Global Governance: Digital Dominion

Securing The Net: Global Governance in The Digital Domain was a White Paper written in September 2013. 

This report was produced within the framework of the Global Governance 2022 program, organized by the Global Public Policy Institute in Berlin, in collaboration with partner institutions in the United States (The Brookings Institution and Princeton University), China (Tsinghua University and Fudan University), and Germany (Hertie School of Governance). 

The Global Governance Futures Group symbiotic with the Global Public Policy Institute(GPPi) outlines Specific Methodologies and Scenarios on the Future of Cyber Risk and Governance. 

The 2013 Report Outlines The Following: 

"Could the Internet actually die? The path to this outcome might be precipitated by an inability to address growing mistrust, the continued existence and exploitation of major cyber vulnerabilities, and mass fear created by new kinds of cyber attacks. "

'SCENARIO 1: “CYBER DEATH” – THE END OF THE INTERNET AS WE KNOW IT'

  • an “incubation period” during which steadily growing Sino-American [CHINA-AMERICAN] tensions, an interstate cyber incident as well as the continued militarization of cyberspace led to a gradual disconnection of various sectors of critical infrastructure from the Internet;

  • ›  an “outbreak phase,” in which a “tsunami” of cyber crime led to a collapse of e-commerce and forced governments, overwhelmed by the volume of crime in cyberspace, to develop secure, parallel network architectures that conformed to national and regional boundaries;

  • ›  finally, the “passing of the ‘old’ Internet,” initiated by Russia, China, and Germany following a global panic during a brief period of “cyber terror.” 

    The collapse of e-commerce, which threw the global economy into a recession, was paired with a global run on banks. The lack of confidence in banks led to the withdrawal of private savings at record levels. This near-immediate global collapse of the financial system spurred governments to action.

              'SCENARIO 2: “CYBER PARADISE"

  • ›  bilateral and multilateral efforts between states that ultimately led to a General Agreement on Confidence Building in Cyberspace (GACBC);

  • ›  the diffusion and increased sophistication of cyber security systems/infrastructure, in particular advanced cryptographic and “electric fence” systems;

  • ›  and lastly, the creation of a regime centering around the International Cyber Security Treaty.

As the Internet was expanded further into all aspects of daily economic and social interactions, attention to the topic by politicians and the media continued to grow. Henceforth, a conference program was initiated that included not only the US and China but also the European Union, India, Russia, and Brazil. The discussions in this “cyber club” carried over to G20 meetings, as cyber security became a priority issue in national defense.
 

 

 

 As 2021 now Comes to an End we heard the Echos within IT to Safeguard our Legacy Industrial Control SystemsUpdating ICS and the Electrical Grid Should be a #1 Priority for National Security. Unfortunately, either from State Sponsored Actors or from Political Mismanagement, Gov'ts tend to wait for something to break before addressing issues. The Great Reset now Comes to Mind when thinking about the Future of the Internet. The Cyber Attack Trends for 2022 and this Next Decade will Include Attacks on our Legacy ICS and much more. Cyber Attacks are now becoming Physical. Cyber War will not only affect Data, Communications and IT Systems; in this New Age a Cyber Attack Could Result in No Power during the Winter or Gas and Energy Shortages across the Country. We saw this with the Colonial Pipe Line Hack. More Ransomware Along with, IoT, Block Chain/Crypto Currency Wallet Attacks, Exchange Shutdowns and Deepfakes will be in the headlines. The Push for a New Global Internet like our now Global Economy will be at the Forefront of all Nations and the UN. The Internet has already become a vastly different place. We saw the Social Media & Banking Purge of Dissenting voices in 2018. Where Individuals, Organizations, Brands and Analytics can just be disappeared by Gatekeepers.   

Will we allow the Internet and our Power Grid to just become another Policy? A Thing for Bureaucrats and so called "Experts" to Control? Something to Campaign on When it's too late?

Government Failure Should Not Equal Loss of Privacy!

Lets Bullet Point Some Additional Reading on These Trends.

Biden Signs National Security Memo Addressing Industrial Control System Cybersecurity

White House: National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems

Cybersecurity & Infrastructure Security Agency  [GLOBAL]

Cyber-Attack on world’s largest meat processor highlights food system vulnerabilities June 2021

MITRE Framework on ICS Jan.2020

NIST: SolarWinds and Beyond: Improving the Cybersecurity of Software Supply Chains May 2021

ICANN and The United Nations 


Industrial Control Systems Joint Working Group (ICSJWG)

 CISA: Threat of Russian Attack on Critical Infrastructure 

 

 *** UPDATES 2023***

We are now seeing a trends in everything I wrote at the end of 2021 coming ahead in 2023 From Power Grid Attacks to Deepfake Porn.

