Another BIG hack that wasn’t

No time to do a full analysis but the basics are a story out of Israel of a tunnel that was hit by a sophisticated cyber attack that caused a… traffic jam. The story went out on the Associated Press newswire on a Sunday afternoon so by Monday morning it was pretty much everywhere you looked.

The “attack” was supposedly a “classified matter” involving “a Trojan horse attack” that targeted the security camera system in the Carmel Tunnels toll road on Sept. 8. The attack caused an immediate 20-minute lockdown of the roadway and then an eight hour shutdown the next day causing a pretty big traffic jam. Supposedly the attack was the work of “unknown, sophisticated hackers” which were then compared to Anonymous but not sophisticated enough to be nation state funded attackers from Iran.

Even just by reading this it sounds like a run of the mill malware infestation and not some targeted sophisticated state sponsored cyber attack. I mean why would anyone specifically target a tunnel? There is no money there, no intellectual property to be stolen, so unless your goal is to create an isolated traffic jam, whats the point? But there is more. The tunnel operators, CarmelTun, issued a statement saying Nope, no cyber attack here. And blamed the traffic jam on a “an internal component malfunction” and went on to say “this was not a hacker attack.”

@snd_wagenseil @4Dgifts @WeldPond more than one source confirmed.

— Daniel Estrin (@DanielEstrin) October 28, 2013

According to @DanielEstrin whose name is on the byline of the story, more than one source confirmed this Trojan Horse attack story and yet he did not bother to confirm with the people most likely to know, the actual operators of the tunnel.

So we can either believe the unnamed “cybersecurity experts” who warned of a sophisticated “Trojan horse attack” that was compared to Anonymous and was conducted for no monetary gain or intelectual property theft or we can believe the operators of the actual tunnel system itself. Who has more to gain here?

Late Update:
Looks like I am not the only one to think this might not have been a cyber attack.
“Cyberattack Against Israeli Highway System? Maybe Not”

A Psycho Analysis of Jericho

The epic box-o-shit. I don’t know where the tradition started but it has been perfected by Jericho of Attrition.org. Beginning at least five years ago Jericho has boxed up the chotskies, leftover guinea pig fur, random bits of useless tech and whatever else he happened to have laying around and shipped them off to whoever he felt was most deserving, or whoever he felt would make the best victim. I had been waiting in anticipation (actually it was down right fear) until I received what I almost knew was coming, but it never did.

About a year ago I was at a local flea market when I spied at the bottom of a box of random crap a glass squirrel approximately eight inches high. It was depression era pressed glass, speckled with random paint drops, a few chips in the glass and a rather nasty piece of sticky green felt glued to the bottom. Somehow this disgusting piece of glass made me think of Jericho. I figured the squirrel needed a better home than the bottom of some random box full of shit. It needed to become the centerpiece of highly selected box-o-shit. I figured it was time to put my box-o-shit destiny into my own hands, time to tempt fate, time to poke the angry guinea pig with a carrot.

Glass Squirrel

The guy at the flea market wanted $20 for the squirrel with the paint spots, chipped glass and nasty sticky felt on the bottom. Not really sure what he was thinking but I managed to talk him down to $8. I took the squirrel home, scrubbed off the paint drops and the nasty felt. There wasn’t much I could do for the chips in the tail though. By now it didn’t look to bad and I was wondering if maybe I should keep it for myself, that jerk Jericho definitely did not deserve anything half as nice as this.

Instead of using shipping peanuts or those bags of air or even crushed newspapers, I instead grabbed every chotsky, random bits of useless tech and whatever else I happened to have laying around and used that for packing material. Unfortunately I was fresh out of leftover guinea pig fur.

It took Jericho three months before he even acknowledged receiving the box but he eventually wrote it up. And then I waited. I waited for the inevitable retaliation that was sure to come my way. I knew Jericho wouldn’t just let an eight-inch tall glass squirrel arrive unsolicited in the mail and do nothing about it. But I waited, Spring turned to Summer and every trip to the mailbox filled me with more and more dread, when would he strike? When would he put and end to this torture? Why oh why did I ever decide to send that jerk anything at all? I should have kept that squirrel for myself or better yet let it sit and rot in the bottom of that box of random shit at the flea market.

