Is their anything the Chinese won't steal or counterfeit? I know this has been going on for years but this shit is getting ridiculous...

http://www.nytimes.com/2013/05/07/world/asia/us-accuses-chinas-military-in-cyberattacks.html?pagewanted=all (http://money.cnn.com/2013/05/07/news/china-cyberattack/index.html?hpt=hp_t3)

Is their anything the Chinese won't steal or counterfeit? I know this has been going on for years but this shit is getting ridiculous...

http://www.nytimes.com/2013/05/07/world/asia/us-accuses-chinas-military-in-cyberattacks.html?pagewanted=all (http://money.cnn.com/2013/05/07/news/china-cyberattack/index.html?hpt=hp_t3)

Operation Shady Rat.

IF the Chinese were harming our economy through bombing buildings we would be at war.

THey are, arguably, harming our economy more than simple physical infrastructure damage, as the theft is massive.

We will have to decide what to do about it, and soon. The fact that it is their government that is behind it, makes it extremely important for us to do soemthing.

cut them off

LOL...

We have known about such things for years. Did the NY Slimes finally get the memo?

LOL...

We have known about such things for years. Did the NY Slimes finally get the memo?

So the question remains...how do you stop it? Trade tariffs maybe? But that could start an economic war...

So the question remains...how do you stop it? Trade tariffs maybe? But that could start an economic war...
I can't believe it is happening in the first place. The military network and government networks should not be accessible via internet. Just cut such connections. I say it is far more likely that the government/military keeps an accessible set of addresses, for counterespionage/misinformation. That this doesn't really happen without the NSA allowing it to happen. Otherwise, we have some really daft people in the government now. I have dealt with the NSA during the cold war. If such a thing is real today, it never happen today if the wall was still standing.

I can't believe it is happening in the first place. The military network and government networks should not be accessible via internet. Just cut such connections. I say it is far more likely that the government/military keeps an accessible set of addresses, for counterespionage/misinformation. That this doesn't really happen without the NSA allowing it to happen. Otherwise, we have some really daft people in the government now. I have dealt with the NSA during the cold war. If such a thing is real today, it never happen today if the wall was still standing.

I don't know how many times I have to tell you this, but what you're suggesting is impossible. You can't just cut off military networks from the internet. Heck, half of the services that the military has are ON the internet now. It's just not feasible. (Note, our secret network is separate.)

Also, that won't stop the Chinese from hacking Boeing, General Dynamics, and other companies that are highly involved with the military.

I don't know how many times I have to tell you this, but what you're suggesting is impossible. You can't just cut off military networks from the internet. Heck, half of the services that the military has are ON the internet now. It's just not feasible. (Note, our secret network is separate.)

Also, that won't stop the Chinese from hacking Boeing, General Dynamics, and other companies that are highly involved with the military.
Sorry, but I don't buy it. If these systems are accessible it is either through incompetence, a traitor sharing private keys, or intentional for counter espionage purposes.

fucking hell.

smh

WC instantly knows more than a guy that fucking works in Military IT.

It's really amazing, in a perverse way. Kinda like your avg. Boutons post. You just have to marvel at the lack of cogent thought.

For any coded message or data to be broken, they are either not using a private key, or there is a traitor giving then such a key. If systems are not compartmentalized, then there is incompetence in their setup.

Sorry, but I don't buy it. If these systems are accessible it is either through incompetence, a traitor sharing private keys, or intentional for counter espionage purposes.

WC, when was the last time you accessed a military network? Why don't you actually try to do some reading. Heck, read up on the AFNet and its design. Also, you know no network is completely securable, right? They hack into government files the same way hackers slip in everywhere else: social engineering, exploiting firewall holes, etc etc.

The more you lock down a network, the more complexity/cost/lag is added as well. The govt has to perform cost/benefits analysis for networks too. We aren't going to throw $10k encryptors on everyone's desktop.

On and PKI isn't some unbreakable/uncrackable holy grail:

http://www.darkreading.com/vulnerability/black-hat-pki-hack-demonstrates-flaws-i/218900008

http://m.infoworld.com/t/cyber-crime/certificate-hacks-pki-didnt-fail-us-humans-did-172173

The military have private PKIs in some instances but the same issues can arise.

And while I don't know of any Taclane/Fastlane hacks out there, you could get access if you really tried, either due to lack of mantraps, shoulder surfing, etc etc.

WC, when was the last time you accessed a military network? Why don't you actually try to do some reading. Heck, read up on the AFNet and its design. Also, you know no network is completely securable, right? They hack into government files the same way hackers slip in everywhere else: social engineering, exploiting firewall holes, etc etc.

The more you lock down a network, the more complexity/cost/lag is added as well. The govt has to perform cost/benefits analysis for networks too. We aren't going to throw $10k encryptors on everyone's desktop.
OK, you are saying we have fools in charge.

Like I said... Incompetence.

On and PKI isn't some unbreakable/uncrackable holy grail:

http://www.darkreading.com/vulnerability/black-hat-pki-hack-demonstrates-flaws-i/218900008

http://m.infoworld.com/t/cyber-crime/certificate-hacks-pki-didnt-fail-us-humans-did-172173

The military have private PKIs in some instances but the same issues can arise.

And while I don't know of any Taclane/Fastlane hacks out there, you could get access if you really tried, either due to lack of mantraps, shoulder surfing, etc etc.
Please note, I specified "private key." PKI is public key. A private public key is still a public key and can easily be broken with the right technology, no matter how long. A private key with enough encryption bits is unbreakable.

Please note, I specified "private key." PKI is public key. A private public key is still a public key and can easily be broken with the right technology, no matter how long. A private key with enough encryption bits is unbreakable.

No key is "unbreakable", because someone controls the code somewhere. Heck, hackers have already found a way around quantum cryptology.

Saying that "people are incompetent" is a reason that networks get broken into is like saying "people are incompetent" because traffic accidents happen. On a network with millions of users, you are going to have weak links in the chain. You can do your best to prevent it through training, but its by no means foolproof.

Confidentiality, integrity, availability... You can have two of them.

edit: also, I think I get what you're saying about PKI but you're saying it in an awkward way. And afaik, brute forcing the encryption algorithm on a private key wouldn't be very time/resource effective

And afaik, brute forcing the encryption algorithm on a private key wouldn't be very time/resource effective
Private keys are simply unbreakable with enough encryption bits.

Private keys are simply unbreakable with enough encryption bits.

What exactly do you mean by "private keys"? The keys in PKI are considered "private" after all. Could you give me an example of the private key you're talking about?

abd nothing is technically unbreakable, just virtually unbreakable for all intents and purposes. And you don't need to break it if you can figure out the key from whoever knows it.

have the nazis surrendered yet?

pentagon reports :lmao

I private key system does not allow exchanges of keys. Therefore, without the key, you cannot get in. Any public key system relies on key exchanges and therefore can be reverse engineered to make a copy of the key used.

I private key system does not allow exchanges of keys. Therefore, without the key, you cannot get in. Any public key system relies on key exchanges and therefore can be reverse engineered to make a copy of the key used.

Care to give me an example of a system like the one you're describing?

military has their network, smil.mil (secure military). I don't think the run their own network, but run encrypted tunnels over the commercial network. When I consulted for DNS in MDA is Colorado 10 years ago, they ran a Sidewinder firewall, which is double-wall firewall, based on FreeBSD, where each "wall" is a different blocking/filetering/proxying technology so cracking one wall's weakness (which should raise an alert) is useless for cracking the second wall.

It is quite amazing after all the 100Ms of stolen passwords, cc numbers, ss numbers, $Bs lost, etc, etc over many years that so much of it continues.

However, as any security expert says, the weakest link is always the users.

Care to give me an example of a system like the one you're describing?
It has no exchange of data in the manners public key systems use. You simply start sending, the other end starts decrypting.

There is simply no key exchange! No key exchange means no breaking the key. Both ends must already be in possession of the key before the transaction starts.

It has no exchange of data in the manners public key systems use. You simply start sending, the other end starts decrypting.

There is simply no key exchange! No key exchange means no breaking the key. Both ends must already be in possession of the key before the transaction starts.

So then, there is some exchange, because both parties have to come in possession of it somehow. Again, the system you're describing is still susceptible to social engineering, or hacking the terminal containing the data once the data is decrypted, etc etc.

So then, there is some exchange, because both parties have to come in possession of it somehow. Again, the system you're describing is still susceptible to social engineering, or hacking the terminal containing the data once the data is decrypted, etc etc.
Yes, but the key is not exchanged over the internet. as for hacking? You design the system so they are compartmentalized, and that cannot happen.

counterhack. for having set up the first internet, the AF is slacking.

do you clowns actually think they really care? as long the govt continues to increase funding is all it matters that they still have a job

Yes, but the key is not exchanged over the internet. as for hacking? You design the system so they are compartmentalized, and that cannot happen.

My point is, the system you're describing could be broken in multiple other ways: intercepting the key along the way, getting the info afterwards, etc etc. when they say that China is "hacking" our systems, I doubt it's all just about 1's and 0's.

My point is, the system you're describing could be broken in multiple other ways: intercepting the key along the way, getting the info afterwards, etc etc. when they say that China is "hacking" our systems, I doubt it's all just about 1's and 0's.
With private key, you cannot intercept the key because it is never part of the transmission.

