Slashdot Mirror
Russians Crack US Department of Defense Computers
iCEBaLM writes "According to this Excite article, attackers who stole sensitive defense and technical research documents from US Defence Department computers were traced back to the Russian Academy of Sciences, [which is] government funded and has ties to the Russian Millitary. It seems it doesn't stop there and that attacks from Russia are quite widespread against US government and corporate sites. From Russia with Love." No! No! It's state-sponsored Cyberterrorism! [ M.S. : I want to remind readers that there's some serious doubt that these attacks actually exist - see George Smith's Electronic Pearl Harbor for more information.]
Routing can be spoofed, after all. And because the school has ties to Russia's military, it doesn't mean the cracks (if they really happened) were driven by military forces. It could just be college CS students on the rampage, happens all the time.
I just think people need to be careful (especially with the press and its tendencies to blow up "cyberterrorism"/defacement stories) that they don't blow things out of proportion.
You mean, there are actually people in Russia trying to hack into US computers? I knew it! They must be in league with the kid from Spain that just portscanned my box.
And all this time, I thought that hackers were just kids in suburban US basements...
for classified information specifies that
there is no internet connectivity on
computers having classified data on them.
--
Insanity Takes Its Toll. Please Have Exact Change
Care about electronic freedom? Consider donating to the EFF!
I haven't read the articles too closely yet but I wonder how reliably they tracked them.
After all pretty much any hacker raised durring the cold war period would love to make it look like they were coming from Russia. Soon as the trackers got that far you'd hope their just going to jump on it! Of course now we've got better targets to hide behind but someone from the proper time period with the right mindset....
--- Juggle juggle@hitesman.com
Probably invented by government agents who don't want to get downsized like the military.
Fresh from the US Patent Office, more of everyone's favorite pastime, "It's Net So It's New!"
Espionage is espionage. Major world superpowers spy on eachother. It's part of the structure of things--a presumption of visibility or "Sunshine" has a way of keeping governmental structures honest.
OK, honest isn't particularly the best of words. The US constitution is based on the concept that no one power structure can be fully trusted, so it places multiple power structures in opposition and dependance upon eachother, on the assumption that the intrinsic weaknesses in one will be balanced by the greed of another.
Heh, it makes about as much sense as Mutually Assured Destruction, but we did manage to make it through the Cold War without any (public) nuclear incidents. There's something amazing in that.
Anyway, if our country is based on the concept of multiple untrustable bodies balancing eachother, geopolitical stability as a whole is probably achieved by multiple untrustable nations spying on eachother, monitoring the behaviors of one another. The war wasn't that cold--just silenced.
Don't be surprised that there are spies online. Spies read newspapers. The NSA auto-downloads a number of sites on a daily basis(so said some guy who runs one of those sites). It's an "Open Source", as they call it. Extending the fact that they use open sources to the fact that they hack in a closed manner isn't ridiculous, or different.
It's standard operating procedure. If the spies weren't using the net, the intelligence level of the intelligence community would be rather suspect.
Are there differences? Yes. For one, the lack of a need for a physical presence at a compromised site--no moles, no informants--is disturbingly efficient. A report of an entire site compromising attack--Linux Kernel Module, uploading to some Australian Samba dropsite, slapped off a compromised Teraterm Pro SSH patch--that took eight seconds to go from full security to zero...the ease of this, compared to the espionage architectures of old, does have an impact.
What were you looking for? An easy answer?
Yours Truly,
Dan Kaminsky
Cisco Systems, NSA Division
http://www.doxpara.com
I thought the rule was "don't put anything on the net unless you want the whole world to see it".
I worked for a defense contractor a while and it is true--none of the computers inside a secure area are connected to anything outside the closed and encrypted DoD network. We had to go physically outside the secure area to access the net via separate computers.
Stories like these make for great press, but the only way they are going to get any secret info out of secure defense or intelligence agency is if someone placed the info on a computer outside the internal network. And this is a federal offense!
