Real Cyber-Spying

phr1 writes: "Kevin Poulsen has an article at The Register about a USAF sergeant arrested for emailing classified info to "Country A" (apparently Libya). The guy was something of a bozo, using free webmail accounts from locations near his home to email the stuff. It's an interesting read about a legitimate (for once) cyber-bust."

Re:Intelligence Intranet

[TheMidget]

Probably, the really highly classified stuff would not be stored on that network anyways. You have to be aware that all 13 "agencies" are connected to it. Knowing that often those agencies have secrets that they don't share with other such agencies, we can deduce that this network is mostly for "almost public" information. You can bet that really juicy stuff is stored elsewhere, and is only accessible from terminals within the same secure facility.

Probably our wannabe spy was punished more for his stupidity, rather than for leaking stuff that was actually useful to a foreign country. For all we know, the Libyan operatives to whom he was trying to sell the materials are laughing as loudly as we are...

Re:Is Intelink More Secure Than Enigma?

[grendelkhan]

The network itself is physically seperated from any other networks. The cabling and links are all a closed loop, it's just built using the same protocols and tools that the internet runs. The Register article mentioned that it now uses a digital signature file to restrict access to a "need to know" level set by the people who create user accounts.

The people who run this network are extremely paranoid about what you point out, so there are no access points that exist outside of secure installations. The network traffic itself is probably encrypted as well, but that's beyond my "need to know"

Re:Legitimate?

[grendelkhan]

Search and siezure, probably cause, unlawful confinement, and several others are all out the window for anyone in the military or subject to the Uniform Code of Military Justice.

Guilty until proven innocent.

Re:what type of security they're NOT teaching

[Zinho]

Actually, the DOD isn't in the business of teaching people how to be spies. Instead, they concentrate on creating a system where inadvertent security compromise is unlikely. Once the system is in place, they then train personnel on a system of best practices designed to both reduce information security risk and make it obvious when the procedures aren't followed. For example, I'm curious how the USAF member in question got the information out of the facility - those systems aren't supposed to have any removable media besides the hard disk (so it can be locked in the safe). That means no floppies, no zip drives, no CDRs, nothing. It would not surprise me if the facility he removed the information from were given a security audit in the near future.

It wouldn't surprise me either if the people he worked with were getting lazy about security - the periodic lectures on how to tell if one of your cow-orkers is spying generally get greeted with groans beforehand, snores during, and blank looks afterwards. It's laziness like that that allows security compromises to occur in the first place.

I heard a story once about someone who managed to get access to a DOD secure network. After he got busted they asked him how he had done it, and he anwered that he waited for someone to get lazy about procedure and do something not allowed by the "best practices" policies. He was convinced that if policy hadn't been broken that there would have been no way to get access.

And I complain about stupid users on _MY_ network...

Re:Is Intelink More Secure Than Enigma?

[fatbastard1001]

First of all, don't send email to quaddafi@intel.mil.lb. That is good advice for anyone, not just spies.

2) Use one-time pads. A DVD full of geiger counter readings will do a better job of fooling the spooks than any method that can be brute forced. If it can be brute forced, they will do it. NSA pays the salaries of more math Ph.D.s than anyone else on the globe. The only problem with the OTP is ridding yourself of the traces of the plaintext and noise (the DVD itself and residual memory on your box)

3) Remailers, public and private. I would have Country B set up clean cover companies in third countries (those Scandinavian countries are good). Send your mail to katrina@fakecompany.fi, let it get bounced around and rehashed with static. This should slow down the spooks a bit.

I hope this would take care of the secure data transmission end.

Remaining problems:
-getting the goods (unless you're the boss like Hanssen, don't get any secrets you wouldn't normally have access to anyway)
-getting paid (diamonds in a ziploc bag are fun to have around, but how are you going to spend them? Hanssen drove around in a beat-up minivan, b/c all his "l3wt" was in jewel form, or in a "secret account" in the SovUnion. If you show up at the office driving a Maserati, eyebrows are sure to raise)
-getting away (eventually they'll catch up to you, so you'll want to leave before they do. Where are you going to go? Libya? Talibanistan? The Sudan?)

In conclusion, let me say that spying is bad. We're the good guys (well, compared to Libya and Iraq). Put 15% of your salary into an IRA, and when you retire, you'll have your pension & a cool mil.

Re:Intellelink

*pounds head on desk*
Actually yes....there are banner ads. There's a banner share program thingy. It's all gov't related, but come on! And winky blinky flashy ones are allowed.

There is no escaping the banner ads.

Re:Intelligence Intranet(s)

As a matter of fact, you are correct in the assertion that there is more than one variant of Intelink. The most common variant is Intelink-S which is routed over a closed circuit encrypted WAN called SIPRnet (Secret Internet Protocol Network). Intellink-S (secret clearance) hosts mostly processed intelligence reports that are aimed towards analysts in various agencies. A higher echelon is Intelink-SCI (Top Secret clearance or better) which contains raw intel such as aerial photographs etc. All Intelnet variants are encrypted thmeselves as well as their SIPRnet rides, thus making the traffic encrypted several times over.

Access to terminals is very secure from a physical standpoint. For one any workstation connected to SIPRnet is expressly forbidden to be connected to ANY other network. Each user has an account with a digital security key which in turn limits his or her access to a strictly need-to-know basis. SIPRnet itself is a hardened, DoD maintained, all fibre backbone which maintains at least T-1 connectivity between terminals and is capable of carrying Tcp/IP, Voice over IP, Video Conferencing, Facsimile, as well as other digital traffic.

While theoretically it is impossible to physically compromise this setup terrestrially, one must remember that the military demands field access to intelligence. Remote access is acheived through the use of humvee-portable satellite system called Trojan Spirit-II. C, Ku, or X band uplinks can establish up to fourteen 512kbps channels with the various DoD WANs. As one could imagine these links are very heavily encrypted and utilize geostationary satellites whose exact keps are a secret in of themselves. But theoretically this really is the only weakness in that it is the only public channel through which this service is routed.

On top of this is TIPRnet which carries the highest-prioroity and most sensitive information. The author knows very little about this, besides the fact that all terminals which access it reside in vaults and require several stages of verification (ID, retinal scan, etc...) to enter.

Re:what type of security they're NOT teaching

[John+Jorsett]

He was convinced that if policy hadn't been broken that there would have been no way to get access.

There's always a way, even in very vigilant organizations, assuming you're willing to take the trouble and sustain the risks. An, ahem, acquaintence once wanted into a room that was protected by an electronic combination lock. He put invisible ultraviolet powder on the keys and went back a few hours later to see which had been rubbed off. It was a simple matter to try the limited number of combos to gain entry.