Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Military and Government E-mails Compromised

Soulskill posted about 3 years ago | from the neverending-story dept.

Government 132

Dangerous_Minds writes "ZeroPaid is reporting that 16,959 e-mail accounts were recently exposed by Connexion Hack Team. Included in the data dump are usernames and passwords for military and government accounts. The other compromised accounts included addresses from GMail, Yahoo, MSN, and AOL." Reader Stoobalou adds a report that NATO's servers have been hit for the second time in as many months.

cancel ×

132 comments

Good. (0, Troll)

Anonymous Coward | about 3 years ago | (#36666638)

The North American Terrorist Organization deserves what they get.

Re:Good. (0)

Anonymous Coward | about 3 years ago | (#36666948)

Mod parent up, unless you're a commie.

Re:Good. (1)

said213 (72685) | about 3 years ago | (#36667028)

I think that NATO's a slight grade above the accomplishments of communism.
It astounds me how forward thinking we all pretend to be while constantly comparing new problems to the past.
Unless and until you have something clever to say about anarchy, you're just trolling.

Re:Good. (-1, Troll)

Anonymous Coward | about 3 years ago | (#36667536)

Your mom is just trolling my dick. Bazinga!!1

Re:Good. (1)

JustOK (667959) | about 3 years ago | (#36669534)

There's rules for being a good anarchist. Of course, none of the good anarchists follow them.

First (-1)

Anonymous Coward | about 3 years ago | (#36666640)

post

Re:First (0)

Anonymous Coward | about 3 years ago | (#36668540)

You failed and should probably just kill yourself now.

Going to throw stones? (-1, Flamebait)

Sooner Boomer (96864) | about 3 years ago | (#36666668)

So are the same people that decried the hacking of Milly Dowler's phone going to speak out against this hack attack too? Hmmph - thought not. One set of rules for you, another set of rules for those you have decided are the "bad guys".

Re:Going to throw stones? (1, Insightful)

TheGratefulNet (143330) | about 3 years ago | (#36666682)

what's your agenda here, btw?

lets start with that. how odd you make a comparision when no sane person would. speaks volumes about you.

Re:Going to throw stones? (0, Flamebait)

Sooner Boomer (96864) | about 3 years ago | (#36666734)

what's your agenda here, btw?

My "agenda" is to point out the hypocrisy. The same people that clapped in glee with the release of this and other govt. data should either clap in glee with the release of ALL hacked data, or should object to the release of ALL hacked data.

Re:Going to throw stones? (1)

Anonymous Coward | about 3 years ago | (#36666774)

False dichotomy. One is a family, one is a large and corrupt public organisation.

Re:Going to throw stones? (0)

TheVelvetFlamebait (986083) | about 3 years ago | (#36667014)

Wait, you know the US government is corrupt? Oh my god! Have you contacted the police, or the press, or corruption watchdogs, or presented your evidence somewhere on the internet, or anything like that?

Re:Going to throw stones? (1)

SomePgmr (2021234) | about 3 years ago | (#36668252)

I know you guys are mostly just going at each other, but seems to me that knowing corruption is rampant (at least what regular people call corruption) is very different from necessarily having some new, undisclosed evidence in hand. I mean, we see cases of it every day... some of which net prosecutions, and sadly many that don't. Politics is a lying bastards game, fueled by huge sums of money and extraordinary influence. It doesn't surprise most of us that a situation like that is rife with problems. The only time I hear anyone even suggest otherwise is when they're temporarily blinded by some flashy new liar. Though it always ends the same, in time.

And I think the original point stands... sometimes we consider various kinds of cronyism, back room deals, government contracts, negligence, etc. as examples of corruption, even if they're somehow legal. Just because most people don't know, or care enough to say anything about it, doesn't mean it's not shitty. We're not lawyers, so we judge right and wrong on the stricter criteria of everyday life.

I'm not normally a black helicopters, Illuminati, "zomg corporations r teh evil" kind of person... but I think it's entirely rational to expect frequent and serious problems in system with so much money and influence around for the taking.

Re:Going to throw stones? (5, Insightful)

bsDaemon (87307) | about 3 years ago | (#36666776)

Well, government data is (nominally) public property and should be owned by and available to the public at large, with only certain exceptions, usually in a time of war. Fucking around the the voice mail account of a missing, underage girl who may or may not have been murdered, is a little bit different than that, don't you think? But hey, context, what's that?

Re:Going to throw stones? (2)

blueg3 (192743) | about 3 years ago | (#36666916)

That gets tricky. Not all government data, just government work product. There are a lot of situations where direct public access to government data is a real problem. Not the bullshit "national security" reasons, but simple things like access to internal information about an ongoing FBI or SEC investigation. Eventually the information -- excepting things that could easily compromise future investigations -- should be public, but not necessarily immediately. Likewise, government officials should be able to have e-mail accounts without their e-mails being available in real time to the public. That's a bullshit claim that's a (somewhat fair) reaction to the everything-must-be-secret government culture. Data necessary for transparency and oversight needs to be available while maintaining a reasonable degree of privacy that enables individuals and organizations to do their jobs effectively. I think that if better government transparency isn't forthcoming, than this sort of vigilante exposure will only increase.

