information imbalance - The Rise of Plitical Doxing [ bonus points for contrast with AP! :]

intelemetry intelemetry at openmailbox.org
Sun Nov 1 12:14:27 PST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

My question here is regarding the covert exfil of the hack.

Check out somebody like darktrace: https://www.darktrace.com/

https://en.wikipedia.org/wiki/Network_Behavior_Anomaly_Detection

That egress would be a monumental NOC IDS trigger, especially for an
anomaly detection system. Have to imagine the database is big.
Especially if you do anomaly detection on the SIEM collecting things
like DNS, flow, etc.

Probably a pivot into the Oracle database. The coupling between
PeopleSoft and the backend is weird.

The question is whether this is everybody because agencies sponsor
clearance and may or may not partition their own records on the backend.

Something doesn't make sense here. If they can catch the white house
non-classified penetration with low traffic and no exfil the OPM hack
seems like it should have been detected easily. Moreover, there are
automatic kill-chains in a lot of this infrastructure:


== begin white house ==
http://www.nytimes.com/2015/04/26/us/russian-hackers-read-obamas-unclass
ified-emails-officials-say.html?_r=0

http://fortune.com/2015/04/07/russians-hacked-white-house/
== end white house ==


	http://www.lockheedmartin.com/us/what-we-do/information-technology/cybe
rsecurity/tradecraft/cyber-kill-chain.html

	http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-ki
ll-chain/a/d-id/1317542

I have to imagine they have a switch with inline and span analytics
and IDS/IPS, anomaly detection, and logging from multiple telemetry
sources. Grabbing that data from that network and running remotely
seems like a hefty attack without compromising the actual reporting
devices. Which has been done:

	http://www.phenoelit.org/stuff/CiscoInTheSkyWithDiamonds.pdf

	^^ virtual networking

It would be interesting to know how much is virtual networking out
there these days in the government.

