Slashdot Mirror
State Department Developing Cyber Toolkit
An anonymous reader writes "The U.S. State Department, known for its recent RFID passport embarassment, seems to have developed a key tool in the Department of Homeland Security's cyber toolkit for federal agencies. There's not much out there on it other than mention of a tool called SandStorm in a recent press release from State's Bureau of Diplomatic Security. According to the site, "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities. The White House is championing this cyber tool and the Department of Homeland Security has selected it as a cornerstone application for a cyber toolkit being made available to all Federal agencies." Sounds scary to me, but may be a step in the right direction."
didn't sonys little rootkit teach anyone anything?
a step in what direction? hell?
Sounds like the Aquinas Protocol to me.
This sig is false.
Not sure why the submitter of this article thinks its a scary thought. With the internet being the defacto standard for terrorist communication, both to one another and to the world via terrorist sponsored websites, its a good thing that the US is finally doing something to be proactive in this area.
Sounds like the State Department is getting into the virus philosophy.
Someone put a black hole in my pocket and now I'm broke.
Looks interesting...I give it 20 minutes before a copy is up on the torrent...*grins*. Then the script-kiddies can all go use it to spy on each other and prove their "1337-ness"...
Althought, truth be told - why exactly is the government telling us this? I mean, for all we know, they could have been developing these sorts of computer surveillance programs for years...in fact, they probably have. So why tell us about it now, in a highly-publicised press release? Or are they just trying to be seen to doing something, and seeming like they're on the cutting edge of technology? So maybe in truth they're actually quite clueless, and this program is nothing more than a hashed-up, worthless keylogger that looks like sample code from "Windows Internals"?
One wonders about their motives for this news release, though...
cya, Victor
"Sounds scary to me, but may be a step in the right direction."
/. editors are to take steps period, let alone in the right direction.
More quality editorializing in slashdot news posts! Maybe the editors should start editing those out?
Then again, most of us are familiar with how loathe
Comment removed based on user account deletion
I wonder if the DoD is designing this around the sony root kit.
In fact, it sounds really cool. In fact, *everything* sounds cool with "cyber" in it. No seriously, try it. Cyber jail. Cyber llama. Cyber tubgirl.
Told you so.
Man, 'cyber' was so early 90's. They so need to revamp their marketing dept.
American government creates worm trojan style thingy because they want to see everything microsoft already can. thank god i'm on *nix
Sandstorm... interesting name? Hmm... I wonder what group of people this software targets...
Seems to me The Oklahoma city bomber wasn't arabic...
-Digital Madman
A bullet sounds the same in every language. So stick a fucking sock in it...
It would be nice to know how they are going to solve the problem of coincidents. Any large dataset will have false positives due to the massive amount of possible cross-correlations is such data. The problem of information extraction is a hard one, especially if the different datasets are going to be used together. The Data Mining and Domestic Security: Connecting the Dots to Make Sense of Data by K. A. Taipale is a good review of this from the law perspective.
Ben Franklin wrote those words over 200 years ago.
They apply today just as much as they did then.
Somebody needs to remind the current incumbent of the White House about his nation's history.
Date: September 28, 1999.
Source: Tech Law Journal recorded the event, transcribed the audio recording, and then converted it into HTML.
Weldon statement:
... It does this through the use of a ruthlessly addictive old school techno track that somehow manages to find its way almost everywhere. If you have ever wondered why, now you know. The DOD is to blame.
Many a CyberCriminal hath begged for mercy in the face of DARPA's hired mercenary, Sandstorm!
Without a proper flamewar, Anonymous was undecided on what shell to run.
Hence, they will likely create a new one, the Department of Computing (not part of the FCC) in order to grow themselves, tax society, and control private citizens. Just like they do for everything else.
Of course it will be sold as "building bridges" or "advancing technology", etc... Something for our childrens' future, no doubt.
I suggest you read Slashdot
Welcome to a year ago!
Now the DHS can "collect, correlate, and analyze data on multiple computer systems" with no warrant. A true American patriot has nothing to hide from the government. Right Comrades.
The White House and Department of Homeland Security are such champions of constitutional rights.
By the way the root kit is hidden in powerpoint files.....
I've got to go answer a knock at the door; my ride to a black prison is here.
Well, maybe this isn't a big deal. From the context of the article, it sounds like it is currently being used/developed to patrol vulnerable networks, not necessarily invade. Of course, it can't be too hard to make it invasive. I would really only be concerned if it actually is put onto the computer system. It would need to be cross-platform to be really effective at that. More than likely it is a port-scanner and data sniffing combination tool. Maybe some TCP/IP "exploit" manipulation. Of course, this is really just speculation on my part.
:)
Even if it was invasive at the actual system software level, any paranoid company/individual could probably easily thwart it by running custom compiled kernels with re-named hooks, custom compiled software, etc. I mean, it would be a time drain to implement, but if you were really that scared of it.....it could be worth it.
