Search This Blog

Populære indlæg

Sunday, November 1, 2015

internet and operative system security and anonymity for the paranoid

do you feel someones got to you on your computer? do you suspect a keylogger or some other form of surveillance tool disturbing your privacy?

first you need an installer image of your favourite os. install that and all the apps and tools you need on a usb stick (you can get them with enough capacity today), a sd card or portable harddrive with builtin powersupply (the smaller ones don't take up more space than a package of cigarettes) and always take it with you whereever you go!

the latter is mandatory because if your are under monitoring from some goverment agency they can easily conceal a camera in your home and get your pw's that way. i read that Snowden entered his pw's under the cover of a blanket so it's not that far fetched.

if you live alone like me have several computers and have one of them running multiple services on virtual machines to ensure that some traffic is generated at arbitrary times.

then you need a good vpn. set your router, not the individual machines (physical or virtual) to use that vpn. don't worry! you can always have your prefered workmachine use a proxy so that you get an ip that matches your country.

Saturday, October 17, 2015

email udveksling med rigspolitiet

Politiet nægter at forholde sig til det jeg skriver!

her er en email udveksling jeg har haft med rigspolitiet.

---

Fra: ***** [mailto:******@*******] 
Sendt: 8. oktober 2015 09:28
Til: KOS FP Rigspolitichefens forkontor
Emne: skal vi prøve igen?
 
hejsa
 
i ved godt - ligesom resten af verden - hvad der er blevet gjort mod mig... og hvem der har gjort det.
 
vil i sørge for at det stopper, tak. vil i sørge for at mine ejendele der blev begået hærværk mod under såkaldte hemmelige ransagninger erstattes, tak.
 
til gengæld undlader jeg at føre min plan ud i livet. jeg er ikke psykopat men omvendt er jeg ekstremt træt af smerter, sår og chikanerier. derudover får den Danske stat mulighed for at hyre mig som hoved designer til et statsligt it system. at jeg har tænkt mig at møde op i kvindetøj fremfor et jakkesæt kan umuligt være et problem. det kræver ikke lovændringer eller dispensationer af nogen art.
 
jeg har ikke planer om at begynde at ryge hash - som er det eneste rusmiddel jeg kunne drømme om at indtage frivilligt - igen da jeg med garanti får brug for min hjernes fulde kapacitet til den store opgave vi taler om.
 
jeg kan altid vælge viningedøden i kamp med politistaten hvis det er det i ønsker men er det ikke en latterlig smålig måde at afslutte det her på? valget er jeres... ikke mit!
 
***
***
***
***
 
foretrækker email som kommunikationsform
 
Don't be me. It's too easy 😊

----

Kære Niels-Arne Nørgaard Knudsen
 
Ved e-mail af 8. oktober 2015 har du rettet henvendelse til Rigspolitiet.
 
Rigspolitiet kan ikke ud fra din henvendelse nærmere fastslå, om du ønsker Rigspolitiets bistand og i givet fald til hvad. Rigspolitiet skal derfor anmode dig om at præcisere nærmere, hvis du mener, at der er tale om et forhold, som Rigspolitiet bør behandle.
 
Rigspolitiet kan oplyse, at anmeldelse om formodede strafbare forhold skal indgives til den politikreds, hvor gerningen har fundet sted. Politiet iværksætter efterforskning, når der er rimelig formodning for, at et strafbart forhold, som forfølges af det offentlige, er begået. Det bemærkes, at Rigspolitiet ikke kan optage en anmeldelse eller foretage efterforskning mv. i relation hertil.
 
Du kan få nærmere vejledning om anmeldelse af strafbare forhold på politiets hjemmeside www.politi.dk eller ved henvendelse til dit lokale politi på telefonnummer 114.
 
Med venlig hilsen
 
Morten Nielsen
Politifuldmægtig
 
Rigspolitiet POLITI
 
Direktionssekretariatet
Polititorvet 14
1780 København V
 
----

til Rigspolitiet

jeg er blevet forgiftet og der er blevet begået hærværk på mine ejendele under hemmelige ransagninger.

jeg er overbevist om at det er PET der står bag, blandt andet fordi jeg har genkendt en civil-betjent - en lille nar med overskæg som han for nyligt har farvet sort.

jeg har gentagende gange skrevet de her ting og det er rart at i reagerer. hvis ikke det er en sag for rigspolitiet så ved jeg ikke hvem der skal tage sig af det!

det startede for cirka 2 år siden. jeg drak en tår af en kop kaffe og tog et hiv af en joint, drak lidt mere kaffe og så ramte det værre end lsd og ekstasy tilsammen. det skal lige indskydes at et par dage forinden havde en kammerat og jeg røget af samme klump uden anden effekt end den hash normalt giver.

jeg har yderst smertefulde sår på hænder og fødder og de minder mere om resultatet af krokodil end psoreasis og helvedesild og hvad jeg har hørt sundhedsmyndighederne har prøvet at bilde mig ind. det mest skræmmende er at en kop kaffe eller the med sukker virkede bedre smertestillende end panodil, garbaratio (300 mg) og dolol (50 mg) tilsammen.

jeg er blandt andet også blevet censureret stort alle steder jeg skrev noget i rigtig lang tid (det er ophørt nu) blandt andet fik jeg blokeret en bruger på information.dk for at skrive “at det er med ytringsfrihed som med alle andre frihedsrettigheder - man behøver ikke gøre brug af den”.

