Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.

Social Engineering in the Digital Cyber Age

by Oui Sat Dec 30th, 2017 at 11:52:25 AM EST

The importance of the U.S. Presidential election and how difficult it will be to maintain democratic values.

In my analysis, the U.S. Election 2016 was unprecedented in malevolent intervention from Intelligence agencies from major world powers. The nations of the Asian continent have undoubtedly worked hard in hacking and cyber crimes on an equal basis as the Western world.

More and more, there is more than meets the eye in the whole #Russiagate affair of deception, espionage, smoke and mirrors. My belief there were people set-up around the original Republican funded Trump dossier. There were fall guys introduced, an FBI mole within the Trump campaign HQ and the bogus and poorly documented Steel dossier that was actually written and produced by Fusion GPS.

The Mueller investigation should focus on the role Fusion GPS played, the main characters Glenn Simpson and his spouse Jacoby.

Originally the Trump opposition dossier was funded by intrigant Paul Singer and a source within the Emirates (Abu Dhabi). The UAE has worked hand in glove with the Saudi regime in Yemen and in the Syrian civil war. Now the Gulf States (minus Qatar) have been cooperation with Israeli intelligence to turn US foreign policy in their favor and contribute all terror to the Islamic State of Iran.

Saudi and Israel intelligence had earlier joined forces in false-flag attacks in Syria. Both countries backed Al Qaeda and the Al-Nusra foreign fighters against Assad.
King Salman failed in his attempt to open a new battle front in Lebanon by incarcerating Saad Hariri.

Today, the Saudi regime with all its wealth, will do a new attempt to get Pakistan and its new leaders to follow the foreign policy demands of King Salman. Pakistan of course possesses the Islamic Nuclear bomb.

A werlcome sign for the region, unrest in a number of cities in Iran today. Most likely initiated by economic austerity measures, price hikes and the frustration of Iranians fighting and dying for a cause in foreign nations.

Escalation Towards Military Strike on Iran's Nuclear Facilities
Stuxnet: US-Israel Cooperation Cyber Warfare on Iran (2011)
The Saudi-Israeli Alliance and Piggy-back Coup of 2005

Cyber warfare after the joint US-Israeli Stuxnet Operation

More below the fold ...

@BooMan I posted a follow-up diary

Dutch Cooperated with Sergei Mikhailov (FSB)

Israel's rash behavior blew operation to sabotage Iran's computers, US officials say | JPost - Feb. 2016 |

According to the claims in the film, the hasty Israeli action prevented the carrying out of a number of further planned actions that were intended to sabotage computers at a second, more fortified uranium enrichment facility at Fordow. The film also reveals another planned cyber unit covert operation code-named NZ (Nitro Zeus).

"We spent millions on this operation to sabotage all of the computers of the Iranian infrastructure in the instance of a war," a source quoted in the film said. "We penetrated the government, electricity lines, power stations and most of the infrastructure in Iran."

The deadly virus that was implanted at Natanz was named "Stuxnet" by computer security experts, but it had a different name among the Israeli and American intelligence communities that was not revealed in the film. The codename of the entire operation, as was revealed by New York Times' journalist David E. Sanger, was "Olympic Games." Conventional wisdom holds that the implanting of the virus marked the first time that a country, or two countries in this case (the US and Israel), engaged in cyber warfare against another country (Iran).

President Obama thwarted an Israeli attack on Iran

In order to calm Israel down, and to prove that the administration was working diligently to thwart an Iranian nuclear weapon, Obama ordered the intelligence community to increase its efforts and its cooperation with the Mossad and Unit 8200. He did so despite having some doubts about the operation. Obama expressed concern that "the Chinese and the Russians will do the same thing to us," and insert viruses into nuclear facilities and other strategic sites in the United States.

