Military and Government E-mails Compromised 132
Dangerous_Minds writes "ZeroPaid is reporting that 16,959 e-mail accounts were recently exposed by Connexion Hack Team. Included in the data dump are usernames and passwords for military and government accounts. The other compromised accounts included addresses from GMail, Yahoo, MSN, and AOL."
Reader Stoobalou adds a report that NATO's servers have been hit for the second time in as many months.
Re: (Score:2)
There's rules for being a good anarchist. Of course, none of the good anarchists follow them.
Re: (Score:1)
Reminds me so much of War Games flick (Score:3)
Shortly after the release of War Games in 1983, there were a rash of hacking incidents "inspired" by the movie. Events of late seem to be a repeat of that, aggravated by the (still) piss poor security policies. How some things changed but other persists over the decades.
Wait until Wargames movie remake comes out. (Score:2)
http://popwatch.ew.com/2011/06/24/wargames-remake/ [ew.com] :(
Re: (Score:2)
Re: (Score:1)
Air Gap? (Score:3, Interesting)
Has nobody in government security ever heard of an air gap? WHY would you ever attach military gear to the public Internet?
Re: (Score:1)
Actually, not they are not. There are several layers, which I will not discuss for obvious reasons. However all organizations, including military and government facilities require internet access to do their jobs. It is impossible for any organization to currently replicate all and keep in sync the available information on the internet in a contained environment.
Yes, I'm prior military and prior government contractor. This information is not classified, restricted, or confidential; however, further deta
Re: (Score:2)
Yes, I'm prior military and prior government contractor. This information is not classified, restricted, or confidential; however, further detail is.
Well can you point me to a torrent with all those details?
ask bradley manning (Score:3)
according to some of his defenders, alot of the stuff he got was 'commonly downloaded' by people on the base, especially the Collateral Murder video.
if you search youtube for video of afghan/iraq air strikes, i'd say that seems about right.
now if there is a bradley manning, who was doing it to blow whistles, there are probably some people who are doing it for profit, selling info to others.
why they aren't up on charges like him? sometimes the military wants to flip them to become triple agents. sometimes it
Re: (Score:2)
That data is on SIPRNET, which is separated from the regular Internet. After 9/11 the government tried to adopt a culture of information-sharing between organizations, which led to a lot of data being easily accessible if you had the right access. The infamous Wikileaked data is available because Manning transferred it from SIPRNET to the Internet by means of a writable CD masquerading as a mix tape.
yes. air gaps don't work (Score:3)
if you have millions of people with security clearances,
including people who are having serious psychological or emotional problems, which were known to the commanders at the time they sent him on duty.
Re: (Score:2)
Access to data traditionally needs need-to-know in addition to clearance, though that was relaxed somewhat with post-9/11 information sharing. But in general, it's a hard problem. Lots of military and contractors need access to some kind of security-sensitive data.
Re: (Score:2)
In this case, so you can send e-mail to people on the Internet (and the reverse).
Re: (Score:2)
Uh... the military uses the internet. The real internet. someone@navy.mil is not some secret account, those are air gapped for obvious reasons.
You're seeing someone's NIPR email that they used to sign up for some unknown website, and nothing more.
Re: (Score:2)
Laziness.
Rather than setup some external networking to a different site so that e-mails can be exchanged between them it's much easier to just go plug into that pre-existing wall socket over there in the corner and tunnel via the public internet where all the infrastructure is already in place for you. I mean, no one would think to try and attack your connection right? I mean, how would they even find it amongst all those other IPs on the net!
That's really the mindset you're dealing with.
This is the way to improve security (Score:1)
I don't understand... (Score:2)
... how people can believe in the existence of a government that conspires to slowly erode our freedoms, but also maintains such poor security on their information.
Oh wait, never mind, I just got it. This is clearly a ruse they orchestrated to make the truth seem implausible. Very sorry, continue with normal business.
