A secure democratic Net is a fundamental right

This is his official profile

http://www.icann.org/en/about/staff/markovski.htm

this is what he tells Stratfor

"Veni Markovski (Bulgaria's richest man, head of ICAAN & advisor to the US
and EU on cyber stuff) is a pal of mine and wants to chat with Stratfor's
person/people on cyber security. He's super low maintenance and friendly.
Think he just wants to open diolague for y'all to be able to ask questions
to him (he's a big Strat-fan). Who would like to speak with him? I can set
it up so two people conference with him on the phone. Or if Nate has time,
Veni does hold a house in DC.
Let me know!
Lauren
--
Lauren Goodrich
Director of Analysis
Senior Eurasia Analyst
http://wikileaks.org/gifiles/docs/5482669_cyber-security-...

So ICANN advisors are also advisors to governments and have vested commercial investments themselves and are fan of organisations like stratfor - who know shit about cyberrights and couldn't care less about cyberrights

and if you read the mails about wikileaks and Anonymous than you really that they don't understand anything about it

Anonymous is a platform, you overpaid, selfindulgent, 'analysts' who couldn't see the difference between facts and interpretations, between news and trends and between actions and platforms or movements

when I compare the stratfor emails with the diplomatic cables than I am quite proud of the public servants working in the state department because this is analysis and when you read those mails from this privatized CIA you hope they will engage more public officials in the CIA which are a lot better and open minded and objective than these 'analysts'

because a real analyst doesn't write things like this

Assange is going to make a nice bride in prison. Screw the terrorist.
He'll be eating cat food forever, unless George Soros hires him.
http://wikileaks.org/gifiles/docs/1056988_re-wikileaks-is...

close that shop down - it is illegal in every aspect of it (paying sources, setting up a private insider trading fund, getting access to confidential information a private person shouldn't see,.....)

there are thing with which you get attention

but probably he didn't want the attention from the police and copyright services when he upload a pre-release album from the Kaisers

our national Sabam saw it an went to court

when it became clear that the man had a few hundred movies and a few hundred albums a hundred other copyright owners joined Sabam in the complaint

the judge ruled that the man should pay around 65.000 euro but that he wasn't guilty of commercial pirating of this kind of stuff

sometimes, you better think twice

and never think that nobody can find you

http://www.stratfor.com/hacking-news

and stratfor.com itself is giving all the analysis for free for the time being - it is the kind of Economist stuff

the analysis of the hack itself is very poor and shows that you shouldn't employ them to try to understand Anonymous or any other activist organisation (as there are some mindsets necessary to understand what it is to be an activist)

they have rebuilt the systems more secure  (first too little, but you can't rebuild a totally hacked server, you have to throw it away and re-install it on new infrastructure, you never know what may be lurking out there somewhere that you didn't think off - so there is a risk there.....)

another very surprising thing is this " The emails are private property. Like all private emails, they were written casually, with no expectation that anyone other than the sender and recipient would ever see them
http://www.stratfor.com/hacking-news"

uhhhh, you are collecting intelligence and information through email with sources all over the world and you expect that because those emails were between persons that no government, agency or any other interest party would do nothing to get an hold on them, read them and eventually leak them ?

where are you living as an analyst ?  Wonderland ? It is this casual attitude which has broken the company.

Because when it went from analysis of more or less public information to recruiting resources to get more private and important information the goals, workings and importance of the information and contacts had changed and so the securitysituation had changed and so security should have been adapted before.

so you will not only have to change the infrastructure and buy some products to secure your information from end to end but you will also have to change the total business culture and workflow (and inject enough paranoia in it)

It is as if you are going with an old caravan to participate in a F1 car race.....

