Monthly Archives: November 2014

REPOST: hbgary wanted to suppress stuxnet research

This is a repost for historical purposes as the original site is gone.
Cheryl D Peace was at the time an employee at the NSA.
https://web.archive.org/web/20120227170532/http://crowdleaks.org/hbgary-wanted-to-suppress-stuxnet-research/
It is no secret that in recent days, Anonymous Operatives have released a cache of HBGary Federal internal emails to the public. Crowdleaks has discovered that within these communications, Aaron Barr received a copy of Stuxnet (a computer worm that targets the types of industrial control systems (ICS) that are commonly used in infrastructure supporting facilities) from McAfee on July 28, 2010.
HBGary wanted to suppress Stuxnet research

In an effort to confirm this was in fact Stuxnet, Crowdleaks has decompiled some of the source code, which can be found here.

Throughout the following emails it is revealed that HBGary Federal may have been planning to use Stuxnet for their own purposes.

Throughout the following emails it is revealed that HBGary Federal may have been planning to useStuxnet for their own purposes.

In a message sent to all email account holders at HBGary.com, Charles Copeland (Lead Support Engineer at HBGary, Inc.) writes:
from: Charles Copeland
to: all@hbgary.com
date: Sat, Sep 25, 2010 at 9:54 PM
subject: Stuxnet Worm Mailing List
Filter messages from this mailing list. mailed-byhbgary.com
hide details 9/25/10
Computerworld – Officials in Iran have confirmed that the Stuxnet worm infected at least
30,000 Windows PCs in the country, multiple Iranian news services reported on Saturday.
http://www.computerworld.com/s/article/9188018/Iran_confirms_massive_Stuxnet_infection_of_industrial_systems
I’ve already got a email asking about stuxnet, this came out late Friday. Does anyone have a dropper I have been unable to find it.
In another email sent directly to Aaron Barr, David D. Merritt writes:
from: David D. Merritt
to: Aaron Barr
date: Sun, Oct 3, 2010 at 9:35 PM
subject: Re: Hunter Killer Insanity 285mailed-bygmail.com
hide details 10/3/10
contacts over at TSA say that everybody has a copy…combine that with US CERTs vulnerability status and their own systems not meeting the spec….
i’m seeing TSA becoming a malware testbed…
Aaron Barr responds:
On Oct 3, 2010, at 10:13 PM, Aaron Barr wrote:
> Dave,
>
> We haven’t but I would be interested to talk to you some about the tie. I do have a decent amount of information on Stuxnet and would be interested to hear about the tie. Some of what I know about Stuxnet might be of interest. I think it would be best to discuss in a more closed space though.
>
> In doing a little research:
> http://diocyde.wordpress.com/2010/03/12/ringy-ringy-beacon-callbacks-why-dont-you-just-tell-them-their-pwned/
>
> While this guy can be a bit of a crackpot at times his post has more validity than fiction. Greg and I have brainstormed a bit in the past on how to conduct such an attack that would be very difficult to detect. Autonomous, single purpose malware with no C&C. As we have said the battle is on the edges either source of destination, everything else is or will become somewhat irrelevant or diminished in value.
>
> Aaron Barr
> CEO
> HBGary Federal, LLC
> 719.510.8478
In another message sent to all email account holders at HBGary.com by
Greg Hoglund,
 it’s made clear that HBGary wanted to hide their work onStuxnet.
from: Greg Hoglund
to: all@hbgary.com
date: Sun, Sep 26, 2010 at 10:26 PM
subject: stuxnet mailing list
Filter messages from this mailing listmailed-byhbgary.com
hide details 9/26/10
All,
HBGary has no official position on Stuxnet. Please do not comment to the press on Stuxnet. We know nothing about Stuxnet.
-Greg Hoglund
CEO, HBGary, Inc.
In the most chilling strand of emails, we find that whatever HBGary was working on, it was in conjunction with the NSA.
Aaron Barr writes:
Hi Cheryl,
719.510.8478
Aaron
Sent from my iPad
Aaron Barr writes:
> From: Aaron Barr
> To: Peace, Cheryl D
> Sent: Mon Aug 09 13:54:23 2010
> Subject: Re: Number
>
> Hi Cheryl,
>
> It does. I haven’t met him personally. Our sister company does work
> in a few different pockets on the bldg. And i am on the extended NANA
> team. I recently joined to stand up HBGary federal, a related but
> separate company. We manage all the work that requires clearances.
> We exchange some technologies, but we have some separate developments
> as well. Mostly around threat intelligence and CNO/social media.
>
> I think there are some enabling tech to your mission but really need
> that qualified.
>
> Interested to run some of the stuxnet stuff by u as well.
>
> Aaron
>
>
> Sent from my iPhone
Cheryl Peace writes:
On Aug 9, 2010, at 9:27 AM, “Peace, Cheryl D” wrote:
>
>> Aaron
>> Did a little checking and we already do busy with you guys. Does the name
>> Tony Seager ring a bell?
Aaron Barr writes:
>> —–Original Message—–
>> From: Aaron Barr [mailto:aaron@hbgary.com]
>> Sent: Friday, August 06, 2010 10:56 AM
>> To: Peace, Cheryl D
>> Subject: Re: Number
>>
>> OK. If interested do you have some time to get together when you get back?
>> either next Friday or early the following week?
>> Aaron
Cheryl Peace writes:
>> On Aug 6, 2010, at 10:44 AM, Peace, Cheryl D wrote:
>>
>>> I am in Europe till mid next week
Aaron Barr writes:
>>> —–Original Message—–
>>> From: Aaron Barr [mailto:aaron@hbgary.com]
>>> Sent: Thursday, August 05, 2010 10:57 PM
>>> To: Peace, Cheryl D
>>> Subject: Re: Number
>>>
>>> Hi Cheryl,
>>>
>>> Can I schedule an appointment with you to come by and chat for a few
>>> minutes?
>>>
>>> Aaron
Cheryl Peace writes:
>>> On Jul 30, 2010, at 10:41 PM, Peace, Cheryl D wrote:
>>>
>>>> I am at Rao at the bar if you want to come by for a few. Meeting friends
>>> for a cocktail in a few
>>>> ————————–
>>>> Sent using BlackBerry
Arron Barr writes:
>>>> —– Original Message —–
>>>> From: Aaron Barr
>>>> To: Peace, Cheryl D
>>>> Sent: Fri Jul 30 20:02:44 2010
>>>> Subject: Number
>>>>
>>>> Cheryl,
>>>>
>>>> Sorry to bother you but do you have a minute to talk. I don’t have
>>>> your number handy. It will only take moment, but I have some
>>>> information for you.
>>>>
>>>> Aaron Barr
>>>> CEO
>>>> HBGary Federal
>>>> 7195108478
In a related internal email sent to Rich Cummings (CTO of HBGary, Inc.)Greg Hoglund writes:
from: Greg Hoglund
to: Rich Cummings
date: Mon, Nov 16, 2009 at 9:30 PM
subject: Govt dropper in this word DOC, zipped up for youmailed-byhbgary.com
hide details 11/16/09
Phil, Rich,
I got this word doc linked off a dangler site for Al Qaeda peeps. I think it has a US govvy payload buried inside. Would be neat to REcon it and see what it’s about. DONT open it unless in a VM obviously. password is meatflower. Remove the .txt extension too. DONT let it FONE HOME unless you want black suits landing on your front acre. 🙂
-Greg