Penetrating the Iran Nuclear Talks: Israel -- And Others -- Use Malware for Cyber-Espionage

Not Getting the Balance Right by BooMan on Jul 21st, 2013

If former Vice Chairman of the Joint Chiefs of Staff James "Hoss" Cartwright actually gets indicted for leaking about the Stuxnet virus to David Sanger of The New York Times, I will be impressed. No one as high ranking has even been prosecuted for divulging classified information.


    In August 2011, Cartwright retired from the military. Five months later, he joined the board of directors of Raytheon Co., the Pentagon's prime contractor for JLENS.

    Cartwright collected $304,013 in company cash and stock in 2012, his first year on the board. Through the end of 2014, Raytheon had paid him a total of $828,020, according to filings with the U.S. Securities and Exchange Commission.

On November 2, 2012, in an interview with the FBI, Cartwright denied he was the source of the leaks. On October 17, 2016, Cartwright entered a guilty plea in the U.S. District Court for the District of Columbia on a charge of making false statements during the leak investigation, a felony.

Outgoing President Barack Obama pardoned Cartwright on January 17, 2017.

Social Engineering Insight fron DefCon by Kridts M. / Cyber Threat Intelligence Analyst, NJCCIC

Of all the lectures I attended, some of the most interesting and engaging speakers I saw shared their knowledge and insight at the "Social Engineering Village Talks," an area of the conference dedicated solely to the topic of social engineering. The main point each of these speakers emphasized was this: human beings are the most vulnerable entry point into a network, a business, or an organization. According to the IBM 2014 Cyber Security Intelligence Index, 95 percent of all investigated cybersecurity incidents listed human error as a contributing factor.

What is Social Engineering?

Social engineering is an umbrella term encompassing the full range of methods used to manipulate people into divulging sensitive information. There are two main types of social engineering: human-based and computer-based. Human-based methods require the attacker to interact with people in order to obtain information, gain physical access to a location, system, or network. Computer-based methods use technology in an attempt to convince people to take a specific action that will ultimately lead to infected systems, compromised networks, and data theft.

Some examples of human-based social engineering tactics include:


  • Researching the target: attackers will often conduct preliminary reconnaissance on their victims before attempting to make contact in order to craft the most believable scenario possible.
  • Piggybacking and tailgating: an attacker attempts to gain unauthorized access to a location by following behind others to get through locked doors or restricted entryways.
  • Shoulder surfing: an attacker tries to gain login credentials by looking over the shoulder of the victim as they type.

Some examples of computer-based social engineering tactics include:

  • Spear phishing: an attacker using this technique will send specially-crafted emails targeting a specific group of people (e.g., an email that appears to originate from a company's IT department encouraging employees to reset their account passwords by clicking on a malicious link.)
  • Baiting: this tactic involves enticing victims with something they desire or piquing their curiosity in order to get them to take an action that will result in an infected system or compromised network (e.g., leaving a curiously-labeled malicious USB drive in a high-traveled area, infecting a movie or music file on a peer-to-peer network with a malicious payload.)
  • Website Cloning/Spoofing: an attacker makes a malicious version of a popular website and tries to trick victims into thinking it's legitimate and visiting it, which could result in a malware infection, stolen account credentials, or a compromised network.

My #SEVillage @defcon experience  

Walking in your enemy's shadow: when fourth-party collection becomes attribution hell by Juan Andres Guerrero-Saade and Costin Raiu - Kaspersky Lab

Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt manipulation have proven enough for many researchers to shy away from the attribution space. And yet, we haven't even discussed the worst-case scenarios. What happens to our research methods when threat actors start hacking each other? What happens when threat actors leverage another's seemingly closed-source toolkit? Or better yet, what if they open-source an entire suite to generate so much noise that they'll never be heard?

Leaked documents have described how the standard practice of one espionage outfit infiltrating another has transcended into the realm of cyber in the form of fourth-party collection. While this represents an immediate failure for the victim intelligence service, the tragedy doesn't end there. Attackers can then go on to adopt the victim threat actor's toolkit and infrastructure, leveraging their data and access, and perpetrating attacks in their name. As interesting as this conversation could be in the abstract, we'd rather present examples from unpublished research that showcase how this is already happening in-the-wild.

