Slashdot Mirror

← Back to Stories (view on slashdot.org)

State Department Developing Cyber Toolkit

Posted by samzenpus on from the like-a-thief-in-the-night dept.

An anonymous reader writes "The U.S. State Department, known for its recent RFID passport embarassment, seems to have developed a key tool in the Department of Homeland Security's cyber toolkit for federal agencies. There's not much out there on it other than mention of a tool called SandStorm in a recent press release from State's Bureau of Diplomatic Security. According to the site, "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities. The White House is championing this cyber tool and the Department of Homeland Security has selected it as a cornerstone application for a cyber toolkit being made available to all Federal agencies." Sounds scary to me, but may be a step in the right direction."

14 of 269 comments (clear)

  1. Deus Ex, anyone? by Landshark17 · · Score: 2, Interesting

    Sounds like the Aquinas Protocol to me.

    --
    This sig is false.
  2. Motives for telling? by victorhooi · · Score: 5, Interesting
    heya,

    Looks interesting...I give it 20 minutes before a copy is up on the torrent...*grins*. Then the script-kiddies can all go use it to spy on each other and prove their "1337-ness"...

    Althought, truth be told - why exactly is the government telling us this? I mean, for all we know, they could have been developing these sorts of computer surveillance programs for years...in fact, they probably have. So why tell us about it now, in a highly-publicised press release? Or are they just trying to be seen to doing something, and seeming like they're on the cutting edge of technology? So maybe in truth they're actually quite clueless, and this program is nothing more than a hashed-up, worthless keylogger that looks like sample code from "Windows Internals"?

    One wonders about their motives for this news release, though...

    cya, Victor

    1. Re:Motives for telling? by planetoid · · Score: 2, Interesting

      Althought, truth be told - why exactly is the government telling us this?

      It's the psyops card. I'm skeptical that technology like this is fully 100% possible, but the aura of "top secretness" around federal departments like this give them the leverage to make 007-esque urban legends about themselves that could "wow" the enemy or even the country's own citizens. Somewhat like the nagging mother who uses the "Don't misbehave -- I have eyes in the back of my head" line when she wants to keep her toddlers obedient.

      --
      Slashdot requires you to wait longer between hitting 'reply' and submitting a comment.
  3. Quality! by Spazntwich · · Score: 1, Interesting

    "Sounds scary to me, but may be a step in the right direction."

    More quality editorializing in slashdot news posts! Maybe the editors should start editing those out?

    Then again, most of us are familiar with how loathe /. editors are to take steps period, let alone in the right direction.

  4. Re:Definitely Beneficial by Anonymous Coward · · Score: 3, Interesting
    Not sure why the submitter of this article thinks its a scary thought.
    I'll tell you why. Because a disproportionate number of Slashdot readers believe that any technology that is largely used for benign purposes, but can potentially be abused by the government (e.g., SandStorm to gather private information), must be suppressed at all costs. But the same group also believes that any technology that is largely abused for illegal purposes, but can potentially be used for benign purposes (e.g., BitTorrent for distributing Linux ISO's) must be protected at all costs.

    Don't try to understand the logic. It's illogical. Just understand that this is the prevailing state of mind for many folks.
  5. something ive always wondered. by rootedgimp · · Score: 2, Interesting

    this is something ive been wondering about for years, my interest was sparked again semi-recently for two reasons. One is TCPA. The other was one of my past jobs..
    I was working for a well known company doing QA/Testing on console games, and monitoring server side/client side bugs.. We would get new DVD's sometimes twice a day with the latest revision of the game and we would have to check both our "open" bugs, and our "closed" bugs - that is, bugs that were previously fixed to make sure that they had not somehow become "reopened". Usually early in the game development, there were tons of hidden easily accessable menus that would change tons and tons of variables inside the game, kind of like a developers menu to directly effect the engine in ways that would normally never happen during regular gameplay, even settings that were supposed to remain static. So, anyway, later on when the game was close to being declared 'ready for release' these menus would of course be cut off, that is, the code for the menus was still actually in the source, but it was impossible to access them, the method for accessing had been removed. (kinda reminded me of the GTA sex scene thing, the code was still there - just cut off.)...

    Anyway, my point is this, who is to say what data is ACTUALLY on the chips themselves on any component in your computer? I'd say 98% of people do not even have access to or knowledge of the hardware that would be required to really look inside any given chip. Sure, we can play and tinker with -what is accessable- to us, that is, what the coders left open to us. We know how they do what they do, to a degree, but not -why- they do what they do. Who is to say there aren't tons of hidden things going on way low on the OSI model? TCPA really got me thinking about this as well, after all, it took IBM several years to admit to what they had in their thinkpads in the mid 90's.
    Anyone work at a hardware manufacturer with stories of 'easter eggs' so to speak?

    1. Re:something ive always wondered. by Anonymous Coward · · Score: 1, Interesting

      well, I've worked for a large semi manufacturer and most "functional unit blocks" are designed by a single person. It would be easy to add special features to, let's say, a PCI controller that would allow backdoor access. I'm not saying that this has happened, but with only one person doing the RTL and all the testers performing mostly black box testing, this kind of exploit is completly possible. I would think, if approached by the NSA, most companies would be happy to comply. And the total number of "people in the know" would number in the low decades.
      The problem is, most chips are so complicated that functional verfication is performed in sumulation. Fault checking is performed with black box testing. If there is an exploit, it will most likely be overlooked by the testers, because it was designed to be that way.
      I wouldn't trust any chip or motherboard build since 2001.
      Cheers and sweet dreams.

  6. "Sandstorm" is a commercial product by Animats · · Score: 4, Interesting

    What they're actually talking about is the NetIntercept Appliance from Sandstorm Enterprises. This is also the FBI's replacement for Carnivore.

    1. Re:"Sandstorm" is a commercial product by Anonymous Coward · · Score: 1, Interesting

      I don't think so. This is serious tinfoil-hat stuff. Parent post is full of standard DoD misinformation (or disinformation--I can never remember which is which). The "Sandstorm" being discussed in this thread is especially good at rootkitting Linux boxes and immediately pretending to clean up after itself when you cut the network connection. Who knows what it leaves behind? I was using OpenBSD once, (and that's way more secure than Linux) and I had to get a new BIOS chip and low-level format the hard drive when the system got rooted due to an ancient bug in X-Windows. When they say multiple computer systems, they mean it. This isn't your normal IE-only crapware. And unfortunately, regardless of what the shoddy instruction manuals might say, modern consumer PC's have no ROM to reflash the BIOS--it's all implemented in the NVRAM BIOS itself. There's even BIOS write-protect implemented in the BIOS itself--Ha, Ha.

      I recommend enabling the BIOS write-protect jumper (before you get infected, of course), if you are lucky enough to have one on your motherboard. And what to do about the video BIOS, which is loaded and run before the main BIOS? . . . Swap out your video card with a known good one with actual ROM from the nineties before rebooting your system. No wonder hardware vendors are so stingy with specs--they don't want anyone finding all that spyware embedded in NVRAM.

    2. Re:"Sandstorm" is a commercial product by Master+of+Transhuman · · Score: 2, Interesting


      It didn't sound to me like they were talking about the Sandstorm Enterprises NetIntercept product, it sounded to me like they were talking about a system devised by the people working for the division. Just a coincidence that it sounds like the Sandstorm product. Why would they give an award to some guys who just went out and bought a commercially available product?

      --
      Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
  7. Re:heres a link to the software by dogwelder99 · · Score: 2, Interesting

    Heh... slashdotters are falling for this? It's just a press release written by some government PR flack who didn't know what he was writing about. He probably learned about Sandstorm from some crypto geek who tried to explain a packet sniffer in Mickey Mouse terms, and he repeated them. Throw this one on the tinfoil hat pile.

  8. Re:Definitely Beneficial by ScentCone · · Score: 3, Interesting

    Do you have any idea what how slim the chances really are to be killed by terrorists in the US? Even after 9/11 it's next to none. You are far more likely to be in a car accident, die of cancer, get a heart attack or being shot by a family member.

    Do you really think - really - that the only thing we're worried about here is direct death or injury of individuals, personally, by some weapon that is flown, blown up, or shot at them? The impact of 9/11 was pretty horrible for the thousands of dead and their families - but pretty much everyone in the country was impacted, as well. The economics of another serious attack - even a conventional one as before - will be mammoth. The impact of something like a Japan-style Sarin gas attack or two, or of something radiological, will be (just as the bad guys would hope) incredibly costly and disruptive. I can't even imagine something smallpox-ish, in terms of the social freak-out mess.

