Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Russian Spy Ring Needed Some Serious IT Help

samzenpus posted more than 3 years ago | from the close-your-spy-network dept.

Security 191

coondoggie writes "The Russian ring charged this week with spying on the United States faced some of the common security problems that plague many companies — misconfigured wireless networks, users writing passwords on slips of paper, and laptop help desk issues that take months to resolve."

cancel ×

191 comments

Sorry! There are no comments related to the filter you selected.

Encryption (4, Funny)

Pharmboy (216950) | more than 3 years ago | (#32751352)

They encrypted everything using ROT13, TWICE! How much better security can you get?

Re:Encryption (1)

MokuMokuRyoushi (1701196) | more than 3 years ago | (#32751376)

How much better security can you get?

There is a legend of triple layered ROT13...

Re:Encryption (1)

JWSmythe (446288) | more than 3 years ago | (#32751622)

    Lets not forget about the ultimate, ROT52. 4 times the security at only 4 times the price. From what I understand, it's to be the new official government standard for encrypting classified documents. AES is just too hard to do with a pencil and paper.

Re:Encryption (1)

Captain Splendid (673276) | more than 4 years ago | (#32752248)

Jeeezus. You took an extremely stale joke and steered it straight into the wall. Come on, folks, this is 2010, we can do better than this!

Re:Encryption (1)

spazdor (902907) | more than 3 years ago | (#32751626)

Three layers? And this obfuscates sufficiently?

How odd!

Re:Encryption (1)

Mephistro (1248898) | more than 4 years ago | (#32751854)

FYI, three lawyers can obfuscate anything!

Re:Encryption (2, Funny)

rubi (910818) | more than 4 years ago | (#32752060)

If you manage to replicate the thinking algorithm of only one lawyer, you've just created truly unbreakable one-way obfuscation. Not even the original lawyer understands after his own process.

Re:Encryption (1)

GaryOlson (737642) | more than 4 years ago | (#32752018)

Everyone know 3 layers=3 sides= strongest simple structure.
This is STRONG encryption.

Re:Encryption (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32751814)

This joke is on the same level as the morons who say "that's no moon" every time there's something posted about an astronomical body.

Kill yourself, you unoriginal piece of garbage.

Writing passwords isn't necessarily bad (3, Insightful)

dhavleak (912889) | more than 3 years ago | (#32751372)

Thats the least of their problems. (1)

elucido (870205) | more than 3 years ago | (#32751508)

Writing the password probably isn't as smartest way to save it but lets be realistic, nobody can remember a 26 character password. It's bound to be written somewhere even if it's written in a PGP encrypted email message to self.

Re:Thats the least of their problems. (2, Insightful)

Culture20 (968837) | more than 3 years ago | (#32751648)

nobody can remember a 26 character password

abcdefghijklmnopqrstuvwxyz. If preschoolers can learn an arbitrary sequence of meaningless symbols totaling 26, then I think it's possible.
Plus, your sentence is longer than 26 characters and so is this one.

Re:Thats the least of their problems. (0, Redundant)

Culture20 (968837) | more than 4 years ago | (#32751838)

nobody can remember a 26 character password

abcdefghijklmnopqrstuvwxyz. If preschoolers can learn an arbitrary sequence of meaningless symbols totaling 26, then I think it's possible. Plus, your sentence is longer than 26 characters and so is this one.

How exactly was I redundant above? GP said it couldn't be done, and I pointed out that almost every five year old in the U.S. does it. And a lot of 20-25 year olds re-learn it backwards.

Re:Thats the least of their problems. (1, Insightful)

Anonymous Coward | more than 3 years ago | (#32751716)

Writing the password probably isn't as smartest way to save it but lets be realistic, nobody can remember a 26 character password.

Use a memorable quote, a poem a song lyric, whatever phrase you can remember easily. Use the first letter or two from each word, swapping case and substituting punctuation marks/numbers as needed. Finally, a use for 1337-5p34k!

Example -
Whose woods these are I think I know.
His house is in the village though;

Becomes - wh wo ar th i th i kn ki ho i i th vi th

And further - whW04rTh1th1knhiHo11ThviTh

A 26 letter password that can be remembered easily, mixing case and numbers. Not perfect, but few passwords are.

