Spacerogue.net L0pht,@spacerog,Hacker News Network, @Stake, Tenable
THIS IS AN EXCERCISE
IN THINKING - AND - REALITY
Security can be defined as
the science of things that shouldn't happen.
"There's always a way in"
THIS IS REAL
You're only as secure as your least encrypted hop.
via Goldman "the #1 threat to the US electrical grid is squirrels." - John Inglis, Former
Deputy Director, NSA 7/9/15
Squirrel Steals GoPro, Shoots Video Game Worthy POV Run Through a Tree
HOW HACKING GOT STARTED
The Rise of the Underground Engineer By Larry
Lange
Hobbit, @Mudge and Yobie refer to it simply as "The Dinner.'' and six others
founded
the L0pht pretty much out of necessity in the
early
1990s. "Everybody had apartments or rooms, but the 'significant others' were complaining that there
were computers in the bathtub, software strewn all over the place and reams of computer paper all
over," Mudge relates. "So we decided if we all chipped in we could afford a loft space."
A Hacker's Tips for Overthrowing the Government
This 1995 photo is seriously like a Who's Who of the information security industry today. This was taken at Space Rogue's house.
"L0pht
also spread the word about security discoveries though the Hacker News Network, run by Space
Rogue" and they told the useless bastards in Congress all about it back in 1998. BUT NO ONE LISTENED and the American Government is
unprepared in 2015!!!
Mudge has a long history in the hacker and security communities. While a member of L0pht, he and his
L0pht
colleagues testified to federal lawmakers in 1998 that the group could bring down the internet in 30
minutes using a serious flaw that still exists.
MEET THE REAL PEOPLE
OUR REAL HEROS
WHO
CHANGE THE WORLD
Those who've worked in the federal IT sector have always suspected it, but now it's official with an academic study of federal government IT systems. The reason why federal IT is so bad and outdated is ...wait for it, wait for it... P O L I T I C S !!!
1998 - 2018 IT'S USELESS TO TRY AND EDUCATE THE GOVERNMENT SO THEY CAN MAKE BETTER INFORMED
DECISONS
2018 Thread by @dotMudge:
"So... I suppose it's time to share a bit. I have always worked to try to educate the government
so
they can make better informed decisions t […]"
L0pht 1998 - " The State of Computer Security"Where is it at? How it got that way? What can be done about it? Uploaded by Chris Wysopal
Space Rogue: A Security Rebel Turned Pen Tester June 13, 2018
Thomas and several L0pht colleagues made headlines again in May 2018 when they reunited on Capitol Hill. The reason for their reunion? The group wanted to talk to Congress about the progress of cybersecurity regulations. While the group didn't meet with representatives this time around — and their given names were openly discussed — there was still a serious reason for their reunion. Four of the original members returned to Capitol Hill to say that while security technology has improved, some things haven't changed. “Nearly all of what we said 20 years ago still holds true,” said Joe “Kingpin” Grand, another member of the L0pht group. “Yes, there have been improvements, but the general class of problems are the same.” For example, the same 1998 BGP flaws were used in the MEWKit phishing attack in May 2018. “We have better visibility into our network endpoints, if we choose to gather it, and can make educated decisions about where to apply our limited resources,” Thomas testified. “Strong encryption is more prevalent, but we aren't evenly applying the knowledge of how to make something secure.”
Known as Kingpin, Grand was part of the hacker collective L0pht -- named after the group's loft in Boston's South End.
The underground security researchers tested the limits of technology and cyberspace, and promoted responsible disclosure. The group, including Grand, warned a Senate Governmental Affairs Committee in 1998 that hardware and software linked by networks and the internet posed a serious security threat that was hard to solve and would only get worse. The members of L0pht joined with venture capitalists to form @stake, a security firm that was acquired by Symantec in 2004. Along the way, Grand earned a bachelor of science in electrical engineering from Boston University. Since 2005, Grand has taught a two-day course at Black Hat: Hands-on Hardware Hacking.
"You don't need to be a hardware engineer to exploit these devices anymore -- you can be an operating system-level hacker because there's an operating system in there too. Joe Grand founder, Grand Idea Studio"
Study documents why Federal IT is so
outdated :
A ComputerWorld article reviews a recent study And the study itself (by Min-Seok Pang, assistant professor at the Fox School of Business
at
Temple University) can be downloaded from the Social Science Research Network, A related GAO report was released in May 2016. Many former federal
programmers, now 70+ years old and retired, called back in to keep antiquated mainframes running the
old
Cobal programs.
1998
Hackers Testifying at the United States Senate, May 19, 1998 (L0pht Heavy Industries)
Your computers, they told the panel of senators in May 1998, are not safe — not the software,
not
the hardware, not the networks that link them together.
The companies that build these things don't care, the hackers continued, and they have no reason to care
because failure costs them nothing. And the federal government has neither the skill nor the will to do
anything about it.
