Forgot your password?
typodupeerror
Security Government Networking IT

NSA Considers Its Networks Compromised 239

Posted by Soulskill
from the nowhere-to-go-but-up dept.
Orome1 writes "Debora Plunkett, head of the NSA's Information Assurance Directorate, has confirmed what many security experts suspected to be true: no computer network can be considered completely and utterly impenetrable — not even that of the NSA. 'There's no such thing as "secure" any more,' she said to the attendees of a cyber security forum sponsored by the Atlantic and Government Executive media organizations, and confirmed that the NSA works under the assumption that various parts of their systems have already been compromised, and is adjusting its actions accordingly."
This discussion has been archived. No new comments can be posted.

NSA Considers Its Networks Compromised

Comments Filter:
  • by alfredos (1694270) on Friday December 17, 2010 @12:32PM (#34588652)
    What I can't fathom is that there is still people out there believing that a firewall is all the protection they need. Or that it is a protection they need, even.
    • by datapharmer (1099455) on Friday December 17, 2010 @12:37PM (#34588742) Homepage
      yeah, I mean who really needs a firewall anyway.... I run my computers unpatched with all the ports open. They are much faster and more reliable that way. None of that antivirus nonsense to deal with and I stay virus free since the botnets duke it out for who gets control. It saves time when shopping online too, as I don't even have to tell the nice people my credit card info - they all already know it! It is especially useful when they send me great offers by email for replica rolex watches and discount prescriptions as I don't even have to search for the best prices!
      • Well what I think the poster was getting at is the idea that, if you're closing off all insecure ports on all your machines themselves, then firewalls shouldn't really being doing anything anyway. It's not an either-or proposition, is it? Either you have a firewall or you have unpatched computers running with all ports open?

        In a certain way of thinking, what a firewall does is to block traffic to unauthorized ports on improperly secured machines, so if you secure your machines then the firewall shouldn't

        • by JackOfAllGeeks (1034454) on Friday December 17, 2010 @01:16PM (#34589318)

          Of course, that's not really all that a modern firewall does.

          And this is why the original poster is wrong.

          If you're just relying on a Firewall to block access to ports you shouldn't have open anyways, then yeah, you don't need the firewall: just close the ports. But in that scenario, it's really just a misapplication of an otherwise useful security device.

          A Firewall can be useful, as you said, to proxy various protocols or block certain outgoing (or unsolicited incoming) traffic. It can also be used if potentially-harmful traffic belongs on the network, but not going to or from certain hosts (ie, remote administration of servers might be desirable, but only from certain hosts).

          The point is, yes a Firewall isn't The Solution to all security problems, and it can be misapplied, but that doesn't mean it's not a useful device in the right situation.

          • by vux984 (928602)

            If you're just relying on a Firewall to block access to ports you shouldn't have open anyways, then yeah, you don't need the firewall: just close the ports. But in that scenario, it's really just a misapplication of an otherwise useful security device.

            Not really. Redundancy and backup systems are an important part of security.

            • Good point; I retract the overly-broad assertion.
            • by icebike (68054)

              Except that your OS (even Windows if properly locked down) is likely to be more up to date than your firewall/router software.

              Routers rarely get updated software loads, even when significant bugs are detected in the kernel the are built with.

              In many cases, the redundancy provided by an ancient linksys is a false one, and the router may already be owned by the hackers.

        • by Culture20 (968837)

          In a certain way of thinking, what a firewall does is to block traffic to unauthorized ports on improperly secured machines, so if you secure your machines then the firewall shouldn't be necessary.

          And Darth Vader really did betray and murder Luke's father, from a certain point of view. I use firewalls all the time, because I've got ports that don't need to be world accessible (and trusting tcpwrappers for everything is silly). Also, just because daemon foo is "secure" now doesn't mean it will be a month from now. If you need the port locally, but not externally, firewall it completely off from the outside and be a little happier.

          • And Darth Vader really did betray and murder Luke's father, from a certain point of view.