Re: (Score:2)
You've obviously got a much better handle on conspiracies than the average conspiracy theorist, but I don't think you've adequately supported your conclusion. Why do "inept" and "corrupt" belong in the same category? Surely it takes some level of competence to execute any significant abuse of power under r
Stop storing passwords as they're typed (Score:3)
I wish that everyone would just stop storing passwords as they're typed and instead only store the comparative hash. It wouldn't matter, nearly so much, if they were obtained that way, so long as the algorithm to turn the password into the hash can't also turn the hash into the password.
Yeah, I know, it might break some interoperability, but I'm getting sick and tired of hearing about this crap. Unfortunately the only way this will change is if it becomes in the interest of the requisite parties for it to, like if they can't obtain insurance anymore because no insurer will want to extend liability insurance to a company whose IT structure is so poor that it's likely that a payout might be necessary.
Re: (Score:1)
Re: (Score:2)
Morons (Score:3, Insightful)
No, not the people who had their e-mail and passwords hacked, just most of the commenters here on Slashdot. Really, after all this time I should no longer be surprised.
Heads up, folks! The vast bulk of these e-mail addresses are from @yahoo.com, @gmail.com and the like.
These are PERSONAL e-mail addresses of possibly U.S. government personnel. They are prefaced with a couple dozen .gov and .mil addresses, but the rest are anybody's guess.
Re: (Score:2)
Exactly. It's likely they came from some sort of government employee program, like free viagra for postal workers or something... anything, I don't know. It's highly unlikely the organization (NSA) that has paper after paper detailing the need to hash passwords using a random salt to prevent rainbow attacks went ahead and stored their accounts in clear-text [*@nsa.ic.gov].
This is yet another Bobby Tables [xkcd.com] script attack against yet another site failing to use prepared statements and sanitation as suggested
Re: (Score:3)
You're making a huge assumption that this is from a military server (hint: these user/passwords didn't come from that NATO server). Just because you see a few .gov and .mil email addresses means nothing. Some people sign up for websites using their military email addresses, just like some people do the same from a corporate email.
I love how they preface the .mil addresses as important people. More likely some random PFC.
Re: (Score:1)
Not compromised, not hacked (Score:4, Informative)
These aren't email addresses with passwords to those accounts, they're the email address and password someone used to sign up for some random, unknown website. Without knowing what website, most of these combos are worthless. It might have been a hack of the server, but chances are it's just some DB (and not DataBase) admin who published his user list. If you're using the same email address to register for websites, make sure you don't use your password for that email address when you register.
Re: (Score:2)
Re: (Score:1)
Yes, that's true. But that's more for someone to remember. And perhaps for most people, remembering a string of characters isn't so simple. So even if the password is simple, will someone really want to remember a bunch of different, yet simple, passwords for a multitude of websites?
Okay, now, what about disposable e-mail addresses? Those disposable e-mail addresses don't have a password attached to them. So, one path to follow might be this...
1. Create a Hotmail account (most people probably have this chec
Re: (Score:1)
Military using (Score:2)
Why would any military allow the use of such things for communications, is it not protocol to have secure lines of comm. no matter what the means or reason for it.
You never know who is listening, so you have to ensure your line is safe....you can't do that with a company the likes of google that say all you emails belong to them.because you use their services....
come one...common sense 101 here...
Secure e-mail to place an Amazon order? (Score:2)
Members of the military do need to transact business with the outside world. Sign up for websites, order a book from Amazon, whatever. As long as the public e-mails aren't used for classified information, what, precisely, is the problem?
Re: (Score:2)
Maybe having someone know that you are a 5 star general, and just ordered your inflatable doll from your internet line that had a man in the middle listening, could create a very specific situation, where they could approach that general with this info for blackmailing purposes, or maybe if this same general has a mistress, and someone got wind of it, because he was using unsecured lines, again would lead to a situation where they could possibly us that "normal info" to abnormal means of getting results...
F
Business (Score:1)
Re: (Score:2, Insightful)
what's your agenda here, btw?
lets start with that. how odd you make a comparision when no sane person would. speaks volumes about you.
Re: (Score:1)
False dichotomy. One is a family, one is a large and corrupt public organisation.
