Reliable Security Information
Eat Feces & Die: US uses jihad docs on poisons as vector for malware

The e-mail dump from HBGary Federal, carried out by the Anonymous hacking group, has most famously exposed corporate plots to attack and discredit WikiLeaks, Glenn Greenwald and ThinkProgress. Perhaps less publicized was Ars Technica's story on the corporate development of malware for the US government.


The article's introduction reads:


On November 16, 2009, Greg Hoglund, a cofounder of computer security firm HBGary, sent an e-mail to two colleagues. The message came with an attachment, a Microsoft Word file called AL_QAEDA.doc, which had been further compressed and password protected for safety. Its contents were dangerous.


"I got this word doc linked off a dangler site for Al Qaeda peeps," wrote Hoglund. "I think it has a US govvy payload buried inside. Would be neat to [analyze] it and see what it's about. DONT open it unless in a [virtual machine] obviously... DONT let it FONE HOME unless you want black suits landing on your front acre. :-)"


The attached document, which is in English, begins: "LESSON SIXTEEN: ASSASSINATIONS USING POISONS AND COLD STEEL (UK/BM-154 TRANSLATION)."


It purports to be an Al-Qaeda document on dispatching one's enemies ... poison recipes, for ricin and other assorted horrific bioweapons, are the main draw. One, purposefully made from a specific combination of spoiled food, requires "about two spoonfuls of fresh excrement." The document praises the effectiveness of the resulting poison: "During the time of the destroyer, Jamal Abdul Nasser, someone who was being severely tortured in prison (he had no connection with Islam), ate some feces after losing sanity from the severity of the torture. A few hours after he ate the feces, he was found dead."


It immediately caught my eye because al_Qaeda.doc has been jihadi sucker bait for about a decade.


It's a well-known fragment taken from the Manual of Afghan Jihad, a copy originally seized from an old member of the Taliban in England and subsequently typed by the US and British government into a number of similar forms, and presented over the course of the war on terror as evidence at a number of terror trials.


A larger form of it, sans the poisons recipes, was even sequestered on a White House server during the Bush administration, part of an unintentionally hilarious argument made by that president that al Qaeda used torture but that the US did not.


I put the same fragment on my old blog years ago in connection with ongoing discussions on these matters, most notably because it was indirectly and tenuously connected to the infamous London ricin trial and the resulting verdict, a time span between 2005-2006.


It is here.


Since it has been an object of keen interest, it's no surprise the US government might use it in an archive as bait to pass malicious rootkit software.


However, over the years it has not just the random wanna-be jihadis and terrorists who have been attracted to it. Even seeding it onto a "dangler site for jihadi peeps" guaranteed that not just "bad guys" would get infected. And while it may have been a honey pot aimed at terrorists, a lot of other people, including curious lurkers, get into the sweets, too.


In fact, there has long been an array of US private sector intel businesses, not necessarily adept at computer security and defending themselves from malware, who scour such sites for these types of things. So they can sell them to their multinational corporate clients, including those in America. Or back to the US government.


It's also worth mentioning that the poison-making recipes in it are rubbish.


The "two spoonfuls of excrement" formula is basically the old crap recipe for botox, first published on the fringes of the neo-Nazi survivalist right in the US in the Eighties, specifically in Maxwell Hutchkinson's "The Poisoner's Handbook."


The definitive story on that, along with screen snapshots and pictures, is here.


The recipe for ricin, actually just a procedure for pounding and degreasing castor seeds, originally stems from Kurt Saxon's Poor Man's James Bond.


"According to Hoglund, the recipes came with a side dish, a specially crafted piece of malware meant to infect Al-Qaeda computers," reported Ars Technica.


"Is the US government in the position of deploying the hacker's darkest tools--rootkits, computer viruses, trojan horses, and the like? Of course it is, and Hoglund was well-positioned to know just how common the practice had become. Indeed, he and his company helped to develop these electronic weapons.


"Thanks to a cache of HBGary e-mails leaked by the hacker collective Anonymous, we have at least a small glimpse through a dirty window into the process by which tax dollars enter the military-industrial complex and emerge as malware."


The rest of the Ars Technica story, and it's a good one, is here.


The post was originally published at Dick Destiny blog.

 
Subscribe to SitRep:
GlobalSecurity.org SitRep RSS Feed GlobalSecurity.org SitRep ATOM Feed