×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NSA Wages Cyberwar Against US Armed Forces Teams

ScuttleMonkey posted more than 4 years ago | from the next-time-take-the-gloves-off dept.

Security 219

Hugh Pickens writes "A team of Army cadets spent four days at West Point last week struggling around the clock to keep a computer network operating while hackers from the National Security Agency tried to infiltrate it with methods that an enemy might use. The NSA made the cadets' task more difficult by planting viruses on some of the equipment, just as real-world hackers have done on millions of computers around the world. The competition was a final exam for computer science and information technology majors, who competed against teams from the Navy, Air Force, Coast Guard and Merchant Marine as well as the Naval Postgraduate Academy and the Air Force Institute of Technology. Ideally, the teams would be allowed to attack other schools' networks while also defending their own but only the NSA, with its arsenal of waivers, loopholes, and special authorizations is allowed to take down a US network. NSA tailored its attacks to be just 'a little too hard for the strongest undergraduate team to deal with, so that we could distinguish the strongest teams from the weaker ones.' The winning West Point team used Linux, instead of relying on proprietary products from big-name companies like Microsoft or Sun Microsystems."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

219 comments

Linux (5, Insightful)

sleekware (1109351) | more than 4 years ago | (#27913439)

Anyone surprised by the OS choice of the winner? It was going to be either that or BSD.

Re:Linux (2, Informative)

sleekware (1109351) | more than 4 years ago | (#27913525)

I see this was marked as a trolling comment, but I meant with respect of the ability to really harden the security (and great security that is usually comes with a Linux or BSD package by default).

Re:Linux (2, Insightful)

ouimetch (1433125) | more than 4 years ago | (#27913749)

Great security comes by keeping yourself off the grid of would be attackers. Even the most secure systems can be tapped if somebody wants to bad enough and knows where to find it.

Re:Linux (1)

Erikderzweite (1146485) | more than 4 years ago | (#27914173)

That is exactly why motivated NSA professionals were easily able to penetrate the Linux system of the winning team. Wait, what?

Re:Linux (3, Funny)

LaskoVortex (1153471) | more than 4 years ago | (#27913707)

Anyone surprised by the OS choice of the winner?

No. The NSA doesn't run Linux so they don't know how to attack it. You have to log in with that text thingy and then type some stuff to get it to do what you want. The other kind of OS with the pictures of things works much better. You can point at the pictures and click them and it does what you want. If no one at the NSA runs Linux, how do you expect them to write a virus for it? It's obvious why it won because it is an underrepresented OS that no one uses anyway.

Re:Linux (5, Informative)

Bellegante (1519683) | more than 4 years ago | (#27913943)

Re:Linux (5, Funny)

Burkin (1534829) | more than 4 years ago | (#27913955)

Whoosh!

Re:Linux (1)

Bellegante (1519683) | more than 4 years ago | (#27914675)

Oh.. yea. I suppose I could pretend that I caught that but.. I didn't. Still, I always thought that it was nice the NSA released those recommendations. I'm sure they didn't leave themselves a hole to exploit in that!

Re:Linux (0)

Anonymous Coward | more than 4 years ago | (#27913925)

Actually, the article says nothing about the OS used by other teams. All of them might well have been using Linux. (After all, if it's such a slam-dunk obvious choice, those teams would know that, too.) The West Point team might have won simply because they were better than the other academy teams, not because of the OS.

Re:Linux CNET URL to TFA (5, Informative)

davidsyes (765062) | more than 4 years ago | (#27913947)

Cadets trade trenches for firewalls
http://news.cnet.com/2100-7350_3-6249633.html [cnet.com]

(if you don't have nor want a subscription to the NYT....)

This part probably is getting lots of attention here in /.:

Cadet Brian McCord, part of the team that installed the operating system, said he was chosen because his senior project was deeply reliant on Linux. The West Point team used this open-source operating system, freely available on the Internet, instead of relying on proprietary products from big-name companies like Microsoft or Sun Microsystems.