Here is the original Washington Post article from 1998 that actually got us invited to
the Senate. "Into the Breach" ~ @spacerogue - FAQ
| 2016 | Linkedin
@dotMudge "Make a dent in the universe. Find something that needs improvement: go there, and fix things. If not you, then who? :)" known for L0pht, L0phtcrack, DARPA Cyber Fast Track, Testimony to the Senate VIDEO, CULT OF THE DEAD COW
MUDGE recieves ORDER OF THOR thank you for your service to the nation.
President Clinton outed Mudge's real name to the press.
2015 Peiter Zatko [ Mudge ] left his job at Google to explore ways to help U.S. government
make software more secure.
2016 Peiter Zatko and his wife Sarah Zatko deliver the - Cyber Independent Testing Lab grading tool
they were asked to develop to push software makers to improve their code. Now you know what you are
buying
and can avoid buying crap!!!
"Goodbye Google ATAP, it was a blast. The White House asked if I would kindly create a #CyberUL, so
here goes! — .mudge (@dotMudge) June 29, 2015"
"The new gig is not in the Whitehouse. Thanks for the encouragement. It's all very exciting! I'll
be
out of pocket as I move back east. — .mudge (@dotMudge) June 29, 2015"
The CyberUL, Zatko referred to a body that many security pros have wished existed for nearly two
decades,
one inspired in by Underwriters Laboratories, the
111-year-old company that tests products of all kinds for safety, but dedicated to cyber security. The
idea for a CyberUL was first proposed in 1999 by L0pht Heavy Industries, a hacker think tank based in
Cambridge, Mass., of which Zatko was a member.
Mudge says he's not upset about the prospect of lawyers finding joy in their scores. “We've been begging people to give a shit about security for a decade. …
2016 Mudge's interest in doing software security assessments dates back to a paper one of his L0pht
colleagues wrote in 1998 about such evaluations. The idea moved from theory to practice when L0pht
merged
with a security startup called @Stake and began developing an automated way to do static analysis of
code.
That method became the basis for what a company called VeraCode does today: assess software for
government
and corporate clients before they buy it.Mudge announced on Twitter last year that the White House had
asked him to create a cyber version of Underwriters Laboratories, praise poured in from around the
security community. He says the method their lab uses to evaluate software is based on one he taught NSA
hackers in the 1990s about how to find the softest targets on an adversary's network. (During his
run back
then with the famed hacker think tank L0pht Heavy Industries, Mudge and his L0pht
colleagues regularly provided advice to various parts of the government.)
Mudge and his wife, Sarah, a former NSA mathematician, have developed a first-of-its-kind method for testing and
scoring
the security of software — a method inspired partly by Underwriters
Laboratories,
that century-old entity responsible for the familiar circled UL seal that tells you your toaster and
hair
dryer have been tested for safety and won't burst into flames. Called the Cyber Independent Testing Lab,
the Zatkos' operation won't tell you if your software is literally incendiary, but it will give you a
way
to comparison-shop browsers, applications, and antivirus products according to how hardened they are
against attack. It may also push software makers to improve their code to avoid a low score and remain
competitive. The technique involves, in part, analyzing binary software files using algorithms created
by
Sarah to measure the security hygiene of code. During this sort of examination, known as “static
analysis”
because it involves looking at code without executing it, the lab is not looking for specific
vulnerabilities, but rather for signs that developers employed defensive coding methods to build armor
into their code. “There are applications out there that really do demonstrate good [security] hygiene …
and the vast majority are somewhere else on the continuum from moderate to atrocious,” Peiter Zatko
says.
“But the nice thing is that now you can actually see where the software package lives on that
continuum.”
Chris Wysopal, CTO of VeraCode and a former L0pht colleague of Mudge's, says clients
generally won't purchase software his company finds problematic until the software maker fixes the
problems, which he says is great for other buyers. “To me that's like actually finishing the job; we're
not just pointing out the problems but helping make better software,” he says. They're working
with Consumer Reports, another inspiration for the lab, to develop a way to use their data to evaluate
products the magazine tests. They've also had interest from AIG and other insurers who want to use the
data to do risk-assessments of companies seeking cyber insurance.
In 2015 A disaster foretold — and ignored
LOpht's warnings about the Internet drew notice but little action
The L0pht in Boston, where they hack. Standing, from left, are Brian Oblivion, Kingpin, Space
Rogue, their associate Meg A. Haquer and Weld Pond. Seated are, from left, Stefan Von
Nuemann, left, Mudge and Tan.
Chris Wysopal
@WeldPond Co-founder, CTO of Veracode. Former L0pht researcher, developer, and de-obfuscator.