derudover har jeg haft en mindre sex-seance med 2 engelske agenter, manden sagde blandt andet “ i used to kill for the british government” og nævnte en episode i nord-irland. jeg svarede igen at jeg havde solgt kokain. senere pussede de en dominatrix (er til bdsm) på mig men hvor tit tror i det sker når jeg står småskæv på Christianshavn St og venter på bussen fuldt omklædt til kvinde at en attraktiv kvinde lægger an på mig? aldrig. sådan foregår det ikke. det er den submissive der kontakter den dominante. derudover vidste hun rigtig meget om mig på trods af hun aldrig havde mødt mig.

ja, jeg var hacker - det stoppede da jeg kom i besiddelse af nogle oplysninger jeg ville ønske at jeg aldrig havde set. den slags oplysninger jeg tvivler på i kender til. det var en livsstil i over 20 år.

jeg ved godt at det lyder paranoidt og med mine diagnoser så ville det være let at fastslå som psykose men jeg kunne altså indlægge mig selv og udskrive mig efterfølgende så det har jeg bevist det ikke er. jeg stoppede med hash for jeg vil gerne kunne mærke når bliver påvirket.

hvis det ikke er PET er det formentlig ghcq der stadig jagter mig fordi jeg har været involveret med Anonymous hvilket stoppede da de to englændere havde fat i mig. jeg har også været ude for at 2 Danske betjente stod i vejen da jeg var nede at hente mad på det nærmeste pizzaria så i kender udemærket til mig.

jeg har nogle dokumenter og noget video men jeg er ikke så dum at jeg sender det eller overhovedet kan komme i nærheden af det. der er nogen der holder øje med mig og sker der mig noget bliver det offentliggjort. det ligger skjult på darkweb. jeg kan faktisk kun offentliggøre det selv ved at komme galt afsted.

jeg kræver ikke at nogen bliver straffet jeg kræver bare at det er slut med at forgifte mig for jeg er træt af sår, smerter og chikane. det er det jeg mener når jeg skriver at det her skal stoppes.

hilsen

Niels-Arne Nørgaard Knudsen

---

Kære Niels-Arne Nørgaard Knudsen
 
Ved e-mail af 12. oktober 2015 har du rettet henvendelse til Rigspolitiet..
 
Rigspolitiet skal henholde sig til tidligere svar af d. 12. oktober 2015, hvori du blev oplyst, at anmeldelse af formodede strafbare forhold skal indgives til den politikreds, hvor gerningen har fundet sted. Politiet iværksætter efterforskning, når der er rimelig formodning for, at et strafbart forhold, som forfølges af det offentlige, er begået. Det bemærkes, at Rigspolitiet ikke kan optage en anmeldelse eller foretage efterforskning mv. i relation hertil.
 
Rigspolitiet har noteret sig det du har anført i din e-mail og takker for din interesse.
 
 
 
Med venlig hilsen
 
Morten Nielsen
Politifuldmægtig
 
Rigspolitiet POLITI
 
Direktionssekretariatet
Polititorvet 14
1780 København V

Tuesday, September 29, 2015

message to the dumb bastards in the goat fucker caliphat

do you really think i fall for something that naive? do you think i'm that desperate? come on! a mildly anatchistic middleaged british woman (could be interrested) dressing up like a fuckin' jawa from Star Wars!

i'm a tranny! i'm a guy who occationally dress up as a woman! and i like it! you throw people like me out from high places.

i may not be happy with the way things are done where i live now but at least i have the freedom to say and the opputunity to change things... to some extent.

did you really think i would participate in taking your hackers to the next level... even cyberwar?

do you think you will recruit any decent hacker by using an 80'ties punk rocker - that never were that good in the first place - as a posterwoman. i think you are getting desperate - really desperate. you want cyberwar... i'll fuckin' give it to you. try to get a network up and running. you will be found. you will be eradicated with digital fire.

you want my tactics? my skills? you ain't seen nothing yet. maybe i should offer my services to the nato cyber command and fuck you over bigtime. the Russians don't need my help in doing this.

this is what i propose take control of daesh accounts on social media and spam their followers with messages like:
- we're having great fun. bombs are dropping like rain and we're getting mutilated.
- you really die of smoking in our caliphate.
- i'm an old hag and the men would rather fuck a goat than me.
- my freedom is limited. can only walk the streets accompanied by my husband who is dead.

you get the picture.

fuck daesh and their medieval caliphate.

'nuff said, cheers

Helene

Tuesday, September 15, 2015

cyberunit - building an effective one

these are my thoughts (so far) on how to create an effective cyber-unit or hacker group:

*****************
*** cyberunit ***
*****************

authorities versus specialists
==============================

an authority has expert level knowledge on a specific topic, this can be but not limited to php, mysql, zap and so on.
a specialist is able to utilize any technique as a weapon (ie. for military use)

the authority-people handles long term strategy whereas the specialist people takes care of the tactical situations that may arise. 

overview of the unit
====================

to know who is best suited to a specific task record information on who has most knowledge of different areas, like php, zap, shell-scripts, etc.
who has the best skills (ie hands-on) with specific software.
what area would the member best like to strengthen and what agitates them doing.

tactical layer
==============

handles mission planning since this is recon, attack, recon, attack and so on they decide best path to cut down time consumed on decision making.

strategic layer
===============

handles long term campaigns, choosing overall targets and choosing which areas - new techniques, example - internal knowledge that should receive focus.

wolfpack tactic
===============

this should make the basis for an unit that employs wolfpack tactics. it is so easy (with shared info on shared "hack"-servers) to add new personnel to an ongoing mission. and since everyone is making their own decisions within mission paramaters this is a very effeective method of organization. furthermore one can always re-assign unit members so that the strongest unit is presented for each "project".
every single member of the wolfpack knows the other members strengths and weaknesses. this tactic utilizes the way wolfpacks hunt.

shark tactic
============

get the target to focus attention on a single point and then attack (more or less) at random imitating a group of sharks floating by and each ripping a piece out of the target.

