This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

Anatomy of a Twitter False Flag-Spam and Dox Attack

Recently an alarming number of Twitter users have been suspended for doing nothing wrong.  This originally started in April as reported by the conservative news site Human Events and has begun to recently spiral out of control beyond the realm of politics and simple account suspensions.

The original attack is quite simple - get enough Twitter users to report a user for spam...and the target user's account is suspended.  According to Human Events this attack was originally being used by left wing liberals to silence right wing conservatives for expressing their views.  While I will not get into the political issues of this and why this goes against freedom of speech...something I will mention is that a "defense network" is being built to help protect against these attacks.

Entropia - The Online Sweatshop Scam

It isn't often that I talk about video games on my blog.  However...I recently had an encounter with a pyramid scheme/scam so disappointing that I had to write about it.

At the suggestion of several online friends I recently started playing Entropia Universe.  For those who don't know this is a "Free to Play" MMORPG.  I use the term "Free to Play" rather loosely...as I believe the game should actually be termed "Free or Play".

The currency in the game "PED" has a direct conversion ratio to real US dollars: $1 = 10 PED.  You can earn PED in game by hunting animals or mining resources.  You can deposit real money to get started...or earn money in-game.

Sounds good right?  Too good to be true? A game that pays you to play?

Reaching out to the @EFF for assistance with DISA Gold Disk and UNIX SRR FOIA Request

Due to DISA's resistance for my request for a public copy of the DISA Gold Disk and UNIX SRR security evaluation tools I have reached out to the Electronic Frontiers Foundation for assistance with filing a Freedom of Information Act request.

I have already been informed by the DISA Office of General Counsel that this is a technical issue not a legal issue.

I hope that with their help I can acquire the following for DISA Gold Disk and UNIX SRR:
  • User Documentation
  • Binary Executables
  • Source Code
  • Developer Documentation
  • All other related documents
Stay tuned!

Do you enjoy my posts? Nominate me for a Shorty award!

Security isn't one of the Shorty Awards main categories...but that doesn't mean you can't nominate me for an award in it!

What are the Shorty Awards? From their website:
The Shorty Awards honor the best in social media; recognizing the people and organizations producing real-time short content across Twitter, Facebook, Tumblr, YouTube, Foursquare and the rest of the social web.
I strive to provide the best cyber security related content available.  If you appreciate the content I provide please head over to the Shorty Awards and cast your vote for me in #security.  This will help me to provide my content to an even broader audience and help promote security awareness!

Thank you!

  • Nominations open: January 7, 2013
  • Nominations close: February 10, 2013
  • Awards ceremony: April 8, 2013 in New York

If Anonymous is to Survive They Must Remove the Mask

Over the past couple years Anonymous has gone from a group of pranksters "doing it for the lulz" to a massive global collective of political activists and "hacktivists".

But there's trouble brewing for Anonymous.  As a group with "no membership roster" and no criteria for joining they have opened themselves up to infiltration. The flaw which will be Anonymous' downfall is that "anyone can be Anonymous."

Infiltration by who you might ask? For one...law enforcement agencies.  The best example of recent infiltration would be the cooperation of "Sabu" with the FBI.  His cooperation resulted in the arrest of multiple Anonymous members and should have served as a wakeup call to the rest of the group that they must reform or die.

But infiltration by law enforcement should be the least of Anonymous' worries.  It is beginning to come to light that Anonymous may be unwitting mules for terrorist organizations.  And let's not forget that the Mexican drug cartel "Zetas" were recently burned by Anonymous and swore revenge.  Anonymous members who had nothing to do with the confrontation with the Zetas may be subject to infiltration and revenge by the Zetas as "guilt by association."  Unlike law enforcement the Zetas don't really care about due process or burden of proof...and will simply snatch someone in the middle of the night and kill them.

So this is a message to any Anonymous members who will listen - if you want to survive you need to remove the mask.  Otherwise you will be led to your doom like lambs to the slaughter.  There are already leadership structures within Anonymous - everyone knows this.  Drop the Anonymous mask completely.  Start keeping membership rolls - and purge yourselves of the undesirables - especially terrorist organization members.  And finally - if you really want to make a difference stop the illegal activities, such as hacking or denial of service attacks.  You'll gain a lot more credibility if you start performing your political activism legally instead of through illegal means.

You can either be labeled as criminals, or heroes.  But not both.

DISA Gold Disk and SRR - The Lost Security Tools

UPDATE: My FOIA request was denied, and these tools will remain lost forever.  Details here.


Today I sent an email to DISA requesting a public copy of the Gold Disk and SRR tools.

For those unfamiliar with the tools, they used to be available from http://iase.disa.mil/stigs/index.html

However, the tools are now PKI protected and no longer accessible to the public.

According the DISA's web site these tools are unlicensed...putting them in the public domain.  Here is a description of both tools directly from DISA's website:

Security Readiness Review (SRRs) Scripts test products for STIG compliance. SRR Scripts are available for some operating systems and databases that have STIGs. The SRR scripts are unlicensed tools developed by the FSO and the use of these tools on products is completely at the user's own risk.

The DISA FSO Windows Gold disk tool provides an automated mechanism for compliance reporting and remediation to the Windows STIGs. The FSO Windows Gold Disks are an unlicensed tool developed by the FSO, the use of this tool is completely at the user's own risk. Currently, the Gold Disk supports Windows XP, Windows Vista, Windows 2003, Windows 2008 R1. There are no plans to develop Gold Disks for future technologies or products, FSO will utilize the SCAP standards for compliance reporting for Windows 7.
Hopefully they will provide the tools without any issue.  If not, my next step will be a FOIA request.  It is my hope that should they provide the tools, that someone may continue working on them for private sector use.

In the meantime...SCAP versions of all STIGs (DISA security guides) are publicly available:
http://iase.disa.mil/stigs/dod_purpose-tool/index.html

Anonymous and Steganography - Blindly Distributing Terrorist Messages?

As previously warned multiple times by Th3J35t3r and myself - Anonymous may be unwitting pawns in a much larger chess game.

While their public support of terrorist organizations is being dismissed with "anyone can claim to be Anonymous" their blind distribution of encrypted files containing information from outside entities may not even be known to the inner-most circles of the organization.

What encrypted files? One of the most common means of distributing Anonymous related information is through social media - especially through the distribution of image files.  Little known to many outside the security field is that images can be used to hide information through a process called Steganography.  For those not familiar with the topic here is an excellent whitepaper on how Steganography works as well as how to detect it.  I have started using the StegDetect program from Outguess.org and have found some interesting results.

I recently started analyzing several images being re-posted by the Twitter handle @YourAnonNews.  Out of 51 images analyzed I found two images which returned "positive" as having embedded data, as well as two additional images which generated errors during analysis (possibly obfuscated?).

The first picture with a positive hit was an internet meme of the TV show "Game of Thrones".