From - Sat May 21 19:22:17 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs254932qah; Thu, 12 May 2011 17:42:43 -0700 (PDT) Received: by 10.42.221.3 with SMTP id ia3mr1052089icb.181.1305247363144; Thu, 12 May 2011 17:42:43 -0700 (PDT) Return-Path: Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by mx.google.com with ESMTPS id ul8si4056457icb.126.2011.05.12.17.42.41 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 12 May 2011 17:42:42 -0700 (PDT) Received-SPF: neutral (google.com: 165.212.64.22 is neither permitted nor denied by best guess record for domain of jhunt@mitagroup.com) client-ip=165.212.64.22; Authentication-Results: mx.google.com; spf=neutral (google.com: 165.212.64.22 is neither permitted nor denied by best guess record for domain of jhunt@mitagroup.com) smtp.mail=jhunt@mitagroup.com Received: from gateout02.mbox.net (gwo2-lo [127.0.0.1]) by gateout02.mbox.net (Postfix) with ESMTP id 80F814100C6 for ; Fri, 13 May 2011 00:42:40 +0000 (GMT) X-USANET-Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.72B) with ESMTP id 977PemaQM8624Mo2; Fri, 13 May 2011 00:42:39 -0000 Received: from S1HUB2.EXCHPROD.USA.NET [165.212.120.254] by gateout02.mbox.net via smtad (C8.MAIN.3.72B) with ESMTPS id XID010PemaQn6898Xo2; Fri, 13 May 2011 00:42:39 -0000 X-USANET-Source: 165.212.120.254 IN jhunt@mitagroup.com S1HUB2.EXCHPROD.USA.NET X-USANET-MsgId: XID010PemaQn6898Xo2 Received: from MBX6.EXCHPROD.USA.NET ([10.120.221.61]) by S1HUB2.EXCHPROD.USA.NET ([10.120.220.32]) with mapi; Fri, 13 May 2011 00:42:38 +0000 From: James Hunt To: Karim Hijazi Unveillance Email Date: Fri, 13 May 2011 00:42:37 +0000 Subject: Read: Testing grabbing payload Thread-Topic: Testing grabbing payload Thread-Index: AcwQ9Ow8rgAv4aHIRN60X9TXqXZVcwAEbviO Message-ID: References: <4DCC60B9.6070501@unveillance.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-Auto-Response-Suppress: All X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/report; boundary="_000_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7EMBX6EXCHPRODU_"; report-type=disposition-notification MIME-Version: 1.0 --_000_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7EMBX6EXCHPRODU_ Content-Type: multipart/alternative; boundary="_002_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7EMBX6EXCHPRODU_" --_002_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7EMBX6EXCHPRODU_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Your message was read on Friday, May 13, 2011 12:42:37 AM (UTC) Coordinated= Universal Time. --_002_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7EMBX6EXCHPRODU_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Your message was read on Friday, = May 13, 2011 12:42:37 AM (UTC) Coordinated Universal Time.
 --_002_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7EMBX6EXCHPRODU_-- --_000_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7EMBX6EXCHPRODU_ Content-Type: message/disposition-notification Final-recipient: RFC822; jhunt@mitagroup.com Disposition: automatic-action/MDN-sent-automatically; displayed X-MSExch-Correlation-Key: LA8baRABRkWp+nU5EyRnEg== Original-Message-ID: <4DCC60B9.6070501@unveillance.com> X-Display-Name: James Hunt --_000_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7EMBX6EXCHPRODU_-- From - Sat May 21 19:22:17 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs254938qah; Thu, 12 May 2011 17:42:55 -0700 (PDT) Received: by 10.231.24.193 with SMTP id w1mr668621ibb.41.1305247375283; Thu, 12 May 2011 17:42:55 -0700 (PDT) Return-Path: Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by mx.google.com with ESMTPS id v21si4098118ibb.66.2011.05.12.17.42.54 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 12 May 2011 17:42:54 -0700 (PDT) Received-SPF: neutral (google.com: 165.212.64.22 is neither permitted nor denied by best guess record for domain of jhunt@mitagroup.com) client-ip=165.212.64.22; Authentication-Results: mx.google.com; spf=neutral (google.com: 165.212.64.22 is neither permitted nor denied by best guess record for domain of jhunt@mitagroup.com) smtp.mail=jhunt@mitagroup.com Received: from gateout02.mbox.net (gwo2-lo [127.0.0.1]) by gateout02.mbox.net (Postfix) with ESMTP id 8C0085D11BF; Fri, 13 May 2011 00:42:45 +0000 (GMT) X-USANET-Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.72B) with ESMTP id 003PemaQr3424Mo2; Fri, 13 May 2011 00:42:43 -0000 Received: from S1HUB5.EXCHPROD.USA.NET [165.212.120.254] by gateout02.mbox.net via smtad (C8.MAIN.3.72B) with ESMTPS id XID036PemaQr2786Xo2; Fri, 13 May 2011 00:42:43 -0000 X-USANET-Source: 165.212.120.254 IN jhunt@mitagroup.com S1HUB5.EXCHPROD.USA.NET X-USANET-MsgId: XID036PemaQr2786Xo2 Received: from MBX6.EXCHPROD.USA.NET ([10.120.221.61]) by S1HUB5.EXCHPROD.USA.NET ([10.120.220.35]) with mapi; Fri, 13 May 2011 00:42:43 +0000 From: James Hunt To: Karim Hijazi , Andy Feinstein Date: Fri, 13 May 2011 00:42:41 +0000 Subject: Re: Testing grabbing payload Thread-Topic: Testing grabbing payload Thread-Index: AcwRBqseJV89/FWzSI2dS9GrlgwbGw== Message-ID: In-Reply-To: <4DCC60B9.6070501@unveillance.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.10.0.110310 acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 This is very powerful for sure. We obviously need to be careful but telling clients that we'd be happy to allow them to view their own payloads may be OK. Jim On 5/12/11 6:35 PM, "Karim Hijazi Unveillance Email" wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Gentlemen, > >So... we can grab payload if needed at will with some of the sinkhole >traffic: > >[5:32:38 PM] Matt Thompson: Packet port 1863 [74] >50 52 49 56 4D 53 47 20 23 6C 20 3A 5B 48 54 54 PRIVMSG #l :[HTT >50 20 4C 6F 67 69 6E 5D 3A 20 46 61 63 65 62 6F P Login]: Facebo >6F 6B 20 2D 3E 3E 20 6A 65 73 73 69 78 68 70 40 ok ->> jessixhp@ >68 6F 74 6D 61 69 6C 2E 63 6F 6D 20 3A 20 77 61 hotmail.com : wa >6D 70 79 74 65 61 6D 6F 0D 0A mpyteamo..m : wa >[5:32:43 PM] Matt Thompson: want some facebook passwords? > >This was a trojan stealing someone's facebook login. You get the point. :) > > >- --=20 >All the best, > >Karim Hijazi >CEO | President >Unveillance >O. (800) 540-8478 >M. (561) 542-5704 >www.unveillance.com >khijazi@unveillance.com > >******************************************** >CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named >person's use only. The information contained in this communication is >confidential and/or privileged, proprietary information that is >transmitted solely for the purpose of the intended recipient(s). No >confidentiality or privilege is waived or lost by any mistransmission. >If you receive this message in error, please immediately delete it and >all copies of it from your system, destroy any hard copies of it and >notify the sender. You must not, directly or indirectly, use, disclose, >distribute, print, or copy any part of this message if you are not the >intended recipient. The sender or any of its subsidiaries each reserve >the right to monitor all e-mail communications through its networks. >******************************************** >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.11 (MingW32) > >iQEcBAEBAgAGBQJNzGC5AAoJEIk0Dw4U/G3lizQIAMIlGhG7zDAQLe/r1js05hj8 >TPCdzr48n9j+kjvYFcRgdCHGOfZV9IakS9jFaGXkg/tfO1YvyqkbvzyaID2Igsdz >LIKzcglUP7UU5Y7tIHA32VhVaWsX25MM2JWlLxscTSTo+OzlXtJhKWLieyECTwYA >OlYeLkOKSitjFAzdsSXllSs53Dq800AGOorrktuaQ8HSKcpR7THdyE+cKgMcZ5s2 >HuNf/owXe1BOUtGGtNONWUih58T26IRznss+CXDLMLBGUT9S0oCZKyexg5aSvTiY >7nUupSuoIS/jftquOrfU3JKUVbweQdrLNODPrOFH8a1XQE3wsFxMJvcBiWyAj78=3D >=3DxWBD >-----END PGP SIGNATURE----- From - Sat May 21 19:22:17 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs254980qah; Thu, 12 May 2011 17:45:13 -0700 (PDT) Received: by 10.42.161.2 with SMTP id r2mr1014236icx.261.1305247512560; Thu, 12 May 2011 17:45:12 -0700 (PDT) Return-Path: Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by mx.google.com with ESMTPS id un6si4079938icb.81.2011.05.12.17.45.11 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 12 May 2011 17:45:11 -0700 (PDT) Received-SPF: neutral (google.com: 165.212.64.22 is neither permitted nor denied by best guess record for domain of jhunt@mitagroup.com) client-ip=165.212.64.22; Authentication-Results: mx.google.com; spf=neutral (google.com: 165.212.64.22 is neither permitted nor denied by best guess record for domain of jhunt@mitagroup.com) smtp.mail=jhunt@mitagroup.com Received: from gateout02.mbox.net (gwo2-lo [127.0.0.1]) by gateout02.mbox.net (Postfix) with ESMTP id DEE3D4100B9 for ; Fri, 13 May 2011 00:45:10 +0000 (GMT) X-USANET-Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.72B) with ESMTP id 594PematJ3424Mo2; Fri, 13 May 2011 00:45:09 -0000 Received: from S1HUB3.EXCHPROD.USA.NET [165.212.120.254] by gateout02.mbox.net via smtad (C8.MAIN.3.72B) with ESMTPS id XID598PematJ1586Xo2; Fri, 13 May 2011 00:45:09 -0000 X-USANET-Source: 165.212.120.254 IN jhunt@mitagroup.com S1HUB3.EXCHPROD.USA.NET X-USANET-MsgId: XID598PematJ1586Xo2 Received: from MBX6.EXCHPROD.USA.NET ([10.120.221.61]) by S1HUB3.EXCHPROD.USA.NET ([10.120.220.33]) with mapi; Fri, 13 May 2011 00:44:24 +0000 From: James Hunt To: Karim Hijazi Unveillance Email Date: Fri, 13 May 2011 00:44:23 +0000 Subject: Read: Re: Testing grabbing payload Thread-Topic: Testing grabbing payload Thread-Index: AcwRAxi3GdZnqL6ZT6ySkgkYqkguqAAA86JQ Message-ID: References: <4DCC7881.7050600@unveillance.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-Auto-Response-Suppress: All X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/report; boundary="_000_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7FMBX6EXCHPRODU_"; report-type=disposition-notification MIME-Version: 1.0 --_000_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7FMBX6EXCHPRODU_ Content-Type: multipart/alternative; boundary="_002_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7FMBX6EXCHPRODU_" --_002_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7FMBX6EXCHPRODU_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Your message was read on Friday, May 13, 2011 12:44:23 AM (UTC) Coordinated= Universal Time. --_002_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7FMBX6EXCHPRODU_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Your message was read on Friday, = May 13, 2011 12:44:23 AM (UTC) Coordinated Universal Time.
 --_002_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7FMBX6EXCHPRODU_-- --_000_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7FMBX6EXCHPRODU_ Content-Type: message/disposition-notification Final-recipient: RFC822; jhunt@mitagroup.com Disposition: automatic-action/MDN-sent-automatically; displayed X-MSExch-Correlation-Key: fcOfLDC/HU2YGryJ+nN9Bw== Original-Message-ID: <4DCC7881.7050600@unveillance.com> X-Display-Name: James Hunt --_000_B41C53427D44E140AFB94BCBDEE1781A09F2FD2A7FMBX6EXCHPRODU_-- From - Sat May 21 19:22:17 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs255502qah; Thu, 12 May 2011 18:11:33 -0700 (PDT) Received: by 10.43.65.75 with SMTP id xl11mr982664icb.497.1305249093313; Thu, 12 May 2011 18:11:33 -0700 (PDT) Return-Path: Received: from maila-bc.linkedin.com (maila-bc.linkedin.com [216.52.242.142]) by mx.google.com with ESMTP id uf9si4142838icb.7.2011.05.12.18.11.32; Thu, 12 May 2011 18:11:33 -0700 (PDT) Received-SPF: pass (google.com: domain of m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V@bounce.linkedin.com designates 216.52.242.142 as permitted sender) client-ip=216.52.242.142; Authentication-Results: mx.google.com; spf=pass (google.com: domain of m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V@bounce.linkedin.com designates 216.52.242.142 as permitted sender) smtp.mail=m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V@bounce.linkedin.com; dkim=pass header.i=@linkedin.com DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=prod; d=linkedin.com; h=DKIM-Signature:Sender:Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:X-LinkedIn-Template:X-LinkedIn-Class:X-LinkedIn-fbl; b=NGQFWzZv0LbFh/53N/9ioZlKAeMFOFl1V3otHmXx69xWB/qUuuXUujZyNalOGmQ1 lNObPVqpuwusTIjxZgM5ZJxw6dwe5EpAjZC2NgxNMxE0bPX7K1IYL8zDQZEHZICy DKIM-Signature: v=1; a=rsa-sha1; d=linkedin.com; s=proddkim; c=relaxed/relaxed; q=dns/txt; i=@linkedin.com; t=1305249092; h=From:Subject:Date:To:MIME-Version:Content-Type; bh=gv4fqpwk8Sl5NSI6xionISGJvMI=; b=CKBKfDzVHYzS9MYYRHeGkLq6LA/fjsAVXNyv/tVq0VZLIc+RX0hIdNxdM6QYaSm/ dwHgsd7fedysDSZ2sVvsEIrK8USuQ+arRQWdPAG0CeF7J2p2WmPBepSTnN7XD5Qb; Sender: messages-noreply@bounce.linkedin.com Date: Fri, 13 May 2011 01:11:31 +0000 (UTC) From: LinkedIn Connections To: Karim Hijazi Message-ID: <1363217491.6223908.1305249091826.JavaMail.app@ela4-bed84.prod> Subject: See what David has been up to... MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_6223907_250644294.1305249091822" X-LinkedIn-Template: accept_invite_snacked_C_01 X-LinkedIn-Class: INVITE-ACCEPT X-LinkedIn-fbl: m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V ------=_Part_6223907_250644294.1305249091822 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Karim, Congratulations! You and David are now connected. David Krauskopf Angel Investor at Blu Venture Investors Washington D.C. Metro Area Information Technology and Services Industry dkrauskopf2005@kellogg.northwestern.edu To view David Krauskopf's profile, go to http://www.linkedin.com/e/pyok5x-gnmflwx9-l/fpf/246086/EML-inv-acc-prof/ ---------------------------------------------- (c) 2011, LinkedIn Corporation ------=_Part_6223907_250644294.1305249091822 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Karim, Congratulations!

