×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

164 comments

or it is used as a tool (5, Interesting)

FudRucker (866063) | more than 2 years ago | (#39444287)

to spread misinformation to those foreign spys that only think they compromised DoD computers (naw too good to be true) the US Gov is too stupid to do anything like that

Re:or it is used as a tool (5, Funny)

cparker15 (779546) | more than 2 years ago | (#39444431)

The entire DoD network is one massive honeypot. All the real data is sent by carrier pigeon.

Re:or it is used as a tool (5, Funny)

AioKits (1235070) | more than 2 years ago | (#39444623)

The entire DoD network is one massive honeypot. All the real data is sent by carrier pigeon.

Damnit man! Why did you let them know?! Now I gotta figure out how to armor the pigeons so they're not shot out of the skies... How tiny do they make bullet proof vests? Maybe I could use a swallow instead. Does anyone here know the air speed velocity of... Never mind, I'll figure something out.

Re:or it is used as a tool (0)

Anonymous Coward | more than 2 years ago | (#39444957)

Dunno, but you could start by looking here. [youtube.com]

Re:or it is used as a tool (5, Funny)

Peristaltic (650487) | more than 2 years ago | (#39445059)

What the DoD will do is hire a contractor to armor the pigeons, who will then design armor that puts the pigeons over max gross weight, so they'll add wing extensions, but since pigeon wing muscles can't flap the modified wings as fast, they'll replace their little pigeon wings with fixed composite wings and pigeon-scale turbine engines.

Unfortunately the turbine engine exhaust burns pigeon tail feathers, so they'll replace these with composites also. The Air Force will see an opportunity at this point to add hard-points to the composite wings, so the wing area and turbines will be made larger, increasing cruising speed and altitude, requiring life-support for the pigeons.

Cost: about $500,000 / pigeon for the Block 20 model, assuming the contractor will be allowed to sell Block 10 Pigeon Communication and Reconnaissance (PCR) units to our allies in Saudi Arabia. Test flights slated for 2020.

Re:or it is used as a tool (3, Funny)

NIN1385 (760712) | more than 2 years ago | (#39445409)

You left out the part where another contractor designs another version of said pigeons and undercuts this contractor with an inferior product because they had the lowest bid and then the people that awarded the bid to the cheaper contractor are left wondering why the cheaper pigeons are falling from the skies and killing innocent citizens.

Re:or it is used as a tool (1, Funny)

Peristaltic (650487) | more than 2 years ago | (#39445647)

...then the people that awarded the bid to the cheaper contractor are left wondering why the cheaper pigeons are falling from the skies and killing innocent citizens.

Maybe quietly to themselves, while DoD media relations at Fox informs their viewers: "...if they were innocent, they wouldn't be dead now, would they."

Re:or it is used as a tool (1)

Peristaltic (650487) | more than 2 years ago | (#39445859)

You left out the part where...

What I left out was that before accepting their order, the Saudis, adhering to Wahhabi doctrine, demand assurances that none of the PRC weapon system pigeons are female, even demanding the program be renamed before they make the purchase.

Boeing doubles the price and hopes to sell at least 1000 units of the Pigeon Reconnaissance Intelligence and Communication System each year to the Kingdom.

Re:or it is used as a tool (1)

Anonymous Coward | more than 2 years ago | (#39446321)

There's a process right there which inevitable leads to reconstruction of the F-22. The only remaining part of the pigeon is an image of the courageous bird who donated its body for higher purposes, piece-by-piece. And a feather. Bird suicide attacks against airplanes of all types have increased as a result.

Re:or it is used as a tool (0)

Anonymous Coward | more than 2 years ago | (#39446033)

Does anyone here know the air speed velocity of...

Yes. [style.org]

Re:or it is used as a tool (2, Interesting)

Anonymous Coward | more than 2 years ago | (#39444661)

I just hope that they're RFC 2549 [ietf.org] compliant, with (hopefully) an encryption layer along with that.

Re:or it is used as a tool (4, Funny)

Anonymous Coward | more than 2 years ago | (#39444687)

You ever tried encrypting a bird? They don't like that.

Re:or it is used as a tool (3, Funny)

Bigby (659157) | more than 2 years ago | (#39444715)

Is that like putting a bird in a crypt?

Re:or it is used as a tool (2)

mikael (484) | more than 2 years ago | (#39446005)

As long there is plenty of seed, and not too much salt. You might try adding some skipjack. But if you see little knapsacks, you know they are going off on Feistel rounds.

Re:or it is used as a tool (1)

v1 (525388) | more than 2 years ago | (#39444863)

You ever tried encrypting a bird? They don't like that.

they also don't like being hashed...