But this part probably says it all:

""It seems weird for the Army with its large contracts to be using Linux, but it's very cheap and very customizable," McCord said. It is also much easier to secure because "you can tweak it for everything you need" and there are not as many known ways to attack it, he said."

Re:Linux (4, Interesting)

gravesb (967413) | more than 4 years ago | (#27914647)

I participated in this as a Cadet in 2001. We used a variety of operating systems, including Windows 2000, Solaris, Linux, and Mac OS9. Even back then, the Linux server and desktop client had by far the greatest uptime. Well, except for me, as I was attempting to rebuild the Windows server after they had taken it down, yet again.

Re:Linux (5, Informative)

Anonymous Coward | more than 4 years ago | (#27914857)

I was involved in the exercise. We used FreeBSD and Fedora Core 10 as our base server platforms. We'd used FreeBSD last year, so we were confident that it would give us a solid base to work from.

According to the exercise directive, we had to run several windows workstations. We used Window2008 as the Active Directory and Domain Controller. We didn't go so far as try the "read only" mode, but W2k8 seemed solid enough for the duration of the exercise. Wasn't easy to get set up and locked down, however.

First Post Baby!!!! (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#27913451)

What is Linux?

Is anyone suprised? (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#27913453)

The winning West Point team used Linux, instead of relying on proprietary products from big-name companies like Microsoft or Sun Microsystems.

I'm not.

NCCDC (5, Informative)

Anonymous Coward | more than 4 years ago | (#27913455)

Looks a lot like the National Collegiate Cyber Defense Competition [nationalccdc.org]. Any college student team can participate in that one, however, and the NSA or Secret Service have participated in past events iirc.

The competition is a lot of fun, 64 teams last year.

Re:NCCDC (3, Insightful)

nametaken (610866) | more than 4 years ago | (#27913497)

How bad-ass must one be to withstand concerted hack attempts by the NSA? I'd think that would look really, really impressive on a resume. Especially for someone applying for a .gov job!

Re:NCCDC (2, Interesting)

Burkin (1534829) | more than 4 years ago | (#27913609)

Except as the story says this wasn't even the worse they could do. They tamed down their attacks to the level of the undergraduates.

Re:NCCDC (5, Insightful)

Atlantis-Rising (857278) | more than 4 years ago | (#27913691)

The fact that the NSA was willing to participate at all strongly suggests to me that the NSA was just playing games, and was not in fact utilizing anywhere near their full capabilities in this exercise. Which says something pretty impressive about the NSA.

So uh... (0)

Anonymous Coward | more than 4 years ago | (#27913887)

Where's the site that sells tickets?
I never went to summer camp, help me live my childhood dreams!

Re:NCCDC (0)

Anonymous Coward | more than 4 years ago | (#27914083)

So basically you are saying this was just propaganda? :)

Re:NCCDC (1)

fluffy99 (870997) | more than 4 years ago | (#27914289)

The NSA basically scanned their network for known vulnerabilities and took advantage of them. I hardly call flooding someones email a sophisticated attack either. The NSA has a much bigger toolbox than we give them credit for. I'm sure there is a classified file somewhere with a list of zero-day exploits waiting for that "special occassion" when they'll be needed. Open source makes this much easier, btw.

Re:NCCDC (3, Funny)

Anonymous Coward | more than 4 years ago | (#27914487)

The NSA has a much bigger toolbox than we give them credit for.

No, we don't. I work for the NSA, and I promise, you've seen it all. Move along here, nothing else to see. These aren't the droids you're looking for...

Re:NCCDC (1)

swillden (191260) | more than 4 years ago | (#27914993)

The fact that the NSA was willing to participate at all strongly suggests to me that the NSA was just playing games, and was not in fact utilizing anywhere near their full capabilities in this exercise. Which says something pretty impressive about the NSA.

That's just what they want you to think.

