Slashdot Mirror

← Back to Stories (view on slashdot.org)

State Department Developing Cyber Toolkit

Posted by samzenpus on from the like-a-thief-in-the-night dept.

An anonymous reader writes "The U.S. State Department, known for its recent RFID passport embarassment, seems to have developed a key tool in the Department of Homeland Security's cyber toolkit for federal agencies. There's not much out there on it other than mention of a tool called SandStorm in a recent press release from State's Bureau of Diplomatic Security. According to the site, "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities. The White House is championing this cyber tool and the Department of Homeland Security has selected it as a cornerstone application for a cyber toolkit being made available to all Federal agencies." Sounds scary to me, but may be a step in the right direction."

2 of 269 comments (clear)

  1. We have heard of such backdoors before... by NZheretic · · Score: 4, Informative
    From the "Transcript of Internet Caucus Panel Discussion. Re: Administration's new encryption policy.
    Date: September 28, 1999.
    Source: Tech Law Journal recorded the event, transcribed the audio recording, and then converted it into HTML.
    Weldon statement:

    Schwartz: Congressman Weldon, thank you very much for being here. Do you have any questions.

    Rep. Curt Weldon: Thank you. Let me see if I can liven things up here in the last couple of minutes of the luncheon. First of all, I apologize for being late. And I thank Bob and the members of the caucus for inviting me here.

    Pardon me if I seem a little bit confused to our panel, but, I am, and have been, with the change in direction which has occurred. But before I begin, let me say at the outset one of my biggest projects for the past four years has been to build what is becoming the first smart region in America, linking up all of the institutions within a four state region -- Pennsylvania, Delaware, New Jersey, and Maryland -- _____. In fact, over the weekend, I hosted the Minister _____, who is the Minister of Information Technology for Malaysia. As we signed an ____ with them for uplink downlink ties between our hub initiative in the four states, and the new Malaysian super-computing corridor project that they are building in Malaysia. So, I am a strong advocate for the use of information technology.

    But my other hat is to chair the Research Committee for National Security. And when Bob introduced his bill three years ago, my door was pounded incessantly by the Defense Secretary and his staff, by the Director of the CIA, and by the head of the NSA, and I would note for the record neither the CIA nor the NSA is here today.

    Who is actually speaking for them today, I might add? OK.

    NSA and CIA came in, and in a very intense way, lobbied me personally, and I am not a computer expert, nor am I a lawyer, and they asked me to give access to my subcommittee and the full Armed Services Committee to look at the security implications of the change in Bob's legislation. I respect Bob. I think that he is an outstanding member. But I felt that I owed it to my committee, and my responsibility to Congress to listen to what the administration was going to tell me.

    We arranged a series of classified hearings and briefings. And, as with any Member of Congress expressing concern about the ability for our forces involved in a hostile environment to be able to respond quickly, ____ back to 1991 in Desert Storm where my understanding is that our commanders in the field had Saddam Hussein's commands before his own command officers had them, because of our ability to intercept and break the codes of Saddam's military. I want to make sure that we have that capability in the future. I responded in a very positive way to the argument that was being made by the CIA, by the NSA, and by DOD. And we took some very tough positions.

    In fact, Ron Dellums and I offered the amendment last year that had only one dissenting vote in the House, and this year passed by a vote of 48 to 6.

    In the past year none of those briefings have changed. And the people who have come to me as a Member of the National Security Committee, there has been no lessening of their impression of the threat. Yet all of a sudden I am told, and John Hamre, I think, he made the courtesy of calling me in advance, that there was a change.

    Now, I agree with the gentleman from the White House, for the administration, that it was coincidence that this happened the day before Vice President Gore went to Silicon Valley. I agree that that was just a coincidence.

    But the point is that when John Hamre briefed me, and gave me the three key points of this change, there are a lot of unanswered questions. He assured me that in discussions that he had had with people like Bill G

  2. Re:"Sandstorm" is a commercial product by Helevius · · Score: 3, Informative

    Wrong -- RTFA and check out the capabilities listed in the two presentations:

    Free to DHS & federal government
    From Dept. of State [and DHS US-CERT]
    Like EnCase Enterprise edition
    Network forensics "grep"
    Examine system state
    Remotely search multiple systems - files, ports, processes, file headers, hashes, MACs, ADS
    Search all files changed in this time frame
    Search all files with this hash regardless of name
    155KB agent runs, then deletes itself
    Windows only
    Fairly forensically safe - does not change file MACs
    Root kit detection to come later

    The key points are "155KB agent runs, then deletes itself" and "Windows only". SandStorm Enterprises did not create this product.

    Helevius