Finally after nearly a year of self imposed torture, of opening the mailbox each day in anticipatory fear, it arrived, a small unassuming brown box. I immediately knew right away what it was and where it was from. On the one hand I was relieved that my torment was over, but I knew I still had to open the box, I still had to pour through the contents of whatever wretched debauchery Jericho’s twisted mind decided to send me. It has taken me a while; months actually, to get up the courage to finally pull back the packing tape to reveal the contents of Jericho’s box-o-shit.

box

What I realized as I went through the contents of the box was that it wasn’t about me, it wasn’t about revenge for a glass squirrel. This box-o-shit and maybe all boxes-o-shit are glimpses into the deranged mind that is Jericho. Perhaps even a desperate cry for help that echoes from the basement he must live in deep inside the Rocky Mountains.

As you can see on the top of the box was a plastic baggy full of multi colored paper with two stick-on eye balls and labeled with the word ‘puzzle’. Obviously this is a symbol of a cracked and fractured psyche symbolized by the many pieces of different color paper cut up into small sizes. Obviously Jericho is crying out for someone to put his poor soul back together again.

open box

Beneath the puzzle was a collection of magazine subscription cards, which at first glance might seem like nothing more than filler for the box. However, after sorting the cards and conducting a frequency analysis on the represented publications it is clear that these cards are yet another look into at the enigma that is Jericho. While it is well known that Jericho is at or below average intelligence he considers himself to be of above average intelligence. This is indicated by the large number of subscription cards to Discover and Science Today magazine. The subscription cards to Men’s Health and Psychology Today indicate that he knows that he has a problem and is looking for some sort of solution, which he hopes to find by reading these magazines. While he considers himself to technologically knowledgeable and therefore reads Wired magazine the fact that he is still subscribing to dead tree publications shows that he is in fact a Luddite. Of course anyone as mentally instable as Jericho will have deep-seated sexual frustrations as indicated by the subscriptions to Penthouse and Maxim, as well as the included Durex condom found elsewhere in the box.

cards

And while we already have enough information to determine that Jericho needs major professional help there is yet more supporting evidence within the box. A collection of Pimm’s Cup and several tequila bottle caps shows his attempts at self-medication through alcohol. The collection of self-promoting stickers shows a predilection to narcissism and the random keys, rocks, candy and fur balls shows just how schizophrenic he actually is. The collection of dinosaurs is obviously a link to his still present infantilism.

tequila

stickers

dino

Unfortunately I only do psycho analysis and perpetrator profiling as a hobby, as such there are still a few items in this box-o-shit that I have been unable to apply towards the subject Jericho. A Honda emblem? A Slinky Jr? An Elevation of privilege card game? And who inside the United States under the age of sixty has a copy of a Susan Boyle CD? (I guess I do now.) I am sure with proper analysis these items will also provide valuable insight into the deranged and demented mind of Jericho.

Susan Boyle

demented yellow squirrel

Beyond Hype

Sometime an article comes along that is just beyond the traditional sort of hype I usually rant about. In other words its just plain wrong. “How They Popped The Penguin: The Bash Attack And What It Means For Linux Data Security” by Michael Venables, which somehow got posted to Forbes, of all places, is one of those rare pieces of…well, I’m even going to call it journalism. There is absolutely no fact checking whatsoever and according to the person interviewed for the article some of the facts are just entirely made up. Instead of me ripping this article apart line by line like I usually do I will instead share with you a list of a few of many many tweets that were posted in response.

“this is the most ridiculous, breathtakingly stupid article I read this year.”

“not even trying to do basic research or reach out to verify facts is failing at doing your one job.”

“I’m afraid I am putting @mpvenables on my bad list of journalists to never talk to. This also affects Forbes rank.”

“how did you guys read that? I got bored around paragraph 2″

“the new journalism: get the twitterverse to fact check, issue a correction later. #clownshoes”

“holy shit, I think I know what we’re submitting to hackin9 next time!”

“L M F A O”

“I’ve not seen a more clueless piece of journalism ever. Pwnie nomination”

“You are kidding right? This is not news.”

“Most retarded security article ever. When you don’t know, stfu ! WTF Forbes ??”

“that article made me want to open a vein. Thanks, @mpvenables.”

“PR person sends me a Bash Attack story on Forbes. I read it. I’m sorry I did. The hacker in me will sit and rage in silence.”

“I feel dumber for having read (half of) that”

“This is a great example of really really bad security journalism. Look upon it and weep.”

“”Dot so Good Anymore: The ‘ls -a’ Tactic and What It Means For Linux Hidden Files” #UpcomingForbesArticles”

“OMG that Forbes article. Facepalm city.”

“BRB OWNING SOME LINUX BOXES WITH A SOPHISTICATED BASH ATTACK”

“Good that Plaestinian hackers did not use the bash attack!”

 

 

UPDATE:
Perhaps a little late but the glorious Tumblr blog @sec_reactions has several posts on this article here, here, here, and here.

Some twitter quotes collected by @quine.