Re:Going to throw stones? (0)

Anonymous Coward | about 3 years ago | (#36666976)

Emails and passwords of government workers "should be owned by and available to the public at large"? Only online can one see irrational dogmatism like this. There are legitimate avenues for accessing data, this isn't one of them. Filing an FOI request and tunneling your way into the archive room are distinctly different things.

Re:Going to throw stones? (0)

MichaelKristopeit422 (2018884) | about 3 years ago | (#36667900)

tunneling your way into the archive room, and convincing a digital system to transmit a stream of bits to you are distinctly different things.

you're an idiot.

Re:Going to throw stones? (1)

sycodon (149926) | about 3 years ago | (#36667016)

One has to wonder what you thought about Palin's emails being hacked. Or, what you would think is Bachman's emails were hacked. I suspect you would be overjoyed.

Re:Going to throw stones? (1)

LordLimecat (1103839) | about 3 years ago | (#36667214)

Well, government data is (nominally) public property and should be owned by and available to the public at large,

Can you cite a supreme course case, an amendment, an article of the constitution, etc?

No, this is just your vision of how things should be? Oh, ok then.

Re:Going to throw stones? (1)

MagusSlurpy (592575) | about 3 years ago | (#36668492)

This [wikipedia.org] is by no means all-inclusive, but it's a starting point.

Re:Going to throw stones? (1)

Anonymous Coward | about 3 years ago | (#36666784)

The same people that clapped in glee with the release of this and other govt. data should either clap in glee with the release of ALL hacked data, or should object to the release of ALL hacked data.

Nonsense. Government data should be public unless there is a compelling need for secrecy. This provides for accountability of government. Personal data have no such application; a person is not accountable to society in the same way that the government is.

Re:Going to throw stones? (1)

LordLimecat (1103839) | about 3 years ago | (#36667224)

Nonsense. Government data should be public unless there is a compelling need for secrecy.

"Should" and "is" are two different things. Possibly one should push for a change in legislation (I thought Obama was pushing a transparent government initiative...?), but until then I dont see any reason to get giddy because someone broke laws and saw fit to play the data-vigilante.

Re:Going to throw stones? (1)

Jah-Wren Ryel (80510) | about 3 years ago | (#36667410)

but until then I dont see any reason to get giddy because someone broke laws and saw fit to play the data-vigilante.

This is just your vision of how things should be? Oh, ok then.

As if the imprimatur of law has an ounce of weight when it comes to morality.

Re:Going to throw stones? (1)

LordLimecat (1103839) | about 3 years ago | (#36667952)

This is just your vision of how things should be? Oh, ok then.

No, its me stating a fact: that I am in a state of confusion over why people are overjoyed that others are violating the laws of the land in a democracy where the majority stands against them.

As if the imprimatur of law has an ounce of weight when it comes to morality.

One treads on dangerous ground when speaking of morality in such an issue, especially when you havent explained what your ground for morality is. Myself, I would say that part of a proper system of ethics recognizes the necessity to submit yourself to the governing laws of the land, unless such laws contradict a more basic ethical rule.

And honestly, I would not call the "need for information to be free" a deeper ethical rule.

So the question becomes, if the law of the land has absolutely no say in your mind as to how one should behave, where DO you derive your standards from?

The difference (1)

Anonymous Coward | about 3 years ago | (#36666792)

The difference is that Milly's voicemails were deleted to make space, while the exposed email accounts were not deleted.

The difference is that Milly's voicemails were expected to be private, and the operations of government and the military are expected to be public since they are funded by the public.

Re:The difference (1)

LordLimecat (1103839) | about 3 years ago | (#36667236)

and the operations of government and the military are expected to be public since they are funded by the public.

I would LOVE if we could get some citations of where such an expectation has ever been upheld by any body of authority. Civil War cases, or WW2 cases might prove educational to those cheering for "the old days" of military knowledge being public. I believe we termed it "treason" back in the day.

Re:Going to throw stones? (2)

TheGratefulNet (143330) | about 3 years ago | (#36666842)

I can't, in my wildest dreams, see the parallel you see.

seek help, is my advice to you.

Re:Going to throw stones? (1)

DarkOx (621550) | about 3 years ago | (#36666892)

I am in favor of the release of ALL hacked data. Even when it my hurt people, even when it may put lives at risk. All in all I think all the secrecy, and covert action makes us weaker not stronger. It creates more division and strife in the world not less; why? because it always comes out eventually; even if it takes decades.

When I was very young my mother gave me a simple bit of advice. See said if you want to be sure nobody every reads something, don't write it down.

Wow simple eh? much simpler than encryption schemes, dealing with vetting 10s of thousands of people to receive secret clearance, etc. NATO higher ups need to speak to each other pick up the damned phone and don't make recordings of the call. Data that is not there can't leak.

People should take this to their personal lives as well. The average teenager would probably be lots happier if they themselves as well as their school mates put a little consideration in what words they commit to paper, or Facebook. Conversations between a few people will be forgotten, everything else tends to get distributed more widely or to resurface and cause more grief at the wrong times.

Yes in 2011 we can record everything, we can store a life stream for every person large with or without their cooperation, but WE SHOULD NOT WANT TO DO THAT.

Re:Going to throw stones? (0)

Anonymous Coward | about 3 years ago | (#36666968)

How would you feel if someone hacked into your Doctors office computer and released the fact that you are

1. On Psych meds
2. Are attracted to little boys.
3. Did your mom when you were 16.

Wait...are you even 16 yet?

Re:Going to throw stones? (0)

Anonymous Coward | about 3 years ago | (#36667020)

OK, then let's see what China, Russia, Israel, and others have including Hamas, and Hezbollah.

Oh wait, they'll actually find the people that hack them and seriously fuck them up. Well, we know just how brave these groups are now, don't we?

Re:Going to throw stones? (1)

LordLimecat (1103839) | about 3 years ago | (#36667254)

All in all I think all the secrecy, and covert action makes us weaker not stronger.

Maybe look at the situation in Zimbabwe, and the fallout after the release of several diplomatic wires between Mugabe's opposition and the US, and then repeat that statement.

Re:Going to throw stones? (1)

Isaac Remuant (1891806) | about 3 years ago | (#36667500)

heh, I really hope you're not basing yourself in OMGZ, wikileaks endangered Morgan Tsvangirai's life. Please, tell me you're not nitpicking clearly false and biased information to support... er... what was your point again? yeah, whatever that was.

One liners might make someone look like they know more than they do, but some people will research and realize you're saying nothing at all.

if someone reveals the truth, no matter what happens, it's still the truth. Why should people rely on saviours, politicians, leaders, whatever that operate in secret and do not want their actions known?

Re:Going to throw stones? (1)

LordLimecat (1103839) | about 3 years ago | (#36667902)

Tsvangirai's position was put in jeopardy because he was allied with the US against Mugabe, and Mugabe was able to use his control of the media to twist it into some anti-Zimbabwe sentiment.

There is no possible way youre going to convince me that the curiosity of some citizens in the US was worth endangering the potential fixing of the disaster that is Zimbabwe.

One liners might make someone look like they know more than they do,

Pot calling the kettle black. How many one-liners pop up stating "information wants to be free", nevermind that the founding fathers, the 2 sides in the confederacy, and the WW2 united states would have utterly disagreed with that statement on certain matters? People complaining about the harsh treatment of Manning seem to have lost sight of the fact that during the Civil or Revolutionary wars, he would have already been shot or hung as a traitor.

This isnt some new thing that is a distortion of the values our country stands for; people have long recognized that once you get back into reality, some secrets are necessary for the functioning of diplomacy and for the waging of military operations.

How successful do you suppose Neptunes Spear would have been if Wikileaks had gotten wind of the operation beforehand, pray tell? In what conceivable way is it a service to US citizens to ensure that its operations are unsuccessful, as such operations will be if such intel is leaked?

Re:Going to throw stones? (1)

Isaac Remuant (1891806) | about 3 years ago | (#36668146)

Tsvangirai's position was put in jeopardy because he was allied with the US against Mugabe, and Mugabe was able to use his control of the media to twist it into some anti-Zimbabwe sentiment.

There is no possible way youre going to convince me that the curiosity of some citizens in the US was worth endangering the potential fixing of the disaster that is Zimbabwe.

You're saying that because zimbaweans learned THE TRUTH and Mugabe could use it to his advantage that secrecy was entitled? Tsvangirai engaged in talks with the US and supported sanctions against the country, wether that's a good or bad thing, it's not important in this discussion. The important thing is that it's represents the truth and if people get angry about it, wether there's a media spin or not, it's just how things are supposed to be.

I might be wrong, but you're claiming that secrecy should've been mantained so that Tsangivarai could effectively fight Mugabe while he lied to the people he represented? That's not good, that's not fair. I understand that you're on ONE side and that probably makes it hard to look it from a perspective. But life is not really us vs them. Just because I don't like Mugabe, it doesn't mean I'll blindly pretend all Tsvangirai's actions are ok.

People are supposed to make informed decisions in a democracy but you want your, let's say team, to be able to lie in order to achieve it's goals?

One liners might make someone look like they know more than they do,

Pot calling the kettle black. How many one-liners pop up stating "information wants to be free", nevermind that the founding fathers, the 2 sides in the confederacy, and the WW2 united states would have utterly disagreed with that statement on certain matters? People complaining about the harsh treatment of Manning seem to have lost sight of the fact that during the Civil or Revolutionary wars, he would have already been shot or hung as a traitor.

First off, I didn't say that information wants to be free. I just called you out on a lousy, unexplained and false example which was proven to be a piece of media propaganda a long time ago and it all started with this piece of crap article:

http://www.guardian.co.uk/commentisfree/cifamerica/2011/jan/03/zimbabwe-morgan-tsvangirai [guardian.co.uk]

Second, founding fathers, blah, blah... Don't appeal to a mistic authority to try and support your non existent argument. You remind me of people who make a up quotes from the bible. By the way, I'm not a history expert but I think there were compulsory drafts during the civil war too. So does everything that happened then apply now as well? No. Null argument.

This isnt some new thing that is a distortion of the values our country stands for; people have long recognized that once you get back into reality, some secrets are necessary for the functioning of diplomacy and for the waging of military operations.

