State Department Hit With Many More Break-Ins

adjust28 writes to tell us CNN is reporting that the US State Department has been dealing with a number of computer break-ins with regards to their headquarters and offices dealing with China and Korea over the past couple of weeks. From the article: "Investigators believe hackers stole sensitive U.S. information and passwords and implanted backdoors in unclassified government computers to allow them to return at will, said U.S. officials familiar with the hacking."

Lack of motivation

The government seems to have never placed much importance on computer security. I recently read Cliff Stoll's 1989 chronicle of a hacking, The Cuckoo's Egg . Back then the government was slow to respond and pretty unmotivated, and it seems like little has changed today. Yet, once they catch someone, they give him a draconian punishment that ruins his life, just look at Mitnick. The government can't seem to decide it's priorities. It'll punish you more for cracking than for murder, but at the same time it won't secure it's own systems and heed experts.

Homeland security is a joke

[mcrbids]

I spent a few months not so long ago tracking down a cracker who had compromised a mail server for an ISP. He'd gotten root, and installed rootkit style stuff that hid directories, etc.

It was a long process to penetrate all his defenses. Finally, I ended up chatting with the cracker a la Yahoo Chat, including video. He was from Romania, and liked diet 7-up.

So, I get all the sources together with which he compromised the server. I had everything, down to IP addresses. I called the FBI and they referred me to some web page that didn't even allow enough upload to report everything I had found.

I submitted what I could. I didn't even gt a "thank you" email. I would have been happy with a "thank you" message. But I got nothing.

My opinion of the dept of Homeland Security as well as the FBI sank immeasurabily as a result.

The horse has bolted

[jdbartlett]

I don't want to trigger a Windows/Linux debate, but relevant is this quote from a recently slashdotted interview with McKinnon:

"I found out that the US military use Windows," said Mr McKinnon in that BBC interview. "And having realised this, I assumed it would probably be an easy hack if they hadn't secured it properly."

Source here

Even if it is considered right to treat such breakins so seriously: how many times must the horse bolt before the barn door?

Re:Ask Slashdot: Why do gov't 'puters have net acc

[infosec_spaz]

Right....Classified systems are on a seperate network...until, that is, some network eng. patches them together to make his/her job easier. Have you ever done a audit of a military/government network? I personally have, and found over 60 paths to so called "Secured" networks from a machine which was Internet accessable...Let's stop cherry picking, and call it like it is...totally kludged up, non-functonal, messy security at best.

Re:It may not be illegal, but...

[greg_barton]

The U.S. government is doing a great job of making the papers out to be 'the bad guys', and one can only imagine that it's certainly not helping their subscribership.

Actually, I'd guess that in this political climate, it's helping their subscribership quite a bit.

Two things:

1) The Bush administration has failed to realize that the "trust us, we know what we're doing" meme has died. Every time they push it these days their numbers go down.
2) The facts of this particular story was out YEARS before the NYT (and two other papers, btw) put it in the public eye. As those facts come out (and they have been) it will exascerbate #1 above.

Gov: "Realeasing this information will kill us all!!"
NYT: "So why did you release it on government websites two years ago?"
Gov: "UUUhhhhhh.... MMmmmmmMMmmm...."