Sunday, August 24, 2014

A proper Introduction

Hello and Welcome to the WeAreTheArtillery blog.

We figure it's high past time for a proper introduction to our organization, our mission and our goals. This little party started with a joke what was now a few weeks ago:

"I propose a counterpart to I am the Cavalry, called I am the Artillery."
Infosec being what it is, plenty of folks loved the snark. What began as a joke very very quickly took flight:

"How about We are the Artillery instead? I am the artillery sounds self-centered."
"Cavalry changes tend to devolve into hand-to-hand combat, whereas Artillery requires a coordinated effort."
"Firing for effect."
"Our tag line is Get. Shit. Done. Here is our official spokesperson."
Before we knew it, our organization became a thing. You see, some of us got tired of the same old bullshit. This post to exemplifies what it is we're trying to change about Information Security:

"For decades, the 'cyber' security industry (*shudder*) has been FUD'ing up the joint with Die Hard/er doomsday scenarios.  This has followed a tried and true process:
1)  IT Security people couldn't hack it (PUN!) in their own lane, so they picked on the easier embedded systems / SCADAs / Internet of Thingies
2)  IT Security people 'discover' low hanging fruit that has always been in the industry (hardcoded passwords, zero patching, default everything) and claim expertise and success
3)  Give con talk
4)  Get hype
5)  Nothing happens because there is no hard evidence to convince you (the asset owners) that you should care
6)  Create cool sounding group, get all altruistic, get more hype
7)  Nothing happens...
8)  GOTO 2"

Some of us decided we have had enough of this bullshit and formed this loosely knit group.

Okay, that's all well fine and good, but what do you actually _do_ ? We get shit done. Getting shit done can be defined as:

1. Elimating FUD wherever you find it. A well-known security vendor is FUD'ing shit up? Call them out on it. Only by calling them out on rampant FUD and bullshit will we finally be able to get them to back up their bullshit with hard facts and numbers, and end the rampant abuse and overuse of stupid ass buzzwords, like APT, etc. being used as a sole justification for whatever snake oil they happen to be selling at the time. I guess you could say " did it first and does it better." and we'd agree with you, but we're going to do this anyhow.

2. Eradication of malware wherever it is found. There are several organizations that swear themselves to this (MalwareMustDie immediately comes to mind -- and we willingly partner with them, and will willingly partner with anyone who wants and needs our help on this front).

Wherever we find malware, we will do everything we can to notify parties responsible for the assets, and the internet as a whole. If you want to see examples of this, check out our github project, OverWatch. OverWatch is essentially a free malware "Intelligence Feed". Some of our members have visibility on wide swaths of internet hosts, see very interesting things on a daily basis, and wanted to share this information freely. We don't charge for this, we don't ask for anything in return. You shouldn't have to pay for an intelligence feed to get warning of a potential threat or be notified of malware running rampant across the internet. Take this information, make your network a better place.

3. Scanning for vulnerable hosts on the internet responsibly and informing asset owners of vulnerable hosts with absolutely no security checks in place. This could be anything from publicly acessible admin consoles, remote control sessions with no credentials required, exposed services that in all reality should never be exposed to the internet, etc. If you want an example of this. Take a look at Viss and co.'s work on twitter regarding VNC, and expand that to other services.We'll be enacting this soon. First, we need to get a static page up for people to request we don't scan them, configure VPS systems for scanning, Etc.

4. Google dorking. This sort of relates to 3, but deserves its own category. Google Dorking, or Google Hacking is using google's search index and querying it in unique ways to reveal sensitive information about a site or an organization. Google will slurp up anything that its crawlers find if there isn't a robots.txt or NOFOLLOW option on a webpage to tell it to NOT index something.This isn't super high-tech scanning, this isn't hacking in the "traditional" sense, but the fact of the matter your information may potentially be out there somewhere. Would you rather us find it and inform you, or would you rather someone else found it and took advantage of it to compromise your organization? Google Dorking is a fairly general term for this project, and expands into other indexes as well such as shodan and PUNKspider.

5. Other projects and ideas as they come or are possibly requested. We're always open to new ideas.

Overall, these aren't incredibly complex projects, nor do they require extreme amounts of skill but just to give you an idea, this group has been formed for little more than two weeks and already we have found and taken down

-Exposed ICS/Electrical grid data
-Exposed SCIF blueprints and financial data
-Anonymous FTP Servers hosting malware, compromised creds and network information for a variety of organizations
-Anonymous FTP Servers hosting sensitive application data for organizations
-Exposed hadoop master nodes

and this is just a start.

We're looking to make the internet a better place. We want and need your help. If you are interested in getting involved, here are a couple of ways you can do so:

1. Feel free to use us as an intermediary for disclosure. If you see something -- (malware, a vulnerable service, exposed sensitive information, etc.) and do not wish to disclose to a company or an organization yourself or accept that risk, you can use us as an intermediary. We will accept that burden for you. Contact us at with the subject "DISCLOSURE" and as much information about the organization and the security problem you uncovered as you can in order to express the gravity of the situation to them. Include screenshots if you can, how your discovered the issue and/or steps to reproduce if at all possible. You will be given full credit for the notification (if you so desire it) and the details will NOT be shared outside of the affected organization (until after the problem has been confirmed as resolved. If you do not wish to contact us via e-mail, reach out to us via twitter:

@da_667 The Major
@munin - The Commissar

...and we will set up a more secure method of disclosure (XMPP - OTR, Cryptocat, etc.) in order to accomodate you.

2. Feel free to contribute to projects 1-4, or come up with a project 5 and let us know more about it. Don't know how to google hack/google dork or anything of that nature? reach out to us. We're more than willing to share knowledge. E-mail with any information you care to provide, or questions you have and we will properly credit you with this information (if you so desire). Feel free to collaborate with us as you desire!

3. Resources. We need money for hosts on various VPSes for scanning the internet. Hosting websites, domains, SSL certs, etc. If you want to support us via financial means we will gladly accept any resources you are willing to offer to our little organization. We aren't begging for money and we aren't making donations mandatory. I guess you could call it a tip jar? Leave something if you so desire. We'll be setting up paypal and/or various *coin wallets to accept donations.

WeAreTheArtillery and we're here to get shit done. Welcome.

No comments:

Post a Comment