burst-fire hacking
==================

using the terminal can be tedious (you have to type a lot) so use scripts, aliases, functions and environment variables. also use tabs to seperate different tasks. it's easier to remember TARGET_IP_PRIMARY and TARGET_IP_SECONDARY than which ip is which target.

tools of the trade
==================

the computer is the gun and software the little pieces of ammunition you load it with. the os is more like a toolbox. a "hack"-server is a good idea to have running. it runs the software utilized by the unit and one connects to the servers and use port#'s to select the piece of program used.

old school techniques
=====================

you don't need a classy piece of software to send an email from everyone to everyone (you need access to the targets inbox to read any reply) just a smtp-gate and telnet.

it is paramount that info on techniques and related knowledge is shared widely and freely within the group to make everyone stronger.

my drone design

drone project
-------------

*** builtin automated attack plan creation. this tool can be used on all or one drone. the computer calculates an attack plan that can be used, changed or whatever. yes, i can deliver. i would not call this artificial intelligence since it is not.

compact. small.

that can be used multiple aircraft types, such as: glider (silent) helicopter. propeller. you can also make a flat sturdy tracked vehicle to "sneak" into, turn off the engine and wait. an exotic version could be a drone based on insects that can climb.

sense: area microphone (omni)
orientation-specific (can be remotely controlled)
dirverse cameras

all information is sent to the central office

own physical network

drone's network acts as a server so that the drone does not contain information that can be traced back to the panel.

joint control

opportunity to alrmere operator in the case of sound (eg. broken branch hit, run) or a sudden flash of light and the like. could be combined with something that detect temperature differences

Manual control: arrow makes speed up desired direction changed, keep the left mouse button and moving the mouse in the direction you want. the maneuvers which could roll right button is used

Swarm mode: a group of drones assigned to a control-drone controlled by the operator. this could be selected with ctrl + s

formation mode: the operator can choose between # preset formations or design your own. These could be: line, sawtooth, triangle, square, etc. you could use ctrl + f to select formation

patrol / recon mode: using ctrl + p, and then select the waypoint you want patrolled. Double-clicking a waypoint produces a small menu where you can enter blah gps coordinate more accurately

one could imagine an auto-swarm mode where you select the x drones and select an area on a map and they will find themselves out of the patrol or whatever you want.

overview where the drone position shown on the map or seen from the nose. in the overview could possibly show a satellite map below. otherwise a virtual card is used. can you combine the two you can mark points. with a common controller every operator can see the interassante points.

what I'm trying to point out the key combinations is a pattern. ctrl = change drones fly fashion. everything could be used for automated tasks. it's just examples.

use screens with a good solution. HD is probably the best choice price / resolution. but ultra-HD on a big screen would give better opportunities in terms of visibility.

To get started quickly with automation could be looking at the "RoboCup Soccer Simulator". a game where you have to programere a team of robots to play soccer. it is very similar to the programming to be used to get a group of drones to attack a common goal. even very similar.

** Rekusive algorithms to distribute the "squares"

I aim at is to make a liquid development. that can be built in layers.

you can connect conventional units on. just by putting a tablet in a tank, staff can access the information the drones will. directly from the control panel.

in the longer term, the system is seen as a military overview of the battlefield.

I in no way intended to make it look like a computer game. I have used the game to inspire the user interface.

I am opposed to arm a partially self-governing structure, since I think that there are too many uncertainties associated with the technology now. but a drone capture a sound and turning a microphone toward the sound, it can also measure the distance with a laser. it can put a laser dot can send a projectile or Missile afterwards.

but at that point I feel that I have it when I've helped people start hacking. I am not in favor of "use it only for the good." it is people's own knowledge and they decide what they will do with it.

drone-project
=============

the system is comprised of several components:

- a central controller

- plug'n'play drones

- simplicity in use and design

- total control for the human operator

- each drone is optimized specifically to the task it performs

- intuitive gui

- swarm-based (the drones help each other)

- shared memory

- open source

- quality (example 4k resolution)

- first time a drone is initialized it must be done with a cable to pair controller/drone

military version only:

- closed circuit (includes own radar system)

- prgrammable attack plans

- the militairy initialization process is done from scratch upon system restart

usage examples:

the design philosofi of custom building each drone to the specific task is borrowed from every day tools for instance you don't use a hammer on a screw. you could be inclined to on a screw ball but that's not the subject for today. that's drones.

and the operator knows what action the drone performs when he holds down that button and he can see exactly what he hits. no computer overrule the human operators decicion. it just makes it easy for him to terminate his target.

when a drone is activated it appears on every central it is allowed to appaer on. the military version do not have this feature instead you use a cable and when the drone becomes online it is automatically added to the central where any operator can take control of it. once controlled the drone disappear from the shared pool.

the central of the military version makes sure drones do not get out of reach. since the system uses shared memory a drone that comes out of range the central orders the drone back in range.

you don't order the drone to attack by firing its weapon. you allow it to execute its program. so you hold down the "trigger" and the drone attack the targets it is allowed to attack (this is achieved with a tagging system) and if the operator wishes to call of the attack he just releases the attack/action controller

the drone-system is not able to make its own decisions pertaining target-selection and decision to terminate.

the civilian controller is a merely piece of software running on a server and connecting using wi-fi.

take a hospital. with this system the cleaning drones (comprised of several drones) work together to clean faster and better. the operator plots in a course that is in sync with the daily routine so the cleaning doesn't interfere with the the coming and goings of that particular day. he starts by doing a check round and plots the areas he wants cleaned on a tablet. then he send in the drones. first the vacuum cleaner and when the operator is satisfied with the task he sends the drone further on. and when it has turned around the corner he can start the floor-washing drone. a polishing drone.

take a football field. you can set the lawn-mover drone to patrol the football field ie cut the grass and when it's done you send in a paint drone that has the exact measurements and layout of the field.