Re:Thats the least of their problems. (4, Funny)

Stupendoussteve (891822) | more than 4 years ago | (#32751752)

"Your password has expired"

"Your password is too similar to your last password"

"Your password much be entirely different than the previous 50 passwords"

Re:Thats the least of their problems. (4, Informative)

Mashiki (184564) | more than 4 years ago | (#32751902)

You laugh and mock, but the last head of IT we had, had us on 14 day rotating passwords. After 2 months he got canned.

Re:Thats the least of their problems. (1)

GaryOlson (737642) | more than 4 years ago | (#32752024)

Canned? He should have been freeze-dried and mounted on display as a warning.

Re:Thats the least of their problems. (1)

Yvan256 (722131) | more than 4 years ago | (#32752074)

Of course he got canned! You're supposed to change passwords every 30 seconds!

Re:Thats the least of their problems. (3, Insightful)

mortonda (5175) | more than 4 years ago | (#32752304)

Use a memorable quote, a poem a song lyric, whatever phrase you can remember easily. Use the first letter or two from each word, swapping case and substituting punctuation marks/numbers as needed. Finally, a use for 1337-5p34k!

Example -
Whose woods these are I think I know.
His house is in the village though;

Becomes - wh wo ar th i th i kn ki ho i i th vi th

...and this is why I don't like this technique - you didn't even get it right in your example!

wh wo th ar i th i kn hi ho i i th vi th

Re:Thats the least of their problems. (1)

h4rr4r (612664) | more than 4 years ago | (#32751756)

I have remembered several password this long and longer. I have no idea what they are, but I can type them every time.

Re:Thats the least of their problems. (5, Funny)

interkin3tic (1469267) | more than 4 years ago | (#32751830)

That is indeed the least of their problems. I've heard their computers were themselves full of

(puts on sunglasses)

spyware.

Re:Thats the least of their problems. (1)

blair1q (305137) | more than 4 years ago | (#32751988)

I don't doubt it. The FBI ain't all n00bs, and no doubt can pull up the keylogger logs for the computers of any number of bad-actors.

Re:Thats the least of their problems. (1)

jonnythan (79727) | more than 4 years ago | (#32752332)

YEAAAAAAHHHH

Re:Thats the least of their problems. (0)

Anonymous Coward | more than 4 years ago | (#32751908)

Writing the password probably isn't as smartest way

What's wrong with it? Make a good, hard-to-remember password and keep it with you physical keys. If you lose it, change it, just like you'll need to rekey your locks.

Seriously, it probably is the smartest solution for most people.

Re:Writing passwords isn't necessarily bad (1)

blair1q (305137) | more than 4 years ago | (#32751980)

The correct rule is to protect the password at the same level of security as the data you access with that password.

So, writing down a password on a post-it on your desk is not appropriate if you wouldn't do the same with the most sensitive item of data on your computer or network.

Similarly, if you have a sensitive network and a not-so-sensitive network, writing your sensitive-network password into a file stored on your not-so-sensitive network is a bad thing. This includes putting it in an encrypted file on that not-so-sensitive network.

Passwords (5, Insightful)

birukun (145245) | more than 3 years ago | (#32751382)

Nothing wrong with writing down your long complex passwords..... UNLESS YOU LEAVE IT LAYING AROUND

The complaint read like a spy novel.... A ready-made Bourne script!

Re:Passwords (1)

PinkyGigglebrain (730753) | more than 3 years ago | (#32751638)

What?!?!

Bourne would never have been this stupid!

Everyone trying to catch him on the other hand ...

Re:Passwords (4, Insightful)

timeOday (582209) | more than 4 years ago | (#32752030)

They left it lying around... their home. The reason it was compromised was because (apparently) the FBI had a warrant to go in their home, meaning they were already under suspicion because of something else they had done.

Here is my point: if you do something that causes the FBI to monitor your every move and scour your home for clues for over 10 years, it is going to be very hard to keep many secrets, regardless of how you configure your WiFi or whether you try to memorize random 27 character passwords.

Seems like they doing this on the cheap? (1)

Joe The Dragon (967727) | more than 3 years ago | (#32751386)

Seems like they doing this on the cheap? acting dumb? stolen parts?

Well this just proves (4, Interesting)

al0ha (1262684) | more than 3 years ago | (#32751390)

the incompetent can be easily caught. Perhaps these were even decoys for the competent operation still running.

Re:Well this just proves (-1, Troll)

Anonymous Coward | more than 3 years ago | (#32751494)

they are russian so they are all white guys. if they hired enough niggers and spics and bitches they'd be so diverse that no one would investigate them because it wouldn't be PC.

