Mapping The CIA Nonclassified Network
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Mapping The CIA Nonclassified Network

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    429

    Unhappy Mapping The CIA Nonclassified Network

    The Full story can be found here .
    I found this interesting an insight into how Networks can be mapped without every probing or portscanning.

    J.
    _________Start_Of_Article_______

    A London-based Internet security and risk consulting firm last week published the results of a two-day study that highlights in surprising detail the CIA's primary points of presence on the public Internet.

    Using open, legal sources of information and without conducting any illegal port scanning or intrusive network probes, Matta Security Ltd. produced a detailed map of nonclassified CIA networks, including several that aren't readily available to the public. Matta's study also uncovered the names, e-mail addresses and telephone numbers of more than three dozen CIA network administrators and other officials.

    A CIA spokeswoman cast doubt on the significance of the report, stating that there are many IT professionals within the agency who are "overt" employees and need to have Internet access.

    However, some security experts, although vague about the specific nature of potential vulnerabilities such information could be used to exploit, noted the possible threat from determined adversaries who might be able to use the information to obtain more sensitive or secret information or for other forms of attack planning.

    "The points of presence all seem to be overt CIA links, and the names are of overt employees who seem to be either system managers or points of reference for billing purposes," said Vince Cannistraro, former chief of counterintelligence at the CIA, who reviewed the report. "It doesn't tell you anything about the clandestine side of CIA networks over which classified information flows and which has no public points of presence. But perhaps these are good starting points for less-scrupulous elements to begin cyberattacks."

    A Foot in the Door

    Richard Hunter, an analyst at Stamford, Conn.-based Gartner Inc. and a former National Security Agency analyst, cited the report as an example of the threat that open information can pose to any organization, including intelligence agencies.

    "Simply knowing the names and e-mail addresses that Matta turned up would be enough for some social engineers to get the rest of the information necessary to mount an attack," said Hunter, referring to hackers who break into networks using information obtained from legitimate users or public sources.

    "The fact that this information was gathered through a search on Google.com, which is hardly considered by most people to be a hacker's tool, is especially interesting," he noted. "The network map is rudimentary, but it gives an attacker some idea of where to look first."

    And that was the whole point of the study, said Chris McNab, the report's primary author.

    "We wanted to draw attention to the risks of publicly available data that could be mined by determined attackers when targeting large organizations," said McNab. "Through issuing simple search engine requests, combined with [network interface card] and [Domain Name System] querying, we were able to build good pictures of the CIA's primary Internet presence, without ever port-scanning or probing their networks directly."

    Steven Aftergood, a defense and intelligence analyst at the Federation of American Scientists in Washington, said he wasn't shocked by the results of the study.

    "Any server that is connected to the Internet will always leave certain footprints," said Aftergood. "It would be a stretch to call them vulnerabilities. On the other hand, the CIA may be unhappy about this effort because it reveals more than the agency wants the public to know."

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    276
    dont underestimate the power of google
    Dear Santa, I liked the mp3 player I got but next christmas I want a SA-7 surface to air missile

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    170
    It often seems to be the case that lots of information government agencies want to keep unknown to the general public are in fact easy and perfectly legal to access.

    Remember the NSA Employee Manual? Anyone could call NSA and request a copy of it.
    Mankan

    \"The purpose of abstraction is not to be vague, but to create a new semantic level in which one can be absolutely precise.\"
    - Edsger Dijkstra

  4. #4
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295
    The only downside to that company is that it is the same company that had to post about their abilities in every single forum on AO ... matta ... damn spammers

    Cheers,

    BrainStop
    "To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Posts
    429
    yesh, nearly forgot about that, dastardly spammers

    J.
    [glowpurple]manually editing your config files can break them. If this happens, you get to keep both pieces. [/glowpurple]

  6. #6
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    I'm not impressed. Anyone can claim anything. For all we know they got all of their information by way of social engineering. I'm a bit skeptical about the capabilites of a company that behaves in that manner.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  7. #7
    Member
    Join Date
    Mar 2002
    Posts
    85
    SPAM SUCKS. that is all I have to say.

    oh-and that company should be disolved.
    LATER-
    __________________________
    Computers make sense people
    DON\'T.

  8. #8
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    I don't think that a lot of companies understand the whole Spam backlash thing. I'm sure most of them view sending out Spam as a no lose situation.
    Its not software piracy. Im just making multiple off site backups.

  9. #9
    Member
    Join Date
    Feb 2002
    Posts
    87
    The company must be using this for propaganda. Why would they attempt to map the CIA network anyways, to much time on their hands? LOL

    ccKid

  10. #10
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    hmm i read this article last night... interesting really... i guess now no one believes in the Closed Network BS...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •