Slashdot Mirror
CIA Chat Room Violates The Company's Policy
code_rage writes: "An article in the Washington Post says that some 160 employees and contractors of the CIA are being investigated for operating an unauthorized chat room. Two of those accused are "innovative, out-of-the-box, unconventional thinkers - these are essentially the hackers of the CIA, in the most positive sense of the word."
The article raises issues of national security, workplace monitoring, and worker's legal rights. Although security was not compromised in this case, the prospect of unauthorized software running on secure computers might be a little troubling. The article says that senior employees have a keystroke monitor installed on their computers. The 5-day timeline demanded by The Company for response to accusations, seems to preclude the employees the ability to consult with legal counsel, given that clearances take months to be approved."
*** Resolved 216.206.242.164 to irc.fbi.gov.handed.me.an.o-line.st
--
The shareholder is always right.
Maybe it'll be firable to have an account on icq. Or you'll be arrested for paying for prodigy.
I am !amused.
It makes a great deal of sense to punish these people. Much like the discussion previously on /., this is about people putting software onto computers they do not own, and they do not have the rights to do.
I do not work for any government agency, but I can well believe that the CIA, NSA, and other inteligence agencies screen with a fine tooth comb the software that goes into their networks. One little backdoor, or one little segment of code that sends logs outside the network is all that is needed for a potentialy serious breach of national security. And don't forget that lives can and are at stake. ICQ may seem harmless, but would you risk someone's life over it?
In the article, Robert Steele, who is known in the computer security community, said these were clever, creative people. If so, what the hell are they working for the CIA for? Places like the CIA treat you like crap, and if you make someone unhappy you may not only be fired, but may have criminal charges filed and other unpleasant things like that happen to you. People in the military and "intelligence" community with any brains have left long ago to startups in Virginia and that area like AOL, UUNet, Network Solutions and the like. Those people are now rich on stock options, and not having their little government grade pay job checks and people on their backs all the time. Most of the Pentagon and such people I know stopped working there a long time ago. That's probably why so many contractors are involved, they can't hire people. Working for a sucky company/agency through a consulting firm can often suck more than actually working there. All the pain, none of the benefits. Don't work at low pay, bad condition work places. Especially when all they do is overturn legitimate elections in other countries and the like.
One or two employees and I could understand an investigation like this.
CIA or not, if 160 employees decide to break the rules in this way, isn't it just a sign that their employers aren't providing them with the (legitimate) resources to do their job effectively?
They could restrict these people and not get the best out of them, or they could work out a compromise. Since a lot of people are going to be watching this and it'll be setting an example to big dumb executives everywhere, I hope a compromise is what happens.
===
As always, with this kind of operation, the issue here is control. The Powers That Be in The Company must feel that they are "in control." Of their networks. Of their computers. Of their emplouees. Hell, of their paper clips! This kind of stuff gives them the willies.
I worked as a contractor for, shall we say, a player in the intellegence community a loooooong time ago, and let me tell you this: these guys have paranoia dribbled into their veins every night, right along with their maalox. Humor is not part of the job. Especially where computers are concerned.
These poor mooks are gonna get slammed, and slammed hard for their "innovation." The Company doesn't want stars, they want people who follow orders and procedures. When they get to the executive director level, maybe then they can get creative. Oh, but I forgot, at that level you're so political that any creativity outside of political survival is a liability...
As they said in "The Prisoner": "Be seeing you!"
"If god did not exist, it would be necessary to invent him" --Voltaire
In the original posting, it said that the employees have been givenm five days to respond, which killed their ability to consult with lawyers and the like, due to the time it takes to get clearance. However, in the article, it says that some of those senior employees have been "suspended with pay for the past six months while CIA officials try to decide what punishment is appropriate." This means that this happened a long time ago. At least six months. It's not as if they discovered this five days ago and have ordered written explanations; they found out at least six months ago and have just now ordered explanations. So, even if it does take a few months to get clearance, that still leaves a few more to consult with whoever needs to be consulted with.
In the original posting, it talks about this lack of time. It also says it almost exactly the same in the article itself: "The former officer said that by giving those under investigation only five days to respond to the charges against them, the CIA has 'effectively denied them the opportunity to seek legal counsel,' because lawyers typically must wait for months to obtain security clearances necessary to represent agency personnel." But again, six months is a long time. What were these people doing for the last six months? Especially the ones who had been suspended with pay? I would hope that they would spend that time doing everything in their power to seek legal counsel. If they waited until now to try, then maybe they should just face the consequences. I know that if I got caught breaking the rules like that on a secure computer system and was essentially told to not come to work until they figured out how they were going to punish me, I would spend the eight hours a day I would usually be working during trying to find a lawyer who could help me get out of trouble, regardless of whether or not what I did was wrong...that's just self-preservation.
Either way, that's what bugs me the most about this article: the claims that these people aren't getting a fair chance, when in fact they've had at least half a year to make whatever chance they wanted. And in all reality, this happened probably even twice that long ago, it just took six months for it to be dealt with, then six more for it to get to press and for the demands for explanations to be presented. Rip this apart as you please.
-G
Their may be a grammatical error, misspeling, or evn a typo in this post.
-Legion
It was a, umm... honeypot. Yeah, that's it! Script kiddies just can't get enough of the chat server hacking.
We weren't wasting time, or hacking cyber sex, or um.. something.
Emacs is a beast. It has a full lisp interpreter. I don't trust any language that relies so much on freaking parans... Another problem with Emacs is that noone is there to guarentee it's security. If something goes wrong there is no scapegoat, something that companies don't like.
int func(int a);
func((b += 3, b));
China was "allied" with the Soviet Union only from the brief period of 1949 - about 1960. After that (and this was before China developed the bomb), there was great animosity between the two governments to the point where several small battles were fought.
From you second assertion, I seriously doubt you do know history. The primary purpose of American nuclear deterrence was to prevent the Soviets from dominating Western Europe. Southeast Asia and Asia in general were much less important as the Soviets concentrated their forces on their eastern borders
What makes you compulsively rail against people who want to uphold a certain degree of literacy?
That's a typo right? The Soviets concentrated their forces on their *western* borders. Actually, you're also neglecting to mention that the soviet union was preparing to push deep into Japan from the north up in Mongolia. If that had happened we would have faced a similarly divided Japan (except North being communist, south being free) as we saw in Germany after WWII. By dropping the two bombs they also didn't have to execute a full scale invasion of the island.. something that would have cost BOTH sides millions of lives, civilian and military. If you're going to spout revisionist history, at least study the actual events so you can sound more convincing.
Don't know if this is still the case, but as of 10 years ago, NSA installed all the secure systems for other Fed agencies, presumably including CIA.
Hypothesis: the chatroom was not a hack, but an undocumented feature.
Interesting that they're so certain nothing was compromised.
Ben Masel: 51,282 votes for US Senate in the Wisconsin Democratic Primary
Get over it, there is little security in the world today. These people were on the house system, am I wrong!!!
They were found out and exposed, supposedly by their own!!!!
Then made PUBLIC!!!!!!!!!!!!!
McArthyism raises it's ugly head.
A message is being sent to the rest of the serfs, toe the line or else.
Comments anyone?
Okay they suspended the culprits for the past six months with pay [i'd love that!].
They don't say how many of them, but I guess we can assume that those who were suspended are at least the cream of the 160 that used the IRC.
What manager in his right state of mind can just suspend their best IT staffers - for six months?
Either they found someone else to do their jobs - which makes the discussion futile, cause then they will sack the offenders anyway - or, given that it's the CIA - they just leave the work undone...
Think about it. For six long months the creme of CIA techs doesn't get to work. Isn't that an invitation for everyone else to get busy while the yanks got their pants down?
I honestly do believe that the U.S. is the vulnerable to cyber warfare, simply because they have every man and his dog running through the Net.
Then they turn around and suspend the first line of defense, cause they were using their brains [which is what the CIA has hired them for, in the first place].
They should let h4x0rz run the Agencies. Would save them a pile and get more results...
They have to blow off steam in the company environment or go slightly nuts, can't do it security wise off the property, nice idea no?
Everytime I feel compelled to explain things this obvious, I worry that I've been trolled.
You're obviously not alone. I've never had a comment moderated around the block the way this one has. The comment was made tongue-in-cheek. I'm well aware of the gravity of the situation working for the CIA. When you go in there, you play by their rules, no exceptions. I just find the whole situation a little (black) humourous.
--
You think being a MIB is all voodoo mind control? You should see the paperwork!
A man who wants nothing is invincible
Not, he was correct in using eastern, as in eastern Europe. Actually, you're also neglecting to mention that the soviet union was preparing to push deep into Japan from the north up in Mongolia.
Well, you have to understand that the US and USSR had an agreement that they'll attack Japan (I don't think they agreed on when. Also, the Japanese did defeat the Russians in the Russo-Japanese War. If that had happened we would have faced a similarly divided Japan (except North being communist, south being free) as we saw in Germany after WWII. By dropping the two bombs they also didn't have to execute a full scale invasion of the island..
That's right, because we were the ones who were supposed to, not them. something that would have cost BOTH sides millions of lives, civilian and military.
Try looking up "Little Boy" and "Nagasaki". If you're going to spout revisionist history, at least study the actual events so you can sound more convincing.
I suggest you do the same.
He who fights with monsters might take care lest he thereby become a monster. -Friedrich Nietzsche
How long will it take Metallica to sue the CIA for people sharing their music on that chatroom?