Re: (Score:1)
Wait, you know the US government is corrupt? Oh my god! Have you contacted the police, or the press, or corruption watchdogs, or presented your evidence somewhere on the internet, or anything like that?
Re: (Score:2)
Re: (Score:2)
OK, now that you've made your case, allow me to make mine.
The criteria of everyday life and everyday people suc
Re:Going to throw stones? (Score:5, Insightful)
Well, government data is (nominally) public property and should be owned by and available to the public at large, with only certain exceptions, usually in a time of war. Fucking around the the voice mail account of a missing, underage girl who may or may not have been murdered, is a little bit different than that, don't you think? But hey, context, what's that?
Re: (Score:3)
That gets tricky. Not all government data, just government work product. There are a lot of situations where direct public access to government data is a real problem. Not the bullshit "national security" reasons, but simple things like access to internal information about an ongoing FBI or SEC investigation. Eventually the information -- excepting things that could easily compromise future investigations -- should be public, but not necessarily immediately. Likewise, government officials should be able to
Re: (Score:2)
Why?
Re: (Score:2)
I am not Korean by ethnicity, blood, or citizenship, nor do I feel any particular attachment to Korea. The name is an inside joke that you unfortunately are not privy to. I was genuinely interested in hearing an explanation of your position on this issue which is why I asked "why". I know I've insulted you in the past (and honestly you deserved it) but now I'm not trying to be combative or argumentative at all.
Re: (Score:2)
One has to wonder what you thought about Palin's emails being hacked. Or, what you would think is Bachman's emails were hacked. I suspect you would be overjoyed.
Re: (Score:2)
One has to wonder what you thought about Palin's emails being hacked. Or, what you would think is Bachman's emails were hacked. I suspect you would be overjoyed.
It made me wonder exactly how many of my clients have accounts that can be reset based on information in their wikipedia entry.
Re: (Score:2)
Well, government data is (nominally) public property and should be owned by and available to the public at large,
Can you cite a supreme course case, an amendment, an article of the constitution, etc?
No, this is just your vision of how things should be? Oh, ok then.
Re: (Score:2)
This [wikipedia.org] is by no means all-inclusive, but it's a starting point.
Re: (Score:1)
Nonsense. Government data should be public unless there is a compelling need for secrecy. This provides for accountability of government. Personal data have no such application; a person is not accountable to society in the same way that the government is.
Re: (Score:2)
Nonsense. Government data should be public unless there is a compelling need for secrecy.
"Should" and "is" are two different things. Possibly one should push for a change in legislation (I thought Obama was pushing a transparent government initiative...?), but until then I dont see any reason to get giddy because someone broke laws and saw fit to play the data-vigilante.
Re: (Score:2)
but until then I dont see any reason to get giddy because someone broke laws and saw fit to play the data-vigilante.
This is just your vision of how things should be? Oh, ok then.
As if the imprimatur of law has an ounce of weight when it comes to morality.
Re: (Score:2)
This is just your vision of how things should be? Oh, ok then.
No, its me stating a fact: that I am in a state of confusion over why people are overjoyed that others are violating the laws of the land in a democracy where the majority stands against them.
As if the imprimatur of law has an ounce of weight when it comes to morality.
One treads on dangerous ground when speaking of morality in such an issue, especially when you havent explained what your ground for morality is. Myself, I would say that part of a proper system of ethics recognizes the necessity to submit yourself to the governing laws of the land, unless such laws contradict a more
Re: (Score:2)
And honestly, I would not call the "need for information to be free" a deeper ethical rule.
Your phraseology betrays your bias. There is no "need for information to be free" - that "information wants to be free" is an observation of fact not an imperative.
Furthermore the debate has no more to do with the fact that information "wants" to be free than the fact that round wheels "want" to roll has to do with the debate on speeding.
So the question becomes, if the law of the land has absolutely no say in your mind as to how one should behave, where DO you derive your standards from?
Your question suggests you think the law of the land does significantly define morality. The reverse is the only sane belief, that the law of the land should be defined b
Re: (Score:2)
that "information wants to be free" is an observation of fact not an imperative.
No, its a non-sense statement-- information has no power of cognition, and thus cannot want anything. To speak of it thus is to speak absurdities. Im not even sure what principle people are trying to communicate when they make that statement-- that people tend to be bad at keeping information private? That is neither an argument for or against private information.
Furthermore the debate has no more to do with the fact that information "wants" to be free than the fact that round wheels "want" to roll has to do with the debate on speeding.
I quite agree, which is why I was criticizing that whole argument. When discussing whether or not it should be legal for wheels to roll, one d
Re: (Score:2)
No, its a non-sense statement-- information has no power of cognition, and thus cannot want anything
If you can't grasp the fundamental truth of that statement you'll never be able to have a meaningful discussion of its implications. I suspect that your dogged focus on secrecy for secrecy's sake rather than the validity of the secrecy in the first place is rooted in the same lack of sophistication.
Re: (Score:2)
I begin to suspect the lack of progress in the discussion is due to your inexplicable conclusion that I support secrecy for secrecy's sake.
The difference (Score:1)
The difference is that Milly's voicemails were deleted to make space, while the exposed email accounts were not deleted.
The difference is that Milly's voicemails were expected to be private, and the operations of government and the military are expected to be public since they are funded by the public.
Re: (Score:2)
and the operations of government and the military are expected to be public since they are funded by the public.
I would LOVE if we could get some citations of where such an expectation has ever been upheld by any body of authority. Civil War cases, or WW2 cases might prove educational to those cheering for "the old days" of military knowledge being public. I believe we termed it "treason" back in the day.
Re: (Score:3)
I can't, in my wildest dreams, see the parallel you see.
seek help, is my advice to you.
Re: (Score:2)
I am in favor of the release of ALL hacked data. Even when it my hurt people, even when it may put lives at risk. All in all I think all the secrecy, and covert action makes us weaker not stronger. It creates more division and strife in the world not less; why? because it always comes out eventually; even if it takes decades.
When I was very young my mother gave me a simple bit of advice. See said if you want to be sure nobody every reads something, don't write it down.
Wow simple eh? much simpler than e
Re: (Score:2)
I don't think I would like that very much at all. Which is why I should be able to ask my doctor to shred my medical file, or at least portions of it. Does that mean treatment may not be as effective in the future yes. I not anyone else though should get to chose how to weigh the risk it leaks against the value of storing it.
I think personally in most aspects of life right now we grossly over value keeping records and grossly underestimate the risks of leaks and the costs of fallout from them.
Re: (Score:2)
All in all I think all the secrecy, and covert action makes us weaker not stronger.
Maybe look at the situation in Zimbabwe, and the fallout after the release of several diplomatic wires between Mugabe's opposition and the US, and then repeat that statement.
Re: (Score:2)
heh, I really hope you're not basing yourself in OMGZ, wikileaks endangered Morgan Tsvangirai's life. Please, tell me you're not nitpicking clearly false and biased information to support... er... what was your point again? yeah, whatever that was.
One liners might make someone look like they know more than they do, but some people will research and realize you're saying nothing at all.
if someone reveals the truth, no matter what happens, it's still the truth. Why should people rely on saviours, politician
Re: (Score:2)
Tsvangirai's position was put in jeopardy because he was allied with the US against Mugabe, and Mugabe was able to use his control of the media to twist it into some anti-Zimbabwe sentiment.
There is no possible way youre going to convince me that the curiosity of some citizens in the US was worth endangering the potential fixing of the disaster that is Zimbabwe.
One liners might make someone look like they know more than they do,
Pot calling the kettle black. How many one-liners pop up stating "information wants to be free", nevermind that the founding fathers, the 2 sides i
Re: (Score:2)
Tsvangirai's position was put in jeopardy because he was allied with the US against Mugabe, and Mugabe was able to use his control of the media to twist it into some anti-Zimbabwe sentiment.
There is no possible way youre going to convince me that the curiosity of some citizens in the US was worth endangering the potential fixing of the disaster that is Zimbabwe.