Some examples (and i have more):

weapon system "gungner"
=======================

crew: 6

a commander oversseing the overview-drone
one scout using the recon-drone
4 pilots each using 2 - 4 fighter-drones

it gives you an air-defence comprised of 8 - 16 fighters with only 6 men

off course you need someone to change the batteries, fuel and ammo but with such a system where you just put in a new tank is pretty agile

overview-drone (hugin)
----------------------
elecgtrical engine
high altitude
sensors: high resolution, good for movement and light
it doubles as a real-time overview of the battle-field and as a forward transmitter system

recon-drone (munin)
-------------------
stealth
both jet and electrically fueled
omni-microphones top and buttom and 1 directional mic in the nose. all send a 3d spatial audio signal. when the drone is put into action-mode or attack-mode, whichever is prefferably - it automatically changes from jet to electrical engine system. deactivating automatically puts you back on jet power
sensors: micropohones (omni and directional), high resolution, good for movement and light
fast there, silent in, silent out, fast back

fighter-drone (fenris)
----------------------
laser-guided (when a laser is locked on a target it is followed)
1 or 2 jet-engines (i aim for someting between mach 7 and 8)
1 single gun with a very high firerate would be optimal. range 500 - 800 meters
speed is more important than fuel economy

weapon system "valkyrie"
========================

crew: 6

a commander oversseing the overview-drone
one scout using the recon-drone
1 with 3 artillery/mortar-drones (medium range is important)
1 with 2 tank-drones
1 with a gunship drone
1 with an armored peronel carrier (you could call this the behemoth of trojan horses)

the system has 3 primary functions. the first is to secure wounded personel. get suplies through a blockade.
the last is the ability to enter any place on land with a group of troops enjoying "safe" transport. you could secure a group of hostages being held by pirates. a terrorist leader.

mandskabsvogn-drone "mjølner"
-----------------------------
one heavily armored APV where it is more or less only vulnerable through the bottom. mainly because of the belts. maybe a hydralic suspension could make it possible to perform life-or-death surgery? it should make it more pleasant to travel in
inertnally it only has some screens showing whats around. top, bottom and all 4 sides (the system can always get the information from the overview-drone). and 2 buttoms. 1 for the lights and 1 for the door.

tank-drone "tyr"
---------------------
strong armor and good coverage
fast shooting auto loading cannon
the size is dependant on how powerfull an engine is required for a acceptable speed

artillery-drone "odin"
----------------------
thick armor is not a priority. it is used to lay down suppressing fire when you withdraw the APV
it must be able to move and fire continously

gunship-drone "thor"
-----------------------
small, compact, manaurable
2 rocket launchers

And some programming examles:

subrutine Attack( target ) {
  if( target_is_tagged( target ) ) {
    if( can_hit( target ) }
      all_guns_blazing();
    }
  } else {
    new_vector = get_shortest_line( target );
    set_vector( new_vector );
  }
}

subrutine Autopilot( waypoint[] ) {
  waypoint.current = 1;
  with( waypoint[] ) {
    if( current_position == waypoint[waypoint.current] )
    waypoint.current++;
    if( waypoint.counter >= waypoint.current ) {
      waypoint.current = 1;
    }
  }
}

subrutine Patrol( waypoint[] ) {
  loop until( key_pressed( ESCAPE ) ) {
    Autopilot( waypoint[] );
  }
}

subrutine find_closest_target( targets[] ) {
  targets.current = 1;
  closest_target = targets[].current();
  with( targets[] ) {
    target_distance = get_shortest_line( targets[targets.current] );
   
  }
}

subrutine activate() {
  if( landing_gear() == down ) {
    take_off();
  }

  landing_gear = up;
}

subrutine deactivate() {
  if( landing_gear() == down ) {
    land();
  }
}

subrutine Action() {
  if( action == attack ) {
    Attack();
  }
  if( action == pursue ) {
    weapon_status = gun.safety;
    gun.safety = on;
    Attack();
    gun.safety = weapon_status;
  }
}

for example one drone could be designated "squad leader" and the orther drones under the operators control keeps formation. this is swarm or group mode. if precision is required the operator enters the drone-shell and execute "goto(longitude,lattitude,altitude)" and the drones figure out how to get to the desired gps coordinate. in formation if that is selected. but each drone can run its own script if desired. this is also why each operator is limited to four drones each. otherwise i think you'd loose some overview - ie control - and won't be able to exploit the versatility of the system. also on the big or status screen 4 drones showing what they see and info relates to flight like speed and so on will clutter the display. remember simplicity is a virtue. 

to program you use the enter command instead of execute. this allows for some very flexible maneuvers on the tactical level.

the system is fully oo. every part of the drone is an object knowing about itself and nothing else. the controller just reads/stores info and invokes methods on these obects. be it a camera, a gun or just the landing gear. 

i wasn't specific enough: that's how the operator programs the drones. not the droneOS itself.

to make it work i'd have to create or learn a real world physics environment and i'm too lazy to do that when reality's already done that for me. 

the display - off course - adapts to the type of drone it controls. so that a recon drone has another setup than a squad of fighter drones. 

Thursday, May 28, 2015

Using math to defeat computing power and breaking of encryption

What if instead of a password we use a formula. If we take a fractal formula there are so many deviations that the number alone is staggering. Add a set of coordinates and it should be quite effecient.

This makes it possible for two layers of security. One where you can share a picture holding the public key and a private containing formula and coordinates using to create that image. You can search for a long time for something that can generate the exact same. you will get a lot of false possitives - something that looks exactly but no cigar.

