Blows Against the Empire
by wjw on March 7, 2012
Okay, so at least we know the dimensions of the problem.
NASA has admitted that their computers are riddled with hackers, having logged over 5400 intrusions over the last couple years. The most spectacular of these, originating in China, actually seized control of the Jet Propulsion Laboratory’s systems, “gaining the ability to install malware, delete or steal sensitive data, and hijack the accounts of users in order to gain their privileged access . . . “
On another occasion, the algorithms used to control the International Space Station were stolen. Hijackers can now enact Blows Against the Empire and take the station crew for a joyride.
(And, in an unrelated story, two Toyota Land Cruisers packed with our super-top-secret Duke jammers rolled out of a base in Kabul the other day, never to be seen again.)
To which I can only say, Doesn’t anybody take this shit seriously anymore? Actually “anymore” is probably an exaggeration, and assumes that they took it seriously at some point in the past.
I mean, we could at least try to make it a little harder for intruders and thieves.
But of course hackers are massively organized now. Whole legions will work on a single site until they find a vulnerability.
I’m assuming that NASA is not the sole agency with this problem. After all, it took only one pissed-off corporal to send hundreds of thousands of the Pentagon’s and the State Department’s secrets to the whole world. I suppose it could be hoped that our secret agencies are better at hiding their goodies, but of course they’re secret agencies and we wouldn’t know. If they were hacked, they’d just tell everyone they weren’t, and there’s no check on that, at least until memos start appearing on Wikipedia.
I’m thinking that things were better in the days of ARPAnet. One way of dealing with the threat is simply to create your own Internet, the way the Zetas are doing in Mexico. That’s okay so long as you have enough line-of-sight relays and private groundline, but for something of any size you’ve just got to go dark. Go into the Deep Web, set up your own Island in the Net, and hope that nobody notices it.
Run silent, run deep. Make sure your routers can’t be found by browsers. Use one-time pads and encrypt every damn thing. If you don’t use TCP/IP, so much the better.
And for Chrissake don’t use Windows. I mean, really.
Still, even a darknet is vulnerable. If your data is 1) on a computer, 2) connected to the Internet, and 3) operated by a human being, anyone who wants it badly enough will find it.
We may end up with David Brin’s transparent society after all. And not because we choose it through some kind of rational process, but because it’s inevitable.
Walter – one day, you need to get together with those of us in your fanbase who are a) security wonks and b) DON’T work for the Feds, and over a few brews let us tell you how this stuff really works.
But meanwhile, let me share with you the philosophy that I give to my employers. When I was in the Army back in the 1980s, we were taught “What can be seen can be hit; what can be hit can be killed.” Today, in the information security realm, my mantra is “What is connected can be accessed; what can be accessed can be compromised.” No exceptions.
The smart infosec guys and girls worry less about keeping the intruders out (not that we don’t try, we just don’t make it our ultimate goal) because over time, a compromise is inevitable. (Unless you’re willing to invest NSA-like levels of money & time, which arguably doesn’t always work for them either.) What we’re aiming at now is more like fire prevention and suppression – being able to detect, contain and eventually put out the fire, i.e. the intrusion.
Ha ha ha ha! See what happens when you leave important things like security to fallible and corruptible humans? As long as there’s a human around you don’t even have to have a computer plugged into a network for it to be vulnerable.
No matter how seriously the people in charge take their shit, there’s always a low-wage grunt down at the bottom of the organization chart who doesn’t care, doesn’t need to care, and will be quite happy to screw things up if it will get him or her something extra, or save some unpleasant work.
I worked crypto for the US Army during the Vietnam War, and you would be astounded and amused at some of the security breaches I’ve seen caused by laziness, inattention, greed, stupid jokes, and officiousness. The classic, I think, is still the time that the entire Pacific area Army telecommunications system had to scrap three months of codes for hundreds of comm circuits because one of my colleagues spread a newspaper over the desk where he was eating breakfast (against standing orders not to use the desk for anything but official work), and then dumped the paper into the secure trash to be burned without checking whether there had been something underneath it. We couldn’t prove the codes that disappeared as a result hadn’t been stolen by some spy, which is just as well for the guy who threw them out.
The best way to run a secure private network over the larger internet is to start with a nice hardware router that can only be programed in a special mode. Next, you use a white list of IP addresses. If the computer trying to connect with it, is not on the white list, ignore it. Don’t even tell it you are ignoring it. nobody is here, try the IP address down the street.
Next, you make sure that each router only talks by way of high bit depth public private key encryption. If the router on the other end is not using elliptic curve, it does not even know how to talk. Share the keys ahead of time. Each router knows the public key of each other router. If the router does not have the correct key, they can’t talk. You also need to audit the network to make sure no moron has connected one of their computers to the outside network. If they have, shoot them and get a new moron.
Networks that don’t only talk to white listed computers are not as easy. The key is, never loan out a bit of web space to a very nice Blacksmithing school. Without fail, they will hire an SEO company out of India that will load their website up with all kinds of exploits, then ask for money in payment for them not trashing all your hardware. (Not that it has ever happened to me.)
The best rule I can think of, If your servers are compromised, don’t try to fix them. Just take the server off line, restore from backup on a new server, then have the old one reprovisioned (or burned). Make sure to check your backups to see if any exploits exist in them. Go over your SQL backups very carefully. Pay special attention to username and password tables. Change all the unsernames and all the passwords.
Don’t be afraid to shoot a moron. You can always get a new one.
Thank you for that, Ralf.
Particularly the permission to shoot morons.
I do like the point about Bradley Manning and that’s been my concern as well. Everyone acts like throwing him into a dungeon is the end of the discussion. The real question is why the hell the access control is so shoddy that a corporal can do so much damage. Makes you want to ask, how many times has another corporal with the same job title secretly sold the contents of cables to other governments? And, what job could rationally give anyone this much access to unencrypted diplomatic cables? Everyone is focused on “punishing the bad guy” instead of acknowledging the actual problem.
“The real question is why the hell the access control is so shoddy that a corporal can do so much damage. ”
9/12/2001 The real question is why the hell the firewalling of intelligence data is so anal-retentively tight that the NSA can’t tell the FBI that a bunch of foreign nationals who’ve been taking flight lessons just bought plane tickets for the same day on the same flight.
Comments on this entry are closed.