[Full-disclosure] Cyberflexing: A response to Mark Seiden
xploitable at gmail.com
Mon Apr 14 17:57:59 BST 2008
I like what you say about a chinese IP space attacks or cyber crime
might not be the chinese government or its people,but could as easily
be another government who is carrying out cyber attacks and cyber
crime and making all evidence point towards China.
On the point of romanian teenagers, I don't think its right for you to
mention age here, that really stuck out as a critical error of
judgement you've made there.
Age, should not be the issue here. you can get people of all ages
creating a bot net for whatever purpose, and the profiteering seen in
the scene nowadays, there is business incentive for bot nets to be
developed too. Not only do we have individuals and groups in the
hacker underground with reasons to create bot nets, we've now got the
entry into the soup of the U.S Cyber Command and other governments
entering into the political cyber space. So not only have you got the
romanian teen theory of yours, we've now got the possibility of
governments, including Russia, U.S and UK who may have a vested
interests for cyber attacks, cyber crime and cyber espionage to point
towards chinese IP space. And, just the same that the IP range is
coming from China, the code is written in chinese and the money to buy
a phishing domain was Chinese yuan, and the company the domain was
registered at doesn't conclusively mean the attack is coming from the
Chinese government or even its citizens.
The government hackers, and state sponsored hacks by RU, US, UK all
know to cover their tracks and have all bases covered to fool forensic
analysts later on. Any good cyber attack is planned in the notion that
you're working from the point of forensic analysis backwards, you
don't plan your cyber attacks from the frontend to the back, well
script kiddies and dumb hackers do.
You work your attack from the back to the front. Backwards hacking I
call it, or Microwaving. You cook your target from the inside
outwards... in the attack mode, but in the planning stages, you must
work back to front to avoid possible detection by your targets
forensic team when they go into post-attack investigative mode.
The target may be a government or corporation you're gathering
intelligence from, or in the case of bot net, the cyber crime and
profiteering or bandwidth data attack to take out key infrastructure
of a government or corporation. Remember the U.S cyber command wants
to destroy important data of its adversaries, so backups of important
documents are an extra need to be needed for when the U.S cyber
command gets underway.
Russia is home to one of cyber crimes biggest bot net the Storm Worm
and FSB (the russian secret service) is protecting the Russian
Business Network owners from being arrested by western powers. If you
really want to get bot net culture under control you must start with
the biggest bot net of them all, and perhaps the most worrying of all
bot bets, the government bot net or the state sponsored bot net who
are capitalizing from the huge revenue globally to be made from cyber
crime, which has been proved to be a bigger trade now than illegal
drug trafficking and selling of those drugs in our towns and cities.
The government's of our world have every reason to point their bot
net's forensic outcome towards China, and to publish propaganda to the
media to make the Chinese government and its citizens look like they
are the number one cyber threat to the west, when most probably, the
true source of attacks is coming from U.S, UK or Russia.
I believe the number one cyber threat to the west is Russia, _but_ I
believe the overall number one cyber threat to the internet and its
well being at large is that of the United States Cyber Command and its
shoulder to shoulder friends in the United Kingdom, who are likely to
share the same cyber political agenda as far as breaking into things,
attacking things, destroying data and other activities for the reason
of the long term strategic interest of national security for both US/
The national interest of US/UK won't necessary be the interest of the
internet at large and its survival as a country-less global
infrastructure for data exchange of government, e-commerce and
civilian of economic, security and leisure.
To conclude, the cyber threat from bot nets is no longer the teenager
or the humble individual anymore, its moved on from that. The true
threat now is from cyber command's of various countries who will do
anything they can to attack back their adversaries, if they are
attacked first, or if its in the national interest for a pre-emptive
cyber strike. Not only is government sponsored or government based
"attacks" the real threat now compared to the past when it was teen or
adolescents, its now militaries and its intelligence agencies who are
becoming the real problem on the internet, not the traditional
adolescent in its bedroom or college computer lab causing mayhem, its
now government cyber attacks, and government cyber crime is now the
new threat of today.
In your defense, the Estonia attack that everyone is getting worried
about as a proof of concept attack for world governments to wake up
and build cyber commands, turned out to of been carried out by a teen,
who was charged for creating a bot net, but he could easily be a
scapegoat plant for the Russian Business Network guys, who are widely
blamed for the Estonia attack by people in the know.
I'm not a government hacker for the UK, but I live in the UK as an
unemployed student. I know what's going on and I have monitored the
cyber security scene extensively for the last 9 years in many forms
and formats. I started off as a script kid on Yahoo--then worked my
way up, I currently run under my internet alias known to the security
community as "n3td3v". I have been misreported by the media and others
as a troll, this is not the case.
I continue to receive criticism for my outspoken and rude behaviour,
but in amongst that is true substance and cause in what I believe to
be the way things are in the cyber security landscape and the way its
developing towards 2010 and beyond.
n3td3v currently runs a news group on Google groups with over 4000
members and climbing, however please remember n3td3v operates as an
individual security researcher, there is no group of researchers
working under the n3td3v tag, and the members of the news group are
only the public at large who are not operated or controlled by me, it
is a news group for sharing information, news articles and other
commentry from around the world IP space.
Mark Seiden is no stranger to n3td3v, he knows me better than most on
the internet, he holds many n3td3v secrets and knows my true identity.
We don't get on as common friends, but we have had e-mail exchange
with one another and instant message exchange since my time
researching in Yahoo as a member of the security community. Offering
him enough money and he may give you key intelligence on n3td3v,
however I know him better to respect my privacy, although him passing
intelligence about me to certain government officials in the
intelligence service is a real assumption for n3td3v---however this
hasn't phased me since i'm a true whitehat who one day wants to work
on a government level in cyber security.
Mark Seiden is a high powered senior security consultant on a global
scale agenda, he advises and contributes to the security of many
government agencies and corporations around the world, His name is in
the top cyber elite's as a true recommended security expert for many
high level issues in the cyber world today. You can learn more, here
This was in reply to Mark Seiden's "Cyberflexing" Blog post.
An IRC transcript between n3td3v and a former U.S Navy cyber security expert
on the worries of the U.S cyber command and its upcoming impact on the
To highlight, the security community will no longer post
vulnerabilities to the mailing lists, when Af cyber based attacks, or
suspicious cyber attacks on different countries start to be reported
by our media and the security industry's businesses, especially if
power infrastructure is affected and we in the security community
start to personally suffer our quality of life due to unknown
attackers who are largely believed to be connected with the
establishment of the U.S cyber command.
For instance, if the U.S suffer a cyber attack, and its blamed on X
government or regime, are U.S hackers going to keep releasing
vulnerabilities to mailing lists, helping that X government obtain
further cyber ammo, or new technique/ research ideas. If the UK gets
hit by a cyber attack and its largely believed to be the U.S cyber
command, are U.K or the rest of the world going to continue to post
vulnerabilities, cyber ammo, or or new technique/ research ideas to
mailing lists? The answer is likely no, considering they won't want to
help the United States learn of new hack techniques, its likely the
uprise of U.S cyber command and a cyber war of real proportion would
slow down, if not kill the vulnerability release scene on the world
wide web and push the scene back underground into the dark ages before
wide spread full-disclosure was around.
If real case cyber attacks start to happen on big scale, that stops a
country from operating as it should, and the everyday life of security
researchers are disabled, or restricted because of national
infrastructure attacks by an individual, a group, a government, then
they aren't going to keep disclosing vulnerabilities to mailing lists
to help the cyber terrorist or cyber military to aid them in any
on-going attack, or help them gather ideas for later attacks after the
The government and its enemies will suffer from a lack of publically
disclosed vulnerabilities by security researchers, meaning the
government of whatever countries are going to have to be self
sufficient with research, zero-day discovery, and vulnerability
development, as in a time of cyber war, they won't have independent
security researchers from the security community publishing new
cutting edge cyber ammo to the mailing lists at large.
If a government and its enemies think people aren't going to notice
suspicious spectaculars connected with power outages then they need to
re-work what their strategy for covering it up will be to the world's
intelligence services and the security community at large.
If the Af cyber command think they are going to start attacking
things, destroying adversaries data and blacking out power grids of
enemy states and that, that kind of thing won't be cloaked by everyone
they have got to think again, because you've already declared you're
planning on cyber war once your offensive command and its staff are
trained and fully briefed and covert operation detail has been decided
The homepage of the upcoming U.S cyber command.
A blog entry report on the scapegoat for the Estonia attack.
The attack on Estonia and its impact on the security industry is not
fully known, although it was a landmark event for many cascading
events, political decisions and business marketing plans and media
It could be assumed the Estonia attack has benefited the United States
agenda more than any other country, which the announcement of the Af
cyber command was based around that attack, so there is room for
speculation that there could have been underground deals with U.S, UK,
Russia and Estonia for this cyber attack to take place as a pathway
for a cyber war footing to mark the way for the Af cyber command and
to get funding for such a command.
My ending paragraph above cannot to proved and is unlikely to be, but
it has to be mentioned at the end of this response, as the real
beneficiaries of the Estonia cyber attack has been the United States
and funding of the new cyber command.
As noted by n3td3v previously, the security community and the security
industry are two different things, the security industry is eager to
use the Estonia attack to forward their business motives, and the
government are eager to use it to politically capitalise. While the
security community, a different species compared to the industry,
keeps sitting, watching, analyzing and working out the truth between
the propaganda lines spat out by our media and what's really going on
between governments in the underworld.
The security community is no fool to the security industry, we're
aware of what's going on and we're not gullible to the propaganda
being put infront of our computer screen and through media outlets and
Full-Disclosure is hosted and sponsored by Secunia.