Friday, February 27, 2015

hivemind

How the internet was born. Chaos at work. Man’s first God was fire. But it was not enough that our tribe had fire. No, we had to take our neighbors fire too or destroy it. Seriously. Haven’t we evolved past that. I mean 150.000 years have passed and it’s just the same.

How it escaped from the nerds to the masses. When the Amiga came anybody could get that arcade feeling at home. When the internet became widely available an explosion hit our world. One that will echo through history. A global communications and information network was born. Now it’s a vast ever growing, ever changing virtual entity comprised of all human knowledge.

How we all created it. Everyone laid their bricks or brick. No matter the size of the contribution it still enriched the world wide web. And the internet is fueled by information flowing freely.

A very vice man once said: “Information wants to be free!”

Today I shout: “Information must be free!”

It solves problems. Not just communication or distribution of media. But truth – dictators do have a harder time manipulating and controlling people. Excessive monitoring is a problem though. We get to that later.

“In a world where information is the most priced possession any hacker is a god.” No. Not quite. Some are, but most are just a damned inconvenience.
Good or evil – a matter of conviction. Terrorists, fascists, hackers, criminals, freedoms fighters, cyber-soldiers. Just our world reaching out to the internet. Who cares about kilobytes in a terra-byte world? Anybody with a keen eye. Do not fear those motivated by money. They rip your account and they’re done. The dangerous ones are those that are driven. Idealists. Crusaders. A good hacker is someone who creates a tool for the specific job or modify existing tools to solve the mystery in sight. That, and simplicity in design. Last but most important: “Use the source, g33k” Anyway. A hacker is traditionally perceived as someone who has an urge to learn everything there is to learn about computer-networks. Some may be. I don’t know. Me, I’m not. I am an uncompromising  manipulating predator relying on stealth and deception. I do it, well, because I can. And it’s about the only thing I’m really good at. And I’m not super good at that either. I just love to create chaos and disorder. Disassemble the walls of society. Stick it to the world.

Piracy. The end of entertainment. No. There has been piracy from the second it was possible to duplicate someone else work. The tape recorder did not become the death of musicians or record companies. The VCR did not bring the fall of Hollywood. When tv became widely available doom prophets claimed it would kill the radio. Apparently it didn’t. But in reality if I take my acoustic guitar and start jamming in public. I’m just rockin’ out hard with “Hell bent for leather”. But if I did not get a written permission to do so I have become a criminal. Piracy do harm the industry but it has always been there. I have become more of a customer over the years due to better income and not always being at the front row of a concert. And I can download right now. Today I usually check out an “internet edition” and the ones I keep I mostly end up buying. Movies, I have a lot. But most of my collection are series from the 80’es and 90’es. And all the new ones I have seen in a cinema. And there is only one way to download most of what I like. Last one downloaded was “Shogun” from 1980. Last “larger” expense was “Diablo 3”. What a rip-off! Blizzard, that was not nice. But to be fair, I did wait from like 2007 for this game so no matter what it could not meet my expectations. Actually. All the things I have done in my life, the things in which I take great pride were never my own. I did not invent a single thing. I merely adapted others work to fit my world. But I did create an alternative. I broadened our world in a very small manner. And I think that that is humans defining attribute. That ability has lead us to this very moment. And it will long after we are gone and all this is but nothing in eternity. Why monopolize it?

If patents had been around when the first shovel came to existence 1 person would sit in a hole protecting the tool and anybody else would look for the functionality of a shovel just as long as it doesn’t appear to be one.

Social media. the newest product? But if we think we are the customer we are wrong. We produce the product. All those intimate details we share, that is the product. You can’t force someone to shut up and you can’t force someone to listen. But that, we all share. That’s the true value of the internet. Here we meet as equals because we meet on the same basis. Same opportunities. It’s quite simple. We deserve equal rights and opportunities. But we are not equal as in a mathematical equation. Some are strong. Some are not. Some are smart. Some are not. Some are hot. Some are not. Some are women. Some are not. Some are men. Some are not. We are not the same. We just have similar designs. We are like a trillion different versions of the same old buggy code.

Innovation? If the only new thing about it is in the form of we haven’t seen you in that dress before, then, who cares. If it has no real value but that of being only for a select few why even care. Does it concern me. No. It does not! So why the fuck do I have to read about it in adds? And they can bill me for my dreams.

Networking. The next big religion. Well. I know God or any God is not in the computer. But the teachings of any religion is very much present on the internet. People connect, share across borders, politics, religion, sex. Here we find understanding, tolerance and acceptance. Groups show you that you are not alone. You are not the only one struck by a terrible curse or having brilliant ideas. You are just a human. No more no less. We perceive the world through the internet. I prefer the written word. I like to construct sentences and see meaning come to life. Also because I have ADHD I can be pretty fired-up about something and that kills the meaning of what I want to say. It’s like counting the bullets from a stuck Gatling-gun.

Commercialization. Assimilation is not integration. Why do we choose the internet over tv as entertainment? Because it is real? Until money becomes the issue? Will it suffer the same fate as cinema, radio, tv? Ending up another pass-time experience? No it won’t. The underground is present on the internet and will always be so. It’s all about alternatives and if you are the only option it’s not really freedom of choice, is it? There will always be some tech-anarchist saying: we don’t want to be a part of that. And some of these people would rather give away their most brilliant ideas for free to benefit the masses. Not just some corporate board members pockets. But these people won’t run adds on prime time tv. You have to look for it. There’s freedom of choice for you. Free means it’s there. It’s available. It’s just not something you’ll find in stores. All human information is there. And it should be. And it should be widely available.

