Ads 468x60px

25 September 2017

Spy Files Russia

It’s time for Russia. After reading about Snowden and the NSA and writing about hacking tools and malware frameworks, it seems it’s time for the Russian government because Spy Files Russia are coming from WikiLeaks. I’m also wondering how this information are going to be published because Edward Snowden is living in Russia today and I don’t think he is the whistleblower this time but there must be another one, who? Maybe the government of the EEUU? Who knows!

Documents from WikiLeaks speak about the System for Operative Investigative Activities (SORM) of the Russian government which is a system for mass surveillance in Russia. There are three versions of SORM. The first one, SORM-1, was able to monitor users’ communications metadata and content like phone calls, email traffic and web browsing activity. The second one, SORM-2, was also able to track all credit card transactions and monitoring social networks, chats and forums. The last version, SORM-3, also supports IPv6 and Deep Packet Inspection (DPI) capability.

Internet backbone infrastructure in Russia

SORM has three main components. The Data Retention System (DRS) which is a mandatory component for operators by law and it stores all communication metadata locally for three years. The Traffic Data Mart (TDM) which is an IP traffic analysis system that allows the creation of reports for a specified time range. Finally, the Service СП-ПУ is a data exchange interface based on HTTPS which receives search requests from state intelligence authorities and delivers results back to the initiator.

Components of PETER-SERVICE software
According to WikiLeaks, the Russian mass surveillance system has been implemented with the help of firm Peter-Service which is a Russian company who works for government agencies. This firm has a product called DPI*GRID which is a hardware solution for “Deep Packet Inspection” allowing to inspect and analyse traffic up to 10 Gbps per unit where resulting metadata and extracted information are collected in a database for further investigation.

Hационaлbнbiй oпepaтop

Another company who maybe is working on SORM is an Israeli firm called Cellebrite, that one who was hacked 900 GB of data at the beginning of this year, who is working with the Italian company Hacking Team and who has recently changed his name to Mobilogy. They sell products and services for data extraction, transfer and analysis of mobile devices whose products and services about phone hacking technology have been sold to countries such as Russia and Turkey according to data stolen.

Cellebrite Touch
We’ll be alert about next Spy Files Russia but, once again, we see Internet is not as free as it used to be because terrorism is a real threat and espionage is everywhere, meanwhile our communications are intercepted.

Best regards my friends and keep alert!

18 September 2017

No Place to Hide: Snowden and the NSA

We no longer know who are our friends because spying and distrusting are increasing between governments, allies and everybody, maybe this is due to the fact that technology is increasingly used and as a result is easier to reach someone or something through Internet. After reading Steve Jobs biography and The truth about your future, I’ve just finished this week another book called No place to hide by Gleen Greenwald where espionage and surveillance programs of the United States are the main topics in this interesting book.

This is a book about the whistleblower Edward Snowden who decided to meet with Gleen Greenwald and Laura Poitras to publish lots of secret documents about the NSA and the United States surveillance programs. Some of them are the well-known PRISM surveillance program to collect internet communications from at least nine major US internet companies, Bullrun decryption program to crack encryption of online communications and data, as well as the XKeyscore secret computer system to search and analyse global internet data.

XKeyscore secret computer system
However, this book speaks about many other surveillance programs like Egotistical Giraffe program to attack Tor users through vulnerable software on their computers, MUSCULAR surveillance program to break into main communications links that connect the data centers of Yahoo! and Google, Boundless Informant system for big data analysis and data visualization, and the Olympia program to map the communications of Brazil’s Mines and Energy Ministry by targeting the metadata of phone calls and emails to and from the ministry.

MUSCULAR surveillance program

As we can see, there are many surveillance programs to break into the privacy of citizens to, the United States said, fight against terrorism. But there are many more surveillance programs like ShellTrumpet to capture sensitive internet metadata, Blarney, Fairview, OAKSTAR and STORMBREW for collecting data at facilities in the United States as well as collecting outside the US, Tempora secret computer system to buffer most Internet communications that are extracted from fiber-optic cables, or the Thieving Magpie and the Homing Pigeon programs to intercept data from passengers travelling on board commercial aircraft.

Thieving Magpie and the Homing Pigeon programs

Meanwhile, we see how governments ban foreign products and technologies in their countries due to the fear of espionage and surveillance like last news about Trump administration bans Kaspersky software from US agencies, or when US lawmakers sought to block China Huawei and ZTE.

What’s more, we have also able to read this week in the press that the European Union wants to curb foreign takeovers of strategic assets. I think, this is a good news because it is also aligned with the Cybersecurity Strategy of the EU where we must protect strategic assets with EU technologies and this is the way tech companies, which protect strategic assets, aren’t bought by non-EU countries.

Best regards my friends!

11 September 2017

AWS Cloud – firewalls, load balancers, WAF …

I’ve worked with firewalls, load balancers, WAFs, SIEM products, etc and I've installed them both physical and virtual appliances. I’ve also worked with cloud providers like OVH, Arsys, Bluehost, etc but none of them are like AWS Cloud because Amazon has changed the way we see this IT world with many services and easy payments where we pay as we use. However, installing network or security appliances into the Amazon Cloud, at first, it’s not an easy task because we have to change our mind to the Amazon World where, for instance, all traffic is unicast and the ARP protocol is gone.

