OVERKILL
$100 Site Donor 2021
Originally Posted By: morris
how do the Hackers know they are getting good info?
Guess we'll find out
how do the Hackers know they are getting good info?
Guess we'll find out
Chinese Military Hackers stole data from US firms
- Thread starter OVERKILL
- Start date
- Status
Originally Posted By: Tempest
Originally Posted By: morris
how do the Hackers know they are getting good info?
Seems like a good opportunity to feed them some bogus information...at least at the Pentagon level. Even big firms might do this as well.
The problem, Tempest, is that you'd have to deliberately craft some faulty information (this is easy enough, of course); but then you have to take a nefarious and mysterious party with whom you have no contact and somehow "steer" those people towards that information. Given that hackers are often finding holes in your security system that you didn't know were there ("unknown unknowns", Rumsfeld might call them) that can be difficult to do: Dangling an obvious "in" into your network sets off all kinds of red flags to all but the most inexperienced hacker.
With information flowing through human conduits it is easy enough to manage where your (mis)information goes. When it is accessed clandestinely by people who are sneaky and smart it is quite another challenge. I think it's just a matter of accepting that only continuous vigilance in an ever-evolving cat-and-mouse game is the only way to, at any given moment, keep your data safe.
Let's also not forget that the Syrian president's email (which was hacked by Anonymous some time ago) password ended up being "12345", too. You can only accommodate so much "stupid" in the world of information security.
morris, as far as the hackers knowing this or that about the quality of the information they have: Most hackers who do NOT work for a government are simply trying to breach security either for profit (bad hackers) or to liberate data or compromise the activities of someone they wish to stop (like Anonymous). If a hacker DOES work for a government, I suppose whatever data they'd collect would be passed on to an analyst in precisely the same way that a tapped telephone conversation or intercepted written correspondence would be. It would then be left up to those analysts to determine the quality of the information.
Originally Posted By: morris
how do the Hackers know they are getting good info?
Seems like a good opportunity to feed them some bogus information...at least at the Pentagon level. Even big firms might do this as well.
The problem, Tempest, is that you'd have to deliberately craft some faulty information (this is easy enough, of course); but then you have to take a nefarious and mysterious party with whom you have no contact and somehow "steer" those people towards that information. Given that hackers are often finding holes in your security system that you didn't know were there ("unknown unknowns", Rumsfeld might call them) that can be difficult to do: Dangling an obvious "in" into your network sets off all kinds of red flags to all but the most inexperienced hacker.
With information flowing through human conduits it is easy enough to manage where your (mis)information goes. When it is accessed clandestinely by people who are sneaky and smart it is quite another challenge. I think it's just a matter of accepting that only continuous vigilance in an ever-evolving cat-and-mouse game is the only way to, at any given moment, keep your data safe.
Let's also not forget that the Syrian president's email (which was hacked by Anonymous some time ago) password ended up being "12345", too. You can only accommodate so much "stupid" in the world of information security.
morris, as far as the hackers knowing this or that about the quality of the information they have: Most hackers who do NOT work for a government are simply trying to breach security either for profit (bad hackers) or to liberate data or compromise the activities of someone they wish to stop (like Anonymous). If a hacker DOES work for a government, I suppose whatever data they'd collect would be passed on to an analyst in precisely the same way that a tapped telephone conversation or intercepted written correspondence would be. It would then be left up to those analysts to determine the quality of the information.
I'm sure to those who know, it may seem an obvious answer, but why are all the critical facilities accessible via the net? If they contain such important secrets or are critical to a nations infrastructure, why are we leaving a connection? Yes, I know it's not like I can dial up a nuclear power plant and monkey with the controls, or connect to the IRS and fix my taxes for the next 50 years, but by leaving them tied to the net, they are (as evidenced) leaving themselves open to hacking.
Why is it that military blueprints are available through the internet?
It's pretty hard to isolate any business from the internet. Stuxnet sent industry into a flat spin, and demonstrated how hard/easy it is to be disconnected.
Take a power station for instance, there's a need to have remote access to systems to diagnose issues. Some places allow the specialists in Japan/Germany/Switzerland to access the controls gear to interrogate an issue...those more secure, have screen dumps and email
Take a power station for instance, there's a need to have remote access to systems to diagnose issues. Some places allow the specialists in Japan/Germany/Switzerland to access the controls gear to interrogate an issue...those more secure, have screen dumps and email
- Status