FBI: Attacks on 4 Stations in 1 County

FBI: Shootings at Sub-Stations in NC 

FBI: GE Engineer Sentenced for Espionage

TIME: Power Grid Extremist Attacks

FTX Crypto Exchange Shutdown 

Ransomware Group Breached Federal Agencies in Cyberattack

FBI: A.I Deepfake Sex Extortion  

Deepfake Porn of TikTok Stars

Putin Deepfake Declares Martial Law 

Deepfakes of US Pentagon Explosion Go Viral

 

 

 

 

-Sodaghar 11/12/21

How to Not be Hunter Biden: A Guide to Securing Data

 
 
BREAKING: Rudy Giuliani has handed over the Hard Drive to Delaware State Police Stating: "There's a sexual depravity to this that's disgusting," and "This is a really very, very sensitive one," We now know that the Computer and Hard Drive of Hunter Biden, the Bombshell Story by The New York Post is Confirmed and Being Investigated by Multiple Agencies including the FBI and Senate Homeland Security Committee  Director of National Intelligence John Ratcliffe also said: "Let me be clear: the intelligence community doesn't believe that [the Laptop being Russian Dis-info] because there is no intelligence that supports that. And we have shared no intelligence with Adam Schiff, or any member of Congress." on FBN 

We might hear the echoes of Conspiracy around this data however, those with InfoSec/OpSec backgrounds know this data can easily be verified through metadata and forensic software like EnCase or DEFT. Also, IMO I believe that Chain of Custody was followed by the Shop Owner once this became his property after 90 Days. He is quoted: 'I think that it's not the government as an entire entity but I think there's a history in this country of people with political motives doing horrible things. I don't want to be on the receiving end of that.'

 

HOW TO NOT BE HUNTER BIDEN:

Both Windows 10 and MacOS have built in File Encryption Software for Data

  • Both FileVault & DiskUtility for MacOS allow you to encrypt Files, Folders and Disk Drives.
  • BitLocker for Windows also lets you Encrypt Data at Rest and Disk Drives.
  • Set a BIOS Password - This is an easy quick option which won't let any Drives start unless a Password is entered. Less Secure because the BIOS can be flashed and reset but this requires time and physical access inside of the Computer. Also, a Disk Drive with no Encryption can just be removed and have it's Disk Image cloned.
  • Don't store any actual data on your physical devices. Use Cloud Services like iCloud, DropBox, Google Drive 

Remember unless you write and rewrite over data numerous times files and meta data can still be recovered from a device. The Dept of Defense Standard for wiping Data recommends rewriting over data at least 3 times while being the most secure at 7 times.


Extra Reading:


- Sodaghar 10/20/20


ICANN and the United Nations

BBC: 
  The US has confirmed it is finally ready to cede power of the internet’s naming system, ending the almost 20-year process to hand over a crucial part of the internet's governance.

In an earlier post this year I wrote a little tidbit on how there is a DATA ESCROW AGENT Program. Anyone who followed that trail will know this is run by ICANN which stands for the Internet Corporation for Assigned Names and Numbers. Basically they are in charge of issuing your IP address. They control numbers, all numbers on the internet. Without an IP you don't exist on the web. In basic terms your IP links to their DNS (Domain Name System). They run the gTLD and this gives your place on the web(if they allow it). ICANN has the power to revoke your IP, NS, and DNS. In the previous article I said "There is also a DATA ESCROW AGENT program which is Big Brother in the realm of Internet Protocol." And this is now more solidified through the Alliance with the UN. In their first draft from ICANN on the DATA ESCROW AGENT program back in the late nineties it was something out of a sci-fi film giving AGENTS god-like powers over IP, Spying, and Data Mining. Into other things like 'How handwritten Encryption needs to be sent back to ICANN.'

  DATA AGENT third parties physically have the data, physically store the data  and physically send the data.

                    All data...

 In the mid 2000's ICANN and IRON MOUNTAIN formed the agreement on the new DATA ESCROW AGENT PROGRAM. Know that a handful of people in the United States hold the Keys to the Internet and now it will be the UN and all their round tables.

Below is a link to these DATA ESCROW AGENT contracts and agreements along with ICANN's full archive of data.

ICANN FILES



                                                                                            -SODAGHAR 8/19/16

                                                                                                                       

The Open Source Intelligence Framework


Open Source Intelligence (OSINT) is defined as intelligence collected from publicly available sources. In the intelligence community, the term "open" refers to overt, publicly available sources; it is not related to open-source software or public intelligence. This form of gathering and analysis of information is crucial to understand for both cyber and physical security professionals. Today I want to look at some concepts and tools used in OSINT. I'd have to write a book to cover it all so I'll touch on some basics. First, being able to gain all the knowledge on a target or organization without having the daunting task of penetrating networks and finding vulnerabilities in the machines to then exploit those machines could prove to be priceless. Using OSINT and Social Engineering tactics such as NLP and Pretexting can literally give you any information desired. Mix in lock picking, disguise and stealth; soon you're on the way to a road less traveled in the cyber security field. I mention Cyber Security because with The Internet of Things and billions of devices online there are countless exploits and vulnerabilities. Companies hire technical auditors called Pentesters or Ethical Hackers to find vulnerabilities within their intranet and networks, however this only covers the technical aspect not the physical. Let's say for instance I was contracted to find the network vulnerabilities of the corporation. They are well secured with Web Application Firewalls, Mod_Security on their Apache servers to prevent SQL Injects, Reverse Proxies Load Balancers and it's just something on this given day I don't feel like spending my time on or getting the team together so what do I do? Well using OSINT I join their LinkedIn group and find out they hire a Third Party overnight Security. I also find out that there is overnight construction tasked with the new building add on set to complete next year BINGO! Now when I get to the gate I already know the names and details of the security team, their bosses, the construction crew and the foreman. "Hey sorry I'm not in the company truck today my wife is expecting any minute now, we're having a boy I'm so excited! So I'll need to be able to leave whenever. Mr. Smith (the construction foreman) is aware and they should be right behind me." This situation could of gone a million ways, I could of just used stealth and jumped the wall in a construction outfit disguise that matches the logo and design of the crew doing the work(which I found using OSINT). I could of called the Security Officer at the entrance gate on his cell phone with a spoofed number from his wife's cell phone all obtained online using OSINT told him I was a Doctor and she is critical condition and we need you to come to the hospital to sign off on surgery. Unethical, yes but you gotta be able to have the balls to do what needs to be done and a corporation like this should have protocols in place for any situation. Plus who knows once he leaves the entrance gate and finds out his wife is alive it might be the best day of his life! The point is I needed access to not only set up a router for a Man in The Middle attack(as Plan B) but because I know OSINT is greater than IT I just want to stick to my roots and dumpster dive(Plan A). Not only do I find their financial reports from last quarter. I also find the names of their internal staff, routers, ISP and other information that I'll use to eventually exploit their internal network. At the end of the day information like this can fetch a pretty penny to competitors or on the black market so don't call yourself a security professional if you only conduct audits behind a screen, you're far from it.

Some basic technical skills are needed however to understand the concepts of foot printing and finger printing. If a simple ancestry.com search can find your mother's maiden name, your social media profile lists your favorite things, your birthday and your children's name one can probably deduce your credit card PIN, and passwords without having to spend days using a brute force attack. Instead an attacker with this information could use a dictionary type attack giving the program being used clues and phrases that suit a specific target. These are all examples of using OSINT information that is readily available and in Open Sight. For the interest of time I'll now bullet point a list of tools and resources and you can take it from there.


Remember if your attack targets in the right area, is executed properly a simple punch can be deadly. This is the power of OSINT!



*Search Engines and Social Media: Sometimes a simple Google or Facebook search can give you all the information you need to hijack a company mixer and gain further intel.

*The Social Engineering Framework: Provides an outstanding collection of modern concepts and books and is really a one stop shop for all the tools you need.

*Shodan: The Worlds first search engine that lets you find anything connected to the internet. Instead of searching for words or people you can basically search IP tables. This is an amazing resource but be warned you may be tempted by the dark side once you go there.

*Video: The basics of Locking Picking DEFCon 13

*Google Dorking: Inputting Commands into your search to reap its benefits

*Dradis Framework: Provides a centralized repository of info that you can use and share

*Maltego: Focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining.

*Tineye: Reverse Image lookup that crawls the web to find all online locations of an image



We covered a lot in this one article and I know there is a ton of things missing but I hope this can provide you with a starting point and give you an understanding into the power Open Source Intelligence and how it impacts security in all aspects. Feel free to comment or contact me with any questions or if you have something to add.



