Forwarded from: "Huggins, Michael" <mhhugginsat_private> I do have a problem with this type of activity. We are supposed to be ethical and abide by standards when a certified professional violates those standards their certification should and ought to be revoked. There is no excuse for un-solicited scanning or penetration. Michael H. Huggins CISSP CTOC USN (ret) First Command Information Security Manager 817 569 2435 -----Original Message----- From: InfoSec News [mailto:isnat_private] Sent: Friday, August 16, 2002 1:33 AM To: isnat_private Subject: [ISN] Sleuths Invade Military PCs With Ease Forwarded from: William Knowles <wkat_private> http://www.washingtonpost.com/wp-dyn/articles/A24191-2002Aug15.html By Robert O'Harrow Jr. Washington Post Staff Writer Friday, August 16, 2002; Page A01 SAN DIEGO, Aug. 15 -- Security consultants entered scores of confidential military and government computers without approval this summer, exposing vulnerabilities that specialists say open the networks to electronic attacks and spying. The consultants, inexperienced but armed with free, widely available software, identified unprotected PCs and then roamed at will through sensitive files containing military procedures, personnel records and financial data. One computer at Fort Hood in Texas held a copy of an air support squadron's "smart book" that details radio encryption techniques, the use of laser targeting systems and other field procedures. Another maintained hundreds of personnel records containing Social Security numbers, security clearance levels and credit card numbers. A NASA computer contained vendor records, including company bank account and financial routing numbers. Available on other machines across the country were e-mail messages, confidential disciplinary letters and, in one case, a memo naming couriers to carry secret documents and their destinations, according to records maintained by ForensicTec Solutions Inc., the four-month-old security company that discovered the lapses. ForensicTec officials said they first stumbled upon the accessible military computers about two months ago, when they were checking network security for a private-sector client. They saw several of the computers' online identifiers, known as Internet protocol addresses. Through a simple Internet search, they found the computers were linked to networks at Fort Hood. Former employees of a private investigation firm -- and relative newcomers to the security field -- the ForensicTec consultants said they continued examining the system because they were curious, as well as appalled by the ease of access. They made their findings public, said ForensicTec President Brett O'Keeffe, because they hoped to help the government identify the problem -- and to "get some positive exposure" for their company. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 08:31:26 PDT