Short of it being a locally run program (worm or otherwise), just be sure to properly secure your network and systems. Let it be other peoples problem. Always the best choice.
Not to say you shouldn't speak out against it, I plan to if I get the chance and more information on it.
Will it run on Linux?
this is something ive been wondering about for years, my interest was sparked again semi-recently for two reasons. One is TCPA. The other was one of my past jobs..
I was working for a well known company doing QA/Testing on console games, and monitoring server side/client side bugs.. We would get new DVD's sometimes twice a day with the latest revision of the game and we would have to check both our "open" bugs, and our "closed" bugs - that is, bugs that were previously fixed to make sure that they had not somehow become "reopened". Usually early in the game development, there were tons of hidden easily accessable menus that would change tons and tons of variables inside the game, kind of like a developers menu to directly effect the engine in ways that would normally never happen during regular gameplay, even settings that were supposed to remain static. So, anyway, later on when the game was close to being declared 'ready for release' these menus would of course be cut off, that is, the code for the menus was still actually in the source, but it was impossible to access them, the method for accessing had been removed. (kinda reminded me of the GTA sex scene thing, the code was still there - just cut off.)...
Anyway, my point is this, who is to say what data is ACTUALLY on the chips themselves on any component in your computer? I'd say 98% of people do not even have access to or knowledge of the hardware that would be required to really look inside any given chip. Sure, we can play and tinker with -what is accessable- to us, that is, what the coders left open to us. We know how they do what they do, to a degree, but not -why- they do what they do. Who is to say there aren't tons of hidden things going on way low on the OSI model? TCPA really got me thinking about this as well, after all, it took IBM several years to admit to what they had in their thinkpads in the mid 90's.
Anyone work at a hardware manufacturer with stories of 'easter eggs' so to speak?
Everybody has already traded in a few liberties for a little safety, including yourself. If you can't see that then you are blind. Throwing a quote around on the Internet doesn't make you a champion of freedom. The world is grey.
According to the site, "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities. The White House is championing this cyber tool and the Department of Homeland Security has selected it as a cornerstone application for a cyber toolkit being made available to all Federal agencies.
I doubt that this is more than a bullshit rumer. When I was in the service it was paying 40-70 percent more for even specialized tools. Having *all* of the various federal agencies actually agree on one specific "cyber toolkit" is.., at the very least insulting to me, and the public.(since they *never* agree on anything!)
Life was hell, then I discovered Linux...
but may be a step in the right direction.
And which direction would that be?
I am reminded of the NSA's requirement for a nsa backdoor to public key encryption
Maybe there out to be some competition to root out these coded-in exploits in windows and encryption.
After all, it seems to be easy to find flaws with windows that are unintentional. It should be easier to find intentional flaws.
From the article: CTAD, under the Office of Computer Security, is the U.S. Department of State's focal point for collecting and reporting time-sensitive, cyber threat intelligence, and technical data.
So if terrorist hackers are trying to figure out who to approach/bribe/attack... it's these guys? Nice of them to include a photo too! That helps with identification.
And "leaving no trace of its activities"... this I gotta see. Windows? Mac? Linux? Solaris? Mainframes? Or maybe they've already scanned my computer! Uh-oh... is that a silent helicopter outside my apartment?!
$nice = $webHosting + $domainNames + $sslCerts
Remember how the existence of Eschelon was denied until some British guy confirmed that it did in fact, exist? Remember the cheesy "agreement" that the US would not be collecting data on its own citizens, but would have every opportunity to access such data from that collected by any of the four other Eschelon participants? There is absolutely no reason to believe that it WON'T be used on U.S.-owned sites. Even worse, there's absolutely nothing that will stop them, if they so choose.
"The U.S. State Department, known for its recent RFID passport embarassment..."
That's what the US State Dept is known for??
What they're actually talking about is the NetIntercept Appliance from Sandstorm Enterprises. This is also the FBI's replacement for Carnivore.
All your freedoms are belong to Dirty Old Uncle Sam!
Manojar - pronounced like Manager
Is this the end of the internet as we know it?
End of free speech.
Begining of people being labeled terrorists for speaking out their mind about thir government that should REPRESENT them, and paranoia?
I know, a lot of people will say "If you are not doing anything wrong, what have you got to hide?". That's not the point! If you do feel like that, i wonder how you would react to be forced to strip. Expose things that you can keep private to yourself and expose to persons of your choosing.
What? You think that's different? Why?
$action = empty(PHP) ? backToC() : unset(PHP) ; "when the concrete cases are understood, the abstractions are readily
Name me one thing that the homeland security department has done that hasn't been
a big stupid joke?
Everything they touch gets mired down in stupid useless garbage.
If, by some wacked out miracle, they actually have gotten a hold of some really
good programmers, I expect the usage of said software to be abused and tainted
like everything else they touch.
Anyone else fed up with this pseudo govt. we have these days?
