Article

2007-08-04 -Short Attention Span Theater-

Dateline NBC 'mole' outed, booted at Defcon

Archived material is restricted to Rantburg regulars and members. If you need access email fred.pruitt=at=gmail.com with your nick to be added to the members list. There is no charge to join Rantburg as a member.

Posted by twobyfour 2007-08-04 04:49|| || Front Page|| [2 views ] Top

#1 Story on this past year's Cyber Defense Exercise is here

To add to their already spectacular accomplishment, the cadets later found out that they were the first school, since the inception of the Cyber Defense Exercise, to complete the week remaining uncompromised by the NSA Red Cell. By the last day, the cadets were so confident in their network, they began leaving taunting messages for the Red Cell on the Black Knights CDX website and even went so far as to hold an after action report during the last hour of attacks from the Red Cell.

Posted by lotp 2007-08-04 07:06|| 2007-08-04 07:06|| Front Page Top

#2 I hope the hackers take it upon themselves to teach NBC a lesson in corporate vulnerability. And to add nice little notes to their vandalism directing thanks to Madigan personally.

Posted by Anonymoose 2007-08-04 08:31|| 2007-08-04 08:31|| Front Page Top

#3 Do not mettle in the affairs of wizards... etc

Posted by Sleting Scourge of the Platypi8022 2007-08-04 08:43|| 2007-08-04 08:43|| Front Page Top

#4 Things have got more tricky since the fun days of WinNuke!

Posted by Bright Pebbles 2007-08-04 09:05|| 2007-08-04 09:05|| Front Page Top

#5 The MSM types keep focusing on the President's ratings and ignore the fact theirs are in the basement along with their bed buddies in Congress. You'd think if they had gray matter between the ears, they'd understand they even less loved than government. You really have to be absolutely clueless to grasp the [as demonstrated] consequences of that bit of data.

Posted by Procopius2k 2007-08-04 09:25|| 2007-08-04 09:25|| Front Page Top

#6 Heh. I like the "burn the whitch" comment.
Do you think that the MSM will ask themselves "Why do they hate us?"

Posted by N Guard 2007-08-04 09:48|| 2007-08-04 09:48|| Front Page Top

#7 This MSM slime apparently was intent on outing a federal agent, according to Wired:

According to DefCon staff, Madigan had told someone she wanted to out an undercover federal agent at DefCon. That person in turn warned DefCon about Madigan's plans. Federal law enforcement agents from FBI, DoD, United States Postal Inspection Service and other agencies regularly attend DefCon to gather intelligence on the latest techniques of hackers. DefCon holds an annual contest called Spot the Fed, in which attendees out people in the audience they think are undercover federal agents. The contest is good-natured, but the feds who get caught are generally ones who don't mind getting caught.

... DefCon staff lured her to a large hall telling her that the Spot the Fed contest was in session and that she could get a picture of an undercover federal agent at the contest.

When she sat down, Jeff Moss, DefCon's founder, announced that they were changing the game. Instead of Spot the Fed, they were going to play Spot the Undercover Reporter and then announced, "And there's one in here right now." Madigan, realizing she'd been had, jumped from her seat and bolted out the door with reporters carrying cameras chasing after her through the parking lot and to her car.

Posted by lotp 2007-08-04 10:54|| 2007-08-04 10:54|| Front Page Top

#8 NBC Dateline, eh? Hey, weren't they the ones that rigged GMC pickup trucks with explosive squibs to 'enhance' their story about defective gas tanks exploding in collisions?

Posted by SteveS 2007-08-04 12:52|| 2007-08-04 12:52|| Front Page Top

#9 Yup. Wikipedia article on it here

Posted by lotp 2007-08-04 12:57|| 2007-08-04 12:57|| Front Page Top

#10 I still wonder when the government is going to seriously address hackers and virus writers. There need to be felony charges, IT industry employment lockouts, internet bans and even prohibition of computer ownership for the most egregious offenders.

The IT industry knowingly perpetuates hacking and virus writing by hiring past offenders. This is a practice that must be halted, pronto. It also represents a gigantic conflict of interest in that by rewarding hackers and virus writers with jobs, they increase the online threat level and thereby sell more of their security software.

This is predatory conduct and computer users need legal protection from it. Spam alone costs the US business community untold millions of dollars per year in lost productivity. Additional expenditures to secure corporate sites from hackers who seek to establish their cyber credentials cost even more untold millions. Lastly there is an immense loss of valuable personal intellectual property as viruses cripple processors or damage drives that are not adequately backed up.

Significant reform is long overdue. The fact that some 90% of our politicians do not even understand the most rudimentry basics of Von Neumann architecture or a bus structured computer renders them incapable of making informed decisions about such matters. We should not be punished for their lack of intelligence. Hard jail time and significant penalties need to await those who choose to pollute or vandalize cyberspace.

