Assessing Pentagon Performance On Information Security From some Ex-Hacker’s POV

Ever since there’s been data storage devices, there’s been guys trying to plant pieces of code on them to steal data or wreak havoc. Twenty-five or more years ago, we were constantly losing data because of worms, viruses and crooks and faulty or stolen floppy disks. Recently we’ve seen how SecureID’s used extensively for on site entrance were hacked and may spell the end of those devices. The military it seems, has now decided backing up your stuff, and simply cleaning up the mess, is not making the world any safer. They’re a little touchy, since they thought they fixed things when they forbade everyone from using all external devices and built their own Internet II. Now the new cyber strategy makes it clear that they are not going to continue looking so out-matched by amateurs and neighborhood kids bored with their math teachers.

Back in March the Pentagon disclosed an unnamed military contractor’s system was breached by some “foreign” hackers after, William J. Lynn III, the deputy defense secretary, disclosed that over the years crucial files stolen from defense and industry data networks have included plans for missile tracking
systems, satellite navigation devices, surveillance drones and top-of-the-line jet fighters, along with the kitchen sinks of those wearing omelets on their faces. A great deal of their resurgent concern is about our “most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems and network security protocols.”

Naturally, neither the contractor, nor the putative nation blamed, are mentioned, but that is probably because we still have no real proof. We covered the Lockheed intrusion tek-blogs.com/a/79rf59 and possibly they are also the victim here, but don’t hold your breathe for any more information than that. We heard some years back about the Pentagon creating Internet II for their own purposes, but one doubts that military contractors are privy to that protocol. No one has questioned, and the Pentagon has not offered, why it is contractors are trusted with sharing this sort of data on open networks.

Has the Pentagon obsession with fast jets and smart bombs completely missed the mark on information warfare? Will threats alone to destroy anyone caught messing with the military suffice, or, as some are suggesting, will our military lose ground via asymmetrical warfare? That is what the Pentagon characterizes as, “countering an adversary’s strengths by focusing on its weaknesses.”


Best Practices for Protecting Laptop Data

Here is an interesting video from Defcon 17 from earlier this year on what these old hackers -who now work for the system- have to say about cyber war and what can be done. Excuse the testosterone-laced vernacular as these guys have been emasculated enough. They do give us some down-to-earth ways to measure what the real dangers are out there and what can be done and is being done by the really smart guys.

In Wednesday’s NY Times, “so it must be true,” we hear more details on the attacks in March. As it turns out, “a foreign intelligence service hacked into the computer system of a corporate contractor and obtained 24,000 Pentagon files during a single intrusion, senior officials said Thursday.” From the same William J. Lynn III, the deputy defense secretary, we hear from William J. Lynn III, the deputy defense secretary, “Current countermeasures have not stopped this outflow of sensitive information … we need to do more to guard our digital storehouses of design innovation.” Now the Pentagon has decided to dip its toes into a more collaborative relationship with industry. Instead of shielding information from each other, the Pentagon will share what it feels is appropriate, and industry will share everything. Or so it seems that is what they are suggesting.

According to this new “strategy” which is termed “dynamic defense: looking for potential attackers on the Internet rather than waiting for an intruder to attack,” it intimates that now government’s mandate is to oversee all the networks it wants. Not that it even wants to, since it’s sort of got its hands full, but it opens doors that were seemingly off the table. It also appears to be something that may swell the courts over privacy issues for years to come.

There’s a lot of bravado, most of it misplaced, by the military and the ‘legit’ hacker community, the guys who decided they wanted to go to work for the government in some capacity, as opposed to doing time. They’re discussions about kinetic bombs versus metaphorical bombs the simply scatter data and how cool it will be when they can make surgical strikes when they detect the source of an intrusion are scary. Especially scary to anyone who knows how often a guaranteed hit on a virtual location is, at best, still 50-50.

The oddest realization, after trying to decipher the cyber flexing, is that the military is inextricably linked to the global Internet through the electric grid anyway, so I guess they really don’t have Internet II? Yet, as long as there are critics, there will be whistle blowers and disgruntled warriors in any endeavor. Sadly, idealistic kids, like Bradley Manning, are made scapegoats or examples because those in charge haven’t a clue how to make the changes.

The security industry seems like a great place to start a technology career and it’s as safe as it gets. As long as you only fake your disruptive nature.

Tek-Tips

No comments yet.

Leave a Reply


*