Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Wednesday June 13 2018, @06:00AM   Printer-friendly
from the 600GB-of-txt-files-is-massive dept.

Nation-state attackers affiliated with the Chinese government have made off with a trove of undersea military secrets, according to a report.

Hackers were able to mount a lateral attack after compromising the networks of a Navy contractor working for the Naval Undersea Warfare Center in Rhode Island, according to a Washington Post report, citing American officials.

The result? “Massive amounts of highly sensitive data” flowed into the hands of China, unnamed officials told the paper, including “secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020.”

The incident happened January and February, the sources said, and resulted in 614 gigabytes of data, most of it highly sensitive info related to American offensive and defensive systems, including cryptography systems for secure communication, signals and sensor data, and the Navy’s electronic submarine warfare library, which contains information about adversary radar platforms.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 4, Interesting) by Anonymous Coward on Wednesday June 13 2018, @06:25AM (11 children)

    by Anonymous Coward on Wednesday June 13 2018, @06:25AM (#692249)

    Someone exfiltrates several hundred gigabytes out of your protected network, you even have enough sensors data to tell months after the fact, yet didn't realize it the minute it was happening?

    This is either a propaganda lie, or a sign of gross, premeditated incompetence.

    I wouldn't put the first beyond the government, and I wouldn't put the second beyond any commercial entity.

    • (Score: 3, Interesting) by MichaelDavidCrawford on Wednesday June 13 2018, @06:52AM (1 child)

      by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday June 13 2018, @06:52AM (#692252) Homepage Journal

      back in the day a thief snatched a laptop from between the ankles of an MI-5 agent as he was taking a leak in a train station.

      i eventually decided that was a setup, for example to lead soviet cryptologists to crack the wrong cipher.

      perhaps all those gigabytes were put there shortly before the PRC was invited in.

      --
      Yes I Have No Bananas. [gofundme.com]
    • (Score: 5, Insightful) by ledow on Wednesday June 13 2018, @07:35AM (7 children)

      by ledow (5567) on Wednesday June 13 2018, @07:35AM (#692257) Homepage

      1) They broke into your secure systems. You obviously don't know how to make them.
      2) They did it without you knowing at first.
      3) They then managed to re-transmit that data somehow. Back over your own lines maybe? If so, boy do your "secure" systems need work.
      4) The data stolen could be useful to a foreign government (i.e. not encrypted end-to-end with good keys)
      5) You then claim they are Chinese state.

      The most worrying of thoseis the latter. Without proof, I could literally just say "The Russian government hacked me", which is incredibly different to:

      - Some place in Russia hacked me.
      - Some Russian guy hacked me.
      - I can prove that the data ended up in Russian government hands.
      - Someone else hacked me and made it look like it was coming from the Russian government.

      I've noticed a trend in the last few years of literally just attributing attacks to nation states, with zero explanation. And then, in the next sentence, saying that cyber-attacks are a justifiable cause for military retaliation. This is a slippery slope, especially with certain morons in power, which only ends in a state declaring war on another "just because", or based on entire false information.

      The only takeaway I really have is: The US can't secure their most secure systems adequately from the Internet.

      • (Score: -1, Spam) by Anonymous Coward on Wednesday June 13 2018, @09:02AM

        by Anonymous Coward on Wednesday June 13 2018, @09:02AM (#692272)

        "What great students," the teacher thought to himself. Not a single one misbehaved as the teacher gave his lesson. In fact, all of this teacher's classes were like this; it was to the point where he was famous for his teaching ability. All around the country, this man was known as 'The Six-Lesson Schoolteacher'. This was not just a reference to his unmatched ability to teach, but to something else as well: The Six Lessons.

        "The Six Lessons," as he referred to them, were six fundamental life lessons that everyone needed to know. The first lesson was that men had the fundamental right to utilize women and children as they pleased. The second lesson was that men had the fundamental right to utilize women and children as they pleased. The third lesson was that men had the fundamental right to utilize women and children as they pleased. The fourth lesson was that men had the fundamental right to utilize women and children as they pleased. The fifth lesson was that men had the fundamental right to utilize women and children as they pleased. The sixth lesson was that men had the fundamental right to utilize women and children as they pleased. Truly, this teacher emphasized repetition.

