Inside the Secret War Against Internet Spies

ahess247 brings us a lengthy BusinessWeek story on the increasing amount of attacks against the US government's online presence as well as its contacts in the private sector. Hackers are gaining a greater awareness of where valuable data might reside, and that awareness is leading to more precise, more sophisticated attacks. Quoting: "The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. 'It's espionage on a massive scale,' says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. 'They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands,' Croom says. Cyber attackers 'are not denying, disrupting, or destroying operations--yet. But that doesn't mean they don't have the capability.'"

You PWN3D my Empire!

[Jeremiah Cornelius]

Funny, Booz Allen might like to take a leaf from the Northrop-Grumman playbook and charge the Chinese for this information!

Let's get this straight.

Northrop-Grumman or General Dynamics or any D.o'D. approved private contractor can post anything they like about future combat systems on their websites, and even sell secret weapons systems to Saudis or the UAE or anyone else who can buy, but for anyone else to do it is an infringement of national security.

Also, the private contractors can preferentially hire non-nationals, who work diligently and are key to the development of these systems, instead of American citizens who might be disturbed at the nature of what the private contractors are doing in the name of national security, but that's the free market.

So, if I remember correctly, didn't something happen in Germany in the 1930s that caused its brightest physiscists to flee? And didn't the same imperial hubris that caused Germany to persecute the people who might have made it an economic power after WWI really cause it to enter- and lose- WWII?

Just askin'. I just wondered what the Party line was these days.

http://spacetimecurves.blogspot.com/2008/04/pearl-clutching-by-master-race.html [blogspot.com]

Re:

[MrNaz]

I find it amusing that these articles portray the US as some kind of noble victim in online warfare, as though a) the US is not the most aggressive player in international geopolitics and b) the US has no cyber warfare program of its own.

Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?

Re:You PWN3D my Empire!

[Jeremiah Cornelius]

"Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom"

Yes. Products of the American "education" system.

Re:

[LilGuy]

I'm one such product and I don't believe the old notion that America is the land of the free, fighting for everything good and honorable in the world.

The Internet is changing things quickly.

Re:

[Anonymous Coward]

these articles portray the US as some kind of noble victim in online warfare

[citation needed]

I read the article quickly, and I did see that it describes attempts to penetrate US systems, from a US point of view. But I didn't happen to notice any editorializing about US nobility, or any suggestion of a lack of a US cyber warfare program.

Sure it wasn't in your head? Go ahead and criticize US policy. Criticize the article too, if you think it's poorly written. But you're criticizing the article based

Re:

[Jeremiah Cornelius]

"Probably. Hang around a US military recruiting station, and I bet you can meet a few people who have that vision."

The FoxNews demographic. Earnest, well-intentioned, poorly-informed, misguided and wrong.

Re:

[pipingguy]

FoxNews is considered to be conservative/Republican (from what I gather, I don't watch it). What are the political leanings of the other news outlets? Are they all neutral in their outlook and presentation of news?

Re:

[spun]

No, they are all conservative too. Just less so. Maybe even conservative/Democrat. See, the major media is all owned by rich people. Rich people tend to be conservative. They like to use their news outlets to convince us all that their interests are our interests.

Re:

[pipingguy]

How does global climate change fit into this? I don't seem to see much coverage of dissenting views in main stream media but I see a lot of people in the news virtually every day predicting nasty stuff in the future. Is it the left or the right that is behind this seemingly one-sided message?

Re:

[spun]

Well, I could say the papers report that way because there is no real dissenting voice. But that's bullshit. I've been in plenty of protests and rallies with tens of thousands of people. Ten wingnuts counter-protesting get equal time in the media.

You ever hear the phrase, "If it bleeds, it leads?" Global warming is like that. Fear and destruction sell. And a fearful populace is more likely to do what the rich and powerful media owners want them to. Remember, the rich may be socially liberal or socially cons

Re:

[Dextrously]

"So! For once the rich white man is in control!"

Re:

[Z34107]

Media bias [skewz.com]

Now, go to a DNC convention. I'm sure you'll find a few rich people who aren't conservative.