Re:Well this just proves (0)

Anonymous Coward | more than 3 years ago | (#32751670)

I'm sorry the mexican guy took your job. But he does it twice as fact as you for half the money. Why do you hate capitalism?

Re:Well this just proves (5, Interesting)

flajann (658201) | more than 3 years ago | (#32751516)

the incompetent can be easily caught. Perhaps these were even decoys for the competent operation still running.

Took the words right out of my mouth. You'll never know if you have a real competent spy around. Those Russians are very shrewd when it comes to this. Many years ago a US statesman was given a "gift" -- a wood carving supposedly made by children -- when he went to Russia. When he got back, he hung it up in the very conference room, he hung the thing up on the wall.

Over time, they noticed that discussions were slipping out of the room to the Russians, so they had the room checked for bugs. They could find nothing. And yet secrets still kept slipping.

They eventually checked the "gift" -- turned out it had a passive resonant circuit attached to a capacitor that had a diaphragm modulated by sound. How it was activated? Externally by a radio source at 300 MHz. It was quite ingenious, because there were no electronics as such-- just a tube with the diaphragm attached at the end.

The US guys couldn't figure it out, so they consulted British scientists!!! Can you believe that? Man, how stupid the US gov can be sometimes.

Re:Well this just proves (5, Informative)

Anonymous Coward | more than 3 years ago | (#32751598)

That seal is hanging at the NSA museum. If you go there, you can open it up and see the microphone. Pretty neat.

http://www.nsa.gov/about/cryptologic_heritage/museum/virtual_tour/museum_tour_text.shtml

look for "great seal"

Re:Well this just proves (2, Funny)

MoellerPlesset2 (1419023) | more than 3 years ago | (#32751722)

You'll never know if you have a real competent spy around.

I know! It's just the same with the half-dozen ninja assassins lurking in my apartment!

But they're there. I can feel it.

Re:Well this just proves (2, Informative)

sznupi (719324) | more than 4 years ago | (#32751742)

To be fair, it might have been just as well made by children - at least when it comes to visible parts ;p

Also, the seal device was actually hung on a wall in Soviet Union, by the US ambassador there. The interesting part made by no other but...Theremin.

Re:Well this just proves (0)

chill (34294) | more than 4 years ago | (#32751962)

Robert McNamara, the Sec. of Defense for Kennedy and Johnson. SecDef during the Cuban Missile Crisis and much of the Vietnam War.

Re:Well this just proves (0)

Anonymous Coward | more than 3 years ago | (#32751590)

Decoy for what? The "real" spies discovering the secrets of American suburbia and socialites? The whole story to me is just a big crack up. If this were a real decoy, it seems like they would be doing something at least apparently useful.

Re:Well this just proves (1)

euxneks (516538) | more than 3 years ago | (#32751616)

the incompetent can be easily caught. Perhaps these were even decoys for the competent operation still running.

This sounds like the plot to Spies like Us

Re:Well this just proves (1)

shoehornjob (1632387) | more than 4 years ago | (#32751958)

The only question I ever thought was hard, is do I like Kirk or do I like Picard?

Picard of course. Earl Grey please.

Spying? There's no App for that?! (1)

birukun (145245) | more than 3 years ago | (#32751392)

C'mon Apple Developers..... no App for that? :-)

Re:Spying? There's no App for that?! (1)

Pharmboy (216950) | more than 3 years ago | (#32751432)

'mon Apple Developers..... no App for that? :-)

Just like porn, Steve Jobs recommends you use Android for that.

Re:Spying? There's no App for that?! (5, Funny)

Mitchell314 (1576581) | more than 3 years ago | (#32751444)

Yes. iSpy: with my little i. (Wonder if applescript would actually accept it).

Mac love (0)

Anonymous Coward | more than 3 years ago | (#32751414)

Anna Chapman posted on Facebook she liked her new Mac -- this was back in January ...

I find this entire story to be a load of shit (-1, Troll)

garcia (6573) | more than 3 years ago | (#32751428)

I hate the entire story. It's as if they're trying to detract from real news and we needed a new set of terrorists to hate. "Well we haven't hated the Russians since the early 1990s, let's get back to that."

