No trust without independent control

  • MORGEN AFSCHEIDSINTERVIEW in de Financieel Economische Tijd van Belsec

    ik ging geen afscheid nemen zonder nog 1 keer te overlopen wat de afgelopen 10 jaar via Belsec werd uitgevoerd en al dan niet verwezenlijkt of aangepakt en wat de belangrijkste strijdpunten zijn en blijven.

    Zonder statuut of bescherming van securityresearchers zelfs als bloggers is het de laatste maanden steeds moeilijker geworden om zonder kleerscheuren dit soort activiteit te blijven voortdoen. Na 10 jaar inzet werd het dan ook tijd om dit soort stress en risico's aan me te laten voorbijgaan. 

    De Financieel Economische Tijd van morgen. 

    hopelijk iets dat de discussie zal kunnen voeden 

     

  • #charlie It is easy to declare that you have to defend the absolute right of publication

    It is easy to say that and to look like the big defender of press freedom and the freedom of speech but it is another thing to do it and to withstand the pressure, threats and insinuations 

    I cried for the people of Charlie Hebdo, a paper I have known and loved and with which we grew up and even if we didn't read it or didn't always agree with it we were happy to see that it was still there 

    The editor - who was the main target - said he didn't care what happened to him because he didn't have a mortgage, money or a family to care for. He just lived for his paper and his work and thoughts and those of others. This gave him an enormous freedom and you see by the reactions of other papers and press agencies that not everybody has that freedom or that courage. 

    So after ten years in which we several times had professional threats, lawyers and were just walking on a rope between two buildings without a safety net, being confronted with a psychological operation against me because some-one out there thought that this was the way to get to my sources. 

    And even than as a blogger I was not protected as journalists are against lawsuits, as a security-activists I had only the relationships of trust and confidence with the different people I was working with but there was no formal statue or procedure, I was totally on my own 

    All those years, we just kept going, sometimes retreating to protect ourselves or our sources (because people are always more important thatn 'causes') or myself. 

    I thought that I had to be more afraid of amateurs than of professionals because you never know what they want to do next and how they are going to try to execute it. The attack on Charlie Hebdo is clearly the work of amateurs that were maybe well trained in the military execution of a firefight but not in the preparation of an operation. 

    So the closing down of this blog and more specificially the Belsec operations and .be monitoring and the actions with the cert, privacycommission and other institutions is a virtual death which is so little compared to the carnage in Paris. 

    So the question is not  how can we find the attackers, keep Charlie Hebdo going and protect our official media against such attacks, but how can we extend the rights of investigation and publication in all the media platforms - officially recognized or not. 

  • belsec is closed but from now to than some information will be published on this blog

    http://observing.skynetblogs.be/

    this is NOT an infosecurityblog it is a security-risk-war blog of which infosecurity is only a small part (and not even necessarily important)

    we are NOT watching the Belgian internet for leaks and vulnerabilities anymore, this is the job of the state and the state has to do its work as it has to

    this is just some observations, links and informations I share while I am reading

    and this only because i am so bored reading the belgian press - sorry guys (but I know you don't have the resources and space you need to make reading belgian press more interesting)

    have patience with closing down this blog and service

    and moving over to the other one

  • important things happening next week

    if you are in belgium and interested about belgian infosecurity we are closing with a bang and if you thought that the presentations on tv and radio and in the press were a bang

    await the final exclusive interview about 10 years of fighting for a more secure belgian internet

    gloves are off

    the archives will be coming online in the coming weeks

    all this work will be finished by the end of january - stay on this blog

    we have stopped

    monitoring pastebin for belgian leaks

    monitoring zone-h for belgian hacks

    monitoring securityreports for belgian insecurity or compromised sites

    monitoring the belgian web with googledorks for insecurity and unresponsable datacollection

    we will just be reading and analyzing and thinking and having fun

    stay tuned

  • we can't leave without mentioning this - Rex Mundi republished thousands of Belgian data on TOR

    we can't publish the link due to harrassment by lawyers of Mensura but you can find it easily if you are a little webwise (which shows how stupid these lawyers are)

    it also shows what I have said on tv - once on the web always somewhere on the web

    so the banks, paypal and others should have taken already all the dispositions to protect the people

    new are the old ones of buyway.be (you know that nobody is responsable for overseeing the security and their financial balances of online creditcompanies in Belgium - NO ONE)

