Internet Presents Web of Security Issues
By Paul Stone
American Forces Press Service
WASHINGTON, Sept. 25, 1998 – In a briefing room deep in the Pentagon earlier this year, Air Force Lt. Col. Buzz Walsh and Maj. Brad Ashley presented a series of briefings to top DoD leaders that raised more than just a few eyebrows.
Selected leaders were shown how it was possible to obtain their individual social security numbers, unlisted home phone numbers, and a host of other personal information about themselves and their families simply by cruising the Internet.
Walsh and Ashley, members of the Pentagon's Joint Staff, were not playing a joke on the leaders. Nor were they trying to be clever. Rather they were dramatically, and effectively demonstrating the ease of accessing and gathering personal and military data on the information highway information which, in the wrong hands, could translate into a vulnerability.
"You don't need a Ph.D. to do this," Walsh said about the ability to gather the information. "There's no rocket science in this capability. What's amazing is the ease and speed and the minimal know-how needed. The tools (of the Net) are designed for you to do this."
The concern over personal information on key DoD leaders began with a simple inquiry from one particular flag officer who said he was receiving a large number of unsolicited calls at home. In addition to having the general's unlisted number, the callers knew specifically who he was.
Beginning with that one inquiry, the Joint Staff set out to discover just how easy it is to collect data not only on military personnel, but the military in general. They used personal computers at home, used no privileged information not even a DoD phone book and did not use any on-line services that perform investigative searches for a fee.
In less than five minutes on the Net Ashley, starting with only the general's name, was able to extract his complete address, unlisted phone number, and using a map search engine, build a map and driving directions to his house.
Using the same techniques and Internet search engines, they visited various military and military-related Web sites to see how much and the types of data they could gather. What they discovered was too much about too much, and seemingly too little concern about the free flow of information vs. what the public needs to know.
Deputy Defense Secretary John Hamre issued a memorandum on 24 September 1998, which directs DoD and the individual services to take both immediate and long-term steps to protect the flow of information on the world wide web. During the next 60 days, the Assistant Secretary of Defense (C3I) will develop policy and procedural guidelines that address the operational, public affairs, acquisition, technology, privacy, legal and security issues associated with the use of DoD web sites. In the meantime, effective immediately, Hamre has ordered the following information removed from all publicly accessible DoD web sites:
Plans or lessons learned which would reveal sensitive military operations, exercises or vulnerabilities.
Any information that would reveal movements of military assets or the location of units, installations or personnel where uncertainty regarding location is an element of the security of a military plan or program.
All personal information in the following categories about U.S. citizens, DoD employees and military personnel: 1) Social Security Numbers: 2) Dates of Birth; 3) Home Addresses; and 4) telephone numbers other than numbers of duty offices which are appropriately made available to the general public. Additionally, names, locations and any other identifying information about family members of DoD employees and military personnel must be removed.
DoD Web Policies And Guidelines
Department of Defense
* AFIS Web Story: Internet Presents Web of Security Issues
* Information Assurance Support Environment (IASE) - The DoD IA Portal
* Information Security Program, DoD Directive 5200.1
* Information Vulnerability and the WWW; Deputy Secretary of Defense Hamre (09/24/1998) - "All DoD Components that establish publicly accessible web sites are responsible for ensuring that the information published on those sites does not compromise national security or place DoD personnel at risk."
* Security and Policy Review of DoD Information for Public Release - DoD Instruction 5230.29
* Unauthorized Disclosure of Classified Information to the Public (DoD Directive 5210.50) - policy and responsibilities for reporting and investigating known or suspected incidents of unauthorized public disclosure of classified information and reporting corrective and disciplinary action taken
* Website OPSEC Discrepancies (SecDef MSG R 141553Z JAN 03) - THE FACT THAT FOR OFFICIAL USE ONLY (FOUO) AND OTHER SENSITIVE UNCLASSIFIED INFORMATION (E.G., CONOPS, OPLANS, SOP) CONTINUES TO BE FOUND ON PUBLIC WEB SITES INDICATES THAT TOO OFTEN DATA POSTED ARE INSUFFICIENTLY REVIEWED FOR SENSITIVITY AND/OR INADEQUATELY PROTECTED. ... THIS CONTINUING TREND MUST BE REVERSED.
Internet Service Provider (ISP) The NSA may be
forcing ISPs to provide it with information in the form of
a computer tap (similar to a controversial FBI device
dubbed “Carnivore”) that scans all the communications
that reach that ISP.
Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation's class-action lawsuit against the company, which alleges that AT&T illegally cooperated in an illegal National Security Agency domestic-surveillance program.
In this recently surfaced statement, Klein details his discovery of an alleged surveillance operation in an AT&T office in San Francisco, and offers his interpretation of company documents that he believes support his case.
May 14th is the official deadline for cable modem companies, DSL providers, broadband over powerline, satellite internet companies and some universities to finish wiring up their networks with FBI-friendly surveillance gear, to comply with the FCC's expanded interpretation of the Communications Assistance for Law Enforcement Act.
Congress passed CALEA in 1994 to help FBI eavesdroppers deal with digital telecom technology. The law required phone companies to make their networks easier to wiretap. The results: on mobile phone networks, where CALEA tech has 100% penetration, it's credited with boosting the number of court-approved wiretaps a carrier can handle simultaneously, and greatly shortening the time it takes to get a wiretap going. Cops can now start listening in less than a day.
Now that speed and efficiency is coming to internet surveillance. While CALEA is all about phones, the Justice Department began lobbying the FCC in 2002 to reinterpret the law as applying to the internet as well. The commission obliged, and last June a divided federal appeals court upheld the expansion 2-1. (The dissenting judge called the FCC's position "gobbledygook." But he was outnumbered.)
So, if you're a broadband provider (separately, some VOIP companies are covered too) … Hurry! The deadline has already passed to file an FCC form 445 (.pdf), certifying that you're on schedule, or explaining why you're not. You can also find the 68-page official industry spec for internet surveillance here. It'll cost you $164.00 to download, but then you'll know exactly what format to use when delivering customer packets to federal or local law enforcement, including "e-mail, instant messaging records, web-browsing information and other information sent or received through a user's broadband connection, including on-line banking activity."
Originally posted by abovetech
That's why anyone should save important pages to PDF
Links disappear too often. On a mac ... print, save as PDF.
This way you control the articles. Not the hoster.
There must be a way for firefox on windows to save pages as PDF right?
PDF all the way.
Originally posted by zorgon
One of the things that has been mentioned in several threads recently by myself and others is the fact that when we attempt to provide evidence to back our claims by linking to an official site, the information is moved, removed or the page closed...
One such page was lyle.org...... this site had a collection of Mars Rover images in full color...
Originally posted by jra
One possible reason could be that the sever that's hosting the site/images can't handle the traffic coming from ats.
Originally posted by Cyber_Wasp
Have you had any luck in finding out information using these features?
I am sure that if you know what key words and file formats some of the departments use, you might find access to things that are buried at the end of most normal searches, that the Departments are not even aware are accessible.
Originally posted by jra
One possible reason could be that the sever that's hosting the site/images can't handle the traffic coming from ats. With over 115,000 members and who knows how many lurkers. Posting a link to a site that can't handle a lot of bandwidth will more than likely cause it to shut down.
Source | the Inquirer | The NSA 0wnz popular firewalls and 'secure' email services,
CRYPTOME reports that the US National Security Agency (NSA) has remote administrative access to several of the most popular Windows PC firewalls, and that it has also taken control of a number of supposedly "secure " email services within the past few months.