Slashdot Mirror
Russian Hackers Reach US Utility Control Rooms, Homeland Security Officials Say (wsj.com)
"Russian hackers [...] broke into supposedly secure, "air-gapped" or isolated networks owned by utilities (Warning: source may be paywalled; alternative source) with relative easy by first penetrating the networks of key vendors who had trusted relationships with the power companies," reports The Wall Street Journal, citing officials at the Department of Homeland Security. "They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS. The hacking campaign started last year and likely is continuing. From the report: DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously. It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.
The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions, said Mr. Homer. Their goal, he said: to disguise themselves as "the people who touch these systems on a daily basis."
The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions, said Mr. Homer. Their goal, he said: to disguise themselves as "the people who touch these systems on a daily basis."
They just ought to sever all internet connections in and out of Russia.
I don't believe it. Deep state. Carter Page. Witch hunt.
It's probably best to just end all investigations towards anything related to Russia.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
It may be true or it may be not true.....But we've had false stories about nuclear reactors being hacked before, which turned out to be standard, untargeted malware, on a non-control computer. Regardless, the DHS has been trying for over a decade to get power over the Internet, including things like the "internet kill switch." The information they release is targeted and framed to convince people to give them that power. Furthermore, we know government agencies frequently lie, and it's only gotten worse as the president has set the example.
"First they came for the slanderers and i said nothing."
Hackers only break in when security sucks. Unfortunately, that is the standard-situation these days.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You keep using that word. I don't think it means what you think it means.
Amazing. Every single word in those two sentences was wrong.
You are welcome on my lawn.
500,000 Iraqi civilians dead
4,424 US Soldiers Killed
35k seriously wounded (life all fucked up)
Ignited a platform for radicalism to flourish in 70 countries
One of those agencies (CIA) was recently caught red handed spying on the US Senate. The world is so fucked up it barely made the news.
https://news.vice.com/article/...
I object to power without constructive purpose. --Spock
So what country is spoofing Russian IPs?
We just had a story last week about the FBI crying that they might need to legislate crypto back doors. Coincidence?
Only the State obtains its revenue by coercion. - Murray Rothbard
and maybe trolling but Trump's poll numbers didn't budge an inch even after that downright terrifying display in Helsinki. What I find especially odd is most of his supporters are old enough to have been cold warrior types. It'd be one thing if Putin wasn't ex-KGB. There wasn't much in Russia to fear (they were pretty blasted out by WWII) but their KGB seemed to know damn well what they were doing.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
2016.
https://motherboard.vice.com/e...
Here is some more background on Trump's "Where is the server?" lie:
https://www.politifact.com/tru...
You are welcome on my lawn.
Several years ago I was at an IT Security dinner/presentation and they laid out some of the details behind a cyberattack on an airline. The hackers didn't go after any airline networks directly. Rather, they compromised an airline parts supplier and injected malware into webpages (or documents, I forget) and eventually 'caught' an airline when someone inside the airline visited the compromised site and was themselves infected.
I've tried to explain this to people in my industry. They don't have to be even trying to get you, just someone in your industry.
This and the massive Target breach are why vendor, their networks, and their devices should not be trusted (from a security standpoint at least).
How about ACTUALLY air-gapping the control network. If they want remote monitoring (not control), they can put a polling device on the control network. It can send all the data via a serial port with the RX connections removed to another machine on the internal network that can be reached via VPN.
There's no really good evidence that the Russian government is involved with any of the hacking, except to say "That's something they would do". It's the fallacy of the reversed conditional,
I don't see any reason why it wouldn't be Russia.
Suppose Russia isn't constantly trying to hack the US.
We have daily news reports saying they are, that essentially they are fighting a cyber war against us and that's been going on for years, but we'll assume for a moment that is false.
Nobody is doing anything about it, of course. Obama nor Trump fired a barrage of missiles in a counter-attack, nor really made any big deal about it - they're still doimg trade deals, selling the Russians a significant portion of our Uranium, etc.
So Putin sees that nobody really cares about the reported attacks. Nobody seems all that bothered about it - not enough to demand any counter-attack.
Suppose you're Putin, or Russian intelligence, or head of Russia's cyberwarfare command. You see that constant statements that you're attacking the US don't lead to any significant response. You see that you COULD attack the US with impunity and they wouldn't do anything about it.
What would YOU do if you were Putin, or head of Russia's cybercommand, and you knew you could get away with attacking the US as much as you wanted?
If it were me, seeing that nobody cares whether Russia attacks us or not, I'd go right ahead and attack. We're getting blamed for it anyway.
So either Putin and his commanders are stupid, and not taking advantage of the situation, or you're mistaken.
As it happens, I'm a career security professional. Knowing about hacks is my job. I work at a company founded by Misha Govshteyn. Guess where Misha is from. Mr. Govshteyn and I will tell you, Russia is hacking the hell out of the US all day long. Only China sends more attacks.
The malware becomes self aware after a number of hours when the contractors ends their work?
Social engineering and advance malware. So advanced. So powerful. Just like any other malware that takes over home computer everyday of week and flips email.
Domestic spying is now "Benign Information Gathering"
I remember the WMDs and didn't believe the claims then. Most people in the US and UK did. Unfortunately many people are easily persuaded to believe lies, even obvious ones, specially if they want to believe (and people love a good war if it's a long way away).
In this case, the evidence that the Russian state interferes in the USA is piling up. From the fake adverts, fake websites and fake friends with fake names spreading the Russian state's messages, to the sore thumb trolls here going on about Syria, through the US Government's closure of Russian missions and expulsion of diplomats to the current indictments of 26 Russian nationals (so far) including 12 members of the GRU, not including the NRA's go-to gun girl Maria Butina, there's a lot of it about.
If it is being manufactured, it's being done with so much attention to detail that the Russians can't cope. Here, the DHS has been spinning its web of lies with executives of utilities in secret since 2014 and now they've told the Wall Street Journal so they'll have had to manufacture 4 years of meetings and minutes and book flights and hotels and maybe make some actual changes as a cover.
Inexplicably for made-up evidence, interviewees provided with it have suddenly remembered meetings with Russian persons of interest which they had previously denied or completely forgotten about.
Against the might of the US Deep State, the Russian state's attempts to offer different explanations have all fallen apart, leaving the single idea that it's a foreign plot (cf. MH17, Skripals). All we're left with are the indignant denials from Trump, sorry, Putin on down that the Russian state would possibly have interfered in another country; if you listen very carefully it can be detected in the background radiation of many internet forums.
Denials are tricky to get right though. If you deny something too often or too strongly, that will attract the attention you wanted to deflect. No Puppet!
How humiliating it would be to be of the millineal generation and have people like you as peers.
Yup, here's a report from 2007.
https://www.forbes.com/2007/08...
That nothing has been done to fix this shit is the real story.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Newbie Russian hacker, he thought voltage machine was the same as voting machine.
we are saying sorry
do not worry, we will have it all good by November , yes.
Please give out best to the Donald
This bit jarred with me:
The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity.
Who decides the budget? Do the DHS officials suggest a figure or refer the executives to a preferred vendor? "PwC says they'll do it for $10 million."
Just introducing 2FA and tightening up access and procedures would go a long way but before that the executives and IT people have to accept the need. Staff training an optional extra.
https://www.cnn.com/2017/01/05...
That is a bit of news from the time it happened, not a few days ago, after they needed to show they did have access to the server.
Washington (CNN)The Democratic National Committee "rebuffed" a request from the FBI to examine its computer services after it was allegedly hacked by Russia during the 2016 election, a senior law enforcement official told CNN Thursday.
SO, which story do you actually believe? The one where they rebuffed attempts to inspect the server, or the one that they're using now, that they had the servers the whole time?
Personally, if you believe ANYTHING coming from the "Intel Community" either way you're an idiot. They lie. They lie straight faced in front of congress about all sorts of things, spying on Americans to there were weapons of mass destruction in Iraq. This isn't a "Right vs Left" issue, because both sides have been on both sides of hating and defending the "intel community"
And until people grow up, and see that, we're never going to get anywhere. So, please stop with the re-written history, it is embarrassing .
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Hackers are no match for mother nature in making the power go out. Outages from storms actually kill people every year. Spend the money on more tree-trimming if you want to protect the people.
Strange things are afoot at the Circle-K.
"Nobody is doing anything about it, of course."
Except Russia is under sanctions, and a lot of their attempts to influence the elections are about removing those sanctions. So the basic premise for your claim is false.
https://en.wikipedia.org/wiki/Magnitsky_Act
"So either Putin and his commanders are stupid, and not taking advantage of the situation, or you're mistaken."
And this one is a false dichotomy. Neither is true, Putin is not stupid and we are not mistaken.
That's a remarkable bit of denial, an excellent exemplar of why I have decreasing faith that this will end well. There is plenty of evidence that the Russians were involved in all sorts of various hacking and active measures and whatnot, but if you simply refuse to believe that evidence, then you can just deny everything and believe whatever you want to believe or whatever you are told to believe. That is one of the end goals of the concerted campaign of propaganda that the Russians been running since the Soviet era: true information no longer matters anymore and the ability to assess facts and adjust beliefs in response to facts is utterly withered.
To the particular point, the prior indictments against the Russian nationals are far more detailed than standard indictments, they are so called "speaking indictments." The most recent one this month against the GRU hackers detailed the particular methods they used and quite a bit of the timing of the attacks. And it sounds like western intelligence had high end source in the Russian government that Trump was told about prior to the inauguration confirming that the top levels of the Russian government, including Putin, were orchestrating the attacks. But again, if you can simply deny that information out of hand, and call it "fake news", then what point is there in providing any more information? What will be believed short of reality providing a swift kick to the groin?
The FBI is not the "Intel Community". They're law enforcement, no less than your local cops. They have about the same record of integrity, too, which is saying, "so-so". But they take the whole, "national security" thing pretty seriously. And that includes all the Trump appointments, and his director of national intelligence and his attorney general. And while you're being Inspector Gadget finally trying to get the dirt on Hillary Clinton, there is a legal noose tightening around Trump's neck. Indictments, convictions, guys in jail.
And yes, there are at least three copies of the forensically-imaged DNC server in the FBI's possession. We know this because the Trump Justice Department has told us so.
So, the question you have to ask yourself is if you believe Donald Trump or people appointed by Republicans to be FBI director, attorney general, FISA judges, etc etc. You can either trust people that have actually earned trust or a guy who changes his story about what he actually said on live fucking camera four times between Monday and Thursday.
Not you, ArchMike. It's too late for you. The question is for other people reading this. You're already too far gone down the 4chan hole looking for pizza and crisis actors. The question is for the grown folks.
You are welcome on my lawn.
The millineal generation
Phrase. Literal
A generation consisting of 1/1000th of a Neal.
Who gives vendors access that survives a single on-site visit ? I can remember back in the day activating vendor access ID's with a new PWD every time they were onsite, and freezing the same ID's when they left the site. They were not allowed remote access unless an engineer was onsite at the time and that remote access was physically disconnected when the incident ended and the onsite personnel left the site.
errr....umm...*whooosh* *whoosh* Is this thing on ?
First note the weasel words:
Then the canards:
As if the FBI has to have the hardware transported to a lab to analyze it. They have agents with functioning legs who could examine the servers while they are powered on.
And finally the crux of the issue:
The FBI wouldn't trust CrowdStrike to make such an image. Not one involving multiple servers allegedly hacked by high level foreign intelligence operatives. Not when the FBI has long had access to sophisticated malware, malware that other nation-states could also use, malware that could be missed by civilian tools.
Not only does this stand out for people who have bullshit detectors after 2002, it should upset partisan Democrats who are true believes in Russiagate. Why, there could have been the old KGB telnet handle from Pootie Poot himself buried in some encrypted memory, if only the FBI had access to the hardware to analyze it....
... adopt formal methods, write good software like your life depends on it.
And while you're at it: Discard "rapid prototyping" methods, no matter how formal they look.
Start by putting a stake in the heart of Agile.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Kinda odd to see the outrage over this. A few years ago USA used the exact same tactics to penetrate Iranian nuclear facilities, releasing the Stuxnet virus which damaged a lot of critical infrastructure. Back then there were plenty of people here gloating over this and being proud of the accomplishments.
My guess is that this is happening all over the world, by all major regimes, in all vulnerable areas. Anger or pride only depends on if your country is the hacker or the victim.
To Terminate, or not to Terminate, that's the question - SCSIROB
The article itself is incoherent nonsense written by someone who has little or no understanding of network security.
OTOH, I do believe that Russia and China and other states are more than likely probing USA infrastructure control systems among many other things because the USA has effectively declared a cold war on those states and is developing cyber-weapons to use against them. Russia and China would be foolish not to develop countermeasures.
Debate is a form of harassment. Do not question my truth.
Suppose someone broke into a power company, and shut off all power to a city. Would water stop running into everyone's home in the city, because the water company's water pumps stopped working?
