BeOSPOS posted:

what's ccne?

this whole ordeal is sounding more like a spy novel

kalstrams posted:

oooh i see, i missed the background that now they bombed it

cheese-cube posted:

yeah for the 2016 census they turned down upstream DDoS and instead just decided that they would block any connections from IPs outside australia. this lasted as long as you'd expect and they still got owned multiple times.

computer molester posted:

so it looks like one of the exploits from the eqgrp leak actually pops ASAs: https://xorcatt.wordpress.com/2016/08/16/equationgroup-tool-leak-extrabacon-demo/

cheese-cube posted:

apparently you need SNMP read and SSH/telnet access so any properly configured device in a properly designed network will be fine.

so yeah game over man

surebet posted:

anyone know the best way to print an ida gdl graph? google says graph-easy but it's been a literal decade since i touched perl

surebet posted:

anyone? i've been looking for an excuse to print something on the 60" laser plotter in the marketing department

Captain Foo posted:

snowden talkin on tweetz0r that the equation group hack is likely russians demonstrating CCNE in order to show that they can prove U.S. responsibility of any attacks sourcing from that server, which he speculates is now being made more public in order to halt escalation of attribution in the DNC hack

quote:

The hack of an NSA malware staging server is not unprecedented, but the publication of the take is. Here's what you need to know: (1/x)
1) NSA traces and targets malware C2 servers in a practice called Counter Computer Network Exploitation, or CCNE. So do our rivals.
2) NSA is often lurking undetected for years on the C2 and ORBs (proxy hops) of state hackers. This is how we follow their operations.
3) This is how we steal their rivals' hacking tools and reverse-engineer them to create "fingerprints" to help us detect them in the future.
4) Here's where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us -- and occasionally succeed.
5) Knowing this, NSA's hackers (TAO) are told not to leave their hack tools ("binaries") on the server after an op. But people get lazy.
6) What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is.
7) Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.
8) Circumstantial evidence and conventional wisdom indicates Russian responsibility. Here's why that is significant:
9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.
10) That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies.
11) Particularly if any of those operations targeted elections.
12) Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.
13) TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast.
Bonus: When I came forward, NSA would have migrated offensive operations to new servers as a precaution - it's cheap and easy. So? So...
The undetected hacker squatting on this NSA server lost access in June 2013. Rare public data point on the positive results of the leak.
You're welcome, @NSAGov. Lots of love.

surebet posted:

anyone? i've been looking for an excuse to print something on the 60" laser plotter in the marketing department

hobbesmaster posted:

cold war II: wizard punk edition looking good

Cocoa Crispies posted:

yeah i am completely enamored with the idea that cold war 2 is fought with the press instead of violence, just like how it's actually really unironically nice that the us and israel hosed up iran's centrifuges with stuxnet instead of explosives

watch die hard 4 all you want (hopefully this is zero times) but wizardwar is much better than the alternatives

Parallel Paraplegic posted:

yes i too can't wait for our national power grid to go down because some russian oligarch thought John Kerry wasn't nice enough to him at a diplomatic dinner

quote:

From <>
Subject Fake Linus Torvalds' Key Found in the Wild, No More Short-IDs.
Date Mon, 15 Aug 2016 15:34:01 +0000 (UTC)

It was well-known that PGP is vulnerable to short-ID collisions,
and many experiments were done to demonstrate that. [0]

Nevertheless, real attacks started in June, some developers found
their fake keys with same name, email, and even "same" fake signatures
by more fake keys in the wild, on the keyservers. [1]

All these keys have same short-IDs, created by collision attacks, led
with some discussions about the danger of short-IDs. Now, it is worth
to mention this issue again, since fake keys of Linus Torvalds, Greg Kroah-Hartman,
and other kernel devs are found in the wild recently.

> We don't know who is behind this, or what his purpose is. We just know this
> looks very evil.

