Slashdot Mirror

← Back to Stories (view on slashdot.org)

Real Cyber-Spying

Posted by michael on from the a-little-knowledge dept.

phr1 writes: "Kevin Poulsen has an article at The Register about a USAF sergeant arrested for emailing classified info to "Country A" (apparently Libya). The guy was something of a bozo, using free webmail accounts from locations near his home to email the stuff. It's an interesting read about a legitimate (for once) cyber-bust."

4 of 161 comments (clear)

  1. Re:Crypto-foolish by Kryptonomic · · Score: 4, Insightful
    I mean, use a 2048-bit PGP key, and you'll probably be home free...

    Unless, of course, the FBI gets a search warrant, raids your house and copies your secret key from your hard drive (or floppy disk, if you've tried to be that careful).

    Or would they have to have a search warrant at all. Just carry out in illegal search, copy the key and just claim in court that you cracked the encryption using a new, classified method that cannot be revealed "for obvious reasons" (as in the keyboard logger case).

  2. Is Intelink More Secure Than Enigma? by cybrpnk · · Score: 5, Interesting

    The referenced article had a link to the best demo I've seen so far about the US Government's "separate" internet called Intelink that links intellegence agencies. This is where our spy got his material he tried to sell - online, not from an old-style combination safe. Intelnet is supposed to be totally isolated from the "regular" internet (yeah, right, anybody got a connecting URL?) but it's got 250,000+ users. How can the security on this thing be airtight enough to entrust US secrets to it? A few nights ago I watched the Nova rerun about Bletchley Park breaking the Nazi Enigma code and the point was made over and over that the Brits got toeholds into breaking the code by flaws in the way the Germans in the field actually used the Enigma on a day-to-day basis. Aren't we setting ourselves up for exactly the same thing with a quarter-million users out there? Yo, some Slashdot user who has access to this thing - tell us what administrative security is in force! Also, this guy went to his public library and logged onto free email accounts to transfer his information - what should he have done? What is the next way a spy will use the regular internet as an anonymous deaddrop more successfully than Sgt Regan?

  3. Re:Crypto-foolish by nabucco · · Score: 5, Interesting

    Your secret key being lost does not make the encryption readable. From the PGP FAQ:

    http://www.uk.pgp.net/pgpnet/pgp-faq/faq-03.html #3 .10

    3.10 If my secret key ring is stolen, can my messages be read?
    No, not unless they have also stolen your secret pass phrase, or if your pass phrase is susceptible to a brute-force attack. Neither part is useful without the other. You should, however, revoke that key and generate a fresh key pair using a different pass phrase. Before revoking your old key, you might want to add another user ID that states what your new key id is so that others can know of your new address.

  4. Re:Crypto-foolish by viper21 · · Score: 5, Insightful

    That is exactly why I memorize my PGP key. Sometimes it takes me 2 minutes to type the whole thing in from a terminal.

    It's a lot safer in my head. And if they try to MAKE me tell them, by the time I become submissive the numbers will jumble together and I will have forgotten it. Can a floppy do that? I think not.

    -S

    --

    We Apprentice Developers and Designers