No trust without independent control - Page 9

  • #hongkong police use pepperspray and puts swimming goggles on

    and all those commentators who thought that the protests were over and dying are wrong again

    each time they think that the Chinese have won, everything changes again and we are back to square one

    there is another thing that is important

    just as with the Euromaidan protests the majority of the protestors came after work to the camp

    this was also the case in Ukraine and kept it alive because most people need an income and expect if you can win in a few days than they can't just stay away from work day after day, week after week, month after month

    look at that (and you didn't see that in the news, you only saw some scuffles but not the mass of people behind them)


    Embedded image permalink

  • all kinds of vendormachines now under attack from general malware to attack them

    the first malware that targeted POS point of Sale systems was built for specific software and hardware and wanted only the credticard information

    now from a specific malware it has grown into a platform to attack any vendor system for any reason

    "Some recent POS investigations have revealed organized crime groups distributing malicious code and compromising networking environments of merchants and credit card devices, including ticket vending machines and electronic kiosks installed in public places and mass transport systems. One of the compromised devices was found in Sardinia in August 2014, giving the bad actors unauthorized access to it through VNC.

    but the infections are only starting (one in Holland, one in France but none in Belgium for the moment)

    it also means that the period of security by obscurity is over for these systems and that anti-cocal hackers will give us free coke (or none at all) or free busrides or just want to get pincodes on any access system (to have some physical penetration afterwards ?)

  • since the forget me ruling Google (and yahoo and bing now) are no internet index anymore

    they are only part of the internet and they are becoming more and more irrelevant

    we will work on that in the coming weeks by preparing more specific searches to bypass this censorship

    (how do I know it is censorship because when I search for the names of spies that are in my books about the latest espionage scandals of the last years (to understand Snowden) it is clear that information has been deleted because it is mentioned under the first page with the search results)

    for the moment some say that you can find the urls's that are being abolished in Europe in other versions of the Google search machine

    but meanwhile the effect is enormous (and it is bigger than the millions of urls's to pirated content because this is about legal content but that some people for some reason don't want you to see anymore in Google)

    "Google was the first company to publish a form to make such requests, and has so far received more than 174,000 requests covering more than 600,000 URLs, removing 41.5% of them from its search results. Now it has been joined by Bing and Yahoo.

    for those who have known the internet before Google

    we are going back to local searches and linkindexes and keeping information you have found online because you never know how long it will stay online

  • reading the mails from CEO's before investing on the stockmarket

    "The cybersecurity company FireEye has unearthed a team of email intruders that snoop through the correspondence of company executives who may possess market-moving information.

    FireEye said the team has carried out attacks against nearly 100 publicly traded companies or their advisory firms in possible attempts to play the stock market. Most of the targets are health care or pharmaceutical companies. It noted that the shares of those firms can move dramatically after the announcement of clinical trial results, regulatory decisions or other significant developments.

    FireEye has labeled the group FIN4 and says it focuses on capturing usernames and passwords to email accounts, which gives the group access to private email correspondence. The group does not use malware, which helps it evade detection.

    they send emails from friends or contacts that ask you to fill in a form with your email credentials

    than they use those email credentials to read over your shoulders your email

    and this you can only end when your company emailservice does the same location control as Google and Yahoo - except when they do it from the same location or through a hacked site or a local proxy that gives the same protection

    information is much more important than showing off that you have hacked or defaced something

    the best solution is double authentification

  • sony has again gone down the abyss of total compromise

    "The security break at Sony Pictures marks the second time that Sony Corporation had been targeted by hackers. In 2011, the online network for Sony's PlayStation game console was broken into, exposing names and credit card numbers for millions of customers. By the time damages from more than 50 class-action lawsuits had been paid, it's estimated that Sony spent more than $2 billion as a result of the breach.

    "Further disturbing is that thus far the studio's IT experts have been unable to reverse the attack and get the computer system back to normal. “The IT department has absolutely no idea what hit them or if they can recover any of their files or operating systems, or even turn on their computers Monday,” said the insider.

    and here you will find a good overview of what is lost (private keys, code, ID's, contracts,.....) and all other information you may need  inside the discussion

  • sony hacking already a digital disaster because of massive downloads

    the numbers speak for themselves

    Fury is in the States in the theatres while annie still had to be released worldwide

    “Fury,” a war film that stars Brad Pitt and Shia LaBeouf, has reportedly been downloaded by over 1.2 million unique IP addresses, while “Annie” has been downloaded by an estimated 206,000 unique IP’s, according to the piracy-tracking firm Excipio.

    this is a disaster

    and proof that if you don't use anonimizing software your torrent traffic will be kept somewhere for some time

  • how to find anything online if you take your time and you know how

    there are 5 ways to find anything online

    first is Google  

      and than you have to make first a Google account so you can use the advanced search options

      if the data or some of the data has disappeared from Google you should use BING

      there are some operators "term"  you use to find any data in which there is only that term

