Author Topic: How to Win a ‘Cyberwar’ with ISIS by th3j35t3r  (Read 1948 times)

0 Members and 1 Guest are viewing this topic.

Offline Obnoxious Bastard

  • Administrator
  • *****
  • Posts: 73
How to Win a ‘Cyberwar’ with ISIS by th3j35t3r
« on: November 21, 2015, 13:02:29 PM »
“Never interrupt the enemy while he’s making a mistake’ ~ Napoleon

I’m gonna start with one simple sentence: We have the upper hand here. Sometimes it doesn’t feel like it, but make no mistake WE HAVE THE ADVANTAGE, just as long as we don’t squander it. Here’s why:

Nearly 6 years ago, as many of you know I started taking down jihadist recruiting, propaganda websites and forums. At that time they were often self-hosted servers, or offshore hosting providers, they were not prevalent on US social media like they are today. Most of the targets I chose were hosted overseas. My strategy then was really simple. I was trying to make it as difficult as possible for the bad guys to trust and maintain their own servers, and lines of communication. I figured I’d herd or funnel them into a smaller space, because smaller spaces are easier to watch.

Today, there are very few of these overseas Jihadist services left up and running. They pretty much gave up trying to keep their boxes online and, as we have seen, have moved over to US based technology. Everything from Telegram, and Surespot etc for messaging and Cloudflare for protecting their ‘online assets’ from people like me, and obviously Twitter and Facebook to spread their propaganda. So I’d say that strategy I was working on for all those years was relatively successful. Why?
Now we have them right where we want them.

That ‘smaller space’ I mentioned above (and MANY times in interviews int the past) is US based technology platforms. From there we can monitor, perform traffic analysis, even targeting packages. This was not as easy before when they were scattered on natty foreign and mostly uncooperative nations services and servers. And before all the pro-Snowden and Wikileaks shitnozzles start whining about eavesdropping and the constitution, non-US foreign nationals using US technology are NOT protected by OUR CONSTITUTION. It’s we the people, not them the people. So sit back down hipsters.

Speaking of Snowden, ever since he defected I’ve been saying how his ‘revelations’ have directly affected intelligence gathering capabilities, especially against jihadists. In fact 18 months ago I wrote an entire post, backed up with real world facts to outline the level of his treachery. Well today we have even more evidence, straight outta Raqqa from an online jihadist:

Yes people – that’s an actual jihadist praising up Snowden as a hero. I if you want to read more on this subject it’s all right here. Wanna know who else isn’t helping? ‘Anonymous’. As you *may* have heard the ‘hacking’ group <snicker> are currently trying to get 1000’s of what they decide are ISIS accounts suspended. Even though by their own admission they are actually just looking for Arabic language accounts many of which are not affiliated to ISIS:

They are also targeting (unsuccessfully) supposed ISIS websites, many of which are not actually ISIS run operations. Here’s a video from yesterday of Cloudflare CEO Matthew Prince slamming them and alluding to the fact that many of their targets *may* in fact be either honeypots or have US intelligence ‘assets’ inside collecting the goods. This also finally answers the question: ‘J’ why you no ‘Tango Down’ no more? Well maybe the time for that was 6 years ago, and the environment is less ‘target rich’ now, because we’ve got them where we want them. Or maybe I’m working to advance the fight in other ways. Either way Anonymous, you’re a dollar short and a day late, yet again. Some people paint, others sculpt I guess.

Sidenote, non of this is ‘hacking’ – I’ve written in detail about this latest spat of Anonymous bullshit here. Its a giant clusterfuck of a circle-jerk with those guys, and if you don’t believe me, waste a few minutes of your life and a few brain cells in their official chat room for their ‘OpParis’ effort. Here’s a link to drop directly into it.
So what’s a solution?

Well, like I said earlier, we have the upper hand. As long as the asshats stop ‘helping’ and WE don’t squander it. The bad guys don’t have the skills, technology (or will anymore) to create and maintain their own platforms. They have been herded onto our technology, and they want more of it, let me show you:
Yesterday I observed the Official ISIS ‘Tech Support’ account recommend the US Blackphone device to its Jihadi minions for communication as per:

Then, less than a day later I notice they are peddling a modded version of Rockstar Games hit game GTA5. They have re-branded it into something they are calling ‘Vexation and Chaos’:

For haters of the ‘infidel’ way of life these fuckstains sure do like to use our stuff a lot right?
Well I say good! Let ’em! But why not load the dice?

A herein lies our advantage, all these tools and platforms have a US codebase, a codebase US entities control, so why not add some value and insert some snippets that will determine if the user is in a certain location or similar, and use it as a trigger for monitoring or even a targeting package for drone bait? It could easily be based on multiple conditions being met, that way no the pro-Snowden snowflakes can’t complain about US citizens being ‘illegally’ monitored.
Remember Stuxnet? That software infected millions of machines, but only triggered if certain conditions were met. Among those conditions, the software detected WHERE it was geographically, AND if the system it was on was also running a specific piece of SIEMENS PLC/SCADA software that was ONLY used to control nuclear centrifuges. There could be no false positives there, if at least those TWO conditions were not met, it stayed dormant and didn’t trigger.

We have the advantage here, and we’d be remiss not to leverage it. I’d like to see a US ‘Technology Provider Coalition’ (or ‘syndicate’ or whatever), external to Government, so there can be no crying about ‘Government spying on me’ – building this kind of multi-conditional ‘feature’ into OUR technology. They are clearly enamoured with our technological prowess. Lets not squander this awesome opportunity. Because harassing Twitter to suspend random Arabic speaking users is counter-productive, hampers actual investigations, and fucking futile.

We need to stop pissing around, start thinking on our feet, critically and outside the box. Make no mistake, this is a war, and in wartime, extraordinary shit needs to get done. Nobody ever won a war staying inside their comfort zone.
Just my humble 2 cents.