State Department Developing Cyber Toolkit

An anonymous reader writes "The U.S. State Department, known for its recent RFID passport embarassment, seems to have developed a key tool in the Department of Homeland Security's cyber toolkit for federal agencies. There's not much out there on it other than mention of a tool called SandStorm in a recent press release from State's Bureau of Diplomatic Security. According to the site, "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities. The White House is championing this cyber tool and the Department of Homeland Security has selected it as a cornerstone application for a cyber toolkit being made available to all Federal agencies." Sounds scary to me, but may be a step in the right direction."

what?

[markybob]

a step in what direction? hell?

Deus Ex, anyone?

[Landshark17]

Sounds like the Aquinas Protocol to me.

Definitely Beneficial

[MLopat]

Not sure why the submitter of this article thinks its a scary thought. With the internet being the defacto standard for terrorist communication, both to one another and to the world via terrorist sponsored websites, its a good thing that the US is finally doing something to be proactive in this area.

Re:Definitely Beneficial

[markybob]

because this america, not china. our property is supposed to be free from search without a warrant. it has something to do with the constitution...

Re:Definitely Beneficial

Not sure why the submitter of this article thinks its a scary thought.

I'll tell you why. Because a disproportionate number of Slashdot readers believe that any technology that is largely used for benign purposes, but can potentially be abused by the government (e.g., SandStorm to gather private information), must be suppressed at all costs. But the same group also believes that any technology that is largely abused for illegal purposes, but can potentially be used for benign purposes (e.g., BitTorrent for distributing Linux ISO's) must be protected at all costs.

Don't try to understand the logic. It's illogical. Just understand that this is the prevailing state of mind for many folks.

Re:Definitely Beneficial

[Skrekkur]

Do you have any idea what how slim the chances really are to be killed by terrorists in the US? Even after 9/11 it's next to none. You are far more likely to be in a car accident, die of cancer, get a heart attack or being shot by a family member. This terrorist "threat" is no reason to take away our freedoms and slowly install a police state where the citizens are the "threat". Sure we cannot just ignore the threat but I for one prefer a little "unsafer" world over privacy invading security

Re:Definitely Beneficial

[LaurenBC]

Who says it won't be ? Who will stop them from using it on anyone they please.. You trust the government ? I don't.

Re:Definitely Beneficial

[rpetre]

With the internet being the defacto standard for terrorist communication

In other news, air just became the defacto standard for terrorist respiration.

Re:Definitely Beneficial

[Master+of+Transhuman]

"Let's make sure no one even thinks anything bad against the government."

I think that's the aim of Bush's plan to require psychiatric examination of anybody and everybody who might be the least bit "other" than him (excluding Karl Rove, of course, who IS him.)

Ah, here it is: http://www.worldnetdaily.com/news/article.asp?ARTI CLE_ID=39078/

A quote for those too lazy to click on the link:

The president's commission found that "despite their prevalence, mental disorders often go undiagnosed" and recommended comprehensive mental health screening for "consumers of all ages," including preschool children.

The commission also recommended "Linkage [of screening] with treatment and supports" including "state-of-the-art treatments" using "specific medications for specific conditions." The commission commended the Texas Medication Algorithm Project (TMAP) as a "model" medication treatment plan that "illustrates an evidence-based practice that results in better consumer outcomes..."

But the Texas project, which promotes the use of newer, more expensive antidepressants and antipsychotic drugs, sparked off controversy when Allen Jones, an employee of the Pennsylvania Office of the Inspector General, revealed that key officials with influence over the medication plan in his state received money and perks from drug companies with a stake in the medication algorithm (15 May, p1153). He was sacked this week for speaking to the BMJ and the New York Times.

Re:Definitely Beneficial

[Beardydog]

So logically, if I shoot all my family members, I'll be safe...

Re:Definitely Beneficial

[ScentCone]

Do you have any idea what how slim the chances really are to be killed by terrorists in the US? Even after 9/11 it's next to none. You are far more likely to be in a car accident, die of cancer, get a heart attack or being shot by a family member.