Passionate about application security & security transparency. Boston, MA · veracode.com/blog/
"L0pht also spread the word about security discoveries though the Hacker News Network, run by Space Rogue"
No Patch For Incompetence: Our Cybersecurity Problem Has Nothing to Do With Cybersecurity there is no patch or security update for systematic, glaring incompetence. Put bluntly, the problem lies not in some esoteric computer science problem. Rather, it is a matter of continuously selecting for and rewarding incompetence. Heads have rolled in government for far lesser setbacks than the OPM hack, yet the administration evinces “confidence” in the woman that presided over the wholesale theft of millions of government workers' sensitive information. INSIDE THE OPM HACK
--
2015 "We have the same security problems," said Space Rogue, whose real name is Cris Thomas. “There's a lot more money involved. There's a lot more awareness. But the same problems are still there.”
2015 THIS IS REAL!
CIA, FBI And Much Of US Military Aren't Doing The Most Basic Things To Encrypt
Email
from the are-they-that-clueless? dept
DISA's explanation is “an unacceptable and technically inept answer,” and criticized the Pentagon for
not
taking security seriously and implementing STARTTLS. “I can't think of a single technical reason why
they
wouldn't use it,” he told Motherboard in a phone interview. “It's absurd.”
@spacerog - "Proud to have signed letter to president (as Space Rogue) urging a CISA veto.
2015 UGH OH! Government audit finds federal networks unprepared for cyberattacks These same useless bastards were warned in 1998.When Edward Snowden @Snowden finds out that his security clearance file was hacked, he sure is going to be upset!
Why the Fed Gov Sucks at Cyber Security
No regs require bug fixes All industries fail cybersecurity, Govt is the worst
The US government has no idea what it's doing when it comes to cybersecurity. Government ranks last in fixing software security holes!
10/20/16 Ex-NSA Contractor Stole at Least 500M Pages of Records and Secrets WAAAAAAY
MORE THAN SNOWDEN EVER DID.
former National Security Agency contractor amassed at least 500 million pages of government records,
including top-secret information about military operations, by stealing documents bit by bit over two
decades.The Justice Department outlines details of the probe, says it will likely charge Harold Martin
with additional crimes
Unsent letter from the suspect in 2007
"Well, for one thing, I've seen pretty much all your
tech secrets wrt [sic] regard to compusec [computer security].
Thanks. You made me a much better infosec [information security] practitioner. In exchange, well, I gave
you my time, and you failed to allow me to help you . . . You are missing most of the basics in security
practice, while hinking you are the best. It's the bread and butter stuff that will trip you up.
Trust me on this one. Seen it. . . . Dudes/Dudettes, I can't make this any plainer . . .
Listen up . . . 'They' are inside the perimeter. . .
I'll leave you with this: if you don't get obnoxious, obvious, and detrimental to my future, then I will
not bring you 'into the light', as it were. If you do, well, remember that you did it to
yourselves"[0] Limiting the damage disgruntled employees can cause must be very difficult.
Presumably
drastically reducing the amount of information any individual gets exposed to? [0]
http://online.wsj.com/public/resources/documents/nsa1019.pdf
2015 You're a 60 year old judge w/ no tech background. Read this paragraph. Do you know the gov is talking about hacking?
OPM hack
ALL Officials in Washington and throughout the world failed to forcefully address these problems as trouble spread across cyberspace, a vast new frontier of opportunity and lawlessness. Even today, many serious online intrusions exploit flaws in software first built in that era, such as Adobe Flash, Oracle's Java and Microsoft's Internet Explorer. Hacking Team Flash Zero Day Weaponized in Exploit Kits.
Hi, I'd like to buy data breach insurance. Yes? I store unencrypted, sensitive data on tens of millions of federal employees.. *click*
OPM hack may have affected 32 million government employees
REAL-TIME VISIBILITY INTO GLOBAL CYBER ATTACKS from the world's largest dedicated threat intelligence network
Obama's
Cyber Meltdown TOTAL FAIL
June 23, 2015 7:14 p.m. ET
If you thought Edward Snowden damaged U.S. security, evidence is building that the hack of federal
Office
of Personnel Management (OPM) files may be even worse.
When the Administration disclosed the OPM hack in early June, they said Chinese hackers had stolen the
personal information of up to four million current and former federal employees. The suspicion was that
this was another case of hackers (presumably sanctioned by China's government) stealing data to use in
identity theft and financial fraud. Which is bad enough.
Yet in recent days Obama officials have quietly acknowledged to Congress that the hack was far bigger,
and
far more devastating. It appears OPM was subject to two breaches of its system in mid-to-late 2014, and
the hackers appear to have made off with millions of security-clearance background check files.
These include reports on Americans who work for, did work for, or attempted to work for the
Administration, the military and intelligence agencies. They even include Congressional staffers who
left
government---since their files are also sent to OPM.
This means the Chinese now possess sensitive information on everyone from current cabinet officials to
U.S. spies. Background checks are specifically done to report personal histories that might put federal
employees at risk for blackmail. The Chinese now hold a blackmail instruction manual for millions of
targets.