How successful do you suppose Neptunes Spear would have been if Wikileaks had gotten wind of the operation beforehand, pray tell? In what conceivable way is it a service to US citizens to ensure that its operations are unsuccessful, as such operations will be if such intel is leaked?

Sure, keeps spewing official crap. "Values America stands for"? Really? Fake patriot rhetoric won't help your case. Citizens will be lied to and everything will be kept secret to "protect" them from we-can't-tell-you-what dangers that lurk around.

With full secrecy comes no accountability.

Remember how this all started:
He said:
"All in all I think all the secrecy, and covert action makes us weaker not stronger."
You replied:
"Maybe look at the situation in Zimbabwe, and the fallout after the release of several diplomatic wires between Mugabe's opposition and the US, and then repeat that statement."

That's you going on a ridiculous tangent that doesn't even address what he said. But it was so plainly wrong and intellectually dishonest that I felt compelled to point it out. He talked about truth making us stronger and you try to present an example when it "helped a dictator omgz! eeeveeel!"

Re:Going to throw stones? (0)

Anonymous Coward | about 3 years ago | (#36669590)

Maybe look at the situation in Zimbabwe, and the fallout after the release of several diplomatic wires between Mugabe's opposition and the US, and then repeat that statement.

Was the people releasing the information about the US funding a puppet leader to take over a natural resources rich country the real villains or the political powers that be who are breaking international law at fault? Money is all they gave a shit about and their plans had nothing to do with overthrowing Mugabe for moral reasons. There are immeasurably worse tyrants out there in poorer places such as the Ivory Coast, so stop trying to play the high and mighty card and get off that horse before you hurt yourself.

Re:Going to throw stones? (1)

Sooner Boomer (96864) | about 3 years ago | (#36667396)

I am in favor of the release of ALL hacked data.

That viewpoint, I can respect. I disagree, but I can respect it. When you pick and choose who is within the boundries of the law, the law loses its function, and you become a vigilante.

Re:Going to throw stones? (1)

MrHanky (141717) | about 3 years ago | (#36666898)

You're an idiot.

Re:Going to throw stones? (2)

Ephemeriis (315124) | about 3 years ago | (#36666900)

The same people that clapped in glee with the release of this and other govt. data should either clap in glee with the release of ALL hacked data, or should object to the release of ALL hacked data.

So you don't see any difference at all between a private individual and a government organization?

I'm not particularly moved to emotion by either of these stories... But I can at least see a difference here.

The US government is supposed to be by the people, for the people... And yet we see plenty of evidence that the US population is being lied to at nearly every turn. Why would I, as a US citizen, object to actually getting to find out what my government is really doing? Yes, of course, folks are going to cry that it's a security breach and our top secret plans are now in the wild... Which may actually be true... But after literally years of being lied to, I guess I'm not all that worried about a top secret plan or two making it into the wrong hands.

As for Milly... Well, I'm not really convinced that anything horrible happened there. It sounds like deleting those voicemails hampered the investigation of her death. And maybe the parents might have wanted to hang on to some of them for sentimental value... But, not to be cruel or anything, the lady was already dead. Still, she's a private citizen. Not some government organization. Her close friends and family might have a legitimate argument that they have a right to hear her voicemail... And the police can certainly get a warrant to listen to it... But that really isn't something that a tabloid needs to be reporting on to drum up more readers. It's certainly something that they want to report on, because it's sensational and will sell a few more copies... But that doesn't make it right.

Re:Going to throw stones? (1)

TheVelvetFlamebait (986083) | about 3 years ago | (#36666966)

I sympathise, but I disagree. People are allowed to define their own rules, and hence exceptions, in their own moral compass. I mean, if exceptions weren't allowed, then you could be a hypocrite for believing one "thing" is good, but not another "thing". Surely, either you believe everything is good, or everything is bad?

Re:Going to throw stones? (0)

Anonymous Coward | about 3 years ago | (#36666824)

If there is hypocrisy, then that point can stand by itself. It doesn't matter what his agenda is.
Your argument is the same argument global warming deniers use against climatologists.

Re:Going to throw stones? (0)

Anonymous Coward | about 3 years ago | (#36667280)

Your argument is the same argument global warming deniers use against climatologists.

No, the argument is that its been changed several times and credibility begins to wane when it goes from "global warming" to "global climate change".

Re:Going to throw stones? (3, Insightful)

Mordok-DestroyerOfWo (1000167) | about 3 years ago | (#36666756)

The fact that you somehow got modded up horrifies me. There is a world of difference between the two scenarios, perhaps somebody will patiently explain them to you...maybe with bright colors and friendly animals!

Re:Going to throw stones? (1)

Lifyre (960576) | about 3 years ago | (#36666896)

While I understand the point you are trying to make you seem to have sidestepped the context. Hacking an organization and at least theoretically exposing weaknesses in their security and hacking an individual's phone are quite a bit different. I generically applaud publicly hacking organizations that are failing in their responsibility to protect the information they have. So while I would support generically hacking the entire phone system to expose such a weakness the focused malicious attack on a deceased girl does not quite have the same flavor.