With private key, you cannot intercept the key because it is never part of the transmission.

Did you even read what I wrote above? And yes, there's some form of transmission, its just not electronic. Unless you're telling me we have developed psychic powers, then point B has to know about the key point A is using. During that process, an alternate party can find a way to determine the key. Again, if you disagree, give me an example of this "unbreakable" method of information delivery and I will show you multiple ways to get around it.

The whole point of security isn't to make your system unbreakable/invincible; its to make your network a less attractive target than other networks out there, using appropriately costed measures.

No, it is simpler than that. Both ends already know which key is in use. Because there is no "negotiation" of cypher or certificate, there is no weakness in security.

In some ways we were better off when shit was stored in a locked filing cabinet...

No, it is simpler than that. Both ends already know which key is in use. Because there is no "negotiation" of cypher or certificate, there is no weakness in security.

My goodness you can be pedantic sometimes. Tell me WC, how do both ends "know" which key to use?

My goodness you can be pedantic sometimes. Tell me WC, how do both ends "know" which key to use?
Do you and your wife have the same cut key for your house?

It's just that simple. You know who you are communicating with, and therefor you know which key to use.

Has the modern military security forgotten the old school stuff that works? I couldn't find the system anywhere on the internet to show you. information overload, and all cypher system I find use public key. Some they call private/public. Now public key is convenient, but the tradeoff is level of security.

Do you and your wife have the same cut key for your house?

It's just that simple. You know who you are communicating with, and therefor you know which key to use.

Has the modern military security forgotten the old school stuff that works? I couldn't find the system anywhere on the internet to show you. information overload, and all cypher system I find use public key. Some they call private/public. Now public key is convenient, but the tradeoff is level of security.

Are you really this stupid? You're totally missing his point. Both he and his wife have the key to their home. Is that not a potential breech in security?

Do you and your wife have the same cut key for your house?

It's just that simple. You know who you are communicating with, and therefor you know which key to use.

Has the modern military security forgotten the old school stuff that works? I couldn't find the system anywhere on the internet to show you. information overload, and all cypher system I find use public key. Some they call private/public. Now public key is convenient, but the tradeoff is level of security.

Ok, lets say that my wife and I entering our home is a "system". Now, someone who wants to enter our house could try a million differen keys in hopes one would work. (Brute force attack). Or they could just take the key from us. Or they could trick us into giving them the key. Or they could wait until we unlocked the house then try to sneak in or force their way in shortly after. And there's far more I'm not even getting into.

Somewhere along the line, there is a line of communication from A to B telling B that A is using a certain key. They don't have to break the KEY if they can break into weaker communications to figure out what the key is.

Also WC, are you really saying that old school military communications were more secure? I seem to remember something called an "Enigma" machine, along with many other examples that would counter that argument.

Also WC, are you really saying that old school military communications were more secure? I seem to remember something called an "Enigma" machine, along with many other examples that would counter that argument.
Yes, old school systems were more secure than any public key type system.

Old school methodology. I mean private key systems instead of this public key stuff. No matter how much someone promises public key cannot be broken, it's a lie.

I said how it works. Not the actual level of encryption.

I'm thinking more on the lines of a KG-95 or better. At the time, with limited computing capability, 32 bit encryption was enough. Now 256 bit is common enough so that brute force attacks cannot work, unless really lucky.

2^256 = 1.15792E+77 (115,792,089,237,316,xxx,xxx,xxx,xxx,xxx,xxx,xxx,x xx,xxx,xxx,xxx,xxx,xxx,xxx,xxx,xxx,xxx,xxx,xxx,xxx ,xxx)

Yes, old school systems were more secure than any public key type system.

Old school methodology. I mean private key systems instead of this public key stuff. No matter how much someone promises public key cannot be broken, it's a lie.

I said how it works. Not the actual level of encryption.

I'm thinking more on the lines of a KG-95 or better. At the time, with limited computing capability, 32 bit encryption was enough. Now 256 bit is common enough so that brute force attacks cannot work, unless really lucky.

2^256 = 1.15792E+77 (115,792,089,237,316,xxx,xxx,xxx,xxx,xxx,xxx,xxx,x xx,xxx,xxx,xxx,xxx,xxx,xxx,xxx,xxx,xxx,xxx,xxx,xxx ,xxx)

First off, why do you think they went away from these systems that are "more secure"? Is every IT person in the world an idiot?

Second, you're missing my entire point. Do you freaky think the Chinese are brute forcing anything? No, they're making viruses and botnets.

Third, you can't just say "Old stuff is better!" Without even being able to give a single example of such a system.

