Wednesday, October 28, 2015

Enemy Investigation: Semantically Reverse Engineering  | DailyDDoSe

Enemy Investigation: Semantically Reverse Engineering  | DailyDDoSe

Enemy Investigation: Semantically Reverse Engineering

Enemy Investigation: Semantical Reverse Engineering || Fravia+
Fravia's Anonymity Academy

Enemy tracking
2) Language patterns and the stalking tablet
(Fravia's semantical reverse engineering tricks)

~

Enemy tracking, a very difficult art, can be divided into stalking, reversing language patterns and luring. In order to stalk you need a deep knowledge of Usenet spamming (and war) techniques like flaming, trolling and crossposting. A good Fravia can moreover easily 'reconstruct' (part of) the snailtrail of his enemies and defeat their smoke curtains applying some easy semantical reverse engineering tricks. Finally the Fravia will lure his targets into the open web and identify it.

1) General stalking techniques

2) Reversing language patterns

3) General stalking techniques


Reversing language patterns


I have randomly taken from today post two snippets :-)Now tell me, this one:
man..

could ya pleeeeez send me ( if ya got it ) the Casmate crack ??? 

 need the shit bad..gonna d/l the software directly form the casmate site..

And this one:

I subscribe to a very good service: LinkAlarm that periodically checks the links on my pages (now well over 200 links). 

Do you use it?

have been written by the same person?

The answer is NO, they have been written by two different persons, but how can I be so sure? The language patterns differ, yet this could of course be intentional. You will know why, I believe, as soon as you have read the content of this page.(*I have published it at the bottom, in reverse order, you'll check later :-)


Well, reversing language patterns seems to be something pretty new: I could not find much on the web. So I'll try to summarize, and slowly add in this page, what I have noticed experimentally until now. I'll also teach you
my own best stalking method: 

Fravia's stalking tablet (TM :-)Please take note that in the following, as usual in our reversing tradition, with "target" I intend the person (and pseudo) you want to find more data about (and if possible his real identity)

There are many 'inconscious' characteristics in someone's writings and ramblings, and contraryly to what you may think, email comunication does indeed carry A LOT of clues that are as useful as theusual body language clues you costantly check when you comunicate physically with someone or all the clues given by your partner's voice when you are at the telephone.

Some of these clues are of linguistical, other of grammatical and others are of what I would call 'Internettical' type… with this I mean clues that neither voice nor paper printed comunication usually convoy.

Since we must start from somewhere, as first clue I would use the "gender" differences.

For gender here I do not mean that you can state if your target is a woman or a man (if you could it would be probably a pretty poor target :-)

I mean that you can state if your target uses 'male' or 'female' patterns in his communication… chances are that if he uses these patterns under one bogus identity, he'll use them under all other ones as well… :-)

Now, please, understand me correctly, because I do not want to be pulled into any useless 'gender style' discussion… and I know that many American friends are obsessed by this kind of crap (writing she/he and so on). 

So let's be clear: I have always been convinced that, apart from minor obvious physical differences, there is NO real difference between Women and Men, in all good or evil characteristics of our specie. Women can (and of course

should, with bona pace of all species of religious idiotical fundamentalists) drive, kill, write, love, play and fight as well as any man, and anyway there are so many women with male psychological characteristics and so many men with female psychological characteristics that I believe it does not make much sense to differenciate anything between the twin parts of our race.

Yet among the few physical differences cited above is the well known fact that women give birth to children, and this, added to society pressures, common tradition, biased instruction, television crap, advertisement conditioning, you name it, makes a LOT of almost inconscious differences and can actually give us the possibility of reversing (in part) the 'gender leaning' language patterns of our target.
In other words analysing usenet style emailings you may check if your target has a more "female" or a more "male" personality basing on the following:


The male style is characterized by adversariality: put-downs, strong often contentious assertions, lengthy and/or frequent postings, self-promotion, and sarcasm (not always witty).
The female-gendered style, in contrast, has two aspects which typically are found together: supportiveness and attenuation.


Male-targets use more coarse and abusive language and seem to change their opinions slightly less often than females-targets.


Female-targets send more messages explicitly referring to other members of the group than Male-targets.


