Researcher Uses Google Search Strings To Uncover 1,000’s of Active Government Issued ID’s, Passports & More

An online cyber security researcher going by the name of Fabio Castro in Brasil has just disclosed a serious vulnerability attached to the Google search engine. In research revealed via his Twitter page earlier today, January 10th 2019, Mr. Castro has revealed that if you enter a certain string of the right characters and symbols onto a Google search, you are essentially able to nab different portions, sections, folders, files or databases perhaps you otherwise shouldn’t.

As a proof of concept (PoC), Mr. Castro entered the following string onto Google this morning “intitle.”index of / “passport” and managed to stumble across countless international photo Id’s, Passports, Drivers Licenses and the like through Google images. While the exact number exposed is impossible to quantify, we could be talking about thousands upon thousands of active Government issued ID’s compromised by this glitch/vulnerability all across the world. For example, Mr. Castro has already admitted to maliciously downloading documents for himself – primarily targeting Brasilian drivers licenses.

After thinking for a while about how this sort of thing could have happened and after analyzing the URL structure tied to the photo’s leaked onto Googles servers, it is my professional opinion that this is a glitch resulting from Google web bots and crawlers. For example, nearly every Government or corporate website in the world is attached to Google‘s search engine on one level or another, meaning that the site has been indexed to be crawled by Google‘s various artificial intelligence web bots – seemingly at random.

Now, unless you are a security 🤓 like me, or don’t have insanely strict firewall rules, you might not realize how much Google actually attempts to “learn” about any/every website located on the ClearNet. For example, every once and a while Rogue Security Labs manages to catch Google‘s web bots attempting to crawl/index things they should have no business learning – such as my site’s json files. Tying things together, especially given the developments of today, I am also willing to bet that none of this is an isolated process, and Google‘s bots have either been intentionally configured to or accidentally reconfigured to crawl various file systems across the web – there’s no telling which really, only Google developers know that answer.

For Example:

No photo description available.

No photo description available.

No photo description available.

If you do not block these bots or employ strict enough rules on your firewall, then Google will do anything and everything it can to index everything on it – seemingly with no abandon whatsoever. After thinking about it for long enough and after piecing some more information together in my head, unfortunately, this appears to be a variation of the same exact bug/vulnerability leading to the death of 30 Clandestine CIA agents in Iran last November.

For those of you whom do not remember, as was first reported by Yahoo News on November 2nd 2018, Iranian agents managed to enter different search strings together on Google‘s search engine, leading hackers directly to site pages attached to the back-end of “secret” websites used by various CIA agents/operatives to coordinate, communicate and exchange messages with one another. For example, a later report revealed that a search comprising of the words “CIA secret website login” really did lead hackers to web pages of undercover operatives – web pages that hackers were then able to Brute-Force and/or hack. Later reports revealed that undercover agents in China were also able to compromise undercover operatives by similar hacks/vulnerabilities throughout the course of 2009 – 2013, leading to the deaths of dozens more.

Honestly, there really is no easy fix to this problem. If you are one of the websites effected, considering that Google has already indexed the web pages and files in question, Google would have to audit its own systems and servers to remove them manually. If you are a website owner looking to build your site in the future, then either hire Rogue Security Labs to manage your website security or learn how to build and employ stricter firewall rules yourself. The only way to prevent Google from indexing your site is by blocking different web bots/crawlers from doing so. It is such an advanced problem that is so easily exploited – that’s the real problem here.

On a side note, considering that I was one point a Clandestine agent in waiting and literally wrote the book how to keep an Anonymous identity online, I am quite frankly dumbfounded that agents actually employed by the CIA were dumb enough to coordinate with each other and Government offices on the ClearNet, nevermind on an unsecure website located on the ClearNet to boot- that’s just a literal face palm to me. But then again, I’m the one the CIA choose not to hire – so I guess that’s their problem. Well done America.

Op-Ed: Understanding How Trump Was Accidentally, On Purpose, Elected by The ‘Mainstream’ Media

Step 1: How News Websites Make Money

To understand how this really happened, you have to understand how the online news industry makes money. Essentially, online newspapers make money by selling advertising space. The more people that visit your website and the more people that click on any given advertisement(s) contained within it, the more money that site makes. What you should also understand is that some advertisers will also pay “per-click” or per view, meaning that every time an article is clicked on or read, the website will generate a small bit of money for you having seen that advertisement featured on it – even if it is only a few pennies. Therefore, theoretically, the more articles you produce the more money you can make. That’s how many sites “mined” advertising revenue in the past and into the future.

