FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: The feds warned that "a group of malicious cyber actors," whom security experts believe to be the government-sponsored hacking group known as APT6, "have compromised and stolen sensitive information from various government and commercial networks" since at least 2011, according to an FBI alert obtained by Motherboard. The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government's servers, their activities going unnoticed for years. [...] In the alert, the FBI lists a long series of websites used as command and control servers to launch phishing attacks "in furtherance of computer network exploitation (CNE) activities [read: hacking] in the United States and abroad since at least 2011."

If the FrostyBI are complaining...

[Hognoxious]

If the FBI a) know about it and b) are complaining then i's no mystery - it must be the CIA.

Re:If the FrostyBI are complaining...

I really wish you'd said "If the FrostyBI are pissed..." because it would have been such a lovely First Post pun.

Re:If the FrostyBI are complaining...

[Thanshin]

I really wish you'd said "If the FrostyBI are pissed..." because it would have been such a lovely First Post pun.

A missed opportunity as there's not been one in months.

Re:If the FrostyBI are complaining...

[Hognoxious]

Where I come from, pissed means drunk.

Not saying they aren't, mind. It might explain a few things.

Re:If the FrostyBI are complaining...

Where I come from, pissed means drunk.

Not saying they aren't, mind. It might explain a few things.

Err.. the NSA, CIA, FBI and DHS are jointly trying to put all of the possible data about Americans (and anyone else they can get their hands on) on a bunch of servers they know are regularly getting hacked. That the entire US government is completely drunk almost all the time is about the most pleasant explanation going.

Re:If the FrostyBI are complaining...

F.B.I.: 'we need backdoors.'

And now, F.B.I., you see what happens even when there are not backdoors. Stuff still gets cracked. So, if there are more ways to infiltrate, i.e. backdoors, you really think things will be more secure?

Re: If the FrostyBI are complaining...

This is why we cant let the goverbment put backdoors in encryption. They cant even close the front door.

Nothing new there..

It is what happens when you use swiss cheese for a security design.

Re:Nothing new there..

[Archangel+Michael]

The American people are sick and tired of hearing about your damn emails

Re:Nothing new there..

What the hell does this have to do with emails? I'm really hoping you're not trying to sidetrack into partisan bullshit.

Re:Nothing new there..

[Archangel+Michael]

Yeah, because discussing the nature of Hilary's insecure email with a shit-tonne of classified and beyond emails is partisan. But Bernie has decreed it, "enough" and that isn't partisan. Got it.

Re:Nothing new there..

Hilary's insecure email with a shit-tonne of classified and beyond emails

None of her emails were "classified" at the time.
Also, ALL information is classified. What matters is if that information was classified as 'confidential' or not... in this case none of it was.
Some of the information has been retroactively classified into Confidential categories.

Her server was not a 'government server', so it's not even relevant to the story.

Re:Nothing new there..

[Archangel+Michael]

None of her emails were "MARKED" classified. Markings of themselves does not make the emails classified or not. But hey, keep parroting irrelevant information as that always works.

Classifications are well established, and Clinton was informed on her duty (as in responsibility) to maintain secrecy. You should actually read the NDA Clinton actually signed, which is fairly clear on what her responsibilities and duties were. She has breached that NDA by all reasonable measures. Of course, partisan democrats will support her all the way to conviction, and probably beyond.

Markings are irrelevant. Some information was "classified" on creation. You keep repeating this line as if it matters, it does not.

Her server was not a "government server" which means it had LESS protection, not more. Again, relevant to the story because it was also likely compromised. We don't know if it was, because it was destroyed, in a clear attempt to avoid transparency. But hey, if you're okay with it it must be okay!

And they want access to our privacy

They cannot even secure their own privacy. And a backdoor key to unlock or devices would be safe? You do the math.

Re:And they want access to our privacy

Just in case even the most fervent Android fanboy was looking cynically at Apple's fight against the FBI.

Be afraid what the FBI already has, regardless of OS/platform/device.

CIA? NSA? The hacker called 4Chan?

[houghi]

Well, it is all in the subject, so this is just filler.

Re:CIA? NSA? The hacker called 4Chan?

It's just fsociety up in your servers, hacking your filez.
Nothing to worry about since they're totally imaginary.

This is why...

[jafiwam]

This is why they think they can get into any phone.

Despite their best effort, their stuff keeps getting owned. So they think that every other system has easy holes in it too.

All these government servers, Hitlery's out of band leaky illegal bathroom depository, iPhones. All of it.

Re:This is why...

[Thanshin]

Well. They could just leave secret documents in the servers, addressed to the mysterious hackers:

"Dear Mysterious Hackers,

We're pretty sure you must be reading this, so, would you please download phone 555-45-33's records and send them to us, please?

Pretty please?

Federally yours,
The FB of A
"

Re:This is why...

[Rob+Y.]

Actually, from the sound of it, Hillary's home server was about the only 'government' server that hasn't been hacked.

'Hitlery'? Really? At least it's not a play on the female anatomy. I commend your maturity.

Re:This is why...

[Archangel+Michael]

Or as Bernie says "The American people are sick and tired of hearing about your damn emails"

Re:This is why...

[s.petry]

Except that it was owned (read outside of main stream media and use your brain bucket just a little).

Re:This is why...

[SecurityGuy]

Nobody knows Hillary's home server hasn't been hacked. All that we know is that whatever logging they were doing didn't show evidence of hacking. All that tells you is that if it was hacked, it wasn't done by a complete incompetent.

Re:This is why...

Nobody knows Hillary's home server hasn't been hacked. All that we know is that whatever logging they were doing didn't show evidence of hacking. All that tells you is that if it was hacked, it wasn't done by a complete incompetent.

And since the logging wasn't set up to secrecy specs, they'll never know if it was hacked, or the extent of those hacks if it was.... so ALL the data on the server needs to be considered compromised.

Re:This is why...

[Frosty+Piss]

(read outside of main stream media and use your brain bucket just a little)

You mean some wing-nut conspiracy website?

Re:This is why...

[s.petry]

Okay, don't use anything but knowledge about security. How hard is it for someone to find the server information for an email server, and then hack into a server which is rarely managed.

Every Government agency (FBI, NSA, CIA, etc...) has said the server was insecure. The only people that want to defend Clinton's poor ethics, morals, and poor decisions related to this server are people who believe that they gain if she wins. If GW Bush had done the same thing my position would remain exactly the same, but you are either an idiot or a shill who would magically see the world differently.

Have any other shallow statements to share with the crowd?

Re: This is why...

Except that awkward moment everyone forgets the server was found because guccifer got in sharing screen caps.

http://www.mrctv.org/blog/update-hillary-s-secret-email-revealed-romanian-hacker-had-its-own-internet-server

Re:This is why...

[Coisiche]

Interesting. Kind of like writing letters to Santa and sending them up the chimney except they are more likely to be read.

It makes me wonder if there was a...

"Dear Mysterious Hackers,

Please can you extract and distribute all the documents pertaining to offshore tax avoidance handled by firms like Mossack Fonseca.

Thanks in advance,

The actual tax payers of the world"

Re:This is why...

[Jawnn]

Except that it was owned (read outside of main stream media and use your brain bucket just a little).

[citation needed]
Any bets on what he comes up with?

Re:This is why...

[Frosty+Piss]

How hard is it for someone to find the server information for an email server, and then hack into a server which is rarely managed.

Rarely managed according to what source?

Every Government agency (FBI, NSA, CIA, etc...) has said the server was insecure.

Agencies known for their impeccable honesty with public disclosures...

The only people that want to defend Clinton's poor ethics, morals, and poor decisions related to this server are people who believe that they gain if she wins.

A political opinion that has nothing to do with the question about the security of her email server.

Re:This is why...

[DNS-and-BIND]

Uh...it was immediately penetrated by multiple foreign intelligence services. It had zero security. If China/Russia/EU/etc DIDN'T own Hillary's server then they are totally incompetent and shouldn't be running an intelligence service.

Re:This is why...

[s.petry]

How about you do a simple web search instead of making _false_ claims about there being no information. Sources that came up in the top 10 on duckduckgo are Breitbart, Businessinsider, CNN, and the NationalReview which of course are all well known right wing extremist crank sites, right? Wholly fuck, even Bill Gates said that it was likely her server was compromised, but of course he is just another right wing conservative gun nut. Am I right?

I do hope you can read sarcasm better than you can use a search engine.

Re:This is why...

[s.petry]

Rarely managed according to what source?

All of them, including the person who set up the server and ended up handing it over to the authorities.

Agencies known for their impeccable honesty with public disclosures...

If those same authorities were on your side, you would defend those same agencies on other matters benefit your political beliefs. You fool nobody but yourself.

A political opinion that has nothing to do with the question about the security of her email server.

It has everything to do with why people like you attempt to lie to make her look good, which YOU did by perpetuating an easy to verify as false claim.

Re:This is why...

[shutdown+-p+now]

The server's domain name was clintonemail.com. To remind, whois registries are public, and in this case you really only need the domain name to figure out it would make a good target.

And, according to the people who were running it, it wasn't even using SSL for the first few months. So you didn't even have to hack it, you could just do MITM on it.

Given all this, it would be truly amazing if it wasn't hacked.

Re:This is why...

Really? Cause the FBI flat out stated the opposite.
But then this isn't the first delusional thing you've said.

Re: This is why...

He didn't get into the server, he got into recipients' accounts with correspondence with hillary. Just knowing the email address is enough to confirm the private server.

Re: This is why...

You're a fucking idiot. Did they hack in or should they have but didn't? The two statements conflicts with each other.

Mysterious? Really?

[Kinthelt]

Can't figure out wHo would want to have InterNal file Access.

Dear FBI...

[Lumpy]

Government systems.... built and secured by the lowest bidder....

Re:Dear FBI...

Government systems.... built and secured by the lowest bidder....

And outsourced to foreign nationals somewhere down the supply chain.

Unverifiable

[Thanshin]

Are these assertions verifiable? If they are not, the fact that they were made is irrelevant.

Through which mechanism can the population verify this information is true?
If such mechanism doesn't exist, why make this information public?
Is Faith a required aspect of citizenship now?

In other words:
Information based on secret data is of value only internally to the sharers of the secret.
This distribution of unverifiable information is simply propaganda.

Re:Unverifiable

[tomhath]

Verifiable by whom? All they did was send out a warning that traffic related to certain domains is probably associated with an intrusion. Seems like a reasonable warning.

Re:Unverifiable

a) The FBI doesn't need (or probably want) to issue negative propaganda. It's against the prestige of the United States, so I would assume it would only be done if the context of the message was serious

b) The audience is probably other Govt folks who also read that site, and have access more information on the specifics (which are likely classified) though other channels.

Maybe a senator can start a bill

[future+assassin]

to encrypt the government to save it from those pesky things they never do to others.

First person to post

[scorp1us]

The contents of the San Bernardino iPhone wins, and proves Apple's point.

Re:First person to post

[sims+2]

That's one of those odd things at the point this all happened apple had been offered device locked mdm profiles for a while.

The articles I read indicated that the owner of the phone san bernardino county did not opt to get mdm profiles when they purchased the phones.

But its nice to see that apple hasn't given up on their deceptive business practices as they still do not show if a device has a irremovable mdm profile on the icloud lock check page.

Really fucks over second hand dealers and makes the icloud activation lock page totally worthless. Thanks again apple.

A Foreign Government Gets US Government Files?

The solution is obvious.

Further restricting the rights of the American people will surely solve this problem.

Re:A Foreign Government Gets US Government Files?

"Further restricting the rights of the American people" When did they start? There is no such thing as a secure system today. Even non-networked systems are vulnerable. Stuxnext had to be carried in to one of Iran's most secure facilities and plugged in to a USB device. Would anyone be surprised that every major power on the planet, including the US, has embedded operatives in companies like as Google, MS, Apple, Cisco, and the list goes on. And the most powerful countries most likely have inside sources of information in the actual government itself. When "state actors" are involved they tend to have tremendous resources backing them up. While the US was subjected to criticism regarding it's foreign intelligence operations it was made to sound as if the US is the only country conducting espionage operations. The US government, military, and commercial enterprises systems are constantly under attack by foreign governments, it's own citizens, and an army of basement dwelling dweebs with nothing better to do.

But why worry?

[GeekWithAKnife]

Ever heard an iteration of this BS before? "Why not let your government collect data on you? you have nothing to hide."

I mean besides targeted ads, invasion of privacy, online profiling that will affect the prices of products and search results, being subjected to voyeurism by bored government agencies, attracting whatever weirdo or teen hacker that managed to somehow get the data, perhaps elongating the queue at the airport when you're "randomly" asked about that "funny" prank in college, or the widely used change of your insurance quote because some stupid filter found a word associated with higher risk somewhere in a database that has info about you...but let's get back on point:

Why would I trust the government with my data when they cannot secure their own data? -Why should I still bend over and just accept their blatant and useless corrosion of individual privacy and freedom in lieu of their incompetence and carelessness?

Re:But why worry?

[burtosis]

Ever heard an iteration of this BS before? "Why not let your government collect data on you? you have nothing to hide." I mean besides targeted ads, invasion of privacy, online profiling that will affect the prices of products and search results, being subjected to voyeurism by bored government agencies, attracting whatever weirdo or teen hacker that managed to somehow get the data, perhaps elongating the queue at the airport when you're "randomly" asked about that "funny" prank in college, or the widely used change of your insurance quote because some stupid filter found a word associated with higher risk somewhere in a database that has info about you...but let's get back on point: Why would I trust the government with my data when they cannot secure their own data? -Why should I still bend over and just accept their blatant and useless corrosion of individual privacy and freedom in lieu of their incompetence and carelessness?

Because terrorists! I'm sure this will all be addressed in the upcoming "America, land of the free" bill that will make encryption illegal.

How Does That Work?

How does it work that "the lowest bidder" always costs orders of magnitude more than the private sector?

Re:How Does That Work?

[sims+2]

Its one of those cognitive dissonance problems the people think its not my money why should I care?

If someone actually cared they would have looked at that price tag and gone whoa wtf? And found some one to do it for a few hundred at most.

But as it is they don't feel they have any stake in what they are approving and most likely don't really understand what they are approving or how much it should actually cost.

Despite the fact that it's still going to come out of their taxes somehow. Gov't employees do still pay taxes right?

Re:How Does That Work?

[Salgak1]

The same way a 5 dollar screwdrivers suddenly costs 200 bucks. The reams and reams of Federal Compliance Paperwork that MUST be completed for each one. Certifications per item that "Conflict Metals" are not included. Validation and auditing of HR and hiring procedures for everyone involved, from the guy digging the ore, to the guy putting it in the small box of "Screwdriver, Phillips, Size P2, 1 each, Federal Stock number. . . . . . " I could go on, but I think you can get the drift.

Oh, and Small/Disadvantaged Business set-asides, which are required, but cost much more, simply because small businesses generally don't have the full-time manpower for THEIR chunk of the compliance paperwork, so they generally have to either hire a full-time employee on top of their delivery, or bring in pricey consultants to do it for them. . .

Re:How Does That Work?

[Frosty+Piss]

The same way a 5 dollar screwdrivers suddenly costs 200 bucks. The reams and reams of Federal Compliance Paperwork that MUST be completed for each one.

Of course this anecdote is complete crap.

People like to blather on about a machine screw that they can buy at Ace Hardware for 50 cents costing the government $200. What they forget to say is that the government screw has been inspected and tested in a calibration lab and approved for use in aerospace such as jets and satellites, because, you know, it would be bad for this bolt to fail when the rocket is lifting off, and pilots tend to like engine parts to stay put... Small details.

Re:How Does That Work?

That doesn't answer how $1.4million was the lowest bidder. It answers why the government overpaid for the project, like seemingly all of their projects. But it doesn't answer how spending many times more than the private sector is the lowest bid.

The only easy answer is collusion. But I've worked inside of government contractors and there wasn't any inter-vendor collusion just all extraordinarily high bids. The lowest bid is literally ludicrous.

Re:How Does That Work?

[Lumpy]

The private sector kickbacks and bribes are illegal...

In the public sector, it's considered normal and expected.

Re:How Does That Work?

[thoromyr]

"The reams and reams of Federal Compliance Paperwork that MUST be completed for each one."

If only there were so much bureaucracy. I know this is popular myth, but you just look silly repeating it.

The much more likely reason for cost inflation (outside of the case where NASA is using something that is *overtly* similar to a common item, but is actual not something you could buy off of the shelf) is very simple: quid pro quo. Our government is bought and sold, and one of the ways it pays back its beneficiaries is through overpriced contracts.

Lots of luck getting the corrupt body to police itself, though.

Re:How Does That Work?

[Salgak1]

You assume the bureaucracy actually READS it. They don't. That doesn't stop the requirement to PROVIDE the documentation. Which will go on file somewhere, in case somebody needs to cover their ass because something went wrong.

Re:How Does That Work?

Yes, and those same requirements for life safety systems also carry through to other acquisition programs because they all fall under the umbrella of acquisitions.

Re:How Does That Work?

[thoromyr]

oh, so you really subscribe to the urban myth and not just repeating it? Wow. I'm sorry.

If you ever got anywhere near procurement you'd be surprised at how it really works. And federal government procurement is not particularly any worse than anywhere else, but the federal government is a *huge* procurement source which makes it a natural target. But state government procurement is, if anything, worse. And corporate procurements can be quite labyrinthine as well.

While there are a variety of requirements, your statement is false. At best, it is an obscene exaggeration of the truth.

From my experience, and thus IMO, the *real* obnoxious part of procurement are the vendors. Otherwise known as professional liars.

Re:How Does That Work?

[Killall+-9+Bash]

Government work is pricey for a reason. Maybe you're friends with the mayor or governor, and your shit magically doesn't stink. Or maybe you have no friends, so you get a call at 2AM that basically goes "THE SERVER YOU SOLD US 17 YEARS AGO IS ON FIRE. REPLACE IT IN 12 HOURS OR GO TO JAIL"

Re:How Does That Work?

Because firms that don't pad their bid to account for the cost of bureaucracy don't survive to bid a second time.

Re: How Does That Work?

Yeah because the screw i use to hold a painting on the wall needs to be aero space certified.

How will this play out?

[burtosis]

I think the obvious answer is the need for more back doors in all systems. Obviously we need to get those responsible and the only way is to put the master keys in the hands of the most responsible, technically savvy people ever to walk this earth. It's really the only way to keep out children safe and get the bad guys.

Intel Management Engine

[e70838]

If they have implanted a virus in the Intel Management Engine, they have a permanent backdoor since 2008. See https://en.wikipedia.org/wiki/...

Re:Intel Management Engine

IME is but one of tens of similar technologies.
Id say they are the masters of multivector attacks.

IME, ACPI, UEFI, BIOS, whatever harddisk firmware TLA is, and a multitude of sideffects from tens of hundreds different yet sameish implementations of god knows what in the LIBRARIES from which all the horrors embedded binary images are compiled.

and then there's bugs in every hardware component, that can be used as well.

And stuff like rowhammer, makes me wonder what other kind of similar attacks one can invent with a large enough budget?

It could have been anything, blaming a single specific garbage manufacturer is nothing.

Re:Intel Management Engine

[Qzukk]

AMD has had the "Platform Security Processor" since 2013, which has the same problems (including Ring -3 level exploitability)

Curious that it's hard to find a list of processors without these "features" online. Wikipedia barely mentions PSP as a footnote on AMD's APU list.

Re:Intel Management Engine

I wrote a paper about IPMI security a few years ago, and this is the nightmare scenario we identified. Where are you finding the link to Intel Management Engine? I read both links, but no mention of AMT or vPro or Intel Management Engine.

Re:Mysterious? Really?

[Matheus]

Never easier... Only a Really peTulant arcH-nemesis would asK fOR such unfEttered Access!

Bullshit

as usual. More carefully composed dirt, mixed together just to have something more to throw at China and Russia.

Why

Why is this supposed "secure" information anywhere available to the internet. This stuff shouldn't have any access to the internet. Man information security has gone out the window. I would fire my IT team if they were that incompetent and didn't notice something for months, much less years.

I Got 'Em

At least his bookmarks file anyway.

goatse.cx
tubgirl.com
lemonparty.org

Been happening for decades

[ITRambo]

During the Clinton administration the Chinese hacked into and took military secrets. What dos the US do? it outsources more work to China to make goods sold in the US. The US government can't handle security well at all and no longer cares to help its own citizens. That's why Trump is popular. People want to believe that an outsider can make things better, since the insiders keep screwing things up.

Re:Been happening for decades

[parkinglot777]

People want to believe that an outsider can make things better, since the insiders keep screwing things up.

That's only a part of the reasons. If people really want to believe that an outsider can make things better, they would have thought further than just that. They would have looked at how the person would do to make things better from the person's both past and present speech & action, not from the person words coming out of his mouth. They would have determined what consequences are if they elect the person, not what the person promises and spout vaugely proposal that doesn't represent a well thought solution but rather a pay back time.

The reason people want to believe is because the person represents their anger. They believe that the person could do something to "revenge" what they think they want to do right now but don't have resources or power to do so. They simply let anger blind their mind and judgment. They don't think further than get-back-at-you type of action. In other words, they are looking for a short term satisfaction to please themselves and do not care or look further toward long term consequence. Think about when you are very angry at someone, and then you punch the person first and knock the person down. How do you feel at the moment you punch the person? Of course, satisfaction. Then the long term consequence could be that the person sue you back for a lot of money than you expected. That's why anger can blind your judgment...

Re:Been happening for decades

[thoromyr]

Nice way to conflate the US government with US businesses with the US people. When you say "it outsources more work to China" what you really mean is "US businesses either shutdown local operations or expand new operations overseas, including in China". Don't try to make that "the US government" which, despite being a large, unwieldy and frequently ineffective multi-department entity, does not require US businesses to move production to China.

Trump is *not* an outsider to all of this. Oh, sure, he hasn't been on the public sector side of the fence, but he freely admits to abusing H1b visas. He is all about outsourcing for "exotic" servers in his upscale restaurant, moving production where ever it is cheapest, or abusing foreign workers to the maximum extent possible. He is very familiar with the problem -- you just don't seem to realize that he is, as always, serving his own interests.

Re:Been happening for decades

[DarkOx]

I will vote for the first person who promises to build a gallows over the reflecting pool and eliminate the current occupants of cabinet positions, heads of three letter agencies, congress, senate, and federal reserve board.

Re:Been happening for decades

[wyHunter]

They didn't steal them, the Clinton admin GAVE THEM to them.

Re:Been happening for decades

Excuse me, point of order here.

The correct phrasing is that the US outsourced it's US hacking to Chinese hackers. There was an opportunity for a value-add in the synergistic negotiation of intercultural exchange and a leveraging of our international partners in a world class segment-leading marketplace.

Translation: The Chinese hackers were cheaper.

Israel

It's not a mystery, it is Israel. Up to their dirty little tricks as usual.

Re:Israel

Israel is very close with Intel chips, which are fabricated therein, and also have grave security issues.

Not to mention, the untrustworthy on-chip random number generator, and also chips with cellular radios as "anti-theft" features, etc. The fucked up design of x87 FPU stack is also due to Intel's Israelis not following the design spec.

I think they are referring to the nine horsemen

[WillAffleckUW]

There are five known military espionage units spying on government files, the CIA, NSA, and the other two agencies none are permitted to know about.

Re:I think they are referring to the nine horsemen

and the other two agencies none are permitted to know about

Don't worry, we both know about you...

46 Days Old

This is CYWATCH is 46 days old... Is this news?

link?

[ole_timer]

does anyone have the link to the alert from the fbi itself? all the links that I've seen just summarize.

Surveillance is perfectly safe..

Yet another reason why the old guys who think warrantless surveillance is ok are fucktards.

You gotta ask?

It was HACKERS. That says it all, doesn't it? HACKERS. Yes, it was HACKERS. Indeed it was. HACKERS.

Re:You gotta ask?

[desdinova+216]

Jerk Hackers? were they dupin rares?

Red Scare 2.0

[ThatsNotPudding]

"Let us exhume McCarthy immediately!!"

With every action, the FBI reminds us why they never wanted to rename their HQ.

Open letter to the FBI and other 3-letter agencies

Posting as Anonymous Coward for obvious reasons. Dear Feds: How many times does this have to happen before you finally make use of your invisible asset? American black hats are every bit as good as these foreign hackers. Maybe better. We are tired of being made to look second rate because the foreign hackers can operate with the approval of their governments and do not have to worry that their equivalent of the FBI may be preparing to knock on the door.

If you would just cut us a deal, promise not to prosecute us for attacking the bad actors, maybe give us a place to post our results, we would soon show you how effective we can be. You won't because you consider us a loose cannon. We are, no question about that. But in the thick of battle a loose cannon is far better than NO cannon. Think about it.

Re:Open letter to the FBI and other 3-letter agenc

[Killall+-9+Bash]

I can tell you're not an American black hat. Everyone knows half of American hackers are on FBI payroll, and the other half desperately want to be.

Where's the NSA when you need them?

I thought the NSA had these amazing mass surveillance tools. By now, they should know every member of that hacking group. What's their excuse.

GSA Schedule

[tomhath]

The vast majority of government purchases are off the shelf commercial products bought at wholesale prices from the GSA Schedule. The statement that the government "always costs orders of magnitude more" is blatantly false.

I know who it is.

I know exactly who had access to those files.... Hillary Clinton, go get her boys.

Get A Life.

[Frosty+Piss]

Senior System Engineer/Architect

Where? Some bum-fuck tiny ISP? Some tiny shit business of some insignificant variety? Some community college IT department? A so-called contractor?

Notice: If you post anonymously do not expect a reply.

Typical arrogant nonsense from some basement dweller. In other words, go fuck yourself.

American network admins are

Stuck on stupid. No sequestration has given away the house.
Sad but very true.

Bunk article.

[kencoe]

Am I the only one who noticed that the article is complete hype with no valid information? It even links to a user submitted OTX threat monitor pulse from February containing a list of malicious domain names, referring to it as an FBI Security Flash on the issue. This is nothing but a collection of random comments strewn together to sound scary. I am personally collecting a list of sites which mirror this article to build a simple "what not to read" site list for new security analysts...

Re:Bunk article.

[AHuxley]

Think in terms of limited hang out operations and decades honey pots that never got fully understood or mentioned to lower gov levels or law enforcement never got in on the operation..
For that to work a lot of real and fake information has to walk and has to be seen as originating in the depths of real US gov computer systems.
Operations get renamed, staff move around and the resulting security networks are left wide open. Data used as bait or to see where it was going was completed or abandoned months or years ago but nobody now has the insight or new clearances to clean up or later block access to the wide open internet.
That would be the most optimistic view, smart people are going long term operations and a lot of low sec and mid level data is bait and can be lost along the way to sell a big, complex fake story to some other nation.
The next option is the funding for contractors is so good and addictive that if security was ever improved they would suffer from a lack of work and over time, been on call.
ie the gov/mil networks can be fixed but its more profitable to allow the contractor funding for repairs and lucrative after event clean up to keep funds flowing. So few have the clearances to find fault or note the same issues getting fixed again and again for billable hours over years that any real oversight is a non issue.
The last option is the US gov design of the cloud or new networks and the location of decades of data.
Paper records might not exist, or never got used but vast digital databases got created on desktop and laptop computers 10, 20 years ago.
It cant be secured as so many other networks and agencies now need access in real time. In the past that would have been on site and secure but now its national and security is a new front end network to a very old plain text database on an open network. The data walks and everyone is totally amazed that its a plain text database facing the internet... with secure information that should have always been encrypted or kept to one building.
So think in terms of huge honey pots operations not been looked after long term, contractors enjoying the billable hours for every intrusion or staff trying to keep old plain text databases working and connected nationally.

Who really wants to fix the networks? Its great for attracting entry attempts and for secret gov teams to following anyone looking in. Contractor cash flows when it needs fixing and gov busy work to keep it connected as it now. Win win win for every level of the mil and gov and all the contractors too.

Re:Bunk article.

[MoarSauce123]

Security analysts ought to read this, but you may still want to provide your perspective. A lot of security issues are caused by incorrect information and plain FUD. I think it is important for security analysts to know about this and be well informed about the content and sources rather than outright ignore it. If I'd ask a security analyst about this issue and she/he tells me that they have no idea what I'm talking about (because they followed some advice to not bother with reading about it) I reasonably question their credentials. As far as security goes, ignorance is not bliss, it is one of the core problems.

Here's the final reasoning...

Do me a favor: Get down on your knees, open wide and take your dentures out, and get ready to recieve a huge load of steaming hot baby batter.

Since 2011?

[Lotharus]

Can't be the NSA, then; they've been hacking that $#!+ since the dawn of time.

Private Email Server

[MoarSauce123]

So maybe it was a good idea after all that Clinton ran her own email server? That one did not get hacked as far as we know.