several articles are being published saying that stratfor is in fact a joke and that its marketing campaign saying that it was the private CIA was just overblown crap and that The Economist is much better and cheaper (which is true, The Economist is a must to read if you care about facts, analysis and reflection - even if you don't agree)

but this is not the question a securityperson would care about

first it is the best example that security and investing in security (and all the solutions exist now) is the first thing such a company should do (it will not survive if it is not secure enough). How can you say that you trade in secrets and confidential research if you don't have the business culture to keep it secret and the tools to guarantee its security over time (for starters, emails from years ago should have been archived and locked up)

but secondly being an informer for stratfor is maybe not a joke

if you were an informer for a joke like stratfor in these wikileaks-sensitive times, who else would you be willing to inform or enlight about something and against which price or under which circumstances

if stratfor wanted to make real money it was as a social engineering front trying to find out who was reliable, who was made of the real stuff, who could resist even the simple temptation, who would spill the beans, who was desperate for money or attention

thousands of people around the world and hundreds of organisations and institutions and businesses are now finding out who is a risk and who just gave them public knowledge and understood the risks

it all depends on the kind of institutions, the level of access, the risk one is prepared to accept

most of the times, it will not be explained this way, there will be re-organisations, security-audits, new levels of access and re-assignment of information to higher levels, new missions of tasks with not much access to the network or the office (and so on)

in very secure or trusted institutions and organisations or services there will be no doubt because that is part of the engagement and part of the risk one took when one wanted to go to work for such an institution or service, you have breached security and trust and whatever you did, you have lost the necessary trust to function

btw every intelligence firm now has more analysts than spooks or operatives 

the question the new mails will have to answer is if Stratfor was also involved in (planning or preparing) black operations or why would they have to collect information about activists for big multinationals and in which case they may have breached an international, US or national law

http://reflets.info/opsyria-s04e01-the-iron-strike/

http://reflets.info/opsyria-syrian-censoship-log/

but there are also European firms involved

the technology can be great for the security of internal networks but there is no way that the same technology should be used with the same purpose on the global internet against citizens because if they fall into the wrong hands or begin with acceptable goals (like the traditional pedophile argument) but after some time are used for other purposes because of mission creep (or special circumstances like a big terrorist attack) than that is dangerous technology

one could say that the technology is not really working as it should if you see the number of videos that are coming out of Syria each day

but it is probably used on a daily basis to find critics and citizen journalists or locate them (so the snipers and tanks know where to hit them)

and here it is not an accident, Bluecoat and the European firms were well aware who they were selling to and what the regime would be doing with it and what the consequences would be for the victims of that spying

a bit like IBM and hitler when it helped with Microfiches implementing his final solution (even if they are still doing everything to get that book out of any public attention)

and no the Syrians were not bombarding their own citizens and killing daily around at least 100 people but there was no doubt that the regime would be able to do such a thing

this must have been the biggest SLA research anytime

The researchers said in an examination of 6.4 million distinct X.509 certificates and PGP keys containing RSA moduli, 71,052 (1%) occur more than once, some of them thousands of times. "Overall, over the data we collected, 1024-bit RSA provides 99.8% security at best," the paper states.
http://www.cio.in/news/crypto-experts-analyze-millions-x5...

now it still means that your security is high

but if you are a really important security intelligence financial or critical infrastructure or military or espionage service than there is a problem

because if you have the same key or certificate as any other service than that key can be used to impersonate you or your service - under certain conditions and the most important is that you have bought strong and expensive certificates (not just a global domain or just for the ip address or other worthless certificates like that - make believe certificates)

and no one will see and everybody will think that they are safe - because encrypted by a certificate

now the biggest and most valuable information in the world is

getting the list with all the certificates that are the same

the best thing to do is to change them all

and for RSA - who has some issues with the research (but it is too late for that) - to start checking themselves all their certificates with software robots to be sure that by chance or bad luck no two certificates are the same or could be used as such

yeah attacks against the certificates are going to continue and it is up for the business to get their act together - instead of complaining that rats are getting in through the holes or that researchers are discovering weaknesses they should have addressed already long time ago

meanwhile about 12OOO networks and installations are receiving an alert that they will have to change their certificate and re-install another one, although this isn't always that simple (to make and process) and to install and eventually in an interconnected network get the different certificates to work together (especially if some are playing with openssl ....)