    I live in the DC area and interact with people on the working end of these problems. They're frustrated at how hard it is to fight this crap, but they're even more frustrated at how willingly people paint them as some sort of bad X-Files villains as they do their jobs. Of all the people I've met and talked to, the only common thread that should alarm most of us is their tales of un-fireable incompetent co-workers. There are paper pushers, academics/analysts, operatives, and other people working in all of the three-letter-agencies that are just as dumb, bull-headed, whiny, annoying, distracted by the problems with their drug-using teenagers, etc. as there are in the rest of the world.

    Part of the problem is the near impossibility of retaining quality (real quality) people on a government paycheck - especially in areas where the cost of living is off the charts. Living essentially hand-to-mouth in a town where a cheesy two-bedroom townhouse in a bad neighborhood costs half a million dollars, and your 15-mile round trip communute takes over two hours ... it's hard to shrug that off (at, say, $45k/year) and spend your time in the office making perfect decisions about how some guy at the Agency should work with some guy from State to draw the line between sniffing a laptop that someone carries, sometimes while visiting in the US, and sometimes back to Syria where he deals in chemicals and transportation.

    Developing the tools to know what we need to know is a technical problem. Deciding when and how to use them is a policy problem. I don't sense the police state that you do, perhaps mostly because I'm life-long friends with people who are now in law enforcement and intel, and know that most of the black-helicopter hand wringing is so wildly misplaced as to be just plain funny.

    BTW, to put the word "threat" in quotes implies that there simply isn't one. There is, and I'll be curious to hear your take on whether or not, in the wake of the next hit, enough intel was being gathered before hand in an attempt to stop it. Did you catch the news in Australia the other day? 17 guys, stockpiled with chemicals, bomb-making gear and plans, and in what appears to be a two-party race to see who could execute the first serious in-the-name-of-Allah mass casualties in that country first. Major intel gathering, including cyber surveilance of several flavors, was the only reason that Sydney or Melbourne didn't get exactly what just happened in Amman yesterday. And if you think that the only impact on the Jordanian economy is the death and injuries to a couple hundred people, you're way, way wrong. Your initial point (about the odds of any one person being killed by a terrorist) is an often-repeated rhetorical canard that (not out of ignorance, because you have to know better) deliberately pretends that both the intent and impact of terror is person-to-person damage. Wake up, man. Or spend next week in Amman and ask the merchants, the cabbies, the food service people, and everyone else what the odds are that the terrorists only hurt the 57 people that died.

    --
    Don't disappoint your bird dog. Go to the range.
  9. Re:We have heard of such backdoors before... by Scott7477 · · Score: 2, Interesting

    What I thought was interesting was that Congressman Weldon appeared to say at one point that he thought that certain computer systems that were sold to China by US manufacturers were supposed to have a backdoor built in, but that the system makers failed to do that. I'd certainly like to know more about that..did the Chinese defeat the backdoor or did the US manufacturers not put it in because the Chinese told them they wouldn't buy their machines...

    --
    "Lack of technical competence coupled with the arrogance of power, as usual, leads to no good end."
  10. Good Points by Tony · · Score: 2, Interesting

    What you say is truth.

    It is also irrelevent.

    As shown by the current US administration, people in power will abuse the system, as they did with the push to war in Iraq (with lies and manipulative PR), Valerie Plame, and the systematic abuse of prisoners. It doesn't matter how good-intentioned most people are; given the tools of abuse, abuse will happen. The question then becomes, on what scale?

    Terrorism is the excuse-de-jour for oppression and abuse. Whether it's secret US prisons in central Europe, or CIA exemptions for anti-torture legislation, or secret laws that US citizens must follow but cannot access, abuse is occurring. It doesn't take black helicopters or vast conspiracies to erode the selfsame liberties that at one time made our country admirable; all it takes is a few well-positioned fucknuts to destroy the American way of life (which is all but dead).

    Just as programmers at Microsoft are just there to do the best job they can, they have no say over Microsoft's corporate attitudes. Same with Sony; I can't imagine the average worker at Sony wants to install a rootkit on your computer. And I can't imagine the average American wanted 100,000+ Iraqis to die in this most recent war.

    As is oft said but little understood, the road to Hell is paved with good intentions. Right now, those laying to bricks mean well, but those leading the US down that road are screwing us over.

    No, Sir. I don't like it. I don't like it one bit.

    --
    Microsoft is to software what Budweiser is to beer.