Do you really think - really - that the only thing we're worried about here is direct death or injury of individuals, personally, by some weapon that is flown, blown up, or shot at them? The impact of 9/11 was pretty horrible for the thousands of dead and their families - but pretty much everyone in the country was impacted, as well. The economics of another serious attack - even a conventional one as before - will be mammoth. The impact of something like a Japan-style Sarin gas attack or two, or of something radiological, will be (just as the bad guys would hope) incredibly costly and disruptive. I can't even imagine something smallpox-ish, in terms of the social freak-out mess.

I live in the DC area and interact with people on the working end of these problems. They're frustrated at how hard it is to fight this crap, but they're even more frustrated at how willingly people paint them as some sort of bad X-Files villains as they do their jobs. Of all the people I've met and talked to, the only common thread that should alarm most of us is their tales of un-fireable incompetent co-workers. There are paper pushers, academics/analysts, operatives, and other people working in all of the three-letter-agencies that are just as dumb, bull-headed, whiny, annoying, distracted by the problems with their drug-using teenagers, etc. as there are in the rest of the world.

Part of the problem is the near impossibility of retaining quality (real quality) people on a government paycheck - especially in areas where the cost of living is off the charts. Living essentially hand-to-mouth in a town where a cheesy two-bedroom townhouse in a bad neighborhood costs half a million dollars, and your 15-mile round trip communute takes over two hours ... it's hard to shrug that off (at, say, $45k/year) and spend your time in the office making perfect decisions about how some guy at the Agency should work with some guy from State to draw the line between sniffing a laptop that someone carries, sometimes while visiting in the US, and sometimes back to Syria where he deals in chemicals and transportation.

Developing the tools to know what we need to know is a technical problem. Deciding when and how to use them is a policy problem. I don't sense the police state that you do, perhaps mostly because I'm life-long friends with people who are now in law enforcement and intel, and know that most of the black-helicopter hand wringing is so wildly misplaced as to be just plain funny.

BTW, to put the word "threat" in quotes implies that there simply isn't one. There is, and I'll be curious to hear your take on whether or not, in the wake of the next hit, enough intel was being gathered before hand in an attempt to stop it. Did you catch the news in Australia the other day? 17 guys, stockpiled with chemicals, bomb-making gear and plans, and in what appears to be a two-party race to see who could execute the first serious in-the-name-of-Allah mass casualties in that country first. Major intel gathering, including cyber surveilance of several flavors, was the only reason that Sydney or Melbourne didn't get exactly what just happened in Amman yesterday. And if you think that the only impact on the Jordanian economy is the death and injuries to a couple hundred people, you're way, way wrong. Your initial point (about the odds of any one person being killed by a terrorist) is an often-repeated rhetorical canard that (not out of ignorance, because you have to know better) deliberately pretends that both the intent and impact of terror is person-to-person damage. Wake up, man. Or spend next week in Amman and ask the merchants, the cabbies, the food service people, and everyone else what the odds are that the terrorists only hurt the 57 people that died.

Latest Virus

[Audacious]

Sounds like the State Department is getting into the virus philosophy.

Motives for telling?

[victorhooi]

heya,

Looks interesting...I give it 20 minutes before a copy is up on the torrent...*grins*. Then the script-kiddies can all go use it to spy on each other and prove their "1337-ness"...

Althought, truth be told - why exactly is the government telling us this? I mean, for all we know, they could have been developing these sorts of computer surveillance programs for years...in fact, they probably have. So why tell us about it now, in a highly-publicised press release? Or are they just trying to be seen to doing something, and seeming like they're on the cutting edge of technology? So maybe in truth they're actually quite clueless, and this program is nothing more than a hashed-up, worthless keylogger that looks like sample code from "Windows Internals"?

One wonders about their motives for this news release, though...

cya, Victor

Re:Motives for telling?

Who is 'we'? Most Americans seem to blindly trust the government.

Personally, I am far more frightened of my government having the ability to secretly spy on me than I am of being killed by a terrorist. Hell, I'm more afraid an airplane is going to fall out of the sky on its own than I am that it will be exploded by a terrorist plot.

Real American patriots will always be skeptical of the government. So, telling us something like this only prompts us to ask why they are telling us. We can hope it is in the interest of full public disclosure.

I suspect it would have eventually become public anyway, and the government would rather expose it on their terms than have it come out at some inconvenient time in the future. Maybe someone internal threatened to go public with it.

In any case, this a great opportunity for the "if you're not doing anything wrong you have nothing to worry about" and the "but it is for the war on terrorism" crowds to voice their terrifying opinions.

Re:Motives for telling?

[Rayin]

Maybe they are telling us this because the government really ISN'T the Consipiracy Theory, Enemy of the State bad guy that everyone thinks it is? Perhaps there really are a few people in government, people we elected, that actually care about freedom and democracy? This country seems to have developed a liberal Hollywood view of the government in recent years. Crackpots like Michael Moore definantly don't do much to help people get a realistic look either. When one steps back and really looks at the big picture, they will soon realize that while there may be a fair helping of scandal in the government, our elected officials really aren't out making secret deals with the terrorists, the communists, and the aliens. Most of what I hear time and again spouted off in this forum seems to border on pure paranoia, without much more than a smattering of purely circumstantial evidence. Lets face it, things really aren't as covert and intentionally misleading as they appear. Everything except for the moon landing, that is. We all know that shit is fake.

Re:Motives for telling?

[planetoid]

Althought, truth be told - why exactly is the government telling us this?

It's the psyops card. I'm skeptical that technology like this is fully 100% possible, but the aura of "top secretness" around federal departments like this give them the leverage to make 007-esque urban legends about themselves that could "wow" the enemy or even the country's own citizens. Somewhat like the nagging mother who uses the "Don't misbehave -- I have eyes in the back of my head" line when she wants to keep her toddlers obedient.

Re:Motives for telling?

[DDLKermit007]

Because they are full of shit. You don't spout shit like that off publicly unless your full of shit. I dunno how many times I've helped clients nock down problems like employee's installing apps that cause huge issues with machines than just telling them to just write a memo that says all machines will have an application installed on thier machines so they can monitor employees more effectively for screwing around and messing up machines. The employees believe it, machines have less problems for 6 months or so when they just re-announce a new app, and I get a nice check for just writeing a memo. If you want to catch someone doing something they aren't supposed to you DON'T TELL THEM BEFOREHAND!!!

Does it use the sony root kit

[masterpenguin]

I wonder if the DoD is designing this around the sony root kit.

Not scary

[katana]

In fact, it sounds really cool. In fact, *everything* sounds cool with "cyber" in it. No seriously, try it. Cyber jail. Cyber llama. Cyber tubgirl.

Told you so.

"cyber" toolkit ?

Man, 'cyber' was so early 90's. They so need to revamp their marketing dept.

False positives or no matches at all

[UR30]

It would be nice to know how they are going to solve the problem of coincidents. Any large dataset will have false positives due to the massive amount of possible cross-correlations is such data. The problem of information extraction is a hard one, especially if the different datasets are going to be used together. The Data Mining and Domestic Security: Connecting the Dots to Make Sense of Data by K. A. Taipale is a good review of this from the law perspective.

They that can give up essential

[chris_sawtell]

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

Ben Franklin wrote those words over 200 years ago.

They apply today just as much as they did then.

Somebody needs to remind the current incumbent of the White House about his nation's history.

Re:They that can give up essential

[DoorFrame]

What does he have to say about unessential liberties for a lot of permanent safety?

Nobody is ever going to argue Franklin's statement, the real debate is about what's "essential", what's "little" and what's "temporary". This observation has nothing to do with the keylogger thing you're commenting on, it's an unrelated thought.

Re:They that can give up essential

[quarkscat]

Do you really think that the current incumbent of the White House really gives a shit about our nation's history, let alone warnings from Benjamin Franklin regarding "giving up essential liberty to obtain a little temporary safety deserves neither liberty nor safety"?

