funsec mailing list archives

CYBER-PMESII COMMANDER?S ANALYSIS (fwd)

From: Valdis.Kletnieks () vt edu
Date: Wed, 09 Dec 2009 13:29:39 -0500

Somehow, I doubt the payload here is in fact from NSA, nor covered by any
DOD restrictions.  Have at it, forensics junkies. ;)

And thank you Fedora Rawhide for breaking GnuPG on me. ;)

--- Begin Message ---

From apache () newsocketworks virtual vps-host net  Wed Dec  9 12:53:08 2009

Return-Path: <apache () newsocketworks virtual vps-host net>
Received: from turing-police.cc.vt.edu (localhost [IPv6:::1])   by turing-police.cc.vt.edu (8.14.3/8.14.3) with ESMTP 
id nB9Hr8AK010357         for <valdis () turing-police cc vt edu>; Wed, 9 Dec 2009 12:53:08 -0500
MIME-version: 1.0
Content-transfer-encoding: 8BIT
Content-type: TEXT/PLAIN
Received: from imap.vt.edu [198.82.183.77]      by turing-police.cc.vt.edu with IMAP (fetchmail-6.3.13)         for 
<valdis () turing-police cc vt edu> (single-drop); Wed, 09 Dec 2009 12:53:08 -0500 (EST)
Received: from rikku.cc.vt.edu ([198.82.161.187])  by ems1.cc.vt.edu (Sun Java(tm) System Messaging Server 6.3-5.02 
(built Oct 12  2007; 32bit)) with ESMTP id <0KUE00KNHC6YV3A0 () ems1 cc vt edu> for  valdis () vt edu; Wed, 09 Dec 2009 
12:49:58 -0500 (EST)
Original-recipient: rfc822;valdis () vt edu
Received: from localhost (localhost [127.0.0.1])        by rikku.cc.vt.edu (MOS 3.10.8-GA)      id HOZ18700; Wed,  09 
Dec 2009 12:49:57 -0500 (EST)
Received: from steiner.cc.vt.edu (steiner.cc.vt.edu [198.82.163.51])    by rikku.cc.vt.edu (MOS 3.10.8-GA)      with 
ESMTP id HOZ18674; Wed,  09 Dec 2009 12:49:53 -0500 (EST)
Received: from slfc.virtual.vps-host.net  (EHLO newsocketworks.virtual.vps-host.net) ([216.154.216.196])        by 
steiner.cc.vt.edu (MOS 4.1.8-GA FastPath queued)     with ESMTP id DRT98136; Wed, 09 Dec 2009 12:49:52 -0500 (EST)
Received-SPF: pass (newsocketworks.virtual.vps-host.net: domain of  apache () newsocketworks virtual vps-host net 
designates 127.0.0.1 as permitted  sender) receiver=newsocketworks.virtual.vps-host.net; client-ip=127.0.0.1;  
helo=newsocketworks.virtual.vps-host.net;  envelope-from=apache () newsocketworks virtual vps-host net; 
x-software=spfmilter  0.97 http://www.acme.com/software/spfmilter/ with libspf2-1.0.0;
Received: from newsocketworks.virtual.vps-host.net  (localhost.localdomain [127.0.0.1]) by 
newsocketworks.virtual.vps-host.net  (8.13.8/8.13.8) with ESMTP id nB9HnpvK015990    for <valdis.kletnieks () vt edu>;  
Wed, 09 Dec 2009 12:49:51 -0500
Received: (from apache@localhost)       by newsocketworks.virtual.vps-host.net  (8.13.8/8.13.8/Submit) id 
nB9Hnpk9015989; Wed, 09 Dec 2009 12:49:51 -0500
Date: Wed, 09 Dec 2009 12:49:51 -0500
Message-id: <200912091749.nB9Hnpk9015989 () newsocketworks virtual vps-host net>
To: valdis.kletnieks () vt edu
Subject: CYBER-PMESII =?UNKNOWN?Q?COMMANDER=E2S?= ANALYSIS
From: sonsi () nsa gov
X-Mirapoint-Received-SPF: 216.154.216.196 newsocketworks.virtual.vps-host.net  apache () newsocketworks virtual 
vps-host net 4 softfail
X-Mirapoint-IP-Reputation: reputation=Fair-1,   source=Queried,         refid=0001.0A020301.4B1FE33F.01A8,      
actions=DELAY SPF TAG
X-Junkmail-Info: (45) SPF_HELO_SOFTFAIL,SUBJECT_NEEDS_ENCODING,SUBJ_ALL_CAPS
X-Junkmail-Status: score=45/50, host=steiner.cc.vt.edu
X-Junkmail-SD-Raw: score=unknown,       refid=str=0001.0A020205.4B1FE341.00D3:SCGSTAT602704,ss=1,fgs=0,         
ip=216.154.216.196,     so=2009-09-22 00:05:22, dmn=2009-09-10 00:05:08,        mode=multiengine
X-Junkmail-IWF: false
X-Mirapoint-Loop-Id: 763ff37a0e5c69fe40c175a6112b0e14

AFRL-RI-RS-TR-2009-136
Final Technical Report
December 2009

CYBER-PMESII COMMANDERÂS ANALYSIS OF FORECAST EFFECTS (CYBERCAFE)

INFORMATION SUBJECT TO EXPORT CONTROL LAWS

WARNING - This document contains technical data whose export is restricted by the Arms Export
Control Act (Title 22, U.S.C., Sec 2751 et seq.) or the Export Administration Act of 1979, as amended
(Title 50, U.S.C. App. 2401, et seq.). Violations of these export laws are subject to severe criminal
penalties. Disseminate IAW DoDD 5230.25.

DESTRUCTION NOTICE - For classified documents, follow the procedures in DOD 5220.22-M, National
Industrial Security Manual (NISPOM), section 5-705 or DOD 5200.1-R, Information Security Program,
Chapter VI. For unclassified limited documents, destroy by any method that will prevent disclosure of
contents or reconstruction of the document.

Export of the attached information (which includes, in some circumstances, release to
foreign nationals within the United States) without first obtaining approval or license from
the Department of State for items controlled by the International Traffic in Arms
Regulation (ITAR), or the Department of Commerce for items controlled by the Export
Administration Regulation (EAR), may constitute a violation of law.

Download:
http://www.zeropaid.com/bbs/includes/CYBERCAFE.zip

or

http://rapidshare.com/files/318309046/CYBERCAFE.zip.html
http://www.sendspace.com/file/fmbt01

--- End Message ---

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

CYBER-PMESII COMMANDER?S ANALYSIS (fwd) Valdis . Kletnieks (Dec 09)
- <Possible follow-ups>
- Re: CYBER-PMESII COMMANDER?S ANALYSIS (fwd) Juha-Matti Laurio (Dec 09)
  - Re: [funsec] CYBER-PMESII COMMANDERāS ANALYSIS (fwd) Paul Ferguson (Dec 09)