Re:NCCDC (2, Funny)

Chris Burke (6130) | more than 4 years ago | (#27914859)

Except as the story says this wasn't even the worse they could do. They tamed down their attacks to the level of the undergraduates.

Exactly. Which is why Linux and Open Source won.

You see, it's true that Open Source is superior and more potent at staving off cyber attacks than Closed Source. However, to defeat the next level of tests you need Secret Reverse Unclosed Source (of Ineffable Primes, +3). However the big boys aren't exactly going to be giving that away, what with it defeating the purpose and all. So far though Open Source is the best we mortals have managed. Maybe through meditation and large amounts of coffee we will be enlightened.

A couple things I have been able to glean, though: The Ultimate OS ends with a 'z', and penguins are important.

Yay NSA? (1)

DoofusOfDeath (636671) | more than 4 years ago | (#27913483)

I'd feel a lot more positive about the NSA's capabilities, if they didn't have a track record of illegal wiretaps.

Re:Yay NSA? (2, Interesting)

mrmeval (662166) | more than 4 years ago | (#27914441)

I don't think the classified portion of the Executive Order that created them has been released. For all we know it contains a classified pardon.

Not as many? (2, Interesting)

Twillerror (536681) | more than 4 years ago | (#27913515)

"It is also much easier to secure because "you can tweak it for everything you need" and there are not as many known ways to attack it, he said."

I'm not sure I agree with this. There are plenty of ways to hack all OSs. Maybe a generic underhardened Windows install has more know ways...but how would one even quantify what is know and not know. Public is one thing, but given that Linux is open source and even compiled code can be broken down there is likely many known ways to hack products that are not public yet.

I'd be more interested in the permiter defenses they used. Like what kind of IDS/IPS did they use? Where they using email firewalls to prevent floods of emails or just blocking. I think you also have to harden your servers, but I'd rather have something protecting my email server and have more layers to dig thru..and to alert you.

Re:Not as many? (0)

Anonymous Coward | more than 4 years ago | (#27913601)

'Public is one thing, but given that Linux is open source and even compiled code can be broken down there is likely many known ways to hack products that are not public yet.'

You forget that BECAUSE it is open source, bugs and loop holes are found and subsequently patched.

The programmers that contribute to OS projects are pretty adamant about good code, something Microsoft will learn one day.

Re:Not as many? (3, Insightful)

Burkin (1534829) | more than 4 years ago | (#27913659)

The programmers that contribute to OS projects are pretty adamant about good code, something Microsoft will learn one day.

And yet in practice this statement doesn't hold up because there is plenty of shit code floating around in open source projects.

Re:Not as many? (1)

RiotingPacifist (1228016) | more than 4 years ago | (#27913739)

AC must have meant Operating system projects. And trust me linus and theo are pretty fucking adamant!

Re:Not as many? (1)

Burkin (1534829) | more than 4 years ago | (#27913775)

Linus may be adamant, but the Linux kernel has plenty of its own shitty code inside of it.

Re:Not as many? (1)

RiotingPacifist (1228016) | more than 4 years ago | (#27914195)

For example?

Re:Not as many? (1)

Shikaku (1129753) | more than 4 years ago | (#27914845)

The driver modules.

If a bad wireless driver can freeze all of Ubuntu AND prevent me from opening tty1 (press ctrl+alt+F1) AND even if I get to tty1, I can't run or kill anything, not even top, then I think there's a serious problem.

Then again it is probably bad coding due to ndiswrapper. Sorry, I'm a little bitter from trying for 5 hours to make the Marvell TOPDOG (TM) PCI-Express 802.11n Wireless (EC85)on my Gateway MT6458 laptop working, and all I get are Ubuntu lockups.

Re:Not as many? (0)

Anonymous Coward | more than 4 years ago | (#27913941)

Thank you for the specification.
I did, indeed, mean Operating System projects.
Sadly I forgot OS has another, also important, meaning.

