CIA hacked

Hackers attacked and shut down the CIA's computer system on Wednesday, claiming credit for the hack attack a security company is said to be responsible. Secrets are not kept on the publically accessable site, but it is embarrasing nonetheless though they probably wouldn't admit to loosing secret materials anyway.
It kinda makes me wonder if any anti virus/trojan/rootkit stuff is up to the job. It seems to me that if someone wants your data, they're gonna get it. With the powerful languages like Perl and Python (said to be the hackers' favourite) letting just a few lines of code in to open a breach where do we look to next for real security? Is there such a thing?

Article..
http://uk.reuters.com/article/2011/...6JC20110616?feedType=nl&feedName=uktechnology

 

Log in or Sign up to hide all adverts.

It sounds like the CIA knows how to keep it's secret stuff secret. Maybe they allowed their public site to be hacked in order to catch the hackers.

 

Log in or Sign up to hide all adverts.

From a security angle if you don't build from scratch and rely upon third-party software, you are going to inherit any flaws in that third-party software which you wont have direct control over.

The problem is that building from scratch is both expensive and time consuming as an option while also being limiting to accessibility, that's why even the companies or departments assumed to be secure can fall foul of Ease/Access over Security.

Most hackers don't bother defacing such sites because it's a bit like prodding a hornets nest with a stick, while lesser sites and companies might attempt a civil action such departments could quite easily cause changes to the internet or civil liberties which would directly be related to the hackers actions.

 

Log in or Sign up to hide all adverts.

It makes good sense to put your secret stuff on burnable seperate (physically seperate not just partitioned) systems. But agents still need to access this stuff from embassies and satellite all over the world. Each access point is a potential vunerability in the system so I wouldn't be surprised if the secure side was monitored live 24/7. The hackers are only a bit of an embarrasment this time, but they're probably still violating a whole stack of laws somwhere. If it was an outside attack by another government it could now be classed as an act of war.

 

It was the CIA's online web site not their main frame at where they store all of their data bases at. So that's not a big deal for anything online can be hacked very easily by amatures and others that have little real hacking abilities. Now if they were to have hacked the CIA"s mainframe that would be of interest.

 

I doubt those that work for the CIA even bother with operating through the website or email addresses associated with that domain. (Assuming it's similar to other departmental services elsewhere)

Such websites are usually run on a bog standard web-server utilising the same technologies that the average person has access to.

Hypothetically:
Any "networking" of information is done through direct IPa connections and likely split through various VPN's which connect through encryption tunneling. Such networks would not be decentralised and require at the very least one hub server that requires authentication with the system connection, with at the very least on potential "sleeper" server acting as a backup method of authenticating.

Data is sorted and stored in many different levels.

One level is that data is never store electronically or allowed to be copied or transmitted in any way, this means paper hard copies are stored in a secure location that have no backups. The data can only be viewed if the right access level exists and gaining that sort of access is not something just anyone can acquire.

Electronically stored data wouldn't necessarily be stored on the internet. While the way of the world might of allowed the interlinking of networks to create the internet, it would still make sense to lock down how data is accessed and where data can travel. Again the Ease of/and Access tends to undermine the Security, so while sophisticated methods of maintaining separate communication paths can exist they will usually be ignored as quicker, easier and cheaper methods are applied.

(Such as Stenography in various televised carriers or even tunneled traffic.)

In essence the world is changing in regards to technology and with it so is the sophistication of security, of course we are at a form of junction point where the actual data and security sector methods are in question. While we can potentially forever play a "Wargame" trying to obfuscate information and method while re-evaluating tactics every time the world catches up, or we can realise that not housing that damaging information in the first place and attempting to use more transparency actually "Stalemates" the Information War.

 

Yep, if the mainframe was hacked it would have caused a bit of a rumpus. I don't know if anyone has ever hacked it, but I can think of quite a few agencies and governments that would quite like to take a peek. I don't think amateurs were responsible for this event, I think even the public sphere was pretty secure for pride as much as anything. It's still a significant event, the US's prime agency was effectively offline for hours. There is nothing insignificant about that. Of course, it is in their interest to play it down. Bad publicity like that can't be spun to their advantage.

 

You dont seem to understand that no all information needs to be connected to the interent.

 

It was for the Lulz.

 

What are you guys going on about? You already know where the real secret stuff is, its what wikileaks got its hands on

 

The CIA website was not "hacked". It was shut down by a DDOS attack. That is not the same thing as being hacked. A DDOS attack does not gain you access to information.

 

DDoS's can however be proportion of a bruteforce attempt, for instance if you had an FTP server running you might have a rule that if 3 connections are made with the same username from the same ip with the wrong password, that the IP is banned. Distributed attacks potentially allow for many different IP's to be used, meaning that only one username/password combo needs to be done per IP making an attempt, this stops the server banning the IP since the three attempts aren't used up however it causes forking of the server to exist on more ports which in turn ties up memory and processor usage. Eventually the server reaches a saturation point, usually a limit designated by the server settings.

In some instances such DDoS's can allow for the stack to be manipulated due to buffer overflows and poorly written programs, however most programs nowadays are developed to deal with such attacks. (which is why hackers attempt to exploit old software)

 

maybe the stupid ones..

 

If organization like CIA can get hacked , what about the rest of us ?

 

we are not worthy...

 

I think it's pretty simple. Everything that is made to be able to open up, can always be opened up. You can only say stuff like 'the chances are really really small that.. ' and 'that's near impossible', but you can never say it can't be done, because it can. It's the good old arms race that mother nature have played out for billions of years already, and it will keep on going, also in the digital world.

 

ok people i dont know how to make this any simpler.. if its connected to a network that is connected to the internet reguardless of how "secure"lol it is can be hacked
here is an ez example of a 256 bit wep key or "password" of sorts
112233445566778899AABBCDEF0123456789abcdef0123456789abcdef012
create your own if you wish and i gaurentee it can be hacked within 5 min

so to answer some peoples questions on here the only way somethign is 100% secure it has to be on its own network with no wifi or internet acess assuming you trust the people that are on it

 

It's just their public site...it doesn't mean shit.

 

Ah, No!

There is no such thing as 100% secure, after all any employee not vetted to make sure they are not corrupt could copy or steal then sell information. Failing that any location can be open to people that don't work there, or are contracted in for a different task, again they too can potentially steal information. (In fact they could even install their own wifi stick to a system and create a network to exploit, the only way to defend against that would be to have jamming equipment at the location and only deal with hardwired connections for nearby networks.)

As for "cracking encryption", that requires a network of systems to "Bruteforce", if you were to attempt to do that on just one computer, it would take a significantly longer time period than 5 minutes.

(256-bit initially took an entire office block of computers about a weeks worth of nights and the weekend to crack one key, most truly encrypted systems use at least 768-bit or 1024-bit encryption, in fact newer systems use stripping methods of multiple keys that require the understanding of the network infrastructure used to even have a clue how to get the true key up.)

 

HI, You can only say stuff like 'the chances are really really small that.. ' and 'that's near impossible', but you can never say it can't be done, because it can..