posted on May, 30 2008 @ 02:51 PM
PREVIOUS POSTER'S QUOTE:
"You cannot access the SIPRNET without being allowed on the network. There is no way for you (or anyone else here) to access the SIPR side without
the specialized equipment and access to either the sat signal, a secured phone, or physical connections."
Hmmm....I can tell you're either quite young...i.e. less than 30 years old
or you don't know enough about the low-level hardware protocols
and/or electrical engineering.
I am assuming your computer systems are TEMPEST certified, because
if they aren't, I can think of 50 ways to get in....
1) Fibre Optic Cable Assemblies: Single Mode and Multimode fibre
can be spliced into with repeater hardware and protocol analyzers
so that I can intercept the base level ATM/SONET packet data.
Packets that are encrypted can be run through various algorithms
to obtain Most-Probable-Key ranges so that. even Triple-AES (768 bit)
encryption is vulnerable to differential analysis and probable
text-form analysis to ontain HASH values and valid key ranges.
Fibre-Optic systems that are "Secured" have Nitrogen or other Inert Gas
injected into the cable housing designed to prevent such splicing and
interceptionby allowing sensors to identify gas-pressurizatioin changes
during a cable splice operaton. HOWEVER I can put a "Clean Box"
around my splice location that is ALSO Nitrogen/Inert Gas infused
and pressurized to the same level so that I can perform
splicing undetected. I can also ground out the surrounding mesh weave
of a fibre optic cable into an electrical bypass so that ANOTHER
splice detection method is foiled.
2) 10/100/1000 megabit Ethernet RJ 45 /Cat 5 & 6 cables I can simply
use inductance to intercept low-level packets or can also INJECT
my own packet streams such as Ping or TraceErt requests
that I can re-intercept to FIND servers or dissassemble Kerberos
and/or other Key Exchange packets.. These I'll use to break in to any server.
3) Cisco/Nortel Routers can be pinpointed and have their routing
management service accounts compromised by simple social engineering
attacks or even using simple electrical interference to reset them back
to their original specs and then I'll upload my own BIOS which will
prevent router shaping & packet transport analysis so that
I can walk in at will intercepting and duplicating packets which will
be send to my off-site packet sniffers.
4) Graphics Cards have Drivers on both Secured Linux & Windows systems
so I can digitally sign the drivers that I create and the next time the BIOS
or graphics drivers are updated, I'll have Ring-0 privileges and then I
can walk across the OS as I please. I can do the same thing by
using Wake-on-Lan or other built-in "Doors" to flash my own signed
BIOS/Drivers into Network Cards, Firewire Cards, USB interfaces, etc
and then get Ring-0 privileges to walk anywhere in the system
to intercept, duplicate or re-direct disk writes, graphics card updates
or packet send/receives as I see fit!
5) I have some other VERY SNEAKY methods which basically
cannot be defended against using standard security protocols
simply because they attack the base underlying hardware that
is common to ALL computer systems no matter where they are
in the world, even IF you use encryption. And if you spooks want
to know about those methods you'll just have to email me
or send me a U2U message.
6) The poster of the above quote is quite mistaken that a smart card
will protect your data, since the social networks that create the
requirements for their use can be infiltrated and of course the base
hardware can be atacked even IF the systems are TEMPEST certified
simply because the original designers of the hardware never envisioned
the lengths some of us will go to get information.