NYU Accidentally Exposed Military Code-breaking Computer Project To Entire Internet (theintercept.com)

← Back to Stories (view on slashdot.org)

NYU Accidentally Exposed Military Code-breaking Computer Project To Entire Internet (theintercept.com)

Posted by msmash on Thursday May 11, 2017 @06:04AM from the what's-happening dept.

An anonymous reader writes: A confidential computer project designed to break military codes was accidentally made public by New York University engineers. An anonymous digital security researcher identified files related to the project while hunting for things on the internet that shouldn't be, The Intercept reported. He used a program called Shodan, a search engine for internet-connected devices, to locate the project. It is the product of a joint initiative by NYU's Institute for Mathematics and Advanced Supercomputing, headed by the world-renowned Chudnovsky brothers, David and Gregory, the Department of Defense, and IBM. Information on an exposed backup drive described the supercomputer, called -- WindsorGreen -- as a system capable of cracking passwords.

36 of 75 comments (clear)

Min score:

Reason:

Sort:

Surprised by p51d007 · 2017-05-11 06:08 · Score: 3, Insightful

Anything like this was even connected on the "internet".
1. Re:Surprised by rmdingler · 2017-05-11 06:26 · Score: 2
  
  Probably a back door left open that was used during development, initially including a redundant air-gap that some researcher got tired of connecting and disconnecting... it's not just the Muggles who're lazy.
  
  --
  Happiness in intelligent people is the rarest thing I know.
  Ernest Hemingway
2. Re:Surprised by _xeno_ · 2017-05-11 06:39 · Score: 4, Informative
  
  If I'm reading the article correctly, the computer itself wasn't, the Slashdot headline is at best misleading. What was connected to the Internet was a backup drive containing documents that describe the password cracking computer.
  It's actually somewhat unclear if they even built the thing, these are more planning documents that describe how they would. If it exists, it presumably is properly isolated from the Internet, given that it's supposed to be used only by DOD and intelligence agencies.
  
  --
  You are in a maze of twisty little relative jumps, all alike.
3. Re:Surprised by DickBreath · 2017-05-11 06:55 · Score: 4, Funny
  
  Don't be surprised. I'm sure they used an air gap. The air gap was in between some manager's ears.
  
  --
  
  I'll see your senator, and I'll raise you two judges.
4. Re:Surprised by ShanghaiBill · 2017-05-11 07:00 · Score: 2
  
  Or the leak was part of a disinformation campaign to make OpFor think we have something when we actually don't.
5. Re:Surprised by It's+the+tripnaut! · 2017-05-11 07:15 · Score: 1
  
  Anything like this was even connected on the "internet".
  Could be a red herring.
6. Re:Surprised by Highdude702 · 2017-05-11 13:41 · Score: 1
  
  That was an awesome Half-Life game..
7. Re:Surprised by AHuxley · 2017-05-11 21:23 · Score: 1
  
  The US has tired that a few times over the decades.
  Altered plans to get other nations looking for more information and contacting clandestine service front companies.
  Operation Merlin https://en.wikipedia.org/wiki/...
  
  --
  Domestic spying is now "Benign Information Gathering"
Re:Oh noes! by Chris+Mattern · 2017-05-11 06:16 · Score: 2

Where can i haz this Shodan-"Program"??

You can't, you pathetic creature of meat and bone.
Look at *you*, hacker by fightinfilipino · 2017-05-11 06:16 · Score: 1

a pathetic creature of meat and bone
Sheesh... by __aaclcg7560 · 2017-05-11 06:30 · Score: 1

I get a lot of crap for posting on Slashdot during business hours (4:30AM - 10:30PM), but I wouldn't be stupid enough to connect a military code-breaking computer to the Internet for posting on Slashdot.
1. Re:Sheesh... by __aaclcg7560 · 2017-05-11 07:14 · Score: 1
  
  but I wouldn't be smart enough to know how to connect a military code-breaking computer to the Internet for posting on Slashdot.
  FTFY.
  The smart option is not to connect a sensitive system to the Internet.
2. Re:Sheesh... by bws111 · 2017-05-11 07:23 · Score: 1
  
  Doesn't say one word about a 'sensitive system' being connected to the internet. It says someone found a document on a backup server connected to the internet.
3. Re:Sheesh... by __aaclcg7560 · 2017-05-11 07:25 · Score: 1
  
  The smart option is to RTFA and understand that a sensitive system was not connected to the internet.
  This is Slashdot. You must be new around here.
  
  It was a backup drive which I'm sure you have connected to the internet for posting on Slashdot or at least pulled out of your ass like your posts on slashdot.
  This sentence makes no sense whatsoever.
4. Re:Sheesh... by __aaclcg7560 · 2017-05-11 07:30 · Score: 1
  
  Doesn't say one word about a 'sensitive system' being connected to the internet.
  What does "military" mean then?
5. Re:Sheesh... by bws111 · 2017-05-11 07:58 · Score: 1
  
  It says a DOCUMENT was found on the internet. It does not say the sensitive system DESCRIBED by the document was connected to the internet. Here is a document about a bag of cement. By your logic, all bags of cement are now connected to the internet.
6. Re:Sheesh... by __aaclcg7560 · 2017-05-11 08:09 · Score: 1
  
  "(n) mil-teree- the armed forces of a country." But that's not important right now.
  Actually, it is. I work with ex-military all the time. They're sensitive in one way or another.
7. Re:Sheesh... by __aaclcg7560 · 2017-05-11 08:16 · Score: 1
  
  By your logic, all bags of cement are now connected to the internet.
  Only in Soviet Russia.
8. Re:Sheesh... by __aaclcg7560 · 2017-05-11 09:08 · Score: 1
  
  4:30-10:30 are business hours for you?
  
  I have my regular job and my side business.
  
  Christ, I thought your life of being middle-aged and living in a shitty studio apartment by yourself was sad enough already...
  One of these days I need to find commercial space for my home office.
9. Re:Sheesh... by OhSoLaMeow · 2017-05-11 09:20 · Score: 1
  
  Actually, it is. I work with ex-military all the time. They're sensitive in one way or another.
  INCOMING!!!!
  
  --
  They can take my LifeAlert pendant when they pry it from my cold dead fingers.
10. Re:Sheesh... by __aaclcg7560 · 2017-05-11 10:00 · Score: 1
  
  INCOMING!!!!
  I had to duck a virtual chair this afternoon when one of my ex-military coworker discovered that someone scheduled an immediate reboot on his system. Made for some fun email reading.
11. Re:Sheesh... by __aaclcg7560 · 2017-05-11 14:49 · Score: 1
  
  [...] slashdot makes you money.
  Slashdot makes me extra money for something I'm already doing. As Warren Buffett said, "When it's raining gold, reach for a bucket, not a thimble."
12. Re:Sheesh... by __aaclcg7560 · 2017-05-11 16:03 · Score: 1
  
  By the way, I ctrl-clicked your link till the browser crashed just to see if it would crash.
  You crashed your own browser. Sad.
13. Re:Sheesh... by __aaclcg7560 · 2017-05-11 16:31 · Score: 1
  
  Also, we think you are APK normally, and Creamer when you.
  It would be tedious to argue with myself all the time.
  https://slashdot.org/comments.pl?sid=9952559&cid=53420987
Time for a new ARPANET by your_mother_sews_soc · 2017-05-11 06:31 · Score: 1

I'm surprised the military and research institutions don't have a new research network by now. Maybe they do and I'm just not aware of it, and if so they messed up big time by not isolating this. Either way, someone violated protocol. Probably won't be the last time this will happen.