but it is race against the time .....

anyone with some very fast computers and networkconnections can do exactly the same research (eventually helped by some special program) so it means that the same mistake can't be made again (one will have to check eventually if the same key has always be made 'ad random' before releasing it). People know that it takes a few days before you receive effectively your certificate, so it would be no problem prolonging this a bit with a full check of the certificates already delivered

when Anonymous activists hacked the servers of Stratfor they couldn't know that they had hit the jackpot

it is the mother of all private intelligence companies that just as the private army industry was beginning to spread its wings into every corner and aspect of the international policial, military and economic aspects (and through a side- aspect trying to make lots of money by using it on the stockmarket - if this ain't abuse of knowledge (imagine the CIA playing on the stockmarket and making money because it knows things that are going to happen)

and so Wikileaks has found a second life

after the publication of the nearly one million accounts and information about its users (making it the most important breach anytime because they were nearly all contacts with access to high level networks and services)

the whole database of 5 million emails has begun - in parts

and it is really amazing stuff

http://wikileaks.org/gifiles and you can download all 5 million of them at once (26 Giga of files) and if the mails already published are representative, this is the biggest security breach of all times - can you imagine the thousands of sources all over the world - of which some were paid through swiss bankaccounts - who are now having to

* explain all this to their colleagues

* take their bags, their family and leave immediately before the secret service of their country has downloaded and analysed all these files and found their names (yes those amateurs gave full names and functions of all their sources in these unencrypted mails)

* people who will lose their jobs, their social influence, their reputation, their access and the trust of many - even if they were more manipulated than they seemed aware off - and even if not everybody has the necessary intelligence to look through flatter, dinners, speaking engagements and intellectual exchanges between analysts (some wiser people became very cautious when they began to understand that the firm had privileged links to the US Intelligence and military community (as they call it now))

In some of the files released today you read really stuff and language you only read in CIA training material (or any other spook(y) organisation)

If this is a source you suspect may have value, you have to take control od him. Control means financial, sexual or psychological control to the point where he would reveal his sourcing and be tasked. This is difficult to do when you are known to be affiliated with an intelligence organization. The decision on approach would not come from you but from your handler. This is because you're position is too close to the source and your judgment by definition suspect. Each meeting would be planned between you and your handler and each meeting would have a specific goal not built around discussing the topic of interest which would ideally be hidden but in analyzing him personally and moving toward control.
The justification for the op would be specific classes of information and on gaining control the first step would be determining his access. If he failed the test contact would be terminated.

the problem of analysts in the field is that they tend to want to discuss the topic, which raises the targets awareness, rather than focus on establishing the control relationship.

So from a professional point of view this target knows your affiliation, understands your interests and you have not established any control which is defined as a high confidence in his obedience
http://wikileaks.org/gifiles/docs/202526_re-insight-venez...

and than if you read another mail, you read that someone went to a Turkish conference and during that conference established a lot of 'useful' contacts high in the military or in business circles

so this is not an organisation that is analyzing all the incoming information or trying to organise the discussion and input about information and analysis but this is a spyfirm infiltrating with the soft and corrupt approach in all kinds of institutions and business and trying to get as much as possible valuable information out of its 'handled' contacts and reselling it to their customers and/or use for their investments

but here is all out

all their contacts, all their strategies and thoughts, the way they handle people and the real way they think about people

the careers and securitypositions and access of tens of thousands of people is at risk here

they have shown themselves to be not secretive enough to give them access to any confidential information

let it be a lesson to all others with access to confidential information or knowledge

every analyst calling you may be really a spook or spy

it is all in a name, but sometimes it is just newspeak

you expect that a company that is working in the intelligence and securitybusiness and handles hundreds of secrets on a dialy basis was doing enough to keep them secured

shows you the importance of encryption, archiving and double authentification

Sometimes titles are funny because they want to attract the attention but they are giving a totally wrong picture

there has been a lot to do about a computervirus (dnschanger) that is still infecting or has still infected about 5 million computers worldwide (just a small percentage of all computers and off all infected computers).