The first time I take the plunge to use AWS Cloud was to install a firewall with VPN and IDS/IPS services with three simple networks. This, although it seems easy and simple, needs lots of hours of reading and understanding the Amazon World because, first, they already have VPN services like AWS Direct Connect or AWS VPN CloudHub, second, they have also Security services like EC2 Security Groups and Network ACLs, third, there is no SPAN ports or mirroring ports for IDS, forth, there is no VLANs but Virtual Private Clouds (VPC) and subnets, as you can see, we have to adapt our infrastructure and knowledge to the Amazon World if we want to use AWS Cloud.

EC2 Security Group
Another common task is to install a load balancer for better performance and availability of web services. Again, AWS Cloud has their own load balancers like Application Load Balancer (ALB) and Classic Load Balancer (CLB) into the Elastic Load Balancing (ELB) service. This is an “easy” way to balance our traffic between virtual machines, also called EC2 instances, and even configuring SSL offloading with AWS Certificate Manager (ACM) and AWS Identity and Access Management (IAM). Auto Scaling configuration is also a must for a quickly and easy growth. What’s more, GSLB is also an option thanks to Amazon Route 53 where we can have high availability between different AWS regions.

Cross-Zone Load Balancing
If we want to protect our web services against layer 7 attacks like SQLi, XSS or CSRF, we’ll need to install a WAF as well. Once again, Amazon has his own AWS WAF, which is useful to mitigate OWASP’s top 10 Web Application Vulnerabilities and it is integrated perfectly with ELB (Elastic Load Balancing) and Amazon CloudFront for delivering highly available and secure web services through the Content Delivery Network (CDN) of Amazon. In addition, we can also protect our services against layer 3/4 attacks with AWS Shield to mitigate, for example, DDoS attacks.

Web site with Amazon CloudFront and AWS WAF
As we can see, there are many Amazon services and there are many more like AWS Directory Service, Amazon EBS, Amazon S3, AWS KMS, Amazon RDS, AWS CloudTrail, etc. However, we can also install commercial solutions of Fortinet, Check Point, F5 Networks, Radware, Alienvault, etc into the AWS Cloud. Therefore, we can search Amazon Machine Images (AMI) from AWS Marketplace to install commercial products into the Amazon Cloud.

AWS Marketplace
Today, AWS Cloud has many services, many customers and lots of guide and docs to deliver our services in a reliable way, meanwhile, we’ll see how Google and Microsoft do their homework to eat a piece of this cake.

Best regards my friends!

4 September 2017

Galicia & Porto

This summer has been totally different because I haven’t been in a workcamp like years before in Turkey, Russia or Czech Republic, instead, I’ve been reading a lot, studying French language, and travelling around the north of Spain, and Portugal too. In fact, I’ve also done the “Camino de Santiago” from Santiago de Compostela to Muxia, then, walking a lot, visiting beautiful towns and beaches, eating delicious food and speaking a lot with people.

Santiago de Compostela

Many friends always tell me I’m the other way around, and I don’t know, but, this time, it’s truth because I started from Santiago de Compostela, instead of ending there. Therefore, the first thing I did was visiting the Obradoiro square, next to the cathedral, and eating octopus. After sightseeing ... walking, walking and more walking to the first town, Negreira (22 Km walking for 5 hours), it was funny, without fatigue and good weather. Next, I went to the small town Olveiroa (36 Km walking for 8 hours), as a result, I was tired, even with sunburns, then I was in my room all day.


The first two days were easy because the third was wet, but funny, to Cee (18 Km walking for 4 hours), it was raining with fog for all day. The following day was prettier and quiet because I walked next to the coast to Finisterre (20 Km walking for 5 hours) where the KM 0 is located. The last route was next to the coast as well to Muxia (28 Km walking for 6 hours), it was beautiful and amazing with clean beaches, although the Prestige oil tanker left oil there in 2002. From my point of view, Muxia was the most beautiful town I saw during the Camino de Santiago.


After walking and walking, it was time for tourism. First, I went to A Coruña and I visited the Tower of Hercules, the Military Museum, squares, cathedrals, etc which was, from my point of view, prettier than Santiago de Compostela, I liked this city. I also went to Poio where I saw a long mosaic into the Monastery and I went to Combarro too for visiting small fishermen’s houses near the sea. O Grove was another town that I visited where I could see astonishing views from A Siradella balcony, as well as a chapel made of scallops.

O Grove

I couldn’t come back to my house without going to Cíes Islands. First, I went to the top of the island by trekking to see beautiful views, after this, I went to the beach for resting and swimming into the cold sea. Baiona was another mandatory stop for visiting the caravel La Pinta, Virgin of the Rock, the mountain of Groba, the museum of the sea, etc. My last stop in Spain was in A Guarda for visiting Celtic fields and the mouth of the Miño river at the Atlantic Ocean.


To finish my trip, I went to Porto, in Portugal. At the beginning I didn’t know what language to speak, whether English or Spanish, but later on I realized they understand Spanish well enough. I arrived at night and the city was dirty and smelly but the morning was much better when I visited Clérigos Church, Lello Bookstore, Dom Luís I Bridge, the cathedral, etc.

Porto - Lello Bookstore

This is an overview of my holidays, as you can see, no tech things for resting and enjoying the summer to be ready for the next course.

Regards my friends!!
Related Posts Plugin for WordPress, Blogger...

Entradas populares