These background checks are also a treasure trove of names, containing sensitive information on an
applicant's spouse, children, extended family, friends, neighbors, employers, landlords. Each of those
people is also now a target, and in ways they may not contemplate. In many instances the files contain
reports on applicants compiled by federal investigators, and thus may contain information that the
applicant isn't aware of.
Of particular concern are federal contractors and subcontractors, who rarely get the same security
training as federal employees, and in some scenarios don't even know for what agency they are working.
These employees are particularly ripe targets for highly sophisticated phishing emails that attempt to
elicit sensitive corporate or government information.
The volume of data also allows the Chinese to do what the intell pros call "exclusionary
analysis." We're told, for instance, that some highly sensitive agencies don't send their
background
checks to OPM. So imagine a scenario in which the Chinese look through the names of 30 State Department
employees in a U.S. embassy. Thanks to their hack, they've got information on 27 of them. The other
three
they can now assume are working, undercover, for a sensitive agency. Say, the CIA.
Or imagine a scenario in which the Chinese cross-match databases, running the names of hacked U.S.
officials against, say, hotel logs. They discover that four Americans on whom they have background data
all met at a hotel on a certain day in Cairo, along with a fifth American for whom they don't have data.
The point here is that China now has more than enough information to harass U.S. agents around the
world.
And not only Americans. Background checks require Americans to list their contacts with foreign
nationals.
So the Chinese may now have the names of thousands of dissidents and foreigners who have interacted with
the U.S. government. China's rogue allies would no doubt also like this list.
This is a failure of extraordinary proportions, yet even Congress doesn't know its extent. The
Administration is still refusing to say, even in classified briefings, which systems were compromised,
which files were taken, or how much data was at risk.
Way back in March 2014, OPM knew that Chinese hackers had accessed its system without having
downloaded files. So the agency was on notice as a target. It nonetheless failed to stop the
two subsequent successful breaches. If this were a private federal contractor that had lost sensitive
data, the Justice Department might be contemplating indictments.
Yet OPM director Katherine Archuleta (who finally resigned about a week later without ever
acknowledging accountability) and chief information officer Donna Seymour. Mr. Obama has
defended Ms. Archuleta, and the Administration is trying to change the subject by faulting Congress for
not passing a cybersecurity bill. But that legislation concerns information sharing between business and
government. It has nothing to do with OPM and the Administration's failure to protect
itself from cyber attack.
The amount of the costs is still unknown
OPM passing hack response costs to agencies
OPM to federal agencies: We got hacked, but you have to help pay for the response.
One of the article commenters said, "they take their cues from Congress: We Fucked up,
you're
going to pay."
After it failed to safeguard millions of files filled with sensitive personal information, the
government's personnel office is now telling other federal agencies they will be expected to cover the costs of responding to the massive computer breach. The cost of
addressing
the breach - which compromised security clearance files affecting 21.5 million federal workers, military
personnel and contractor employees - represents an unanticipated expense hitting late in the
government's
fiscal year, when agency budgets are especially tight. And agencies whose employees have been put at
risk
should expect to absorb even more costs in the future, according to a previously undisclosed memo from
the
Office of Personnel Management, whose systems were breached. In addition, agencies will have to help
fund
costs in 2016 and 2017.
OPM to agencies: Sorry we lost your employees' private data. Here's a bill for your share of
the
credit monitoring. Reading between the lines, OPM didn't have data breach insurance. Do all fed agencies self-insure for cyber?
Rick Farina talks about why the government sucks at cyber security.
6/22/15 The US Navy's warfare systems command just paid millions to stay on Windows
XP
The U.S. Navy is paying Microsoft millions of dollars to keep up to 100,000 computers afloat because it
has yet to transition away from Windows XP. The Space and Naval Warfare Systems Command, which runs the
Navy's communications and information networks, signed a US$9.1 million contract earlier this month for
continued access to security patches for Windows XP, Office 2003, Exchange 2003 and Windows Server 2003.
The entire contract could be worth up to $30.8 million and extend into 2017. The first three of those
products have been deemed obsolete by Microsoft, and Windows Server 2003 will reach its end of life on
July 14. As a result, Microsoft has stopped issuing free security updates but will continue to do so on
a
paid basis for customers like the Navy that are still using those products. The Navy began a transition
away from XP in 2013, but as of May this year it still had approximately 100,000 workstations running XP
or the other software. Approximately 10 percent of desktop PCs accessing websites using the StatCounter
traffic reporting service during the current month were running Windows XP, giving it a market share
just
above that of Apple's OS X. Data from Net Applications puts XP's current share at just over 14 percent.
Maybe OPM should tell us what China did NOT get!!
