Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Security

State Department Developing Cyber Toolkit 269

An anonymous reader writes "The U.S. State Department, known for its recent RFID passport embarassment, seems to have developed a key tool in the Department of Homeland Security's cyber toolkit for federal agencies. There's not much out there on it other than mention of a tool called SandStorm in a recent press release from State's Bureau of Diplomatic Security. According to the site, "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities. The White House is championing this cyber tool and the Department of Homeland Security has selected it as a cornerstone application for a cyber toolkit being made available to all Federal agencies." Sounds scary to me, but may be a step in the right direction."
This discussion has been archived. No new comments can be posted.

State Department Developing Cyber Toolkit

Comments Filter:
  • what? (Score:5, Funny)

    by markybob ( 802458 ) on Thursday November 10, 2005 @12:36AM (#13995618)
    a step in what direction? hell?
  • Deus Ex, anyone? (Score:2, Interesting)

    by Landshark17 ( 807664 )
    Sounds like the Aquinas Protocol to me.
  • by MLopat ( 848735 )
    Not sure why the submitter of this article thinks its a scary thought. With the internet being the defacto standard for terrorist communication, both to one another and to the world via terrorist sponsored websites, its a good thing that the US is finally doing something to be proactive in this area.
    • by markybob ( 802458 ) on Thursday November 10, 2005 @12:39AM (#13995630)
      because this america, not china. our property is supposed to be free from search without a warrant. it has something to do with the constitution...
    • Comment removed based on user account deletion
    • by Anonymous Coward

      Not sure why the submitter of this article thinks its a scary thought.

      I'll tell you why. Because a disproportionate number of Slashdot readers believe that any technology that is largely used for benign purposes, but can potentially be abused by the government (e.g., SandStorm to gather private information), must be suppressed at all costs. But the same group also believes that any technology that is largely abused for illegal purposes, but can potentially be used for benign purposes (e.g., BitTorrent for

    • its a good thing that the US is finally doing something to be proactive in this area

      I guess it depends on how much you trust your government.

      BTW, I wonder if its based on any GPL'd code.

    • by Skrekkur ( 739061 ) on Thursday November 10, 2005 @01:26AM (#13995789)
      Do you have any idea what how slim the chances really are to be killed by terrorists in the US? Even after 9/11 it's next to none. You are far more likely to be in a car accident, die of cancer, get a heart attack or being shot by a family member. This terrorist "threat" is no reason to take away our freedoms and slowly install a police state where the citizens are the "threat". Sure we cannot just ignore the threat but I for one prefer a little "unsafer" world over privacy invading security
      • Do you have any idea what how slim the chances really are to be killed by terrorists in the US? Even after 9/11 it's next to none. You are far more likely to be in a car accident, die of cancer, get a heart attack or being shot by a family member. This terrorist "threat" is no reason to take away our freedoms and slowly install a police state where the citizens are the "threat". Sure we cannot just ignore the threat but I for one prefer a little "unsafer" world over privacy invading security

        This "terror

        • Noticed that now there are so few public warnings of new terrorist threats and increasing the national "security level"? Just wait for election time...

          Nothing like general fear and confusion to make everybody rally around whomever happens to be in office.

          And for an added twist, float some insinuations [newshounds.us] that the enemy endorses your opponents.

      • by ScentCone ( 795499 ) on Thursday November 10, 2005 @09:06AM (#13997076)
        Do you have any idea what how slim the chances really are to be killed by terrorists in the US? Even after 9/11 it's next to none. You are far more likely to be in a car accident, die of cancer, get a heart attack or being shot by a family member.

        Do you really think - really - that the only thing we're worried about here is direct death or injury of individuals, personally, by some weapon that is flown, blown up, or shot at them? The impact of 9/11 was pretty horrible for the thousands of dead and their families - but pretty much everyone in the country was impacted, as well. The economics of another serious attack - even a conventional one as before - will be mammoth. The impact of something like a Japan-style Sarin gas attack or two, or of something radiological, will be (just as the bad guys would hope) incredibly costly and disruptive. I can't even imagine something smallpox-ish, in terms of the social freak-out mess.

        I live in the DC area and interact with people on the working end of these problems. They're frustrated at how hard it is to fight this crap, but they're even more frustrated at how willingly people paint them as some sort of bad X-Files villains as they do their jobs. Of all the people I've met and talked to, the only common thread that should alarm most of us is their tales of un-fireable incompetent co-workers. There are paper pushers, academics/analysts, operatives, and other people working in all of the three-letter-agencies that are just as dumb, bull-headed, whiny, annoying, distracted by the problems with their drug-using teenagers, etc. as there are in the rest of the world.

        Part of the problem is the near impossibility of retaining quality (real quality) people on a government paycheck - especially in areas where the cost of living is off the charts. Living essentially hand-to-mouth in a town where a cheesy two-bedroom townhouse in a bad neighborhood costs half a million dollars, and your 15-mile round trip communute takes over two hours ... it's hard to shrug that off (at, say, $45k/year) and spend your time in the office making perfect decisions about how some guy at the Agency should work with some guy from State to draw the line between sniffing a laptop that someone carries, sometimes while visiting in the US, and sometimes back to Syria where he deals in chemicals and transportation.

        Developing the tools to know what we need to know is a technical problem. Deciding when and how to use them is a policy problem. I don't sense the police state that you do, perhaps mostly because I'm life-long friends with people who are now in law enforcement and intel, and know that most of the black-helicopter hand wringing is so wildly misplaced as to be just plain funny.

        BTW, to put the word "threat" in quotes implies that there simply isn't one. There is, and I'll be curious to hear your take on whether or not, in the wake of the next hit, enough intel was being gathered before hand in an attempt to stop it. Did you catch the news in Australia the other day? 17 guys, stockpiled with chemicals, bomb-making gear and plans, and in what appears to be a two-party race to see who could execute the first serious in-the-name-of-Allah mass casualties in that country first. Major intel gathering, including cyber surveilance of several flavors, was the only reason that Sydney or Melbourne didn't get exactly what just happened in Amman yesterday. And if you think that the only impact on the Jordanian economy is the death and injuries to a couple hundred people, you're way, way wrong. Your initial point (about the odds of any one person being killed by a terrorist) is an often-repeated rhetorical canard that (not out of ignorance, because you have to know better) deliberately pretends that both the intent and impact of terror is person-to-person damage. Wake up, man. Or spend next week in Amman and ask the merchants, the cabbies, the food service people, and everyone else what the odds are that the terrorists only hurt the 57 people that died.
        • Good Points (Score:3, Interesting)

          by Tony ( 765 )
          What you say is truth.

          It is also irrelevent.

          As shown by the current US administration, people in power will abuse the system, as they did with the push to war in Iraq (with lies and manipulative PR), Valerie Plame, and the systematic abuse of prisoners. It doesn't matter how good-intentioned most people are; given the tools of abuse, abuse will happen. The question then becomes, on what scale?

          Terrorism is the excuse-de-jour for oppression and abuse. Whether it's secret US prisons in central Europe, or CIA e
    • by headkase ( 533448 ) on Thursday November 10, 2005 @01:51AM (#13995869)
      Come on buddy, mentioning terrorists is like the latest fad in political correctness subscribers - you must agree or your helping the terrorists. Yes, terrorists use the Internet to communicate, but, so do literally billions of people who are not terrorists. Should they be spied upon benignly at first and maybe less so when abuse(s) finally occur? It's still not as simple as that however as the Internet is used to commit far more crimes a day than terrorists use it for so there should be some kind of forensic tools available to ordering agencies like law enforcement but the use of the software needs oversight and it morally shouldn't be a blanket system unless the risks truly justify that all the way back to the voters in opinion. This kind of thing creeps me out, its could be the software equivalent of the Stasi in old East Germany.
      • I wish Slashdot would let you edit your posts so that I could have said "Beneficial does not also mean prudent" and changed the stazi thing from "its could be" to "it could also evolve into".
        • STASI, Stasi! Where's the suggestion box.
        • Re:*sigh* (Score:3, Funny)

          by Ihlosi ( 895663 )
          and changed the stazi thing from "its could be" to "it could also evolve into".



