First, if you're not familiar with what OPSec is, let me give you a brief definition: It stands for "Operational Security". The purpose of OpSec is a practice of risk management that is designed to limit sensitive or private information from being exposed, especially to someone who might abuse it.
The purpose of the OPSec protocols you're about to read was designed to protect my group and me from infiltrators, as well as from law enforcement. While most of my members were in high school, these were difficult concepts to grasp at the time, and only make sense after the FBI captured me in 2009.
The Electronik Tribulation Army (ETA) was a multinational group of black hats and hacktivists that carefully managed its public presence, while at the same time striving to minimize the leakage of sensitive information about our operations, where we organized, and who was involved. That is, until I was nearly overthrown because my members were under the impression that democracy is awesome.
They wanted the freedom to vote, and wanted more of a public presence, but didn't want any of the consequences that come with having a traceable, static web address where anyone could take a shot at us, day or night.
Ultimately, the use of certain symbols in addition to the following protocols created an element of intrigue, and then conspiracies as to whom really pulled the strings of the ETA.
When you compound the culmination of all the components both published herein and not, I inadvertently cultivated an environment of staunch radicalism for our name, mission, and brand. A radicalism that likewise unintentionally inspired my members with enough confidence to even challenge the FBI.
The following examples are inconclusive and are for educational purposes only.
DEFCON Protocols: Security Awareness
In 2007, I developed a color-coded security awareness system to convey our current security awareness level.
I used to place a color-coded banner at the top of our website and forum. Each new ETA initiate was trained in the color codes and given a copy of the scheme to interpret the current security awareness level. This is an original image I created for the crew back in 2007.
As an exercise, I used to send spoofed emails to some of my members from an FBI domain, just to see if they'd inspect the headers, or if they'd fall for it and then follow the DEFCON protocols. They never followed it. Haha. However, they always informed me that they'd been contacted by the FBI, so I knew I could trust them. I loved playing pranks on them. Suckers.
One time, The Fixer wiped all his drives and advertised his laptops on Craigslist before even telling me he'd been contacted by the FBI. Then I roared with laughter, revealing the email had been a prank. But he got me good later on.
I digress. When I was arrested in 2009, Defcon Black was declared, and the ETA proceeded to follow protocol, albeit, a bit late. However, in 2010 while I was still in jail, my lawyer accidentally let slip that certain members of mine were able to be raided by the FBI.
I had no secure way to communicate the following, but I asked my sister to post a message on the ETA website: "I need you to tell him that [it's] 'defcon black' for Fixer," he said. "[S]ay that Fixer is now 'defcon black.'… You need to put it where they can see it ... where everyone can see it. This is very important. There is nothing more important than this in life right now."
Personal Verification (PVC) Codes
Anyone with a compromised account could imitate the chatting style of another person. After such an attack by Anonymous, who hijacked the AOL Instant Messenger accounts of a couple of my members, they convinced other members of mine to download a file that was malicious.
Therefore, to eliminate imposters, I devised PCV codes for authentication. Trusted, verified members were given a unique personal identifier. We would prompt each other during conversations to authenticate each other.
Personal ID Challenges
A pre-arranged personal ID challenge allowed us to secretly convey whether an individual being challenged had been compromised by law enforcement and was currently under duress.
This was implemented after one of my members had been detained after crashing the servers of his government-funded high school. The FBI was actively monitoring his messengers. Therefore, a protocol was necessary to ascertain the state of the individual.
Mind you, I sent a message to the FBI to his account and launched a script that froze his phone so the FBI would be forced to pull the battery out to reset it, and in essence, log him out of the account. That same FBI agent ended up leading the investigation that ended in arresting me two years later.
The following is a simple example of an ID Challenge:
Q: "Are you drinking enough water?"
Positive Response: "Yes. I always stay hydrated." (This pre-arranged response conveyed that the individual was safe and uncompromised.
Negative ResposResponsene: "No, I keep forgetting to get water." (This response communicated that the individual had been compromised and was therefore under duress.)