You know, that population of brainwashed politicians that want us to
keep believing that they're doing their 'jobs' for OUR benefit still?
Our govt. hasn't been about the rights and needs of the people for over
4 DECADES!!!
Suck 10% of the military budget away and put it into education and in 10
years you'll have a HUGE decrease in crimes and problems.
Want to know why our govt won't put education as a priority???
Educate the population and they won't put up with this stupid crap
that passes for govt. these days.
Educate the public and a lot of politicians will be out of jobs.
Educate the public and they won't pay attention to the propaganda in the media anymore.
Who's going to care about a country who's motto is "I gots ta have my wrastlin!"
The general public is a bunch of tv watching illiterate boobs!
What a fucking joke America. Wise up or face the concequences.
I, for one, am tired of being an educated minority.
Come on buddy, mentioning terrorists is like the latest fad in political correctness subscribers - you must agree or your helping the terrorists. Yes, terrorists use the Internet to communicate, but, so do literally billions of people who are not terrorists. Should they be spied upon benignly at first and maybe less so when abuse(s) finally occur? It's still not as simple as that however as the Internet is used to commit far more crimes a day than terrorists use it for so there should be some kind of forensic tools available to ordering agencies like law enforcement but the use of the software needs oversight and it morally shouldn't be a blanket system unless the risks truly justify that all the way back to the voters in opinion. This kind of thing creeps me out, its could be the software equivalent of the Stasi in old East Germany.
Shh.
"leaving no trace of its activities" - give me a break! The only program that leaves no trace is no program whatsoever.
You see, the program will never work, and if it does, it will be highly prone to crashing.
Government software contraacts tend to work likt this:
Govt gives contract to Boeing. Boeing subcontracts to 10 different software companies. Each one writes a portion of the code for the modules with no contact whatsoever with the other subcontractors. The interface guys use Assembly for PPC, the Network guys use C++, the Disk I/O guys use Java, etc. You get my point. Then they try to combine the whole thing, assign that task to one person, and wonder why the program can't do a damn thing and half the interface doesnt work. They'll spend the next 10 years working on the contract fixing the bugs and the project will eventually be finished. But by that time it wont run on any of todays hardware. Rinse, repeat.
Call Sony.
Direct away from face when opening.
One wearing a 7-of-9 costume...
What part of "a well regulated militia" do you not understand?
Lets face it anyone that reads this site daily could think of 100 ways to covertly send a message to someone without it ever being decoded or traced. I could easily manualy encode a text message that the CIA would never be able to decode and post it right here. This is not being created to peirce terrorist secrecy but our Privacy.
Can't wait to DCC GET this from some chan on undernet...
anyone with a reader can query any passport chip for its unique manufacturer ID number, and the chip will respond if it's in range no matter what kind of encrypted info it may be carrying.
There is a different anticollision protocol, described under ISO 14443A, which requires that a random number be returned from the chips as opposed to the static numbers referenced above. This is the one that Schneier advocates to close this loophole. Whether DoS will listen is anyone's guess.
I regret that I am unable to provide further technical details on the actual standards and collision-avoidance protocols. The documents describing said details are not freely available (the lowest cost I found was $220 per copy).
I have two opinions on this whole situation. First, I don't think chipping passports is going to make our borders any more secure. Any criminal (including terrorists) with the determination and resources to forge passports is going to find a way to do so no matter what obstacles DoS throws at them.
Second, I question whether the "vulnerability" represents the privacy threat that Bruce Schneier thinks it does. The only way I could see it being abused would be to track a person's movements, and even that will be sharply limited or curtailed the moment they close their passport and/or slip it into that wonderful little shielding bag.
Even if the chip's manufacturer ID does get read by someone other than Customs authorities, how in the Multiverse would whoever's doing the reading tie personal information about the holder to it? They'd either have to have access to the Customs computer system (unlikely if they don't work for Customs), or they'd have to literally engage their desired target in conversation, and start asking questions which would make nearly anyone suspicious.
One thing I'd like to know is whether anyone is going to cut back or eliminate international trips due to a perceived fear of being tracked. I'm certainly not going to...
Ok I guess most of you just dont get it. THEY have trained you all to believe that a CRIME can occur inside your computer, that this CRIME is called TERRORISM, and that its OK to violate EVERYONE's rights (this include you losers who think this is a good idea) so that they may catch a couple of TERRORIST. FUCKS sake 63% of the population in the good ole USA in a recent poll agreed in the use of the MILITARY to enforce a QUARANTINE, in case of an avian flue outbreak. Fewer than 200 people of died of the bird flu in the last 4 years.
I wish Slashdot would let you edit your posts so that I could have said "Beneficial does not also mean prudent" and changed the stazi thing from "its could be" to "it could also evolve into".
Shh.
STASI, Stasi! Where's the suggestion box.
Shh.
maybe people need to start voting for people in there local, state, federal elections instead of polimagicans
A little too "right".
I could elaborate... But some pedant will go spouting off about Godwin.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
Hi Folks ! This, in my opinion, just means that someone will get much $$$ for fiddling around with Kismet, Ethereal, Nmap, Saint et al. and writing a Frontend for it. just my 2c. Greetings Z. Beeblebrox
Heres a link to the software sandstom all a small note, federal agencies are using a modifed version to interact with databases. http://www.sandstorm.net/products/netintercept/
My guess this site will not be up for long.
Sandstorm a.k.a. Gator.
So that includes taking whatever data it has supposedly collected/correlated/analyzed, and somehow uploading it somewhere, without my firewall noticing? And it somehow collects this data without my noticing CPU usage, disk IO, and so on?
Everything leaves traces. It has to. If it is clever about how it goes about its work, that is one thing...but to say it "leaves no trace" isn't even "spin"- it's bullshit.
Please help metamoderate.
They ripped off the INSLAW company two decades ago for the PROMIS software which was supposedly then modified by the NSA or other triple-letter agencies to do exactly what this thing is supposed to do - penetrate ANY database and extract or manipulate its data without being detected.
The Federal judge who sentenced me to nine years in the joint was in fact an Assistant Attorney General in the DOJ at the time and was involved in the scandal. He got a Federal judgeship for his part in it.
Google for the story - it's everywhere.
Of course, like the billionaire said in the movie "Contact", "Why buy one when you can buy two?"
Maybe the State Department wants to use THEIR software against the DOD, the CIA, the FBI, etc. to detect whether the DOD, CIA or FBI is infiltrating State's databases. That's probably even more likely than their use of it against Arabs or even
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
So we go from Carnivore (Solaris Only) to Omnivore (on NT and other cruft), installed at your ISP and monitoring all and sundry, to Packeteer and friends grabbing bits to this beastie roaming the net, pouring through your hard drive, personal information and all, and sending it back to mothercorp (not unlike microsoft). Ok. So how is it supposed to get past my blocked ports again? Also, I do trace logs on my ethernet files, and run the front box of my network as promiscuous, and log everything (all packets) that come in (redirected via serial connection to another computer not on the network). How do they swoop in 'undetected' again? "Oh, that's the black magic part" I am told, and to which I reply "Bullshit!".
Wasn't it the Australian DSD director that officially revealed echelon?
The internet is fast becoming the standard for ALL communication, if it doesn't already have the title. Potentially useful terrorist information makes up a negligible portion of harvestable data, and we have no reason to believe that the powers that be will be picky about who they sic this thing on. Not every one of, or even the majority of, the above mentioned "all federal agencies," have anything to do with counterterrorism, which begs the question of exactly what the rest of them are supposed to use this "toolkit" for. If terrorists were communicating exclusively by telephone, wiretapping every line in the country would be an effective preventative measure against in-country cells communicating with out-country leadership, but it would also be a gross violation of every American citizen's privacy, which this thing could become with very little imagination- especially with the nasty "leaving no trace" bit seemingly insuring that it could be implemented on any scale without anyone noticing. You simply can't infringe the rights of many to get at the few- if Al-Qaeda exclusively used carrier pigeons, as opposed to some medium that nearly everyone in every non-third-world country uses, I'd be camped out on the roof with a 12-gage, but as it stands, there's no justification for randomly seizing information simply because it may be viable and you think you can get away with it. I don't doubt that it will take the collective geek subculture all of a week get ahold of this thing, slap it around, and bend it to their will, but the possible implications of what's been said here are more than a little scary.
sandstorm? I mean, this could refer to any sandy area filled with bad guys- Iraq, Iran, Sudan, L.A. ... If it were something like "Enduring Freedom Sandstorm", or "Try and stop us Sandstorm", or "Liberty Firestorm Sandstorm" then it would be easy for American to recognize that the State Department is, as always, protecting the good people. Or that we should drop the keyboards and brush up on our semaphore.
Dr. F: Well Joel, we're introducing a new feature here today. Here's a hint: Remember "Lost Continent"? Remember "Rock Climbing"?
Frank: Oh who can ever forget "Rock Climbing", eh Clay? Well now, along the same lines we've come up with something new -- something we like to call: Sand Storm! SAND STORM!
Dr. F: It's all part of a new program we like to call:
Both: Deep Hurting! DEEP HURTING!
The U.S. State Department, known for its ravenous hunger for private information, seems to have developed a cyphering tool for the Department of Homeland Security's cyber rootkit for federal agencies. There's not much out there on it other than mention of a tool called SuckIT in a recent press release from State's Bureau of Diplomatic Security. According to the site, "SuckIT is a fully working rootkit that is loaded through /dev/kmem. It makes available to Federal agencies a password protected remote access connect-back shell initiated by a spoofed packet, and can hide processes, files and connections." Sounds scary to me, but may be a step in the right direction.
