While you and I sleep, Ghost Security (GhostSec) is out on the front lines waging a war against those whom would take our freedom. This war is a war which most people have never heard of and even if they had they have no concept of how it happens. To say, though, that Western Governments have not had enough time to scale up to meet the threat is disingenuous as you will read later. For over a decade now, the US Government and many other allies have known beyond any reasonable doubt that terrorists have been actively engaging much of our infrastructure — the days of nation state actors being the sole proprietors of hate and discontent are long gone!
At last count there were some 46,000 accounts belonging to “Islamic State” (IS) supporters on social media. An estimated 200,000 tweets are sent daily from these accounts, many of which are set to send out posts automatically.
Ghost Security (GhostSec) is a melange of what many refer to as Anonymous. What Anonymous is or is not is best left to the eye of the beholder. With that said, GhostSec has been waging a war with ISIS and its sympathizers for months now in cyberspace. For a long time, the war has been one mainly of site up|site down campaigns. It is much like a game of whack-a-mole. Whether or not Western Governments are taking the ISIS cyber threat seriously is for the jury to decide. What is known for a fact is that for quite some time, the US Government appeared to be more interested in taking on GhostSec for doing what the government should have been doing all along — was it to save face; protect ISIS; or pure ignorance no one knows quite for sure.
Before we get to the methodologies, let’s talk about the stats so far. Foreclosurepedia reached out to @DIGITΛSHΛDØW whom is responsible for organization and logistics of offensive activities for GhostSec and asked him how the Twitter #OpISIS Campaign is going.
Those numbers are a bit skewed currently due to our website admin being overseas but I have listed them below.
Days Website Active 79
Site Visits 108,542
Target Websites 94 [Current Targets still online in database]
Target Websites Offline 115 [Targets destroyed]
Target Accounts 5,169 [ISIL Twitter accounts still active]
Target Accounts Down 55,000+
Please see this video for more relevance:
Editor’s Note: You HAVE TO watch this! It is fucking great!
Also these articles.
Thank you for the documents and I will review them and I will get back with Wauchula to have him touch base with you on a podcast series which I believe he has already agreed to.
Epic. There is no other way to describe that which GhostSec has put together. And remember, folks, they do this every day, day in and day out, without the benefit of assistance! That is why Foreclosurepedia is asking those of you whom are able to take a read through and donate to the GhostSec Team to help finance #OpISIS! And when the time is right, we are looking forward to speaking with @Wauchula and as opposed to the run of the mill discussions, Foreclosurepdia is hoping to bring to light precisely what is happening out there — we want to discuss not simply the DDoS, we want to also understand the long term implications of what the Drive By Media is not talking about!
Ghost Security looks to attack online target sites in multiple ways, here is a breakdown of some of our most commonly used methods:
Denial Of Service (DOS)
- Network based DOS including SYN Flood, SSYN, DNS Application
- Application based DOS including HTTP/HTTPS Poison, XMLRPC, WMI/SNMP Flooding
- Legit Source/Crowd Flooding
- All available in standalone and distributed attacks
- SQL Injection
- Cross Site Scripting
- Targeted Spear fishing (Both writing and hosting)
- Brute Force
- Social Engineering
- Codebase manipulation
- All of which often result in defacements of sites
- Database acquisition (forums, etc.)
Site Threat Analysis
- Vulnerability Scanning
- Network Penetration Testing and Analysis
- Honeypots (We maintain multiple, including a site with 50+ attacks per day)
Ghost Security Intelligence Capabilities
Through our worldwide network of associates we can crowd source Intel and vet it more efficiently than any government agency.Intel gathering (both online and on the ground) is possibly Ghost Security’s greatest asset with the maximum possible levels of automation.
- Automated social media scanning with live real time analysis
- Automated site indexing/cataloging/archival on proprietary software
- Organization-based online research and collaboration/threat analysis
- Individual-based online research (d0xxing)
- ID and location of live targets via online tools and on ground Intel
- Undercover social media accounts by foreign and embedded Operatives
- On-the-ground Intel sources in Syria/Iraq/Iran/Libya/Turkey and N. Africa (some within IS itself)
- In-house native language speakers / translators for all languages spoken.
