[nonrelevant] 2019 military hacking quip article online
what does this mean? at https://www.wired.com/beyond-the-beyond/2019/04/deny-degrade-disrupt-deceive... listed written by Bruce Sterlin, april 4 2019 "Military life is tough when there's an inter-service rivalry. Alas, I have to wear three hats while I attempt to sabotage computers." is simply a link to https://warontherocks.com/2019/04/cyber-command-the-nsa-and-operating-in-cyb... listed written by Andrew Schoka, april 3 2019 "To publish this article, I had to submit it for review to three separate organizations: the U.S. Army Intelligence and Security Command, United States Cyber Command (my employer), and the National Security Agency (NSA). In total, it took just under two months to secure approval from all three organizations for public release, significantly longer than it took to actually write the article itself. And this is still substantially faster than Cyber Command’s process to review and approve actual cyberspace operations, a system subjected to similar redundancy and repetition."
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, December 25, 2020 10:52 AM, Karl <gmkarl@gmail.com> wrote:
what does this mean? ... "To publish this article, I had to submit it for review to three separate organizations: the U.S. Army Intelligence and Security Command, United States Cyber Command (my employer), and the National Security Agency (NSA). In total, it took just under two months to secure approval from all three organizations for public release, significantly longer than it took to actually write the article itself. And this is still substantially faster than Cyber Command’s process to review and approve actual cyberspace operations, a system subjected to similar redundancy and repetition."
in the intelligence community, a rule applies: "pre-publication review", for national security risks. see https://knightcolumbia.org/content/prepublication-review-by-agency-and-agree... ^- a handy matrix of agency specific requirements. best regards, P.S. this, among other reasons, is why you should *NEVER* sign a secrecy agreement - it binds you for life, and encumbers your ability to speak freely forever after...
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, December 25, 2020 7:19 PM, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
... did you sign one?
no, however i have asked for the SF-86's from the OPM hack to be publicly dumped - this would allow for open source projects working on privacy enhancing technologies to avoid potential conflicts of interest or subterfuge from contributors. still waiting on that dump, of course :) best regards,
I'm on my phone. I'm not consenting to being away from my attempt to blockchain my emails regarding trying to find a brainwashing therapist. Sounds like I'll want to find one who's good with publishing the recordings, too. On Fri, Dec 25, 2020, 2:48 PM coderman <coderman@protonmail.com> wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, December 25, 2020 7:19 PM, Punk-BatSoup-Stasi 2.0 < punks@tfwno.gf> wrote:
... did you sign one?
no, however i have asked for the SF-86's from the OPM hack to be publicly dumped - this
I'm not familiar with SF-86 or OPM. Do you mean that, even though you haven't agreed to anything, that after something you've done, how you communicate may have changed or could change? would allow for open source projects working on privacy enhancing
technologies to avoid potential conflicts of interest or subterfuge from contributors.
You're saying that if we supported your request (maybe by showing it is important and making that very public), it would basically protect from severe disruption in a way generalizeable to all open source efforts?
still waiting on that dump, of course :)
best regards,
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, December 26, 2020 6:00 PM, Karl <gmkarl@gmail.com> wrote: ...
I'm not familiar with SF-86 or OPM.
SF-86 is the name of the form that US intelligence community members fill out during their vetting process for access to classified information. china stole all of these documents from the US via a hack of the Office of Personnel Management (OPM) who actually administers the background checks and clearance process for the intelligence community. thus, if someone published the SF-86 database, we could make sure no spooks are working under cover on open source projects (presumably in bad faith). best regards,
would allow for open source projects working on privacy enhancing technologies to avoid potential conflicts of interest or subterfuge from contributors.
You're saying that if we supported your request (maybe by showing it is important and making that very public), it would basically protect from severe disruption in a way generalizeable to all open source efforts?
still waiting on that dump, of course :)
best regards,
On Sun, Dec 27, 2020 at 9:02 PM coderman <coderman@protonmail.com> wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, December 26, 2020 6:00 PM, Karl <gmkarl@gmail.com> wrote: ...
I'm not familiar with SF-86 or OPM.