Re:Going to throw stones? (0)

Anonymous Coward | about 3 years ago | (#36667080)

So while I would support generically hacking the entire phone system to expose such a weakness the focused malicious attack on a deceased girl does not quite have the same flavor.

So breaking into a server and publishing account/password combinations to expose the weakness would be a public service? What if one breaks into a bank and dumps the deposit box keys onto the street, would you view that as a public service?

Re:Going to throw stones? (1)

Lifyre (960576) | about 3 years ago | (#36667160)

I should be more clear I suppose. I don't support every action the hackers take, I never have. I support the exposing of the weaknesses to force the organizations to fix them or at least allow the individuals the ability to mitigate them. The problem here (and with your analogy) is that a security vulnerability like this can easily be used and then kept secret by the company and/or hackers. If you break into a bank and dump the keys into the street it is very public (even if you don't dump the keys) and will illicit and immediate and strong corrective response. If that was the case for hacking an information system we probably wouldn't be in this situation to begin with and it would be much harder to accomplish.

Re:Going to throw stones? (0)

Anonymous Coward | about 3 years ago | (#36667260)

You don't have to presume violent breaking and entering. One could surreptitiously compromise a bank and access secure items by masquerading as a worker, same as cloning certificates for computer systems. The bank/server analogy works very well this way, and in either case the claim to public benefit is dubious.

Re:Going to throw stones? (1)

Lifyre (960576) | about 3 years ago | (#36667740)

I hadn't thought of it that way and it does work better as an analogy except for the reaction both to the stolen items being released to the public and the hacking event itself will be dramatically different. I should also be clear I don't think the release of the information has much if any benefit but the public disclosure of the compromise does.

Re:Going to throw stones? (1)

Runaway1956 (1322357) | about 3 years ago | (#36667936)

Misconduct by an international megacorporation is now equivalent to childish pranks done by anonymous geeks? Misconduct for profit equates to some kind of misguided political activism?

Let me be blunt - I want Rupert Murdoch's head on a pig pole. Knowing that the "gubbermint" is looking for these miscreants in this story is good enough for me. These little freaks don't actually threaten my freedoms, while Murdoch does. Murdoch's vision for the world is endorsed by dozens of MP and congressmen around the world, and he uses his money and influence to move forward with his plans. The freaks hacking emails have no influence, little money (if any) and cannot sway any parliament or congress to pass asinine laws that will increase their wealth.

It's a matter of priority. When being stalked by predators, you deal with the biggest, baddest, meanest, and most dangerous predator first. In this case, that is Rupert Murdoch.

Reminds me so much of War Games flick (2)

Lead Butthead (321013) | about 3 years ago | (#36666688)

Shortly after the release of War Games in 1983, there were a rash of hacking incidents "inspired" by the movie. Events of late seem to be a repeat of that, aggravated by the (still) piss poor security policies. How some things changed but other persists over the decades.

Why is this on Slashdot? (1)

Fat Wang (1230914) | about 3 years ago | (#36667742)

This is an example of a story that only makes things worse by posting on Slashdot. I didn't know this website was so anti-American.

Re:Reminds me so much of War Games flick (1)

phantomfive (622387) | about 3 years ago | (#36669180)

What on earth does your sig mean?

Air Gap? (3, Interesting)

Gothmolly (148874) | about 3 years ago | (#36666722)

Has nobody in government security ever heard of an air gap? WHY would you ever attach military gear to the public Internet?

Re:Air Gap? (0)

Anonymous Coward | about 3 years ago | (#36666746)

Yeah, what kind of idiot connects a mail server to the Internet?

Re:Air Gap? (-1)

Anonymous Coward | about 3 years ago | (#36666804)

Yeah, what kind of idiot connects a mail server to the Internet?

preferably not one which cannot afford to be compromised. you fucking moron.

Re:Air Gap? (0)

Anonymous Coward | about 3 years ago | (#36666818)

exactly. most military mail servers and users are all on SIPRNET which is airgapped from the public internet for a reason, numbnuts.

Re:Air Gap? (0)

Anonymous Coward | about 3 years ago | (#36667056)

Actually, the SIPR is not exactly 'airgapped' from the intertubes... they overlap, it just happens to be transparent...

Re:Air Gap? (1)

Anonymous Coward | about 3 years ago | (#36667156)

Actually, not they are not. There are several layers, which I will not discuss for obvious reasons. However all organizations, including military and government facilities require internet access to do their jobs. It is impossible for any organization to currently replicate all and keep in sync the available information on the internet in a contained environment.

Yes, I'm prior military and prior government contractor. This information is not classified, restricted, or confidential; however, further detail is.

Re:Air Gap? (1)

ae1294 (1547521) | about 3 years ago | (#36667324)

Yes, I'm prior military and prior government contractor. This information is not classified, restricted, or confidential; however, further detail is.

Well can you point me to a torrent with all those details?

Re:Air Gap? (0)

Anonymous Coward | about 3 years ago | (#36666908)

Yeah, what kind of idiot connects an internal, high security mail server to the Internet?

Ftfy.

