Slashdot Mirror
Russian Spy Ring Needed Some Serious IT Help
coondoggie writes "The Russian ring charged this week with spying on the United States faced some of the common security problems that plague many companies — misconfigured wireless networks, users writing passwords on slips of paper, and laptop help desk issues that take months to resolve."
They encrypted everything using ROT13, TWICE! How much better security can you get?
Tequila: It's not just for breakfast anymore!
http://news.cnet.com/Microsoft-security-guru-Jot-down-your-passwords/2100-7355_3-5716590.html
Of course, the rules are a bit different when you're a spy :)
Nothing wrong with writing down your long complex passwords..... UNLESS YOU LEAVE IT LAYING AROUND
The complaint read like a spy novel.... A ready-made Bourne script!
Self Defense - A Human Right www.a-human-right.com
Seems like they doing this on the cheap? acting dumb? stolen parts?
the incompetent can be easily caught. Perhaps these were even decoys for the competent operation still running.
Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
C'mon Apple Developers..... no App for that? :-)
Self Defense - A Human Right www.a-human-right.com
Anna Chapman posted on Facebook she liked her new Mac -- this was back in January ...
'mon Apple Developers..... no App for that? :-)
Just like porn, Steve Jobs recommends you use Android for that.
Tequila: It's not just for breakfast anymore!
Yes. iSpy: with my little i. (Wonder if applescript would actually accept it).
I read TFA and all I got was this lousy cookie
Passwords are the wrong solution. Trying to make people remember a short string with high entropy is hard, so people write them down. The other way around is much better - long passphrases with less of the tedious entropy. Quotations, lyrics, names, whatever. They're much easier to remember and much harder to brute-force. Sprinkle in some punctuation and you're golden.
they were just make it look like you standard network, so they do not arouse suspicion ..... ;-)
to code or not to code, that is the question.
But what if it is true? Likely, it is, actually. Every country spies on other countries. I don't really see the US getting completely bent out of shape over it, it was a 10 year investigation. What was more important was tracking them and finding out who in the US was helping them. But spies come and go, but spying is a constant.
Tequila: It's not just for breakfast anymore!
For decades, Soviet agents used one-time pads (eg, Venona http://en.wikipedia.org/wiki/Venona). It must have been frustrating to encrypt messages ... looking up aliases, then doing letter by letter transfers, then padding things out and going to the telegraph agency.
You can imagine wasting an afternoon during the cold war: Doors locked, shades drawn, crouching over codebooks, slowly penciling in cyphertext.
But it seems speedy and efficient compared to some of these spies' antics. When the courier spy delivered the laptop to a suspect, he said, "if this doesn't work we can meet again in six months" Another suspect was overheard saying to another, "they don't understand what we go through over here."
Ouch!
they put on the bare minimum effort to convince the kgb they're still on the team (so they don't get any polonium in their tea)
then they dig up their free bags of money in sullivan county, and get on with their average suburban wannabe lives. when the kgb calls, they find a paranoid schizophrenic's blog and rivet their kgb bosses with useless tales of intrigue from the wild west. this spy ring is a joke
if you want to talk about modern life destroying cherished traditions, add this to your list: comfortable suburban living killed james bond
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Writing the password probably isn't as smartest way to save it but lets be realistic, nobody can remember a 26 character password. It's bound to be written somewhere even if it's written in a PGP encrypted email message to self.
This makes all those kid detecive stories about kids busting international spy operations SO much more believeable.
Passphrases are not harder to brute force. In general if you have 26 random characters its hard to brute force.
Why arrest them in a big show though? Usually spies are expelled not arrested.
Sounds similar to a lot of corporate America: Using OS that locks up, poor password security, need to send laptops to corporate for assistance, ...
Keep Doing Good.
They could have wrote their own steganography applications. Any known steganography application is probably also known by law enforcement and useless. The success or failure of steganography is based on the fact that the actual use of it and the type of it remains secret. When it's known then it's useless. It's very much like encryption where the key has to be kept secret or the encryption is worthless because the security of the scramble is the randomness of the key.
Let's just say it, these spies didn't know the technology and we should be glad they didn't. I don't understand why the hell we are seeing these ridiculous articles about what they should have done or about steganography applications they could have used. Yes a lot of those apps exist but the Russians didn't write it.
If I write my password down in another language isn't that secure.
Unlike typical spies with foreign diplomatic cover, these alleged "illegals" cannot just be summarily expelled back to their home countries. Any act against them requires due process, the first step of which is pressing charges.
The lack of diplomatic cover also means they are not protected from any charges that may stick. Spying without diplomatic cover is a very risky game. It makes this case all the more interesting.
And if so, is that good or bad?
The United States gets very offended by espionage activity, because we would never do it to anyone else. They promise. Not a single satellite. No high altitude spy planes. No high altitude long range supersonic spy planes (we retired all of these, we promise). No remote control spy planes. No flock of agencies with covert operations world wide. Nope, not the US. Keep your spies out of our country, we don't do it to you.
Excuse me, there are a couple nice men in black suits knocking at my door that just want to ask me a few questions.
Serious? Seriousness is well above my pay grade.
I have little to no hope that the corporate world ever will.
./ and I can't really expose my name / UID in this particular case.
I'm an IT director at a mid-sized company in the US. I've worked hard to educate top executives on security issues, and to encourage them (it's hard to force a CEO or CFO to do anything) to use best practices. I've experienced a lot of resistance.
Most companies think of IT, and security in particular, as an afterthought, if at all. Our CEO, who is responsible for active contracts that are worth tens of millions of dollars, and who has very sensitive financial data and intellectual property on his laptop, balked when I told him I did not want to know his password. He'd ask me to fix a problem with his machine, and be bothered by the fact that I would ask him to type in his password himself when I needed it. Eventually I gave in and started typing it in myself. Apparently it's an open secret from middle-management up. He uses the same password for everything, and all of the privileged managers know what it is. What if one of us quits or is fired? I imagine he uses the same password for his online banking as well. It's a big risk. He travels internationally on a regular basis. Having 20 people that know the password to all of your accounts. . . well, that scares the shit out of me, but it doesn't seem to bother him.
And I get the sense that most people, whether they work in espionage or in the private sector, see security as more of an annoyance than anything else. That is, until a breach happens. When that happens, the IT department is blamed.
In those situations, "I told you so," is not an acceptable response. When bad things happen, heads roll. I'm afraid that despite my most strenuous efforts to encourage best practices for top executives, my head will one day be on the chopping block for one of their mistakes.
Sorry to post anonymously (it's the first time I have!), but other folks in my department read
Why try to beat US security at their own game? go low tech. it works for el-qaeda. If they used the good old mail services they would have gone unnoticed for another 10 years.
.... terrorist threat is just not working very well anymore, so its time to remake an old threat....
But this time its really a lot more like "Spy vs. Spy" as found in MAD magazine.
It must be ok if filthy liberal commie places have a problem with all that stuff.
One that hath name thou can not otter
Unless it's a randomly generated password, omit some letters. You shouldn't need the whole password to remind yourself what it was.
We do, and the Israelis have been caught spying on us. That's probably the most offensive of the cases. The Israelis that depend upon us for support are spying on us. Not terribly surprising when they got caught, but it's still going to require a lot of chutzpah to do such a thing. Sort of like assassinating somebody on foreign soil or shooting peace activists.
If they had just called themselves a business intelligence and consulting service for foreign investors, they wouldn't have any problems.
And if you call yourself a lobbyist you can even funnel money from foreign governments into your congressman's pocket.
Hmmm, you bring up a good point. The Russians should have just hired a bunch of Mexicans. Then, even after we find out they are illegal, we still couldn't touch them!
This whole thing reads like an episode of Rocky & Bullwinkle.
Boris Badenov: "Everything going fine until Moose and Squirrel!"
Natascha Fatale: "What you mean, dear?"
Boris Badenov: "Everything working fine until we get laptop with Windows!"
Fearless Leader: "First Chernobyl, then Kursk, NOW OUR SPIES!"
Natascha Fatale: "Dahling, least not Moose & Squirrel this time....."
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
Why arrest them in a big show though? Usually spies are expelled not arrested.
If you were leading a TEN YEAR investigation, wouldn't YOUR office be demanding some publicity at the end of it to justify ten years of spending on your salaries, the investigative costs and so forth?
The best way to deflect a financial inquiry is to point at the TV where your "heroes" are out there making your country safe.
*sips coffee*
Moved to http://soylentnews.org/. You are invited to join us too!
http://en.wikipedia.org/wiki/Poisoning_of_Alexander_Litvinenko
if they have no problem doing it on british soil, what would stop them from doing it on american soil?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I don't find that offensive; countries spy on each other. I am assuming, and hoping, we're spying on Israel. If we're not, THAT would be more offensive to me.
Hey! I soil myself... I mean I shoot foreign peace activists.
Not to mention
http://en.wikipedia.org/wiki/Lavon_Affair
Not exactly trust-inspiring.
Somehow this seems more like nepotism than espionage.
Like when Boris gets a contract to supply trucks to a construction site because his uncle is the towns mayor.
Hey, you get to live it up in the USA on the states dime. We'll call it long-term deep cover spying. Yeah that's the ticket.
I think this shows not only an issue in general with IT security issues for spies, but likely shows a much larger weakness in covert operations as a whole- not only in the Russian government, but presumably our own. Russia has not only some of the most top notch hackers in the world, but also is no new kid on the block when it comes to spying. These guys have rivaled our (US) own CIA for years. To see them fall to such an amateur mistake is boggling (as we know there are no shortages of errors in our own spy programs). While I am sure that someone over in Russia is going to lose their job over this I wonder if any lessons will be learned by their (and our) Intelligence agencies- specifically looking at how this error can be avoided in other areas.
More interesting however, is HOW these guys got caught. Somehow the FBI got tipped off... Maybe NSA forwarded some emails they sniffed out.... Which brings me back to my first point. PGP anyone?
The Israelis that depend upon us for support are spying on us.
That's precisely why they're spying on you - because they have a strong dependence on your support, and therefore knowing if and when it may possibly weaken or be terminated is crucial for their national security.
Sure, we do the electronic stuff, the ease dropping stuff.
But the hands on stuff, the up close and personal stuff, getting the really valuable intelligence (like the 9/11 plans or were the terrorist chief is) we're just not any good at any more (if we ever were).
AIR, during the Carter Administration, Adm. S. Turner fired all our spies.
That's those damned foreigners. Us Americans are the shining example of how to do things right. If Ms. Manners had to pick a government to say others should act like, it would be the fine United States of America.
(I hope everyone can read my sarcasm in these posts)
Serious? Seriousness is well above my pay grade.
The electronic ones are the obvious ones. Well, the ones that are public knowledge. I know of a few other routes that they're done by, that are not necessarily public knowledge. Well, given to me as "This is probably still classified, so I can't tell you all of it, but...."
They were told to me for the sake that they were technologically and historically interesting. Through other means, more information was gathered on them to confirm that they were real. I'll suffice it to say (for the sake of the black van parked outside my house), there's more to modern intelligence than is provided publicly or portrayed in the media, television, or movies.
If the Carter administration let 10,000 intelligence gathering people go, there are tens of thousands of others still out there, either in dark dungeons (like us, living in datacenters), or in the field continuing their covers so they aren't found and executed.
The 9/11 intelligence was gathered and processed. It was ignored by the decision makers as a non-threat. You can thank the then-current administration for that one.
Serious? Seriousness is well above my pay grade.
http://www.nypost.com/p/news/national/sexy_russian_spy_anna_chapman_2Zmmc1rSqu2H71x3v7BibM?photo_num=5 One of the spies :P
Slashdot never stops amazing me.
First, it's the absolute uncritical admission by the commenting lemmings of the premises of hte title text. Very few, usually down the discussion even come to questioning the author's spin. And they are never voted up.
Secondly, amazing is the incredible rate at which supposedly "independent" Slashdot spews government propaganda. Prime example is "crimes" of the countries the US ruling elite is working hard to colonize and destroy. Therefore China is perennially guilty of limiting Internet access for its citizens. The fact that US funds groups working for subverting its government (against which the said government tries to protect itself) is never even mentioned.
Both points are clear in this stupid post on the "Russian spies". The whole story is A PROPAGANDA LIE. These people have never been a "spy ring" on the first place, the sensation is CREATED from thin air.
And the lemmings are so eager to "discuss IT deficiencies in the spy ring", never questioning the original lie, nor the spurious, empty "information" about those people's computing habits.
How sadly typical for americans.
Family Guy
A house divided against itself cannot stand.
Anyone who says that Ana should be held responsible for her share of IT-related shortcomings obviously overlooked the fact that 'she is made for Love' - to suggest otherwise would be to deny existence of Marvin Gaye.
Spy devices require an antenna that actually transmits something, so apple products are quite safe to use. Atleast the new iPhone
There are no atheists when recovering from tape backup.
They were doing all this to blend in. If they actually took security seriously, they would have been very obvious and suspect.
'Earlier, in describing his reaction to a successful wireless transfer, SEMENKO said he was, "like ... totally happy."'
Note to self: In order to make a spy "like ... totally happy" fix their computer!
So, we've established that they really were spies? Anyone got a link? I might be a little behind the news cycle on that.
Flappinbooger isn't my real name
There is more reason to spy on your friends than your enemies.
I'm a minority race. Save your vitriol for white people.
Mods: Insightful, really? Funny, or even Flamebait I can see, but not Insightful.
Know why the men in black suits didn't really go to your door?
They already know the answers to the questions you think they'd ask.
The "asking questions" is just a polite formality. Its a lot easier and gets less attention if you walk to their car, rather than if they have to drag your freshly dead body. That, and it leaves less of a mess in their trunk. :)
Well, unless it was a "tragic incident during a home invasion." Or in the case of Drew Peterson's ex-wives, it could be a tragic accident at home, where you slip in the tub or fall into a barrel. Hey, accidents happen, right? I guess it's better than to be a guest at the Dahmer residence. Mmm, those hamburgers were good, where did you get the meat?
Ahhh, humans, you gotta love 'em. We always come up with creative ways to kill each other off.
[checks his pulse] Nope, they haven't gotten me yet.
Serious? Seriousness is well above my pay grade.
Anna Kuschenko (Chapman) was owning and running a successful real estate business http://www.domdot.ru/ . Colleagues say that she was thinking and working on it 7/24.
It is a successful business on the international scale. She was selling apartments and houses in Spain, Bulgaria, Poland, UK, Russia, USA, etc. She was making it big time. They say it is growing like a Second Google.
It is a pity that this nice girl is being sacrificed by priests and patricians on the altar of Greed via this fabricated story. Placing such a girl in a disease infested prison is like killing.
Next time it may be another business, say, yours.