Re:I find this entire story to be a load of shit (3, Insightful)

Pharmboy (216950) | more than 3 years ago | (#32751468)

But what if it is true? Likely, it is, actually. Every country spies on other countries. I don't really see the US getting completely bent out of shape over it, it was a 10 year investigation. What was more important was tracking them and finding out who in the US was helping them. But spies come and go, but spying is a constant.

Re:I find this entire story to be a load of shit (1)

elucido (870205) | more than 3 years ago | (#32751536)

Why arrest them in a big show though? Usually spies are expelled not arrested.

Re:I find this entire story to be a load of shit (5, Interesting)

schwaang (667808) | more than 3 years ago | (#32751666)

Unlike typical spies with foreign diplomatic cover, these alleged "illegals" cannot just be summarily expelled back to their home countries. Any act against them requires due process, the first step of which is pressing charges.

The lack of diplomatic cover also means they are not protected from any charges that may stick. Spying without diplomatic cover is a very risky game. It makes this case all the more interesting.

Re:I find this entire story to be a load of shit (2, Funny)

Kral_Blbec (1201285) | more than 4 years ago | (#32751886)

Hmmm, you bring up a good point. The Russians should have just hired a bunch of Mexicans. Then, even after we find out they are illegal, we still couldn't touch them!

Re:I find this entire story to be a load of shit (1)

Fluffeh (1273756) | more than 4 years ago | (#32751960)

Why arrest them in a big show though? Usually spies are expelled not arrested.

If you were leading a TEN YEAR investigation, wouldn't YOUR office be demanding some publicity at the end of it to justify ten years of spending on your salaries, the investigative costs and so forth?

The best way to deflect a financial inquiry is to point at the TV where your "heroes" are out there making your country safe.

*sips coffee*

Re:I find this entire story to be a load of shit (4, Funny)

JWSmythe (446288) | more than 4 years ago | (#32751746)

The United States gets very offended by espionage activity, because we would never do it to anyone else. They promise. Not a single satellite [wikipedia.org] . No high altitude spy planes [wikipedia.org] . No high altitude long range supersonic spy planes [wikipedia.org] (we retired all of these, we promise). No remote control spy planes [wikipedia.org] . No flock [cia.gov] of [dia.mil] agencies [nsa.gov] with covert operations world wide. Nope, not the US. Keep your spies out of our country, we don't do it to you.

    Excuse me, there are a couple nice men in black suits knocking at my door that just want to ask me a few questions.

Re:I find this entire story to be a load of shit (1)

sznupi (719324) | more than 4 years ago | (#32751782)

It must be ok if filthy liberal commie places [europa.eu] have a problem with all that stuff.

Re:I find this entire story to be a load of shit (1)

hedwards (940851) | more than 4 years ago | (#32751834)

We do, and the Israelis have been caught spying on us. That's probably the most offensive of the cases. The Israelis that depend upon us for support are spying on us. Not terribly surprising when they got caught, but it's still going to require a lot of chutzpah to do such a thing. Sort of like assassinating somebody on foreign soil or shooting peace activists.

Re:I find this entire story to be a load of shit (1)

nomadic (141991) | more than 4 years ago | (#32752228)

I don't find that offensive; countries spy on each other. I am assuming, and hoping, we're spying on Israel. If we're not, THAT would be more offensive to me.

Re:I find this entire story to be a load of shit (0)

Anonymous Coward | more than 4 years ago | (#32752320)

Hey! I soil myself... I mean I shoot foreign peace activists.

Re:I find this entire story to be a load of shit (0)

Anonymous Coward | more than 4 years ago | (#32752326)

Not to mention

http://en.wikipedia.org/wiki/Lavon_Affair [wikipedia.org]

Not exactly trust-inspiring.

Use passphrases (4, Interesting)

hkz (1266066) | more than 3 years ago | (#32751446)

Passwords are the wrong solution. Trying to make people remember a short string with high entropy is hard, so people write them down. The other way around is much better - long passphrases with less of the tedious entropy. Quotations, lyrics, names, whatever. They're much easier to remember and much harder to brute-force. Sprinkle in some punctuation and you're golden.

Re:Use passphrases (1)

AuMatar (183847) | more than 3 years ago | (#32751522)

That's an even worse solution. Do you really think end users are going to be willing to type a 200 letter phrase in instead? We use passwords for a reason- its as much as most people are willing to type before becoming annoyed.

