Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Information Security News: RE: Sleuths Invade Military PCs With Ease

RE: Sleuths Invade Military PCs With Ease

From: InfoSec News <isn_at_c4i.org>
Date: Tue, 20 Aug 2002 07:43:11 -0500 (CDT)

Forwarded from: "Huggins, Michael" <mhhuggins_at_firstcommand.com>

I do have a problem with this type of activity. We are supposed to be
ethical and abide by standards when a certified professional violates
those standards their certification should and ought to be revoked.
There is no excuse for un-solicited scanning or penetration.

Michael H. Huggins
CISSP CTOC USN (ret)
First Command Information
Security Manager
817 569 2435

-----Original Message-----
From: InfoSec News [mailto:isn_at_c4i.org]
Sent: Friday, August 16, 2002 1:33 AM
To: isn_at_attrition.org
Subject: [ISN] Sleuths Invade Military PCs With Ease

Forwarded from: William Knowles <wk_at_c4i.org>

http://www.washingtonpost.com/wp-dyn/articles/A24191-2002Aug15.html

By Robert O'Harrow Jr.
Washington Post Staff Writer
Friday, August 16, 2002; Page A01

SAN DIEGO, Aug. 15 -- Security consultants entered scores of
confidential military and government computers without approval this
summer, exposing vulnerabilities that specialists say open the
networks to electronic attacks and spying.

The consultants, inexperienced but armed with free, widely available
software, identified unprotected PCs and then roamed at will through
sensitive files containing military procedures, personnel records and
financial data.

One computer at Fort Hood in Texas held a copy of an air support
squadron's "smart book" that details radio encryption techniques, the
use of laser targeting systems and other field procedures. Another
maintained hundreds of personnel records containing Social Security
numbers, security clearance levels and credit card numbers. A NASA
computer contained vendor records, including company bank account and
financial routing numbers.

Available on other machines across the country were e-mail messages,
confidential disciplinary letters and, in one case, a memo naming
couriers to carry secret documents and their destinations, according
to records maintained by ForensicTec Solutions Inc., the
four-month-old security company that discovered the lapses.

ForensicTec officials said they first stumbled upon the accessible
military computers about two months ago, when they were checking
network security for a private-sector client. They saw several of the
computers' online identifiers, known as Internet protocol addresses.
Through a simple Internet search, they found the computers were linked
to networks at Fort Hood.

Former employees of a private investigation firm -- and relative
newcomers to the security field -- the ForensicTec consultants said
they continued examining the system because they were curious, as well
as appalled by the ease of access. They made their findings public,
said ForensicTec President Brett O'Keeffe, because they hoped to help
the government identify the problem -- and to "get some positive
exposure" for their company.

[...]

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn'
in the BODY of the mail.
Received on Aug 20 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]