Hackers got FBI files as part of OPM breach
Suspected Chinese hackers breached FBI agents' personnel files as part of the broader attack on
the
federal government that has laid bare millions of people's data, Newsweek reported. Putting FBI agents'
data at risk could have national security implications; many investigate domestic terrorist plots and
foreign spies. It's still unclear exactly whose information has been pilfered following a massive
digital
siege on the Office of Personnel Management. Initially, the OPM said a hack had exposed 4.2 million
current and former executive branch employees. A week later, the personnel agency revealed a second
breach
of a security clearance database that contained the background check files of millions of military and
intelligence community. The FBI is part of the intelligence community. A widely reported estimate that
18
million people were affected by the second intrusion was disputed by OPM Director Katherine Archuleta on
Thursday, who said that number could rise even higher. It's not clear whether the reported FBI
infiltration was part of the first or second breach. As an intelligence community agency, it would make
sense it was part of the larger hack. But an unnamed FBI source told Newsweek the OPM notified him in
May
that his personnel file had been compromised, which was before the agency had started sending notices
about the second breach. The FBI has more than 35,000 employees. The ramifications of those
employees' info getting out could be “mind boggling,” the source told Newsweek, “because there are
counterintelligence implications, national security implications.”
Possible outcomes, from blackmail, to the unmasking of clandestine operatives, to a wholesale degradation of national security. The CIA "refused to have anything to do with the OPM and thus kept its own employees' information safe."
And if that doesn't scare you enough, this will:
"At the Nuclear Regulatory Commission, which regulates nuclear facilities, information about crucial components was left on unsecured network drives, and the agency lost track of laptops with critical data."
Hard to Sprint When You Have Two Broken Legs
You want to know why Hilary Clinton, former Secretaries of Defense, and numerous other government
staff run their own private mail servers? Most likely its because their work provided email DOESN'T
work.
Slow systems, tiny inbox quotas, inability to handle attachments, downtime, no crypto or crypto
incompatible with anyone else, these are just a few of the issues out there. And its not just email. I
have personally seen a government conference room system take 15-20 minutes to log in at the windows
login
prompt, due too poor IT practices. I was told that most of the time people resorted to paper hand outs
or
overhead projectors. Yeh like the ones you had in highschool in the 90s with the light bulbs and
transparencies.
It gets worse: hack of federal employee data likely included details about workers sex lives, crimes, drug problems
TECH COMPANY FINDS STOLEN GOVERNMENT LOG-INS ALL OVER WEB Company backed by #CIA's venture capital arm found logins and passwords for 47 govt agencies across internet. Recorded Future, a social media data mining firm backed by the CIA's venture capital arm, says in a report that login credentials for nearly every federal agency have been posted on open Internet sites for those who know where to look. At least 12 federal agencies reportedly don't require two-factor authentication to access their networks. Crazy.
IRS employees can use 'password' as a password? No wonder we get hacked. should use L0phtcrack
THE HACKING TEAM Italian surveillance tech company who is a Threat to the net
Organizations such as Hacking Team or Gamma International have developed the tools and
tactics needed to help oppressive governments, enabling them with the ability to track people no matter
their location or how they connected to the Web. [see ProxyHam]
Read this: The Hacking Team asked its customers to shut down operations, but according to one
of the leaked files, as part of Hacking Team's "crisis procedure," it could have killed their
operations remotely. The company, in fact, has "a backdoor" into every customer's software,
giving it ability to suspend it or shut it down -- something that even customers aren't told about. To
make matters worse, every copy of Hacking Team's Galileo software is watermarked, according to the
source,
which means Hacking Team, and now everyone with access to this data dump, can find out who operates it
and
who they're targeting with it. It's one thing to have dissatisfied customers. It's another to have
dissatisfied customers with death squads. I don't think the company is going to survive this. Over 1
million emails from spyware vendor Hacking Team published by wikileaks is
now hosting,in searchable format, entire email dump! Happy hunting!
105k$ for Flash Vuln +
PrivEsc.
Finally some real prices available ;) and from
Giancarlo Russo COO Hacking Team
Milan Singapore Washington DC
www.hackingteam.com
g.russo@hackingteam.com
mobile: +39 3288139385
phone: +39 02 29060603
Hacking Team orchestrated brazen BGP hack to hijack IPs it didn't own Hijacking was initiated after Italian Police lost control of infected machines.
Meet the Companies that Helped Hacking Team Sell Tools to Repressive Governments
Google sold #HackingTeam access to its mapping system
- AECOM, a Los Angeles-based multinational with $19 billion in revenue that has built surveillance systems for the Super Bowl
- Cyberpoint International, another American firm headquartered in Baltimore, also became a Hacking Team “partner,” selling its software to the United Arab Emirates.The company was granted a special export license by the US State Department to develop defensive cybersecurity. Its chief strategy officer, Paul Kurtz, is also the chairman of a cybersecurity center at New York University's campus in Abu Dhabi.
- NICE Systems, an Israeli surveillance company run by a former Israeli intelligence officer.
- Robotec Corporation, handles much of Hacking Team's sales in Latin America.
- Hacking Team's Capabilities
The Federal Government Hypocrisy
Our government demands accountability from others but offers little itself.
