If Anonymous is to Survive They Must Remove the Mask

Over the past couple years Anonymous has gone from a group of pranksters "doing it for the lulz" to a massive global collective of political activists and "hacktivists".

But there's trouble brewing for Anonymous.  As a group with "no membership roster" and no criteria for joining they have opened themselves up to infiltration. The flaw which will be Anonymous' downfall is that "anyone can be Anonymous."

Infiltration by who you might ask? For one...law enforcement agencies.  The best example of recent infiltration would be the cooperation of "Sabu" with the FBI.  His cooperation resulted in the arrest of multiple Anonymous members and should have served as a wakeup call to the rest of the group that they must reform or die.

But infiltration by law enforcement should be the least of Anonymous' worries.  It is beginning to come to light that Anonymous may be unwitting mules for terrorist organizations.  And let's not forget that the Mexican drug cartel "Zetas" were recently burned by Anonymous and swore revenge.  Anonymous members who had nothing to do with the confrontation with the Zetas may be subject to infiltration and revenge by the Zetas as "guilt by association."  Unlike law enforcement the Zetas don't really care about due process or burden of proof...and will simply snatch someone in the middle of the night and kill them.

So this is a message to any Anonymous members who will listen - if you want to survive you need to remove the mask.  Otherwise you will be led to your doom like lambs to the slaughter.  There are already leadership structures within Anonymous - everyone knows this.  Drop the Anonymous mask completely.  Start keeping membership rolls - and purge yourselves of the undesirables - especially terrorist organization members.  And finally - if you really want to make a difference stop the illegal activities, such as hacking or denial of service attacks.  You'll gain a lot more credibility if you start performing your political activism legally instead of through illegal means.

You can either be labeled as criminals, or heroes.  But not both.

DISA Gold Disk and SRR - The Lost Security Tools

UPDATE: My FOIA request was denied, and these tools will remain lost forever.  Details here.


Today I sent an email to DISA requesting a public copy of the Gold Disk and SRR tools.

For those unfamiliar with the tools, they used to be available from http://iase.disa.mil/stigs/index.html

However, the tools are now PKI protected and no longer accessible to the public.

According the DISA's web site these tools are unlicensed...putting them in the public domain.  Here is a description of both tools directly from DISA's website:

Security Readiness Review (SRRs) Scripts test products for STIG compliance. SRR Scripts are available for some operating systems and databases that have STIGs. The SRR scripts are unlicensed tools developed by the FSO and the use of these tools on products is completely at the user's own risk.

The DISA FSO Windows Gold disk tool provides an automated mechanism for compliance reporting and remediation to the Windows STIGs. The FSO Windows Gold Disks are an unlicensed tool developed by the FSO, the use of this tool is completely at the user's own risk. Currently, the Gold Disk supports Windows XP, Windows Vista, Windows 2003, Windows 2008 R1. There are no plans to develop Gold Disks for future technologies or products, FSO will utilize the SCAP standards for compliance reporting for Windows 7.

Hopefully they will provide the tools without any issue.  If not, my next step will be a FOIA request.  It is my hope that should they provide the tools, that someone may continue working on them for private sector use.

In the meantime...SCAP versions of all STIGs (DISA security guides) are publicly available:
http://iase.disa.mil/stigs/dod_purpose-tool/index.html

Anonymous and Steganography - Blindly Distributing Terrorist Messages?

As previously warned multiple times by Th3J35t3r and myself - Anonymous may be unwitting pawns in a much larger chess game.

While their public support of terrorist organizations is being dismissed with "anyone can claim to be Anonymous" their blind distribution of encrypted files containing information from outside entities may not even be known to the inner-most circles of the organization.

What encrypted files? One of the most common means of distributing Anonymous related information is through social media - especially through the distribution of image files.  Little known to many outside the security field is that images can be used to hide information through a process called Steganography.  For those not familiar with the topic here is an excellent whitepaper on how Steganography works as well as how to detect it.  I have started using the StegDetect program from Outguess.org and have found some interesting results.

I recently started analyzing several images being re-posted by the Twitter handle @YourAnonNews.  Out of 51 images analyzed I found two images which returned "positive" as having embedded data, as well as two additional images which generated errors during analysis (possibly obfuscated?).

The first picture with a positive hit was an internet meme of the TV show "Game of Thrones".