How to open locks with a Nut-wrench old school technique


                       -SODAGHAR 1/18/16

Hotspot Hotwar

 Most end users keep their Wi-Fi on at all times. With most devices the standard operation is to auto connect, or connect when the request is asked of it. I noticed a strange occurrence in my area; in which there are 8 xfinity hotspots within a block radius. I know COMCAST provides these to their users for the ability to connect when abroad. However seeing more than 2 in a given area seemed odd. Having curiosity I began to investigate. Before I connected I did some footprinting and noticed these 8 seemingly innocent hotspots all shared the same MAC ADDRESSES of only 3 ACCESS POINTS. One of the more odd facts is that two of the three AP's had routers which belong to AT&T. With certain tools I was able to pinpoint with precise detail the location and physical address of said Access Points. These 8 "xfinity" hotspots are all coming from the exact location and sharing the same MAC ADDRESSES of the 3 AP's there in.
  The security risk happens when a device connects. Immediately the device is flooded with packets which hold PAYLOADS linking to APPSFLYER.COM. These payloads are designed to to change the device DNS, backdoor the device and use it as a slave/botnet for PAY PER CLICK and other AD REVENUE AFFILIATE PROGRAMS as shown in this snippet of the payload

00f0  20 42 75 69 6c 64 2f 4a  5a 4f 35 34 4b 29 0d 0a    Build/J ZO54K)..
0100  48 6f 73 74 3a 20 74 72  61 63 6b 2e 61 70 70 73   Host: tr ack.apps
0110  66 6c 79 65 72 2e 63 6f  6d 0d 0a 41 63 63 65 70   flyer.co m..Accep
0120  74 2d 45 6e 63 6f 64 69  6e 67 3a 20 67 7a 69 70   t-Encodi ng: gzip ...


 Further investigations shows of my DEVICE and ANY NETWORK I connected to; after receiving the PAYLOAD, would have it's DNS changed and credentials spoofed to serve the benefit of those generating ad revenue. In the simplest of terms what this means is; if the infected device or network was go to https://ICANN.org the traffic is rerouted and web traffic is then falsely represented generating ad and pay per click revenue for affiliates.

 Additionally the "xfinity" hotspot login page is SSL STRIPPED and a XSRF meaning it is an illusion of the actual site and anyone who enters their login info would have it and all data on the device compromised.
//this is know as Drive by Pharming and confirmed through use of the Metasploit Framework//

These are low level, affiliate, Pay Per Click, Identity Theft Criminals and Script Kiddies at best. Most people with newer, faster devices wouldn't notice payloads being unleashed upon their system. The broadcast strength is so powerful these 8 "xfinity" hotspots stretch for about 1 kilometer so even driving by, having Wi-Fi on within a few seconds you'll have connected, received the payloads and by the time you've gone up the block the signal drops and none the wiser. Even if you take certain basic security measures within system settings there is still risk.

 These routers are sending out ARP and WoL packets that will trick a less secure device into connecting as soon as it enters its sphere of influence. Now, by the time we're home we've ingested megabytes of payloads, trojans and any other types of Malware from operations like this or by any malicious person/s.

These payloads, Cross Site Scripting and SSL exploits reach all the way to the top through allowance and negligence. Corporations, ISPs and even ICANN from a top down approach are all responsible for web crawlers, botnets and fake internet traffic.

 Only through education of threats and being aware of the technology around us we can be more secure in not just our own lives but of those around us.

Summary:
*Keep Wi-Fi off
*Be cautious of any open networks
*Be security minded
*Be Aware

//

Below you will find a link to my google drive which has the full packet captures for you to analyze of this specific event.
PACKET WARS


                                                                                                             -SODAGHAR 11/20/15

Guccifer Arrested




RT: Guccifer, the infamous Romanian hacker who accessed emails of celebrities and top US officials, will be extradited to the United States, after losing a case in his home country’s top court.


Reuters reports that Lehel will come to the US under an 18-month extradition order, following a request made by the US authorities. Details of the extradition have not been made public, however.

Marcel Lehel, a 42-year-old hacker better known by his pseudonym “Guccifer,” achieved notoriety when he released an email with images of paintings by former President George W. Bush, including a self-portrait in a bathtub. He also hacked and published emails from celebrities Leonardo DiCaprio, Steve Martin and Mariel Hemingway.Also released were emails between former Secretary of State Colin Powell and Corina Cretu, a Romanian member of European Parliament, prompting Powell to deny that the two had had an affair.

Perhaps most notably, Lehel was also the first source to uncover Hillary Clinton’s improper use of a private email account while she was Secretary of State, which the FBI is investigating as a potential danger to national security.

In March 2013, the hacker released to RT and several other news outlets the four memos that had been sent to Clinton from her former political adviser Sidney Blumenthal. The memos contain information regarding the September 11, 2012 attacks on the US diplomatic mission in Benghazi, Libya, as well as the January 2013 hostage crisis in In Amenas, Algeria.

