Slashdot Mirror
State Department Developing Cyber Toolkit
An anonymous reader writes "The U.S. State Department, known for its recent RFID passport embarassment, seems to have developed a key tool in the Department of Homeland Security's cyber toolkit for federal agencies. There's not much out there on it other than mention of a tool called SandStorm in a recent press release from State's Bureau of Diplomatic Security. According to the site, "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities. The White House is championing this cyber tool and the Department of Homeland Security has selected it as a cornerstone application for a cyber toolkit being made available to all Federal agencies." Sounds scary to me, but may be a step in the right direction."
Not sure why the submitter of this article thinks its a scary thought. With the internet being the defacto standard for terrorist communication, both to one another and to the world via terrorist sponsored websites, its a good thing that the US is finally doing something to be proactive in this area.
Sounds like the State Department is getting into the virus philosophy.
Someone put a black hole in my pocket and now I'm broke.
Ben Franklin wrote those words over 200 years ago.
They apply today just as much as they did then.
Somebody needs to remind the current incumbent of the White House about his nation's history.
Hence, they will likely create a new one, the Department of Computing (not part of the FCC) in order to grow themselves, tax society, and control private citizens. Just like they do for everything else.
Of course it will be sold as "building bridges" or "advancing technology", etc... Something for our childrens' future, no doubt.
I suggest you read Slashdot
Who is 'we'? Most Americans seem to blindly trust the government.
Personally, I am far more frightened of my government having the ability to secretly spy on me than I am of being killed by a terrorist. Hell, I'm more afraid an airplane is going to fall out of the sky on its own than I am that it will be exploded by a terrorist plot.
Real American patriots will always be skeptical of the government. So, telling us something like this only prompts us to ask why they are telling us. We can hope it is in the interest of full public disclosure.
I suspect it would have eventually become public anyway, and the government would rather expose it on their terms than have it come out at some inconvenient time in the future. Maybe someone internal threatened to go public with it.
In any case, this a great opportunity for the "if you're not doing anything wrong you have nothing to worry about" and the "but it is for the war on terrorism" crowds to voice their terrifying opinions.
Now the DHS can "collect, correlate, and analyze data on multiple computer systems" with no warrant. A true American patriot has nothing to hide from the government. Right Comrades.
The White House and Department of Homeland Security are such champions of constitutional rights.
By the way the root kit is hidden in powerpoint files.....
I've got to go answer a knock at the door; my ride to a black prison is here.
According to the site, "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities. The White House is championing this cyber tool and the Department of Homeland Security has selected it as a cornerstone application for a cyber toolkit being made available to all Federal agencies.
I doubt that this is more than a bullshit rumer. When I was in the service it was paying 40-70 percent more for even specialized tools. Having *all* of the various federal agencies actually agree on one specific "cyber toolkit" is.., at the very least insulting to me, and the public.(since they *never* agree on anything!)
Life was hell, then I discovered Linux...
From the article: CTAD, under the Office of Computer Security, is the U.S. Department of State's focal point for collecting and reporting time-sensitive, cyber threat intelligence, and technical data.
So if terrorist hackers are trying to figure out who to approach/bribe/attack... it's these guys? Nice of them to include a photo too! That helps with identification.
And "leaving no trace of its activities"... this I gotta see. Windows? Mac? Linux? Solaris? Mainframes? Or maybe they've already scanned my computer! Uh-oh... is that a silent helicopter outside my apartment?!
$nice = $webHosting + $domainNames + $sslCerts
Remember how the existence of Eschelon was denied until some British guy confirmed that it did in fact, exist? Remember the cheesy "agreement" that the US would not be collecting data on its own citizens, but would have every opportunity to access such data from that collected by any of the four other Eschelon participants? There is absolutely no reason to believe that it WON'T be used on U.S.-owned sites. Even worse, there's absolutely nothing that will stop them, if they so choose.