As you can read it, it means that this virus is changing the IP address of your dns server your computer is going to on the internet (or intranet) to find the server where the domainname (and ip address) of the webservice is hosted. This is a bit like a telephonebook. With your smartphone you don't remember telephone numbers, but names and the phone will use the number it has for that name. THis is the same with a dns server but with names of websites.

Now imagine that some virus changes the phone numbers you use most often to be redirected though and expensive international rerouter and makes you pay some cents for every connection. Well this is what dnschanger does.

Now imagine that the police (in this case the FBI which is more and more playing the role of international cybercop) confiscates this telephone rerouter and tries to inform all the telephone users that use it that their phones have been infected, which is what they have been doing for the last months.

The problem is only that the US judge has given the FBI untill the 7th of march the right to manage that server. The 8th of march all infected computers will lose their ability to connect to any internetservice because they won't have a  dns server that works (as if all telephone numbers in your phone don't work because the rerouter service stopped working and your phone has forgotten all real telephone numbers).

I am not sure that this period will not be extended because there are still hundreds or thousands of US governmental computers in these listings (which says a lot about computersecurity over there).

Secondly the internet will not break down because even when some central dns servers that are used by tens of millions of people broke down some years ago, the rest kept working.

Just three tips

* time to install a free antivirus like avast (if you don't have professional information or do many financial transactions and are careful this is quite enough)

* time to change your dns to opendns.org which will also protect your computers against known malwaresites (see this as a firewall before your firewall) and if your country does any censoring based upon dns-traffic it may be possible to bypass that

* if you are responsable for an internal network you should have organised your internal dns traffic to be under control of your own dns server and your external internettraffic to be solely controlled by your own chosen dns servers (all other traffic will show infections and malconfigurations). If you would have done this, you would already have cleaned your network since november 2011.

and if you don't have internet the 8th of march

than it is time to spend some real time with your computer instead of using it only to surf the internet. You also go with your car to the garage, don't you ? well, your computer needs a fix.

The last weeks arab and jewish hackers have been publishing credit cards and other personal information from each other country or financial institutions or economic interests. They have also been defacing and ddossing some infrastructure and making claims about cyberwar that made worldwide headlines.

Things have also quieted down a bit and the published lists have many doubles, fakes and aren't as enormous as acclaimed (I have so many hunderdthousand accounts or credit cards or this and that....)

But this doesn't mean that those cyberincidents are without any effect. First of all, the Israeli government had to attribute resources and time to respond to those leaks and attacks - even if they are so called the best cyberwar prepared country according to a new report (how you proof that is something I don't understand because if they were so prepared how did this happen ?)

Secondly, online ebanking and commerce is about online trust and in some country some banks had some trouble with this since those attacks and had to invest in security again and lost some business.

"Customers at some Saoudi local banks have withdrawn their money and closed their accounts in the wake of reports that hackers have accessed some credit card accounts.
http://zionops.wordpress.com/2012/01/31/saudi-banks-probe...

The same reports says that most of the creditcards and accounts that were published were in fact the result of phishing (update your bank, email or facebook account and click here etc......) which didn't mean that there were no effects for the victims. Some of the Saoudi banks had set up teams of 15 people to go through all the transactions on the published accounts and to take the necessary measures. (What does your bank do when your account is published together with 3000 or half a million others ?)

