Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security The Military

Pentagon Hid Magnitude of Data Loss From Recent Breach 218

blueton tips us to a brief story about recent revelations from the Pentagon which indicate that the attack on their computer network in June 2007 was more serious than they originally claimed. A DoD official recently remarked that the hackers were able to obtain an "amazing amount" of data. We previously discussed rumors that the Chinese People's Liberation Army was behind the attack. CNN has an article about Chinese hackers who claim to have successfully stolen information from the Pentagon. Quoting Ars Technica: "The intrusion was first detected during an IT restructuring that was underway at the time. By the time it was detected, malicious code had been in the system for at least two months, and was propagating via a known Windows exploit. The bug spread itself by e-mailing malicious payloads from one system on the network to another."
This discussion has been archived. No new comments can be posted.

Pentagon Hid Magnitude of Data Loss From Recent Breach

Comments Filter:
  • by urcreepyneighbor ( 1171755 ) on Saturday March 08, 2008 @12:21AM (#22684634)

    was propagating via a known Windows exploit.
    DARPA may want to rethink funding [news.com] OpenBSD. :)

    The DoD doesn't need Windows, we need bunkers.
    • by NeverVotedBush ( 1041088 ) on Saturday March 08, 2008 @12:29AM (#22684670)
      It's to the point that you would think Microsoft itself would take an interest just for patriotic reasons.

      It's also apparently to the point that the US government ought to consider dropping Windows entirely.

      That, or maybe we should all just set our login names to Bejing and the password to China. Just let them have the run of anything we have of value.

      Running Windows just slows them down a little. A very little.
      • Comment removed (Score:5, Insightful)

        by account_deleted ( 4530225 ) on Saturday March 08, 2008 @12:59AM (#22684856)
        Comment removed based on user account deletion
        • The Pentagon should take the CIA approach to a secured Windows computer: a single Windows computer in a locked room with no network connections to any other computer.

          Besides, everyone knows that folks at the Pentagon uses Windows computers to play minesweeper.
        • by SethJohnson ( 112166 ) on Saturday March 08, 2008 @01:31AM (#22684976) Homepage Journal


          2) Decent firewall alerting you to connections to chinese IP space,

          Duhh.. these guys weren't amateurs. They wouldn't have been communicating directly with the compromised hosts. There'd be like three or more hops of compromised boxes between them and the Pentagon. Not to mention that the intrusion might have originally been thanks to a viral botnet where the controllers recognized some interesting IPs within their herd. Then used the command-control structure to issue specific commands to those boxes to further infiltrate the Pentagon. Probably was always outbound connections uploading data and grabbing new marching orders (encrypted in both cases).

          Seth
          • Comment removed based on user account deletion
            • Re: (Score:3, Insightful)

              by yuna49 ( 905461 )
              I don't know of any large Chinese controlled botnets

              Why would you? I doubt they'd be out selling access to their network to spammers. We're talking about military espionage here after all.
          • You are right about that point but all the others he made are still valid. No way should this thing have been on the network for over two months without being detected. Considering this is the pentagon we are talking about here it should have been detected immediately. Hell snort would have picked up on it in seconds. I do not think they are script kiddies either but a node firing email trojan payloads as this suggest is damn trivial to detect.
        • Re: (Score:2, Interesting)

          by NotBorg ( 829820 ) *

          1) Intrusion Detection Software 2) Decent firewall alerting you to connections to chinese IP space, 3) network anomaly detection software

          When did these things start coming with Windows? Not even server editions of Windows come with that stuff. However, I can think of a competing OS that does ship with these wonderful things.

          4) patching your damn boxes!

          Sure thing. I'm not going to say heads shouldn't have already rolled over there at the DOD IT Department Department. Heck, even the idiotic users s

          • by Splab ( 574204 ) on Saturday March 08, 2008 @05:44AM (#22685728)
            You forgot to blame Canada.
          • Re: (Score:3, Interesting)

            by Vancorps ( 746090 )

            With the firewall exception Windows does some with the IDS you are referring to. Network monitoring is deeply ingrained and has no trouble reporting to a syslog server. The problem is the effort it takes to setup a proper IDS so that it doesn't overwhelm you with false-positives which is really the same with any IDS package. Microsoft likes the basic approach that comes with Windows and then the advanced approach they get through their Operations Manager software. Of course now it's being rolled and merged

        • Broken management (Score:4, Insightful)

          by canuck57 ( 662392 ) on Saturday March 08, 2008 @09:50AM (#22686432)

          Their network admins should be fired on the spot, that's ridiculous.

