lunes, 31 de julio de 2017

Bussines Oportunity: LeakVM !!!

Thinking about our product, I came up with a wonderful idea, you have a software company, you want to enter the security market without much effort, well I have the solution, LeakVM was created to do Pentest and Research for Android, this can be ported to platforms like iOS and IoT very easily; Remember before Windows was released to the market, IBM did not see any problem in accepting its terms, this is the same, you can make your company is in the forefront of all others, with the most advanced in the market, The easiest to use, even a person with almost zero security knowledge can use it, if you want, you can literally get all the pentesters in Android and security guys, probably this project make you win millions dollars, why ? Is very simple, LeakVM simplifies everything, the industry needs a product like this, right now.

LeakVM also has a management panel which allows you to have complete control of the current version, the whole web system was created from scratch, with security in mind, MiTM, CSFR, XSS, Sessions, Banning, Resellers and rewards, the system Whole is designed to ban anyone who tries to attack it, and all fields are validated with regular expressions and double validation
before being inserted into the database.

This discussion started 3 days ago on LinkedIn, some did not like my answer and that is why they banned my account (I always have backups of all my contacts), I personally close my other social accounts, not interested in my social networks, are fully of smoke, not just my normal followers, but this sites have more smoke, The real customers are on the internet, maybe for you not be so and respect your point, are different businesses.


If we annoyed so many people to try to block the launch and sale of LeakVM commercially, I know that I am doing something great, if this was not something important they would not have done it, they would simply have ignored my words, but they did the opposite gave it too much Importance, this reaffirms my beliefs, LeakVM can kick many asses.

I could sell this to the handly, this is not a problem, But the truth is that I'm just very good doing one thing, writing code, you may be better for business and have more patience than i when discussing with idiots. I personally review method by method, functionality by functionality of this project, having all possible attacks so that this was the best possible, of course there are magicians and ninjas in the code, that is why I wrote a very restrictive LICENSE.

If you are a good business man, you know what opportunity we are talking about, thousands of possible purchases, in a market totally saturated with bad practices, you will win without effort, to me personally I am only interested in money, this tired of people in general and serious Great not having to have to see them again
.

Now i developing the last part, the last security layer and the review of API class, and all be ready to sell, if you like hooking features i can add it too, you just have to negotiate, I'm literally offering you gold, you just have to wash it and sell it.

Literally this project was developed for not need support team and develop team, a single guy can maintain it by him self, on the future I can continue developing my another tools as TOP, if you are my follower you known what I talking about, but for now I need money, not just smoke as many people propose me.

Probably I am many things, but what I will never be a liar.


Sincerely: Luis Fernando Obando Velez (AKA Jheto Xekri)

viernes, 7 de julio de 2017

LeakVM will be published this month !!!

Research & Pentesting for Android, Run security tests instantly


Features:

  • Ptrace/ASLR/Yama Bypass
  • API for 3rd party projects
  • Linux common features
  • Dynamic library loading
  • SmartLock extraction
  • Private file extractor
  • KeyStore extraction
  • Advanced reflection
  • WebServices Engine
  • Privilege escalation
  • Core Observers
  • Library injection
  • OOP Bypass
  • Extensible
 
Support:

  • Android 4.4 to 6.0
  • Architectures Arm(32/64 bits), x86(32/64 bits)

Social Sites:
 
Twitter 
Github

miércoles, 22 de marzo de 2017

Xtreme Tech LLC: An Offensive Security Startup


Finally are finishing our first commercial product 'LeakVM', and be published under our company 'Xtreme Tech'.

LeakVM fast security test on Android, by skipping the time consuming build pentest laboratories, you test on real devices, do not need root your smartphone. LeakVM makes researchers and pentesters more productive since they can run test on real time and on real environments.

Our technology uses the same techniques used in criminal software, but in a controlled environment, you always have control over the SDK, our product, gives you a real approach against real malware and/or real attacks.

Current features:

  • Linux common features
  • Dynamic library loading
  • Native/VM library injection
  • Private file extractor
  • Privilege escalation
  • KeyStore extraction
  • Advanced reflection
  • Core Observers
  • Extensible

We are currently under development, in a short time LeakVM will be available to the public with 10 days Trial Free, you can test our Web Interface, and check our JavaDoc

Follow us on: TwitterLinkedIn, Facebook

jueves, 22 de diciembre de 2016

LeakVM: You team are ready for us ?