Re:or it is used as a tool (1)

Anonymous Coward | more than 2 years ago | (#39444737)

Might not be far from the truth...

The question is, is this the unclassified worker-drone finance-weenie network, or are they claiming SIPRNET compromise?

SIPRNET is audited out the wazoo, and many facilities only have 1-2 machines even connected to SIPRNET.

Airgapped networks + sneakernetting CDs/DVDs is the norm. Inter-facility transfer is often done by double-wrapped overnight postal service mailings. (If something goes missing, it'll get reported.)

Re:or it is used as a tool (0)

Anonymous Coward | more than 2 years ago | (#39445717)

May be true. Have you ever seen a baby pigeon or a dead one? They are genetically engineered and grown in vats until ready for their duty.

Re:or it is used as a tool (0)

Anonymous Coward | more than 2 years ago | (#39444449)

Yeah, I was just thinking the "compromised" network would be a killer honeypot.

Re:or it is used as a tool (4, Insightful)

erroneus (253617) | more than 2 years ago | (#39444513)

There is no shortage of "stupid" at the DoD. As every security expert knows, the weakest link is the user. And it doesn't matter how high or low ranking that user may be... if fact it kind of helps if they are "full of themselves" because they tend to demand that restrictions are relaxed so they can have access more easily. There is LOTS and lots of stupid out there.

And nothing helps more than the fact that running Windows as the standard has. Why? Isn't it obvious? We know from the headlines that every government has been demanding the source code and decryption keys for just about everything. Microsoft, I expect, has been no different when faced with such requirements... we certainly know that's true in the case of RIM. And the source code is now always enough or even completely helpful, but it definitely helps that governments are willing to hire black-hats to find the billions of holes available in the platform EVERYONE USES.

Sure, Microsoft profits lots... they are what everyone uses... including and especially the weakest links.

Re:or it is used as a tool (3, Insightful)

FudRucker (866063) | more than 2 years ago | (#39444663)

and dont forget the windows users that insist on logging in and running as admin/root for a regular user account because they dont want to be inconvenienced with having to type in a password for anything

my own brother runs his PC like that and i explain to him the concept of a multi-user system that has root and user accounts and he just stares off in to space with that deer in the headlights look on his face

Re:or it is used as a tool (2)

erroneus (253617) | more than 2 years ago | (#39445087)

...my own boss insists that his staff be made administrators on servers... I have always disagreed with that. He says it's for accountability and I can kind of see it, but make it a separate unique account, not my normal user account.

It's possible to run as a "limited administrator" (0)

Anonymous Coward | more than 2 years ago | (#39445463)

In Windows... such as HAVING to answer to UAC and even more than say, Linux? Having to literally LOG IN to do things, just like normal users do!

How? Ok (& my systems are setup thus in fact, bit of a pain, but stops bogus installers from malware 'automagically & invisibly' using your current logon privelege level to bypass UAC & other high-security restrictions):

These are most of, if not ALL, of the registry areas to set this up in to make that happen with the settings to examine & change are as follows in gpedit.msc &/or regedit.exe:

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken

(Set as ENABLED)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin

(Set as PROMPT FOR CREDENTIALS)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard users

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorUser

(Set as Automatically deny elevation requests)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Detect application installations and prompt for elevation

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableInstallerDetection

(Set as ENABLED)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locations

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableSecureUIAPaths

(Set as ENABLED)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA

(Set as ENABLED)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop

(Set as ENABLED)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Virtualize file and registry write failures to per-user locations

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableVirtualization

(Set as ENABLED)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop

OR

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableUIADesktopToggle

(Set DISABLED)

---

* There you go... you can do all of what you state, & more, easily enough, but instead by using NATIVE TOOLS already present in Windows itself in, gpedit.msc or regedit.exe!

APK

P.S.=> To even FURTHER enhance that, albeit @ the application level? You can use taskmgr.exe, & set UAC Virtualization ENABLED on ANY RUNNING APP too: Further sealing it off from infecting/infesting other running apps or the entire OS by every users' profile, by simply right clicking on running apps & changing their UAC virtualization level (this prevents ENTIRE OS & all users profiles from infestation, isolating it to 1 single user only (ala a test profile used to test possibly virus ridden programs, OR, to isolate problem programs like webbrowsers in the past & Adobe's JAVA products or javascript using tools (since those latter 2 are the PREVAILING largest infectors out there now, in JAVA &/or ADOBE apps))... apkr Account Control: Only elevate UIAccess applications that are installed in secure locations

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableSecureUIAPaths

(Set as ENABLED)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA

(Set as ENABLED)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop

(Set as ENABLED)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Virtualize file and registry write failures to per-user locations

OR

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableVirtualization

(Set as ENABLED)

---

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop

OR

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableUIADesktopToggle

(Set DISABLED)

---

* There you go... you can do ADMIN and still be restricted & thus, protected like any LIMITED user, as admin... it works! apk

Re:It's possible to run as a "limited administrato (0)

Anonymous Coward | more than 2 years ago | (#39445815)

Oh sweet jesus, that's hilarious - APK's gonna tell us how to fix the DoD's computers?

