State Department Hit With Many More Break-Ins 143
adjust28 writes to tell us CNN is reporting that the US State Department has been dealing with a number of computer break-ins with regards to their headquarters and offices dealing with China and Korea over the past couple of weeks. From the article: "Investigators believe hackers stole sensitive U.S. information and passwords and implanted backdoors in unclassified government computers to allow them to return at will, said U.S. officials familiar with the hacking."
Ask Slashdot: Why do gov't 'puters have net access (Score:4, Insightful)
Re:Lack of motivation (Score:3, Insightful)
sarcasm
Who needs secure systems when you have draconian punishments?
That aside, systems are no more secure or insecure as the people behind them. I have been in places where they have implemented "high security passwords" only to have the secretary simply write the thing down on a post-it and stick it to their monitor.
B.
Re:Lack of motivation (Score:5, Insightful)
Re:Homeland security is a joke (Score:4, Insightful)
Unfortunately, the government just doesn't have the resources to investigate every single incident of computer trespassing. It would be nice if they could, but until then I can understand why an intrusion of an ISP mail server would not be very high on their priority list. As many incidents as there are like this that occur every day, it simply isn't possible to follow up on every one. Although, if what you say is true, it seems like you did most of the work for them. Hopefully they would at least file the information away for a rainy day, but my guess is they they didn't.
However, if this incident caused your opinion of the FBI and DHS to sink that much, I think you may have been overly generous with your opinion of the two agencies to begin with :)
Reality check... (Score:2, Insightful)
(2) Every time I read a headline like this, I remember playing Uplink, and chuckling over the poor bastards when what I did hit the headlines. Somewhere in Korea, someone is chuckling hard.
And this is bad? (Score:5, Insightful)
I think not. Just remember the whole fuzz about journalists being bugged so that anyone calling them with secret information can be traced. How can the press then do its job?
If total security is achieved say goodbye to all those leaks and exposes. You will have a system that makes the KGB look like childsplay. Not because they will abuse it but because if they want to they can, without ever being found out. All that would need to happen is for someone to come along who wishes to abuse it. Do you trust any party so much you want to give them complete secrecy?
Democracy and free press are nasty things. They conflict immidiatly with the need to keep things hidden. Even such a simple thing as the skunk works is a direct violation of the principles of free press and accountable goverment. How the hell can we judge our goverment if they can keep what they are doing hidden from us?
The only alternative is to accept a certain level insecurity and just go after the people that go to far. A very strange state of affairs but better then living in a police state.
Mitnick ain't a victim. He is a stupid criminal and deserves everything he is going to get. He was not a journalist seeking the truth, he was just a cracker messing around with computers that were not his.
If I do not lock my door that does not give you the right to enter my house. Neither do I want to live in a world where the goverment is behind closed doors.
pass the salt please (Score:5, Insightful)
If they really experienced that much security breaches I doubt CNN would be allowed to publicize this.
OTOH, TFA mentions a lot of scary evil things like North-Korean missiles and Chinese Hackers.
I'm not sure whether I prefer this article to be for real or propaganda, both possibilities imply information warfare on the US people.
Why bother? (Score:4, Insightful)
Re:pass the salt please (Score:4, Insightful)
Wholesale monitoring of communications is as useful as trying to read all the content on the internet, for every useful bit of information you read, you get a 1000 useless bits. So training people to understand the subtleties of "the enemy" would seem a more sensible solution.
Re:Lack of motivation (Score:4, Insightful)
While this is generally fairly accurate, in the case of Mitnick they seem to have made him a career, not ruined his life. Before he was nobody; now he's getting all kinds of stuff because of all the publicity the government paid for. I'm really not sure what they thought they were doing.
stupid security (Score:3, Insightful)
Cracking vs. Hacking (Score:2, Insightful)
This is a clear case of cracking, not hacking. Please tag this article as such, as if IT experts use the correct tems for activities, maybe the word "hacking" can be saved?
RMS or such other famous nerd: I'm a hacker
Justice, influenced by Fox: Off to Gitmo for you then, hacker means computer terrorist.
Re:Reality check... (Score:4, Insightful)
you can end up with a information that would be classified: see (1)
*limited official use (now sensitive but unclassified), controlled, for official use only, internal use only, variations on sensitive, etc etc etc.
Re:And this is bad? (Score:2, Insightful)
Re:Lack of motivation (Score:5, Insightful)
That's because so-called "high security passwords" are nothing of the sort - once you reach a certain level of complexity people will simply write them down.. a password that someone can remember is far more secure than a 'high security' one that has to be written down somewhere.
I suspect they only went that route because they were too cheap to buy securid.
Security and transparency (Score:5, Insightful)
Actually, yes we do. As long as we have to trust it with our things, we want it to be able to hold onto those things and not let just anybody see them or use them against us. If the government expects to claim that it's protecting us and our personal information, it has to deliver on that protection.
