Slashdot Mirror
DoD Computer Forensics Lab to use Beowulf
Doran writes "The U.S. Dept. of Defense is showing off its new $15,000,000 Computer Forensics Lab and it looks like they'll be using a Beowulf cluster to gleen as much info as possible from the computers they confiscate. Here is the story from Nando. An interesting aside is that they seem to be using Clinton's 'approval' last week to allow sale of more powerful encryption software as a justification to ask for $80,000,000 more for the Center.
" Beowulf cluster mentioned, but not Linux, oddly enough.
Look at this picture, you can see the KDE background and desktop fairly easily. http://www.dcfl.com/workstation2.jpg
Stop believing what you were taught in school and start believing what looking at reality shows you.
Which reality would that be? Because, you know, I haven't actually seen any of my friends get dragged off in black vans lately.
It isn't marquee billing, but at least it's on the same page as WinNT.
done more cheaply by the NSA?
hahaha
haha
Yes.
Some take longer than others to figure things out.
If you are intimately familiar with the Lab, then you would know that the money is NOT being put to good use.
Here in san angelo texas the local hastings carries Slackware, RedHat, Caldera, and SUSE. Ask for shrinkrap, they sell Quake2 and WordPerfect.
All mixed in with the real encrypted psuedo filesystems hidden anong the random data files. When the feds kick down the door, I cut power to my Linux box. The data on the hard drive is utterly meaningless without the password stored safely in my brain. And one can hardly be prosecuted for having random data files on one's machine. I was testing the statictical properties of random number generation algorithms. Yeah! that's it. Those files are just some sample data stored for later analysis.
O.K. John, you can shut up now...
Actually, I saw a news piece about this lab on the FOX evening news here in Chicago this past Saturday night...the closing shot was of the corner of a monitor with the redhat logo on it, which they then zoomed to fill the TV screen. They are DEFINITELY running Linux. -bing I'm not an anonymous coward, I just play one at work...
Yes, its running Linux.. I believe its even in the 2.2 kernel series. Although my interpretation of that Fergeson fellow's quote lends me to believe that he was coached (barely) on the word beowulf. Typical manager stuff.. It reminded me of Dr. Evil talking about his "laser".
I hate to blow this for you, but the monitor is currently showing the signal from one of the pentium boxes to the right.... That black box to the left of the monitor is a switchbox. --too lazy to log in
If you truely believe this, you are living in a fantasy world. They are too busy chasing real criminals (a serious backlog exists) to even consider (not to mention spend years to get justification, approval (which, luckly, would never come), and execute a plan before technology made their plan worthless). I'm sorry to burst your bubble, but big brother just doesnt care. After working at places like this, I've learned that commercial enterprises (news, health care, etc) are the ones to fear. While the government may get information about you, the commercial world will get it and sell it for profit. The proof is in your mailbox..... just my 2 cents.. --too lazy to log in.
I disagree.. While spending money for your stated law enforcement purposes is fine, ask them how many iterations of pagers they've gone through. If you get an answer of less than 5 in the past year, they're probably lying. Oh.. and what about the $1 Mill they just gave to Mitre for a project which "has no real purpose and definition". - a statement taken from someone who works there. (And we all know the quality that comes from mitre.. hehehe.)
Yup... I noticed CompUSA carries 6 distributions of Linux, plus FreeBSD... but check out the application shelves.... the only software they had that would run on Linux is QuakeII, and they had nothing for FreeBSD
They run RH on there web server. Scroll all the way down, man look at all those machines he has!
Where at? I dont seen any info on it.
Actually that is the linux documentation project book. Now think about it, linux books, unix books. I seriously doubt thay would just buy those books with no intent or purpose. The job requirements ask for unix exposure. Ok, if thay havent given you enough clues, than you should be shot.. its just that simple.
The 'bproc' system is, of course, Linux specific. It's rumored that well-known Linux developer is under contract with the DCFL. Someone not working for RedHat or VA. (You might wonder if that leaves anyone..)
The NSA is part of the DoD. They prefer not to be in the public lymelight, so they always refer to themselves as the DoD.
'Course they'll probably have about as much luck reading Amiga floppies as the rest of the world does.
I said "in their PRINTED literature", also they have near life size picture of the cluster (or at least one rack's worth) in their lobby. I don't know why they don't have a the same pictures on the website that they have in the printed literature.
.
Every one knows that you burn disks, not cut them up. And also you can just rig your computer with a stong electro magent hooked up to your turbo button. So when they break your door you hit the button and the lights go dim. :)
What happens when I burn my floppy disk instead of crumbling it or cutting it up? Are they going to analyze the magnetic signatures on each trace of what is left of the disk and let the cluster try to figure out what it was? Damage
Not too long from now the Fed will be wondering what they were thinking when they realize that all a criminal has to do now is, instead of cutting the floppy, drop it into a small vial of acetone or MEK. No floppy, no data.
This is to "mazrimtain:" so you work there or something?
One question that immediately springs to mind: How much duplication of effort is there between this lab and NSA functionality? People whisper about how the NSA has a lot of custom stuff, that is probably better than what could be done with off-the-shelf components, and the like. I was wondering how much of what that lab is trying to be able to do was already done five years ago, more cheaply, by the guys at Ft. Meade, who however are keeping the methods to themselves... no offense, but I hear there's a lot of tension from time to time between the regular military and the spook establishment, which prefers a much more centralized setup for intelligence gathering and the like. Any comments?
The Staples here had tons of RedHat and Debian packages on the shelves here but they didn't sell to well. I went in a week ago and asked where they went because they were all gone and had been replaced by some lame windows disk-fixing packages. They said they threw them all in the incinerator because no one would buy any of it.
How 'bout the voters who put them in office and whose money they spend so easily?
Is it really worth $15M of the tax payers monet just to be able to reconstruct a floppy that has been cut to pieces?
Come on. Unless the govt. is gonna use it for more ominous purposes (which IMHO they will) How can they justify such a huge expense?
Oh, man, just imagine a Beowulf cluster of those Beowulf clusters...
hee hee.
Disclaimer: Author of this post is not responsible for the reader not understanding sarcasm and irony.
--
Jeremy Tout
photon-atsign-home.com
There before me where 6 rows of software..head to toe...and 6 columns wide! . . Suse,Red Hat, Debian, you name it. A veritable cornucopia of linux selections. This is prime retail space that is normally very difficult to come by.
The best part about it all was, tucked away in the corner (bottom row, far left) was this pissy little box with clouds on the cover, some 1/2 baked propritatary/old news/yesterday-tech box that sayed "Windows".
We all know Linux isn't good enough for the big time yet. Maybe they've clustered together a lot of real computers running real OSes using something like pvm?
On a daily basis where I work, we use pvm to fork out jobs over different SGI and Sun systems, and it really kicks ass. (Unfortunately, due to NDAs and such I can't tell you what we do, but it is really nifty stuff!)
Most government spokespeople are clueless, and probably got the terminology confused. I'm sure there are people somewhere (it is a large planet, ya know) who can't just use the term 'cluster' and call it a 'beowulf cluster' not realizing that the Linux minions are using the term 'beowulf'.
Admittedly, I have heard, on good authority, that there are some black ops (read: NSA, Secret Service, NRO) gov't agencies that use Linux on some of their 'puters, but usually it is a very stripped down, quite customised 2.0 kernel and a userland that none of you would recognize. Of course, it isn't on production systems, but on the occasional development network. These machines are usually religated to doing nothing more than routing packets.
If I had $15MM to spend on building a supercomputing facility, it sure as hell wouldn't be running Linux.
When I worked for the Univ of Cal library, I remember near the end of every fiscal year when the project was "come up with something to purchase" for no other reason than to ensure that the budget is not cut next year. After all, if you save a buck, you'll get one buck less next year. So why try to save? Gov't ENCOURAGES waste in this manner.
I guess this silent "anti-linux-majority" must be all the people whose windows boxes I have to fix? You know, I'm getting tired of them.
(currently testing something about signatures here)
And now, a typical Slashdot Response (TM)
But will it run Linux?
/* disclaimer: this is humor. If you don't get it, please hang up and try again. */
Three Step Plan:
1. Take over the world.
2. Get a lot of cookies.
3. Eat the cookies.
It's WASTE it or lose it. You'd think by now a bunch of self-important, ethically-challenged politicians could come with a better way to handle funding. But I guess as long as everyone gets their cut, there's no reason to push for change. And in the end, it's the taxpayers who get screwed...over and over and over.
The NSA's budget is huge, in the billions, and all they do is break and develop encryption. While part of that budget may go to developing intellectual capabilities, it would be very difficult to do modern cryptanalysis on such large scale without some very sophisticated hardware.
Their proximity to the NSA probably has more to do with being able to take advantage of their years of experience.
If there is anything thats a standard in distributed/parallel computing its that you want as much optimization as possible. Not only would NT for this type of thing bloat the the unecesdary processes being done, but you have the blue screen issue as well. Since linux allows you to customize a kernel for the components that you need, there's little (or no) waste memory/cpu -wise. Plus its free. Wasting money/time/effort on an OS thats just obsolete for this kind of job would be nuts even for an NT zealot.
Go here: http://www.vogon-international.com/
---
> If I had $15MM to spend on building a supercomputing facility, it sure as hell wouldn't be running Linux.
And why not? Save enough money on the computer, and you get offices instead of cubicles.
Sheesh, evil *and* a jerk. -- Jade
I'm sorry but we do not all know that linux isn't good enough for the big time yet.
www.google.com=big time
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
At least we have it written into our constitution that a congressional term must elapse before the new salaries take effect. If the voters don't like it, then they can exercise their opinion and vote the offenders out of office.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Their proximity to the NSA probably has more to do with being able to take advantage of their years of experience.
you're right. I certainly wouldn't know. That makes sense to me. Then again, we won't know until they flat-out tell us. Otherwise, we'll continue to speculate as we already have.
<end off-topic rant>
Personally though, I'm glad that they have a Beowulf cluster.. that's great. and I hope it runs some form of OSS; Debian, FreeBSD, Linux, Unix, etc.. or, if they feel that a decision of that nature would be too intelligent for them to make, then as long as they don't use Windows, I'm happy.
Of course, I also realize that their job is not to please me, but.... you know...
<my $0.02 worth>
Insert mind here.
I was looking at the pictures on their site when I spotted this.
Look at the shelf just above the soldier's head. It *looks* like a Red Hat box, but a bit grainy so it's hard to tell.
What do ya'll think?
Talispy
"Study your math, kids. Key to the universe." -The Archangel Gabriel
My fear is:
"Beowulf? Oh, Microsoft has this 'Wolfpack' thing... that must be what they meant."
Anyone else wonder about this?
o/~ All God's children shall be free in Pirates of the Caribbean, when we reach that Magic Kingdom in the sky... o/~
but simply Beowulf Clusters, simply because it is more challenging to convince (even) a politician to give you $80M to get a lot of copies of a free OS running on really inexpensive hardware. Even 128 nice quad Xeon boxes aren't going to cost you more than a couple of million.
software and they can't afford to piss off anyone by mentioning Linux. Or the author of the article is biased. Either way, it's a sad situation.
--- Join my team at www.dcypher.net $10,000 to the winning computer #147 "Homebuilt Computer Users"
Linux is no longer new. People know about Linux, the media doesn't need to bash them over the head with it constantly. The important part is what it does, not what it is. Important to us, important to the public, and important to the people creating this system.
---
END OF LINE
Well, in America, you don't have to prove you didn't do anythign wrong, they have to prove you did.
I guess its too early for everyone to start drooling over the Beowulf cluster again.. almost every reply to a story I read on /. mentions the Beowulf Cluster =) *drools for the sake of drooling*
Did you really think I was talking about government thugs?
I wasn't.
Yes, there is an anti-Linux conspiracy.
Thing is, it's made up of what Nixon used to call the "Silent Majority." By this I mean all the hundreds and hundreds of thousands of people who use Windows 95 or 98 to do their daily computing. They don't dink around with the interface, they don't tweak the registry, and they assuredly don't install packages more than one time, or (heaven forbid) install and then remove packages.
Because of this, their machines run fine thank-you-very-much and they think the people decrying Windows stability and reliability are doofuses without lives. If they've even heard about the people decrying Windows.
My new girlfiend lives in southern Iowa, and going down there, it seemed like everyone and her grandmother has a machine hooked to the 'net. I mean, it's incredibly mainstream. Guess what OS they are running? They'd be confused if you suggested there was any reason to run anything else.