That's only a TINY bit of what's needed (0)

Anonymous Coward | more than 2 years ago | (#39446045)

Specifically tailored to what erroneus said's all... want to do it right? Ok:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH [bing.com]

* It's been EXTREMELY highly rated by others online since 2008, & I've been doing the same, since 1997 onwards... &, yes, it works... & has been seen by millions, with testimonials galore, it actually works, when "FOLLOWED TO THE LETTER", exactly, point by point.

However, believe-it-or not?

Suggesting it & PROVING it was needed??

Event got me fired from a job once!

Why?? Simply, because I caught the fact my then "Head of Operations", a paper MCSE, nothing more, setup TREND MICRO antivirus wrong, & our network was RIDDLED w/ keyloggers & more... that fool!

However - Politics did me in though, because when I pointed out it's only minutes of work to migrate its settings via .reg merges & gpedit/secpol usage @ an AD network-wide level???

He tried to say "it's too much work", but I even later proved he didn't even KNOW how to do it!.

My role then was as a programmer/analyst coding for security...

By securing applications @ a DB + app level using .NET & SQLServer (migrating badly done work that was NOT using stored procs OR bind variables, & yes - you have to do THAT too, but it's useless to 'batten down the hatches' @ that level, if your entire network & OS setup is wide the "F" open!) + far more...

He got fired though!

How??

LMAO, because, some "little bird" let it out to AVG he then turned to the freebie model of that antivirus vs. his erroneously setup TREND setup, & that? IS a "NO-NO"...

"Someone", lol, took that jackass for the same ride he sent me on, but on more valid grounds... + his superior (a nearly completely computer illiterate stooge who was oddly titled "CIO") got 'taken out' too!).

What goes around, COMES around... lol. This? This is the price negligent DOLTS pay, in addition to opening the door for negligence lawsuits from clients who were compromised.

APK

P.S.=> The problem, from these mgt. DOLTS who have never really done years of ALL-AROUND work in computing (from techie, to network admin, to security AND coding) are a problem... they complained about costs or tried to?

I proved it was minutes of work, & users logons would handle the rest, domainwide, & I had a system setup thus that was NOT infested as my proof, where everyone else was diseased to hell by NOT doing it... @ both OS security & database + application levels, & for a WORLDWIDE very famous client company that had very famous folks, law enforcement, & more's data (health data no less)... apk

Re:or it is used as a tool (4, Interesting)

g0bshiTe (596213) | more than 2 years ago | (#39444649)

I'd hate to think the DOD would be dumb enough to keep sensitive data on a network that was internet accessible.

Re:or it is used as a tool (5, Informative)

Beardo the Bearded (321478) | more than 2 years ago | (#39444975)

They don't.

I work with a lot of military documents. I've got some in the other windows right now. 99.9% of military documents are not important, security-wise. Sure, you can find out what kind of cable is used to plug in that receptacle. It's not important. It's not Classified. Nobody gives a shit.

The Classified stuff, should I ever even look at any of it, is really quite a different type of animal. Here's how I'd handle it:
1. Make sure it had to be me since they're a PITA.
2. Our document control folks would burn a copy and FedEx to me.
3. It would be sent to the Secure Room once it arrives.
4. When I went to work on it, I'd get a supervisor, sign in to the secure room, and pull out the removable HDD from the vault.
5. Check the Secure Machine for oddities, like anything in the USB ports or the sudden appearance of an Ethernet port. Seriously, there isn't even a phone jack in the room.
6. Boot the Secure Machine. Yes, it is Win XP. While it's booting, draw the blinds and close the door.
7. Work on the Classified document.
8. Once I'm done, I can burn a disk to send back and have it printed by the document control group. Then I power down, put the HDD in the vault, and then sign out.

Seriously, the important stuff is airgapped. The really important stuff is airgapped and guarded by people with weapons.

Re:or it is used as a tool (0)

jamstar7 (694492) | more than 2 years ago | (#39445149)

99.9% of military documents are not important, security-wise.

Doesn't stop them from classifying said documents, even something as no-brainer as the menu down at the mess hall for the 'Lower 4's' and who's tending bar at the O-Club. Especially if it's the bartender schedule at the O-Club.

Granted, it won't be classified much, but once you get in the habit...

