Slashdot Mirror
With Better Sharing of Intel Comes Danger
Hugh Pickens writes "Ellen Nakashima writes in the Washington Post that after the intelligence community came under heavy criticism after 9/11 for having failed to share data, officials sought to make it easier for various agencies to share sensitive information giving intelligence analysts wider access to government secrets but WikiLeaks has proved that there's a downside to better information-sharing. To prevent further breaches, the Pentagon has ordered that a feature that allows material to be copied onto thumb drives or other removable devices be disabled on its classified computer systems and will limit the number of classified systems from which material can be transferred to unclassified systems, as well as require that two people be involved in moving data from classified to unclassified systems. The bottom line is that recent leaks 'have blown a hole' in the framework by which governments guard their secrets. According to British journalist Simon Jenkins 'words on paper can be made secure, electronic archives not.'"
>"To prevent further breaches, the Pentagon has ordered that a feature that allows material to be copied onto thumb drives or other removable devices be disabled on its classified computer systems"
Yeah, like that is really going to make THAT much of a difference. Oh- make sure to remove all printers too, prevent all Email/IRC/IM, cut and paste, CD/DVDRW, etc. I suppose I can't criticize them for trying, but no amount of stuff like that is going to prevent information leaks if someone wants to leak information. It is no different than DRM.
If things are done right, it can be made a true pain to get such documents off of government machines. Now whether the pentagon would be willing to be smart about this, I doubt.
Come on, using a headline with Intel in it meaning something other than the company, on a geek site? Avoid the jargon and it becomes unambiguous: "With Better Sharing of Gov. Intelligence Comes Danger" (though using the words intelligence and government in the same sentence keeps making me do a double-take)
Words on paper can be made secure because they're fucking worthless for replication and transfer.
They'd be even more secure if chipped into clay tablets in cuneiform.
What I don't understand is why a low level intelligence guy in a forward base in the middle of nowhere had access to diplomatic cables from say, China.
Information is traditionally doled out on a 'need to know' basis. Yes, the intelligence agencies got nailed for closeting information before 9/11 but surely the answer to that is not 'information wants to be free'.
Faster! Faster! Faster would be better!
Actually, they're only disabling "write" capability on the thumb drives, so they'll still be able to get viruses from reading them. Didn't they learn anything from Buckshot Yankee? How about no flash drives or portable media? How about not bypassing controls? Although I do feel bad for the Pentagon. They've created a "secure" network with 3 million users. It takes just one schmuck to make it insecure.
This is precisely the outcome that Wikileaks was looking for: Assange's plan has been to leak information in order to make those who wish to keep secrets paranoid, so that they clamp down on their own internal communications and become less effective:
The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive “secrecy tax”) and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption. Hence in a world where leaking is easy, secretive or unjust systems are nonlinearly hit relative to open, just systems. Since unjust systems, by their nature induce opponents, and in many places barely have the upper hand, mass leaking leaves them exquisitely vulnerable to those who seek to replace them with more open forms of governance.
Sharing secrets with more people MAY have a risk of more people knowing your secrets. Shocking.
Seriously though, adding a bunch of people/agencies that can see your data is bound to result in some turbulence trying to maintain similar security levels. I wonder if people can still print?
If we didn't mark everything under the sun as classified it would be a lot easier to keep the stuff we need to keep secret that way. Only about 5% of what WikiLeaks has put out ever needed to be classified to begin with, and 95% of that didn't need to be classified anymore.
I spent about five seconds staring at the title of this post, then I realized that "Intel" as in the processor company was the same word as "Intel" as in intelligence. Mind blown.
The real problem is the US government killed innocent people and covered it up. A soldier with a conscience decided his government should fess up and released all the documents. If the US government had been honest about it's mistakes and misdeeds, there would have been no motivation for a leak. When the US government breaks it's own laws and goes to great lengths to obstruct justice, it can expect this kind of release of confidential information because American soldiers have also been taught to do what is right. Forcing the government to admit it's illegal actions is the right thing to do.
" 'words on paper can be made secure, electronic archives not.'"
Really? Really? You really said that and seriously meant it?
Guaranteed! This comment 100% Anthrax free!
invent a new language. make every public official learn it. all nitwit officials will be discouraged from becoming career politicians.
Sharing of AMD is even worse.
Of course it has to be a binary switch. You must either share all documents and be insecure, or not share any documents and be totally secure. Any middle ground is impossible. Thus the correct response to WikiLeaks must be to lock down all the documents and make sure nobody reads them at all. Only this will keep us safe!
That sounds like the same kind of logic that comes from a town that sends troops to Iraq in response to a threat from a man in Afghanistan, or that would like to repeat the policies of Herbert Hoover in response to a big recession, or would rather raise the retirement age on working stiffs than tax billionaires at 1999 rates. As always, these conclusions are treated as an inevitability -- there's just no other way to go.
Intel doesn't share, it isn't open source. Intel is in business to make money.
Surely I am only one of five zillion who read the headline wrong.