          No no no, something like that definitely will not evolve. It is intelligently and maliciously designed to eventually support and promote STASI-like activities.

      • Millions, not yet billions.
      • The main problem with this kind of secret surveillance is the nature of any evidence produced. It's all very well if they get information which then leads them to real evidence that can be used to arrest and prosecute. What is scary to me is being accused by some software program with no way to contest the "evidence" in court. As reprehensible as drunk driving is, I am glad to see some judges start to throw out evidence which cannot be examined (e.g. the closed source breathalizers in FL).
    • by rpetre ( 818018 ) on Thursday November 10, 2005 @02:14AM (#13995936)
      With the internet being the defacto standard for terrorist communication

      In other news, air just became the defacto standard for terrorist respiration.
    • who the fuck cares if terrorists use the net to communicate? Its the year 2005 folks meeting the communication needs of a fortune 500 company is a challenge but communicating between a handful of people among millions there is just no way to prevent it or track it. These toolkits and restrictions wont work on terrorists...If your motivated enough to ram a plane into a building you sure as hell can figure out a way to send a message.

      Lets face it anyone that reads this site daily could think of 100 ways to

      • but communicating between a handful of people among millions there is just no way to prevent it or track it

        But there's always more to it than that. Most intel that matters is gathered in the context of alrady having a tip or other information that suggests a need to focus on a particular line of communication. The information that's gathered as two bad guys post notes to each other on some obscure message board is usually complementary to other intel and helps clarify things. The needle-in-the-haystack a
    • Ah, the new clarion call - "Won't somebody please think of the terrorists?!?!?". The old one was getting a little tired, wasn't it?

      The internet may be a hotbed of terrorist activity or not, but the US government has no right to spy on my computer or my communications. Hell, it doesn't even have the right to spy on its own citizens, thanks to that pesky "Constitution" thing.
      • This is going to become to tool for reciprocal espionage, Echelon-like.

        Since the cold war's end there is no more use for the internet except as a scalable, robust information vehicle for terrorist messages. Oh and a little thing called /. for geeks and nerds.

        You're NOT paranoid, they ARE out to get you but since they don't even trust themselves, they're going to let the machines rat you out.

        Don't think you can hide from them in any city or town or with any access to any technology hooked up to any grid.

        And
    • The problem is drawing the fine line between creating a police state and failing completely to be vigilant. As usual the people find it difficult to decide what they want. On the one hand they want to be safe and not get blown to bits on the other hand they don't want to be stopped, questioned, searched and spied on. It's a perfectly understandable, if somewhat contradictory, position to hold.

      Personally I think there is an argument for intercepting / reading unencrypted email. Unencrypted email is the equ

    • Not sure why the submitter of this article thinks its a scary thought. With the internet being the defacto standard for terrorist communication, both to one another and to the world via terrorist sponsored websites, its a good thing that the US is finally doing something to be proactive in this area.

      I have also heard that TERRORISTS use phone lines to call each other and TALK TERRORIST TALK to each others, therefore it's really important to let US goverment to listen to all phone conversations and disc

    • Except that they will not only use it to track terrorists down, but to also spy on business communications of other countries, like they did with Echelon...
    • Sheer fud. All the terrorists in 9/11, London and Pakistan have been caught via mobile phones. That's the terrorist communication vehicle of choice. That's "mobile phone". Not IRC, IM, websites or FTP. Now the scary bit is that we nothing about Black ops concerning themselves with the telephone network probably because they do it already, as other posters will no doubt testify.
  • Latest Virus (Score:3, Insightful)

    by Audacious ( 611811 ) on Thursday November 10, 2005 @12:39AM (#13995629) Homepage
    Sounds like the State Department is getting into the virus philosophy.
  • Motives for telling? (Score:5, Interesting)

    by victorhooi ( 830021 ) on Thursday November 10, 2005 @12:40AM (#13995637)
    heya,

    Looks interesting...I give it 20 minutes before a copy is up on the torrent...*grins*. Then the script-kiddies can all go use it to spy on each other and prove their "1337-ness"...