Search Result of 0x00411886: https://pgp.mit.edu/pks/lookup?search=0x00411886&op=index
Fake Linus Torvalds: 0F6A 1465 32D8 69AE E438 F74B 6211 AA3B [0041 1886]
Real Linus Torvalds: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 [0041 1886]

Search Result of 0x6092693E: https://pgp.mit.edu/pks/lookup?search=0x6092693E&op=index
Fake Greg Kroah-Hartman: 497C 48CE 16B9 26E9 3F49 6301 2736 5DEA [6092 693E]
Real Greg Kroah-Hartman: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 [6092 693E]

Everyone,
> In short, that cutting a fingerprint in order to get a (32- or 64-bit) short
> key ID is the worst of all worlds, and we should rather target either always
> showing full fingerprints, or not showing it at all
> (and leaving all the crypto-checking bits to be done by the software, as comparing
> 160-bit strings is not natural for us humans). - Gunnar Wolf

DO NOT TRUST ANYTHING SHORTER THAN THE FINGERPRINTS.

Cocoa Crispies posted:

watch die hard 4 all you want (hopefully this is zero times) but wizardwar is much better than the alternatives

Parallel Paraplegic posted:

yes i too can't wait for our national power grid to go down because some russian oligarch thought John Kerry wasn't nice enough to him at a diplomatic dinner

duTrieux. posted:

BeOSPOS posted:

what's ccne?

this whole ordeal is sounding more like a spy novel

hackbunny posted:

it's downright cyberpunk

like, forget for a moment how lame cyberspace turned out to be in reality. we have two cyberarmies, and not just any two random cyberarmies but usa vs russia, we have cyberweapons that hack each other, cyber interference in a foreign country's elections, even untraceable cybermoney. all of which commented in real-time in cyberspace's stream of consciousness (twitter)

hackbunny posted:

it's downright cyberpunk

like, forget for a moment how lame cyberspace turned out to be in reality. we have two cyberarmies, and not just any two random cyberarmies but usa vs russia, we have cyberweapons that hack each other, cyber interference in a foreign country's elections, even untraceable cybermoney. all of which commented in real-time in cyberspace's stream of consciousness (twitter)

hackbunny posted:

it's downright cyberpunk

like, forget for a moment how lame cyberspace turned out to be in reality. we have two cyberarmies, and not just any two random cyberarmies but usa vs russia, we have cyberweapons that hack each other, cyber interference in a foreign country's elections, even untraceable cybermoney. all of which commented in real-time in cyberspace's stream of consciousness (twitter)

fishmech posted:

that's more something the uk has to worry about, the us power grid is nowhere near integrated enough for it to be a problem.

hackbunny posted:

and let's not forget that this year this happened:

hackbunny posted:

and let's not forget that this year this happened:

Powercrazy posted:

What was this? I assume a power outage?

hobbesmaster posted:

still waiting on deus ex like augments

Parallel Paraplegic posted:

integrated with the internet or integrated with itself? because i love reading the postmortem write-ups of massive blackouts and they're always like "2:35 AM - 500kV line 1 sags into tree and breaker trips" "2:35:30 AM - 500kV line 2 overloads due to increased stress from line one being down" ... "2:40 AM - entire new york regional grid initiates isolation protocol disconnecting itself from the rest of the country" etc

not integrated with the internet is believable though

Captain Foo posted:

Also the fact that we have a combination mondo computer / camera / telephone / gps in our pockets at all times

fishmech posted:

that's more something the uk has to worry about, the us power grid is nowhere near integrated enough for it to be a problem.

OSI bean dip posted:

honestly the easiest way to gently caress up things for an entire continent is to "accidentally" have a ship drop anchor where it shouldn't. figure out where new york and london have the least amount of latency on which fibre line and you can make everything go sideways for a period of time

moonshine is...... posted:

Someone commented on the english being all messed up in this shadowbrokers thing. Wouldn't that make sense because there's no way you want anyone doing any stylometry on it? So run it through google translate a couple times.

moonshine is...... posted:

Someone commented on the english being all messed up in this shadowbrokers thing. Wouldn't that make sense because there's no way you want anyone doing any stylometry on it? So run it through google translate a couple times.

Powercrazy posted:

Surely there is a better way to achieve that effect then language translation? Though I have no idea tbqh. I mean even just using a thesaurus to choose archaeic/ambiguous words.