          Yes it is ridiculous and someone should be fired.

          But why does everyone go after the grunts and not the department heads? After all it is the department heads to allocate the money and resources to do such things as watch the network.

          The local admin might be over worked, under trained, understaffed and no hardware to accomplish this task. Don't be so quick to pounce on the network person. This is a management issue pure an simple.

          • Much could be done as indicated by many here on /.

            DoD has bought into Alpha-security (A-Sec). A-Sec is when all things are controlled by being identical or bunker-consolidated.

            It is like a single point of failure looking for a place to happen. Someone once told me (or I read) about the blackberry network with one or two critical nodes (points of failure/attack/access). MS-products on most all DoD desktops is another single node. Server/Network help-desk-script Admin is another node. Things done the same way
            • Now the most interesting thing about this case, is during the whole episode, all internet connections between the US and overseas where being monitored by the NSA. Did no alarm bells go off when all this data was going from the US to China regardless of the intermediaries. So what exactly was the NSA monitoring, obviously nothing with regard to national security or military intelligence material or even information on military hardware.

              It really does make what the NSA were doing look very suspicious and s

        • Re: (Score:2, Informative)

          Don't forget to mention some kinda overall consistency. Doesn't matter if half your network is as impenetrable as your high school crush when the other half is as easy as her slutty best friend.

          ~Jarik
        • by dbIII ( 701233 )
          That is like blaming those that take the bribe and excusing those who offer them of all blame.

          Now that I think about it this may not just be an analogy.

        • Re: (Score:3, Insightful)

          by Deanalator ( 806515 )
          How about you try and find an admin that has a decent understanding of security that will work for 40k. I have actually looked at working security for some government facilities, but I can make 2 or 3 times as much working in industry. Maybe if they cut down a bit on the ridiculously overpriced contracts, they would be able to pay their in house people decent wages.
      • Perhaps you should tell it to your congress critter what inhabits the Armed Services committee and also takes the campaign dollars from Microsoft (employees only to be sure), and forces the pentagon to use the good patriotic software. Oh and are you gonna be the one to tell the general that if he does not understand how to drag and drop with the "pointer thingy" he can't have access to secure data. :D

        Thumbin on the tubes, waitin for a truck... full of email.
        • Oh and are you gonna be the one to tell the general that if he does not understand how to drag and drop with the "pointer thingy" he can't have access to secure data. :D
          You mean like this one

          Rear Admiral Grace Murray Hopper (December 9, 1906 - January 1, 1992) was an American computer scientist and United States Navy officer. A pioneer in the field, she was one of the first programmers of the Harvard Mark I calculator, and she developed the first compiler for a computer programming language.[1] Because of t

    • Re: (Score:3, Interesting)

      If they let their security be compromised via a KNOWN exploit, I don't see that they'll have much luck with other systems than windows, either...
  • Hmm... (Score:4, Funny)

    by calebt3 ( 1098475 ) on Saturday March 08, 2008 @12:23AM (#22684650)
    So they snuck in through broken Windows?
  • by unassimilatible ( 225662 ) on Saturday March 08, 2008 @12:29AM (#22684674) Journal
    I guess the standard and proper response to espionage would be to publicly confirm the value of the intelligence to the Chinese?

    What is it with you people? Is there no such thing as a state secret anymore? Should the Pentagon just list all its secrets on its Web site and get it over with? Let's just post all the targeting information, launch codes, encryption keys, advanced weapons and defense systems. etc. Let's just post it all on .mil in the interest of openness.

    Not everything is a scandal folks! Nothing to see here, move along.