SF-86 is the name of the form that US intelligence community members fill out during their vetting process for access to classified information.
china stole all of these documents from the US via a hack of the Office of Personnel Management (OPM) who actually administers the background checks and clearance process for the intelligence community.
thanks ... i guess i could have looked that up ... always sketchy when somebody says it's known who did an international hack. implies either international hackers don't know how to actually hide who they are, government security workers place blame too readily, the public is being lied to, or the international security communities are staring at each oter all day, letting each other do everything, only stopping it afterwards. or all of those, i suppose. am i wrong?
thus, if someone published the SF-86 database, we could make sure no spooks are working under cover on open source projects (presumably in bad faith).
could be replaced .. would be a great leak though
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, December 28, 2020 4:10 AM, Karl <gmkarl@gmail.com> wrote: ...
always sketchy when somebody says it's known who did an international hack. implies either international hackers don't know how to actually hide who they are, government security workers place blame too readily, the public is being lied to, or the international security communities are staring at each oter all day, letting each other do everything, only stopping it afterwards. or all of those, i suppose. am i wrong?
you're right. i should have said *most likely* china. the way they (industry) attribute hacks is multifaceted. some information comes from the exploits used, which give clues to nationality, past activity, and technical capability. the best hints are given by underlying infrastructure. if China builds an infrastructure to attack target X, Y, Z, then that same infrastructure attacks Q, you know that Q was attacked by China. (most likely :P often, threat actors will disguise their attacks to *look* like another, like when Russia hacked the Olympics, and tried to make it look like North Korea (using parts of old NK exploit code to do so.) the wikipedia page does a good job summarizing the evidence: """ The overwhelming consensus is that the cyberattack was carried out by state-sponsored attackers for the Chinese government.[4] The attack originated in China,[6] and the backdoor tool used to carry out the intrusion, PlugX, has been previously used by Chinese-language hacking groups that target Tibetan and Hong Kong political activists.[4] The use of superhero names is also a hallmark of Chinese-linked hacking groups.[4] The House Committee on Oversight and Government Reform report on the breach strongly suggested the attackers were state actors due to the use of a very specific and highly developed piece of malware.[8] U.S. Department of Homeland Security official Andy Ozment testified that the attackers had gained valid user credentials to the systems they were attacking, likely through social engineering. The breach also consisted of a malware package which installed itself within OPM's network and established a backdoor. From there, attackers escalated their privileges to gain access to a wide range of OPM's systems. Ars Technica reported that at least one worker with root access to every row in every database was physically located in China. Another contractor had two employees with Chinese passports.[26] China denied responsibility for the attack.[27] In 2017, Chinese national Yu Pingan was arrested on charges of providing the "Sakula" malware used in the OPM data breach and other cyberintrusions.[10][11] The FBI arrested Yu at Los Angeles International Airport after he had flown to the U.S. for a conference.[10][11] Yu spent 18 months at the San Diego federal detention center and pleaded guilty to the federal offense of conspiracy to commit computer hacking and was subsequently deported to China.[11] He was sentenced to time served in February 2019 and permitted to return to China; by the end of that year, Yu was working as a teacher at the government-run Shanghai Commercial School in central Shanghai.[11] Yu was sentenced to pay $1.1 million in restitution to companies targeted by the malware, although there is little possibility of actual repayment.[11] Yu was one of a very small number of Chinese hackers to be arrested and convicted in the U.S.; most hackers are never apprehended. """ - https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach best regards,
On Mon, Dec 28, 2020 at 12:13 PM coderman <coderman@protonmail.com> wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, December 28, 2020 4:10 AM, Karl <gmkarl@gmail.com> wrote:
...
always sketchy when somebody says it's known who did an international hack. implies either international hackers don't know how to actually hide who they are, government security workers place blame too readily, the public is being lied to, or the international security communities are staring at each oter all day, letting each other do everything, only stopping it afterwards. or all of those, i suppose. am i wrong?
you're right. i should have said *most likely* china.
the way they (industry) attribute hacks is multifaceted. some information comes from the exploits used, which give clues to nationality, past activity, and technical capability.
the best hints are given by underlying infrastructure. if China builds an infrastructure to attack target X, Y, Z, then that same infrastructure attacks Q, you know that Q was attacked by China. (most likely :P
if a normal cracker thought of this, they would of course compromise somebody else's infrastructure and use that, as a norm. i think crackers think of things like that, if they are able to do them, which they usually are. back when i paid attention to things, random crackers were way more knowledgeable than government or corporate employees.