Re:or it is used as a tool (1)

Anonymous Coward | more than 2 years ago | (#39445669)

There was this Pfc in Iraq who had access to all kinds of document, some even from State Dept. I do not see how that is well compartmentalized or airgapped. He was able to burn tons of this shit to a disk. He then turned around and gave it to a website to post for all the world to see. Yeah, this shit was classified and stuff.

Re:or it is used as a tool (1)

Anonymous Coward | more than 2 years ago | (#39445677)

FedEx to me

I think I have discovered a very weak link in this chain.

Re:or it is used as a tool (0)

Anonymous Coward | more than 2 years ago | (#39445783)

All that security then you just drop it in the mail? LOL.

Re:or it is used as a tool (1)

Woogiemonger (628172) | more than 2 years ago | (#39446313)

I've worked with secure documents before too, and can verify this, especially the PITA part. However, I haven't had to send docs before.. are the fedex guys that handle the copy cleared as well? Also, I know transporting the docs yourself can be quite an ordeal, because you're not supposed to let them out of your sight, even through security.

Re:or it is used as a tool (3, Interesting)

elgeeko.com (2472782) | more than 2 years ago | (#39444683)

Honeypot was my first thought too. You could keep the enemy scrambling to build the mind control ray gun we developed back in the 80s using technology we stole from the cities on the far side of the moon. Knowing someone is hacking your system can be a lot of fun.

Re:or it is used as a tool (0)

Anonymous Coward | more than 2 years ago | (#39445017)

You've never worked anywhere in the DoD have you?

Oh sweet (0)

Anonymous Coward | more than 2 years ago | (#39444289)

That's great.

wth (1)

Anonymous Coward | more than 2 years ago | (#39444315)

Seriously?

I mean....

This is hardly surprising. I worked for a formerly existing mortgage servicing company that outsourced its servicing, and as part of the Soldiers and Sailors Relief Act during the Gulf War II, they wanted us to send military deployment orders offshore so they could be serviced for the benefits. Maybe they found it easier just to hack in and get it from the source and bypass the middle man.

Best use of the word cyber ever! (4, Funny)

synapse7 (1075571) | more than 2 years ago | (#39444317)

“DoD is capability-limited in cyber, both defensively and offensively,”

Anyways, are we talking a bunch of old NT boxes plugged right into the internets, I mean the cyber.

Re:Best use of the word cyber ever! (2)

HBI (604924) | more than 2 years ago | (#39444541)

The best part is that what they are really saying there is that they lack the skilled personnel to compete with other nations. The reason they lack said personnel is that no one who is any good would like to work for the government. It's an unpleasant work environment in a lot of ways, especially in light of current budget expectations for DoD and certain mandated cuts.

Re:Best use of the word cyber ever! (1)

jmactacular (1755734) | more than 2 years ago | (#39446257)

Too bad we don't have a Commander in Chief who thought, hmmm... let's strategically shift all that money we're spending on imprisoning Americans over plants, or feeling up old ladies and kids in wheel chairs, or waging useless wars, and put it towards things like I don't know, protecting our national infrastructure and coming up with an alternative to fossil fuels.

Would that include .. (0)

Anonymous Coward | more than 2 years ago | (#39444319)

the island networks that I assume exist somewhere within the DOD's physical buildings? I'm gonna make the assumption here that people have been infiltrated as well, not just networked machines.

Best Practice (4, Insightful)

jcaldwel (935913) | more than 2 years ago | (#39444329)

From TFA:

“We’ve got the wrong model here. I think we’ve got this model for cyber that says, ‘We’re going to develop a system where we’re not attacked.’ I think we have to go to a model where we assume that the adversary is in our networks. It’s on our machines, and we’ve got to operate anyway. We have to protect the data anyway."

Its nice to see the DoD finally catching up with basic best software practices.

cut the wire (5, Insightful)

the_Bionic_lemming (446569) | more than 2 years ago | (#39444339)

Why does the network have to be accessible remotely? It should be isolated and need a meat sack to get the information from the system and relay it to the party that needs the information. Same thing with public utilities and such - why is it wired so that someone remote can tap a few buttons and remotely access controls for water plants?

Re:cut the wire (5, Informative)

HBI (604924) | more than 2 years ago | (#39444381)

There are physically isolated networks.

They are referring to the NIPRnet which is directly connected to the rest of the internet. NIPR is all about web apps - time trackers and such, and e-mail. The actual secure stuff has an air gap.

This is mostly hyperbole. These people who are testifying don't know jack shit about technology, and neither do the people who are listening to them.

