Karim Hijazi, Unveillance and the CSFI in Libya

Posted by: Mike Pallante on July 26, 2011 at 11:24PM

Feel Like A Sir


On June 6, 2011 the now defunct LulzSec released personal emails taken from Karim Hijazi, CEO of Unveillance, and an IRC log of a conversation between members of LulzSec and Hijazi. The data implies that a US Government-funded agency considered taking malicious control of Internet servers in Libya.

Botnets, Unveillance and the CSFI


The LulzSec release came after a week of exchanges between LulzSec and the thirty-five-year-old CEO whose company Unveillance monitors data on botnets, or networks compromised by malware. During these conversations, both LulzSec and Hijazi alluded to the curious relationship between Unveillance and the Cyber Security Forum Initiative (CSFI), a government funded organization. Hijazi and Unveillance were asked to join the CSFI due to Unveillane's superior data on compromised networks in Libya.

When the Libyan government shut down the country's phone and internet access, only a handful of servers remained active in Libya, including Mariposa and XBL botnets, which Unveillance monitored. Hijazi had previously suggested those servers belong to the Libyan government rather than a private rogue source. But after his experience with the CSFI, Hijazi confided his suspicions that the CSFI were fleecing him for botnet data for use in a malicious attack to LulzSec in an IRC chat.

XBL and Mariposa Libya CSFI


The Karim Hijazi / LulzSec IRC Log


The following portion of the IRC chat log provided by LulzSec gives some context for Hijazi's experience with the government-funded CSFI (The log is presented unedited. Moondog has been verified as Karim Hijazi; the other chat members are two of the six LulzSec members):

moondog That CSFI is odd.
moondog They took my data and ran.
hamster_nipple really?
hamster_nipple should we target them/ ;)
hamster_nipple ?
moondog Well it was a bit odd. And I don't know their intent. I it was what you referred to, I
regret giving them data.
moondog I = If
hamster_nipple what data did you give them specifically?
moondog Seriously. That is not my game.
hamster_nipple it was regarding the libyan project correct?
hamster_nipple espeon/knobbles: I suspect they are doing something very funky regarding libya
knobbles id like to get my hands on that tbh
hamster_nipple moondog: what data did you give them? botnet stats regarding libyan bots that are
infected?
hamster_nipple or?
moondog Compromised hosts in Libya.
hamster_nipple figured as much
hamster_nipple they're probably looking for libyan hosts that are infected that are probably high
profile
hamster_nipple for use in penetrating libyan space
moondog Yep.
hamster_nipple karim
hamster_nipple why would you do something like that ... knowing their intentions?
hamster_nipple did you feel you had to in order to continue doing business?
hamster_nipple honest question
moondog I didn't know the intent and was in marketing mode. I am truly starving guys.

Earlier in the log LulzSec attempts to request money in exchange for their help and silence. In a statement LulzSec said they were "stringing him along" to embarrass him at a later date. A statement supported by the motivations for releasing Hijazi's personal information related in the following email:

LulzSec drops the bomb on Hijazi


Hijazi Speaks in an Official Statement


In an official statement Hijazi wrote: I am now, and have been, in full cooperation with the FBI. In fact, I contacted the FBI and US-CERT immediately after I began receiving threats from LulzSec to request their assistance – and to explain the nature of the threat. I offered my full cooperation to the FBI in an effort to rectify the situation.

However, Hijazi has yet to recant or deny his comments on the CSFI's intentions regarding the Libyan botnet data he provided. But the emails provided by LulzSec show that Hijazi was unsure about the CSFI from the start of their relationship. He reached out to friend James Hunt for information on the CSFI, who responded on April 10th, saying, "It is always interesting to see if they are really a non-profit focused on quality stuff or they are a ruse to have a bunch of guys pay money to support some guys who otherwise can't get a job..." To which Hijazi replied in an email on the same date, "hahaha. Exactly. I will keep you posted."

Questional Question


Was the CSFI playing Karim Hijazi for details on compromised server data in Libya that they couldn't acquire themselves to use in a malicious takeover of Libyan Internet as LulzSec and Hijazi suggest in the IRC chat?