Context differences certainly may obscure or speciously highlight your results. Always work cum grano salis. In the usual context of Internet discussion groups "normal" group psychology does not apply. Group membership on usenet is very large and members do not know all others in the group (especially if there are a large number of "lurkers", people who read messages but does not write responses and therefore are invisible inside the discussion).

Morever on Usenete the task is mostly not to produce a specific result, but rather to generate ideas and discuss them.


Male-gendered targets in discussion groups use language that a) states facts without personal ownership, b) challenges group members, c) calls for explicit action, d) is argumentative, e) uses coarse and abusive language, and f) attempt to indicates the members status.


Female-gendered targets in discussion groups use a language that a) self-discloses, b) states personal ownership of opinion, c) apologizes, d) asks questions, e) uses "we" pronouns, f) responds directly to others in the group, and g) seeks to prevent or alleviate tension or arguments.


Exactly as we have a male/female differenciation, there are MANY other 'sharp edges' that you can use to stalk your target, as you will see in my tablet below.


Keep in mind that computer conversation draws from features of both written and oral discourse and as such has a whole serie of linguistic and textual patterns:
Emphatic, Humorous, Informal.

Syntactic informality often takes the form of incomplete sentences and conversational cadences. For isntance
"Waitamoment!… what d'you mean?"; "Hmm, I see. . ."; "Mmm, no, no… I didn't mind it…"

The informal, conversational rhythm created by the "Hmm", "Mmm" and the ellipsis is clearly intended to evoke (although through written means)


spoken discourse. Similarly, , "Wouw", "Sigh", "Gulp" and "Gasp" are used occasionally to mimic vocalizations or paralinguistic features.

Another device used to mimic characteristics of speech is the textual indication of emphasis on words or phrases (present in many messages). For example, some targets OFTEN use capital letters to create the sense of oral emphasis, others *use asterisks*, others S P A C E S and some use the html tags, inside their emails, <u> for this same purpose </u>.


Such emphasis cannot be indicated in the written text using underlining or italics, obecause most protocols for exchanging electronic mail, don't support them yet (expect an explosion of clues as soon as colors will be commonly email exchanged :-)


All these clues depend from the alphanumeric characters of written text, that are used to evoke the emphasis of speech.
In some cases, exclamation points add oral emphasis, as in the subject line "No No! Flush it!!"


Yet there are also involontary clues: 

A good stalker always takes note of how many exclamation points and how many question marks the target 'commonly' uses. There are many different patterns: 

?

  ? (space and question mark)

??

???

? ? ? and so on

This is of course true also for commas, colons,semicolons , and (parenthesis ) that may or may not be spaced before the preceding word.

Another typical involontary clue is due to the 'typing habits' of your target. He may, for instance, often enough write 'inetresting' instead of 'interesting'; 'nuff' instead of 'enough', and so on and so on. This is of course pretty rare, yet it happens in less evident parts of the message. For instance, does your target break line

when he wants to substantiate a point? Does he write short or long sentences? Does he use tirets – like this – or rather parenthesis (like this)? And what about his emotycons? :-] is NOT :o)


Finally, does he write "i use" or "I use"? Often enough email is sent WITHOUT any automated spelling correction check whatsoever.


There are also 'comportamental" e-mail clues, for instance there are some email comments, on a thread, that at times clearly resemble those that occur in a face-to-face meeting, when a speaker turns towards and briefly addresses one of the individuals present, but without yielding the floor to that person: "What's your opinion about this, Brick?" "Hope to hear from Cal about this stuff!


This kind of attitude pattern can constitute a very STRONG clue when you try to identify a target.


Another example is when you suspect, examining the thread, the existence of private, backchannels between your target and somebody else. Backchannels, on usenet, are nothing else than the electronic communication between two or more individuals


that is not sent to the group as a whole.This can at times be evinced from the contexts. Such messages, like whispered side conversations in a meeting, involve concerns or strategies adopted by allies on particular issues.

In this cases you may try to find out which are the 'allies' and the 'reference points' of your target inside the group and attack from those sides.

You'll VERY FREQUENTLY find this when you stalk trolls (see enemy.htm), because trolls are trollyng mostly IN ORDER to find and contact other trolls-savy.