    Althought, truth be told - why exactly is the government telling us this? I mean, for all we know, they could have been developing these sorts of computer surveillance programs for years...in fact, they probably have. So why tell us about it now, in a highly-publicised press release? Or are they just trying to be seen to doing something, and seeming like they're on the cutting edge of technology? So maybe in truth they're actually quite clueless, and this program is nothing more than a hashed-up, worthless keylogger that looks like sample code from "Windows Internals"?

    One wonders about their motives for this news release, though...

    cya, Victor

    • I was wondering this myself and I think you are correct. Besides, it will probably just be netstat made purty.
    • Maybe they are telling us this because the government really ISN'T the Consipiracy Theory, Enemy of the State bad guy that everyone thinks it is? Perhaps there really are a few people in government, people we elected, that actually care about freedom and democracy? This country seems to have developed a liberal Hollywood view of the government in recent years. Crackpots like Michael Moore definantly don't do much to help people get a realistic look either. When one steps back and really looks at the big
      • We don't need conspiracy theories - read the stuff widely available about Nixon, Kissenger, Indonesian policial donations just before an invasion, Iran-Contra, the lead up to the first Iraq war (giving permission to invade Kuwait!), the Airbus IP theft, the stupid and useless covert meddling in Australian politics which really only resulted in a couple of agents getting pissed off and trying to sell secrets to the USSR and many more. With conspiracy theories you have some evil genius or competant group wit
    • Re: (Score:2, Interesting)

      Comment removed based on user account deletion
    • Because they are full of shit. You don't spout shit like that off publicly unless your full of shit. I dunno how many times I've helped clients nock down problems like employee's installing apps that cause huge issues with machines than just telling them to just write a memo that says all machines will have an application installed on thier machines so they can monitor employees more effectively for screwing around and messing up machines. The employees believe it, machines have less problems for 6 months o
  • I wonder if the DoD is designing this around the sony root kit.
  • Not scary (Score:5, Funny)

    by katana ( 122232 ) on Thursday November 10, 2005 @12:44AM (#13995651) Homepage
    In fact, it sounds really cool. In fact, *everything* sounds cool with "cyber" in it. No seriously, try it. Cyber jail. Cyber llama. Cyber tubgirl.

    Told you so.
  • by Anonymous Coward
    Man, 'cyber' was so early 90's. They so need to revamp their marketing dept.

    • Why?

      The state has been marketing the same shit for thousands of years and it's worked every time.

      The name doesn't matter. After all, we're "liberating Iraqis" (from their lives.) We're all for "democracy" (while stealing the election using voting machine fraud.) "We don't torture" (we just hook people up to electrical devices and fry their nuts or let dogs chew on them or just do the ol' beat the shit out of them technigue.)

      I mean, "Sandstorm"? Where did they get that one from? Obviously trying to play into
  • It would be nice to know how they are going to solve the problem of coincidents. Any large dataset will have false positives due to the massive amount of possible cross-correlations is such data. The problem of information extraction is a hard one, especially if the different datasets are going to be used together. The Data Mining and Domestic Security: Connecting the Dots to Make Sense of Data [stlr.org] by K. A. Taipale is a good review of this from the law perspective.
  • by chris_sawtell ( 10326 ) on Thursday November 10, 2005 @12:50AM (#13995669) Journal
    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

    Ben Franklin wrote those words over 200 years ago.

