SoylentNews is people
SoylentNews
Lisa Rein writes in the Washington Post that a new government review of what the Chinese hack of sensitive security clearance files of 21 million people means for national security is in — and some of the implications are quite grave. According to the Congressional Research Service, covert intelligence officers and their operations could be exposed and high-resolution fingerprints could be copied by criminals. Some suspect that the Chinese government may build a database of U.S. government employees that could help identify U.S. officials and their roles or that could help target individuals to gain access to additional systems or information. National security concerns include whether hackers could have obtained information that could help them identify clandestine and covert officers and operations (PDF).
CRS says that if the fingerprints in the background investigation files are of high enough quality, "depending on whose hands the fingerprints come into, they could be used for criminal or counterintelligence purposes." Fingerprints also could be trafficked on the black market for profit — or used to blow the covers of spies and other covert and clandestine officers, the research service found. And if they're compromised, fingerprints can't be reissued like a new credit card, the report says, making "recovery from the breach more challenging for some."
(Score: 5, Insightful) by Yog-Yogguth on Thursday July 30 2015, @12:11PM
Last node on a traceroute doesn't mean anything significant. If they have something else they need to back it up or just shut up. It ought to be obvious that they're being fooled and/or are fooling themselves. It is as if someone is recreating the travel route of a commuter in reverse from the destination and finds that the person walking into office started walking in the garage and then loudly proclaims the garage to be the departure point!
That's how dumb “Director of National Intelligence”¹ James Clapper and his peers of PHBs are: “the attack was from Garagistan!^WChina!” >:(
¹ $deity please save us now!
Of course the analogy is flawed; it oculd be even less meaningful than that, it could be packet injections and “exfiltration” anywhere inbetween and with a Chinese IP at the end of a line tied around a red herring lying at the back wall of a blind alley <(((>{ and it stinks :3
There's no reason to think the Chinese did it and there's no reason to think that if the Chinese government wanted the data they wouldn't get it from friendly US politicians as happened with various secret military technology. In case people don't realize it the Chinese are rich now and have been for a while, they would simply buy it illegally.
There are plenty of insecure Windows computers in China and you don't need to speak Chinese to hack them, if an attack can only be traced as far as to a Chinese IP it only means whoever did it got away with it. Saying “China did it” is the same as saying “we have narrowed down to the suspects to a quarter of the world population”, it's completely meaningless in every way.
By far the most likely explanation for the hack is that it is a local or partly local entity that wanted information on potential targets and who simply went to the/a source. Very smart of them, very “know thy enemy”.
TL;DR: the US government is being doxxed. Bang bang!
WaPo is shit. The “NSA” approach to computer “security” is a free-for-all bonanza of insecurity.
*ragequits comment* ;D (I'm not awake yet, extreme morning grumpiness)
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by takyon on Thursday July 30 2015, @12:19PM
Traceroute is not the only means of authenticating an attacker. For example they could be looking at the vulnerabilities used and comparing them to other attackers. Given that the govt collects its own zero-days and pals around with Hacking Team, it's not much of a stretch.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Yog-Yogguth on Thursday July 30 2015, @05:55PM
True but contrast that to Clapper's statement (or the “details” in the Congress-whatever “report”): it's obvious they have nothing of the sort, Clapper wouldn't be timid or shy (don't try to imagine that or you'll lose your bowels in both directions) and they're all in desperate need for “success” hence all the faked bs they push out which doesn't stand up to scrutiny.
It could genuinely be someone in China or the Chinese government —I have no way of knowing— but there is nothing at all which corroborates that. It could also be the work of a well hydrated Inuit in Sahara, that's equally plausible. Combine that with the fact that Clapper is a known liar (to Congress none the less thus a liar unto liars: it's liars all the way down/up) thus the entirely baseless claim of a “Chinese” hack should be openly ridiculed and derided and the sources of such statements spat upon with great big gobs of phlegm by everyone, bonus points if it's from orbit :) (it would need to be a really big gob to survive reentry).
Hacking Team has no credibility to lend to anything (nor does Clapper and the US government), not even if the hypothetical should turn out to be true because “discovery by zero-day” is no different to and undistinguishable from “faked discovery by zero-day”.
By the way have the bodies of dead Hacking Team members started to wash up on shores yet? I've been a bit under the weather and catching up on old news (as always) and there's /a lot/ of people out there expecting their deaths and/or warning them to “disappear”. Wonder if any of them have anything up their sleeve to try to save themselves, or maybe that would only guarantee them a slower and much more painful death?
N.B. I also read that Schneier now somehow is somewhat convinced North Korea did the Sony hack even though there's still no evidence. I call bullshit on that too: all it means is that there has been a lot of pressure and massaging of the message going on to make unsupported claims into “truths”. That's how it works when done “right”, we know that, it is documented by Snowden (and of course the idea is much older and has been used in more overt manner for hundreds if not thousands of years; it used to be called propaganda).
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 0) by Anonymous Coward on Thursday July 30 2015, @04:54PM
Indeed. What I find truly remarkable is that, somehow, your half-coherent ramblings frequently get up-modded. And, in this case, as "Insightful", no less. You wouldn't happen to be running an army of sockpuppets, would you?
(Score: 2) by Yog-Yogguth on Thursday July 30 2015, @06:27PM
Nope, no sockpuppets, not even one, and very rarely post as AC (I guess it's between 3 and 5 times since the site got started).
I got here through the message notifications after I refreshed and read a story in an old tab (one for you and one for Takyon and Takyon's reply was the earliest) and haven't received any notification about moderation yet so since you're talking about sockpuppets I'm expecting +5 something —of course not, you're just having fun and I don't need any more points :P
You're awesome if there is no moderation yet :D
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))