Excessive monitoring and logging. The death of the internet? No, I do not believe that. There will always be ways to hide your identity and traffic. I don’t think we should worry about all that information the governments and intelligence services of the world has stored and analysed. At least we shouldn’t fear what it could be abused for. Science fiction does that job very well. We should worry what it is actually used for. Because every time the subject comes up those with knowledge of what is happening say: “I can’t go into that.” Or they simply say nothing. I think it’s funny that when someone mentions the idea of investigating, say the financial sector, the medical sector, whatever, these sectors always come back with an answer saying we’ve already looked into it, there’s nothing to raise an eyebrow over. But when the talk falls on vpns, encryption, darknets, the like my defense is mandatory all of a sudden. And I say: yeah, I use encrypted connections. I even try to push my non-geekie friends to at least encrypt their mails and use a proxy when getting not-supposed-to-be-free stuff. So, yeah. It’s only the true innocent who doesn’t have a problem with somebody looking over their shoulder. Innocence is something we grow out off. Sadly.

CyberWar? Well. We do know a lot about methods, strategies, software because this is a very public war. We are all wired into the battlefield. We see the results all over the world. Only one way not to get fucked hard in the a-hole: be open of your methods and tools. Don’t reveal specific details. But always bare in mind that everything that must not get out in the open always end up being out in the open and then it is just to late to deny or cover it up. Damage done. Your opponent dealt you a devastating blow. In reality CyberWar is won or lost by the support of your people. When you loose your way and start thinking inwards for protection your own people become the enemy and then you have lost all. But really: This is one of those things I personally think should be considered one of life’s great lessons: “If it’s on a computer, eventually, it will get loose.” You want privacy and safety? Two words “Go offline”. But with the public very much aware the pursuit of pre-empetive retaliation is not worth the thinking. As stated earlier it’s a public war. And if you are righteous – on the side of good – you must put great distance between you and your foe. You can’t say we are the good guys and then do something far worse than your opponent. Lie! Deny your people the truth. Feed them shit that keep them aggravated against some unseen force. If you become the very same thing you wowed to destroy you have lost. Personally I would love to go back to ancient times in questions of war. When armies met on some distant battlefield. When generals lead the battle on the field. Then politicians could have their profitable wars. And those who would could seek out honor and fame. And the rest of us would just have peace.

Threats lurking: big data – and by big we are talking beyond comprehension, we’re talking more drives than I can fit in my shoe closet. Backup is not possible for these systems. The amounts of data are too large. The complexity to vast. And there is not a source-tree that get you back all that data stockpiling over the years. And data is money. I mean erasing it would accomplish nothing more than aggravating ones peers. But to manipulate it that is the key. Example: I don’t like my bank. I write a virus (actually a dbms-trigger) that alters updates in the database so that at a glance everything checks out but when the annual books are reviewed all hell is loose. Not good for a bank to deliver the annual report with notes. It could be a good tactic to annoy intelligence services data retention too. Poison13 would be a good name, I think.

cloud-computing: all your personal info in the hands of a private cut-throat corp. nice. i don't mind that some company knows what i'm buying for dinner because i use an reminder on a cell. but when they start to harvest that data to sell to add-companies to spam me i think it's too much.

Always near. With tablets killing off the remnants of the old way of thinking computers you have your board with you. When you get home it connects to your wireless keyboard, tv or tvs, stereo or whatever. I don’t know about you but I can’t wait! Wireless audio and no fans or static chip-noise to make the slightest impact on the sound… Not that I would actually be able to hear it since I mostly play Metal on a Marshall 100w tube-amp on 11.

But how did it all start for me? Well, it started when I fell in love with computer games. I had this urge to cheat so I learned assembler, debuggers. My first steps as a hacker was taken.

But I think that future generations will see themselves as inhabitants of a planet due the nature of the Internet. I think world-parties will arise. It already have with “Pirate Party”. Maybe one day we will begin to see ourselves as unique individuals in a collective with our slogan being:

one planet
one world
one people

“Don’t explain the logic. Share the dream, your vision. Let me discover it’s wisdom on my own. That’s where the magic’s at. In comparison, the rest is merely tedious details.”

I got the inspiration for this book partly by the media sector’s – lead by record- and movie- companies – relentless efforts to control how we use media. Also Al-Jazeera’s “Controlling the web” gave some inspiration. So did videos and tweets posted by individuals and groups. They be commentators for tech magazines. They be hacktivists.

I won’t make any links or references to anything. If you disagree or don’t believe me look it up yourself. Don’t rely on my word or my sources. Find your own. That is what the Internet is there for.

This is not a hint. This is an open comment on the affairs of the world today. It is my way of saying that I am tired of politicians caring more for corporate profit than the rights of the people they serve.

Any actual or insinuated name references or reference to any one person, group of persons or any brand is purely intentional and deliberate. so if you don’t like me calling you greedy, self-righteous (like me), ignorant, whining (again like me) or arrogant…  Well, we are. And we’re dicks!

If this pisses you off write a book. I did…

*** and by "book" i mean a written text larger than one page :-)

Saturday, January 3, 2015

a bit about hacking

INTELLIGENCE GATHERING

how find info without someone monitoring my connection getting suspicious

find fast new https proxy (any other proxy is not encrypted)

start a huge torrent dl. use a lot of connections. dl’ing a complete linux distro with sources should give you the time needed.
and then “clean” your log-files. your isp have logs of your connections and the amount of data transferred even if using encrypted lines.

bounce scans through same proxy

isp will see a lot of encrypted traffic but nothing that can be identified


FOOL SOMEONE SCANNING / ATTACKING ME

setup router to vm

multiple vm's and change between them… confuse

xp + apache + ms sql
red hat + tomcat + oracle
7 + iis + access
freebsd + apache + mysql +ftpd

A proven effective tactic is to say a lot of shit so when I do spill it nobody gives a shit. Everybody will say: "Oh! More shit from him. He can't be trusted." But hard evidence always prevail.