            Yes, that's true. I think you're going to find that many of the truths we cling to depend greatly on our own point of view.

        • by rel4x (783238)

          Well what I think the poster was getting at is the idea that, if you're closing off all insecure ports on all your machines themselves, then firewalls shouldn't really being doing anything anyway. It's not an either-or proposition, is it? Either you have a firewall or you have unpatched computers running with all ports open?

          Except that you generally don't "close off insecure ports". You're not disabling them, you're just setting them to "not open yet". A large part of the point behind a firewall is to make sure nefarious programs can't open the ports without your knowledge.

      • by _Sprocket_ (42527) on Friday December 17, 2010 @12:52PM (#34588956)

        You're actually cutting edge. You've out-sourced your personal information security and set up a fully flexible payment schedule to support it. You're clearly executive material and deserve that Rolux you've had your eye on.

    • by B'Trey (111263) on Friday December 17, 2010 @12:42PM (#34588828)

      What I can't fathom is that there is still people out there believing that a firewall is all the protection they need. Or that it is a protection they need, even.

      A firewall is reasonable protection for most people, just as a dead bolt on the front door is reasonable protection for most homes. If you're the online equivalent of a jewelry store - that is, a high profile target - then obviously you need much more than that.

      • by drinkypoo (153816)

        A firewall is reasonable protection for most people, just as a dead bolt on the front door is reasonable protection for most homes.

        Most homes are protected not just by the deadbolt, but by a variety of factors including your presence. Just see what happens if you're gone for an extended period of time with nobody checking up.

        • Where do you live to expect your house to be broken into if you're gone?

          I mean, I take some precautions (like redirecting my mail), but I can leave my home for three months straight without checking up on it and I'm pretty confident nothing will happen to it.
          In fact, the only time a house was burglarized here was when the thieves were "friends" of the house owner (they knew the house and her vacation schedule, etc).

      • Re: (Score:3, Interesting)

        If you have on your computer:
          - access to online banking;
          - personal information;
          - spare CPU to do somebody else's processing;
          - spare bandwidth to store or handle someone else's illegal data;
          - company confidential information;
          - etc... ... you are an electronic jewelry store.

      • by vegiVamp (518171)

        I just read "A fireball is reasonable protection for most people". Time for coffee.

      • by Dalroth (85450)

        Every one of my family members is behind a firewall. Every single damn time I go home I have to spend hours rebuilding their computers because they've been compromised yet again.

        Burglarizing a house is a physical act that requires you to go there and put yourself in great physical danger. Breaking into a computer is as easy as a few clicks on a keyboard.

        They are not the same thing. A firewall is NOT enough, and it is NOT comparable to a locked front door.

    • by Steeltoe (98226)

      I2P sports end-to-end encryption. Arbitrary tunnels between computers. Darknet capabilities. Integrated bittorrent. Anonymous and encrypted websites. P2P naming services.

      If you need transparent encryption between nets, while preventing sniffers and MITM-attacks, I believe I2P can be a great fit. I wonder what performance a custom version restricted to the LAN might yield, given that it's already many orders of magnitude faster than FreeNet?

      I2P: http://www.i2p2.de/ [i2p2.de]

    • Most people are confused by all the marketing that AV and firewall vendors spew out, together with the anecdotes of their friends about "Well, AV doesn't work 'cuz I got a virus that one time" and all that other nonsense.

      Honestly, IMHO, you should -always- consider your network to be compromised in some fashion. Always keep an eye out for clues of infiltration--strange network traffic, odd lack of response, uncharacteristic behaviors--and, though you'll doubtless waste some time on false positives, you'll
  • NSA (Score:4, Funny)

    by Demoknight (66150) on Friday December 17, 2010 @12:32PM (#34588656) Journal

    Not Secure After-all

  • by girlintraining (1395911) on Friday December 17, 2010 @12:34PM (#34588684)

    Security is achievable provided you start with good parameters. Believing your systems are "unhackable" is silly. No physical security is impenetrable, why would electronic security be different? But what you can do is make the cost of breaching that security more than the value of whatever it is being protected. Keep in mind though that what you're protecting also includes access, not just the data itself.