       "mymailadres"  will give you everything with your emailadres in it

       than there is the period  (last week, last 24hours, last month) but you always will have to use it without time indicator because that indicator doesn't work that well - it is only interesting to find links that have a good time indicator

       you can also limit to a certain domain or site  site:.....

       another interesting is  filetype:txt for example of .cvs   or .pdf  or .whatever

    secondly there are torrents

       here you will have to search at torrent search sites because many links aren't in the searchengines anymore

       you will have to use several because there isn't a google for the torrents

    thirdly there are the online forums; IRC and usenet

        several of those forums are blocked off from Google and other search engines

        you have to be member to  be able to see the postings and in some cases you have to upload information that others like to have access to data yourself

        for this you probably will need another identity

        for USenet there are few interesting services that are free and for IRC you have really to be careful for viruses, for snoopers and that you have gone through several proxies because on pastebin you will find a whole lot of IRC logs with the full networkname of your identity.

    fourth there is twitter with links to download dumps

       so with the download file servers you will find thousands of files online on these servers

       and they are not necessary on Google or they make no sense (who knows that xhx.avi is the latest film for example)

       they are sometimes only on twitter links to such files so you will have to find the necessary twitter links

    Fifth there is TOR where you need to download the client and than to follow our guide to find or search for the files - many services are invite only

  • update : this blog is FORBIDDEN TO PUBLISH ANY information about online MENSURA DATA

    due to a complaint from the lawyers of Mensura we are not allowed to post specific links to the data

    we didn't even publish any direct links just how to find it and even than it was just a posting about using Google to find that data

    things anybody with a little bit of intelligence and internetknowledge can do

    well you have to learn it yourselfs because I am forbidden to write anything about how to find any particular set of data

    so people will continue to think that their data is not online anymore

    IT is still online

    I know how to find it but I can't write about it

    or this whole blog will disappear

    which is just what mensura wants

    to 'make believe' that the data is not online anymore

    and that I am not allowed to publish anything anymore

    nothing even not a hint

    but believe me that data is ONLINE

  • Sony lost 11 terra of data to hackers (11.000 GB) of which unreleased films

    "According to an approximation, 11,000 GB data was ripped off by the hackers and have warned if their demands are not met all this data would be released in the wild.

    A thread on Reddit provided information on what hackers could have stolen from the Sony pictures system. According to the thread, the data might contain passport and visa information for cast and crew working on Sony movies, Outlook inboxes, documents detailing the company’s IT systems plus accounting and research information- but all this is just a small part of this gigantic breach.

    and this is not a joke

    and these are the five unreleased films that you will find on torrents

    how do you do that ?

    Get 11.000 GB of information past a firewall and security and logs and monitors and people who are supposed to look at those screens without anything or anybody seeing anything

    do you understand how MUCH information that is ?

    even with a normal trafficvolumemonitor (how much a connection, server or accounts transports normally) you would have seen that something is not right and an alert would have gone off (this is very efficient to leave videostreaming open but blocking downloads of movies)

    so we will have  new Sony movies and mailboxes of filmstars and pics of them and so on very soon.... except if they pay up (and they hardly have any choice don't they)

    • "Still Alice" starring Julianne Moore, Alec Baldwin – US release date: Jan 16, 2015

    • "Mr Turner" starring Timothy Spall. – US release date: Dec 19, 2014
    • "Annie" starring Jamie Foxx and Cameron Diaz. – US release date: Dec 19, 2014
    • "Fury" starring Brad Pitt – US release date: Oct 17, 2014
    • "To Write Love on Her Arms" – US release date: March 2015

    it is also astonishing that after the massive lulzsec breaches they weren't capable over the last 2 years to upgrade their security to an acceptable level which means that they didn't make any new big investments, didn't install new monitor rooms and didn't extend their staff and procedures

    it also means that they don't have any system of Data leakage prevention

    even stranger that it came from North Korea - how the hell do you accept an 11 terrabyte download to North Korea ?

    follow the information about this hack

  • BND wants to keep security holes in SSL to itself to spy on you

    "Confidential plans seen by the SZ and broadcasters WDR and NDR show that the BND said it would spend €4.5 million to help it find security holes in the Secure Sockets Layer (SSL) protocol used by millions of web services to protect personal information. There is a lively grey market online among hackers and security researchers for "zero day" exploits, so called because they are undiscovered and internet users have had no time to prepare for them.


    But rather than fixing the security problems, the spies want to use them for surveillance.The programme to penetrate SSL, codenamed Nitidezza, would also target the HTTPS protocol which is the standard for many banks, online shops, webmail providers and social networks.


    “Holes in SSL need to be patched [fixed] because it is ubiquitous and everyone depends on it for their security," said Jim Killock of London-based digital rights NGO Open Rights Group."There is a real risk that failing to fix problems means criminal gangs will seek to obtain the same data using the same defects."

