- Page 2

  • #ukraine this is the hell of fire that Russians are preparing for Mariupol

    source http://euromaidanpress.com/2014/09/09/the-most-horrific-weapon-after-nuclear-weapons-what-brotherly-russia-uses-to-shell-ukraine-video/

    "Reports from the area of the Anti-Terrorist Operation, have repeatedly been mentioning the “Smerch” Multiple Rocket Launch System (MLRS) by Russian forces in Ukraine. In a report by Human Rights Watch on September 1, observers confirmed finding remnants of 300 mm Smerch rockets and cluster munitions delivered by 220 mm Uragan rockets.

    Currently, Ukrainian soldiers say Russian forces are setting up Smerch launch rocket systems in Novoazovsk and aiming them at the city of Mariupol, the capital of the Donetsk region"

    “This is the Smerch Multiple Rocket Launch System. The most horrific weapon on earth after nuclear weapons. Just in 40 seconds the Smerch can launch all of its 12 rockets. Its 300mm (11.8 inch)-diameter rockets can reach targets up to 90 km (56 miles) away and destroy everything alive in an area of 67 hectares (166 acres).

    “The Smerch was adopted by the Soviet Army back in 1987, but even now no [non-nuclear] weapon can equal its destructive power…”

    and another one


  • #ukraine urgent for #estonia and #moldavia to export all tyres dumps now

    so it appears that people are being trained and prepared to start movements and probably take-overs of buildings in both countries - this is what the rumours and some bits of information say

    well better now than too late

    what was the most important tool to defend their occupied buildings and block roads


    so get all dumps of tyres to burn the stuff (makes electricity) or export it far away

    otherwise you may see them here like these - remember them ?

  • #ukraine 38 million Ukranians have all their data on Russian social media

    the two biggest social networks that Ukranians use are Russians which means that all their data is on Russian servers and in Russian hands and falls under Russian laws and is now controlled by friends of Putin who have ousted directors who were too independent

    source http://globalvoicesonline.org/2014/09/01/ukraine-russia-social-networks-information-war/

  • #ukraine what will happen before or during the NATO exercise in Ukraine next week

    imagine that the Russians attack Mariupol this weekend saying that Ukr broke the truce - even if that is totally false

    imagine that the NATO troops are in Ukraine and that there is an attack on Mariupol or tension on the border with Transdistnr or whatever

    what will they do

    sit back and watch ?

    and what if a Russian missile is fired at NATO troops ?

    a week of tension because the least thing we can say about Putin is that he is predictable :)

  • #moldavia the third Russian front to expect soon ?

    information like this has been going around but is now more insisting and has to be linked to information about troop movements of the Russian Troops in Transdistnr

    source http://euromaidanpress.com/2014/09/09/ukraine-nsdc-russian-little-green-men-appeared-in-moldova/

  • #leaks if you have connections or business with Israel you will be attacked and leaked in #opisrael

    one example of an institution that has connections or relations with Israel and got hacked and leaked

  • #leak of #twitter accounts #passwords

    several series

    strange that their security department didn't see that

    but disabling activist accounts that can go quite fast nowadays

  • #ukraine every day Russia goes a little closer to Mariupol or prepares its attack

    meanwhile more than hundred new Russian tanks and artillery arrived in Rostock by Rail today and were transferred to trucks 

    a very good collection can be found here https://twitter.com/galandecZP especially of new transports during the truce.... no truce just an increased buildup

    actions like these are taking place very day truce or no truce

  • #ukraine Russian electronic warfare on the move to Ukraine now

    and you thought they wouldn't test their latest Tools and every tool they had to be sure that they could win this war when it started again - or you just don't think that this is just a pauze

  • #ukraine Russia plans to start a secession movement in Estonia again


    "During the 23 years of independence of Moscow has never renounced its territorial claims against neighboring Estonia. This is evidenced grown Russia "boil" under the name "Republic of Narva". This political project aimed at the destruction of the state of the Baltic countries, can be considered one of the Estonian Donbass, reports Espreso.TV .

    Founded by the Danes in the XIII century, the third largest city in Estonia - Narva is located on the "far east" of the country, in fact, on the border with Russia. On the contrary - the Russian Ivangorod, which was once a city with Narva ("Narva" translates as "dual city"). Today, between the two cities is the border, and communication is carried out over the international bridge "Friendship", in which commuter and tourist buses cross the interstate Russian-Estonian border

    Residents in Narva, there are about 70 thousand, and the vast majority are Russian, they are more than 90% of the total composition. TV stations in Narva also show mostly Russian.