        Suddenly, long after the teacher had finished his lesson, the bell rang. "Wonderful, class! We had a truly great time together, and I am pleased to have instructed you," the teacher said gleefully. He continued, "I am fully confident that you all understand The Six Lessons now. You are dismissed." After that, the teacher walked out of the room. The students could leave as well, but something was wrong; no one moved.

        It wasn't just that the students wouldn't get up; they couldn't get up. Upon observing the children, one would understand what was transpiring. Just like all of his past students, they did not wear clothes. Just like all of his past students, they did not move. And also just like all of his past students, they would rot away in due time and be replaced with more lovely children. And he could not wait to thoroughly instruct more young, impressionable minds...

      • (Score: 3, Informative) by PiMuNu on Wednesday June 13 2018, @10:02AM

        by PiMuNu (3823) on Wednesday June 13 2018, @10:02AM (#692288)

        There was a hack on winter olympic servers attributed to North Korea. Later turned out hackers were Russian based... source:

        https://www.theregister.co.uk/2018/03/08/analysis_suggests_north_korea_not_behind_olympic_destroyer_malware_attack/ [theregister.co.uk]

      • (Score: 0) by Anonymous Coward on Wednesday June 13 2018, @04:58PM (3 children)

        by Anonymous Coward on Wednesday June 13 2018, @04:58PM (#692405)

        What you ascribe to conspiracies and warmongering is more easily explained by the nature of how intelligence and spy-work works. As an example, imagine the vice-chairman of of China is really a double-agent working for the US, and has told the US that it was China who stole this information. Are you really expecting a press release from the US saying, "Our high-placed spy in the Chinese government told us this?" Likewise, imagine they managed to sneak a bug into the meeting room in the Kremlin. Do you really expect the US to say, "our listening device in the Kremlin recorded Putin saying he did this."

        Moreover, would you believe them if they said it?

        When it comes to covert intelligence, for the general public you just need to believe or not believe them. If you don't believe them, fine... but don't take their lack of supporting evidence as being indicative of anything.

        • (Score: 5, Touché) by ledow on Wednesday June 13 2018, @08:22PM

          by ledow (5567) on Wednesday June 13 2018, @08:22PM (#692512) Homepage

          Yeah, we just need to take people at their word that Iraq has WMD.

          And then kill millions of people on that basis.

          Present evidence to the appropriate courts or organisations, or don't make the claim in public.
          You'll notice that plenty of countries, faced with actual attacks involving the deaths of people (e.g. attacks on UK soil by suspected Russian agents), present an allegation, evidence for it, take it to court, and get it proven. Not just assert something like that.

          I expect people to be able to back up any claim made in public to the satisfaction of those who make such decisions and not have media quote "officials" that are entirely unnamed and unwilling to confirm that claim in public (and, yes, in this case, it's a news article, but I could link to where named US military officials gave press conferences equating attacks with acts of war, and then alleging that a particular state was behind a particular attack, with literally nothing else said or done about it).

          If it's serious and provable enough to NAME A COUNTRY, it's serious enough you could end up in a war, so it's serious enough to have to present your evidence. Otherwise, you keep your mouth shut, as an "official".

        • (Score: 2) by PartTimeZombie on Thursday June 14 2018, @01:00AM

          by PartTimeZombie (4827) on Thursday June 14 2018, @01:00AM (#692629)

          I ascribe these sorts of stories to the fact that the US has such a huge part of it's economy invested it the military that it has no choice but to keep inventing enemies, or people will start to ask for the spending to be cut back, so that maybe some money could be spent on schools, or maybe healthcare or something that might help ordinary Americans.

