NZ spies uncover cyber attacks

Discussion in 'NZ Computing' started by peterwn, Sep 10, 2007.

  1. peterwn

    peterwn Guest

    See:
    http://www.stuff.co.nz/4197227a10.html

    New Zealand's Security Intelligence (NZ's CIA equivalent) has
    uncovered cyber attacks on Government computers by foreign powers.

    If there is any reason to ditch un-auditable closed soft software and
    adopt instead transparent open source software (with Government
    written special 'proprietary' tweaksif need be especially for maximum
    security applications), this is it.

    This pushes almost into insignificance 'total cost of ownership' and
    other arguments favouring continuance with a certain prominent
    proprietary software product line.
    peterwn, Sep 10, 2007
    #1
    1. Advertising

  2. ____/ peterwn on Monday 10 September 2007 20:43 : \____

    > See:
    > http://www.stuff.co.nz/4197227a10.html
    >
    > New Zealand's Security Intelligence (NZ's CIA equivalent) has
    > uncovered cyber attacks on Government computers by foreign powers.
    >
    > If there is any reason to ditch un-auditable closed soft software and
    > adopt instead transparent open source software (with Government
    > written special 'proprietary' tweaksif need be especially for maximum
    > security applications), this is it.
    >
    > This pushes almost into insignificance 'total cost of ownership' and
    > other arguments favouring continuance with a certain prominent
    > proprietary software product line.


    In the past 2-3 week alone, some of the the world's strongest nations have all
    fallen victim to their own mistake, which was to deploy Windows across their
    network (they are as vulnerable as their weakest link).

    References:

    Chinese cyber-attacks allegedly launched against British government departments

    ,----[ Quote ]
    | The British NISCC warned of trojan attacks from Asia back in June 2005.
    `----

    http://www.heise.de/english/newsticker/news/95514/from/rss09

    Indian Bank Restores Site After Malware Attack

    ,----[ Quote ]
    | The bank has closed the site on Friday after it found that the site had been
    | hacked,
    `----

    http://news.yahoo.com/s/pcworld/20070904/tc_pcworld/136716

    Chinese military hacked into Pentagon

    ,----[ Quote ]
    | The Chinese military hacked into a Pentagon computer network in June in the
    | most successful cyber attack on the US defence department, say American ­
    | officials.  
    `----

    http://www.ft.com/cms/s/0/9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac.html

    Politicians want to be informed on Chinese Trojan attacks

    ,----[ Quote ]
    | Ruprecht Polenz (CDU), chairman of the Committee on Foreign Affairs,
    | said: "If there is clear evidence that the Chinese state is responsible for
    | these attacks, we cannot let the matter rest." According to a Spiegel report,
    | the Federal Office for the Protection of the Constitution assumes that
    | experts of the Chinese army have conducted the online espionage attacks
    | against the Federal Chancellery, the ministry of economics, the ministry of
    | research and also the ministry of foreign affairs.
    `----

    http://www.heise.de/english/newsticker/news/94983/from/rss09

    It was later confirmed that Germany had indeed been exposed. Same in the US.
    Mind you, these are stories from the past couple of weeks _alone_. I could
    list many more if I went further back.

    National assets and sensitive data is probably just being exchanged joyfully
    between the crackers. One intrusion is enough. Zombie PCs are even better.

    Some of the nations have learned and they adopted a policy that includes Linux,
    standards, and source code.

    --
    ~~ Best of wishes

    Roy S. Schestowitz | Linux: mint and self-contained 'out of the box'
    http://Schestowitz.com | RHAT GNU/Linux | PGP-Key: 0x74572E8E
    run-level 2 2007-09-10 01:53 last=
    http://iuron.com - help build a non-profit search engine
    Roy Schestowitz, Sep 11, 2007
    #2
    1. Advertising

  3. On Sep 11, 7:43 am, peterwn <> wrote:
    > See:http://www.stuff.co.nz/4197227a10.html
    >
    > New Zealand's Security Intelligence (NZ's CIA equivalent) has
    > uncovered cyber attacks on Government computers by foreign powers.
    >
    > If there is any reason to ditch un-auditable closed soft software and
    > adopt instead transparent open source software (with Government


    How so? How exactly does ditching closed source software, and moving
    to open source make us 'more secure' ?

    Wave your magic wand and all those eyeballs looking at auditable open
    source code will find all the security vulns? Because that works
    really well - like all those MIT Kerberos vulns that we see time and
    time again, that have been there for 10+ years... Heck even last week
    we see another 2 new remote root vulns

    > written special 'proprietary' tweaksif need be especially for maximum
    > security applications), this is it.


