Slashdot Mirror
Real Cyber-Spying
phr1 writes: "Kevin Poulsen has an article at The Register about a USAF sergeant arrested for emailing classified info to "Country A" (apparently Libya). The guy was something of a bozo, using free webmail accounts from locations near his home to email the stuff. It's an interesting read about a legitimate (for once) cyber-bust."
hmm, so they do have some backdoors in the encryption used.
(Or they just got the key from the first email.)
Unless, of course, the FBI gets a search warrant, raids your house and copies your secret key from your hard drive (or floppy disk, if you've tried to be that careful).
Or would they have to have a search warrant at all. Just carry out in illegal search, copy the key and just claim in court that you cracked the encryption using a new, classified method that cannot be revealed "for obvious reasons" (as in the keyboard logger case).
If I actually grimaced when I read this word, I later realized that a soldier doesn't have as many privileges as a civilian.
For example, he doesn't have the right to refuse anything, nor to have much privacy.
In this case, we could then consider that it is legitimate as it was a soldier who was "monitored".
Trolling using another account since 2005.
Hmmm ....
:-)
He's worked in a high-security job, and he's been a sysadmin, yet he can't work out how to encrypt a message properly? Not clever.
Perhaps that's the solution to national security - instead of trying to stop people using encryption, just employ people too stupid to cover their tracks properly
Whenever you read on of thse stories, the people involved don't sound all that bright. It's a far cry from James Bond, anyway -- more like Amway gone bad.
InstaPundit! Ahead of the Curve Since 30 Minutes Ago
Arrested spy Brian Regan has initiated legal proceedings against the FBI under the DMCA ruling.
..."
"While it is legal in special circumstances to reverse engineer my private messages to Libya - it was clearly illegal in this case. If the FBI start decrypting all messages from spies, then there is nothing to stop them posting them on the Internet for other countries to download for free. How do they expect spies to make a living then? There claim that they had a right to access these photos and that it was only for their private use just doesn't cut it
The Intelink network mentioned in the article sounds pretty wild, but I'm a little suprised it just uses standard tcp/ip tools (and that each dept is responsible for it's own servers, and can choose what server software they want to use). Seems like it would be so easy to misconfigure something, or for an intruder who can get onto the physical network to exploit holes in the server software to gain more access than is allowed.
And what happens when a bumbling FBI agent hooks up a wireless LAN base station so he can surf Intelink on his laptop? Doh!
The referenced article had a link to the best demo I've seen so far about the US Government's "separate" internet called Intelink that links intellegence agencies. This is where our spy got his material he tried to sell - online, not from an old-style combination safe. Intelnet is supposed to be totally isolated from the "regular" internet (yeah, right, anybody got a connecting URL?) but it's got 250,000+ users. How can the security on this thing be airtight enough to entrust US secrets to it? A few nights ago I watched the Nova rerun about Bletchley Park breaking the Nazi Enigma code and the point was made over and over that the Brits got toeholds into breaking the code by flaws in the way the Germans in the field actually used the Enigma on a day-to-day basis. Aren't we setting ourselves up for exactly the same thing with a quarter-million users out there? Yo, some Slashdot user who has access to this thing - tell us what administrative security is in force! Also, this guy went to his public library and logged onto free email accounts to transfer his information - what should he have done? What is the next way a spy will use the regular internet as an anonymous deaddrop more successfully than Sgt Regan?
Your secret key being lost does not make the encryption readable. From the PGP FAQ:
l #3 .10
http://www.uk.pgp.net/pgpnet/pgp-faq/faq-03.htm
3.10 If my secret key ring is stolen, can my messages be read?
No, not unless they have also stolen your secret pass phrase, or if your pass phrase is susceptible to a brute-force attack. Neither part is useful without the other. You should, however, revoke that key and generate a fresh key pair using a different pass phrase. Before revoking your old key, you might want to add another user ID that states what your new key id is so that others can know of your new address.
The pass phrase is susceptible either to the brute force method (or, if you're really paranoid, to the "rubberhose" method).
As someone who lives in the D.C. area, I run into alot of retired 20yr/career military types who are "double dipping" (local vernacular for someone taking a pension while working). I didn't realize spying was an option.
... moreover, to do it in a town which is chock full of feds looking for the big bust. Man, this guy did everything but walk in front of the Hoover building with a sandwhich board that read "Hi I'm Brian. Come Spy with Me".
What I find most interesting is whow BAD a spy this guy was. Going back to the same account nine times ? Especially regularly using, and repeatedly ging back to local public libraries, where all activity is recorded and logged for just such abuses ? Where the library's access to the network is often via some other local government agency or educational institution ?
And the list of stupidity goes on. Including continuing with the same Modus Operendi after making the initial contact via the internet
The entire incident is mind boggling and makes me wonder what type of security they're NOT teaching our USAF boys in blue.
healyourchurchwebsite.com - WWJB?
Search and siezure, probably cause, unlawful confinement, and several others are all out the window for anyone in the military or subject to the Uniform Code of Military Justice.
Guilty until proven innocent.
Wu-Tang Name: Half-Cut Skeleton Get your own Wu-Na
Well, as a sort-of US of A. authority at Intelink, I can assure you that we have a top-notch security and stuff here. As a matter of Fact, we just hired some pretty keen security-guys from Russia, and some step-overs from China.
One example of our high security is that we use exclusively Adobe PDF personalized format for exchanging information within.
We also recently upgraded our PKI infrastructure to support ROT-14 encrypting method, which makes the "bits of key" ("standard" being 128bit) effectively 8*bytes of encrypted message.
More information can be gained from www.intelnet.gov.
FYEO.
Rojer Saramantch,
SPR, Intelnet.
fucktard is a tenderhearted description
What the article doesn't adequately address is the issue of just how the FBI first got wind of Regan's activity. It's an interesting question, one that should give pause to anyone considering providing information to third parties as a way of supplementing a meager government pension.
Come to think of it, the initial discovery steps are never addressed in the popular reporting of spy incidents, and since most cases either never make it to court or contain "sensitive material" that is not accessible to those not in the loop (that usually involves defense lawyers). Somehow though, I get the impression that foreign agencies are so thoroughly penetrated by American intelligence that spying against the US is a death wish. You will be sold out by your contact in Moscow or Tripoli who probably makes $100 a month and dreams of nothing better than retiring in the States with an American government pension. Either that, or the powers that be monitor all communications to an extent that even Slashdot readers would find unbelievable, so that anything even remotely secret that goes over the wire or the ether is read, catalogued and forwarded to the competent authorities.
This just goes to show, that real criminals aren't all that bright. Note, to the DOJ (or JAG, or whoever): Crimminals are not smart people, or they wouldn't be criminals - therefor, don't waste your time trying to bring unwinable cases against relitively honest people; instead go and win cases against patently dishonest (and in this case treasonus)people. It'll make everyone feel better. The American people will have their confidence in the justice system, and the prosecutord will win a lot of cases. It's a win-win situation.
--CTH
--Got Lists? | Top 95 Star Wars Line
I'm no foreigner so don't nuke me for what I'm about to say......... I would HOPE that our members of "US Intelligence" would be somewhat knowledgeable when it came to the topic of encryption. I am under the assumption that this bum's messages were not cracked by a government employee but rather some "cracker" with a trivial brute force method. From personal experience, only a small handful of people involved with the government would have the brain power to attempt such a feat. (let alone think they could get away with it scott-free.)
Now this is "military intelligence" at its finest.
it's just built using the same protocols and tools that the internet runs.
Do they have Slashsites?
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
That is exactly why I memorize my PGP key. Sometimes it takes me 2 minutes to type the whole thing in from a terminal.
It's a lot safer in my head. And if they try to MAKE me tell them, by the time I become submissive the numbers will jumble together and I will have forgotten it. Can a floppy do that? I think not.
-S
We Apprentice Developers and Designers
Actually, the DOD isn't in the business of teaching people how to be spies. Instead, they concentrate on creating a system where inadvertent security compromise is unlikely. Once the system is in place, they then train personnel on a system of best practices designed to both reduce information security risk and make it obvious when the procedures aren't followed. For example, I'm curious how the USAF member in question got the information out of the facility - those systems aren't supposed to have any removable media besides the hard disk (so it can be locked in the safe). That means no floppies, no zip drives, no CDRs, nothing. It would not surprise me if the facility he removed the information from were given a security audit in the near future.
It wouldn't surprise me either if the people he worked with were getting lazy about security - the periodic lectures on how to tell if one of your cow-orkers is spying generally get greeted with groans beforehand, snores during, and blank looks afterwards. It's laziness like that that allows security compromises to occur in the first place.
I heard a story once about someone who managed to get access to a DOD secure network. After he got busted they asked him how he had done it, and he anwered that he waited for someone to get lazy about procedure and do something not allowed by the "best practices" policies. He was convinced that if policy hadn't been broken that there would have been no way to get access.
And I complain about stupid users on _MY_ network...
"Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin
Do you think this top secret network includes top secret pop-up adds? If I worked for the CIA, that would make me pretty mad.
As a matter of fact, you are correct in the assertion that there is more than one variant of Intelink. The most common variant is Intelink-S which is routed over a closed circuit encrypted WAN called SIPRnet (Secret Internet Protocol Network). Intellink-S (secret clearance) hosts mostly processed intelligence reports that are aimed towards analysts in various agencies. A higher echelon is Intelink-SCI (Top Secret clearance or better) which contains raw intel such as aerial photographs etc. All Intelnet variants are encrypted thmeselves as well as their SIPRnet rides, thus making the traffic encrypted several times over.
Access to terminals is very secure from a physical standpoint. For one any workstation connected to SIPRnet is expressly forbidden to be connected to ANY other network. Each user has an account with a digital security key which in turn limits his or her access to a strictly need-to-know basis. SIPRnet itself is a hardened, DoD maintained, all fibre backbone which maintains at least T-1 connectivity between terminals and is capable of carrying Tcp/IP, Voice over IP, Video Conferencing, Facsimile, as well as other digital traffic.
While theoretically it is impossible to physically compromise this setup terrestrially, one must remember that the military demands field access to intelligence. Remote access is acheived through the use of humvee-portable satellite system called Trojan Spirit-II. C, Ku, or X band uplinks can establish up to fourteen 512kbps channels with the various DoD WANs. As one could imagine these links are very heavily encrypted and utilize geostationary satellites whose exact keps are a secret in of themselves. But theoretically this really is the only weakness in that it is the only public channel through which this service is routed.
On top of this is TIPRnet which carries the highest-prioroity and most sensitive information. The author knows very little about this, besides the fact that all terminals which access it reside in vaults and require several stages of verification (ID, retinal scan, etc...) to enter.
There's always a way, even in very vigilant organizations, assuming you're willing to take the trouble and sustain the risks. An, ahem, acquaintence once wanted into a room that was protected by an electronic combination lock. He put invisible ultraviolet powder on the keys and went back a few hours later to see which had been rubbed off. It was a simple matter to try the limited number of combos to gain entry.
More information is available at the Washington Post article
Treason is treason, he betrayed his country and like all others who commit treason, should be executed. No questions asked, money back guarantee. Shoot the fscker.
No one ever mentioned the idea, if the criminal was smart, we probably wouldn't know about it and he would be living comfortable some place.
If we don't make light of everything, we are just stumbling in the dark - Blank