Re:Air Gap? (1)

said213 (72685) | about 3 years ago | (#36667062)

you would appear to have made the initial comment more inane. did you win?

ask bradley manning (2)

decora (1710862) | about 3 years ago | (#36666826)

according to some of his defenders, alot of the stuff he got was 'commonly downloaded' by people on the base, especially the Collateral Murder video.

if you search youtube for video of afghan/iraq air strikes, i'd say that seems about right.

now if there is a bradley manning, who was doing it to blow whistles, there are probably some people who are doing it for profit, selling info to others.

why they aren't up on charges like him? sometimes the military wants to flip them to become triple agents. sometimes it doesnt want the bad publicity. the people who caught aldrich ames almost got nothing, a tiny ass little party , small than what we give people for birthdays at work. who knows.

Re:ask bradley manning (1)

blueg3 (192743) | about 3 years ago | (#36666926)

That data is on SIPRNET, which is separated from the regular Internet. After 9/11 the government tried to adopt a culture of information-sharing between organizations, which led to a lot of data being easily accessible if you had the right access. The infamous Wikileaked data is available because Manning transferred it from SIPRNET to the Internet by means of a writable CD masquerading as a mix tape.

yes. air gaps don't work (2)

decora (1710862) | about 3 years ago | (#36666954)

if you have millions of people with security clearances,

including people who are having serious psychological or emotional problems, which were known to the commanders at the time they sent him on duty.

Re:yes. air gaps don't work (0)

Anonymous Coward | about 3 years ago | (#36667036)

FYI you have to have a security clearance to operate the damn radio.

Can't really revoke clearance willy nilly if you want people to be able to do their jobs.

Re:yes. air gaps don't work (1)

blueg3 (192743) | about 3 years ago | (#36667700)

Access to data traditionally needs need-to-know in addition to clearance, though that was relaxed somewhat with post-9/11 information sharing. But in general, it's a hard problem. Lots of military and contractors need access to some kind of security-sensitive data.

Re:Air Gap? (0)

Anonymous Coward | about 3 years ago | (#36666856)

The real question is why did the U.S. military let you connect your private gear to their internet...

Re:Air Gap? (1)

said213 (72685) | about 3 years ago | (#36667120)

around 23 years ago. when it became profitable. seriously though; no correlation.

Re:Air Gap? (1)

blueg3 (192743) | about 3 years ago | (#36666940)

In this case, so you can send e-mail to people on the Internet (and the reverse).

Re:Air Gap? (0)

Anonymous Coward | about 3 years ago | (#36667292)

WiFi works over the air gap

Re:Air Gap? (1)

Stupendoussteve (891822) | about 3 years ago | (#36667798)

Uh... the military uses the internet. The real internet. someone@navy.mil is not some secret account, those are air gapped for obvious reasons.

You're seeing someone's NIPR email that they used to sign up for some unknown website, and nothing more.

Re:Air Gap? (0)

Anonymous Coward | about 3 years ago | (#36667994)

You're seeing someone's NIPR email that they used to sign up for some unknown website, and nothing more.

Not only that, but the 'password' isn't going to be any good for getting into the users' email or the users' accounts since the military went to mandatory use of CACs -- Common Access Cards -- that are required to log into your domain account; the password for the account still exists, but if you try to use it, you'll get a message telling you that you have to log in with your CAC and PIN. So without the right CAC in the reader and the PIN (password) for the CAC -- which is verified using data on the CAC, not on the domain -- any 'password' hacked out of a domain server is going to be useless for compromising the account.

Re:Air Gap? (0)

Anonymous Coward | about 3 years ago | (#36668542)

So we can communicate with you, Einstein.

The Cloud Is Safe. Target Will Protect Your Ident (0)

Anonymous Coward | about 3 years ago | (#36666732)

When your boss uploads the company's customer lists to Google Docs, don't worry, because their IT security is certainly much better than that of the U.S. military and government computers. When the Target clerk asks for your driver's license, go ahead and let her scan the barcode into Target's computers because they'll be able to protect your identity better than Sony or the U.S. military can.

This is the way to improve security (1)

unil_1005 (1790334) | about 3 years ago | (#36666742)

TSA is not.

Only happens to the US? (0)

Anonymous Coward | about 3 years ago | (#36666876)

Does this only happen to the United States government, or does it happen elsewhere too? Where are the hacks of Russian, Chinese, not to mention Libyan, etc., systems?

else where on the planet... (0)

Anonymous Coward | about 3 years ago | (#36667124)

Where are the hacks of Russian, Chinese, not to mention Libyan, etc., systems?

In those countries, you get a bullet in the head for pulling this kind of sh_t.

Re:else where on the planet... (0)

Anonymous Coward | about 3 years ago | (#36669792)

Where are the hacks of Russian, Chinese, not to mention Libyan, etc., systems?

In those countries, you get a bullet in the head for pulling this kind of sh_t.

China is going to invade northern Wyoming so they can shoot me for hacking an email server on the other side of the planet?
Good luck with that.

His point is that the US is being targeted because we're everybody's favorite Whipping Boy, and is wondering why the hackers don't put their sites on places like China.

The answer is that these targets are being hacked for the media attention, not the data itself. The data is actually mostly worthless. You don't get media attention for hacking Chinese servers and releasing people's passwords, so they don't bother. Anybody who actually wants to use the data for something can get plenty of it without relying on high-profile groups.