Re:Use passphrases (1)

caffeinemessiah (918089) | more than 3 years ago | (#32751654)

That's an even worse solution. Do you really think end users are going to be willing to type a 200 letter phrase in instead? We use passwords for a reason- its as much as most people are willing to type before becoming annoyed.

You, sir, have outdone yourself, even for slashdot standards. A passphrase is NOT "a phrase as a password", but rather a phrase as a mnemonic for your password.

Example:

Passphrase: 100 quick clicked commentors barely read Slashdot each day!
Password: 100qccbrSed!

I'll leave it to you to figure the magic out.

Re:Use passphrases (1)

KevMar (471257) | more than 4 years ago | (#32751724)

A pass phrase is not that bad of an idea. It does not have to be 200 chars long, but a few words that mean something to you stringed together. If nobody can see you type it, then they will have no clue its a pass phrase. If they see you tap space every 4-7 chars they will figure it out.

For a while, I used the phrase "I am the administrator!" for my workstation admin password. 23 very easy characters to remember. It is such a simple password to remember and hard to guess.

Re:Use passphrases (0)

Anonymous Coward | more than 4 years ago | (#32751734)

Thanks for your password you BIG DUMMY!

Re:Use passphrases (1)

izomiac (815208) | more than 4 years ago | (#32751878)

Two hundred characters for a single phrase would be huge. It's a passphrase, not a passsentence. Plus you can type real words much faster than high entropy passwords. Time-wise they might take a bit longer than a well-memorized (a.k.a. "soon to be expired") password, but nothing like the difference in character count would suggest. OTOH, it's much harder to gauge the entropy of an English phrase than a random string, so there are practical problems with them from a policy standpoint.

Re:Use passphrases (1)

joelsanda (619660) | more than 4 years ago | (#32752348)

That's an even worse solution. Do you really think end users are going to be willing to type a 200 letter phrase in instead? We use passwords for a reason- its as much as most people are willing to type before becoming annoyed.

Yes. Assuming I'm an "end user" - I've been in I.T. for 13 years and still haven't quite figured out why the word "end" is put in front of user.

Anyway ...

I use passphrases for everything that will take something more than a short-digit PIN. My favorite is 27 characters long. At work I cull my memory for a passphrase, use that, and recall it much quicker than a coworker who enters part of the previous password, hits the backspace button, and mumbles "Now what was my new password again?" By the time he's done that I've entered in my 20 - 30 character passphrase.

Is that a joke? (1)

elucido (870205) | more than 3 years ago | (#32751526)

Passphrases are not harder to brute force. In general if you have 26 random characters its hard to brute force.

Re:Is that a joke? (1)

caffeinemessiah (918089) | more than 3 years ago | (#32751696)

Passphrases are not harder to brute force. In general if you have 26 random characters its hard to brute force.

Passphrases encourage the use of numbers, capitalization, longer passwords, and punctuation. If the common password is all lowercase letters and maybe digits, your looking at a search space of (26+10)^k for a password of length k. If you throw in the 30 or so punctuation marks, and capitalization, the search space is (26+26+30)^k for the same length of password.

Given that so many people use lowercase+digits passwords, I'd be inclined to think that anyone brute-forcing a bunch of passwords would stick to the (26+10)^k search space, and therefore leave yours uncrackable. If they're just going after yours though, all bets are off, but then you should probably be using some uber-fancy authentication scheme anyway.

Re:Is that a joke? (1)

Culture20 (968837) | more than 4 years ago | (#32751796)

Passphrases are not harder to brute force. In general if you have 26 random characters its hard to brute force.

If you don't follow correct grammar, you can make a secure passphrase that's easier to remember than 98jn339ejnT#T*j#fe8#wf#F.
Assume a character set of 256, that means with 8 random characters, you've got 8^256. 8 random characters is tough for some people to handle. With passphrases, if you allow only english, you've got a "character" set of `wc -l /usr/share/dict/words` (98569), so with 8 random words, you've got 8^98569 possibilities. Of course, to follow a sense of grammar (even bad), you reduce that down a lot, but it has a benefit of being long absolute-character-wise, and short virtual-character-wise... average english word length is apparently ~9; X=`wc -m /usr/share/dict/words |cut -f1 -d' '`; Y=`wc -l /usr/share/dict/words| cut -f1 -d' '`; echo `expr $X / $Y` and `expr $X % $Y`/$Y
so even a random 8 word passphrase might be longer than 72, thus it's potentially 72^256 when brute forced character-wise.

Re:Use passphrases (1)

CharlyFoxtrot (1607527) | more than 3 years ago | (#32751676)

Remembering random strings isn't that hard, it just takes time. People's heads are crammed full of random bits of data (pieces of bank account numbers, random login names you've been assigned, etc.) Instead of using a 20 character string as a password and trying to remember it straight away, generate four 5 character strings, write them down and recite them a couple times a day every day for a couple of weeks. After you're so sick of them you could recite them in your sleep eat the piece of paper and combine them into your superpassword. It's better than opening yourself up to dictionary attacks by developing methods and habits for forming passwords (for the real important stuff.)

Re:Use passphrases (0)

Anonymous Coward | more than 4 years ago | (#32751740)

Remembering random strings isn't that hard, it just takes time.

Yep. And by the time you've finally mastered your own password, the password aging policy tells you that is is time to change it. Time to put a new sticky note on the side of the monitor.

Re:Use passphrases (1)

Slutticus (1237534) | more than 4 years ago | (#32751738)

Some suggestions from OS X Keychain:

get8]umbra

leg51{kirsch

creed60[king

feud72)sane

Kirk118#guff

chap150&plow

Just replace the numbers (or words) with something memorable to yourself, and you have a powerful easy to remember PW. Not quite as easy as a passphrase, but not a random jumble that's impossible to memorize. Plus the last one is kind of funny if you think about it......

Re: Use passphrases (1)

grahamsaa (1287732) | more than 4 years ago | (#32751774)

I remember one of our truecrypt volume passwords at work used to be "mymilkshakebringsalltheboystotheyard". Upon being informed of that, I thought "ok, pretty secure, easy to remember, but who the hell came up with that?"

Re: Use passphrases (1)

apparently (756613) | more than 4 years ago | (#32752186)

I remember one of our truecrypt volume passwords at work used to be "mymilkshakebringsalltheboystotheyard". Upon being informed of that, I thought "ok, pretty secure, easy to remember, but who the hell came up with that?"

What hole are you living in that you don't recognize that as a song lyric [lmgtfy.com] ?

Re: Use passphrases (1)

grahamsaa (1287732) | more than 4 years ago | (#32752244)

Um, I may live in a hole, but I know the lyric. The funny thing about the passphrase is that I work with a bunch of (male) engineers, and one of them selected that as a passphrase. I just think it's strange that an engineer, probably in his mid 40s with a beer gut, came up with that.

Re:Use passphrases (1)

blair1q (305137) | more than 4 years ago | (#32752012)

This is mine:

"There's nothing more useless than a passphrase based on a quote."

(One Quotation-Dictionary Attack Later)

ALL YOUR BASE ARE BELONG TO US!

Re:Use passphrases (0)

Anonymous Coward | more than 4 years ago | (#32752322)

Actually I say that the best solution is some kind of physical key, probably a USB thumbdrive. New employees at a company would be given the key, they could not access their computer without it, etc. Passwords that you have to memorize will never be the ideal solution because people are lazy and often stupid.

they were just make it look ... (2, Funny)

jobst (955157) | more than 3 years ago | (#32751450)

they were just make it look like you standard network, so they do not arouse suspicion ..... ;-)

Slower than a onetime pad (0)

Anonymous Coward | more than 3 years ago | (#32751484)

For decades, Soviet agents used one-time pads (eg, Venona http://en.wikipedia.org/wiki/Venona [wikipedia.org] ). It must have been frustrating to encrypt messages ... looking up aliases, then doing letter by letter transfers, then padding things out and going to the telegraph agency.

You can imagine wasting an afternoon during the cold war: Doors locked, shades drawn, crouching over codebooks, slowly penciling in cyphertext.

But it seems speedy and efficient compared to some of these spies' antics. When the courier spy delivered the laptop to a suspect, he said, "if this doesn't work we can meet again in six months" Another suspect was overheard saying to another, "they don't understand what we go through over here."

Ouch!

