Wednesday, November 20, 2013

When Terrorism Is Not Terrorism

 Read:

What is Terrorism:
Terrorism is an act that brings terror to the people and cause collateral damages. Terrorist attacks caused by Terrorism are usually targeted against civilian targets to bring unrest and cause fear in the minds of the people to force the people to conform to mental behaviours the attackers want the people to exhibit all for the intent of a specific political outcome.



Applicability of Terrorism:
Let us investigate into the applicability of the term of Terrorism for the hacktivism that Anonymous carried out. The Anonymous defaced the webpages and executed Denial of Service attacks on the digital assets of the Singapore Government. That is considered vandalism .... NOT VIOLENCE !

Did Anonymous go in and wipe off databases and critical operations data on the digital assets of the Singapore Government ? So far there is no evidence to suggest that violence a.k.a deleting or corrupting databases and data assets of Singapore Government actually took place.

Violence would have meant that Anonymous got in and simply dump stuff all over the place, deleted data, corrupted files or in a more severe scenario, they could have used compromised systems to meddle with the traffic lights, train services, military signalling ... etc ... but nothing happened to us in the physical world. Everything got on fine and people have the luxury of time to point fingers on whose fault it is that allowed Anonymous to compromise and get into the digital systems of the Singapore Government. All the Anonymous did was simply voiced themselves using the compromised systems and nothing more than that to make themselves heard.

Cheapening of the word "Terrorism":
I agree with security expert, Bruce Schneier, on the cheapening of the word "Terrorism" and the rampant use of it these days by those who are unhappy and would like to push their fault onto others. Why didn't the Singapore Government ensure the security of their digital assets and allow some loose hacktivist group like Anonymous to pwnz them and their digital assets. The Government is suppose to dictate and set a high security standard for the local industry to follow in order to secure our nation's e-commerce capabilities but it seems the Singapore Government failed to do so in setting up a good example.

Friday, November 15, 2013

March of Hypocritism

Read:

We should replace all the army songs with something more suitable to the atmosphere with the song below. It shall be mandatory that all NSF and NSMen are to memorize this song by heart in honour and glory of our nation's decisive and wise decisions.
The march of the hypocrites goes trololol trololol,
The march of the hypocrites goes trololol trololol,
All day round. 
Sing this splendid marching song,
Oh comrades at arms.
Trololol trololol...
This is the only song we can sing,
For the splendid glory of the country. 
The march of the hypocrites goes trololol trololol,
The march of the hypocrites goes trololol trololol,
All month round. 
Raping and fucking is disallowed,
Only beating ass and murdering is allowed.
Trololol trololol...
For the hypocrites we are and those we please,
Gloriously singing this righteous song,
So it is... 
The march of the hypocrites goes trololol trololol,
The march of the hypocrites goes trololol trololol,
All year round. 
Sing this splendid marching song,
For we fear we may displease the powers that be.
Trololol trololol...
For the glorious hypocrisy we sing this song,
Without which we shall all perish,
Ohohoh... 
The march of the hypocrites goes trololol trololol,
The march of the hypocrites goes trololol trololol,
Endlessly....

Which army songs do not contain vulgarities ? These stuff are not meant to be taken seriously and are simply used to boost morale for the troops that are suffering from fatigue during long marches carrying heavy loads on their bodies. The human mind simply brighten up when they are in contact with such phrases due to conditioning and these songs have been there for a long time as an army heritage connecting the past to the present and future. The sudden guilt feeling and removal of 'misogynist' lyrics is simply a bad knee jerk reaction and a displeasure to old heritage... oh and not to forget ... the ever rampant hypocrisies we face in the army besides the normal workplace.

Thursday, November 14, 2013

De-Anonymizing In Doubt

Read:

The Government of Singapore attempted to put headlines for their supposed arrest of people connected to Anonymous hacktivists in certain ways be it outright physical protest or hacktivism. The mode they exude is kind of like "Yeah, we scored goal" when they charged a guy named James Raj for supposedly hacking the Ang Mo Kio Town Council site and supposedly signing off as the elusive "The Messiah" who have coordinated hacktivist activities against the digital properties owned by the Singapore Government.

In my opinion, as I have experienced in previous posts, Anonymous and "The Messiah" are simply names that anyone can use to spoof their actual identities with fake aliases. In fact, the Singapore Government had made no headways (in my view) on finding out the true faces of this elusive group of hacktivists called "Anonymous". The US Government have spent so much efforts and resources in multiple attempts to unmask the so-called "Anonymous" and to exterminate them but they are still alive and kicking really hard.

According to the news reports, the Singapore Government quickly announced that they have made headways into investigation on the attacks made by "The Messiah" and Anonymous only some days after the hacking sprees have passed. I am really doubtful if the Singapore Government got their things right because an investigation is not a simple affair and simply takes huge amount of time and effort for a single hack to be investigated let alone the multiple disruptions "The Messiah" have created on the Singapore Government's digital assets.

I am pretty doubtful on the capabilities of the Singapore Government to be able to quickly nab the supposed "Messiah" in such a short time given the fact that collecting evidence from a single crime scene is already hard enough as the investigators need to decide on computer forensic methodologies to extract evidences from a single crime scene. Here we have multiple crime scenes (multiple exploited digital assets / websites / servers) that have been created by "The Messiah" and Anonymous. One can imagine the vast extend of resources and capabilities that have to be committed to such a massive investigation. Besides collecting crime scene evidences, the work to restore so many compromised assets and to harden all of them from future attacks is a surmounting task to be completed in a short amount of time. Where would there be enough time and resource to commit a verdict that the Singapore Government have found extensive evidences relating to "The Messiah" and Anonymous ?

The 15 people who have been arrested for attempting a protest dressed in Guy Fawkes mask might be "helpful" to the Singapore Government by the use of coercion or abuses and turned as spies or to reveal identities or methodologies regarding Anonymous or "The Messiah" if they have information regarding them. Who knows what the Singapore Government would do to them keeping in mind that the Singapore Government's may use ruthless techniques in extracting information are not different from that of their allies.

I wonder how much headway the Singapore Government would make in an attempt to unmask the attackers against their digital assets considering the technical expertise of the Anonymous and "The Messiah" are not that of some amateur's show. The use of strong encryption, authentication and identity anonymisation used by the Anonymous and coupled with Anonymous as a loose group and an identity that anyone can use to their own likings makes it harder to understand and unmask them.

If the Singapore Government could release their evidences transparently in public for the academic groups to study, it will allow a better understanding on the extend of damage the Government have faced from the attacks by the Anonymous and would also allow the public to comprehend the current situation and a fair trail for those who are involved as I am doubtful that the Government of Singapore have gotten anything useful and I would suspect a mis-trail or a possible chain of miscarriage of justice that might occur if the Singapore Government are not fully transparent on their investigations and evidences.

I would also encourage the Singapore Government to engage in more dialogues with citizens to listen to any grievances rather than their usual tactic of sueing people whenever they find their egos butt hurt or hulling them into a dark corner whenever they please and also to be more transparent in their workings to be ahead of other world Governments out there and to set a standard for other Governments to follow and for the people of Singapore to respect.


Friday, November 8, 2013

Anonymous and SG Govt

Here is some of my personal comments on the current Anonymous activities against the SINGAPORE GOVERNMENT.

Read this:
http://sg.news.yahoo.com/anonymous-threatens-singapore-government-in-youtube-video-091443515.html

Watch this:

INTRODUCTIONS:
The Anonymous hacktivist group, in a few campaigns of their own, have threatened the SINGAPORE GOVERNMENT (instead of Singaporeans) and managed to infiltrate the servers belonging to the SINGAPORE GOVERNMENT (SG Govt). The Prime Minister's Office web servers were not spared when the SG Govt threatened to capture members of the Anonymous who are responsible for attacking the servers of  the SG Govt. SG Govt loyalist and news agencies under the direct command of the SG Govt attempts to misrepresent these events as a direct cyber attack against Singapore and her citizens in an attempt to enrage the Singapore citizens into denouncing the Anonymous hacktivist group.
IDENTIFYING ANONYMOUS:
Before anyone can attempt to identify the members of the Anonymous hacktivist group, a brief understanding on what the Anonymous group is and how it operates is the key to attempting to identify possible Anonymous members. Anonymous is a loose collective of hacktivist that does not have a central command structure. They have their own sub-groups and territories but most of them are loosely associated that uses the power of the loose collective of hacktivist to execute and coordinate their operations. Since they are a loose group with no central command, it is very hard to identify them. The only way to identify members of the Anonymous whom have attacked the SG Govt's servers is either they betray their comrade's identity or they reveal their own identity consciously or accidentally.
CYBERWAR:
Some people will consider the attacks by Anonymous as a cyberwar against Singapore or the SG Govt but let me assure anyone reading, a cyberwar defined by Security Experts like Bruce Schneier defines cyberwar as multiple countries engaging each other in warfare using electronic means during wartime events. So, for those who love to promote such hacktivist events as cyberwar, you are trying real hard to deceive the public and love promoting FUD (Fear, Uncertainty and Doubt). Shame on those who blame this event as a cyberwar attempt.