Look, if you want to get this kind of data from people it's really easy. You setup a few web sites which require a sign-up process, and use well-known methods to get people to go there and sign up. Voila, now you have their email and a password they probably use for other sites, along with a user name which is probably also similar to ones they use on other sites. No hacking required.

I don't understand... (1)

TheVelvetFlamebait (986083) | about 3 years ago | (#36666910)

... how people can believe in the existence of a government that conspires to slowly erode our freedoms, but also maintains such poor security on their information.

Oh wait, never mind, I just got it. This is clearly a ruse they orchestrated to make the truth seem implausible. Very sorry, continue with normal business.

I do understand Re:I don't understand... (0)

Anonymous Coward | about 3 years ago | (#36667554)

I'll explain but would like to point out that I don't like "conspiracy theories" of the usual "make up stupid shit for fun" kind (it's sort of amazing how many people love to lie).

Here's how real conspiracies usually work:
- zero paper (and none is needed)
- negligible or no traceable communication that can be used as evidence (as little if any is needed; humans communicate with more than plain language and if you keep your head down you're unlikely to be continuously monitored in the early phase. In addition conspiracies can be viewed as or sometimes are something akin to emergent/self-establishing phenomena)
- very small groups of people who actually know what's being conspired
- often relatively large groups of people being used/misdirected without their knowledge
- subverting perfectly reasonable aims and ideals; the better and more "obviously good" the easier (hard to whip significant minorities or majorities into frenzies about things people would consider bad right? But if you take something actually genuinely positive like national or cultural or even racial pride it's easy (and don't even bother with PC idiotic claims of how those are actually bad things because most people don't truly feel that way deep down nor have they any real reason to no matter where they're from or who they or their ancestors are/were))

Let's add the crucial distinction that most people skip:
- A government, pretty much any government, would be incapable of conspiring anything much (but more than able to do all the same shit right out in the open out of stupidity and public ignorance/disinterest).
- Anyone close to governmental power, elected or not, would be extremely well placed to conspire as individuals.

And of course just about anybody no matter what is ready to "conspire" in favor of themselves, e.g. a politician automatically favors politicians just as much as a baker favors bakers or a nurse favors nurses: politicians are part of the largest most powerful "union" by default.

There is no reason to accept false choices, be they hidden, implied, or in your face. Insecure inept governments and conspiring power-mongers are not contradictory, in fact their conspiracies are just an additional example/trait of an inept and/or corrupted government or societal structure.

One can't reform rot.

Re:I do understand Re:I don't understand... (1)

TheVelvetFlamebait (986083) | about 3 years ago | (#36667852)

Insecure inept governments and conspiring power-mongers are not contradictory, in fact their conspiracies are just an additional example/trait of an inept and/or corrupted government or societal structure.

You've obviously got a much better handle on conspiracies than the average conspiracy theorist, but I don't think you've adequately supported your conclusion. Why do "inept" and "corrupt" belong in the same category? Surely it takes some level of competence to execute any significant abuse of power under relatively intense public scrutiny and get away with it?

Thankfully I just changed my password. (0)

Anonymous Coward | about 3 years ago | (#36666918)

Noone is ever going to guess that I changed my password to hunter2.

Stop storing passwords as they're typed (2)

TWX (665546) | about 3 years ago | (#36666922)

I wish that everyone would just stop storing passwords as they're typed and instead only store the comparative hash. It wouldn't matter, nearly so much, if they were obtained that way, so long as the algorithm to turn the password into the hash can't also turn the hash into the password.

Yeah, I know, it might break some interoperability, but I'm getting sick and tired of hearing about this crap. Unfortunately the only way this will change is if it becomes in the interest of the requisite parties for it to, like if they can't obtain insurance anymore because no insurer will want to extend liability insurance to a company whose IT structure is so poor that it's likely that a payout might be necessary.

Re:Stop storing passwords as they're typed (0)

Anonymous Coward | about 3 years ago | (#36667212)

I take it you've never heard of a rainbow table?

Re:Stop storing passwords as they're typed (1)

Anonymous Coward | about 3 years ago | (#36667454)

Rainbow tables are only useful if there's no salt (or a very small salt). Simply MD5ing passwords is something, but it's not a ton more secure than keeping them in plaintext. There should be a salt, and the hash should be one that actually takes a noticeable amount of time to compute. Hopefully your system will support multiple hash algorithms (as Linux does) so you can phase in better ones over time as computers get faster.

Re:Stop storing passwords as they're typed (0)

Anonymous Coward | about 3 years ago | (#36669450)

if you really must have clear passwords, at least store them as encrypted strings with a site token encrypted with a public key, for which the private key is not on the system.

Well that seems to explain this e-mail... (0)

Anonymous Coward | about 3 years ago | (#36666936)

...which I got at work a few weeks ago:

From: Ranald [________@dla.mil]
Sent: Thursday, June 09, 2011 12:10 PM
To: Some_User_Group
Subject: Dream to act like a porn star? Nail a magicpilule!