  • We are closing down for always....... update 21 12 (this post will be updated)

    update 21/12

    1. my sources will stay online and may stay updated

    the netvibes are a few hundred RSS feeds

    the diigo are a nearly 200.000 links of which we will be liberating a few thousand that will be liberated in the coming days - they were private awaiting treatment

    the lists with leaks and insecure belgium are a nice list of leaked data and insecure belgium sites that were hacked or are hackable - if you like to read than you should look at the list documents

    the torguide is one of the best around

    the twitterlist of leaks and other sources are a nice collection to start with

    in January we will close down the following older blogs  insecure.skynetblogs.be, scams.skynetblogs.be be-hacked.skynetblogs.be -  we will place here the links to the pdf archives and others

    2. I thank everybody for the support and I thank those who have enough trust in me to understand that I have always been truthful and that the only way to work with sources and contacts is by being totally open about your intentions and the information you have and I won't change that

    3. in january I will help with some of the biggest breakthroughs in the fight for privacy in Belgium of the latest 10 years. But not in the limelight

    4. meanwhile we are sliding to 2015 and we can only hope that it may only become better because it can't get worse with cybersecurity in Belgium than has been 2014

     

    -------------------------------

    Some people have been playing a trick on me and my family

    this is not worth it

    you don't play with my family

    after ten years, I have done enough

    I have also a life

    and other priorities 

    It is for the state to invest and to do its work

    not me and surely not against my family 

    bye

    and a happy 2015

    I am not coming back. Not this time

    ------------------------------------------------------------------------------------------------------------------------

    just to make some things clear

    * I never hacked, I don't know hackers and I am not Rex Mundi, never was and I don't know who he is

    * I am open for new opportunities or possibilities to work for a safer internet or network somewhere - only serious offers this time - but this blog will not be updated again but we will update through this post about the clean-up actions and what we will make or not make available

    * I am available for other freelance work

     

  • Russian missile exercise (against what) in Kalingrad (next to Germany)

    what is the scenario they are doing all those exercises for ?

    situation getting more nervous and dangerous in that region every week

  • #copyrigth defenders want to take on dns providers to take down sites (back to IP numbers than)

    when I started on the internet I had lists with IP numbers of servers on a page

    dns and domainnames only came later

    the copyrightholders want to go back to that

    they want to marginalize copyrightinfringing sites like that

    but it can bring down one of the most essential parts of the internet as we know it today

    "The MPAA’s legal argument centers on the claim that DNS records are working as an index or directory rather than simply routing data. If that argument holds, then the DNS links could be vulnerable to the same takedown notices used to strike torrent links from Google searches. The net effect would be similar to site-blocking, making it as easy to unplug a URL as it is to take down a YouTube video. It would also cast DNS providers as legally responsible for all the sites on the web, the same way YouTube is responsible for every video uploaded to its network. For many providers, simply managing the flood of notices might create a logistical nightmare.
    http://www.theverge.com/2014/12/16/7401769/the-mpaa-wants-to-strike-at-dns-records-piracy-sopa-leaked-documents

  • #ukraine will decide the balance of geostrategic military power in Europe

    why Russia thinks it can bully its borderstates militarily

    CSTO Military Data Chart

    into becoming a member of their socalled security alliance

    Russia Military Alliance Map

    in which you see why Ukraine is the missing domino as are uzbekistan, Georgia and azerajan

    while trying to keep them from joining NATO

    NATO's Expanding Membership Map

    and also here you will that the whole geopolitical map changes when Ukraine joins NATO or is linked to it

    because if you are linked to it, you are linked to the US and the US has the biggest military machine (even if it doesn't want to use it so massively as it did several times)

    and you don't have to be afraid anymore of all those Russian troops at your border because there is a much greater and better shield once they begin to understand that that is necessary to keep the peace - even a cold war peace

    and luckily Putin is doing is utter best the last year to convince even the most outspoken defenders of appeasement that it won't work and that Putin is clearly looking for a fight somewhere - the only question is where and when