--- have you healed your church website?
the way i see it .. ..he is a black hat hacker invading your privacy and carrying out data theft .. its ok ..coz they are protecting your rights even tho it can be used against you. .. but with this you dont even know they have a subpoena against you (wait! they dont need one any more!)
if a private individual loads a root kit on to your personal computer or server
BUT
if the government does it
hell!
at least in the miranda rights, they tell you anything you say may be used against you
Just to get the security really good, they will run the Sandstorm apps in a sandbox environment. You need to get the sand from somewhere anyway.
My wife's sketchblog Blob[p]: Gastrono-me
-- attributed to Voltaire
Guesstimate the probability of using same elevator within 10 minutes as a known or suspected terrorist on any given day = 1 in 10,000. Ditto same cab, ditto same telephone booth. Multiply probabilities to get likelihood on all 3 on the same day. (1 in 10,000)^3 = 1 in 100 billion. 330 million people in the U.S., 365 days per year. That's http://researchweb.watson.ibm.com/thinkresearch/pa ges/2001/20010629_ai.shtml
Or like the reason Microsoft nicknamed its speech recognition division the Wreck A Nice Beach unit? Because no existing computer voice rec program can tell the difference between the phrase Wreck A Nice Beach and Recognize Speech except by context?
http://www.ptv.com.pk/webptv/futuretech8-detail.as p
Or like the way my broker installed a new voice recognition system last week, and when I spoke my name and account number into the phone ten time in a row, the program told me THERE IS NO SUCH ACCOUNT and then I finally got out of the voice rec menu to talk to a person in a call center in Malaysia whose accent I couldn't actually understand?
Evidence converges from every field of science that mathematics consistently fails to predict essentially irrational human behavior: the bankruptcy of LTCM when its elegant equations failed to predict the stock market ("Will they give back their Nobel prizes?" anchormen joked), the failure of computerized foreign language translation ("Out of sight, out of mind" gets translated as "Blind and insane"), the failure of continuous speech recognition ("I'm Hurricane Katrina and I wreck a nice beach" gets transcribed as "I'm Hurrican Katrina and I recognize speech,") the failure of computers to read and understand simple sentences ("The astronomer married a star." Computer concludes astronomer gets burned to death...) So what's the solution? Slashdotters have the answer: more math!
"The definition of insanity is doing the same thing over and over and expecting different results." -- Benjamin Franklin
"Whenever you see a number, you should say, `how sad.'" -- Marvin Minsky "It's 2001: Where's HAL?"
http://72.14.203.104/search?q=cache:g4aUR-fc4bwJ:t echnetcast.ddj.com/tnc_play_stream.html%3Fstream_i d%3D526+Marvin+Minsky+whenever+you+see+a+number,+y ou+should+think+how+sad&hl=en
"But when mathematical methods fail, the invariable response is `Bring on more mathematical methods!' A little progress has been made here and there, and mathematics is fine in its place. But it cannot be the whole story or even the main one, or we would not be stuck where we are, in a permanent mudbank spinning our wheels." -- David Gelernter, "Truth, Beauty and the Virtual Machine"
http://flint.cs.yale.edu/jvmsem/lecture/0922/geler nter.html
"An overly dry metaphysics inevitably trickles down to a narrow reductionism in many practical instances, even though in theory it need not. An example is found in the design philosophy of computer systems. Convinced by zombies of the ontological equivalence of people and computers, a generation of software designers is asking users to shrink to the level of so-called `intelligent agents.' For another example, we have the narrow application of Darwin, as he's been zombified by Dawkins and Dennett, to human affairs in Robert Wright's The Moral Animal, and even in a degenerate work like The Bell Curve. Then there is the strange abrogation of human agency in favor of algorithms that is found in some current political rhetoric. Newt Gingrich believes that it is counterproductive to try to do anything about problems, such as fund basic research o
you mean they finally created a knoppix cd, them yanks sure are cutting edge.
Free to DHS & federal government
From Dept. of State [and DHS US-CERT]
Like EnCase Enterprise edition
Network forensics "grep"
Examine system state
Remotely search multiple systems - files, ports, processes, file headers, hashes, MACs, ADS
Search all files changed in this time frame
Search all files with this hash regardless of name
155KB agent runs, then deletes itself
Windows only
Fairly forensically safe - does not change file MACs
Root kit detection to come later
"SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities."
replace SandStorm with Google. or Yahoo. Or MSN.
datamining activities are not evil per se. the outcomes are far from flawless, though (depending on how the mining software was trained). i'm hoping that there's plenty of competent people in the Dept. of Homeland Security who understand that datamining might give them leads, but hardly provides conclusive evidence.
in the end, the ethical considerations are the same. it's just that the data interpretation becomes more sophisticated, which makes these technologies more "scary" in the eyes of many.
FTFA: " Developed over the past two years, "SandStorm" simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities. "
Is it just me, or does this sound an awful lot like something (say a "appropriated" project) running a pent-test tool chain with NMap as the first step?