For those still saying that there's crappy OS code in open source projects, please compare to what we have been able to get out of closed OSes (ie: windows for the most part).

For those about to say OS-X is better, please note that OS-X was built based upon a solid BSD core first. And I've frozen my OS-X box 3 times in the past week with normal usage.

My linux webserver, however, is running fine and is a lot more open to the net than either my windows or os-x boxes.

Re:Not as many? (2, Interesting)

ross.w (87751) | more than 4 years ago | (#27913669)

With Windows, you have to just trust Microsoft. With Linux or BSD, you don't have to trust anyone.

It is even more of an issue for a non-US military. If you have the source code, you can vet it and make sure no one has planted back doors that the US Govt has insisted on.

With Windows, you have to trust Microsoft when they tell you there are no backdoors. If you were the Chinese, would you believe them?

Re:Not as many? (0, Redundant)

Burkin (1534829) | more than 4 years ago | (#27913711)

Ah yes because the Chinese government has a long history of being trustworthy and never lying to it's citizens or attempting to rewrite history.

Re:Not as many? (2, Informative)

ross.w (87751) | more than 4 years ago | (#27913797)

I never said they don't. They do, and that's bad. But that doesn't change the point that the ability to inspect and audit all your code for vulnerabilities is an attractive feature to any Government not wanting to trust a proprietary vendor beholden to a foreign power. China was just an example. The same would be true of France or Germany.

Re:Not as many? (3, Interesting)

jjohnson (62583) | more than 4 years ago | (#27913757)

How many people actually vet the Linux source code, or would recognize various weaknesses and backdoors if they were staring at them?

Re:Not as many? (4, Insightful)

Anonymous Coward | more than 4 years ago | (#27914037)

More than do the same with Windows

Re:Not as many? (0)

Anonymous Coward | more than 4 years ago | (#27913815)

With Windows, you have to just trust Microsoft. With Linux or BSD, you don't have to trust anyone.

It is even more of an issue for a non-US military. If you have the source code, you can vet it and make sure no one has planted back doors that the US Govt has insisted on.

With Windows, you have to trust Microsoft when they tell you there are no backdoors. If you were the Chinese, would you believe them?

So you have personally inspected every single line of the various Linux distros that you use? Otherwise, you are trusting that someone else did... just like you would do with Windows.

The Windows source code *is available* to third party companies (if you have enough clout or money). The US Government certainly has access to it, along with just about every major University in the US and several in Japan.

Most people that run Linux don't bother to examine the source. They may compile it, but they are still trusting that someone else performed a security audit.

Re:Not as many? (1)

nausea_malvarma (1544887) | more than 4 years ago | (#27914091)

Most people that run Linux don't bother to examine the source. They may compile it, but they are still trusting that someone else performed a security audit.

We ain't talkin bout most people. We talkin bout the military, and I would expect the military to investigate the security of their software.

Well ok, maybe I expect to much... These days, it feels like the government can't do much of anything right. But my point is the average user doesn't have to expect lines of source code (the average user probably doesn't know any code to begin with), but a big group like the military could inspect lines of code, find potential errors, and perhaps even contribute fixes for these errors back to the open source community.

Re:Not as many? (1)

shentino (1139071) | more than 4 years ago | (#27914399)

The fact that you CAN audit it at will is a deterrent to malicious coding. If an open source developer ever got caught slipping malicious code into something, the consequences to his reputation would be devastating. With proprietary code, the motives behind the code are shrouded and we really don't know whether or not the RIAA pressured the company to plant torrent-watching spyware.

Bottom line, as long as humans code, no code will be perfect.

Re:Not as many? (1)

greenbird (859670) | more than 4 years ago | (#27913971)

I'm not sure I agree with this. There are plenty of ways to hack all OSs. Maybe a generic underhardened Windows install has more know ways...but how would one even quantify what is know and not know. Public is one thing, but given that Linux is open source and even compiled code can be broken down there is likely many known ways to hack products that are not public yet.

Ummm...The code is public and it's known but not to the public...hmmm...yeah, makes perfect sense.

Re:Not as many? (5, Informative)

blitzkrieg3 (995849) | more than 4 years ago | (#27914093)

There are plenty of ways to hack all OSs. Maybe a generic underhardened Windows install has more know ways...but how would one even quantify what is know and not know.

When getting attacked by the NSA, I'd prefer to use something that they developed [nsa.gov] to stem such an attack. And I don't want to hear, "well they developed it, so they probably have a backdoor." The many eyes argument definitely applies, since patches from the NSA would undoubtedly come under much more scrutiny. Espeically since this has yet to be proven for other operating systems [wikipedia.org].

Anyway, the winning team was using Fedora 8, which has SELinux on by default.

Re:Not as many? (1)

RiotingPacifist (1228016) | more than 4 years ago | (#27914095)

With stuff like nsa contributed rootkey, you can stop any new processes running as root at meaning Linux can be customized to be much more secure than windows. Im a bit disappointed that they couldn't fully secure the system, between stuff like rootkey,selinux/apparmor,iptables and qmail it should be possible to make your basic setup 100% safe. I suppose it depends on what services needed to be up and running but with there must be plenty of tools to help prevent against injection attacks out there.

I got the impression from the older article that they use a good old C(adet)IDS, by simply putting a cadet with wireshark on duty (although wireshark itself has been known to have a few holes, which isnt too much of an issue aslong as you run wireshark with low privileges).

Kobayashi Maru? (5, Insightful)

HaeMaker (221642) | more than 4 years ago | (#27913615)

NSA tailored its attacks to be just 'a little too hard for the strongest undergraduate team to deal with, so that we could distinguish the strongest teams from the weaker ones.'

Nobody wins, but lets see how long you hold out.

Re:Kobayashi Maru? (0)

Anonymous Coward | more than 4 years ago | (#27913817)

NSA tailored its attacks to be just 'a little too hard for the strongest undergraduate team to deal with, so that we could distinguish the strongest teams from the weaker ones.'

So, how did they know who the strongest team was if this was exam?

Re:Kobayashi Maru? (2, Informative)

PitaBred (632671) | more than 4 years ago | (#27914761)

Who fell last, basically. If it wasn't hard enough, multiple teams would have finished and you couldn't have distinguished between them.

Re:Kobayashi Maru? (1)

oGMo (379) | more than 4 years ago | (#27914009)

It's like any benchmark though ... if the samples are all clipping, you can't compare it. Finding the maximum is the point. If your code runtime tests finish in 0.00s (or within the margin of error), you can't tell which is fastest. If all the graphics cards render at maximum FPS, you can't tell which is best. Likewise, if a team "wins", you can't really tell how good they are: "win" is not a useful metric, because you can't tell how far beyond "win" they went.

Modern day Kobayashi Maru... (1, Informative)

alchemist68 (550641) | more than 4 years ago | (#27913661)

This appears like a modern day Kobayashi Maru exercise. And instead of it being designed and executed by a single Vulcan whom we all know, it was done by the best and brightest of our 'No Such Agency'. I say congratulations to both parties, the NSA and the winning West Point Team.

Re:Modern day Kobayashi Maru... (4, Funny)

jdgeorge (18767) | more than 4 years ago | (#27913905)

This appears like a modern day Kobayashi Maru exercise. And instead of it being designed and executed by a single Vulcan whom we all know, it was done by the best and brightest of our 'No Such Agency'. I say congratulations to both parties, the NSA and the winning West Point Team.

Man, do I ever long for the good old days of the Victorian era Kobayashi Maru.

wtf??? (0)

Anonymous Coward | more than 4 years ago | (#27913695)

As soon as i read "[..] used an SQL Injection to [..]" in TFA, I stopped and realized they already failed. How amazing? The NSA calls SQL injection sophisticated? I can't wait to tell what would happen if someone took down a few root backbones.