Similarly, while we'd prefer to present threat intelligence research in its most polished and convincing form, fringe cases do appear. Strange activity overlaps between clusters, APT-on-APT operations, open-sourcing of proprietary tools, or repurposing of proprietary exploit implementations are some of the ways that the attribution and activity clustering structures start to break down and sometimes collapse. And this is not all an unintentional byproduct of our position as external observers; some threat actors are overtly adopting the TTPs of others and taking advantage of public reporting to blend their activities into the profiles researchers expect of other actors.

The material includes in-the-wild examples to substantiate previously hypothesized claims about attackers stealing each other's tools, repurposing exploits, and compromising the same infrastructure. These covert dynamics in the space of cyberespionage further substantiate the difficulties underlying accurate security research and the need to track threat actors continually. The examples we'll focus on come from unpublished research and unwritten observations from the original researchers themselves. The hope is to escape threat intel solipsism by providing a better framework to understand and discuss operations and actors and to understand how traditional espionage shadow games are being played out on the digital front.

Israel's Hand in the Short History of Islamophobia
Murdoch's WSJ Editorial Board Going Bats**t

Similar devious methods are used in daily life, HUMINT and media oriented propaganda what #Russiagate has become.

#PropOrNot: Russia propaganda Fall of 2016
A Breath of Fresh Air

Will take a few days to learn what the Iranian protest is all about!

History of sanctions advises that Iran is far from collapse | The National |

On Sunday the Israeli finance minister, Yuval Steinitz, declared that the Iranian economy was "on the verge of collapse". Sanctions were finally working and causing the Iranians "great economic difficulties", as a result of an estimated annual loss of $45 billion to $50 billion (Dh165 billion to Dh184 billion) in oil revenues.

The previous day, the Israeli foreign minister, Avigdor Lieberman, said that he believed the mullahs would soon be overthrown by an "Iranian-style Tahrir revolution", such as the one that toppled Hosni Mubarak in Egypt.

These statements should not be taken at face value. They are part of the climb-down executed by the Israeli prime minister, Benjamin Netanyahu, who has tacitly admitted that Israel does not have the power to knock out Iran's nuclear facilities on its own and has therefore extended his "deadline" for military action until the middle of next year, in the hope that the Americans will join him then.

The world should be grateful that another war in the Middle East is not about to start. But the narrative "sanctions are working" has taken on a life of its own.

The story was given a push by scuffles in Tehran caused by the plummeting value of the Iranian rial, and the clumsy attempts of the president, Mahmoud Ahmadinejad, to impose state regulation on the hectic foreign exchange markets.

With confidence in the rial collapsing, crowds scuffled with police as they closed down currency traders, and bazaar traders, unable to price their goods, gathered to shout angry slogans against the government, including: "Leave Syria alone and think of us."

US, UK Alliance Prepare Iran Attack in 2012
Lieberman to PA: Take 45% of West Bank and STFU (2011)

Further reading ...

Bush - Israel - Iran - Going 'Nucelar' by ask on Jan. 7, 2008
Israeli Right Winged Fanatic now in Charge of Iran Strategy by Mattes on Oct. 24, 2006

'Sapere aude'

by Oui (Oui) on Sat Dec 30th, 2017 at 11:05:30 PM EST
Why I Left The Intercept: The Surveillance Story They Let Go Untold for 15 Months  by Marcy Wheeler

The Intercept has a long, must-read story from James Risen about the government's targeting of him for his reporting on the war on terror. It's self-serving in many ways -- there are parts of his telling of the Wen Ho Lee, the Valerie Plame, and the Jeffrey Sterling stories he leaves out, which I may return to. But it provides a critical narrative of DOJ's pursuit of him. He describes how DOJ tracked even his financial transactions with his kids (which I wrote about here).