This practice was at the heart of the “Fake News” epidemic and “Prop or Not List,” and I know this because I used to source content to 4 websites featured on that list from 10/2015-11/2016. However, it always used to bother me to see some of my most important articles featured next to advertisements like “Click Here: See Which Child Celebrities Grew Up To Be Obese,” or “8 Tips To Increase Penis Size” directly beside my work. In fact I hated it, but I also knew I was only getting paid to write those article in the first place because of those very advertisements – such is/was “Show Business.

Step 2: How To Generate More Money by Increasing Site Traffic

With that established, you then need to understand the art of “SEO” or “Click-Baiting.” While both can technically be considered skills, only one of which do I really consider a legitimate business practice. For the purposes of this article I would like to focus on the concept of baiting people to click on articles, by generating the most inciteful, over the top, belligerent and/or emotionally charged headlines as possible. This is done simply to cater to a particular audience, get people riled up and engaged, or make them excited/pissed off – ensuring that either way, whomever sees the article will want to click on it, even if for no other reason than to see what the hell is actually going on. Remember, the more people who click on any online article, the more money that article makes. That’s literally the only “goal” of a click-bait article, to get someone to click on it – the subject matter after that point doesn’t necessarily matter, really.

I once did an experiment. For example, who wants to read an article “How Political Partisanship Effects The Dynamics of Modern Democracy,” when they could read something like “Breaking: Hillary Clinton Fronted Child Sex Ring for Husband Bill.” It might be dirty, but I assure you the second article will generate at least 10x as many clicks as the first; 10x the revenue – that’s just the way the online/internet “culture” is, draw your own conclusions about society after that point if you really want. While that is an extreme example, I think it demonstrates the concept quite clearly.

Lastly, before you go ahead and judge, make assumptions or draw any wild conclusions about the websites I sourced content to or did work for, you should also understand that this was an industry-wide practice, from the largest American news corporations on down through the grimiest of Russian propagandists – and everyone in between.

Step 3: How Trump Coverage Was A Media Gold Mine

This concept is a little easier to understand. I mean, who is more polarizing than Donald Trump himself? Even on through today, just the mere mention of his name is enough to throw people into hysterical fits of rage and throughout the course of 2015-2016, perhaps no one in the world attracted/garnered more attention than Trump did. Keeping what you just learned about click-bait and pay-per-click websites in mind, Trumps media madness created a perfect, highly profitable, storm.

As I can personally attest, any article featuring something wild about Trump received astronomically more reactions, comments and reads than anything intellectual – thus those types of articles made astronomically more money. For example, here are two articles produced by myself in the summer of 2016, both featuring coverage of Donald Trump:

Intellectual Article:

Image may contain: 1 person, smiling, text

Click-Bait Article:

Image may contain: one or more people and text

That was also not a fluke, that was the online news industry at the time. After long enough people almost couldn’t help themselves, Trump coverage generated higher ratings than any other topic – so people just kept on including/featuring it. The problem was that the money never stopped flowing in, and after month after month after month of non-stop coverage, soon enough America had managed to make it through the national primary and debate seasons, and there we were – left with Clinton v Trump for the US Presidency. As unbelievable as it sounds, no one knew exactly how it happened, I guess we all just got a little too wrapped up in corporate greed/money making and it just kind of sort of happened.

Controversy or craziness sells in the media, it is what it is really. Clearly that was what people in society liked/wanted, so news organizations felt obligated to give it to them – “Let Them Eat Cake!” The fact of the matter is that in 2015-2016 the news game was all about who could attract the most attention away from everyone else, there was nothing more to it than that. This phenomenon also wasn’t limited to online audiences, you best believe that from The New York Times and The Wall Street Journal to CNN and Fox News, all the major corporate news networks were in on it – Trump was a money making media goldmine for everyone.

Step 4: Why Foreign Actors Pushed Support for Trump

Russia. As for why Russia pushed support for Trump, there are two reasons. First was that the Russians knew full well how polarizing of a figure Donald Trump was within American society, and it has always been one of Russia’s primary objectives to disrupt American society – or at the very least make them feel “uncomfortable.” One of the primary means through which they go about accomplishing this is by going around sowing “Discord” or “Anarchy” around society. For example, remember when Facebook revealed that Russian advertisers had bought adverting space to heavily push support for Black Lives Matter protests, but targeted those advertisements directly at political conservatives and white supremacists online? Or when Facebook revealed how Russian advertisers had pushed heavy support for alt-right material, but targeted it exclusively to/at political liberals?