Note that there was no disclosure of classified material here, just violations of Policy.
If you have a job to do, you do it. If you try to go through all of the Proper Authorities, you'll have long grey whiskers by the time you get their formal rejection.
I'd be willing to bet that the "authorized" software on the computers in question was some version of Windows, Microsoft Office, and a couple of buggy, inconvienent, locally written Visual Basic programs for filling out timesheets and accessing databases. And nothing else.
I'm sure every Slashdotter has a list of extra programs that need to be installed on any Windows system to make it halfway usable. (The last "unauthorized" program that I loaded was bzip2. Big scary threat, that.)
The point of "policy" is generally to cover the arses of the Powers the Be; if anything goes wrong, it's because "somebody violated Policy". I have worked in a number of secure environments; I have never seen one where *all* the Policies were followed. Scenario: You're the only one in the office when you are hit with A Sudden Need. Do you (a) Shit in your pants, (b) Carefully collect all of the classified data from your desk (and everybody elses desk, if you're watching their stuff for them) and lock it in the safe. Don't forget to sign the logs, or (c) duck down the hall to the loo and hope that nobody notices. Policy, of course, says (b), with (a) as the only alternative. Of course, (c) would leave your classified data open to any Soviet spies[1] who happened to sneak past the armed guards at the gate.
It's not just the Government; look up Randall Schwartz to see just how bad it can get.
[1] Yeah, I know. There hasn't been a Soviet Union for ten years. The US Department of Defense and State Department (the CIA is part of the State Department) have been busily trying to put it back together, as it was the only justification for their existance.
--
Welcome to the Turing Tarpit, where everything is possible but nothing interesting is easy.
That's a funny thought - all those odes to Natalie Portman ending up enshrined forever in the CIA/NSA archives.
The revolution will NOT be televised.
Actually a firewall does basically nothing if you are somewhat technical, which these people seem to be.
You could easily build a tunnel (e.g. VTun) from the inside of a LAN to some point outside, and then have basically a VPN back in. I do that from where I work to my home. Even if your firewall blocks all direct connections, but have a HTTP or SOCKS proxy in place, there already exist tunnels that go through them.
My point about "judgement skills", though, was that these people are probably just as concerned as their management about security, and probably have much better grip on what it entails to make their network secure. Thus, if you are not going to trust them, you might as well make your network a complete island (whether they create such chatting channels, or not).
Alright, I give that to you. But my point (which you seem to have missed) was that it's typical disciplinary action for violating security policy. Nothing new here.
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.
Of course they tried to hide what they were trying to do! What would have happened if they had gone to the brass and said, "Um, we'd like to set up a chat room on the computer network. Don't worry, we won't let anyone in without an invitation. And we certainly won't open up any security holes. Okay?"
For obvious reasons, CIA employees are required to abide by very strict rules governing, among other things, what they may and may not do, who they may and may not talk to, and where they may and may not go. These rules are meant to be followed to the letter (the former director who used his home computer to create a top-secret document notwithstanding). Any violation of these rules means that security may have been compromised. I'm sure that potential security breaches worry the CIA brass just as much as actual ones, because when you find a hole, you really can't be certain that something didn't get in or get out through it.
Unfortunately, the above rules conflict with basic human nature. We are inquisitive animals, and we want to explore systems, whether they are computer systems, social systems, philsophical systems, etc. As soon as people are told not to do something (especially if they aren't told the (real) reason for the rule), they become even more interested in the forbidden behaviour than they were before. If you restrict a person's freedom to explore, there is always the chance that he will go ahead and explore anyway, and if he's smart, he'll go to great lengths to avoid detection of his activities. (Hmmm ... sounds like one of the prerequisites for becoming a spook. Maybe they should give these guys medals.)
I'm not really surprised that this happened, but if the CIA were really as paranoid about security as they should be, this would have been uncovered much sooner.
Yqy...K ecp'v dgnkgxg aqw cevwcnna vqqm vjg vkog vq vtcpuncvg oa uki. Kh aqw vjkpm vjku ku tkfkewnqwu, tgcf oa dkq.
What is the great danger of running a chat server again? Who was it that was going to 'root' their box?
Most of the data is probably on a need to know basis and compartmentalized on the systems. In this case, outside means from one office to the next. The idea is that even with the best background checks, someone could manage to slip in. The less each person is told, the less they could leak. The IRC server probably violated the compartmentalization (at least potentially).
Wait a minute? Is Slashdot considered work related?
:)
Nope but I get permission to look at it.
- The CIA network, by its very nature, must be one of the secure LANs in the world. By installing unapproved software on an unapproved server, they may have inadvertently placed the security of the entire network at risk. While the article dosn't specifically mention what software was used, I seriously doubt that a security audit was performed on the source to verify that it wouldn't open up any holes.
