Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mapping The CIA Nonclassified Network

Posted by ryuzaki0 on from the fun-with-data-extrapolation dept.

jeffy124 writes "A security firm Matta Security in London has mapped the CIA non-classified network. Using only legal and open sources, the company mapped topology of machines and even found networks otherwise closed to the public. The company never port scanned or probed the network directly. Among items they found were emails and phone numbers of sys admins and other employees. Amazingly, they did all this in two days."

3 of 242 comments (clear)

  1. good link on legality of port scanning by zkosky · · Score: 5, Informative

    A link that has some good info on the legality of port scanning is: Journal of Technology Law and Policy
    If you take the time to read it, there is a bunch of interesting stuff in it. Just do a page search for "port" and you'll get to the cool stuff.

  2. Original PDF Report by Alien54 · · Score: 5, Informative
    It doesn't look like the information they gathered alone is really anything remarkable

    Exactly. It is the typical information that any sysadmin from the outside. The graphic diagramming the networking layout shows nothing remarkable.

    You can seen the original report in PDF format here, with _all_ of the juicy details.

    Which is funny, because the link is not directly accessable from the main site.

    talk about security.

    --
    "It is a greater offense to steal men's labor, than their clothes"
  3. Re:Anyone else notice the Lotus Domino Server by Cedric+C.+Girouard · · Score: 5, Informative
    Because Lotus Notes and Lotus Domino is the only mail product that gives email administrators zero access to information within mail files. Each Notes database has an access control list, and you can specify who's on it. The mail server can have "depositor" access, which means it can only place information inside the database. The database can also be encrypted so that only the server can read it -- meaning someone has to steal a copy of the database itself off of the file system, in order to have a chance at decryption.

    Little known fact: The password entry box you get when logging in to a domino client/server setup with the 4 little hieroglyphs, is a CIA-requested add-on. That and the random amount of X's you get when you punch in the password.

    Also, stealing a copy of the database will not help you if persistent ACL's were set up.

    Other nice features of Domino is that you can have multiple level of access within each documents, meaning that group XYZ would have read access to the entire document, while group XY would only get 2/3rd of the forms in it, and group X would get only 1/3rd of the forms within the document.

    Reasons why they're not using Exchange ? Well... Exchange did never get its security clearance...

    --

    Marriage is considered capital punishment for the theft of a goat in some third world countries...