WikiLeaks Response v6

7/31/2019 WikiLeaks Response v6

1/24

TheWikiLeaksThreat

AnOverviewbyPalan6rTechnologies,HBGary

Federal,andBericoTechnologies


2/24

WikiLeaksOverview

WikiLeaks was launched in 2006 by self-describedChinese dissidents and interested parties from fivecontinents

- Within a year of its launch, WikiLeaks claimed to

possess over 1.2 million documents from thirteencountries

As of January 2010, the WikiLeaks team consisted offive full-time employees and about 800 volunteers

- The employees and volunteers are spread acrossthe world, with their identities largely unknown


3/24

JulianAssange

Born:July3,1971inQueensland,AustraliaMaritalStatus:Divorced

Children:DanielAssange,age20

Occupa5on:Editor-in-ChiefandSpokespersonforWikiLeaks

CurrentLoca5on:South-westernUnitedKingdom-contactinforma6onallegedlygivento

theMetropolitanPoliceServiceinLondon

Nov18,2010ArrestwarrantissuedbyaStockholm

districtcourtonsuspicionofrape,sexualmolesta6on,

andunlawfulcoercion

Nov30,2010PlacedonINTERPOLRedNo9ceList

ofwantedpersonsforsexcrimes

Dec2,2010ArrestwarrantissuedbySweden,

followingarequestbyUKsSeriousandOrganised

CrimeAgency

A[orney-GeneralofAustraliaRobertMcClellandhas

notruledoutthepossibilityofAustralianauthori6es

cancelingAssange'spassport,andwarnedthathemay

facecharges,shouldhereturntoAustralia,duetothe

poten6alnumberofcriminallawsthatcouldhave

beenbreachedbythereleaseoftheUSDiploma6c

Cables].

MembercountriesofINTERPOLUsersoftheRedNo6ceListofWantedPersons


4/24

TheWikiLeaksOrganiza6on

Objectsinredareemployees;Bluearevolunteers

Disgruntled

AmericanCi6zens

Volunteer

StatusUncertain

ConfirmedEmployee

Legend

Spokesman

RegisteredOwner

FounderHostof

Wikipedia.de

Journalist

Former

Volunteer

Former

Volunteer Volunteer

ITSpecialist

Former

Spokesman

Journalist Journalist

Journalist


5/24

GlennGreenwald

Glennwascri6calintheAmazonto OVHtransi6on

Itisthislevelofsupportthatneedsto bedisrupted Theseareestablishedprofessionalsthat havealiberalbent,butul6matelymostofthemifpushedwill

chooseprofessionalpreserva6onovercause,suchisthementality

ofmostbusinessprofessionals.

WithoutthesupportofpeoplelikeGlennwikileakswouldfold.


6/24

WikiLeaksOverview

WikiLeaks describes itself as an uncensorablesystem for untraceable mass document leaking.

They have used many hosting services in manydifferent countries, including PRQ (Sweden),

Amazon (US), and OVH (France).A few days ago, Amazon pulled the plug on their

WikiLeaks server

WikiLeaks has since turned to Swedish internethost Bahnhof AB, which is literally located in aCold War bomb shelter


7/24

Infrastructure

CurrentlythemainsiteishostedbyOVHISPinParis,France(88.80.13.10)

DocumentsubmissionandrepositoryisinSwedenhostedonPRQHos6ng(88.80.2.32)

Wikileakscountrydomainsareownedbyseparateindividualsnotemployeesoftheorganiza6on.