I'm sure there are angry little minorities of people in rural southern Iowa who are mad that the 35 games and assorted calendars, screen-savers, and whizzbanger toys they downloaded and installed, which all had conflicting DLL files, etc., made their Windows systems less than reliable. Their moms probably yell at them a lot for screwing up the family computer. And yes, they are likely to then want to rebel by installing something else.
The silent majority doesn't run Linux, though. Not in your most toked-out dreams.
Yes. It makes perfect sense to me.
Using the Steganographic File System basically identifies you as somebody with something to hide. It doesn't matter what it is, it doesn't matter if it makes you guilty or not. The world is not made up out of warm fuzzy inquisitors who give out chocolate bars to people who confess their secrets promptly. It's full of power-mongers and spooks who want to know NOW what you were doing digging around on their server, and want to know NOW what you're hiding that you got off their server on your hard drive. Rubber hoses, to the max, and you're dreaming if you thing there will a Judge at the end of that tunnel.
Clue: Nope!
Have fun setting up a system where you can't prove you didn't do anything wrong. Wave bye-bye before they haul you off in the van.
Consider the following -
"Defense Department officials also acknowledged that the lab's proximity to the nearby National Security Agency, the government's premier code-breaking organization, was a primary factor in deciding its location.
That statement makes me wonder if the NSA is jealous of this new DoD setup. I can see it now, knock, knock "Hi this is Joe from next door can I borrow a few million cycles?"
**One day I will come up with a really clever sig, until then this will have to do.**
How about using PGP to further encrypt files? Remember that for the US government, the "most powerful encryption software" only goes up to 128-bit RSA Lab closed-source technology. PGP, on the other hand, is astronomically much more powerful. I bet it would be quite frustrating for the FBI's $15 M cluster to be stumped by a file encrypted with a 4096-bit key made with PGPFreeware. You can get your copy at http://www.pgp.com/
I will not speak my mind until they get speech-recognition software right!
The DCFL is not a supercomputing facility. It is a computer forensics lab that has a supercomputer. that $15 mill. was refering to the facility as a whole, not just the Beowulf. Although impressive, the beowulf is just one small piece of the pie.
in response to your comment "but I also think they can use this for recruiting purposes to get quality computer hackers to come to work for uncle sam." Who's to say thay didnt? now I got ya thinkin!
Here is the lab's homepage. Their printed literature has a picture of the Beowulf cluster. I believe it runs Redhat 5.2 with Beowulf kernel mods.
1) Yes, the data is encrypted.
2) The space with your "extra" data in it looks exactly like free space. Ths means that for normal use mounting the drive read-write, you have to use your most secret passphrase or you'll trash some of your "extra" data.
The site appears to be back up.
--
Xenu loves you!
I couldn't get through to your site, it appears to be slashdotted. (go figure!) Anyway I have a few questions...
/.ed, so I couldn't rtfm, remember!
What would keep someone from confiscating your drive, dd'ing the whole thing to their own system and reading through it at their leisure with a hex editor? Is the hidden data encrypted in some manner?
Also, couldn't the bad guys just take a look at the capacity of the drive, subtract how much space they had access to and calculate the amount of data still hidden to them. They wouldn't know *what* was still hidden, but they'd know it was there, right?
PS: You probably have really obvious answers for these questions, but your site was
An interesting tangential point (well, not open source related) is how all the other neat stuff in the lab works, and how you would go about making things *really* unrecoverable... There is an interesting paper on the subject available form Auckland university. Worth a read.
Time to be pedantic: Beowulfs are defined as running on open source software. Piles of PC's, on the other hand, might run other OS's.
See beowulf.org
"Although Ferguson and others declined to discuss specific cases already under way, they described as rare those involving encrypted files. "
Good scramblers make data recovery in a reasonable amount of time unworkable. They might be able to break it if you only keep the good stuff hidden, but if you keep 2-3 gb of mp3s and text files that say "haw-haw"(Nelson laugh) in the same directory, well, Time rears its everpresent head and they don't get evidence till your bones rot in the ground.
Why do you think the FBI/CIA/NSA fought so hard to keep encryption under conrol?