Fourth, a public/private key exchange is nearly the same as a "just private" key exchange. As you said yourself, brute force attacks are hard to accomplish. How do you think they are breaking these private keys sent publicly? Do you think they're actually breaking the key, or exploiting the key through other methods?

We went away from more secure systems in an attempt to still have security, but with multiple users and multiple public keys keys.

Viruses and Botnets... into systems with data that are not properly compartmentalized.

A simply crypto unit like a KG-95 is not an example... OK... If you say so. I thought it was a crypto devise from secure data transmission, but I guess you can prove me wrong.

I'm not getting my point across, and am going to waste little more time. Public key can be broken by knowing the system, intercepting the transmission, the reverse engineering the process. Private key cannot.

We went away from more secure systems in an attempt to still have security, but with multiple users and multiple public keys keys.

Viruses and Botnets... into systems with data that are not properly compartmentalized.

A simply crypto unit like a KG-95 is not an example... OK... If you say so. I thought it was a crypto devise from secure data transmission, but I guess you can prove me wrong.

I'm not getting my point across, and am going to waste little more time. Public key can be broken by knowing the system, intercepting the transmission, the reverse engineering the process. Private key cannot.

Heck, I guess we could have the safest network in the world, if we just unplugged each computer from every other computer. Of course, then we couldn't really function, but we would be secure. And yes, KGs are good devices, and strong at encryption. But all you need to do is socially engineer the person that uses the crpyto into giving up secrets and you don't need to break the key. (ie. "Hey this is so-and-so from the helpdesk, we've had major issues with secret connections, can you test yours out? Ok thanks, I'll wait. Ok, you're on? Good. Can you tell us what your IP is? Ok, right that checks out. Ok now bring up your email, we're going to send you a test message. You didn't get it? Ok, do you have any emails in your box from today? Are they from on-base or off-base, because we've been having server exchange problems. Offbase, ok... etc etc"

Heck, I guess we could have the safest network in the world, if we just unplugged each computer from every other computer. Of course, then we couldn't really function, but we would be secure. And yes, KGs are good devices, and strong at encryption. But all you need to do is socially engineer the person that uses the crpyto into giving up secrets and you don't need to break the key. (ie. "Hey this is so-and-so from the helpdesk, we've had major issues with secret connections, can you test yours out? Ok thanks, I'll wait. Ok, you're on? Good. Can you tell us what your IP is? Ok, right that checks out. Ok now bring up your email, we're going to send you a test message. You didn't get it? Ok, do you have any emails in your box from today? Are they from on-base or off-base, because we've been having server exchange problems. Offbase, ok... etc etc"
It's disappointing to see the military is so weak in security these days.

The military isn't "weak" on security, and you have no factual evidence to back you up, just old man "Back in MY day" stories. Not to mention that the military relies on comm 100x more than they did even a decade ago.

The military isn't "weak" on security, and you have no factual evidence to back you up, just old man "Back in MY day" stories. Not to mention that the military relies on comm 100x more than they did even a decade ago.
Making excuses for incompetence now?

Making excuses for incompetence now?

Really WC? Unless you think I'm personally responsible for the network being compromised in any way, Id say that's a pretty awesomely stupid claim to make.

Frankly WC, you have no idea how much more comped military networks are nowadays than when you were in. You have no idea of the demand and necessity for constant communications. Generals today would pretty much kick you in the teeth if you ever suggested limiting their connectivity capability; and comm squadrons run numerous layers of defense to prevent attacks. Not to mention that security is very much a reactive rather than proactive measure, since its hard to counter a Day 0 exploit.

You can't even name one system that is supposedly so much more secure than the ones nowadays... Likely because if you did, I could google "hacking X system" and return a thousand hits. As I said above, if it was only about "security" then we could just unplug every PC from the network. Obviously it's about providing security while allowing as much accessibility as possible.

You have no idea how vital communications infrastructure is to the very way we fight wars now, yet in typical WC fashion, you think you know more than DARPA, DISA and the entire IT community at large. You're a joke.

I didn't say your incompetence. The military's.

Sorry, but I was in the nuclear theater during the cold war. It's sad to see how much security has fallen along with the wall.

Actually, I do understand the necessity of the vast communications today. That doesn't mean they cannot be better secured.

I didn't say your incompetence. The military's.

Sorry, but I was in the nuclear theater during the cold war. It's sad to see how much security has fallen along with the wall.

Actually, I do understand the necessity of the vast communications today. That doesn't mean they cannot be better secured.

Do you think you know how to secure networks better than the thousands of IT guys the govt hires? If so, you could probably make a few millions with your ideas. Why not share them?

Tell me, how much hacking did you have to worry about during the Cold War? How many Russians could attack your electronic systems from across the globe in milliseconds? Oh wait, that would be none. Its a completely different world WC.