation and authentication, including media cum scholars.
The wit and brevity of Anonymous taunts are exemplary — min-talk max-action — compared to the overblown gravitas of WL aping MSM in valuing its mission over short-shrifted “sources.”
Permalink
02.15.11
Posted in Culture of Lickspittle, Cyberterrorism at 2:40 pm by George Smith
Unsurprisingly, more damning e-mails recovered from HBGary Federal by the Anonymous hacking group put to the lie CYA declarations that only one rogue employee, Aaron Barr, was involved.
Hundreds of e-mail show Barr’s collaboration with employees at Berico Technologies and Palantir.
Palantir, naturally, stands to lose something from this scandal.
It’s website brags about how the company was started by computer experts who value privacy and civil liberties above all. A claim that can now be regarded as insincere eyewash in light of the current attack on WikiLeaks/Glenn Greenwald scandal.
In a denial issued soon after the scandal began to break in the mainstream news, Palantir CEO Alex Karp issued a statement — here — attempting to separate the firm from the imbroglio.
Karp, on the matter:
Palantir Technologies provides a software analytic platform for the analysis of data. We do not provide – nor do we have any plans to develop – offensive cyber capabilities. Palantir Technologies does not build software that is designed to allow private sector entities to obtain non-public information, engage in so-called “cyber attacks??? or take other offensive measures. I have made clear in no uncertain terms that Palantir Technologies will not be involved in such activities. Moreover, we as a company, and I as an individual, always have been deeply involved in supporting progressive values and causes. We plan to continue these efforts in the future.
The right to free speech and the right to privacy are critical to a flourishing democracy. From its inception, Palantir Technologies has supported these ideals and demonstrated a commitment to building software that protects privacy and civil liberties.
The hacking group Anonymous provides a searchable database of HBGary Federal e-mails here.
Using it, it is an uncomplicated process to uncover Palantir employees working on the proposal to attack WikiLeaks, coordinated with the Hunton & Williams legal firm, the deal started by Palantir connecting the group with the Washington lawyers. The aim — to pitch the attack capability to Bank of America or, more broadly, apparently corporate America as a grand market ripe for services attacking critics.
Some samples, the first on the attack proposal from Palantir employee Matthew Steckman:
On Dec 3, 2010, at 8:52 AM, Matthew Steckman wrote:
> Updated with Strengths/Weaknesses and a spotlight on Glenn Greenwald…thanks Aaron!
>
This next e-mail, from an employee — John Woods, at Hunton & Williams:
On Dec 2, 2010, at 3:55 PM, “Woods, John” > wrote:
Richard and I am meeting with senior executives at a large US Bank tomorrow regarding Wikileaks. We want to sell this team as part of what we are talking about. I need a favor. I need five to six slides on Wikileaks – who they are, how they operate and how this group may help this bank. Please advise if you can help get me something ASAP. My call is at noon.
Here is another, describing the proposal as an “A Team doc”:
A-team doc
We need to blow these guys away with descriptions of our capabilities, IP, and talent. Make them think that we are Bond, Q, and money penny all packaged up with a bow.
Matthew Steckman
Palantir Technologies | Forward Deployed Engineer
And there is an e-mail indicating the project was green-lighted through Palantir CEO Alex Karp:
Apologies for taking this long to get back to you. Eli and I had to run this way up the chain (as you can imagine). The short of it is that we got approval from Dr. Karp and the Board to go ahead with the modified 40/30/30 breakdown proposed. These were not fun conversations, but we are committed to this team and we can optimize the cost structure in the long term (let’s demonstrate success and then take over this market :)).
The “40/30/30 breakdown” refers to the way profits would be shared on any deal through Hunton & Williams.
And here is a haphazard e-mail discussing pricing for the attack proposal. It varies from 2 million to 200,000/month.
Rob Rosenberger at vmyths/security-critics adds a post on the Barr matter, as well as another, here.
He writes:
Now comes a new era for the computer security industry … outrightalleged criminal activity within its ranks …
The global computer security arena is now so profitable and so willing to prostitute itself — with customers so eager to spend money and reporters so willing to write stories — that it shouldn’t surprise us to find outrightalleged criminals with a digital store front.
Addendum: Alert readers may raise their eyebrows. It’s been a long time since anyone referred to me and used my middle initial.
And the only reason it was employed on the Internet was because the publisher of my book on virus-writers insisted upon it in 1994. A few years later the man ran off to live in Belize and seemingly vanished by jumping up his ass.
Permalink
02.14.11
Posted in Cyberterrorism at 12:41 pm by George Smith
At Cryptome, a proposal put together by HBGary F, Palantir Technologies and Berico Technologies.
Here.
It is a draft copy pitch for the team’s services to corporate America, presumably for the purposes of spying on and dirty-tricking critics or adversaries. It is part of the document leak which resulted when the hacking group Anonymous struck back at Aaron Barr of HBGary Federal for exposing members in a story to the Financial Times.
One paragraph implies creation of fraudulent content on the web in order to discredit targets:
If needed or desired we have the capability to create very realistic web content to engage specific audiences to gather more specific information … This encompasses persona creation, landing pages and other new media content. For this to be successful it [sic] requires a strong understanding of the target as well as a strong understanding how to use such techniques in operations.
The individuals involved in the pitch are Aaron Barr of HBGary Federal, Doug Philippone of Palantir, and Guy Filippelli of Berico.
Philippone “commanded multiple Joint Special Operations Command outstations in support of the global war on terror. Doug ran the foreign fighter campaign on the Syrian border in 2005 to stop the flow of suicide bombers into Baghdad and helped to ensure a successful Iraqi election.
The corporate pitch was for use by Hunton & Williams, the law firm identified as intermediary for connecting the spying firms with Bank of America and the Chamber of Commerce, for use in plans to target WikiLeaks, Glenn Greenwald, ThinkProgress and other, as yet unnamed, journalists.
Related: The ‘Odious corporate spying firms’ collection.
Permalink
02.13.11
Posted in Cyberterrorism at 9:39 am by George Smith
Odious corporate spying forms HBGary Federal, Palantir Technologies and Berico Technologies continued to enjoy outrageously bad publicity as their botched plan to attack WikiLeaks and Glenn Greenwald was discussed in the mainstream press over the weekend.
The New York Times ran an item, notable for the statistic on a growth corporate industry whose products appear to be predatory behavior and throwing sand in the gears.
It reads:
Jonathan E. Turner, who runs a Tennessee-based business that gathers intelligence for corporate clients, said that companies nationwide relied on investigators to gather potentially damaging information on possible business partners or rivals. “Information is power,??? said Mr. Turner, former chairman of the Association of Certified Fraud Examiners.
He estimated that the “competitive intelligence??? industry had 9,700 companies offering these services, with an annual market of more than $2 billion, but said there were limits to what tactics should be used.
Bank of America and the Chamber of Commerce distanced themselves on Friday from any effort to embarrass or collect disparaging information about their critics.
The Anonymous hacking group again raided the e-mails of HBGary Federal, promising the revelation of more incriminating and potentially criminal behavior.
None of this is particularly surprising in 2011 US of A. It’s fairly apparent that there is virtually no enthusiasm in the US government for regulation of companies whose business model is providing services for often illegally attacking the citizen critics of big corporations.
The banner motto for this story remains Palantir Technologies now shown to be fatuous claim:
Palantir was built by technologists serious about protecting privacy and civil liberties.
Cryptome samples some of the documents taken from HBGary Federal here.
They can be fairly characterized as deadening to mediocre slide show presentations in .pdf format, aimed at pitching the CEO’s expertise in various general security and social networking matters to dull but potentially evil white businessmen in corporate America.
Permalink
02.11.11
Posted in Cyberterrorism at 2:16 pm by George Smith
One of the paradoxes of the corporate spying campaign against WikiLeaks and Glenn Greenwald is the use of Palantir Technologies intellectual property.
If you fish around on the company website, you quickly find stories, usually from business sections of daily newspapers, on the nature of its terror-network finding software.
It’s literally described as almost the best thing since sliced bread.
Palantir will end the devastation in Haiti. Its product is greatly desired by the US government and intelligence agencies who are said to be using it in the war on terror. And Palantir will be used to find fraud in stimulus spending.
What’s absent, of course, is what one of its big applications appears to be now:
Enabling corporate America to dirty-trick and attack critics by establishing their networks, which are generally right out in the open, anyway. And then outlining and defining them as targets or pressure points with reputations, civil liberties and privacy to be potentially rubbished.
One supposes that from the point of view of a Bank of America or US Chamber of Commerce, critics and journalists are considered terrorists.
Which makes the market — the US financial sector — for Palantir’s tools very clearcut.
Although it probably goes without saying, the market for doing evil domestically is now quite a lure. With a company like Palantir, and its obvious desire to market to the private sector as well as government, it is not too hard to imagine employees brainstorming ways to pitch the company’s products as solutions for various ‘problems’ in corporate America.
And such problems now appear to be, obviously, how to define, neutralize, discredit and suppress networks of critics, journalists and leakers.
Lot of business opportunity there.
Which continues to make any corporate claim that its founders prize privacy and civil liberties something of a laugh riot, at this juncture.
Permalink
Posted in Cyberterrorism, Stumble and Fail at 1:22 pm by George Smith
Odious corporate spy firms Palantir, HBGary Federal and Berico Technologies continue to reap the whirlwind of messing with the Anonymous hacking group.
Consider for a moment, firms which rely upon alleged expertise in computer security dieing by the same sword.
By way of Digby, Palantir et al were also doing dirty tricks for the US Chamber of Commerce, another famous villain on the national landscape.
“ThinkProgress has learned that a law firm representing the U.S. Chamber of Commerce, the big business trade association representing ExxonMobil, AIG, and other major international corporations, is working with set of ‘private security’ companies and lobbying firms to undermine their political opponents, including ThinkProgress, with a surreptitious sabotage campaign,” reports the website of TP.
It reads:
According to one document prepared by Team Themis [Palantir, HBGary Federal and Berico), the campaign included an entrapment project. The proposal called for first creating a “false document, perhaps highlighting periodical financial information,??? to give to a progressive group opposing the Chamber, and then to subsequently expose the document as a fake to undermine the credibility of the Chamber’s opponents. In addition, the group proposed creating a “fake insider persona??? to “generate communications??? with Change to Win.
It’s always worthwhile to scan the self-serving websites of companies like Palantir, particularly after it has been exposed as place where the professional product appears to be dirty-tricking and trying enable the throwing of sand into the gears of the lives of others.
“At Palantir, the best idea wins,” reads the Palantir page here. “This means the respect of your peers must be earned; seniority has no place here. We are radically transparent and we despise politicking.”
This is also particularly trenchant now:
We embrace the adage, if you never fail, then you aren’t taking enough risks. We take failure as an opportunity to literally ask “Why?,??? until we’ve diagnosed the problem and figured out how to prevent it from happening again. At Palantir, hiding a failure is taboo; here, you get respect for letting the rest of the company know what happened and how to avoid the same pitfall.
“Awhile back we shared some screenshots of the Elvish Palantir Workspace,” reads one company blog.
It is also worthwhile reviewing this bit of self-serving rubbish:
Palantir was built by technologists serious about protecting privacy and civil liberties.
“Palantir’s user-friendly analysis program is becoming a major player in the war against terrorism and cyber espionage, stimulus spending accountability (Palantir is literally powering the administration’s efforts to identify fraud in stimulus projects), health care, and even natural disasters like the recent earthquake in Haiti,” reads more self-serving press from a happier time.
The company is fond of touting its terror-network finding software to business publications.
Which explains why the wars in Afghanistan and Yemen are all but over with Osama bin Laden captured in 2009. Oh, wait …
Now that Palantir has stepped in it, here’s an apology from its CEO, Dr. Alex Karp.
Short version: We do not do the awful things it looks like we’ve been caught doing because our name/insignia was all over those damning slides etc, etc.
It’s also worth noting the coincidence and serendipitous nature of their current trouble.
None of this would have likely made big news if one of the corporate spying firm employees hadn’t felt compelled to brag about how great he was to journalist Joseph Menn at the Financial Times.
When Menn bit on the story he was, basically, giving publicity to forces of evil.
The unexpected snapback, which came from the hacking group Anonymous — which the story had targeted — resulted in troubles and embarrassments for Palantir, HBGary Federal and Berico, things the three firms were planning for WikiLeaks and others.
Permalink
02.01.11
Posted in Cyberterrorism at 10:04 am by George Smith
Ludicrous. Do it again, must break finger.
Talk to the press hot on a story of mythic proportion too much, you can screw up.
Today’s case, Ralph Langner, the German computer security expert, perhaps seeking to defuse some of the mania now surrounding the Stuxnet worm.
From AP, where the reporter and editor obviously don’t know much about nuclear reactors and the difference between fission and fusion:
But German cybersecurity researcher Ralph Langner says that, while the virus has infested the reactor’s computers, “Stuxnet cannot technically mess with the systems in Bushehr.
“Bottom line: A thermonuclear explosion cannot be triggered by something like Stuxnet,” said Langner, who has led research into Stuxnet’s effects on the Siemens equipment running Iran’s nuclear programs.
Thermonuclear explosion. Ahem.
See here — Google is your friend.
For the computer security man and AP reporter:
Fellows, regardless of your position on the story, nuclear reactors generate energy through fission. A thermonuclear reaction is the hydrogen bomb, a different animal. Sadly, nuclear reactors aren’t potential fusion bombs.
Oof. The only thing that’s gone thermonuclear on Stuxnet is the reporting, so to speak.
Route this one to trash.
Actually, there’s a bit of humor here.
If Stuxnet actually could cause a thermonuclear explosion, the presumed joint Israeli/US malware operation would have accidentally given the Iranians a much bigger bomb than the one they’re trying to make.
Permalink
01.27.11
Posted in Cyberterrorism, Stumble and Fail at 12:00 pm by George Smith
An opinion piece that was solicited by Federal Computer Week back in December:
They’re everywhere — employed by government, the military and corporate America. And because we have come to the point that the United States is considered by some to be a bad global actor — whether you share that point of view or not — the government is faced with a problem it cannot solve. Its exposure is thought by many to be deserved.
In this new reality, as in nature, a vacuum is abhorred. The mainstream media no longer fulfills the role of speaking truth to power. It opened the door for [Julian Assange] and WikiLeaks.
The rest in “Get Used to the WikiLeaks mindset” is here. Including an amusing pic of yours truly.
Permalink
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »