Global Governance: The Digital Domain & The Death of Internet

Securing The Net: Global Governance in The Digital Domain was a White Paper written in September 2013. 

This report was produced within the framework of the Global Governance 2022 program, organized by the Global Public Policy Institute in Berlin, in collaboration with partner institutions in the United States (The Brookings Institution and Princeton University), China (Tsinghua University and Fudan University), and Germany (Hertie School of Governance). 

The Global Governance Futures Group symbiotic with the Global Public Policy Institute(GPPi) outlines Specific Methodologies and Scenarios on the Future of Cyber Risk and Governance. 

The 2013 Report Outlines The Following: 

"Could the Internet actually die? The path to this outcome might be precipitated by an inability to address growing mistrust, the continued existence and exploitation of major cyber vulnerabilities, and mass fear created by new kinds of cyber attacks. "

'SCENARIO 1: “CYBER DEATH” – THE END OF THE INTERNET AS WE KNOW IT'

• an “incubation period” during which steadily growing Sino-American [CHINA-AMERICAN] tensions, an interstate cyber incident as well as the continued militarization of cyberspace led to a gradual disconnection of various sectors of critical infrastructure from the Internet;

• ›  an “outbreak phase,” in which a “tsunami” of cyber crime led to a collapse of e-commerce and forced governments, overwhelmed by the volume of crime in cyberspace, to develop secure, parallel network architectures that conformed to national and regional boundaries;

• ›  finally, the “passing of the ‘old’ Internet,” initiated by Russia, China, and Germany following a global panic during a brief period of “cyber terror.” 

  The collapse of e-commerce, which threw the global economy into a recession, was paired with a global run on banks. The lack of confidence in banks led to the withdrawal of private savings at record levels. This near-immediate global collapse of the financial system spurred governments to action.

              'SCENARIO 2: “CYBER PARADISE"

• ›  bilateral and multilateral efforts between states that ultimately led to a General Agreement on Confidence Building in Cyberspace (GACBC);

• ›  the diffusion and increased sophistication of cyber security systems/infrastructure, in particular advanced cryptographic and “electric fence” systems;

• ›  and lastly, the creation of a regime centering around the International Cyber Security Treaty.

As the Internet was expanded further into all aspects of daily economic and social interactions, attention to the topic by politicians and the media continued to grow. Henceforth, a conference program was initiated that included not only the US and China but also the European Union, India, Russia, and Brazil. The discussions in this “cyber club” carried over to G20 meetings, as cyber security became a priority issue in national defense.

 

 

 

 As 2021 now Comes to an End we heard the Echos within IT to Safeguard our Legacy Industrial Control Systems.  Updating ICS and the Electrical Grid Should be a #1 Priority for National Security. Unfortunately, either from State Sponsored Actors or from Political Mismanagement, Gov'ts tend to wait for something to break before addressing issues. The Great Reset now Comes to Mind when thinking about the Future of the Internet. The Cyber Attack Trends for 2022 and this Next Decade will Include Attacks on our Legacy ICS and much more. Cyber Attacks are now becoming Physical. Cyber War will not only effect Data, Communications and IT Systems; in this New Age a Cyber Attack Could Result in No Power during the Winter or Gas and Energy Shortages across the Country. We saw this with the Colonial Pipe Line Hack. More Ransomware Along with, IoT, Block Chain/Crypto Currency Wallet Attacks, Exchange Shutdowns and Deepfakes will be in the headlines. The Push for a New Global Internet like our now Global Economy will be at the Forefront of all Nations and the UN. The Internet has already become a vastly different place. We saw the Great Social Media Purge of Dissenting voices in 2018. Where Individuals, Organizations, Brands and Analytics can just be disappeared by Gatekeepers.   

Will we allow the Internet and our Power Grid to just become another Policy? A Thing for Bureaucrats and so called "Experts" to Control? Something to Campaign on When it's too late?

Government Failure Should Not Equal Loss of Rights and Security.

Lets Bullet Point Some Additional Reading on These Trends.

Biden Signs National Security Memo Addressing Industrial Control System Cybersecurity

White House: National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems

Cybersecurity & Infrastructure Security Agency  [GLOBAL]

Cyber-Attack on world’s largest meat processor highlights food system vulnerabilities June 2021

MITRE Framework on ICS Jan.2020

NIST: SolarWinds and Beyond: Improving the Cybersecurity of Software Supply Chains May 2021

ICANN and The United Nations 

Industrial Control Systems Joint Working Group (ICSJWG)

 CISA: Threat of Russian Attack on Critical Infrastructure 

 

 *** UPDATE JAN/2023

We are now seeing a trend in Power Grid Attacks Throughout the US.

FBI: Attacks on 4 Stations in 1 County

FBI: Shootings at Sub-Stations in NC 

FBI: GE Engineer Sentenced for Espionage

TIME: Power Grid Extremist Attacks

 

 

 

 

-Sodaghar 11/12/21

The Pandora Papers: World Leaders Offshore Accounts Global Conspiracy & Tax Evasion Exposed

 

ICIJ: The 150 news outlets that joined the investigative partnership include The Washington Post, the BBC, The Guardian, Radio France, Oštro Croatia, the Indian Express, Zimbabwe’s The Standard, Morocco’s Le Desk and Ecuador’s Diario El Universo.

 

  The Pandora Papers investigation unmasks the covert owners of offshore companies, incognito bank accounts, private jets, yachts, mansions, even  artworks by Picasso, Banksy and other masters – providing more information than what’s usually available to law enforcement agencies and cash-strapped governments.

Millions of leaked documents and the biggest journalism partnership in history have uncovered financial secrets of 35 current and former world leaders, more than 330 politicians and public officials in 91 countries and territories, and a global lineup of fugitives, con artists and murderers.

The secret documents expose offshore dealings of the King of Jordan, the presidents of Ukraine, Kenya and Ecuador, the prime minister of the Czech Republic and former British Prime Minister Tony Blair. The files also detail  financial activities of Russian President Vladimir Putin’s “unofficial minister of propaganda” and more than 130 billionaires from Russia, the United States, Turkey and other nations.

The leaked records reveal that many of the power players who could help  bring an end to the offshore system instead benefit from it – stashing assets in covert companies and trusts while their governments do little to slow a global stream of illicit money that enriches criminals and impoverishes nations.

Among the hidden treasures revealed in the documents:

• A $22 million chateau in the French Riviera – replete with a cinema and two swimming pools – purchased through offshore companies by the Czech Republic’s populist prime minister, a billionaire who has railed against the corruption of economic and political elites.

• More than $13 million tucked in a secrecy-shaded trust in the Great Plains of the United States by a scion of one of Guatemala’s most powerful families, a dynasty that controls a soap and lipsticks conglomerate that’s been accused of harming workers and the earth.

• Three beachfront mansions in Malibu purchased through three offshore companies for $68 million by the King of Jordan in the years after Jordanians filled the streets during Arab Spring to protest joblessness and corruption.

The secret records are known as the Pandora Papers.

The International Consortium of Investigative Journalists obtained the trove of more than 11.9 million confidential files and led a team of more than 600 journalists from 150 news outlets that spent two years sifting through them, tracking down hard-to-find sources and digging into court records and other public documents from dozens of countries.

The leaked records come from 14 offshore services firms from around the world that set up shell companies and other offshore nooks for clients often seeking to keep their financial activities in the shadows. The records include information about the dealings of nearly three times as many current and former country leaders as any previous leak of documents from offshore havens.

In an era of widening authoritarianism and inequality, the Pandora Papers investigation provides an unequaled perspective on how money and power operate in the 21st century – and how the rule of law has been bent and broken around the world by a system of financial secrecy enabled by the U.S. and other wealthy nations.

The findings by ICIJ and its media partners spotlight how deeply secretive finance has infiltrated global politics – and offer insights into why governments and global organizations have made little headway in ending offshore financial abuses.

An ICIJ analysis of the secret documents identified 956 companies in offshore havens tied to 336 high-level politicians and public officials, including country leaders, cabinet ministers, ambassadors and others. More than two-thirds of those companies were set up in the British Virgin Islands, a jurisdiction long known as a key cog in the offshore system.

At least $11.3 trillion is held “offshore,” according to a 2020 study by the Paris-based Organization for Economic Cooperation and Development. Because of the complexity and secrecy of the offshore system, it’s not possible to know how much of that wealth is tied to tax evasion and other crimes and how much of it involves funds that come from legitimate sources and have been reported to proper authorities.

Continue Reading 

 TGFN-10/22/21

 

How to Not be Hunter Biden: A Guide to Securing Data

 

UPDATE MARCH 2022: NYT FINALLY CONFIRMS INVESTIGATION

 

BREAKING: Rudy Giuliani has handed over the Hard Drive to Delaware State Police Stating: "There's a sexual depravity to this that's disgusting," and "This is a really very, very sensitive one," We now know that the Computer and Hard Drive of Hunter Biden, the Bombshell Story by The New York Post is Confirmed and Being Investigated by Multiple Agencies including the FBI and Senate Homeland Security Committee  Director of National Intelligence John Ratcliffe also said: "Let me be clear: the intelligence community doesn't believe that [the Laptop being Russian Dis-info] because there is no intelligence that supports that. And we have shared no intelligence with Adam Schiff, or any member of Congress." on FBN 

We might hear the echoes of Conspiracy around this data however, those with InfoSec/OpSec backgrounds know this data can easily be verified through metadata and forensic software like EnCase or DEFT. Also, IMO I believe that Chain of Custody was followed by the Shop Owner once this became his property after 90 Days. He is quoted: 'I think that it's not the government as an entire entity but I think there's a history in this country of people with political motives doing horrible things. I don't want to be on the receiving end of that.'

 

HOW TO NOT BE HUNTER BIDEN:

Both Windows 10 and MacOS have built in File Encryption Software for Data

• Both FileVault & DiskUtility for MacOS allow you to encrypt Files, Folders and Disk Drives.
• BitLocker for Windows also lets you Encrypt Data at Rest and Disk Drives.
  
• Set a BIOS Password - This is an easy quick option which won't let any Drives start unless a Password is entered. Less Secure because the BIOS can be flashed and reset but this requires time and physical access inside of the Computer. Also, a Disk Drive with no Encryption can just be removed and have it's Disk Image cloned.
• Don't store any actual data on your physical devices. Use Cloud Services like iCloud, DropBox, Google Drive 

Remember unless you write and rewrite over data numerous times files and meta data can still be recovered from a device. The Dept of Defense Standard for wiping Data recommends rewriting over data at least 3 times while being the most secure at 7 times.

Extra Reading:

• Boot Loader Security in Linux
• Free & Open Source Cyber Forensic Tools

- Sodaghar 10/20/20

ICANN and the United Nations

BBC: 
  The US has confirmed it is finally ready to cede power of the internet’s naming system, ending the almost 20-year process to hand over a crucial part of the internet's governance.

In an earlier post this year I wrote a little tidbit on how there is a DATA ESCROW AGENT Program. Anyone who followed that trail will know this is run by ICANN which stands for the Internet Corporation for Assigned Names and Numbers. Basically they are in charge of issuing your IP address. They control numbers, all numbers on the internet. Without an IP you don't exist on the web. In basic terms your IP links to their DNS (Domain Name System). They run the gTLD and this gives your place on the web(if they allow it). ICANN has the power to revoke your IP, NS, and DNS. In the previous article I said "There is also a DATA ESCROW AGENT program which is Big Brother in the realm of Internet Protocol." And this is now more solidified through the Alliance with the UN. In their first draft from ICANN on the DATA ESCROW AGENT program back in the late nineties it was something out of a sci-fi film giving AGENTS god-like powers over IP, Spying, and Data Mining. Into other things like 'How handwritten Encryption needs to be sent back to ICANN.'

  DATA AGENT third parties physically have the data, physically store the data  and physically send the data.

                    All data...

 In the mid 2000's ICANN and IRON MOUNTAIN formed the agreement on the new DATA ESCROW AGENT PROGRAM which used less tyrannical language but still held it's core belief, control. It's bad enough to know that a handful of people in the United States hold the Keys to the Internet but now it will be the UN and all their round tables.

Below is a link to these DATA ESCROW AGENT contracts and agreements along with ICANN's full archive of data.

ICANN FILES



                                                                                            -SODAGHAR 8/19/16

                                                                                                                       

The Open Source Intelligence Framework

Open Source Intelligence (OSINT) is defined as intelligence collected from publicly available sources. In the intelligence community, the term "open" refers to overt, publicly available sources; it is not related to open-source software or public intelligence. This form of gathering and analysis of information is crucial to understand for both cyber and physical security professionals. Today I want to look at some concepts and tools used in OSINT. I'd have to write a book to cover it all so I'll touch on some basics. First, being able to gain all the knowledge on a target or organization without having the daunting task of penetrating networks and finding vulnerabilities in the machines to then exploit those machines could prove to be priceless. Using OSINT and Social Engineering tactics such as NLP and Pretexting can literally give you any information desired. Mix in lock picking, disguise and stealth; soon you're on the way to a road less traveled in the cyber security field. I mention Cyber Security because with The Internet of Things and billions of devices online there are countless exploits and vulnerabilities. Companies hire technical auditors called Pentesters or Ethical Hackers to find vulnerabilities within their intranet and networks, however this only covers the technical aspect not the physical. Let's say for instance I was contracted to find the network vulnerabilities of the corporation. They are well secured with Web Application Firewalls, Mod_Security on their Apache servers to prevent SQL Injects, Reverse Proxies Load Balancers and it's just something on this given day I don't feel like spending my time on or getting the team together so what do I do? Well using OSINT I join their LinkedIn group and find out they hire a Third Party overnight Security. I also find out that there is overnight construction tasked with the new building add on set to complete next year BINGO! Now when I get to the gate I already know the names and details of the security team, their bosses, the construction crew and the foreman. "Hey sorry I'm not in the company truck today my wife is expecting any minute now, we're having a boy I'm so excited! So I'll need to be able to leave whenever. Mr. Smith (the construction foreman) is aware and they should be right behind me." This situation could of gone a million ways, I could of just used stealth and jumped the wall in a construction outfit disguise that matches the logo and design of the crew doing the work(which I found using OSINT). I could of called the Security Officer at the entrance gate on his cell phone with a spoofed number from his wife's cell phone all obtained online using OSINT told him I was a Doctor and she is critical condition and we need you to come to the hospital to sign off on surgery. Unethical, yes but you gotta be able to have the balls to do what needs to be done and a corporation like this should have protocols in place for any situation. Plus who knows once he leaves the entrance gate and finds out his wife is alive it might be the best day of his life! The point is I needed access to not only set up a router for a Man in The Middle attack(as Plan B) but because I know OSINT is greater than IT I just want to stick to my roots and dumpster dive(Plan A). Not only do I find their financial reports from last quarter. I also find the names of their internal staff, routers, ISP and other information that I'll use to eventually exploit their internal network. At the end of the day information like this can fetch a pretty penny to competitors or on the black market so don't call yourself a security professional if you only conduct audits behind a screen, you're far from it.

Some basic technical skills are needed however to understand the concepts of foot printing and finger printing. If a simple ancestry.com search can find your mother's maiden name, your social media profile lists your favorite things, your birthday and your children's name one can probably deduce your credit card PIN, and passwords without having to spend days using a brute force attack. Instead an attacker with this information could use a dictionary type attack giving the program being used clues and phrases that suit a specific target. These are all examples of using OSINT information that is readily available and in Open Sight. For the interest of time I'll now bullet point a list of tools and resources and you can take it from there.


Remember if your attack targets in the right area, is executed properly a simple punch can be deadly. This is the power of OSINT!



*Search Engines and Social Media: Sometimes a simple Google or Facebook search can give you all the information you need to hijack a company mixer and gain further intel.

*The Social Engineering Framework: Provides an outstanding collection of modern concepts and books and is really a one stop shop for all the tools you need.

*Shodan: The Worlds first search engine that lets you find anything connected to the internet. Instead of searching for words or people you can basically search IP tables. This is an amazing resource but be warned you may be tempted by the dark side once you go there.

*Video: The basics of Locking Picking DEFCon 13

*Google Dorking: Inputting Commands into your search to reap its benefits

*Dradis Framework: Provides a centralized repository of info that you can use and share

*Maltego: Focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining.

*Tineye: Reverse Image lookup that crawls the web to find all online locations of an image



We covered a lot in this one article and I know there is a ton of things missing but I hope this can provide you with a starting point and give you an understanding into the power Open Source Intelligence and how it impacts security in all aspects. Feel free to comment or contact me with any questions or if you have something to add.



How to open locks with a Nut-wrench old school technique

                       -SODAGHAR 1/18/16

Hotspot Hotwar

The sad fact is that most end users keep their Wi-Fi on at all times. With most devices the standard operation is to auto connect, or connect when the request is asked of it. I noticed a strange occurrence in my area; in which there are 8 xfinity hotspots within a block radius. I know COMCAST provides these to their users for the ability to connect when abroad. However seeing more than 2 in a given area seemed odd. Having curiosity I began to investigate. Before I connected I did some footprinting and noticed these 8 seemingly innocent hotspots all shared the same MAC ADDRESSES of only 3 ACCESS POINTS. One of the more odd facts is that two of the three AP's had routers which belong to AT&T. With certain tools I was able to pinpoint with precise detail the location and physical address of said Access Points. These 8 "xfinity" hotspots are all coming from the exact location and sharing the same MAC ADDRESSES of the 3 AP's there in.
  The security risk happens when a device connects. Immediately the device is flooded with packets which hold PAYLOADS linking to APPSFLYER.COM. These payloads are designed to to change the device DNS, backdoor the device and use it as a slave/botnet for PAY PER CLICK and other AD REVENUE AFFILIATE PROGRAMS as shown in this snippet of the payload

00f0  20 42 75 69 6c 64 2f 4a  5a 4f 35 34 4b 29 0d 0a    Build/J ZO54K)..
0100  48 6f 73 74 3a 20 74 72  61 63 6b 2e 61 70 70 73   Host: tr ack.apps
0110  66 6c 79 65 72 2e 63 6f  6d 0d 0a 41 63 63 65 70   flyer.co m..Accep
0120  74 2d 45 6e 63 6f 64 69  6e 67 3a 20 67 7a 69 70   t-Encodi ng: gzip ...


 Further investigations shows of my DEVICE and ANY NETWORK I connected to; after receiving the PAYLOAD, would have it's DNS changed and credentials spoofed to serve the benefit of those generating ad revenue. In the simplest of terms what this means is; if the infected device or network was go to https://ICANN.org the traffic is rerouted and web traffic is then falsely represented generating ad and pay per click revenue for affiliates.

 Additionally the "xfinity" hotspot login page is SSL STRIPPED and a XSRF meaning it is an illusion of the actual site and anyone who enters their login info would have it and all data on the device compromised.
//this is know as Drive by Pharming and confirmed through use of the Metasploit Framework//

 I don't blame these low level, affiliate, PPC criminals for this operation, heck I haven't even told proper authorities of these actions with the hard evidence I have. Most people with newer, faster phones wouldn't notice these payloads being unleashed upon their system. The broadcast strength is so powerful these 8 "xfinity" hotspots stretch for about 1 kilometer so even driving by, having Wi-Fi on within a few seconds you'll have connected, received the payloads and by the time you've gone up the block the signal drops and none the wiser. Even if you take certain basic security measures within system settings there is still risk.

 These routers are sending out ARP and WoL packets that will trick a less secure device into connecting as soon as it enters its sphere of influence. Now, by the time we're home we've ingested megabytes of payloads, trojans and any other types of Malware from operations like this or by any malicious person/s.

These payloads, Cross Site Scripting and SSL exploits reach all the way to the top through allowance and negligence. Corporations, ISPs and even ICANN from a top down approach are all responsible for web crawlers, botnets and fake internet traffic.

 Only through education of threats and being aware of the technology around us we can be more secure in not just our own lives but of those around us.

Summary:
*Keep Wi-Fi off
*Be cautious of any open networks
*Be security minded
*Be Aware

//

Below you will find a link to my google drive which has the full packet captures for you to analyze of this specific event.
PACKET WARS


                                                                                                             -SODAGHAR 11/20/15

Guccifer Arrested

RT: Guccifer, the infamous Romanian hacker who accessed emails of celebrities and top US officials, will be extradited to the United States, after losing a case in his home country’s top court.


Reuters reports that Lehel will come to the US under an 18-month extradition order, following a request made by the US authorities. Details of the extradition have not been made public, however.

Marcel Lehel, a 42-year-old hacker better known by his pseudonym “Guccifer,” achieved notoriety when he released an email with images of paintings by former President George W. Bush, including a self-portrait in a bathtub. He also hacked and published emails from celebrities Leonardo DiCaprio, Steve Martin and Mariel Hemingway.Also released were emails between former Secretary of State Colin Powell and Corina Cretu, a Romanian member of European Parliament, prompting Powell to deny that the two had had an affair.

Perhaps most notably, Lehel was also the first source to uncover Hillary Clinton’s improper use of a private email account while she was Secretary of State, which the FBI is investigating as a potential danger to national security.

In March 2013, the hacker released to RT and several other news outlets the four memos that had been sent to Clinton from her former political adviser Sidney Blumenthal. The memos contain information regarding the September 11, 2012 attacks on the US diplomatic mission in Benghazi, Libya, as well as the January 2013 hostage crisis in In Amenas, Algeria.

Lehel was indicted by the Department of Justice in 2014 on charges of wire fraud, unauthorized access to a protected computer, cyberstalking, aggravated identity theft and obstruction of justice.

In 2014 a Romanian court sentenced to four years in jail for hacking into the accounts of the country’s public figures “with the aim of getting… confidential data” as well as violating his parole. He is serving three years on top of that for other hacking-related offenses. After his extradition to the US, Lehel will return to Romania to serve out his sentences there.

The Romanian national, who goes by the pseudonym “Small Fume” in addition to Guccifer, is an unemployed taxi driver and paint salesman, and he says that he accessed the emails by using social engineering methods that included guessing the answers to security questions to access various accounts.

"I don't oppose. I go there to United States to fight. I know what I did and this is okay with me," Guccifer said in February to The Smoking Gun, where he published many of the documents he found.

Prosecutors have said that Lehel has a “compulsive need to be famous,” according to The Register.