Re:cut the wire (1)

Verdatum (1257828) | more than 2 years ago | (#39444515)

It feels like hyperbole to the point of pure nonsense. If any network can be shown to be compromised, the hole would be closed. If we don't know about the compromise, then we can't make the claim the networks are "completely compromised". The only decent suggestion at least from the article (too lazy to read original, sue me) is to operate on a network with the assumption that it's already compromised; that's just the concept of Defense in Depth, and it is nothing new.

Re:cut the wire (1)

HBI (604924) | more than 2 years ago | (#39444587)

There is plenty of CND in the DoD's networks. The statement that they are completely compromised is one of those statements you can make without fear of it being falsified, but it's a bunch of bullshit nonetheless.

Re:cut the wire (5, Insightful)

Whorhay (1319089) | more than 2 years ago | (#39444913)

From what I've heard that's mostly true. There are a number of 3 letter agencies that have been known to be so egotistical as to believe they are above the air gap requirements and actually run machines that cross that gap.

Besides which an air gap is not as full proof as one might think. Just look at what stuxnet managed to do to the Iranians nuclear program. And it would only take a single compromised person on whatever air gapped network to gather the datadumps and send them back to whatever party they work for. Off the top of my head I can think of at least one publisized account of malware being found on an airgapped system that seemingly couldn't be removed.

Whatever your technical measures and implementations, your security is always limited by the personnel using it. What percentage of people with clearances and access are turnable? It's impossible that it'd be zero, and even at a tenth of a percent it'd mean hundreds or thousands of compromised people and consequentially the networks they have access to.

All this ignores that classified information is often derivable from other non-classified sources.

Re:cut the wire (1, Interesting)

HBI (604924) | more than 2 years ago | (#39445063)

This post above deserves an upmod. Unfortunately, I can not comment further.

Re:cut the wire (5, Informative)

Anonymous Coward | more than 2 years ago | (#39446337)

Little anecdotal story from my time in the military (can't speak to the policies of all the 3-letter-agencies) USMC had (has) a very VERY strict policy about crossing the streams.

There are "normal" computers that access the internet and what not, and other computers which exist on a completely separate self-contained network. And never the two shall meet. At all.

For the most part, the secure computers were in a completely different building, or at very least in a different room behind lock and key. If someone was important enough to warrant access to the secure networks in their office (usually restricted to O-5 at bare minimum) the ports for the secure side were emblazoned in bright red and stuffed behind lock-boxes, so there was no possible way to confuse the two. Oh, and the office itself had to be secured. Certain quality of lock on the door, no windows, etc.

Any computers that became part of the secure networks, were part of that network for LIFE. When replacement time came, the secure computers had their HDDs wiped via electromagnets and then holes drilled through the platters.

Even non-computers had to live by a one-way pathing. If you plugged a monitor into a secure computer, that is now a secure monitor and CANNOT leave the secure area. Fax machines, copy machines, etc etc etc. Anything that interfaced with ANY secure data was locked down.

Suffice to say, there was no crossing the streams, and no matter how infected or compromised the "normal" networks were... there was practically zero chance of any info getting out of the "air gapped" secure networks.

Re:cut the wire (0)

Anonymous Coward | more than 2 years ago | (#39446609)

That sounds VERY SIMILAR to what I deal with everyday. I am a Navy contractor who deals with some classified data. Most of it tends to be torque settings, cable lengths, pin-outs, etc. so nothing exciting. Now every once in a while we have to see the SECRET stuff. That stuff if kept in a LOCKED SAFE, where we have to have two people open it and we go to a secure room to look at it. The computers that have access to the CLASSIFIED network are VERY CLEARLY marked, and you have a special log in/password. As was stated above the streams are never to be crossed. My building is one where you can not have a camera, cell phone, radio, or several other items. If you are caught with those items you will be detained, interrogated, the item will be confiscated/destroyed and you will probably loose your clearance for a while/permanently. They are not joking around with that kind of data.

Re:cut the wire (0)

Anonymous Coward | more than 2 years ago | (#39444399)

meat sack

Always nice to see a healthy respect for human dignity.

Re:cut the wire (2)

cpu6502 (1960974) | more than 2 years ago | (#39444439)

My thoughts exactly. Or setup a separate ARPA-owned network that no one can access except DOD employees.

BTW the recent news about an electric utility plant being "hacked" by foreign spies was a false flag. In reality it was one of the workers while he was on vacation, logging-in remotely, but of course we never hear that followup story on the Pro-war FOX, CNN, NBC networks. They'd rather scare everyone into thinking we need to bomb Iran and Russia (and then the defensecorps profit).

Re:cut the wire (-1)

Anonymous Coward | more than 2 years ago | (#39444553)

They do have those numbnuts. You aren't being insightful just another clueless turd like the senators eating this shit up.

Re:cut the wire (5, Informative)

Kadin2048 (468275) | more than 2 years ago | (#39444601)

Or setup a separate ARPA-owned network that no one can access except DOD employees.

This exists, it's called the SIPRnet [dhra.mil]. You can only access it from secure workstations in secure facilities, and in theory all the network hardware is also secure, etc., etc.

AFAIK, the only recent SIPRnet compromise was Bradley Manning, and that was more of a social exploit than a technical one.

Re:cut the wire (1)

Lunix Nutcase (1092239) | more than 2 years ago | (#39444605)

What "recent news"? I've tried Googling this supposed "electric utility hacked" and the only links I get are a 3 year old story and links talking about hypothetical situations. Care to post an actual link to the story you're talking about?

Re:cut the wire (2)

heypete (60671) | more than 2 years ago | (#39444743)

It was actually a water pump [wired.com], not an electric utility.

Re:cut the wire (0)

Anonymous Coward | more than 2 years ago | (#39444953)

That's his example of a false flag? An incident that DHS denied was a foreign hack pretty much right after the incident surfaced in the news? Is cpu6502 an idiot?

Re:cut the wire (0)

Anonymous Coward | more than 2 years ago | (#39444537)

telework, duh.

Re:cut the wire (1)

cdrguru (88047) | more than 2 years ago | (#39444721)

The utilities answer is an easy one. You take a city like Chandler with lots and lots of wells feeding the water supply and each and every single site is connected to some kind of network. Maybe public, maybe not - it is just not disclosed. But with a lot of different sites not being connected it would lead to a lot more staff cost and probably a lot more travel costs - fuel, vehicles, etc.

So everything is networked and remotely controllable. Means instead of a staff of ten people they can have just one. I would suspect the same reasoning applies to plenty of small-to-medium size cities with any sort of dispersed facilities.

Re:cut the wire (1)

mikael (484) | more than 2 years ago | (#39446507)

A lot of projects are cross collaborations between academic researchers , DoD, and corporations. Researchers need access to download/upload data, results, source code and documentation as well as use facilities like wind tunnels, supercomputers and wave machine water tanks.

Its cheaper to give someone FTP access than to have them fly across the continen every time they want to do a simulation run.

Scary (4, Insightful)

gmuslera (3436) | more than 2 years ago | (#39444375)

Surely will convince public opinion that the new measures of surveillance on all internet connections have a good reason and they should give up on privacy forever.

I couldn't imagine why (0)

Anonymous Coward | more than 2 years ago | (#39444407)

Perhaps they should re-evaluate their staff qualifications during hiring.

this is all retarded anyway (2)

HBI (604924) | more than 2 years ago | (#39444423)

The military would like a bunch of script kiddie canned attacks as their 'offensive' capability. They don't want to rely on anyone with a brain in real time. That doesn't work very well in practice.

They're never going to get what they want.

Funny (1, Funny)

DaMattster (977781) | more than 2 years ago | (#39444435)

I guess the DoD should finally retire Windows 3.11 for Workgroups, huh? LOL!

Re:Funny (2)

Greyfox (87712) | more than 2 years ago | (#39445187)

Oh har har har. Do you know how much paperwork that's going to require? To re-write all the specs that specify Windows 3.11 for Workgroups will cost TEN BILLION DOLLARS! So do we re-write all those specs or do we buy the FRONT TIRE of a Joint Strike Fighter! It won't be so funny when a Joint Strike Fighter can't land because it doesn't have a front tire!

Well it's defense so... (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39444443)

Well it's defense so ultimately what this boils down to is: "here's a file that says they're going to kick our ass". Can they do that? "Yes". Well, at least we infiltrated their network so we know our asses are going to get kicked and we can prepare for that. "No we can't, we'd have to move the entire country and kick somebody elses's ass to do it. What's more is our network is infiltrated too so they'd know we were going to do it and what's worse is we don't have much ass kicking capability". So. We're dead meat; but we know it in advance. That showed them!

It's not surprising... (4, Interesting)

SCHecklerX (229973) | more than 2 years ago | (#39444519)

... given the general below-mediocre quality of the contractors and government employees that work for the DoD, and the amount of senseless policies for policy's sake claiming to be for 'security' but, uh, no, not really. The people in charge are the worst.

I just started working for DoD again, and want to punch people in the face all day long.

Re:It's not surprising... (1)

HBI (604924) | more than 2 years ago | (#39444557)

I SO agree with you. I am getting out after 10 years - at least I keep promising myself that.

The federal government is home to the most idiotic employees ever.