Posted by Zenster">Zenster 2007-08-04 12:58|| 2007-08-04 12:58|| Front Page Top

#11 Zen, I respectfully disagree. Haxors are a global phenomenon and it would be national suicide to only arrest and/or cut off the American ones.

Some of the FBI and CIA's arcane security clearance rules (No more than 20 joints LIFETIME or you can't get a clearance) keep the most talented hackers on the dark side. Some of the smartest people we have hang with real unsavory types. So what? We need that intelligence that can't be gathered by the nice young men from Brigham Young still bright and shiny from their Mission.

We cut off the US haxors, the Chinese and Paks will have us for lunch.

Posted by Seafarious">Seafarious 2007-08-04 13:43|| 2007-08-04 13:43|| Front Page Top

#12 Expect NBC system to be fitted with a little spyware, turmoil and eensy-weensy spiders. Someone is soon to know every email and history file of every self important airhead there.

Posted by Jack is Back!">Jack is Back! 2007-08-04 14:05|| 2007-08-04 14:05|| Front Page Top

#13 This MSM slime apparently was intent on outing a federal agent, according to Wired:

According to DefCon staff, Madigan had told someone she wanted to out an undercover federal agent at DefCon.

Um, isn't that just a wee bit on the felonious side of the law there? Seems "outing" a so-called undercover federal agent got somebody named...lemme' think...ah, yes, "Scooter" Libby some jail time (deserved or not) for doing something along those lines.

Now, isn't intent to commit a federal crime a felony and shouldn't this weasel be brought up on charges of conspiracy?

Posted by FOTSGreg">FOTSGreg 2007-08-04 14:56|| 2007-08-04 14:56|| Front Page Top

#14 We cut off the US haxors, the Chinese and Paks will have us for lunch.

Pure hooey. The IT corporations should set up operational mirrors or target websites like Google does and provide large cash prizes or employment offers for successful breakins. This could all be done legitimately without the damage. There is no good reason for society to endure the ravages of cyber outlaws.

Posted by Zenster">Zenster 2007-08-04 15:36|| 2007-08-04 15:36|| Front Page Top

#15 Zen, I know a bit about this area (IA/CI), and can tell you that you are way off base. First, get out of the box, then start looking at things with new eyes. Seriously, you are barking up the wrong tree.

Posted by OldSpook 2007-08-04 15:50|| 2007-08-04 15:50|| Front Page Top

#16 With all due respect, OldSpook, how do you recommend dealing with hackers and virus writers then? These people do tremndous damage and facilitate identity theft. Do you condone the IT industry's habit of hiring criminally convicted hackers? What about the insanely light court sentences that are handed out to virus writers?

That German teenager, Sven Jaschan, who wrote the sasser worm caused MILLIONS of dollars in damage world-wide. Yet, the punk got a 21-month suspended sentence and was ordered to do community service. Where's the justice in that? What about poor yobs who have entire manuscripts erased and other major irreplacable works scrubbed off of their hard drives by these vermin?

I understand the need for robust security and how free lancers end up providing unconventional testing of such important systems. But the criminals are being rewarded or going unpunished for causing significant damage and that is morally reprehensible.

Posted by Zenster">Zenster 2007-08-04 17:33|| 2007-08-04 17:33|| Front Page Top

#17 Zen, hackers = white hats, crackers = black hats. Just making sure you don't put everybody in one bag.

Spammers, phishers and virus scribblers/releasers? Shoot 'em.

Posted by twobyfour 2007-08-04 17:57|| 2007-08-04 17:57|| Front Page Top

#18 Fear not, I know the difference between hackers and crackers. I tutored my high school electronics teacher in digital logic and presented the class' first binary electronics seminar. I was designing digital circuits and programming using Fortran back in 1972. A personal friend of mine worked with Seymour Cray. Computers are no mystery to me.

Spammers, phishers and virus scribblers/releasers? Shoot 'em.

Yup.

Posted by Zenster">Zenster 2007-08-04 18:49|| 2007-08-04 18:49|| Front Page Top

#19 Ah, computer credentials.

Welcome, Zenster, to the many here at Rantburg who have varying degrees of expertise in various areas of computing.

My current research specialties include artificial intelligence, robotics and natural language processing, but my Silicon Valley venture-funded days started back in the mid 70s, after I left a job programming for the Joint Chiefs of Staff command center. Along the way I led the development of a number of systems that you've seen or used during your time in California ... and a few in military use as well.

But security isn't my field. I know a number of true info security experts, including some associated with the NSA, I work with some security experts and I read in the field a bit. But it doesn't make me an expert by any means.

Old Spook, on the other hand, has very deep and very current operational familiarity with info assurance and cyber warfare methods currently deployed on our behalf.