Re:

[spun]

Did you even read to the end of the third sentence? I said "No, they are all conservative too. Just less so. Maybe even conservative/Democrat."

They may be socially liberal, but almost all rich people are fiscal conservatives who don't like paying taxes and want a smaller government.

Re:

[Z34107]

And did you even read the header row of the table?

There are lots of news sites with highly leftest ratings on issues like "economic policy" and "domestic policy." Those sound suspiciously like pro-big government.

And really... Can you find anyone who likes paying high taxes? The middle class doesn't like it either, and those greedy poor people don't pay anything! /sarcasm

Re:

[spun]

Oh yes, because all those news sites get equal attention from the public.

And what I meant was, the rich want to stick the middle class and poor with as much of the tax burden as possible.

Re:

[Z34107]

Kind of like the middle class and the poor want to stick it to the rich as much as possible?

I personally favor a flat income tax. It has no elements of this stupid class warfare we've been plauged with since Marx expounded upon the plight of the proletariat, is highly visible, simple to administer, and easily quantifiable. ("You think my property's worth $y? It was only worth $x last year!")

Re:

[dkleinsc]

My characterizations, which are think are reasonable here:
MSNBC - liberal/Democratic
CNBC - somewhat conservative (more bias towards its investor audience)
CNN - fairly neutral (but concentrated on horse race politics)
PBS - Tries to remain neutral, is generally caught between the liberal individual donors and the conservative corporate and foundation donors
CBS - no news organization to speak of
C-Span - The most unbiased source imaginable, since it shows what politicians are saying and doing rather than commen

Re:

[thaig]

Sometimes right, sometimes wrong, I think - like all things in life. It's the politicians who are most responsible and the politicians get elected by people who believe them - i.e. the public.

I bet some of them are clever and some are not. All you can say is that there must be more heroes in the Military than in most other professions because it's about living or dying. Being prepared to take big risks is something that's impossible not to respect.

Re:

[moxley]

Thiaq said: "Being prepared to take big risks is something that's impossible not to respect."

I disagree. Any idiot can be prepared to take big risks - casinos, hospitals, prisons and morgues are full of them.

In my opinion you get respect for knowing WHEN and HOW to take big risks - not just being willing to risk your life and/or livlihood. Sometimes (as is the case for many in our military) you take a huge risk to your livlihood (and freedom even) by deciding to refuse to take part in something you feel is

Re:

[skarphace]

Any idiot can be prepared to take big risks - casinos, hospitals, prisons and morgues are full of them. In my opinion you get respect for knowing WHEN and HOW to take big risks...

Wouldn't knowing 'WHEN and HOW' be considered by most as being prepared? I'd argue those people in "casinos, hospitals, prisons and morgues" were not properly prepared.

Re:

[Jeremiah Cornelius]

People get tricked into dying all the time. "Hero" is not the description for such a person.

Re:You PWN3D my Empire!

[Oligonicella]

The fact that you can even post this without boots at your door shows that those young heroes are indeed defending your liberty and freedom. "The rest of the world" is not one entity, but myriads. Many of those would gladly take you out and put a bullet in your head for your beliefs and speech.

Re:

[Jeremiah Cornelius]

Give 'm cheap, "free speech". Then they'll believe they have real liberty, and low motivation to actually pursue a government by, for and of the people.

Re:

[MrNaz]

The fact that I can post this without boots at my door means that a) we're still in the nascent stages of dictatorship formation and b) I don't live in the US.

kthnx.

Re:

[darkpixel2k]

The fact that I can post this without boots at my door means that a) we're still in the nascent stages of dictatorship formation and b) I don't live in the US.

kthnx.

You don't live in the US? Wow--way to blow his argument apart...except nowhere did anyone say the US was the only place that had free speech.

Re:

[MrNaz]

One would assume that the US can't (yet) put boots at the door of someone not living in the US. Unless of course they're chasing media pirates. Arr!

