Thursday, December 30, 2010

YOU could be next

Sent in by a favorite cyber-cynic.

if you don't buy our help you will be assassinated zomg look theres a red dot on your forehead get down get to the choppa nau!

Thursday, December 23, 2010

Tuesday, December 21, 2010

Cyber Terrorist

Julian Assange: A threat to US National Security
Vice President Joe Biden, who appeared on NBC’s Meet the Press this Sunday, hinted that the Justice Department was close to its goal but wouldn’t give too many details. Vice President Biden went on to say that Assange was, what he considers, a “cyber terrorist”.
What kind of terror is Julian Assange inflicting? So far it seems like the kind that inspires CYA and a bit of bureaucratic chaos.

2009 Brazilian blackout

Wired has a follow up piece on this story after WikiLeaks leaked cable shed some light on the situation:
The Nov. 10, 2009, blackout came just two days after the CBS News magazine 60 Minutes reported that an earlier outage in the Brazilian state of Espirito Santo in 2007 was the work of hackers. And it came just one day after Threat Level reported that, no, it wasn’t.

Cyberspies have penetrated the U.S. electrical grid

One of my all time favorites from the Wall Street Journal.

"Electricity Grid in U.S. Penetrated By Spies"

Here are some choice quotes:
The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.
 It shouldn't be too hard for them to find and infiltrate generation sites when they're all public knowledge.
The espionage appeared pervasive across the U.S. and doesn't target a particular company or region...
Yes, this sounds like espio^H^H^H^H^Hmalware.
Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies, officials said. Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet.
Worried, but not worried enough to do anything about it? I would hope that some sort of notice took place. I've read enough spy novels to let my imagination run wild and I've seen enough installations to have that imagination brought back to reality. Must be the cynic in me.

Monday, December 20, 2010


Can't resist the latest cyber-weaponry:
Stuxnet's watching you.



I know that many of you are wondering of the relevancy of writing enumeration/validation scripts using the NMAP Scripting Engine (NSE).  The explanation is pretty simple: (1) NMAP is free and is one of the most widely used and recognized port scanning utilities on the friggin' *planet*; (2) NMAP is making attempts to establish itself as a contender within the vulnerability scanning market, something that Nessus and ISS have dominated for several years; I believe in helping the "underdog" in this case; (3) I have met and like the working ethic of Gordon Lyon (aka "Fyodor") - he has a "can do" attitude, isn't arrogant about anything, and is willing to talk to just about anyone who will ask him a question, then answer it reasonably, and fair quickly (within a day); and (4) this community *needs* to get an enumeration capability established -- and soon (if not for finding unknown devices on one's network, at least for a forensics capability).

I can think of some other reasons, but aren't worth mentioning right now.  The fact is, developing NSE enumeration scripts for NMAP is a very good thing, and can be utilized for the benefit of the community.  I realize the downside/negative impact for having such scripts is that they're available for the 'bad guys', but (to me and IMHO) the 'good' outweighs the 'bad'.  ;P

*WE* need your help...

This is a community effort.  And *we* are all part of the great whole/great good that represents the backbone to infrastructures Worldwide, right?  Those of you who have programming backgrounds and capabilities, and can spare a few minutes (er...hours) every month, can help us (that being the SCADASEC community)...develop some decent enumeration and validation scripts utilizing NMAP.

If you are a talented programmer/software engineer/hacker (er..."computer enthusiast"), and know a little bit about C/C++/scripting languages (Perl, Tcl/Tk, Korn shell, Windows Powershell, etc.), and can spare a few minutes (er...hours) every month to a greater cause, in my humble opinion -- YOU are making a difference -- by building a community.  I feel that all of this will be a great help to everyone, esp. since it is *FREE*. heard/read me correctly....*FREE*.  This helps *build* our community and makes it into something quite extraordinary, something that I have gotten to like quite a bit.  This community needs to be protected -- AT ANY AND ALL COST.  Period.  BUT....this cannot be done unless *we* have YOUR support.  Kapeesh (translation: "get the drift")?

There is alot (and I do mean...*ALOT*) of technical talent out there...  ;)

Is there no one who will work with us (not just me) these efforts?

My promise to all of you, this community, and everyone who is reading this email should know what I am about to state: know this much....I will do WHATEVER it takes, HOWEVER it takes, and in WHATEVER means/methods possible, to MAKE this community stand out, shine out, and be THE BEST that it can be to the rest of the security and intelligence communities.  BUT...this means creating customizable NSE scripts that can work with NMAP v5.20 (or later), **AND** remain *FREE* (an edict of both myself and "Fyodor" -- "free love, free information, free help, etc.") to benefit alot of people within this, and other communities (mostly government, and *not* just the U.S., either).


If 'yes', send me an email -- offline/offlist -- to "rsradvan at".  I *cannot* do this daunting task alone (Lord knows that I *will* try, and there of you who know me that I will make myself utterly *sick* in the attempt), and need to start a 'groundswell' of talent, people, and capabilities who are willing, ready, and able to undertake the task of developing AS MANY ENUMERATION SCRIPTS AS POSSIBLE.  We're talking THOUSANDS of differing devices, manufacturers, models, makes, series, et. al.  This is NO SMALL TASK, and the request is unprecedented by anything that I have asked every before on this mailing list.

Please..................think it over.  Email me (offline) if you're interested.

We *NEED* a "cyber army".  Join us.


We need some cyber propaganda

Original here.

We need some cyber propaganda.