So imagine that you throw out of your party a member of parliament and her partner who was a president of your youth organisation

imagine that relations have gone totally sour and that war has been declared

so what happens when they start leaking old emails that get your party in problems (like your most important minister in the Flemish government)

well you can counterattack and find anything dirty on him that is available (like negationist or antijewish remarks on his Facebook pages)

but in the end, he still has 24.000 internal emails on his hand that he won't used if you leave him alone (telling this in an interview that everybody can read)

you can always find interesting stuff in 24.000 emails, people write the most stupid things in email (and on Facebook and twitter)

but there is another question

didn't nobody let him sign a confidentiality agreement

didn't nobody organize his departure in a normal matter, so that all the internal documents and emails would have been destroyed or transferred

and this shows why it is a bad idea to let people download email from online servers (you never know where they will end up)

and I didn't see any disclaimer on the email, prohibiting public disclosure

and who will be responsable if somebody hacks his computer and steals all these emails and throw them all online (wouldn't be the first nor the last one)

source (dutch)

Everybody agrees that there is nothing as dangerous as scada interfaces that are just on the internet (even if we put a few securitylayers around them) .  Scada is the special software and code written to control industrial production sites and water, electricity and other networks. They shouldn't been on the internet or connected to the internet and they haven't been developed to be connected to the internet but because of so many reasons that have nothing to do with security, some are and this is a problem.

A problem because security on the internet depends of so many different factors and can become a problem because of so many individual or combined issues that you can ask yourself if it is all worth it (especially the money you have to put into it).

and there is a database of those systems and those you can find only with networkscanning (not google-searching) and thought they were safe because they were not in Google (as if hackers only used Google).

It is called sodanhg.com and is online since several years and sells databases of vulnerable infrastructure and let you have some free information also

so a dutch securityresearcher used the database and started twittering the different vulnerable systems after a while... which made the headlines

He explained that he contacted the national cert but that they didn't want to tell him what they would do with the information, who would get the credit and so on and so he stopped talking to them and sending them information.

Which is a bit silly. I always send the information (also those that I don't publish here) to the cert from the moment I see a Belgian aspect and it is not my job to ask who gets credit or who does what (they are supposed to do something with it in the best of their capabilities

You shouldn't expect something in return when you are a security-activist, you should expect that some-one will do something with it (and you leave some time if that is necessary) between the moment you see it and send it to the CERT and the moment you have published it).

If you are in it for the fame and the money you should go and work for a securityfirm.

1. jace.n5usr.net/ord?station:%7Cslot:/Drivers/... -

   Config · Drivers · LonNetwork · MainHVAC · nviFilePos · Logout. Property Sheet, Object to oBIX, Slot Sheet. nviFilePos (lonworks:NetworkVariable)
   
2. jace.n5usr.net/ord?station:%7Cslot:/Drivers/... -

   Config · Drivers · LonNetwork · MainHVAC · Points · NumericSwitch1 · Logout. Property Sheet, Object to oBIX, Slot Sheet ...
   
    
3. 206.216.159.139/ord?station:%7Cslot:/Energy/... -
   

   Meter 1 Summary. 1.2 kW-hr. Previous Day. Current Day. 0 kW-hr. 15-Jan-12 11:40 PM EST. Current Demand. 0.00 kW. Meter 2 Summary. Current Day. 0.8 kW- ...
   
4. 63.224.84.183/ord?station:%7Cslot:/ -
   

   WatersideLofts. Username: Password:
   
5. axdemo.tridium.net/ord?station:%7Cslot:/... -

   Home Config Services WeatherService Orlando Airport. Logout. Orlando Airport (weather:WeatherReport). Provider. AG, AK, AL, AR, AS, AW, AZ, BB, BH, CA ...
   
6. axdemo.tridium.net/ord?station:%7Cslot:/... -
   

   Home Config Services WeatherService Orlando Airport Thursday. Logout. Thursday (weather:Forecast)
   
    
7. 209.254.21.226:8280/ord?station:%7Cslot:/Drivers/.../points/...

   Java Plug-In support is required.
   