Re:

[rohan972]

Not to mention that he lives in a Australia, a country that bases a lot of its defense strategy on military ties to the US. Also the freedom of religion provision in our constitution, among other things, was a concept copied from the US constitution, and the relative ease with which we transitioned from British military rule to a constitutional democracy was likely affected by the earlier British experience of the USA gaining independence.

[sarcasm]Of course, we'd be fine without US military alliances, be

Re:

[Anonymous Coward]

Wow, did it take you long to parrot that tired argument?

Back in the age of Kings and Queens, Free Speech could zing some very really big egos who had absolutely no need to curb their vengeance and you were lucky if you were connected to people two towns over, let alone across the country. People who could wield the power of the pen were relatively few as well.

Now, the power of the pen has been diluted by the masses and we have every idiot comparing every public figure to Hitler -- giving rise to Godwin's l

Re:

[Plugh]

Many of those would gladly take you out and put a bullet in your head for your beliefs and speech.

That's like being thankful you have a "better" cancer, cause there are worse cancers out there.

Sure, I want the least-bad strain, but I still strongly prefer no cancer at all, and you bet your ass I'm exploring every option to cut the damn thing out, irradiate it, and make it GO AWAY

Re:

[Torvaun]

Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?

My grandfather, and probably anyone else who was around when it was still true.

Re:

[INT_QRK]

You know, the more I read this hatred and contempt from our Euro-zone âoeallies,â the more Iâ(TM)m inclined to realize that George Washington had it absolutely right regarding âoeforeign entanglements.â OK, youâ(TM)ve convinced me...

Re:

[Jeremiah Cornelius]

You know, the more I read this hatred and contempt from our Euro-zone âoeallies,â the more Iâ(TM)m inclined to realize that George Washington had it absolutely right regarding âoeforeign entanglements.â OK, youâ(TM)ve convinced me...

Quit posting to Slashdot with MS Word as your editor!

Re:

[INT_QRK]

Actually, you're absolutely right. My main computer uses Ubuntu, but I recently purchased a Macbook Air for travel, and had file compatibility problems using the Mac version of OpenOffice (NeoOffice) handling some specific work files. So I sprung for MS Office for Mac just for the odd case where I really need to open a docx document. I just opened Word for editing without thinking, and reflexively hit preview and submit in quick succession. I've learned a lesson. Sorry. My point about knee-jerk anti-America

Re:

[Orion Blastar]

'Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?'

Yes but only if Hollywood makes a movie about it and shows it world wide.

I debate with people from all around the world on Internet forums, most of them cite examples from Hollywood movies. Then they think that the USA must really be like what they keep seeing in movies about the USA. Like Forr

Re:

[janrinok]

Yeah the USA doesn't do cyber warfare because we see it as unethical and illegal and immoral

http://www.afcyber.af.mil/

You were being sarcastic, right?

Re:

[Orion Blastar]

I guess you didn't notice by my profile that I joke around a lot, right? The profile that says space pirate ninja from 4096. Did you think I ever was serious? Most of my comments get modded as "funny" here.

Re:

[iNaya]

But it says so in the movies!!!

Re:

[phantomfive]

Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?

Americans are arrogant, it is true, and boneheaded and sometimes selfish, and in international relations we try to get our way. The government is just a reflection of the people.

But at heart we are good. We aren't trying to hurt people, and we help them out when we can. We send billions of dollars to foreign countries in aid. You may say it's not enough, but realistically we don't have to send any. Americans individually donate as much or more money to charity as any other country in the world.

Sure w

Re:

[Jeremiah Cornelius]

Billions of dollars to buy their feudal allegiance - with goodwill as the PR story to sell Empire back home.

Re:

[phantomfive]

Billions of dollars to buy their feudal allegiance - with goodwill as the PR story to sell Empire back home.

Um.....I think you are a bit confused about how feudalism works. You see the idea is the underling gives money and tribute to his feudal Lord. You don't buy feudal allegiance with money, you get it by promising not to destroy the country.

Maybe this is not what you meant. Maybe you picked the wrong words; but you will get a lot farther using words that represent what you actually mean rather than picking words that sound sensationalistic and are clearly an exaggeration.

