Slashdot Mirror
Hack the Army, Brag About it, Get Raided
SunCrushr was one of many who submitted this. A security company called ForensicTec decided to explore the U.S. government's computer systems, with particular emphasis on the Army. They talked to the press and had their fifteen minutes of fame. And surprise surprise, they immediately got raided by the FBI. What did they expect?
While I think these guys should be held accountable, at the same time I wonder in the heavy hand of the law is a case of shooting the messenger? Are these people who are so willing to call in the feds equally as willing to actually fix the source of the problem, or are they hoping that by pretending there's no problem it achieves the same effect? Color me a cynic, but I suspect the latter.
Well they gotta make a point. If the government can monitor our phone calls, internet emails, conversations, etc. then why can't we spy on the government to? Or does the governemnt thinks that its better than us and that it got more rights than us?
I say enough is enough and its time for a change.
They way they should have gone was
1: Hack whatever.army.mil
2: Post anonomously to slashdot regarding army's computer problems.
3: Request "large_num" security agreement, else will release to usenet, BugTrac, Slashdot, many newspapers, magazines....
4: Release anyways.
I placed an unpatched Windows machine on the internet with no firewall protection whatsoever and shared the Inetpub directory. I wanted to know, how long it'll take before someone decides to crack into my machine. Sure enough, it took only two days.
This test really made me realise that there are plenty of crackers and criminals out there that are waiting for a chance to get into your PC.
The point I want to make is that, I'm sure those army computers have been accessed by crackers plenty of times before.
I broke into the bank cause I thought I was doing a service to my bank account and my bank members to make it more secure.
Was that reasonable ?
Cough cough.
idiots. They should ship them to afghanastan.
If they broke into the base, photocopied some records, and bragged about it noone would have even thought twice about their arrest. But now that it is electronic it is of some sort of interest to Slashdot? Very sad.
Look if you want the virtual world to be treated like the real world (privacy, source code = speech, etc) then you have to accept it works both ways. Breaking in electronically is the same as physically. It doesn't matter how "weak" the security is. Just because I can throw a brick through a window and rob a store, doesn't mean it is somehow the store's fault for having windows.
And sure I am concerned about military security. And it is disturbing someone could hack into it. But that doesn't give ForensicTec the right to go hacking it. I'm worried about airline security but I can't take it upon myself to see if I can get a gun through security.
Brian Ellenberger
Ever dream you could fly? Get up from the Flight Sim. I Fly
Any chance?
Well, Army will not answer, of course ;)
No, they were not breaking into someone's house. They were walking into an open unguarded government office, and picking up some confidential documents lying on the desk. I believe that confidential documents are traditionally behind locked doors and guards to keep such a thing from happening.
Can you justify that?.
How can you argue that it is acceptable to leave confidential document in an unlocked, unguarded office for anyone to take. Do you live in the real world where confidential documents are securely stored, or in la la land where everyone is trusted to follow the rules?
In this case, the government has not fulfilled their mandate to guard the security of the U.S. and it's citizens. A Citizen of the U.S. discovered this, and went to the press. Citizens of the U.S. have that right.
The Government also has the right to find some way to punishing these citizens for exposing Government incompetence. A cynic would say that was to expected. A more rational person would hope his or her government would spend some time trying to solve the problem instead of engaging in a cover-up. This is especially true as we are suppose to protect whistle blowers to ferret out corruption, although I realize the Bush administration is intent on hiding behind homeland security.
I certainly am not saying that what these people did was strictly legal, but I would hope the U.S. government would take security a bit more seriously. I understand it is a learning curve.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
If they had reported this to the army it would have never been made public, and they might have been arrested anyway. The only thing I think they should have done differently is get a Senator involved before going to the media, it would have given them some cover. Seriously though they should be given a congressional metal of honor for bravery for informing us of the lax security.
I used to live near a couple military bases so I know it's not exactly geniouses running the place. But they are a very organized bunch and I would have expected a policy on passwords, and that in that culture it should be easy to enforce. Password crackers shouldn't work on the military. Someone who leaves a password of "password" or "administrator" on a computer should be dishonorably discharged at the very least. If any of those machines exposed sensitive data they should get at least a few years on a slab of concrete in Cuba.
The dirty little secret of the military is that sensitive information is a lot more important than classified stuff. Engineering data that was classified in 1950, that made it into every textbook by 1960, is still locked in a safe at night because it's too much work to declassify anything. The day to day functioning of the military tells any enemy everything they might care about and that never gets classified.
Hey even the top secret nuclear stuff doesn' really matter since the information to build a nuke was long ago published, and the high tech stuff the US and Russia have isn't of interest to anyone. It's already expensive to build a nuke that takes out Manhattan, building one that takes out the Jersey City in the same hit is just a waste of money. But what kind of gas masks are being packed for the attack on Iraq, well that could be useful.
The bitch to bureaucracies and incompetence is that that a successful bureaucrat covers it up. And often anybody who would make the appropriate whistle-blower is ass-deep in alligators already with all the other crap that's on their plate because their IT budget can't handle proper staffing.
So... sure. Maybe someone does need to make something happen. They need to point a finger. They need to embarrass the bureaucrats in to fixing what is broke. Maybe this kind of act is the Right Thing.
So how does one pull this off? Make the run, collect evidence, find a reputable journalist (No... really) you can trust, and then anonymously dump the evidence in to their laps. Maybe drop it in to a couple journalists' laps just to make sure the story doesn't turtle at that point. When the story hits the papers, nod quietly at your civic duty done and hope that nobody can ever trace it back to you.
You do NOT use this as a vehicle for self-promotion.
Full name:
;)
Congressional Medal of Honor
common name: Medal of Honor
AKA Get out of my way bitch!
Sent from your iPad.