- The chat room created the potential for inadvertent security leaks by allowing unmonitored communications between non-authenticated personnell. Think about it this example, two CIA buddies regularly converse via this chat room during their lunch hours. One day, someone else (either internal or external to their network) gains access to the chat room and masquerades as one of the two regular users. When the other guy comes on, he sees the screen name and automatically assumes that it's his buddy, mentally placing him in the trusted category. Now, when this guy asks him what he's doing today, he probably wont think twice about telling him. Voila, he's just breached national security without realizing it.
As I said above, these guys should be disciplined, and they should probably be forced to re-take the security training classes, but they have showed creativity by solving what they saw as a communications "problem", and by keeping it operational on a heavily secured and monitored network for over a year without detection. These sound like the kinds of guys who would make excellent electronic intelligence agents.There is nothing so pathetic as seeing a beautiful young theory roughed up by a tough gang of facts.
how long was this going on before management/IS/whoever noticed? months (like the microsoft thing), years? I wouldn't be too quick to congratulate them for watching their network.
"I don't need a compass to tell me which way the wind shines." - Mr. Furious, Mystery Men
It's pretty obvious you've never worked for the U.S. Government...
"Moogs! Would YOU buy that for a quarter?" CMK
Although it might not seem right at first, these employee should be punished as this was a true security violation. The best way to secure a network is to not to avoid things that are known to be unsafe, but only allow things that are known to be safe.
int func(int a);
func((b += 3, b));
It is not too hard for me to imagine a company freaking out if an employee, without permission of IT or whoever, set up an IRC chat server within the company network to chat with coworkers.
I've dealt with (but not worked directly for) companies in that past that won't allow their employees to even run IM clients like AIM or ICQ due to fear of them wasting time and goofing off...Having an internal server running on a company system without permission just adds (in the PHB's mind) to the inappropriateness of that goofing-off action.
The main problem here is that there is a big difference between national secrets and software secrets and ideas. The concepts of physics are not secrets because they are obvious and necessary in many situations. But if you have step by step discussion on how to make say hyrodgen warheads in a secretive environment it is not very appropriate. A country like China dosn't have those little things we call a sense of ethics concerning the use/abuse of nuclear weapondry. Nations have to keep secrets all the time to defend against the possibly indefensible. It's all about strategy.
Respond to s
"Crimson".
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
The Company for response to accusations, seems to preclude the employees the ability to consult with legal counsel, given that clearances take months to be approved
For the job I'm currently working, I had to sign an Employee Dispute Resolution agreement. It basically says that I can't sue them and they can't sue me until we have gone through a resolution process, which involves at some stage an outside mediator. The result is that most disputes are handled internally, without causing harm to the company while still providing a resolution satisfactory to the employee. Signing this made me very nervous, needless to say, but after reviewing the procedure, it seemed reasonable to me.
The point is, if my non-Top Secret company had such an agreement, it wouldn't surprise me if the CIA, a group which would be very concerned about public resolution of disputes, had such an agreement.
Its funny to see how most of the moderated-up comments are pro-control. When they say "national security" then anyone in US walks on their ears... its like holy mantra. I think this so called "national security" is bullshit. How many secret agencies does US have ? How much does it need ? Lauri, who has never been in US and never will.
__
L.
I don't see anything wrong if people try to make their work a bit more 'live' Your holy work is a part of your life anyway... or if you want to be serfs, then go on.
What contract... hey those contracts are just a bit of bureucracy, nobody cares about them in real world.
__
L.
... but I can see both sides of this. Yes, it is possible that installing a chat server (the type was never specfied) on a government high security computer is a Bad Idea(TM). It is also likely that some time-wasting activities ensued. On the other hand, I use an instant message client at work, sometimes receiving assignments in this manner. Of course my job does not require a security clearance. I might also point out that I have very occasionally learned things on IRC that have made my job easier. Don't try to tell your boss you are on #l33t_h4x0r for research though!
-- I Am Not A Terrorist.
So much for keeping our intellectual secrets from China. Oh wait, they already know how we make our nuclear bombs.
Ha! So helping rebels overthrow their government is part of the national security of the UNITED STATES? So, tell me, do you also believe in Santa Claus?
He who fights with monsters might take care lest he thereby become a monster. -Friedrich Nietzsche
And you would do what? Slap chains around their ankles? If you didn't get riots you'd get some quite demoralised and less effective workers. They should be (and hopefully are) trying to work out what's wrong with the working conditions that caused people to do that -- not slapping punishments on everyone, demoralising them even further.
What I'm trying to say is that if 160 people are breaking the rules, obviously the rules aren't designed well enough to accomodate people effectively. When rules are made too inflexible to fit people, they'll get broken and so there's not much point in having them anyway. Show a bit of respect by allocating some freedom for people and they'll usually surprise you.
