Slashdot Mirror
US-DOD confirms "cyber-attacks"
It's been surfacing throughout the news, but a current article confirms that the Department of Defense computer network has been under attack for the last few months. This came on the heels of another report which supposdly traced the attacks to coming from within Russia-this is an update from one of our prior stories. I can see Tom Clancy salivating now.
Now we have to sit through a million stories about the "dangers" of the internet, loose our right to strong encryption, and have it turn out the be the same bunch of twits obsessed with first-posting on /..
Nice tie-in with the Kubrick loss article. :}
i guess this means we'll have to sit through another week of mainstream articles on hackers/internet security.... i can just imagine the 'anti-commie' crap i'll be hearing now....
And this is suprising because...?
I would really like to see "80 "hack attemps" a day" defined.. is this unsucessful logins or what? I get about 20x the amount of "hack attemps" than the DoD does, just on my dialup box. I believe this is just a scare to try to justify the US' bombings.
I wonder if they are actually including the
standard script kiddie bs... those numbers seem
much lower that the rate at which I'd have guessed
the script kiddies were poking the DoD machines.
Some balding middle aged IS manager was apparently told by one of his twenty-year-old system administrators that other twenty-year-old system administrators are attempting to break into his computers.
What he didn't tell his manager, however.
Was that he was doing it to.
All I can say is if the hackers' motives are true, and that they oppose information hoarding in the name of "National Security" or some other such ambigiuous term - good on them. This behaviour is antagonistic, and should not be tolerated!!
Actually, it sounds like they really don't have any
idea about things. Being such a high profile group
as they are, they're bound to be on the reciving end
of gimpy attacks just like Microsoft or id software.
Just wanted to share. Go Tom.
Really now, the article quotes several relatively "in-the-know" people as saying they aren't aware of anything new, and *one* DOD chump yapping to congess for what is probably nothing more than increased funding. A virtual peral harbor indeed.
.mil domain...ooh, that's scary. Or maybe some shit-for-brains is banging satan against part of the .mil domain. That would concern me a bit. They would get hollered at pretty fast, I imagine.
80-100 attacks per day? Classifed systems aren't even attached to the net.
Until there are more details, it's probably little more than some script kiddies (russian and otherwise) telnetting into the mail port and excercising the POP3 protocol for kicks. Or maybe a few pings on the
Until there are some real details, and two or more seperate agencies concur the evidence warrants an investigation, this is nothing more than some pentagon yap trying to make a name for themself and get some funding.
Anything... including traffic they generate...
Here's a little experience I like to relate that puts things in prospective...
While working aboard a Navy ship as a contractor, I was summoned out of my rack one morrning at 3am to diagnose a probem the ship was having with their e-mail gateway and unclass off-ship bandwidth. Seems that their uplink had become increasingly saturated over the past 6 hours and was at a point where it was unusable. They though that they were "under attack" and were on bat phone talking with someone on the shore about the tracking the source (remember, once you get investigators involved, they're going to want you to maintain current situation so they can track the little dirty rat bastards). The guys on shore though they had a full compromise of the shore based gateway facility and since it was a MAJOR sat. hub, they were on the bat phone to someone in D.C. Anyway, to make a long story short, the MTA on shore and ship had ping-ponging e-mails with large attachments (containing all sorts of stuff that ought not have been on the unclass net). The officers who were the source of the e-mail contributed to the problem by re-sending multiple times where their mail didn't go through "right away". Bringing down the ship's mail gateway and clearing the queues on both ends worked wonders and DEFCON 3 was averted. This sort of thing happens on the non-unclass nets as well, but generally speaking the non-unclass nets are better staffed. At least the bandwidth for the various nets is partitioned.
I could tell you all sorts of other HORROR stories about the military and their various network (...but then they'd have to kill me?). The root of the brain-drain problem seems to be retention of good people, high turnover (deployments, transfers and non-lifers) and IT budget raiding by senior officers.
I've got an entirely different set of opinions about the people who "investigate" "attacks" on military networks. They're even more clueless that poor under paid enlisted bastards who supposedly keep everything running "smoothly".
Fortunatly for everyone actually IN the military, there are ususally enough civilian scumbags around to which any necessary blame can be affixed. Failing that, officers are, generally speaking, more than happy to eat their young and/or peers.
I don't think ANYONE has a real grasp on the entire military network structure... it's just too big and too disjoint to be managed very well.
I totally agree with that last point. It is scary ot me what is(not) being done in the DOD for protection. Let me retract that; what really scares me is what is actually being done and the policies that drive it
Doom is right. Anybody who has ever been in the US military and worked with classified materiel knows that they would never ever admit to any breach, or even attempted breach of security. Any real hacking/cracking attempts will be kept top secret for obvious reasons. This is just pandering for more $$$$ and leveraging fear about the Internet. The US military does not have any real online systems connected to the Internet. Internet was just an experiment. They have a parallel system that you never heard of, but similar to Internet. But you will never get any access to it. This is just a political ploy for more money.
comon hackers, go steal all those
secret alien/ufo docs/records... and also steal all those JFK and FBI docs, do something usefull, steal stuff that benefits society.
Let the truth out.
I want to see an international security build-up! God I would love that. I want to see nations around the world fear for their digital security and have a mass security build up! That would mean big trouble for microsoft but think about it...What did the cold war make that didn'y kick ass? All the good shit comes from war. Capitalist competition is childs play, War produces the good stuff. Internet and National Security is the perfect excuse to start this dream...God please make it happen!
Monopolies are efficient. Once the system is in place, all R&D can stop, but you keep the prices at the same level and increase for inflation. Thus the shareholders win big. The telephone companies did this, and patch panels built in the thirties or even earlier were in wide use into the mid eighties.
All security issues could be handled from one point. All training and ops would be for one system.
Why do you think MS has the pentagon in it's pocket? (well, besides all the mil types being heavily vested in MS stock) It's so Citizen95 can run point and click her way to armageddon when the real cyberwar comes.
I'd like to see it happen to!
An article in today's NYT notes that the "attacks" are more like espionage than a bombing run.
http://www.nytimes.com/library/tech/99/03/cyber
Oke, so these "31te d00d3s" are trying their downloaded scripts on the WEB-SERVERS of the american government. SO WHAT?
Since those webservers are not attached to "the" american governments' network where all classified data is send trough, that USA government has nothing to worry about.
That is; they are not attached to the internet, are they? Please? Someone tell me it isn't true? Please?
We're the US. We don't need an excuse. "Especially if your country is full of brown people. If you've got a bunch of brown people in your country, tell 'em to watch the f*** out, or we'll goddamn bomb them." -- George Carlin
antionline? gimme a break, you pathetic loser. i hate you, you make me sick.
Please, pull your head out of your arse.
Nyuk, Nyuk, Nyuk!
Jeeze, I bet you can't watch anything remotely entertaining can you? Always yelling at the screen that the jokes are wrong and everyone's an idiot...
Please stick yours back in.
The question is what should be kept secret ? And who keeps these secrets ? And who is accountable and responsible for making the decision to keep these "secrets" in the first place ?
Do you truly think those who decide have YOUR best interests at heart, in this day and age ?
Classified computers are prohibited from being connected to other machines that aren't operating at the same level of classification. This means that you won't find classified data on machines connected to the internet unless some ignoramus or traitor transfers it via floppy or other means from a classified machine.
That doesn't mean that you won't find sensitive but unclassified information on a machine connected to the internet. It depends on how you define sensitive. The DoD is pretty conservative and tends to overclassify most information, so any information of value is likely to be classified.
You are correct that the real threats are not from crackers, but from intentional (treason) or inadvertent (clueless people not following rules) release of information by DoD personnel.
I find your comments pretty much on the mark. The funny thing, as a former AF officer, I can agree with most of what you said. The sad this is that we were on some occasions just as bad, but not always. The interesting facts are that as more technical the military gets, the more we SHOULD be investing in high-quality training and individuals. But you know who is running the show and has caused all of the problems we're encountering. Lastly, as far as being clueless, the military is learning all of the time. The question is, are our enemies farther ahead than we are?
If we "go down" because of cyberterrorists and the military is suppose to be clueless, who are we gonna call? While some of the twenty-somethings think this is funny, I suggest you think again about how YOU might be affected by such an attack!
He wasn't trying to justify their actions, moron. But was merely indicating this country's tendency to brutalize.
For Christ sake, who is your enemy who you hope is not far ahead? Iraq? poor Russians who don't have money even for survival of the fleet, not even speaking about advanced stuff like Email on board of a ship.
No enemy left, except in some sick minds, US rules the world.
-AC
p.s. I am not American.
So, the military uses M$, and soon we will see more mundane systems such as cars controlled by windows CE.
Does this not give an entire new, macabre, meaning to the term "Blue Screen of Death"
So, the military uses M$, and soon we will see more mundane systems such as cars controlled by windows CE.
Does this not give an entire new, macabre, meaning to the term "Blue Screen of Death" I mean, what if windows crashes? Does the plane/car/battleship then crash as well?
Those "poor russians" you refer to still have lots of nuclear-tipped ICBMs which could wipe out the whole world. Worse, those "poor Russians" could sell those ICBMs to some "rich arabs" for some easy cash. The world is much more dangerous now than during the Cold War because it is less stable.
I think war is absurd, but I acknowledge the reality of the war machines we vulgar humans have created; and now we have to keep ourselves safe as best we can. Our best hope is for capitalism to take over the world. Then the base masses would fear losing their Big-Macs too much to support a protracted war and the result would be peace. Vulgar, base peace...but peace.