Hierarchical Structure
In 2008, I organized the ETA to be more autonomous. This means I no longer needed to maintain a constant presence to micromanage its activities.
I created a set of units, Alpha, Bravo, Delta, and Echo, and then elected generals to manage their own units. This diminished the burden out of my hands and gave members the power to evolve the ETA brand in their own way, without necessarily needing my approval.
They were free to pursue their own objectives. I monitored, but I didn't interfere unless it was necessary.
The Black Operations unit existed as a clandestine, auxiliary sub-compartment of the ETA, which I managed without the knowledge of the ETA group as a whole.
Historically, the BlackOps unit carried out only two missions, one was an operation against the Korean People's Army Strategic Rocket Force aka the Ballistic Missile Guidance Bureau.
Counter Intelligence: Splinter Cell Unit
The importance of this unit was critical. Individuals who just "couldn't hack it" still could have important functions: social engineering. The important thing about social engineering is that you don't necessarily need to know a thing about hacking in order to obtain credentials and gain access.
This unit was responsible for infiltrating our enemies and keeping a close eye on anything that could harm us, and reporting any sensitive intel that could be beneficial. Members of this group caused a significant amount of damage to our enemies without the use of a single hacking tool.
If you were disqualified from joining the Splinter Cell Unit, then you were so illiterate that we just had no use for you. Literally, only one person ever was that dumb.
Agent Runner/Handler
An agent runner or handler was a designated ETA member whom I considered the most responsible and trustworthy asset. Their duty was to serve as a buffer to pass messages between myself and each unit leader, so I could limit my direct contact with the ETA while managing it from a burner phone.
During ETA missions that I organized, I'd communicate the target and objectives to my handler, who passed special objectives to each unit leader, who then in turn commanded their unit. This arguably made the handler the biggest target, because they transmitted the biggest secrets to the ETA leadership.
Mission Go-Codes
Every major mission or operation (like #OPNKorea) carrying a sensitive nature had a corresponding, unique "Go-Code." After the missi,on objectives had been distributed down the chain of command from myself, to the handler/agent runner, to the generals, and lastly, to their units, it was the responsibility of the generals to relay back the unique identifier or code attached to that particular mission. This signified that the objectives were understood, and the mission was a go.
Decoys & Buffers
The use of decoys in the ETA runs deep. While spammers might utilize sock accounts, I operated deep-cover members who did not exist,with whom I also lived vicariously through.
During a DEFCON protocol exercise, I faked my own arrest and activated one of my decoys who purportedly claimed to be my brother, just to see if the ETA would believe him during this so-called ordeal. Yeah, they failed.
The Decoys were useful in keeping an eye on the crew, while I was "away," and were used as tools to inspire or motivate them into certain activities. Enemies used to "secretly approach" these decoys, thinking they were real, and reveal their conspiracies in an effort to flip them.
Hidden Websites Before the Darkweb Era
The lengths I went to in order to keep our website and forum off the radar before "democracy happened" was ridiculous. Relying on a competent web dev skilled in vulnerability detection and patch writing is still a game of Russian Roulette when you're faced with a persistent cyber threat.
Our site irregularly hopped from host to host. One time I created a mirror of a medical website and hid the location of our site in the source code. I hosted our site on hacked servers. Another time, I simply converted the site and most of its resources into a local desktop executable. Updating content was a bitch, but it kept traces of our material offline.
My Name Leads While I am Away
In late 2008, I was trying to find a way to leave the ETA, so I could focus on having a normal life. Therefore, I launched an experiment. I elected a member I knew in real life to assume the name and role of GhostExodus. He took my name and imitated my chatting style.
I left the ETA for about a month while he imitated me. It would have worked in theory. But every hacker has an ego. And pretending to be some other hacker doesn't allow the ego to have a voice of its own, and censors their individuality. He couldn't do it, so I had to return to the crew.
I hope this article was informative and enlightening in some way.
Happy Hacking, everyone :)
Comentários