OpenBSD? (4, Insightful)

wandazulu (265281) | more than 4 years ago | (#27913791)

When it comes to stories like this, or the one about the Dali Lama's computers being compromised, etc., I'm always surprised that no one considers using OpenBSD as their operating system; it's the only one that I know of that is specifically, purposely built, for security. Because it's Unix, it can still run pretty much everything (though you want to use the OpenBSD version because it's been reviewed for security holes, etc.).

Seriously, if I wanted to keep my battle plans, aircraft designs, etc. out of the hands of the "enemy", I'd lock them up in an OpenBSD server, preferably on some less-common architecture like the Alpha, so that anyone trying to hack my system would have an enormously hard time.

Yes I understand this doesn't take into consideration social networking. So I'd take a page from the elevated privilege playbook and say that in my organization, no one trusts the person below him/her so as secrets can never flow downhill. Going back to the operating system, this would presumably be handled by ACLs.

Of course, no system is immune from the booze-n-hookers style of temptation, but that's someone else's job; I'm just here to install and configure software. :)

Re:OpenBSD? (1)

debrain (29228) | more than 4 years ago | (#27914017)

I whole-heartedly agree. OpenBSD is an answer to many-a-question of security, in my humble opinion. Using off-mainstream platforms (like Alpha) is also valuable against those pesky low level vectors.

Parent should be modded up.

Re:OpenBSD? (3, Interesting)

Anonymous Coward | more than 4 years ago | (#27914053)

Yep. That or if OpenVMS if you have Alpha or Itanium hardware. OpenVMS was banned from some of those hack-or-be-hacked competitions, because no one could ever get into them. :)

Re:OpenBSD? (1)

Chirs (87576) | more than 4 years ago | (#27914121)

Odd architectures are an interesting option. Not a surefire guarantee of safety, but can be a useful delaying tactic.

I once was visiting with a friend when a mutual friend at defcon contacted him asking if he had a C compiler for an old mips-based Irix box.

Re:OpenBSD? (1)

rickb928 (945187) | more than 4 years ago | (#27914257)

People keep telling me security by obfuiscation doesn't work. I can buy a working Alpha server this afternoon for $70, and it is already running Red Hat 7.x. I can steal one faster and cheaper.

Blockbuster was running Alphas a few years ago. Those may be traded out, but thinking your CPU will confuse your attacker is rather pointless.

Re:OpenBSD? (2, Insightful)

RiotingPacifist (1228016) | more than 4 years ago | (#27914347)

I keep hearing that BSD is sooo much safer than linux, but isn't it all about the userspace, which is pretty much the same? For there to be much of a difference between linux & BSD you'd have to get to the point where you can make nasty system calls first, which provided your using SELINUX/apparmour/bsd equivalent is pretty hard.

I also fail to see how using a less thoroughly tested platform like alpha is better than using an x86 processor (specifically an x86 that has all the security enhancements)?

Despite my bias being that you are wrong, i am open to suggestions about how BSD is more secure and using alpha is a good idea?

Re:OpenBSD? (1)

AnfieldSierra (737890) | more than 4 years ago | (#27914355)

Of course, no system is immune from the booze-n-hookers style of temptation, but that's someone else's job; I'm just here to install and configure software. :)

OK, where do I sign up for the booze-n-hookers job ?

Re:OpenBSD? (5, Funny)

commodoresloat (172735) | more than 4 years ago | (#27914397)

Yes I understand this doesn't take into consideration social networking.

Exactly. OpenBSD lacks the kind of application client support for Facebook and Twitter that the NSA has come to expect.

Re:OpenBSD? (1)

Isao (153092) | more than 4 years ago | (#27914617)

Going back to the operating system, this would presumably be handled by ACLs.

Actually, you'll probably want to employ some type of multi-level security [wikipedia.org], something that provide mandatory access controls [wikipedia.org] via security labels. This generally provides a model more robust than ACLs.

