 44402812Hack The PlanetPremium
join:2006-08-28
12901
1 edit | NASA Security Breach Can I get some opinions regarding this matter?
»video.google.com/videoplay?docid···lindex=4
From owenhome
Scary, but not surprising.
Some government sites are very loose, even today. But computers that have classified information on them are not connected to any network, local, wide, Internet, or otherwise. They are stand-alone only. Data is shared by hand, not through networks. Just for that reason, I find his claims dubious. Even if he did manage to log on to a machine with a blank admin password, he would be a local admin only and have no network privileges. So he wouldn't be able to log into the domain and search around. Even if he did, no agency would be so careless to leave such sensitive information in group policy shared areas. He would have only had access to data on that machine’s local disks. Most all users will store their data in their home folder on a server so it gets backed up. Only domain admins and the owner/user would have had access. A local admin wouldn’t have even been able to log on.
Also, it’s not possible that he did any damage to any machine. All they would have needed at the very most was a re-image. It’s just not possible to damage anything remotely like that. Worst case scenario is that each of those machines would have needed 30 minutes worth of work, plus they needed to password protect the local admin account anyway! |
|
 dbmavenThere's no shortagePremium,Mod
join:1999-10-26
Sty in Sky
kudos:2 | Re: NSA Security Breach Moved from Enterprise Admins to Security. |
|
|
|
SUMwarePremium
join:2002-05-21
kudos:2 | reply to 44402812
The Guardian
July 9, 2005
»www.guardian.co.uk/weekend/story···,00.html
Gary McKinnon has been accused of committing the 'biggest military computer hack of all time', and if extradited to the US faces up to 70 years in jail. So how did this techno geek from north London end up cracking open the Pentagon and Nasa's systems?
said by The Guardian :
He currently faces 20 charges in the US, including stealing computer files, obtaining secrets that might have been "useful to an enemy", intentionally causing damage to a protected computer, and interfering with maritime navigation equipment in New Jersey. Last month he attended extradition proceedings at Bow Street magistrates court - he had, the American prosecutors said, perpetrated the "biggest military computer hack of all time". He "caused damage and impaired the integrity of information ... The US military district of Washington became inoperable and the cost of repairing the shutdown was $700,000 ... These [hacking attacks] occurred immediately after 9/11 ... " And so on.
|
|
44402812Hack The PlanetPremium
join:2006-08-28
12901 | Yeah...Not to be rude but I asked for some opinions in this forums regarding this matter? If you watch the video ya know that he is in trouble and what he is being accused of? I want to know what the security gurus think? Is he FOS, it the NSA making s@#t up, is it even possible to do what he claims? |
|
| Search before posting:
»/nsearch?q=Gar···ction=Go
said by 44402812:Yeah...Not to be rude but I asked for some opinions in this forums regarding this matter? If you watch the video ya know that he is in trouble and what he is being accused of? I want to know what the security gurus think? Is he FOS, it the NSA making s@#t up, is it even possible to do what he claims? You asked for opinions in the wrong forum and it was moved here  . Some people don't bother to click on video links and ignore youtube altogether. SUMware was helping.
I remembered this story because of his supposed motivation - proving the existence of UFOs (according to public articles I browsed at the time). |
|
| reply to SUMware
There's a part of me that thinks McKinnon is being railroaded, that what he did shows an utter lack of security on the military side, and shines a spotlight on parts of our infrastructure that are clearly lacking.
Then there's the other side of the coin. The fact a system becomes compromised, even if no malicious action is taken, puts into motion a number of other policies and procedures. You now have full blown investigation into what was compromised, how far down the rabbit hole did he go, and where were the failings in the system security. On top of that you have the massive man hours in machine wipes, reimaging, reinstallation, and potential complete infrastructure review and overhaul to pull off.
I am of the school of thought that if you have an unprotected and accessible public-facing node, and it gets compromised, that the fault is in fact yours. The costs to secure, investigate, rebuild etc. are in fact a direct result of your own negligence.
The thing about McKinnon that amazed me even in the beginning before they even had his name was how long he had been at it. |
|
| Oh, and yes, what they claim he did could in fact be done. There was a day and time back in the late 80s early 90s that people cut thier teeth on .mil sites and systems.
There's a number of levels of classified information, and they are not all handled on paper, and left in isolated machines. For example, the ViCAP database is definatly not for public consumption, yet it is accessible to anyone with a the proper credentials, no matter how they are obtained.
I don't want to get into specifics, but it is not far-fetched for someone to gain remote access to a machine, and then through privilage escalation and other means gain access to other nodes in the infrastructure. After that, it's not a hard feat to obtain the login credentials to other nodes/sites within the infrastructure, and continue down the rabbit hole. |
|
| reply to 44402812
One thing: He hacked into NASA systems, not NSA systems.
Whether he hacked into real systems, honey-pots, or a mixture (some successful hacks) is unknown. Some of the "evidence" he states, like the UFO picture, sounds more like he got setup on the last NASA hack. Knowing how lax non-security related government agencies were (and in some ways still are); I do believe he got into some systems via un-passworded administrator accounts. I do wonder why the networks these systems were attached to, were not behind firewalls?
--
Do yourself a favor, just say no to anything Windows. |
|
44402812Hack The PlanetPremium
join:2006-08-28
12901 | reply to SUMware
Sorry BRO! Thanks For the HELP  |
|
| reply to astirusty
said by astirusty: I do believe he got into some systems via un-passworded administrator accounts. This story appears to be a hoax, at least as it is told. The admin password is blank by default, as the hacker correctly pointed out. What he did not point out, and the reason that the story is fishy, is that remote login access using a blank password is also dis-allowed by default. Somebody would need to intentionally reverse the default setting I have circled in the screen shot for this hacker to be able to log in as he claims to have. The computer would need to have been configured this way intentionally, it would never have happened by accident or by an over-sight. |
|
| reply to 44402812
Re: NASA Security Breach This story plays as if it's a "made for internet consumption" movie... |
|
 major marcoRes Firma Mitescere NescitPremium
join:2003-02-13
Stepford, CA | reply to 44402812
Re: NSA Security Breach said by 44402812:Yeah...Not to be rude but I asked for some opinions in this forums regarding this matter? If you watch the video ya know that he is in trouble and what he is being accused of? I want to know what the security gurus think? Is he FOS, it the NSA making s@#t up, is it even possible to do what he claims? Considering that the feds lose a laptop containing confidential data every other day, anything is possible. I do think, however, that your little YT video appears to be exactly what someone else said it was...made for Internet video viewing.
--
The Toll
|
|
