Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russians Crack US Department of Defense Computers

Posted by ryuzaki0 on from the spy-who-loved-me-only-for-my-computer dept.

iCEBaLM writes "According to this Excite article, attackers who stole sensitive defense and technical research documents from US Defence Department computers were traced back to the Russian Academy of Sciences, [which is] government funded and has ties to the Russian Millitary. It seems it doesn't stop there and that attacks from Russia are quite widespread against US government and corporate sites. From Russia with Love." No! No! It's state-sponsored Cyberterrorism! [ M.S. : I want to remind readers that there's some serious doubt that these attacks actually exist - see George Smith's Electronic Pearl Harbor for more information.]

8 of 107 comments (clear)

  1. What source? by Uller-RM · · Score: 3

    Routing can be spoofed, after all. And because the school has ties to Russia's military, it doesn't mean the cracks (if they really happened) were driven by military forces. It could just be college CS students on the rampage, happens all the time.

    I just think people need to be careful (especially with the press and its tendencies to blow up "cyberterrorism"/defacement stories) that they don't blow things out of proportion.

    1. Re:What source? by dennisp · · Score: 3

      As well, hackers have accounts on thousands of boxes. I once got smurfed by a university in Hong Kong and found the next day that several of their boxes had been compromised. I doubt students of that college would knowingly connect to US DOD computers without using an intermediary. If they did, they are either stupid or laughing in the face of the US govt (which i doubt). If they were working for the russian military I think they would want them to be a little more inconspicuous.

      Sadly, I know some people who have accounts on hundreds of university, nasa, large and small corporation, and personal boxes. Once someone gains access to a box and installs a sniffer, it is fairly easy to gain a large number of accounts.

      If I was to exploit a problem in a DOD computer, I would sure as hell use 2-5 intermediaries and possibly some wingates. Also note that the majority of people breaking into these computers really don't give a shit about the sensitive information included on them. For them, its primarily just a digital playpen where you have status for having root on one of those systems.
      ----------

  2. Whoa, really?!? by kurowski · · Score: 3

    You mean, there are actually people in Russia trying to hack into US computers? I knew it! They must be in league with the kid from Spain that just portscanned my box.

    And all this time, I thought that hackers were just kids in suburban US basements...

    1. Re:Whoa, really?!? by Wiseleo · · Score: 3

      Hehehe...

      As I just went home to Ukraine recently, I was a bit surprised at the amount of software on the streets.

      Computers fell to the $200 range, no one cares about top of the line machines there, but a lot have 3d accelerators installed.

      Average software package runs you $1.5, stuff like Microsoft Office 2000 Premium was $6.

      Computer programming is a required class in all high schools. Now, if you take into account that we learn Algebra in 5th grade and Physics in 6th, why are you surprised? We graduate as programmers. We still use DOS on a daily basis. It is starting to become Netadmin-only thing here in US.

      English is also a required class, for at least 4 years.

      So what do you get? People who are highly skilled in computer technology and who have no way of utilizing that skill in their country.

      Would you hire them to spy on other countries? Would they agree? Yep, nothing to lose with non-existant computer laws.

      The kids there do not think of sports or showbusiness as a #1 career, they are into the IT. There is no such thing as legal software either. If I need say HP Openview, I'll get it free from a friend or for $1.5 on any street corner. Yes, the duplicated software is sold more openly than drugs but in the same fashion.

      It is cheaper for me to order a lot latest games already modified and pay for the air international shipping rather than to hit a local store.

      People do have time to burn, and software engineering is probably the most profitable career choice.

      You'll be seeing a lot more of this.
      --
      Leonid S. Knyshov
      Network Administrator

      --
      Leonid S. Knyshov
      Find me on Quora :)
  3. Bullshit by Lally+Singh · · Score: 3
    The Dept Of Defense security requirements
    for classified information specifies that
    there is no internet connectivity on
    computers having classified data on them.

    --
    Insanity Takes Its Toll. Please Have Exact Change

    --
    Care about electronic freedom? Consider donating to the EFF!
  4. "It's Net So It's New!" by Effugas · · Score: 3

    Fresh from the US Patent Office, more of everyone's favorite pastime, "It's Net So It's New!"

    Espionage is espionage. Major world superpowers spy on eachother. It's part of the structure of things--a presumption of visibility or "Sunshine" has a way of keeping governmental structures honest.

    OK, honest isn't particularly the best of words. The US constitution is based on the concept that no one power structure can be fully trusted, so it places multiple power structures in opposition and dependance upon eachother, on the assumption that the intrinsic weaknesses in one will be balanced by the greed of another.

    Heh, it makes about as much sense as Mutually Assured Destruction, but we did manage to make it through the Cold War without any (public) nuclear incidents. There's something amazing in that.

    Anyway, if our country is based on the concept of multiple untrustable bodies balancing eachother, geopolitical stability as a whole is probably achieved by multiple untrustable nations spying on eachother, monitoring the behaviors of one another. The war wasn't that cold--just silenced.

    Don't be surprised that there are spies online. Spies read newspapers. The NSA auto-downloads a number of sites on a daily basis(so said some guy who runs one of those sites). It's an "Open Source", as they call it. Extending the fact that they use open sources to the fact that they hack in a closed manner isn't ridiculous, or different.

    It's standard operating procedure. If the spies weren't using the net, the intelligence level of the intelligence community would be rather suspect.

    Are there differences? Yes. For one, the lack of a need for a physical presence at a compromised site--no moles, no informants--is disturbingly efficient. A report of an entire site compromising attack--Linux Kernel Module, uploading to some Australian Samba dropsite, slapped off a compromised Teraterm Pro SSH patch--that took eight seconds to go from full security to zero...the ease of this, compared to the espionage architectures of old, does have an impact.

    What were you looking for? An easy answer?

    Yours Truly,

    Dan Kaminsky
    Cisco Systems, NSA Division
    http://www.doxpara.com

    1. Re:"It's Net So It's New!" by Effugas · · Score: 3

      Quick clarification(because SOMEBODY's going to ask, because I put down the wrong signature):

      Cisco has a division called NSA--Network Supported Accounts, not No Such Agency.

      Unsurprisingly, the real NSA was on my mind as I made this post. LOL. I work for Cisco's Network Supported Accounts division. Big, big, big difference.

      Yours Truly,

      Dan Kaminsky
      DoxPara Research
      http://www.doxpara.com

  5. I doubt it, at least that Rus.Ac.Sc involved by srk · · Score: 3

    As a former employee of the Russian Academy Sciences (RAS) I strongly doubt that now it is capable of carrying out of anything like this attack. After the collapse of the Soviet Union RAS is in extremely poor condition with most capable people gone either abroad or to commercial companies. Younger people do not join RAS because of very poor working conditions and low wages. It is hard to find anybody younger that 30 there. The monthly salary at RAS is something about US$100 that even in Russia is almost nothing for a computer professional. In fact, I am just waiting when Russian government will openly admit that it does not see any need for science and technology and will close RAS bringing suffering of its employees to the end. And another issue is that very few people in the West understand what RAS is (or was), and RAS name taken alone always leads to some overexpectations. The only thing that RAS has now is its past.

    Of course, there is a chance that may be some script kiddy has gotten stuck in RAS but it is quite slim, IMHO. Also in many cases RAS poses simply as an ISP (e.g. domain relarn.ru) that is used by some private and government organization. Some descendants of the Soviet KGB are certainly experienced and capable of cyber attacks.