exfiltration

OPM: DHS Cybersecurity Role

OPM: DHS Cybersecurity Role

Cyber security, like physical security, requires layers of protections. The Federal Information Security Modernization Act of 2014 specifies that federal agencies are responsible for their own cybersecurity. Although agencies must take the lead in their own cybersecurity, as OPM is currently doing, DHS has the mission to provide a common baseline of security across the civilian government and…

View On WordPress

Book Review: John Sandford's Hidden Prey

Book Review: John Sandford’s Hidden Prey

Fifteenth in the Lucas Davenport suspense series and revolving around a maverick cop who gets things done in Minneapolis.

My Take

There are, ahem, some good tips for husbands on surviving their wives in here. *snicker* Even the neighbor, Gene, is in on this one, lol.

The series is an intriguing mix of real life mixed in with cop suspense and violence. I adore the characters and their snark. The…

View On WordPress

Sunday Six (plus a few for context)

From the next chapter of Exfiltration:

Bond took a deep breath, closing his eyes. “Because it’s absolute freedom.” He slid his hands up Q’s arms, feeling the tension in his body. His fingers just barely closed around Q’s wrists. “You give yourself to me. You let me do anything to you — make you feel anything I choose — and you’re free to feel it. You can even say no, if you want, but I don’t have to stop. Not unless you safeword.”

“But that’s the same thing as saying no,” Q protested.

“It’s not.” Bond wanted to turn Q over, to look into his eyes, but he suspected Q needed to hide. “If you say ‘no’, that takes the responsibility off you. I can do things to you — things that you might not be ready to admit that you want or enjoy. It becomes my decision. My responsibility.” 

Fic preview: Exfiltration 7

Q’s eyes opened, wide and dark.

“Eyes closed,” Bond warned, crowding into Q’s space. He pushed down the anger that flared through him; despite what they’d done in Connecticut, Q was a novice. With a little flinch, Q closed his eyes tightly. He took a shaky breath, and Bond wondered if he’d pushed too far.

Then Q stepped back, and Bond braced against the disappointment of hearing his safeword before they’d even begun — 

archiveofourown.org
Exfiltration (6/?)

Nothing changed.

No unexpected commands. No scorn or derision. No taking charge and making decisions without consulting Q. Bond was friendly and considerate, charming and witty, and if he was a bit overprotective, not letting Q out of his sight, Q understood. No matter what they were to each other — friends with benefits, lovers, boyfriends, or master and…something — they were also an MI6 assassin and executive. That would never change.

Note for readers: This chapter went up with only the briefest beta read by stephrc79, who went above and beyond the call of duty by reviewing it while on a date. If you notice anything wrong, please drop me a note!

The continuous surveillance of the population, the labeling of at-risk individuals, legalised torture, psychological warfare, police control of Publicity, the social manipulation of affects, the infiltration and exfiltration of “extremist groups”, the state-run massacre, like so many other aspects of the massive deployment of imperial apparatuses, respond to the necessities of uninterrupted war, most often carried out without a fuss. For as William Westmoreland said: “A military operation is only one of a variety of ways to fight the communist insurgent (Counterinsurgency, Tricontinental, 1969)”.
—  This Is Not A Program - Tiqqun
Hint: It Is Possible to Track Classified U.S. Special Operations Around the World If You Know Where to Look

September 1, 2015

How the US Periodically Reveals the Locations of Special Operations Missions

David Cenciotti

VICE News

August 31, 2015

Some very classified, top-secret special forces activity went down in Tunisia last week.

At 1:24pm local time on August 25, a US special operations tactical transport aircraft departed from Tunis and headed southwest toward Tunisia’s border with Algeria. The flight, using radio call sign Magma 30, was a C-146A Wolfhound belonging to the 524th Special Operations Squadron of the Air Force Special Operations Command (AFSOC), based out of Cannon Air Force Base, New Mexico. The primary mission of the Wolfhound is infiltration and exfiltration of Special Forces and other top-secret operators from prepared and semi-prepared airfields around the world. So it’s relatively safe to assume that they were either picking up or dropping of some special forces operators.

A day later, a civil Beechcraft King Air 350ER, registered to Aircraft Logistics Group of Oklahoma, departed from Pantelleria, an Italian island off the Tunisian coast, in support of US Africa Command (AFRICOM), to search for terrorists involved in the March 2015 Bardo Museum attack. The aircraft (tail number N351DY) is a civilian version of the MC-12W, an intelligence, surveillance, and reconnaissance (ISR) plane operated by the US Air Force. The plane is equipped with a suite of sensors and communication gear, as well as a laser target designator, and is used to “find, fix, and finish” bad guys on the ground. It doesn’t take a gigantic leap of imagination to suppose this flight was working to provide reconnaissance for Special Forces folks in the area. Perhaps ones who’d been dropped off a day earlier by the C-146A Wolfhound.

Interestingly, these special operations missions inside Tunisia are evidence of Washington’s growing counterterrorism efforts in Africa. Even more interesting than that, however, is the fact that all of this information came from the public website Flightradar24.com.

Flightradar24 (FR24) allows anyone to look up details about planes and to track flights online. FR24 (and some similar portals, each also available on smartphone and tablet apps) relies on a network of several thousand volunteer feeder antennas all around the world that collect and share data they receive from aircraft in their vicinity using something called the automatic dependent surveillance-broadcast (ADS-B).

ADS-B is one of the elements of next-generation air traffic control systems in both the US and Europe, a cooperative surveillance system that will one day replace radar. Rather than aircraft being tracked by ground-based radar, the planes themselves will be equipped with special transponders (radio signal transmitters) that broadcast their radio call sign, GPS-calculated position, altitude, and flight path to air traffic control ground stations, enabling precise tracking.

The information broadcast is not encrypted, so it can be received by nearby aircraft to help prevent collisions, and by FR24 receivers — commercial, off-the-shelf ones, as well as home-built kits.

Although the majority of the trackable aircraft are civil airliners and business jets, military aircraft are also equipped with ADS-B-capable transponders. These are usually turned off — or at least, should be — during missions so the aircraft don’t advertise their location to potential threats. However, that doesn’t always happen in practice, and military aircraft carrying out military missions or covert operations can regularly be tracked online: In March 2011, during the first days of the Libya air war, some of the US and allied aircraft involved in the raids against Muammar Qaddafi’s forces failed to turn off their transponders.

Little has changed since 2011. American aircraft over Syria, Iraq, and Afghanistan can be tracked or seen. And the US isn’t the only country broadcasting real-time locations of its military aircraft. The tendency to leave the transponder turned on is widespread among many air forces including the UK, Canada, and Russia. The US may be unique, though, in its advertising of the location of its Special Operations planes when they’re out hunting for terrorists.

This all falls under the umbrella of what’s called operational security (OPSEC). OPSEC is basically anything you shouldn’t be blabbing about in public; If you want to keep what you’re doing a secret, it is considered good OPSEC to not tell everyone what you’re doing. So does online flight tracking pose a threat to OPSEC? Most probably, yes.

“The purpose of OPSEC is to keep the mission secure — anything that undermines that hurts OPSEC and the mission,” Robert Hopkins III, a former commander of intelligence-gathering aircraft throughout the 1980s and ‘90s, told VICE News.

The thing is, OPSEC procedures don’t always make sense.

“During the 1980s, photography of RC-135s was absolutely prohibited for fear that an image might reveal to the Soviets an operational capability,” Hopkins said. “This was insane because the Soviet interceptors that escorted the RC-135s took all the pictures they wanted from any angle that might reveal external changes. Same with the Chinese, Brits, Norwegians, Swedes, and anyone else who might come up to play. In short, the only people who couldn’t take pictures of RC-135s were Americans.”

The US Air Force doesn’t appear all that worried about FR24 and similar services. A recent article on the US Air Force Central Command website, titled “Loose Tweets Destroy Fleets,” based on the US Navy’s WWII “Loose Lips Sink Ships” campaign, focused only on leakage of information that could put missions, resources, and members at risk, “and be detrimental to national strategic and foreign policies,” via social media.

Apparently, exposing the presence of a reconnaissance plane over a target of interest, like the MC-12 reconnaissance plane that can be frequently tracked on FR24 flying surveillance missions over Mosul, is only a possible OPSEC violation if the crew members tweet about it.

“There are times when I think the OPSEC community becomes utterly disengaged from reality, and this is one of them,” Hopkins said. “Looking at FR24 on a laptop and seeing a slew of KC-135s with the call sign "Quid” orbiting off Cyprus is a good indicator that a strike package is on its way to Syria, no matter how good the OPSEC of the strike aircraft might be.“

There is no evidence that an aircraft has ever been shot down because of FR24, but it’s impossible to rule out the possibility that bad guys have moved or remained hidden because they knew hostile aircraft were overhead or on their way. The US Air Force failed to respond to VICE News’ request for comment.

Real-time flight-tracking services have been around for some time now, and they have become an extremely powerful tool to investigate, study, and learn about aviation. For instance, these services revealed enormous amounts of information when Malaysia Airlines MH370 disappeared in March 2014. The services are widely known within the aviation community, but air forces around the world don’t treat unencrypted transponder signals in the same way as other details, and while radio communications policies and emission control (EMCON) restrictions are considered when planning combat sorties, the possibility of their transponder signals being picked up barely rate an afterthought.

Still, Flightradar24 is sometimes asked to keep mum.

"Our policy regarding aircraft visibility is that we remove an aircraft from display upon receiving an official request,” Flightradar24 spokesman Ian Petchenik told VICE News. “We receive requests from governments on an ongoing basis and promptly honor those requests.”

But asking FR24 to keep secrets doesn’t prevent other receivers or web-based services from picking up the info. So if you don’t want other people to track your plane, the only real countermeasure is to turn off the transponder. It’s something the world’s air forces know how to do; it is exactly what most spy planes approaching “sensitive areas” have done for decades. And it’s not that complex a procedure — hijackers on three of the four planes taken on 9/11 shut off their transponders.

github.com
gojhonny/CredCrack
CredCrack - A fast and stealthy credential harvester

http://blog.gojhonny.com/2015/08/domain-administrator-in-17-seconds.html

CredCrack is a fast and stealthy credential harvester. It exfiltrates credentials recusively in memory and in the clear. Upon completion, CredCrack will parse and output the credentials while identifying any domain administrators obtained. CredCrack also comes with the ability to list and enumerate share access and yes, it is threaded!

CredCrack has been tested and runs with the tools found natively in Kali Linux. CredCrack solely relies on having PowerSploit’s “Invoke-Mimikatz.ps1” under the /var/www directory. Download Invoke-Mimikatz Here

archiveofourown.org
Exfiltration (2/?)

After all this time in Q Branch, Q knew precisely the effects of moisture on audio pickups. Unfortunately, it took more than running water to guarantee privacy for a conversation, but soft whispers were an acceptable risk.

Under the cover of soap and steam, bodies pressed close together in the spacious shower, Q whispered, “Exfil.”

Bond hummed once, rubbing his hands everywhere over Q’s body in sweeping strokes that would look possessive to the cameras, though Q hadn’t seen any openly mounted here. There might not be cameras, he thought — even human traffickers might want privacy on the toilet, after all — but he wasn’t going to take any risks.

“Plan?” Q dared to ask as he licked Bond’s ear and was rewarded with a shiver.

Two quiet grunts. No plan.

Not that the lack of a plan had ever stopped Bond, Q knew, and couldn’t quite hide a flinch at the thought of being caught up in the mayhem that was sure to follow.

archiveofourown.org
Exfiltration

For badwolfbadwolff.

“Q!” The office door slammed open hard enough to rattle the glass wall despite the hydraulic hinges.

Startled, Q held up a hand, saying, “Calm —”

“Bond’s been compromised.” TJ didn’t stop running until he hit Q’s desk.

Q looked back down at his computer, pulling up Bond’s current mission file. “Elaborate, please,” he said calmly, looking over the summary.

Human trafficking ring, male and female victims, primarily well-educated Europeans and Americans in their twenties. The victims were sold not to brothels nor as labourers but to private buyers, with a guarantee that they’d never talk. Never try to escape.

TJ took a deep breath. “His contact’s body was just recovered. Tortured. Tongue cut out.”

Sadly, that was nothing extraordinary in Q’s experience since joining government service. “It could have been unrelated to the mission,” Q said, playing devil’s advocate, even though he knew that wasn’t the case. They were never that fortunate. Most of his mind was already focused on damage control or extraction, though he knew Bond would resist abandoning the mission unless there was no other choice.

“The tongue…” TJ shuddered. “He talked, Q. They know it.”

“Did you send word — Oh,” Q said, frowning. Full comms blackout. Bond, idiot that he was, had notified HQ that he’d be going in dark. They were back to 1980s spycraft, with message notifications delivered not via email or secure radio but by dead drop.

“I’ve got the Americans on hold,” TJ offered.

Q huffed, clicking through the mission file to skim each document. “If you recall, two FBI agents were on the CIA’s list of involved suspects. We’ll have to… to contact…” His finger froze as he stared at his own photo, and he vaguely recalled signing off permission for MI6 to use his likeness in background paperwork for missions.

Staring at the monitor, Q didn’t hear whatever TJ said next. The background document for the photo explained that ‘Ethan Davies’ had been taken a year short of graduating Cambridge, sold, and trained to obedience as a sexual companion by ‘Rhys Sterling’. Bond’s cover identity.

“Shit,” Q whispered, realising there was only one way to guarantee that Bond received the exfiltration order.

Note: There is no non-con/dub-con involving major characters, and none explicitly shown. However, the first part of this fic (and only the first part) involves a human trafficking ring…

Bloombase StoreSafe Certified Interoperable with HP Enterprise Secure Key Manager (ESKM) for Data-At-Rest Encryption Security

SUNNYVALE, Calif., Sept. 1, 2015 /PRNewswire/ – Bloombase is pleased to announce the successful mutual certification of interoperability for Bloombase StoreSafe and HP Atalla Enterprise Secure Key Manager (ESKM) using the OASIS standard Key Management Interoperability Protocol (KMIP). This interoperable solution addresses enterprise data leakage and exfiltration vulnerabilities, helps organizations meet stringent confidentiality and regulatory compliance mandates, and highlights unified storage, leveraged to deliver enhanced security and scalability.

While data storage in clear text remains the fundamental cause of data exposures, the addition of inbound threats adds a serious dimension to the data risk profile: sponsored espionage, data theft, disgruntled employees, insider threats, hardware theft, leakage caused by malware and viruses, various vulnerabilities as result of outsourcing, 3rd party MSPs, off-premise cloud etc. As a universally-accepted best practice, there is no substitute for encryption for data-at-rest as the last line of defense.

As a software appliance, Bloombase StoreSafe is an agentless, turnkey, application-transparent, high performance unified stored data encryption solution with non-disruptive deployment (protocol preserving, no operational change to application infrastructure nor daily operations). Bloombase Data-At-Rest security solution is portable, OS agnostic and used across multiple market verticals. Bloombase operates as a single platform with an expansive reach over heterogeneous networked storage environment. It works as a storage proxy for trusted hosts and applications encrypting as they write, and unencrypting as they read. Bloombase is committed to industry wide interoperability and protecting all storage systems and services: including HP on-premise 3PAR storage and StoreEver tape libraries. The HP ProLiant Intel Xeon servers are the most deployed hardware used by Bloombase clients today. Bloombase is also HP Integrity Certified for OpenVMS (http://h71000.www7.hp.com/partners/).

Bloombase’s software-defined architecture is future-proofed to meet infrastructure changes through sustainability, scalability and flexibility to deliver data security services. As an independent piece, it delivers security integrity and helps organizations maintain clear separation of duties (SoD).

Bloombase StoreSafe provides protocol preserving encryption over storage networking standards including SAN, NAS, DAS, tape library, VTL, CAS, object stores, and various RESTful cloud storage services. Bloombase StoreSafe offers a pluggable cipher architecture supporting different cryptographic standards. IEEE 1619 compliant and NIST FIPS 140-2 certified, Bloombase has also achieved security certifications from the U.S., Japan and China. Aside from the Bloombase proprietary key management product KeyCastle, Bloombase supports key management industry standard PKCS#11 and OASIS KMIP.

Bloombase StoreSafe and HP ESKM certification highlights:

  • Bloombase has successfully completed interoperability testing with HP and received verification that Bloombase StoreSafe interoperates with HP ESKM.
  • Bloombase StoreSafe safeguards business sensitive data-at-rest with industry-standard IEEE 1619 cryptography and NIST FIPS 140-2 certified OASIS KMIP-compliant HP ESKM.
  • Bloombase StoreSafe interoperates with HP ESKM to help organizations realize true separation of duties (SoD) without impacting day-to-day workflow of data owner, system administrator or operator.

The interoperability between the Bloombase and HP solutions helps Global 500 enterprises, managed service providers (MSPs) and the public sector, all of whom manage complex, heterogeneous IT infrastructures, to meet their storage encryption needs. These solutions leverage a transformational software appliance approach to yield high performance. Consistent with this, Bloombase StoreSafe encryption software leverages Intel AES-NI for accelerated performance.

“For our large enterprise clients seeking a data security solution for the storage layer that is open standard and turnkey, embraces true value-added technology, and addresses the evolving enterprise data center model, outsourcing trends, and software-defined architecture, Bloombase works with HP to enable an interoperable storage data security solution that is a powerful answer to the Big Data exfiltration problem.” says Sean Xiang, Bloombase CEO.

“Encryption of data at rest is effective when key management enables the assurance of strong key protection and automated controls, while maintaining transparent business continuity for proper access to sensitive data,” says Albert Biketi, general manager, HP Security, Atalla. “HP Enterprise Secure Key Manager and Bloombase StoreSafe offers customers a prequalified, interoperable solution to deliver scalable and auditable enterprise key management for storage encryption that easily extends to additional security applications and IT infrastructure through a standards-based approach.”

For more information about Bloombase and HP ESKM interoperability, visit https://protect724.hp.com/docs/DOC-12655 and http://www.bloombase.com/interoperability/hp.html.

Bloombase will showcase its next-generation data-at-rest security solution with HP ESKM at HP Protect 2015 taking place September 1-4, National Harbor, MD. For more information, visit http://www.hp.com/go/protect and http://www.hp.com/go/ESKM.

About Bloombase

Bloombase is a worldwide provider and leading innovator in Next Generation Data Security from Physical/Virtual Data Center, through Big Data and to the Cloud. Bloombase provides turnkey, non-disruptive, defense in-depth data protection against dynamic cyber threats while simplifying the IT security infrastructure. Bloombase is the trusted standard for Global 500 scale organizations that have zero tolerance policy for security breaches. For more information, visit http://www.bloombase.com

Bloombase is a trademark of Bloombase, Inc. and may be registered in certain jurisdictions. All other product and company names mentioned are the property of their respective owners and are mentioned for identification purposes only. Except for the historical information contained herein, this press release contains forward-looking statements that involve risks and uncertainties. The success of the agreements and products described above and the future operating results of Bloombase, Inc. may differ from the results discussed or forecasted in the forward-looking statements due to factors that include, but are not limited to, risks associated with new versions and new products, the availability of Bloombase, Inc.’s products and services, implementation of products and services, existence of errors or defects in products, rapid technological change, dependence on the Internet, significant current and expected additional competition and the need to continue to expand product distribution and services offerings. Bloombase, Inc. assumes no obligation to update the information in this press release.

span.p_span{font-size:8pt !important;font-family:"Arial" !important;color:black !important;} a.p_a{color:blue !important;} li.p_li{font-size:8pt !important;font-family:"Arial" !important;color:black !important;} p.p_p{font-size:0.62em !important;font-family:"Arial" !important;color:black !important;margin:0in !important;} ;}