WikiLeaks Reveals that China Already Knows What WikiLeaks Reveals
I’ve been bitching and bitching and bitching and bitching about DOD’s refusal to fix the gaping holes in its network security even while it cries that Bradley Manning allegedly downloaded a bunch of cables using those gaping holes. As I point out, if all it took Manning to get all these databases was one Lady Gaga CD, then presumably our enemies can and do get what they want pretty easily, too.
As citizens, we just don’t ever find out about those other data breaches.
Well, apparently someone leaked a set of previously unreported WikiLeaks cables to Reuters, which used them as one of many sources to report on how much data China is just hacking from our government networks, including the sieve-like DOD ones.
Secret U.S. State Department cables, obtained by WikiLeaks and made available to Reuters by a third party, trace systems breaches — colorfully code-named “Byzantine Hades” by U.S. investigators — to the Chinese military. An April 2009 cable even pinpoints the attacks to a specific unit of China’s People’s Liberation Army.
Privately, U.S. officials have long suspected that the Chinese government and in particular the military was behind the cyber-attacks. What was never disclosed publicly, until now, was evidence.
U.S. efforts to halt Byzantine Hades hacks are ongoing, according to four sources familiar with investigations. In the April 2009 cable, officials in the State Department’s Cyber Threat Analysis Division noted that several Chinese-registered Web sites were “involved in Byzantine Hades intrusion activity in 2006.”
[snip]
What is known is the extent to which Chinese hackers use “spear-phishing” as their preferred tactic to get inside otherwise forbidden networks. Compromised email accounts are the easiest way to launch spear-phish because the hackers can send the messages to entire contact lists.
The tactic is so prevalent, and so successful, that “we have given up on the idea we can keep our networks pristine,” says Stewart Baker, a former senior cyber-security official at the U.S. Department of Homeland Security and National Security Agency. It’s safer, government and private experts say, to assume the worst — that any network is vulnerable. [my emphasis]
Oh, okay.
Our government has apparently conceded it can’t keep its networks secret from China.
I’m not surprised, mind you. While I assume the problems at DOD are a worst case scenario (because of its size and logistical issues stemming from all the wars we’re running), the size of the gaping holes at DOD (and the lackadaisical attitude DOD has about closing them) shows how low a priority network security is in our government generally.
Plus, Chinese hackers are that good.
But the confirmation that China can basically just take what it wants at will really raises new questions about our government’s treatment of Bradley Manning specifically and its hyper-secrecy more generally.
If we’re not keeping all these secrets from China, our biggest rival, who are we keeping them from? If our adversaries can just go and get whatever they want off our networks, then why has the government treated Bradley Manning’s allegedly doing the same a capital offense? And if our government has just conceded that China can take what it wants, then why won’t it let its own citizens know what China presumably already knows?
I have always assumed that the database Bradley Manning is alleged to have copied was so insecure that virtually all of the intelligence services of our enemies had already done it themselves.
Right. Exactly. I mean, given how gaping these holes are, it’d be shocking if they didn’t have the databases. (Though note that the State cables that were accessible via SIPRNet only represent 10% of the total universe of those State cables.)
China apparently isn’t the enemy. The American citizens must be the enemy.
The American govt and the Chinese govt are allies in a war against us folks.
The international class war cuts across all borders: the oligarchs versus the people.
That’s increasingly the conclusion I’m coming to.
As Digby notes, the Chinese hold 9.5% of USG debt. The Japanese another 6.5% Inside the Pillage, that would make them no more an enemy than Wall Street.
In reality, they are a competitor, not an enemy, that is very good at orchestrating resources – including direct and indirect political influence – across the world and putting them to work. That’s why I chuckle when analysts talk about US debt held by China as if the Chinese viewed it only as a financial investment, like 100 shares of Goldman, GE or GM.
those last two paragraphs would form a fine basis for questions to prez obama by an energetic white house press corp.
misswiki says
phishing is an example of “social engineering” techniques…
live by the sword, die by the sword.
for an amusing as well as informative article on “spear-phishing” see:
http://www.theregister.co.uk/2008/04/16/whaling_expedition_continues/
the article is from footnote 18 in the wikipedia article on “phishing”.