8. 209.254.21.226/ord?station:%7Cslot:/

   Press Demo Config. Logout.
9. axdemo.tridium.net/ord?station:%7Ch...schedule... - 
   10+ items – Home · Vykon Building Demo · Graphics · Building · Floor 1 ...
   

   Rob's Schedule	Date: 17 Jun 2012
   Per	Reference: slot:/Schedules/Holiday

10. 206.216.159.139/ord?station:%7Cslot:/Energy/... -
    Meter 1 Summary. Meter 2 Summary. Last 24Hrs · Last 7Days. Last Month. Current Demand. 1.88 kW. Current Day. 0.8 kW-hr. Meter Total. 10677.63 kW-hr ...
11. aecabin.tzo.com/ord?station:%7Cslot:/...do7/... - 
    BooleanCov (history:BooleanCovHistoryExt). Status, {ok}. Fault Cause. Enabled. false, true. Active Period, Basic Active Period. Active. false, true. History Name ...
12. axdemo.tridium.com/ord?station:%7Cslot:/... -
    

    Connected Users Report · Daily History Report · Daily Point Status Report. The above report examples are created using standard Hx Pages with bound tables.
    
13. 206.216.159.139/ord?station:%7Cslot:/Energy/... -
    

    Meter 1 Summary. Meter 2 Summary. Last 24Hrs. Last 7Days. Last Month. Current Demand. 0.00 kW. Current Day. 0.6 kW-hr. Meter Total. 10687.47 kW-hr ...
    
14. www.plexml.net/ord?station:%7Cslot:/ - 

    Press Demo Config. Logout. To continue please select the appropriate view from the buttons below. Welcome to the PleXML press demonstration. 21-Jan-12 ...
15. 203.122.195.160/ord?station:%7Cslot:/Guest - 
    logo. 129 Greenhill Road BMS. Username: Password:

* there are a lot of big numbers flying around (so many hundred thousand of creditcards, facebook or other accounts for example) - they seem mostly fake or exaggerated (for some you have to pay with clicking on an ad before you can download them)

* for the first time other creditcards not from an arabic country or jewish state or organisation are being published without mentioning the site (garbage dumping). 

* some say that the cyberincidents are over because the other side has given up

it just seems ongoing for a while

new files are listed here

http://www.diigo.com/list/mailforlen/leaks?order_by=0

The still ongoing revenge attack against the megaupload action makes you think

the total number of attacktraffic rised at some time to 15% of all internet traffic

it was interesting to see that is mostly surged in the US and Russia

and if you couple this with tweets saying that botnets were helping and that some press was saying that users were pressed without their knowlegd to become a member of those botnets

it explains why in total only 6.500 person participaged in the action

the 6500 were not important, the botnets were

as the person in Humo said

For one reason or another the Turkish government has let its patriotic hackers rule the rampage on the internet without hampering them in any way. Maybe because they are planting the turkish flag and some nationalistic and islamic slogans in bad english all over the net on tens of thousands of websites every year.

The economic costs of this are enormous. But yes, the hosters and webmasters should upgrade their security. But that is no excuse.

French hosters and website owners should be warned, turkish hackers are starting to attack french hosters and .fr domains to protest against the proposal of law in the French parliament that would protect people who say that the Armenians were slaughtered after the first world war and prosecute those who say that this wasn't the case at all.

http://pastebin.com/7enXV8vH  an example

you can follow the campaign here

http://www.zone-h.org/archive

even parts of the official defense website are defaced  http://www.zone-h.org/mirror/id/16672964

if your website is hosted in France, than you are in the warzone and you should take some measures if you want to keep your website in France (take a safe backup and keep it offline so you could use it if needed), upgrade and patch everything for which you are responsable and be sure that there is no xss or sql injection against your site, encrypt the personal and confidential information on your website and put a monitoring on your websites so you are alerted if somewhere something changes

Yes, OVH is in France :)