MAKE IT HARDER - CHAINED PROXY'ING

Normally chained proxy'ing would require some form of influence on the proxy server's configuration.

This is more like chained proxy'ing lite. But everyone looking will follow the proxy then the vpn and then they realise they wasted their time.

VPN, then tunnel an encrypted free / public proxy through it

always use a proxy for backup if vpn goes offline real ip is exposed. socks5 for speed https for privacy
*** SOLVED: dns dropped when vpn goes offline. traffic halted

******* GOOD PRACTICES

NEVER EVER USE CELL FOR THIS SHIT

IF TIME IS NOT IMPORTANT: REMOVE PARTITIONS ON OLD HDD AND MAKE NEW ONES, BUT MAKE IT ENCRYPTED. THE INITIAL ENCRYPTION SETUP
ON THE HDD WILL OVERWRITE EVERYTHING ON THE DISK. HATE WASTING A DRIVE :-)

do not store key-files (gpg etc) in keychains. install’em when needed and remove when done. at least if you are involved in
something you weren’t suppose to be doing but in fact is the right thing to do.

REMOVE ALL INFORMATION FROM PROXY SETUP ETC. IF I’M CAUGHT THEY STILL HAVE TO PROVE ME GUILTY

primary rule of engagement: be prepared. be scared

always have more than one connection available. not from the same isp but from different ones

a good practice could be to make bogus posts on known hacker boards. if you can get identified hackers to say “nice one but do you actually code?” the feds will most likely label you a wannabe hacker hang-around. the important thing is that they do not see you as a threat. even though top100 could be sweet it is the downfall of any good hacker

using standard language files to hide shell-code on a webserver

this one is so hard. avoid temptations of provocations. especially against intelligence services. after all they are primary threat unless you fuck with organized crime syndicates as they will kill you if they find you or worse force to work for them. no matter you’re screwed

watch public channels of known hacker groups. when they prepare for attack so do i. intelligence services will have their attention on ex. anonymous not me.

if contact is needed create a very temporary email address like “sdhgfjksahgfiuq2ye43” or similar and delete when your done. delete every mail in every box. empty trash. THEN delete the account. in fact always use a newly-created account for anything.

when done kill all log,tmp,swap as possible to give away no intel

if suspecting a keylogger active use history ( !x | grep), scripts, other automation methods

also to avoid logs. maybe read-only guest access with all shit on a ramdrive in system memory

*** MUST TRY

use squid to branch out connections. proxifier for mac works great at this

example:
firefox through vpn just to check target
terminal through i2p as httpproxy
nessus through tor as socks5
safari through zap

**
** tried. works. just dandy :-)
**

this should conceal not only my identity but also my true numbers since log files will show that the attack had been coordinated and happened simultaneously from multiple locations…
BURST-FIRE HACKING RULES :-)

*** END MT ***

maybe timer-based scripts to ensure deletion of files with possible intel of me i.e. log-files


*** CREDIT CARDS ***

have one card in one bank used for payments, internet buy, etc
have your regular accounts in another bank. transfer money when needed
that way even if your “public” card is exposed no harm they get a few dimes. fuck’em

*** END CREDIT CARDS ***



*** encrypted drives ***

i use it. internal and external. why make 2 different choices?

mental note: passware claims they can decrypt any computer. well. yes if it has not been shut down.
and apparently they have some difficulties with their facts. i perceive it as this:
they can do a memory extraction (from system memory through firewire or by attacking the swapfile) but their
example only allows for 3 or 4 gb extractions. and there are some problems with the file being to large
for good old win(32-bit). 64-bit shouldn’t have this problem.
but i have 16 gb of memory in my macbook pro 17” (late 2011) and virtually no swap-file (it’s always 0 mb out of 64 mb).
the swapfile is the one thing on my computer not armored with mathemagics.
the reason why i leave it unencrypted is that - i think, i hope, i pray - that the os won’t store “sensitive” info in the swapfile. it always take a few mb’s when it’s encrypted. i haven’t got any real proof but it’s a nice illusion.

but other intel points out that you are damn stupid if you crack your cell.
it opens up pandora’s shit-box of retrieving plist files with unencrypted pw’s. nice one

so in fact they can’t do shit as long as one remember to shut down when the computer is not in use.

also my cpu has aes-ni from intel which does the encrypting/decrypting virtually without memory lookups. off course the file has to be read from somewhere (the recovery partition). but tapping into memory is not as easy as tapping someones wifi.

and people pay these idiots? extract and decrypt my hairy tits .|..

ps: why pay $1000 for a piece of crap when the best in russian cyber-tech goes at half the price?

