Memories

by Bryan

12 comments

1 Kryten42 { 04.29.09 at 12:07 pm }

How about this for a “No one could have imagined …” 😉 😆

Cyberspies have hacked into government computers and stolen sensitive information on a next-generation stealth fighter, according to an investigation published in The Wall Street Journal Tuesday. The hackers lifted terabytes of data on the Pentagon’s $300 billion Joint Strike Fighter project, the Journal reports, including details about the aircraft’s design that could expose vulnerabilities. The hack is believed to have happened through a hole in a contractors’ network. Lockheed Martin, Northrop Grumman, and BAE Systems are the primary contractors on the project. None of them has publicly commented.

While the details surrounding the reported Joint Strike Fighter breach are far from clear — how the intruders made off with such a massive amount of data, for example, has yet to be revealed — there’s no question the magnitude of the attack is alarming. Even worse, the unnamed officials cited in the story say hackers have worked their way into the U.S. Air Force air traffic control system recently as well. The F-35 is the Pentagon’s most expensive, complex and ambitious aircraft program. According to program estimates, the total investment required in the F-35 exceeds $1 trillion — more than $300 billion to buy 2,456 aircraft and $760 billion to keep them flying beyond their expected life cycle.

IT security anyone? 😀

Computer Spies Breach Fighter-Jet Project

2 Kryten42 { 04.29.09 at 12:18 pm }

Hmmm. This one is interesting for many reasons.

The engineering, financial specs, and communications information used on Marine One, President Obama’s helicopter, were leaked over a P2P network to a system in Iran, according to reports. The leak was traced back to a defense contractor in Bethesda, Md. The information was discovered by Tiversa, a company that provides P2P monitoring and protection services to governments, corporations, and even individuals. The company says its technology can monitor over 450 million users issuing 1.5 billion searches a day. While doing routine work in 2008, Tiversa discovered the information and alerted the defense contractor. Bob Boback, CEO of Tiversa, has said in various interviews that the file with the Marine One details was discovered on the Gnutella network. It is very likely, Tiversa stated, that the contractor didn’t even know it was handing out this type of information.

According to Boback’s interview with WPXI in Pittsburgh, Iran isn’t the only country that is sniffing P2P networks looking for information. “We’ve noticed it out of Pakistan, Yemen, Qatar, and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.” Trolling P2P sites is nothing new, criminals do this all the time. The problem is not that the specs for Marine One were discovered on a P2P network, nor is it that they are in the hands of someone in Iran. The problem is that a United States defense contractor failed to monitor what was installed on their systems. Contractors, government or not, spend millions on network security. They have to, because with the business they are in, secrets must be kept. How is it a defense contractor managed to let a P2P client get past they layers of security and traffic monitoring that are supposed to exist?

Marine One details leaked from P2P net

*sigh* I wish the internet existed when I worked intel. Would have made my job a whole lot easier! I would have had a ball too! Oh well… 🙂

3 Bryan { 04.29.09 at 1:04 pm }

The F-35 leak was from a BAE system, and I think they have finally given up on the new helicopter which has just gotten totally out of hand.

You privatize and use contractors, subcontractors, etc. with no oversight, and no real controls and this is the result. You cannot have security in a fractured environment.

The truly classified, important stuff is not on a network, most of it isn’t even digital. When I was in they wouldn’t even permit electric typewriters, because they generated low-level signals.

Contractors don’t like the “professional paranoids” that were once SOP for military ops. I don’t doubt that the Hedgemony has screwed the system up to make it more efficient and privatization friendly.

I loved the friendly little sticker on one of the pieces of equipment I used: “Losing control of this equipment will cost you $10,000 and 10 years of your life”. It was packaged with a sidearm and 50 rounds of ammunition. It went from the vault to the aircraft, back to the vault, and it was signed for even on alert.

4 Comrade Kevin { 04.29.09 at 4:55 pm }

The GOP being slow to respond? They ought to write that into their party platform. “Slow responders.”

Comrade Kevin´s last blog post..Blessings in the Most Unexpected of Places

5 hipparchia { 04.29.09 at 8:19 pm }

yay! score one for the hackers! srsly, how many more stealth fighters do we need?

but yeah, anyone who doesn’t understand that networks are for sharing and that secrets are not, is, to put it kindly, a doofus.

hipparchia´s last blog post..Send faxes, faxes, and money! [update]

6 Bryan { 04.29.09 at 9:48 pm }

Actually, Comrade Kevin, at this point I think “Unresponsive. Pupils fixed and dilated.” would be closer to the truth.

About 59 to give my local economy something to work with, Hipparchia.

7 Kryten42 { 04.30.09 at 12:04 am }

I guess they forgot about TEMPEST then. (Yes, I know. that was just a ‘public’ code given to a broad range of electronic security programs, like AMSG 719G or whatever it’s called now). I guess NSA and other groups decided it didn’t need to be extended for modern systems. We certainly never had these problems in GD in the 80’s. If you misplaced a paper clip, you had to fill a long report and had your ass chewed!

Accountability. What a silly concept these days.

8 Bryan { 04.30.09 at 12:16 pm }

TEMPEST was the reason for the typewriter ban. A TEMPEST certified “laptop” required a forklift to move.

When I read about the military using Flash drives I cringe. Bringing removable media into a building with military computers without authorization was a violation, and for a while they measured the back-up tapes.

Things have fallen to pieces, and the trend started at the top. I went through a network security class with some Air Force systems maintenance guys down here [you have to check the boxes, sigh] and they complained loud and long about lapses because of orders from up the chain to make things “more efficient”. Efficiency wasn’t the point, security was.

The entire nuclear tracking system has obviously collapsed, because people aren’t bothering to follow the regulations and procedures. The “managers”, who were once called officers, are trying to streamline operations, like any business. The McNamara Mindset that was introduced into all of the academies has a lot to answer for.

9 Kryten42 { 04.30.09 at 8:05 pm }

We were not even allowed to take a mobile phone in during the 90’s! We had to hand them in at the security desk, laptops and anything else that could possible be used to record or transmit images or sound. At DSD, if someone needed to bring in a PC or laptop for a demo or something else, either the entire laptop was destroyed and they were issued a receipt for a replacement or the HDD & RAM were removed and destroyed and you got a receipt for that. But it all had to be organised and cleared well in advance.

I had a trip to DSTO in Salisbury, SA (kinda like your DARPA) with a new guy once, and I took him through the checkin & security procedures. Because he was new, he had to be *processed* (credentials checked, photo & fingerprints taken and he was searched). He thought it was stupid and couldn’t see the point. So I organised a security lecture for him (which they have there for people who don’t get it). After that dog and pony show, he was a nervous wreck. 🙂 Even the people who work there from the highest level down have to go through the security check every day before they can enter or leave.

Oh, reminds me of a funny story! 😆

We were escorted by one of teh senior Scientists we’d gone there to meet. The base was huge and sprawling with small buildings dotted over the landscape here and there. The main complex was a half hour drive from the main gate. As we were driving, my new partner noticed sheep all over grazing. He commented that that was a good way to keep the grass down. My Scientist friend looked out the window and said “Oh, yes. I suppose they are good for that too.” My partner asked the obvious “What are they for then?” The Scientist said ‘We work with a lot of high energy radiation. We have a new phased array radar system we are testing. If the sheep start dropping, we can trace the pattern and know which installation caused the event and terminate the experiment. We can also collect useful data from the corpses.” This was all said with the perfectly matter-of-fact voice and straight face as only a hard-core Scientist can do. My parner looked a bit shaken and began scanning around the moving car for any signs the shhep were dropping dead. The Scientist friend looked over at me and we both laughed! My Scientist friend had a wicked sense of humor (even though what he said was the truth). 😉 He worked for what was known then as the ‘Microwave Energy Weapons Research Group’, but was on loan to the ‘Radiowave Propagation Group’. I always loved the names they used! 😆

They have had a couple accidents there. It usually just means lamb for lunch the next day! 😀

10 Bryan { 04.30.09 at 9:29 pm }

Since they were using microwave energy, the lamb would have arrived pre-cooked in natural juices.

In early radar controlled weapons, they actually checked to see things were working by putting standard fluorescent tubes in the path.

I thought I was going to be trapped in NSA headquarters forever because the hospital included my dental x-rays with my records, and even exposed film was a no-no. I had to wait while they were scanned under a microscope before they were destroyed. I was out-processing, all I wanted to do was turn in my badge, and get the out-processing form signed, and sign out on the duty book. Six hours I’ll never get back with one of the professional paranoids.

I wasn’t allowed to just take in the badge and the out-processing register to the duty officer, everything had to be kept together, and the process completed in a specific order. It’s on an Army facility and they had a fit if you went in the logical order.

11 Kryten42 { 05.01.09 at 8:59 am }

Yeah. Security… what a concept huh? 😉 People today seem to thing that security means hiding in their mom’s basement or under the bed. *sigh*

Since there’s no current thread… I’ll post this here. I dunno about you… but it sure made me smile! Hugely. 😀

Prosecution of Bush Six Back On
by Scott Horton
April 29, 2009 | 12:39pm

In a ruling in Madrid today, Judge Baltasar Garzón has announced that an inquiry into the Bush administration’s torture policymakers now will proceed to a formal criminal investigation. The ruling came as a jolt following the recommendation of Spanish Attorney General Cándido Conde-Pumpido against proceeding with a criminal inquiry, which was reported in The Daily Beast on April 16.

Judge Garzón previously initiated and handled investigations involving Chilean dictator Augusto Pinochet, Argentine “Dirty War” strategist Adolfo Scilingo and Guatemalan strongman José Efraín Ríos Montt, often over the objections of the Spanish attorney general. His case against Pinochet gained international attention when the Chilean general was apprehended in England on a Spanish arrest warrant. Scilingo was extradited to Spain and is now serving a sentence of 30 years for his role in the torture and murder of some 30 people, several of whom were Spanish citizens.

Garzón’s ruling today marks a decision to begin a formal criminal inquiry into the allegations of torture and inhumane treatment he has been collecting for several years now.

Now, Garzón has announced a preliminary criminal inquiry into the Bush administration torture policy, specifying the evidence that a crime had been perpetrated against Spanish subjects, but not yet specifying the specific targets of the investigation. Judge Garzón’s decision revealed a deep engagement with documents which had been released in Washington in the last two weeks, particularly a group of memoranda prepared by lawyers in the Bush Justice Department’s Office of Legal Counsel, a report of the Senate Armed Services Committee, and a memo released by the Senate Intelligence Committee, making it likely that he would focus on the authors of the torture memoranda and other lawyers who worked with them.

Much more here at The Daily Beast:
Prosecution of Bush Six Back On

BTW, it seems Prez. Obama was trying very hard to get Spain to drop it. Thankfully, in Spain unlike the USA, the Judges follow the law and can’t be bullied by their government. 🙂 But, there is one way Obama can prevent the Bush criminals being tried in Spain (from the above link):

Spanish lawyers close to the case tell me that under applicable Spanish law, the Obama administration has the power to bring the proceedings in Spain against former Bush administration officials to a standstill. “All it has to do is launch its own criminal investigation through the Justice Department,” said one lawyer working on the case, “that would immediately stop the case in Spain.”

12 Bryan { 05.01.09 at 5:55 pm }

That is the key to the International Criminal Court, and foreign prosecution – an unwillingness to investigate. If we don’t do it, someone else will. It’s really that simple, and it is an obligation under the conventions we have signed. I don’t see a legal way of avoiding doing it, so they should just start.