  • how the german intelligence agency BND can spy on its own citizens

    "Dr Stefan Burbaum, who worked at the BND from 2000 to 2005, said that some Germans were targeted as “office holders”, a legal loophole the spies used to circumvent the law that protects Germans citizens from being spied on by its own intelligence agency.


    Normally, the intelligence agencies must overcome high legal hurdles laid out in the so-called “G10 law” to spy on German citizens, including when they live abroad.Otherwise, information regarding German citizens has to be filtered out from any foreign communications intercepted by the BND.


    But the German spies argue that a citizen working for a foreign company abroad is only protected in his private life, not in his professional communications, Burbaum told the Bundestag inquiry committee into National Security Agency (NSA) mass spying."The office holder is the legal person," Burbaum said. "It's a small exception. But a German citizen can function as an office holder in a foreign organization."The decisive thing is whether he's communicating as a citizen or as an office holder."

    just get a bit legally creative

  • this is why the intelligence 5 eyes cooperation is so important (us-uk-nz-aust-canada)

    if you are one of the 5 eyes you are on so much more than any other partner

  • International Atomic Agency in Wenen a target of #Regin

    this is typical for a spy operation, always spies have in history get the positions and information of the other parties to the other negotatiors at the table. It was always seen as strategic information

    google translate of

  • the Dutroux documentary (VTM) and the Dutroux files and the unprotected judicial files

    When you are watching the Dutroux Documentary on VTM you will see from time to time pictures that come from the judicial files that were used during the trial.

    first it is strange that pieces of a trail are used because I am sure if those files are public

    but secondly there is a reason for this and I know very well why there is a reason for it

    those pictures probably come from the DVDroms that the journalists received during the trial to make it more easy for them to follow the trial and to do their reporting

    only there was no protection on those DVDroms - not on how to access them (password) not on the files themselves (encryption eventually with timebomb)

    in other words these files of this trial where easily copied and distributed and if you knew how to strip away the source of the files than you could do that without any danger

    I have always found that enormously dangerously and even though there seems to be some law that makes it a crime to distribute these files they could be found in a newspaper or with any interested people or on the internet (part of it on wikileaks)

    and it is not that the parliament doesn't know because they have a copy of these DVDroms to show how dangerously it is that these kind of documents is distributed freely without any protection (especially if it isn't that hard or expensive to put impose those protections).



  • #regin two important things we are looking in now - while everybody is feeling secure

    this based upon analysis of the NSA documents and of information that was leaked during the Belgacom investigation

    * we are not sure that there is no more recent version of Regin than the one of 2008 - 2011 and we still have to be sure that the version 2013 was installed before or after discovery and what are the differences between them

    * we are not sure either that there is only a windows Regin and that there is no version or no files for the other OS - as you remember the NSA was talking in her slides about a virtual component that was placed on the harddisk BEFORE the OS whatever the OS and that also unix machines were attacked 

    there is no clear proof of both things but we are searching 

    so don't feel too safe now

    because that may have been the intention

    remember it is a spyoperation by spies for spies

  • #regin the md5 names of the files according to the phase of the attack and infection

    "Stage 1 files, 32 bit:















    Unusual stage 1 files apparently compiled from various public source codes merged with malicious code:





    Stage 1, 64-bit system infection:




    Stage 2, 32 bit:



    Stage 2, 64 bit:


    Stage 3, 32 bit:



    Stage 4, 32 bit:






    Stage 4, 64 bit:


    Note: Stages 2, 3, and 4 do not appear on infected machines

  • #regin the samples are coming online but attention

    THis is one of the places where samples are being uploaded (I know several people (not me) have a sample of the BGC infection)

    Just to be sure that you understand what you are up to if you download this 

    * there is no clear definition of what a Regin package is, there are several different packages with different plugins and different timestamps so many antiviruses don't see it 

      this means that if you download it your securitydefenses may not discover it or some of the new or additional code and functions. You should therefore only place it in a sandbox and handle it on a nonconnected computer (don't use USB use a CDROM and throw it away or place it somewhere else (absolutely not safe)

    * it is not because it is called Regin that it is Regin 

    * some of the samples have personal information about their victims and their employees in the logfiles (if you are a legal expert you will have to destroy these files or inform the local police that you seem to have proof of an infection). 

    * As the discovery for the latest samples is quite low, antivirus firms will have to go hunting for real and imaginary Regin samples 

    * if you don't have the knowledge and tools to handle this atombomb of code, stay far away - you will have seen nothing like this

    In my view it is urgent for the big antivirus-securityfirms to set up a working group to collect all the different samples and information to get a whole picture and to be sure that all companies and networks have sufficient protections independent of their antivirus-securitytool. 

  • #regin was also targeted at Mobile telephone infrastructure

    this is much cheaper than installating rogue GSM receivers together with jammers that will block the official normal GSM receivers

    source Kaspersky

  • the list of telecommunication cables that are intercepted by GHCQ