You and David are now connected.

David Krauskopf
Angel Investor at Blu Venture Investors
View David's Profile
Washington D.C. Metro Area
Information Technology and Services Industry
dkrauskopf2005@kellogg.northwestern.edu
David's Connections (162) See All »
Casey Berman , Partner at Berman Enterprises

 Connect

Esther Dyson , principal, EDventure; investor/director, startups

 Connect

Jai Saboo , Chairman/CSO at Harmonia Holdings Group,LLC

 Connect

John Frank , Technologist and Physicist

 Connect

Companies in David's Network:
Latista
David works here

 Follow Company

 		Accenture
David knows employees here

 Follow Company
IBM Global Services
David knows employees here

 Follow Company

 		Deloitte
David knows employees here

 Follow Company
© 2011, LinkedIn Corporation
------=_Part_6223907_250644294.1305249091822-- From - Sat May 21 19:22:17 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.1.107] (c-76-31-218-178.hsd1.tx.comcast.net [76.31.218.178]) by mx.google.com with ESMTPS id s36sm1235069ano.1.2011.05.12.18.18.27 (version=SSLv3 cipher=OTHER); Thu, 12 May 2011 18:18:27 -0700 (PDT) Message-ID: <4DCC86E2.4090708@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Thu, 12 May 2011 20:18:26 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10 MIME-Version: 1.0 To: Jeff Bardin Subject: Re: Life is good - baby is happy - Arbor wants to play with Unveillance. References: <4DCC02BE.70402@unveillance.com> In-Reply-To: X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry I missed you Jeff. Got tied up with some last minute stuff. How's ur day tomorrow? KH On 5/12/2011 4:05 PM, Jeff Bardin wrote: > How does 6pm EST sound? > > > The information in this electronic mail message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Internet electronic mail message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. > > > On May 12, 2011, at 11:54, Karim Hijazi Unveillance Email wrote: > > Jeff, > > Hope you are well my friend. Let's chat later today if you have some > time. I am happy. > >> - -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iQEcBAEBAgAGBQJNzIbiAAoJEIk0Dw4U/G3lGpsIAMrrh5u9Se6XWtt4DK+SQeQm saaqb+CqoEdcU6qY/IXJhsSgVUYoaqrib3TgMOM1lU2w0IhLCJtJgwv2ZNg3Mpm4 947IeHbVjc0MlVgYxIrh7urNQ853sXjtNUTc6gPtbeqrHEsGG8J3DUE0wXD5PE4E ijO+ifO4fpZSffja6hJxT75f7r66C8tDsEtR/ZyPMrfPtRDAaVpEWFz7ojp10mVT Nt3v+S4Cvi7XHG2ZpDuFyjFrWBTMxUnDgUkOVrUe29O1B/BgZHp/t9YEhFgZUFQt eoIUnEZzP+nS/4r4ETl0IZYUmtBrg2HAdACkVQBmKTjJ0uIP98lgQhlMrLBQ7gY= =msDL -----END PGP SIGNATURE----- From - Sat May 21 19:22:17 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs255667qah; Thu, 12 May 2011 18:19:26 -0700 (PDT) Received: by 10.229.118.72 with SMTP id u8mr713865qcq.1.1305249566529; Thu, 12 May 2011 18:19:26 -0700 (PDT) Return-Path: Received: from blu0-omc3-s29.blu0.hotmail.com (blu0-omc3-s29.blu0.hotmail.com [65.55.116.104]) by mx.google.com with ESMTP id mz15si3540194qcb.116.2011.05.12.18.19.26; Thu, 12 May 2011 18:19:26 -0700 (PDT) Received-SPF: pass (google.com: domain of jsbardin@hotmail.com designates 65.55.116.104 as permitted sender) client-ip=65.55.116.104; Authentication-Results: mx.google.com; spf=pass (google.com: domain of jsbardin@hotmail.com designates 65.55.116.104 as permitted sender) smtp.mail=jsbardin@hotmail.com Received: from BLU0-SMTP211 ([65.55.116.74]) by blu0-omc3-s29.