    They apply today just as much as they did then.

    Somebody needs to remind the current incumbent of the White House about his nation's history.

    • What does he have to say about unessential liberties for a lot of permanent safety?

      Nobody is ever going to argue Franklin's statement, the real debate is about what's "essential", what's "little" and what's "temporary". This observation has nothing to do with the keylogger thing you're commenting on, it's an unrelated thought.
      • by Master of Transhuman ( 597628 ) on Thursday November 10, 2005 @03:14AM (#13996102) Homepage

        He obviously meant that there IS no such thing as "permanent safety" (and there isn't short of being Transhuman and even then you probably have to worry about interstellar gamma ray bursts). Anybody who thinks the US government can make anybody "safe" from anything is a total idiot. They can't even keep the Prez safe as several Prez's have proven by taking bullets.

        And there are no such things as "inessential liberties" since by definition if you are not free to do what you want, you are simply not free. Political freedom is like being pregnant - you either are or you aren't. You either submit to the state in one or more respects, or you don't.

        What you are NEVER free from, however, is the consequences of your free actions - which isn't relevant to the discussion because we are discussing political freedom, not physical or social cause and effect.
    • Do you really think that the current incumbent of the White House really gives a shit about our nation's history, let alone warnings from Benjamin Franklin regarding "giving up essential liberty to obtain a little temporary safety deserves neither liberty nor safety"?

      George W. Bush may have a Texas drawl and a deceptively "rube" persona, but he is a savey and cynical Connecticut (blue-blood) Yankee just like his Daddy and his Daddy's Daddy. Check out "http://www.hereinreality.com/familyvalues.html" for the
      • "With any luck and some overdue justice for the American people, he will eventually be impeached, tried & convicted, and then turned over to the International Criminal Court at The Hague.

        I do hope so, please tell us how the rest of the world can help. I think the bombing of the house where Saddam was mistakenly supposed to be was cold blooded murder by the pilot of the 'plane, the USAF planners, and ultimately the President. Exactly how we can bring those responsible for the crime to Justice, I know

    • >Somebody needs to remind the current incumbent of the White House about his nation's history.

      Nah, you'd get better results by buying him another bottle of whisky, and taking it up with the vice president.
  • by NZheretic ( 23872 ) on Thursday November 10, 2005 @12:51AM (#13995673) Homepage Journal
    From the "Transcript of Internet Caucus Panel Discussion. Re: Administration's new encryption policy.
    Date: September 28, 1999.
    Source: Tech Law Journal recorded the event, transcribed the audio recording, and then converted it into HTML [techlawjournal.com].
    Weldon statement [techlawjournal.com]:

    Schwartz: Congressman Weldon, thank you very much for being here. Do you have any questions.

    Rep. Curt Weldon: Thank you. Let me see if I can liven things up here in the last couple of minutes of the luncheon. First of all, I apologize for being late. And I thank Bob and the members of the caucus for inviting me here.

    Pardon me if I seem a little bit confused to our panel, but, I am, and have been, with the change in direction which has occurred. But before I begin, let me say at the outset one of my biggest projects for the past four years has been to build what is becoming the first smart region in America, linking up all of the institutions within a four state region -- Pennsylvania, Delaware, New Jersey, and Maryland -- _____. In fact, over the weekend, I hosted the Minister _____, who is the Minister of Information Technology for Malaysia. As we signed an ____ with them for uplink downlink ties between our hub initiative in the four states, and the new Malaysian super-computing corridor project that they are building in Malaysia. So, I am a strong advocate for the use of information technology.

    But my other hat is to chair the Research Committee for National Security. And when Bob introduced his bill three years ago, my door was pounded incessantly by the Defense Secretary and his staff, by the Director of the CIA, and by the head of the NSA, and I would note for the record neither the CIA nor the NSA is here today.

    Who is actually speaking for them today, I might add? OK.