Ensure energy and gain extra size. http://shellyfarnham.com/basin.html

Fake Claim, spreading malware? (0, Interesting)

Anonymous Coward | about 3 years ago | (#36667122)

Anybody can claim and fabricate data. Since they are not explaining where they got the data, and the link goes to an EXE file (I chose to not download), I suspect it is just at a minimum a fake claim, even possibly a malware attempt to infiltrate, now propagated by Slashdot.

Furthermore, most of the NIPR if not all uses RSA cards, and passwords are expressly locked out. Now, if they claimed to have copies of the RSA/CAC cards, that would be a different thing.

Of course, everybody assumes they are successful, because that is the easy thing to assume.

Re:Fake Claim, spreading malware? (1)

Lehk228 (705449) | about 3 years ago | (#36667532)

it's a .txt file what are you talking about? i downloaded it myself

Re:Fake Claim, spreading malware? (0)

Anonymous Coward | about 3 years ago | (#36667586)

Anybody can claim and fabricate data.

Furthermore, most of the NIPR if not all uses RSA cards, and passwords are expressly locked out. Now, if they claimed to have copies of the RSA/CAC cards, that would be a different thing.

Precisely, even before 100% CAC implementation, the DoD passwords would not have been accepted due to lack of complexity.

Morons (2, Insightful)

chill (34294) | about 3 years ago | (#36667242)

No, not the people who had their e-mail and passwords hacked, just most of the commenters here on Slashdot. Really, after all this time I should no longer be surprised.

Heads up, folks! The vast bulk of these e-mail addresses are from @yahoo.com, @gmail.com and the like.

These are PERSONAL e-mail addresses of possibly U.S. government personnel. They are prefaced with a couple dozen .gov and .mil addresses, but the rest are anybody's guess.

Re:Morons (1)

memyselfandeye (1849868) | about 3 years ago | (#36667470)

Exactly. It's likely they came from some sort of government employee program, like free viagra for postal workers or something... anything, I don't know. It's highly unlikely the organization (NSA) that has paper after paper detailing the need to hash passwords using a random salt to prevent rainbow attacks went ahead and stored their accounts in clear-text [*@nsa.ic.gov].

This is yet another Bobby Tables [xkcd.com] script attack against yet another site failing to use prepared statements and sanitation as suggested in every freaking doc, book, and manual for every freaking database for the last 10 years! I'm convinced this is all the result of lowest bidder and India-sourcing el Cheapo front end projects. You know, giving the job to people who don't even know what a mailing list is, let alone how to subscribe to one.

Regardless, this is not the "OMG I now have the codes to play chess with the Nuclear Launch Computer!!!! Mega LoLZ"

Re:Morons (0)

Anonymous Coward | about 3 years ago | (#36669572)

best xkcd ever!

Re:Morons (0)

Anonymous Coward | about 3 years ago | (#36667518)

The passwords most likely didn't come from Government servers. They could have been from any-old website where those people are members and used their government email address to sign up. My email isn't on there, so I am happy.

This is getting worrying. It's all well and good that these people are playing their silly little "look at me" games, but publishing laundry lists of email address/password combinations does nothing to improve security. People will still choose stupid passwords and reuse them everywhere. If they don't know that their current password is exposed on the net then they are fair game for any random 12 year old with no clue to annoy.

Since people like to reuse passwords and often supply the same email everywhere, you could take a guess at sites like Facebook, MySpace, etc. They'll probably also unlock some of the email accounts in the list. Hopefully all of the email accounts on the list have been notified that their password is exposed.

Re:Morons (2)

Stupendoussteve (891822) | about 3 years ago | (#36667842)

You're making a huge assumption that this is from a military server (hint: these user/passwords didn't come from that NATO server). Just because you see a few .gov and .mil email addresses means nothing. Some people sign up for websites using their military email addresses, just like some people do the same from a corporate email.

I love how they preface the .mil addresses as important people. More likely some random PFC.

hacking honeypots doesn't count (0)

Anonymous Coward | about 3 years ago | (#36667636)

dumbasses

Not compromised, not hacked (3, Informative)

jmkaza (173878) | about 3 years ago | (#36667928)

These aren't email addresses with passwords to those accounts, they're the email address and password someone used to sign up for some random, unknown website. Without knowing what website, most of these combos are worthless. It might have been a hack of the server, but chances are it's just some DB (and not DataBase) admin who published his user list. If you're using the same email address to register for websites, make sure you don't use your password for that email address when you register.

Re:Not compromised, not hacked (0)

Anonymous Coward | about 3 years ago | (#36668054)

While these probably came from some arbitrary site and there were a few .mil addresses there, the attackers probably just used that fact to get more attention. There's a lot of "oh noes, the mil has been hacked" bouncing round.

You're assuming that most of the people in this list actually use different email/password pairs for each site the log into. It's a fair bet that the password will work for the email account of many of them. It's also a fair bet that the password/email will work on Facebook, MySpace, Google, Yahoo, etc.

Re:Not compromised, not hacked (1)

simoncpu was here (1601629) | about 3 years ago | (#36668878)

In an ideal world, users use different passwords for different websites. In reality, however, these passwords are equivalent to the passwords for their accounts.

u FUCKERS (0)

Anonymous Coward | about 3 years ago | (#36668674)

Get FUCKED.

U RAH

--

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...