[Dailydave] Roots Ownership ?

Dave Aitel dave at immunityinc.com
Mon Sep 10 12:54:11 EDT 2012 

Which reminds me - I had a post on Shamoon scheduled up and I might as
well dump it here.

I've read some of the analysis of it, and I think the story is a bit
more interesting (depending on your perspective) than the one people
appear to be writing about in theNew York Times
<http://www.nytimes.com/2012/08/27/technology/saudi-oil-producers-computers-restored-after-cyber-attack.html?_r=1>
and various other places
<http://www.securelist.com/en/blog/208193786/Shamoon_the_Wiper_Copycats_at_Work>.
Of course, the Pastebin sources for comments from the hackers in
question (your unmask.py may come in handy here) are as follows:

  * http://pastebin.com/HqAgaQRj
  * http://pastebin.com/tztnRLQG

And there's this "reckless" claim
<http://www.huffingtonpost.com/2012/09/07/debora-plunkett-nsa_n_1866208.html?utm_hp_ref=technology>,
which may or may not be related.

I think it's clear that the Iranian nation-state team is == "Cutting
Sword of Justice". It doesn't take a Palantir-loaded analyst super-hero
to see that they are sending the message of "you attack our oil
industry, and we will attack yours". They've stopped short of doing
anything that would actually damage operations at Saudi Aramco, because
that's a red line, but they've demonstrated capability, which is all you
need for the "mutual" part of "mutually assured disruption".

In any case, it's not "hacktivism" although it may be the shape of
future hacktivism. If you're studying cyber-war the way you probably
should be if you're in this industry, this is what it looks like for
now. The interesting corollary is that not only do you have to extend
your information security umbrella over your own private industry
<http://www.businessweek.com/news/2012-09-08/obama-weighs-executive-order-to-defend-against-cyber-attacks>,
you have to extend it over your allies as well...:>

-dave




On 9/5/12 6:38 PM, DarkPassenger wrote:
>  - Begin unsigned&friendly message , no 0day attached guaranteed -
>
> Sleepless dders ,
>
> take a look at the following list . first part is Public name of Root servers "managers" and the second part is osint-ed or -possibly- biased analysis of the "ownership" of that entity . Please offer your take as someone who is into "offense" and "infiltration" .  
>
>
> VeriSign, Inc -> runs most of the basic internet , in contract with U.S govt + FMR shadow , one of the wealthiest Jewish families with ties to D.C from 40's to now and history of Familial cult dedicated to praising Israeli ideas
>
> University of Southern California (ISI) -> Deep ties with In-Q-Tel -> CIA
>
> Cogent Communications - > Israeli Group
>  
> University of Maryland -> CIA is the biggest employer of grads , in bed with NSA and contractor of In-Q-Tel -> CIA
>
> NASA (Ames Research Center) -> U.S Govt
>
> US Department of Defence (NIC) -> U.S Govt
>
> US Army (Research Lab) -> U.S Gov
>
> Netnod -> in bed with various Western Govt or defense including DISA in addition to complying with Swedish SIGINT FRA and intelligence service SAPO maintaing primary services to NATO's intelligence services , including but not limited to "Stay Beyond" entities -> Western Blackops
>
> RIPE NCC -> complying Netherlands police , contracting Netherlands intelligence services , some employees have worked for CERT , answers to U.S govt Commerce
>  
> ICANN -> element of U.S Govt Commerce
>
> WIDE Project -> funded by Japanese Imperial Family , some members have worked in Hitachi Nuclear industries owned by Japanese Loyal family and the major Nuclear power utilities and waste exporter to U.S , contracting U.S defense contractors 
>
> - End unsigned&friendly message - 
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave


-- 
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120910/fb8ad7e7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 264 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120910/fb8ad7e7/attachment.sig>

More information about the Dailydave mailing list