Re:It's not surprising... (0)

Anonymous Coward | more than 2 years ago | (#39444727)

been there, done that... in DC, Club Fed is a Welfare State for both inner-city and suburbia...

Re:It's not surprising... (1)

Anonymous Coward | more than 2 years ago | (#39444579)

Exactly. A Theo De Raddt quote is relevant here, "Do you trust the guys who can't make a secure OS to make a secure sandbox?"

Only in this case, you're not trusting guys who make the OS, you're trusting DoD contractors.

Re:It's not surprising... (3, Interesting)

Anonymous Coward | more than 2 years ago | (#39444647)

Hilarious. I'm a fed here in IT (not DOD) and feel the same exact way. There are idiots that are high up and make decisions without knowing the technical consequences. I keep telling myself they will retire and leave soon, but it never happens.

It's going to be interesting in the next 5 to 10 years as all of the old folks are going to retire, and there's no new blood to take over for them. I don't know how it is at other places, but that's how it is here. And unfortunately, the new blood (me) is getting too frustrated to hang around much longer because of idiotic decisions that are made.

I'm only hoping that things will change and people will step down... Surely, it can't be like this at every government facility!

It's the same everywhere. (0)

Anonymous Coward | more than 2 years ago | (#39445773)

What you're missing is that when the idiots in charge finally leave (and it will take longer than you will believe possible), they will either be replaced externally, or by internal people who play the game rather than caring about actual results. They will still probably be idiots (from the perspective of caring about doing good quality work). You won't have a look in - excellence in doing your job is not rewarded.

I lasted 8 years in various government jobs before finally smelling the coffee and leaving for a much, much better job in a smaller private sector organisation with higher pay, motivated and intelligent colleagues and opportunities for advancement. And genuinely, no idiots.

Don't wait, unless you really enjoy playing politics or working around mediocrity. Or you believe in some kind of public-service ethic, of course.

Re:It's not surprising... (0)

Anonymous Coward | more than 2 years ago | (#39445965)

Ohhh....sorry. It can be. And it is.

Re:It's not surprising... (0)

Anonymous Coward | more than 2 years ago | (#39445039)

I work in a public school and your description sounds exactly like it is here.

Re:It's not surprising... (0)

Anonymous Coward | more than 2 years ago | (#39445621)

Seeing other replies to your observations I'd like to say that I worked for a big bank and it is the same. Two points:

1) We may be confusing "below-mediocre quality" with "below-acceptable quality".

2) The problem is inherently related to big organisations and their complexity rather than to their public or private nature.

Shut it down (0)

Anonymous Coward | more than 2 years ago | (#39444567)

If its compromised shut it down and wipe.

DOD security, not so good. (3, Interesting)

Anonymous Coward | more than 2 years ago | (#39444733)

Reminds me of when I was sent to a DOD site to try to figure out why everyone was scoring 97% on a certain test.

30 seconds of looking around and I had a pretty good guess:

(1) The unused tests were printed out in print runs of 10,000 and kept in an alcove in a dusty unused office. Said alcove had a plywood door with 18 inch gaps at top and bottom. Padlocked, but with the hasp mounted backwards, with all the screws exposed.

(2) There was a 50 page per minute xerox copier in the same room, no access card needed.

That was a rude introduction to DOD security measures, and the cluelessness of the security folks.

In Other Words: +5, Profitable (0)

Anonymous Coward | more than 2 years ago | (#39444767)

buy OUR consulting services.

I hope this helps DuD, errr..... , DoD security.

Yours In Minsk,
K. Trout

They are not spies (0)

Anonymous Coward | more than 2 years ago | (#39444793)

They are our trusted allies

The problem with the DOD (3, Interesting)

WindBourne (631190) | more than 2 years ago | (#39444797)

is that they will do political things. As such, they have LOADS of windows. And yes, they are LOADED with spies (and the DOD knew it). However, I differ with the expert. NSA should step in and help DOD upgrade everything to a decent set-up. Secure Unix or Linux (with SEL). NO MORE WINDOWS. In addition, restore the security that we used to have back in the 80's. We have slacked so much that many of the contractors are spies. Hell, I have dealt with a probable Chinese spy that was married to a USAF officer.

The USS reagan should be refitted with secured systems, or we should simply send it in the middle east and allow Iran to blow it up (better iran than china).

What amazes me is that EU, Russia, and China are all brighter than so many of the idiots in the DOD and at American companies.

Re:The problem with the DOD (5, Insightful)

Whorhay (1319089) | more than 2 years ago | (#39445155)

While I agree that I'd like to see the DoD move to more secure technical solutions, I don't think it'd solve the security problem. Like you pointed out the system is only as good as the people that are using it. And even with a very small percentage of people willing to spy it'd be almost trivial for a foreign government to buy their way into almost any system.