However, you're conflating security with transparency , when in fact they're both important. Security is the ability to keep the secret things secret against prying eyes. Transparency is the ability to unlock and inspect certain documents on demand to make sure that the government is functioning as it should. And ideally, the minimum amount of information should be classified secret: the smaller the pile of sensitive information is and the less it moves around, the less likely it'll get violated.
The role of the free press is to report. It could be said that the role of the free press in a healthy democracy is to act as watchdog, to report when the system's security breaks so people can be warned and take measures for their own security, or to use the transparency to report problems. And it could be further argued that when transparency breaks down and secrets are kept unnecessarily, the best thing a reporter can do is intentionally break that bad kind of security. When the Pentagon Papers were exposed and the illegal acts of the Nixon administration were revealed, that was the free press's finest hour.
Nowadays, government security and government transparency are both oxymorons, and the "free press" provides spin, runs interference, and distracts people with the missing-blond-girl-du-jour (I'm looking at you, Fox "News"). Oh, and a significant portion of the people are okay with that.
My question is, where do we start the triage? Any one we start to fix will give us trouble from the other three.
Re:And this is bad? (Score:3, Insightful)
Is it now?
If your system is counting on access failures for transparency and fail-checking there is something wrong with the system you've designed.
Just as CEO's should be personally responsible for what their companies do, government employees should be responsible for their own actions. Participate in illegal spying, fine'em. Ordering illegal spying, jail'em. Went to other countries, captured citizens and then refuse them any legal status, jail'em. Every single, bloody one responsible.
It might be painfull the first years, but the law is there to be followed. Even corporations. Even government. Personal responsibility is the way to go.
The government isn't something magical being. They're the people you voted for. Start voting for certifiably sane people. There are levels of criminality. Why are people so fast to brand someone a criminal, and then practically demand the death-penalty for any little simple thing. Trying to balance out low risk of getting caught with extreme punishments is a really dangerous method of creating a lawfull society.It may not be illegal, but... (Score:5, Insightful)
So yes, they can report whatever they want, but the government can very much make them feel sorry for doing so in financial terms. Thankfully the majority of the papers who have reported it -don't- feel sorry in terms of 'doing the right thing'; as one of the editors said - if they can't report on this, then what's next? Not reporting on Abu Ghraib? Not reporting on 'accidental' bombings of civilians? All in the name of supposed national security.
I can understand - and papers should certainly be wise enough to make this decision for themselves - that papers should -not- publish information regarding specific individuals or programs that would severely compromise those individuals or programs; e.g. operatives abroad who have infiltrated: you don't go publishing their names and photos. Investigations into a terrorist sleeper cell in Hicksville: you don't go publishing that they are under investigation. But for something as broad as "The U.S. government is tracking your international money transfers", there is -no- compromise of the program. If nothing else, sad as it is, most people probably expect that the U.S. government was doing that already, and the U.S. government can happily continue doing so; they can't honestly believe that terrorists will suddenly go "oh dear, I say... they are tracing our money wires.. perhaps we should stop using that.".
Elections must be coming up again soon...
Slashdot's irrational +5 insightful assumptions (Score:0, Insightful)
Must we assume that whatever was compromised was an unpatched machine that was unusually vulnerable? Call me crazy, but 0-day exploits?
Must we, by the same reasoning, can we assume that it wasn't some fool-headed diplomat's lackey that opened "worldpeace.exe" hoping to save US/China relations?
Must we assume that the shutdown of SSL afterwards was a stupid move? What if the exploit involved services running SSL, or if the worm/virus/trojan/badthing used SSL to communicate?
Must we just go and flatly state that because a government entity can be hacked, we should never give them our information? If you want to use that logic, then I suggest you go ahead and move off the Internet entirely and go be an off-the-grid tinfoil hat wearer. You're assuming the government is *always* purposefully irresponsible with your data, and you're also assuming things listed above. Hey, keep reading, there will be time after this for people to post about the V.A. data exposure, so we can lump every gov. agency together with that mistake and be +X insightful.
And holy crap people...you gave "why do gov. computers have internet access" a +4 insightful? GET A GRIP. You know what? A better idea. Let us take away Internet access from every agency and company, and just watch that productivity skyrocket because they aren't getting hacked from the outside anymore. I'm sure the modern world can safely go back to doing business over the phone and through snail-mail.
Sometimes these discussions end up being rumor-driven, speculation-rewarded, techno-mob mentality flame fests. Way to be logical about it all folks and to think this through.
I'm not trying to go out of my way to defend the government here, but when it's such a one-sided argument, a rational Devil's Advocate has little choice.
This is why.... (Score:2, Insightful)
Re:Lack of motivation (Score:3, Insightful)
That's not even half the problem. What happens if the hacker is in China and can't be arrested because he is actually in the basement of the People's Army and employed by the Chinese government.
Seriously, if I was a lead intelligence expert in China or Russia, I'd be having a heyday of compromising US military computers and trying to get as much information out of them as possible.
If some bright guy in the UK can do it... Why not trained teams of government spies with millions of dollars in their budget?