Re:OpenBSD? (2, Informative)

drinkypoo (153816) | more than 4 years ago | (#27914909)

I'm always surprised that no one considers using OpenBSD as their operating system; it's the only one that I know of that is specifically, purposely built, for security.

What? OpenBSD was forked from netbsd, it's not specifically built for security. It's specifically forked from netbsd, and since then the focus has been on security. Arguably the approach is no more or less valid than using a security layer like selinux. The two have certain parallels; getting some software to run on OpenBSD is a bitch, and getting selinux configured and useful is a bitch :)

So.. (1)

oneofthose (1309131) | more than 4 years ago | (#27913793)

So either Linux is more secure than other operating systems or Linux users are smarter than other computer users.

Re:So.. (0)

Anonymous Coward | more than 4 years ago | (#27914071)

c. All of the Above.

/ego

Re:So.. (0)

Anonymous Coward | more than 4 years ago | (#27914445)

Or linux is a fucking fail of an operating system that only niggers and fags use it.

Good practice (0)

Anonymous Coward | more than 4 years ago | (#27913821)

This is good practice for those NSA hacker teams who will be executing the upcoming "cyber-warfare" false flags against various US targets in the coming year. This will be blamed on China/N.Korea/Iran/"Axis-of-Evil"member.

Anyone have experience in the program? (0)

Anonymous Coward | more than 4 years ago | (#27913889)

I'm in my early thirties and am therefore becoming ineligible for some branches of the military, but I know I still have a coupe of years left to think about joining the army. It'd be interesting to hear from people with any experience doing tech work (especially security or software engineering) in the Army.

An error in the original article (1, Informative)

Frequency Domain (601421) | more than 4 years ago | (#27914039)

There is no "Naval Postgraduate Academy," it's the "Naval Postgraduate School [nps.edu]". If the authors of the article couldn't be bothered to take 15 seconds to confirm that with Google, it makes me wonder what else is incorrect in their writeup.

Re:An error in the original article (0)

Anonymous Coward | more than 4 years ago | (#27914797)

Considering the pejoratives used, it wouldn't surprise me if the winning team indeed use BSD or something truly "non-proprietary".

Sorry but there are too many variations of Linux to say it was simply Linux. Unless you say which Distro and Kernel, it's not really reporting - it's just hack blogging at best.

Secure Linux for the win (2, Insightful)

WillAffleckUW (858324) | more than 4 years ago | (#27914127)

That said, the assumption that the NSA are up to the off-the-reservation methods that true Black Hats would use may not be a correct assumption.

What we anticipate and plan for frequently is not what is used against us by someone who truly is our enemy.

Re:Secure Linux for the win (1)

drinkypoo (153816) | more than 4 years ago | (#27914953)

off-the-reservation methods

I've never heard this phrase before in my life, and now I've heard it twice in a month or two, both times on slashdot. To what do you attribute its resurgence in popularity? Is someone out there astroturfing against indian casinos?

You're looking at it backwards... (2, Insightful)

malevolentjelly (1057140) | more than 4 years ago | (#27914169)

They weren't testing the operating systems, they were testing the cadets. A linux system is a sieve for the NSA-- I think this simply demonstrates that the team using the Linux boxes knew their system better than the teams on Windows or Solaris respectively. It's clear that a group of passionate linux admins can maintain an acceptably secure system at this level of expertise.

However, actually infiltrating the systems would have proven nothing. I guarantee the *level of difficulty* the NSA used in order to properly test the undergrads is beneath what the Chinese government would use if trying to infiltrate a U.S. site.

The reality is that none of these three systems are acceptably secure for government networks one their... if you're relying on just the Unix security model or Windows security model, you're basically wide opened to a dedicated and well-funded attack. It's situations like these where you need to keep your systems well behind a decent level of virtualization like secure separation kernels with more than competent internal security policies. The operating system like Windows, Linux, or Solaris, is really just the "interface" to the system for the users, so to speak.

Re:You're looking at it backwards... (1)

Burkin (1534829) | more than 4 years ago | (#27914515)

Unless they had it disabled the Red Hat systems they used would have had SELinux enabled by default so if their linux systems really were a sieve then that doesn't speak to highly of SELinux and the NSA.

Re:You're looking at it backwards... (3, Informative)

malevolentjelly (1057140) | more than 4 years ago | (#27914639)

Unless they had it disabled the Red Hat systems they used would have had SELinux enabled by default so if their linux systems really were a sieve then that doesn't speak to highly of SELinux and the NSA.

SELinux merely brings linux up to par with other popular commercial systems in security, not beyond them. It brings Linux to the level where it may receive a government EAL 4+ certification, which certifies that the system is safe from casual or inadvertent attacks. These systems do not reflect the level of security necessary to defend government networks.

How Much Do You Want to Bet.... (1)

BJ_Covert_Action (1499847) | more than 4 years ago | (#27914251)

...that in about one week's time there will be a report in the mainstream media about how multiple US Armed Forces' networks underwent a thorough attack by unknown sources that were probably of Russian or Chinese origin, not realizing that it was this training exercise?

number of comments back (0)

Anonymous Coward | more than 4 years ago | (#27914283)

Totally off-topic but it's good to see the number of comments back on the front page summary

The sad truth... (2)

rickb928 (945187) | more than 4 years ago | (#27914361)

Is that if your system is attached to a publicly-available network, you cannot be curtain of a secure system. Don't even try to tell me you can secure your network against all network-based attacks, current and future.

All you can do is raise the bar sufficiently to deter and defeat the lam0rs, and be able to focus your attention on detection, remediation, and retribution - if that's your style.

Having been rooted a few times, I would have loved to slip a little Ex-Lax into their Dew, but my boss said leave them alone. Just as well, they always come back for revenge. Our government may think differently.

But if it's hooked up to the Internet, count on it being compromised. Encrypt your data separately. Make backups and disaster recovery plans. Pray for this to happen on an otherwise quiet weekend, not the day before the quarterlies go out. And have an alternative. Anything is better than nothing.

In case you're wondering, I am a fatalist when it comes to network security. I see little hope.

Re:The sad truth... (2, Funny)

PhxBlue (562201) | more than 4 years ago | (#27914601)

Don't even try to tell me you can secure your network against all network-based attacks, current and future.

Sure I can. All I have to do is pull out this little cable right here an

Re:The sad truth... (3, Funny)

drinkypoo (153816) | more than 4 years ago | (#27915017)

Sure I can. All I have to do is pull out this little cable right here an
--
!#@%*)anks for hanging up the phone, dear.

Never have I seen comment and sig in such harmony.

That's great, but... (1)

Endo13 (1000782) | more than 4 years ago | (#27914421)

In other words, grasshopper, nice work -- but the NSA is capable of much craftier network take-downs.

Thank you Mario! But our princess is in another castle!

Finally! (1)

K. S. Kyosuke (729550) | more than 4 years ago | (#27914743)

"The winning West Point team used Linux, instead of relying on proprietary products from big-name companies like Microsoft or Sun Microsystems."

2009 will be the Year of the Linux MBT!

Nothing new here (4, Informative)

ronmon (95471) | more than 4 years ago | (#27914795)

I was in the AF from 1977-1981 and worked directly for the NSA when they still had some scruples. In fact, my last posting was at Fort Meade after several years in the far east.

As a '202xxA'(Radio Communications Analyst), that focused on foreign military communications, I could have been reassigned at any time as a 202xxB (Radio Communications Security Specialist) with no retraining. The B job just meant we were testing our own weaknesses instead of exploiting those of our opponents. It is important to look inward, find your flaws, and fix them. Kind of like debugging open source code, huh?

That's what they were doing. Good job.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...