From - Sat May 21 19:26:08 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.97.65 with SMTP id k1cs39534fan; Sun, 30 Jan 2011 06:58:08 -0800 (PST) Received: by 10.151.50.14 with SMTP id c14mr6815755ybk.66.1296399487943; Sun, 30 Jan 2011 06:58:07 -0800 (PST) Return-Path: Received: from exprod8og105.obsmtp.com (exprod8og105.obsmtp.com [64.18.3.90]) by mx.google.com with SMTP id q20si5365239ybk.17.2011.01.30.06.58.06 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 30 Jan 2011 06:58:07 -0800 (PST) Received-SPF: neutral (google.com: 64.18.3.90 is neither permitted nor denied by best guess record for domain of jburke@trueventures.com) client-ip=64.18.3.90; Authentication-Results: mx.google.com; spf=neutral (google.com: 64.18.3.90 is neither permitted nor denied by best guess record for domain of jburke@trueventures.com) smtp.mail=jburke@trueventures.com Received: from source ([208.96.48.254]) (using TLSv1) by exprod8ob105.postini.com ([64.18.7.12]) with SMTP ID DSNKTUV8fS9s5biPJZPT34uZObnOneUE0v5O@postini.com; Sun, 30 Jan 2011 06:58:07 PST Received: from TVEX.trueventures.com ([fe80::b467:476:ff0b:8664]) by TVEX.trueventures.com ([fe80::b467:476:ff0b:8664%14]) with mapi id 14.01.0270.001; Sun, 30 Jan 2011 06:57:25 -0800 From: John Burke To: Karim Hijazi Unveillance Email Subject: Read: The Unveillance Perspective on the Egyptian Internet Crisis Thread-Topic: The Unveillance Perspective on the Egyptian Internet Crisis Thread-Index: AQHLwDlrseNRKKZl40CU8hYZ8ywzoJPpm49l Date: Sun, 30 Jan 2011 14:57:24 +0000 Message-ID: <81F9CC28CCDEAF4BB6E0A77D7F33BDC205CF2E36@TVEX.trueventures.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: multipart/report; boundary="_000_81F9CC28CCDEAF4BB6E0A77D7F33BDC205CF2E36TVEXtrueventure_"; report-type=disposition-notification MIME-Version: 1.0 --_000_81F9CC28CCDEAF4BB6E0A77D7F33BDC205CF2E36TVEXtrueventure_ Content-Type: multipart/alternative; boundary="_002_81F9CC28CCDEAF4BB6E0A77D7F33BDC205CF2E36TVEXtrueventure_" --_002_81F9CC28CCDEAF4BB6E0A77D7F33BDC205CF2E36TVEXtrueventure_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Your message To: John Burke Subject: The Unveillance Perspective on the Egyptian Internet Crisis Sent: Saturday, January 29, 2011 8:52:22 PM (UTC-08:00) Pacific Time (US= & Canada) was read on Sunday, January 30, 2011 6:57:24 AM (UTC-08:00) Pacific Time (= US & Canada). --_002_81F9CC28CCDEAF4BB6E0A77D7F33BDC205CF2E36TVEXtrueventure_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Your message

   To: John Burke
   Subject: The Unveillance Perspective on the Egyptian Internet = Crisis
   Sent: Saturday, January 29, 2011 8:52:22 PM (UTC-08:00) Pacifi= c Time (US & Canada)

 was read on Sunday, January 30, 2011 6:57:24 AM (UTC-08:00) Pacific T= ime (US & Canada).
 --_002_81F9CC28CCDEAF4BB6E0A77D7F33BDC205CF2E36TVEXtrueventure_-- --_000_81F9CC28CCDEAF4BB6E0A77D7F33BDC205CF2E36TVEXtrueventure_ Content-Type: message/disposition-notification Final-recipient: RFC822; jburke@trueventures.com Disposition: automatic-action/MDN-sent-automatically; displayed X-MSExch-Correlation-Key: wvsGk8OGX0CGW85pM7N51w== Original-Message-ID: <4D44EE86.3060709@unveillance.com> X-Display-Name: John Burke --_000_81F9CC28CCDEAF4BB6E0A77D7F33BDC205CF2E36TVEXtrueventure_-- From - Sat May 21 19:26:08 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.97.65 with SMTP id k1cs39842fan; Sun, 30 Jan 2011 07:08:29 -0800 (PST) Received: by 10.224.60.68 with SMTP id o4mr5435101qah.12.1296400108891; Sun, 30 Jan 2011 07:08:28 -0800 (PST) Return-Path: Received: from qmta04.westchester.pa.mail.comcast.net (qmta04.westchester.pa.mail.comcast.net [76.96.62.40]) by mx.google.com with ESMTP id bb9si21766660qcb.175.2011.01.30.07.08.28; Sun, 30 Jan 2011 07:08:28 -0800 (PST) Received-SPF: pass (google.com: domain of raupton1@comcast.net designates 76.96.62.40 as permitted sender) client-ip=76.96.62.40; Authentication-Results: mx.google.com; spf=pass (google.com: domain of raupton1@comcast.net designates 76.96.62.40 as permitted sender) smtp.mail=raupton1@comcast.net Received: from omta10.westchester.pa.mail.comcast.net ([76.96.62.28]) by qmta04.westchester.pa.mail.comcast.net with comcast id 1r6f1g0050cZkys54r8VoC; Sun, 30 Jan 2011 15:08:29 +0000 Received: from [10.0.1.198] ([66.30.218.90]) by omta10.westchester.pa.mail.comcast.net with comcast id 1r8P1g00G1xch7E3Wr8Rfb; Sun, 30 Jan 2011 15:08:29 +0000 User-Agent: Microsoft-Entourage/12.28.0.101117 Date: Sun, 30 Jan 2011 10:08:22 -0500 Subject: Re: The Unveillance Perspective on the Egyptian Internet Crisis From: Ric Upton To: , Ric Upton CC: Ric Upton Message-ID: Thread-Topic: The Unveillance Perspective on the Egyptian Internet Crisis Thread-Index: AcvAj4jolFnWAGk8GUaQ4kS+OD4PWg== In-Reply-To: <4D44EE49.8090303@unveillance.com> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Karim - would enjoy catching up with you. I'm in Boston this week. Let me know when might be a good time to talk. Regards .... Ric On 1/29/11 11:51 PM, "Karim Hijazi Unveillance Email" wrote: > Hi Ric, > > Hope you are well. We are getting some incredible traction with our > current research regarding the Internet shutdown in Egypt. Take a look > at one of our blog entries: > > http://www.unveillance.com/latest-news/malware-activity-from-the-country-of-eg > ypt/ > > Would love to catch up as much has happened this year already and we are > doing very well. Looking forward to speaking