    Problem is, in the private sector you have all these companies trying to control the internet, instead of keeping it as a public commons. The net result is that the cost to access it is often the main price consideration, at least in the United States.

    • by DrgnDancer (137700) on Friday December 17, 2010 @01:08PM (#34589218) Homepage

      The problem is that the NSA has, or at least it believes it has and other believe it has, information whose value is essentially beyond price. Therefore they feel reasonable expecting that other parties will pay nearly any cost for access. The whole dynamic of "make it more expensive to get than it's worth to have" goes out the window when what it's worth to have is essentially infinite. Then it becomes "protect it as much as possibly can and hope it's enough".

      Don't get me wrong, I typically agree with you, and I've posted that very thing quite recently in response to something else recently. It's just that the theory kinda goes out the window when you have bad actors with the resources of an entire nation behind them as your most likely threat vector. Now of course everything that the NSA protects isn't that valuable, and much of it is probably protected with precisely the theory you promote. The rest is just protected with every possible resource they can think of.

  • by T1girl (213375) on Friday December 17, 2010 @12:35PM (#34588696) Homepage

    The idea of sticking all my data out in cyberspace on somebody else's servers always seemed a little fluffy anyway.

    • by blair1q (305137)

      First rule of security: never do anything anyone wants to know about.

    • by durdur (252098)

      Lots of organizations are uncomfortable with high value data being out of their control.

      But are your IT guys better than their IT guys? Do you patch, monitor, secure, more than they do? Maybe, maybe not. It pays to ask questions but the cloud isn't a worse place for data, necessarily.

      That said, top secret data like NSA has is a whole 'nother kettle of fish.

  • by ChefInnocent (667809) on Friday December 17, 2010 @12:35PM (#34588714)
    Is the one buried a mile under ground in 100' radius of concrete connected to nothing. Preferably in an undisclosed location. Even then, it is only as secure as the guards protecting it.
    • by Pojut (1027544)

      I had a co-worker ask me for some computer advice yesterday, since she was "tired of all the viruses [she] seems to keep getting." I gave her two options:

      1. Stop clicking on every blinking banner, spam email, and "RESPOND NOWZ0RZ!!1!111!" message she gets on facebook. Install a quality anti-virus and software firewall, as well as set up a hardware firewall, and remove all privileges from the account she logs onto her computer with.

      OR

      2. Unplug the computer from the wall, go to CVS, and buy a legal pad an

      • by Colourspace (563895) on Friday December 17, 2010 @01:14PM (#34589300)
        CVS?? According to you she doesn't even seem to have heard of antivirus, and you want her to use control versioning?
        • by vegiVamp (518171)

          CVS - Concurrent Versioning Software.
          VCS - Versioning Control Software.
          CSV - Comma Separated Values

          Any more confusion ? :-p

    • Right. How I would put it is, "security" is not a binary state. It's not that a computer is either "secure" or "not secure". Security is a process, or maybe a context, and the main concern is not about making something "absolutely secure" but a balancing act. You need to balance the restriction of access by unauthorized personnel with the enabling of access by authorized personnel.

      Or to use another metaphor, security is like a constant ongoing war. You simply can't devote enough resources to protect e

    • by mikael (484)

      Don't forget the lead shielding ..

    • Nonsense. You can have it connected to every computer system in the world and it will still be secure - see "The Forbin Project" for details on how to achieve real computer security!
  • by devleopard (317515) on Friday December 17, 2010 @12:41PM (#34588818) Homepage

    In other words, no internal trust. You eliminate all assumptions in-house with the requisite sandboxes, minimal privileges, etc. Like prison: no one is your friend, you merely have alliances that can be severed at the moment that trust is no longer needed.

    • by wjousts (1529427)
      And don't drop the soap in the shower.
    • The operative philosophy is "need to know" you tell nobody anything that they don't!

      One of the best simple firewalls is just non routable internal addresses.