    • by jo42 ( 227475 ) on Saturday March 08, 2008 @12:38AM (#22684738) Homepage

      Nothing to see here, move along.
      "Military Intelligence At Work" springs to mind...
    • Let's just post all the targeting information, launch codes, encryption keys, advanced weapons and defense systems. etc. Let's just post it all on .mil in the interest of openness.

      Well, the Air Force did send that stuff to mildenhall.com [slashdot.org] ... that's close to .mil, right?

      Well, close enough for government work, evidently.

    • No "state secrets" were lost. If something is "secret", then it's "classified". If it's classified, then it isn't being stored on a system that has access to the internet, directly or indirectly. According to the article, (yes, I read it...) there was some sensative information lost. This is not going to be launch codes or anything that's even remotely that valuable. I'm not saying it's no big deal, I'm saying that it's not nearly as big a deal as you're trying to make it out to be.
      • A government agency that had the foresight and intelligence to place their classified material only on systems that had no access to the outside world would also be one that didn't run un-patched windows boxes and could tell when they were compromised long before days, weeks, and especially months passed.

        I have no such confidence that there wasn't at least a little classified data on the compromised machines, given the gross incompetence shown here by the Pentagon. Remember this is the same agency that h

      • Many of these systems would be communications between DOD and weapons builders. No doubt that there is more than just idiot chit-chat that was in the email. It would include a number of details of our new weapons. Now, it may not include full specs, but in parts, it speak about various aspect of it. Once spoken about that, allows others to try and guess. They will try to guess how to duplicate AND how to defend against it. Worse, it may speak of known weaknesses that we have. Perhaps china finds out that th
      • by Svartalf ( 2997 )
        Considering that classified info has been leaked from systems that shouldn't have had them on there in the past, I would be...hesitant...to make such
        a bold claim. What is supposed to be done and what ends up happening with information happens to be two radically differing things at times.

        Just because it's only supposed to be on trusted systems doesn't mean it stays on them or that people strictly follow the rules
        because the rules are oftentimes very constraining and they're in a hurry, etc.
  • Not stolen! (Score:5, Funny)

    by Subm ( 79417 ) on Saturday March 08, 2008 @12:30AM (#22684680)
    This is Slashdot. The data wasn't stolen. It was copyright infringed.

    When will everyone learn the difference?

    The solution is obvious: sic the Mafiaa on the attackers.
    • The solution is obvious: sic the Mafiaa on the attackers

      That didn't work when the US tried it on Castro. (But the mafiosi DID laugh all the way to the bank.)

      The Mafia is very overrated as a tool for governmental clandestine activities.

      They're CROOKS! DEAL with it!
      • It wasn't bad in WWII, from what I've heard.
    • Re: (Score:3, Funny)

      by siddesu ( 698447 )
      You're so _obviously_ new here. US government data isn't copyrighted.
  • by onefriedrice ( 1171917 ) on Saturday March 08, 2008 @12:32AM (#22684698)
    In all seriousness, if it was a Windows exploit that had been known for months, there should have also been a fix I would think. So is the Pentagon not installing their security updates or what? This is ridiculous.
    • by r00t ( 33219 ) on Saturday March 08, 2008 @12:41AM (#22684752) Journal
      Sysadmins must apply patches IF AND ONLY IF they are army approved.

      Sounds decent so far, hmmm?

      The army has some committee that regularly decides which patches to approve.

      Still not too bad, hmmm?

      The committee approves patches for things that are being actively exploited.

      Ponder that one for a moment. It means that every security hole will be exploitable on the army networks. Every security hole gets a chance, since "not exploited yet" means "not a problem".

  • by NeverVotedBush ( 1041088 ) on Saturday March 08, 2008 @12:35AM (#22684712)
    OK, all you government workers - especially those in the military, CIA, or NSA that are running Windows on open networks.

    Compose a few Microsoft Word documents about a planned nuclear attack on Beijing on the opening day of their olympics. Make it sound nice and juicy, say a few things about ICBMs, nuclear submarines just off their coastline. Mention the proposed megatons and expected damage. Talk about a free Taiwan

    Let them chew on that.
  • We're paying the Pentagon and the spy agencies over $500 BILLION a year. That's well over $3 TRILLION spent "protecting" us since the 9/11/2001 "wakeup call" that should have told us national security isn't merely a big army. The Vietnam War cost "only" about $600B, during the height of the Cold War.