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 12 May 2011 18:19:26 -0700 X-Originating-IP: [66.168.112.216] X-Originating-Email: [jsbardin@hotmail.com] Message-ID: Return-Path: jsbardin@hotmail.com Received: from [192.168.0.193] ([66.168.112.216]) by BLU0-SMTP211.phx.gbl over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Thu, 12 May 2011 18:19:24 -0700 Subject: Re: Life is good - baby is happy - Arbor wants to play with Unveillance. References: <4DCC02BE.70402@unveillance.com> <4DCC86E2.4090708@unveillance.com> From: Jeff Bardin Content-Type: text/plain; charset="us-ascii" X-Mailer: iPhone Mail (8J2) In-Reply-To: <4DCC86E2.4090708@unveillance.com> Date: Thu, 12 May 2011 21:19:21 -0400 To: "khijazi@unveillance.com" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 (iPhone Mail 8J2) X-OriginalArrivalTime: 13 May 2011 01:19:24.0796 (UTC) FILETIME=[CBC5EBC0:01CC110B] Good early afternoon Best Jeff The information in this electronic mail message is confidential and may be l= egally privileged. It is intended solely for the addressee. Access to this= Internet electronic mail message by anyone else is unauthorized. If you ar= e not the intended recipient, any disclosure, copying, distribution or any a= ction taken or omitted to be taken in reliance on it is prohibited and may b= e unlawful. On May 12, 2011, at 21:18, Karim Hijazi Unveillance Email wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > Sorry I missed you Jeff. Got tied up with some last minute stuff. > How's ur day tomorrow? >=20 > KH >=20 > On 5/12/2011 4:05 PM, Jeff Bardin wrote: >> How does 6pm EST sound? >>=20 >>=20 >> The information in this electronic mail message is confidential and may b= e legally privileged. It is intended solely for the addressee. Access to t= his Internet electronic mail message by anyone else is unauthorized. If you= are not the intended recipient, any disclosure, copying, distribution or an= y action taken or omitted to be taken in reliance on it is prohibited and ma= y be unlawful. >>=20 >>=20 >> On May 12, 2011, at 11:54, Karim Hijazi Unveillance Email wrote: >>=20 >> Jeff, >>=20 >> Hope you are well my friend. Let's chat later today if you have some >> time. I am happy. >>=20 >>>=20 >=20 > - --=20 > All the best, >=20 > Karim Hijazi > CEO | President > Unveillance > O. (800) 540-8478 > M. (561) 542-5704 > www.unveillance.com > khijazi@unveillance.com >=20 > ******************************************** > CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named > person's use only. The information contained in this communication is > confidential and/or privileged, proprietary information that is > transmitted solely for the purpose of the intended recipient(s). No > confidentiality or privilege is waived or lost by any mistransmission. > If you receive this message in error, please immediately delete it and > all copies of it from your system, destroy any hard copies of it and > notify the sender. You must not, directly or indirectly, use, disclose, > distribute, print, or copy any part of this message if you are not the > intended recipient. The sender or any of its subsidiaries each reserve > the right to monitor all e-mail communications through its networks. > ******************************************** > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (MingW32) >=20 > iQEcBAEBAgAGBQJNzIbiAAoJEIk0Dw4U/G3lGpsIAMrrh5u9Se6XWtt4DK+SQeQm > saaqb+CqoEdcU6qY/IXJhsSgVUYoaqrib3TgMOM1lU2w0IhLCJtJgwv2ZNg3Mpm4 > 947IeHbVjc0MlVgYxIrh7urNQ853sXjtNUTc6gPtbeqrHEsGG8J3DUE0wXD5PE4E > ijO+ifO4fpZSffja6hJxT75f7r66C8tDsEtR/ZyPMrfPtRDAaVpEWFz7ojp10mVT > Nt3v+S4Cvi7XHG2ZpDuFyjFrWBTMxUnDgUkOVrUe29O1B/BgZHp/t9YEhFgZUFQt > eoIUnEZzP+nS/4r4ETl0IZYUmtBrg2HAdACkVQBmKTjJ0uIP98lgQhlMrLBQ7gY=3D > =3DmsDL > -----END PGP SIGNATURE----- >=20 From - Sat May 21 19:22:17 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs256374qah; Thu, 12 May 2011 18:44:46 -0700 (PDT) Received: by 10.142.132.4 with SMTP id f4mr477138wfd.306.1305251085987; Thu, 12 May 2011 18:44:45 -0700 (PDT) Return-Path: Received: from mailc-af.linkedin.com (mailc-af.linkedin.com [69.28.147.157]) by mx.google.com with ESMTP id v35si5387387wfh.38.2011.05.12.18.44.44; Thu, 12 May 2011 18:44:44 -0700 (PDT) Received-SPF: pass (google.com: domain of m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V@bounce.linkedin.com designates 69.28.147.157 as permitted sender) client-ip=69.28.147.157; Authentication-Results: mx.google.com; spf=pass (google.com: domain of m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V@bounce.linkedin.com designates 69.28.147.157 as permitted sender) smtp.mail=m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V@bounce.linkedin.com; dkim=pass header.i=@linkedin.com DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=prod; d=linkedin.com; h=DKIM-Signature:Sender:Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:X-LinkedIn-Template:X-LinkedIn-Class:X-LinkedIn-fbl; b=ktlivWvb09uai3FcOLEiJ7BafWt95/brymTIIIqUv18bNQWkD3U3bvfhYrcPmRzp r1FM+NEN9gXnnfqo//tCkSWjPJeAsvt+YHQhCdYiABdHZkDIBSW6C4pTBSubgd/y DKIM-Signature: v=1; a=rsa-sha1; d=linkedin.com; s=proddkim; c=relaxed/relaxed; q=dns/txt; i=@linkedin.com; t=1305251084; h=From:Subject:Date:To:MIME-Version:Content-Type; bh=ukZ3azsMBwJ20R4+BtUuAHp60bQ=; b=OTGGKdasYoHWw9i81+d/Ytol89mxxFvJBjRlG3p/G8FuUt/z4b67KgT0eTDbwJLn Hma1e7bKcZNwgkGKnXiI6UBtEA+S3Zfh2jvRAeqftp5Bd/eFfWoGoAxzLR8Yi3pN; Sender: messages-noreply@bounce.linkedin.com Date: Fri, 13 May 2011 01:44:44 +0000 (UTC) From: "CSFI-CWD (CYBER WARFARE DIVISION) Group Members" To: Karim Hijazi Message-ID: <1570030593.63216960.1305251084244.JavaMail.app@ela4-bed53.prod> Subject: [1] new discussion on LinkedIn MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_63216956_518371092.1305251084243" X-LinkedIn-Template: anet_digest_type X-LinkedIn-Class: GROUPDIGEST X-LinkedIn-fbl: m-dO98ogxIz99Omgl7vlldVodUIr7o8gYiD50V ------=_Part_63216956_518371092.1305251084243 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit CSFI-CWD (CYBER WARFARE DIVISION) Today's new discussions from CSFI-CWD (CYBER WARFARE DIVISION) group members. Change the frequency of this digest: http://www.linkedin.com/e/pyok5x-gnmgsmaa-33/ahs/2611337/EMLt_anet_settings/ Send me an email for each new discussion » http://www.linkedin.com/e/pyok5x-gnmgsmaa-33/snp/2611337/true/grp_email_subscribe_new_posts/ New Discussions ({0}) * Larry McKee New NSCI whitepapers, interviews, etc. View discussion » http://www.linkedin.com/e/pyok5x-gnmgsmaa-33/ava/53835728/2611337/EMLt_anet_qa_ttle/ ------=_Part_63216956_518371092.1305251084243 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit
Linkedin GroupsMay 13, 2011
CSFI-CWD (CYBER WARFARE DIVISION)