  • by ColoradoAuthor (682295) on Friday December 17, 2010 @12:42PM (#34588830) Homepage
    Complete security is a fleeting deception. What we need is RESILIENCY to cope with the attacks (physical or cyber) which will inevitably occur. Wise people have known that for approximately forever (that's how we got this thing called the Internet, after all).
  • Isn't that one of the most basic rules?
    Always assume that a device on your network could become compromised. That's why the gods of microchips and junk food gave us the gift of layered security.

  • It wasn't me! And you can't prove it.
  • Duh (Score:5, Insightful)

    by PPH (736903) on Friday December 17, 2010 @12:48PM (#34588904)

    Any good security policy assumes that, if the system has not already been penetrated, it will be soon. There must be procedures for detecting intrusions, repairing weaknesses and plugging holes, and compartmentalizing data so as to minimize damage once a part of the system has been breached. And there needs to be ongoing R&D into the various techniques the enemy could use to break into systems and applicable countermeasures.

    What scares me is that the NSA is "adjusting its actions accordingly". They should have been thinking this way from day zero.

  • Good for them (Score:4, Interesting)

    by mewsenews (251487) on Friday December 17, 2010 @12:50PM (#34588934) Homepage

    If you've played around with any rootkits you know how devious an attacker can be with your system. If you read about the Gawker story, they had a couple signals that their systems were compromised but nothing catastrophic had happened so they carried on their merry way.

    This is how most businesses are approaching IT security: if it ain't broke, don't fix it.

    It almost takes a govt organization to sit down and say "wait a minute, we could be hacked and not even know it". Especially a very, very high profile target like the NSA. They're facing legions of hackers funded by foreign governments. This isn't the dawn of the Internet anymore, it has to be taken seriously.

  • Levels of security (Score:5, Insightful)

    by formfeed (703859) on Friday December 17, 2010 @12:51PM (#34588952)
    Many large organizations still operate under the bad internet vs. good intranet principle.

    What considering "the assumption that various parts of their systems have already been compromised" means is that you go away from that model.

    There can be multiple levels, walls between various areas, zones according to task, etc. And the auditing system can be much more complex than a firewall.

    Think of something like the "unusual activity" trigger software for your credit card. Low ranking security person reading a low level cable? -fine. Reading 10000 cables in one hour? very unusual.

    The NSA know their stuff, I see this talk not as someone admitting that they are compromised, but as someone talking shop.

    • by LWATCDR (28044)

      Well the problem is basically a new tyranny of numbers problem.
      As systems get more and more complex the harder they are to deal with. In this case to secure.
      At one time you had a lot of physical security and frankly at best dial up speed or frame relay connections to deal with.
      Now so many systems are interconnected that security is a completely different game.

    • by H0p313ss (811249)

      The NSA know their stuff, I see this talk not as someone admitting that they are compromised, but as someone talking shop.

      Correct. Any intelligence organization of any value always assumes they could already have been compromised, and not just electronically. Every task, every group, every department is compartmentalized and separately secured both physically and in terms of networking.

  • What? (Score:5, Insightful)

    by natehoy (1608657) on Friday December 17, 2010 @12:57PM (#34589026) Journal

    What? You mean there's another option?

    Any network administrator worth half their income should always consider their LAN to be compromised. That's why you use secure transfer protocols to transfer any data containing any sensitive information between company systems. That's why you have active network monitors that turn off network ports when they encounter an unknown MAC address. That's why you don't allow anonymous logins to your active directory, and you strictly control access to everything by at least department.

    Security is done in layers. Firewalls can and will be breached. If it is, your goal is to slow the attacker down until you can detect the breach and close it. Honeypot servers, data encryption, network segmentation, network resource security, all of these things are vital.

    • by hadrins (1210784)
      Now if you could only get software vendors to pay attention to that rule.
      I will be happy the day I don't have to give a user admin right on the local machine to be able to use some database software that is just pulling UNC path files.
    • by zero0ne (1309517)

      If only my company paid attention to this...