While I was serving in the military and handling classified material on computers the regulations on data handling were quite clear. Classified material was never to be stored or manipulated on an unclassified system. Furthermore, even on classified systems the classification of the system set a maximum clearance level, material classified secret could not be handled on a classified confidential system, etc. You could handle confidential on a secret system but then it could never be put back on a classified confidential system. I can understand, in light of the 'connect the dots' problem that you need to have access to pretty much all material in the hopes someone will get the 'Eureka' moment but storing, even allowing access the wrong way is what gets you into this kind of mess and supposedly we had procedures to prevent it. Obviously not after 9-11.
And on that topic, post 9-11 changes, the Republicans, and Democrats when they wake up to this fact, can stick it. The post 9-11 changes to the handling classified material happened under a Republican administration at the behest of (severe pressure from) Congress on both sides of the aisle. As with the mortgage meltdown, Congressional members are pointing everywhere else but at themselves.
"[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
More sharing is needed, and clearly they've done that to at least some extent. The problem is they included too many people in that sharing. Full access to "everything" should be limited to specific analysts with top clearance, and years of experience doing work under clearance (and thoroughly background/personality checked). It should NOT be for front line soldiers, which instead should have limited NTK access.
now we need to go OSS in diesel cars
So we should invest in AMD then?
Forward and fast, or backward and damn slow? Information sharing and collaboration have pluses too, denying it you are probably doing more damage for sure, and in a far broader area than the eventual leak of it could do. You have to take a compromise between security and functionality, and being aware what will cost those security restrictions.
Politics would be simpler if we could peek into our future to see what will bring our choices, too bad those damn blue butterflies are waiting for us right there.
TFTFY Timothy
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
The approaches do need to be more sophisticated.
You mean like using a cell-phone camera to take a picture of a screen?
You can also encode a LOT of info into just one jpg or png of the family dog.
As for printing, you can use a 600dpi laser to output the whole bible in encoded format on 5 sheets of paper. So yes, you could walk out with 250,000 cables pretty quickly.
While I was serving in the military and handling classified material on computers the regulations on data handling were quite clear.
Of course this changes in both time and place... I was in the us army early 90s era so your experience will probably vary.
You could handle confidential on a secret system but then it could never be put back on a classified confidential system.
Obviously allowed, not never, although it happened via certain procedures not just randomly shuffling data.
For an obvious close personal example, the fact that my ASP had a particular crate of 5.56mm rounds with a certain NSN and lot number is not sensitive (more like, "duh") but an aggregated report of all ammo supply stocks for the entire theater, held a much higher classification.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
This weekend SNL skit sums up Julian Assange for the self centered egotistical asshole he is.
Is leaking secret U.S. government documents that different from leaking photos of Paris Hilton without her underwear on?
Not really, according to "Saturday Night Live." On this weekend's edition of the NBC show, hosted by Robert De Niro, the cast took aim at WikiLeaks founder Julian Assange, comparing him to Harvey Levin, the editor of the muckraking gossip website TMZ.com.
During the sketch, a message from President Obama (Fred Armisen) gives way to a staticky screen, which then reveals a greasy version of WikiLeaks founder Julian Assange (played by Bill Hader).
"Hi America, I have taken over your airwaves," he says in an Australian accent. "The leaks did not inspire a revolution as I had hoped, so tonight I present a new WikiLeaks, where the leaks are even more embarrassing and the details are even more sordid."
The screen flashes the title, "WikiLeaks: TMZ."
Hader then appears in a parody of the TMZ.com television show, in which he plays Harvey Levin, the creator of TMZ.com.
"Looking for world leaders behaving badly, come on," he says to his staff, who proceed to throw out footage they have recently gathered.
One shaky video shows Muammar Gadafi (Armisen) leaving a restaurant with a Russian prostitute (Kristen Wiig) by his side while another video shows Hamid Karzai (De Niro) dropping a suitcase full of money after claiming he doesn't "take bribes."
One last video shows a panties-less Hilary Clinton (Vanessa Bayer) flashing the camera.
"Do I suck a little bit?" Assange asks in conclusion. "Yeah, I do. [But] you try me for treason [and] you can’t, I'm from Australia."
Last month the WikiLeaks founder was attacked by President Obama and other heads of state around the world after his online whistle-blower group released thousands of State Department documents that included candid assessments of allies and enemies worldwide, not to mention inside information relating to wars in Iraq and Afghanistan.
Read more: http://www.nydailynews.com/entertainment/tv/2010/12/05/2010-12-05_saturday_night_live_mocks_julian_assange_with_wikileaks_tmz_parody.html#ixzz17HFIDQ33
For example, officials said they were disabling all "write" capability to removable media such as thumb drives or disks, on DoD classified computers,
Can someone take pity on me and explain what the heck they are talking about here? Unless a "classified" computer is very different from a regular one, I don't understand how that is possible. I guess you could try to desolder and remove all of the external USB and/or esata and/or firewire ports from the motherboard in addition to removing any pins on the motherboard that are made to give you additional ports. Wouldn't you have to also remove any unused PCI slots as well? Even after doing all that someone could just open the case and plug an internal drive into a spare sata port and PSU power connection. I guess you may be able to defeat that by removing all the sata and pata ports from the motherboard except for one port for a connected hard drive. You couldn't have multiple hard drives because someone could just unplug one.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
You really want to tell me that up to now anybody could put in his 64GB USB drive and copy all the data he/she wants to copy? Seems relaxed to me taken into account that probably the entrance is guarded by an armed guard.
The issue that concerns them is being denied the ability to keep secrets. If the majority of humans weren't so selfishly short-sighted, they would recognize this simple and obvious truth:
Keeping secrets doesn't preserve democracy... instead it enables tyranny.
Keeping secrets NEVER serves the Common Good; instead it serves selfish tribalistic goals. That tribe could be an entire nation, or more likely it's an "elite" minority within a nation seeking to gain or maintain dominance and exploitation.
This is why the so-called open source movement is far more profound than people realize; it's not just about software, it's about putting an end to ALL secrets and finally achieving true freedom for all (as opposed to a few). We need open source government, and an open source government doesn't keep secrets and doesn't need information-sharing lockdown protocols.
You can make words on paper secure? Really? Are you sure about that? I seem to recall at least one time when that wasn't the case. I seem to recall some "Top Secret" level documents that got out. You may better remember them as the "Pentagon Papers". Oh and then I remember another time someone leaked information and a few papers to the newspapers. You might remember it better as the "Watergate Scandal".
http://en.wikipedia.org/wiki/Pentagon_papers
http://en.wikipedia.org/wiki/Watergate
Now what was that about words on paper can be made secure but not electronic archives? They are both the same. You can make them secure, but if someone wants to release the information then there isn't much you can do about that. The human being in the equation will always be the weak link. Someone committed to releasing the information will find a way eventually. History is proof of that.
This is a downside to the government doing something that they don't want others to know about in the first place. The downside comes from the fact that this information exists, not that it leaked. The quote on the bottom of the page is very appropriate right now. "Truth is hard to find and harder to obscure"
A better byline for this article might be: With Better Legitimate Sharing of Intel Comes Increased Illicit Sharing of Intel. The danger, if there is any, is unclear and certainly not mentioned in this article.
WikiLeaks is showing that there are multiple problems with the government in the US. There is a problem of making sure people aren't walking out of buildings with information that they shouldn't. There is the problem of our government telling us one thing, and the truth being something completely different. Everyone thinks the leaks were this super secret, bad for the troops and the country, information. Remember none of this is "Secret" or above. This is all stuff classified "Sensitive". So I can't imagine that operational details that would effect anyone would only be classified "Sensitive" that would be kind of crazy. Also names of common people are being redacted, so as not to cause them any problems.
Security classifications starting at the lowest level for the US are: Controlled Unclassified Information, Confidential, Secret, Top Secret, and Compartmented Information. "Controlled Unclassified Information", such material might cause "undesirable effects" if publicly available. It controls who is allowed to see these documents. This is not a clearance level but rather a classification level for documents. "Confidential", such material would cause "damage" or be "prejudicial" to national security if publicly available.
That is what we have here, confidential documents. Documents that they didn't want getting out because it would make them look bad and show that they lied. The person who stole these documents was a first class private. He didn't have access to "dangerous" secrets. There would be no need for him to have a "Secret" or "Top Secret" level clearance at his rank.
Did he steal? You bet. Is he going to jail over it? I would be surprised if he didn't. Is WikiLeaks a terrorist organization? Don't be silly, if they are then so is every newspaper who posted the same information, and there are dozens of mainstream news outlets that posted this information. There are even a few newspapers who printed the raw cables not redacted with the names of even common people showing. WikiLeaks has made sure to redact all the common man/non-pubic figure names from the cables before posting them on their website.
We still have freedom of the press in the US, and it doesn't say who is allowed to be press and who isn't. The Supreme Court has ruled that the media outlet that receives these documents can not be held liable for their theft. The media outlet can release the information if there is clear news value, and value for the public to know the information. Does the public need to know the government lied? You bet they have a right to know that. Does the public have a right to know officially that friends of the Saudi Arabian government are funding Al-Qaeda? You bet. Does the public have a right to know that the US is bombing Yemen rather than the Yemen government? You bet. If none of this was news worthy they wouldn't be printing this information, they would instead be just talking about the leak of information.
I know a lot of you guys are AMD fans, but seriously I think you're being a little over dramatic about them having a higher market share...
http://pcast.ideascale.com/a/dtd/76207-8319
http://groups.google.com/group/openmanufacturing/msg/2846ca1b6bee64e1
Imagine these sorts of things applied to, say, medical research and trying to understand how a money trail affects research results...
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html ...
"Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all. Cheap computing makes possible just about cheap everything else, as does the ability to make better designs through shared computing.
There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all. "
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
They know a lot about the subject of preventing copying in the digital realm, thus solving the problem forever. FOREVER.
The material in question was too widely distributed to be considered secure. We can assume that any non-US intelligence agencies that really wanted copies has them. (Diplomatic cables are probably not as useful as technological, commercial and military secrets) Now the press has them and it's an issue?
"With better sharing of Intel Comes Danger"
I love this stuff. What Danger?
We are being told that this release of information has harmed the ability of the U.S. to carry out diplomacy. In what way? That we tell lies and other governments tell lies, and now some of these lies have been exposed? What was the "Danger"? Wasn't the danger in the telling of the lies in the first place? Better sharing of Intel didn't bring about this danger.
Besides, if this data dump was so easily acquired (I am assuming the obvious here, that Wikileaks never had to go all "Tom Cruise/Mission Impossible" to get it), surely the data dump was no surprise to various other governments. I'd even guess that this is a fraction of what our enemies know about what we have been saying to ourselves for decades. How could it be otherwise?
So the "Danger" is that increase sharing might also include the public? If there is a change here, it is that the public got into the loop. Is it possible that they might have to abide by a higher level of ethics to avoid embarrassing lies coming out in future leaks? Is it possible that this is the "Danger"?
I am struggling here. So far I haven't heard about anything leaked which can be properly described as a "Danger" appeared with the leak itself. All of the best tidbits I have heard so far that might cause some diplomatic ruffle are due to actions that either 1) Should not have occurred (agreements to lie to the public), or 2) Need not have occurred (Let's call Putin "Batman").
I don't like to negotiate in business with people that live in secret worlds. I don't like the fact that our government loves secrets. The default for government should be to play their cards on TOP of the table, face up. When secrets are really necessary, they become easier to keep if their numbers are few, and the period of secrecy is of very short duration.
Run away! and give us your money!
Probably, but it's also much harder to search for a document in paper format.
Electronic format is definitely the best way to find all references to a given information.
Instead of forcing the use of paper, which is the dumbest possible move, intelligence services should reduce the access to documents to the smallest possible number of people.
If sensitive documents are leaked, it means that people who had access to them shouldn't have.
If 3 million of people had access to Wikileaks' documents, this means that they were not so secret !
So far we haven't actually seen ANY downsides of the wikileaks...
* We saw a german official get fired for leaking information to a foreign state
* We saw the Yemeni government conspiring to lie to its people
* We saw the UK foregin office trying to lie to the UK parliament about breaking international commitments on cluster bombs
* US secretary of defense Bob Gates explained that the leaks haven't hurt the US
There have ben only upsides so far.
According to British journalist Simon Jenkins 'words on paper can be made secure, electronic archives not.'"
That's bogus...anything can be made secure - except people.
But you can make people a lot more secure if you try to avoid screwing this, that, or the other people to help not your nation but a few corporation and/or individuals who are interested in gaining an advantage in trade in the region or access to or a monopoly of the region's resources.
Keeping secrets requires idealism; the most potent solvent for idealism is corruption.
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
Hill ... of the Bill&Hill team broke the first rule of intelligence work: if confronted repeat the words "I CANNOT CONFIRM OR DENY."
What did Hill do? Confirm that she should have never been CONFIRMED, as Secretary of the U.S. Department of State.
In reality ... much lack of that these days ... the documents that WikiLeaks released are still in the "clamed to be" catagory of
whether they are the REAL cables or fabrications.
In a REAL court, a witness will have to come forward, one who is NAMED in the documents to confirm their authenticity. Until that ... all this is theather.
However, now with Hill's blessing are elements of S.A.S. and US Army, under directions of the Ministery of Defense and CIA targeting Assange, his Lawyer and Assange's mother for assination?
Likely Assange's mother will fall ... i.e. murdered by S.A.S.
This will be to encourage Assange to be arrested and talk ... about those involved with the hacking jobs.
This will in some respect deminish William Gates from ordering the beheading of Cpl. Manning ... currenly on death row at Quantico Marine Corps Bace, Virigina, U.S.
However, Barak Hussain Obama want none of this and only wants Assange dead.
With an idiot like Obama in charge ... its tough to do a good job in the intelligence community.
--308
IIRC, one of the great pushes in early mainframe research was being able to have a single machine be able to deal with documents with varying security levels, and use least privilege when moving data between levels. This way, someone could copy and paste from the same level to a high level, but not to a lower classification.
What the US Government might have to do is re-engineer from the ground up a secure computer.
On the CPU level, to use Intel Corp.'s terminology, most systems have a ring 0, and a ring 3. What might be needed is a fundamental change to a ring 0 for security and crypto libraries, ring 1 for hardware I/O, ring 2 for computer-wide modules/drivers/HIPS (host intrusion prevention system) [1], ring 3 for the hypervisor code, then have separation of the VMs, where each VM has supervisor/user modes. This way, even if a VM gets compromised code running in kernel space, it only will kill that CPU, and not do much else barring instructions like the F0 0F bug or ways to get through at the CPU IDE level.
Add TPM functionality (VM starts, every stage does a hash check of the next stage, passes it to the TPM and if there is any differences, the VM is frozen or turned off), and this would be a decently reliable way to protect against local tampering. The trick is to put this functionality in the CPU as opposed to another chip so someone wouldn't be able to add a logic probe. Add tamper resistance to defend against uncapping, and this is a fairly reliable (but nowhere near 100% secure) way to defend data.
Another way to protect VMs is to have a way to freeze the VM, have a process lower in the CPU level rings scan the VM's memory space for signatures of infections or compromise then either unfreeze it and let it continue on its merry way or shut the VM down. Of course, this would mean possible arms race for malware to try to hide its traces, but in RAM, software has to be able to keep running somewhere, and it is a lot hardware for malware to hide when it isn't running (and can hide its traces like a rootkit) as opposed to if it is inactive (like booting and doing a scan with a Knoppix CD.)
Of course, this wouldn't be 100% secure, but having computers designed from the ground up for it would go a long way into not just protecting data for the US, but everyone. Keep bank data at a high classification level, Web browsing at a lower one, and if the Web browser tries to fish into the bank data's space, the hypervisor or OS slaps it. Or a MMO's authentication is at a high level, but its game play is at a lower one, so if the context of the MMO gets compromised, an attacker would know the one time use cookie for the character on the zone server, but not be able to get account information. This essentially is how mainframes have been designed, and it is really rare to hear a report of a compromised mainframe. You might hear of a hacked LPAR, but not the whole machine being taken over.
[1]: This can be used to ensure a VM can be configured so it cannot saturate I/O channels, as well as detect if the hypervisor gets compromised and stop that in its tracks.
I love this stuff. What Danger?
My dear sir, the danger is to politicians who want to stay in power by concealing lies, mistakes, cowardice, knavery and ignorance.
Rich And Stupid is not so bad as Working For Rich And Stupid.
And this is what happens when you do not have access to information: claims, opinions, but no thought or reasoning behind to support them.
The Danger is that if/when the american public is exposed to the truth about these matters, there is a high risk of ordinary folks developing and demonstrating rational thought.
If a higher percentage of the american public were capable of rational thought, there might just be a mass take-up of that offer in the constitution for the people to dispose of their corrupt and tyrannical government.
The German guy who got fired (had to resign, actually) was not an official, he was working for his party. He also (probably, IANAL, developing story and all that) didn't do anything illegal, he just misused the trust bestowed upon him. Which probably is worse, even though I don't see how his party (FDP) was in any way hurt by him telling the progress of their coalition dealings with the CDU to the US. Just a jerk trying to be important. And probably the wrong person for the job.
I was fairly disappointed by the first day of this wikileaks release. So American diplomats report back to their foreign ministry about the politicians in their host country, and write the same thing the local newspapers are writing? Wow. What a revelation! Made me lose interest very quickly.
secret documents are not allowed on internet connected computers so no email/irc/im. Gov/military Network admins are supposed to be monitoring all network traffic for stuff so that would/should be caught if sent from unclass machines. Blocking cd/dvdrw as well as usb is basic common sense (force all transfers of data through authorized channels). And while they are at it, might i suggest blocking usb autorun to block viruses and spyware. And that only leaves the printers. Unfortunately the only way to block that is with physical security, like marines at the door checking bags.
I was in the US Navy for nine years, and the system we were using was WinNT.
That was later shifted to an OS called "IT-21". It was a custom version of WinNT that had been cobbled together by SPAWAR. MS actually let them have the source code, so they could customize it. There were all kinds of tweaks, dibbles and fidgets added to it, but the biggest was to disable the USB ports, COM ports, and prevent the system from writing any info to the pagefile.
Now, blocking off the pagefile was a touch of brilliance, but blocking the COM ports meant we couldn't hook a teletype to the computer. So when we were doing HF teletype exercises, messages either had to be loaded using Win98 or done by hand.
And once the newer printers started coming out, blocking the USB ports gave everyone conniptions.
For a while there, they played around with preventing the OS from writing anything at all to the floppy drive, but that lasted all of 1 day when comms shacks all over the WORLD started calling SPAWAR support, screaming about how they couldn't load the CO's traffic to disk.
Soon, the patches came out, and IT-21 became just another hunk of crap we had to deal with. As time went on, we dumped it for Win2K. Before I left, I saw people using Vista Premium for classified traffic, so I doubt things have changed all that much.
At the end of the day, it comes down to three things:
1. Don't do shit that will make your people question your ethics.
2. Screen out people who are, themselves, unethical.
3. Trust but verify.
[End Of Line]
Information sharing is essential to mission performance, and security is always in the support (never control) role, unless you're idiots.
Thumb-drives/SSD are an excuse not the problem.
Fix the security problems or perpetuate the mistakes.
911 was a failure in information sharing. Field security folks (CIA, FBI...) did their jobs, but C*Os parochialism caused failures.
Do you address the excuse or the failure. To fix the problem you must rationally troubleshoot the failures, and not address reactionary excuses.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
tomhudson is a lot of talk only. tomhudson is not capable of doing that himself (not without looking it up on wikipedia or other sources first). Who the hell is tomhudson? Nobody I've ever heard of after all. He's just another "I read it someplace and can spit it back on slashdot for mod up points" is about it. Hence why his posts lack details. He isn't capable of producing those details of how things are done is why, not without looking them up and copy pasting them here.
> 'words on paper can be made secure, electronic archives not.'
What about the Pentagon Papers? They were photocopied. Thousands of pages.
Tell us how you really feel. I think he sounds cute
The new right fascists are bilingual. They speak English and Bullshit.
The most deadly words for an engineer. 'I have an idea.
The most depressing words for a programmer. "It's just a minor modification and can you make it blue?"
The new right fascists are bilingual. They speak English and Bullshit.
Security and Openness are always opposites. By definition.
Look at how military compartmentalization of top secret information is done. It's about assuring that information is as immobile as possible between (human) nodes. There are elaborate "need to know" criteria and even when you need to know, you have weekly security reviews, document control, daily 3rd and 4th party safe checking, etc.
The entire point is to generally never share information between any two secured nodes and to provide a "cell-based" detachability to the minimal sharing that must occur. This goes to the very definition of information transfer inefficiency. It's central to having secrets. Nothing that maintains secrets well can ever be efficient because aggregation both implies the secret and allows the inference of new unclassified yet desireably secret conclusions. You can't ever have secrecy with effectiveness and speed of collaboration. Pick two. That's all you can ever hope for.
When I held a TS clearance, I was briefed into a program that involved knowledge atoms A, B, C and D. My office mate was ostensibly working on a different program and I couldn't even mention that A, B, C and D existed, let alone what the details were. As it turns out, when our projects were downgraded, we learned we'd both been briefed into an overlap that included A, B, C and D material. Yet we slaved along for 2 years in compartmentalized ignorance on the same basic problem space that would have been cheaper (our estimate was $250M easily "wasted" or "invested" on compartmentalization) and faster (we estimated we'd have both been done in 6 months if we'd worked openly together).
Since that point I came to realize that classification is mostly (90% of the time, conservatively) about political CYA and illegality than it is about protecting vital secrets or technologies. The government is usually behind the times on the latter anyway but doesn't know it because private industry doesn't generally advertised their proprietary methods and technologies without good reason - often something is delusionally classified as if it were original when it's not. At the end when I was briefed in to effectively collaborate in a lie to Congress I decided to opt out of doing any classified work as a result and have vowed to never do such work for the US government ever again under any circumstance.
The only danger that comes to my mind is high voltage.
http://www.youtube.com/watch?v=2a4gyJsY0mc
Wow. I'm amazed by the sheer amount of faggotry (4chan made me say it) involved in the analysis of this incident. The US has not practiced proper information security for the last 20 years. Let me repeat that point. The United States of America has not practiced proper or anywhere near intelligent information security for the last 20 years. Their policies are outdated (still focused against Soviet spies who didn't know how to use computers), and they are now reaping the effect of not initiating change for 20 years. Any organization so stuck in the mud about its policies deserves as much and more.
One of the basic rules of information security is to prevent secure information from being taken outside your system. That's a big fucking clue right there. Prevent. As in turn off the ability to connect external drives. Whether they be USB, SATA, or fucking firewire. Also as in implement an air gap network that is completely unconnected to the internet as a whole. They have their own internal network, but what good is all those fancy systems going to do if I can root their boxes from Singapore? Firewalls won't help that much, easy enough to buy hosting down the street from any US army base.
So yes, they are idiots. After all, they didn't update their information security policies for 20 years...
`Assange has previously accepted that his uncompromising commitment to transparency might ultimately cause him and his fellow WikiLeaks insiders to get "blood on our hands."'
`I asked Assange if he would refrain from releasing information that he knew might get someone killed. He said that he had instituted a “harm-minimization policy,” whereby people named in certain documents were contacted before publication, to warn them, but that there were also instances where the members of WikiLeaks might get “blood on our hands.”' link
When I worked as a contractor for the military, all computers had their USB ports disabled, we weren't allowed to have phones with cameras or bring iPods or other external storage devices, and we weren't even allowed to use wireless keyboards or mice for fear that someone could pick up the signal from outside the building (apparently they had never heard of van Eck phreaking: our monitors were normal Dell CRTs). In some locations we couldn't even have cameras or iPods in our cars in the parking lot. Note that most of us didn't even have secret clearance: the stuff we were working on was export controlled and protected as trade secrets, but for the most part it wasn't classified. It seems that the military is more trusting of its own personnel than it is of its contractors. It seems that they are rethinking that position now.
a story, about a story, about a fairytail nightmare work of fiction. the truth remains safely hidden/ignored.
If you vote and pay tax you *are* the government. The fact that you are not the government is because of, um, a conspiracy. The conspiracy may not care for your "rights" but it sure as shit is scared of your opinions *when* you are informed.
This is a battle the conspirators cannot win - even if they restrict all their secrets to whispers and secure paper. Very little that has been (or will be) leaked is a surprise - it simply confirmed what many have suspected but been unable to prove. If I told people that American interests introduced heroin to Australia, and toppled a government I'd be mostly ignored (or sedated) - despite a coronial inquiry and a court case (Falcon & Snowman).The sheeple believe what they want to believe and the conspiracy continues to grow.
Previously I could browse web sites where people exchange theories as to who killed JFK (if I wanted) without affecting my clearance - now I would be very cautious about reading articles about wikileaks, and definitely wouldn't directly access the site (or mirrors). And if I told people something that is confirmed by a wikileaks release sometime in the future - I could expect unwanted attention.
Wikileaks changes the dynamic by casting doubts amongst the conspirators - cramping their style, crippling their growth, and feeding their paranoia. They are not the press who can bought or silenced. They are not easily identified by their locale (universities), ramping up penalties for cannabis won't be effective, and it'd be kind of difficult to criminalise computers.
You can't run a global conspiracy with secret handshakes and scribbled notes - you need a surveillance apparatus and computing power. Which means operators, administrators - more people to be trusted.... and always the nagging fear that the network might be penetrated (CIA using Tor was a clever idea right?).
Leaked pictures and printouts are damaging - but all that really is needed is the information, and sometimes, not even that. What's on screen or disk is no less damaging than what's overheard in the lift. Damage is done by the fear of loss of control (of information) - doesn't really matter whether the loss is real. It's the idea that "us" and "them" aren't defined by who's inside the tent and who's out, that most damages a conspiracy.
If my guess is correct then next, we'll have to deal with paranoid conspirators jumping at shadows, and vigilante sheeple defending what they see as the rightful leaders (Botherding DDOS superhero and "hackers" who "wouldn't normally contact the authorities").
Of course I'm almost certainly wrong - the economic situation is better than I thought, General Motors and Ford will rise again, huge new oil reserves will be found, child molesters will be arrested (instead of their web sites being blocked), no child shall go hungry, Maquarie Enterprises will repay all their loans whilst making a profit for their investors, work-for-the-dole coupled with outsourcing will revitalise the economy, and the ability to extrapolate will be proven unnecessary.
It's not just the Assanges and Mannings that scare them now - it's us.
Used to be the conspirators were the ones with the fake smile and the firm handshake - right now they're just a little worried we don't believe their lies, and that it might be our smiles that are fake.
Thanks Julian (and others).
Now I need to kick back and unstress - maybe watch a movie, a legal copy of course!
Hmmm, let's see.... Brazil, that sounds good
Thanks for the reply. You make a lot of good points. Still, the availability of such tools might help more people in the general public develop better analytical skills and learn more about context for various issues, so, the fact that most of the public could not make great use of such tools now does not mean they might not change that by their availability, or that the few who could use such tools might not use them to good advantage in all sorts of areas, building on tax-funded research.
Consider, what would it be like to apply this to, say, medical information research information, first?
Here is derived from something I just posted to a (private) forum on Dr. Fuhrman's site ( http://drfuhrman.com/ ), in reply to something he wrote including a mention of limited time (in a reply to some posts I made about vitamin D issues). You can think of what I suggest here as an example of how the same sorts of tools created for intelligence analysts might be very useful in other contexts. I just joined that forum a couple of days ago (there was an offer for a free six weeks, since expired), but I feel a bit frustrated to be writing stuff that gets stuck behind paywalls (same as when I post to private mailing lists), so it is probably not a place I will keep up with that much. (I'm not necessarily opposed to private-seeming spaces for people to discuss medical issues, but it is sad to think of all the information lost from them to general knowledge. There is also potentially the issue of financial obesity being as serious a problem as physical obesity. :-)
=== Better open tools for nutritional research communities
Dr. Fuhrman, thanks for the reply, and thanks for creating so many great resources and helping so many people, including me and my family.
[Comments snipped on vitamin D issues, linking to: http://www.grassrootshealth.net/recommendation ]
On having time for combing through the conflicting medical literature and conflicting models, I might suggest that addressing that issue with better tools may be even more important than doing more nutritional studies with the Nutritional Research Project [that Dr. Fuhrman is involved in http://www.nutritionalresearch.org/ ]. Sometimes we don't know what we know. :-)
Basically, in your mind you were able to integrate all these studies leading up to your books. How can you make it possible for everyone to look at the literature and come to similar conclusions for themselves, in an open way?
One possibility is with structured arguments about health topics, and also including a way people could look at the information from multiple perspectives, and so on. This vitamin D issue is an obvious starter issue, but there are many others where, without necessarily taking sides, one could encourage free form discussions like in these member forums, as well as more structured ones, and somehow have the result be like a Wikipedia of progressive medicine. Wikipedia is not the right model, but I mention it as it is well known, and it is a success to some degree, even with a lot of controversy.
Here are some other examples from SRI (my wife helped a bit with them).
From:
http://www.ai.sri.com/~seas/
"EAS is a software tool developed for intelligence analysts that records analytic reasoning and methods, that supports collaborative analysis across contemporary and historical situations and analysts and has broad applicability beyond intelligence analysis."
From:
http://www.ai.sri.com/~angler/
"Angler is a tool that helps intelligence/policy professionals Explore, understand, and overcome cognitive biases, and Collaboratively expand their joint cognitive vision Through use of divergent & convergent thinking techniques (such as brainstorming and clusterin
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Thanks for reporting me! :-)
My rationale for that: ... Although, obviously, that is a metaphor, and my objective is analysts being reborn mentally as post-scarcity beings instead of any dying physically as depicted in that comedy sketch. The best way to deal with potential enemies is to make them into friends, a strategy idea lost on the previous US administration. That is why the USA has so many more enemies than it used to have compared to the 9/11 days of "We are all Americans"..."
http://groups.google.com/group/openmanufacturing/msg/ae28e8971f8f9669?hl=en
"Maybe I'm trying to make the OM list the post-scarcity social consciousness raising equivalent for global intelligence analysts of "The Funniest Joke In the World"?
I may be going down someday from some random martinet unwilling to understand about intrinsic security or mutual security or true patriotism, but I hope the message in my email sig will continue to spread, and the world will someday be a better place for all our children and relatives and friends and so on across the globe. :-)
http://www.blessedunrest.com/
And along the way, I hope more potential enemies will be turned into friends, just like Tadodaho eventually combed the snakes from his hair in the Haudenosaunee (Iroquois) story:
http://www.pdfernhout.net/on-dealing-with-social-hurricanes.html
My sig had to be shortened for slashdot; the longer version is: "The biggest challenge of the 21st century is the irony of technologies of abundance in the hands of those thinking in terms of scarcity."
Which then implies, eventually:
http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html
http://knol.google.com/k/paul-d-fernhout/beyond-a-jobless-recovery#Four_long(2D)term_heterodox_alternatives
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
I'm going to have to be careful here.
I think they're going to go towards thin-clients. Which means that you won't be directly putting your leak into 'encoded' format for taking out of the workcenter, because even if you have a printer(and those are going away in a lot of places), you won't have the software to do the encoding. Plus, cell phones are already forbidden around classified workstations.
Basically, the 'new' security model is going to end up that to 'leak' documentation you're either going to have to hand write it or sneak in an active digital device like a camera, and even then be restricted to taking pictures one screen at a time. In an area where you're subject to random searches and aren't supposed to have any personal electronics anyways.
I don't read AC A human right
http://www.bullies2buddies.com/
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Correct me if I'm wrong... but didn't the guy who linked the documents to wikileaks do so by comping the files to a CDR/RW disc?
I think the meaning intended was roughly: "With better sharing of intelligence data amongst multiple divisions of government comes an increased danger that with the larger number of people with access to it will come a corresponding increase in the incidence of leaks."
If you've done nothing wrong, then you have nothing to hide... Isn't that the justification for the government's constant intrusions on personal privacy? Funny how that only works in one direction.
Think about it next time you are forced into a electronic strip search, or have a wage slave grab your balls, just so you can fly home for the holidays.
The problem is not the media, but the access to data. Given the breadth of the information topics, no one below cabinet level should have been able to see it all, much less some low level clerk. This was a failure of the need to know policy, and the attempt to blame wikileaks or the clerk for the release is clearly an attempt to disguise the failure of method. I covered the technology and ethical issues at length in a blog post when it happened.
I have held DoD and DoE clearance, and have worked with information control for companies like GE and SBC (now at&t)
The two person rule is common for handling of classified material, but it's only as good as the people involved. After a break-in period, people generally become comfortable with each other and don't typically feel the need to scrutinize each other's activities. Indeed, continuing to scrutinize the activity of an otherwise trusted individual can be taken as an insult, lead to lower job satisfaction, etc. Rotations or random pairing can mitigate this somewhat, but it doesn't preclude two trusting individuals from ever pairing, nor does it prevent collusion. In short, it sounds good in theory, but without accounting for apathy and the tedium of routine, it's far from a panacea.
I've attended many IA briefings, both as a civilian and as active duty, and it's no exaggeration to say that these kinds of policies are met with ridicule and/or contempt by people who actually have the duty of carrying them out, and that the presenters are even apologetic for the hoops that everyone has to jump through. Everyone in the room knows that people do the best they can, and sometimes shit happens, but the theory of perpetual vigilance only works in movies and on TV. Humans simply aren't wired for paying close attention to "nothing happening" for any extended period of time, even if it's two hours a day once a week. It's exactly the principle that law enforcement uses to its advantage in fugitive recovery -- it only takes one slip-up for the whole thing to come crashing down.
I'm not saying that reasonable efforts at counterintelligence shouldn't be maintained; I'm only saying that expectations of perfection are unreasonable, and will never be met. There is no single policy or group of policies taken together that will prevent the next leak; at best they will delay it.
https://www.eff.org/https-everywhere
Just came across:
http://www.phibetaiota.net/
http://en.wikipedia.org/wiki/Robert_David_Steele
Now that I think of it, I think I have seen something by him somewhere before... Maybe the idea lodged in my unconscious?
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.