You're saying that because zimbaweans learned THE TRUTH and Mugabe could use it to his advantage that secrecy was entitled? Tsvangirai engaged in talks with the US and supported sanctions against the country, wether that's a good or bad thing, it's not important in this discussion. The important thing is that it's represents the truth and if people get angry about it, wether there's a media spin or not, it's just how things are supposed to be.
I might be wrong, but you're claiming that secrecy should've be
Re: (Score:2)
You're saying that because zimbaweans learned THE TRUTH and Mugabe could use it to his advantage that secrecy was entitled?
For the most part, yes, because the depiction of "the truth" that they were getting was mostly incorrect. Im not clear on what precisely the average Zimbabwean knows about this issue, but as Mugabe basically controls information there, you can bet that its not anything so accurate as you or I know.
while he lied to the people he represented?
In what way was he lying? It is well known that he opposes Mugabe; this is just an excuse to trump up treason charges.
And as for "represented", you DO realize that Tsvangirai WON the last election and STILL does
Re: (Score:2)
I am in favor of the release of ALL hacked data.
That viewpoint, I can respect. I disagree, but I can respect it. When you pick and choose who is within the boundries of the law, the law loses its function, and you become a vigilante.
Re: (Score:2)
You're an idiot.
Re: (Score:3)
The same people that clapped in glee with the release of this and other govt. data should either clap in glee with the release of ALL hacked data, or should object to the release of ALL hacked data.
So you don't see any difference at all between a private individual and a government organization?
I'm not particularly moved to emotion by either of these stories... But I can at least see a difference here.
The US government is supposed to be by the people, for the people... And yet we see plenty of evidence that the US population is being lied to at nearly every turn. Why would I, as a US citizen, object to actually getting to find out what my government is really doing? Yes, of course, folks are going
Re: (Score:2)
I sympathise, but I disagree. People are allowed to define their own rules, and hence exceptions, in their own moral compass. I mean, if exceptions weren't allowed, then you could be a hypocrite for believing one "thing" is good, but not another "thing". Surely, either you believe everything is good, or everything is bad?
Re: (Score:2)
The same people that clapped in glee with the delivery of this and other delicious pizzas should either clap in glee with the delivery of this shitty pizza, or should object to the delivery of ALL pizzas.
Re: (Score:2)
By extension, those who cheer when a notorious serial killer is put in jail should either support putting every last person in jail or should object to putting anyone in jail at all.
Re:Going to throw stones? (Score:4, Insightful)
Re: (Score:2)
While I understand the point you are trying to make you seem to have sidestepped the context. Hacking an organization and at least theoretically exposing weaknesses in their security and hacking an individual's phone are quite a bit different. I generically applaud publicly hacking organizations that are failing in their responsibility to protect the information they have. So while I would support generically hacking the entire phone system to expose such a weakness the focused malicious attack on a dece
Re: (Score:2)
I should be more clear I suppose. I don't support every action the hackers take, I never have. I support the exposing of the weaknesses to force the organizations to fix them or at least allow the individuals the ability to mitigate them. The problem here (and with your analogy) is that a security vulnerability like this can easily be used and then kept secret by the company and/or hackers. If you break into a bank and dump the keys into the street it is very public (even if you don't dump the keys) and
Re: (Score:2)
I hadn't thought of it that way and it does work better as an analogy except for the reaction both to the stolen items being released to the public and the hacking event itself will be dramatically different. I should also be clear I don't think the release of the information has much if any benefit but the public disclosure of the compromise does.
Re: (Score:2)
Misconduct by an international megacorporation is now equivalent to childish pranks done by anonymous geeks? Misconduct for profit equates to some kind of misguided political activism?
Let me be blunt - I want Rupert Murdoch's head on a pig pole. Knowing that the "gubbermint" is looking for these miscreants in this story is good enough for me. These little freaks don't actually threaten my freedoms, while Murdoch does. Murdoch's vision for the world is endorsed by dozens of MP and congressmen around the