$action = empty(PHP) ? backToC() : unset(PHP) ; "when the concrete cases are understood, the abstractions are readily
Come on buddy, mentioning terrorists is like the latest fad in political correctness subscribers - you must agree or your helping the terrorists. Yes, terrorists use the Internet to communicate, but, so do literally billions of people who are not terrorists. Should they be spied upon benignly at first and maybe less so when abuse(s) finally occur? It's still not as simple as that however as the Internet is used to commit far more crimes a day than terrorists use it for so there should be some kind of forensic tools available to ordering agencies like law enforcement but the use of the software needs oversight and it morally shouldn't be a blanket system unless the risks truly justify that all the way back to the voters in opinion. This kind of thing creeps me out, its could be the software equivalent of the Stasi in old East Germany.
Shh.
Lets face it anyone that reads this site daily could think of 100 ways to covertly send a message to someone without it ever being decoded or traced. I could easily manualy encode a text message that the CIA would never be able to decode and post it right here. This is not being created to peirce terrorist secrecy but our Privacy.
Because they are full of shit. You don't spout shit like that off publicly unless your full of shit. I dunno how many times I've helped clients nock down problems like employee's installing apps that cause huge issues with machines than just telling them to just write a memo that says all machines will have an application installed on thier machines so they can monitor employees more effectively for screwing around and messing up machines. The employees believe it, machines have less problems for 6 months or so when they just re-announce a new app, and I get a nice check for just writeing a memo. If you want to catch someone doing something they aren't supposed to you DON'T TELL THEM BEFOREHAND!!!
At some layer, the traffic is going to be visible *IF* they are even talking about remote access of some kind. This could also be a tool that is launched from a usb drive or something. Either way, have they coded this application in Java? What do they plan to do about hardware dependancies? OS dependancies? What if Al-Queda is running redhat 6 on a sun sparc? What if they have their own Linux distro? This is a pretty bold claim all the way around with a lot of technical hurdles to overcome. I hope they have considered them all.
Join the Slashcott! Feb 10 thru Feb 17!
Actually, we could stop them, easily. As Winston observes in Orwell's 1984, "if the Proles united, they would get rid of Big Brother like a bull shaking flies off of its back". But we won't. We're all afraid of something. When Ian Clarke created Freenet, did we unite in support of him? Mention Freenet on here and see how long it takes somebody to say "nobody's on Freenet except pedophiles. If you have nothing to hide, you have nothing to fear." If we truly didn't want to be spied on, we wouldn't be, but the truth is that the vast majority of us (even on tin-foil-hat-dot here) do.
Because you can't spell "slaughter" without "laughter"
Secrecy and sneaky behavior in government destroys trust. Lack of trust is far, far more expensive than any benefit from sneaky behavior.
If your client faces "evidence" found on a hard drive somewhere (I'll call it System A), projects like the one described in this article give you a good shot of getting that evidence thrown out.
Why? Simple:
It is easy to establish that there have been vectors of attack which would have allowed unrestricted access to System A, either remotely or by anyone with physical access to the machine. Simply look up what alerts have been issued for the operating system in question after the time the accuser claims System A had the "evidence" in question. It should also be possible to establish that there are "unknown" zero-day exploits, but if System A has Windows XP, (ie. in the greatest percentage of cases), this shouldn't be necessary -- exploit after exploit should exist in the alert records, giving multiple vectors of attack at the time the "evidence" was supposed to be created on System A.
So now there is a clear way to show the material could have been planted on the system, indistinguishable from whether your client caused it to be created.
Now to establish that the planter of said data could have easily covered there tracks, again -- looking at this article, it is trivial to show this. Root access to the system will allow any data to be written anywhere to the drives on System A. Therefore, any fingerprints left by the attacker who planted the "evidence" could be cleaned up. Just like the system described in this article, although it purports to simply look for data, not plant it.
Stop letting clients be sent away on "email" evidence or "cookie" evidence or whatever. It's crap! Systems are too easy to penetrate, evidence is too easily planted, and tracks are too easily erased.