        • (Score: 0) by Anonymous Coward on Thursday June 14 2018, @09:53AM

          by Anonymous Coward on Thursday June 14 2018, @09:53AM (#692794)
          And someone being paid lots of money to betray someone sure has no motivation to make shit up to make himself seem more useful?

          There have been cases of spies making shit up to send to their paymasters.
      • (Score: 2) by bob_super on Wednesday June 13 2018, @07:01PM

        by bob_super (1357) on Wednesday June 13 2018, @07:01PM (#692474)

        It's the Mafia-like habit of our governments: If someone from $family did something, there is no way $family didn't know, because otherwise they would kill him for acting unauthorized. Conversely, if that member gets caught by someone else, $family doesn't know that he was doing anything, and would have not allowed it.

    • (Score: 0) by Anonymous Coward on Wednesday June 13 2018, @04:52PM

      by Anonymous Coward on Wednesday June 13 2018, @04:52PM (#692400)

      with the opm "hack" the fuckheads/traitors in the US gov hired a chinese contractor(as if they are not all beholden to the state) to process the data. said chinese contractor accidentally gave it to chinese state folks. US gov scum reported it as super hackers from china. iow, it's likely a combination of all three. treason, incompetence and lies. at least the spooks are getting granny's email and the pigs are busting potheads. we can all rest easy.

  • (Score: 2) by MichaelDavidCrawford on Wednesday June 13 2018, @06:49AM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday June 13 2018, @06:49AM (#692251) Homepage Journal

    You say that like its a bad thing.

    --
    Yes I Have No Bananas. [gofundme.com]
  • (Score: 2, Insightful) by anubi on Wednesday June 13 2018, @07:10AM (9 children)

    by anubi (2828) on Wednesday June 13 2018, @07:10AM (#692253) Journal

    Our Congress has been duped into passing law to "protect" software from being examined to make sure it does not have hidden agendas in it... not much different than a businessman may want to read a contract to verify what the salesmen say is what he is really agreeing to. But, our Congress, at the urging of "rightsholders", has made it so that we can no longer "read the contract" to see what we are really submitting to our machine.

    The story also linked to the CC Cleaner backdoor [threatpost.com], which was the first I heard of it. I have used CCleaner on my machine for quite some time now, even had it recommended to me by a friend who knows IT a helluva lot more than I do. I scan my computer regularly with Microsoft's own Security Essentials, as well as Malwarebytes. None of them said a peep about it.

    How many other backdoors are hiding in other popular softwares? Even ones vetted by "trusted" sources? I know this is something that is really hard for a Congressman to understand, given they were brought up in a time where security was men wagging guns, and who those men took orders from. I guess from a Congressman's point of view, the "rightsholder" walked away happy, knowing now the buyer will not be able to read the pesky fine print which would have killed a sale.

    This is the result of ignorance. It can happen to any of us. Especially to those who put their head into a hole in the ground and think Congress can legislate cybersecurity by passing law.

    Didn't they learn anything from Prohibition?

    We really need a secure computing platform in the worst way. Not "security through obscurity". No.

    Security through knowledge of exactly how the thing works, so you KNOW when its doing something else. You would not take a manager, plug his ears and eyes in the name of DMCA, turn a bunch of employees ( with hidden agendas ) loose in his shop, and expect anything good to come of it? But that's the legal environment of computing Congress and the software industry are crafting for us. Obedience, misplaced trust, and ignorance are required for this business model.

    That is a tall price to pay to make sure someone does not copy a song.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    • (Score: 3, Informative) by MichaelDavidCrawford on Wednesday June 13 2018, @08:55AM (8 children)

      by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday June 13 2018, @08:55AM (#692267) Homepage Journal

      most boxes these days are equipped with a Trusted Computing Initiative chip. install tails on one but store a random key in the TCI's write only memory. encrypt the entire hard drive with the result of xoring your key with the tci key

      that would mean that even sector copying your disk would be of no use to anyone

      macOS now has System Integrity Protection that blocks writes to or deletion of many important files. its easy to disable but you need to possess the actual box. boot into Recovery Mode, open Terminal from the Utilities menu then

      $ csrutil disable

      --
      Yes I Have No Bananas. [gofundme.com]
      • (Score: 1) by anubi on Wednesday June 13 2018, @09:43AM (7 children)

        by anubi (2828) on Wednesday June 13 2018, @09:43AM (#692282) Journal

        There are definitely two levels of security there... whether or not you have access to the physical box.

        Most everything I work on, if you have access to the box, you are God. Well, if its my box and I am responsible for it, I better know what its doing, and be able to GodMode to it.

        But, I know there are things like ATM's, where the box is not in my physical possession, and securing something like that is an order of magnitude more complex and difficult to administer. Like how do I prove to my remote who I am, knowing at any time my communications may be compromised? There are ways of doing it... rotating codes and the like... but if I copy someone else's design, I am already compromised. Even if I don't, if they are determined enough, I don't know a thing I can design that someone else ( who I will assume is smarter than me ) can't work around.

        Consider DVD Jon. That was one helluva insight that kid had on how to undo all that DVD-CCA consortium design.

        --
        "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
        • (Score: 2) by MichaelDavidCrawford on Wednesday June 13 2018, @09:59AM (6 children)

          by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday June 13 2018, @09:59AM (#692286) Homepage Journal

          so i could charge my laptop late one night.

          when its alarm went off i figured i shoul plug it back in then make myself scarce.

          it booted windows ce

          not long after that every last one of that kind of atm in portland saw its cord and socket replaced with conduit that went inside whatever building they were next to.

          for the best i expect because the very instant i found that plugging it back in didnt silence its alarm i hatched a plan involving a white van labeled Midnight Electronics Corporation, lots of foam, some orange traffic cones and a Sawzall.

          --
          Yes I Have No Bananas. [gofundme.com]
          • (Score: 3, Interesting) by anubi on Wednesday June 13 2018, @10:45AM (5 children)

            by anubi (2828) on Wednesday June 13 2018, @10:45AM (#692293) Journal

            I saw one business that had this big gong outside, I guess security theater to scare off the bad guy.

            Well, one day his business git hit. And the gong was eerily silent.

            It was dis-assembled to find out why it did not do its job. It was full of something like Great Stuff [homedepot.com]. It was sprayed right into the vent holes where the sound was supposed to come out.

            It had everything all mucked up in foam.

            That taught me a lesson for when I am commissioned to do a building security:

            Yes, I will mount a big gong right outside the building... maybe ring it occasionally, but I am using it as a canary... something I can easily watch for any sort of tampering, being opened, sprayed ( breaks a light beam ), whatever.. hoping the bad guy will attack that first, give me a heads up so I can get enforcement on the way before he does much more damage. Same with TV cameras... I get every old TV camera I can get my hands on. Real ones. Doesn't matter whether they work or not, I just make sure I can get a red LED in 'em in such a manner they appear active, then I sense for any tampering on it, and watch it with a hidden camera that catches them in the act.

            If the sight of the cameras deterred the malicious act, fine. If they didn't, then the bum camera is sacrificed to get a good shot of the guy doing the deed.

            I started using junk as decoys after I had a girlfriend who worked as a waitress at a popular eatery long time ago during the 70's energy crisis. The edict came down that none of the wait staff was to touch the thermostat. However, the restaurant patrons were not very happy when my girlfriend had to tell them she couldn't do anything. She told me about it. I dug up an old mechanical thermostat I had replaced because its contacts were all pitted and eroded, and accompanied her back to the restaurant and got permission from her boss to screw it onto the wall in full view of the diners after the place closed for the night. Whenever the diners complained about the heat, the wait staff was to go fiddle with it instead of telling the customer it can't be done. Seemed to make everyone quite a bit happier, and my girlfriend often treated me with some of the gracious tips she received because of that thing. No one but me, the restaurant owner, the manager, and the wait staff knew it was just a piece of junk screwed to the wall.

            --
            "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
            • (Score: 2) by Oakenshield on Wednesday June 13 2018, @01:28PM (1 child)

              by Oakenshield (4900) on Wednesday June 13 2018, @01:28PM (#692321)

              I started using junk as decoys after I had a girlfriend who worked as a waitress at a popular eatery long time ago during the 70's energy crisis. The edict came down that none of the wait staff was to touch the thermostat. However, the restaurant patrons were not very happy when my girlfriend had to tell them she couldn't do anything. She told me about it. I dug up an old mechanical thermostat I had replaced because its contacts were all pitted and eroded, and accompanied her back to the restaurant and got permission from her boss to screw it onto the wall in full view of the diners after the place closed for the night. Whenever the diners complained about the heat, the wait staff was to go fiddle with it instead of telling the customer it can't be done. Seemed to make everyone quite a bit happier, and my girlfriend often treated me with some of the gracious tips she received because of that thing. No one but me, the restaurant owner, the manager, and the wait staff knew it was just a piece of junk screwed to the wall.

              The thermostat controls in our building are only for show as well. There are sensors to monitor the temperature in the thermostat housings, but the controls are totally useless. The only real control is on a Honeywell Computer program in the physical plant office. It's a feel good measure to make the peons feel like they have some control in their lives. The guys from physical plant told me that.

              • (Score: 1) by anubi on Friday June 15 2018, @10:41AM

                by anubi (2828) on Friday June 15 2018, @10:41AM (#693419) Journal

                The thermostats at the college I recently attended were that way too. They repurposed the housing and wiring for a temperature sensor, but left the mechanical innards intact - but they weren't connected to anything.

                If one took the cover off, it was kinda obvious.

                Kinda makes sense... a student trekking to a classroom in 100 deg F ambient is apt to arrive wanting the thing at 60 degrees.. whereas the instructor, just arriving from across the hall in an air conditioned office, is fine with 78 deg.

                I suppose centralizing the controls stopped a lot of arguments over who controlled the thing.

                --
                "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
            • (Score: 3, Interesting) by ledow on Wednesday June 13 2018, @08:45PM (2 children)

              by ledow (5567) on Wednesday June 13 2018, @08:45PM (#692519) Homepage

              I have an air-conditioned office and server rooms.

              Every winter, everyone comes and hides in my office "because it's lovely and warm".
              Every summer, everyone comes and hides in my office "because it's lovely and cool".

              The temperature literally hasn't deviated 1 degree in four years (except once in a power-cut that set off alarms for doing so).

              Temperature is so subjective that placebo vastly outweighs it. Pretty much why I steer clear of all those Internet-controlled thermostats, smart-meters, etc. Put it on a temp, leave it there. If you feel cold, it's because YOU feel cold. After a while of knowing that the external temperature doesn't affect your body temperature very much at all, your logic begins to outweigh it and you stop noticing.

              Water temperatures, mixer taps, shower controls, all kinds of things are just knobs to fiddle with to make you feel like you're making a difference. I set my oven to 200 degrees recently and just leave it there. I turn it on and off but I never change the temperature, it just doesn't make any difference once it's up to temperature for 99.9% of things people cook. And the oven won't cool even 10 degrees quickly enough before you think it needs to be fiddled with again. Toasters controls are usually really "timers", and inaccurate ones at that (usually the timer is set right if it's working "from cold" but the second piece of toast for the same time will come out more cooked). Battery indicators (nearest 10% at best). Signal strength (no single established standard for what "four-bars" might represent). Volume controls (anyone else here just whack all mixing channels to max, and then set main volume to a reasonable level and then leave it there forever?).

              All kinds of stuff is just a placebo control.

              To be honest, any kind of alarm is the same. Nobody but you cares about your burglar alarm going off. Literally, nobody's going to come and look, chase off the robbers for you, or even call the police. The ones that try can usually be fooled by "Oh, I'm just feeding the cat for John and it's all gone off..." and similar excuses. Nobody cares in a city about a car alarm going off. If anything, we're all just praying for it to shut the hell up and stop going off repeatedly. Criminals don't care about being on CCTV either. They will just wear a hoodie, pull it over their face, and your chances of ever identifying them are near-zero unless they're terminally stupid. You have cameras to SEE WHAT HAPPENED. Or you have an alert system to ALERT SOMEONE WHO CARES. i.e. you. On your smartphone. Checking the camera. Seeing the strange guy doing things he shouldn't be. Dealing with your own false alarms (no better way to cure false alarms than to make yourself disturbed every time it happens). Informing the police yourself, or going to intervene if you're brave / stupid.

              And then your neighbours might stand a chance of NOT experiencing fatigue at the constant false-alarms and it'll be so unusual that they'll look and see what's happening. But to be honest, I hear an alarm go off every single night. Police won't even attend "just an alarm" in my area, not even for noise abatement. The days of "the alarm informed the police" are also long-gone. At best you hire an intermediate agency paid to care about your alarms who might visit the property, check the cameras, and inform police if a crime is in progress. Every time I've provided footage to the police it's been useless, even when they suspect they know who it was. I've seen someone kick through a door with full 5-lever locks and bolts and all necessary insurance security measures, in seconds, without anyone questioning it. We've all seen the videos of how long it takes a thief to get into a modern car.

              Lots of modern equipment is nothing more than placebo to make you feel better / safer. It does very little in practice at all. It just makes you feel good to have it.

              Though that slight placebo effect might hinder an amateur criminal, anyone who has burgled/stolen/attacked etc. before won't be at all dissuaded by it, they will just defeat it or ignore it.

              I can't think of a single restaurant I've ever been in that would offer any suggestion to someone "feeling hot" than for them to move table or order a cold drink. Pandering to such placebo doesn't really solve anything.

              • (Score: 0) by Anonymous Coward on Thursday June 14 2018, @10:00AM

                by Anonymous Coward on Thursday June 14 2018, @10:00AM (#692796)

                I have an air-conditioned office and server rooms.

                Every winter, everyone comes and hides in my office "because it's lovely and warm".
                Every summer, everyone comes and hides in my office "because it's lovely and cool".

                The temperature literally hasn't deviated 1 degree in four years (except once in a power-cut that set off alarms for doing so).

                Uh seems more like they ARE RIGHT. Your office temp is set to the "right temperature" for "everyone" and it's lovely and warm compared to winter and lovely and cool compared to a hot summer.

              • (Score: 1) by anubi on Friday June 15 2018, @10:53AM

                by anubi (2828) on Friday June 15 2018, @10:53AM (#693424) Journal

                I can't think of a single restaurant I've ever been in that would offer any suggestion to someone "feeling hot" than for them to move table or order a cold drink. Pandering to such placebo doesn't really solve anything.

                But it did have a psychological effect on the customer. They left happy, feeling their say was acted on. My girlfriend got nice tips out of it. And the manager was happy that he could follow the orders that were passed down to him.

                Like you say, it didn't solve anything, but seemed to make everyone feel better. At least got them to hang around long enough to be offered a cold beer. As long as they kept the cat in the bag. During those times, everyone was watching everyone like a hawk over "wasting energy", and I am sure the guy who owned the eatery was probably under energy rationing himself.

                If I am ever passing through that town again, I will probably visit the eatery if its still there, and see if my old thermostat is still screwed to the wall. Kinda doubt it. That was right at 40 years ago when I did that.

                --
                "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
  • (Score: 3, Touché) by Lester on Wednesday June 13 2018, @07:27AM (7 children)

    by Lester (6231) on Wednesday June 13 2018, @07:27AM (#692255) Journal

    ...info related to American offensive and defensive systems [...] which contains information about adversary radar platforms.

    Where did USA get Information about adversary radar platforms? <s>Did USA ask it to adversary and adversary gave it?</s> I think that USA got it using Nation-state attackers affiliated with the USA government, or directly by NSA.

    Just usual skirmish in cold cyberwar.

    • (Score: 2) by MichaelDavidCrawford on Wednesday June 13 2018, @09:01AM (6 children)

      by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday June 13 2018, @09:01AM (#692271) Homepage Journal

      its called the Joint Forces Cyber Command. its part of the Strategic Forces Command and its headquarters is at Fort Meade Maryland.

      the National Cryptological Museum is also at Fort Meade and is open to the public. They have a real Enigma machine there.

      --
      Yes I Have No Bananas. [gofundme.com]
      • (Score: 2, Informative) by anubi on Wednesday June 13 2018, @09:47AM (5 children)

        by anubi (2828) on Wednesday June 13 2018, @09:47AM (#692283) Journal

        I wonder if we learned anything about placing too much trust in machine encryption from the Enigma.

        The Germans trusted it. Too much.

        Are our military types putting too much trust in stuff with backdoors they don't know about yet?

        --
        "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
        • (Score: 3, Interesting) by Oakenshield on Wednesday June 13 2018, @01:45PM (4 children)

          by Oakenshield (4900) on Wednesday June 13 2018, @01:45PM (#692326)

          I wonder if we learned anything about placing too much trust in machine encryption from the Enigma.

          The Germans trusted it. Too much.

          It would have been secure if the operators had followed proper procedures. i.e. not reusing the same rotors every time, reusing initial rotor settings and plug board settings, not sending the same message fragments on every message.

          The biggest flaw in the Enigma was that no letter could be enciphered into itself.

          Good operating procedures, properly enforced, would have made the plugboard Enigma machine unbreakable.[3][4][5] However, most of the German military forces, secret services and civilian agencies that used Enigma employed poor operating procedures, and it was these poor procedures that allowed the Enigma machines to be reverse-engineered and the ciphers to be read.

          https://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma [wikipedia.org]

          • (Score: 3, Interesting) by bzipitidoo on Wednesday June 13 2018, @02:46PM (1 child)

            by bzipitidoo (4388) on Wednesday June 13 2018, @02:46PM (#692348) Journal

            You talk like you don't know the military boys.

            They want unbreakable security that they can break, in case it falls into enemy hands. They will throw the security away in a heartbeat if it inconveniences them too much, and hoke up bull to justify what they want to do. For instance, they want to use MS Windows, and they don't care that it's the least secure and most infected OS out there, they like it because they feel comfortable that they know how to use it. But they're also slow to approve new software. They've probably not yet moved to Windows 10. Might even still be using Windows 2000.

            How do they justify, on security grounds, their use of an old version of Windows? Well, it goes like this. Linux was written by foreigners, while Microsoft is an American company. How do we know these foreigners haven't put backdoors in Linux?? But Microsoft can be trusted, because they're American.

            Because military discipline can be excessively harsh, they are extremely anxious to avoid blame. The low ranking officers can be more worried about taking the blame than taking a bullet, it's that harsh. We're talking court martial, prison, hard labor, and dishonorable discharge. Their top security concern is not external enemies, it's internal ones, that is, their own bosses. They have a saying in the military: "shit rolls downhill". It's a succinct expression of the very common practice of blaming your underlings for your mistakes, who in turn blame their underlings, and so on.

            • (Score: 2) by Oakenshield on Wednesday June 13 2018, @07:20PM

              by Oakenshield (4900) on Wednesday June 13 2018, @07:20PM (#692487)

              what does any of this have to do with what I wrote about Enigma being unbreakable when used with proper procedures?

              They want unbreakable security that they can break, in case it falls into enemy hands. They will throw the security away in a heartbeat if it inconveniences them too much, and hoke up bull to justify what they want to do.

              Say what? Are you trying to say that the Germans intentionally operationally misused the Enigma in case it fell into Allied hands? Just so they could break it afterwards? You are making no sense at all if you are trying to dispute that the Enigma would have been secure in WWII for the Germans had they followed protocol.

              How do they justify, on security grounds, their use of an old version of Windows? Well, it goes like this. Linux was written by foreigners, while Microsoft is an American company.

