August 10, 2014

Best of SOFREP: US Government Hackers

In this week’s Best of SOFREP, we look at Coriolanus’ post, Government Hackers and the Dark Web Part 1, which covers the deep web and its relationship to analytics, and the dark web and its relationship to nefarious activity in brief.

Coriolanus is the real deal, a US government super-secret good guy patriotic hacker who has been known to hang out on SOFREP Team Room chat. He writes:

I hack on my free time, and I do it on my “box” or console. I got friends out there too. If you can think of a certain patriotic hacker, you probably have heard of him as well. I also hack for the United States Government. That’s part of my R&D function. I use expl01ts, vulns, scripts (I code in Python), and Linux. I use the aforementioned tools against data, and I create simulated/virtualized environments to test “hacks.”

(Continue reading Government Hackers and the Dark Web Part 1)

(Members of SOFREP can continue reading the second part of this topic, Government Hackers and the Dark Web Part 2. Not a member of SOFREP yet? Why not join SOFREP today, find out what goes on behind the curtain, and help to support our veteran writing team.)

(Featured Image Courtesy: Army Times)

To comment on this article please join/login. Here's a sample of the comments on this post.

  • alexanderscrawford

    Coriolanus, I read with great amusement your posts on other threads regarding the lack of appropriate respect (and PAY) shown to coders, and other guys doing the heavy lifting vis a vis cyber- type operations and etc.  I didn't post on the subject there because: a) it was off topic;  and b) I've been having gremlin problems lately (which I could probably clear off, but have found that doing so is taken as something of a challenge by some…). I thought I'd share a recommendation I threw up into the aether regarding:  a) the best way to attract A++/top 1% 'hacker' talent; and b) what I, personally, would do were I to find myself unshackled and given the opportunity to put together an 'offensive' cyber unit… hypothetically.  This recommendation is NOT intended to be taken very seriously, although it IS how I'd approach the problem the cyber-warfare command is having.   First.  I've pointed out to the VIPs (and the good folks at places like DARPA and IARPA), that A++ coders/hackers are worth SEVEN figures a year, not low six figures;  and that the notion of a bureaucrat filing their tax forms getting paid MORE than the 'talent' is preposterous.  And… well, the 'talent' would likely get annoyed… in a manner you perhaps empathize with.  LOL.    What academics and bureaucrats don't really understand is that to a very great extent, a large portion of 'offensive' cyber operations have to be deniable, and operate in the international 'black' or 'grey' areas of the Law.  This area also happens to be inhabited by… Shadow Banking, in all it's various forms. So with this in mind, before I and my 'droogs', undertook anything like the 'offensive' cyber operations the wonks all dream about… I, as a privateer Captain, would want my crew to cut their teeth on 'other', softer targets.  The types of targets that have very large slush funds across the shadow banking universe that technically aren't supposed to exist.  Funds that they've stolen from the U.S. government, or some U.S. corporation that's paid 'black rent', or etc.   Most SOF readers think of 'Bank Robbery', and imagine some Cop show where the FBI always catches the 'bad' guys.  In half the Countries on the Globe, all it takes to break into a bank is recon, a knowledge of (self-censored), and bribe money.  Yup.  Most night guards are paid peanuts, and can be bribed very easily, as long as no CASH is stolen.  Heck, in a dozen Countries I can think of, the local Branch managers themselves can be easily bribed, especially if one has the cooperation of the local Secret Police/Special Branch (who for their own reasons HATE their own Countries 'untouchable' criminals/politicians).   Ironically, it isn't even BANKs in most 'developing' Countries where one would go to find the most valuable 'loot'… it's the Accounting Firms.  Especially the local affiliate of a giant international Firm like DT&T… because it's there one finds the 'nestled' chain of accounts used to hide, and manage, off-shore fortunes. It might surprise some readers to hear that Accounting Firms that specialize in this sort of financial management, steal… er, I mean, fail to disclose, a full and accurate reporting of the profits they've made for their clients.  So depending on the Country, the data proving Prince X and his family have been getting robbed by their own accountants, which would lead to said accountants being horribly tortured and killed, is actually worth MORE than the accessible funds/accounts themselves (much of the value of which is often tied up in investments that can't quickly or easily be converted to cash or change 'owners').   Hopefully, Coriolanus is laughing hard enough to choke on his coffee (and appreciates why I joke about being 'shackled'). The 'profit' from the initial operations would be distributed EVENLY to ALL team members, including security and etc.  Except "officers" and the "Bosun".  All the expenses relating to the operation would be transparent to ALL team members.  Then, and ONLY then, would the entire team VOTE in order to decide the share of the 'captain' and 'bosun'.  Traditionally, a pirate/privateer captain got 20% and the bosun between 5-10%, but this varied.  When I speak of profits being distributed… I mean CASH money (up to a certain amount… millions of dollars of cash are a head-ache to deal with).   If the team decides the captain should be paid, zero, so be it. (although that would be the last job we'd ever do together…) My argument is that 'actual' offensive cyber operations should begin AFTER the team has ALREADY been paid an obnoxious about of money.  Enough money in their possession, that can't be 'seized' or used to threaten them, or etc.  to demonstrate 'good faith' and loyalty… respect… to ALL the team members.  Guys who've already been treated fairly, and paid well, might walk away, but they don't become 'insider threats'.  Moreover, having 'trained' together in this fashion prior to undertaking 'traditional' offensive cyber type projects, teams would have a better esprit de corps.   Anyway.  How do you all like the idea so far? A. Scott Crawford

  • LadyHW

    Noticed the posts by Anonymous spurring on the Riots in Missouri.  Anarchists at work again. Not sure how many of the rioters are local and how many came in from other locations. Social media induced violence and riot.