    I suspect the certain prominent proprietary software vendor that you
    refer to is Microsoft. FWIW the New Zealand Government already has
    access to Microsoft source code for Windows, and Office as well
    cryptographic code

    > This pushes almost into insignificance 'total cost of ownership' and
    > other arguments favouring continuance with a certain prominent
    > proprietary software product line.


    I would wager that a high (depending on your POV) number of these
    attacks have been performed and successful against open source software
    Nathan Mercer, Sep 11, 2007
    #3
  4. Nathan Mercer wrote:
    > On Sep 11, 7:43 am, peterwn <> wrote:
    >> See:http://www.stuff.co.nz/4197227a10.html
    >>
    >> New Zealand's Security Intelligence (NZ's CIA equivalent) has
    >> uncovered cyber attacks on Government computers by foreign powers.
    >>
    >> If there is any reason to ditch un-auditable closed soft software and
    >> adopt instead transparent open source software (with Government

    >
    > How so? How exactly does ditching closed source software, and moving
    > to open source make us 'more secure' ?


    Because with closed source software you don't need to wait for hackers to pwn
    the box, they are already there, agents of a foreign power, with access to all
    your data, just waiting for that National Security Letter.
    Mark Robinson, Sep 11, 2007
    #4
  5. Nathan Mercer wrote:
    > On Sep 11, 7:43 am, peterwn <> wrote:
    >> See:http://www.stuff.co.nz/4197227a10.html
    >>
    >> New Zealand's Security Intelligence (NZ's CIA equivalent) has
    >> uncovered cyber attacks on Government computers by foreign powers.
    >>
    >> If there is any reason to ditch un-auditable closed soft software and
    >> adopt instead transparent open source software (with Government

    >
    > How so? How exactly does ditching closed source software, and moving
    > to open source make us 'more secure' ?
    >
    > Wave your magic wand and all those eyeballs looking at auditable open
    > source code will find all the security vulns? Because that works
    > really well - like all those MIT Kerberos vulns that we see time and
    > time again, that have been there for 10+ years... Heck even last week
    > we see another 2 new remote root vulns


    Hang on, doesn't windows use that BSD licensed code too ?
    Mark Robinson, Sep 11, 2007
    #5
  6. peterwn

    impossible Guest

    "peterwn" <> wrote in message
    news:...
    > See:
    > http://www.stuff.co.nz/4197227a10.html
    >
    > New Zealand's Security Intelligence (NZ's CIA equivalent) has
    > uncovered cyber attacks on Government computers by foreign powers.
    >
    > If there is any reason to ditch un-auditable closed soft software and
    > adopt instead transparent open source software (with Government
    > written special 'proprietary' tweaksif need be especially for maximum
    > security applications), this is it.
    >
    > This pushes almost into insignificance 'total cost of ownership' and
    > other arguments favouring continuance with a certain prominent
    > proprietary software product line.
    >


    The article says nothing about what software was compromised. Do you have
    inside knowledge? Or are you just sowing the seeds of FUD again?
    impossible, Sep 11, 2007
    #6
  7. peterwn

    peterwn Guest

    impossible wrote:
    > "peterwn" <> wrote in message
    > news:...
    >> See:
    >> http://www.stuff.co.nz/4197227a10.html
    >>
    >> New Zealand's Security Intelligence (NZ's CIA equivalent) has
    >> uncovered cyber attacks on Government computers by foreign powers.
    >>
    >> If there is any reason to ditch un-auditable closed soft software and
    >> adopt instead transparent open source software (with Government
    >> written special 'proprietary' tweaksif need be especially for maximum
    >> security applications), this is it.
    >>
    >> This pushes almost into insignificance 'total cost of ownership' and
    >> other arguments favouring continuance with a certain prominent
    >> proprietary software product line.
    >>

    >
    > The article says nothing about what software was compromised.


    Agreed

    > Do you have
    > inside knowledge?


    No. In particular I would not have any idea what software SIS, GCSB and
    MFAT (NZ's key security and foreign affairs agencies), but IMO if they
    had any sense they would use hardened Linux based systems for sensitive
    applications. Of course there would be a 'neither confirm nor deny'
    policy on this and quite rightly so.

    Or are you just sowing the seeds of FUD again?
    >


    In the second two paragraphs, I have merely made a general observation
    about software choice. It is a case here of 'if the hat fits then wear it'.

    If you think I am sowing the seeds of FUD then so be it.