I be working hard for an long time on related projects: code transformation, reflexing, modify, remove, overwrite, hooking, injecting, bypass security, spy/crypt tech, oh well now i be very close to finish my first commercial version of LeakVM, on the next weeks i update info about, payment ways, documentation, code examples, SDK, etc.

Surely your team has a very important question, can everyone buy this? Yes absolutely everyone, we are not HackTeam, we sell our tools thinking on an good price, an price averyone can pay, there are no rules, it's the real world, The Free Market, no matter that they try to ban my accounts, I always will found how to trade this, we do not have stupid rules like in US or EU, simply our only rule is: you can pay it? 

LeakVM web interface

You team are ready for us ? LeakVM 

Insecure Cordova Banking App


This time i be exposes to: Davivienda Móvil, BANCO DAVIVIENDA S.A.

Which it has a number of serious security problems:

1-Insufficient Transport Layer Protection
2-Lack of Binary Protections
3-Insecure Local Storage
4-Broken Cryptography


This application allows cloning of credentials via VM Injection attacks, the company responsible for developing the app was "Todo1", too detect an insecure library developed by "Easy Solutions".

Details: BANCO DAVIVIENDA S.A.

GitHub: ExposingIndustryMediocrity

miércoles, 12 de octubre de 2016

The Untold Truth about Zeus Case



So many publications on the case were made, this gave around the world, still does.

A judge sentenced two hackers involved in the creation, maintenance, and marketing of the SpyEye financial botnet to a combined sentence of 24 years in prison, the US Department of Justice has announced today

Aleksandr Andreevich Panin, 27, from Russia, known online as Gribodemon and Harderman, received nine and a half years in prison, while his accomplice, Hamza Bendelladj, 27, from Algeria, known online as Bx1, got 15 years in jail.

The official documents say that:

The lawsuit names "John Does 1-39" which are described by their online monickers or "handles", many of which will be well known to anyone who has been researching Zeus:

JOHN DOES 1-39 D/B/A Slavik, Monstr, IOO, Nu11, nvidiag, zebra7753, lexa_Mef, gss, iceIX, Harderman, Gribodemon, Aqua, aquaSecond, it, percent, cp01, hct, xman, Pepsi, miami, miamibc, petr0vich, Mr. ICQ, Tank, tankist, Kusunagi, Noname, Lucky, Bashorg, Indep, Mask, Enx, Benny, Bentley, Denis Lubimov, MaDaGaSka, Vkontake, rfcid, parik, reronic, Daniel, bx1, Daniel Hamza, Danielbx1, jah, Jonni, jtk, Veggi Roma, D frank, duo, Admin2010, h4x0rdz, Donsft, mary.J555, susanneon, kainehabe, virus_e_2003, spaishp, sere.bro, muddem, mechan1zm, vlad.dimitrov, jheto2002, sector.exploits AND JabberZeus Crew CONTROLLING COMPUTER BOTNETS THEREBY INJURING PLAINTIFFS, AND THEIR CUSTOMERS AND MEMBERS.

All of the supporting legal documents can be found on the Microsoft-registered server: 
Summons.pdf

The Zeus malware also goes under the name Ice-IX and SpyEye. Microsoft said John Doe 1, who goes by the name Slavik, Monstr, IOO, and Nu11, is the creator. John Doe 2, aka zebra 7753, lexa_mef, gss, and iceIX, created a Zeus family member called Ice-IX, Microsoft said, and John Doe 3, aka Harderman and Gribodemon, created another family member called SpyEye, the complaint said.

John Doe 5, aka miami and miamibc, John Doe 9, aka Kusunagi, and John Doe 38, aka jheto2002, are other developers involved, writing "Web inject" code that gets the malware onto victims' computers, the complaint said. Some other defendants also were involved in developing the software.

John Doe 4, aka Aqua, aquaSecond, percent, cp01, and other aliases, recruits "money mules" whose job it is to travel to different countries to create bogus bank accounts into which victims' money is transferred. Several of the other John Does are these money mules. John Does 23 and 24, aka jtk and Veggi Roma, respectively, also recruited money mules, the lawsuit said.