Prior to 2001 everything was more compartmentalized, which was good for Information Security's sake. But it proved to be bad for our national safety as the CIA wouldn't pass on information about a potential threat to the FBI for what amounts to dick measuring reasons. In the aftermath of 9/11 the policies swung the other way and we end up with Bradley Manning having access to way more information than he needed for his job.

A proper solution is a multi faceted problem. We need technical systems that are secure and yet still useable by a barely trained 18 to 50 year old volunteer. We need systems designed to be as secure as possible but still interface with each other and work in a timely manner. We need people that are as immune to corruption and insanity as possible. And the hardest part is probably sticking to fights and engagements that don't force those people to question the morality of the job they are tasked with doing.

dump the contractors and sub contractors move it (1, Offtopic)

Joe_Dragon (2206452) | more than 2 years ago | (#39444889)

dump the contractors and sub contractors move it in house so not only do you cut out a lot middle man you also get more control.

More control is nice so you don't have people who get moved site to site or have to go thought a reapply for the same job you have now paper work.

Also it lets you say have trading and other stuff with out the staffing agencies say we don't want to pay for that or we don't or cut to go down paying for time off / travel time / costs come out of own margin. This one guy on a contract said that the staffing firm did not like having to pay for the paid time (part of the over all deal) as it came out of there margin.

TL;DR (0)

Anonymous Coward | more than 2 years ago | (#39445099)

DoD finally watched the TV show "NCIS" and realized that either special agent Timothy "Probie" McGee or forensics specialist Abigail "Abby" Sciuto can hack through any DoD firewall in a few seconds when ordered to do so by special agent in charge Leroy Jethro Gibbs.

Smart Move (2)

drkstr1 (2072368) | more than 2 years ago | (#39445145)

The experts suggest the agency simply accept that its networks are compromised and will probably remain that way, then come up with a way to protect data on infected machines and networks.

This is actually one of the smartest things I've heard come out of the DoD relating to information security, in a long while.

One of the first rules of thumb when developing secure client-server applications is, never trust the client. One must assume that given a high enough incentive, any public facing interface can and will be exploited in one way or another, and there is no way to reliably anticipate all attack vectors.

It is smart to develop policies and procedures around this assumption.

In Your Base (0)

Anonymous Coward | more than 2 years ago | (#39445601)

Im in ur base killin ur d00dz

Cyano-Acrylate (5, Interesting)

Anonymous Coward | more than 2 years ago | (#39445923)

We use CA epoxy as a very effective security measure. For any commodity hardware we buy, we fill all of the USB ports with a CA epoxy that prevents access. We also use it to permanently attach mouse and keyboard. Motherboard USB headers are also filled with CA to prevent the casual attachment of devices (although users cannot physically get to their machines, since they are in locked cabinets, with IDS tied to building security. Same goes for unused SATA, PCIe, and other ports. Any plug that isn't used is made unusable.

PCs are on a network, but users have no physical access to cables, and similarly we use a secure cable type with a current loop and TDR to detect physical tampering. If the current loop is cut, building security knows precisely where the cut is within seconds.

There is no wireless, and no bluetooth. Employees are not allowed to bring in cell phones, MP3 players, or anything else with any capability of capturing data, and yes, we 100% search at the door with metal detectors and millimeter wave detection like you see at the airport (except we actually know how to use it). We're also in a steel building with no windows and and EMI shielding, just in case.

We're not on the Internet. We have absolutely no need to connect to it. Even if we did have a spy as an employee, they would have to reproduce anything they did on another machine outside the office in order to transmit it anywhere else. And obviously, there is no means to allow employees to "work from home" in their pajamas in sandals.

Any new software has to go through a thorough vetting process, and any vendor wanting to sell us software is required to allow us to load the source code and build environment onto our build farm, review and inspect the code for possible attacks, and then compile it ourselves. This is a lot easier to achieve than you might think.

Finally, we're old school. Everything is compartmentalized. The guy working on the math routines has no idea why he's working on them, or what they will be used for. All he knows is that he's a software engineer in charge of high-level math function development. He doesn't know what the product is or what it does.

don't worry, ex l0pht hacker is on the job (3, Informative)

decora (1710862) | more than 2 years ago | (#39445933)

millions-of-dollars research projects, are underway right now. in fact, a guy from the l0pht, named Midge.

see

http://en.wikipedia.org/wiki/Cyber_Insider_Threat [wikipedia.org]

im sure theres no coincidence between 'experts' pushing this and the industry about to 'provide the solution'.

nevermind that they are basically, built around theories like "maybe a guy changes the time he eats lunch".

and that 'insider threats' also = whistleblowers.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...