Nick FitzGerald wrote:
_AND_ at least they noticed and moved to act against it.Every day, many hundreds of thousands of _successful_ attacks against corporations, small businesses and private individuals not only go unreported by them, but entirely undetected and largely unnoticed by the _attacked_.The reason for this comment? A great many of those mocking the DHS over this incident are part of the group just mentioned and are too stupid to ever realize it...
An also *informed* number of members realize the potential of gaining greater budgets by leaving machines vulnerable in an effort to lobby congress for yet more pork barrel money to "secure" these networks from "uber" hackers. So let's sift through crapaganda while its on the table shall we. /* SNIP */ "“China has downloaded 10 to 20 terabytes of data from the NIPRNet (DOD’s Non-Classified IP Router Network),” said Maj. Gen. William Lord, director of information, services and integration in the Air Force’s Office of Warfighting Integration and Chief Information Officer, during the recent Air Force IT Conference in Montgomery, Ala. (http://www.gcn.com/print/25_25/41716-1.html)" /* END SNIP */ 20 Terabytes huh. Unnoticed 20 terabytes? At that rate they would need some massive pipes to download this all undetected. Let's analyze the comment and the logic... 20 terabytes on an OC3 would take you 291 hours 44 minutes and 16 seconds give or take. Gigabit Ethernet, 45 hours 30 minutes and change... So how did they manage do achieve this marvelous feat of magic undetected. It obviously couldn't be at high speeds which means they would have had to either go on undetected for quite some time, or they embedded fiber taps INSIDE of a DoD location (doubtable). 20 terabytes... I'll tell you what I think usually happens with DoD and governmental sectors... Private corporations and those in them slacking (http://cryptome.org/cg-leakage.htm). Do I blame DoD, absolutely. I take a different view of this altogether under a what if I was a contractor with no one monitoring me... Dictating to secretary: "We need another million for these uh golf... *scratch that* for these vertically integrated, high end clustered reverse path packet injection token based AES FIPS standardized firewalls. Its cutting edge technology which guarantees and mitigates against unauthorized intrusions". The government should undertake a *real* method to secure their infrastucture. Have it revamped by industry experts and implemented by those same experts. Not some deep pocket contractors who will skim so much of the money away and into accounts in the triple borders. (reality... like it or not) -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743echo infiltrated.net|sed 's/^/sil@/g'
"Wise men talk because they have something to say; fools, because they have to say something." -- Plato
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/