Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hack the Army, Brag About it, Get Raided

Posted by michael on from the stupid-is-as-stupid-does dept.

SunCrushr was one of many who submitted this. A security company called ForensicTec decided to explore the U.S. government's computer systems, with particular emphasis on the Army. They talked to the press and had their fifteen minutes of fame. And surprise surprise, they immediately got raided by the FBI. What did they expect?

14 of 382 comments (clear)

  1. Publicly breakly the law is dumb by mesocyclone · · Score: 4, Insightful

    even when what you are doing is reasonable!

    --

    The only good weather is bad weather.

    1. Re:Publicly breakly the law is dumb by RandomCoil · · Score: 4, Insightful
      so what about using MacroVision - disabling VCRs?
      how about speeding on highways?


      I think the obvious difference here is that when one uses Macrovision-disabling VCRs, one doesn't usually:
      a) Send the RIAA/MPAA an email letting them know
      b) Tell the press what an easy time you had doing it

      Likewise, when speeding on the highways, one doesn't usually give the local police a call to let them know.

      Furthermore, I don't know about you, but I expect the law to enforced consistently. You certainly don't want Al Qaeda claiming that knocking down the WTC and was just some proof-of-concept work they were doing to point out inadequacies of airport security in the US.
    2. Re:Publicly breakly the law is dumb by Copperhead · · Score: 5, Insightful
      Your analogy is wrong... Try this.

      You're walking down the street in front of the bank where you've got your accounts, and there is a "Closed" sign on the bank front door. You check the door, and it's unlocked, and all the lights are on. You open the door and walk in, and see that there is money laid out in piles, and the safe is open. You still don't see anyone, so you walk out the front door, and you call a press conference saying that the bank is unlocked.

      That is what happened.

      The silly part on their part was holding the press conference, not checking the door. In this analogy, I would have told the bank officials first. Then, I would have checked the door a few days later. If the door was still unlocked, then I would hold the press conference.

      --
      Your reality is lies and balderdash and I'm delighted to say that I have no grasp of it whatsoever. - Baron Munchausen
    3. Re:Publicly breakly the law is dumb by fferreres · · Score: 3, Insightful

      The thing is these people help secure your networks and and do not carry out any real destructive actions. After you put them in jail:

      1) Less of this "benign tumors" develop (SecureTech, etc)
      2) More of the "malign tumors" develop (Al Qaeda)
      3) Security is improved a bit but not revisited thereafter, making the mil computer even more vulnerable.

      If some guys tryed to divert a plane and flyby some densely populated scycrapers, then sept 11 would have never happened. Of course, nobody will try that because if the actually survive (ie: they dont get killed while trying) they will be killed after succeding (even though they would have preventing a tragedy).

      So as nobody has an incentive to try, because the penalty is so high, nobody does try. But then a real terrorist takes advantage because they don't care about FBI raids. They get in, an gather the information or many launch an Nuke (or something nasty) and that's it.

      I'd rather see these guys sentenced to work as free advisors to the mil for 10000 hours than be prosecuted. Actually, It'd be a good policy to offer rewards for hacing ANY mil computer (provided you do report inmediately and in proper way [ie: tell the mil, NOT the press]).

      --
      unfinished: (adj.)
  2. Comment removed by account_deleted · · Score: 3, Insightful

    Comment removed based on user account deletion

  3. Honestly, I'd have to say they were pretty dumb... by Qwerpafw · · Score: 4, Insightful
    See, first they point out that the Governement has flaws. Ooooh, criticising those in power... can be risky...

    Then they point out specific, make-people-lose-their-jobs flaws. The kind of thing congressmen would love to jump on in order to criticise incompetency. Do it on a widely-read medium. This pisses more people off.

    Then make very clear how you did specific illegal acts, giving those you just pissed off a great and simple way to get back at you.

    Why not just walk right into jail...? I mean, its like spitting in the face of a police officer who is holding a gun, insulting them, and then making a threatening move while simultaneously pulling out a joint and smoking it. You might as well hand them the rubber hose...

    Why taunt someone and then give them an excuse to hurt you? To gain acclaim? Fame? Real hackers are not out to get publicity, but rather to expose vulnerabilities and try to fix them.

    Whats this you say? You sympathise with the "security firm?" well, take this quote into account:
    The consultants, inexperienced but armed with free, widely available software, identified unprotected PCs and then roamed at will
    I dunno about you, but that would be my definition of script kiddie. Especially someone who then brags about it for publicity.
  4. Re:Shooting the messenger? by ergo98 · · Score: 4, Insightful

    Do you really think that these rather amateur (or so it seems) security consultants were the first to find these lapses in security? I highly doubt it. Perhaps it was beneficial that they were so public about it simply because it makes it a lot harder to ignore.

    And regarding the IT being busy doing other things: If they can't secure the network then they should _GET_OFF_THE_BLOODY_INTERNET_. I'm 100% serious. There are countless government computers and networks that are theoretically publicly accessible with absolutely no justifiable reason but that it was easier for the IT department.