    Feel safer?
    • by Adambomb ( 118938 ) on Saturday March 08, 2008 @12:56AM (#22684842) Journal
      While i agree with your overall point, those are relatively poor metrics to base it on.

      The vietnam war cost 600B$USD considering 1968 USD.

      If you consider inflation based on the first inflation calculator google link that I clicked [westegg.com], plugging in 600B$ from 1968 yields:

      What cost $600000000000 in 1968 would cost $3688102617038.20 in 2007.

      thats 3.68 trillion in north american terms no?
      • by Doc Ruby ( 173196 ) on Saturday March 08, 2008 @09:17AM (#22686330) Homepage Journal
        No, you're wrong.

        The Vietnam cost of $600B is in 2005 dollars [fpif.org]. Using your calculator, that's already over $653B.

        Iraq alone has already cost more than that, well over $700B.

        And if you're interested in using a calculator, look into the fact that at least 80% of Iraq's cost is borrowed money, which (at typical 30 year Treasury bond rates) costs 155%. So that's already going to cost well over $1 TRILLION. And that's just Iraq, which has made us a lot more threatened.

        Feel safer?
        • by dbIII ( 701233 ) on Saturday March 08, 2008 @11:44AM (#22686976)
          Bah! Have 300 Euros. That should about cover it next week.
  • All joking aside (Score:3, Insightful)

    by Maxo-Texas ( 864189 ) on Saturday March 08, 2008 @12:39AM (#22684744)
    I think it is time for any signifcant secrets to be inside a separate network with a different operating system-- and one that is built from the ground up to be secure from buffer over run attacks and similar performance enhancing flaws.
    • Could the "compromised" data have actually been Honeypot data? http://en.wikipedia.org/wiki/Honeypot_(computing) [wikipedia.org]

      I am not an admin, but I recall working at a tech company whose admin operated a very realistic Honeypot setup complete with changing scripts that generated bogus logfiles and scripted users that logged in and out of several "windows boxes" running in VMs off an otherwise unused server (with no real data and not on the same network as the real servers).
      He said it served as a canary in the coa
    • it is (Score:4, Interesting)

      by Quadraginta ( 902985 ) on Saturday March 08, 2008 @02:40AM (#22685164)
      Twenty thousand people work in the Pentagon, the bulk of them secretaries, flunkies, gophers, paper pushers and form filers. They have, naturally, a plain old typical big business e-mail system for sending memos back and forth about whether the proper signatures have been affixed to form eight six four nine nine stroke seven aitch. This is what got hacked. To the extent "sensitive" data was compromised, it would be stuff like the Assistant Associate Deputy Secretary's daily conference call schedule, which is "sensitive" in the sense that in the remote chance that someone wants to assassinate him they'd find such data mildly useful.

      There is of course also a serious network of computers at the Pentagon which handles serious military secrets. It doesn't run Windows. It isn't physically connected to the Internet. The Chinese can't touch it.

      This is a silly FUD nonstory. There's no reason for the Pentagon to treat random secretarial computers with the same attention to security as they give classified computers. It would be very expensive, and my taxes are high enough already, thank you.
      • Re: (Score:3, Interesting)

        by hughk ( 248126 )
        Yes there is NIPRNET and SIPRNET, with one for the unclassified stuff and the other for classified. Funny thing is that the mildenhall.com incident demonstrated that secret data not only goes out on the public Internet (this should only happen through secure tunnels), it can end up outside the military altogether.
  • Poem (Score:5, Funny)

    by Anonymous Coward on Saturday March 08, 2008 @12:41AM (#22684754)
    Me Chinese,
    Exploit SOCKS
    Me Put Malware
    On Your Box

    Me Chinese,
    Go To Town,
    Me Pull Fast,
    Your Data Down

    Me Chinese,
    Make Cheap Shoe
    Take You Secrets
    Laugh At You

    Me Chinese
    Let You Think
    Here You Go
    Bring You Drink

    Me Chinese,
    Me Play Joke
    Me Put Pee-Pee
    In Your Coke
  • by AHuxley ( 892839 ) on Saturday March 08, 2008 @12:48AM (#22684794) Journal
    Gary McKinnon is accused of cracking into 97 United States military and NASA computers in 2001 and 2002.
    He talked of blank MS passwords and using a tiny Perl script.
    So maybe you do not crack or hack MS Pentagon computers but just surf on in.

    http://news.bbc.co.uk/2/hi/programmes/click_online/4977134.stm [bbc.co.uk]

    You know, one time we had a box DoS, for 12 hours. When it was all over, I walked up. We didn't find one of 'em, not one stinkin' Asian ip.
    The smell, you know that Microsoft smell, the whole box. Smelled like... owned.
  • by Lovat ( 1248352 ) on Saturday March 08, 2008 @12:52AM (#22684820) Journal
    Is it one Microsoft hasn't patched? Was it on Vista or XP or 2000? Was it something that could have been prevented by system or user settings? Why was Outlook not switched to plaintext only to prevent malicious code from propagating?

    This sounds more like an inept IT department than anything, and considering government pay grades if you aren't in _the_ top tier it wouldn't surprise me if that was the case really.

    And to all you anti-Windows pro-Linux guys: How many groups of hackers does your OS have dedicated to breaking it? Microsoft damn sure has its flaws and issues, but most Windows exploits are found simply because Windows is _everywhere_ in the real world.

    There is a reason NTFS was number two on the Slashdot FS poll, and it isn't because Windows and everything associated with it is total garbage. The 'open source attitude' is supposed to be about choice and sharing, not about elitism.

    Sure, the default settings on Linux are more secure than on Windows. Linux is also not designed with the common man in mind. You shouldn't be surprised, especially IT guys, with how much of the problems with Windows are because of the marketing department rather than the actual coders. If the recent internal e-mails can't show that to you (what with the majority of the company bitching about how bad Vista was and how it shouldn't be released) then you are going through life blind.

    Oh and yes, I use both Linux and Windows. Both have their uses. You don't throw out a screw driver when you get a power drill, and you don't throw out a ruler when you get a tape measure.
    • by causality ( 777677 ) on Saturday March 08, 2008 @01:23AM (#22684946)

      The 'open source attitude' is supposed to be about choice and sharing, not about elitism.

      Choice alone isn't very useful unless you make an effort to make good choices.

      ............

      Sure, the default settings on Linux are more secure than on Windows. Linux is also not designed with the common man in mind. You shouldn't be surprised, especially IT guys, with how much of the problems with Windows are because of the marketing department rather than the actual coders.

      To the attacker trying to break into your systems, it really doesn't matter whether the security weaknesses were caused by marketing, the coders, or whatever, so I am not sure what your point is. What I can say is that what it looks like is a weak apology for Microsoft's poor security history. At any rate, as you indicated, marketing departments do not security make. You just gave a good reason why Windows would be a poor choice in a context where, presumably, security really matters. Therefore, the two are not on equal ground in this case. It is certainly not "elitist" to say that Linux would have been a superior choice (though probably OpenBSD would have been better still). Especially not when professional IT staff are not the "common man".

      Even if the client machines must use Windows, the servers hosting the sensitive data certainly do not need to use it. The wrong tool was used for the job; there is nothing "elitist" about it.
  • by Profane MuthaFucka ( 574406 ) <busheatskok@gmail.com> on Saturday March 08, 2008 @12:55AM (#22684836) Homepage Journal
    It's not the Chinese People's Liberation Army. It's the People's Liberation Army of China. The Chinese People's Liberation Army is a bunch of wankers.
  • Two months to catch a bug that is transmitting itself as a malicious payload
    on the network?

    What do you want to bet that their security manager has a phd and worth
    every penny he makes.
  • simple question... (Score:4, Insightful)

    by skydude_20 ( 307538 ) on Saturday March 08, 2008 @01:03AM (#22684866) Journal
    why the hell is any DoD network connected to the Internet????
    • Well, duh! It's so the workers can use VPN (PPTP).
    • Re: (Score:3, Funny)

      by reaktor ( 949798 )
      Youtube?
    • Re: (Score:2, Informative)

      by glitch23 ( 557124 )

      why the hell is any DoD network connected to the Internet????

