Chinese hackers caught trying to steal secrets of our new stealth fighter as tens of thousands of cyber attacks are launched on jet manufacturer every week (http://www.dailymail.co.uk/news/article-2323067/Chinese-hackers-caught-trying-steal-secrets-new-stealth-fighter-tens-thousands-cyber-attacks-launched-jet-manufacturer-week.html)

No, but this type of thing has been going on for years now. Started with the MiG 15 to the APG-65 from the F-18. That is why we have compartments and security caveats to try and keep things 'water tight'.

Prawn crackers?? :}

Google Solar Sunrise and see what you come up with....

Simple. If you connect your intranet to the internet, someone will find a way in. If your secrets are important to you, don't share them with the world by using the internet. It all seems very obvious to me, but maybe that's just me. :cool:

Google Solar Sunrise and see what you come up with....

Ok.

Result was: Solar Sunrise - Cumbria's leading specialist in solar panel design and installation (http://www.sunrise-solar.co.uk/).

:E

http://www.pprune.org/military-aircrew/514099-report-foreign-hackers-raid-qinetiq-north-america.html

and

Mandiant Intelligence Center Report | Mandiant® (http://intelreport.mandiant.com/)

Shhh, keep it to yourself.

Courtney, it may seem simple but as the MOD does connect intra to inter . . .

As most users know there are system blocks that are permanent or temporary - eBay being but one. Certain words and images are another. But where there is a software block there will inevitably be several software keys.

For a start, who makes the chips?

Ooooohhh buggerlet, does this mean the little slanty eyed buggles are interfering with my "profit making" roof mounted solar panels ? Or, can I rely on the integrity of our fearless operatives of MI whatsit, to make sure that all is well ? Hmmmm thought not :eek:

PN, you usually make a lot of sense, but I only got half of that. I take issue with your opening statement. I could sit at an HQ or Station terminal and access both the intranet and the internet. Therefore there is a connection. Stranger things happened on the pink side and I had no desire to understand the connectivity there.

My point was, if your system is completely isolated from the outside world, no physical paths, it doesn't matter who made the chips, they can't create a link where none exists.

My point was, if your system is completely isolated from the outside world, no physical paths, it doesn't matter who made the chips, they can't create a link where none exists.

If only that were true!

Sadly PC's and laptops tend to have USB ports or Bluetooth and this makes a net connection easy to sort, or of course to import viruses or remove data.

I am typing this on a tablet that has no Internet connection wired to it, but it does have Bluetooth, just as my phone does, and my phone is providing the Internet hotspot.

My point was, if your system is completely isolated from the outside world, no physical paths, it doesn't matter who made the chips, they can't create a link where none exists.

Agree. My point however is that there are connections in practise. You are right, an air gap should ensure that there is no interconnection. Regarding foreign chips, it is quite conceivable that a chip could have the capability of bridging such an air gap which is one reason why some computers are supposed to operate in a bubble.

It is relatively easy to view the lateral dimensions of the bubble - you can see if your colleague brings his IPad/IPhone/PAD etc in proximity to your secure PC. It is less easy to not what is happening the other side of a wall, or above or below your office.

The problem with IT security is people. Where there are rules that are overly restrictive then those rules will be circumvented. The rules concerning my MOD laptop were so restrictive I never bothered to use it. At Henlow the passwords were on cards attached to the laptop bags even when the bags were taken off base.

Ed:

While what BS says is true, of intranet machines they are usually locked down to prevent access to unauthorised USB sticks and I guess Bluetooth, but these tend to be human breaks rather than deliberate attacks. My point was that human circumvention of the rules can open up an otherwise secure system to attack.

Some years ago, and I don't know how, but someone got in to the MOD phone system, linked in to Sqn Ldr Ops phone in Akrotiri and then bounced out to Tehran. Apparently it was just a means of getting a free phone call from UK but it showed what was possible.

Points well made, PN & BS. Would it be correct to say that the hacking being discussed here is through a hard wire or other methods?

The problem with laptops is that it's hard, if not impossible, to buy one today that does not have wifi and bluetooth and a load of background apps that are simply there to get them into action. I see your point.

Bring on the air gap and tin foil hats for computers, eh?

The problem with air gaps is someone inevitably comes along and joins the two together to solve his/her problem.