  • apple and other online ecommerce sites are shutting down payment in Rubles or to Russia

    source http://www.theverge.com/2014/12/16/7403535/apple-halts-online-sales-to-russia-as-the-ruble-plunges-in-value

    it means that if this continues trust in anything Russian will be gone - this is the speed with which things can change - as we have seen in 2008 here during the financial crisis - wednesday you were still a major bank and on friday you were broke

  • now the US is building a new generation of nuclear submarines

    sorry guys if you are still living in dreamland but it is time the hard reality begins to settle in

    "I wish I was exaggerating, but I’m not. The Ohio Replacement Program was conceived to modernize the sea-based part of the nation’s nuclear force — the only part of that force that is certain to survive if Russia, China or some other major nuclear power launches a surprise attack in, say, 2050. The reason why is that the Navy’s ballistic-missile subs patrol silently beneath the surface of the world’s oceans, where enemies cannot find them; the Air Force’s bombers and silo-based missiles, on the other hand, are in known locations that can be easily targeted
    http://www.forbes.com/sites/lorenthompson/2014/12/15/super-sub-why-the-navys-next-boomer-is-the-most-important-program-in-the-pentagon-budget/

    An Ohio-class ballistic missile sub returns to base in Georgia after a routine deterrence mission.  The vessels must begin retiring in 2027, which means the Navy has barely a decade to design, develop and test a successor. (U.S. Navy photo by Mass Communication Specialist 1st Class Rex Nelson/Released)

  • canadian telecoms say government not to worry, surveillance backdoors become standard

    you don't need to put it into writing and even not in a law

    that functionality will be in all telecom technology quite soon - because it has been asked by so many not so telco's in not so democratic countries or where this has become standard practice since ever

    source http://www.michaelgeist.ca/2014/12/government-documents-reveal-canadian-telcos-envision-surveillance-ready-networks-2/

    from the technical documents (you can download withoiut becoming member) https://www.scribd.com/doc/250135436/Public-Safety-ATIP-Telecom-Equipment

    the technical information has been blackened so you can't know what these new standarts will be as each of the firms (and one of the heads of Huwai in Belgium told me personally) will say that officially these interception backdoors are NOT in their infrastructure

    Huwai is installed in the Belgacom and Telenet networks although some have serious questions about that

  • #anonymous hacks swedish governmental emails in revenge for piratebay takedown

    well, imagine the passwords of this kind of emailboxes being published on the web and nobody tries to take down the link and so everybody has access to these boxes

    this is but one publication but the same team published other leaks also in revenge

    and about the takedown

    the piratebay said that because they were using 12 virtual servers in 12 different locations it would be impossible to take them down ..... but this is the theory of virtualisation but in reality there is always a mother or a server that takes all the load while the rest just thinks that you will never try to take them down and that they will never need so much power (and keep down the costs)

    another thing is that if you work with domainnames than you have to control the dns server and the ip addresses to which they are linked but if you take down one ip address and it is not possible to add another one than you are cooked

    taking down infrastructure like this and TOR takes much more time but in the end you will take it down - except as with Wikileaks several years ago thousands of people start serving a copy on their own servers

    maybe this is a model for piratebay to follow

  • attack on pipeline is 6 years later attributed to cyberattack

    "Yesterday, Bloomberg News reported that hackers, likely from Russia, caused a 2008 explosion on the Baku-Tbilisi-Ceyhan (BTC) oil pipeline in Turkey. According to Bloomberg, the BTC pipeline attack “Opened [a] New Cyberwar Era,” two years before the Stuxnet worm derailed Iranian nuclear centrifuges. The report is significant because it moves back the timeline for alleged state-sponsored cyber attacks that caused destruction in the physical world. (I use “attack” throughout this post in the colloquial sense, without reference to whether an “attack” is an “armed attack” for purposes of international law.)