- Crowd based Intel collection analysis and reporting on all social media venues
- Automated website reporting to hosts of Propaganda across several social media platforms
- Access to Zero-day vulnerabilities instantly
- Site Spoofing
- Social Media/Email Account Intrusion
Ghost Security Technical Capabilities
Ghost Security mange all of their own systems and as much as possible writes all of their own attacks, scans, archival and comms software. Our custom development includes:
- Development of attack engines including BOTNETs and Booters
- Development and management/monitoring of honeypots
- Development and management/monitoring of GhostSec.org
- Development and management/monitoring of spear-phishing sites
- Crypto-cracking algorithms
- Secure communications platform for coordinated attacks to anywhere in the world.
- Development and management of Intel collection and archival systems synched by Target ID
- Development and management/monitoring of many data mining projects to obtain specific targeted Intel from all social media and terrorist forums.
As early as 1997 the United States knew precisely how vulnerable our infrastructure was to cyber terrorism. The NSA, Pentagon, FBI, and other US Government agencies worked jointly on an exercise called Eligible Receiver. We knew then, at precisely that moment, that unless we took active measures to address the issues we were sitting ducks. Did we? Absolutely not.
In 1998, hackers tapped into a NASA/JPL computer in Pasadena and accessed data about the commercial air traffic system. The FAA then had to shut down communications for several live flights. Vulnerable information included the configuration of GPS navigation satellites, information on Stealth aircraft and other information was breached.
In 2001, the LA Times ran a piece entitled, The Terrorists Are Winning The Cyber War. The article touched base upon the fact that Osama Bin Laden (OBL) and others were openly soliciting funds through their own websites. This was in plain sight much like ISIS is operating today.
Just the other day this came up: The FBI is investigating at least 11 physical attacks on high-capacity Internet cables in California’s San Francisco Bay Area dating back a year, including one early Tuesday morning. Fact of the matter is that a calculated physical assault upon our telecommunications (telco) infrastructure could, much like a detour, force traffic upon a preordained set of corridors. With proper planning, much like say a bank robber’s wet dream of controlling traffic for the perfect getaway, terrorists could ensure that the remaining telco trunk lines were inundated with heavy traffic to camouflage nefarious endeavors.
You see, that is the problem when you become so entrenched in believing your own rhetoric. In the same way as Rome in its ancient time of decline, so to has the United States been lulled into a dangerous sleep by a belief that foreign boots will never land upon American soil. While that statement may be true, the problem is that they do not need to in order to have command and control over our Nation.
Is there a vulnerability to the North American electric power grid to cyber attacks? Yes. Multiple studies have identified the probability of an all out cyber attack being launched against a utility or substation, causing regional and possibly even widespread power outage. When coupled with industry deregulation causing instability in the electric power utility markets; the shifting to open protocol based systems and interconnected computer networks; and the proliferation of programmers onboarding with entities such as ISIS, the future does not bode well domestically.
We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion. A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion.
The National Power Grid (NPG) represents probably our weakest link in a critical infrastructure chain. Without electrical power, EVERYTHING goes dead: grandpa’s oxygen tank, HVACs, the fridge and freezer, financial markets — hell, the stop lights for traffic which causes widespread accidents and a body count which cannot be handled as the morgue has no freezers to keep the bodies on ice. The worst case scenario of a catastrophic attack against our NPG would not be felt in the first days or weeks; the reality is that with an Event Horizon of 30 Days+ we would succumb to the proliferation of disease spread by decaying cadavers which we no longer would have the ability to dispose of. This is a VERY REAL scenario amongst those of us whom have studied End Game Scenarios.
We know for a fact that at the height of OBLs Al Qaeda, the quality and quantity of cyber intelligence was staggering. We also know that the Internet provides terrorists with anonymity, command and control resources, and a host of other measures to coordinate and integrate attack options.
The belief that the Jihadi Janes whom are over in the Sandbox fucking each other in the ass and jerking the camels off will be content with simply a PR Strategy for recruitment is extremely misguided. While most people are currently watching the Internet battles in between spoon fed Talking Points — the Internet via Google really only comprises about ten percent of the total — the fact of the matter is that ISIS and their Towel Head Cyber Caliphate butt buddies are rapidly entering the Dark Net as demonstrated by the image above, earlier.