soon! From - Sat May 21 19:26:08 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.97.65 with SMTP id k1cs43391fan; Sun, 30 Jan 2011 09:09:37 -0800 (PST) Received: by 10.150.53.2 with SMTP id b2mr5007049yba.195.1296407376522; Sun, 30 Jan 2011 09:09:36 -0800 (PST) Return-Path: Received: from mail-yw0-f45.google.com (mail-yw0-f45.google.com [209.85.213.45]) by mx.google.com with ESMTPS id r35si5602032yba.47.2011.01.30.09.09.35 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 30 Jan 2011 09:09:36 -0800 (PST) Received-SPF: neutral (google.com: 209.85.213.45 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) client-ip=209.85.213.45; Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.213.45 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) smtp.mail=jtubbs@unveillance.com Received: by ywa8 with SMTP id 8so1898825ywa.4 for ; Sun, 30 Jan 2011 09:09:35 -0800 (PST) Received: by 10.151.114.15 with SMTP id r15mr6995566ybm.242.1296407375349; Sun, 30 Jan 2011 09:09:35 -0800 (PST) Return-Path: Received: from [192.168.1.72] (99-1-188-105.lightspeed.tukrga.sbcglobal.net [99.1.188.105]) by mx.google.com with ESMTPS id 62sm3905199yhl.24.2011.01.30.09.09.34 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 30 Jan 2011 09:09:34 -0800 (PST) References: <8F0AF77B-CE67-49BA-A12A-ED665099D3C6@unveillance.com> <4D44EF33.4040503@unveillance.com> <54A70A80-0350-4C6D-814E-E9F8B8A5D8A4@unveillance.com> <2835214402372591654@unknownmsgid> In-Reply-To: <2835214402372591654@unknownmsgid> Mime-Version: 1.0 (iPhone Mail 8C148) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: <58B0D661-D2CF-412E-8ACD-BF061250D03F@unveillance.com> Cc: "khijazi@unveillance.com" X-Mailer: iPhone Mail (8C148) From: "J. Tubbs" Subject: Re: @briankrebs, 1/29/11 20:06 Date: Sun, 30 Jan 2011 12:09:29 -0500 To: Antony Chan It's all good. I wrote to krebs with the hope that he would write about us a= nd luckily he did. -J. On Jan 30, 2011, at 8:06, Antony Chan wrote: > The file is "unveil.png". Do users have licensed rights to display > content online? >=20 > -AC >=20 > On Jan 29, 2011, at 11:56 PM, "J. Tubbs" wrote: >=20 >> He must be smart. >>=20 >> -J. >>=20 >> On Jan 29, 2011, at 23:55, Karim Hijazi Unveillance Email wrote: >>=20 >>>=20 >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>>=20 >>> LOL.. that graphic looks so familiar. ;) >>>=20 >>> On 1/29/2011 11:40 PM, Antony Chan wrote: >>>> Any idea where Krebson Security is getting their data? >>>>=20 >>>> -AC >>>>=20 >>>> On Saturday, January 29, 2011, J. Tubbs >>>> wrote: >>>>> briankreb= s >>>>> (@briankrebs ) 1/29/11 20:06 >>>>> Added >>>>> an interesting graphic that shows how traffic from malware >>>>> infected hosts fell after the Egypt disconnection >>>>> http://bit.ly/ge7lQq >>>>>=20 >>>>> -J. >>>=20 >>>=20 >>> - -- >>> All the best, >>>=20 >>> Karim Hijazi >>> CEO | President >>> Unveillance >>> O. (800) 540-8478 >>> M. (561) 542-5704 >>> www.unveillance.com >>> khijazi@unveillance.com >>>=20 >>> ******************************************** >>> CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named >>> person's use only. The information contained in this communication is >>> confidential and/or privileged, proprietary information that is >>> transmitted solely for the purpose of the intended recipient(s). No >>> confidentiality or privilege is waived or lost by any >>> mistransmission. If you receive this message in error, please >>> immediately delete it and all copies of it from your system, destroy >>> any hard copies of it and notify the sender. You must not, directly or >>> indirectly, use, disclose, distribute, print, or copy any part of this >>> message if you are not the intended recipient. The sender or any of >>> its subsidiaries each reserve the right to monitor all e-mail >>> communications through its networks. >>> ******************************************** >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.11 (MingW32) >>>=20 >>> iQEcBAEBAgAGBQJNRO8yAAoJEIk0Dw4U/G3lrB4H+QFC8qQQV5IiYiSd0HsJXb/S >>> VPpn0WD7gosVbsm2XQpIf+C7d22IqlvQ5cdoe0ftmhwwBYhOT7gGdq92prSuQaZB >>> elGkKZZwPoudhSe64V4T1JAGqgf7IRfjIZ3OAhgMZMZaIlfCF61SEkOXaGO2DTnY >>> eNluvazWhZh1vpumWw5DhXAHLrvIpiyWW97BdCScWm/KON+AzCT800zHpXhE8yng >>> JyH1k7En5zB2HXzoc6RTu4/xETdCwEaWzDI/cLQhEKLCYZoUgCLv7UPyv+GhDlIJ >>> plldglSpl83UkYZvCtLRgVToSqPuwU0aQQKNacoZW16U0D/RKF1QOKerykfLX5M=3D >>> =3DGIy4 >>> -----END PGP SIGNATURE----- >>>=20 From - Sat May 21 19:26:08 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.97.65 with SMTP id k1cs30141fan; Sat, 29 Jan 2011 20:40:35 -0800 (PST) Received: by 10.100.5.4 with SMTP id 4mr2838149ane.172.1296362434952; Sat, 29 Jan 2011 20:40:34 -0800 (PST) Return-Path: Received: from mail-yx0-f173.google.com (mail-yx0-f173.google.com [209.85.213.173]) by mx.google.com with ESMTPS id b26si35553070ana.116.2011.01.29.20.40.33 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 29 Jan 2011 20:40:33 -0800 (PST) Received-SPF: pass (google.com: domain of awchan23@gmail.com designates 209.85.213.173 as permitted sender) client-ip=209.85.213.173; Authentication-Results: mx.google.com; spf=pass (google.com: domain of awchan23@gmail.com designates 209.85.213.173 as permitted sender) smtp.mail=awchan23@gmail.com; dkim=pass (test mode) header.i=@gmail.com Received: by yxl31 with SMTP id 31so1767299yxl.4 for ; Sat, 29 Jan 2011 20:40:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=FAnk+q6puTwEFkEBysTZbPwVcxmn+Ss/HO7ixJ7OGeo=; b=w8z2uS072Rh4a1gMUC9yxCSTC2IiDUSP6mvzLAEtjBDGTeeGGM4rfW2VOv+Z0ias/s Eo9JslB9ygdAQTO3427p9/CSE9Kohui2BqjQyTORnWQrupL0CaO8hYnd0XTzQfmZrw35 wnduGhcB8p9AKOwBKPuGtlQwGsDN2yoIHw3kU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=qszLYFOt5vK9vBASZcdync/kaWIhtset1gQrioGZB/l8BTXTsvkOFfS4gNv1LvHEVy Tq4QBhpj/XMBx8PzDnFGf94m+At2xs+htFeEHZSK5Qf0jU0SjOFO4HF7Cfn07N8kc699 P94OwQLKSmPbezL4x0el0NsiFjroMMv/2dx4M= MIME-Version: 1.0 Received: by 10.150.197.11 with SMTP id u11mr654896ybf.246.1296362433114; Sat, 29 Jan 2011 20:40:33 -0800 (PST) Received: by 10.150.206.5 with HTTP; Sat, 29 Jan 2011 20:40:33 -0800 (PST) In-Reply-To: <8F0AF77B-CE67-49BA-A12A-ED665099D3C6@unveillance.com> References: <8F0AF77B-CE67-49BA-A12A-ED665099D3C6@unveillance.com> Date: Sat, 29 Jan 2011 23:40:33 -0500 Message-ID: Subject: Re: @briankrebs, 1/29/11 20:06 From: Antony Chan To: "J. Tubbs" Cc: Karim Hijazi Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Any idea where Krebson Security is getting their data? -AC On Saturday, January 29, 2011, J. Tubbs wrote: > briankrebs (= @briankrebs=A0) > 1/29/11 20:06=A0 > Added an interesting graphic that shows how traffic from malware infected= hosts fell after the Egypt disconnection http://bit.ly/ge7lQq > > -J. From - Sat May 21 19:26:08 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.0.191] (184-77-43-130.gar.clearwire-wmx.net [184.77.43.130]) by mx.google.com with ESMTPS id f5sm16235693wfo.16.2011.01.29.20.47.35 (version=SSLv3 cipher=RC4-MD5); Sat, 29 Jan 2011 20:47:38 -0800 (PST) Message-ID: <4D44ED5F.9060106@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Sat, 29 Jan 2011 23:47:27 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: brian krebs CC: "J. Tubbs" Subject: Re: Longtime reader References: <6B8DFDA4-D21C-4A9D-9194-D9E64E35DA9B@unveillance.com> <8FC72DFA-91F2-4412-BF62-D282BED12F0F@unveillance.com> In-Reply-To: <8FC72DFA-91F2-4412-BF62-D282BED12F0F@unveillance.com> X-Enigmail-Version: 1.1.1 Content-Type: multipart/mixed; boundary="------------000208010001090008000802" This is a multi-part message in MIME format. --------------000208010001090008000802 Content-Type: multipart/alternative; boundary="------------040400020109070206020004" --------------040400020109070206020004 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian, I can't add much more than Jerry has already done in the email below beyond to say we truly appreciate your responsiveness and are humbled by your interest. We are a proud, close-knit firm and honestly believe what we have here is game changing. As Jerry put quite eloquently, there is much more beneath the surface that we believe you would find very compelling. Should you have some time and a continued curiosity, we will certainly arrange to present you with some further intelligence via our platform. Thank you again Brian and please don't hesitate to contact us for any further questions or comments; they are well received. On another note - attached is my public key. I took the liberty of downloading yours should we need to converse more confidentially by email. - -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** On 1/29/2011 12:10 PM, J. Tubbs wrote: > Hi Brian, > First of all, it's an honor to chat with you. I think you have one > of the best voices within the infosec and network security industries. > > To answer your questions, we have control of literally several > thousand C&C domains and can easily see infected hosts call out to > us. We actually have a lot more to blog about and make public but > we did not want to go public with everything at once because I felt > it would be information overload. > > We have been working on the technology for over two years and formed > a company around it around the middle of last year. > > As to what I was referring to earlier, we not only track infected > hosts but we keep an activity or reputation score per host as well. > The platform is holistic in that any sort of list can be correlated > by the be system be it raw event logs from a sinkhole or a vintage > blacklist. As for relevance for host activity we score the host > activity and have the ability to score based on the specific type of > threat matching a specific signature emanating from a given host. > For example, if we see a host infected and participating within the > Mariposa botnet we will score this host much higher than a host on > the Lashback UBL or Spamhaus CBL/XBL as the amount of risk is > potentially higher being infected with a variant of Rimecud versus > Rustock or Cutwail. The more activity the higher the score, and vice > versa if the host goes dormant with activity (we assume in this case > that it has been possibly remediated) we have a decay algorithm to > bring the score back down the earth over time. > > Our most proud achievement is that we not only score hosts > independently but it was important to us to organize and trend > issues into buckets of rightful representation and ownership. Our > organizational model is a hierarchical tree of everything from > corporations to regions to enterprise business sectors. For > example, we took Google's finance topology and breakdown of the > market and mapped it accordingly. Thus, we have an industry index > under which we have all types of business which include Basic > Materials, Capital Goods, Conglomerates, Consume