    NSA and CIA came in, and in a very intense way, lobbied me personally, and I am not a computer expert, nor am I a lawyer, and they asked me to give access to my subcommittee and the full Armed Services Committee to look at the security implications of the change in Bob's legislation. I respect Bob. I think that he is an outstanding member. But I felt that I owed it to my committee, and my responsibility to Congress to listen to what the administration was going to tell me.

    We arranged a series of classified hearings and briefings. And, as with any Member of Congress expressing concern about the ability for our forces involved in a hostile environment to be able to respond quickly, ____ back to 1991 in Desert Storm where my understanding is that our commanders in the field had Saddam Hussein's commands before his own command officers had them, because of our ability to intercept and break the codes of Saddam's military. I want to make sure that we have that capability in the future. I responded in a very positive way to the argument that was being made by the CIA, by the NSA, and by DOD. And we took some very tough positions.

    In fact, Ron Dellums and I offered the amendment last year that had only one dissenting vote in the House, and this year passed by a vote of 48 to 6.

    In the past year none of those briefings have changed. And the people who have come to me as a Member of the National Security Committee, there has been no lessening of their impression of the threat. Yet all of a sudden I am told, and John Hamre, I think, he made the courtesy of calling me in advance, that there was a change.

    Now, I agree with the gentleman from the White House, for the administration, that it was coincidence that this happened the day before Vice President Gore went to Silicon Valley. I agree that that was just a coincidence.

    But the point is that when John Hamre briefed me, and gave me the three key points of this change, there are a lot of unanswered questions. He assured me that in discussions that he had had with people like Bill G

    • What I thought was interesting was that Congressman Weldon appeared to say at one point that he thought that certain computer systems that were sold to China by US manufacturers were supposed to have a backdoor built in, but that the system makers failed to do that. I'd certainly like to know more about that..did the Chinese defeat the backdoor or did the US manufacturers not put it in because the Chinese told them they wouldn't buy their machines...
  • Many a CyberCriminal hath begged for mercy in the face of DARPA's hired mercenary, Sandstorm! [redteamracing.org]
  • Eventually (Score:4, Insightful)

    by Hao Wu ( 652581 ) on Thursday November 10, 2005 @12:57AM (#13995687) Homepage
    The government will eventually realize that computer technology is bigger than any federal agency.

    Hence, they will likely create a new one, the Department of Computing (not part of the FCC) in order to grow themselves, tax society, and control private citizens. Just like they do for everything else.

    Of course it will be sold as "building bridges" or "advancing technology", etc... Something for our childrens' future, no doubt.

    • Re:Eventually (Score:3, Insightful)

      by slughead ( 592713 )
      Of course it will be sold as "building bridges" or "advancing technology", etc... Something for our childrens' future, no doubt.

      Or catching terrorists as the U.S.A. P.A.T.R.I.O.Terrorism (forgot the rest) was supposed to be used for, and isn't.. Or child molestors.. nobody likes them.
  • by RY ( 98479 ) on Thursday November 10, 2005 @01:08AM (#13995727) Homepage Journal
    Now the DHS can "collect, correlate, and analyze data on multiple computer systems" with no warrant. A true American patriot has nothing to hide from the government. Right Comrades.
    The White House and Department of Homeland Security are such champions of constitutional rights.

    By the way the root kit is hidden in powerpoint files.....

    I've got to go answer a knock at the door; my ride to a black prison is here.
  • Ah, but? (Score:3, Funny)

    by Anonymous Coward on Thursday November 10, 2005 @01:12AM (#13995741)
    Will it run on Linux?
  • this is something ive been wondering about for years, my interest was sparked again semi-recently for two reasons. One is TCPA. The other was one of my past jobs..
    I was working for a well known company doing QA/Testing on console games, and monitoring server side/client side bugs.. We would get new DVD's sometimes twice a day with the latest revision of the game and we would have to check both our "open" bugs, and our "closed" bugs - that is, bugs that were previously fixed to make sure that they had not
  • Yeah, right! (Score:2, Insightful)

    by Vskye ( 9079 )
    According to the site, "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities. The White House is championing this cyber tool and the Department of Homeland Security has selected it as a cornerstone application for a cyber toolkit being made available to all Federal agencies.