*Images courtesy of LulzSec

Filed under: Blogs, botnet, Libya, Internet Security, technology, Lulzsec, hacking, Cyber Security Forum Initiative, CSFI, Unveillance, Karim Hijazi 2 Comments

Comments

  • Guest
  • -  0 pts
  • -  (10 months ago)

Very interesting and worth watching – thank you for posting. The CSFI is a worrisome organization whose intentions, no matter how masked, will be swayed by teh powers that be. but I have lots of questions…

Where is there any evidence that CSFI was looking to gather information with malicious intent? Though an allegation of LulSecs – where is the evidence?

What was the CSFI's intent? According to CNET news: "Unveillance had contributed to a report entitled "Cyber Dawn: Libya" from the nonprofit Cyber Security Forum Initiative (CSFI) that is available for download from the CSFI Web site. LulzSec apparently came across e-mails pertaining to that research and claimed in its statement to have "uncovered an operation" involving the U.S. government funding CSFI "to attack Libya's cyber infrastructure," but it was not possible to independently confirm this." says CNET

So we have a large non-profit organization (who knows where funding may come from) whose purpose is to understand and counter cyber warfare by attempting to(from an excerpt of the unclassified report)“increase awareness of cyber warfare as both a threat to be aware of, and an effective tool that if used appropriately, may expedite the resolution, or reformation to a post-conflict and stable Libya by a reduced loss of civilian life and minimal negative impact to global economic stability." (Admittedly, ‘we are here to help the people’ is often used as justification for acts of aggressive infiltration) The US government justified the Iraqi military occupation as 'liberating the Iraqi people' and ‘stabilizing the region’. Do they mean they will use acts of cyber warfare to counter attacks?’ an effective tool if used appropriately’

So I get it - official responses are spun to justify acts of invasion. The report sounds like they were looking to use cyber warfare as an ‘effective tool’. Is this the evidence? Am I being dense? That said...if LulSec did have evidence from emails flying about, did they publish them? And why is LulSec trying to extort money from Hijazi? You write that in an earlier portion of the log, LulSec attempts to request money for their silence. In his statement, Hijazi released an excerpt from an IRC log with the group in which one of the hackers says "The point is a very crude word: extortion... Let's just simplify: you have lots of money, we want more money." This is not a request – this is extortion.

I’m the little kid in Princess Bride trying to understand why Humperdink gets the girl…where are the good guys?
  • mikep
  • -  147 pts
  • -  (10 months ago)

Epic comment, Anon. Thank you!

I read through (all) of the emails LulzSec released and the story as presented in the confirmed IRC chat log checks out. The CSFI more or less dangled a government contract in front of Hijazi, who shared his data for the greater good...then jumped ship.

While LulzSec has a tendancy to overstate for the sake of a good story (claiming that Hijazi came crawling to them begging them for this or that, which the log does not show)... Call it instinct from years of passive interaction with hackers and fringe-chan-communities I really do think the extortion angle was just a way of bargaining for more information.

To hackers information is worth more than money and you can do a lot more with it. Why settle for a "job" or few grand from Hijazi when they could turn the world on its axis?

Still... Going by the facts and just the facts: The extortion angle is irrelevant to Hijazi's confession that he suspected a hostile intrusion of Libyan servers by the CSFI and the implied consensus among those involved that the CSFI was not acting autonomously in this capacity.

And as far as Fred Savage goes... Right era... wrong movie.

I think the explanation for this situation really is more of Ash per Army of Darkness: Good? Bad? I'm the guy with the gun.

What is Questional?

We interview experts, scientists, and public figures in tech & science as well as community Q & A!

Asking questions and getting answers is what we do.

Subscribe via RSS Subscribe via Email

About The Author

Mike Pallante

Mike Pallante is writer, satirical artist and full time geek who finds that reading books is nearly always the best way to learn nearly anything.

Recent Questions

What are the Features of Drupal Website Development?
What computer platform does the project management program use?
What computer platform does the project management program use? http://www.nexgenam.com/CMMS-Details.html
What is the purpose of Data Entry????
Is Wordpress compatible with mobile web services?
How do I go about implementing a CMMS or CAFM System?
How useful is equipment downtime information?
Do you know the benefits of vaporizer?
Shower remodeling Question - There are many shower pans systems in the market. please advice on the best ready to tile shower pan.
When is the galaxy s3 coming out?

Request For Interview

Questional is always on the lookout for great interviewees.

If you're a professional, an expert, or feel like your interview would be a great read to our guests + members we want to hear from you! - Contact Us