- - intelemetry

oshwm:
> 
> 
> On 01/11/15 19:33, intelemetry wrote:
>> It proves peoplesoft is a piece of shit.
>> 
> 
> ha ha, I'm not sure government uses any corps that actually know
> what they're doing :D
> 
>> oshwm:
>> 
>> 
>>> On 01/11/15 18:17, intelemetry wrote:
>>>> Where is the OPM link in .7z format?
>>>> 
>> 
>>> Didn't Barrett Brown end up in Solitary Confinement for giving
>>> out links to data?
>> 
>>> As for the real question, my ethical argument still stands:-
>> 
>>> Those people in the OPM leak who were using personal resources
>>> to conduct government business got what they deserved
>>> (leaked).
>> 
>>> Those who were being honest and kept business dealing to the 
>>> appropriate and democratically accountable systems did not
>>> deserve their details to be leaked.
>> 
>>> Then there is another group who work to deceive the public and 
>>> preserve the state at any cost, those also deserve to be
>>> leaked (NSA, CIA, FBI etc etc).
>> 
>>> The hack on OPM also proves another thing that Governments (or 
>>> indeed anyone) should not create large databases of personal 
>>> information because they become huge and irresistable targets
>>> for crackers.
>> 
>> 
>>>> - intelemetry
>>>> 
>>>> oshwm:
>>>> 
>>>> 
>>>>> On 01/11/15 03:53, coderman wrote:
>>>>>> http://motherboard.vice.com/read/the-rise-of-political-doxing
>>>>>>
>>>>>>
>>>>>>
>>
>>>>>> 
Last week, CIA director John O. Brennan became the latest victim
>>>>>> of what's become a popular way to embarrass and harass
>>>>>> people on the internet. A hacker allegedly broke into his
>>>>>> AOL account and published emails and documents found
>>>>>> inside, many of them personal and sensitive.
>>>>>> 
>>>>>> It's called doxing—sometimes doxxing—from the word 
>>>>>> "documents." It emerged in the 1990s as a hacker revenge 
>>>>>> tactic, and has since been as a tool to harass and
>>>>>> intimidate people on the internet. Someone would threaten
>>>>>> a woman with physical harm, or try to incite others to
>>>>>> harm her, and publish her personal information as a way
>>>>>> of saying "I know a lot about you—like where you live and
>>>>>> work." Victims of doxing talk about the fear that this
>>>>>> tactic instills. It's very effective, by which I mean
>>>>>> that it's horrible.
>>>>>> 
>>>>>> Brennan's doxing was slightly different. Here, the
>>>>>> attacker had a more political motive. He wasn't out to
>>>>>> intimidate Brennan; he simply wanted to embarrass him.
>>>>>> His personal papers were dumped indiscriminately, fodder
>>>>>> for an eager press. This doxing was a political act, and
>>>>>> we're seeing this kind of thing more and more.
>>>>>> 
>>>>>> Lots of people will have to face the publication of
>>>>>> personal correspondence, documents, and information they
>>>>>> would rather be private
>>>>>> 
>>>>>> Last year, the government of North Korea allegedly did
>>>>>> this to Sony. Hackers the FBI believes were working for
>>>>>> North Korea broke into the company's networks, stole a
>>>>>> huge amount of corporate data, and published it. This
>>>>>> included unreleased movies, financial information,
>>>>>> company plans, and personal emails. The reputational
>>>>>> damage to the company was enormous; the company estimated
>>>>>> the cost at $41 million.
>>>>>> 
>>>>>> In July, hackers stole and published sensitive documents 
>>>>>> from the cyberweapons arms manufacturer Hacking Team.
>>>>>> That same month, different hackers did the same thing to
>>>>>> the infidelity website Ashley Madison. In 2014, hackers
>>>>>> broke into the iCloud accounts of over 100 celebrities
>>>>>> and published personal photographs, most containing some
>>>>>> nudity. In 2013, Edward Snowden doxed the NSA.
>>>>>> 
>>>>>> These aren't the first instances of politically
>>>>>> motivated doxing, but there's a clear trend. As people
>>>>>> realize what an effective attack this can be, and how an
>>>>>> individual can use the tactic to do considerable damage
>>>>>> to powerful people and institutions, we're going to see a
>>>>>> lot more of it.
>>>>>> 
>>>>>> On the internet, attack is easier than defense. We're
>>>>>> living in a world where a sufficiently skilled and
>>>>>> motivated attacker will circumvent network security. Even
>>>>>> worse, most internet security assumes it needs to defend
>>>>>> against an opportunistic attacker who will attack the
>>>>>> weakest network in order to get—for example—a pile of
>>>>>> credit card numbers. The notion of a targeted attacker,
>>>>>> who wants Sony or Ashley Madison or John Brennan because
>>>>>> of what they stand for, is still new. And it's even
>>>>>> harder to defend against.
>>>>>> 
>>>>>> What this means is that we're going to see more
>>>>>> political doxing in the future, against both people and
>>>>>> institutions. It's going to be a factor in elections.
>>>>>> It's going to be a factor in anti-corporate activism.
>>>>>> More people will find their personal information exposed
>>>>>> to the world: politicians, corporate executives,
>>>>>> celebrities, divisive and outspoken individuals.
>>>>>> 
>>>>>> Of course they won't all be doxed, but some of them
>>>>>> will. Some of them will be doxed directly, like Brennan.
>>>>>> Some of them will be inadvertent victims of a doxing
>>>>>> attack aimed at a company where their information is
>>>>>> stored, like those celebrities with iPhone accounts and
>>>>>> every customer of Ashley Madison. Regardless of the
>>>>>> method, lots of people will have to face the publication
>>>>>> of personal correspondence, documents, and information
>>>>>> they would rather be private.
>>>>>> 
>>>>>> In the end, doxing is a tactic that the powerless can 
>>>>>> effectively use against the powerful. It can be used for 
>>>>>> whistleblowing. It can be used as a vehicle for social 
>>>>>> change. And it can be used to embarrass, harass, and 
>>>>>> intimidate. Its popularity will rise and fall on this 
>>>>>> effectiveness, especially in a world where prosecuting
>>>>>> the doxers is so difficult.
>>>>>> 
>>>>>> There's no good solution for this right now. We all have
>>>>>> the right to privacy, and we should be free from doxing.
>>>>>> But we're not, and those of us who are in the public eye
>>>>>> have no choice but to rethink our online data shadows.
>>>>>> 
>>>> 
>>>>> Political figures in most countries have been using their 
>>>>> personal email accounts to conduct business 'under the
>>>>> radar' in order to avoid information being subject to
>>>>> oversight, most probably because its illegal,
>>>>> unconstitutional or at the very least not good for the
>>>>> image of governments.
>>>> 
>>>>> When they started to do this, they threw the book on ethics
>>>>> in the bin and opened themselves up to any abuse of their
>>>>> personal life that may happen.
>>>> 
>>>>> If people in power act properly in their professional
>>>>> dealings then their is an argument against d0xing their
>>>>> personal information but once they start to try to hide
>>>>> information then it's open season on every aspect of their
>>>>> life.
>>>> 
>>>> 
>>>> 
>> 
>> 
> 
-----BEGIN PGP SIGNATURE-----

iQGcBAEBCgAGBQJWNnKjAAoJEEN278Ja4tg+RRcL/2OjYhzQPR42GddWdgg5OJjn
EZ4BnXPug9wJlAjXpAufpF4dOX8EzYLtFbwdn6lcxJpxie6R2v6OBVHnU+dw8srW
0iKqUs2VT/zebBw+mt809od97pQz3MCPjbFgMrNGiPY1nOArQvzj7XanHF91QOcd
hKrrwmWkIR+hjMAErUgtw0an2RoXSW9hxSjQkKY1vt44TnGxBLWCOECQLtBm5+8D
fCK9T1vsl+6aqqOa8iEIHMQV8YEl/Q/P3XY3ilbwPtFDZdwKmAatRhvAMDRQkKn5
DGTdDURlSWUe/lt5iswQTPKMv2lf2FIqlAQpSgfNuVKN9fNdzPjhAbBwo2MmsSss
tNLiMLcI3CVKWLieVOIN674piVoscLZKaemYGYFU4l02iVpG9NphFbPrxIuwwxaZ
MCWeiMi/Llp7+cKqlkeFINOteYntswV/XAp1zw/v7cPZaIsFgwi62PKTNhDltuFE
oB1YSoV+X58a/Yjsv54/M5beMsNsjjLbkH95oqSzuw==
=Mz0p
-----END PGP SIGNATURE-----

More information about the cypherpunks mailing list