Yet another 'comportamental' example is the interplay among MORE THAN ONE fictious identities. In Balif's example (see enemy.htm), you have seen how his target used a whole plethora of faked personalities in order to create a 'group' impression. Of course the more fictious identities you identify, the easier it is to see the common sharp edges they possess.


Thus the language of Usenet demonstrates several characteristics more typical of oral communication in an organizational setting, casual conversation or, rather, organized meetings.


In fact the syntax and word choice often evoke conversational informality, emphasis, rhythm, and even vocalizations. On the other hand, the messages may also evince characteristics of written discourse such as formal wording, careful composing and editing, and textual formatting.

A typical case is when there is a LIST of points


1) inside

2) your target's

3) email

There is also at times an interesting evidence of patterns that are a distinctively characteristic of web interaction. Many messages display ascii graphic, typographical ascii jokes, signets and subject line humor, patterns also that are very unlikely in written and oral discourse. All such patterns ca be, at times, interesting clues.

These clues and patterns reflect both the capabilities of the web and the characteristics of the group. The interactivity of oral discourse is in fact supported and encouraged on Usenet by the ability to engage in rapid exchanges and to collect and respond to embedded excerpts of previous messages.

 At the same time the asynchronous nature of the web and the editing capabilities of the participants' email applications allow reflection and crafting patterns more characteristic of the written discourse. 

The web's ability to support informal textual exchanges allow a playful relationship with the text, or to indulge in flaming.

Of course all sort of interaction, the characteristics of the individual targets, their social community, and their motherlanguage influence the particular combination of linguistic and textual characteristics that they express.


Do not underestimate the richness and complexity of email communication… as soon as you'll have learned your stalking abc you'll never miss much all the clues that the real, non virtual world gives you when you communicate.
Now have a look at the semplified version of Fravia's stalking tablet (TM):

Fravia's stalking tablet, public version 2.003, end july 1998

Target name: enemy@somewhere.com Candidate: sillybozo@that.one

Clue Definition Example Target Candidate

TICS measure whether or not the message body gives clues about frequent typing mistakes/particularities of the author: 0 = no, 1 = yes. "inetresting enough" "'nuff said" "gimme a note" "least, but not last"  

SELF verbal self-disclosure, statements by the author of the message about the author of the message: 0 = no 1=yes. "I'll trade ya shit", "I still like Netscape", "I'm an email junkie", "My hair is black" but not "My mother's hair is black" or "My cat is black"  

GRAMMAR measure whether or not the message body gives clues about the education of the author: 0 = no, 1 = yes. "the distinction between amateur and professional" "I gave him an acknowledging e-mail wave and he answered in kind " "an unjustifiable extravagance"  

OPINION measure statements of the personal opinion of the message author; it had to indicate the first person directly or indirectly. 0 = no opinion was present, 1 = opinion was present. "I think lusers should be banned", "Chocolate is a favorite flavor of mine", "I love lollypops".  

FACT measure statement of fact (whether or not the fact was correct), without first person reference to the message sender: 0 = no statement of fact, 1 = one or more statements of fact. "God has created the earth and Winsconsin." "The government is loaded with freeloaders." "Communists rule." But not "according to me"  

KNOWLE measure whether or not the message body gives clues about the level of computer/internet knwoledge of the author: 0 = no, 1 = yes. "operands which are addresses will get added the image base of the DLL" "get a trowaway account at any third-party service provider so as to throw a bulk mailbomb past his first line blocks. The account will cease to exist in short order, but you'll have already tested his precious defending bots"  

BIAS measure whether or not the message body gives clues about characteristical idiosyncrasies of the author: 0 = no, 1 = yes. "women always make the best trollees as they have a logical reasoning capacity of zilch" "the mark of a gullible American that will almost certainly believe anything you tell him"  

APOLOGY measure any form of apology (implied or direct): 0 = no apology present; 1=slight apology; 2 = clear apology. "I wanted to apologize" "I am sorry I said what I said", "I take my words back", "please accept my apologies."  

QUESTION measure the presence of questions: 0 = no, 1 = yes. "How can I ban him from this group?", "Where can I find Softice?."  

ACTION measure any call for action on the part of the reader: 0 = no, 1 = main content of the message. "Visit this URL" "Write your congressman." "Go see this movie."  

CHALLENGE measure the presence of a challenge, dare, or bet: 0 = no, 1 = yes. "Demonstrate that you can hack that backdoor!" "I challenge you to support that statement." "Let's see if you can do that."  

FOREIGN measure whether or not the message body gives clues about the mother language of the author: 0 = no, 1 = yes. "what the cuckoo are you saying?" (german) "I am conscient " (french) "Settember" (italian)  

COALIT1 measure degree of agreement or disagreement with another person or statement previously appearing in the group discussion. 0 = no reference to another person's message, 1 = mild response to other persons on the group, 2 = strong response to other persons on the group. "I really agree with Bertie." "I think Bertie and Godzill's ideas suck."  

COALIT2 measure the use of the first person plural pronouns (we, us) towards others on the group 0 = no, 1 = yes. "We are dealing with a DLL here" "We seem to be able to takle these guys well." "Good for us!"  

FLAME1 measure levels of argumentativeness of a message: 1 = positive, neutral or no opinion to 6 = hostile: profanity, tirades, to 10 = ignoring completely the original issue. "I have to take issue with you on that one." "Only a real dork would hack such a stupid server."  

FLAME2 measure levels of the use of coarse or abusive language in a message: 0 = no abusive language to 10 = abusive aggression about content and persons in and out of the group. "I can only say that you must be a real asshole." "F*uck you." "You sure do go to great lengths to make yourself looking like an asshole."  

FLAME3 measure efforts to prevent or alleviate tensions or arguments in the discussion: 0 = no such efforts, 1 = tries to calm ongoing tension. "I think things are getting out of hand here. Let's cool the tirades and get back to the point."  

STATUS measure whether or not the message body or header give clues about the personal status of the author: 0 = no, 1 = yes. "WarezDood" "mwr (Master "white" Fravia)" "Sysop" "ThATVerYSpEcia1Dudez" "Administrative contact: "  

TIME measure the reliability of email timings: 0 = no statement possible, 10 = target always emails at 15:00 GMT See headers  

GEOGRA measure the reliability of geographical clues: 0 = no statement possible, 10 = target lives in Indianapolis "July is really pretty hot this year!" (northern emisphere); "I had to call the Landrat" (Germany/Austria) "No kidding? Here in Detroit?"  

Gotcha! (0=FALSE 1=TRUE)
I don't think it needs a lot of explanations, keep in mind that the PURPOSE of the above tablet is not so much to understand directly WHO is your target, but to understand if your target is in reality the one candidate you suspect. Once you have zeroed in, you'll stalk the (presumibly less protected) other PSEUDO in order to find out -if all works well- WHO is your target… and some luring techniques (and social engineering) will at that moment be quite useful, see my luring.htm section…


A word of warning:

You found my site and you are reading this, therefore you have now a relatively "high" level of web-lore and reversing knowledge.

Until recently I kept this section of mine in a "closed" server with other mildly powerful and potentially dangerous tutorials and tools. I am now going public with my stalking lore because spamming has taken incredibly annoying proportions and I have decided to create as many powerful Fravias as possible in order to tackle and destroy the commercial idiots.

Yet, as you perfectly know, knowledge can be used either for good or for evil. Knowledge, especially this kind of knowledge, is a powerful weapon. You may use it to defend yourself but you may
not use it to offend innocentsI hope to have you at my side, fighting on the web for knowledge and against all commercial zombies, but I cannot avoid that you join the dark side if you want to… if you do, however, take care not to meet me.
This section of my site, under perennial construction, was started on 31 July 1998

red1) general stalking red3) luring

redFravia's antispam related page

redhomepage redlinks red+ORC redbots wars redstudents' essays redcounter measures 

redbots wars redantismut CGI tricks redacademy database redtools redjavascript tricks 

redcocktails redsearch_forms redmail_Fravia 

redIs software reverse engineering illegal?

red(c) Fravia, 1995, 1996, 1997, 1998. All rights reserved

*) Answer to the 'two snippets' question… Hey! Try to find the solution by yourself BEFORE reading the following!

decaps era teppins tsrif eht fo kram noitseuq dna sisehtnerap eht

via woodmann.com



^ed

No comments:

Post a Comment