      On the surface, it does sound crazy, however in the technologically connected world we live in even secure networks must be connected to inherently insecure networks. Of course, those "secure" networks aren't so secure anymore and that's where IDSs/IPSs, firewalls, etc. come into play. The DoD must be able to communicate with DHS- and DOJ-type agencies at the federal level and probably many other entities at the state level and as such their data must be on those networks in order for full communication t

    • why the hell is any DoD network connected to the Internet????

      A few days ago the mantra was "Why is the Air Force blocking blogs"

      The truth is there's multiple networks. There's operational (operational in the meaning of planning and conducting operations) networks which are secure, not using windows and are airgapped. There's adminstrative networks that are windows based where people do email, write memos, fill out leave forms, etc. Remember there are people that come into military fresh out of high school with little money, they don't own computers, so they use

    • To read /. at work, of course!
  • M$CROSOFT SUCKS (Score:5, Insightful)

    by EdIII ( 1114411 ) * on Saturday March 08, 2008 @01:08AM (#22684880)
    Here's the thing.... even putting the hyperbole in the title aside, Microsoft really does suck , and at so many many many levels.

    I am in my 30's and I have been using Microsoft all my life, since I was about 9 years old (I started using computers when I was 7). I build their machines, I repair them, I even program them too. I also attempt to provide security on them as well. So I have been involved with Microsoft about as long as some people have been married. So I believe that I am entitled to get drunk occasionally and rant about the "Ex" for awhile. I earned it, so to speak.

    Have people noticed that Microsoft is like a little sickly Boy in the Bubble? You have to protect him at all times.

    You have to put up a router and a firewall at a minimum to protect your little herd of MS machines. Keep them safe from the big bad wolves and all that. Of course, these days you also need to have some really good routers with IDS, gateway anti-virus, etc. to do it even better. But that is not enough. Those little guys can get into trouble just "looking" out on the Internet. So you need anti-virus, anti-phishing, anti-spam, anti-spyware, anti-malware, etc.

    When the Internet first started coming out, I remember telling people it would be cold day in hell before I hook my computer up to an unknown network in which anybody could send packets to my machines. Obviously, I had to get over that "shyness" and learn to adapt or die. However, since then, I have had to invest enormous amounts of time and energy and cold hard cash into preventative measures to keep my own Microsoft OS's from being hijacked by any asshat on the Internet.

    There is billions being made, that's with a B folks, in 3rd party solution providers that specialize in providing the security solutions just to cover the fact that Microsoft can't code security if their "life depended on it".

    Now that the Pentagon is using them, it would seem that in a roundabout way, Microsoft's life IS depending on it.

    We can bash Microsoft all we want, and talk and talk and talk about it. What it really comes down to though, is that Microsoft just may not be a secure enough environment for our National Security apparatuses to be using. If we have to work that hard at it, with that many vendors, and have that many points in which someone can screw up and leave machines vulnerable, then we need another solution .

    On another side note, where the HELL are those super secured networks I keep hearing about that my tax dollars paid for huh? Apparently, the Pentagon's networks must be in really bad shape too. You would think that trillions of dollars could provide some pretty secure networks, communication infrastructures, and operating systems.

    All that "bashing" on my part aside, Microsoft may make a decent OS for the little guy. The mom and pops at home with their families. Let's face it, it is easier to use then Linux, otherwise Linux would have a greater market share. Let's just not use it inside the Pentagon OK?
    • The amount you speak of will cover the cost of the cisco edge router now lets see if we can fund some core routers and some nice switches ;D
    • The super secured networks you are reading about are not accessible from the Internet and most likely haven't been penetrated.
  • by NetSettler ( 460623 ) * <kent-slashdot@nhplace.com> on Saturday March 08, 2008 @01:21AM (#22684938) Homepage Journal

    It reminds me of the Doonesbury comic years ago about Reagan's SDI shield, that was going to protect us from Soviet missiles by a single, always-perfect shield of protective devices. The comic was drawn in crayon, as I recall, with the voice of a little girl explaining that the world was beautiful because SDI was protecting us. Then in the last frame it said something abrupt to the effect of "Oops, one got through. Bye."