My mistake was publish an link of my PoC without source code on Hackforums, now not remember the post, that is the Source Code

For years i searching info about that, why , why, why, Until both found on LinkedIn, "Jorge Mieres" an researcher, he knowns all about Zeus, the he told me that had spent much time researching and long after demand also, we talk more for months, he explained that, the research was done lightly, without a thorough analysis, without facts simply they wrote down on paper, any damn profile fit on that, the investigation was not serious, just fish in a jumbled barrel, he spoke with many people from Microsoft and thought the same, but everyone kept his mouth shut, criminals, protecting criminals i always say, you do wrong things, you not like be "catched", especially if your company is "Microsoft" trying to "catch" Banking Trojans criminals.

On this time i be really desperate, months without job, freelance, nothing, all people call me criminal, that was the shit, and continues today, on this times i "decide" be "an criminal", an write a lot of shit on Pastebin, saying good bye, Jasper Hamill , write an article on Forbes "A Hacker's Guide To Finding A Job"

On 2011 the Source Code of Zeus was published on Github that contains the Server Code

On this days i try to demand this guys for that, but all layers on my country only talk about of lot money to review my case, and more money to send that to the court, well i continue with my life, doing more "PoC's", doing more reversing, cheeking Apps, Libs, API, a lot of things, is a lot of bullshit on the head, on this time i meet security people on LinkedIn (Kandy, Bob, Jorge, Hernan, Mayur, Dave, Remo, Marnix, Dhamu, and more) and Twitter (Disassembler, Claus, Odisseus, maldevel, and more), they always try give me ideas to get job or make tools to sell, sharing post's, or this type of things, really good people, while everyone called me criminal they always try to help me.

But the top news never says they spoke lies about me, I was never part of a criminal network, Internet all the idiots believe that "you are a criminal".

Some days ago, again come back this mother fucker, and sent an inbox message:

8 Oct, 21:57 Request: Please tell me a little bit about yourself. I remember your name from the Zeus botnet matter that I was involved with. I would appreciate learning a bit more about you. Thanks, Gabe.

That explode on my mind, this guy not have shame, i'm not "involved with", you say more crap about me, but i remember the words of Kandy: You are gifted, not an criminal, be an legend; That is the reason of this post and all my PoC's and Tools.

All my Twitter, LinkedIn and Blogger followers knowns what i can do with the code, if i be criminal, i be fully of money, and would not be seeking employment and/or trying to create my own LLC Company.

For this reason i send an email to "Public Defender on California", telling him this story, oh well, if these guys do not get charges, the legal system in the US sucks and is criminal, plain and simple.

How i probe i not be an criminal simple, i found and report this vulnerabilities:

Android CitiBank Colombia
Android IPC Communication 

Android Third Party Validation
Android Amazon AWS SDK 

Android Parse SDK

Technicolor TC7300 Bad configuration
Windows Privilege Escalation

Too i develop this things to detect vulnerabilities and protect the data of the people.

VectorAttackScanner - VAS
E2EE (End To End Encryption, RSA2048 + AES256 + PBKDF2 + RSA Signature Verification)


Too the news say that:

Thanks to Alexander Knorr for the research, and Security Scorecard by publishing: The Calm Before the Mobile API Data Breach Storm
  
Thanks to Jeremy Wagstaff for the research, and Reuters by
publishing: 'Billions' of Records at Risk From Mobile App Data Flaw  



Too if you compare My code and Zeus code is another thing, You need to be a very big ignorant if try to compare my PoC with the code of Zeus.

Or well, if i be an criminal spreading "Zeus", where are my fucking thousands or millions dollars ?  The reality is if i not finish my new tool LeakVM on few months, literally "we be on the street". 

When you say on an legal case, "jheto2002 (Jheto Xekri - Me), are other developers involved, writing "Web inject" code that gets the malware onto victims'", you are affirming, you need
facts, you defame me, you do damage the my public image, you doing damages their mental health and tranquility, and utterly destroy job opportunities on software/security industry, and maybe more, this makes you a criminal by you acts and by you words, you are a liar.

miércoles, 28 de septiembre de 2016

Exposing the Colombian Industry Mediocrity




This time i be exposes to: CitiMobile CO, Citibank Colombia S.A

Which it has a number of serious security problems:

1-Insufficient Transport Layer Protection
2-Lack of Binary Protections
3-Insecure Local Storage
4-Broken Cryptography



This application allows cloning of credentials via MITM attacks, It is something really serious in a banking application.