     

    But the pipeline explosion report also highlights another important issue. It took six years for the explosion to be publicly revealed as a cyber attack, and confusion about whether an incident is an accident or a cyber attack may be a common problem going forward. Although lot of attention focuses on cybersecurity attribution as a question of who carried out an intrusion, the BTC explosion exemplifies an analytically prior attribution question: what caused an incident, a cyber attack or a simple malfunction?http://justsecurity.org/18334/cyber-attribution-problems-not-who/

    and so if people get the right to respond immediately to such a cyberattack, the chance that they will be responding to the wrong country and are falling into a second trap is much bigger than anybody realises

    in the US there is even talk of responding with military attacks

  • #luxleaks the first whisthleblower arrested but he was not alone

    source http://www.icij.org/blog/2014/12/i-acted-conviction-pwc-whistleblower-speaks-out

    the article shows some interesting things.

    First it was said that these agreements were so secret that they were hardly communicated about in PWC but here we have some-one who had access to them in a database and was not implemented in setting them up becasue he was disgusted by them.

    Secondly he took them with him when he left the firm (like Snowden) but nobody checked what he did, what he knew and what he took with him, even if there were documents that were considered highly secret

    third he lost control over the documents and who got them and who did something with them just as Snowden lost control over his documents in which parts are going around the world

    fourth there are others and they are hunting them down, one after another and I only hope for them that those who have used the documents have found all the obvious and secret indicators that will facilitate their job (one stupid but efficient trick is to change a letter in each copy)

  • CIA terrorlist of psychological mindgames with music

    source http://theantimedia.org/playlist-used-by-the-cia-to-torture-detainees/

    I imagine listening to Sesame street for 18 hours every day makes you so mad you just want to get out of there

    Deicide: Fuck Your God

    Dope: Die MF Die, Take Your Best Shot

    Eminem: White America, Kim

    Barney & Friends: theme song

    Drowning Pool: Bodies

    Metallica: Enter Sandman

    Meow Mix: commercial jingle

    Janeane Garofalo/Ben Stiller: chapter from the Feel This Audiobook

    Sesame Street: theme song

    David Gray: Babylon

    AC/DC: Shoot to Thrill, Hell’s Bells

    Bee Gees: Stayin’ Alive

    Tupac: All Eyez On Me

    Christina Aguilera: Dirrty

    Neil Diamond: America

    Rage Against the Machine: unspecified songs

    Don McLean: American Pie

    Saliva: Click Click Boom

    Matchbox Twenty: Cold

    (hed)pe: Swan Dive

    Prince: Raspberry Beret

  • the demonstration in NY against police brutality (or the lack of punishment) in timelapse

    very interesting idea

    but they are not a million .....

    but in present days you don't need to be with millions to have an impact (you need to have the attention of the media - even for the wrong reasons)

     

  • germany doesn't has an answer yet to the latest growing extreme right movement

    source http://www.theguardian.com/world/2014/dec/15/dresden-police-pegida-germany-far-right

    it is easier if they are just plain nazi's and difficult if they have gone into deep undercover (of the simple people who are not nazi's but disturbed by ISIS and militant islamic priests and movements)

     

  • #shellshock if you haven't patched your qnap servers you will get hacked

    some cloudproviders have been hacked over the last days

    this is an alert, read more on the problem by following the link

    "Shellshock is far from "over", with many devices still not patched and out there ready for exploitation. One set of the devices receiving a lot of attention recently are QNAP disk storage systems. QNAP released a patch in early October, but applying the patch is not automatic and far from trivial for many users[1]. Our reader Erich submitted a link to an interesting Pastebin post with code commonly used in these scans [2]

     

    The attack targets a QNAP CGI script, "/cgi-bin/authLogin.cgi", a well known vector for Shellshock on QNAP devices [3]. This script is called during login, and reachable without authentication. The exploit is then used to launch a simple shell script that will download and execute a number of additional pieces of malware:
    https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secures+QNAP+Network+Storage+Devices/19061

    and this comment shows why automatic patching is so important

    "I have one of the affected units. In the firmware update section of the admin interface, the closest thing I can find for an auto-updater is a checkbox that reads, "Automatically check if a new version is available when logging into the NAS web administration interface." From there, you have to manually tell the system to update -- as far as I can tell, there is no option to automatically update the unit. And the manufacturer doesn't send out emails to notify users when there is an update.
    http://arstechnica.com/security/2014/12/worm-exploits-nasty-shellshock-bug-to-commandeer-network-storage-systems/