    I doubt that this is more than a bullshit rumer. When I was in the service it was paying 40-70 percent more for even specialized tools. Ha
  • but may be a step in the right direction.

    And which direction would that be?

  • by Dekortage ( 697532 ) on Thursday November 10, 2005 @01:35AM (#13995814) Homepage

    From the article: CTAD, under the Office of Computer Security, is the U.S. Department of State's focal point for collecting and reporting time-sensitive, cyber threat intelligence, and technical data.

    So if terrorist hackers are trying to figure out who to approach/bribe/attack... it's these guys? Nice of them to include a photo too! That helps with identification.

    And "leaving no trace of its activities"... this I gotta see. Windows? Mac? Linux? Solaris? Mainframes? Or maybe they've already scanned my computer! Uh-oh... is that a silent helicopter outside my apartment?!

    • So if terrorist hackers are trying to figure out who to approach/bribe/attack... it's these guys?

      They've already sold a DRM system to Sony.

      And "leaving no trace of its activities"... this I gotta see.

      No, you wouldn't.

  • by Animats ( 122034 ) on Thursday November 10, 2005 @01:45AM (#13995845) Homepage
    What they're actually talking about is the NetIntercept Appliance [sandstorm.net] from Sandstorm Enterprises [sandstorm.net]. This is also the FBI's replacement for Carnivore. [wikipedia.org]

    • It didn't sound to me like they were talking about the Sandstorm Enterprises NetIntercept product, it sounded to me like they were talking about a system devised by the people working for the division. Just a coincidence that it sounds like the Sandstorm product. Why would they give an award to some guys who just went out and bought a commercially available product?
      • Why would they give an award to some guys who just went out and bought a commercially available product?

        Obviously you have never worked for the govenment.

        You can get an award for *NOT* screwing things up, rather than doing something productive.

    • by Helevius ( 456392 ) on Thursday November 10, 2005 @07:14AM (#13996628) Homepage
      Wrong -- RTFA and check out the capabilities listed in the two presentations:

      Free to DHS & federal government
      From Dept. of State [and DHS US-CERT]
      Like EnCase Enterprise edition
      Network forensics "grep"
      Examine system state
      Remotely search multiple systems - files, ports, processes, file headers, hashes, MACs, ADS
      Search all files changed in this time frame
      Search all files with this hash regardless of name
      155KB agent runs, then deletes itself
      Windows only
      Fairly forensically safe - does not change file MACs
      Root kit detection to come later

      The key points are "155KB agent runs, then deletes itself" and "Windows only". SandStorm Enterprises did not create this product.

      Helevius
  • by St. Arbirix ( 218306 ) <matthew.townsendNO@SPAMgmail.com> on Thursday November 10, 2005 @02:06AM (#13995907) Homepage Journal
    Call Sony.
  • Nothing new (Score:2, Funny)

    by axonal ( 732578 )
    Sandstorm a.k.a. Gator.
  • "No trace", eh? (Score:3, Informative)

    by SuperBanana ( 662181 ) on Thursday November 10, 2005 @03:31AM (#13996152)
    SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities.

    So that includes taking whatever data it has supposedly collected/correlated/analyzed, and somehow uploading it somewhere, without my firewall noticing? And it somehow collects this data without my noticing CPU usage, disk IO, and so on?

    Everything leaves traces. It has to. If it is clever about how it goes about its work, that is one thing...but to say it "leaves no trace" isn't even "spin"- it's bullshit.


  • They ripped off the INSLAW company two decades ago for the PROMIS software which was supposedly then modified by the NSA or other triple-letter agencies to do exactly what this thing is supposed to do - penetrate ANY database and extract or manipulate its data without being detected.

    The Federal judge who sentenced me to nine years in the joint was in fact an Assistant Attorney General in the DOJ at the time and was involved in the scandal. He got a Federal judgeship for his part in it.

    Google for the story -
  • I can see it now:
    $sys$TopSecretFiles/MyTerrorism/UpcomingEvents.txt
  • by Erik Fish ( 106896 ) on Thursday November 10, 2005 @04:19AM (#13996245) Journal

    Dr. F: Well Joel, we're introducing a new feature here today. Here's a hint: Remember "Lost Continent"? Remember "Rock Climbing"?

    Frank: Oh who can ever forget "Rock Climbing", eh Clay? Well now, along the same lines we've come up with something new -- something we like to call: Sand Storm! SAND STORM!

    Dr. F: It's all part of a new program we like to call:

    Both: Deep Hurting! DEEP HURTING!

  • The U.S. State Department, known for its ravenous hunger for private information, seems to have developed a cyphering tool for the Department of Homeland Security's cyber rootkit for federal agencies. There's not much out there on it other than mention of a tool called SuckIT in a recent press release from State's Bureau of Diplomatic Security. According to the site, "SuckIT is a fully working rootkit that is loaded through /dev/kmem. It makes available to Federal agencies a password protected remote acces
  • "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities."

    replace SandStorm with Google. or Yahoo. Or MSN.

    datamining activities are not evil per se. the outcomes are far from flawless, though (depending on how the mining software was trained). i'm hoping that there's plenty of competent people in the Dept. of Homeland Security who understand that datamining might give them leads, but hardly provides conclusive evidence.

    in
  • We could all sue them, and they could pay us our tax dollars back, then take more next year to make up for it... Just wondering...
  • Leaving no trace (Score:2, Insightful)

    by sl4shd0rk ( 755837 )
    At some layer, the traffic is going to be visible *IF* they are even talking about remote access of some kind. This could also be a tool that is launched from a usb drive or something. Either way, have they coded this application in Java? What do they plan to do about hardware dependancies? OS dependancies? What if Al-Queda is running redhat 6 on a sun sparc? What if they have their own Linux distro? This is a pretty bold claim all the way around with a lot of technical hurdles to overcome. I hope they
  • by Futurepower(R) ( 558542 ) on Thursday November 10, 2005 @09:15AM (#13997136) Homepage
    Secrecy and sneaky behavior in government destroys trust. Lack of trust is far, far more expensive than any benefit from sneaky behavior.
  • by cpu_fusion ( 705735 ) on Thursday November 10, 2005 @12:01PM (#13998743)
    If your client faces "evidence" found on a hard drive somewhere (I'll call it System A), projects like the one described in this article give you a good shot of getting that evidence thrown out.

    Why? Simple:

    It is easy to establish that there have been vectors of attack which would have allowed unrestricted access to System A, either remotely or by anyone with physical access to the machine. Simply look up what alerts have been issued for the operating system in question after the time the accuser claims System A had the "evidence" in question. It should also be possible to establish that there are "unknown" zero-day exploits, but if System A has Windows XP, (ie. in the greatest percentage of cases), this shouldn't be necessary -- exploit after exploit should exist in the alert records, giving multiple vectors of attack at the time the "evidence" was supposed to be created on System A.

    So now there is a clear way to show the material could have been planted on the system, indistinguishable from whether your client caused it to be created.

    Now to establish that the planter of said data could have easily covered there tracks, again -- looking at this article, it is trivial to show this. Root access to the system will allow any data to be written anywhere to the drives on System A. Therefore, any fingerprints left by the attacker who planted the "evidence" could be cleaned up. Just like the system described in this article, although it purports to simply look for data, not plant it.

    Stop letting clients be sent away on "email" evidence or "cookie" evidence or whatever. It's crap! Systems are too easy to penetrate, evidence is too easily planted, and tracks are too easily erased.

Trap full -- please empty.

Working...