+&x
I believe there is a mild difference between "more powerful encryption software" and "powerful encryption software". Of course, every part of the U.S. government will use just about any excuse to get more funding, from what I've noticed. What do you expect from the same country where members of Congress decide upon their own salary? Ugh.
~ Kish
Most corporate business works the same way. It's a method to avoid wasting money.. For example, say you're the manager of a bakery in a grocery store, and corporate gives you the numbers you have to conform to in order to stay "within budget".. You have to meet goals for sales, profit margin, and labor. Say your corporate man wants you to stay under 20% labor (just an example), and the first quarter you end at around 19.96% or something. You made it, but just barely. This encourages your corporate man to keep the goal the same (go over your goal.. bad things happen). You end the next quarter with 18%, however, and your corporate man thinks you have become "more efficient", and he could better deploy that money elsewhere. Hence, next quarter your goal is, you guessed it, 18%.
Not to say that this kind of mentality is necessarily all that intelligent (the people who decide the budgets other people should conform to rarely have /any/ experience doing the job of the people they are slapping these "goals" with, but hey.. that's life), but it's certainly not all that uncommon, and definitely not restricted to the government hive-mind. :)
~ Kish
So far I have concocted a couple of theories: 1) this is such a well-crafted troll that only one moderator has thus far noticed.. the others got suckered in or 2) there is an anti-Linux conspiracy at work.. I suspect the latter. Ha!
At any rate, could someone please define for me "the big time"? I remember reading an article not too long ago mentioning that Linux is now being deployed to monitor the phone lines in /two whole states/ in order to make sure they stay up and all that (by the phone company, of course..), and that they have a couple of "hot boxes" (their words, not mine) "just in case".. but that they've never had to use them. This seems a /little/ like "the big time" to me. Anyone care to disagree? Or are your phone lines just not a big deal anymore?
Yes, I forgot the silly link to the article. It was called "Linux Babysits Phone Lines" or something like that. I think I saw it on Linux.com, though I could be entirely mistaken (if I saw it on Slashdot, like I said, I forgot where I saw it, so leave me alone :). If anyone cares to post the link, it might prove.. helpful.
As far as spokespeople getting terminology wrong.. They /still/ call crackers the one name they certainly do /not/ deserve. If they get anything else wrong on top of that, I won't be too damn surprised, if you know what I mean.
Let's see.. "Linux minions".. Yup, definitely a conspiracy..
~ Kish
Well, obviously. My point being that the grand majority of people who sit on here long enough to get moderator access probably don't run Windows (at least not as their OS of choice :).
I was suggesting conspirators of a different brand.. Ones who run an OS comporable to Linux, not one that is more popular with the average end-user (guess which..?).
~ Kish
As much as I love Linux, I hate to be the one to have to point this out, but the "reason" Linux may not be mentioned is that Linux may not actually be used.
Beowulf is an OS-independent architecture; PVM and MPI, for example, both run on multiple OSes (even including Win32, IIRC). Now, I'm sure that it's probably running on some form of Unix, but it could just as well be FreeBSD or Solaris as Linux.
Just thought I'd clarify the point a bit.
"UNIX" is never having to say you're sorry.
It's not just cracking codes. If you have to find files containing evidence somewhere amidst all those MP3's, those clock cycles running grep and find begin to add up.
Also, if you're scanning someone's drive for illegal images, it helps to automate a process so a human being doesn't have to mark which are illegal and which are netscape-cached Slashdot icons, for example.
Finally, in case of a nuked drive, it's useful to the feds to be able to dd if=confiscated-drive of=beowulf and then let it chug along.
And all of that beats this situation:
NYT article that says law enforcement agencies routinely seize hundreds of thousands of dollars worth of computers and hard drives as evidence, but have so few computer experts that confiscated equipment can gather dust for months or years until someone decides whether or not they contain criminal information.
...you'll need plausible deniability. In other words, you'll need the Steganographic File System just released for Linux. It provides a uniquely powerful form of information hiding: you can type in a passphrase that reveals a certain amount of the disk, and there's no way of telling whether there are other, deeper passphrases that would reveal more. This means that there's no legal duress that can force you to reveal your most secret data.
However, if the attacker is using rubber hose cryptanalysis, it means there's nothing you can do to convince them, once and for all, that the passphrase you've given them is the real, true, final passphrase. Could be painful...
--
Xenu loves you!