A July 13 CBS news article says
Director of National Intelligence Dan Coats warned of an impending, potentially devastating cyberattack on U.S. systems, saying the country's digital infrastructure "is literally under attack" and warning that among state actors, Russia is the "worst offender."
Speaking at a scheduled event at the Hudson Institute, he adopted the language of former Director of Central Intelligence George Tenet who, in the months ahead of the 9/11 attacks, warned that the "system was blinking red." Coats, citing daily attacks from Russia, China, Iran and North Korea, said, "Here we are, nearly two decades later, and I'm here to say the warning lights are blinking red again."
It's a good idea to have an emergency supply of food and water.
"Airgapped". ... Bullshit. Either your disconnected or your not. Secure setups are the ones that aren't connected, have no wireless or landline connection and nobody knows about. Anything else can be broken into by teenagers with access to shodan, the secretaries phone number and two or three raspberry pis.
We suffer more in our imagination than in reality. - Seneca
That's what your government wants you to want, so they can more easily control what you can and what you cannot see!
(No matter your conspiracy theory, I can always field one that's more insane!)
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
What are you so afraid of?
If you have to ask that question then you know fuck-all about US/Russia relations over the last 80 years.
What is so terrifying about the US and Russia improving relations and bringing a little more piece to the world?
What's terrifying is HOW Trump is trying to do it. Peaceful cooperation with Russia is a reasonable goal but not at any cost or by abandoning countries that actually are friendly to the US. Russia is NOT a friend to the US and pretending that the interests of those two countries have somehow magically aligned because Trump is in the White House is absurd.
I'm always curious why contemporary Russia wants to be so adversarial with the United States. It made sense with the Soviet Union given the ideological nature of the Soviet Union and Communism, but makes much less sense with a basically capitalist economy and the dismantling of the Party ideological machine.
India and Brazil have more people and comparable GDPs to Russia, yet they don't have the kind of adversarial relationship with the US Russia does. Sure, there are disagreements and diplomatic conflict, but not "plotting-to-destabilize" levels of conflict.
It's not even like the Russians are operating from a position of parity with the US. A vastly smaller and weaker economy, a much less capable and weaker military force, not to mention an entire laundry list of internal problems.
From a rational perspective, you would think that the Russians would want to be allies given some level of European-ish cultural overlap, the value of US trade and investment, and the relative benefits of security cooperation, especially given Russia's exposure to the Middle East and various central Asian nations of a dubious nature.
I know there are some shop-worn explanations about Russia's "need for security", Putin's need for an enemy to justify a strong-man state and so on, but these somehow seem trite or incomplete.
And yes, there are at least three copies of the forensically-imaged DNC server in the FBI's possession. We know this because the Trump Justice Department has told us so.
I can't find any evidence of the Trump Justice Department saying that.
What we do know is that back in 2016 the DNC hired the respected cybersecurity firm CrowdStrike to determine if their mail servers had been hacked, and how, and by whom -- and to make sure the attackers were booted out. CrowdStrike made forensic images of the servers for analysis and provided copies to the FBI. James Comey said during his January 2017 testimony before Congress that "We got the forensics from the pros that they hired which -- again, best practice is always to get access to the machines themselves, but this my folks tell me was an appropriate substitute."
There is one problem with the CrowdStrike-provided images, which is that although no one questions CrowdStrike's competence or integrity, they did not maintain proper legal chain of custody documentation. This means that information obtained from the images would be easily challenged in any criminal or civil court proceeding.
In any case, I'm sure the FBI still has copies of the CrowdStrike-created server images. I'm not sure why they'd want to keep three of them, in particular, though it would obviously make sense to have more than one and to store the copies in different locations to protect against loss.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I'm always curious why contemporary Russia wants to be so adversarial with the United States.
That's not the goal, that's the means. The goal is to reduce the power of American hegemony.
India and Brazil have more people and comparable GDPs to Russia, yet they don't have the kind of adversarial relationship with the US Russia does. Sure, there are disagreements and diplomatic conflict, but not "plotting-to-destabilize" levels of conflict.
As long as there are no repercussions, why wouldn't they?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
NO COLLUSION! NO COLLUSION!
The fact that half the people from his election team have been charged with crimes involving Russia is not relavant!
Figured wrong, I clearly did. ;)
The FBI is not the "Intel Community"
Word games from "Mr. Establishment" himself... color me surprised at your 'semantic creativity.'
Even general electric isn't let in the system without a reason,
Your old SCADA version is about to expire and will cease to function X weeks after this time. Please provide access to our maintenance representative before this time in order to have an update installed. We will invoice you for the update once it is installed.
Have gnu, will travel.
Stuxnet was brought into an air-gapped Iranian facility just like this article describes. It was brought in via a Siemens PLC or controller (not sure which) that ran Siemens Step 7 OS on it.
The industrial controls world (like Siemens operates in) is a target rich environment to say the least. This is not an industry that is used to worrying about security and hackers. Nobody should be surprised by this.
The system need to be all open source and audited by multiple separate security companies.
Yeah, right. Lets see how well that will work.
Utility software (SCADA, etc) is covered by NDA agreements. It is customized for a particular utilities' system by the vendor and once set up, they don't want you taking that configuration information and entering into a maintenance contract with a third party.
There is also something to the fact that many of these systems are a real shit-show. And they don't want customers banding together, comparing notes and putting pressure on the vendor to clean up their act.
Have gnu, will travel.
No. You obviously can't comprehend the statement you quoted. I clearly indicated that I don't trust them, and/but I made no reference to Trump's truthiness. That kind of cognitive dissonance is why people like you come off as idiots when it is pointed out. You should try thinking in non-binary.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Da, My Russian is a bit rusty. Though I got my Russian Troll money! Go Putin! Yay! You should sign up, it pays really well!
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Signed, forensic images of computer system have been accepted as legal evidence for over a decade.
You are welcome on my lawn.
Signed, forensic images of computer system have been accepted as legal evidence for over a decade.
Sure, if chain of custody was maintained and documented.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
It doesn't change your narrative, but a quick update. The IG report and Congressional testimony has revealed that all except four of the emails on Clinton's server were forwarded to an entity outside of the US. It was reported to Strozk, who ignored it. Then led the investigation down the "no harm, no foul" road.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
Russia does not wish to be owned by the same forces that traditionally steer the US, EU and most of the rest of the "in the club" world. Mostly the impetus is self preservation on from Putin and his inner circle mixed with a general sense of nationalist pride. This means that their actions tend to undermine the order that those forces seek to establish. Think of their wish to move a pipeline through Syria and all the crap fallout that has happened over the last few years in that country.
Because that's the current enemy du jour. Make no mistake, I don't want to see the Russians hacking into our systems and they should be secure. But the US has de-industrialized and given to China a huge amount of IP as well as physical assets so we didn't have to be bothered doing work for ourselves, including the manufacturing of most of our drugs. How can this end well? We have met the enemy, and he is us.
Richard A. Clarke was warning people about this issue since 2002. This is nothing new. Utilities were always a major security risk since security was not considered important.
Do you not know, being a friend is a two way street. the USA is friend to no one
No nation state really has friends. Friend is a term of convenience and nation states in reality do not have friends. The US and Canada are about as close to "friends" as any two countries can get but I assure you that is only because of interests that happen to align. The US and western Europe are "friends" and if you don't understand why then you need to go study your history before posting any more drivel.
as publicly stated the US governments demands that it must dominate the entire globe in every sphere of human activity, starting off with the military industrial complex and nuclear weapons targeted at every single other country on the globe
Citation needed.
From the rest of the planet's viewpoint it's not fuck Russia, it's fuck the war warmongering USA.
Warmongering US? As opposed to Russia which just invaded Crimea and is actively supporting a dictator in the Syrian Civil war? The same Russia that sells 20% of the world military hardware? Yeah spare me the notion that the US is worse that Russia on the warmongering.
Comment removed based on user account deletion
The chain of custody on the forensic images has not been questioned.
Well, maybe by Hannity or Alex Jones or someone. Not by anyone who doesn't froth.
Unfortunately I don't recall where I read about the chain of custody issues. I don't read (or watch/listen to) Hannity or Alex Jones or anyone like that, though. Most of my news comes from the NYT and The Economist. If i can find a reference, I'll post it.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
It is all the same, the manager starves the puppies and wonders why bad things happen. All businesses are so focused on costs that they ignore the quality products that are clearly better. It is called the drive to the bottom...
Your Average Joe
ummm no
I worked in the power industry about 15 years ago, and there was always resistance to anything newfangled. There was one exception. The ability of the HMI (we called them MMI back then) to communicate with the outside world was seen as a godsend. You could remotely tap the datalogs and see trends in things like air intake differential pressure, oil temperatures, mag sensors. All of these things would provide us with valuable information, and it was even better if you could correlate it across multiple sites. Back then it was all read only though.
I don't know when they started letting things get changed remotely. I'm not surprised at all. It was always a PITA to have to send a field tech out to a site to do a system update. So I guess it was only matter of time before the ability to write changes became a desirable feature. But even on an air-gapped system, if you have somebody there to make updates without proper vetting, you're still hosed. Just MITM between the mother-ship sending the update and the onsite guy with permissions to change things. It's not a real-time attack, but it could still be devastating.
Seriously, why is this so difficult!?
Personally, if you believe ANYTHING coming from the "Intel Community" either way you're an idiot. They lie. They lie straight faced in front of congress about all sorts of things, spying on Americans to there were weapons of mass destruction in Iraq. This isn't a "Right vs Left" issue, because both sides have been on both sides of hating and defending the "intel community"
You're right, that's less of a "right vs left" issue and more of an "America vs Russia" issue. That's one of their goals - to get Americans to distrust each other and our own institutions. People need to remember who the real enemy is, it is not other Americans. The intelligence community in the US is full of people who genuinely love the country and want to see it do well, and they don't deserve these buckets of scorn. They aren't perfect, and sometimes they do something that I don't agree with, but to suggest that the entire community cannot be trusted is playing directly into Putin's hand. Watch out, in your quest to be Ultimate Patriot #1 you might realize that you're just another apparatchik.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Word games from "Mr. Establishment" himself... color me surprised at your 'semantic creativity.'
The FBI has an intelligence branch, but the FBI itself is law enforcement, not intelligence.
Here, in chronological order:
Office of Naval Intelligence, USN, DOD
Coast Guard Intelligence, USCG, Homeland Security
Bureau of Intelligence and Research, Dept. State
Central Intelligence Agency, independent
25th Air Force, USAF, DOD
National Security Agency, DOD
Defense Intelligence Agency, DOD
National Reconnaissance Office, DOD
Intelligence and Security Command, US Army, DOD
Office of Intelligence and Counterintelligence, DOE
Marine Corps Intelligence Activity, USMC, DOD
National Geospatial-Intelligence Agency, DOD
Office of Terrorism and Financial Intelligence, Treasury
Intelligence Branch, FBI, DOJ
Office of National Security Intelligence, DEA, DOJ
Office of Intelligence and Analysis, Homeland Security
The head of the intelligence community is Dan Coats, DNI.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Do they require you to move to Arkhangelsk or is that optional?
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Because Russia and China are the two largest and most dangerous? BTW, you would have heard about China if you had been paying attention.
'Cause you apparently have lots of money to burn!
I already live here. Its awesome!
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
I guess âoeair gappedâ now means âoewe disabled ssh password logins and require a keyâ?
Like with any expert witness, you're going on testimony of the forensic cybersecurity guy.
"Chain of custody" is for physical evidence when in the custody of the police. Expert witness testimony doesn't require a "chain of custody". It just requires someone who has expertise. Trump & The Russians (a new boy band!) can put their own expert witnesses on the stand. I hear Trump is looking for a 400 lb kid in his parents basement right now.
You are welcome on my lawn.
You got stuffed into your locker a lot in high school, didn't you?
Run along, Ivan. No need for your trolling here.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The documented proof came from the CIA. I know Vice is biased but everyone is. The best journalists to grace this country always leaned left and did not hide it. They were fair in that they did not skip the transgressions of the party that claimed to be aligned with thier views. They were real leftists who saw how corporatism was on the rise and the effect it had and has on the world. Disclaimer: I lean right because I HATE being told how to live and I hate social propaganda spread by communists and radicals who penetrated and destroyed the democratic party and subsequently paved a smooth road for a dictator.
I object to power without constructive purpose. --Spock
What? The CIA got caught red handed padding fake evidence for WMD to help lead us to the Iraq war. As I pointed out, they keep committing crimes against humanity...the most recent of which warranted military tribunals and public executions.
I object to power without constructive purpose. --Spock
I don't know how many utility executives have security clearance, or why they would have it given that they don't work for the government, but clearly not all do and thus went for FOUR DAMN YEARS WITHOUT BEING WARNED!
Does that seem wise to anyone? No? I'm not surprised.
I think I'd pay to see that movie. "Paul Blart, Hostage Negotiator!"