 

Crowdleaks.org had a software engineer (whose name has been withheld) look at the Stuxnet binaries inside of a debugger and offer some insight on the worm. She informed us that most of the worms’ sources were using code similar to what is already publically available. She noted that the only remarkable thing about it was the 4 windows 0 days and the stolen certificates.
She says:
“A hacker did not write this, it appears to be something that would be produced by a team using a process, all of the components were created using code similar to what is already publically available. That is to say it’s ‘unremarkable’. This was created by a software development team and while the coders were professional level I am really not impressed with the end product, it looks like a picture a child painted with finger paints.”
When asked what type of organization likely wrote it, she stated:

“Probably a corporation by request of a government, it was clearly tested and put together by pro’s. It really looks like outsourced work.”  – See more at: http://webcache.googleusercontent.com/search?q=cache:ld1YZvZkTFUJ:thehackernews.com/2011/02/exposed-hbgary-wanted-to-suppress.html+&cd=1&hl=en&ct=clnk&gl=us#sthash.39BcBvxo.dpuf

4chan plans genocide against transgender women

 

4chans sub board known as /pol/ (a well known ultra right reactionary sub board) has publicly and outright stated plans to drive transgender people (particularly trans women) to suicide and stated we should be “rounded up and slaughtered like cattle”.

They have also made indications they aim to align with trans exclusionary radical feminists.

I call upon all of you to send emails to 4chans owner and operator Christopher Poole (aka moot) to shut down the sub board /pol/ and deny this hate group a platform.

Email template for those who need one.

mailto:moot@4chan.org

Dear Mr. Poole.

We as members of the transgender community implore you to shut down the 4chan board known as /pol/

As enclosed in this screen shot http://i.imgur.com/k91LSJI.jpg you can see they are using your platform to plan genocide against transgender people, who already have a very high rate of suicide attempts. They plan to incite vulnerable transgender people to end their lives, and have outright stated and end goal to see us “rounded up and slaughtered like cattle”. They are using your platform to organize lethal attacks against our vulnerable community.

In light of the incident of David Kalac we take these threats very seriously.

We know you don’t wish the extermination of transgender people and ask you to demonstrate this by denying this hate group a platform.

Signed [your name]

I implore each and every one of you to send an email, share this post, write your own articles and contact your allies to aid in this. I don’t care what kind of differences we have with each other, this is a threat to all of our lives and we must be united in fighting it. Set aside your differences for now, I will do the same.

Make no mistake this will cause backlash, even of the board shuts down, they will likely migrate somewhere else to organize, this is a war. This will be a long fight and they will not give up easily. But the alternative is allowing them to end our lives and the lives of our trans siblings.

This is only the start, we must set aside our arguments for our common survival. They have declared war on each and every single one of us.

Together we can survive.

Together we can thrive.

Together we can stop them.