Posted by Tr0ll3r:
See above.
Posted by Tr0ll3r:
And yet some people will -still- respond with
page long flames. Its quite good fun.
DEFCON 3 my ass....DEFCON refers to the defense posture of all US forces. Raising the DEFCON over an attack on a non-classified network is bullshit - would never happen.
Plus this goob is violating the rule of thumb of discussing his work publicly. Moron.
Heh.. An admitted troll..
Well, at least they're easy to spot.
The article says nothing to distinguish this new attack from random scanning with nmap.
come on, even the American military can't possibly be dumb enough to tie sensitive information to the internet with millions of happy hackers out there who could earn millions of dollars selling that information to, say, Iraqi, or Russians, or even French...
---
the Gods have a sense of humor,
Never underestimate the power of stupidity
To err is human, to moo bovine
Oh, and BTW (as I submitted Friday, evidently to no avail) they're also reporting that the normally-public-domain NASA tracking data for that UK Defense satellite (Skynet 4D) that was supposedly hacked a couple of weeks back was pulled for the time period in question. Check it out.
(I'd link directly, but the links don't seem to be working right. Oh well -- they're available from the front page.)
Kythe
(Remove "x"'s from
Kythe
Is there a problem I should be aware of regarding Antionline? I've generally found their information to be pretty accurate -- even if you don't like everyone who seems to hang around there.
Kythe
(Remove "x"'s from
Kythe
Mark Fassler
fassler at frii dot com
What you fail to understand, is that there are certain pieces of information that a government (or any large organization which has competition,) must keep secret from all parties, including its constituants. T'would be quite horrible if Saddam Hussein were to know US troop movements in advance, or if a group of terrorists learned the location of, then access codes to, a stockpile of US biological weapons? Please, let's not debate whether or not the US does, or even should have, such weapons. The point is, there are certain things that need to be kept secret.
-- Minds are like parachutes... they work best when open.
(shrug)
Check out http://www.innerpulse.com -- great entertainment esp. re: antionline kiddies
If the Defense Department is willing to
admit that they're experiencing "cyberattacks"
it means that the attacks (a) have not been
successful and (b) they're planning on hitting up
congress for lots of cash to defend our cyberspace. Watch out for the soon-to-be announced Hacker Gap.
Let's all hope they aren't using NT servers to protect our national defense secrets or control any weapons. Remember the naval "smart ship"? :-)
On another note, I always wondered what intrusion detection systems were like at high security government agencies. It would be interesting to actually see an incident response team in action, along with any custom software they've developed...
I am sure I read that all computers containing sensitive defence information are prohibited from being networked. In fact it was written that the DoD employees got their news on tape in the early days.
The level of security was so tight that an expert was rumoured to say a security breach would mean a breach of trust. In short treason.
Has this changed or are these attacks on admin computers, and thus of less significance. Did the DoD relax its security in the face of increasing hacker activity or is this just media hype ??!
Woe be on to them, all who rise against poor people, shall perish in a the end. Buju Banton
If the Y2K was even close to as big of a problem as was hyped, then we should already be seeing a large amount of problems.
Things won't magically stop working at 00:00:01 01/01/2000. The closer we get the more problems we should encounter because a lot of programs which use dates also look forward in time for predictions & scheduling. A few articles commented on this around Jan 1, 99. They said how amazingly smooth the last new year was and there were a lot fewer Y2K problems encountered than anyone expected.
I've talked with reps from my local power company. He can says that they are ready. The telephone company says the same thing. I've talked to a gasoline company and they say the exact same thing. If I remember correctly, Wall Street did a Y2K test and it passed. And don't withdrawl your money from the banks. For one thing, banks are insured so you'll get your money and for another, I think I remember reading financial institutions have had to prove their Y2K compliant months ago or face serious fines from the US government.
And IF we loose power, how long does anyone believe it will be out? Power outages happen all of the time (car accidents, storms, & brown-outs) and nobody freaks out.
The major stuff will keep working and the minor stuff will probably just be an annoyance. The really interesting thing will be how many small companies go belly-up from not being prepared.
After all, it's just ones & zeros.
One thing that is interesting is that the US Military has over 300,000 installations of Microsoft software and is using IE4 as it's browser. Just the fact that these systems are so widespread (and people could find leaks that they don't report to MS) makes it a security risk.
-----
http://www.Windows2Linux.org (Submit your Links)
http://www.Windows2Linux.org (Submit your Links)
Everything y
a breach of trust can be something like not following proper procedures (passwords, logging off, not working on stuff at home, etc.)
they are trained and instructed, and are "trusted" to follow the rules, and not do stupid stuff.
L.