Re:Slower than a onetime pad (4, Interesting)

MichaelSmith (789609) | more than 3 years ago | (#32751512)

Makes me think that Russia had already abandoned these people. They knew the FBI were on to them and cut down on support to limit damage to other parts of their network.

they're not spies, they're defectors (4, Insightful)

circletimessquare (444983) | more than 3 years ago | (#32751504)

they put on the bare minimum effort to convince the kgb they're still on the team (so they don't get any polonium in their tea)

then they dig up their free bags of money in sullivan county, and get on with their average suburban wannabe lives. when the kgb calls, they find a paranoid schizophrenic's blog and rivet their kgb bosses with useless tales of intrigue from the wild west. this spy ring is a joke

if you want to talk about modern life destroying cherished traditions, add this to your list: comfortable suburban living killed james bond

Re:they're not spies, they're defectors (1)

colfer (619105) | more than 3 years ago | (#32751600)

Or they have connections who got them their cushy US layabout jobs.

The net history of espionage is like the net profit history of the airline industry. Comes out to about zero on balance (going back to the Wright Brothers, or so they say). But in espionage, even though the topmost levels of the U.S. and British and probably Soviet spy agencies were infiltrated over and over again, I guess there is some argument you can't just unilaterally disband them unless the other side does too.

Re:they're not spies, they're defectors (1)

maxume (22995) | more than 3 years ago | (#32751606)

Casino Royale was great, and not much less plausible than most of the early stuff.

Really, a money launderer in trouble with his clients is a great deal more plausible than some dude with a kitten taking over a casino (Which wasn't particularly early, but it also wasn't particularly late).

But maybe you meant real spies.

Re:they're not spies, they're defectors (1)

alex4point0 (179152) | more than 4 years ago | (#32751806)

While on the subject of Bond:

FTA: "I am going to write in invisible!" -- best read out in your best Boris/Goldeneye voice.

Re:they're not spies, they're defectors (1)

elucido (870205) | more than 3 years ago | (#32751624)

they put on the bare minimum effort to convince the kgb they're still on the team (so they don't get any polonium in their tea)

then they dig up their free bags of money in sullivan county, and get on with their average suburban wannabe lives. when the kgb calls, they find a paranoid schizophrenic's blog and rivet their kgb bosses with useless tales of intrigue from the wild west. this spy ring is a joke

if you want to talk about modern life destroying cherished traditions, add this to your list: comfortable suburban living killed james bond

Seriously? You think Russia would put polonium in their tea? On US soil? I know the guy you are talking about so it does happen but I don''t think Russia would dare do that. That being said I agree the spy ring does look to be a joke and I'm not sure why there is such a big deal about this considering they were an unsuccessful ring.

They weren't all full of shit because some of them (the Chapman female) seemed to have some real skills.

Re:they're not spies, they're defectors (1)

HishamMuhammad (553916) | more than 4 years ago | (#32752184)

Hah, it had to be circletimessquare -- oh how I miss Kuro5hin and this kind of out-of-the-box thinking that used to come up there so often from you and the rest of the people. Too bad the place was filled with trolls to the point of unusability the last few times I tried to return.

Kid Detectives (1)

ForAllTheFish (1191163) | more than 3 years ago | (#32751518)

This makes all those kid detecive stories about kids busting international spy operations SO much more believeable.

Hey these were language, not IT, experts (2, Insightful)

Katchu (1036242) | more than 3 years ago | (#32751558)

Sounds similar to a lot of corporate America: Using OS that locks up, poor password security, need to send laptops to corporate for assistance, ...

These Russian spies could have wrote their own. (1)

elucido (870205) | more than 3 years ago | (#32751584)

They could have wrote their own steganography applications. Any known steganography application is probably also known by law enforcement and useless. The success or failure of steganography is based on the fact that the actual use of it and the type of it remains secret. When it's known then it's useless. It's very much like encryption where the key has to be kept secret or the encryption is worthless because the security of the scramble is the randomness of the key.

Let's just say it, these spies didn't know the technology and we should be glad they didn't. I don't understand why the hell we are seeing these ridiculous articles about what they should have done or about steganography applications they could have used. Yes a lot of those apps exist but the Russians didn't write it.

Wrinting in a Secret language (1)

jamesyouwish (1738816) | more than 3 years ago | (#32751588)

If I write my password down in another language isn't that secure.

Re:Wrinting in a Secret language (1)

hedwards (940851) | more than 4 years ago | (#32751824)

I assume you're joking. In order for it to be a language there has to be syntax and grammatical rules. You have to write those, then and it doesn't take that long to figure out that it's a new language. And if you don't manage to actually figure that out, then you've got a string of seemingly random characters, which probably look a lot like a password.