1. Scan your target with NMap.
2. Determine OS and TCP/IP vulnerabilities (inverse MBSA?)
3. Let loose the script-kiddie tools. (Buffer Overflows)
4. ?
5. Exploit the created intelligence or paranoia
and I still don't like it... It should leave a copy of the court order that initiated it on the users system.
.gov work...
This is what happens when blackhats are recruited for
--- Relax, that mass muderer is just trying to reduce our carbon footprint, one fetus at a time...
We could all sue them, and they could pay us our tax dollars back, then take more next year to make up for it... Just wondering...
...wanna cyber?
At some layer, the traffic is going to be visible *IF* they are even talking about remote access of some kind. This could also be a tool that is launched from a usb drive or something. Either way, have they coded this application in Java? What do they plan to do about hardware dependancies? OS dependancies? What if Al-Queda is running redhat 6 on a sun sparc? What if they have their own Linux distro? This is a pretty bold claim all the way around with a lot of technical hurdles to overcome. I hope they have considered them all.
Join the Slashcott! Feb 10 thru Feb 17!
The main problem with this kind of secret surveillance is the nature of any evidence produced. It's all very well if they get information which then leads them to real evidence that can be used to arrest and prosecute. What is scary to me is being accused by some software program with no way to contest the "evidence" in court. As reprehensible as drunk driving is, I am glad to see some judges start to throw out evidence which cannot be examined (e.g. the closed source breathalizers in FL).
Actually, we could stop them, easily. As Winston observes in Orwell's 1984, "if the Proles united, they would get rid of Big Brother like a bull shaking flies off of its back". But we won't. We're all afraid of something. When Ian Clarke created Freenet, did we unite in support of him? Mention Freenet on here and see how long it takes somebody to say "nobody's on Freenet except pedophiles. If you have nothing to hide, you have nothing to fear." If we truly didn't want to be spied on, we wouldn't be, but the truth is that the vast majority of us (even on tin-foil-hat-dot here) do.
Because you can't spell "slaughter" without "laughter"
This is going to become to tool for reciprocal espionage, Echelon-like.
/. for geeks and nerds.
Since the cold war's end there is no more use for the internet except as a scalable, robust information vehicle for terrorist messages. Oh and a little thing called
You're NOT paranoid, they ARE out to get you but since they don't even trust themselves, they're going to let the machines rat you out.
Don't think you can hide from them in any city or town or with any access to any technology hooked up to any grid.
And the 'hole' in the information grid that any such disappearance would leave would itself be noticed and direct new scruteny.
Basically, we're screwed.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I can neither confirm nor deny this but...
This is just the latest iteration of existing toolsets, NSA was collaborating with CSE and GCHQ to build tools like this 10 years ago.
Now that I've told you, I'll have to kill you. Drink the Cool-Aid
This mainly a tool for people to do forensics on a computer once they think they have been had. It can be used for investigative forensics too I suppose. The government is still going to need a warrant and such to search someone's computer.
It's really quite simple. Assume that any internet connected computer IS already compromised. Don't keep anything that shouldn't be public knowledge on that PC unless it's strongly encrypted with the largest private key possible with whatever encryption program you prefer and DON'T keep the private key on that PC. Keep it on a thumb drive. Honestly, if someone with the resources to brute force a 4 kilobit private key within your lifetime is actually interested in what's on your computer you've got much bigger problems to worry about than wether or not they know you've got porn on your computer.
"Just because you do not take an interest in politics doesn't mean politics won't take an interest in you." --Pericles
Cyber toolkit.... that's like donuts and compressed air right? maybe a cat5 cable or two.
He whom you called four-eyes yesterday, you call Sir tomorrow.
Secrecy and sneaky behavior in government destroys trust. Lack of trust is far, far more expensive than any benefit from sneaky behavior.
because they're buying it from private enterprise. what happens to the data, how often its leaked, improperly distributed, etc. IS the province of the government.
but communicating between a handful of people among millions there is just no way to prevent it or track it
But there's always more to it than that. Most intel that matters is gathered in the context of alrady having a tip or other information that suggests a need to focus on a particular line of communication. The information that's gathered as two bad guys post notes to each other on some obscure message board is usually complementary to other intel and helps clarify things. The needle-in-the-haystack approach, as you say, is pretty pointless all by itself.
Don't disappoint your bird dog. Go to the range.
SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities.
...so we're actually just talking about what Google does for a living?
And if that's all they were using it for, I'd be all about it. But just like the national security letters. The FBI started papering the landscape with those, many times for investigations not related to terrorism. And what happens when we finally track down the few thousand odd really dangerous terrorists out there? Say five years from now. Of course they'll just pull this technology offline, right?
It's not how the technology might be routinely used that's the issue, it's how it could be abused. Especially in the hands of incompetent, corrupt government officials using it for political ends. Particularly if those incompetent, corrupt officials are in real danger of having their collective ass handed to them in the next mid-term election. So far this bunch hasn't shown any restraint using government resources for their own corrupt ends.
That doesn't mean the technology shouldn't be developed but it does mean that before it's deployed there should be a process in place, that includes judicial oversight, for its use.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Yup, it was Martin Brady. Former head of the DSD. One thing to note though: The word Echelon is not used any longer, has not been for at least 15 years now - within the organisation(s) itself/themselves - it's called UKUSA. (YouKooZa is how I've heard it pronounced most freqently, though I say just the letters)
The newspapers reported on it big time somewhere in the late 90's, though in typical fashion they included boat loads of (lies) conspiracy theories...
Later we find out this is why Apple switched to Intel...
Part of this Sandstorm tool kit is the Sony root kit. Have to get access to all those system first in order to collect the data. However due to a software bug the Sony root kit was found, instead of quietly being installed unnoticed.
In other news Governments all over the world are passing legislation that requires all consumers to utilize Microsoft Windows operating systems. This move is to insure the goverment has an easy way to take over all computers in the hands of it's citizens. Purely for their own protection. And those that refuse to run Windows will be placed on terrorist watch lists since they are breaking the very laws meant to protect everyone.
A lot of people use internet protocols such as e-mail, instant messaging, VOIP, &al. This does not make them terrorists. Much of their communications are rather banal. This does not mean that they should all be subjected to scrutiny by the thought-police. McCarthy's people, and their policies did not prevent them from using information (e.g. extra-marital affairs, sexual orientation, &c.) which had nothing to do with a person's political (Capitalist v. Communist, or -- if you prefer, Loyal American (tm) v. Evil Pinko) leanings. What makes you think that government officials have suddenly become moral, and ethical? What makes you so sure that tomorrow's government officials will have the same morals, and ethics, as today's?
The idea of everyone being a suspect (sometimes referred to by tag-lines on the order of "If you've done nothing wrong, you've got nothing to hide.") is one which I find profoundly disturbing. Especially when combined with the current trend where governments are pushing for the official authority to detain "suspects", incommunicado, indefinitely, in secret prisons, subjected to torture.
Just because gross injustice doesn't happen to everyone, every day, does not make it kosher, when it does. Encouraging the development of a system which makes it easier for gross injustices occur (either through negligence, or malfeasance) does not strike me as long-term survival-oriented behavior.
http://72.14.207.104/search?q=cache:ugsY9o7ro0YJ:w ww.fbcinc.com/conference2005/bin/win_incident.ppt+ Sandstorm+DHS&hl=en&client=firefox-a
Sandstorm
Free to DHS & federal government
From Dept. of State [and DHS US-CERT]
Like EnCase Enterprise edition
Network forensics "grep"
Examine system state
Remotely search multiple systems - files, ports, processes, file headers, hashes, MACs, ADS
Search all files changed in this time frame
Search all files with this hash regardless of name
155KB agent runs, then deletes itself
Windows only
Fairly forensically safe - does not change file MACs
Root kit detection to come later
Not to mention "Tripwire"
I have to admit it really sound forensic. From what I know, tools that would be used to clean it's traces undetected produced by an intel agency would have some level of sensitivity associated with it and would not be publicized. On the other hand, the government is very concerned with configuration management which means using tools that run, dump the data, and disappear w/o leaving the configuration of the system changed. My guess is this is a forensic tool.
I do security
The problem with these things is the government executes so poorly on them. The wiretap system put in place to meet CALEA was literally accessible remotely by anyone on the Internet -- yet they were surprised that various non-government and non-US people were accessing the system. As far as I know, they've altered some of the protocols to make it more difficult, but most US wiretaps are executed subvertly by non-affiliated parties. Carnivore? Even if you trusted the government to use it properly, how about everyone else that new how it operated and took advnatage of it? Now we have something capable of rooting Windows systems to gather information. That's just great. I suppose it will take a couple of weeks to develop a honeypot that could capture it and maybe a week or two more to dissect and retask it. Sounds wonderful. You know, I don't know what this does for terrorists, but I'm increasingly of the impression that industrial espionage is now a 5 hour per week job that you can do out of your basement.
This Techhype coming from our government is like watching an infomercial on this revolutionary air purifier that will keep you from being obese, increase my sex drive, and make me a more well rounded, financially stable person. Only three easy payments of $59.95
Sig: I stole this sig.
Quick question?
Why wouldn't a secured OS, a good firewall, and a high level of encryption prevent this from being on a system?
Or does this program somehow bypass all known limitations of software in general or requires someone on the other end to install it like a social engineered trojan?
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
If your client faces "evidence" found on a hard drive somewhere (I'll call it System A), projects like the one described in this article give you a good shot of getting that evidence thrown out.
Why? Simple:
It is easy to establish that there have been vectors of attack which would have allowed unrestricted access to System A, either remotely or by anyone with physical access to the machine. Simply look up what alerts have been issued for the operating system in question after the time the accuser claims System A had the "evidence" in question. It should also be possible to establish that there are "unknown" zero-day exploits, but if System A has Windows XP, (ie. in the greatest percentage of cases), this shouldn't be necessary -- exploit after exploit should exist in the alert records, giving multiple vectors of attack at the time the "evidence" was supposed to be created on System A.