  5. Re:Shooting the messenger? by brooks_talley · · Score: 3, Insightful

    So, you wouldn't mind if I did a little security research on your home while you're away at work -- or, better yet, in the middle of the night when you *are* at home?

    I mean, I wouldn't actually steal anything. Just rifle the place a bit, see what you've got, that sort of thing. Then, I might call the press and see if they're interested in doing a story about the level of security at [insert your address here].

    I'm sure you'd appreciate the free research, right?

    Cheers
    -b

  6. Re:What is wrong with you all? by brooks_talley · · Score: 5, Insightful

    You're right. It's not like breaking into someone's house, stealing their stuff, then telling them they need a new lock.

    It *is* like breaking into someone's house, going through their papers and files, then telling the local newspaper that this particular house has a crappy lock that's easy to break into.

    Can you justify that?

    As for whether "every" group that hates the US has already broken into Army computers, I wouldn't speculate on that. I would say, though, that these folks sure helped anyone who hasn't done so already pick an easy target. How patriotic, eh?

    Yes, it could have been worse. However, what they did was 1) illegal (isn't everything these days?), 2) stupid, and 3) amateur. You can almost always get away with one out of those three. Often with two out of the three. Go for three out of three, though, and you're going to see some trouble.

    -b

  7. Re:Shooting the messenger? by DarkZero · · Score: 3, Insightful

    Why even use the real world analogy? How many of us wouldn't be pissed if we got an e-mail saying, "Hi, I cracked your security and got into your computer via --some exploit--. You might want to patch that. Also, some of your financial records are inaccurate, and the girl in 'sylvia_saint_fucking_and_sucking.avi' in the 'C:\Private\GodIHopeMyWifeDoesn'tSeeThis' directory isn't Sylvia Saint, but actually a lesser known porn star. Nice collection, BTW."

    I'd want the guy prosecuted for breaking into my personal property and I believe that a lot of you would, too. Why do we expect a lenient, "please, invade our property some more, sir" attitude from anyone else?

  8. Re:Honestly, I'd have to say they were pretty dumb by Planesdragon · · Score: 4, Insightful

    Well they gotta make a point. If the government can monitor our phone calls, internet emails, conversations, etc. then why can't we spy on the government to? Or does the governemnt thinks that its better than us and that it got more rights than us?

    The government is us. When you or I deal with the will of the people, we are not forced to do so by the whim of the crowd, but by the powers elected and appointed to speak for and act in the interests of the people.

    The government, as a nebulous nonpersonal entity, is a slave to every one of its citizens, and exists for no other purpose than for the well being of those it serves.

    The problem, of course, arises in that "the government" may be an inpersonal slave, but the people who run the government are very personal, flawed, human beings. It is these people who are put in power that are watched--and they're watched by other people in power who got put there different ways and across different levels, until we get back to the elected representatives and the voters en masse.

    If you take away the government's unique right to spy & investigate with legal warrant, documentation, and accountability, (see: the FBI getting smacked for lying to judges), then you're left with either an illicit society of secrets ("If no one can see me do it, then I can get away with it") or a distopian society of eternal spying.

    I would rather have some suit who's salary is paid for by my taxes spying on me than some random looney off the street.

    Oh--and you (assuming that you're an American citizen) CAN spy on the government. You just need to do it with a time delay. Ever hear of FOIL? The fourth branch of government? The @#$ing drudge report? (slashdot?)

  9. Re:Should be rule #1 by Nogami_Saeko · · Score: 3, Insightful

    The point here is that the company made the army security specialists look like idiots to their superiors.

    In all probability, they would've prefered to stay vulnerable if it meant saving face.

    Typical tactic. When you expose their piss-poor security, they scramble for cover and instead of acknowledging that they don't know security from a hole in the ground, immediately accuse the people who exposed their incompetence.

    --
    "Nothing strengthens authority so much as silence." - Charles de Gaulle
  10. "If they broke into the base..." by tlambert · · Score: 3, Insightful

    "If they broke into the base, photocopied some records, and bragged about it noone would have even thought twice about their arrest."

    Putting a file on a computer directly on the Internet is a far cry from putting a file in a locked file cabinet in a locked office in a secured building on a military base whose gates are protected by armed military personnel.

    It much more like putting a file in a locked file cabinet in a public park.

    -- Terry

  11. Close but not quite... by Scratch-O-Matic · · Score: 4, Insightful

    Although I suspect that we are on opposite sides of this issue, I do think that your analogy is mostly correct. But you need to add the fact that you sat down at several of the desks, opened the files, and read them for a few hours. Loan agreements, account records, etc.

    Prosecution is completely appropriate. Let's not forget that the "seriousness" of the actual offense should be reflected in the sentence, eg. a fine and a few weeks in jail rather than years in the slammer.

    --


    Evil is the money of root.