Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mapping The CIA Nonclassified Network

Posted by ryuzaki0 on from the fun-with-data-extrapolation dept.

jeffy124 writes "A security firm Matta Security in London has mapped the CIA non-classified network. Using only legal and open sources, the company mapped topology of machines and even found networks otherwise closed to the public. The company never port scanned or probed the network directly. Among items they found were emails and phone numbers of sys admins and other employees. Amazingly, they did all this in two days."

13 of 242 comments (clear)

  1. Portscanning? by LWolenczak · · Score: 5, Insightful

    Last I checked, Portscanning was legal?

    1. Re:Portscanning? by Monkelectric · · Score: 5, Interesting
      Im a sysadmin for a major university, and I can tell you first hand that even pinging will get you a letter from the agency you pinged.

      One of my users decided to ping a DOD (department of defense) computer ... he pinged it, and a few days later we got an email from them asking us A: if we have been compromised B: if we hadn't please dont do it again. The letter was very courtious, and explained they understand that pinging in itself is not illegal or not even unusual, the real point was to inform us that we may have been compromised (prolly a good idea). A buddy of mine who works for the air force claims if you ping an air-force server, armed FBI agents will appear at your door quickly ... Obviously I am unwilling to test this :)

      --

      Religion is a gateway psychosis. -- Dave Foley

    2. Re:Portscanning? by brer_rabbit · · Score: 5, Funny

      what's the worse that could happen?

      % ping hidden.airforce.mil
      PING hidden.airforce.mil from 192.168.1.4 : 56(84) bytes of data.
      64 bytes from hidden.airforce.mil: icmp_seq=0 ttl=57 time=20.871 msec fbi_agents_in=10
      64 bytes from hidden.airforce.mil: icmp_seq=1 ttl=57 time=19.560 msec fbi_agents_in=9
      64 bytes from hidden.airforce.mil: icmp_seq=2 ttl=57 time=20.497 msec fbi_agents_in=8
      64 bytes from hidden.airforce.mil: icmp_seq=3 ttl=57 time=20.820 msec fbi_agents_in=7
      64 bytes from hidden.airforce.mil: icmp_seq=4 ttl=57 time=19.732 msec fbi_agents_in=6
      64 bytes from hidden.airforce.mil: icmp_seq=5 ttl=57 time=20.805 msec fbi_agents_in=5
      64 bytes from hidden.airforce.mil: icmp_seq=6 ttl=57 time=19.830 msec fbi_agents_in=4
      64 bytes from hidden.airforce.mil: icmp_seq=7 ttl=57 time=20.770 msec fbi_agents_in=3
      64 bytes from hidden.airforce.mil: icmp_seq=8 ttl=57 time=19.781 msec fbi_agents_in=2
      64 bytes from hidden.airforce.mil: icmp_seq=9 ttl=57 time=20.790 msec fbi_agents_in=1

      --- hidden.airforce.mil ping statistics ---
      10 packets transmitted, 10 packets received, 0% packet loss, 100% user loss
      round-trip min/avg/max/mdev = 19.560/20.345/20.871/0.541 ms

  2. Not that impressive by fiber_halo · · Score: 5, Insightful

    I wouldn't say that they mapped the CIA's network. Sure, they found some machine names that route mail. Big deal. I'll bet more that half of the slashdotters here could have gotten the same (or more) information. I don't see how knowing what machines route mail pose any security threat. Anyone outside the network could just look at their mail headers and see what internal machines were used to forward the mail.

    If someone can get classified information from CIA via social engineering, I'd say someone needs to be retrained. These guys should be on the lookout for that at all times.

    1. Re:Not that impressive by Happy+go+Lucky · · Score: 5, Insightful
      Social engineering is by far the most cost-effective way to run an intelligence agency. I'll let you spend billions on fancy software and hardware. I'll spend a grand on a hooker to wink at one of your sysadmins - and I've got all the access I want.

      A few years ago, Archer-Daniels Midland actually did try to hire a few hookers to get some market information from a competitor. The plan got scrapped when nobody could keep a straight face at the thought of some lady of the evening moaning "f--- me! F--- me! Harder! What's your method for removing impurities from lysine? Oh, god, harder!"

      But I agree with paiute. It's people who have information, and getting information means getting it from people. Sending them hookers who then blackmail them is one option-a US Marine assigned to our embassy in Moscow fell for that back in the 80's.

      And a lot of people will talk just because. Rajid at the 7-11 (not flamebait-that's really his name), a half-dozen homeless guys, and a handful of "undocumented workers" who are just as happy that the gringo cop speaks Spanish and doesn't know INS' phone number like to talk about what goes on in one particular neighborhood, and that includes talking to cops who want to buy coffee at 3AM (mainly me) and as a result I know pretty much everything that happens within two blocks of that 7-11.