Er, if your cracker is caught in the U.S., he can be legally imprisioned for espionage. If he's in Russia, he can't be arrested by the U.S. authorities. This way, the Russian government has plausible deniability (at worst, they kick out a student who was going to flunk out anyway and blame him), and they didn't risk having their spies arrested in the U.S.
Everybody spies on everybody anyway, so all you need is that "plausible deniability" factor to avoid formal incidents. We'll complain about this, they'll complain about NSA cracks disguised as university student attacks, and everybody will forget about them.
funny that this same government the fbi says may be sponsoring cyberterrorism is the same one that cant even afford to pay the soldiers guarding its nuclear arsenal. or the scientists that developed its chemical and biological weapons (and are being heavily recruited by the US and Iran).
does anyone else find the link to state-sponsorship just a *little* tenuous? as if the more likely possibility isnt a student or group of students with a little too much free time on their hands?
and besides, if the US is really stupid enough to have classified information even available (connected to) the rest of the internet i think we fricking deserve it.
as for the cuckoo's egg thing (yes i have read it), people should remember that that was in a time where the ussr still owned 1/4 of germany and werent completely bankrupt.
unc_
Think about it: if you were a small, third world country looking to steal a few secrets from the last remaining superpower in the world, whom do you pick to masquerade as the actual attacker? Duh! It's Russia - the same Russia who we (America) has spent hundreds of billions racing for arms with, stockpiling nukes with, etcetera, etcetera. From an outdated historical perspective, it's perfectly reasonable, almost impulsive, to assume that any probe concerning classified data would be coming from Russia, public enemy #1 for pretty much the latter half of this century.
The problem is that just because "the intrustions appear to originate from Russia," doesn't mean the KGB or whoever is responsible. In fact, the only thing this proves is just that: that the packets came from a computer in Russia. Whether that computer was itself cracked, and whether the information theft was performed at the console, or via a telnet session from Libya, is impossible to determine. But let's be honest: no self-respecting cracker would ever leave a blatant calling card like this, especially not when you're dealing with the US DoD. Chain-telnetting between two,three,five,six boxes before actually cracking a site is pretty much SOP for any serious cracker, which is why I submit that it's far more likely that this crack did not originate from Russia, or if it did, not in direct connection to the University mentioned. I think whoever perpetrated this wanted us to see the University and notice the military connection, and as far as that's concerned we've all fallen hook, line, and sinker.
I think there is a world market for maybe five personal web logs.
As a former employee of the Russian Academy Sciences (RAS) I strongly doubt that now it is capable of carrying out of anything like this attack. After the collapse of the Soviet Union RAS is in extremely poor condition with most capable people gone either abroad or to commercial companies. Younger people do not join RAS because of very poor working conditions and low wages. It is hard to find anybody younger that 30 there. The monthly salary at RAS is something about US$100 that even in Russia is almost nothing for a computer professional. In fact, I am just waiting when Russian government will openly admit that it does not see any need for science and technology and will close RAS bringing suffering of its employees to the end. And another issue is that very few people in the West understand what RAS is (or was), and RAS name taken alone always leads to some overexpectations. The only thing that RAS has now is its past.
Of course, there is a chance that may be some script kiddy has gotten stuck in RAS but it is quite slim, IMHO. Also in many cases RAS poses simply as an ISP (e.g. domain relarn.ru) that is used by some private and government organization. Some descendants of the Soviet KGB are certainly experienced and capable of cyber attacks.
I'm quite shock that no one has mentioned what is obviously the easiest defense against cyberterrorism. DO NOT CONNECT COMPUTERS WITH SENSITIVE INFOMORMATION OR FUNCTIONS TO THE INTERNET. Sorry to shout, but why doesn't anybody think of this. If people can't connect with the computer they can't preform cyberterrorism. If having these sensitive systems on some sort of WAN is important then build your own damn WAN. Large corporations have been doing it for years. I don't see cyberterrorism as a threat, I see government/managerial stupidity as a threat.
Sorry to rant, but I'm tired of hear all this cyberterrorism BS. I swear if I heard that word one more time...
E29
Sensitive data might seem innocuous to the casual observer. A single piece may mean little. But a group of specialists with many sensitive pieces can discern what
the classified object is. If you don't believe that, you are fairly ignorant of basic espionage techniques.