Cyclical, > Consumer/Non-Cyclical, Energy, Financial, Healthcare, Services, > Technology, Transportation, and Utilities. Under each of those > business sector pillars we followed suit with appropriate > sub-sectors of business types which include more than I will bore > you by listing them all here. But as a quick example, under > Services we have a sub-sector of Business Services and within this > bucket we mapped the public networks of the top 50 business service > companies based on market cap and did the same for every other > business sub-sector. So, essentially by going through this exercise > we have a very interesting view of the fortune 2000+ and the types > of infections that they are emanating hourly. As evident per my > blog post, we have also mapped out regions and can trend on that > scale as well. > > By being able to organize all of the infections that we see into > appropriate buckets, it presented us with a unique opportunity to > apply a risk value or score (which we call our DLI Score -- DLI > standing for Data Leak Intelligence) upon each bucket mapped into > the system. Per the example above, since the organizational model > is hierarchical we have a risk score applied to all the companies > mapped in the Business Services sub-sector, which in turn roll up to > a single risk score for Business Services as a whole and on up the > chain for Services to the Industry Index and even a risk score for > the whole of the world. > > I have included some screenshots that coincide with the examples above. > > We would love to give you a demo of the platform at > your convenience. I have CC'd our CEO, Karim Hijazi, on the email > as he too was thrilled to be able chat with yourself. We're both > fans. :) > > > > > -J. > > On Jan 29, 2011, at 10:24 AM, brian krebs wrote: > >> Hi J, >> >> Thanks for the nice note. What a great idea you have there. Just a >> couple of questions if I may? >> >> I understand the concept of sinkholes, but I'm a little unsure what >> the wording of the blog post means here: >> >> "The numbers collected are from sinkholed malware, not from >> blacklisted hosts. We are still receiving disparate active >> connections from malware seeking Command & Control in the wild, but >> it is quickly dwindling." >> >> Normally, what is sinkholed are C&Cs. You're saying this is malware >> you've somehow trapped? Maybe running on honeypots? Help me >> understand how it is you have this visibility that allowed you to >> draw this graph? >> >> Finally, if you could just tell me a tiny bit about Unveillance, >> that would be great. >> >> Thanks! >> >> Bk >> >> >> On Sat, Jan 29, 2011 at 3:46 AM, J. Tubbs > > wrote: >> >> Brian, >> I have always enjoyed your articles and look forward to >> whatever the future may bring per your blog. >> >> I wanted to share something with that I put together per the >> events in Egypt to follow-up on your blog post. >> >> Aside from watching routes disappear and the country slowly go >> silent, we were also able to watch it do the same by simply >> watching the sinkholed malware connections do the same. >> >> Hope ya find the quick little blog interesting. >> >> http://www.unveillance.com/latest-news/malware-activity-from-the-country-of-egypt/ >> >> J. Tubbs >> CTO >> Unveillance, LLC >> O. (404) 482-3557 >> www.unveillance.com >> _jtubbs@unveillance.com _ >> >> ******************************************** >> CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the >> named >> person's use only. The information contained in this >> communication is >> confidential and/or privileged, proprietary information that is >> transmitted solely for the purpose of the intended recipient(s). No >> confidentiality or privilege is waived or lost by any >> mistransmission. >> If you receive this message in error, please immediately delete >> it and >> all copies of it from your system, destroy any hard copies of >> it and >> notify the sender. You must not, directly or indirectly, use, >> disclose, >> distribute, print, or copy any part of this message if you are >> not the >> intended recipient. The sender or any of its subsidiaries each >> reserve >> the right to monitor all e-mail communications through its >> networks. >> ******************************************** >> >> >> >> >> -- >> Brian Krebs >> KrebsOnSecurity.com >> 202-657-5765 >> PGP Key: http://bit.ly/aGNKMy >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iQEcBAEBAgAGBQJNRO1fAAoJEIk0Dw4U/G3lHrEH/jdj/wch5gnmfqu4nXS6zO6o K7e7e/GJtdhBA0KS+xp8M9mlYqFOHaX+hkfYVJmIyBAe+TdWKJgzuQPrEI9ximpj RLXbl4GURNN/+SKWIVzb5EYEtNXQ39SKazSo/Ifk/pcEcn4MPwN01YW/j8TLawWr BWymwZvbChIA6EII412Bzc7xRrmyKZ91SyM5Uil0bzdE1zAwWI1e3Q83nEk4HAMG AL2eFxpnH33n8oGUWcGbPkJ4GSVpCGAwTVigP1cIsqEki5jkN+7OqF2A38UsN5PH odissa4NxlRP58pyvOR/GbG9o8bTaHY5liBpfY1Sjw9Kjpf1q1pVmYsS2iK2cs0= =7wkV -----END PGP SIGNATURE----- --------------040400020109070206020004 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Brian,

I can't add much more than Jerry has already done in the email below
beyond to say we truly appreciate your responsiveness and are humbled
by your interest.  We are a proud, close-knit firm and honestly
believe what we have here is game changing.  As Jerry put quite
eloquently, there is much more beneath the surface that we believe you
would find very compelling.  Should you have some time and a continued
curiosity, we will certainly arrange to present you with some further
intelligence via our platform.

