Cyber security, like physical security, requires layers of protections. The Federal Information Security Modernization Act of 2014 specifies that federal agencies are responsible for their own cybersecurity. Although agencies must take the lead in their own cybersecurity, as OPM is currently doing, DHS has the mission to provide a common baseline of security across the civilian government and…
Bond took a deep breath, closing his eyes. “Because it’s absolute freedom.” He slid his hands up Q’s arms, feeling the tension in his body. His fingers just barely closed around Q’s wrists. “You give yourself to me. You let me do anything to you — make you feel anything I choose — and you’re free to feel it. You can even say no, if you want, but I don’t have to stop. Not unless you safeword.”
“But that’s the same thing as saying no,” Q protested.
“It’s not.” Bond wanted to turn Q over, to look into his eyes, but he suspected Q needed to hide. “If you say ‘no’, that takes the responsibility off you. I can do things to you — things that you might not be ready to admit that you want or enjoy. It becomes my decision. My responsibility.”
“Eyes closed,” Bond warned, crowding into Q’s space. He pushed down the anger that flared through him; despite what they’d done in Connecticut, Q was a novice. With a little flinch, Q closed his eyes tightly. He took a shaky breath, and Bond wondered if he’d pushed too far.
Then Q stepped back, and Bond braced against the disappointment of hearing his safeword before they’d even begun —
No unexpected commands. No scorn or derision. No taking charge and making decisions without consulting Q. Bond was friendly and considerate, charming and witty, and if he was a bit overprotective, not letting Q out of his sight, Q understood. No matter what they were to each other — friends with benefits, lovers, boyfriends, or master and…something — they were also an MI6 assassin and executive. That would never change.
Note for readers: This chapter went up with only the briefest beta read by stephrc79, who went above and beyond the call of duty by reviewing it while on a date. If you notice anything wrong, please drop me a note!
The continuous surveillance of the population, the labeling of at-risk individuals, legalised torture, psychological warfare, police control of Publicity, the social manipulation of affects, the infiltration and exfiltration of “extremist groups”, the state-run massacre, like so many other aspects of the massive deployment of imperial apparatuses, respond to the necessities of uninterrupted war, most often carried out without a fuss. For as William Westmoreland said: “A military operation is only one of a variety of ways to fight the communist insurgent (Counterinsurgency, Tricontinental, 1969)”.
Hint: It Is Possible to Track Classified U.S. Special Operations Around the World If You Know Where to Look
September 1, 2015
How the US Periodically Reveals the Locations of Special Operations Missions
August 31, 2015
Some very classified, top-secret special forces activity went down in Tunisia last week.
1:24pm local time on August 25, a US special operations tactical
transport aircraft departed from Tunis and headed southwest toward
Tunisia’s border with Algeria. The flight, using radio call sign Magma 30,
was a C-146A Wolfhound belonging to the 524th Special Operations
Squadron of the Air Force Special Operations Command (AFSOC), based out
of Cannon Air Force Base, New Mexico. The primary mission of the
Wolfhound is infiltration and exfiltration of Special Forces and other
top-secret operators from prepared and semi-prepared airfields around
the world. So it’s relatively safe to assume that they were either
picking up or dropping of some special forces operators.
later, a civil Beechcraft King Air 350ER, registered to Aircraft
Logistics Group of Oklahoma, departed from Pantelleria, an
Italian island off the Tunisian coast, in support of US Africa Command
(AFRICOM), to search for terrorists involved in the March 2015 Bardo Museum attack. The aircraft (tail number N351DY) is a civilian version of the MC-12W,
an intelligence, surveillance, and reconnaissance (ISR) plane operated
by the US Air Force. The plane is equipped with a suite of sensors and
communication gear, as well as a laser target designator, and is used to
“find, fix, and finish” bad guys on the ground. It doesn’t take a
gigantic leap of imagination to suppose this flight was working to
provide reconnaissance for Special Forces folks in the area. Perhaps
ones who’d been dropped off a day earlier by the C-146A Wolfhound.
these special operations missions inside Tunisia are evidence of
Washington’s growing counterterrorism efforts in Africa. Even more
interesting than that, however, is the fact that all of this information
came from the public website Flightradar24.com.
(FR24) allows anyone to look up details about planes and to track
flights online. FR24 (and some similar portals, each also available on
smartphone and tablet apps) relies on a network of several thousand
volunteer feeder antennas all around the world that collect and share
data they receive from aircraft in their vicinity using something called
the automatic dependent surveillance-broadcast (ADS-B).
ADS-B is one of the elements of next-generation air traffic control systems in both the US
and Europe, a cooperative surveillance system that will one day replace
radar. Rather than aircraft being tracked by ground-based radar, the
planes themselves will be equipped with special transponders (radio
signal transmitters) that broadcast their radio call sign,
GPS-calculated position, altitude, and flight path to air traffic
control ground stations, enabling precise tracking.
information broadcast is not encrypted, so it can be received by nearby
aircraft to help prevent collisions, and by FR24 receivers — commercial,
off-the-shelf ones, as well as home-built kits.
majority of the trackable aircraft are civil airliners and business
jets, military aircraft are also equipped with ADS-B-capable
transponders. These are usually turned off — or at least, should be
— during missions so the aircraft don’t advertise their location to
potential threats. However, that doesn’t always happen in practice, and
military aircraft carrying out military missions or covert operations
can regularly be tracked online: In March 2011, during the first days of
the Libya air war, some of the US and allied aircraft involved in the
raids against Muammar Qaddafi’s forces failed to turn off their
has changed since 2011. American aircraft over Syria, Iraq, and
Afghanistan can be tracked or seen. And the US isn’t the only country
broadcasting real-time locations of its military aircraft. The tendency
to leave the transponder turned on is widespread among many air
forces including the UK, Canada,
and Russia. The US may be unique, though, in its advertising of the
location of its Special Operations planes when they’re out hunting for
This all falls under the umbrella of what’s called
operational security (OPSEC). OPSEC is basically anything you shouldn’t
be blabbing about in public; If you want to keep what you’re doing a
secret, it is considered good OPSEC to not tell everyone what
you’re doing. So does online flight tracking pose a threat to OPSEC?
Most probably, yes.
“The purpose of OPSEC is to keep the mission
secure — anything that undermines that hurts OPSEC and the mission,”
Robert Hopkins III, a former commander of intelligence-gathering
aircraft throughout the 1980s and ‘90s, told VICE News.
The thing is, OPSEC procedures don’t always make sense.
the 1980s, photography of RC-135s was absolutely prohibited for fear
that an image might reveal to the Soviets an operational capability,”
Hopkins said. “This was insane because the Soviet interceptors that
escorted the RC-135s took all the pictures they wanted from any angle
that might reveal external changes. Same with the Chinese, Brits,
Norwegians, Swedes, and anyone else who might come up to play. In short,
the only people who couldn’t take pictures of RC-135s were Americans.”
US Air Force doesn’t appear all that worried about FR24 and similar
services. A recent article on the US Air Force Central Command website,
titled “Loose Tweets Destroy Fleets,” based on the US Navy’s WWII
“Loose Lips Sink Ships” campaign, focused only on leakage of information
that could put missions, resources, and members at risk, “and be
detrimental to national strategic and foreign policies,” via social
Apparently, exposing the presence of a reconnaissance plane
over a target of interest, like the MC-12 reconnaissance plane that can
be frequently tracked on FR24 flying surveillance missions over Mosul,
is only a possible OPSEC violation if the crew members tweet about it.
are times when I think the OPSEC community becomes utterly disengaged
from reality, and this is one of them,” Hopkins said. “Looking at FR24
on a laptop and seeing a slew of KC-135s with the call sign "Quid”
orbiting off Cyprus is a good indicator that a strike package is on its
way to Syria, no matter how good the OPSEC of the strike aircraft might
There is no evidence that an aircraft has ever been shot down
because of FR24, but it’s impossible to rule out the possibility that
bad guys have moved or remained hidden because they knew hostile
aircraft were overhead or on their way. The US Air Force failed to
respond to VICE News’ request for comment.
flight-tracking services have been around for some time now, and they
have become an extremely powerful tool to investigate, study, and learn
about aviation. For instance, these services revealed enormous amounts
of information when Malaysia Airlines MH370 disappeared in March 2014.
The services are widely known within the aviation community, but air
forces around the world don’t treat unencrypted transponder signals in
the same way as other details, and while radio communications policies
and emission control (EMCON) restrictions are considered when planning
combat sorties, the possibility of their transponder signals being
picked up barely rate an afterthought.
Still, Flightradar24 is sometimes asked to keep mum.
policy regarding aircraft visibility is that we remove an aircraft from
display upon receiving an official request,” Flightradar24
spokesman Ian Petchenik told VICE News. “We receive requests from
governments on an ongoing basis and promptly honor those requests.”
FR24 to keep secrets doesn’t prevent other receivers or web-based
services from picking up the info. So if you don’t want other people to
track your plane, the only real countermeasure is to turn off the
transponder. It’s something the world’s air forces know how to do; it is
exactly what most spy planes approaching “sensitive areas” have done
for decades. And it’s not that complex a procedure — hijackers on three
of the four planes taken on 9/11 shut off their transponders.
CredCrack is a fast and stealthy credential harvester. It exfiltrates credentials recusively in memory and in the clear. Upon completion, CredCrack will parse and output the credentials while identifying any domain administrators obtained. CredCrack also comes with the ability to list and enumerate share access and yes, it is threaded!
CredCrack has been tested and runs with the tools found natively in Kali Linux. CredCrack solely relies on having PowerSploit’s “Invoke-Mimikatz.ps1” under the /var/www directory. Download Invoke-Mimikatz Here
After all this time in Q Branch, Q knew precisely the effects of moisture on audio pickups. Unfortunately, it took more than running water to guarantee privacy for a conversation, but soft whispers were an acceptable risk.
Under the cover of soap and steam, bodies pressed close together in the spacious shower, Q whispered, “Exfil.”
Bond hummed once, rubbing his hands everywhere over Q’s body in sweeping strokes that would look possessive to the cameras, though Q hadn’t seen any openly mounted here. There might not be cameras, he thought — even human traffickers might want privacy on the toilet, after all — but he wasn’t going to take any risks.
“Plan?” Q dared to ask as he licked Bond’s ear and was rewarded with a shiver.
Two quiet grunts. No plan.
Not that the lack of a plan had ever stopped Bond, Q knew, and couldn’t quite hide a flinch at the thought of being caught up in the mayhem that was sure to follow.
Enterprises tend to be highly focused on keeping attackers out of their systems, but most of the actual damage happens not when the bad guys first break in, but when they’re able to successfully steal data – and the techniques they’re using to do this are getting steadily more sophisticated…
“Q!” The office door slammed open hard enough to rattle the glass wall despite the hydraulic hinges.
Startled, Q held up a hand, saying, “Calm —”
“Bond’s been compromised.” TJ didn’t stop running until he hit Q’s desk.
Q looked back down at his computer, pulling up Bond’s current mission file. “Elaborate, please,” he said calmly, looking over the summary.
Human trafficking ring, male and female victims, primarily well-educated Europeans and Americans in their twenties. The victims were sold not to brothels nor as labourers but to private buyers, with a guarantee that they’d never talk. Never try to escape.
TJ took a deep breath. “His contact’s body was just recovered. Tortured. Tongue cut out.”
Sadly, that was nothing extraordinary in Q’s experience since joining government service. “It could have been unrelated to the mission,” Q said, playing devil’s advocate, even though he knew that wasn’t the case. They were never that fortunate. Most of his mind was already focused on damage control or extraction, though he knew Bond would resist abandoning the mission unless there was no other choice.
“The tongue…” TJ shuddered. “He talked, Q. They know it.”
“Did you send word — Oh,” Q said, frowning. Full comms blackout. Bond, idiot that he was, had notified HQ that he’d be going in dark. They were back to 1980s spycraft, with message notifications delivered not via email or secure radio but by dead drop.
“I’ve got the Americans on hold,” TJ offered.
Q huffed, clicking through the mission file to skim each document. “If you recall, two FBI agents were on the CIA’s list of involved suspects. We’ll have to… to contact…” His finger froze as he stared at his own photo, and he vaguely recalled signing off permission for MI6 to use his likeness in background paperwork for missions.
Staring at the monitor, Q didn’t hear whatever TJ said next. The background document for the photo explained that ‘Ethan Davies’ had been taken a year short of graduating Cambridge, sold, and trained to obedience as a sexual companion by ‘Rhys Sterling’. Bond’s cover identity.
“Shit,” Q whispered, realising there was only one way to guarantee that Bond received the exfiltration order.
Note: There is no non-con/dub-con involving major characters, and none explicitly shown. However, the first part of this fic (and only the first part) involves a human trafficking ring…
Bloombase StoreSafe Certified Interoperable with HP Enterprise Secure Key Manager (ESKM) for Data-At-Rest Encryption Security
SUNNYVALE, Calif., Sept. 1, 2015 /PRNewswire/ – Bloombase is pleased to announce the successful mutual certification of interoperability for Bloombase StoreSafe and HP Atalla Enterprise Secure Key Manager (ESKM) using the OASIS standard Key Management Interoperability Protocol (KMIP). This interoperable solution addresses enterprise data leakage and exfiltration vulnerabilities, helps organizations meet stringent confidentiality and regulatory compliance mandates, and highlights unified storage, leveraged to deliver enhanced security and scalability.
While data storage in clear text remains the fundamental cause of data exposures, the addition of inbound threats adds a serious dimension to the data risk profile: sponsored espionage, data theft, disgruntled employees, insider threats, hardware theft, leakage caused by malware and viruses, various vulnerabilities as result of outsourcing, 3rd party MSPs, off-premise cloud etc. As a universally-accepted best practice, there is no substitute for encryption for data-at-rest as the last line of defense.