Details: CityBank.CO


GitHub: ExposingIndustryMediocrity

miércoles, 3 de agosto de 2016

Transformation Oriented Programming (TOP)






For some time now I can not stop thinking about how this built our world (opcodes), developing Vector Attack Scanner and Dark Ether, I've seen this is as primordial matter, apparently are only actions for a processor, but this is like elementary particles , all together form our universe, meet each other to create more complex elements, if all the matter of our universe is created by frequency (M and String Theory), this is almost the same, I can not sleep of thinking in this, so I stopped a few things that was developing and testing it out in my free time, I think to finish this is more important, not how long it takes to write me, you maybe a few months or more, but it will be great fun to do, so it will not be more PoC's for a while, just the usual publications on Twitter and LinkedIn.

All this on the theory of Dark Ether has made me think about a paradigm: "Transformation Oriented Programming" when this is over is the'll show you, I know you will love it, this is no longer tries to find an 0day, or bypass something, is like not to see a world solid in three dimensions, it is like seeing formless, multidimensional to infinity, where all dimensions are one above the other, communicating among themselves, where everything can be what you want it to be, if know how to do it, it sounded crazy, but it's always the same, only the crazy people can create different things.

Thanks for reading me and send me emails.

sábado, 7 de mayo de 2016

Turning Android on an Cyber War Camp






Again we come back with the same problems of Android and Java; Serialization and methods unvalidated.


This time, our new security flaw, It allows us crashing applications, creating a permanent denial of service (DoS), if runs that, can crashing repeatedly, and stop application completely and indefinitely, too, this security issue affects all applications Android from version SDK 2.0 to 6+.


Well, the reason this happens is very simple: Each application has a different ClassLoader, which has classes of the core android and the current compiled APK, referenced by a DexClassLoader, and only that, not the other clasess compiled in other APK's.


It is really simple to send a Parcelable or Serializable to an application, service, methods, etc, if the application does not contain these classes simply crash (explodes), Well with this simple theory, just enough to find entry points to send these Parcelable and / or Serializable.


PoC preview


Github: MissileGuidedForAndroid

martes, 5 de abril de 2016

The truth behind "How to Hack an Election" CTR+C/CTR+V


The truths behind a strategy of black political campaign conducted by the white strategy, and the truth about the news behind bloomberg about how to hack an election this post I not taken 9 months of research just taken first hand experience before I begin denote that I am not a journalist I have no economic or political motivation in the following points, good taking into account that in the structure of the political campaign there are the following steps:
  • Know the context (social, socio-political, national ideological and cultural, socio-historical references knowledge of your opposition and factors against you, media factors)
  • inventory of resources (not only financial resources but moral support, social, community, etc ..)
  • Investigate (approach of social reality and country)
  • Define the objectives (Objectives image positioning, campaign structure, adequacy, work, segmentation of votes, acquisition targets votes. Etc ..)
  • Estimate the associated costs
  • Develop strategies field
  • Budget
  • To develop the message or campaign messages
  • constantly readjusting the strategy, message and plan (as in a business a campaign should not and should never have a work plan but rather a map which can lead to constant changes meet the requirements of objectives and others)
For within these structured steps of the political strategy (not only each campaign structure according to their vision and experience and advisors) for a campaign at any level, must take into account the trunk channel of technology.
 
The technology is where we communicate, where we create and store information to be processed, where information is transmitted and where the information is analyzed, are just some vertebral points using technology focused from a definition "facilitate" for an observer political. 

Well before resuming the structure and techniques that can be taken technological equipment experts black campaigns I want to make an Inca-foot in the post of Bloomberg [1] on the statements and clarify the following: 

1. Andres sepulveda never had $ 600,000 to hack anyone, how much the contract of social networking campaign to the Democratic Center works both Colombia and the 2 brothers was valued at approximately 713 million Colombian pesos by then in 2014 some 300,000 usd to run all (not just black campaign and share profits with his wife)
 
2. Andres never had direct relationship with candidates Enrique Peña Nieto in Mexico, Honduras Porfirio Lobo Sosa and Daniel Ortega Nicaragua or Venezuela carpiles enrique hugo chavez or opposition (please check the dates and times of travel passports, in any election works from home in Bogota while your customers are more than 3,000 kilometers nobody hires you today and all require physical interaction and counseling) else is to come by personal motivation.
 
2.1 The only possible serious relationship and rapprochement with the Democratic center - Alvaro Uribe and Oscar Ivan Zuluaga thanks to his wife who helped them with the contract and his friend Carlos escobar that if you had a closer contact with Alvaro Uribe.
 