The Office of Personnel Management (OPM) have exposed tens of millions of people's most sensitive information. The Government Accountability Office has never fired anyone ever over security breaches.
THE IRONY
The US NSA, UK GCHQ, Chinese govt, Russian govt, etc., are totally thrilled by this OPM hack, because
incidents like these provide the political fuel for far greater govt control over the Internet.
Intelligence agencies all over the world, from any and all sides, gain power when govts move in to
better
"protect" their citizens from spies very like themselves. The fact that the U.S. govt is
criminally negligent w.r.t. not protecting its employees own private data will be completely lost in all
of the hand-wringing. The press has not been holding politicians' feet to the fire on this issue,
either.
Hackers Stole Secrets of U.S. Government Workers' Sex Lives. 24 Jun 2015 Infidelity. Sexual fetishes.
Drug
abuse. Crushing debt. They;re the most intimate secrets of U.S. government workers. And now they;re in
the
hands of foreign hackers. It was already being described as the worst hack of the U.S. government in
history. And it just got much worse. A senior U.S. official has confirmed that foreign hackers
compromised
the intimate personal details of an untold number of government workers. Likely included in the hackers'
haul: information about workers' sexual partners, drug and alcohol abuse, debts, gambling compulsions,
marital troubles, and any criminal activity.
HOW MUCH MONEY DO THE BAD GUYS MAKE? Some hackers [wrong language should actually say crackers] make more than $80,000 a month — here's how.
ETHICS Public Institutions, Agencies Weakening the trust of the public.
TEACH K-12 SCHOOLS HOW TO BECOME A HAM RADIO OPERATOR
Do you know a Ham Radio Operator? Cause when the net goes down - we all go down and the only thing left will be the ham radio which will continue to work.
SECURITY SOLUTION
LEARN HOW HAM RADIO OPERATORS CAN SAVE US
All K12 Schools should have a ham radio in the office and someone who knows how to use it.
- Become a Lifeguard
- Guard our Airwaves
- YOU can save lives
- Emergency Communication http://www.arrl.org
This is real ...
Enron: The Smartest Guys in the Room Full Movie (Documentary) AKA Evil Corp.
Enron dives from the seventh largest US company to bankruptcy in less than a year in this tale told
chronologically. The emphasis is on human drama, from suicide to 20,000 people sacked: the personalities
of Ken Lay (with Falwellesque rectitude), Jeff Skilling (he of big ideas), Lou Pai (gone with $250 M),
and
Andy Fastow (the dark prince) dominate. Along the way, we watch Enron game California's deregulated
electricity market, get a free pass from Arthur Andersen (which okays the dubious mark-to-market
accounting), use greed to manipulate banks and brokerages (Merrill Lynch fires the analyst who questions
Enron's rise), and hear from both Presidents Bush what great guys these are.
The New Enron: CEO William Reed - Castleton is the new model of commodity trading
Reed, 49, who started in the business as a junior trader of natural gas and electricity for
Enron
Corp. in the 1990s, put Castleton's money to work buying power plants in Texas, coal
terminals
in Kentucky, oil storage tanks in Shanghai and natural-gas wells in Colorado. He capped off the
dealmaking
with Project Horizon: the codename for the acquisition of Morgan Stanley's oil-trading business.
Tapes reveal Enron's secret role in California's power blackouts Enron shut down at least one power plant on false pretences, deliberately aggravating California's crippling 2001 blackouts with the aim of raising prices. The tapes also show that Enron, whose bankruptcy three years ago was the biggest corporate scandal of recent times, manipulated energy markets in Canada and was planning to rig the Californian market even before deregulation in 1998, for which the Texan corporation actively campaigned. The most damning revelations concern Enron's secret role in creating artificial power shortages in California, helping to trigger an energy crisis in 2000 and 2001 which cost residents billions of dollars in surcharges.
MR ROBOT
Movies and TV shows do a bad job of showing anything that "crackers or hackers" really do.
MR. ROBOT
background story
Enter the TV world of hackers.
"USA's Mr. Robot" is just a Hollywood TV show, where there is a long tradition of portraying hacking horribly, horribly wrong SO THEY ARE SHOWING YOU THE REAL THING NOW!
DOES SUFFERING FROM LONLINESS HAVE ANYTHING TO
DO
WITH THIS?
Loneliness sets off a warning system that alerts us of damage to our 'social bodies', lead researcher Dr
Abraham Palmer explained in the study published on September 15 by Neuropsychopharmacology. And that's
what we mean by "genetic predisposition to loneliness" - we want to know why, genetically
speaking, one person is more likely than another to feel lonely, even in the same situation.' The study
is not the first to try to find a biological link to loneliness.
The researchers also determined that loneliness tends to be co-inherited with neuroticism - a long-term
negative emotional state - and depression. Weaker evidence suggested links between heritable loneliness
and schizophrenia, bipolar disorder and major depressive disorder.