The CIA is a special case and there would be some specific things that couldn't do, but it's in everyone's best interests that the people working there are enjoying what they do. For example, if they don't want unchecked s/w running on their network, perhaps they need to create a seperate intranet where employees can run unchecked s/w.
===
Excuse me if I'm wrong, but if you work at the CIA, you're not there to chat. You're there to do work. The CIA has every right to be mad.
Wouldn't you be mad if you went to the DMV to take a driving test, and they said, "Come back Friday, I'm in a chatroom right now...?"
--
The World is Yours.
Anyway, no one gets an account on our network without a clearance. It's not a big deal to install software on the intranet because you can't unknowingly open a hole to the Internet or SIPRNET -- they're not connected. And there's no uncleared personnel with accounts. (shudder.) The network links cannot be monitored without breaking the military-grade encryption.
I would assume that the CIA likewise does not have any uncleared personnel on their network, so the scenario you propose does not apply.
"The simplest solution is to ignore your dead children."
Sorry, I have to disagree. Consider this: Every second those "hackers" spend on chat/irc/etc. is a second wasted when they could be doing something constructive, like, their job.
He who fights with monsters might take care lest he thereby become a monster. -Friedrich Nietzsche
It sure is a good thing I don't work at the CIA!
It has been months since I've made it through the day without either using IRC
or playing a few (10 or 20) rounds in Counter Strike.
I work at an educational institution. Particularly, one with a limited amount of intelligence.
Don't trust the spoons.
The List of Grievances with Slashdot.
"Don't be paranoid, what do you think this is, the NSA?"
"innovative, out-of-the-box, unconventional thinkers
Someone at our government being unconventional? whoa....whoda thunk it?
But really, these people work at the CIA, did they think they wouldn't get caught? or were they expecting to lose their laptops before they did get caught.....
The anti-salmon
I'm sort of split on my opinion on this. I'm a big advocate of privacy in the workplace, and I can certainly see why this would cause some concern on that ground. On the other hand, the CIA is not your standard business. The Company has, and has always had, very specific and clear concerns about information flow, and I can't help but assume that the workers involved were aware that what they were doing would be against Company policy. In other words, privacy is good, but should it have been expected in this situation?
I've had this sig for three days.
In these days, people expect that all networks are connected somehow, because the Internet is so ubiquitous. But this wasn't always true. I'll lay down good money that the CIA's internal network isn't connected to anything else. The people on the network all have clearances. The connections on the network are all encrypted.
Now, I don't know how strict the CIA is about their policies... but consider: Suppose there are 200 computers networked together inside the CIA headquarters in a secure area (accredited for open-storage of classified information). Those computers aren't connected to anything else. The hard drives are removed from the computers and locked in safes when not in use. There are alarm systems with motion sensors and armed guards. To get an account on the network requires having a clearance on file. What is the great danger of running a chat server again? Who was it that was going to 'root' their box?
I don't work for the CIA, but I do work in an environment similar to this. Don't make assumptions about their security by comparing it to something you're familiar with.
"The simplest solution is to ignore your dead children."
"The serious thing for us is people willfully misusing the computer system and trying to hide what they were trying to do," said one intelligence official. "If they were doing this with the KGB's computer system, we'd be giving them medals. Sadly, it was ours."
Now here's a perfect double standard. Fuck with the enemy's systems, and we'll give you a medal. Do the same with ours, and we'll shoot your ass. The funny part is that it was a chat room. Chat rooms are forums for essentially free speech. So the enemy probably would shoot you for attempting to practice your right to free speech. Thus, we have a situation here where they'd be damned by both sides.
This has all the smell of bad political infighting. As the Washington Post article points out, it seems "highly suspicious that all of those supervisors, not to mention the numerous component network administrators and security personnel, were unaware over a period of years of illicit computer usage by a group of 160 personnel". So something happens, and somebody who does know about this particular skeleton digs it up and uses it against "several officials, including members of the Senior Intelligence Service, a cadre of career officers at the upper reaches of the civil service system". They wind up with letters of repremand in their folders or worse, fired. In any event I strongly suspect there's a lot more going on that we don't know about - yet.
The Associated Press just released an article on this topic.
Spy Agency Investigating 160 Employees, Contract Workers for Unapproved Site
WASHINGTON (AP) - The CIA is investigating 160 of its employees and contract workers for exchanging "inappropriate" and off-color messages on a covert "chat room" in the spy agency's classified computer network, The Washington Post reported.
more
--
--
He lives in a world where those who do not run the client software of the omnipresent meme are unacceptable.
Seems like these guys are really good resources to understand and deal with computer crimes and other computer-related operations. Why would CIA want to criminalize them, leaving only meek people behind? Sure, that's gotta make them more savvy and efficient as an organization.