*** end encrypted devices ***



*** encryption keys ***

never send public keys using the email address they are linked to
gives your mail supplier an easy way to peep
and we all know how well the justice system works especially with “secret” judges

*** end encryption keys ***



connection rules
use random selection of vpn-servers. choose proxies per case.
setup laptop -> i2p/tor/ka+- -> vpn (use vpn proxy settings) and use 2 different ciphers
setup attack/fuzz/dynamic proxy -> tor/ka+/i2p (vpn is tunnel over these)
setup system proxies to desired attack-proxy
anon-net takes over when vpn ends. should take care of the honeypot issue
this way anon-net knows not your vpn and vice versa. should make it near impossible to trace me. up yours, loggers!
also if using a proxy for the vpn your vpn provider will not know your true ip

also it is vice to have vpn not restore original network settings (dns etc) so that connection is rendered utterly useless if vpn fails. nothing out. nothing in. this is to ensure that non-encrypted traffic never leaves the computer.

if having that feeling when "doing what you have to do to do be able to do what you do" better pull the internet cable. never use connects using wifi or bluetooth.
it is much faster to pull the connecting cable (incl 3g/4g usb dongles) than to log out and shutdown everything.

always have a powerful (mine is 750kv) stun gun to ensure data extraction will not be easy. zap all devices. tablets, cells, drives, laptops, modems, everything… oh yeah, always use fresh batteries

check what ip is broadcasted from web and terminal. "curl http://checkip.dyndns.org" or "curl http://showip.net | grep check_ip". and for the sheer provocation "whois pet.dk". the only usable information you get is your own public ip so who is pet? you :-)

always disable and delete logfiles on target. give them as little intel as possible

when communicate always use only small letters with no classic hacker 1337-shit like "h4ck" and never overuse any punctuation ("" ok) smileys -== ..|, -\|/-

furthermore to hide my true nationality use machine translations

never name names always name systems or sector. but again, if it increases success rate do it as in the ad’s

password policy is make them hard to remember to ensure that they are forgotten once in a while so that a new one is mandatory. just press “forgot password” every other day. hacking mail accounts is so damn easy for those pursuing that fine art.

one other thing: use scripts, functions and aliases to speed up.

less unsafe network

safe servers network
********************

*** edit: “safe” implies “less unsafe” ***

every desktop machine has exactly the same software (even if not used by the user) in the same versions. cuts down 2nd-line support. and if a problem is solved on one machine it is solved on them all. example: an exploit becomes known. fix it one place and it’s fixed all over. also makes adding new machines easy as 1-2-go

two “dead-man-switches”
1. cuts connection to the grid (kills routers). this way key-loggers etc don’t call home
2. cuts bridges to server farm. if a virus is loos on the intra protect the servers. data is vital. not desktops.

this cannot be emphasized enough: there are no automatics on a secure network. none! it's always a good idea to lookup problems before installing an update.

servers who needs to be accessible from outside should be isolated on their own connection. this means that all machines on the inside of the network (lan) will have their own connection. so, at least 2 connections are required. this is a public/private seperation. it may seem like overkill but it allows that the router (internet access point) on the private part can have it's dmz redirect inbound traffic to a non-existing ip. administration on the public part is done through 22h ot a webbased interface.

no wi-fi allowed. no equip leaves building. none gets in (people must lock their cells in).
these will very soon be the really big exploit in the very near future (it’s already happening) and the potential for a major fuck-up is ludicrous

each server-function is located on ONE server each (i.e. web on one, maybe 4 * 1 dbms).
only mandatory ports are open on each firewall. if a machine does not need to do dns-lookups udp/tcp53/993 etc is sealed. also fw’s should be in stealth mode not answering icmp request.
if an extra measure is required use different versions of the software. every software has holes. but every version has different holes. no vm’s. if the vm is compromised, the host and every vm on it is compromised too.

a public server should be made completely cut-off from the real intra. all adm, updates, etc should be made through the internet. any public facing server is a drop of guard that is not needed. it will be hacked. a web-server alone is paramount to be compromised. add an underlying dbms and all bets are off. there is none. also it could be useful for data gathering of just how clever these little sob’s have gotten. kids are getting smart these days. just for the lulz

a multi-line internet connection would be nice too. the more ip’s the merrier. it still has to go through one tiny hole to get in or out

oh yeah. a couple of 3g/4g connections would be apt to have in store in case of a full-scale breach. why cut totally off. cunning panic is not panic. merely vigilance

** edit ***

it is impossible to uphold a directive that nothing comes in contact with the outside world. any device that has left the building - unlike Elvis who’s still ghosting around somewhere - that device becomes contaminated. before going in and back out it must be cleansed. that means that any documents stored locally will not enter servers. instead one must apply cloud-tech and very heavily encrypted connections. speed is not an issue so i guess that leaves pretty much up to the imagination. i think there are some american laws that prohibits too strong encryption, i think it boils down to that they want to ensure their experts can crack it. but i don’t see any right of anybody to interfere how an organisation or a group of individuals run their private networks.

have a hardware based system where the machine shuts down if the webcam is blocked

nothing is done automatic on a secure network. not updates. not access (no saved passwords). not nothing. and i literally mean the void of total absence of anything remotely not caused by a human

*** end edit ***

*** for those wearing tin-foil hats ***

do not equip the servers with conventional drives (incl sad)
instead have the configured system on a dvd and boot from that
all data is kept in memory or on a ram-drive
if someone tries to take the servers away they sure will be disappointed. its the only way
to make sure no info is »left behind«

*** end edit ***

*** dbms ***

no pw needed to access. auth is handled by a bridge in between.
open source big-data with flat structure.
every field has history (done by making delete disable the field altogether and update really inserts a new line)

*** end dbms ***

*** encrypted dns ***

i think the time has come to encrypt dns lookups

*** end dns ***

*** "cheap" public/private ***

one could make the following setup and cut cost on the connection

inet<->router<->public_server/part<-(>) [ firewall<->lan ]

the public_server has 2 interfaces. one incoming and one outbound.

this is not the same as using a dmz

the following services could be put in such a setup:
* dns
* mail
* web
* vpn
* certificate server (for homework stations if none put in private_part)

the (>) means that incoming traffic on the lan is filtered with a hardened firewall
example: because the mail-server is located on the public_part there is no need to send request for any mail server through to the lan

this setup could also be used to put in a hardened gatekeeper that scans incoming traffic for viruses, malware and other incoming nastys.

*** end "cheap" public/private ***