Re:Wrinting in a Secret language (1)

elucido (870205) | more than 4 years ago | (#32751894)

Who said anything about it having to be a language? That seems like it would be even more difficult than writing a script and distributing the CD. The script could handle everything. It could be written in python, java, perl or any other language.

You would think a country like Russia would have some top notch programmers. All this talk about cyber warfare and hackers trained by the Russian government and they can't write code? I don't believe it.

The key question: did they run Linux? (4, Interesting)

porky_pig_jr (129948) | more than 4 years ago | (#32751726)

And if so, is that good or bad?

If spies can't even get it right (5, Interesting)

Anonymous Coward | more than 4 years ago | (#32751750)

I have little to no hope that the corporate world ever will.

I'm an IT director at a mid-sized company in the US. I've worked hard to educate top executives on security issues, and to encourage them (it's hard to force a CEO or CFO to do anything) to use best practices. I've experienced a lot of resistance.

Most companies think of IT, and security in particular, as an afterthought, if at all. Our CEO, who is responsible for active contracts that are worth tens of millions of dollars, and who has very sensitive financial data and intellectual property on his laptop, balked when I told him I did not want to know his password. He'd ask me to fix a problem with his machine, and be bothered by the fact that I would ask him to type in his password himself when I needed it. Eventually I gave in and started typing it in myself. Apparently it's an open secret from middle-management up. He uses the same password for everything, and all of the privileged managers know what it is. What if one of us quits or is fired? I imagine he uses the same password for his online banking as well. It's a big risk. He travels internationally on a regular basis. Having 20 people that know the password to all of your accounts. . . well, that scares the shit out of me, but it doesn't seem to bother him.

And I get the sense that most people, whether they work in espionage or in the private sector, see security as more of an annoyance than anything else. That is, until a breach happens. When that happens, the IT department is blamed.

In those situations, "I told you so," is not an acceptable response. When bad things happen, heads roll. I'm afraid that despite my most strenuous efforts to encourage best practices for top executives, my head will one day be on the chopping block for one of their mistakes.

Sorry to post anonymously (it's the first time I have!), but other folks in my department read ./ and I can't really expose my name / UID in this particular case.

Re:If spies can't even get it right (2, Insightful)

turbidostato (878842) | more than 4 years ago | (#32752032)

"I'm an IT director at a mid-sized company in the US [...] Our CEO [...] He'd ask me to fix a problem with his machine"

You *think* you are an IT director, but you are the mop guy.

At least that's what your CEO thinks, and that's all that counts.

go low tech (2, Insightful)

LostMonk (1839248) | more than 4 years ago | (#32751758)

Why try to beat US security at their own game? go low tech. it works for el-qaeda. If they used the good old mail services they would have gone unnoticed for another 10 years.

Well what this really all just means is that the.. (1)

3seas (184403) | more than 4 years ago | (#32751780)

.... terrorist threat is just not working very well anymore, so its time to remake an old threat....

But this time its really a lot more like "Spy vs. Spy" as found in MAD magazine.

Re: writing passwords on slips of paper (3, Interesting)

OnePumpChump (1560417) | more than 4 years ago | (#32751810)

Unless it's a randomly generated password, omit some letters. You shouldn't need the whole password to remind yourself what it was.

Funny (2, Funny)

formfeed (703859) | more than 4 years ago | (#32751840)

If they had just called themselves a business intelligence and consulting service for foreign investors, they wouldn't have any problems.

And if you call yourself a lobbyist you can even funnel money from foreign governments into your congressman's pocket.

Obligatory Rock & Bullwinkle Reference..... (1)

IHC Navistar (967161) | more than 4 years ago | (#32751912)

This whole thing reads like an episode of Rocky & Bullwinkle.

Boris Badenov: "Everything going fine until Moose and Squirrel!"

Natascha Fatale: "What you mean, dear?"

Boris Badenov: "Everything working fine until we get laptop with Windows!"

Fearless Leader: "First Chernobyl, then Kursk, NOW OUR SPIES!"

Natascha Fatale: "Dahling, least not Moose & Squirrel this time....."

Espionage or nepotism? (0)

Anonymous Coward | more than 4 years ago | (#32752340)

Somehow this seems more like nepotism than espionage.

Like when Boris gets a contract to supply trucks to a construction site because his uncle is the towns mayor.

Hey, you get to live it up in the USA on the states dime. We'll call it long-term deep cover spying. Yeah that's the ticket.

     

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?