Re: US nu-cu-lear bases.. access is kids stuff :-)
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: US nu-cu-lear bases.. access is kids stuff :-)

From: Mack <macckone@a_nospamjunk123_ol.com>
Date: Tue Jan 17 2006 - 18:15:32 CET



On Mon, 16 Jan 2006 20:37:05 GMT, Jan Panteltje


<pNaonStpealmtje@yahoo.com> wrote:



>On a sunny day (Mon, 16 Jan 2006 20:06:13 +0000 (UTC)) it happened Andrew


>Swallow <am.swallow@btopenworld.com> wrote in


><dqgubl$8dh$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com>:


>


>>Mxsmanic wrote:


>>


>>> Jan Panteltje writes:


>>> 


>>> 


>>>>http://edition.cnn.com/2006/WORLD/europe/01/16/spain.us/index.html


>>> 


>>> 


>>> I wouldn't put too much faith in this story.  Top-secret IT systems


>>> are not connected to the Internet, as a general rule.


>>> 


>>The press thinks that all defence documents are Top Secret.  Many 


>>purchasing and recruitment systems connect to the internet, permitting 


>>the civil servants to talk to private firms and persons.


>>


>>Andrew Swallow


>I once worked at ....... and (very old IBM system) to order parts,


>if you needed ONE, you had to type something like 0000001.


>Somebody forgot the leading zeros and next day a truck full of those


>parts arrived.... :-)


>


>By manipulating for example fuel supplies, or essential [spare] parts, even


>ammunition, on such a system as you describe, you can hit a potential


>enemy in a bad way, even as a prelude to an attack make that enemy totally


>powerless.


>It may not be top secret in the sense Bush payed Osama, but may have REAL


>implications for the security of a country.


>


>Man this was a submarine base, just change some part number and they will


>only find out in the mission the wrong spare parts are in the boxes...


>Very tricky, hard to detect. Give them fake (exercise) ammo....


>



Seems like a good analysis of what probably happened.  Either by


accident or intent the hackers stumbled in to a secure computer system


dealing with a dry-dock.  Obviously fiddling around with an unfamiliar


system can have bad effects on those that depend on that system.


It seems plausible that such a dry-dock would have a parts ordering


system that would need to be connected to the rest of the world.


Obviously it is much easier to track parts across multiple naval yards


scattered around the world via electronic means, a paper system


would be ridiculous in this day and age.  The ordering system may


have been connected to diagnostic systems which would automatically


order parts when they failed certain tests.  Those diagnostic systems


probably are considered 'top secret'.



For the record there are four major security classifications, 'top


secret', 'secret', 'confidential', and 'unclassified'.  By default any


document that can't be classified in a lessor category is routinely


placed in the 'top secret' category.  The following link provides a


basic overview.



http://www.usda.gov/da/pdsd/Security%20Guide/S1class/Classif.htm



Leslie 'Mack' McBride


remove text between _ marks to respond via e-mail


Received on Thu Jan 19 03:44:31 2006