the wikipedia page does a good job summarizing the evidence: """ The overwhelming consensus is that the cyberattack was carried out by state-sponsored attackers for the Chinese government.[4] The attack originated in China,[6] and the backdoor tool used to carry out the intrusion, PlugX, has been previously used by Chinese-language hacking groups that target Tibetan and Hong Kong political activists.[4] The use of superhero names is also a hallmark of Chinese-linked hacking groups.[4]
when i found the trojans on the activist computers in west virginia around 2013, they were modified forms of a chinese trojan used for credit card theft, that didn't appear to be publically documented. i'd never investigated a trojan much before. my perception was that crackers lived all over the world, and got paid very well. i don't know much about it.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, December 28, 2020 5:41 PM, Karl <gmkarl@gmail.com> wrote: ...
if a normal cracker thought of this, they would of course compromise somebody else's infrastructure and use that, as a norm. i think crackers think of things like that, if they are able to do them, which they usually are.
this happens! the issue is, that your activity is visible to the original attackers - this is why most of the time, when one group compromises the systems of another, they watch and copy, rather than take over. it is indeed not too uncommon to find yourself on a system, only to discover someone else is already there :P
back when i paid attention to things, random crackers were way more knowledgeable than government or corporate employees.
that used to be more true than it is today. over the past decade plus, there has been a strong push to recruit hacker talent into covert ops. the FBI does this with a stick : "you've been caught, how about we forget this incident and you work for Uncle Sam?" the Intelligence Community does it with carrot : "If you hack for us, you can do illegal things with exorbitant resources; we'll pay you well. why not?" hence today you are likely to find the best hackers working indirectly for government, via defense contractors, under secrecy. there are exceptions, like Google's Project Zero and whitehat bounty hunters.
when i found the trojans on the activist computers in west virginia around 2013, they were modified forms of a chinese trojan used for credit card theft, that didn't appear to be publically documented. i'd never investigated a trojan much before.
yup, this too clouds the attribution effort - older code more widely disseminated, and thus harder to attribute. i am reminded of the spy game, a "Wilderness of Mirrors", it applies to digital attacks as well... best regards,
this conversation seems to have some important information in it. I'm doing something else right now but added one thing below On Mon, Dec 28, 2020 at 1:20 PM coderman <coderman@protonmail.com> wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, December 28, 2020 5:41 PM, Karl <gmkarl@gmail.com> wrote: ...
if a normal cracker thought of this, they would of course compromise somebody else's infrastructure and use that, as a norm. i think crackers think of things like that, if they are able to do them, which they usually are.
this happens! the issue is, that your activity is visible to the original attackers - this is why most of the time, when one group compromises the systems of another, they watch and copy, rather than take over.
i think what coderman is saying here is not that people would refrain from compromising systems to be unseen, but that people compromise systems and then don't do anything new with them, in order to be unseen. that is my perception, too.
it is indeed not too uncommon to find yourself on a system, only to discover someone else is already there :P
back when i paid attention to things, random crackers were way more knowledgeable than government or corporate employees.
that used to be more true than it is today.
over the past decade plus, there has been a strong push to recruit hacker talent into covert ops.
the FBI does this with a stick : "you've been caught, how about we forget this incident and you work for Uncle Sam?"
the Intelligence Community does it with carrot : "If you hack for us, you can do illegal things with exorbitant resources; we'll pay you well. why not?"
hence today you are likely to find the best hackers working indirectly for government, via defense contractors, under secrecy.
there are exceptions, like Google's Project Zero and whitehat bounty hunters.
when i found the trojans on the activist computers in west virginia around 2013, they were modified forms of a chinese trojan used for credit card theft, that didn't appear to be publically documented. i'd never investigated a trojan much before.
yup, this too clouds the attribution effort - older code more widely disseminated, and thus harder to attribute.
i am reminded of the spy game, a "Wilderness of Mirrors", it applies to digital attacks as well...
best regards,
participants (3)
-
coderman -
Karl -
Punk-BatSoup-Stasi 2.0