So now there is a clear way to show the material could have been planted on the system, indistinguishable from whether your client caused it to be created.
Now to establish that the planter of said data could have easily covered there tracks, again -- looking at this article, it is trivial to show this. Root access to the system will allow any data to be written anywhere to the drives on System A. Therefore, any fingerprints left by the attacker who planted the "evidence" could be cleaned up. Just like the system described in this article, although it purports to simply look for data, not plant it.
Stop letting clients be sent away on "email" evidence or "cookie" evidence or whatever. It's crap! Systems are too easy to penetrate, evidence is too easily planted, and tracks are too easily erased.
Not to put too fine a point on it but the slideshow seems to be written so that it is difficult to understand for english speakers.
... where is the website? ;)
... The slides would say it like this
... Take Over The WORLD!!!
... maybe?
I really want this sandstorm thingy
OR
Must protect country[from enemy]
Use Sandstorm[to gather intelligence or find intelligent life?]
Then self terminate without leave trace[anywhere]
petantik.blogsome.com - A Lucid Look at Reality
this sounds like it might be useful in battling the Chinese hackers who have been stealing controlled software. I dont remember the name the FBI has given these guys but they definitely need to be taken out if we are to keep our superiority over Chinese defenses should there be a war over Taiwan
What you say is truth.
It is also irrelevent.
As shown by the current US administration, people in power will abuse the system, as they did with the push to war in Iraq (with lies and manipulative PR), Valerie Plame, and the systematic abuse of prisoners. It doesn't matter how good-intentioned most people are; given the tools of abuse, abuse will happen. The question then becomes, on what scale?
Terrorism is the excuse-de-jour for oppression and abuse. Whether it's secret US prisons in central Europe, or CIA exemptions for anti-torture legislation, or secret laws that US citizens must follow but cannot access, abuse is occurring. It doesn't take black helicopters or vast conspiracies to erode the selfsame liberties that at one time made our country admirable; all it takes is a few well-positioned fucknuts to destroy the American way of life (which is all but dead).
Just as programmers at Microsoft are just there to do the best job they can, they have no say over Microsoft's corporate attitudes. Same with Sony; I can't imagine the average worker at Sony wants to install a rootkit on your computer. And I can't imagine the average American wanted 100,000+ Iraqis to die in this most recent war.
As is oft said but little understood, the road to Hell is paved with good intentions. Right now, those laying to bricks mean well, but those leading the US down that road are screwing us over.
No, Sir. I don't like it. I don't like it one bit.
Microsoft is to software what Budweiser is to beer.
And I quote from the US Constitution:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
So, does this mean they're going to e-mail me a search warrant prior to violating my rights?
the developers of Sony's excellent DRM rootkit. Shop for it today at your nearest brandname superstore, or Buy it now! online.
Busy aligning my non-linear thoughts.
Yay! You managed to insult me several times, yet completely failed to explain this statement
"by definition if you are not free to do what you want, you are simply not free"
I gave you an example, which fit into your criteria, and instead of acting like an adult, you threw a fit. We all know why, because you can't refute me. You said it, now explain it.
"Look, stupid, when I talk about political freedom"
Great, but you didn't qualify it till I called you on it. You didn't say "political" freedom until it was obvious to you that you'd said something completely indefensible. You got caught overstating your position, and rather than own up, you attacked. You must be a Bush family member.
"Moron."
Well, at least you were man enough to sign your post.
Lastly, how do you think your dead mom would feel about you blindly attacking people you don't know because you're embarrassed about making a fool of yourself?
How pathetic are you that you follow me from topic to topic and waste all your mod points at once modding me down?
This is not possible. Even with the most stealthy data forensic tools, when conducting a live acquisition there is still a trace on the system. Weather in RAM or on the HDD there will be a trace, one would just need to know what to look for. When conducting an acquisition of a media that is powered off, thats another story.
i read your email
$action = empty(PHP) ? backToC() : unset(PHP) ; "when the concrete cases are understood, the abstractions are readily
I understand, efindi. We will strike at dawn... err, I mean LOL OMG ORLY?!?!!
Half of you people are running arround like two monkeys fucking a football.
News flash retards. It's not a rootkit. It's a forensics tool. It doesn't mysteriously bust any Windoze machine simply by sending a packet to it.
RTFM (or press release) and come back with some valid thoughts. F-O-R-E-N-S-I-C-S is not C-N-A.
Just a comment from your friendly neghborhood Lllama.
When did you coin the term? I see it back on usenet used in 1992:
Check it out
IANAL, but if you are going to put it in your sig like that, you need to put (tm) after the word TechHype, and probably a little EULA too.
Sig: I stole this sig.