While he cannot discuss a lot of details here, please accept my assurance that these are quite authentic credentials on his part. I for one respect his judgements on these topics.

Just sayin' .....

Posted by lotp 2007-08-04 20:08|| 2007-08-04 20:08|| Front Page Top

#20 I understand that. It's why I respectfully asked him to clarify his position (within whatever limits of his classified knowledge). There still remain serious deficiencies in how cyber criminals are being prosecuted and sentenced.

Do you argue that it is not a distinct conflict of interest that security software providers are allowed to hire cyber criminals?

Do you disagree that virus writers like Sven Jaschan should be imprisoned on felony charges and experience either temporary or permanent banning from the internet, not to mention be forced to pay compensation for the damage done by their malicious acts?

Do you argue that a lot of hacking could be redirected into legitimate corporate competition against full scale colocation mirrors and intentional operations targets?

Do you seek to minimize how damaging hackers are to the cyber world?

If we could divert their attention towards profitable competitions it would make it that much easier to identify and apprehend those hackers who seek to steal consumer identity information (phishing) and corporate customer data bases.

I have no problem with our government using talented crackers to spike China's government computing systems or those of other enemies. The ability to do so does not rely upon letting these cyber vandals have free run of cyber space to wreak havoc. I have no problem with someone sitting within the confines of their own home and penetrating Miscrsoft's crappy OS and security code.

I have big problems when they inflict it upon the outside world. I have even bigger problems that it is currently being treated like white collar crime was two decades ago.

Posted by Zenster">Zenster 2007-08-04 21:31|| 2007-08-04 21:31|| Front Page Top

#21 Cute. "You'll just have to believe us." To hell with that.

Posted by Zenster">Zenster 2007-08-04 23:18|| 2007-08-04 23:18|| Front Page Top

#22 Zen, some of this isnt even IA stuff. Its the ancient art of counter intelligence. Look deeper into it and how its applicable to most of these fairly weak personalities with strong intellects. Even though its obvious to those such as myself, I'd rather not spell it out.

Secondarily, the economic harm estimates are massively inflated. They typically overstate things by orders of magnitude and include nebulous things like unquantifiable opportunity costs. And to be brutally honest, in my professional opinion, the intelligence community does nto have the resources to give a rats ass about that stuff unless it materially impacts the security of defense of the US or its vital interests.

And thirdly, it is an almost alien mindset. I go there, and its hard to explain to others who think conventionally, why or how someone comes up with this stuff.

Asperger's syndrome is common, and I am borderline that way myself - DSM criteria did apply to me when I was younger, but not very severely since I learned to overcompensate by being "chatty" (amongst other things) and fortunately I am atypical for Aspergers, in that I did not suffer from the clumsiness thanks to my dad forcing em into all kinds of sports, musical and "shop" activities. Empathy has been a harder thing for me to acquire than calculus, intelligence analysis, or weaponry skills; which is why I cherish my Catholicism and how it forces me to stretch areas where I have less inborn capacity.

Similarly, a lot of the very best hackers (the ones are so good you really never read about them) have to work much harder at non-verbal communication: what other people can just "tell" from casual observation, they have to use the analytical parts of their minds and much more observation (almost clinically) to get the same conclusions. Hence the stereotypical nerd boy who cannot read the Green Light a girl is sending him, and walks off leaving her mystified, and him wondering what happened.

There is a lot of psychology at work in this field, its not all technical.

All of that, and most of the damage is doen by thugs and dumbass skript kiddiez, who use the tools given them by the real hackers, but have no more understanding of them than a chimp does of a handgun.

Keep the latter part in mind when talking about sentencing, etc. Damage done is usually not by the hackers but by morons who use what the hackers made.

Posted by OldSpook 2007-08-04 23:30|| 2007-08-04 23:30|| Front Page Top

#23 And as for the rest, you will have to trust us. Simply cannot say much more without getting into trouble. If you want to know more, go to a Defcon. I've been to several. They are a great place for people active analytical minds.

And if thats not good enough, well, suffer then. Sorry.

Posted by OldSpook 2007-08-04 23:33|| 2007-08-04 23:33|| Front Page Top

23:39 Pappy
23:33 OldSpook
23:30 OldSpook
23:20 E Brown
23:18 Zenster
22:57 Super Hose
22:33 wxjames
22:33 Redneck Jim
22:20 JAB
22:16 Zenster
22:08 AT
21:54 newc
21:48 Zenster
21:46 CrazyFool
21:42 Free Radical
21:35 Zenster
21:34 Free Radical
21:31 Zenster
21:30 RWV
21:25 AT
21:04 Gary and the Samoyeds
21:04 DarthVader
20:48 AT
20:33 Sock Puppet of Doom