    What makes this story so scary isn't just that something got broken into, it's the thing in the back of all our minds that says "my goodness, is that the place where All Knowledge of Everything is centrally stored?" Bad enough when someone breaks into your computer and gets all your bank accounts or passwords, but when someone breaks into The Government and gets all knowledge of launch codes, defensive systems, registries of guns in the US, files on who sympathizes with who, files on who calls who, etc. ... well, that info collected with the intent of defending us might suddenly be a liability.

    That's why things like the telecom phone tapping, national IDs, etc. are so troublesome. The mere centralization of information at all for any reason is a risk that the Bush administration has been ignoring, working instead (for all we know, none of this being auditable) to pile all of everything in one fragile place. The founding fathers kept trying to decentralize things and minimize what in modern computer terms we'd call "single point of failure". They distributed power in a way that made it hard to just break in and take control, right down to making sure there was not a single head of government. It's too bad that in all the puffery we hear spouted about Constitutional original intent, the modern Republican leaders don't show more care about that kind of original intent.

    • It is entirely possible to create a distributed model where local areas manage their permissions, it's managing the volume of permissions that is the challenge. For some bizarre reason, people who set these things up always insist on a "one large pot" model, whereas X500 has a perfectly viable distributed access control model (sorry for those who squeek "LDAP is God" at this point - there is a reason why "LDAP" starts with an "L", thank you).

      The nice thing about a distributed model is that it's much less f
      • by Splab ( 574204 )
        The thing is, all it takes is one person to bring down the house of cards. Where I work the data has been locked down tight, with very specific methods for accessing it. This of course only work under the assumption that:
        1. I can be trusted
        2. The DB software can be trusted (and thus the engineers working on it)
        3. The sys-admins doesn't log/know my passwords and abuses them (do you ever check your keyboard for keylogger?)
        4. The guy handling the backups doesn't leave them on a train somewhere.

        There are loads
  • Honey pot. (Score:4, Interesting)

    by dsmatthews ( 866278 ) on Saturday March 08, 2008 @04:52AM (#22685560) Homepage Journal
    It would not be the first time that a government has gone to great length to convince others that the stolen data they have is real, when really it is not, rather it is carefully crafted misinformation designed to fubar any project or plans it is used in.
    • It would not be the first time that a government has gone to great length to convince others that the stolen data they have is real, when really it is not, rather it is carefully crafted misinformation designed to fubar any project or plans it is used in.

      Yeah, and it would not be the first time that a government has gone to great length to convince others that they are completely incompetent.

  • Shouldn't the Gov't already know that Windows security is as effective against hakers as wet Kleenex is against a Mack truck?

    Microsoft likes to spend money on selling the same pile of shit packaged in a new wrapper, instead of producing anything actually useful.

    This is what happens when Government officials have a threesome with Ballmer and Gates.
  • .. and to the typical American ... out of sight out of mind. Or in other words, WE STILL DON"T KNOW what all this secret information is but it apparently makes the hackers smarter than us about us.

    Thanks Homeland security......good job.
  • Prior to W. we required out gov. to have SECURED OSs. Once of the few places that had Windows was the reagan, and IT ran in circles (figures). The pushing of Windows on all forms of gov. has been from The white house. What a disaster. Even DHS standardized on it. I have worked with 2 of the top ppl from DHS back in 2002 (prior to their being pulled into DHS) and no doubt that they used Windows. They were tech idiots back then, and they are still idiots.
  • Given the value of data, at what point does diplomacy start to consider network intrusion to be an act of war. I mean, if they're going to treat physical and imaginary "property" to be equal under the law, then this sort of massive data intrusion becomes the equivalent of walking into a naval base and sailing away with a fully loaded aircraft carrier.
  • Slashdot, you're growing up.

The end of labor is to gain leisure.

Working...