    The government eventually disclosed that they had not subpoenaed my phone records, but had subpoenaed the records of people with whom I was in contact. The government obtained my credit reports, along with my credit card and bank records, and hotel and flight records from my travel. They also monitored my financial transactions with my children, including cash I wired to one of my sons while he was studying in Europe.

He also reveals that DOJ sent him a letter suggesting he might be a subject of the investigation into Stellar Wind.

    But in August 2007, I found out that the government hadn't forgotten about me. Penny called to tell me that a FedEx envelope had arrived from the Justice Department. It was a letter saying the DOJ was conducting a criminal investigation into "the unauthorized disclosure of classified information" in "State of War." The letter was apparently sent to satisfy the requirements of the Justice Department's internal guidelines that lay out how prosecutors should proceed before issuing subpoenas to journalists to testify in criminal cases.


    When my lawyers called the Justice Department about the letter I had received, prosecutors refused to assure them that I was not a "subject" of their investigation. That was bad news. If I were considered a "subject," rather than simply a witness, it meant the government hadn't ruled out prosecuting me for publishing classified information or other alleged offenses.

But a key part of the story lays out the NYT's refusals to report Risen's Merlin story and its reluctance -- until Risen threatened to scoop him with his book -- to publish the Stellar Wind one.

Glenn Greenwald is rightly touting the piece, suggesting that the NYT was corrupt for acceding to the government's wishes to hold the Stellar Wind story. But in doing so he suggests The Intercept would never do the same.

That's not correct.

One of two reasons I left The Intercept is because John Cook did not want to publish a story I had written -- it was drafted in the content management system -- about how the government uses Section 702 to track cyberattacks. Given that The Intercept thinks such stories are newsworthy, I'm breaking my silence now to explain why I left The Intercept.

From my new diary - The Story Behind Chris Steele - Ukraine and Nuland.

'Sapere aude'

by Oui (Oui) on Sun Jan 7th, 2018 at 03:12:17 PM EST
At that point, the discussion of hiring me turned into a discussion of a temporary part time hire. I should have balked at that point...

Part of my is trying to feel sympathetic. Temp-to-hire propositions, "spec work," NCAs, work-product waivers --these rent traps will never disappear. I know jobs that suck even when one can command a four- or five-figure day rate. Which is one reason why one demands bank and per diem or the press credential, if that's what one needs, to produce original, not derivative, work and walk away.

But another part of me has a low opinion of DKos' dedicated-DNC farm league ambitions. The reluctance to read into Patriot Act I-II in real time was a side of blind loyalty. "Criminal" conduct that congress dealt the agencies with plausible deniability was plain in the shear volume and novel construction of "sharing" info. Homeland Security, DNI--FFS! And slews of law firms were publishing notes on the web about business records liability!

Instead there was DNC fundraising, DNC fan fiction, and DNC skepticism about DNI [!], NSA, CIA, FBI "whistleblowers". Risen and Scahill reporting --to whom EW compares her "expertise"-- were sandbagged by *Post and *Times columnists years before Greenwald and Christ Snowden shopped a hard drive. At DKos that obscurity was met with incredulity, because that was a group that could not imagine bureaucrats willing --required by duty in fact NEW! "national security" privileges -- to lie to the public until some newsfeed produces the fait accompli. A decade later, anyone still deconstructing narratives instead of interrogating congressional reps and mid-career bureaucrats oe highjacking shredding machines is still behind the curve. Fine. Education is never wasted.

But please. stroking Schiff and polishing "reform" of corrupt police powers first injected by PAT I (2001) into USC is not news. Filtering telecom data that should not in the first instance be collected is not protection. Hell. Who can name one successful § 702 conviction or civil suit?

Of course USA Rights amendment did not pass the House. Agreement on § 702 in principle for 17 years is plainly nonpartisan.

Diversity is the key to economic and political evolution.

by Cat on Fri Jan 12th, 2018 at 07:59:34 AM EST
[ Parent ]

Go to: [ European Tribune Homepage : Top of page : Top of comments ]