Dailydave: Re: We got owned by the Chinese and didn't even get a "lessons learned"

[Andrew Simmons <asimmons () messagelabs com>]

Hi,

Etaoin Shrdlu wrote:
> Sure, most of the gov and mil internet facing networks are a lot more 
> lax than they should be, but the classified stuff (even the stuff 
> classified at a mere Confidential level) is not there. Not. Look up 
> things like siprnet.
> Coffee. Need more coffee...

The Word 0day smells exactly like the Titan Rain attacks (Wikipedia has 
a good article for background.)  (Full disclosure/disclaimer - my 
employer has had some involvement with this area. I, personally, haven't 
- all I know is what's in the public domain :)
One interesting aspect of these attacks (there are several :) is that 
they're after relatively soft, industrial targets.
In the cold war, the serious black hats were presumably after military, 
classified stuff - heavily protected even now, as you say, kept to 
SIPRnet and other classified, airgapped systems. Human attacks (spies) 
are really the best way to get access to such data - and such attacks 
are very very slow, risky, and high cost. How much easier it is to 
attack soft targets - typical commercial organisations with Windows 
desktops and internet access...
Can't help wondering what would have happened if Khrushchev had ordered 
the KGB to switch to stealing blueprints for refrigerators and cars, 
instead of spacecraft and nuclear weapons...

cheers

\a





--
Andrew Simmons // MessageLabs Security Team
Technical Security Consultant
MessageLabs: Be certain


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________