Read More – NATO’s Handbook of Russian Information Warfare: https://krypt3ia.files.wordpress.com/2016/12/fm_9.pdf

The second reason why Russia favored Trump was because Vladimir Putin knew that Trump would be more sympathetic to Russia’s concerns, and less likely to engage the country in various political battles or world affairs – such as has been the case in Syria. There is also no denying that Trumps political platform was certainly more favorable towards Russia than Clinton’s was, for example. In other ways, Vladimir Putin also suspected that he may have been be able to socially manipulate/engineer Trump, especially given Trumps “alleged ties” to Russian businesses and Oligarchs throughout the past. It also didn’t hurt than many of Russia’s closest allies also considered the theoretical election of Donald Trump to signal the literal downfall of the United States as they knew it.

China. In April 2016 I remember coming across a report featured by The Wall Street Journal, discussing statement’s given by China’s Finance Minister Lou Jiwei in regards to the projections of the US Presidential election later that year. More specifically, Minister Jiwei stated that he believed Donald Trump was an “irrational type,” whose election “would make the United States no longer entitled to world leadership” headed in to the future. At the time, he was the highest ranking official within China’s Government to make any such remarks. That’s essentially it, really. There were several world leaders and countries all over the world who though the election of Donald Trump would be a giant joke, and the worst possible outcome for the American public – so Chinese social media farms and Russian propagandists went “All In” to try and get him elected – the rest is history.

Read More from Harvard University – How the Chinese Government Fabricates Social Media Posts for Strategic Distraction, not Engaged Argument: https://gking.harvard.edu/50C

Step 5: The Accidentally, On Purpose, Election of Donald Trump

I don’t necessarily think anyone ever actually expected Donald Trump would eventually become President one day, let alone himself. In retrospect, our enemies were simply just trying to make fun of and divide American society, whilst also trying to set this country/international relations back decades by electing him. Here in America, advertisers, corporate executives and news organizations were all just simply trying to exploit him and profit off of all the attention/controversy he garnered, and Trump even once admitted behind closed doors that he only decided to run in the first place for “the lulz” of it all.

It may have all been a giant mistake, it may have been an accident, or maybe Donald Trump really did earn it – who am I to decide? All I know that the fake news fiasco, Russian propaganda nonsense and click-bait epidemic spiraled out of control and snowballed into a force that fundamentally altered the course of human history. All the world should now realize that, along with being the worlds single largest library, the internet is one of the worlds greatest weapons. It is not for naught my tag reads “Give me a website and platform big enough and I can move the world. The keystroke is mightier than the sword.” With that, I bid you adieu, stay classy mis amigos 😉

Warriors Crew Hacked & Defaced 7 Websites Belonging To The Governments of Peru & Brasil This Weekend

This weekend the Brasilian based hacking group known as “Warriors Crew” announced a hack of 7 Governmental website across Peru and Brasil, managing to deface each and every single one of them. While the hacks were originally carried out throughout the course of December 29th and 30th 2018, at the time of this article in the evening hours of December 31st every single one of the websites has yet to be restored and still remain in their defaced condition – perhaps indicating that hackers were able to change the sites login credentials to lock out its administrators.

Not only were the sites defaced, but hackers also managed to edit the sites SEO meta description to read “We come to fight for our people! The corruption of rulers almost always begins with the corruption of their principles. Corruption is not a Brazilian invention, but impunity is a thing of our own.” If you search for any one of the websites below on Google for example, that is the description you will read about each agency/city – lulz. Among the websites targeted include iNET Peru, an IT infrastructure service integrator operating on behalf of the Peruvian Government, the municipal websites of Nova Olinda and White Rock, Brasil, along with their chambers of commerce, as well as the City Halls of Ibiara and Obidos, Brasil.

Press Release: https://ghostbin.com/paste/cg8qb

Websites Targeted/Defaced:

Alvo 1: http://www.oosaludaltomayo.gob.pe/Warriors.html
Alvo 2: http://pedrabranca.pb.gov.br/
Alvo 3: http://novaolinda.pb.gov.br/
Alvo 4: http://camaranovaolinda.pb.gov.br/
Alvo 5: http://camaraibiara.pb.gov.br/
Alvo 6: http://camarapedrabranca.pb.gov.br/
Alvo 7: http://www.obidos.pa.gov.br/?page=prefeitura/vice_prefeito

Example:

No automatic alt text available.

No automatic alt text available.

Op-Ed: Changes To Facebooks Paid Advertising System Since The ‘Fake News’ Crackdowns

In my limited experience working as a news editor, some of my proudest accomplishments have been getting two different Facebook Pages verified during the full height of Facebook’s Fake News crackdowns in 2017 and 3 domains indexed for inclusion into the Google News during the same period of time they were blacklisting different news websites all around the world. While I have since deleted these pages and platforms offline, now that I’m beginning a new journey and have created Rogue Media Labs, I can’t help but notice how much things have changed in such a short time.

When I first founded Alternative Medi4 in July of 2016 I was angry, and perhaps a little arrogant. I had around $4,000 saved up and had every intention of using every last dime of it to create the best news platform I knew how – which is exactly what I did. In fact, by March 2018 I had managed to completely bankrupt myself and appropriately enough, switched the domain over to Bankrupt Medi4 one last time before completely shutting the site down for good. Despite my failures however, there were several takeaways I got from the experience that continue to help me on through today. For the purposes of this article, I would briefly like to discuss my experience in paid advertisements through Facebook.

Given that I was fiercely covering human rights and various battles at the time, one of my primary objectives for Alternative Medi4 was to show/prove to the world that the United States was capable of outsourcing more than just War, death and destruction. For this reason, I restricted all advertisements specifically to every country the United States was either at War with or presently bombing; Afghanistan, Iraq, Syria, Somalia, Yemen, Libya and Pakistan. What I uncovered was remarkable.

Over the course of about 7-8 months, using only about $635, I had managed to obtain close to 21,000 followers throughout the Middle East and Africa. In fact, studying my targeting tactics actually changed the way that members of the US Government fought back against Islamic State propaganda. For example, after studying my page and how effective my advertisements had become, members of the FBI, US Department of Defense and other like them began paying for advertisements themselves – specifically in the Middle East targeting audiences susceptible to Islamic State recruitment or propaganda – in order to raise awareness and/or curb them away from extremism.

However, fast forward into 2018, with an entirely new project ahead of me, my first two attempts at getting different domains indexed through Google News have both been declined, and my page is so new that Facebook is still blocking me from applying for verification. Twitter verification on the other hand has been so abused over the years that it no longer even exists.

Starting last weekend, for the first time in about 7 months, I have begun purchasing Facebook advertisements and cant help but notice how much things have changed since the last time I’ve done business with them. Even the set up for Facebook ads itself has been completely updated/revamped/changed. What I’m seeing is that Facebook has vastly changed their algorithms and completely redesigned their ad user interface, now requiring much more detail when it comes to filling out/completing an ad form. While this could be construed either positively or negatively, personally, I kind of like it.

Perhaps most noticeably, Facebook has drastically cut down on the number of “like” websites you can tie or attach your target audience to, I think to put more emphasis on verified pages only. They have also completely redesigned and/or recatagorized different interests, hobbies or activities into more consolidated groups – I think to better string together a wider group/array of people for each target, thus helping page owners reach more people with each advertisement.

My Short Term Results?

Over the course of the last 6 days, at a clip of $3 a day, I have managed to get just short of 70 new followers – targeting audiences specifically around the fields of hacking and computer/data security. This translates to roughly 10-12 followers a day, or $.25 per follower. Believe it or not, this is actually far more effective than I was anticipating. I say this because I once paid Facebook $20 in 2017 to target essentially the same audience, but only received roughly 2-10 followers combined for the money. I’m not entirely sure if this change is more a result of the new content I am covering for Rogue Media Labs, or a reflection of Facebook‘s changes to their own algorithms. Though if I had a guess, I would assume it’s all on Facebook’s end.

What I do know is that I have owned Rogue Media Labs for 2 weeks now and ever since paying Facebook to promote my page/content about a week ago, my website hits have increased by approximately 307%. On top of this, my Facebook Page views have increased 263% and I am now getting traffic from 13 different countries – 6 more than during my first week. Having only spent about $16 to date, I would say that is pretty effective – though to be fair it is hard to say how much of this is a reflection of my content/work and the connections I’m making with other authors/websites, or how much social media is contributing. Given the new direction of my site I don’t see myself going back to the Middle East for page likes, but over the course of the next several weeks and months I will be experimenting with different paid advertisements targeting different audience, stay tuned for updates.