When I was working for guvmint many moons ago we used to talk about using two different network technologies that cannot be joined together by "chance". But the people at the top never understood it plus they couldn't justify spending more in a climate of spending less on administrative costs. That said, the real big leaks in that place came from a manager with the assistance of a HR person, who would lend his secretary to other senior managers to data mine their computers when their secretary called in sick. Fortunately it all came unstuck for him in a most tabloid kind of way.

More PPRuNE discussion here
http://www.pprune.org/military-aircrew/514099-report-foreign-hackers-raid-qinetiq-north-america.html

I used to work with a number of people who had Air Gaps between their ears :E

Contacting people using their MoD e-mail addresses can often be very frustrating if your e-mail includes an image such as a table or screenshot. No warning of delay / blocking is given, so the assumption is often that the addressee is being b****y rude and not responding. At least other organisations advise you that an e-mail is being delayed for screening, if their suspicious anti-spam software hasn't fathomed out that the e-mail is safe..:\

Which then leads to the same e-mail being resent to a private address, with all the associated risk.

I recall one meeting which included government people. Everyone was able to upload the relevant working documents except the MoD reps. So we printed off half a rain forest for them instead.....

Ahhh ... Tumbleweed on the FireWall perhaps ... able to detect "flesh tones" for those dodgy attachments BEagle :ok:

Bring on the air gap and tin foil hats for computers, eh?

Unfortunately tin foil is not what they need. The SOMA VDUs were gold film and on charge at £4,000 a pop at 1987 prices. They were also security key locked, the same key as nuclear weapons and gaming machines.

What price security?

"the same key as nuclear weapons and gaming machines."

Already have visions of that stupid git on TV shouting "Game on" and then a bucket of instant sunshine appearing. Lets hope the two don't get mixed up.

clicker, as far as I know, first use was in 1965 with the introduction of the WE177 series. I suspect some idiot having produced an OR for an unbreakable key then for got to patent it.

I saw the key advertised in Motor Sport as an ignition-key after market option around 1966 and on gaming machines not long after.

All our keys were in unique pairs and serial numbered. We discovered that two keys, with different serial numbers, both operated the same lock. So much for the chances of two identical sets in 1:10.000,000. Then again we may have got a match between one of the first 10 Mill and the next batch :)

Going back to the original question, then yes I think we should be very anxious about hacking, and not just Internet hacking.

Since the '60s the Western world has become more and more reliant on many forms of communication, and disrupting these would cause chaos to everyday life. Many of you will know which disruptions would lead to deaths and hardship very quickly, so I don't think its wise for me to elaborate further on a public forum.

Hacking eh? I agree with Barnstormer... And so do the US Government.. BBC News - Huawei and ZTE pose security threat, warns US panel (http://www.bbc.co.uk/news/business-19867399)

They've vetoed Huawei takover of an number of us infrastructure/technology providers.
Closer to home a number of the UK operators have a vendor split whereby they use Huawei plus an-other depending where you are making your voice or data connection, you may well be on infrastructure that has concerns.

You don't necessarily need to be connected to the Internet to be compromised.
We had a bit of a scare in the late 60's when it was discovered that those dastardly Russkies were parking up plain vans outside Foreign Embassies. The vans contained very sensitive electronic listening devices which were able to pick up electromagnetic fields & radio frequency emissions from electric typewriters.
At the time, I was responsible for maintaining two Scientific computers, one at the Home Office & one at HM Treasury, so the rush was on to cover the electronic components with a mylar barrier (like a Faraday cage), which did nothing to help the cooling!!!
Damn! Is that a black van coming up the driveway?

Remember the intranet separation of internet is not necessarily absolute. There may be a wall between systems used by users by the bearers may well be common within the national and international infrastructures. The weakness may well be outside the military and within companies such as BT.

All our keys were in unique pairs and serial numbered

Sorry. If they were unique, there couldn't be a pair. Really sorry. I don't know why I did that.

CM, oh dear. You are right that a one-off key is unique. Equally one key of a pair is not unique but a set, comprising one or more items may be unique.

In this case it was SEF Keys.

Equally, as we had two pairs those two pairs were not unique.

My A- and see you.

The only secure network is one that has no connection to the outside world and hopefully severe searching and checking to make sure no muppet brings in a USB stick or worse. If the prison serveice can do it surley the MOD etc can do it.

PN,

It just happened. I couldn't help it. I knew I was on thin ice when I wrote it, but, worse, I had to edit to correct two, even worse grammatical errors.

Dyson,

That was the solution I was suggesting earlier. It seems everyone that wants a global connection sees (or is talked into believing) the standard industry solution as the secure system the salesmen tell them it is.

I say bring back invisible ink, digestible paper and carrier pigeons :}

The only secure network is one that has no connection to the outside world
And isn't compromised from the inside by design.

Dont ever think that this is one way traffic. Industrial espionage, ethical and unethical hacking is possibly something the west is equally as good at. Say no more :mad:

...and hopefully severe searching and checking to make sure no muppet brings in a USB stick or worse.

Once worked for a big Swedish multinational who also built ship borne missile systems. They gave us laptops with tracking and encrypted hard drives that were set to wipe clean on 3 wrong passwords. Policy was no USB sticks. Everyone used them including the manager who was espousing the no USB policy. Strangely, laptops regularly went missing too. Once when burning the midnight oil at 2 a.m. and all alone on one of the rarefied levels of a 42 story "smart" building, I heard someone trying to bash down the door, fortunately I was on the phone to a co-worker and kept the line open. The perpetrator got through the street level door (RFID card), manned security in the foyer, lift operation (same RFID card but has to be programmed for that floor) but didn't succeed getting through the last line of defense which was just a swipe card controlled door, so he/she tried to force it but didn't succeed. Had to be an inside job.

The whole issue of computer security is an area where the most obscene risks are taken in some areas whilst apparently strict security is applied in others. Systems are exceptionally complex and have many many holes.

As someone pointed out you need many layers of security - not merely at the perimeter and you have to design your system with the assumption that people will and even have already found ways in.

I think that the worst mistake of most computer systems is to centralise information such that there is someone, somewhere in the organisation (e.g. in the server room) who effectively has access to all of it. I'm not greatly experienced in how to achieve this so it's just my gut feeling: no person should be able to know it all.

The only other plan I can think of is to spend a great deal of effort in generating false information so that anybody who steals it has to doubt any individual piece.

I think that the worst mistake of most computer systems is to centralise information such that there is someone, somewhere in the organisation (e.g. in the server room) who effectively has access to all of it.

Quite. I had a tour around a very modern commercial computer facility in India. All the workers had zoned access passes so that one group, working for say GAP, could not access material form another such as Levi. We could pass through as our Admin escort had an all zones pass though he had no computer expertise (therefore safe).

We then went to the server room and I asked about backups as we were just introducing a new backup regime and I had instituted different levels - daily in different room, weekly in different building etc.

The IT man proudly showed me their backup tapes on a curtained shelf under the servers.

When we left their Admin wallah said "That was wrong, wasn't it?"

Computers would be fine without people.

Israel suspects China in failed cyberattack vs. defense industry (http://www.defensenews.com/article/20131028/DEFREG04/310280006/Israel-Suspects-China-Failed-Cyberattack-Vs-Defense-Industry)
The attempted attack took place several weeks ago in the form of an email sent to scores of industry executives and program officials from an unnamed German company “known to Israeli industry,” said Nir Dvori, senior defense reporter at Israel's Channel 2 News.

In his Oct. 27 report, Dvori said, “defensive measures” managed to detect and “close down” the threat before recipients had an opportunity to open the mail and release a Trojan horse embedded within the seemingly innocent correspondence.

“Defensive measures discovered the attack and thwarted it. The assessment here is that the attack came from the Chinese defense industry,” Channel 2 reported.


The Chengdu J-10 team must have mislaid their Lavi blueprints. :E

I/C

I say bring back invisible ink, digestible paper and carrier pigeons

One of the simplest forms of invisible ink on a PC is after your message write another message then change the text colour to that of the page, viola invisible ink and the message can be read by changing it back at the other end :)

Other simple one is hiding text in images

How to hide text inside an image - Trick (http://imacify.com/2011/03/how-to-hide-text-inside-an-image-trick/)

QuickCrypto - Steganography Software - Conceal Information in Folders, Images, Sounds (http://www.quickcrypto.com/steganography-software.html)


By the way, speaking of Keys, the Austin A40 ones could open the door of the Vulcans :)

I read a Lt Colonel has been put in charge of MoD's new "cyber warfare" department. Anyone who has seen the way Lt Colonels are routinely dismissed in MoD HQ as unnecessary annoyances will sympathize with the guy.

By the way, speaking of Keys, the Austin A40 ones could open the door of the Vulcans

As a kid I was part of a group that visited RAF Wyton, included was a look round a Canberra. On arriving at the jet out on the line the chappie in charge realised he'd forgotten the key; luckily a 2p coin was just as effective at gaining entry.