The Dark Net is a place where Grams is the Search Engine as opposed to Google. It is a place where the suits and ties which occupy the oligarch institutions like the Beltway are laughed at and the lulz reigns supreme. A PhD is just about as valuable as money is at a Rainbow Gathering. The conventional milieu of both strategy and tool kits which nation states such as the United States have at their disposal are both inconsequential and about as effective as swatting at an elephant with a flyswatter.
Make no mistake whatsoever, that while the slide rule boys over at Defense Advanced Research Projects Administration (DARPA) are all patting each other on the back vis-a-vis MEMEX, obtaining raw intelligence doesn’t mean jack shit if you cannot apply it. For those of you whom are bleeding heart liberals, I am sorry to fuck up your wet dream in that you believe Al Gore created the Internet. DARPA brought us the Internet. Now, whether or not MEMEX is going to be anything other than a monetary black hole is somewhat summed up by DARPAs Page on MEMEX,
The fact of the matter is that if/when the United States enters the fray, the quandary which presents is unlike the drone strikes wherein collateral damage is the norm and not the exception, surgical precision is mandatory lest you invite global war. It really makes no sense why not to enlist the support of folks like GhostSec whom have the Dark Net down to a science. I mean lets keep the shit real. Right now, the United States is pumping billions of dollars in arms and ammunition into the hands of camel jockeys whose alliegance shifts as quickly as the fucking sand blows. OBL is a classic case-in-point. Billions funneled to that cretan camel jockey in hopes of creating Russia’s Vietnam in Afghanistan. And our thanks? Leveling the Twin Towers.
GhostSec has been refining the art of cyber war for years now if you backtrack their origins as individuals. Going back to the early days of Anonymous, many of these Cyber Patriots have been duking it out when 4Chan was thought to be NBC in most people’s vocabulary. 😉
Common sense, which is lacking within the Beltway; common sense which the Alphabet Soup boys are terrified to discuss with the liberal whackos in Congress, is precisely what we need today. GhostSec is, quite possibly, the last thing that stands between going to Wal Mart on payday in Canton, Ohio, or bowing one’s face flat in the direction of Mecca five times a day. I make no bones about the fact that I would far rather fight a war on someone else’s land than here at home. I have long been a proponent of carpet bombing the Middle East into the Stone Age and going in with Halliburton and paving the desert for office parking spaces, tapping the oil like beer kegs and setting up sun tanning booths. The problem we face today, though, is that cyberspace has no borders.
Whereas, GhostSec is lean and mean, the vast majority of Western Governments are bloated. Take the below quote from the DSB Advisory Group, Defense Intelligence Task Force on Counter Insurgency (COIN) Intelligence, Surveillance and Reconnaissance (ISR) Operations,
The insatiable demand for information and emphasis on collection is producing a deluge of data, overwhelming the ability to provide useful, actionable intelligence in a timely manner. This crisis in PED is exacerbated by planned and programmed collection assets and demands new S&T solutions to improve the efficiency and effectiveness of ISR support for COIN.
The salient point to derive from this is the fact that a well deployed and decentralized unit like GhostSec will be far more effective and efficient in theater than the cumbersome bureaucracy which inevitably accompanies any type of state sponsored event. More on point, though, plausible deniability attaches when we utilize unconventional assets. In addition, the ability to apply both asymmetrical and protracted evolutions without concern for the normal fall out associated with collateral damage ensures optimal results. — Damn, feels like old times again! 😉
In closing, I don’t usually cite folks whom publish on the same lines as myself as I like to think that I have a certain style which the Foreclosurepedia Nation is accustomed to. There is a lady named Candice Lanier whom just wrote an article entitled, ISIS On The Darknet: Fundraising, Networking & Plotting…All Out of the Reach of Law Enforcement over on a website called Medium. It’s worth taking the time to go read as Lanier touched on a few things that most run-of-the-mill outfits usually don’t hit. Specifically, I liked the in depth analysis on the US Department of State’s Center for Strategic Counterterrorism Communications fucktard approach to cyber diplomacy. I additionally liked the citations making a case for GhostSec even if they weren’t mentioned verbatim.