Slashdot Mirror
Real Cyber-Spying
phr1 writes: "Kevin Poulsen has an article at The Register about a USAF sergeant arrested for emailing classified info to "Country A" (apparently Libya). The guy was something of a bozo, using free webmail accounts from locations near his home to email the stuff. It's an interesting read about a legitimate (for once) cyber-bust."
yo... apperently the people that want to ban strong cryptografy in your country and want to monitor EVERY mail by Echelon (and Cernivore) got trocked by their own technology
".Sig Stealer" was here
hmm, so they do have some backdoors in the encryption used.
(Or they just got the key from the first email.)
Hmm, if you're really into espionage, and you use computers, but no real crypto, you must be really stupid, yes? Somewhere near as stupid as a sergeant in the USAF, maybe?
I mean, use a 2048-bit PGP key, and you'll probably be home free...
ad
What possible harm did this guy do to you?
Furthermore, the U.S.A. constantly spies on everyone including allies. Hypocrisy at its worst.
Oh, um.. cyber-spies. Libya. Right. =)
Hi! How are you?
I send you this NOC list in order to have your advice...
Well, building the largest cyber/electronic comunications spying apparatus on the planet finally payed off for the US. I was beginning to think they would never to use it for something other than helping Boeing trounce Airbus on an airliner-sale. But now they actually cought a real Spy! Too bad that the first great cyberspace master-spy turned out to have all the intelligence of a carpet mite.
Only to idiots, are orders laws.
-- Henning von Tresckow
I'd be very interested in finding out what he was using to encrypt the files. PGP?
I highly doubt it was the FBI who cracked the files.
Damn, I'm a Slashdot editor but forgot to bring the piece of paper with my password written on it. Could some user-mods please mod parent down? (If you don't, I'll be doing some serious bitchslapping next time I get access to my editor account.)
Thanks for your cooperation.
The article mentioned 13 different intelligence agencies in the US, which I didn't know about. I looked some more and found this. Hmm.. maybe this is off topic :)
Whenever you read on of thse stories, the people involved don't sound all that bright. It's a far cry from James Bond, anyway -- more like Amway gone bad.
InstaPundit! Ahead of the Curve Since 30 Minutes Ago
Arrested spy Brian Regan has initiated legal proceedings against the FBI under the DMCA ruling.
..."
"While it is legal in special circumstances to reverse engineer my private messages to Libya - it was clearly illegal in this case. If the FBI start decrypting all messages from spies, then there is nothing to stop them posting them on the Internet for other countries to download for free. How do they expect spies to make a living then? There claim that they had a right to access these photos and that it was only for their private use just doesn't cut it
The Intelink network mentioned in the article sounds pretty wild, but I'm a little suprised it just uses standard tcp/ip tools (and that each dept is responsible for it's own servers, and can choose what server software they want to use). Seems like it would be so easy to misconfigure something, or for an intruder who can get onto the physical network to exploit holes in the server software to gain more access than is allowed.
And what happens when a bumbling FBI agent hooks up a wireless LAN base station so he can surf Intelink on his laptop? Doh!
The referenced article had a link to the best demo I've seen so far about the US Government's "separate" internet called Intelink that links intellegence agencies. This is where our spy got his material he tried to sell - online, not from an old-style combination safe. Intelnet is supposed to be totally isolated from the "regular" internet (yeah, right, anybody got a connecting URL?) but it's got 250,000+ users. How can the security on this thing be airtight enough to entrust US secrets to it? A few nights ago I watched the Nova rerun about Bletchley Park breaking the Nazi Enigma code and the point was made over and over that the Brits got toeholds into breaking the code by flaws in the way the Germans in the field actually used the Enigma on a day-to-day basis. Aren't we setting ourselves up for exactly the same thing with a quarter-million users out there? Yo, some Slashdot user who has access to this thing - tell us what administrative security is in force! Also, this guy went to his public library and logged onto free email accounts to transfer his information - what should he have done? What is the next way a spy will use the regular internet as an anonymous deaddrop more successfully than Sgt Regan?
Regan... :)
cold war irony
As someone who lives in the D.C. area, I run into alot of retired 20yr/career military types who are "double dipping" (local vernacular for someone taking a pension while working). I didn't realize spying was an option.
... moreover, to do it in a town which is chock full of feds looking for the big bust. Man, this guy did everything but walk in front of the Hoover building with a sandwhich board that read "Hi I'm Brian. Come Spy with Me".
What I find most interesting is whow BAD a spy this guy was. Going back to the same account nine times ? Especially regularly using, and repeatedly ging back to local public libraries, where all activity is recorded and logged for just such abuses ? Where the library's access to the network is often via some other local government agency or educational institution ?