This is a very good point. My current boss did crypto work for the military before he went into IT. One point that he, and everyone else I have ever talked to have made is what you have said.
i.e. If some secretary puts in an order for 50,000 Winter gear sets via email that is not considered classified. Any intelligent person could discern that there are probably going to be troops sent to a winter region somewhere. Combine this email with various others. It's all about seeing the patterns in things. I'm sure if you were handed printouts of 50 random military emails you could probably glean some very sensitive information from it.
moderators: mark up the parent of this thread.
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
I remember reading about an event that happened several years ago. You'll have to forgive me - I'm fuzzy on the details (maybe someone else has read the same account and can fill in the gaps). But it went something like this...
Some guy was tracking down attacks on his systems (University, I think). Amoung the jump-points of the attacks was a Naval research facility. The guy met with the facility's COMSEC person. After some audit of their networked systems, the COMSEC guy was horrified to find the amount of data that had crossed from their "air firewall" systems to the networked systems. People transferred data on their own accord to make their jobs easier. They also disregarded security.
Now, this certainly doesn't mean that some Navy public web site is also a secret harbor of highly classified documents. And the press sure doesn't do much to limit this kind of wrong impression. However, one also has to be aware that despite rules and regulations, sensitive data might still be vulnerable.
YOU sir have no idea about what you are talking about. The original poster does actually know what he's talking aboute. You are arguing about the definition of the word clasified, when it's pretty obvious what the intent of the first poster was.
The security people happen to error on the side of EXTREME paranoia when clasifying data. What does this mean? It means that they will slap a "confidential" label on anything that could be considered even remotely interesting. And then it's usually not very usefull data anyway. If you want something interesting you usually end up dealing with S/SAR or TS material. (needless to say, this makes engineering life a royal PAIN in the arse.)
Let's talk networks now, shall we?
Networks that deal with different class levels have to be isolated. In between class levels you can SOMETIMES get away with firewall or crypto type isolation. sometimes. (like you can install a 1 way gate between a lower level and higher level to allow data be moved from a low level on up). To go from higher to lower level you have this god awfull procedure to follow. very "unfun".
From unclassified to ANY classification level ye olde NISPOM (gov security manual) says you must have physical media isolation. Period. An they really want you to go a step further and separate the wires by at least 1 meter. Fiber is prefered.
So, to conclude my rambling so I can go do something usefull, if someone stole truly "classified" data from a system that was accessiable via the Internet, somebody broke the rules on the DoD side. While that is possible, security folks tend to be really really paranoid and I doubt any data they stole was really classified.
later,
dv
"There's no secret. You just press the accelerator to the floor and keep turning left." -- Bill Vukovich
Yep. The military complex is really just a big country club of spooks. They spend their time sipping Mai-Tais and lacing the public water supply with paranoia-inducing drugs. The last thing they want to deal with is pesky issues like information security and classifications.
The military is actually quite aware of how sensitive information is. And they're quite good at deturmining a classification level. But stamping a classification on a document isn't all - ensuring the document is handled properly is the problem.
Once again, you might be interested to know that this is hardly an unknown concept to the military. They refer to it as "essential elements of friendly information" (EEFI). When enough elements of unclassified information is gathered, classified information may be revealed.
Lets look at a common example of EEFI. Say a unit is going to be deployed to SandLand. Those orders are classified. However, observers are able to note changes in work schedules and large movments of equipment. They also know the unit is a rapid deployment unit. Furthermore, it is coming on winter. Yet, military personnel are observed buying a lot of warm-weather gear (shorts, shirts, sandels, sun screen, sunglasses). Its obvious that the unit is preparing to deploy to a hot climate. Scanning CNN reveals that there is some recent unrest in SandLand. Its a safe bet that the unit being observed will be deploying to SandLand.
Secure information is compromised without the actual involvement of secure documents.
What does the military do about EEFI? Classifying all and every document within the military would make day to day operations near impossible. Instead, the military attempts to keep aware of the dangers of EEFI and, via that awareness, try to limit the amount of information made available.