The Strategypage is a comprehensive summary of military news and affairs.
 News As History - November 22, 2008

Dunnigan's and Bay's Latest
Advertisement
New Strategy - Wargames at Discount Prices
1.Squad Battles: Winter War
2.Silent War
3.Manoeuvre
4.Gallic Wars
5.Fast Action Battle: The Bulge

100+ Computer and Board games all with free shipping.
 
 
 

Online Giving

Utah SEO Firm

Xango

Smiley Gifts for Babies
Military History | How To Make War | Wars Around the World Rules of Use
Information Warfare Discussion Board
Sign In   Return to Topic Page
Subject: how to visit Pentagone with your computer ?
jean    8/1/2003 1:25:32 PM
French investigation paper "le canard enchaîné" has visited the Pentagone databases. Without hackers , crack systems , very simply.
Who is responsible of the IT security " DISA" ( defense information systems agency). It's like if you put a lot of locks and you let the keys on them.
don't worry it's the same mess here in france.
 
Quote    Reply
 Latest
 News 		  Most
 Read 		  Most
 Commented		  Hot
 Topics

Email Me When A New Comment Is Made
Show Only Poster Name and Title     Sort in Reverse Order Posted
WinsettZ    RE:how to visit Pentagone with your computer ?   8/12/2003 5:28:48 PM
Government hasn't been particularly good about its security. Again, anything unsecured could easily be planted for deception purposes. Or, it could be supreme failure. Either way it's very tangent to what is expected from a government database.
 
Quote    Reply

bsl    RE:how to visit Pentagone with your computer ?   8/12/2003 6:16:42 PM
What an interesting story. Here's another-- Aware that a variety of people across the world are interested in breaking into sensitive computer systems, the administrators of certain systems establish protocols to address this matter. This matter which has been a prominent subject of discussion for more than fifteen years; public discussion, discussion among computer professionals, and discussion among government personel in high security settings. The subject, even of a variety of dramatic presentations on television and movies, in both America and Britain, all the way back into the 1980s. Indeed, virtually any American who attended college over the last generation was aware of this, general area of interest, and most could tell, if only third or fourth hand, stories of people who penetrated the security system of one or another institution for fun, or profit, or to "correct" "mistakes". And, I speak from some personal knowledge of this area of interest. How to deal with the threat of hacks, especially when the whole field evolves quickly, and no individual bit of software, or software patching is good for very long? And, when some, at least, of the people trying to hack have truly nefarious ends in mind, apart from the joy of the effort or publicity. Do you know what a "honey trap" is? Imagine a dummy system established specifically for the purpose of distracting potential trespassers from the real networks, and to allow the system administrators to watch to see how penetrations are attempted. This both allows them to learn the latest sorts of hacks, and allows them a shot at tracking hackers back to their source. I hope this doesn't strike you as too abstruse. It's Intelligence 101. Do you **really** think that genuinelly secret networks are open to penetration by "intrepid" reporters? Perhaps you might reflect on where the Internet came from, and who invented it. Reflect, further, on what that implies about the origin of various protocols used in connection with the Internet. I recall that some months back, one of the French posters on this site made some comments about how the Iraqis were going to jam the GPS system, and destroy the ability of the American military to operate off it. At that time, I suggested that that person think, a bit, about where GPS came from, who invented it, who wrote the software and the protocols. Turned out that the whole jamming issue was a canard. American forces operated just fine, WITH GPS assistance. There's an old expression, about not trying to teach your grandparent to suck eggs, which is probably applicable to this whole area.
 
Quote    Reply

jean    RE:how to visit Pentagone with your computer ?   8/13/2003 3:22:23 PM
bsl maybe the honey trap can be an explanation. This paper related 10 days after, that it could access again to the DISA databases. You are the specialist. to be followed ?
 
Quote    Reply

bsl    RE:how to visit Pentagone with your computer ?   8/13/2003 4:58:24 PM
I'm not a specialist. I apologize if I gave the impression that I was. I have been around when some specialists spoke about these sorts of issues, over the years, and have a brother who is in the field and helped write some obscure standards covering a specialized part of the internet. As best I know, it has been true, over the years, that many organizations around the world, public and private, underestimated their vulnerability to penetration. There are stories going back 20 years or more, before the internet, of major banks and financial organizations who had their computer systems penetrated and large amounts of money "stolen" who covered the crimes up, rather than reveal, publically, how negligent they had been about security. I don't doubt that the American Pentagon had branches who made these sorts of mistakes some years back. But, the internet has been around almost a generation, now, and the people working with the military nets grew up understanding the dangers. Add to that the military and intelligence communities had extensive experience with computer systems in the pre-internet days, and had to address security issues back then, since it's far easier to loot the files of an electronic system than to do the same thing to rooms full of filing cabinets. And, finally, there have been enough stories over the last generation of real security penetrations of various kinds which became known to the general public to have alerted even the most staid old bureaucrat about the potential dangers. All together, I find it extremely difficult to believe that *truly* secret nets are vulernable in the ways the kind of story you cited claim, these days. Public nets, the sort which display information you might find in brochures, for instance, might be much less secure. But, *real* secret nets? Entre to systems holding genuinelly significant data, as opposed to advertising, PR, etc? That I find difficult to believe. I can't say it's impossible. It's well not to underestimate the capacity of any large institution to make mistakes. But, I do find it unlikely. bsl
 
Quote    Reply

American Kafir    I wouldn't call it hacking...   8/18/2003 9:17:11 AM
The entrance into the Pentagon's servers exploits a flaw discovered in Netscape (well, one of them) server software, which has been known about and update patches written for it since mid-1998. The flaw is a error in configuration during installation, which would allow older versions of Netscape to access the root directory of the server without asking for (or needing) a system administrator password. I'd think bsl's theory of a "honey trap" is credible. I really can't imagine a scenario where anyone who knows anything about computer security would allow a Netscape product near his computer, much less install it on the system.
 
Quote    Reply

giblets    RE:I wouldn't call it hacking...   8/18/2003 10:48:45 AM
a few years ago, New Scotland yard approached the pentagon after being hacked into, the reason for scotland yard approaching the pentagon? The hackers had been unable to penetrate the scotland yard portal, but had gained access to the pentagon, and used their free access to Scotland yards records to get in.
 
Quote    Reply

American Kafir    RE:I wouldn't call it hacking...   8/18/2003 1:24:55 PM
Embarassing.
 
Quote    Reply

StrategyWorld.com© 1998 - 2008StrategyWorld.com. All rights Reserved. StrategyWorld.com, StrategyPage.com, FYEO, For Your Eyes Only and Al Nofi's CIC are all trademarks of StrategyWorld.com Privacy Policy