NYU Accidentally Exposed Military Code-breaking Computer Project To Entire Internet (theintercept.com)

← Back to Stories (view on slashdot.org)

NYU Accidentally Exposed Military Code-breaking Computer Project To Entire Internet (theintercept.com)

Posted by msmash on Thursday May 11, 2017 @06:04AM from the what's-happening dept.

An anonymous reader writes: A confidential computer project designed to break military codes was accidentally made public by New York University engineers. An anonymous digital security researcher identified files related to the project while hunting for things on the internet that shouldn't be, The Intercept reported. He used a program called Shodan, a search engine for internet-connected devices, to locate the project. It is the product of a joint initiative by NYU's Institute for Mathematics and Advanced Supercomputing, headed by the world-renowned Chudnovsky brothers, David and Gregory, the Department of Defense, and IBM. Information on an exposed backup drive described the supercomputer, called -- WindsorGreen -- as a system capable of cracking passwords.

75 comments

Min score:

Reason:

Sort:

Surprised by p51d007 · 2017-05-11 06:08 · Score: 3, Insightful

Anything like this was even connected on the "internet".
1. Re:Surprised by rmdingler · 2017-05-11 06:26 · Score: 2
  
  Probably a back door left open that was used during development, initially including a redundant air-gap that some researcher got tired of connecting and disconnecting... it's not just the Muggles who're lazy.
  
  --
  Happiness in intelligent people is the rarest thing I know.
  Ernest Hemingway
2. Re:Surprised by _xeno_ · 2017-05-11 06:39 · Score: 4, Informative
  
  If I'm reading the article correctly, the computer itself wasn't, the Slashdot headline is at best misleading. What was connected to the Internet was a backup drive containing documents that describe the password cracking computer.
  It's actually somewhat unclear if they even built the thing, these are more planning documents that describe how they would. If it exists, it presumably is properly isolated from the Internet, given that it's supposed to be used only by DOD and intelligence agencies.
  
  --
  You are in a maze of twisty little relative jumps, all alike.
3. Re:Surprised by DickBreath · 2017-05-11 06:55 · Score: 4, Funny
  
  Don't be surprised. I'm sure they used an air gap. The air gap was in between some manager's ears.
  
  --
  
  I'll see your senator, and I'll raise you two judges.
4. Re:Surprised by ShanghaiBill · 2017-05-11 07:00 · Score: 2
  
  Or the leak was part of a disinformation campaign to make OpFor think we have something when we actually don't.
5. Re:Surprised by It's+the+tripnaut! · 2017-05-11 07:15 · Score: 1
  
  Anything like this was even connected on the "internet".
  Could be a red herring.
6. Re:Surprised by Highdude702 · 2017-05-11 13:41 · Score: 1
  
  That was an awesome Half-Life game..
7. Re:Surprised by AHuxley · 2017-05-11 21:23 · Score: 1
  
  The US has tired that a few times over the decades.
  Altered plans to get other nations looking for more information and contacting clandestine service front companies.
  Operation Merlin https://en.wikipedia.org/wiki/...
  
  --
  Domestic spying is now "Benign Information Gathering"
Why are they cracking military passwords? by Anonymous Coward · 2017-05-11 06:10 · Score: 0

Does Trump know about this? Is this the underground resistance? How can I get in contact with this group?
1. Re:Why are they cracking military passwords? by Anonymous Coward · 2017-05-11 06:24 · Score: 0
  
  Come with me if you want to live
2. Re:Why are they cracking military passwords? by DickBreath · 2017-05-11 06:57 · Score: 1
  
  It is microprocessor controlled. And has bad breath.
  
  --
  
  I'll see your senator, and I'll raise you two judges.
Oh noes! by Anonymous Coward · 2017-05-11 06:13 · Score: 0

Where can i haz this Shodan-"Program"??
1. Re:Oh noes! by Chris+Mattern · 2017-05-11 06:16 · Score: 2
  
  Where can i haz this Shodan-"Program"??
  
  You can't, you pathetic creature of meat and bone.
Look at *you*, hacker by fightinfilipino · 2017-05-11 06:16 · Score: 1

a pathetic creature of meat and bone
1. Re:Look at *you*, hacker by Anonymous Coward · 2017-05-11 06:57 · Score: 0
  
  a pathetic creature of meat and bone
  UGLY! Bags! Of mostly water.
  UGLY!
Speculative News is not Real News by Anonymous Coward · 2017-05-11 06:27 · Score: 0

Found files referencing a new supercomputer project... this isn't evidence that it exists, ever received funding, or is a real project. Always be a bit skeptical about news pertaining to secret projects. If it is real then it's obviously going to be some kind of new crypto super computer. It's pure conjecture, speculation, and most importantly fake news without proof of its existence and capability.
1. Re:Speculative News is not Real News by Anonymous Coward · 2017-05-11 09:56 · Score: 0
  
  Do a google document search for the keywords like WindsorGreen. They'll probably be on a warez server somewhere.
Sheesh... by __aaclcg7560 · 2017-05-11 06:30 · Score: 1

I get a lot of crap for posting on Slashdot during business hours (4:30AM - 10:30PM), but I wouldn't be stupid enough to connect a military code-breaking computer to the Internet for posting on Slashdot.
1. Re:Sheesh... by Anonymous Coward · 2017-05-11 06:54 · Score: 0
  
  but I wouldn't be smart enough to know how to connect a military code-breaking computer to the Internet for posting on Slashdot.
  FTFY.
2. Re:Sheesh... by __aaclcg7560 · 2017-05-11 07:14 · Score: 1
  
  but I wouldn't be smart enough to know how to connect a military code-breaking computer to the Internet for posting on Slashdot.
  FTFY.
  The smart option is not to connect a sensitive system to the Internet.
3. Re:Sheesh... by Anonymous Coward · 2017-05-11 07:19 · Score: 0
  
  The smart option is to RTFA and understand that a sensitive system was not connected to the internet.
  It was a backup drive which I'm sure you have connected to the internet for posting on Slashdot or at least pulled out of your ass like your posts on slashdot.
4. Re:Sheesh... by bws111 · 2017-05-11 07:23 · Score: 1
  
  Doesn't say one word about a 'sensitive system' being connected to the internet. It says someone found a document on a backup server connected to the internet.
5. Re:Sheesh... by __aaclcg7560 · 2017-05-11 07:25 · Score: 1
  
  The smart option is to RTFA and understand that a sensitive system was not connected to the internet.
  This is Slashdot. You must be new around here.
  
  It was a backup drive which I'm sure you have connected to the internet for posting on Slashdot or at least pulled out of your ass like your posts on slashdot.
  This sentence makes no sense whatsoever.
6. Re:Sheesh... by __aaclcg7560 · 2017-05-11 07:30 · Score: 1
  
  Doesn't say one word about a 'sensitive system' being connected to the internet.
  What does "military" mean then?
7. Re:Sheesh... by bws111 · 2017-05-11 07:58 · Score: 1
  
  It says a DOCUMENT was found on the internet. It does not say the sensitive system DESCRIBED by the document was connected to the internet. Here is a document about a bag of cement. By your logic, all bags of cement are now connected to the internet.
8. Re:Sheesh... by Anonymous Coward · 2017-05-11 08:00 · Score: 0
  
  "(n) mil-teree- the armed forces of a country." But that's not important right now.
  Nor is it germane to the discussion - the headline is "NYU Accidentally Exposed Military Code-breaking Computer Project to..." Computer **PROJECT**
9. Re:Sheesh... by __aaclcg7560 · 2017-05-11 08:09 · Score: 1
  
  "(n) mil-teree- the armed forces of a country." But that's not important right now.
  Actually, it is. I work with ex-military all the time. They're sensitive in one way or another.
10. Re:Sheesh... by __aaclcg7560 · 2017-05-11 08:16 · Score: 1
  
  By your logic, all bags of cement are now connected to the internet.
  Only in Soviet Russia.
11. Re: Sheesh... by Anonymous Coward · 2017-05-11 08:47 · Score: 0
  
  A device is as sensitive as the data stored on it.
12. Re:Sheesh... by Anonymous Coward · 2017-05-11 08:54 · Score: 0
  
  4:30-10:30 are business hours for you? Christ, I thought your life of being middle-aged and living in a shitty studio apartment by yourself was sad enough already...
13. Re:Sheesh... by __aaclcg7560 · 2017-05-11 09:08 · Score: 1
  
  4:30-10:30 are business hours for you?
  
  I have my regular job and my side business.
  
  Christ, I thought your life of being middle-aged and living in a shitty studio apartment by yourself was sad enough already...
  One of these days I need to find commercial space for my home office.
14. Re:Sheesh... by OhSoLaMeow · 2017-05-11 09:20 · Score: 1
  
  Actually, it is. I work with ex-military all the time. They're sensitive in one way or another.
  INCOMING!!!!
  
  --
  They can take my LifeAlert pendant when they pry it from my cold dead fingers.
15. Re:Sheesh... by __aaclcg7560 · 2017-05-11 10:00 · Score: 1
  
  INCOMING!!!!
  I had to duck a virtual chair this afternoon when one of my ex-military coworker discovered that someone scheduled an immediate reboot on his system. Made for some fun email reading.
16. Re:Sheesh... by __aaclcg7560 · 2017-05-11 14:49 · Score: 1
  
  [...] slashdot makes you money.
  Slashdot makes me extra money for something I'm already doing. As Warren Buffett said, "When it's raining gold, reach for a bucket, not a thimble."
17. Re:Sheesh... by Anonymous Coward · 2017-05-11 15:54 · Score: 0
  
  You're already replying to 50 posts a day every day shitting all over you? Damn bitch. How much of an ugly no-life idiot loser do you have to be to want to spend your day doing that. I like much better my 1 post per day shitting on you, and my 3 posts a day talking about things you wouldn't understand, and then... Well then I'm done walking from the train to the building and I start work. Actual work. I don't make 200k like those smart asshats though. Only 12 years Cisco admin experience so far - only 150k. Gotta give it another 5-6 years.
  By the way, I ctrl-clicked your link till the browser crashed just to see if it would crash. KA-Chiiiiing! You're welcome. You should buy some real low priority of botnet time and have it load your page from random IPs once a minute. You'll be rich! Oh fuck, that's not how ad revenue works.
18. Re:Sheesh... by __aaclcg7560 · 2017-05-11 16:03 · Score: 1
  
  By the way, I ctrl-clicked your link till the browser crashed just to see if it would crash.
  You crashed your own browser. Sad.
19. Re:Sheesh... by Anonymous Coward · 2017-05-11 16:15 · Score: 0
  
  Wait - what?? You're shitposting posting here in order to make money on your blog because you're already shitposting here? kramer! kramer! kramer! Circular thinking, circular body, 2Pi IQ. Hey buddy. Hey there. Why is 2Pi a circle? Did they teach you that in special ed?
  By the way. I am a pot smoking college Jr. I drink heavy on the weekends, and usually have sex with a decent looking (ok, not usually decent looking, but at least usually sex). Paid internship this summer, 2 months. At fucking Ford. In fucking Ann Arbor. 3900 a month pre tax.
  What am I doing on this site? Graduated highschool, 5 AP credits, all honor's classes. I'm the stupid one here. I don't know what the fuck test driven whatever is. That's why I didn't comment on it. I don't know what storage tiering is. So I didn't comment on that. It's because it would be stupid to reply "that array is heavy to install" in a conversation about data storage. Clearly people installing it means whatever it is people do to get it online so servers are seeing disks from it.
  I do comment on things like new Java and C features and compiler design. You know, because I know what I'm talking about. I don't go on the biology subreddit and offer up biology comments to the biologists over there. I think I know biology pretty well though - I've had both a cat and a dog. Woohoo! Back to my pot now! I smoke 5 bowls per day - that is hard to do for most people, so I'm a success!
  Seriously, from Ann Arbor: get off this site you fat retard. Also, we think you are APK normally, and Creamer when you.
  ==> See subject: don't take your pills
20. Re:Sheesh... by __aaclcg7560 · 2017-05-11 16:31 · Score: 1
  
  Also, we think you are APK normally, and Creamer when you.
  It would be tedious to argue with myself all the time.
  https://slashdot.org/comments.pl?sid=9952559&cid=53420987
21. Re:Sheesh... by Anonymous Coward · 2017-05-11 16:31 · Score: 0
  
  better than breaking the toilet.
  You have that life of yours. Sad.
22. Re:Sheesh... by Anonymous Coward · 2017-05-11 16:35 · Score: 0
  
  you should write scripts that run slower. you'll be in that big commercial space in no time. how that script going by the way? has it finished running yet?
  you don't have a regular job. you have a really shitty job no one here would take. we have regular jobs.
23. Re:Sheesh... by Anonymous Coward · 2017-05-11 17:39 · Score: 0
  
  Strange. I would figure it would be much more tedious to see a topic you know barely anything about and make up garbage to post on that topic. Definitely much more tedious to spend hours of time shitposting daily. Definitely much more tedious to defend yourself all day not by negating claims but providing supporting information on them. For you, definitely more tedious to walk faster than gramma with a stroller, or fit through a door.
  All of a sudden you talking to yourself doesn't seem that ridiculous, since you spend half your day, each day, doing much more retarded things.
  I didn't click your link whatever that was. No one gives a fuck what some retard clown who invited himself and won't leave says. Come to Ann Arbor. We'll go to Canada and party. Fuck.. You won't fit through the tunnel and you'll collapse the bridge. Well, we got a big rock here we like to paint. You can maybe hire it to help with your job and your "numbers (are you doing arithmetic?)"so you can spam us some more.
24. Re:Sheesh... by Anonymous Coward · 2017-05-11 18:37 · Score: 0
  
  I thought tedious was your thing. Your whole life is tedious by our standards. If any of us had your life, life would be a chore. You don't think so, so have a much higher bar for "tedious." With the bar that high - no, I would totally expect you to post comments and reply to them. What you're doing now is pretty much the same thing.
  You also, like APK seem to have a brain malfunction of some kind where you need the last word so you reply to every single comment. You realize when you have that last word - it just means AC never bothered to check? Your threads are so deep that no new people are reading them at that point. Your last comment (usually dissing yourself more for some reason) is never read.
  BTW, that's why I think you're APK as well. Also because he has what can be an inline cron job and he calls it his software. Redefining program so he has a program. Redefining life and accomplishment so you have a life and accomplishments.
25. Re:Sheesh... by Anonymous Coward · 2017-05-12 20:10 · Score: 0
  
  i clicked that comment link 50k times till adblock crashed. did i make you some money so you can afford to walk to ann arbor faster than 3mph to start your government auto-repair business before you run out of expensive wine your mom drinks when she tells you you are a failure at fcoe windows upgrades, while running a script?
  totally friendly by the way man - don't mean to diss, just mean to be funny. you don't know much about what you are talking about, but you know something. there's worse. much much worse. i'm looking at you zero_kelvin you stupid millennial asswhipe motherfucker.
Time for a new ARPANET by your_mother_sews_soc · 2017-05-11 06:31 · Score: 1

I'm surprised the military and research institutions don't have a new research network by now. Maybe they do and I'm just not aware of it, and if so they messed up big time by not isolating this. Either way, someone violated protocol. Probably won't be the last time this will happen.

--
My user name was a mistake. Input wasn't restricted, my bad.
1. Re:Time for a new ARPANET by Megol · 2017-05-11 08:35 · Score: 1
  
  Of course there are alternative networks, it's just that they use the IP protocol(s) with private addresses and with secure routing.There isn't really a reason for a new ARPANET as the network standard already exists and is good enough requiring only standard security measures like air-gaping.
The technical term is: by Bodhammer · 2017-05-11 06:42 · Score: 1

Ooops.

--
"I say we take off, nuke the site from orbit. It's the only way to be sure."
"Shouldn't be?" by hackel · 2017-05-11 07:01 · Score: 2

Anything developed using tax dollars MUST be made open source and freely available to all. It absolutely should, and *must*, be available on the internet.
1. Re:"Shouldn't be?" by mspohr · 2017-05-11 07:07 · Score: 2
  
  Sounds like it already is...
  
  --
  I don't read your sig. Why are you reading mine?
2. Re:"Shouldn't be?" by Anonymous Coward · 2017-05-11 07:26 · Score: 0
  
  Where? Pics (or in this case: docs) or it didn't happen.
3. Re:"Shouldn't be?" by will_die · 2017-05-11 08:05 · Score: 2
  
  No it does not. That is covered under 17 USC 105
  For most, but there are a bunch of exception, the US Government does not have copyright permission however they are protected by other laws, in addition the government is not required to publish or distribute most material.
  In this case where the software was written by a non-government entity there would be a copyright from that and then it was either transferred to the US government, in which case the US Government holds the copyright, or it was licensed in which case the writers hold it and license usage to the US Government.
4. Re:"Shouldn't be?" by Anonymous Coward · 2017-05-11 08:21 · Score: 0
  
  Wow. What an idiot.
5. Re:"Shouldn't be?" by Anonymous Coward · 2017-05-11 08:23 · Score: 0
  
  Most things military are developed using tax dollars. Putting those openly on the internet only works if you don't have and never will have any enemies, or if you don't mind that people get killed with your research by 3rd parties.
6. Re:"Shouldn't be?" by drinkypoo · 2017-05-11 09:42 · Score: 1
  
  Anything developed using tax dollars MUST be made open source and freely available to all. It absolutely should, and *must*, be available on the internet.
  It's pretty easy to come up with national security-related counterexamples. Code for weapons, let alone their designs.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
7. Re:"Shouldn't be?" by Anonymous Coward · 2017-05-11 11:31 · Score: 0
  
  Hiding the source code to software is just a form of copy protection.
  The US government is not allowed, by law, to own copyrights.
  Yeah...any software developed with public money should be FLOSS.
8. Re:"Shouldn't be?" by Anonymous Coward · 2017-05-11 11:58 · Score: 0
  
  Dumb dumb dumb dumb dumb
9. Re:"Shouldn't be?" by Anonymous Coward · 2017-05-11 14:01 · Score: 0
  
  Anything developed using tax dollars MUST be made open source and freely available to all. It absolutely should, and *must*, be available on the internet.
  Absolutely. But why stop at source code? Everything produced using tax dollars must be made freely available to all. Every document of every kind. Everything written, recorded, or photographed. Absolutely EVERYTHING *must* be put on the internet. Every classified document, all codes and ciphers, all designs for military hardware, every personnel or military record, every tax or medical record. Nothing must be left out! If the government tax dollars were used to create it then it must be free!!!
Nothing to see here by PPH · 2017-05-11 07:39 · Score: 1

Move along now. It's just the Setec Astronomy server.

--
Have gnu, will travel.
Re: Eds - clean up the summary!! by Anonymous Coward · 2017-05-11 08:25 · Score: 0

"...coming to slashdot ... to get a cognizant idea...."
I think I found your problem.
INTERRUPTIONS! by Anonymous Coward · 2017-05-11 08:31 · Score: 0

>Anything developed...
It was not yet developed, it was developing. Still baking in the oven per-se.
How about while you are thinking about something, but yet to actually say it, we demand that you reveal, what iffy ideas you are putting together in your head about what you have yet to even say. And remember, this must be in a well laid out presentation (or speech) form that is comprehensible & easily understood.
IMPOSSIBLE! Because we've interrupted you! How about we let you finish putting your thoughts together and you tell us when you've got something real- because then you can really expertly share your idea.
Re: Chudnovsky sounds Russian. Impeach Trump. by Anonymous Coward · 2017-05-11 12:19 · Score: 0

You are a retard.
Anarchy, State, and Utopia on open-kimono DoD by epine · 2017-05-11 12:55 · Score: 1

Anything developed using tax dollars MUST be made open source and freely available to all. It absolutely should, and *must*, be available on the internet.
Your main contribution to the debate seems to be using TWO entirely different methods of bold (followed by the near synonym "absolutely" and a second helpful repetition, this time of the word "available"—but I don't see these as your main contribution; did I mention your main contribution?)
Also cute is how you managed to conceal the word "government" under the tiny word "tax". Weird assertions about the true and absolute nature of government are one of the principle diagnostic aids for Goldbug's disease (and several other, related conditions).
The definitive diagnostic for Goldbug's disease is when Anarchy, State, and Utopia laughs you out of the room (check out its prescient lack of a chapter on open-kimono DoD).
so how it works? by Anonymous Coward · 2017-05-11 13:38 · Score: 0

I mean you bring your password there to be cracked?
It's not a problem by Required+Snark · 2017-05-11 14:41 · Score: 1

Trump already leaked this to the Russians, and the Chinese stole it by themselves. The only ones left out of the loop are US allies, and that is because IBM wants to sell them the system instead of having them build their own.

--
Why is Snark Required?
Makes sense by GameboyRMH · 2017-05-12 05:29 · Score: 1

I'd be more surprised if a group with the NSA's budget, talent, and goals didn't build a system to attack encryption with brute force.
Combine massive computing power with clever ways of narrowing the target...for example, something like an advanced dictionary attack would improve the odds against encryption keys that a human has to remember. Most computers don't use very high quality random numbers, there's potential for weakened encryption there I'm sure.
So if you have this system, you can give it your most potentially valuable encrypted data and let it work on that 24/7/365 in the hope that it pays off, because you can do that on a practically unlimited intelligence budget. I'll only be disappointed if the program isn't named Sisyphus...although Cipher Lotto would also be acceptable :-P

--
"When information is power, privacy is freedom" - Jah-Wren Ryel