Posted on 12/18/2016 10:47:31 PM PST by Ernest_at_the_Beach
Only just finding out about it now
Russian hackers working for Tsar Putin took down the US Pentagon in 2015 in a hack which caused a secret revamp of systems.
The unclassified email system used by the Joint Chiefs of Staff was hijacked in the attack, leaving data of nearly 3,500 military personnel and civilians vulnerable to exposure.
It was believed to have been an attempt at crippling the Pentagon's systems, instead of a cyberespionage campaign, but the attack did not exactly come off as planned.
Chairman of the Joint Chiefs Martin Dempsey told CBS News that the NSA director Admiral Mike Rogers alerted him about the attack in an early morning phone call. The attack saw passwords and electronic signatures of Dempsey and hundreds of other senior Army officials obtained by the hackers.
The attackers reportedly seized control of the Pentagon's email system in under an hour. The only way to mitigate it was to allegedly take down the entire network and conduct a full hardware and software systems overhaul, which took around two weeks.
The attack was motivated by Russia's umbrage at economic sanctions imposed by the Obama administration, which was in response to Russian president Vladimir Putin's appropriation of Crimea and interference in Ukraine.
This is not the only time that Putins hackers have been in the news lately. The Office of the Director of National Intelligence (ODNI), which oversees 16 US intelligence agencies, including the NSA and the CIA, is slated to publicly release its report on foreign governments' attempts at influencing US elections "in the coming weeks".
I think that with the election of Mr Trump many of the bureaucratic leftist will simply become agents of unfriendly governments. They are traitors in all but name already. They will take the final step soon.
I hope they can be caught and stopped before they do irreparable damage.
Fudzilla?
Speaking about hacking, howabout the Chinese grabbing the OPM database?
Russia hackers cracked Pentagon communications and seized emails of Barack Obama’s top military advisers
General Martin Dempsey says the attackers moved with ‘alarming speed’
That was not a “ hack”. The OPM hired a contractor who used Chinese workers in China to do remote system administration. They were authorized to access the data!! Just not to keep it.
I know that, I’m just pointing out the wild difference in reaction, especially given that the OPM incident dwarfs all the alleged (LOL) “Russian hacking”.
Russians hacked Pentagon network, Carter says
By Jamie Crawford, National Security Producer
Updated 9:34 PM ET, Thu June 4, 2015
http://www.cnn.com/2015/04/23/politics/russian-hackers-pentagon-network/
Excerpt:
Washington (CNN)Russian hackers accessed an unclassified Pentagon network earlier this year, Defense Secretary Ashton Carter said Thursday, the latest high-profile penetration of U.S. government networks that has been blamed on Russian hackers.
Speaking at Stanford University in Palo Alto, California, Carter said the breach, which was only recently declassified and was never publically reported, was quickly detected by Defense Department sensors. It was unclear when the penetration occurred or if the hackers were working on behalf of the Russian government. Attempts by CNN to glean additional details were not immediately successful.
“(The hackers) discovered an old vulnerability in one of our legacy networks that hadn’t been patched,” Carter said. “While it’s worrisome they achieved some unauthorized access to our unclassified network, we quickly identified the compromise, and had a crack team of incident responders hunting the intruders within 24 hours.”
Carter added: “After learning valuable information about their tactics, we analyzed their network activity, associated it with Russia, and then quickly kicked them off the network in a way that minimized their chances of returning.”
The disclosure comes just a few months after Director of National Intelligence James Clapper told the Senate Armed Services Committee that “the Russian cyberthreat is more severe than we had previously assessed.”
And it’s the latest breach of U.S. government networks attributed to Russian hackers.
Earlier this month, U.S. officials said Russian hackers were behind a series of damaging intrusions that penetrated sensitive parts of the White House computer system. Although they were only able to access unclassified systems, the hackers had access to sensitive information like the President’s daily schedule, officials briefed on the investigation said.
Those hackers were able to get into the White House system based on what they had learned through earlier hacks into State Department networks.
Spies will be spies, but Hillary will not be president.
IMHO, it is far more difficult to verify a well designed hack, than the response time of the liberals in accusing “Russia” of so much intervention.
My initial response isn’t so much against Russia, but rather to ponder the incentive of those who are so quick to accuse.
Spoof website. I suggest we begin using that term, by the way.
Whatta bout poof websites?
I like Spoof Websites.
Poof is different, run by poofters....
Passwords in any decently secure system are encrypted. Now if you have a weak password, once having an encrypted password, it is usually easy to brute force the actual password. Military-level systems should be running a minimum password test to prevent that from happening.
However, I talked to a former employee of a high security government agency. She walked people through passwords they could remember, and I would have given both her and employees a single warning for the methods they used. Trouble is, the attackers would figure it out before management would, if IT management didn’t think of how to test the employees’ password shortcuts. A bit of social engineering will get you the scoop, and any serious cracker or IT security team will already be employing measures and countermeasure.
So I call BS on this article.
Thanks, Jim. The long version makes sense, including the vagueness of certain parts. A successful attack could have at least four phases. Successful attackers will know all this plus probably more.
Hacking by foreign governments is spying. Getting all in a national snit about particular instances of it is futile and unproductive. Governments do these things to each other. The American government is trying every bit as hard to “hack” Russian databanks and email as the Russians are us, perhaps more effectively, considering that we start with a higher grade of technology. Any government of a major nation that does not spy, on the ground or digitally, is failing itself and its people. Railing against Russian spying/hacking is a waste of one’s throat. Building structures against penetration is a far more realistic and effective tactic but, of course an unending process.
That's not really the problem. The passwords are one-way hashed, which I suppose you could say is a type of encryption. However the hash is designed to be extremely tedious and therefore slow even for a fast computer. So if the adversary steals the hashes it would take them a long time to guess the passwords. That's when complex passwords help.
However you are forgetting an important point. If the adversary gets into a system to steal hashed passwords they can steal anything they want. Including a nice selection of more important data. Also if they are inside they can intercept passwords that are cleartext as they go by in the system to before they are hashed and compared to the stored hashes.
So in reality complex passwords do not help. In fact they are a waste of everyone's time.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.