Infiltrated dot Net

Obama Authorized Catastrophic Cybergeddon - I Swear
Written by J. Oquendo   

"State Sponsored" the new rage. It is all hype [1] brought about by media, and authors who perform a horrible job of investigative reporting. Long ago in a galaxy far far far, before the Internet, journalists would take time performing investigative research on a subject prior to writing an article.

Nowdays because of the Internet, and everyone's rush to see information, right now, journalists seem to no longer double check anything. They simply take the words of so called "Subject Matter Experts" as gospel. Yet many of these SMEs have agendas whether one chooses to acknowledge this or not. What occurs is, we end up with SMEs yelling loud enough, and every other underclued reporter jumping on the bandwagon. This is why we see garbage with titles like: "Covert stealthy state sponsored malware likely to control the Mars Rover!"

Propaganda and targeted marketing isn't anything new but is increasingly becoming alarming. Let us go back about seven to eight years. The scenario, KSM was being waterboarded (tortured). The goal: Get information that linked Saddam to WMDs and Al Qaeda. Over and over he was tortured until he told people what they wanted to hear. [2,3] Even Senator John McCain knows the when being tortured: "a person will say anything he thinks his captors want to hear — true or false — if he believes it will relieve his suffering" [4]

 

ObamaGanda

(click image for definitive proof of Obama's cybersecurity threats)

 

Ask yourself, if someone in say a security company - let's say an AntiVirus or security conglomerate - where to say: "This software is the end of the world", why would he say this, and what does he have to gain? If you answered "money" pat yourself on the back.

Technology such as Flame(r) has been around for some time. Its called "Remote Desktop", "Daemonware", "VNC" amongst others. There isn't anything overtly complicated to do in order to create the similar outcome of Flame(r). In fact, I would hope that "state sponsored" agencies are smart enough to do so more covertly. After all, Flamer is an incredibly "visible" 20Mb, uses 4 different types of lowly substitution ciphers and is pretty noisy.

For anyone without experience in the security industry, as a proof of concept, I tinkered with this theory on Linux [5] and was able to create an pseudo undetectable backdoor/rootkit under 5k without even trying, taking about 1hr. Weeks ago, I created an application called Ransack which has the capabilities of obtaining the keys to a Unix based system in minutes. The application was under 5k. Modules? I could add a variety of them and still keep it under 10k while accomplishing the same objectives as Flame(r). I know I am not state sponsored and I know it didn't take me a team, money, access to anything out of the ordinary. Simple thinking, some cups of coffee and it was done.

How often individuals forget that many companies have their own "backdoors" with some being discovered: "admin backdoors for remote diagnosis", "forgotten accounts" it is really nothing new. Even Checkpoint Firewalls were once backdoored [5], AT&T was (likely still is) listening [6] and this list could go on and on. So what's all the fuss about?

Ask yourself logically outside of media hype: "State sponsored: Millions of dollars... Covert, backdoor, cyberwarfare..." Do you really think a government with staff on this type of "technical level" would create such a piece of bloat? With no fluidity behind it (4 different types of encryption all of which are horrible)?

"But its got signed certificates!" Really? I have analyzed financial malware and targeted threats where mere criminals with one tenth of a hundred percent of a "state sponsored" budget have managed to obtain stolen signed certificates to get around nuisances such as "driver signing" and AV warnings. Do you think any "state sponsored" technical "sniper" wouldn't think of these things when readying his crosshairs?

I wish people in the industry would use common sense as opposed to simple media hype. How many of those writing articles have the expertise to analyze Flame? If you said zero, pat yourself on the back. This same nonsense occurred when the world cried foul at the RSA compromise: "It was China!" said the experts. I analyzed the entire threat, placed it ON VIDEO to prove otherwise. [7] I just wish I had a McAfee/Symantec budget to get the word out. Remember, money makes the world go round, all this malware is and was about is money.

Google "ransomware" for the true reasoning on this software. Then you'll find the culprit. Or... Keep reading nonsense from those dishing out content at the speed of light who do zero fact checking to get you to visit their site. Your choice. Far be it juicier to see articles such as "Obama ordered the Cyber hit on Iran" versus "Crimeware gangs deploying ransomware on enemy machines." Would you like to bet which two titles would garner more traffic?

[1] http://www.infiltrated.net/index.php?option=com_content&view=article&id=48&It...
[2] http://archive.truthout.org/051509A?n
[3] http://emptywheel.firedoglake.com/2011/05/12/john-mccain-ksm-lied-under-tortu...
[4] http://www.washingtonpost.com/opinions/bin-ladens-death-and-the-debate-over-t...
[5] http://archives.neohapsis.com/archives/firewalls/2000-q4/2514.html
[6] http://www.wired.com/science/discoveries/news/2006/04/70619
[7] http://www.infiltrated.net/rsa-comp-analysis/