I read one account of the hacker work group at the China military office as being effective because of more than some coder mystique. The depiction was one of simple logistics; that China military has hired expansive numbers of hackers and set them to work in shifts round the clock, trying hack exploits, and with good equipment. But I think there are other issues, similar to the questions raised about hardening the cyber security of microtrades in the stock market; namely, that China might be wanting to have physical proximity to their targets, too; just as microtraders in Chicago would be disadvantaged by the number of microseconds it takes a light signal to reach the stock trader board in distant New York. James Lewis covers China a lot in his classical interview, there, cited previously. Lewis in the interview linked has some funny jokes, like he hopes Nasa space shuttle design gets hacked because it is obsolete and the hackers would set back their own space program by stealing that data; he also says cyber security folks inside the Beltway typically begin reverse engineering any hack event by basing it on the asumption that even if one domestic pet in Washington DC takes ill it is the fault of China military hackers. He also refuses to complete sentences by adding the caveat that the interview is on the record in the public media. He gives a China military hack example about a US public business entity data system that got hacked in a way that made it obvious the hackers were trying to locate some free speech advocates in Tibet; Lewis thought it improvable that many countries other than China would sponsor that narrow a hack scope.
On Manning, in a first amendment lecture, Balkin presented March 23, 2011, there is an interesting review of the juggernaut theory of cyber security from a journalistic and citizen perspective. The prof has published the lecture sequentially by topics covered; the Manning discussion appears in several segments, perhaps the most interesting or relevant to the post is the fourth in the series, there.
The RSA conference last month doubtless had some interesting interchanges about cyber security in the cloud computing era ostensibly on the tech horizon. I think it would be funny if Gates* replacement and the president decide on emphasizing cyber security as an administration achievement, and getting congress to approve new initiatives for that purpose; I wonder if Congress even can embark on a similar path; the senate judiciary committee Republicans themselves were caught hacking Democratic members* email as recently as that report from 2004, concerning a yearlong hack which took place continuously from Spring 2002 thru at least April 2003, according the the Boston Globe article linked.
JohnL
that was very interesting.
Speaking of hacker:
Speaking of coder mystique, the first thing that came to mind with the codephrase “Byzantine Hades” was that “B.H.” actually stood for “broken host” or “basic hack.”
This is hysterically funny in a perverted way. I shoulda guessed.
I don’t suppose USG hackers are good enough to get at China’s databases.
I’m sure there are Anonymous hackers in the US who could get into China’s databases.
If they can understand Chinese.
Gives new meaning to the phrase “It’s all Chinese to me”.
Heh. USG prolly has next to no one who speaks Chinese.
I know two people who are pretty competent in Chinese. Don’t know whether they would describe themselves as fluent.
But neither is a programmer.
i am with U
the USG hacks every nation on the planet!
the chinese are a high school football team in the hacking game
the USA is a NFL team in the hacking game
Why do you think the USG is so good at hacking? Do you have some particular knowledge of it or are you guessing?
From what I’ve read about the NSA (Bamford’s two books) they look for needles in haystacks by adding more hay (or looking for needles in needle stacks as another wag put it). Also, I think Bamford said that the software used to search for words & phrases in their stored data is Israeli. Sounds pretty incompetent to me.
On edit: Using the NSA as an analogy to what the rest of the USG might be like.
the USA military is all about mis-direction!
don’t ever believe the USG, ever.
the chinese are not spying on the USA to learn less
when U did deeper in the Military Industrial Complex, U may have un-learn everything.
the “IRON TRIANGLE” is real
From: The Iron Triangle: Inside the Secret World of the Carlyle Group by Dan Briody.
They’re effective enough to make lots of money, they’re not effective enough to keep secrets, and they don’t really care about core competence because making money is the first and only rule.
They’re the kind of people who would fuck themselves if they could, and they don’t care who knows it.
My Wall St. experience comports with this. I found the MOTU pretty incompetent, except leverage and inside info allowed them to make scads of money.