  • “The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive “secrecy tax”) and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption. Hence in a world where leaking is easy, secretive or unjust systems are nonlinearly hit relative to open, just

  • If I read the post correctly, the NSA did not say their computer network had been compromised, They said they worked under the assumption that it had been. The two are not the same thing. Any intelligence organization must work under the assumption that it has been penetrated. This does not mean that the organization does not do everything in its power to avoid this, but that, knowing the opposition is trying to penetrate, the best assumption operationally is that the penetration has already occurred.
    • Any DECENT intelligence organization must work under the assumption that it has been penetrated.

      There, I fixed that for you. The problem is that groups like DOD, FBI and DHS are both pretty worthless when it comes to Security. And yes, all 3 are in that group because they use things like WIndows as well as standard systems from China, even equipped with open USB and ignored NSA recommendations. Even when NSA said ABSOLUTELY NOT TO USE WINDOWS ON ANY NETWORK, All 3 of the others did and continue to use it
  • by J4 (449) on Friday December 17, 2010 @01:23PM (#34589440) Homepage

    The fact that we outsource chip fabrication ought to be a clue as to why they can't pretend any more.
    OT: It's even money that every piece of military hardware with computers has an illicit kill switch embedded in it.

    Game over USA.

    • I've posted about this many times before. I work for a semiconductor design and fab company. We have fabs overseas, of course. But we also have a prototype fab at our head office, in California, and right beside it we have a military fab. Any design that anyone wants fabricated with a guarantee of security, we'll run, with their engineers involved at every step of the way, with 100% verification, if they're willing to pay enough. And apparently -- I don't know this because I don't have access to this k
  • Security (Score:4, Insightful)

    by theamarand (794542) on Friday December 17, 2010 @01:49PM (#34589756) Homepage
    It always makes sense to operate based on the assumption that you may already be compromised. If you take a look at your data, and you think that impenetrable firewall is going to keep people from accessing it, you're delusional. Security, or lack thereof, is measured in time. If what you're securing is important, the question is not can this information be accessed but how long until it can be accessed. Compartmentalization is an important part of any security plan. Finding ways of keeping people out is something the security field has been working on for ages. Have different passwords for everything. Change passwords regularly. Audit data accesses. Watch for suspicious behavior. Keep off-site backup of data and forensics information. Create different subnets and VLANs to segregate traffic. Train all employees in basic security measures. Ensure that no employees are above security - no backdoors, everything audited. I'd say the most important thing to recognize, though, is exactly what they said: unless a resource is sitting in a heavily-guarded Faraday-cage, inside a vault, turned off, and not connected to anything else, it can not be considered 100% secure. Everything else is risk management.
  • >no computer network can be considered completely and utterly impenetrable

    C'mon, this is news? Have we learned nothing in the past 30 years? When I did military design in the eighties, "secure" was keeping the computer in a locked, shielded, windowless room with an armored door and NO NETWORK CONNECTION.

    Data transfer was done extremely carefully via disk packs, with many checks and balances.

    Once we had to push out a huge (for the time) amount of data to the staging equipment cage, more than we c

  • Seriously, there never was. There are just more attack vectors now.

  • The fact is, that because the equipment is coming from China, then it is certain that it is loaded with backdoors. And it is coming more and more. The west MUST convince companies to bring back their manufacturing, OR start supporting companies that DO the manufacturing local. This is more true of the American gov. than any other.
  • Any organization with 50 people or more should consider the network compromised an segment it into isolated sections (That is VPNs not VLANs).

  • I've been reading James Bamford's /Body of Secrets/, a gigantic tome about the history of the NSA, circa 2001. When you think about the kind of stuff that the NSA and other government's signals intelligence services were able to listen in on in the early 1960s, it is absolutely no surprise that they have trouble hiding secrets today.

    Even before they had microcomputers to do the work, they were pulling off incredible stuff. They used to look for radar signals reflected off of Soviet test missiles in order to

TRANSACTION CANCELLED - FARECARD RETURNED

Working...