Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- In 2005 a red team DHS information technology conference is held at Sandia National Laboratories in New Mexico. On the agenda are topics such as :
- How To Optimally Interdict a Belligerent Project to Develop a Nuclear Weapon (STUXNET, FLAME),
- Speaker : Prof Gerald Brown
- Operations Research Department
- Naval Post Graduate School
- Other Topics :
- Anatomy of a real SCADA attack (Tornado Sirens?)
- Mission/Capability: Control Systems Security and Test Center (CSSTC)
- Mission/Capability: Sandia Center for SCADA Security
- Army Penetration Testing and Exploitation program: Certification and
- Attack Environment & Tools and as an honorable mention...
- Project Looking Glass
- Beth Ahern
- Homeland Securities and Information Technologies Depart
- The Mitre Corporation
- http://www.sandia.gov/redteam2005/050324-redteam2005-notice3.pdf
- In 2007 The Mitre Corporation had another symposium :
- http://www.mors.org/UserFiles/file/meetings/07ti/christensen.pdf
- where the 'hacker threat' is discussed, more specifically "Our reliance on networks and
- information coupled with the
- “flattening” effect of networks,
- readily available attack tools,
- attack tool development kits, and
- knowledge gives each of these
- threat actors power
- disproportionate to their size and
- resources"
- Today
- – Motivation - money, political
- – Cast of thousands
- Capabilities range from unsophisticated to sophisticated
- – Unsophisticated (script kiddies) – can only use existing tools and exploits
- – Sophisticated - able to modify existing tools and code own exploits
- "TheGrifters was a members-only "carding" site that the FBI
- launched in December 2003. The goal of the site was to attract
- identity and bank thieves. It was the kind of site authorities called
- a "build it and they will come" site. And they did. By mid-2004 the
- site was crawling with thieves trafficking in fake IDs, stolen credit
- card numbers, card-embossing equipment and ATM skimmers
- that capture data on a debit card's magnetic stripe so criminals
- can encode it on blank cards and drain an account. TheGrifters
- was a successful crime hub in a crowded field, competing with
- other sites like Shadowcrew, CarderPlanet and DarkProfits to
- attract the biggest criminals"
- ("Authorities arrested him after he met up with an undercover FBI agent that posed as a “fellow carder.” Instead of receiving counterfeit credit cards, the hacker got a pair of shiny handcuffs.The FBI also seized ugnazi.com and the carders.org carding forum, believed to be founded by Islam.")
- "Jihadists Publish Cyber Security Magazine
- Posted Tuesday, November 28, 2006
- The first issue of what is indicated to be a periodic magazine,
- “Technical Mujahid”"
- "How Hizballah Hijacks the Internet
- Posted Tuesday, Aug. 08, 2006
- What do a small south Texas cable company, a suburban Virginia cable provider and Web-hosting
- servers in Delhi, Montreal, Brooklyn and New Jersey have in common"
- Just for shits and giggles, let's also throw in :
- http://www.fas.org/irp/congress/2004_hr/032504ellis.pdf
- as further examples of making use of irregular I/O cyber warfare units.
- Now on to the use of apps and other tools...
- http://blog.watchfire.com/wfblog/2011/11/through-the-looking-glass.html
- Describes a 'glass door' tool designed by Israeli programers for IBM Security. It's called APP SCAN.
- http://publibfp.boulder.ibm.com/epubs/pdf/i1186990.pdf
- This is it's quick start guide.
- http://blog.watchfire.com/wfblog/2012/07/announcing-xss-analyzer.html
- The description of a feature that automates exploit scanning.
- 'An exploit that works in one context may not work in another, so it is very important to get it absolutely right. We've classified about 1000 different unique contexts. Each context requires its own special handling, its own set of rules.
- Once reflection context has been established, XSS Analyzer moves on to find an exploit that is uniquely suited to this context.
- 2. Learning and Defeating Server Defenses'
- (“The hook code, by the way, can also be injected using XSS...")
- ftp://public.dhe.ibm.com/common/ssi/ecm/en/raw14252usen/RAW14252USEN.PDF
- Describes how a scan of everday use sites showed widespread issues which could allow malicious
- "hackers to perform attacks such as:
- ● Infect users of these sites with Malware and viruses.
- ● Hijack users’ web sessions and perform actions on their
- behalf.
- ● Perform Phishing attacks on users of these sites.
- ● Spoof web contents...
- ("The program is made of 12 “pretty nasty” modules with names such as Activate Device Microphone, Browse Target Filesystem, Hijack Current Facebook Session, and Seize Webcam")
- as a result of using
- third party JavaScript code such as:
- ● Marketing campaign JavaScript snippets.
- ● Flash embedding JavaScript snippets.
- ● Deep linking JavaScript libraries for Adobe® Flash and
- AJAX applications.
- ● Social networking JavaScript snippets."
- ("...any vulnerable 3rd party website, so the target doen’t even have to hit one of my ‘bait boxes’,”)
- Combine this tool with 'BEEF' and voila. Project Looking Glass is born. If I had to guess it's more from the Israeli's than J.
- It's especially interesting if you consider dpm.demdex.net, which is a cookie tracker, and that
- 'Demdex’s platform will be available through the Online Marketing Suite of tools, composed largely of website analytics and optimisation software acquired by Adobe via the takeover of Omniture in 2009.'
- I admit this part is a reach but here are the names of a few demdex servers : Tremor.demdex.net, monster.demdex.net, cam.demdex.net, etc. I suspect that these 'web analytic' services have been hijacked and are leaving little exploits for us 'marks' to 'stumble upon' so our anonymity will be a thing of the past. Just a hunch.
- ("Project Looking Glass has been running for months now, and not without success as we have seen. There’s nothing you can do about it, as you have no idea how many hook code snippets are out there, where they are or indeed whether or not you have already accidentally stumbled through the looking glass.” )
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement