Originally posted by Symmetric Chaos
That already happened in Afghanistan, well not control of it but they got far enough into the system to see what the drone was doing.
thats really surprising actually...
is it that I am underestimating the sophistication of hackers or overestimating the sophistication of the American networks?
I don't know, wouldn't it be possible for the American's to design hardware just completely incompatible with any comercially available stuff?
Originally posted by inimalist
thats really surprising actually...is it that I am underestimating the sophistication of hackers or overestimating the sophistication of the American networks?
I don't know, wouldn't it be possible for the American's to design hardware just completely incompatible with any comercially available stuff?
Possibly a little of both:
http://online.wsj.com/article/SB126102247889095011.html
The US knew about the security flaw but assumed no one would know how to exploit the stream of unencrypted data from the drones. Some Russian file sharing program happened to be able to pick up the signal.
basically.
It would be like making your secret code channel 97.5 on the FM dial
EDIT: just to compare, it is already known that criminals in Brazil are able to hack into the computers of financial institutions remotely through the use of this:
having a unit that is sending and recieving information remotely, which is not encrypted, is basically just assuming that nobody is going to tune in
Originally posted by inimalist
not in this casethe whole china/cyber-warfare issue is crazy complex, but in a nut shell, their individual hackers are often tied to the government, and they have been specifically finding weaknesses in American/etc systems for years.
America's defense against such measures is growing, and there are limited advantages at this point (nobody is going to hack control of unmanned drones or anything like that anytime soon), but just as far as a state having a branch of the military trained to do cyber attacks, people sort of suspect China is at the forfront of this.
There's also the solice that the US has the largest 'advanced' hacker community in the world. Even in little OKC, the worlds largest hacker community for Wireless technologies has it's presence.
China MAY have more hackers, by far, but they are almost, the lot of them, script kiddies. They subsist on the programs, 0 days, and scripts that hackers in the US, Ukraine, and Russia create. Very little "new" malicious code comes from China. They mostly mod existing stuff and create massive botnets.
The difference? Easy: there's a much bigger backing from their government, than in the US. If the US would recruit and actively fund all of the hackers in the US, no country would be safe from our cyber-warfare.
Here's the problem with the US: we only accept "the few, the proud" into prestigious cyber security programs. They have to have immaculate criminal records and excellent grades. Sure, the government sponsered chinese hackers do, as well, but its not really the same at all: there's is more grassroots and haphazard.
Originally posted by inimalist
basically.It would be like making your secret code channel 97.5 on the FM dial
EDIT: just to compare, it is already known that criminals in Brazil are able to hack into the computers of financial institutions remotely through the use of this:
having a unit that is sending and recieving information remotely, which is not encrypted, is basically just assuming that nobody is going to tune in
lulz...we did a project like that: pringles can "wifi discovery"...and ....other things.... 😖hifty:
And some more news on the topic:
http://news.bbc.co.uk/2/hi/world/asia_pacific/10170019.stm
The situation is getting worse and worse, with all ties being severed to South Korea, North Korea has isolated itself. And by making additional threats it seems that the only thing North Korea has on its mind right now is war.
Originally posted by Shakyamunison
We (US) also have the aliens on our side. 😉
Blood drinking lizard like ones, or the Grays?
Either way, I think China won´t get involved and if N.Korea want´s to use some rusty Nukes, then I´m sure there´s some sort of electronic death ray emiting satellite of some kind in space which will fry the electronics so the won´t launch. Or even on the ground come to think of it, H.A.A.R.P come´s to mind🙂
Originally posted by dadudemon
Here's the problem with the US: we only accept "the few, the proud" into prestigious cyber security programs. They have to have immaculate criminal records and excellent grades. Sure, the government sponsered chinese hackers do, as well, but its not really the same at all: there's is more grassroots and haphazard.
I was under the impression that for the NSA and CIA that was just the official stand.
Originally posted by Symmetric Chaos
I was under the impression that for the NSA and CIA that was just the official stand.
Not at all. You won't find very many people working for the CIA and NSA that have criminal records. If they are, it's for "little" things like a DUI when they were 16 or something like that. I was told that the NSA is starting to open up a bit and contract out hacking teams to do projects for them.....but I don't know any groups that have been contracted.
This just in..
SKorea holds navy drill; NKorea scraps sea accords
SEOUL, South Korea – South Korean warships fired guns and dropped anti-submarine bombs in a large-scale military exercise Thursday, a week after Seoul accused North Korea of shooting a torpedo that sank a navy frigate in March.
The military pushed ahead with the show of force despite warnings from the North that the exercise would bring the peninsula to the brink of war.
http://news.yahoo.com/s/ap/20100527/ap_on_re_as/as_skorea_ship_sinks
Originally posted by FistOfThe North
This just in..SKorea holds navy drill; NKorea scraps sea accords
SEOUL, South Korea – South Korean warships fired guns and dropped anti-submarine bombs in a large-scale military exercise Thursday, a week after Seoul accused North Korea of shooting a torpedo that sank a navy frigate in March.
The military pushed ahead with the show of force despite warnings from the North that the exercise would bring the peninsula to the brink of war.
http://news.yahoo.com/s/ap/20100527/ap_on_re_as/as_skorea_ship_sinks
Good.
Hopefully, we'll see some war, but no one gets killed.....?
I wish wars were fought in Cage matches by the presidents and other elected officials. 😠
Originally posted by dadudemon
There's also the solice that the US has the largest 'advanced' hacker community in the world. Even in little OKC, the worlds largest hacker community for Wireless technologies has it's presence.China MAY have more hackers, by far, but they are almost, the lot of them, script kiddies. They subsist on the programs, 0 days, and scripts that hackers in the US, Ukraine, and Russia create. Very little "new" malicious code comes from China. They mostly mod existing stuff and create massive botnets.
The difference? Easy: there's a much bigger backing from their government, than in the US. If the US would recruit and actively fund all of the hackers in the US, no country would be safe from our cyber-warfare.
Here's the problem with the US: we only accept "the few, the proud" into prestigious cyber security programs. They have to have immaculate criminal records and excellent grades. Sure, the government sponsered chinese hackers do, as well, but its not really the same at all: there's is more grassroots and haphazard.
ok, and I do get that most chinese hacking attacks can, if at all, only loosely be traced back to the government, and there is a sense of national heroism to these non-governmental hackers, but if America is so awesome with its cyber-warriors, why are its national security networks so vulnerable.
Like, I'm sure you are more aware of the military companies and governmental bodies that get hacked frequently, and all the data that has been copied and all that, how come we can't just shut them out?
Granted, I'm not super knowledgeable about this, but if America really has the best of the best as you describe, shouldn't that not happen?
Originally posted by inimalist
ok, and I do get that most chinese hacking attacks can, if at all, only loosely be traced back to the government, and there is a sense of national heroism to these non-governmental hackers, but if America is so awesome with its cyber-warriors, why are its national security networks so vulnerable.
It's hard to say, really: it's a combination of really high security and really low security. For real. You'll have an unpatched server sitting right next to an utterly armored server, in a DoD datacenter.
And, if America's "cyber-warriors" actually cared even a little about securing their own nation, maybe you'd have a point. They do it, literally, for the lulz and prestige.
Originally posted by inimalist
Like, I'm sure you are more aware of the military companies and governmental bodies that get hacked frequently, and all the data that has been copied and all that, how come we can't just shut them out?
I am aware. I get those reports, via e-mail. However, significant breachers aren't as often as you're making it out to be. If you saw some of the hacking traffic captured, you'd sh*t your pants. There's just so MUCh of it and the vast majority is really stupid amateur stuff that has been patched up a decade ago. The "good" stuff comes internally, from the US. Those attacks are successful, far more frequently.
Originally posted by inimalist
Granted, I'm not super knowledgeable about this, but if America really has the best of the best as you describe, shouldn't that not happen?
Sure, if the hackers actually gave a sh*t about our country...and our intelligence agencies were willing to work with ...well...criminals. Since neither of those scenarios hold true (with the latter seeing a tad bit of lax in recent days), we end up with the best hackers in the world, hacking for the lulz while China churns out thousands of low-quality hackers, each year, working for their nation.
Its very simple to secure you shizer...but don't tell anyone this stuff:
1. Default deny all on your external firewall. (After all of your business need exceptions are put in.)
2. Implement internal protection such as spoofing rules (these things come pre-written and have been a loooong time.)
3. Educat your employees.
4. Create a rigorous patch testing an deployment plan.
5. Contigency plan and document the crap out of it and update it frequently.
6. Follow ITIL best practices.
7. Bla bla bla: heuristic IDS/IP definitions that are frequently tested and updated.
Pretty simple to do all of those if you have a good CIO. No joke.
The problem:
Not everyone does that stuff. They do well on some and crappy on others or they don't do any of those very well.
Nothing can protect you from an 0 day, so you have to rely on the vendor/software developers to patch/hot fix that stuff. It's just how it goes.
So, I can sum up my whole post like this:
Chinese hackers: simple, massive numbers, and work together in loose pockets. Nationalistic or at least work for the government, "unofficially."
US hackers: Diverse skill levels with most of the world's best. Invividualistic, egotistical, and they don't play well with the US government.
Cyberwafare advantage: Chinese.
My job future: bumpy and complex but I'll always have a job.
Originally posted by dadudemon
It's hard to say, really: it's a combination of really high security and really low security. For real. You'll have an unpatched server sitting right next to an utterly armored server, in a DoD datacenter.And, if America's "cyber-warriors" actually cared even a little about securing their own nation, maybe you'd have a point. They do it, literally, for the lulz and prestige.
im sure I'm in no position to criticize here, I can't imagine our cyber security is any better, but how big of a deal would it be for the Americans to actually secure their networks? Is it simply a matter of no willingness, or an older generation not understanding computers, or is there something specific stopping it.
Also, I remember reading lots of stuff, I'm sure a lot of it conspiratorial crap, about this stuff call Promis software. Any thoughts on it? Is it real?
Originally posted by inimalist
im sure I'm in no position to criticize here, I can't imagine our cyber security is any better, but how big of a deal would it be for the Americans to actually secure their networks? Is it simply a matter of no willingness, or an older generation not understanding computers, or is there something specific stopping it.
Why do you think the average pay for a CISO is over $150K a year? If the average Joe knew how to mitigate cyber threats, it'd be a common job. Quite literally, there is a massive tug of war with the IT department's needs for cyber security funding and all of the other organizational units in the enterprise. It's hard to sell the business need for a threat that COULD happen, but hasn't happened. To ignorant executives, they think other facets are more important and funneling too much into cyber security (which includes paying qualified and skilled individuals to execute a cyber security program in the org). Wouldn't those "additional" funds be better suited for the advertising department? Wouldn't those funds be better suited for the legal department? Those are the questions that the enterprise has to consider, the CISO has to sell, and the organization has to weigh.
This boils down to a very fundamental business concept: Return of investment.
Will the funding of cyber security projects save more money than they cost? The question is VERY hard to answer as the results are very much intangible to a laymen...such as a CEO or a stock holder that can only comprehend the bottom line. Sure, you can sell the business need for a hearty cyber security infrastructure AFTER a severe threat has come to fruition (such as the loss of thousands of your employee's personally identifiable information (SSN, address, phone numbers, medical history, etc.)).
Those problems are compounded by the centric mentality of Americans. We are capitalists and proud of it. If you need me to go into depth on what I mean here, I can...it'd just take several paragraphs.
Originally posted by inimalist
Also, I remember reading lots of stuff, I'm sure a lot of it conspiratorial crap, about this stuff call Promis software. Any thoughts on it? Is it real?
I believe it is completely real and is not a conspiracy, at all. This kind of shit happens all the time. Do you think that contractors don't screw the government over? The US government gets screwed over far more often than contractors getting screwed by the US government. That does NOT justify their actions in the PROMIS case/problem. I don't see very much of it be conspiratorial at all when the final stages of the case hinged on the "government/panel" asking Inslaw to prove derivatives of the software were used by the government during the period in question. That's just absurd on so many levels. How the HELL would they prove that without treason-like espionage against the very same government that was funding them during that period? Sooooooo retarded on so many levels. One of the biggest pieces of shit ever to go through a legal process. It was so obvious what had happened.
However, I don't know much about the case, for real.
"China "will not protect" whoever sank a South Korean warship in March, Prime Minister Wen Jiabao has said."
"China objects to and condemns any act that destroys the peace and stability of the Korean peninsula," Mr Wen was quoted as saying after talks in Seoul."
Worded very interesting is it not?
Obviously they won't come outright and say they are supporting North Korea but the if the South starts war which it's drifting towards I think China will back the North and say, "South Korea started violence." Regardless of the previous incident.
Originally posted by dadudemon
Why do you think the average pay for a CISO is over $150K a year? If the average Joe knew how to mitigate cyber threats, it'd be a common job. Quite literally, there is a massive tug of war with the IT department's needs for cyber security funding and all of the other organizational units in the enterprise. It's hard to sell the business need for a threat that COULD happen, but hasn't happened. To ignorant executives, they think other facets are more important and funneling too much into cyber security (which includes paying qualified and skilled individuals to execute a cyber security program in the org). Wouldn't those "additional" funds be better suited for the advertising department? Wouldn't those funds be better suited for the legal department? Those are the questions that the enterprise has to consider, the CISO has to sell, and the organization has to weigh.This boils down to a very fundamental business concept: Return of investment.
Will the funding of cyber security projects save more money than they cost? The question is VERY hard to answer as the results are very much intangible to a laymen...such as a CEO or a stock holder that can only comprehend the bottom line. Sure, you can sell the business need for a hearty cyber security infrastructure AFTER a severe threat has come to fruition (such as the loss of thousands of your employee's personally identifiable information (SSN, address, phone numbers, medical history, etc.)).
Those problems are compounded by the centric mentality of Americans. We are capitalists and proud of it. If you need me to go into depth on what I mean here, I can...it'd just take several paragraphs.
lol, I'm really interested in this stuff, so expand all you want, or if you want, I can make a cyber-security thread.
I guess I don't see why this is even considered an economic thing anymore. Like, capitalism doesn't justify treason, it shouldn't justify, from a national security standpoint, weak network security.
Is the DoD trying to increase corporate security? Are things changing since the google incident?
Originally posted by dadudemon
I believe it is completely real and is not a conspiracy, at all. This kind of shit happens all the time. Do you think that contractors don't screw the government over? The US government gets screwed over far more often than contractors getting screwed by the US government. That does NOT justify their actions in the PROMIS case/problem. I don't see very much of it be conspiratorial at all when the final stages of the case hinged on the "government/panel" asking Inslaw to prove derivatives of the software were used by the government during the period in question. That's just absurd on so many levels. How the HELL would they prove that without treason-like espionage against the very same government that was funding them during that period? Sooooooo retarded on so many levels. One of the biggest pieces of shit ever to go through a legal process. It was so obvious what had happened.However, I don't know much about the case, for real.
so, as far as you know, derivatives of the PROMIS software are on most Western governments systems, and they do have the backdoor access that was initially programmed into them?
lol, if I find the conspiracy stuff again, I will send it your way. I get that there has to be some truth to it, but what im talking about is literally black helocopter stuff.
Originally posted by Liberator
"China "will not protect" whoever sank a South Korean warship in March, Prime Minister Wen Jiabao has said.""China objects to and condemns any act that destroys the peace and stability of the Korean peninsula," Mr Wen was quoted as saying after talks in Seoul."
Worded very interesting is it not?
Obviously they won't come outright and say they are supporting North Korea but the if the South starts war which it's drifting towards I think China will back the North and say, "South Korea started violence." Regardless of the previous incident.
if it is just a war between north and south, I can't imagine china getting too involved. NK would annhiliate SK without NATO intervention.
I think they are warning against what most of us have warned against: American involvement on the Korean peninsulla. In such a conflict, American air-superiority would annhiliate NK, and not only would China lose a strong proxy, they would have NATO at their border. Think how America would react if Mexico were invaded by China. They couldn't let it happen for the sole reason that having a Chinese proxy state that close to them would destabalize the region. Look at how bad a small nation like Cuba was. It almost ended the world (and Che said he would have launched the missiles if he got them)