      It's all about people, and knowing how to listen to them. If the CIA had the good sense to hire street cops, semi-experienced newspaper reporters, multilingual cabdrivers, and a very few really good clinical psychologists to send overseas, they'd be able to tell us what kind of lube Osama bin Laden uses when he has relations with his goats, whether Jiang Zemin really is a pedophile or if that's just office gossip, if there's another reason why Vladimir Putin is cranky this week, and where the communist guerillas in Colombia buy their cigarettes. The really REALLY good information-gatherers know that they need to talk to people instead of wasting money on techno-toys.

  3. Big deal! by shyster · · Score: 5, Insightful
    Big deal! So they managed to map their public space and their mail servers on the inside. All of this is pretty easy to find out and is hardly supposed to be a secret.

    As for the email addresses and sysadmin names, I really don't think that's a big deal.

    "Simply knowing the names and e-mail addresses that Matta turned up would be enough for some social engineers to get the rest of the information necessary to mount an attack,"

    Guess we better stop posting our email addresses and names! And, god forbid, get rid of your business cards! And don't forget your whois information!!!!

    If that's really an avenue to social engineering, then we're all in trouble.

  4. PH34R MY SK1LLZ by spoonist · · Score: 5, Funny
    h3y d00dz!

    nslookup -q=mx www.cia.gov

    - m4tt4 s3cur1ty 1337 h4x0r

  5. Re:So what? by kafka93 · · Score: 5, Insightful

    Social engineering is probably *the most* dangerous form of attack, as well as the most often overlooked from a defensive standpoint. Although the webmaster may not directly have details of russian agents, to use your example, he may have access to information that might compromise the security of the entire system. From my admittedly limited experience, the military and other "important" organisations are often little better prepared for attacks than the average web startup: even where great care and attention has been given to firewalls and the like, there will still exist employees who will disclose information, and there is still always the capacity for human error.

    Besides, addressing this kind of issue "when someone breaks in" is too late. And it's important that the civilian be aware of and take an interest in problems in its government, police force, legal system, etc.

  6. good link on legality of port scanning by zkosky · · Score: 5, Informative

    A link that has some good info on the legality of port scanning is: Journal of Technology Law and Policy
    If you take the time to read it, there is a bunch of interesting stuff in it. Just do a page search for "port" and you'll get to the cool stuff.

  7. Original PDF Report by Alien54 · · Score: 5, Informative
    It doesn't look like the information they gathered alone is really anything remarkable

    Exactly. It is the typical information that any sysadmin from the outside. The graphic diagramming the networking layout shows nothing remarkable.

    You can seen the original report in PDF format here, with _all_ of the juicy details.

    Which is funny, because the link is not directly accessable from the main site.

    talk about security.

    --
    "It is a greater offense to steal men's labor, than their clothes"
  8. Anyone else notice the Lotus Domino Server by Anonymous Coward · · Score: 5, Interesting

    version 5.0.6a

    Why you may ask?

    Because Lotus Notes and Lotus Domino is the only mail product that gives email administrators zero access to information within mail files. Each Notes database has an access control list, and you can specify who's on it. The mail server can have "depositor" access, which means it can only place information inside the database. The database can also be encrypted so that only the server can read it -- meaning someone has to steal a copy of the database itself off of the file system, in order to have a chance at decryption.

    1. Re:Anyone else notice the Lotus Domino Server by Cedric+C.+Girouard · · Score: 5, Informative
      Because Lotus Notes and Lotus Domino is the only mail product that gives email administrators zero access to information within mail files. Each Notes database has an access control list, and you can specify who's on it. The mail server can have "depositor" access, which means it can only place information inside the database. The database can also be encrypted so that only the server can read it -- meaning someone has to steal a copy of the database itself off of the file system, in order to have a chance at decryption.

      Little known fact: The password entry box you get when logging in to a domino client/server setup with the 4 little hieroglyphs, is a CIA-requested add-on. That and the random amount of X's you get when you punch in the password.

      Also, stealing a copy of the database will not help you if persistent ACL's were set up.

      Other nice features of Domino is that you can have multiple level of access within each documents, meaning that group XYZ would have read access to the entire document, while group XY would only get 2/3rd of the forms in it, and group X would get only 1/3rd of the forms within the document.

      Reasons why they're not using Exchange ? Well... Exchange did never get its security clearance...

      --

      Marriage is considered capital punishment for the theft of a goat in some third world countries...

  9. Re:So what? by monkeydo · · Score: 5, Insightful

    First, anyone who answers the phone at the CIA is trained not to tell you anything. For that matter, they don't know anything. Everything os compartmentalized, computer systems, intelegence, even people. Social engineering on the scale you mention usually doesn't happen in the wild. Social engineer as a hacker technique is popular because of the low risk exposure. If you are a team hired by the AF to try and steal a plane you have zero risk no matter what you try, so you'll do some things no one would do in real life.

    Second, do you really think the CIA uses username/password authentication for *anything*? Think smartcards, one time key generators, palm scanners, etc. I guarantee there isn't a single secure system you can get into without at least a token and a passphrase. The most secure systems require multiple authentications. Hello, we're are talking about the largest *inteligence* agency in world.

    --
    Si vis pacem, para bellum
    The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian