lol... it was a "sneaker-net" hack... install trojan off a floppy. :D hehe
Printable View
lol... it was a "sneaker-net" hack... install trojan off a floppy. :D hehe
The .gov .mil is going to be a target for some of the reasons Syini666 and others mentioned, however there are other reasons they get hacked; First off, there are so many different .mil systems and they are hooked to so many machines both in and out of the .mil establishment that you can't even count the terminals and they all have modems. You get root in one, you got access to all in the system. Also, you would *think* that the servers and workstations were all under the same rules and control but they are not. Each branch of the government service, and actually each subgroup (like, maybe a division in the Army) has it's own IT section, and if you think the neighborhood dog is jealous of who gets into the farmer's manger you never met a military IT section leader. Seems most are worried that some junior enlisted dogface will prove (s)he's smarter in security than the "specialist" is. To aggravate the situation, many large .gov units are IT'd by civilian employees who hire on at attractive payrates, and they are sometimes viciously jealous of anyone, military or civilian, who shows more knowledge than they have. I think no matter how much the gov spends on super-training the Fibbies it won't do any good except when the various .gov or .mil servers get whacked the Fibbies will be able to trace the intrusion, maybe. This may sound a bit harsh, but it's pretty close to the truth in most cases. And i'm a card-carrying patriot who really hates to lay blame on our government. Actually, i'm not blaming the "government", it's just that some of the employees seem to be not quite up to par, and go to great lengths to cover their inadequacies in this terribly complex and moving environment. Wish all .gov and .mil servers, terminals and the programs on them were controlled (actually SysOp'ed) by the same highly qualified IT guru, you'd probably see a different level of security. And if some general gets his .mil email hacked he either has a very poor password or he should fire his IT specialist! :D
It really is not Net Admin fault here nor is throwing money going to solve the problem. Fact is the dot mil pays nothing in pay scale wise that could afford any sort of life outside a US base. Check out employment with any goverment agency and look at the sad pay scales. A State Dept Admin that is supposed to secure systems, get top grade security clearence, code, decode all communications etc pay scale tops out at 65k per year not much unless you get into a consultant office where the exchange rate is good. It also shows that this guy was being watched for a long time by sys admin and it will take about one year for a goverment agency to react to something sys is telling them. Fact is scan any dot gov edu mil and you are being watched by really under paid people. The guy did cause damages and should pay the price. Matter of fact with this new "Homeland Security Agency" has inserted this http://www.msnbc.com/news/834875.asp (hate MSN but I read lots of news daily from many sources to form an objective prespective) Will this guy be the first to get life?
I find it amusing in a way. Think back to when Los Alamos Labs and, I think, Sandia Labs were hacked into. The people handling their security are all college grads and somebody in their mid teens can beat them. It's curious that the Govt and the various Labs all require college degrees, when they should be looking at ability and qualifications. Letters after a name don't mean much in the computer industry these days. Just my very humble, unlettered after name, opinion.
Quote:
It really is not Net Admin fault here nor is throwing money going to solve the problem. Fact is the dot mil pays nothing in pay scale wise that could afford any sort of life outside a US base. Check out employment with any goverment agency and look at the sad pay scales.
I have two buddies who have and still are subcontracted "civilians" that work for the government on their network systems, so I know they pay outside people, you were right on the need for security clearnances and such. Both had intensive screenings and both say you really have to watch where you go and what you see while on base or else MP's pop out of no where. They both make far in excess of 65k a year too, so don't get down on the idea just quite yet.
Well Chuck56 you have to remeber that when all this came about that when it came to ethics and computer use yes only people with a U degree had access to main frames. Did the kids beat us nope we only errored in believing that computing would be treated by respect and honor for the true tool it is unlike any other really. Fire is a tool can make one warm keep the house comfortable, but I seeing "burning down the house" (Talking Heads tune)...go on laugh OldMan :) we deserve it! Actually the mid teens did not beat them they just downloaded programs that other Admins developed over time most crackerjack tools are used by people that know nothing more then point and click. Butt puckers I knew I could use the tools for that but have ethics, after all I don't hit women, grab canes, flatten wheel chair tires or park in handicap spaces, not cause I can't do all these things..I choose however to respect what is not mine and peoples diginity. Amusing that the very systems being hacked so often now days provide an income for people to live, or pay for that pesky script kiddie's internet connection. We are not talking binary programs but compiled programs hack what using what program? LOL always loved the blinking cursor in Nix..ok now what? LMAO
Im glad that the .gov is no longer sitting by mindlessly putting their PCs in danger but come on.... I've seen bank robbers beat peaple up and cost more money & harm to companies then any s.kiddie ever could yet peaple like that will get a much easyier sentencing now than some s.kiddie ever will. And with this homeland "security" they think that its ok to invadeing many inoccent peaple's privacy without warrent will be justified if they catch a s.kiddie within their watchful eyes.
Good points, Palemoon. I think computer security is basically defensive and you can't win being on the defensive. Somebody just works until they find a way in. Trouble is, at this point in time, what constitutes offensive computer security?
I am not really getting this, but as i understand it, I agree with who ever that said that America gets involved in too many things going on in the world. If a counrty is having a priblem with their economy or their neighbors, if they have a problem solving the problem, and it gets to the point that it might lead to a very destructive war, then we can get in it. If we keep jumping in everytime we hear something about countries in like a cold war or something , we just jump in and try to be the super country.