George W. Bush may have a Texas drawl and a deceptively "rube" persona, but he is a savey and cynical Connecticut (blue-blood) Yankee just like his Daddy and his Daddy's Daddy. Check out "http://www.hereinreality.com/familyvalues.html" for the real low-down on this political dynasty. There is a family predisposition toward fascism that began, at the very least, with his grandfather. His father, George H.W. Bush, was in charge of the CIA and then as VP directly responsible for the Iran-Contra scandel. That "new world order" that he spoke about as President is now being realized by George W.

Globalization, the bullying tactics of the World Bank, government collusion with big business, and this regime'st surge in government secrecy but total invasion of the privacy of citizens are all strong indicators that this country is well on its decent from democracy into Corporate National Socialism. Optional foreign wars based upon trumped up intel against countries that hold vital natural resources (Iraq), attempted coups against populist left-of-center democratically elected presidents where oil and/or natural gas reserves exist (Venezuela & Bolivia) -- neither are justifiable except in the most narrowly defined interests of American oil companies and their contractor (Halliburton) buddies. NATO countries (like Italy and Germany)) are up in arms over this regime's tactics of kidnapping and torture, while the DoD and CIA are more upset over public disclosure and leaks rather than stopping such illegal activities. Democracies like Taiwan are forsaken for the interests of trade with their opponents (PRC), and attempts the overthrow of a South American democracy in favor of their "bananna republic" elitists. The USA regime claims to be fighting a "war on terrorism" in Iraq, all while leaving the USA's borders largely unguarded, and while even providing refuge to an internationally hunted Cuban terrorist that blew up hotels in one country and an airliner over another country.

George W. Bush is a fascist, a raper & pillager of the national treasury, a terrorist, and a traitor. With any luck and some overdue justice for the American people, he will evenually be impeached, tried & convicted, and then turned over to the International Criminal Court at The Hague.

Re:They that can give up essential

[Master+of+Transhuman]

He obviously meant that there IS no such thing as "permanent safety" (and there isn't short of being Transhuman and even then you probably have to worry about interstellar gamma ray bursts). Anybody who thinks the US government can make anybody "safe" from anything is a total idiot. They can't even keep the Prez safe as several Prez's have proven by taking bullets.

And there are no such things as "inessential liberties" since by definition if you are not free to do what you want, you are simply not free. Political freedom is like being pregnant - you either are or you aren't. You either submit to the state in one or more respects, or you don't.

What you are NEVER free from, however, is the consequences of your free actions - which isn't relevant to the discussion because we are discussing political freedom, not physical or social cause and effect.

We have heard of such backdoors before...

[NZheretic]

From the "Transcript of Internet Caucus Panel Discussion. Re: Administration's new encryption policy.
Date: September 28, 1999.
Source: Tech Law Journal recorded the event, transcribed the audio recording, and then converted it into HTML.
Weldon statement:

Schwartz: Congressman Weldon, thank you very much for being here. Do you have any questions.

Rep. Curt Weldon: Thank you. Let me see if I can liven things up here in the last couple of minutes of the luncheon. First of all, I apologize for being late. And I thank Bob and the members of the caucus for inviting me here.

Pardon me if I seem a little bit confused to our panel, but, I am, and have been, with the change in direction which has occurred. But before I begin, let me say at the outset one of my biggest projects for the past four years has been to build what is becoming the first smart region in America, linking up all of the institutions within a four state region -- Pennsylvania, Delaware, New Jersey, and Maryland -- _____. In fact, over the weekend, I hosted the Minister _____, who is the Minister of Information Technology for Malaysia. As we signed an ____ with them for uplink downlink ties between our hub initiative in the four states, and the new Malaysian super-computing corridor project that they are building in Malaysia. So, I am a strong advocate for the use of information technology.

But my other hat is to chair the Research Committee for National Security. And when Bob introduced his bill three years ago, my door was pounded incessantly by the Defense Secretary and his staff, by the Director of the CIA, and by the head of the NSA, and I would note for the record neither the CIA nor the NSA is here today.

Who is actually speaking for them today, I might add? OK.

NSA and CIA came in, and in a very intense way, lobbied me personally, and I am not a computer expert, nor am I a lawyer, and they asked me to give access to my subcommittee and the full Armed Services Committee to look at the security implications of the change in Bob's legislation. I respect Bob. I think that he is an outstanding member. But I felt that I owed it to my committee, and my responsibility to Congress to listen to what the administration was going to tell me.

We arranged a series of classified hearings and briefings. And, as with any Member of Congress expressing concern about the ability for our forces involved in a hostile environment to be able to respond quickly, ____ back to 1991 in Desert Storm where my understanding is that our commanders in the field had Saddam Hussein's commands before his own command officers had them, because of our ability to intercept and break the codes of Saddam's military. I want to make sure that we have that capability in the future. I responded in a very positive way to the argument that was being made by the CIA, by the NSA, and by DOD. And we took some very tough positions.

In fact, Ron Dellums and I offered the amendment last year that had only one dissenting vote in the House, and this year passed by a vote of 48 to 6.

In the past year none of those briefings have changed. And the people who have come to me as a Member of the National Security Committee, there has been no lessening of their impression of the threat. Yet all of a sudden I am told, and John Hamre, I think, he made the courtesy of calling me in advance, that there was a change.

Now, I agree with the gentleman from the White House, for the administration, that it was coincidence that this happened the day before Vice President Gore went to Silicon Valley. I agree that that was just a coincidence.

But the point is that when John Hamre briefed me, and gave me the three key points of this change, there are a lot of unanswered questions. He assured me that in discussions that he had had with people like Bill G

Re:We have heard of such backdoors before...

[Scott7477]

What I thought was interesting was that Congressman Weldon appeared to say at one point that he thought that certain computer systems that were sold to China by US manufacturers were supposed to have a backdoor built in, but that the system makers failed to do that. I'd certainly like to know more about that..did the Chinese defeat the backdoor or did the US manufacturers not put it in because the Chinese told them they wouldn't buy their machines...

Eventually

[Hao+Wu]

The government will eventually realize that computer technology is bigger than any federal agency.

Hence, they will likely create a new one, the Department of Computing (not part of the FCC) in order to grow themselves, tax society, and control private citizens. Just like they do for everything else.

Of course it will be sold as "building bridges" or "advancing technology", etc... Something for our childrens' future, no doubt.

Re:Eventually

[slughead]

Of course it will be sold as "building bridges" or "advancing technology", etc... Something for our childrens' future, no doubt.

Or catching terrorists as the U.S.A. P.A.T.R.I.O.Terrorism (forgot the rest) was supposed to be used for, and isn't.. Or child molestors.. nobody likes them.

unlawful search and seizure

[RY]

Now the DHS can "collect, correlate, and analyze data on multiple computer systems" with no warrant. A true American patriot has nothing to hide from the government. Right Comrades.
The White House and Department of Homeland Security are such champions of constitutional rights.

By the way the root kit is hidden in powerpoint files.....

I've got to go answer a knock at the door; my ride to a black prison is here.

Ah, but?

Will it run on Linux?

Re:Ah, but?

[Tekoneiric]

Will it run on the Amiga OS?

something ive always wondered.

[rootedgimp]

this is something ive been wondering about for years, my interest was sparked again semi-recently for two reasons. One is TCPA. The other was one of my past jobs..
I was working for a well known company doing QA/Testing on console games, and monitoring server side/client side bugs.. We would get new DVD's sometimes twice a day with the latest revision of the game and we would have to check both our "open" bugs, and our "closed" bugs - that is, bugs that were previously fixed to make sure that they had not somehow become "reopened". Usually early in the game development, there were tons of hidden easily accessable menus that would change tons and tons of variables inside the game, kind of like a developers menu to directly effect the engine in ways that would normally never happen during regular gameplay, even settings that were supposed to remain static. So, anyway, later on when the game was close to being declared 'ready for release' these menus would of course be cut off, that is, the code for the menus was still actually in the source, but it was impossible to access them, the method for accessing had been removed. (kinda reminded me of the GTA sex scene thing, the code was still there - just cut off.)...