    In Narva, only 46.7% of city residents are Estonian citizens, 36.3% have Russian passports. Another 15.3% have a "gray" passports, that is, not having Russian citizenship, and they are non-citizens of Estonia. So, the election shall be entitled to vote only half of the residents of Narva"

    and there is precedence to organize a referendum

    "In 1991 and 1993, the Estonian part Prinarovya with predominantly Russian population (Ida-Viru County) attempted proclamation "Prinarovskoi republic" (by analogy with Transnistria), but has not been created even territorial autonomy.

    Local authorities Estonian Prinarovya organized voting. Participated in the referendum, 74.2% of voters, 95.0% of whom voted for the preservation of the USSR."

  • hacking a botnet and make a dump of all the infected computers

    this is how it it should be done

    source http://siph0n.net/exploits.php?id=3528

  • the e-gate of the future at the airport with plenty of privacy problems


    source and more : http://leaksource.info/2014/09/08/e-gate-because-we-say-so/

  • #twitter is not an activist medium anymore but censors when governments ask

    "Twitter has a reputation as an open platform for expressing one's opinions. It's become a place for dissent and debate. It played a key role in the "Arab Spring" revolutions of the last couple of years.


    But last week, it agreed to censor a pro-Ukrainian Twitter feed in Russia. It also blocked a "blasphemous" account in Pakistan. It's not the first time Twitter has censored politically sensitive accounts. Now, it seems, Twitter's reputation as a platform for free speech is at risk.

    and this has nothing to do with spam, viruses or other normal illegal acts but with normal democratic free speech that is surpressed in certain countries

    by acting like that it in fact has become an instrument in the hands of the dictators and the autocrats even if for that it has to play a game of 'whack a mole'

  • the harkonnen operation : too good to be true

    300 business exécutives all over Europe were infected

    from 2002 onwards and nobody saw it

    300 shell companies were based in the UK to harvest the data

    the data was also about biological warfare and nuclear research


    somebody read too many spynovels and did a fast but wrong analysis and quickly confused adware with spyware and spyware with espionagewar and from there to targeted attacks

    and maybe the business exécutives were more attacked because they don't like the protections that the others have and nobody has the guts to impose them

    and maybe the business exécutives had access to these data but that doesn't mean that they lost that data

    except if there is real proof that the adware network was used for real cyberespionage

    this is another salestrick as we see more and more often

    especially when firms are in for clients or have to face a though quarter or an IPO

    meanwhile trust in reporting about cybersecurity got another foot in the mouth

    except if they come with real evidence

    they are LIARS LIARS LIARS

    show me the real evidence of shut up

  • it can be true but the proof given for the harkonnen operation is unbelievable (sales)CRAP for now

    this is the analysis based upon the pdf with the dangerous IP addresses linked to this cyberespionage operation

    and these are in fact known - just as all the other IP ranges to be known as spam and adware - which some of the domains in fact show (and yes the firm Consumer benefit is in the UK)

    and there are viruses on the domains but they are ADWARE

    "A couple of network blocks came to my attention after investigating some adware ntlanmbn.exe (VirusTotal report) and GFilterSvc.exe (report) both in C:WINDOWSSYSTEM32.

    The blocks are and

    and many of the URL's are clean by the way

    although some have some detection

    and than look at this file and you will see that it is about exactly the same operation


    so is it all crap because you have distributed your product in the three countries that you have said are touched

    because this proofs nothing of what you said

    but absolutely nothing

    I think it is about time that we begin to prosecute security firms who

    * scare markets and countries with false flag information

    * find datadumps and don't give them to the authorities but keep them for their own

    * find botnets and don't give the IP addresses to the certs concerned

  • why the Harkonnen operation reminds us of the executive low hanging fruit in any organisation

    This specific attack has proven to be just the tip of an international cybercrime iceberg. CYBERTINEL has since found records of ‘Harkonnen Operation’ on more than 300 additional organisations in Germany, Austria and Switzerland, targeting key executives

    try to explain to your CEO or topmanagment that they can't have access to those documents, that they can't install whatever they want on their computer or smartphone and that the material they get is totally locked down because they are prime targets

    if they are smart they ask for that kind of protection or if the firm is smart it is written in their contracts

    they should take it as part of the proof that they have become so important that their access to information has become so important to the organisation that they need the 'secret protection' of their hardware and access because they have become the prime targets for any group of specialised dedicated hackers

    this is the reason why they should be in permanent 'hardware lockdown' and 'full supervision' and 'full encryption'

    try to explain that to your big boss

    or try to keep him holding on to that without trying to bypass you or the system

  • why European intelligence should be worried about the Harkonnen Operation

    yep it is in the détails again

    if you sit down you read the following sentence aloud or to some-one else and look at your own or his or her reaction

    "In the past month, Cybertinel has been in touch with 300 current and former victims, who discovered digital clues indicating that the hackers stole sensitive documents — studies on biological warfare and nuclear physics, as well as plans for key (and top-secret) infrastructure, along with the “usual” bank account and credit card data.

