Tuesday, February 22, 2011

They're using malware to spy on bloggers

There's more news about the Chamber of Commerce's planned attempt to harass and smear critics. The best one-stop source of info is this BradBlog investigation. Here's the part that really hits home, for reasons which we will explain presently:
Last night, ThinkProgress' Lee Fang reported the plan being solicited by the Chamber's law firm Hunton & Williams included plans "to use exploits to steal information from the Chamber's opponents, or worse." The Team Themis proposal "boasted of HBGary Federal's capabilities in 'Information Operations,' a military contractor term for offensive data extraction techniques typically reserved for use against terrorist groups. The slide [from one of their Power Point presentations] includes sections on 'Vulnerability Research/Exploit Development' and 'Malware Analysis and Reverse Engineering.'"
From the Fang article:
HBGary, the parent company of HBGary Federal, specializes in analyzing “malware,” computer viruses that are used to maliciously steal data from computers or networks. In other presentations, Barr makes clear that his expertise in “Information Operations” covers forms of hacking like a “computer network attack,” “custom malware development,” and “persistent software implants.” The presentation shows Barr boasting that he had knowledge of using “zero day” attacks to exploit vulnerabilities in Flash, Java, Windows 2000 and other programs to steal data from a target’s computer.

Indeed, malware hacking appears to be a key service sold by HBGary Federal. Describing a “spear phishing” strategy (an illegal form of hacking), Barr advised his colleague Greg Hoglund that “We should have a capability to do this to our adversaries.” In another e-mail chain, HBGary Federal executives discuss using a fake “patriotic video of our soldiers overseas” to induce military officials to open malicious data extraction viruses. In September, HBGary Federal executives again contemplate their success of a dummy “evite” e-mail used to maliciously hack target computers.

Some of the initial e-mails discussing the Chamber deal with Team Themis stress the fact that HBGary Federal would provide “expertise on ‘digital intellgence collection’ and social media exploitation.’”

Barr also sent another document to the Chamber’s attorney describing in greater detail Team Themis’ hacking abilities (download a copy here). In one section, Team Themis claims that “if/when Hunton & Williams LLP needs or desire,” they can use “direct engagement” to “provide valuable information that cannot be acquired through other means.”
Aaran Barr, head honcho of spy firm HBGary, demonstrated what he could do by hacking into a computer used by the wife of a Chamber of Commerce attorney.
“If I can exploit her account through one of her social connections I can exploit the home network/system,” he wrote. This explains why Team Themis devoted so much time to researching the families and children of progressive activists, to find vulnerabilities in their computer systems.
Here's where it gets personal.

Long-time readers may know that, during the 2008 campaign, I did everything in my humble power to help publicize the investigative journalism of Evelyn Pringle, who had uncovered Obama's trail of corruption in Illinois. There was an unnerving follow-up.

Forgive a bit of self-quotation:
I received an email message allegedly from Evelyn Pringle, the author whose investigative pieces on Tony Rezko and Barack Obama I discussed in several posts published in 2008. I corresponded with Pringle a few times, though the messages were never substantive or sensitive. Her email address was lodged somewhere in my Yahoo email account -- and presumably my address was in her account.

The new message from "Pringle" contained nothing but a link. The link went to a web page selling consumer items. I had never seen that particular site before, although we have all seen that kind of site. I closed the page within a few seconds, then studied the Pringle message more carefully.

It did not come from the account of the real Evelyn Pringle. Someone was pretending to be her.

After that odd incident, my computer began to act very strangely. Among the strange happenings: I had to press "publish" or "reject" twice when moderating comments. I got the hinky, uncanny feeling that someone else was reading those comments, even the ones that were never published. (The vast majority of these are spam.)

As you know, I also received a message informing me that other people were logged onto this computer.

Thus, a total re-install on a new HD.
That solved the problem -- but it's not something anyone cares to do on a regular basis.

In these realms, paranoia is our friend. I do a complete malware scan on my system nearly every day. I use every free, well-reviewed anti-malware program available -- including (but not limited to) Ad-Aware, PrevX, Emsisoft, Sophos, and Malwarebytes. Although the primary anti-virus software used on this system will go unnamed, I can mention that I have tried pretty much every vendor out there, because they all offer free 30-day try-outs period. Re-imaging the disc allows one to restart the trials all over again.