As a software appliance, Bloombase StoreSafe is an agentless, turnkey, application-transparent, high performance unified stored data encryption solution with non-disruptive deployment (protocol preserving, no operational change to application infrastructure nor daily operations). Bloombase Data-At-Rest security solution is portable, OS agnostic and used across multiple market verticals. Bloombase operates as a single platform with an expansive reach over heterogeneous networked storage environment. It works as a storage proxy for trusted hosts and applications encrypting as they write, and unencrypting as they read. Bloombase is committed to industry wide interoperability and protecting all storage systems and services: including HP on-premise 3PAR storage and StoreEver tape libraries. The HP ProLiant Intel Xeon servers are the most deployed hardware used by Bloombase clients today. Bloombase is also HP Integrity Certified for OpenVMS (http://h71000.www7.hp.com/partners/).
Bloombase’s software-defined architecture is future-proofed to meet infrastructure changes through sustainability, scalability and flexibility to deliver data security services. As an independent piece, it delivers security integrity and helps organizations maintain clear separation of duties (SoD).
Bloombase StoreSafe provides protocol preserving encryption over storage networking standards including SAN, NAS, DAS, tape library, VTL, CAS, object stores, and various RESTful cloud storage services. Bloombase StoreSafe offers a pluggable cipher architecture supporting different cryptographic standards. IEEE 1619 compliant and NIST FIPS 140-2 certified, Bloombase has also achieved security certifications from the U.S., Japan and China. Aside from the Bloombase proprietary key management product KeyCastle, Bloombase supports key management industry standard PKCS#11 and OASIS KMIP.
Bloombase StoreSafe and HP ESKM certification highlights:
Bloombase has successfully completed interoperability testing with HP and received verification that Bloombase StoreSafe interoperates with HP ESKM.
Bloombase StoreSafe safeguards business sensitive data-at-rest with industry-standard IEEE 1619 cryptography and NIST FIPS 140-2 certified OASIS KMIP-compliant HP ESKM.
Bloombase StoreSafe interoperates with HP ESKM to help organizations realize true separation of duties (SoD) without impacting day-to-day workflow of data owner, system administrator or operator.
The interoperability between the Bloombase and HP solutions helps Global 500 enterprises, managed service providers (MSPs) and the public sector, all of whom manage complex, heterogeneous IT infrastructures, to meet their storage encryption needs. These solutions leverage a transformational software appliance approach to yield high performance. Consistent with this, Bloombase StoreSafe encryption software leverages Intel AES-NI for accelerated performance.
“For our large enterprise clients seeking a data security solution for the storage layer that is open standard and turnkey, embraces true value-added technology, and addresses the evolving enterprise data center model, outsourcing trends, and software-defined architecture, Bloombase works with HP to enable an interoperable storage data security solution that is a powerful answer to the Big Data exfiltration problem.” says Sean Xiang, Bloombase CEO.
“Encryption of data at rest is effective when key management enables the assurance of strong key protection and automated controls, while maintaining transparent business continuity for proper access to sensitive data,” says Albert Biketi, general manager, HP Security, Atalla. “HP Enterprise Secure Key Manager and Bloombase StoreSafe offers customers a prequalified, interoperable solution to deliver scalable and auditable enterprise key management for storage encryption that easily extends to additional security applications and IT infrastructure through a standards-based approach.”
Bloombase is a worldwide provider and leading innovator in Next Generation Data Security from Physical/Virtual Data Center, through Big Data and to the Cloud. Bloombase provides turnkey, non-disruptive, defense in-depth data protection against dynamic cyber threats while simplifying the IT security infrastructure. Bloombase is the trusted standard for Global 500 scale organizations that have zero tolerance policy for security breaches. For more information, visit http://www.bloombase.com
Bloombase is a trademark of Bloombase, Inc. and may be registered in certain jurisdictions. All other product and company names mentioned are the property of their respective owners and are mentioned for identification purposes only. Except for the historical information contained herein, this press release contains forward-looking statements that involve risks and uncertainties. The success of the agreements and products described above and the future operating results of Bloombase, Inc. may differ from the results discussed or forecasted in the forward-looking statements due to factors that include, but are not limited to, risks associated with new versions and new products, the availability of Bloombase, Inc.’s products and services, implementation of products and services, existence of errors or defects in products, rapid technological change, dependence on the Internet, significant current and expected additional competition and the need to continue to expand product distribution and services offerings. Bloombase, Inc. assumes no obligation to update the information in this press release.