2.2.- With this I want to make clear the misunderstanding and the granting of rights, experience and echos that is Andres in the news Bloomberg taken, that counted by the same Andres before being imprisoned and nothing to lose, he never he was in charge of anything related to direct interaction with political campaigns outside of Colombia and the democratic center.
 
2.3.- Andres Sepulveda and his brother (luis S.) They worked for small JJ Rendón in Bogota in office has about the T-zone as web designers which Andres was responsible for the programming part and his brother part design and promotion twitter and facebook, which corroborates the same JJRendon in the interview findings on CNN
 
2.4 Another point I never said publicly is that mind Previous statements and motivations sustained by a person as a drug addict and inebriated at the time andres that was free in 2014 during the campaign and first weeks of his capture as an organ General Prosecutor's Office [FGN] Colombian taken as true multiple statements and changes of stories knowing that their problems with drugs and during the initial process of jailing their withdrawal problems that remained secret several trips llevaro by the CTI the FGN to hospital for treatment, that should itself be enough to knock down any iota of truth to be taken as the basis of tests for other cases currently being carried against members of buggly cases of the operation of the army of Colombia and as current motif 2016 please press media do not take a person who wants to become a kind "Kevin Mitnick" no evidence livelihood and only for pure media story, not become famous for the simple fact of making a sporadic readers, is already quite unfortunate that google appear several searches.
 
2.5.- also part of the article there are contradictions such as a journalist bloomberg I was delayed 9 months to find evidence to support the story if Andres Sepulveda himself in the story says that he participated but erased all at the end and destroy all evidence in the purest style series of hacking MR Robot (with microwave and other techniques) and as such an article of this type of "claim" to believe in just one word of a prisoner who still has 8 years jail.
 
2.6.- Especially you can see that nothing more motivation to start the news is attack against Enrique Peña Nieto of Mexico osea the interview is hacking the elections and tear of mexico should not attempt to that of Colombia ?, ami that causes me some media populism want to focus on emphasizing the damage to the current presidency of Mexico.
 
I want to emphasize and make it clear here and now and avoid false comments, I personally never and had direct connection with any Mexican politician, I have had no direct relationship with anyone from the presidency current mexico or past and that my views are totally impartial and unmotivated economic or any policies on Mexican appreciation and cash from the experience of having been in the campaign with Andres Sepulveda.
 
Also said by the editors themselves of the news leave a reply to my email I try to tell them they are misrepresenting the news (which incidentally are not the only means they have tried to get some information from the case with this and will be more than 20 media that try to contact with me to get the story told from another point of view since starting this, but in the end after all end up diverting to their own interests the news and misrepresenting the echos with professional manipulations) who tried to get in contact with other sources of history and I think it not become clear is that Andres never did anything real hacking (otherwise are illegal with the purchase and handling of classified information, use of tools interception or other actions if they are punishable by the law)
 
(Which is e-mail from one of the editors and researchers of the famous news Confessions of a political hacker)

 
"Which must be taken into account is that producing or designing a weapon is not illegal but kill someone with that weapon if it is illegal," that in any law contemplated fine, and the simple fact of designing and building fire tools or of electronic warfare is not a crime, in some jurisdictions prolonged possession whether it may constitute a crime only as explanatory note, retaking Andres has no experience and design knowledge or advanced techniques of political intelligence which is why we hired people who alleged mind in article collaborated with a group of hackers, i want to clarify that too:
 
1. No one paid them worked with for making a timely work results. (Hacker groups and individual computer security experts)
 
2. In many cases or payment! stealing time and work to real experts in computer security.
 
3. In this case both work smear campaigns Mexico, Venezuela allegedly participated and run as a graphic web designer, Andres S. leave without paying the work of others (not of the eye) as well as part of I work in Colombia leaving debts more than 13,000,000 pesos that never pay several members of different groups and individuals. (The names of other individuals and groups are not publicly be equipped with confidentiality and have no relation with me us.)
 
3.1 I do not understand is how dare you use the name of those people if not even I pay them for services, I am evil person including our team work itself in Colombia for the campaign of the democratic center and uses its experiences to earn a name in the interview bloomberg, that's a clear lack of moral.
 
4. Another issue is that social networking accounts and accounts and software development, to make clear in that office in Excel files where information from all accounts was there were never more than 3,000 twitter accounts impossible to manage and refine many accounts to look real with so few people, in both cases the software that advertises in the interview bloomberg here are the links, software twitter that certainly for updates api does not work and the hunter an iPhone application connected to a server to classify pictures and warn of potential criminals so they are not top secret applications were published in 2014 and now in 2016 come to be like super tools come Take "a beer and keep calm."
Current motivations of Andres S. apart from a possible financial contribution which I doubt, is the motivation for fame and possible false image at the end of eight years more in prison missing.
Do not fall into that readers deception, people who are really expert in these issues of security at its 99% prefer anonymity and has much more experience than only develop in PHP (programming language) or some websites, also generally for perform tasks of political intelligence it is a team of people can not do everything with just one person.
 

 
Returning to the subject of the truths behind hacking a choice, want to say that we do not live in Wonderland (which plenty of comment but for people to read it you remember) this is the real world, where economic powers financed certain people who believe they can build or enhance their positions or their business by acquiring a published in the government position, no one today gives nothing less thousands or millions of dollars and in countries where candidates must not only be played with those requirements of economic forces but of social problems such as crime, illegal drug trade, armed groups, lack of legislative and even countries with large natural resources, huge international doubts and outside interests, is why we must take intelligence techniques to that such persons are visible from the political pyramid are well prepared and trained against any issue that may pose a public doubt. (Knowledge is power potential)
 
Well some of the works that are made during political campaigns that help make key decisions:
 
From the point of view of social media campaigns or social Manager's their work lies in promoting news and make as much as possible between supporters and followers not see, but from the point of view of black campaign for social networks:
 
1. Classification of profiles opposition.
 

2. Monitoring profiles opposition.
 

3. By utilization multiple social networking profiles ask to block certain topics or accounts
 

4. Design news coming from confidential or sensitive information that harms the image of the opposition candidate recalling certain previous positions of the past.
 

5. Identify the "key-connectors" on social networks by RT or the like or share the news on their profiles can reach more people without the need for greater economic investment.
 

6. Generate studies social networks to shape hot topics (many of these tools are publicly accessible at low cost)
 

7. In 2014 certain app like whatsapp allowed the mass of messages sent without bans spam today is more complicated by the restrictions but also WhatsApp and Telegram used for the distribution of news is more expensive simply mind-operational use software to pass those controls spam using python
 

8. Verification news against opposition political meetings, internal use of photos of those attending closed Meetings are public meetings or open space use of satellite pictures for measuring gauging (which incidentally are a complication point a camera to more than 10,000 meters on demand)
 
But not only it will end there other techniques to other offensive stages are:
 
1. For stage during the previous campaign using DDoS attacks to websites (news minimize other opponents and maximize your own visualizations using anti-DDoS services)
 

1.1.- Possible brute force to access post on platforms like zimbra, cpanel etc ..
 
2. Using Client side exploits are the most economical to use to access the networks of headquarters of opposition parties with the help of social engineering and have back-channels to extract information about meetings, agendas and possible speeches.
 
3. Use especially human intelligence to acquire information that can assist in campaign issues.
 
4. Using TOR Networks to avoid trace-back of the IP in countries outside the USA.
 
5. To support real-time campaign strategies through rapid adaptation strategies and field layouts
 
6. Support and acquisition of information to provide information to fill in web pages on information candidates are publicized by the White campaign (this allows the voter information so profiled and publishing contacts / relationships with drug traffickers or scams or shady dealings that opposition candidate and all his assistants an opposition could have) for the undecided voter awareness makeup.
 
7. Development of software auto-filling online surveys that benefits your party (if 101% of the surveys are modified and arranged) also using point 4
 
8. Acquisition of information socio-political issues (eg in the case of Colombia to acquire information on the FARC that we only had intelligence organizations and publicly make available information to inform the voter).
 
9. Development and software implementation of psycho-demographic profiling based on records and online social metadata to outline socio-cultural, political people accessing facebook, news media and others as well as geo-positioning thereof all focused on the use of hot indecisive maps and oppositional people. (all this is done by using advanced artificial intelligence models), everything can be done with python, javascript, apache Thrift and social networking APIs.
 
The following graphic is an example for a single analysis of a single person from our previous experiences, to extract political orientations by api'sy profiled to cross the magic of artificial intelligence
This can be used without the need to ask the people who will vote because that usually lie to avoid are lists of population censuses.

 
10. Now in 2016 can be used easily dron's but previously had to use a little more rudimentary techniques for games that are not presently in the government and want to present to gain positions in government using software as Osmocombb or sniffers GSM for monitoring the transmission power of other bts in public places and avoid briefcases and interception of GSM communications on cellular candidates. (Currently you can do in android without using hardware and protect the mobile device)
 
11. Another thing if the candidate you support is already in the government and reelect be clear utilize intelligence if the intelligence service has a direct dependence of the executive body, will be used (tracking, purchasing information and other practices with use of reserved budgets)
 
12. Be prepared for possible leaks of information from within your campaign and how to react to that to identify who was then out (work as part of campaign management) and how to prepare a reaction to the exposed confidential information
 
13. It is likely that if the white campaign has no knowledge the black part have to use techniques of big data to process the material presented (which has nothing wrong with that) but always work computer experts they are taken as you can do anything, it is as if your campaign is your friend white and black campaign is the computer within the company whenever the computer is asked everything from clean usb antler access accounts facebook's of lovers and print documents (good because it is a real abstraction of what happens with steroids;))
referring to one of the most controversial political consultants and more experienced in latin america, cutting one of his presentations
 
The information at the right time is the key this does not happen to be in a chair waiting !!
 
Well this does not end here from the point of view of cyber defense campaign does not end here other mini-jobs that run for:
 
1. Teach people with technical knowledge 0 as political advisors and properly use data encryption technologies.
 

2. Provide training in the proper use of technologies to exchange information
 

2.1 Raising awareness in using apps like Wickr, secure phone, cell phone encrypt, Review HTTPS urls, good use practices iPhone and Android, training phishing techniques that can undergo to avoid them.
 

3. Implement firewalls, IDS, Active Directory correctly (if no one uses freebsd clear DA or Slackware for an office in a political campaign)
 

4. Monitoring network (usually through the logs or monitor perimeter devices
 

5. Train all the supporters directly working at the headquarters of the campaigns in the proper use of emails (although it is impossible but the dome advisers or candidates end up using technologies like PGP or e sure if an had business and technology consultants correct)
 
This not only end here plus everything you do you have to present periodically in the most readable way possible (if a 12 year old does not understand then for them is like you're not doing anything), and attend meetings emergency they call you.
 
Also it does not end and the completion of the voting concluded and the public results that come from the official body responsible count are known, not for nothing there you still have a bit more work identifying formats voting records public to download them all , store them in a NAS and develop software to identify potential fraud counts votes in minutes with the format chosen by the official organ of the elections.
  • Here at this point you encounter various difficulties
     
    1. There are hundreds of thousands of records per province or department and never ending climb all.
     
    2. Generally they are handwritten in countries that no electronic voting and electronic file (or in cases like Venezuela are disabled by unknown errors polling).
     
    3. Sometimes they choose people who can not add up! if it becomes the proceedings on March 1 in 8 and 1 in 7 things that certainly missed that class in school;) and the sums sometimes coincide it never is where the fraud lies, yes sir that day a person you may be entitled university forgets to add.
     
    4. The calligraphy of people who choose some sides are able to convert a 9 votes from the other party on a 0 to have as you explain that to your recognition algorithm clusters of pixels to get a number on Database for calculating fraud on mathematical errors in the minutes.
     
    5. Today is easier with the proliferation of artificial intelligence service trained as microsoft or google IA IA Tensorflow or amazon or others who have training algorithms that facilitate deepmind today adequacy image identification for electoral records and identification of fraud, but before the old software school was used as imagemagick with a good hand bash and python and connectors to NAS on NTFS systems (232-1 (4,294,967,295)) for you maximize the amount of clippings minutes in a single folder you can store for heavy-duty cutting images (threads) change of format and quality and then train brute force cases of minutes.
     
    6. Search for citizens' reports of fraud today is easier using cell high-resolution cameras on social networks.

    Well this is a summary of some of the most critical things that are done before, during and after from the computer technology of information operations, not counting techniques reaction to attacks by opponents and other areas of the political campaign as consultancies image, political marketing, political science, develop videos, meetings and other things that happen during the campaign and there comes the experience and making decisions that are added work.
"All you have to do for the information and protection of information in the political campaign in key moments where the future of a country and its history is decided next" ¨
Original article: La verdad detrás de "Cómo Hackear una Elección"

Article by: Rafael Revert

Translation: by Google, sorry guys is a long text, xD.