2aHawaii
General Topics => General Discussion => Topic started by: Inspector on December 17, 2020, 12:36:21 PM
-
Pentagon Forces Emergency Shutdown of Computer Network Handling Classified Material
https://thegreggjarrett.com/pentagon-forces-emergency-shutdown-of-computer-network-handling-classified-material/
-
Pentagon Forces Emergency Shutdown of Computer Network Handling Classified Material
https://thegreggjarrett.com/pentagon-forces-emergency-shutdown-of-computer-network-handling-classified-material/
I've yet to participate in a gov't exercise in which the SIPRNET was NOT compromised by the Red Team.
One popular method was sending out floppies or thumb drives to users asking them to take a look at something. The request was socially engineered by the hacker using the users' supervisor's name. "Hey, this is so-and-so with your Cybersecurity office. We spoke to <your boss> and they said you were the right person to review this file/document/app." Once the file is opened inside the network, a trojan virus finds vulnerabilities like weak passwords. The results are posted to an unsecured web server. Once they have that posted, They can often attach a WiFi router/access point to the network - usually in a conference room where no one is present. From that connection they can access the web server and break into an account in that data.
Before the proliferation of WiFi, the hackers would just splice the classified and unclass systems together with network cables running to the router. Then they could hack into the unclass PC and use it to access the SIPRNET PC.
As these vulnerabilities are discovered, they are added to a list of holes to plug. Using MAC addresses registered on switch ports in a facility can prevent some of this, but a persistent hacker can always find ways around security, like spoofing the IP address of a valid PC and using a DOS attack or virus to take that PC offline so they can spoof the MAC address.
In essence, we assumed in every exercise that the classified network was going to be penetrated. Detection and mitigation was the key, because prevention was a myth.
-
I've yet to participate in a gov't exercise in which the SIPRNET was NOT compromised by the Red Team.
One popular method was sending out floppies or thumb drives to users asking them to take a look at something. The request was socially engineered by the hacker using the users' supervisor's name. "Hey, this is so-and-so with your Cybersecurity office. We spoke to <your boss> and they said you were the right person to review this file/document/app." Once the file is opened inside the network, a trojan virus finds vulnerabilities like weak passwords. The results are posted to an unsecured web server. Once they have that posted, They can often attach a WiFi router/access point to the network - usually in a conference room where no one is present. From that connection they can access the web server and break into an account in that data.
Before the proliferation of WiFi, the hackers would just splice the classified and unclass systems together with network cables running to the router. Then they could hack into the unclass PC and use it to access the SIPRNET PC.
As these vulnerabilities are discovered, they are added to a list of holes to plug. Using MAC addresses registered on switch ports in a facility can prevent some of this, but a persistent hacker can always find ways around security, like spoofing the IP address of a valid PC and using a DOS attack or virus to take that PC offline so they can spoof the MAC address.
In essence, we assumed in every exercise that the classified network was going to be penetrated. Detection and mitigation was the key, because prevention was a myth.
Makes me feel real good that we have such a secure secret network with so many holes! :rofl:
-
Makes me feel real good that we have such a secure secret network with so many holes! :rofl:
I'm pretty sure the Chinese have all of my info that was supposed to be secure. Yeah, we got "free" ID theft protection and credit monitoring for something like 2 years. Then of course, the company that we had "free" protection from had our emails and asked if we wanted to extend coverage. :grrr:
-
Makes me feel real good that we have such a secure secret network with so many holes! :rofl:
Admitting you have a problem is the first step ... :geekdanc: :thumbsup:
-
Admitting you have a problem is the first step ... :geekdanc: :thumbsup:
My name is Inspector, and I have a problem. My problem acts like an 11 year old girl. :rofl:
-
i can't wait until our resident IT person goes to the bathroom so he can lend his belives to this thread...
I've yet to participate in a gov't exercise in which the SIPRNET was NOT compromised by the Red Team.
One popular method was sending out floppies or thumb drives to users asking them to take a look at something. The request was socially engineered by the hacker using the users' supervisor's name. "Hey, this is so-and-so with your Cybersecurity office. We spoke to <your boss> and they said you were the right person to review this file/document/app." Once the file is opened inside the network, a trojan virus finds vulnerabilities like weak passwords. The results are posted to an unsecured web server. Once they have that posted, They can often attach a WiFi router/access point to the network - usually in a conference room where no one is present. From that connection they can access the web server and break into an account in that data.
Before the proliferation of WiFi, the hackers would just splice the classified and unclass systems together with network cables running to the router. Then they could hack into the unclass PC and use it to access the SIPRNET PC.
As these vulnerabilities are discovered, they are added to a list of holes to plug. Using MAC addresses registered on switch ports in a facility can prevent some of this, but a persistent hacker can always find ways around security, like spoofing the IP address of a valid PC and using a DOS attack or virus to take that PC offline so they can spoof the MAC address.
In essence, we assumed in every exercise that the classified network was going to be penetrated. Detection and mitigation was the key, because prevention was a myth.