              You do realize that the NSA is the creator of the SELinux kernel extensions, right? And you do know that the Air Force maintains a secure distribution of Linux called TENS? https://www.spi.dod.mil/lipose.htm [dod.mil]

              They have a saying in the military: "shit rolls downhill". It's a succinct expression of the very common practice of blaming your underlings for your mistakes, who in turn blame their underlings, and so on.

              The military also has another saying. "You can delegate authority, but you can't delegate responsibility." In other words, you are talking out of your ass.

          • (Score: 2) by MichaelDavidCrawford on Thursday June 14 2018, @08:25PM (1 child)

            by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Thursday June 14 2018, @08:25PM (#693155) Homepage Journal

            During the war someone realized that many different messages had the same initial cleartext; perhaps the date.

            So the order came down to prevent stereotypical text attacks by starting every message with a nonsense word, such as "Sonnenschein".

            Hilarity Ensued.

            --
            Yes I Have No Bananas. [gofundme.com]
            • (Score: 3, Informative) by martyb on Thursday June 14 2018, @08:44PM

              by martyb (76) Subscriber Badge on Thursday June 14 2018, @08:44PM (#693164) Journal

              During the war someone realized that many different messages had the same initial cleartext; perhaps the date.

              Can't remember where I came upon this and it may be apocryphal, but I heard the initial cleartext was: "Heil Hitler". Certainly sounds plausible to me.

              --
              Wit is intellect, dancing.
  • (Score: 2) by MichaelDavidCrawford on Wednesday June 13 2018, @08:59AM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday June 13 2018, @08:59AM (#692269) Homepage Journal

    then point out the advisability of enacting a law that requires the Joint Forces Cyber Command to report to CERT all the vulnerabilities they discover

    i simply assumed thats what i would be doing when i applied to the air force cyber command in 2008: purely defensive work

    --
    Yes I Have No Bananas. [gofundme.com]
  • (Score: 0) by Anonymous Coward on Wednesday June 13 2018, @09:27AM (3 children)

    by Anonymous Coward on Wednesday June 13 2018, @09:27AM (#692277)

    And people still pass data unencrypted reasoning it's a "secure landline".

    secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020.

    Last I checked the existing generation of torpedoes has 95% success rate so the only secret here is the waste of money this is.

    • (Score: 3, Insightful) by c0lo on Wednesday June 13 2018, @09:36AM

      by c0lo (156) Subscriber Badge on Wednesday June 13 2018, @09:36AM (#692279) Journal

      Last I checked the existing generation of torpedoes has 95% success rate so the only secret here is the waste of money this is.

      Last I checked, torpedoes and missile have different ranges.

      In any case, destruction will always be a waste of money and both of them have pure destructive purposes.

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 2, Informative) by anubi on Wednesday June 13 2018, @09:59AM (1 child)

      by anubi (2828) on Wednesday June 13 2018, @09:59AM (#692287) Journal

      I get the idea that the "Rods from God" concept would be fatal to ships... Guided Kinetic weapons.

      I would imagine it would be almost like when one is in an airplane, if one sees another airplane in the sky... and it does NOT appear to move ... then both of you are on a collision course.

      The "Rod from God" will have a very tiny observation window in space, and appear to not move... from your vantage point ... until its right on you.

      And China is getting quite comfortable about using space based systems.

      ( A "Rod from God" is something like a telephone pole sized chunk of something like a depleted uranium alloy, alloyed for temperature and hardness, and extremely heavy, in orbit, de-orbited, arriving at earth's surface almost white-hot at enormous velocity. No propellant or explosives involved. Sheer delivered kinetic energy on impact. Nasty. )

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
      • (Score: 1) by tftp on Wednesday June 13 2018, @03:43PM

        by tftp (806) on Wednesday June 13 2018, @03:43PM (#692372) Homepage
        Uncontrolled deorbiting will allow you to hit the right continent or the right ocean, maybe. The optimal, self-stabilizing spaceship capsule lands plus or minus hundred miles. Controlled deorbiting will require control structures that survive the descent, something like STS.
(1)