And the list of stupidity goes on. Including continuing with the same Modus Operendi after making the initial contact via the internet
The entire incident is mind boggling and makes me wonder what type of security they're NOT teaching our USAF boys in blue.
healyourchurchwebsite.com - WWJB?
To whomever moderated that up, your ip subnet will now be blocked. Dont consider visiting this site again.
of course I'm a virgin! ... well ... at least I was!
Well, as a sort-of US of A. authority at Intelink, I can assure you that we have a top-notch security and stuff here. As a matter of Fact, we just hired some pretty keen security-guys from Russia, and some step-overs from China.
One example of our high security is that we use exclusively Adobe PDF personalized format for exchanging information within.
We also recently upgraded our PKI infrastructure to support ROT-14 encrypting method, which makes the "bits of key" ("standard" being 128bit) effectively 8*bytes of encrypted message.
More information can be gained from www.intelnet.gov.
FYEO.
Rojer Saramantch,
SPR, Intelnet.
fucktard is a tenderhearted description
Beanerspace wrote:
What I find most interesting is whow BAD a spy this guy was. Going back to the same account nine times ? Especially regularly using, and repeatedly ging back to local public libraries, where all activity is recorded and logged for just such abuses ? Where the library's access to the network is often via some other local government agency or educational institution ?
I think, what got this guy was mostly that he was low on funds. Setting up a communication system safe from backtracking or spying for regular use isn't that easy, if you're just a lone guy and can't afford to jet around the world just to check your mail or open untraceable remailing or anonymizer servers in strange locations.
Now if the american counter-espinage got hold of the documents from the Lybians (I guess they have some inside contacts there too), he's in real deep trouble. As soon as he's on the suspect list, because he accessed the documents, he's toast. A perfect safe communication system would only have delayed the time until they catch him.
All in all I agree, that guy was stupid, but not because he used Hotmail and the Library, his stupidity was the way he procured himself the documents he sold. As long as they can be linked to his Intelnet account or workstation, it would just have been a matter of time.
The man is a spy. F*ck encryption breaking. That's not the issue. Whether or not they used anything to find his message is irrelevant. There should be certain times, like this one for instance, in which the government should almost have a right to keep an eye on people, or be allowed to monitor. HOw else are we going to survive and stay #1?People like this person should have no rights. Being USAF, I thought he would have a better appreciation for this great country of ours, but some give in to the prospect of a few extra dollars. Hopefully he will be prosecuted to the fullest extent.
Being a former military person myself, I know how important it is in catching spies. I guess people in this country that haven't served in the military before, don't have an appreciation for this country like I do. Many take it for granted that what they have here is bliss and they forget that this country isn't like Australia or Afghanistan and have that choice to practice what they want when they want.
I do think with all of that 'free-speech' out there, that there would have to be a way for our government to monitor it. I don't think the government is telling us half the truth about what is going on out there, but I guess we don't have a 'need to know.'
I don't like anyone snooping in on me either, but then again, I can't control anything outside my house. Hell there could be someone sitting outside my house reading what's on my screen right now because of my monitor not being TEMPEST secure. It's great that I have the right to look up what I want on the internet and do research on the internet even if I was planning on blowing something up in the government. What about McVeigh? Do you think it would have been wrong for the U.S. to snoop in on him?
People get too paranoid and think the government has too much power and should back off. I think that our government will monitor us and whether we like it or not, and will continue in the future. Sometimes for good, sometimes not so good. We can't prevent it and as long as we live here, you might as well get used to it. If you don't like it, move some place else.
Can't get to story (slashdotted?) but I assume he was American, not Libyan?
What the article doesn't adequately address is the issue of just how the FBI first got wind of Regan's activity. It's an interesting question, one that should give pause to anyone considering providing information to third parties as a way of supplementing a meager government pension.
Come to think of it, the initial discovery steps are never addressed in the popular reporting of spy incidents, and since most cases either never make it to court or contain "sensitive material" that is not accessible to those not in the loop (that usually involves defense lawyers). Somehow though, I get the impression that foreign agencies are so thoroughly penetrated by American intelligence that spying against the US is a death wish. You will be sold out by your contact in Moscow or Tripoli who probably makes $100 a month and dreams of nothing better than retiring in the States with an American government pension. Either that, or the powers that be monitor all communications to an extent that even Slashdot readers would find unbelievable, so that anything even remotely secret that goes over the wire or the ether is read, catalogued and forwarded to the competent authorities.
So information must not be that free after all ? Interesting. Really.
ha ha ha ha ha ha - another deluded soul!
This just goes to show, that real criminals aren't all that bright. Note, to the DOJ (or JAG, or whoever): Crimminals are not smart people, or they wouldn't be criminals - therefor, don't waste your time trying to bring unwinable cases against relitively honest people; instead go and win cases against patently dishonest (and in this case treasonus)people. It'll make everyone feel better. The American people will have their confidence in the justice system, and the prosecutord will win a lot of cases. It's a win-win situation.
--CTH
--Got Lists? | Top 95 Star Wars Line
I'm no foreigner so don't nuke me for what I'm about to say......... I would HOPE that our members of "US Intelligence" would be somewhat knowledgeable when it came to the topic of encryption. I am under the assumption that this bum's messages were not cracked by a government employee but rather some "cracker" with a trivial brute force method. From personal experience, only a small handful of people involved with the government would have the brain power to attempt such a feat. (let alone think they could get away with it scott-free.)
Now this is "military intelligence" at its finest.
People like this person should have no rights.
The problem with that attitude is that you don't define "like this person".
Sure, bad guys shouldn't have rights. Who gets to pick the bad guys ? J. Edgar Hoover ? The Pinkerton agency ? Was Rodney King a bad guy, deserving of losing his rights ? - LA's finest seemed to think so.
The point about "inalienable rights" is that they're inalienable. Even spies, murderers and Flash coders get to keep them. You might like to be able to withdraw these rights from "appropriate" groups, but on the whole society works better if we leave the bad guys with a few too many, but don't have to worry about stormtroopers and death squads artbitrarily deciding they can remove them from any citizen they choose to.
Weren't all of you linux,open source, free stuff,... for the free flow of information to anyone. Free information, free flow, no gov' intrusion, .....
You see...sometimes I feel like you don't really know the price of freedom.
AC
You know, I really dislike that editorial bit at the end, about finally a legitimate cyber-arrest.
We may not like the laws that are being used to hassle some people, but the laws are indeed on the books, and prosecuting people under those laws is indeed legitimate, even if they go against the know-it-all attitude displayed here on Slashdot.
For the record, DMCA is law, and arresting somebody that peddles a circumvention device that is specifically marketed to thward e-book security is legitimate, as long as the DMCA is in effect. Instead of endlessly harping about this arrest, and that witch hunt, do something... like helping out the EFF, or letting your local representatives and senators know about how you feel about these things.
What's the use? This is Slashdot.
it's just built using the same protocols and tools that the internet runs.
Do they have Slashsites?
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
I bet they do not have to show how they decrypted it "for obvious reasons"
Actually, the DOD isn't in the business of teaching people how to be spies. Instead, they concentrate on creating a system where inadvertent security compromise is unlikely. Once the system is in place, they then train personnel on a system of best practices designed to both reduce information security risk and make it obvious when the procedures aren't followed. For example, I'm curious how the USAF member in question got the information out of the facility - those systems aren't supposed to have any removable media besides the hard disk (so it can be locked in the safe). That means no floppies, no zip drives, no CDRs, nothing. It would not surprise me if the facility he removed the information from were given a security audit in the near future.
It wouldn't surprise me either if the people he worked with were getting lazy about security - the periodic lectures on how to tell if one of your cow-orkers is spying generally get greeted with groans beforehand, snores during, and blank looks afterwards. It's laziness like that that allows security compromises to occur in the first place.
I heard a story once about someone who managed to get access to a DOD secure network. After he got busted they asked him how he had done it, and he anwered that he waited for someone to get lazy about procedure and do something not allowed by the "best practices" policies. He was convinced that if policy hadn't been broken that there would have been no way to get access.
And I complain about stupid users on _MY_ network...
"Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin
Do you think this top secret network includes top secret pop-up adds? If I worked for the CIA, that would make me pretty mad.
Also, we will stop your milk delivery.
This guy has a lot of company. It is important to note this individual did not appear to breach the intregity of intelink. He had a security clearence (which means he has had an extensive background investigation as well as periodic reinvestigations) and authorized access to the information he sold.
www.sguil.net
The Analyst Console for NSM
when the keys get stuck?
Insert mind here.
Check it out: http://censorware.org/.
Seems like a waste of a website to me. Oh, and, nice lyrics. Ha!
I don't care if he used an unbreakable one-time pad. The contents of his message to "Country A" are unnecessary. The fact that he even sent a message is enough to arrest him and hold him with no bail while the FBI goes through his life with a microscope.
Apparently he didn't use a remailer. But the CIA funds anonymous remailers and web proxies. After all, if you were in the CIA, wouldn't you set up a couple of dozen high-quality anonymous remailers just to monitor the traffic flow? I would.
Anybody knows why some moderidiot modded the parent down as troll? While it is true that it is a little bit heavy on assumptions and extrapolations, it is not a troll? Come on!
It looks like that a spy has to be very smart, work very hard, and at the end of the day, they still have a problem surfacing their money.
For that much talent and hard work, they might as well choose some legitimate career and make $1 million that they can bank and spend.
As a matter of fact, you are correct in the assertion that there is more than one variant of Intelink. The most common variant is Intelink-S which is routed over a closed circuit encrypted WAN called SIPRnet (Secret Internet Protocol Network). Intellink-S (secret clearance) hosts mostly processed intelligence reports that are aimed towards analysts in various agencies. A higher echelon is Intelink-SCI (Top Secret clearance or better) which contains raw intel such as aerial photographs etc. All Intelnet variants are encrypted thmeselves as well as their SIPRnet rides, thus making the traffic encrypted several times over.
Access to terminals is very secure from a physical standpoint. For one any workstation connected to SIPRnet is expressly forbidden to be connected to ANY other network. Each user has an account with a digital security key which in turn limits his or her access to a strictly need-to-know basis. SIPRnet itself is a hardened, DoD maintained, all fibre backbone which maintains at least T-1 connectivity between terminals and is capable of carrying Tcp/IP, Voice over IP, Video Conferencing, Facsimile, as well as other digital traffic.
While theoretically it is impossible to physically compromise this setup terrestrially, one must remember that the military demands field access to intelligence. Remote access is acheived through the use of humvee-portable satellite system called Trojan Spirit-II. C, Ku, or X band uplinks can establish up to fourteen 512kbps channels with the various DoD WANs. As one could imagine these links are very heavily encrypted and utilize geostationary satellites whose exact keps are a secret in of themselves. But theoretically this really is the only weakness in that it is the only public channel through which this service is routed.
On top of this is TIPRnet which carries the highest-prioroity and most sensitive information. The author knows very little about this, besides the fact that all terminals which access it reside in vaults and require several stages of verification (ID, retinal scan, etc...) to enter.
I live about 3 miles from the National Reconnaisance Office in Chantilly, Virginia. They have strangely-shaped blue-colored buildings with very reflective windows. The entire compound is surrounded with tall fences. There's a footpath around the compound, and guards walk around this footpath at all times (weekends too).. They also have two vehicle entrances.. one for guests and one for employees. It's a very secretive place.
There's always a way, even in very vigilant organizations, assuming you're willing to take the trouble and sustain the risks. An, ahem, acquaintence once wanted into a room that was protected by an electronic combination lock. He put invisible ultraviolet powder on the keys and went back a few hours later to see which had been rubbed off. It was a simple matter to try the limited number of combos to gain entry.
bahaha. that's mean as hell but fucking hilarious
duh, this story was broken by the washington post last saturday.
not to mention the 5th word in his article is spelled wrong.
is't very nice, either.
God I hope I get this comment in metamod tomorrow. Stupid idiot, this post was very informative (should be +4 or 5 Informative) but in no way shape or form was it Insightful! Moron! And for the idiot that marked the parent of that a Troll, pray I don't get you too... Bitchslap!
Thats just damn funny. I live in Canada, and here, we don't have the ignorance to say something as bluntly stupid and introverted as "We're #1!". Honestly, you small minded Americans, have you taken the time to notice that *gasp* if your external resources were cut, you'd slowly die as a country? What may make you a strong world power today might be gone tommorow if you don't watch your step, US.
Seig Heil. Asswipe. Expect parent to go to +5.
More information is available at the Washington Post article
Funny you mention that NOVA program. The Lorenz machine had the stroke of luck that day with the double keyed ~4000 char transmission with diffs that became the first break in its design. Newmanry History Hedley
Treason is treason, he betrayed his country and like all others who commit treason, should be executed. No questions asked, money back guarantee. Shoot the fscker.
It's possible that the gov't could act in violation of the DMCA if their motivation is considered in the interest of national security. I'm taking a course on nat'l security law this fall, so maybe I'll find out.
Getting offtopic... I'm keeping a close eye on the Sklyarov case. If he's convicted, I think I may have to start publically protesting, for the first time in my life. The DMCA is a very frightening law, even scarier than the UK encryption key policy. I believe that as the "stamp act" was one of the British gov't policies which led to the American Revolution, the DMCA will be listed in future textbooks as one of the causes of the next revolution.
--
I like to watch.
No one ever mentioned the idea, if the criminal was smart, we probably wouldn't know about it and he would be living comfortable some place.
If we don't make light of everything, we are just stumbling in the dark - Blank
After chanelling just under half the computing power in the World into the task of decrypting messages sent by a spy to an A-list country, the US government have raised doubts in peoples minds about the security of certain methods of cryptography, and speculation has been made as to whether the government holds a so-called "back-door" to certain encryption algorithms.
As a result, the method of encryption used by the spy is now deemed highly unsafe to use by the cryptographic community. A press statement issued this morning stated: "We can no longer recommend the use of ROT-13 for mission critical documents".
Magius_AR