Lehel was indicted by the Department of Justice in 2014 on charges of wire fraud, unauthorized access to a protected computer, cyberstalking, aggravated identity theft and obstruction of justice.

In 2014 a Romanian court sentenced to four years in jail for hacking into the accounts of the country’s public figures “with the aim of getting… confidential data” as well as violating his parole. He is serving three years on top of that for other hacking-related offenses. After his extradition to the US, Lehel will return to Romania to serve out his sentences there.

The Romanian national, who goes by the pseudonym “Small Fume” in addition to Guccifer, is an unemployed taxi driver and paint salesman, and he says that he accessed the emails by using social engineering methods that included guessing the answers to security questions to access various accounts.

"I don't oppose. I go there to United States to fight. I know what I did and this is okay with me," Guccifer said in February to The Smoking Gun, where he published many of the documents he found.

Prosecutors have said that Lehel has a “compulsive need to be famous,” according to The Register.

'Anonymous Conservative' Google Bar SQL Exploit

'Anonymous Conservative' has defaced the main page of the Official Iowa Caucus website using a Google Bar SQL Inject Vulnerability within The Google Toolbar Application. The group provides this message...

"The recent endorsement of Donald Trump by Sarah Palin is the final straw for our organization, The Anonymous Conservative. Every good Conservative knows that Sarah Palin is a national embarrassment and she represents everything that is wrong with America. She has failed at everything she has attempted since quitting her office as governor half way through her term. Her Anti-American, Anti-Family, Anti-Common-Sense stances have made her the laughing stock of American politics.
 Yet, even though Donald Trump has himself reached lower than a snake in the grass with his lies about his views on religion, abortion, health care, and Hillary Clinton, he has crawled lower. Trump has already alienated the black vote, the Hispanic vote, and a high enough percentage of the women vote to make it mathematically impossible for the GOP to win with him in 2016, but now he has let the devil back in the door by seeking and accepting the endorsement of Sara Palin.
We the people will not stand in silence. We, THE ANONYMOUS CONSERVATIVE, have hacked and taken over the front page of the Iowa Caucus site in hopes to reveal the truth
."



Now let's get to the fun stuff, the actual coding of the attack...

'http://2016iowacaucus.com/wp-admin/admin-ajax.php'

What the Code Injections are allowing the attacker/s to do is obtain escalated privilege on the front page that will probably be there for some time. The 'firstchild' syntax within the script allows whatever the "Admin" wants to appear first. This is a simple attack and why you should always Mod Sec and Black/White List your servers if you run an organization.

'function proceedWithGoogleBarInject() {
    clearTranslateInjects();
    var e;
    var theBody = document.body;
    if (theBody != null) {
        e = document.createElement("div");
        e.id = "google_translate_element";
        e = document.createElement("script");
        e.innerHTML = "function googleTranslateElementInit(){ new google.translate.TranslateElement({ pageLanguage: '" + translateFrom + "', includedLanguages: '" + translateTo + "' }); }";
        theBody.insertBefore(e, theBody.firstChild);
        e = document.createElement("script");
        e.src = "https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&tl=" + translateTo + "&sl=" + translateFrom + "&hl=" + translateFrom;
        theBody.insertBefore(e, theBody.firstChild)'

Again using another Vulnerability this time it's an exploit within the Microsoft Translator Hub

'function proceedWithMicrosoftInject() {
    clearTranslateInjects();
    var e;
    var theBody = document.body;
    if (theBody != null) {
        e = document.createElement("div");
        e.id = "MicrosoftTranslatorWidget";
        e.style.cssText = "display:none!important;visibility:hidden;";
        theBody.insertBefore(e, theBody.firstChild);
        e = document.createElement("script");
        e.type = "text/javascript";
        e.innerHTML = "setTimeout(function(){{var s=document.createElement('script');s.type='text/javascript';s.charset='UTF-8';s.src=((location && location.href && location.href.indexOf('https') == 0)?'https://ssl.microsofttranslator.com':'http://www.microsofttranslator.com')+'/ajax/v3/WidgetV3.ashx?siteData=ueOIGRSKkd965FeEGM5JtQ**&ctf=True&ui=true&settings=auto&from=';var p=document.getElementsByTagName('head')[0]||document.documentElement;p.insertBefore(s,p.firstChild); }},0);setTimeout(function(){ Microsoft.Translator.Widget.Translate(null,'en');},5000);";
        theBody.insertBefore(e, theBody.firstChild);
        if (didMStranslate) {} else {
            didMStranslate = true




 Never trust that which takes one political choice or ideal over another
                                                                                                            -SODAGHAR 1/25/16