Latest: Discussions (1)

New Discussions (1)

New NSCI whitepapers, interviews, etc. Comment or flag »

Started by Larry McKee, President & Owner, National Security Cyberspace Institute

Below are a few new items recently posted to our web site. Warm regards, Larry New Whitepapers ( www.nsci-va.org/whitepapers.htm...
More » By Larry McKee, President & Owner, National Security Cyberspace Institute

 

Don't want to receive email notifications? Adjust your message settings.

Stop inappropriate content the moment it is posted. Send me an email for each new discussion »

LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission. © 2011, LinkedIn Corporation.

 
------=_Part_63216956_518371092.1305251084243-- From - Sat May 21 19:22:18 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.1.107] (c-76-31-218-178.hsd1.tx.comcast.net [76.31.218.178]) by mx.google.com with ESMTPS id d17sm1191575ann.39.2011.05.12.17.17.05 (version=SSLv3 cipher=OTHER); Thu, 12 May 2011 17:17:05 -0700 (PDT) Message-ID: <4DCC7881.7050600@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Thu, 12 May 2011 19:17:05 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10 MIME-Version: 1.0 To: Andy CC: James Hunt Subject: Re: Testing grabbing payload References: <4DCC60B9.6070501@unveillance.com> <393070.71769.qm@web161808.mail.bf1.yahoo.com> In-Reply-To: <393070.71769.qm@web161808.mail.bf1.yahoo.com> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, it has to do with the encryption schema between the drone and c&c. This one was an IRC bot that was very chatty. We are seeing some amazing things. American Greetings in on Monday and the newly acquired domains are going to make the conversation all the more compelling for them. :) - Actually sleeping pretty well. Brandy in the last day of pregnancy was far worse than having Judy out and about with us. She is a great baby and barely cries - we are sooo lucky. Let's catch up soon. Best, Karim On 5/12/2011 7:05 PM, Andy wrote: > very interesting. > > So depending on how the bot variant is configured for a > sinkhole different kinds of payload data is sent? In future it could > be interesting to understand what kinds of payload data is attempting to > being transmitted by each variant without actively sending commands to > change what is being sent. > > How did that American Greetings call go or is that still being scheduled? > > > Getting much sleep at home yet. 8) I remeber those days all too well. > > ..Andy > > ------------------------------------------------------------------------ > *From:* Karim Hijazi Unveillance Email > *To:* Jim Hunt ; Andy Feinstein > *Sent:* Thu, May 12, 2011 6:35:37 PM > *Subject:* Testing grabbing payload > > Gentlemen, > > So... we can grab payload if needed at will with some of the sinkhole > traffic: > > [5:32:38 PM] Matt Thompson: Packet port 1863 [74] > 50 52 49 56 4D 53 47 20 23 6C 20 3A 5B 48 54 54 PRIVMSG #l :[HTT > 50 20 4C 6F 67 69 6E 5D 3A 20 46 61 63 65 62 6F P Login]: Facebo > 6F 6B 20 2D 3E 3E 20 6A 65 73 73 69 78 68 70 40 ok ->> jessixhp@ > 68 6F 74 6D 61 69 6C 2E 63 6F 6D 20 3A 20 77 61 hotmail.com > : wa > 6D 70 79 74 65 61 6D 6F 0D 0A mpyteamo..m : wa > [5:32:43 PM] Matt Thompson: want some facebook passwords? > > This was a trojan stealing someone's facebook login. You get the point. :) > > - -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iQEcBAEBAgAGBQJNzHiBAAoJEIk0Dw4U/G3lKJ4IANS2pCmj4riwZDtaDk2ajXu0 zA1z0I2h1Bixg+GcXhbmXmiDHCj9o0lwZHJOgKryLsm4uYorB8i4LNGB5PihrgUf aD8dUYrU4O+IneyUoSGasQEKZkF70FmdGOeCU2FkuvmZORdhx13lwbRZQBc1g7AQ V8RIpDF9GLrD8/t3f/64vsHVPBlb5MSgDEQBzBBoY/VNOv+OaKgW2bCNaYMRrt2D 90sBRZvr5uXpVv3HsMX0M17o88HCEzWFBGGPHe0ghxdFnrlRNFu8bmuly2uZvV4A U5lrrKEUHeW2jcw/AUOigyN2Cltm/oLNYBFkB8stDK1172INhCyXjCiVV8GYALY= =NXtW -----END PGP SIGNATURE----- From - Sat May 21 19:22:18 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from [192.168.1.107] (c-76-31-218-178.hsd1.tx.comcast.net [76.31.218.178]) by mx.google.com with ESMTPS id u9sm1197209anl.22.2011.05.12.17.21.24 (version=SSLv3 cipher=OTHER); Thu, 12 May 2011 17:21:25 -0700 (PDT) Message-ID: <4DCC7985.5080007@unveillance.com> Disposition-Notification-To: Karim Hijazi Unveillance Email Date: Thu, 12 May 2011 19:21:25 -0500 From: Karim Hijazi Unveillance Email Reply-To: khijazi@unveillance.com Organization: Unveillance User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10 MIME-Version: 1.0 To: Prabhat Kamat , Meaghan Molloy Subject: Thank you X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prabhat, Wanted to send you a quick thank you for quickly executing on the domains that Meg sent. We very much appreciate your efforts and already see some results. Looking