    the first question is if one of the both kinds of documents may be a diversion and if those documents have been thrown away afterwards or not

    if it is a Financial operation they could have done the data-operations to set the investigators on the wrong foot, looking for state actors instead of the tradtional cybercrime operations

    if it is a spy operation than the Financial data may be a diversion to make the investigators and the press look for the typical cybercrime operations instead of the state operations

    you can also say that if it is a Russian or Chinese operation they may have needed those military or scientific documents to keep the state intelligence services happy so they could operate freely (as long as they didn't attack infrastructure in their own country of course)

    The first question for the intelligence agencies in Europe will now be to find the culprits and to dismantle or infiltrate the whole infrastructure or group. The second question will be to know what was lost or may be considered 'compromised' and what is the damage done. And one kind of analysis is what would happen if that information got into the hands of..... Knowing that this kind of information could also be 'put on the market'.

    The third question is why that information wasn't protected better ?

  • why the Harkonnen Operation wasn't discovered as an operation for 12 years

    "The Harkonnen attacks showed just how easy it is for hackers to pull off a scam, said Ben-Naim. “One of the secrets of their success was that they were in and out quickly, so even though they used the same infrastructure to attack companies, they only remained on a server for a few months.” In the case of their German client — a 30 year old corporation with over 300 employees — the hackers stayed on a little longer than usual, giving the company an opportunity to notice that something was amiss.


    “The fact that the attacks were relatively short and specifically directed at certain data, and that the Trojans were unsigned, all contributed to the failure by anyone to realize that a major organized attack was going on for such a long time,” he said. “’You can’t be too careful’ is a lesson I would take from this incident.”

    so when people talk about '800 victims' than we should remember that they weren't all victims at the same time but that at some time they were penetrated for some weeks or maximum months and than were left - and it is not clear if they cleaned up the proof afterwards which some attackers do (especially if they have also access to the logs and you don't have a protected 'no access' copy.

    but the method was traditional, one of the shell companies wrote an email with a link that was clicked upon by somebody which installed the trojan and that computer was used as the beachhead to get the documents and once the documents or data were found, they've stopped the operation and moved on to the next target

    and the trojan was not that complicated they say (before you start shouting about APT and complicated malware)

    By the way I hate all that APT and complicated malware stuff because the most complicated malware can be bought online for a several hundred Euro for the most complicated and permanently updated attacktools and secondly even the most simple attacktool now have incorporated some of those 'complicated' functions of the socalled Advanced malware

  • hackers used since 2002 a real spytactic to hide their hack of 300 european (financial) businesses and instutions

    In real espionage you set up a shell company and you make everything look as if it is legitimate - this is important because you don't alert any suspicion straight from the beginning

    these attackers spent an enormous lot of money - maybe the result of their first penetrations - to set up real companies on paper and get the paperwork done to look as if it is real. Remember this operation has been going on since 2002 and has only been discovered in august 2014 (so 300 companies and networks have a maximum of 12 years of penetration through a digital beachhead)

    other attackers are still too stupid to spend some cash on hiding themselves more professionally but this could change because if you could hide your operations for years by setting up shells - than the Return on Investment is really Worth it

    "Unusually for a targeted attack campaign, the group behind Harkonnen chose not to send the exfiltrated data to a hijacked domain, but instead spent $150,000 setting up legitimately registered companies with legitimate domains and certificates in the UK – making it much harder to detect.

    “If they would have hijacked legitimate hosts they would have risked detection much earlier, which would have put their entire attack business at risk,” explained Jonathan Gad of Cybertinel partner Elite Cyber Solutions.

    “Remember, technically, the infrastructure was completely real. You could look up the companies at Companies House, or the domains etc, and see a real entity with an address and phone number. These hackers were long-term serious hackers, so they made long-term serious investments which look like they paid off.”

    Gad told Infosecurity that the lack of checks made on companies registering domains in the UK helped the gang get away with their campaign for so long.

    For example, many of the 833 ‘companies’ were registered with the same physical address in Wakefield but with the same phone number, a German number.

    In addition many were closed a few months after opening but the certs were renewed annually.

    “It does seem that better checks could be done on company registration/cert buying etc to avoid this kind of scam. In other countries a range of additional checks are done when buying certs, so the UK could include some of these too,” Gad argued

    off course this makes any company in the UK now look suspicious if it doesn't have enough credentials already - and the UK is not the only one thinking about companies in Russia and China which are spyridden or offshore companies in which you will never know who is behind them

    that is also why real business buy businessinformation and analyses before getting into business with a business and maybe this will be a new 'dataleakage' protection service (checking on the business you are sending certain kinds of information) It can also be a blacklist or a list with indicators based upon administrative and business data (turnover for example, number of clients, etc....)

    more information can be found here

    Click to view the ‘Harkonnen Operation’ report.


    Click here for a list of hazardous addresses.