Next message: mea culpa: "[ISN] Information Risk Group Joins Underwriters at ..."
From: Matthew Patton <patton�t_private>
Date: Tue, 21 Apr 1998 21:49:25 -0400
>the Defense Information
>Systems Network Equipment Manager (DEM) -- from the Defense Information
>Systems Agency, the branch of the Defense Department in charge of
>classified computer networks.
Well actually DISA is responsible for all telecomm for all military
services. Kind of like an umbrella organization. They are responsible for
running SIPRNET, a classified SECRET level global internet for US and NATO
and other allied contries use among other networks. I'm not surprised in
the least that they got hacked if that's really the case. I've seen first
hand how pathetic security awareness is in the military, let alone DISA.
For all their little tiger teams and huge budgets for 'infowar' they are
really quite lame. I don't mean to imply they don't do cool stuff but they
are seriously overrated.
Actaully there are all sorts of underbelly problems with SIPRNET. STU-III's
can be had and getting keys isn't all that hard. You could attack anhy of
the longdistance carriers' networks and sniff the traffic. You could get
your hands on a KG (Motorolla crypto device). You could get the key
exchange material. You could find a modem bank at the McClean NOC and
attack the Cisco remote access terminal servers and defeat them. All sorts
of avenues are available. You could pose as a construction worker in the
Pentagon during it's multi-year renovation project and tap any of the
skillian of fiber optic lines. Pentagon physical security is really
pathetic. I've been frisked and checked far more thoroughly by silicon
valley corporations.
>MOD said that the software is used to remotely monitor and manage military
>computer-related equipment, including routers, repeaters, switches,
>military communication networks, and GPS satellites and receivers.
Yup. Does anyone know if it wasn't WANG or MCI that got compromised? These
are the 2 main contractors that service the networks and monitor them as
well as write said software etc. I've been inside the NOC in MD. It
controls all of DISN which is the phone network for the military. Purhpas
this is what was taken? I don't think that would be too hard actually.
> "DISA will be the
>preeminent provider of information systems delivery support to our
>warfighters and others as required by the DoD, under all conditions of
>Peace and War."
Yeah they have a rather glorified view of themselves don't they.
>Gene Spafford, director of the computer security research center COAST,
>said that the intrusion, if true, didn't surprise him.
>
>"I don't think anyone who is familiar with government security has ever
>believed it to be as secure as claimed," Spafford said.
Right on bud!
>Spafford added that he was not familiar with DISA systems, but that any
>distributed system is vulnerable, and that many government systems are
>configured "for convenience and not need."
Sure Gene hasn't visited DISA HQ? He's describing them to a T.
>The group claimed that they stole the software from a Windows NT server at
>DISA, and that about 30 individuals worldwide presently have copies.
I knew it! I've been telling people there (granted peons) that their NT
security just blew chunks. Serves them and their 3 star general right for
bowing down and worshiping Redmond WA. DISA is one of M$'s favorite
customers and why not, they buy everything Bill G. sells and not just a few
copies but a whole bloody site license for hundreds of thousands of
computers.
>"When you have a system that is distributed such that others can
>manipulate it, you open it up to not just security problems but also
>erroneous operations," Spafford said. "[You get] people who don't have
>training and [you get] accidents. It is a standard systems design
>quesion."
I'll bet somebody had one of those 'dual disk packs' and connected the
SECRET machine to the internet cause they had the A/B switch set wrong or
some other stupid foolishness. Heck I see such nonsense in my own office.
And the networking people look at me strange when I say at least renumber
the networks so such a gaff makes the machine instantly incommunicado and
damn obvious to any monitoring equipment.
And the feds want to regulate and control crypto? HA!
PS. I used to work for DISA. It was a dark moment. Looks like OSI will be
paying me another annoying visit...
--------
"The force of prayer is greater than any possible combination of man-made
or man-controlled powers, because prayer is man's greatest means of tapping
into the infinite resources of God."
- J. Edgar Hoover
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: Dimensional Communications (www.dim.com)
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 12:51:16 PDT