Anyway, my point is this, who is to say what data is ACTUALLY on the chips themselves on any component in your computer? I'd say 98% of people do not even have access to or knowledge of the hardware that would be required to really look inside any given chip. Sure, we can play and tinker with -what is accessable- to us, that is, what the coders left open to us. We know how they do what they do, to a degree, but not -why- they do what they do. Who is to say there aren't tons of hidden things going on way low on the OSI model? TCPA really got me thinking about this as well, after all, it took IBM several years to admit to what they had in their thinkpads in the mid 90's.
Anyone work at a hardware manufacturer with stories of 'easter eggs' so to speak?

Yeah, right!

[Vskye]

According to the site, "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities. The White House is championing this cyber tool and the Department of Homeland Security has selected it as a cornerstone application for a cyber toolkit being made available to all Federal agencies.
 
I doubt that this is more than a bullshit rumer. When I was in the service it was paying 40-70 percent more for even specialized tools. Having *all* of the various federal agencies actually agree on one specific "cyber toolkit" is.., at the very least insulting to me, and the public.(since they *never* agree on anything!)

Re:here we go again

[Gentlewhisper]

Am I the only one who rent is as "Cyber Rootkit"?

Ah... who to approach

[Dekortage]

From the article: CTAD, under the Office of Computer Security, is the U.S. Department of State's focal point for collecting and reporting time-sensitive, cyber threat intelligence, and technical data.

So if terrorist hackers are trying to figure out who to approach/bribe/attack... it's these guys? Nice of them to include a photo too! That helps with identification.

And "leaving no trace of its activities"... this I gotta see. Windows? Mac? Linux? Solaris? Mainframes? Or maybe they've already scanned my computer! Uh-oh... is that a silent helicopter outside my apartment?!

Re:Serious?

[symbolic]

Remember how the existence of Eschelon was denied until some British guy confirmed that it did in fact, exist? Remember the cheesy "agreement" that the US would not be collecting data on its own citizens, but would have every opportunity to access such data from that collected by any of the four other Eschelon participants? There is absolutely no reason to believe that it WON'T be used on U.S.-owned sites. Even worse, there's absolutely nothing that will stop them, if they so choose.

"Sandstorm" is a commercial product

[Animats]

What they're actually talking about is the NetIntercept Appliance from Sandstorm Enterprises. This is also the FBI's replacement for Carnivore.

Re:"Sandstorm" is a commercial product

[Master+of+Transhuman]

It didn't sound to me like they were talking about the Sandstorm Enterprises NetIntercept product, it sounded to me like they were talking about a system devised by the people working for the division. Just a coincidence that it sounds like the Sandstorm product. Why would they give an award to some guys who just went out and bought a commercially available product?

Re:"Sandstorm" is a commercial product

[Helevius]

Wrong -- RTFA and check out the capabilities listed in the two presentations:

Free to DHS & federal government
From Dept. of State [and DHS US-CERT]
Like EnCase Enterprise edition
Network forensics "grep"
Examine system state
Remotely search multiple systems - files, ports, processes, file headers, hashes, MACs, ADS
Search all files changed in this time frame
Search all files with this hash regardless of name
155KB agent runs, then deletes itself
Windows only
Fairly forensically safe - does not change file MACs
Root kit detection to come later

The key points are "155KB agent runs, then deletes itself" and "Windows only". SandStorm Enterprises did not create this product.

Helevius

they spout ish like this for wanna be terroists...

[xTantrum]

They must...

According to the site, "SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities

How the hell can a goverment - who has so much internal bickering and bureacracy going on, can't even co-ordinate an efficient rescue mission after a hurricane on their OWN SOIL, AFTER THEY JUST GOT TAKEN OUT BY TERROISTS and had ample warnings, and implement RFID tags in passports knowing the security risks and exploits available - expects us to believe they can actually take their collective heads out of their ass and deliver on this. C'mon get your shit togather first on the home front, like savings lives, increasing awareness for science education, available cheap broadband..yada, yada, yada - then come talk to me about this. It really comes down to this. I DON'T BELIEVE YOU! see my sig

Beneficial does not mean prudent.

[headkase]

Come on buddy, mentioning terrorists is like the latest fad in political correctness subscribers - you must agree or your helping the terrorists. Yes, terrorists use the Internet to communicate, but, so do literally billions of people who are not terrorists. Should they be spied upon benignly at first and maybe less so when abuse(s) finally occur? It's still not as simple as that however as the Internet is used to commit far more crimes a day than terrorists use it for so there should be some kind of forensic tools available to ordering agencies like law enforcement but the use of the software needs oversight and it morally shouldn't be a blanket system unless the risks truly justify that all the way back to the voters in opinion. This kind of thing creeps me out, its could be the software equivalent of the Stasi in old East Germany.

Hey, State Department!

[St.+Arbirix]

Call Sony.

Re:Sandstorm isnt racist...yeah right...

[msuarezalvarez]

That, and he used arabic numbers to write his telephone number...

What's a cyer-tubgirl?

[NoMaster]

One wearing a 7-of-9 costume...

Re:Definitely Beneficial NOT

[TRRosen]

who the fuck cares if terrorists use the net to communicate? Its the year 2005 folks meeting the communication needs of a fortune 500 company is a challenge but communicating between a handful of people among millions there is just no way to prevent it or track it. These toolkits and restrictions wont work on terrorists...If your motivated enough to ram a plane into a building you sure as hell can figure out a way to send a message.

Lets face it anyone that reads this site daily could think of 100 ways to covertly send a message to someone without it ever being decoded or traced. I could easily manualy encode a text message that the CIA would never be able to decode and post it right here. This is not being created to peirce terrorist secrecy but our Privacy.

Nothing new

[axonal]

Sandstorm a.k.a. Gator.

Re:heres a link to the software

[Master+of+Transhuman]

No, the Sandstorm Enterprises NetIntercept product has been around for the last four years. It's hardly new and hardly something somebody would get an award for just buying (at $20,000, by the way.) The company started with PhoneSweep, a wardialing detector.

"No trace", eh?

[SuperBanana]

SandStorm simultaneously collects, correlates, and analyzes data on multiple computer systems and departs, leaving no trace of its activities.

So that includes taking whatever data it has supposedly collected/correlated/analyzed, and somehow uploading it somewhere, without my firewall noticing? And it somehow collects this data without my noticing CPU usage, disk IO, and so on?

Everything leaves traces. It has to. If it is clever about how it goes about its work, that is one thing...but to say it "leaves no trace" isn't even "spin"- it's bullshit.

Easy to circumvent

[PianoMonkey]

I can see it now:

$sys$TopSecretFiles/MyTerrorism/UpcomingEvents.txt

Re:heres a link to the software

[dogwelder99]

Heh... slashdotters are falling for this? It's just a press release written by some government PR flack who didn't know what he was writing about. He probably learned about Sandstorm from some crypto geek who tried to explain a packet sniffer in Mickey Mouse terms, and he repeated them. Throw this one on the tinfoil hat pile.

Obligatory MST3k Quote

[Erik+Fish]

Dr. F: Well Joel, we're introducing a new feature here today. Here's a hint: Remember "Lost Continent"? Remember "Rock Climbing"?

Frank: Oh who can ever forget "Rock Climbing", eh Clay? Well now, along the same lines we've come up with something new -- something we like to call: Sand Storm! SAND STORM!

Dr. F: It's all part of a new program we like to call:

Both: Deep Hurting! DEEP HURTING!

Re:*sigh*

[Ihlosi]

and changed the stazi thing from "its could be" to "it could also evolve into".

No no no, something like that definitely will not evolve. It is intelligently and maliciously designed to eventually support and promote STASI-like activities.

Does the DMCA apply to the government?

[RandoX]

We could all sue them, and they could pay us our tax dollars back, then take more next year to make up for it... Just wondering...

Leaving no trace

[sl4shd0rk]

At some layer, the traffic is going to be visible *IF* they are even talking about remote access of some kind. This could also be a tool that is launched from a usb drive or something. Either way, have they coded this application in Java? What do they plan to do about hardware dependancies? OS dependancies? What if Al-Queda is running redhat 6 on a sun sparc? What if they have their own Linux distro? This is a pretty bold claim all the way around with a lot of technical hurdles to overcome. I hope they have considered them all.

