Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:elites pimping nostalgia (Score 1) 56

Even when the press works out its trusted US insiders walking out the data, the tech press and sock puppets still try and push an all powerful Russia or China cyber fantasy.
That other nations can get into networks, stay in, get all kinds of plain text data in bulk, get the data out without been detected. Hours later contractors find all the ip ranges, logs, fully understood and expected code fragments are found intact. The media is full aware of methods, ip's hours later...
Later the insider aspect is finally hinted at.

Comment Re:Careless to use the tools? (Score 1) 56

Strange that for decades no other admins, system workers, network designers, skilled top academics, telco staff, the private sector or other gov's ever noticed and published details about staging servers and methods found.
Now its all in the open? What went wrong with decades of never really been noticed? All that easy access, bulk data moved globally and no trace by the smart people with total access to the networks lost.
Has commercial and consumer cloud AV really gotten that good and responsive that staff can track a mil/gov staging server to its origin and just look around?

Comment Re:Dual_EC_DRBG (Score 1) 56

The internal NSA networks are open to staff, other agencies, random contractors for a reason. So many had projects to run that securing it all would have slowed down. It was sold as a new decade of searches, help, access by contractors.
Other agencies wanted domestic or staff information on topics the NSA had no need to question.
So most US internal gov networks are open, plain text for rapid searching. The security thinking is any search on the inside is legal, valid and secure.
The 'couldn't keep their own staff from access to everything" was the warning from history. Letting private contractors into gov secrets is always an error from a security perspective. The CIA, GCHQ warned the NSA. NSA gov staff warned the NSA. But the political drive for profits and the lobbying by the private sector was too strong. Decades of good gov security was lost to private sector contractors in years self signing their own access for profit.

Comment Re:What if the hackers are just pissed off BernieB (Score 1) 121

The contractors don't get much funding after suggesting correctly everyday police work will uncover the insider.
With experts pushing Russia, China in the press, contractors can request huge new software support rentals and hardware investments, bid for ongoing gov staff training.
Then upgrades and a new generation of security related software and hardware will keep that ubiquitous Skilled Bear v 3.0 out of any gov network.
Academic grants to study other nations educational structures, write reports on the kind of code patterns their best university graduates will be unable to hide.
Having a real nation as the origin to show political leaders is a corporate and academic funding dream. Suggesting a local police effort to find an insider will get a real result but no big contracts or grants.
So expect a lot of people online with a mil, gov background to be pushing early and wild stories about traces of code, other nations ip ranges, time zones, logs been found.
Why let a cyber crisis to go to waste and not cash in on decades of no bid federal cyber funding by suggest police interview a few staff members?

Comment Re:Really? Why? (Score 1) 794

How Covert Agents Infiltrate The Internet To Manipulate, Deceive, And Destroy Reputations (Feb. 25 2014)
https://theintercept.com/2014/...
The funny part about people with an agenda is they can only fake been normal for so long until they are induced to rush to the aid of their nation, faith, cult, big gov, mil, agency or corporate backer.
Usually undoing months of careful account usage over months in a few lines or with one rushed link :)

Comment Re:Nothing Should Be Blurred Out. (Score 1) 50

The problem with that is city growth, access for smart staff to nice, safe neighbourhoods usually takes over from a sealed off, remote site.
Most nations try to counter that with a 1980's version of the East German boarder in depth around a site.
Everyone allowed near the area is passed as been loyal. Any new faces, cars, passengers get databased. With photographic records of all tourists, students, academics, diplomats, sympathisers, strangers around sensitive sites kept, interesting people are quickly tracked and tasked for investigation.
Nations might even expand roads, rail or bus links to avoid an area. No reason for many people just to be passing.
A random police event far from a site for speeding, been too slow, poor etiquette will usually give an ID on approach.
Chat downs of any strange new people with a camera, on a bike, walking the area.
The other trick is for a uniformed security guard or other undercover security posing as staff to lure the interesting person onto a a private, gov or mil site. Many rights and legal protections while on public land are then replaced with complex mil/gov trespassing issues.
Foreign governments just buy, bribe or are contacted by ex, former staff and get all the real details.
The risk with blurring is a region then becomes a forum or social media event for locals, tourists and the tech press. Inducing having a new drone and/or 600mm camera taken away with a deportation story becomes a rite of passage for the media. Or a local version of a first amendment audit area that just keeps giving the best encounters and chat downs for social media.

Comment Re:Really? Why? (Score 4, Interesting) 794

Re Question 2: Why is this worse than lobbyists who actually screw us over and make our lives miserable?
Lets say a wealthy person wants free speech but has no real free time in the day to engage in a long online conversation. They hire one person to be that online persona putting in say five hours a day.
What if the message is always been drowned out by facts and reality? Hire 10 people to each be 10 or 100 accounts each with their own story and time zone, ip?
In the end you just go big and go with what a gov enjoys:
"Revealed: US spy operation that manipulates social media " (18 March 2011)
https://www.theguardian.com/te...
British army creates team of Facebook warriors (31 January 2015)
https://www.theguardian.com/uk...
Re 'Really. I honestly want to know."
The "tell" is usually one person with a lot of accounts cleaning up after bad news about a nation, their faith or their side of politics, gov, mil or agency, having a few hours to get their spin over, before going full AC again.
Posting initial news reports or early opinion hoping to sway readers, hoping nobody will actually read the links and follow up with real news.
Virtue signalling is the big slip up most of the accounts just cannot avoid. Eg. a party political personality trait, pushing a "security clearances" past to add validity, patriotism, nationalism, jingoism, the same sob story again and again usually gets past the smart hearts and minds effort. i.e. the person befuddles their role due to their own gov work or some mil experience.
The better way is to set up a left or right think tank and have them hire based on life experience. The jargon, slang, life stories are then indistinguishable from actual account users, the spin can be perfected over years of account use. No needing tens of fake accounts, fake ip's, no fear of linguistic analysis, just perfected astroturfing for hire. The staff are happy and on message and if suited can be rolled out on book tours, public speaking, for comedy.
The better lobbyists are using well funded authors, comedians, public speakers rather than vast amounts of easily detectable online accounts.

Comment Re:Serious question about this (Score 1) 169

It depends on the domestic, gov and legal media spin needed.
Blame one or two distant nations seems to play well to the domestic press.
Nations that can get in, stay in, move data but are so easy to detect just after an event...
The insider threat just seems to be in the too hard basket for most to even think to ask about.
Recall some of the past news events surrounding security and later findings.
New Research Blames Insiders, Not North Korea, for Sony Hack (Dec. 30, 2014)
http://time.com/3649394/sony-h...
More Data on Attributing the Sony Attack
https://www.schneier.com/blog/...
For an outsider to get in, stay in, have free movement inside a network, get out with some amount of usable data? Not been detected?
Or a walk out?

Slashdot Top Deals

Any given program will expand to fill available memory.

Working...