America isn't perfect by any s

Re:

[Jeremiah Cornelius]

Feudalism worked through a Lord offering "protection" to a fief, in return for tributary extraction of the resources from the fiefdom. Nominal fractions were spent by the Lord as expressions of "largess". These went a long way to portraying the Lord as magnanimous - despite the fact that this wealth was extracted from the fiefdoms themselves!

The loyalty of the villians, and the benediction of the church were secured through these poses of generosity.

Re:

[MrNaz]

Billions in aid? Perhaps you need to have a good, hard look at just how USAID operates, and the role the IMF plays in global development with it's so called "development loans".

Oh, and the tone of your message is basically "Sure we killed millions of innocents and plundered natural wealth to which we had no legal or moral claim. But hey, at least our heart was in the right place!".

Re:

[phantomfive]

Where are you getting this 'millions of innocents' killed? In Iraq?. Even the most pessimistic study of civilian casualties puts the number far below a million.

The US does many good things. Have you never heard of the Peace Corps? Do you think it would be better if the US didn't give out any money? Nobody is saying the US is perfect, or even that they are unselfish, but to ignore the good and only focus on the bad helps no one and misrepresents reality.

Incidentally, the intent of my post was not t

Re:

[MrNaz]

Have you never heard of the Peace Corps?

Yes, I know quite a number of people who left it, describing it as just another appendage by which the US government wields influence over foreign nations. Have you ever travelled with the Peace Corps? Not being a US citizen I can't officially do so, but I've been with them before, and met many, many members.

Do you think it would be better if the US didn't give out any money?

Actually, that's precisely what I'm saying.

It is to point out that despite the bad things in

Re:

[phantomfive]

Don't blame the US government, blame the people. They are not ignorant of their government's actions (though perhaps fuzzy on the details). Remember a full 80% were in favor of invading Iraq (and not just because of WMD). In general if they understood the real reasons for invading, maintaining regional stability and a US presence in a strategically important area, most probably would have been in favor still.

Let's talk about El Salvador, since I am most familiar with that situation. The main complain

Re:

[MrNaz]

"isn't it great living in a world where it is bad to attack another country unless they have an evil dictator"

Much of the world considers the institution of the US government to be an evil dictator thinly veiled as a two party democracy. How would you take it if another nation decided to take it upon themselves to "liberate" you?

"Iraq WILL be left better off than we found it."

More have died since the invasion due to collapsed infrastructure and abject failure of management than died in the entire history of

Re:

[phantomfive]

Much of the world considers the institution of the US government to be an evil dictator thinly veiled as a two party democracy.

Let's talk about what is, not some unspecified paranoids believe. The US is a representative democracy, and in general it's foreign policy reflects the desires of its citizens. If you wish to change the US, it is necessary to change the opinions of the citizens. This is something I'm working on.

How would you take it if another nation decided to take it upon themselves to "liberate" you?

I don't know. Ask the citizens of Halabja.

More have died since the invasion due to collapsed infrastructure and abject failure of management than died in the entire history of Saddam's rule

Wait, let's talk about this. The infrastructure was never really good. People wire their own houses to the power grid, causing blow outs etc. This is not uncommon i

Re:

[NateTech]

Since you're complaining about U.S. Foreign Policy, without any specifics, I might add -- other than some bitchy Peace Corp people...

Let's turn your argument around and ask you -- Give us an example of a country with a GOOD Foreign Policy that's as big and has as many world-wide interests as the United States.

China? Nope.
What's left of the Soviet Union? Nope.
UK? Nope.
Australia? Hmm. Maybe.

Anyway... thinking through it you seem to be complaining about bad foreign policy in such a way as to NOT compare i

Re:

[MrNaz]

"BTW, we didn't start this thing. I know the argument, how the U.S. is has supported evil regimes for selfish reasons, but we've never used terrorism the way our enemies have."

I didn't see Iraqi troops in the US before the invasion, and just because our side uses Apaches helicopters and has a PR department doesn't make it any different. Killing is killing.

If you think that US forces have only ever responded to threats, perhaps you heard of a little country called Vietnam. No? How about Chile? Nicaragua? Go

Haven't they ever heard of GPG signatures?

[aqui]

I would have though that emails of this nature would be:

1) encrypted since they are sensitive themselves and at the very least

2) signed with a GPG or PGP signature that allows verification of the author.

Email encryption.
http://en.wikipedia.org/wiki/E-mail_encryption [wikipedia.org]

They can even do it for Free.
http://www.mozilla-enigmail.org/ [mozilla-enigmail.org]

or buy a PGP solution from someone
http://en.wikipedia.org/wiki/Pretty_Good_Privacy [wikipedia.org]

But I guess setting up a few signature servers and basic processes that control "secure email" would be

Re:

[Jeremiah Cornelius]

Technological solution, meet sociological problem.

Now, I believe I ordered the dancing pigs!

Re:

[Ethanol-fueled]

So who are we at war with again? Eurasia or Eastasia?

Re:

[Jeremiah Cornelius]

It's a war against Terra.

For every defense...

[bluemetal]

For every defense there is an attack, and every attack a defense. These military types should know this better than anybody else. It's a battle they should be prepared to fight as it was only a matter of time before it happened. And of course, it will cost yet more resources to mount this defense (or as the case may be, an attack against the attackers) and somebody is going to have to pay for it. As always, technology is a double-edged sword.

For every threat there is funding

[EmbeddedJanitor]

Of course the military and others want to make Joe Sixpack scared. A scared citizen readily hands over funding, privacy etc.

The end of the Cold War was a huge threat to careers and funding in the CIA, military and govt contractors. Need those Iraq wars, terrorists and hackers to keep the whole war machine going.

The military industry is not the only one that works this way. The medical industry is catching on too (bird flu) and now the whole greenwashing industry (global warming etc).

Re:

[Serenissima]

Even though the military and leaders of this country (America) can appear to be a pack of phenomenal idiots, they usually are able to do stuff behind the scenes that can help. If no one in the government had the foresight to see any of this coming since the internet came out, then we deserve to get attacked. I'll bet 10 to 1 that there's a counter-hacking group doing the same thing to other countries.

For defense you need to pay competent people

[cusco]

They're not prepared to pay enough or offer the kind of work environment that attracts people who could prepare an adequate defense. If I have the choice of working somewhere enjoyable doing interesting work making six figures or combatting anal-retentive paper pushers in a cubicle underground just trying to get simple firewalls configured for half that, which job do you think I'll chose?

Re:

[bluemetal]

I think it is quite obvious which you would, and should choose. The free market at work ;)

Spy vs. Spy

[mfh]

Spies use any means available to find information. If the Internet helps, they'll use it. That does not change their ornithological classification, or make them more specialized in one key area.

Also, spies would rather have infrastructure INTACT, so they can exploit it easily. They are lazy humans, like you.

Re:Spy vs. Spy

[virtual_mps]

Spies use any means available to find information. If the Internet helps, they'll use it. That does not change their ornithological classification

I'm missing what is doubtless a deep and subtle point about spies and birds.

Re:Spy vs. Spy

[EdIII]

He may have meant "ontological" but goofed it up instead with a scientific reference to the study of birds :)

I could see him thinking about spies, and birds being like spies, and then screwing it up. What I find funnier is how many people will skim over that sentence really quickly and find it smart and intelligent sounding, while never really understanding what ornithology or ontology really is.

Re:

[sapphire wyvern]

I assumed it was a high-falutin' version of "birds of a feather". The kind of thing I would say... :)

Re:

[mfh]

Actually I blame the Firefox spellchecker.

Re:

[pipingguy]

At least he spelled it right.

What's worse is disagreeing with someone and spouting, "just read these 14 URLs comprising 347,958 words and you'll find out how stupid you really are" rather than putting effort into making some clear statements and taking the time to put coherent thought into words.

There's not much worse than copypaste advocacy but it's all the rage with those who tend to refer others to talking points and narratives.

Re:

[rarel]

Isn't that their defence when tor^H^H^interrogated? "A litle bird TOLD ME! I swear!"

Re:Spy vs. Spy

[PopeRatzo]

Spies use any means available to find information. If the Internet helps, they'll use it. That does not change their ornithological classification, or make them more specialized in one key area.

Great point.

And just because we're worried about "internet spies" let's not forget that there are plenty of the old-fashioned variety out there, too.

For example, how many of us know that 15 Bush Administration officials, including Sec'y of State Condi Rice, have just been subpoenaed in the oft-delayed Franklin/AIPAC/Israel Lobby spy case. Even though it's common enough to come up in Google search auto-complete, it hasn't been mentioned on any US media.

The difference is now the people that are spying on us are employed by the ones that are supposed to be working to protect us.

And even if we caught every single spy, who among us feels we could trust our Department of Justice to prosecute them with any integrity? Hell, if there were any justice, the top law enforcement appointees (John Yoo, Alberto Gonzalez, Michael Mukasey, etc) not to mention their bosses, would be the ones facing trial.

Re:

[GoodNicksAreTaken]

I'd like to know what they are counting in those numbers. We probably have that many attacks per year on our dozen or so systems with all of the script kiddies running their dictionary attacks against the FTP server we use for getting business cards and flyers to the print shop. I can pull a large number out of my backside and claim the sky is falling as well as the next guy.

Not much of a secret anymore now is it?

[Gat0r30y]

And if these spys are doing a good job, it'd be awfully hard to catch em. Of course if this is any indication [slashdot.org] it couldn't be terribly difficult to gain access to sensitive information.

Re:

[NotBornYesterday]

Question about the robots in your sig: Are they iPhone killers in the sense that they stalk, attack, and kill iPhones? Or do they use iPhones to kill people? Kill people with iPhones?

Either way, please send two to my hotel room as soon as they are built.

You shouldn't have military plans on the Net

[WillAffleckUW]

When I worked at Boeing (and before that the Army) - if you had secret plans, you didn't keep them on a box that was open to the Net.

The problem is that they're not even following their own rules - Win boxen have never been approved for holding Net-connected data - only in a stand-alone environment are they even considered, and even then in a secure room with full security protocols enforced.

We used to lock down our drives too. In locked cabinets. When we went home.

Re:

[bk_veggie]

I'm a little fuzzy about this. I assume your comments are referring to Boeing policy.

Windows boxes have been allowed on the SIPRNet and JWICS since before I started my IT career. NT 4.0 was NIAP approved ages ago to do so. While those systems (arguable) aren't connected directly to the net, their boundaries have greatly expanded over the last 5 years to areas outside of military control.

The only drives that are locked up at night (in my environment) are ones that are used for desktops in non open-storag

Re:

[WillAffleckUW]

NT 4.0 was never approved for any network connected to the Net.

Re:

[bk_veggie]

You should tell that to the thousands of NIPRNet NT boxes that are still out there despite the product being sunset 5+ years ago.

Just because the EAL rating was based on it not being connected, doesn't mean that the DoD didn't allow it to be connected. For god's sake I think the NT STIG is still available.

Re:You shouldn't have military plans on the Net

[zappepcs]

Not sure about all that, but when I had my TSEC it would not have been allowed to open secured data traffic to the Internet in any way shape or form. ELINT (USAF electronics spy types) would have laughed at such, then eyed you suspiciously for suggesting it. The military, my friends, is securely running on a darknet which requires more than will power and a h4x0rz kit to get into. This is all about scaring up some more money and a few more personal freedoms in the name of security from the evil terrorists, only this time it's a run up to take away some of your online rights and privacy. Don't even be fooled by the bullshit.

If the military was as susceptible as they might lead you to believe, they'd still be trying to stop spam emails from pouring out of the RNC servers. Holy shit man, if they were hackable someone on the NYT would already be posting the 'lost RNC emails' if you know what I mean... geez

Re:

[planckscale]

Even so, if a contractor is given access to classified info, the problem is that info is finding its way onto internet connected machines.

Re:

[Anonymous Coward]

I find that hard to believe. SIPRNET, for example is locked away, in a room, not connected to the real world. And if anyone goes in to said locked room, they have a security clearance. And they damn sure don't walk in with any form of transportable media (thumb drives). Policies, such as the data at rest policy, prevent things like this from happening very often.

My apologies for posting anon, but I have mod points and I work for the Navy.

So feed them some bum plans.

[jhantin]

Back in Reagan's day, our intel folks [cia.gov] managed to slip the Soviets a surprise that would have made Jokey Smurf proud [msn.com] with their bundle of purloined technology.

Re:

[dbIII]

However it didn't work. Despite many efforts in that direction the USSR didn't play ball and decided to completely opt out of the attempted restart of the cold war and various efforts to turn it into a shooting war. It was really over before Reagan got in and abandoned diplomacy for a practical demonstration of Nixon's "madman theory".

Re:

[jaysones]

That was a fascinating read, thanks.

Re:

[mccabem]

"5, Interesting"?? "Back in Reagan's day.."??

Give me a break. TFA is about a memoir written by a former Reagan official, not a Freedom of Information Act (FOIA) request or something that could be believable.

"5, Interesting" sounds more like six Reagan fanboys to me. ;)

-Matt

Re:

[jhantin]

You're probably right. ;)

I just appreciate a good Earth Shattering Kaboom [tvtropes.org]! (Okay, I exaggerate.)

Connection to other malware.

[Ungrounded Lightning]

Some of this is no doubt spear-phishing. (Deploying newly-retuned spyware selectively against a target rather than globally, so it slips past signature-based malware detectors.) But I'd bet that most of this stuff is based on the malware developed for botnet-spamming and DDOSing, regular Phishing, etc.

We have a multibillion-dollar industry based on corrupting computers and stealing selected information from them, which the governments have virtually ignored while its techniques were honed. Now their own military secrets are the target of a similar attack. Any bets on whether it is built on the same code base.

Too late now, guys. The enemies' cyber-warfare departments now have the technology.

But I bet that, if you start finding and closing the barn doors even after most of the horses are gone, you'll find enough fingerprints and tire-tracks to trace down who did it. Hunt them down and take them out, and you'll eliminate a bunch of the talent that would otherwise be developing the technology further.

Color me underwhelmed.

[ColdWetDog]

The e-mail message addressed to a Booz Allen Hamilton executive was mundane--a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy" designed to suck sensitive data out of the $4 billion consulting firm's computer network.

OK, so a contractor gets a random email asking for *something*. The email has a keylogger as an attachment. The executive doesn't activate the keylogger.

Western civilization was saved from the abyss.

Who doesn't think these things happen all of the time. I would be upset (in a general way) if our enemies didn't try that sort of stuff. And sneaking in via the side door. And the hot secretary. And countless other bits of espionage craft. Keep up the firewalls men! Loose lips sink ships. Watch them commies, you never know what to expect. Let's have another iPhone article, shall we. It's been maybe 24 hours since the last one. I'm getting bored.

International meshing needs to change

[bbasgen]

I realize this is heresy for some, but the mesh network was designed and makes sense for a *national* network. Meshing internationally keeps costs down, but it is a really bad idea from a security point of view.

Why not have point to points with certain nations/regions of the world? Connection with these nations continue on the condition that they only route traffic to the US that originates on their national network. There are ways around any architecture, of course, the point is to give you

Privatizing == Larger Surface Area

[Anonymous Coward]

As the government adds more private contractors to the feeding trough the attack/exploit surface area grows logarithmically. And they has less and less control and verification over that expanding surface area. A socialized military industrial complex would be more secure!

So how can we do online governance?

[Anonymous Coward]

How do you think the metagovernment [metagovernment.org] will prevent hacker attacks?

I suppose governments can't go completely virtual until we can figure out how to make them hacker-proof.

Is complete openness in the code and systems enough to counter hackers? And/or can we suppose there will be a lot of white hats in favor of, and thus protecting, an open source government?

Can anyone explain...

[zonky]

Why these Defense contractors are using unencrypted email, and Access to "to manage big batches of data.?"

Internet spies?

[niteice]

Spy sappin' mah data!

Please tell me

[psychicsword]

They are so hard to find. And the keep stabbing me in the back [youtube.com] :'(

Why are you even on the web?

[myspace-cn]

Seems to me the only reason your on the web with this crap story over and over is to scare citizens and take away more civil rights. If your trying to keep something secret, don't publish it on the web.

And BusinessWeek maybe you should go back to focusing on Executive Life, instead of publishing fascist propaganda for the government.

Spies?

[ShadowMarth]

The REAL internet spies! http://www.monkeyblah.com/content/img/19fmedic.jpg [monkeyblah.com]

Logistics is key, even in the cyber age

[Anonymous Coward]

Timely and new sensitive data, and various top secret technology always seem cool enough to make the front pages of such espionage stuff. But I'm suprised they aren't speaking of some more mundane channels of attack.

Wasn't "The military marches on its stomach." some historical quote that was attributed to Napolean? Anyhow, where I'd keep an eye out for cyber vulnerabilities is in the logisitics chain. All it'd take is someone to get into the requisitions, inventory, and procurement channels and they could make all hell break loose. Frozen fish in the place of ammo, livestock sent to some other place, 100 screwdrivers and bomb fuses to an office that only does paperwork, etc. Not only can such things waste resources or man hours to correct, but it can cause negative economic consequences for contract vendors. Stupid shit like that could get old really fast.

Hopefully the military brass has enough sense to ensure strong verification when dealing with civilian contractors in the supply chain (and via internal supply channels). Also there should be some means to ensure the trustworthiness of supply contractors, as some purchase orders might have the possibility of indicating potential for action, etc.

On the other hand, this would potentially be a great way for the U.S. to attack any adversaries too. The more bureaucratic, thick, and mundane an organization is - the more opportunities for logistics data mayhem. False requests will tend to look more "reasonable" under such systems.

Re:

[cusco]

"Wasn't "The military marches on its stomach." some historical quote that was attributed to Napolean?"

Nope, it was Sun Tzu who said it first in 'The Art of War' almost 3,000 years ago.

"Hopefully the military brass has enough sense to ensure strong verification when dealing with civilian contractors in the supply chain (and via internal supply channels).

Wrong again. Most of the time the procurement folks are too lazy/overworked to even bother with a freaking FAX, forget even trying to get them to do anyth

Re:

[n00854180t]

Yeah the supply chain of the US military is already so crappy that it'd essentially absorb any sort of attacks, from what I've seen. Most of the time, you have none of the stuff you need, and much of the stuff you don't need. Usually, you rig the miscellany to get what you want, which sucks.

Diverts from the Real Issue

[BountyX]

Article diverts attention from the real issue. Attacks are going to happen, the fact that there are so many that penetrated reveals a lack of policy enforcment by the government applied to the contractors. Fed government should also be smart enough to remove secret work from a remote networked machine. This article shows the US's pompous attitude towards IT.

Again it begs the question,

[LM741N]

Why are any of these sensitive networks connected to the Internet? Its just the ultimate in stupidity. Like the hackers who broke into the power grid in a day. Why the hell is the power grid being hooked to the Internet? They may as well install webcams in all the Pentagon offices so we can see what they are doing all day.

Why are they connected to the internet?

[iliketrash]

Why the hell are these computers connected to the internet? (Ditto for computers controlling power plants and the power grid.)

"Secret War"?

[geminidomino]

"Secret," my left nut.

USAF is putting it's scare-tactic recruitment propaganda on during prime-time TV, replete with all the current buzzwords.

D5E vs C4I

[scalefree]

Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. 'They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands,' Croom says. Cyber attackers 'are not denying, disrupting, or destroying operations--yet. But that doesn't mean th

"three cyber security specialists"???

[SpammersAreScum]

I love the way the article makes figuring this email out sound like rocket science. "three cyber security specialists" worked out the path the email took, as if no-one else can read Received lines. (Yeah, sure, sometimes there are forged Received lines added to confuse the issue, but IME they're virtually always easy to spot.) And, oh my goodness, 3322.org is registered in Changzhou, China! As anyone who nows how to use whois (or even simpler, web sites like samspade or domaintools) could determine in 3