Thank you again Brian and please don't hesitate to contact us for any
further questions or comments; they are well received.

On another note - attached is my public key.  I took the liberty of
downloading yours should we need to converse more confidentially by email.

- --
All the best,

Karim Hijazi
CEO | President
Unveillance
O. (800) 540-8478
M. (561) 542-5704
www.unveillance.com
khijazi@unveillance.com

********************************************
CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named
person's use only. The information contained in this communication is
confidential and/or privileged, proprietary information that is
transmitted solely for the purpose of the intended recipient(s). No
confidentiality or privilege is waived or lost by any
mistransmission.  If you receive this message in error, please
immediately delete it and all copies of it from your system, destroy
any hard copies of it and notify the sender. You must not, directly or
indirectly, use, disclose, distribute, print, or copy any part of this
message if you are not the intended recipient. The sender or any of
its subsidiaries each reserve the right to monitor all e-mail
communications through its networks.
********************************************




On 1/29/2011 12:10 PM, J. Tubbs wrote:
> Hi Brian,
> First of all, it's an honor to chat with you. I think you have one
> of the best voices within the infosec and network security industries.
>
> To answer your questions, we have control of literally several
> thousand C&C domains and can easily see infected hosts call out to
> us. We actually have a lot more to blog about and make public but
> we did not want to go public with everything at once because I felt
> it would be information overload.
>
> We have been working on the technology for over two years and formed
> a company around it around the middle of last year.
>
> As to what I was referring to earlier, we not only track infected
> hosts but we keep an activity or reputation score per host as well.
> The platform is holistic in that any sort of list can be correlated
> by the be system be it raw event logs from a sinkhole or a vintage
> blacklist. As for relevance for host activity we score the host
> activity and have the ability to score based on the specific type of
> threat matching a specific signature emanating from a given host.
> For example, if we see a host infected and participating within the
> Mariposa botnet we will score this host much higher than a host on
> the Lashback UBL or Spamhaus CBL/XBL as the amount of risk is
> potentially higher being infected with a variant of Rimecud versus
> Rustock or Cutwail. The more activity the higher the score, and vice
> versa if the host goes dormant with activity (we assume in this case
> that it has been possibly remediated) we have a decay algorithm to
> bring the score back down the earth over time.
>
> Our most proud achievement is that we not only score hosts
> independently but it was important to us to organize and trend
> issues into buckets of rightful representation and ownership. Our
> organizational model is a hierarchical tree of everything from
> corporations to regions to enterprise business sectors. For
> example, we took Google's finance topology and breakdown of the
> market and mapped it accordingly. Thus, we have an industry index
> under which we have all types of business which include Basic
> Materials, Capital Goods, Conglomerates, Consume Cyclical,
> Consumer/Non-Cyclical, Energy, Financial, Healthcare, Services,
> Technology, Transportation, and Utilities. Under each of those
> business sector pillars we followed suit with appropriate
> sub-sectors of business types which include more than I will bore
> you by listing them all here. But as a quick example, under
> Services we have a sub-sector of Business Services and within this
> bucket we mapped the public networks of the top 50 business service
> companies based on market cap and did the same for every other
> business sub-sector. So, essentially by going through this exercise
> we have a very interesting view of the fortune 2000+ and the types
> of infections that they are emanating hourly. As evident per my
> blog post, we have also mapped out regions and can trend on that
> scale as well.
>
> By being able to organize all of the infections that we see into
> appropriate buckets, it presented us with a unique opportunity to
> apply a risk value or score (which we call our DLI Score -- DLI
> standing for Data Leak Intelligence) upon each bucket mapped into
> the system. Per the example above, since the organizational model
> is hierarchical we have a risk score applied to all the companies
> mapped in the Business Services sub-sector, which in turn roll up to
> a single risk score for Business Services as a whole and on up the
> chain for Services to the Industry Index and even a risk score for
> the whole of the world.
>
> I have included some screenshots that coincide with the examples above.
>
> We would love to give you a demo of the platform at
> your convenience. I have CC'd our CEO, Karim Hijazi, on the email
> as he too was thrilled to be able chat with yourself. We're both
> fans. :)
>
>
>
>
> -J.
>
> On Jan 29, 2011, at 10:24 AM, brian krebs wrote:
>
>> Hi J,
>>
>> Thanks for the nice note. What a great idea you have there. Just a
>> couple of questions if I may?
>>
>> I understand the concept of sinkholes, but I'm a little unsure what
>> the wording of the blog post means here:
>>
>> "The numbers collected are from sinkholed malware, not from
>> blacklisted hosts. We are still receiving disparate active
>> connections from malware seeking Command & Control in the wild, but
>> it is quickly dwindling."
>>
>> Normally, what is sinkholed are C&Cs. You're saying this is malware
>> you've somehow trapped? Maybe running on honeypots? Help me
>> understand how it is you have this visibility that allowed you to
>> draw this graph?
>>
>> Finally, if you could just tell me a tiny bit about Unveillance,
>> that would be great.
>>
>> Thanks!
>>
>> Bk
>>
>>
>> On Sat, Jan 29, 2011 at 3:46 AM, J. Tubbs <jtubbs@unveillance.com
>> <mailto:jtubbs@unveillance.com>> wrote:
>>
>> Brian,
>> I have always enjoyed your articles and look forward to
>> whatever the future may bring per your blog.
>>
>> I wanted to share something with that I put together per the
>> events in Egypt to follow-up on your blog post.
>>
>> Aside from watching routes disappear and the country slowly go
>> silent, we were also able to watch it do the same by simply
>> watching the sinkholed malware connections do the same.
>>
>> Hope ya find the quick little blog interesting.
>>
>> http://www.unveillance.com/latest-news/malware-activity-from-the-country-of-egypt/
>>
>> J. Tubbs
>> CTO
>> Unveillance, LLC
>> O. (404) 482-3557
>> www.unveillance.com <http://www.unveillance.com/>
>> _jtubbs@unveillance.com <mailto:jtubbs@unveillance.com>_
>>
>> ********************************************
>> CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the
>> named
>> person's use only. The information contained in this
>> communication is
>> confidential and/or privileged, proprietary information that is
>> transmitted solely for the purpose of the intended recipient(s). No
>> confidentiality or privilege is waived or lost by any
>> mistransmission.
>> If you receive this message in error, please immediately delete
>> it and
>> all copies of it from your system, destroy any hard copies of
>> it and
>> notify the sender. You must not, directly or indirectly, use,
>> disclose,
>> distribute, print, or copy any part of this message if you are
>> not the
>> intended recipient. The sender or any of its subsidiaries each
>> reserve
>> the right to monitor all e-mail communications through its
>> networks.
>> ********************************************
>>
>>
>>
>>
>> --
>> Brian Krebs
>> KrebsOnSecurity.com <http://KrebsOnSecurity.com>
>> 202-657-5765
>> PGP Key: http://bit.ly/aGNKMy
>>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
 
iQEcBAEBAgAGBQJNRO1fAAoJEIk0Dw4U/G3lHrEH/jdj/wch5gnmfqu4nXS6zO6o
K7e7e/GJtdhBA0KS+xp8M9mlYqFOHaX+hkfYVJmIyBAe+TdWKJgzuQPrEI9ximpj
RLXbl4GURNN/+SKWIVzb5EYEtNXQ39SKazSo/Ifk/pcEcn4MPwN01YW/j8TLawWr
BWymwZvbChIA6EII412Bzc7xRrmyKZ91SyM5Uil0bzdE1zAwWI1e3Q83nEk4HAMG
AL2eFxpnH33n8oGUWcGbPkJ4GSVpCGAwTVigP1cIsqEki5jkN+7OqF2A38UsN5PH
odissa4NxlRP58pyvOR/GbG9o8bTaHY5liBpfY1Sjw9Kjpf1q1pVmYsS2iK2cs0=
=7wkV
-----END PGP SIGNATURE-----

--------------040400020109070206020004-- --------------000208010001090008000802 Content-Type: application/pgp-keys; name="0x14FC6DE5.asc" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0x14FC6DE5.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (MingW32) mQENBEx5gtkBCADppEkWisXYz5yTYEnmiImIkBZT+lfVbNbmf/8rWd2QmdRftjUC 7xA/yg5KWLBuRl3g0aqQ1BX8EOhtGM5F62kVLq1Y+kzwjemeP6mvDHi6TCqWPIWZ sIScvXh7ztLNykx2cqg0IM6roLo7RJ9F+SqsGRpFWKsf6+Ubj8214yMY3E1N/nLO h0sdIYHnoQJenORAARlVyJuSzpEgzoJ6/fcLWZVXqkvgo6jBgjnJwVsM9gmUQP3E VlDGBJMikVGSbmKUInCRxTmGdp/N7eCCnVjImNNp3plNLBA3xS6q20JyIAre18nn bLahZRGNyW9VPTyQy7yBTaAoLXL7B3dDtL1jABEBAAG0OEthcmltIEhpamF6aSBV bnZlaWxsYW5jZSBFbWFpbCA8a2hpamF6aUB1bnZlaWxsYW5jZS5jb20+iQE+BBMB AgAoBQJMeYLZAhsjBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCJ NA8OFPxt5bCOCACutn5TVotzAoh+/VHBXwKhJek4jvEUJLEDgrZrYqKoAiONFJ7c R/Cfs/Bn5tyPR9ZWxadgUIp+0+ICiyrxDzR+Rsaord+5RSaqaXL7vpJbDrc/bpJw qqLLErms0xazPtGj6zdjpFkfdFPanezE9fsWjaG6eWDhiZ9Mp5Un5OQ6bKPRhBIC meaXpxCZBwj22Io+7af0JU64DbfzAykjKA17TUvGGMSWM3Wozg13MdxFvRI5N4qR 0CSFLFt9zaYCCamikUeZ2StgzHiXrp3HvPQSWCYmI+RE+wCE5dR6z4/7Ii4szGZ3 41svZn/lJkNqE2oHDT4siwnoQjB3tVA3jsrhuQENBEx5gtkBCADVyMHmAEf2s9Xk soUPfcokufyXewhayr8AZDdkr4yviqhISGl4JDsuEAQl98g4+acYLCMKgsHB4obl au0DlMGmKwexhPqqi9XdJWI+spJYxPrG5eXHxnEXR0JY39pHoPhLSkRY/VWdi/UQ TrFZ8iuxPJpISZzKGGatp7UOY+pwSaOqV0on/jH/Tsk9hfRRPYKwopbeCjXm4T9/ Sef5K7M2o3rr+WXKJvdBMJlsdtZJkZ48GdiAKZfFNdWM7KUb3AVrfnnEz5JI4LzI