Browsing All Posts filed under »Information Security«

A New Hope…

December 24, 2013 by


Dave Aitel has graciously allowed us to run his commentaries before – see Hackers May Help Choose The Next US President and Aitel On Cyberwar. Dave is the founder and Chief [Security|technology|executive][1] Officer of Immunity, Inc, and runs the Daily Dave mailing list, where this article was originally published. It is re-published here with his kind permission. So […]

Strikeback! Commission on IP Theft Report Gets All Ronin On China

May 23, 2013 by


A bipartisan group that studies the effects and impacts of IP theft in the US, The Commission on the Theft of American Intellectual Property, has released a report outlining their findings on the scope of the issue and making policy recommendations to combat it. The most interesting proposal among several: strikeback to re-capture stolen IP […]

We Don’t Got Your Back. We Got Your Money.

February 4, 2013 by


“We deal in deception here. What we do not deal with is self-deception.” - The Departed, written by William Monahan, Alan Mak and Felix Chong FADE IN. EXT. DAY. A WHEAT FIELD. BEES AND BUTTERFLIES FLUTTER. WE ZOOM IN ON A WOMAN IN A BUSINESS SUIT, HOLDING A TABLET COMPUTER. WOMAN: I used to worry […]

Onity Hotel-Room Lock-Hacking Triviality Becomes an Issue In Texas

November 28, 2012 by


Last July at the Black Hat conference, security researcher Cody Brocious gave a well-attended and much-discussed presentation in which he responsibly, totally reasonably and helpfully demonstrated the complete fail that is the Onity hotel door lock system. Now, I have skin in this game – I stay in hotels. A lot. So much so that, […]

II: Reports You Need To Read Now

October 24, 2012 by


Three reports you should be aware of – and not just because Dave and I are so busy with warrant work that we’ve had no time to do anything except point to the analysis of others – are covered in this report, and all are worth reading. The first big report, which we were in […]

Cyber-Criminal OPSEC – a Three-Part Series. Part III: TTTP

June 15, 2012 by


In Part I of this three-part series, we discussed the most basic of attribution methods, IP address analysis. In Part II, we talked about computer environmentals, and how it’s possible to build a device fingerprint based on what the user presents when they show up to a web server and ask for something and how […]

Cyber-Criminal OPSEC – a Three-Part Series. Part II: Environmentals

June 12, 2012 by


In Part I of this three-part series, we discussed the most basic of attribution methods, IP address analysis. In Part II, we talk about computer environmentals, and building a device fingerprint. And in Part III, we talk about tools, techniques, tactics and procedures used by cyber criminals. One of the things that mystifies us most […]

Cyber-Criminal OPSEC – a Three-Part Series. Part I: IP Addresses

June 11, 2012 by


This is Part I of a Three-Part Series on Cyber-criminal Operational Security. Part II is here. Part III is here. Recently, when speaking of a cyber case, I said that if your criminals have got an IQ of 101 or greater, and if they’re not pathologically lazy, they’re going to anonymize their traffic to the […]

Anonymous Proxy Hunting: When Bad Guys Don’t Leave You A Map To Their House (or, ‘An IP Address Is NOT an Internet Phone Number’)

May 20, 2012 by


Let’s say some bad guys have stolen some credit card or bank account details and they’re using them to make a whole mess of online purchases. If they’ve got seven brain cells to rub together, they’re probably going to be using an anonymous proxy service to make the purchases. If they’ve got an IQ of 101 […]

Arrests Made in LulzSec / Anonymous Cases

March 6, 2012 by


Fox News is reporting that after Hector Xavier Monsegur, AKA Sabu AKA @AnonymousSabu, a computer hacker associated with the criminal hacking groups Anonymous and LulzSec, was confronted with charges which would likely lead to two years in prison, he became a cooperating witness for the FBI. That, Fox reports separately, led to a number of arrests […]

When Stupid Strikes: Social Media Policy and Training

January 31, 2012 by


A Bay-area police agency has found itself at the center of a firestorm which began with comments on Twitter apparently by one of its officers. The officer apparently posted to a Twitter account the comment, “Get those fucking hackers. I’m a cop in the Bay Area CA. I’d go after them with both guns.“ Awesome. […]

Dave Aitel: Hackers May Help Choose The Next President of the United States

January 29, 2012 by


Dave Aitel is the founder and Chief [Security|technology|executive][1] Officer of Immunity, Inc, and runs the Daily Dave mailing list, where this article was originally published. It is re-published here with his kind permission. At age 18, Aitel started spending his summers working at the National Security Agency (NSA) while attending Rensselaer Polytechnic Institute; three years […]

STRATFOR: The Mid-Term IR Grade is a D-

January 16, 2012 by


STRATFOR is back online, and is offering its content free for the time being. After personally staying quiet for some time after the hack, STRATFOR CEO George Friedman wrote a note and made a video appearance in which he described what happened and provided some analysis. I’ll come back to that in a minute, but let me […]

“With That Revealing Shirt? He Was Just Begging to be Hacked.” Blaming The Victim in the STRATFOR Hack

January 3, 2012 by


In the days since the STRATFOR breach, I initially gave the firm high marks in communicating with its user base after idiotically allowing all their data go bye-bye. I’m going to modify that stance a bit in another post – I now see that they have in fact fallen very short of what they could […]


Get every new post delivered to your Inbox.

Join 850 other followers