Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hack the Army, Brag About it, Get Raided

Posted by michael on from the stupid-is-as-stupid-does dept.

SunCrushr was one of many who submitted this. A security company called ForensicTec decided to explore the U.S. government's computer systems, with particular emphasis on the Army. They talked to the press and had their fifteen minutes of fame. And surprise surprise, they immediately got raided by the FBI. What did they expect?

7 of 382 comments (clear)

  1. Re:Honestly, I'd have to say they were pretty dumb by WildBeast · · Score: 3, Interesting

    Well they gotta make a point. If the government can monitor our phone calls, internet emails, conversations, etc. then why can't we spy on the government to? Or does the governemnt thinks that its better than us and that it got more rights than us?

    I say enough is enough and its time for a change.

  2. I did a security test this week by WildBeast · · Score: 4, Interesting

    I placed an unpatched Windows machine on the internet with no firewall protection whatsoever and shared the Inetpub directory. I wanted to know, how long it'll take before someone decides to crack into my machine. Sure enough, it took only two days.

    This test really made me realise that there are plenty of crackers and criminals out there that are waiting for a chance to get into your PC.

    The point I want to make is that, I'm sure those army computers have been accessed by crackers plenty of times before.

  3. Why is this even news? by Brian_Ellenberger · · Score: 4, Interesting

    If they broke into the base, photocopied some records, and bragged about it noone would have even thought twice about their arrest. But now that it is electronic it is of some sort of interest to Slashdot? Very sad.

    Look if you want the virtual world to be treated like the real world (privacy, source code = speech, etc) then you have to accept it works both ways. Breaking in electronically is the same as physically. It doesn't matter how "weak" the security is. Just because I can throw a brick through a window and rob a store, doesn't mean it is somehow the store's fault for having windows.

    And sure I am concerned about military security. And it is disturbing someone could hack into it. But that doesn't give ForensicTec the right to go hacking it. I'm worried about airline security but I can't take it upon myself to see if I can get a gun through security.

    Brian Ellenberger

  4. Re:Where's ForensicTec security now? by netringer · · Score: 3, Interesting
    Where's ForensicTec security now?
    Here. Wanna hire them?
    --
    Ever dream you could fly? Get up from the Flight Sim. I Fly
  5. They did the right thing by zenyu · · Score: 4, Interesting

    If they had reported this to the army it would have never been made public, and they might have been arrested anyway. The only thing I think they should have done differently is get a Senator involved before going to the media, it would have given them some cover. Seriously though they should be given a congressional metal of honor for bravery for informing us of the lax security.

    I used to live near a couple military bases so I know it's not exactly geniouses running the place. But they are a very organized bunch and I would have expected a policy on passwords, and that in that culture it should be easy to enforce. Password crackers shouldn't work on the military. Someone who leaves a password of "password" or "administrator" on a computer should be dishonorably discharged at the very least. If any of those machines exposed sensitive data they should get at least a few years on a slab of concrete in Cuba.

    The dirty little secret of the military is that sensitive information is a lot more important than classified stuff. Engineering data that was classified in 1950, that made it into every textbook by 1960, is still locked in a safe at night because it's too much work to declassify anything. The day to day functioning of the military tells any enemy everything they might care about and that never gets classified.

    Hey even the top secret nuclear stuff doesn' really matter since the information to build a nuke was long ago published, and the high tech stuff the US and Russia have isn't of interest to anyone. It's already expensive to build a nuke that takes out Manhattan, building one that takes out the Jersey City in the same hit is just a waste of money. But what kind of gas masks are being packed for the attack on Iraq, well that could be useful.

    1. Re:They did the right thing by mpe · · Score: 3, Interesting

      The dirty little secret of the military is that sensitive information is a lot more important than classified stuff. Engineering data that was classified in 1950, that made it into every textbook by 1960, is still locked in a safe at night because it's too much work to declassify anything. The day to day functioning of the military tells any enemy everything they might care about and that never gets classified.

      The basic problem is that effective security is hard, it can be easier to give the illusion of security. Hence ending up with locking technical data which is in the public domain up in a safe. Sometimes serious things get overlooked, e.g. the Japanese gathering data on where ships were at Pearl Harbour.

      Hey even the top secret nuclear stuff doesn' really matter since the information to build a nuke was long ago published, and the high tech stuff the US and Russia have isn't of interest to anyone. It's already expensive to build a nuke that takes out Manhattan, building one that takes out the Jersey City in the same hit is just a waste of money.

      I recall it being said that in the 70's there were something like a million people who knew or could work out the triggering details of a hydrogen bomb. Information which was at that time, and may still be, classified.

      But what kind of gas masks are being packed for the attack on Iraq, well that could be useful.

      As could the amounts of any type of supply to a war zone. How many gas masks gives an indication of how many soldiers might be involved.

  6. Making a Point vs a Splash by _Sprocket_ · · Score: 3, Interesting


    Well they gotta make a point.

    The bitch to bureaucracies and incompetence is that that a successful bureaucrat covers it up. And often anybody who would make the appropriate whistle-blower is ass-deep in alligators already with all the other crap that's on their plate because their IT budget can't handle proper staffing.

    So... sure. Maybe someone does need to make something happen. They need to point a finger. They need to embarrass the bureaucrats in to fixing what is broke. Maybe this kind of act is the Right Thing.

    So how does one pull this off? Make the run, collect evidence, find a reputable journalist (No... really) you can trust, and then anonymously dump the evidence in to their laps. Maybe drop it in to a couple journalists' laps just to make sure the story doesn't turtle at that point. When the story hits the papers, nod quietly at your civic duty done and hope that nobody can ever trace it back to you.

    You do NOT use this as a vehicle for self-promotion.