--
My user name was a mistake. Input wasn't restricted, my bad.
1. Re:Time for a new ARPANET by Megol · 2017-05-11 08:35 · Score: 1
  
  Of course there are alternative networks, it's just that they use the IP protocol(s) with private addresses and with secure routing.There isn't really a reason for a new ARPANET as the network standard already exists and is good enough requiring only standard security measures like air-gaping.
The technical term is: by Bodhammer · 2017-05-11 06:42 · Score: 1

Ooops.

--
"I say we take off, nuke the site from orbit. It's the only way to be sure."
Re:Why are they cracking military passwords? by DickBreath · 2017-05-11 06:57 · Score: 1

It is microprocessor controlled. And has bad breath.

--

I'll see your senator, and I'll raise you two judges.
"Shouldn't be?" by hackel · 2017-05-11 07:01 · Score: 2

Anything developed using tax dollars MUST be made open source and freely available to all. It absolutely should, and *must*, be available on the internet.
1. Re:"Shouldn't be?" by mspohr · 2017-05-11 07:07 · Score: 2
  
  Sounds like it already is...
  
  --
  I don't read your sig. Why are you reading mine?
2. Re:"Shouldn't be?" by will_die · 2017-05-11 08:05 · Score: 2
  
  No it does not. That is covered under 17 USC 105
  For most, but there are a bunch of exception, the US Government does not have copyright permission however they are protected by other laws, in addition the government is not required to publish or distribute most material.
  In this case where the software was written by a non-government entity there would be a copyright from that and then it was either transferred to the US government, in which case the US Government holds the copyright, or it was licensed in which case the writers hold it and license usage to the US Government.
3. Re:"Shouldn't be?" by drinkypoo · 2017-05-11 09:42 · Score: 1
  
  Anything developed using tax dollars MUST be made open source and freely available to all. It absolutely should, and *must*, be available on the internet.
  It's pretty easy to come up with national security-related counterexamples. Code for weapons, let alone their designs.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Nothing to see here by PPH · 2017-05-11 07:39 · Score: 1

Move along now. It's just the Setec Astronomy server.

--
Have gnu, will travel.
Anarchy, State, and Utopia on open-kimono DoD by epine · 2017-05-11 12:55 · Score: 1

Anything developed using tax dollars MUST be made open source and freely available to all. It absolutely should, and *must*, be available on the internet.
Your main contribution to the debate seems to be using TWO entirely different methods of bold (followed by the near synonym "absolutely" and a second helpful repetition, this time of the word "available"—but I don't see these as your main contribution; did I mention your main contribution?)
Also cute is how you managed to conceal the word "government" under the tiny word "tax". Weird assertions about the true and absolute nature of government are one of the principle diagnostic aids for Goldbug's disease (and several other, related conditions).
The definitive diagnostic for Goldbug's disease is when Anarchy, State, and Utopia laughs you out of the room (check out its prescient lack of a chapter on open-kimono DoD).
It's not a problem by Required+Snark · 2017-05-11 14:41 · Score: 1

Trump already leaked this to the Russians, and the Chinese stole it by themselves. The only ones left out of the loop are US allies, and that is because IBM wants to sell them the system instead of having them build their own.

--
Why is Snark Required?
Makes sense by GameboyRMH · 2017-05-12 05:29 · Score: 1

I'd be more surprised if a group with the NSA's budget, talent, and goals didn't build a system to attack encryption with brute force.
Combine massive computing power with clever ways of narrowing the target...for example, something like an advanced dictionary attack would improve the odds against encryption keys that a human has to remember. Most computers don't use very high quality random numbers, there's potential for weakened encryption there I'm sure.
So if you have this system, you can give it your most potentially valuable encrypted data and let it work on that 24/7/365 in the hope that it pays off, because you can do that on a practically unlimited intelligence budget. I'll only be disappointed if the program isn't named Sisyphus...although Cipher Lotto would also be acceptable :-P

--
"When information is power, privacy is freedom" - Jah-Wren Ryel