martes, 5 de abril de 2016

The truth behind "How to Hack an Election" CTR+C/CTR+V

The truths behind a strategy of black political campaign conducted by the white strategy, and the truth about the news behind bloomberg about how to hack an election this post I not taken 9 months of research just taken first hand experience before I begin denote that I am not a journalist I have no economic or political motivation in the following points, good taking into account that in the structure of the political campaign there are the following steps:
  • Know the context (social, socio-political, national ideological and cultural, socio-historical references knowledge of your opposition and factors against you, media factors)
  • inventory of resources (not only financial resources but moral support, social, community, etc ..)
  • Investigate (approach of social reality and country)
  • Define the objectives (Objectives image positioning, campaign structure, adequacy, work, segmentation of votes, acquisition targets votes. Etc ..)
  • Estimate the associated costs
  • Develop strategies field
  • Budget
  • To develop the message or campaign messages
  • constantly readjusting the strategy, message and plan (as in a business a campaign should not and should never have a work plan but rather a map which can lead to constant changes meet the requirements of objectives and others)
For within these structured steps of the political strategy (not only each campaign structure according to their vision and experience and advisors) for a campaign at any level, must take into account the trunk channel of technology.
The technology is where we communicate, where we create and store information to be processed, where information is transmitted and where the information is analyzed, are just some vertebral points using technology focused from a definition "facilitate" for an observer political. 

Well before resuming the structure and techniques that can be taken technological equipment experts black campaigns I want to make an Inca-foot in the post of Bloomberg [1] on the statements and clarify the following: 

1. Andres sepulveda never had $ 600,000 to hack anyone, how much the contract of social networking campaign to the Democratic Center works both Colombia and the 2 brothers was valued at approximately 713 million Colombian pesos by then in 2014 some 300,000 usd to run all (not just black campaign and share profits with his wife)
2. Andres never had direct relationship with candidates Enrique Peña Nieto in Mexico, Honduras Porfirio Lobo Sosa and Daniel Ortega Nicaragua or Venezuela carpiles enrique hugo chavez or opposition (please check the dates and times of travel passports, in any election works from home in Bogota while your customers are more than 3,000 kilometers nobody hires you today and all require physical interaction and counseling) else is to come by personal motivation.
2.1 The only possible serious relationship and rapprochement with the Democratic center - Alvaro Uribe and Oscar Ivan Zuluaga thanks to his wife who helped them with the contract and his friend Carlos escobar that if you had a closer contact with Alvaro Uribe.
2.2.- With this I want to make clear the misunderstanding and the granting of rights, experience and echos that is Andres in the news Bloomberg taken, that counted by the same Andres before being imprisoned and nothing to lose, he never he was in charge of anything related to direct interaction with political campaigns outside of Colombia and the democratic center.
2.3.- Andres Sepulveda and his brother (luis S.) They worked for small JJ Rendón in Bogota in office has about the T-zone as web designers which Andres was responsible for the programming part and his brother part design and promotion twitter and facebook, which corroborates the same JJRendon in the interview findings on CNN
2.4 Another point I never said publicly is that mind Previous statements and motivations sustained by a person as a drug addict and inebriated at the time andres that was free in 2014 during the campaign and first weeks of his capture as an organ General Prosecutor's Office [FGN] Colombian taken as true multiple statements and changes of stories knowing that their problems with drugs and during the initial process of jailing their withdrawal problems that remained secret several trips llevaro by the CTI the FGN to hospital for treatment, that should itself be enough to knock down any iota of truth to be taken as the basis of tests for other cases currently being carried against members of buggly cases of the operation of the army of Colombia and as current motif 2016 please press media do not take a person who wants to become a kind "Kevin Mitnick" no evidence livelihood and only for pure media story, not become famous for the simple fact of making a sporadic readers, is already quite unfortunate that google appear several searches.
2.5.- also part of the article there are contradictions such as a journalist bloomberg I was delayed 9 months to find evidence to support the story if Andres Sepulveda himself in the story says that he participated but erased all at the end and destroy all evidence in the purest style series of hacking MR Robot (with microwave and other techniques) and as such an article of this type of "claim" to believe in just one word of a prisoner who still has 8 years jail.
2.6.- Especially you can see that nothing more motivation to start the news is attack against Enrique Peña Nieto of Mexico osea the interview is hacking the elections and tear of mexico should not attempt to that of Colombia ?, ami that causes me some media populism want to focus on emphasizing the damage to the current presidency of Mexico.
I want to emphasize and make it clear here and now and avoid false comments, I personally never and had direct connection with any Mexican politician, I have had no direct relationship with anyone from the presidency current mexico or past and that my views are totally impartial and unmotivated economic or any policies on Mexican appreciation and cash from the experience of having been in the campaign with Andres Sepulveda.
Also said by the editors themselves of the news leave a reply to my email I try to tell them they are misrepresenting the news (which incidentally are not the only means they have tried to get some information from the case with this and will be more than 20 media that try to contact with me to get the story told from another point of view since starting this, but in the end after all end up diverting to their own interests the news and misrepresenting the echos with professional manipulations) who tried to get in contact with other sources of history and I think it not become clear is that Andres never did anything real hacking (otherwise are illegal with the purchase and handling of classified information, use of tools interception or other actions if they are punishable by the law)
(Which is e-mail from one of the editors and researchers of the famous news Confessions of a political hacker)

"Which must be taken into account is that producing or designing a weapon is not illegal but kill someone with that weapon if it is illegal," that in any law contemplated fine, and the simple fact of designing and building fire tools or of electronic warfare is not a crime, in some jurisdictions prolonged possession whether it may constitute a crime only as explanatory note, retaking Andres has no experience and design knowledge or advanced techniques of political intelligence which is why we hired people who alleged mind in article collaborated with a group of hackers, i want to clarify that too:
1. No one paid them worked with for making a timely work results. (Hacker groups and individual computer security experts)
2. In many cases or payment! stealing time and work to real experts in computer security.
3. In this case both work smear campaigns Mexico, Venezuela allegedly participated and run as a graphic web designer, Andres S. leave without paying the work of others (not of the eye) as well as part of I work in Colombia leaving debts more than 13,000,000 pesos that never pay several members of different groups and individuals. (The names of other individuals and groups are not publicly be equipped with confidentiality and have no relation with me us.)
3.1 I do not understand is how dare you use the name of those people if not even I pay them for services, I am evil person including our team work itself in Colombia for the campaign of the democratic center and uses its experiences to earn a name in the interview bloomberg, that's a clear lack of moral.
4. Another issue is that social networking accounts and accounts and software development, to make clear in that office in Excel files where information from all accounts was there were never more than 3,000 twitter accounts impossible to manage and refine many accounts to look real with so few people, in both cases the software that advertises in the interview bloomberg here are the links, software twitter that certainly for updates api does not work and the hunter an iPhone application connected to a server to classify pictures and warn of potential criminals so they are not top secret applications were published in 2014 and now in 2016 come to be like super tools come Take "a beer and keep calm."
Current motivations of Andres S. apart from a possible financial contribution which I doubt, is the motivation for fame and possible false image at the end of eight years more in prison missing.
Do not fall into that readers deception, people who are really expert in these issues of security at its 99% prefer anonymity and has much more experience than only develop in PHP (programming language) or some websites, also generally for perform tasks of political intelligence it is a team of people can not do everything with just one person.

Returning to the subject of the truths behind hacking a choice, want to say that we do not live in Wonderland (which plenty of comment but for people to read it you remember) this is the real world, where economic powers financed certain people who believe they can build or enhance their positions or their business by acquiring a published in the government position, no one today gives nothing less thousands or millions of dollars and in countries where candidates must not only be played with those requirements of economic forces but of social problems such as crime, illegal drug trade, armed groups, lack of legislative and even countries with large natural resources, huge international doubts and outside interests, is why we must take intelligence techniques to that such persons are visible from the political pyramid are well prepared and trained against any issue that may pose a public doubt. (Knowledge is power potential)
Well some of the works that are made during political campaigns that help make key decisions:
From the point of view of social media campaigns or social Manager's their work lies in promoting news and make as much as possible between supporters and followers not see, but from the point of view of black campaign for social networks:
1. Classification of profiles opposition.

2. Monitoring profiles opposition.

3. By utilization multiple social networking profiles ask to block certain topics or accounts

4. Design news coming from confidential or sensitive information that harms the image of the opposition candidate recalling certain previous positions of the past.

5. Identify the "key-connectors" on social networks by RT or the like or share the news on their profiles can reach more people without the need for greater economic investment.

6. Generate studies social networks to shape hot topics (many of these tools are publicly accessible at low cost)

7. In 2014 certain app like whatsapp allowed the mass of messages sent without bans spam today is more complicated by the restrictions but also WhatsApp and Telegram used for the distribution of news is more expensive simply mind-operational use software to pass those controls spam using python

8. Verification news against opposition political meetings, internal use of photos of those attending closed Meetings are public meetings or open space use of satellite pictures for measuring gauging (which incidentally are a complication point a camera to more than 10,000 meters on demand)
But not only it will end there other techniques to other offensive stages are:
1. For stage during the previous campaign using DDoS attacks to websites (news minimize other opponents and maximize your own visualizations using anti-DDoS services)

1.1.- Possible brute force to access post on platforms like zimbra, cpanel etc ..
2. Using Client side exploits are the most economical to use to access the networks of headquarters of opposition parties with the help of social engineering and have back-channels to extract information about meetings, agendas and possible speeches.
3. Use especially human intelligence to acquire information that can assist in campaign issues.
4. Using TOR Networks to avoid trace-back of the IP in countries outside the USA.
5. To support real-time campaign strategies through rapid adaptation strategies and field layouts
6. Support and acquisition of information to provide information to fill in web pages on information candidates are publicized by the White campaign (this allows the voter information so profiled and publishing contacts / relationships with drug traffickers or scams or shady dealings that opposition candidate and all his assistants an opposition could have) for the undecided voter awareness makeup.
7. Development of software auto-filling online surveys that benefits your party (if 101% of the surveys are modified and arranged) also using point 4
8. Acquisition of information socio-political issues (eg in the case of Colombia to acquire information on the FARC that we only had intelligence organizations and publicly make available information to inform the voter).
9. Development and software implementation of psycho-demographic profiling based on records and online social metadata to outline socio-cultural, political people accessing facebook, news media and others as well as geo-positioning thereof all focused on the use of hot indecisive maps and oppositional people. (all this is done by using advanced artificial intelligence models), everything can be done with python, javascript, apache Thrift and social networking APIs.
The following graphic is an example for a single analysis of a single person from our previous experiences, to extract political orientations by api'sy profiled to cross the magic of artificial intelligence
This can be used without the need to ask the people who will vote because that usually lie to avoid are lists of population censuses.

10. Now in 2016 can be used easily dron's but previously had to use a little more rudimentary techniques for games that are not presently in the government and want to present to gain positions in government using software as Osmocombb or sniffers GSM for monitoring the transmission power of other bts in public places and avoid briefcases and interception of GSM communications on cellular candidates. (Currently you can do in android without using hardware and protect the mobile device)
11. Another thing if the candidate you support is already in the government and reelect be clear utilize intelligence if the intelligence service has a direct dependence of the executive body, will be used (tracking, purchasing information and other practices with use of reserved budgets)
12. Be prepared for possible leaks of information from within your campaign and how to react to that to identify who was then out (work as part of campaign management) and how to prepare a reaction to the exposed confidential information
13. It is likely that if the white campaign has no knowledge the black part have to use techniques of big data to process the material presented (which has nothing wrong with that) but always work computer experts they are taken as you can do anything, it is as if your campaign is your friend white and black campaign is the computer within the company whenever the computer is asked everything from clean usb antler access accounts facebook's of lovers and print documents (good because it is a real abstraction of what happens with steroids;))
referring to one of the most controversial political consultants and more experienced in latin america, cutting one of his presentations
The information at the right time is the key this does not happen to be in a chair waiting !!
Well this does not end here from the point of view of cyber defense campaign does not end here other mini-jobs that run for:
1. Teach people with technical knowledge 0 as political advisors and properly use data encryption technologies.