eTpHRb3jRQ8LJ0NYm0ZavR53LHjW2O9svi/m/AYs1DLy6eL8qqRpwLj81vrw4I+g pih8cWCFABEBAAGJASUEGAECAA8FAkx5gtkCGwwFCQlmAYAACgkQiTQPDhT8beV1 Twf/VxtdkepuaYFJrFPvLFQ0b5gaP2FrUJU79imVPA6rTrJfXWfeyAo9MgmEZQEO xnIjgXXXm64WED/TAJEwgEDix+wR46yHIDW97dhDNfE4ZNDEZmFlZXltHBw35Vlt 33R1aUuXAG4dyVsmP1o0S4beDFOBN/hj4S5Etz9Jc5chiFse7+FE3M1wVYY3DhYq EoVqnNUjkX/KCc42EtUzvnEN5CGteGHNTK1bUT55QdatjW8BPKKW2tJR0yUsGoF7 CWhLZ6wiIT4NCjZLlF5B7xi9kPjosuDxd2Pl4x9BkGCkTXe5i+8/Iz5tTy6YXY7F kRwrS9vyyb2Uusf8u6MwNQz9HQ== =ShR/ -----END PGP PUBLIC KEY BLOCK----- --------------000208010001090008000802-- From - Sat May 21 19:26:08 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.0.191] (184-77-43-130.gar.clearwire-wmx.net [184.77.43.130]) by mx.google.com with ESMTPS id w14sm26037956wfd.6.2011.01.29.20.51.29 (version=SSLv3 cipher=RC4-MD5); Sat, 29 Jan 2011 20:51:31 -0800 (PST) Message-ID: <4D44EE49.8090303@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Sat, 29 Jan 2011 23:51:21 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: "Upton, Ric" , Ric Upton Subject: The Unveillance Perspective on the Egyptian Internet Crisis X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi Ric, Hope you are well. We are getting some incredible traction with our current research regarding the Internet shutdown in Egypt. Take a look at one of our blog entries: http://www.unveillance.com/latest-news/malware-activity-from-the-country-of-egypt/ Would love to catch up as much has happened this year already and we are doing very well. Looking forward to speaking soon! -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** From - Sat May 21 19:26:08 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.0.191] (184-77-43-130.gar.clearwire-wmx.net [184.77.43.130]) by mx.google.com with ESMTPS id x18sm26040124wfa.11.2011.01.29.20.52.30 (version=SSLv3 cipher=RC4-MD5); Sat, 29 Jan 2011 20:52:31 -0800 (PST) Message-ID: <4D44EE86.3060709@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Sat, 29 Jan 2011 23:52:22 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: 'John Burke' CC: Clara Conti Subject: The Unveillance Perspective on the Egyptian Internet Crisis X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi John, Hope you are well. We are getting some incredible traction with our current research regarding the Internet shutdown in Egypt. Take a look at one of our blog entries: http://www.unveillance.com/latest-news/malware-activity-from-the-country-of-egypt/ Would love to catch up as much has happened this year already and we are doing very well. Looking forward to speaking soon! -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** From - Sat May 21 19:26:08 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.0.191] (184-77-43-130.gar.clearwire-wmx.net [184.77.43.130]) by mx.google.com with ESMTPS id x35sm26037529wfd.13.2011.01.29.20.53.23 (version=SSLv3 cipher=RC4-MD5); Sat, 29 Jan 2011 20:53:24 -0800 (PST) Message-ID: <4D44EEBB.1090701@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Sat, 29 Jan 2011 23:53:15 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: "Hyde, Reg" Subject: The Unveillance Perspective on the Egyptian Internet Crisis X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi Reg, Hope you are well. We are getting some incredible traction with our current research regarding the Internet shutdown in Egypt. Take a look at one of our blog entries: http://www.unveillance.com/latest-news/malware-activity-from-the-country-of-egypt/ Would love to catch up as much has happened this year already and we are doing very well. Looking forward to speaking soon! -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** From - Sat May 21 19:26:08 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.0.191] (184-77-43-130.gar.clearwire-wmx.net [184.77.43.130]) by mx.google.com with ESMTPS id f5sm16245216wfo.16.2011.01.29.20.55.23 (version=SSLv3 cipher=RC4-MD5); Sat, 29 Jan 2011 20:55:24 -0800 (PST) Message-ID: <4D44EF33.4040503@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Sat, 29 Jan 2011 23:55:15 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Antony Chan CC: "J. Tubbs" Subject: Re: @briankrebs, 1/29/11 20:06 References: <8F0AF77B-CE67-49BA-A12A-ED665099D3C6@unveillance.com> In-Reply-To: X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 LOL.. that graphic looks so familiar. ;) On 1/29/2011 11:40 PM, Antony Chan wrote: > Any idea where Krebson Security is getting their data? > > -AC > > On Saturday, January 29, 2011, J. Tubbs > wrote: >> briankrebs >> (@briankrebs ) 1/29/11 20:06 >> Added >> an interesting graphic that shows how traffic from malware >> infected hosts fell after the Egypt disconnection >> http://bit.ly/ge7lQq >> >> -J. - -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iQEcBAEBAgAGBQJNRO8yAAoJEIk0Dw4U/G3lrB4H+QFC8qQQV5IiYiSd0HsJXb/S VPpn0WD7gosVbsm2XQpIf+C7d22IqlvQ5cdoe0ftmhwwBYhOT7gGdq92prSuQaZB elGkKZZwPoudhSe64V4T1JAGqgf7IRfjIZ3OAhgMZMZaIlfCF61SEkOXaGO2DTnY eNluvazWhZh1vpumWw5DhXAHLrvIpiyWW97BdCScWm/KON+AzCT800zHpXhE8yng JyH1k7En5zB2HXzoc6RTu4/xETdCwEaWzDI/cLQhEKLCYZoUgCLv7UPyv+GhDlIJ plldglSpl83UkYZvCtLRgVToSqPuwU0aQQKNacoZW16U0D/RKF1QOKerykfLX5M= =GIy4 -----END PGP SIGNATURE----- From - Sat May 21 19:26:08 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.97.65 with SMTP id k1cs30350fan; Sat, 29 Jan 2011 20:56:52 -0800 (PST) Received: by 10.91.2.20 with SMTP id e20mr7027378agi.146.1296363411270; Sat, 29 Jan 2011 20:56:51 -0800 (PST) Return-Path: Received: from mail-yw0-f45.google.com (mail-yw0-f45.google.com [209.85.213.45]) by mx.google.com with ESMTPS id 67si8443023yhl.196.2011.01.29.20.56.50 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 29 Jan 2011 20:56:51 -0800 (PST) Received-SPF: neutral (google.com: 209.85.213.45 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) client-ip=209.85.213.45; Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.213.45 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) smtp.mail=jtubbs@unveillance.com Received: by ywa8 with SMTP id 8so1775942ywa.4 for ; Sat, 29 Jan 2011 20:56:50 -0800 (PST) Received: by 10.151.50.21 with SMTP id c21mr718856ybk.435.1296363410346; Sat, 29 Jan 2011 20:56:50 -0800 (PST) Return-Path: Received: from [192.168.1.70] (99-1-188-105.lightspeed.tukrga.sbcglobal.net [99.1.188.105]) by mx.google.com with ESMTPS id r24sm1159302yba.18.2011.01.29.20.56.49 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 29 Jan 2011 20:56:49 -0800 (PST) References: <8F0AF77B-CE67-49BA-A12A-ED665099D3C6@unveillance.com> <4D44EF33.4040503@unveillance.com> In-Reply-To: <4D44EF33.4040503@unveillance.com> Mime-Version: 1.0 (iPad Mail 8C148) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: <54A70A80-0350-4C6D-814E-E9F8B8A5D8A4@unveillance.com> Cc: Antony Chan X-Mailer: iPad Mail (8C148) From: "J. Tubbs" Subject: Re: @briankrebs, 1/29/11 20:06 Date: Sat, 29 Jan 2011 23:56:46 -0500 To: "khijazi@unveillance.com" He must be smart. -J. On Jan 29, 2011, at 23:55, Karim Hijazi Unveillance Email wrote: >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > LOL.. that graphic looks so familiar. ;) >=20 > On 1/29/2011 11:40 PM, Antony Chan wrote: >> Any idea where Krebson Security is getting their data? >>=20 >> -AC >>=20 >> On Saturday, January 29, 2011, J. Tubbs >> wrote: >>> briankrebs >>> (@briankrebs ) 1/29/11 20:06 >>> Added >>> an interesting graphic that shows how traffic from malware >>> infected hosts fell after the Egypt disconnection >>> http://bit.ly/ge7lQq >>>=20 >>> -J. >=20 >=20 > - --=20 > All the best, >=20 > Karim Hijazi > CEO | President > Unveillance > O. (800) 540-8478 > M. (561) 542-5704 > www.unveillance.com > khijazi@unveillance.com >=20 > ******************************************** > CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named > person's use only. The information contained in this communication is > confidential and/or privileged, proprietary information that is > transmitted solely for the purpose of the intended recipient(s). No > confidentiality or privilege is waived or lost by any > mistransmission. If you receive this message in error, please > immediately delete it and all copies of it from your system, destroy > any hard copies of it and notify the sender. You must not, directly or > indirectly, use, disclose, distribute, print, or copy any part of this > message if you are not the intended recipient. The sender or any of > its subsidiaries each reserve the right to monitor all e-mail > communications through its networks. > ******************************************** > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (MingW32) >=20 > iQEcBAEBAgAGBQJNRO8yAAoJEIk0Dw4U/G3lrB4H+QFC8qQQV5IiYiSd0HsJXb/S > VPpn0WD7gosVbsm2XQpIf+C7d22IqlvQ5cdoe0ftmhwwBYhOT7gGdq92prSuQaZB > elGkKZZwPoudhSe64V4T1JAGqgf7IRfjIZ3OAhgMZMZaIlfCF61SEkOXaGO2DTnY > eNluvazWhZh1vpumWw5DhXAHLrvIpiyWW97BdCScWm/KON+AzCT800zHpXhE8yng > JyH1k7En5zB2HXzoc6RTu4/xETdCwEaWzDI/cLQhEKLCYZoUgCLv7UPyv+GhDlIJ > plldglSpl83UkYZvCtLRgVToSqPuwU0aQQKNacoZW16U0D/RKF1QOKerykfLX5M=3D > =3DGIy4 > -----END PGP SIGNATURE----- >=20