I think the accelerating rate at which these guys have been making money has had the effect of making them ever more reckless.
They think they’re invincible, I just wish there was some way to properly insulate the rest of us from the effects of their fuck-ups.
Yes to becoming more reckless, but I would attribute the main culprit to the moral hazard of the USG that bails them out no matter what they do.
I should have said hysterical, instead of reckless.
They were reckless in the 1980’s, now they’re just plain nuts.
And you’re right, as far as the USG is concerned, it doesn’t matter what they do.
You or I would think it embarrassing to be owned by crazy people but it doesn’t seem to faze our pols.
I have also argued on these threads forever, that foreign govts and peeps already know what’s in the leaks, and those of us here in the U.S., while not knowing a lot of it for sure, are not surprised by anything we’ve learned since they were released.
So the only point of keeping the docs secret is to keep them from U.S. people.
It’s a game govts play that’s as old as the hills.
“assume the worst — that any network is vulnerable.”
Every hacker has known that for decades. If a computer is connected to another, then it’s vulnerable to exploitation. Any computer connected to the internet is open to attack. To pretend otherwise is to live in fantasy-land.
AND THE KILLIN’ GOEZ ON AND ON AND…
Citizen emptywheel:
Unfuckin’ believable…the entire security state couldn’t keep the stink on shit and they’re holdin’ a fuckin’ PFC patriot in solitary confinement because he let the American people know what the Chinese have known since Mrs. McClinton kissed the Big Dog “goodnight”. Unfuckin’ believable…our entire government is so corrupt it makes the Borgias look like the 12 apostles.
And you wonder why I keep hammerin’ about the wars bein the ONLY issue left in our politics…gettin ta look a lot like 1968, ain’t it?!!
KEEP THE FAITH AND PASS THE AMMUNITION, THIS WAR BELONGS TO US SO LET’S END IT!!
Exactly, and that’s the answer to most of our questions.
I was just about to mention that cronyism is the main reason that our cyber security is so lax, the government in general, and the DOD in particular most often funnel contracts to it’s ‘friends’ without regard to real capabilities, and anyone who cares to know that, knows it.
I’d be willing to bet that DOD doesn’t treat the contracting of cyber-security with any more care than FEMA does trailer homes.
The fact that we routinely trust ATM machines and often purchase things on line without fear of losing the entire contents of our bank accounts puts the lie to the proposition that networks cannot be secured.
Our government just doesn’t give a shit, because things work well enough for their purposes, which are mainly short-sighted criminal shennanigans.
Where to begin… where to begin!?!
You are demonstrating almost classically why social engineering hacks work so easily for those that use them. It really is not safe to think and act as if things must be okay because you do not know otherwise. (A classic logical error.)
For some time now ATM networks and individual machines have been hacked by enterprising capitalists. In spite of getting lots of press in computer groups, the MSM usually ignores this stuff. One reason may be because sometimes the credit agencies ‘cover’ the losses to your wiped out bank account (this is when several folks get tagged at the same time). But safe, ehh, not so much.
The ATM networks offer convenience, so folks put up with the security problems, not the other way around.
If you wish, search on ‘ATM hack’ or ‘ATM sniffer’ etc.
Some ATMs are more vulnerable than others – if you can, use one that’s in a market, rather than on the side of a bank building. More people around, more of the time, and odd things are more likely to be noticed.
You’re right, the Chinese are that good. Roughly, they graduate more computer grads every year than the number of Americans who speak Chinese. It’s h/w and s/w infrastructure is superb and geographically widely dispersed, meaning that have expertise in depth.
As for the army’s participation, it could do that directly, through its own resources. It also has the equivalent of an equity stake in what has been estimated as 30% of China’s largest companies, and “liaisons” working in more, so it could orchestrate hacking any number of ways.
China’s ability to monitor corporate and private telecoms puts even the US government to shame. If a company puts too good protective s/w on its system, it may find its telecoms lines cut off unless it gives the government the access codes.
Another issue is where is the demarcation between USG and private contractor databases for intel data? If the US has outsourced up to 70% of its intelligence work, that demarcation may be as porous as many of those systems themselves.
Good points.
Marcy, re your conversation tonight with ret. Ambassador John Campbell about security, diplomacy and democracy. (6pm pacific|9pm eastern http://bit.ly/h9PxP1) I wonder how he’ll react to the DOD incompetence and how it will connect to his ideas about how secrecy is essential to diplomacy. Do I have that right?
I plan to ask him about it.
So they can let Bradley go now, right?
The lack of adequate computer security at the DoD ought rationally to mitigate any post-conviction punishment Bradley Manning is subjected to.
It’s one thing to break into a locked and guarded warehouse, monitored 24/7 by video surveillance. The thief who pulls that off is pretty good and a considerable threat. The thief who picks up a stack of bills off an unguarded pallet at Baghdad airport, or who downloads a complete database from the equivalent of the staff library, is opportunistic and exposing more problems than he is causing.
Not in the two-tiered U.S. “justice” system.
“The thief who picks up a stack of bills off an unguarded pallet at Baghdad airport, or who downloads a complete database from the equivalent of the staff library, is opportunistic and exposing more problems than he is causing.” Wow nice rationalization, your don’t rapists make the same argument when a women is dressing provacatively? FYI, if that is the thrust of Manning’s case in mitigation and extenuation he is in trouble.
How silly.
My obvious point was that one kind of criminal can be much more dangerous than another. Some crimes merit greater sanction. Neither of my examples included physical violence, unlike the absurd comparison with rape. A more accurate use of “rape” as a metaphor would be to say that the USG is raping Mr. Manning of his civil rights by imposing pre-conviction punishment that would be illegal post-conviction.
I wouldn’t be a bit surprised if the USG weren’t literally raping Manning.
I hope you are never burglarized and the police tell you we are going to let the criminal free because you didn’t deadbolt the front door. I’m sure this argument will play well in front of a senior military panel. FYI, this is the precise argument that former FBI agent, Mr. Hanssen, made . . . and he got life without parole.
Meant to mention Virtually Speaking has
IRC (internet relay chat) You can be part of the conversation – and ask questions – while listening to Marcy and Amb. Campbell.
Connect to irc.freenode.net or http://webchat.freenode.net/
Enter #vspeak into the channel field.
While listening to the live program on BlogTalkRadio, type comments and questions into the text field. Read what others write.
Begin your question with QUESTION so it is easy for the host to spot.
When someone from Fudan University wants to be linkedin is that a clue?
And what about the paranoid theory that Bradley Manning is the fall guy for another operation, false flag, Red China, or US chamber of commerce?
Adrian Lamo is certainly a kook, so how he got involved in it smacks of USG incompetence. (Haven’t followed that part of story closely though.)
What Pfc. Manning has alleged to have done would be a threat to the authority of people in the government, and these people are primarily concerned with their own position, power and prestige within the government. These are what a subordinate leaker would threaten. The information that was released is a minor sub-consideration.
Scott Horton argues similarly.
One morning, as Gregor Samsa was waking up from anxious dreams, he discovered that in his bed he had been changed into a monstrous verminous bug.
Kucinich describes “Kafkaesque” experience with DoD over Manning.
Although I suspect Kucinich had Der Prozess on his mind more than Die Verwandlung.
His views by be metamorphing as he learns more.
So you applaud PFC Manning for disclosing secret information and laud open access the government . . . but then lament on the lack of network security and how readily unfriendly governments could gain access to secret information. Your latter concern is precisely why the government, not some mentally-unstable private, needs to be the arbiter of what information should be released.
You’re missing the point. The lament is over the perverse double standard that purports that our supposed military adversaries can access these “top secret secrets” but not our own press.
How is that a double standard? Such an argument only makes sense if our government was permitting our adversaries access to information and then not allowing the press access to the same information. That said, I am all for emptywheel’s argument that the government should be able to control who has access to its secrets and the ability to ensure that such information cannot be accessed . . . by private citizen, rogue military member, or foreign government.
How do you know the president actually has access?
(Remember, he gets his information from the same people who are most interested in keeping Manning locked up. You think they’re going to tell him stuff that would greatly embarrass themselves?)
If the U.S. government is concerned about lack of communication security, they ought to give Manning a medal. While only doing minimal damage, he has pointed out to them a critical failing in their communication security.
I speak as someone with many years of experience in military communications intelligence.
Citizen ltbl:
Take a couple a Tylenol and a shot of Jack Daniels and then jump into bed and turn the electric blanket up to 9…that should take care of your confusion before your head explodes.
Awe, someone disagrees with your position and, instead of debating or explaining why that individual is incorrect, you get all huffy . . . how very Nixonesque of you.
Citizen ltbl:
I was just tryin ta help you figure things out before you hurt yourself tryin’ ta use brain cells you ain’t got.
Brilliant retort and I love tough talk on the internet . . . its so scary.
You should know.
Reminds me of the guy who walked into The Little Wagon, a bar in downtown Minneapolis a few years ago, pulled his gun and tried to rob the place, before he realized the place was packed with off duty cops.
*Chuckle*
Thanks for that. It’s exactly like that.
Citizen Watt4Bob:
Where is (was) the Little Wagon…I’m a native Minnesotan now in western Cheeseland and used ta know downtown pretty well back in the day when Lazy Bill Lucas and Korner, Ray and Glover ruled the West Bank. Nothin’ left of the old Minneapolis but history and dreams of history.
The Little Wagon was a block or so from the jail, 420 So. 4th St.
To tell the truth, I don’t know whether it is still there, I heard it was up for sale, I’ll have to drive by to see if it’s still there.
http://www.startribune.com/business/11093041.html
I’ll let you know …
Um, it’s not secret information.
It’s information that is being withheld from taxpayer-citizens. But it is being kept widely available to the people we’re purportedly hiding it from.
Moreover, the govt is not deciding who gets it and not. Chinese hackers are. Are you happier that they are making these decisions than American taxpayers?
I doubt that anyone with a straight-face can say we are consciously permitting foreign governments access to our networks by not make them secure, but let’s say we accept this proposition . . . it sounds like your argument has melded into the contention that classified information should be available to “citizen-taxpayers”. Again, government officials should determine what is classified and what should be released to the general “citizen-taxpayer”, not soldiers or foreign powers. If you can’t trust the government officials you and your fellow “citizens-taxpayers” helped elect, go try out one of the other beautiful vistas around the world. FYI, Mrs. Clinton just released the State Dep’t reports on country conditions and may want to take a gander at those before determining they we live in some malevolent, evil empire. The US is far from perfect, but its only because of how great it is that permits whiny, malcontents to publically nitpick every action.
Right. Every time I watch “the government” on CSPAN, I marvel at the widespread symbols of sanity represented therein.
China isn’t embarrassing our government by going public.
They don’t have to. They know that the USG knows what they’re doing. The USG doesn’t want us to know; we’re within reach of them.
“We” are hiding the truth (and the facts) from “us”. Keeping Americans ignorant, divided, distracted and/or misdirected makes it easier to rob and enslave them.
Citizen workingclass:
“Bingo”…when will some of these people figure out that our entire war machine is intended to keep the miltary safe from our citizens and the war profits safe for the plutocrats.
I suppose the natural question is whether the Chinese can keep their cyber secrets from us.
Wow, this is truly an incestuous self-congratulatory little group . . . completely clueless but together in their own ignorance. Again, if the author’s proposition is Manning should not be held legally accountable is an erroneous view of the law and a dangerous philosophical argument that permits wrong conduct if the breached party is somehow negligent or otherwise partly responsible . . . remember Nazi germany?
Marcy made her point eloquently in the article. Apparently reading comprehension is not your strong suit. Also note that she’s one of the best legal minds in the blogosphere. She knows exactly what she’s saying and why she’s saying it, and the legal implications and references behind her statements.
As for the thrust of the argument that you’re still missing, I’ll try to simply it for you.
Bradley Manning allegedly accessed the same, or similar information, as the Chinese military does on a regular and ongoing basis. We are not pursuing the Chinese for these breaches in our security, so why are we pursuing Manning? Not only are we not pursuing the Chinese, we’re not even attempting to fix the holes in our security.
None of this factors in the Federal Whistle-blower Statutes that protect Manning under the law. He allegedly exposed illegal or shameful conduct by his employer. In our society this is what you’re supposed to do. He’s entitled to equal protections under the law, same protections you’d be entitled to if your boss were price-fixing or if your VP of Operations was promoting an unsafe work environment.
This last gem cracks me up.
Our sharing an idea supported by facts and legal precedent is certainly equivelant to killing 6 million Jews. You’re right. Here’s a thought –
Go find a mirror, look into it, and tell yourself “I’m just like Bill O’Reilly and Glenn Beck.”
Citizen ltbl:
Ok Citizen, that’s it…it gets real tiresome watchin’ a ~~~Edited by Moderator. Disagree without insulting~~~ in disguise and thinks he’s fooled anyone but himself.
FWIW, pissing off the mods is probably not going to further this conversation.
After all these years, I know you are far better than that.
Levels and layers. It’s impossible (for us) to know whether or not the US pretends to prevent others from peeking. As likely as not, the Chinese (or anyone) have to work very hard to break in to Systems A, B, and C, while the real goods are in the system nobody thinks can be invented for another ten years.
The British were excellent in WW2 at that sort of misdirection.
National Corruption Index :: Li Ka-shing
May 1, 2008 …
Li has also financed satellite deals between American company Hughes Network … and was later sold to giant defense contractor L-3 Communications. … Despite these warnings, Hutchison Whampoa took control of two ports …
http://www.nationalcorruptionindex.org/pages/profile.php?profile_id=16 – Cached-
NOTE: The last four paragraphs are of particular import to the this thread;however, the entire piece is definitely worth a careful review.
WOW, just WOW.
Pretty interesting.
I have posted on earlier occasions about the Dubai Ports deal. The Saudis wanted it, but the public reactiion was very negative toward “foreign” ownerships of American ports.
The eventual buyer? Drumroll,please…..AIG!
What do you mean by eventual buyer? AIG bought from Ka-shing?
No, I should have stated that eventually,after Congressional debate, the buyer was AIG.
Hutchison Whampo has control of other ports elsewhere,and has longstanding,lucrative contracts with COSCO,the ubiquitous container shipping company that is seen at ports everywhere,all over the world.
Got it.
This will be of particular interest :
Port lease deal sinks(*)
17 hours ago
The Carlyle Group, a private equity firm, and Hutchison Port Holdings, which operates more than 50 ports in 25 countries and handles as much as 15 percent …Daily News – Galveston County – 3 related articles
Also,
Hutchison Whampoa – Wikipedia, the free encyclopediaOn March 2011, Hutchison Port Holdings Trust (HPHT) announced that the company will IPO through Singapore Exchange for about $5.4 billion. …
en.wikipedia.org/wiki/Hutchison_Whampoa – Cached – Similar
Port lease deal sinks(*)
By Michael A. Smith
The Daily News
Published April 14, 2011
GALVESTON — Efforts to float a master lease agreement between the Port of Galveston and a private joint venture ran aground Wednesday when marine terminal operator Hutchison Port Holdings suddenly and without explanation pulled out of the deal, port officials said.
Hutchison’s departure prompted The Carlyle Group, which had been the money behind the joint venture, to withdraw as well, according to the port’s financial advisers, Bank of Montreal Capital Markets.
Officials at Bank of Montreal told port officials they would contact other firms that had expressed interest in Galveston’s public docks. They also warned that only the Carlyle-Hutchison venture had offered a sweeping deal that could have transformed the island’s entire aging, underused harbor.
The Carlyle Group, a private equity firm, and Hutchison Port Holdings, which operates more than 50 ports in 25 countries and handles as much as 15 percent of the world’s containerized cargo, in a joint venture were the lone bidders.Galveston’s proximity both to deep water and the Panama Canal, which is being enlarged to accommodate a new generation of very large container ships by 2014, made it attractive to the bidders.
NOTE: Hutchison controls the Panamanian Port,btw.
How do you know & keep up with this topic? Something you do or in your background?
ESP??
*G*
Will the Obama justice department now consider using the “Espionage Act” against China’s People’s Liberation Army?
Is English your second language?
BTW, I’ve read the article, and I see no indication that the author thinks Manning should not be held accountable, the point of the article is actually more like this;
If the DOD can’t be bothered to secure its’ data from our enemies, then what is the point of torturing a man who has not been charged, let alone convicted of a crime?
I have yet to hear anyone on these boards saying it is wrong to hold Manning accountable, but we are mostly in agreement that he is being harshly mis-treated for no good reason.
If you want an alternative example; John Hinckley shot president Reagan, and was never put in solitary confinement or otherwise mis-treated.
It would be useful to hold Mr. Manning “accountable” only for what he actually did, as proven beyond a reasonable doubt in a credible public tribunal by established procedures and rules of evidence. Holding him in order to exploit him to get at others, if that’s what’s being done, has nothing to do with a credible criminal justice system; it is illegally punishing him for the acts of others.
If Mr. Manning did commit civil disobedience, then a sane criminal justice system, as opposed to the one he is currently being punished by, would take into consideration a host of mitigating factors.
You see what I see.
The Star Chamber has returned.
The most prevalent form of terrorism on the planet is that which is practiced by the US government and is aimed at anyone who threatens to think for themselves.
A major problem with the DOD (and most of U.S. industry) is that it has chosen Microsoft Windows as its day-to-day desktop operating system. Windows has a history of remote exploits, and while no operating system is “unhackable”, and Windows is getting less insecure, it has a long way to go as a secure operating system because Microsoft philosophy has always been “ease of use” first. China has no such compunction and chooses to go the more-difficult-to-exploit-remotely route.
http://en.wikipedia.org/wiki/Red_Flag_Linux
They can buy firewall software that would help a lot. Hell, they could require dongles in order to use USB ports and CD burners. (No, I can’t use those at work, even though they physically exist on my computer. It can be incredibly inconvenient for legitimate work purposes.)
Late again. Too darn busy around here.
Anyway, many moons ago I worked for a company that built a DDN (Defense Data Network) router at the core of much of the “secure” network. I took a call from a military network center about a base in the South that had problems. During that call I had the security officer change the login locally so I could get in and poke around, which led me to fly to the base and do some stuff to the router, which led to me helping them over a couple of days to “fix” their network so it worked and was reasonably secure. I left the officer with a couple of pages of guidelines on how to change their procedures to keep the system secure.
A few months later while cleaning my desk I ran across the file on this account, and just for giggles attempted a remote login using my temp UID/PWD. It worked. I got in and looked around and then called the security officer, only to find out he’d retired, the junior officer had been transfered, and the place was now managed by a senior enlisted guy with a specialty in phones, waiting out his last year before retirement. I couldn’t get *anyone* anywhere to listen and pay attention and fix this hole.
I’m sure it’s better now, but I question how much better.
Read “The Cuckoo’s Egg” sometime. It’s old now, but it’s a great story and shows what a challenge it is to keep the network secure.
Lovely. Wow.
And all that’s w/o spear-fishing to figure out that the senior enlisted guy knows phones but not networks.
earlofhuntingdon@75
this is a legally precise, easily comprehensible summary of the way a court of law, military as well as civilian, should respond to the legitimate charges (as opposed to the pile on charges dod added recently) against pvt manning.
if the court-martial fails to meet this standard, then it has failed to do justice to manning.
markb@84
thanks for this very interesting and informative comment.
it points to human systems problems, not technical problems, with the dod’s (in)secure computer networks.
that was one of manning’s complaints – soldiers sit around all day without any demands being put on them for disciplined, aka, professional, effort –
copy music cd’s, talk to their family, watch movies, play video games,
all while on duty!!
o/t [sorry]…but OY!
The bombing continues until Gaddafi goes; David Cameron, Barack Obama and Nicolas Sarkozy; The Telegraph; 15 Apr 2011