Re:Serious?

[Alphabet+Pal]

Even worse, there's absolutely nothing that will stop them, if they so choose.

Actually, we could stop them, easily. As Winston observes in Orwell's 1984, "if the Proles united, they would get rid of Big Brother like a bull shaking flies off of its back". But we won't. We're all afraid of something. When Ian Clarke created Freenet, did we unite in support of him? Mention Freenet on here and see how long it takes somebody to say "nobody's on Freenet except pedophiles. If you have nothing to hide, you have nothing to fear." If we truly didn't want to be spied on, we wouldn't be, but the truth is that the vast majority of us (even on tin-foil-hat-dot here) do.

Secrecy in government destroys trust.

[Futurepower(R)]

Secrecy and sneaky behavior in government destroys trust. Lack of trust is far, far more expensive than any benefit from sneaky behavior.

Lawyers, pay attention

[cpu_fusion]

If your client faces "evidence" found on a hard drive somewhere (I'll call it System A), projects like the one described in this article give you a good shot of getting that evidence thrown out.

Why? Simple:

It is easy to establish that there have been vectors of attack which would have allowed unrestricted access to System A, either remotely or by anyone with physical access to the machine. Simply look up what alerts have been issued for the operating system in question after the time the accuser claims System A had the "evidence" in question. It should also be possible to establish that there are "unknown" zero-day exploits, but if System A has Windows XP, (ie. in the greatest percentage of cases), this shouldn't be necessary -- exploit after exploit should exist in the alert records, giving multiple vectors of attack at the time the "evidence" was supposed to be created on System A.

So now there is a clear way to show the material could have been planted on the system, indistinguishable from whether your client caused it to be created.

Now to establish that the planter of said data could have easily covered there tracks, again -- looking at this article, it is trivial to show this. Root access to the system will allow any data to be written anywhere to the drives on System A. Therefore, any fingerprints left by the attacker who planted the "evidence" could be cleaned up. Just like the system described in this article, although it purports to simply look for data, not plant it.

Stop letting clients be sent away on "email" evidence or "cookie" evidence or whatever. It's crap! Systems are too easy to penetrate, evidence is too easily planted, and tracks are too easily erased.

Re:Internet Security?

[jbvb]

"Secured OS" and "good firewall" are OK, if there isn't a backdoor a' la' what the CIA got the Swiss crypto company to provide after WWII. If you're trusting software to keep you out of jail, you need to be working from source, and to have read key parts.

But the other guy who said it would be visible on the wire is 95% right; you can hide low-bandwidth flows fairly well, but hardly anyone has the patience. Of course, few people have time to watch their wire either.

jbvb

Good Points

[Tony]

What you say is truth.

It is also irrelevent.

As shown by the current US administration, people in power will abuse the system, as they did with the push to war in Iraq (with lies and manipulative PR), Valerie Plame, and the systematic abuse of prisoners. It doesn't matter how good-intentioned most people are; given the tools of abuse, abuse will happen. The question then becomes, on what scale?

Terrorism is the excuse-de-jour for oppression and abuse. Whether it's secret US prisons in central Europe, or CIA exemptions for anti-torture legislation, or secret laws that US citizens must follow but cannot access, abuse is occurring. It doesn't take black helicopters or vast conspiracies to erode the selfsame liberties that at one time made our country admirable; all it takes is a few well-positioned fucknuts to destroy the American way of life (which is all but dead).

Just as programmers at Microsoft are just there to do the best job they can, they have no say over Microsoft's corporate attitudes. Same with Sony; I can't imagine the average worker at Sony wants to install a rootkit on your computer. And I can't imagine the average American wanted 100,000+ Iraqis to die in this most recent war.

As is oft said but little understood, the road to Hell is paved with good intentions. Right now, those laying to bricks mean well, but those leading the US down that road are screwing us over.

No, Sir. I don't like it. I don't like it one bit.