[ISN] Re: NSA to hack Navy

From: mea culpa (jerichoat_private)
Date: Wed May 13 1998 - 00:26:12 PDT

  • Next message: mea culpa: "[ISN] Re: Navy Hackers"

    Forwarded From: <anonymous as requested>
    > WASHINGTON (AP) -- [5.9.98] Agents from the National Security 
    > Agency will try to break into NASA's computers to determine 
    > whether the space agency can fend off cyber-intruders who 
    > could threaten launch-control and other critical operations, 
    > the trade publication Defense Week reports.
    	This notice is very late in coming.  Over 30 days ago, all routing
    information on NASA centers suddenly changed.  What once routed through
    mci.net was changed to mae-east at Ames Research Center near San Jose
    (which is, of course, a military installation).  I suspected something was
    up; maybe NSA involvement at that time, but kept it to myself solely to
    avoid appearing paranoid. 
    > The "penetration study" of the National Aeronautics and Space
    > Administration's unclassified computer networks is an effort 
    > to learn how easily troublemakers can get to sensitive data 
    > and what NASA's doing about it.
    	They didn't need the NSA to demonstrate that.  Countless numbers
    among us have more than readily demonstrated it, and at no charge to the
    government.  What NASA has done is effectively given the fox the keys to
    the henhouse. 
    > Teams from the intelligence agency will soon try to penetrate 
    > NASA networks in up to eight states, said the newsletter in 
    > the edition to be published Monday.
    	They've already started.  They've been monitoring NASA since
    March.  They announced it officially in April.  And the press release
    comes out in May.  Modus Operandi.
    > Last June, NSA "hackers" showed they could cripple Pacific 
    > Command battle-management computers and U.S. electric 
    > power grids.
    > The NASA "penetration study," which will be run under the 
    > auspices of the General Accounting Office, stands out because 
    > it involves a U.S. civilian agency, and such operations are 
    > barred by the 1952 law that created NSA, the newsletter said.
    	This isn't the first stupid thing the GAO has done. 
    	Bets around NASA are that each center will see about 12 firings
    per section at each center as a result of this "penetration study."  In
    overview, this is more than a "penetration study"; it's a shakedown:  a
    thinly cloaked "loyalty test."  Everyone has been informed that they have
    no assurance of privacy and that all keystroke activity is monitored on
    their computers.  That's right: NO PRIVACY and ALL ACTIVITY MONITORED.  So
    if they find any hint that you dared to question the wisdom of Herr
    Goldin, you had better be prepared to be investigated by NASA Internal
    Security and the Office of the Inspector General.
    > John Pike of the Federation of American Scientists, a veteran 
    > observer of both NASA and the intelligence community, told the 
    > newsletter that the NASA test breaks new ground and bears 
    > close watching.
    	And how will we criticize, audit or rebuke an agency that gets
    away with intercepting and reading telegrams *from* Americans overseas
    *to* Americans at home?  How will we rebuke an agency that intentionally
    backdoored the Clipper chip for their own benefit?  How will we rebuke an
    agency thats very budget is CLASSIFIED? 
    	We can't.  And, more importantly, they won't.  Not one among them
    wants to piss off an agency that makes its living off collecting
    information that others prefer to keep secret?  There are plenty of
    skeletons in the collective NASA closet when it comes to screwups.  Most
    folks only know about the very public ones.  (Challenger, Mars Observer
    and a few others come to mind.)
    > "This is the next big step in NSA's expanding role in domestic
    > information security," he said. "It's certainly the first 
    > reported major initiative of this sort with respect to a 
    > non-military agency.  While a number of safeguards are in 
    > place, there are concerns about the potential for abuse of 
    > this type of activity."
    	The NSA is not interested in "domestic information security." 
    They are only interested in making certain that anything closely
    approximating "security" will be readily breakable by them.  That's all
    they care about.  Period.  If they really cared about security, then why
    do they work so hard to get their hands in on meaningful crypto?  Hm?
    > But Charles Redmond, the space agency's manager of 
    > information-technology security, said the test was 
    > "not an invasion of privacy."
    	War is peace.  Freedom is slavery.  Ignorance is policy. 
    	NASA has already made it clear that no one can expect privacy. 
    Thus they think they can make claims that it's "not an invasion of
    privacy" because they've already told us that WE HAVE NO PRIVACY. 
    Convenient, is it not? 
    > NASA preferred to have the intelligence agency do the tests 
    > because it wanted to protect security and proprietary data 
    > and to avoid any conflict of interest, Redmond said.
    	Two words: bull shit.  If they really wanted to protect security
    and proprietary data, they would *PAY* admins to just be admins instead of
    working so hard to outsource and underpay them!  And NASA would also let
    the admins implement cryptography if they really wanted security!!  NASA
    right now demands that no cryptography be used and that it not be
    institutionally supported when used!  Anyone who does crypto at NASA does
    so without NASA's blessing.
    > The tests will determine how easy it is to access sensitive 
    > sites and whether they can be accessed through the Internet.
    	I can think of a dozen people who would gladly give a
    demonstration at no charge. 
    	Ya, I'm fscking disgusted.  Aren't you? 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:53:02 PDT