Seems to me that what these people were doing is pretty harmless from a national security point of view. If their management does not trust their intentions and their judgement skills, they should not have hired them in the first place.
Now, instead, they will make CIA an organization only for dead weights.
seineeW erA srekcaH IBF
"I have not failed. I've simply found 10,000 ways that won't work." --Thomas Edison
What, you think the KGB and the CIA are equivalent? Perhaps morally equivalent, but morals are not what government is about. The CIA exists for reasons of national security of the UNITED STATES, and the KGB exists, putatively, for reasons of national security of RUSSIA. Those reasons are not the same!!
If you work for the CIA, things that you do to further US national security, even if they might harm Russia to some degree, are rewarded by the US. Part of the CIA's job is to find out things about Russia that the KGB might not want to tell the US.
On the other hand, if you work for the CIA, things that might *harm* the US are punishable, and should be. There is a fundamental asymmetry between Russia's interests and America's interests that distinguishes between these actions.
I find it quite naive of you to suggest that this is primarily a free speech issue. The CIA does not provide computers and networks to further their employees' free expression. In fact, public expressions of secret information are often punishable, regardless of the First Amendment, because, according to the classifying authorities, such disclosure would cause some harm, or risk of harm, to the US's national security. I am sure that the CIA employees have had this explained to them, and agreed in a legally binding way. Your First Amendment arguments are a red herring.
Chat rooms are potentially forums for exchanging *information*, and *information* is what the CIA deals in. Furthermore, installing this software creates connections that might allow the network to be accessed from the outside, which is an additional risk.
I don't understand at all what you mean about the enemy "shooting you" for practicing free speech.
I don't disagree that there is some bureaucratic infighting going on. What do you expect in a government bureaucracy? Some sort of utopia for hackers and "free" speech?
Everytime I feel compelled to explain things this obvious, I worry that I've been trolled.
I didn't! It truncated it and wouldn't let me edit it! This did NOT happen in preview mode. Fsck that.
I found it interesting, that the article said, "...which CIA investigators discovered while performing routine computer security checks..." Then later said, "...'This activity has apparently been taking place for some time...'" If it was a routine check, then shouldn't they have caught it before it got out of hand? The only reason they didn't, that I can think of, is they wanted to catch the guilty parties involved. I don't feel sorry for any of the parties involved because they breached their contract.
"The quality of life is determined by its activites."--Aristotle
I think it'd be rather interesting to work for the CIA. Anyone have any information on what it's like? I've read through some of the stuff on their web site, but I'd kind of like to find out any information someone else has.
Quidquid latine dictum sit, altum sonatur.
No, you misunderstand. As I assume you know there is a difference between being "cleared" and having a need to know. If you have a large system of many different parts, you don't want to give access to everyone who gets a simple security clearance. So, someone can have an unclass account on a secret network who has clearance but no need to know for certain classified data. A network with no security hierarchy would seem to me to be a scary thing. And, SIPRNET is indirectly connected to the internet. And you right, all communications are encrypted, but it's still a hole. Internal theft is not that big of a crime, but I have work on systems in other countries and Internal theft is one of their top priorities. Take the breaches at Los Alamos for example...
int func(int a);
func((b += 3, b));
Will we ever know how the "chat room" was setup? i.e. Did they set up a 31337 IRC server, or did they hack together their own service?
Somewhere out there a poor script-kiddie got a hard-on.
The rest of us are disgusted at the use of the word illicit.
The message on the other side of this sig is false.
Just saw the movie last night:
were here to defend democracy, not practice it
FunOne
FunOne
I can see it now: "Use CIA-IRC, the server used internally by the CIA!" Give the hackers a kickback, keep the rest of they money to fund black bag ops or something.
I agree...I work for a market research firm...not the CIA...and I most certainly have full privs on all of our servers - unix and NT - and could most likely set up my own IP and chatroom without too many people taking notice...but if I did that, I would a) consider it wrong, and b) expect to be punished if caught...
...not too many, I suspect, unless we're in the position of the person who needs to give the permission.
...and if you're a real "hacker", you'll set up the chatroom on SOMEONE ELSE'S server without them knowing ;) Doing it on your own servers is no challenge...
who are these twits? how many of us would do this without permission at our places of employment?
I don't find this incredibly newsworthy, other than the fact that operating something like a chat room just provides yet another hole that some unscrupulous person could use to gain access to information. At my place of employment, that would most likely be data about something ridiculous like cat food or toilet paper. At the CIA, the information that they could gain access to is MUCH more sensitive. I applaud any disciplinary action against these two "hackers".
PS
Perl.
nal 11
"I'm sad to see that, as usual, the control freaks of the world are eager to lynch anyone who makes 'unauthorized use' of a computer."
In this case, it wasn't just "unathorized use." The chat room was inside a classified network. Even though the CIA admitted that nothing was compromised, in due time, it may have been. Having a publicly-accessible chat room on a network just like the CIA's is an invitation to jump into the network, and that's a big security no-no.
Read the article next time. HTH HAND
--
--
The real Raunchola isn't cool enough to have any imposters
Plus they were more or less allied with the soviet union back then, a group not exactly known for their kindness and generosity.
Yes I do know history and I believe that using the bomb was a necessary political meanuver to prevent from having the soviet union have a massive foothold in southeast Asia.
Respond to s
A smart manager might ask, Why was this software installed and why was it so popular?
A smart manager would have made sure that the work environment is such as not to make it necessary for the employees to install gunauthorized softwareh in the first place.
"Consistency is contrary to nature, contrary to life. The only completely consistent people are the dead." A. Huxley
Err, reading Slashdot is an efficient means through which I can stay current on various developments within the computing industry, thus allowing me to more effectively do my job. At least that's the rationalization that I'm sticking with.
It's National INTEREST. Unfortunately, the world is in a state of anarchy with every country out for itself. There's no "Daddy" to discipline the bad countries and reward the good ones. The only solution to this is a world government, and don't expect one anytime soon. It mainly depends on your beliefs, if you like the system or not. I see the logic behind the duality of morals theories (Go read some Thucydides). And actually like them. Moral actions are for the individual. The state's only responsibility is to look after the well being of its own citizens. If you disagree with me, go form a world government that works. :P
If only i were at that auction
A blog about stuff.
I have this picture in my head of Tom Cruise hanging from an air vent and installing BitchX on his laptop...
...would have to be run not just on a separate network, but separate computers. You wouldn't want potentially sensitive information jumping the barrier...
--
--
Do I look like I speak for my employer?
-- look, cheese ahoy!
People aren't computers, we can understand fuzzy input quite well. Actually, I don't know how much you like reading, but ambiquous language and new words are used with great effect in some of the greatest books ever written (Joyce's Odyssey, for instance). There's so much more into written word than just structure and words!
Bend the language and if you don't get it to do what you want, go ahead and break it!
Laziness and ignorance should accepted? Yes! Definitely as long as it doesn't hurt anyone else!
At work I strive for perfection and do not tolarete laziness or ignorance from anyone. Why? Because we work with class A lethal chemicals. I don't want to get killed by some ignorant and careless moron with no self-preservation instinct.
At home and in my private life, however, I am a complete slob. I do things I want to do, in exactly the way I want to do them and I'll fight anyone who tries to force me to do otherwise. I pay my bills, meet people, clean up, eat, exercise, sleep, read, write and speak as I bloody well like.
People like you who insist on making sure that others behave in a way that is "proper behaviour" even when there is no good reason for forcing the issue, are just unnecessarily burdening theirs and others' lives with useless rules.
Hey this violates the CIA policy then they should get repremaned. At any job if you use the computer for non work related items without permission then you will get in trouble. Hell this is the CIA. I am not surprise they are finding themselfd without a job.
It looks like simple security policy enforcement to me.
Think about it: they ran a public server from an internal network that has access to sensitive information. This is very bad, security-wise. What would happen if somebody outside rooted their box? Depending on the information that could be accessed, people could die because some morons were running some IRC server.
This wouldn't be the first organization that's fired employees for breaking the security policy. This story fills me with nausea.
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.
At times, I'm glad the government is so incompetent that it slit's it own throat
:-). Yeah, real brilliant.
In an age where most companies embrace chat/irc/etc. for communication for their employees, the spooks take it 10 steps back and go on a witch hunt for people using IRC!
As far as disabling "shadow", you know that it was
as simple as simple as killing the process that
ran automatically on their NT desktop computers
No need to take further action then, these people have already been punished hard enough!
It's good to be thorough, but six months?
--
If those CIA computers have keystroke monitoring software/hardware installed, I certainly hope they're connected in a way that doesn't allow someone other than their boss to monitor them.
Comment removed based on user account deletion
...they become slightly different people.
/. prove that there is less company loyalty among all geeks, and much common interest among them.
Especially the people who've built the network and use it on a daily basis. You work in a heirarchy designed to control and supervise what you are doing, and then that heirarchy orders you to create a network, and you develop relationships with the other people working on the network that are more horizontal relationships. Like a group of truckers on the road chatting on CBs, these employees chat, swapping useful info and fart jokes.
No non-computer-related firm can fully control those computer employees upon whom the firm is dependent. Like the mitochondrion in a cell, these employees form a semi-autonomous group which is rather impenetrable to the outside world. Most non-technical managers prefer it that way, so they can just give the orders and get results without having to learn a lot of technical information. The only way to fully control these employees is to learn the exact nature of all of their work, and to supervise every action performed by each employee. Even in an organization such as the CIA, this is impossible.
