Full Disclosure mailing list archives
Cyberflexing: A response to Mark Seiden
From: n3td3v <xploitable () gmail com>
Date: Mon, 14 Apr 2008 17:57:59 +0100
I like what you say about a chinese IP space attacks or cyber crime might not be the chinese government or its people,but could as easily be another government who is carrying out cyber attacks and cyber crime and making all evidence point towards China. On the point of romanian teenagers, I don't think its right for you to mention age here, that really stuck out as a critical error of judgement you've made there. Age, should not be the issue here. you can get people of all ages creating a bot net for whatever purpose, and the profiteering seen in the scene nowadays, there is business incentive for bot nets to be developed too. Not only do we have individuals and groups in the hacker underground with reasons to create bot nets, we've now got the entry into the soup of the U.S Cyber Command and other governments entering into the political cyber space. So not only have you got the romanian teen theory of yours, we've now got the possibility of governments, including Russia, U.S and UK who may have a vested interests for cyber attacks, cyber crime and cyber espionage to point towards chinese IP space. And, just the same that the IP range is coming from China, the code is written in chinese and the money to buy a phishing domain was Chinese yuan, and the company the domain was registered at doesn't conclusively mean the attack is coming from the Chinese government or even its citizens. The government hackers, and state sponsored hacks by RU, US, UK all know to cover their tracks and have all bases covered to fool forensic analysts later on. Any good cyber attack is planned in the notion that you're working from the point of forensic analysis backwards, you don't plan your cyber attacks from the frontend to the back, well script kiddies and dumb hackers do. You work your attack from the back to the front. Backwards hacking I call it, or Microwaving. You cook your target from the inside outwards... in the attack mode, but in the planning stages, you must work back to front to avoid possible detection by your targets forensic team when they go into post-attack investigative mode. The target may be a government or corporation you're gathering intelligence from, or in the case of bot net, the cyber crime and profiteering or bandwidth data attack to take out key infrastructure of a government or corporation. Remember the U.S cyber command wants to destroy important data of its adversaries, so backups of important documents are an extra need to be needed for when the U.S cyber command gets underway. Russia is home to one of cyber crimes biggest bot net the Storm Worm and FSB (the russian secret service) is protecting the Russian Business Network owners from being arrested by western powers. If you really want to get bot net culture under control you must start with the biggest bot net of them all, and perhaps the most worrying of all bot bets, the government bot net or the state sponsored bot net who are capitalizing from the huge revenue globally to be made from cyber crime, which has been proved to be a bigger trade now than illegal drug trafficking and selling of those drugs in our towns and cities. The government's of our world have every reason to point their bot net's forensic outcome towards China, and to publish propaganda to the media to make the Chinese government and its citizens look like they are the number one cyber threat to the west, when most probably, the true source of attacks is coming from U.S, UK or Russia. I believe the number one cyber threat to the west is Russia, _but_ I believe the overall number one cyber threat to the internet and its well being at large is that of the United States Cyber Command and its shoulder to shoulder friends in the United Kingdom, who are likely to share the same cyber political agenda as far as breaking into things, attacking things, destroying data and other activities for the reason of the long term strategic interest of national security for both US/ UK. The national interest of US/UK won't necessary be the interest of the internet at large and its survival as a country-less global infrastructure for data exchange of government, e-commerce and civilian of economic, security and leisure. To conclude, the cyber threat from bot nets is no longer the teenager or the humble individual anymore, its moved on from that. The true threat now is from cyber command's of various countries who will do anything they can to attack back their adversaries, if they are attacked first, or if its in the national interest for a pre-emptive cyber strike. Not only is government sponsored or government based "attacks" the real threat now compared to the past when it was teen or adolescents, its now militaries and its intelligence agencies who are becoming the real problem on the internet, not the traditional adolescent in its bedroom or college computer lab causing mayhem, its now government cyber attacks, and government cyber crime is now the new threat of today. In your defense, the Estonia attack that everyone is getting worried about as a proof of concept attack for world governments to wake up and build cyber commands, turned out to of been carried out by a teen, who was charged for creating a bot net, but he could easily be a scapegoat plant for the Russian Business Network guys, who are widely blamed for the Estonia attack by people in the know. I'm not a government hacker for the UK, but I live in the UK as an unemployed student. I know what's going on and I have monitored the cyber security scene extensively for the last 9 years in many forms and formats. I started off as a script kid on Yahoo--then worked my way up, I currently run under my internet alias known to the security community as "n3td3v". I have been misreported by the media and others as a troll, this is not the case. I continue to receive criticism for my outspoken and rude behaviour, but in amongst that is true substance and cause in what I believe to be the way things are in the cyber security landscape and the way its developing towards 2010 and beyond. n3td3v currently runs a news group on Google groups with over 4000 members and climbing, however please remember n3td3v operates as an individual security researcher, there is no group of researchers working under the n3td3v tag, and the members of the news group are only the public at large who are not operated or controlled by me, it is a news group for sharing information, news articles and other commentry from around the world IP space. Mark Seiden is no stranger to n3td3v, he knows me better than most on the internet, he holds many n3td3v secrets and knows my true identity. We don't get on as common friends, but we have had e-mail exchange with one another and instant message exchange since my time researching in Yahoo as a member of the security community. Offering him enough money and he may give you key intelligence on n3td3v, however I know him better to respect my privacy, although him passing intelligence about me to certain government officials in the intelligence service is a real assumption for n3td3v---however this hasn't phased me since i'm a true whitehat who one day wants to work on a government level in cyber security. Mark Seiden is a high powered senior security consultant on a global scale agenda, he advises and contributes to the security of many government agencies and corporations around the world, His name is in the top cyber elite's as a true recommended security expert for many high level issues in the cyber world today. You can learn more, here http://www.cutter.com/meet-our-experts/seidenm.html This was in reply to Mark Seiden's "Cyberflexing" Blog post. http://blog.cutter.com/2008/01/17/cyberflexing-what-were-in-store-for-in-2008/ An IRC transcript between n3td3v and a former U.S Navy cyber security expert on the worries of the U.S cyber command and its upcoming impact on the security community. http://seclists.org/fulldisclosure/2008/Mar/0043.html To highlight, the security community will no longer post vulnerabilities to the mailing lists, when Af cyber based attacks, or suspicious cyber attacks on different countries start to be reported by our media and the security industry's businesses, especially if power infrastructure is affected and we in the security community start to personally suffer our quality of life due to unknown attackers who are largely believed to be connected with the establishment of the U.S cyber command. For instance, if the U.S suffer a cyber attack, and its blamed on X government or regime, are U.S hackers going to keep releasing vulnerabilities to mailing lists, helping that X government obtain further cyber ammo, or new technique/ research ideas. If the UK gets hit by a cyber attack and its largely believed to be the U.S cyber command, are U.K or the rest of the world going to continue to post vulnerabilities, cyber ammo, or or new technique/ research ideas to mailing lists? The answer is likely no, considering they won't want to help the United States learn of new hack techniques, its likely the uprise of U.S cyber command and a cyber war of real proportion would slow down, if not kill the vulnerability release scene on the world wide web and push the scene back underground into the dark ages before wide spread full-disclosure was around. If real case cyber attacks start to happen on big scale, that stops a country from operating as it should, and the everyday life of security researchers are disabled, or restricted because of national infrastructure attacks by an individual, a group, a government, then they aren't going to keep disclosing vulnerabilities to mailing lists to help the cyber terrorist or cyber military to aid them in any on-going attack, or help them gather ideas for later attacks after the intial attack. The government and its enemies will suffer from a lack of publically disclosed vulnerabilities by security researchers, meaning the government of whatever countries are going to have to be self sufficient with research, zero-day discovery, and vulnerability development, as in a time of cyber war, they won't have independent security researchers from the security community publishing new cutting edge cyber ammo to the mailing lists at large. If a government and its enemies think people aren't going to notice suspicious spectaculars connected with power outages then they need to re-work what their strategy for covering it up will be to the world's intelligence services and the security community at large. If the Af cyber command think they are going to start attacking things, destroying adversaries data and blacking out power grids of enemy states and that, that kind of thing won't be cloaked by everyone they have got to think again, because you've already declared you're planning on cyber war once your offensive command and its staff are trained and fully briefed and covert operation detail has been decided upon. The homepage of the upcoming U.S cyber command. http://www.afcyber.af.mil/ A blog entry report on the scapegoat for the Estonia attack. http://www.russophile.com/russia_blog/26159-one_russian_charged_estonia_bronze_soldier_denial_service_attack.html The attack on Estonia and its impact on the security industry is not fully known, although it was a landmark event for many cascading events, political decisions and business marketing plans and media news articles. It could be assumed the Estonia attack has benefited the United States agenda more than any other country, which the announcement of the Af cyber command was based around that attack, so there is room for speculation that there could have been underground deals with U.S, UK, Russia and Estonia for this cyber attack to take place as a pathway for a cyber war footing to mark the way for the Af cyber command and to get funding for such a command. My ending paragraph above cannot to proved and is unlikely to be, but it has to be mentioned at the end of this response, as the real beneficiaries of the Estonia cyber attack has been the United States and funding of the new cyber command. As noted by n3td3v previously, the security community and the security industry are two different things, the security industry is eager to use the Estonia attack to forward their business motives, and the government are eager to use it to politically capitalise. While the security community, a different species compared to the industry, keeps sitting, watching, analyzing and working out the truth between the propaganda lines spat out by our media and what's really going on between governments in the underworld. The security community is no fool to the security industry, we're aware of what's going on and we're not gullible to the propaganda being put infront of our computer screen and through media outlets and business messages. Yours, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cyberflexing: A response to Mark Seiden n3td3v (Apr 14)