Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Wednesday June 13, @06:00AM   Printer-friendly
from the 600GB-of-txt-files-is-massive dept.

Nation-state attackers affiliated with the Chinese government have made off with a trove of undersea military secrets, according to a report.

Hackers were able to mount a lateral attack after compromising the networks of a Navy contractor working for the Naval Undersea Warfare Center in Rhode Island, according to a Washington Post report, citing American officials.

The result? “Massive amounts of highly sensitive data” flowed into the hands of China, unnamed officials told the paper, including “secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020.”

The incident happened January and February, the sources said, and resulted in 614 gigabytes of data, most of it highly sensitive info related to American offensive and defensive systems, including cryptography systems for secure communication, signals and sensor data, and the Navy’s electronic submarine warfare library, which contains information about adversary radar platforms.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by anubi on Wednesday June 13, @07:10AM (9 children)

    by anubi (2828) on Wednesday June 13, @07:10AM (#692253) Journal

    Our Congress has been duped into passing law to "protect" software from being examined to make sure it does not have hidden agendas in it... not much different than a businessman may want to read a contract to verify what the salesmen say is what he is really agreeing to. But, our Congress, at the urging of "rightsholders", has made it so that we can no longer "read the contract" to see what we are really submitting to our machine.

    The story also linked to the CC Cleaner backdoor [threatpost.com], which was the first I heard of it. I have used CCleaner on my machine for quite some time now, even had it recommended to me by a friend who knows IT a helluva lot more than I do. I scan my computer regularly with Microsoft's own Security Essentials, as well as Malwarebytes. None of them said a peep about it.

    How many other backdoors are hiding in other popular softwares? Even ones vetted by "trusted" sources? I know this is something that is really hard for a Congressman to understand, given they were brought up in a time where security was men wagging guns, and who those men took orders from. I guess from a Congressman's point of view, the "rightsholder" walked away happy, knowing now the buyer will not be able to read the pesky fine print which would have killed a sale.

    This is the result of ignorance. It can happen to any of us. Especially to those who put their head into a hole in the ground and think Congress can legislate cybersecurity by passing law.

    Didn't they learn anything from Prohibition?

    We really need a secure computing platform in the worst way. Not "security through obscurity". No.

    Security through knowledge of exactly how the thing works, so you KNOW when its doing something else. You would not take a manager, plug his ears and eyes in the name of DMCA, turn a bunch of employees ( with hidden agendas ) loose in his shop, and expect anything good to come of it? But that's the legal environment of computing Congress and the software industry are crafting for us. Obedience, misplaced trust, and ignorance are required for this business model.

    That is a tall price to pay to make sure someone does not copy a song.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   2  
  • (Score: 3, Informative) by MichaelDavidCrawford on Wednesday June 13, @08:55AM (8 children)

    most boxes these days are equipped with a Trusted Computing Initiative chip. install tails on one but store a random key in the TCI's write only memory. encrypt the entire hard drive with the result of xoring your key with the tci key

    that would mean that even sector copying your disk would be of no use to anyone

    macOS now has System Integrity Protection that blocks writes to or deletion of many important files. its easy to disable but you need to possess the actual box. boot into Recovery Mode, open Terminal from the Utilities menu then

    $ csrutil disable

    --
    Every call you get with blocked ID, answer it with "Hello Mrs Crawford".
    • (Score: 1) by anubi on Wednesday June 13, @09:43AM (7 children)

      by anubi (2828) on Wednesday June 13, @09:43AM (#692282) Journal

      There are definitely two levels of security there... whether or not you have access to the physical box.

      Most everything I work on, if you have access to the box, you are God. Well, if its my box and I am responsible for it, I better know what its doing, and be able to GodMode to it.

      But, I know there are things like ATM's, where the box is not in my physical possession, and securing something like that is an order of magnitude more complex and difficult to administer. Like how do I prove to my remote who I am, knowing at any time my communications may be compromised? There are ways of doing it... rotating codes and the like... but if I copy someone else's design, I am already compromised. Even if I don't, if they are determined enough, I don't know a thing I can design that someone else ( who I will assume is smarter than me ) can't work around.

      Consider DVD Jon. That was one helluva insight that kid had on how to undo all that DVD-CCA consortium design.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
      • (Score: 2) by MichaelDavidCrawford on Wednesday June 13, @09:59AM (6 children)

        so i could charge my laptop late one night.

        when its alarm went off i figured i shoul plug it back in then make myself scarce.

        it booted windows ce

        not long after that every last one of that kind of atm in portland saw its cord and socket replaced with conduit that went inside whatever building they were next to.

        for the best i expect because the very instant i found that plugging it back in didnt silence its alarm i hatched a plan involving a white van labeled Midnight Electronics Corporation, lots of foam, some orange traffic cones and a Sawzall.

        --
        Every call you get with blocked ID, answer it with "Hello Mrs Crawford".
        • (Score: 3, Interesting) by anubi on Wednesday June 13, @10:45AM (5 children)

          by anubi (2828) on Wednesday June 13, @10:45AM (#692293) Journal

          I saw one business that had this big gong outside, I guess security theater to scare off the bad guy.

          Well, one day his business git hit. And the gong was eerily silent.

          It was dis-assembled to find out why it did not do its job. It was full of something like Great Stuff [homedepot.com]. It was sprayed right into the vent holes where the sound was supposed to come out.

          It had everything all mucked up in foam.

          That taught me a lesson for when I am commissioned to do a building security:

          Yes, I will mount a big gong right outside the building... maybe ring it occasionally, but I am using it as a canary... something I can easily watch for any sort of tampering, being opened, sprayed ( breaks a light beam ), whatever.. hoping the bad guy will attack that first, give me a heads up so I can get enforcement on the way before he does much more damage. Same with TV cameras... I get every old TV camera I can get my hands on. Real ones. Doesn't matter whether they work or not, I just make sure I can get a red LED in 'em in such a manner they appear active, then I sense for any tampering on it, and watch it with a hidden camera that catches them in the act.

          If the sight of the cameras deterred the malicious act, fine. If they didn't, then the bum camera is sacrificed to get a good shot of the guy doing the deed.

          I started using junk as decoys after I had a girlfriend who worked as a waitress at a popular eatery long time ago during the 70's energy crisis. The edict came down that none of the wait staff was to touch the thermostat. However, the restaurant patrons were not very happy when my girlfriend had to tell them she couldn't do anything. She told me about it. I dug up an old mechanical thermostat I had replaced because its contacts were all pitted and eroded, and accompanied her back to the restaurant and got permission from her boss to screw it onto the wall in full view of the diners after the place closed for the night. Whenever the diners complained about the heat, the wait staff was to go fiddle with it instead of telling the customer it can't be done. Seemed to make everyone quite a bit happier, and my girlfriend often treated me with some of the gracious tips she received because of that thing. No one but me, the restaurant owner, the manager, and the wait staff knew it was just a piece of junk screwed to the wall.

          --
          "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
          • (Score: 2) by Oakenshield on Wednesday June 13, @01:28PM (1 child)

            by Oakenshield (4900) on Wednesday June 13, @01:28PM (#692321)

            I started using junk as decoys after I had a girlfriend who worked as a waitress at a popular eatery long time ago during the 70's energy crisis. The edict came down that none of the wait staff was to touch the thermostat. However, the restaurant patrons were not very happy when my girlfriend had to tell them she couldn't do anything. She told me about it. I dug up an old mechanical thermostat I had replaced because its contacts were all pitted and eroded, and accompanied her back to the restaurant and got permission from her boss to screw it onto the wall in full view of the diners after the place closed for the night. Whenever the diners complained about the heat, the wait staff was to go fiddle with it instead of telling the customer it can't be done. Seemed to make everyone quite a bit happier, and my girlfriend often treated me with some of the gracious tips she received because of that thing. No one but me, the restaurant owner, the manager, and the wait staff knew it was just a piece of junk screwed to the wall.

            The thermostat controls in our building are only for show as well. There are sensors to monitor the temperature in the thermostat housings, but the controls are totally useless. The only real control is on a Honeywell Computer program in the physical plant office. It's a feel good measure to make the peons feel like they have some control in their lives. The guys from physical plant told me that.

            • (Score: 1) by anubi on Friday June 15, @10:41AM

              by anubi (2828) on Friday June 15, @10:41AM (#693419) Journal

              The thermostats at the college I recently attended were that way too. They repurposed the housing and wiring for a temperature sensor, but left the mechanical innards intact - but they weren't connected to anything.

              If one took the cover off, it was kinda obvious.

              Kinda makes sense... a student trekking to a classroom in 100 deg F ambient is apt to arrive wanting the thing at 60 degrees.. whereas the instructor, just arriving from across the hall in an air conditioned office, is fine with 78 deg.

              I suppose centralizing the controls stopped a lot of arguments over who controlled the thing.

              --
              "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
          • (Score: 3, Interesting) by ledow on Wednesday June 13, @08:45PM (2 children)

            by ledow (5567) on Wednesday June 13, @08:45PM (#692519) Homepage

            I have an air-conditioned office and server rooms.

            Every winter, everyone comes and hides in my office "because it's lovely and warm".
            Every summer, everyone comes and hides in my office "because it's lovely and cool".

            The temperature literally hasn't deviated 1 degree in four years (except once in a power-cut that set off alarms for doing so).

            Temperature is so subjective that placebo vastly outweighs it. Pretty much why I steer clear of all those Internet-controlled thermostats, smart-meters, etc. Put it on a temp, leave it there. If you feel cold, it's because YOU feel cold. After a while of knowing that the external temperature doesn't affect your body temperature very much at all, your logic begins to outweigh it and you stop noticing.

            Water temperatures, mixer taps, shower controls, all kinds of things are just knobs to fiddle with to make you feel like you're making a difference. I set my oven to 200 degrees recently and just leave it there. I turn it on and off but I never change the temperature, it just doesn't make any difference once it's up to temperature for 99.9% of things people cook. And the oven won't cool even 10 degrees quickly enough before you think it needs to be fiddled with again. Toasters controls are usually really "timers", and inaccurate ones at that (usually the timer is set right if it's working "from cold" but the second piece of toast for the same time will come out more cooked). Battery indicators (nearest 10% at best). Signal strength (no single established standard for what "four-bars" might represent). Volume controls (anyone else here just whack all mixing channels to max, and then set main volume to a reasonable level and then leave it there forever?).

            All kinds of stuff is just a placebo control.

            To be honest, any kind of alarm is the same. Nobody but you cares about your burglar alarm going off. Literally, nobody's going to come and look, chase off the robbers for you, or even call the police. The ones that try can usually be fooled by "Oh, I'm just feeding the cat for John and it's all gone off..." and similar excuses. Nobody cares in a city about a car alarm going off. If anything, we're all just praying for it to shut the hell up and stop going off repeatedly. Criminals don't care about being on CCTV either. They will just wear a hoodie, pull it over their face, and your chances of ever identifying them are near-zero unless they're terminally stupid. You have cameras to SEE WHAT HAPPENED. Or you have an alert system to ALERT SOMEONE WHO CARES. i.e. you. On your smartphone. Checking the camera. Seeing the strange guy doing things he shouldn't be. Dealing with your own false alarms (no better way to cure false alarms than to make yourself disturbed every time it happens). Informing the police yourself, or going to intervene if you're brave / stupid.

            And then your neighbours might stand a chance of NOT experiencing fatigue at the constant false-alarms and it'll be so unusual that they'll look and see what's happening. But to be honest, I hear an alarm go off every single night. Police won't even attend "just an alarm" in my area, not even for noise abatement. The days of "the alarm informed the police" are also long-gone. At best you hire an intermediate agency paid to care about your alarms who might visit the property, check the cameras, and inform police if a crime is in progress. Every time I've provided footage to the police it's been useless, even when they suspect they know who it was. I've seen someone kick through a door with full 5-lever locks and bolts and all necessary insurance security measures, in seconds, without anyone questioning it. We've all seen the videos of how long it takes a thief to get into a modern car.

            Lots of modern equipment is nothing more than placebo to make you feel better / safer. It does very little in practice at all. It just makes you feel good to have it.

            Though that slight placebo effect might hinder an amateur criminal, anyone who has burgled/stolen/attacked etc. before won't be at all dissuaded by it, they will just defeat it or ignore it.

            I can't think of a single restaurant I've ever been in that would offer any suggestion to someone "feeling hot" than for them to move table or order a cold drink. Pandering to such placebo doesn't really solve anything.

            • (Score: 0) by Anonymous Coward on Thursday June 14, @10:00AM

              by Anonymous Coward on Thursday June 14, @10:00AM (#692796)

              I have an air-conditioned office and server rooms.

              Every winter, everyone comes and hides in my office "because it's lovely and warm".
              Every summer, everyone comes and hides in my office "because it's lovely and cool".

              The temperature literally hasn't deviated 1 degree in four years (except once in a power-cut that set off alarms for doing so).

              Uh seems more like they ARE RIGHT. Your office temp is set to the "right temperature" for "everyone" and it's lovely and warm compared to winter and lovely and cool compared to a hot summer.

            • (Score: 1) by anubi on Friday June 15, @10:53AM

              by anubi (2828) on Friday June 15, @10:53AM (#693424) Journal

              I can't think of a single restaurant I've ever been in that would offer any suggestion to someone "feeling hot" than for them to move table or order a cold drink. Pandering to such placebo doesn't really solve anything.

              But it did have a psychological effect on the customer. They left happy, feeling their say was acted on. My girlfriend got nice tips out of it. And the manager was happy that he could follow the orders that were passed down to him.

              Like you say, it didn't solve anything, but seemed to make everyone feel better. At least got them to hang around long enough to be offered a cold beer. As long as they kept the cat in the bag. During those times, everyone was watching everyone like a hawk over "wasting energy", and I am sure the guy who owned the eatery was probably under energy rationing himself.

              If I am ever passing through that town again, I will probably visit the eatery if its still there, and see if my old thermostat is still screwed to the wall. Kinda doubt it. That was right at 40 years ago when I did that.

              --
              "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]