2. Provide training in the proper use of technologies to exchange information

2.1 Raising awareness in using apps like Wickr, secure phone, cell phone encrypt, Review HTTPS urls, good use practices iPhone and Android, training phishing techniques that can undergo to avoid them.

3. Implement firewalls, IDS, Active Directory correctly (if no one uses freebsd clear DA or Slackware for an office in a political campaign)

4. Monitoring network (usually through the logs or monitor perimeter devices

5. Train all the supporters directly working at the headquarters of the campaigns in the proper use of emails (although it is impossible but the dome advisers or candidates end up using technologies like PGP or e sure if an had business and technology consultants correct)
This not only end here plus everything you do you have to present periodically in the most readable way possible (if a 12 year old does not understand then for them is like you're not doing anything), and attend meetings emergency they call you.
Also it does not end and the completion of the voting concluded and the public results that come from the official body responsible count are known, not for nothing there you still have a bit more work identifying formats voting records public to download them all , store them in a NAS and develop software to identify potential fraud counts votes in minutes with the format chosen by the official organ of the elections.
  • Here at this point you encounter various difficulties
    1. There are hundreds of thousands of records per province or department and never ending climb all.
    2. Generally they are handwritten in countries that no electronic voting and electronic file (or in cases like Venezuela are disabled by unknown errors polling).
    3. Sometimes they choose people who can not add up! if it becomes the proceedings on March 1 in 8 and 1 in 7 things that certainly missed that class in school;) and the sums sometimes coincide it never is where the fraud lies, yes sir that day a person you may be entitled university forgets to add.
    4. The calligraphy of people who choose some sides are able to convert a 9 votes from the other party on a 0 to have as you explain that to your recognition algorithm clusters of pixels to get a number on Database for calculating fraud on mathematical errors in the minutes.
    5. Today is easier with the proliferation of artificial intelligence service trained as microsoft or google IA IA Tensorflow or amazon or others who have training algorithms that facilitate deepmind today adequacy image identification for electoral records and identification of fraud, but before the old software school was used as imagemagick with a good hand bash and python and connectors to NAS on NTFS systems (232-1 (4,294,967,295)) for you maximize the amount of clippings minutes in a single folder you can store for heavy-duty cutting images (threads) change of format and quality and then train brute force cases of minutes.
    6. Search for citizens' reports of fraud today is easier using cell high-resolution cameras on social networks.

    Well this is a summary of some of the most critical things that are done before, during and after from the computer technology of information operations, not counting techniques reaction to attacks by opponents and other areas of the political campaign as consultancies image, political marketing, political science, develop videos, meetings and other things that happen during the campaign and there comes the experience and making decisions that are added work.
"All you have to do for the information and protection of information in the political campaign in key moments where the future of a country and its history is decided next" ¨
Original article: La verdad detrás de "Cómo Hackear una Elección"

Article by: Rafael Revert

Translation: by Google, sorry guys is a long text, xD.

4 comentarios:

  1. Your blog article is really very well described and informative as user point of view in which there is explanation of web development, which is very helpful for the readers who want info regarding this. I hope you will provide some more info for the betterment of our knowledge.
    Website Development Bangalore

  2. It’s hard to find educated people about this topic, however, you sound like you know what you’re talking about! Thanks.

    1. Really is not my article, is just a translate, i search and write it, actually i developing a Pentesting Framework for Android