(Incidentally, if you are looking for a recommendation, you may want to consider ESET NOD32, which you can use free for a month, and Trend Micro's HouseCall, which is free.)

Of course, one should steer clear of Facebook and other social networking systems. Facebook is unnecessary and intrusive -- yet another disguise for Big Brother. Fortunately, an increasing number of people have wised up to the Facebook scam.

Here's the problem: An individual blogger can stock up on anti-malware software and re-image the C drive and change passwords and play with proxies and do all of that other security stuff -- but other people sharing the broadband connection may find that level of paranoia tiresome.

That's why the bad guys want to know about any friends or family members who share a domicile with a targeted blogger.

So please keep in mind -- if your favorite blogger starts to act as if "they" are out to get him or her, don't smirk at his or her irrational fears. "They" really are out to get bloggers. I'm small potatoes, so there probably won't be a smear campaign directed against yours truly. But if you wake up one day to see "evidence" that a popular and influential writer used the word "nigger" or committed bigamy or downloaded kiddie porn or solicited a hit man or said nice things about Osama Bin Laden...

...don't buy it.

By the way: Notice that no-one is spying on the teabaggers. What more evidence do we need that the Tea Party represents no threat to the Establishment -- that, in fact, the teabagger movement is a creation of the Establishment?

8 comments:

Jotman said...

No, you're not alone.

One day early last summer I went to my blog -- it's hosted on Blogger -- and there was one of those login boxes. I couldn't do anything to my blog, because the login box was in the way. The login box had the words "navy.mil" on it. It didn't say much else besides that, just "login."

After several minutes it went away. I could find no explanation for it. Why this would have appeared, I really don't know for sure. I have tended to assume it could be related one post in particular I wrote concerning Wikileaks. It's usually the first post that's listed if you happen to google me.

Also in the summer, I received an email from Facebook that my account had been suspiciously accessed by someone in another city.

Anonymous said...

-> Trend Micro?
To whom were entrusted hard disks
from WTC?
And who were purchased by Kroll just after that?
Oi,oi..

Zolodoco said...

I'll repeat something I said a long time ago. Install linux (because it's free) on a virtual machine, using something like VMWare or VirtualBox which lets you keep a snapshot of the machine. Conduct all of your online work through that linux system, and then restore the snapshot when you're done, wiping out any changes. I do this with Xubuntu, taking a new snapshot every time I do updates or need to install/uninstall something.

Anonymous said...

Part 1

Besides being an experienced engineer I have a solid background in technology and systems design with patents and copyrights. Personally working on a computer on a daily basis allows us to get used to the little quirks the computer has much like looking at its personality and what separates it from others. This is brought out if you are able to work on a public library computer where they refresh the Windows system every two hours. How this works is they have a HD image saved that recopies the working area so when starting a session, there is a clean virgin running Windows system each time. Normally within ten minutes on the internet we are hit.

Why is the difference important? If you're able to experience using an image cycled system regularly you'll quickly see when you're system has been invaded. Many things change and it's very obvious. Experiencing this provides a good basis for comparison when your home system that’s pretty well mucked up.

It's not difficult to tell when someone is in your system. Of course it's even easier to tell when there are more than two inside. Knowing what to look for requires another post.

The little quirks noticed in the software are most likely from someone planting something and there are a wide variety of ways to do this. Once starting to notice these quirks, you'll start to see many more.

Malware and other software Trojans are old technology mostly used for finding someone. They act like a beacon broadcasting a message back to the owner. Realize that if they don't know you how are they going to locate where you are? Accept that there are levels of skill and the higher techs can come in using their own methods many which are backdoors.

But there is another worry that everyone needs to be aware of. Most of us have cable TV. All Cable boxes have cameras and microphones capable of picking up whispers at 50feet. The boxes have other functions allowing them to enter other electronic devices using RFID technology. The boxes being on the internet are easily accessed through the internet but they can break into your system without an internet connection. My home desktops, each one never had internet connection or wireless hardware yet they were all broken into on a regular basis. The last system prior to the one I’m using was purposely burned up. The one I’m using now has a netcard that is accessible using this method without an internet connection. However it’s been recently changed with being connected to the Internet.

Communication is two way with RFID technology. The reach of these boxes surpasses 150feet so if you don't have a cable box or it's not working, your neighbor has one for them to use and they will easily find them. The box functions are controlled digitally and the antenna reach control seems to be either automatically set or limited digitally. The homes where I live are spaced on ~100foot centers. A few neighbors have complained about the poor performance with connecting to their wireless computers. In one case, the reach was less than 50 feet. When I tried connecting to their home port, my system wasn’t able to get a working signal yet with others in the past I was.

Anonymous said...

Part 2

I'm a favorite target as a Federal Whistleblower, someone always wants to know what I'm doing 24/7 using micro-snooping. I know from experience that a great number of homes have been bought up right around me by people who I would claim are involved with micro-snooping. It’s a long story for another time but there is convincing evidence to support my comment.

I have collections of computer equipment that are burned up. If I'm not mistaken I’ve read that the Pentagon and NSA have met with most hardware manufactures and to me this may have been about installing the RFID chips on their hardware products.

With me, they’ve tried going after everything I use even medical testing devices that were used on my Mom while alive. Don't forget that RFID technology may be installed on any devices buried under the skin since it doesn't require a direct connection. Keep in mind that turning the device off may also be a function available to these people as well.

My world isn't at all private. For it to be private I would have to drive into an area where I’m more than 250feet from any cable box and hopefully no one followed me which can be another issue. Using a pen and paper isn't desired these days but is the only option to remain private. If I were to write something in an electronically private area, when returning it would be found and most likely deleted as with all of my attempts for writing a book.

Recently I brought in the internet at home and no longer go to the public library. Doing so required upgrading a few devices such as a new monitor. After setting up the monitor, it didn't take long for someone to burn out the setup electronics rendering the unit none functioning. It was replaced the next day and all setups were made at the store before bringing it home. There seems to be a function used in these boxes to either freeze your electronics thus burning out something or to talk to the setup function directly. My experience suggests they freeze the electronics. I've experienced many different devices frozen while trying to use them. The unit acts as though the CPU central to controlling it had crashed. Normally when encountering a crashed CPU, the power has to be removed for a period of time. This is done so the original ROM code can be downloaded back into the CPU memory are. The crash sometimes comes from the memory being corrupted and this is one of their targets with burning up the unit.

I would like to get my hands on a function list with what these boxes can do. Anyone have this that they can send me?

Marty Didier
Northbrook, IL

arbusto205 said...

Mental illness sucks, over the internet it seems impossible to help.

Separately, Zolodoco offers good advice. A little warning though, although highly unlikely in broad bad-guy use, I've seen code jump out of a VM. It makes quite an impression! Still, I second your technique.

Anonymous said...

The mental illness point is most interesting. Someone ought to tally how many have been approached by law enforcement for reporting others when in fact it is their own ignorance and possibly stupidity or maybe done on purpose that is behind what was reported. Normally these people can be called "Useful Idiots" as they fall into the right place at the right time for someone else to use them for their own interests.

The real proof is with what has happened over all this time with those who have been victims of this reporting......and how many others involved in trying to shut them up have gotten themselves into trouble....

Being a Whistleblower lends the person to be a target for this and many other insane acts of harassment and much more. I personally know a few other Whistleblowers who will openly explain as I am what has happened to them and the story is very similar. But the real fun part is witnessing those who still think they need to try end up in trouble time and time again. Personally I feel one real mental illness problem is with those who are behind this are witnessing this change and don't get it time and time again. What part of NO isn't being understood?

It's taken some time but many others are starting to understand when reading posts who has value and who doesn't....Then of course it's easier now to tell who may have mental illness and who doesn't over the internet.

Marty Didier
Northbrook, IL

arbusto205 said...

Thanks for an elaborate answer, point received. Of course I was probably talking about Joe, he is one crazy hombre. I hope to buy him a really good soup someday.