Dr Palmer and team are now working to find a genetic predictor - a specific genetic variation that would
allow researchers to gain additional insights into the molecular mechanisms that influence loneliness.
- How the Real Hackers Behind Mr. Robot Get It So Right
- The Unusually Accurate Portrait of Hacking on USA's Mr. Robot
- 'Mr. Robot' may be fiction, but its hacking plots are all too real
- The Unusually Accurate Portrait of Hacking on USA's Mr. Robot
#Fsociety - The Ethics of Hactivism: a Political agenda that distrusts corporate
structure.
see SOVERIGN immunity in
the United States
Sometimes you have to "Out Monster the Monster"
Motication can be money, ideology, ego, revenge, or coersion.
Example: 2016 Ghost Squad Hackers Just Leaked Personal
Data of US Military Officials and it's Legit
The final release for #OpSilence Army database leaked, your empire ran by banks will fall US GOV. You
must view these leaks in Tor Browser we are not jeopardizing our freedom. https://archive.is/s6dlh
Example: Notice Of Proposed Rulemaking. SUMMARY
The Secretary proposes to amend the regulations governing the William D. Ford Federal Direct Loan
(Direct
Loan) Program to establish a new Federal standard and a process for determining whether a borrower has a
defense to repayment on a loan based on an act or omission of a school. We propose to also amend the
Direct Loan Program regulations by prohibiting participating schools from using certain contractual
provisions regarding dispute resolution processes, such as mandatory pre-dispute arbitration agreements
or
class action waivers, and to require certain notifications and disclosures by schools regarding their
use
of arbitration. We propose to also amend the Direct Loan Program regulations to codify our current
policy
regarding the impact that discharges have on the 150 percent Direct Subsidized Loan Limit. We also
propose
to amend the Student Assistance General Provisions regulations to revise the financial responsibility
standards and add disclosure requirements for schools. Finally, we propose to amend the discharge
provisions in the Federal Perkins Loan (Perkins Loan), Direct Loan, Federal Family Education Loan
(FFEL),
and Teacher Education Assistance for College and Higher Education (TEACH) Grant programs.
Are you a 1 or a 0
Follow @marcwrogers @KorAdana @ryankaz42 @wearefsociety
@dotMudge @thedarktangent @fmkaplan @lancejssc @russellbrandom JΞSTΞR ✪
ΔCTUAL @th3j35t3r
Chris Wysopal @WeldPond Oct 8
https://twitter.com/WeldPond/
Understanding the hacker culture that inspired Mr.
Robot
Former Hacktivist Gregg Housh makes a cameo appearance in Episode One Season Two - House of Cards asks Gregg for advice with tech. Anonymous hacktivist starts online Rebel News service.
YOU ARE EITHER A 1 or a 0
DA3M0NS.MP4 is the theme of reality, the daemons are running underneath the surface and drive our actions.
| grep root
.root/fsociety00.dat
connect to freenode IRC
YOU ARE NOT ALONE
where you will find a base64 encoded string.
https://www.base64decode.org/
I sincerely believe that banking establishments are more dangerous than standing armies, and that the principle of spending money to be paid by posterity, under the name of funding, is but swindling futurity on a large scale. - Thomas Jefferson
t.startCursor("MzkzMzUzNTM5NTMzMzk1Mzc5OTUzNzMzMzM1MzUzOTM1Mw==") is what controls the speed
of
the cursor clicking, this can be converted into ASCII, 3933535395333953799537333353539353. 3 is a dot
“.”
5 separate letters ” ” 7 represent a space for morse “/” and 9 is a dash “-”
3933535395333953799537333353539353
.-.. . .- ...- ./-- ./.... . .-. . == LEAVE ME HERE
Mr. Robot eps2.3logic-b0mb.hc - the security review
Marc Rogers Ramblings of a Mad English Hacker: Hacker behind BBC's The Real Hustle & USA's Mr Robot. Head of SecOps for DEF CON. Head of Infosec for CloudFlare.
Andre McGregor, a consultant who formerly worked in the FBI's cyber division said his advice extended beyond helping the show's writers understand how the FBI and law enforcement agencies investigate cyber intrusions and conduct interviews.
TEACH K-12 SCHOOLS HOW TO BECOME A HAM RADIO OPERATOR
Do you know a Ham Radio Operator? Cause when the net goes down - we all go down and the only thing left will be the ham radio which will continue to work.
Sam Esmail created Mr. Robot and said the
"E" in Evil Corp is "totally the Enron logo."
Enron: Ultimate agent of the American
empire
Money to get power, power to protect money.
How do you Backdoor a Repository? Backdooring GIT
What Is the Surprisingly Commercial Android “Backdoor” Depicted In Mr. Robot?
FlexiSPY (this is real)
In the “Debug” (“eps1.2_d3bug.mkv”) episode of the awesome Mr. Robot TV series, Tyrell Wellick, the
show's
antagonist so far, is shown installing a backdoor on a lover's phone in order to steal corporate
secrets.
The target is in the shower and his phone is unattended — Tyrell only has a few minutes to install his
spyware. The installation sequence shows granting root privileges to the backdoor app named “System
Update” — apparently, Flexispy's “safe name”, on the Android phone. The root privilege is granted by an
access management tool called SuperSU. Then, SuperSU's icon is hidden by the spyware so that the unsuspecting
target wouldn't realize that his phone had been tampered with. After the process is done, the phone
looks
absolutely clean and untampered. This kind of attention to details is what makes an awesome show!
The Social-Engineer Toolkit (SET) v6.5 “Mr Robot” released! (this is real) The
codename
is in celebration of the TV show Mr Robot featuring SET last night! eps1.4_3xpl0its.wmv - Fsociety attempts to penetrate Steel Mountain the most
secure
data ...
This version incorporates a new HTA web attack vector (thanks Justin Elze aka ginger) for sharing the
attack vector with me. This attack allows you to clone a website and inject an HTA file which
compromises
the system.
Video below of the attack:
"Social Engineer" This is Real
TEEN WHO HACKED CIA DIRECTOR'S EMAIL TELLS HOW HE DID IT
“[W]e told them we work for Verizon and we have a customer on scheduled callback,” he told WIRED. The
caller told Verizon that he was unable to access Verizon's customer database on his own because “our
tools
were down.” After providing the Verizon employee with a fabricated employee Vcode—a unique code the he
says Verizon assigns employees—they got the information they were seeking. This included Brennan's
account
number, his four-digit PIN, the backup mobile number on the account, Brennan's AOL email address and the
last four digits on his bank card. “[A]fter getting that info, we called AOL and said we were locked out
of our AOL account,” he said. “They asked security questions like the last 4 on [the bank] card and we
got
that from Verizon so we told them that and they reset the password.” AOL also asked for the name and
phone
number associated with the account, all of which the hackers had obtained from Verizon. On October 12,
they gained access to Brennan's email account, where they read several dozen emails, some of them that
Brennan had forwarded from his government work address and that contained attachments. The hacker
provided
WIRED with both Brenann's AOL address and the White House work address used to forward email to that
account.
HERE ARE THE REAL TOOLS OF MR. ROBOT
(THIS IS REAL)
Threatbutt Internet Hacking Attack Attribution
Map
We can empathize with a guy or a gal like Elliot the lonely socially awkward person in Mr. Robot. They're just trying to be normal but they aren't. It's an ancient character archetype that's been around for a long time, and applies to the nerdy hacker mold.
This is Real - Nmap, IRC, Linux boxes, Kali LInux, Wget, Shellshock and , John the
Ripper, Canbus, AVAST anti-virus, btscanner, Bluesniff, Meterpreter Metasploit Framework, Social
Engineer
Toolkit (SET), researching LinkedIn for social engineering attacks. The great thing about all these open
source tools is there are lots of tutorials and documentation available.
'Mr. Robot'
creator on the evils of Facebook and hackers in Hollywood
HAX YOUR FAX this is all cell site data, triangulating the phone's location based on the strength of the signal from nearby cell towers, the data isn't accurate enough to place someone at the scene of the crime. It's completely useless on the vertical axis, so even if you've found the building, it's anyone's guess what floor it's coming from.
City police are pretty good at finding phones. If they get a call that presents an immediate danger of
death or bodily injury, they can get fast-track help from the phone company by claiming "exigent
circumstances." Generally a fax, a phone call and some verifiable personal details are
enough
to get you all the information the phone company has. The
whole "exigent circumstances" system runs on faxes.
All Elliot has to do is fake a fax. He reinstalls the firmware on a printer / scanner, which lets him
edit
the fax's metadata to make it seem like it's coming from the police station. Then he calls in and does a
little light social engineering to close the deal.
Calls with blocked Caller ID data can still be found because it's the phone company that's stripping
that
data out in the first place, so they still have a record of where each call came from. It's different if
you actively spoof the Caller ID, as in swatting attacks.
"Swatting," or making false emergency calls to get law enforcement dispatched to a location,
has
entered the popular lexicon. Swatting usually describes someone targeting an individual's home, not a
public institution. Swatting is not a schoolboy prank, it's a federal crime.
15 Second Password Hack,
Mr. Robot Style - Hak5 2101
Aug 31, 2016 Pilfering Passwords with the USB Rubber Ducky
Can you social engineer your target into plugging in a USB drive? How about distracting 'em for the
briefest of moments? 15 seconds of physical access and a USB Rubber Ducky is all it takes to swipe
passwords from an unattended PC. In honor of the USB Rubber Ducky appearance on a recent episode of Mr
Robot, we're recreating this hollywood hack and showing how easy it is to deploy malware and exfiltrate
data using this Hak5 tool.
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org