Wikileaks.infoprovidesmastermirrorlist.HostedatImproWareAGSwitzerland(87.102.255.157)


8/24

BahnhofABServers,

PionenWhiteMountains,Sweden


9/24

WikiLeaksServers

Serversareconstantlymigra6ngthroughouttheglobe


10/24

WikiLeaksServers

DetailedEuropeanservermigra6onanalysis


11/24

FromtheWSJ(8/23/10)

Partofthestrategyinvolvesincorpora3ngandregistering

WikiLeaksindifferentcountriesunderdifferentauspices

thatprovidemaximumprotec3onunderthelawsofthese

countries:alibraryinAustralia,afounda3oninFrance,

andanewspaperinSweden,andtwono-nametax

exempt501cnon-profitsintheUnitedStatesaresome

examples.Manyofthereleasesofdocumentsforawhile

werebasedinIcelandwherelawsareextremely

protec3veofspeech.Allofthosemovesaresimplytoprotecttheorganiza3on.


12/24

StrengthsandWeaknesses

Strengths Theirstrengthistheirglobalfollowingandvolunteerstaff.Thisallowsthemtohave

averylooseorganiza6on.Li[leifanydirec6onorcoordina6onisactuallypasseditis

justinferredaspartofthecause.

Julienpronouncesandtheminionsfollow.Largerinfrastructureisfairlypointlesstoa[ackbecausetheyhavesomanyotherpointsandorganiza6onsthatarewillingto

distributetheinforma6onandhelpthemgetnewhos6ngservices.

Weaknesses Financial:Theyareunderincreasingfinancialpressurebecauseauthori6esare

blockingtheirfundingsources.

Security:NeedtogettotheSwedishdocumentsubmissionserver.Needtocreatedoubtabouttheirsecurityandincreaseawarenessthatinterac6onwithWikiLeaks

willexposeyou.

Mission:ThereisafractureamongthefollowersbecauseofabeliefthatJulienisgoingastrayfromthecauseandhasselectedhisownmissionofa[ackingtheUS.

Despitethepublicity,WikiLeaksisNOTinahealthyposi6onrightnow.Theirweaknessarecausinggreatstressintheorganiza6onwhichcanbecapitalizedon.


13/24

ResponseTac6cs

Speediscrucial! Thereisno6metodevelopaninfrastructuretosupportthis

inves6ga6on

Thethreatdemandsacomprehensiveanalysiscapabilitynow Comba6ngthisthreatrequiresadvancedsubjectma[er

exper6seincybersecurity,insiderthreats,countercyber-fraud,targe6nganalysis,socialmediaexploita6on

Palan6rTechnologies,HBGaryFederal,andBericoTechnologiesrepresentdeepdomainknowledgeineachof

theseareas Theycanbedeployedtomorrowagainstthisthreatasaunifiedandcohesiveinves6ga6veanalysiscell


14/24

Poten6alProac6veTac6cs

Feedthefuelbetweenthefeudinggroups.Disinforma6on.Createmessagesaroundac6onstosabotageordiscredittheopposingorganiza6on.Submitfakedocumentsandthencallouttheerror.

Createconcernoverthesecurityoftheinfrastructure.Createexposurestories.Iftheprocessisbelievedtonotbesecuretheyaredone.

Cybera[acksagainsttheinfrastructuretogetdataondocumentsubmi[ers.Thiswouldkilltheproject.SincetheserversarenowinSwedenandFrancepungateamtogethertogetaccessismorestraighorward.

Mediacampaigntopushtheradicalandrecklessnatureofwikileaksac6vi6es.Sustainedpressure.Doesnothingforthefana6cs,butcreatesconcernand

doubtamongstmoderates.

Searchforleaks.Usesocialmediatoprofileandiden6fyriskybehaviorofemployees.


15/24

Palan6rTechnologies

Palan6rTechnologiesprovidesacompleteanalysisinfrastructure

Coretechnologiesincludedataintegra6on,searchanddiscovery,knowledgemanagement,andsecure

collabora6on

Palan6risbroadlydeployedthroughouttheNa6onalintelligenceanddefensecommuni6es

Palan6risdeployedatFortune50companiesfocusedoncybersecurity,counter-fraudopera6ons,andinsiderthreatinves6ga6ons


16/24

Seeh[ps://palan6r.com/government/conference:Inves9ga9ngFraudandCyberSecurityThreatsinLarge

CommercialEnterprises foravideodemonstra6onofPalan6r

Palan6rTechnologies

RapidAnalysis

UsingPalan6r,ananalystcandiscoverandinves6gatelatentthreatnetworksinminutesinsteadofhoursordays,divedeeperintodatathanpreviouslypossible,andforthefirst6mebeexposedtodatainaconceptual

environmentalongintui6veandhigh-leveldimensions,totallyunconstrainedbydatascaleandsilo.

AProvenTrackRecord

Thecorevalueassetsofanenterprisemustbeprotected,andwhenthoseassetstaketheformofideas,strategy,

andintellectualproperty,thechallengeofprotec6onissignificant.WithPalan6r,corporatesecurityandIP

protec6onunitswithintheprivatesectorcanleveragethesameall-sourceintelligenceplaormusedthroughout

theUSna6onalsecurityandlawenforcementcommuni6estoproac6velyiden6fyandinves6gateinternalthreats.

YourReadyMadeAnalysisInfrastructure

Criminalandfraudulentnetworksexploitinfrastructurethroughlarge-scalecompromiseofauthorizedaccountsand

distributeda[ackvectors.Analystsandinves6gatorssuccessfullydefendagainstthesethreatsusingPalan6rtofuse

cyber,transac6onal,andcontextualdatatobuildacomprehensivepictureoffraudulentac6vity.Palan6rpartners

withlargefinancialfirmstoprovideasophis6cated,flexibleplaormforuncoveringfraudulentbehaviorembedded

inaseaoflegi6mateac6vityseamlesslymergingterabytesofdatafromamul6tudeofdatasources.


17/24

HBGaryFederal

AfocusonInforma6onOpera6ons(INFOOPS)Influenceopera6onsSocialmediaexploita6onNewmediadevelopment

Expertsinthreatintelligenceandopensourceanalysis Worldrenownedvulnerabilityresearchandexploit

development

Cri6calcyberincidentresponse Industryleadingmalwareanalysisandreverse

engineering


18/24

BericoTechnologies

Comprisedofdecoratedtalentwithprovenanaly6calexper6sefromthroughouttheArmedForces. Consultantsareclassicallytrainedoncung-edgeintelligencedoctrine,to

includethemethodologiesof:fusion,targe6ng,andpredica6veanalysis.

Responsibleforbridgingthegapbetweenhardproblemsandanaly6c/technicalsolu6onsforcustomersacrossthe13intelligenceagencies.

DevelopedtheCer6fiedPalan6rTrainerCourse.Ourknowledgeofthesystemisessen6altodrivingrequirementsandmee6ngintelligence

deliverables.

Furthermore,wearetrustedadvisorsintheareasoftechnologyintegra6on,high-endconsul6ng,cyberspaceopera6ons,andintelligenceanalysisfor

specializedunitsandagenciesthroughouttheintelligencecommunity(IC).


19/24

Conclusion

WikiLeaksisnotonepersonorevenoneorganiza6on;itisanetworkofpeopleandorganiza6onsac6nginconcertforthesolepurposeofuntraceablemassdocumentleaking.

Together,Palan6rTechnologies,HBGaryFederal,andBericoTechnologiesbringtheexper6seandapproachneededtocombat

theWikiLeaksthreateffec6vely. Inthenewageofmasssocialmedia,theinsiderthreatrepresents

anongoingandpersistentthreatevenifWikiLeaksisshutdown.

Tradi6onalresponseswillfail;wemustemploythebestinves6ga6veteam,currentlyemployedbythemostsensi6veof

na6onalsecurityagencies.


20/24

BACKUPS


21/24

RapidSearch,MassiveScale


22/24

VisualizeNetworksandRela6onships


23/24

DetailedA[ackVectorAnalysis


24/24

Geospa6alAnalysis

WikiLeaks Response v6

Documents

Transcript of WikiLeaks Response v6