TECHNICALITIES:
Technology plays a big part in this event. The SG Govt use a mix of Java technology, Microsoft's .NET technology and Microsoft's IIS servers. It is not difficult to identify the technologies used by observing the page types (.JSP, .JSPX, .ASP, .ASPX, .do) and from the HTTP headers when interacting with their servers. Java have been known to have a whole sleuth of zero-day holes and critical bugs that have not been fixed yet. Some of the Java bugs that are critical have not been fixed for ages. The .NET technology has their own critical bugs but they are not as well known as the problems found in Java technology. Microsoft Server technologies like the Microsoft IIS have always been shunned by security conscious users due to the fact that Microsoft (it's Operating System and technologies) have lots of bugs that have not been fully addressed and fixed. Although the Linux OS and other Open Source alternatives do have their bugs and issues, they have a tendency of being patched at a faster rate due to their Open Source nature where anyone can grab the codes and inspect them with ease without the hassles of restrictive corporate licenses and procedures and push out patches at a faster rate than their Closed Source Microsoft competitors.

One of the issues with tracking down the Anonymous attackers are the anonymity of the Tor network they use as part of their tools. The Tor network routes communications within it's own virtual private network making them anonymous as Tor is designed to use encryption and plausible deniability technologies when handling communications. That means, anyone can be accused of being the source of any communications due to the anonymous and plausible deniable technology within Tor. The problem is not with the Tor network but the intentions and actions of the user. A knife blade can be used for cooking or can be used to murder someone, similarly, technology is neither good nor bad and simply pointing fingers at Tor being an evil tool and to deny it's use is simply childish as the attempt to ban something will make people more willing to rise up and invent tools to circumvent restrictions. In a way, the advance methods used to hide identity on the Internet by the Anonymous members during their exploits against the SG Govt servers may pose a huge issue to tracking them and correctly identifying them.

Other tools like securely erasing and manipulating of evidences after exploiting servers may also pose additional challenges when trying to unmask the identities of the Anonymous attackers.

THE ANONYMOUS CONCEPT:
The concept behind Anonymous is cyber hacktivism. They see themselves as the Robin Hoods of the Internet which stands up against "Badly Behaved" Governements, Organisations and Individuals. Their strong self-justification attitude gave rise to such a movement.

The many attempts to crush the Anonymous as a whole have failed despite the incarceration of some individual members of the Anonymous group.

Governments around the World have made attempts to restrict freedom on the Internet with policies that mostly make no sense whatsoever other than to comfort themselves and allow them to retain their powers for a longer period. Out of such frustrations, groups of annoyed netizens who are computer savy have appeared to attempt to 'wrangle freedom back' from 'oppressive regimes'.

Such concepts are the motivation behind cyber hacktivism which uses the Internet and technology to make their voices heard.

There are people whom have enlarged and badly bloated egos and have been assaulted by these hacktivist for some reasons and have attempted to snuff them out with limited success as these activities due to the concept of hacktivism.

SUMMING UP:
Below is one sentence to sum up the entire event....

Bad technologies being used and thus exploited but still remain shameless in pointing fingers.

To put it simply, the fault lies in bad IT and Computer Security governance of the SG Govt servers and instead of learning from their mistakes and publicly apologise for their in-apt and quickly remedy their situations, they point fingers at their attackers. They never realized that the biggest present their attackers gave them was a lesson on how to fix their ailing IT and Computer Security systems and to prevent future failures.