forward to a long and prosperous relationship with you. Take care my friend. - -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iQEcBAEBAgAGBQJNzHmFAAoJEIk0Dw4U/G3lTrsH/j0S1oCxthui3fcjFlXow0W0 h/Wch3xzrNRmCJzfGMLuAQNSFs8StW8c5UCsafapMGVE0PEx/bIs4Lx3naArHrNn //GVmusmD7jQO5gl36FWsuGAAG27OrJP4pE8PftuNKL3aAE5m7bZ3Du639dHXpNm Kbao6m48wR26rLsf+XkR/3fVuYl4U1157ktyl1xn/Cd73l9GCWOt1Eemiy7OZaQy nUEP1fB4tZ9KSAl2XjktqH6C/FfUrvilQydJpdVhFcEb5eKkhxYEIusb0u8nuSE5 o3yyiZFDR9+RFerIkiK1hhUCy4ZZm/lLzWhJdk99ZV8b5SteWnSUMirDupjhog0= =qAVs -----END PGP SIGNATURE----- From - Sat May 21 19:22:18 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.224.61.4 with SMTP id r4cs254612qah; Thu, 12 May 2011 17:25:03 -0700 (PDT) Received: by 10.213.32.17 with SMTP id a17mr458788ebd.94.1305246303090; Thu, 12 May 2011 17:25:03 -0700 (PDT) Return-Path: Received: from imc04.pandasoftware.com (imc04.pandasoftware.com [91.216.218.75]) by mx.google.com with ESMTP id y3si3858638eeh.39.2011.05.12.17.25.02; Thu, 12 May 2011 17:25:03 -0700 (PDT) Received-SPF: pass (google.com: domain of pedro.bustamante@pandasecurity.com designates 91.216.218.75 as permitted sender) client-ip=91.216.218.75; Authentication-Results: mx.google.com; spf=pass (google.com: domain of pedro.bustamante@pandasecurity.com designates 91.216.218.75 as permitted sender) smtp.mail=pedro.bustamante@pandasecurity.com Received: from escorpexh06.pandasoftware.local (unknown [192.168.100.190]) by imc04.pandasoftware.com (Postfix) with ESMTP id 060521A4399 for ; Fri, 13 May 2011 02:25:01 +0200 (CEST) Received: from ESCORPEXH04.pandasoftware.local ([172.16.0.71]) by escorpexh06.pandasoftware.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 13 May 2011 02:25:00 +0200 Received: from ESMADEXH02.MADRID.PANDASOFTWARE.LOCAL ([172.21.1.13]) by ESCORPEXH04.pandasoftware.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 13 May 2011 02:25:00 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:calendarmessage MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CC1104.31368530" Subject: Aceptada: Invitation: Follow up conversation with Pedro (Panda Security) @ Mon May 16 3pm - 4pm (Pedro Bustamante) Date: Fri, 13 May 2011 02:24:53 +0200 Message-ID: <84ECAF53A2F0F045BD9B7FD0FC56A0BD1087E19F@ESMADEXH02.MADRID.PANDASOFTWARE.LOCAL> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Invitation: Follow up conversation with Pedro (Panda Security) @ Mon May 16 3pm - 4pm (Pedro Bustamante) thread-index: AcwQ8b2raYFPdoSTQ6mGdUVaY6wougAACsmQAASRR+A= From: "Pedro Bustamante Lopez-Chicheri" To: "Karim Hijazi" X-OriginalArrivalTime: 13 May 2011 00:25:00.0650 (UTC) FILETIME=[3230C4A0:01CC1104] X-GateDefender-Antispam: valid (score=0) This is a multi-part message in MIME format. ------_=_NextPart_001_01CC1104.31368530 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01CC1104.31368530 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01CC1104.31368530 Content-class: urn:content-classes:calendarmessage Content-Type: text/calendar; method=REPLY; name="meeting.ics" Content-Transfer-Encoding: 8bit BEGIN:VCALENDAR METHOD:REPLY PRODID:Microsoft CDO for Microsoft Exchange VERSION:2.0 BEGIN:VTIMEZONE TZID:(GMT+01.00) Sarajevo/Warsaw/Zagreb X-MICROSOFT-CDO-TZID:2 BEGIN:STANDARD DTSTART:16010101T030000 TZOFFSETFROM:+0200 TZOFFSETTO:+0100 RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=10;BYDAY=-1SU END:STANDARD BEGIN:DAYLIGHT DTSTART:16010101T020000 TZOFFSETFROM:+0100 TZOFFSETTO:+0200 RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=3;BYDAY=-1SU END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT DTSTAMP:20110512T221250Z DTSTART;TZID="(GMT+01.00) Sarajevo/Warsaw/Zagreb":20110516T210000 SUMMARY:Aceptada: Invitation: Follow up conversation with Pedro (Panda Secu rity) @ Mon May 16 3pm - 4pm (Pedro Bustamante) UID:poi41o4bnbki25d4v4ep27sns8@google.com ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=ACCEPTED;RSVP=TRUE;CN="Pedro Bustama nte Lopez-Chicheri":MAILTO:pedro.bustamante@pandasecurity.com ORGANIZER:MAILTO:khijazi@unveillance.com LOCATION:Telephone Call DTEND;TZID="(GMT+01.00) Sarajevo/Warsaw/Zagreb":20110516T220000 SEQUENCE:0 PRIORITY:5 CLASS: CREATED:20110513T002457Z LAST-MODIFIED:20110513T002459Z STATUS:TENTATIVE TRANSP:OPAQUE X-MICROSOFT-CDO-BUSYSTATUS:BUSY X-MICROSOFT-CDO-INSTTYPE:0 X-MICROSOFT-CDO-REPLYTIME:20110513T002453Z X-MICROSOFT-CDO-INTENDEDSTATUS:BUSY X-MICROSOFT-CDO-ALLDAYEVENT:FALSE X-MICROSOFT-CDO-IMPORTANCE:1 X-MICROSOFT-CDO-OWNERAPPTID:-1 X-MICROSOFT-CDO-APPT-SEQUENCE:0 X-MICROSOFT-CDO-ATTENDEE-CRITICAL-CHANGE:20110513T002453Z X-MICROSOFT-CDO-OWNER-CRITICAL-CHANGE:20110512T221250Z END:VEVENT END:VCALENDAR ------_=_NextPart_001_01CC1104.31368530--