Forums like
Goat sex free since 2001
Ah, but the KGB doesn't exist anymore, like it used too anyway. Just saw some of there former employees on the TV news running insurance scams here in Texas.
I'm just waiting for the day when everyone gets a neural implant that automatically detects non-business related thoughts during company hours. After all, we provide the air that you breath. It is against company policy for anyone to have independent thoughts while breathing the company's air.
Just because you can legally treat your employees like serfs doesn't mean that you are obligated to do so.
A smart manager might ask, Why was this software installed and why was it so popular?
Mea navis aericumbens anguillis abundat
1. You are insinuating that because I favor the consistent use of spelling and grammar, I'm some sort of right-wing fanatic - a "fascist" as you so eloquently put it. I won't bother to respond to that obvious troll except to say that from your use of the word "fascist", it's pretty obvious that you don't know what it means and that you are using it out of some sort of need to insult me.
2. You say that language is killed by "fascist rules" dictating what "proper language" is. By parallel argument, The fascist rules promulgated by ANSI upholding what proper C is have killed the language.
3. The person who misspelled "crimson" did so out of laziness and possibly ignorance. Why should that be accepted?
If you even appear to not be with it then you're screwed because they will come down on you like a hammer on a nail.
I mean sure you could make the argument that it would be exciting to work there with all of their technology and what not, but what about the price of failure? That is one of the jobs were a simple mistake could cost you your freedom because you'd end up in jail.
At least they were not trading pirated MP3 files!
If your children ever found out how lame you are, they'd murder you in your sleep
The original story is pretty thin. I'm curious as to whether this is really about security practices per se, or the culture of the illicit scene, ie an ideological purge.
Ben Masel: 51,282 votes for US Senate in the Wisconsin Democratic Primary
The article says:
The CIA is investigating 160 employees and contractors for exchanging "inappropriate" e-mail and off-color jokes in a secret chat room created within the agency's classified computer network and hidden from management.
And then it says:
If they were doing this with the KGB's computer system, we'd be giving them medals. Sadly, it was ours.
Umm, if they were sending around dirty e-mails and fart jokes around KGB computer systems, I doubt we'd be giving them a medal. I think it'd be more like "Why were you dicking around on their computer systems and not gathering information?"
And how come everyone who "thinks outside of the box" is automatically a geek and a hacker? Where I work (which is not the CIA), we reward people who think outside of the box, but we'll also fire in a heartbeat those people who abuse our systems, even if it's something minor. Why? The reason is that when someone abuses something for a harmless reason, there's no reason that they might someday cross the line and abuse it in a very damaging way. It's about responsibility and decision making capabilities. If they can't conduct themselves in a responsible manner, they're a potential liability. Whether they think "outside of the box" or not is irrelevant. Conduct and action do not have an effect on the ability to solve problems.
Frankly, I'm glad that the CIA is watching their internal networks and trying to maintain good employee conduct. I wouldn't want some care-free hacker in charge of maintaining information that, if put in the wrong hands, could endanger the welfare of the country, just like I wouldn't want some carefree hacker on my computer network doing things that could possibly make my work day more hectic.
I did not say that everything the CIA does is consistent with the (legitimate) purposes for which it exists. Rebels overthrowing their governments might indeed be in the interests of the U.S., although such interests ought to be weighed against the ill will such actions can create, and any other (some unforseeable) consequences.
For example, the support of the U.S. for the Shah of Iran was perhaps in the short-term interests of the United States, and probably the best option at the time. As it turned out, however, the Shah's repressive and westernized regime created a deep well of animosity in Islamic circles. This led, of course to the Shah's overthrow, and twenty years of tense relations between the U.S. and the Islamic Republic. Who knows how much this has hurt the U.S.'s national interests?
Without more details, and a crystal ball to compare the alternatives, it's impossible to know if helping some rebels (French Resistance, Afghan Resistance, Chechen Resistance, Islamic Jihad, ?) does indeed protect the U.S.'s national security.
If you want a unambiguous example: screwing up the target selection process for Belgrade certainly did not do anything to help the U.S.'s national interests. Of course, no one made a deliberate policy decision do do this.
Anyway, those are the same useless rules that you spent years learning about in school. If a poster has some sort of learning disability, he/she can tell us about it and we will take that into account when we read that person's posts; otherwise we will just assume that the poster was either 1) too lazy to learn anything in school, or 2) believes that ignorance is superior to knowledge...
--
You think being a MIB is all voodoo mind control? You should see the paperwork!
A man who wants nothing is invincible
I'm just trying to be realistic here - if you decide to work for the CIA, who needs to carbon date the corn from your hole before you even get a second interview, I'd have thrown my rights to personal privacy out the window long before I signed off on the "I swear I've never *cough* used drugs" clause on the application.