    In any case as a patriotic Kiwi who values national sovereignty, I
    consider it quite wrong for 'national interest' IT to be in the thralls
    of a company based in a foreign power with which New Zealanders have
    rather ambivalent feelings.
    peterwn, Sep 11, 2007
    #7
  8. peterwn

    Steve Guest

    On Tue, 11 Sep 2007 17:06:27 +1200, peterwn wrote:

    > impossible wrote:
    >> "peterwn" <> wrote in message
    >> news:...
    >>> See:
    >>> http://www.stuff.co.nz/4197227a10.html
    >>>
    >>> New Zealand's Security Intelligence (NZ's CIA equivalent) has
    >>> uncovered cyber attacks on Government computers by foreign powers.
    >>>
    >>> If there is any reason to ditch un-auditable closed soft software and
    >>> adopt instead transparent open source software (with Government
    >>> written special 'proprietary' tweaksif need be especially for maximum
    >>> security applications), this is it.
    >>>
    >>> This pushes almost into insignificance 'total cost of ownership' and
    >>> other arguments favouring continuance with a certain prominent
    >>> proprietary software product line.
    >>>

    >>
    >> The article says nothing about what software was compromised.

    >
    > Agreed
    >
    >> Do you have
    >> inside knowledge?

    >
    > No. In particular I would not have any idea what software SIS, GCSB and
    > MFAT (NZ's key security and foreign affairs agencies), but IMO if they
    > had any sense they would use hardened Linux based systems for sensitive
    > applications. Of course there would be a 'neither confirm nor deny'
    > policy on this and quite rightly so.
    >

    I wouldn't. I'd be using Unix, probably Solaris on non-x86 kit. Or, more
    likely, something like vms.

    Why? Because there's less knowledge about those operating systems, NZ
    isn't a superpower where the information gleaned is going to be worth huge
    amounts, so very few people are going to try.

    Just my $0.02.
    Steve, Sep 11, 2007
    #8
  9. In message <>, Nathan
    Mercer wrote:

    > FWIW the New Zealand Government already has
    > access to Microsoft source code for Windows, and Office as well
    > cryptographic code


    Of course, that should make us all stop worrying and rest easy in our beds,
    shouldn't it? We can rely on the NZ Government to know exactly what to do
    with that source code...
    Lawrence D'Oliveiro, Sep 11, 2007
    #9
  10. peterwn

    Shane Guest

    Lawrence D'Oliveiro wrote:

    > In message <>, Nathan
    > Mercer wrote:
    >
    >> FWIW the New Zealand Government already has
    >> access to Microsoft source code for Windows, and Office as well
    >> cryptographic code

    >
    > Of course, that should make us all stop worrying and rest easy in our
    > beds, shouldn't it? We can rely on the NZ Government to know exactly what
    > to do with that source code...


    Why would the New Zealand Government need access to source code for Windows?
    So they can see if its trojaned?
    So they can see if its secure?

    What ever happened to 'trust'

    --
    A physicist, a mathematician and a computer scientist discuss what is
    better: a wife or a girlfriend.
    The physicist: "A girlfriend. You still have freedom to experiment."
    The mathematician: "A wife. You have security."
    The computer scientist: "Both. When I'm not with my wife, she thinks I'm
    with my girlfriend. With my girlfriend it's vice versa. And I can be with
    my computer without anyone disturbing me..."
    Shane, Sep 11, 2007
    #10
  11. peterwn

    impossible Guest

    "peterwn" <> wrote in message
    news:46e6222f$...
    >
    > If you think I am sowing the seeds of FUD then so be it.
    >
    > In any case as a patriotic Kiwi who values national sovereignty, I
    > consider it quite wrong for 'national interest' IT to be in the thralls of
    > a company based in a foreign power with which New Zealanders have rather
    > ambivalent feelings.


    LOL. Which foreign power would you prefer to source your IT from?
    impossible, Sep 11, 2007
    #11
  12. peterwn

    peterwn Guest

    impossible wrote:

    >
    > LOL. Which foreign power would you prefer to source your IT from?
    >
    >


    Internationally, since with what I have in mind the developers are all
    round the globe. GCSB then selects the kernel components actually
    required and compiles them accordingly. Same for applications software
    noting that in this case there is a 'bright line' demarcation between
    kernel and applications. The system is readily 'hardened' to render
    attacks well nigh impossible. This reduces the source code to be
    checked to a reasonable proportion. As the 'consist' of the resulting
    system would be unlike general distributions, hackers would have a
    helluva job on their hands.
    peterwn, Sep 11, 2007
    #12
  13. peterwn

    peterwn Guest

    Steve wrote:

    >
    > Why? Because there's less knowledge about those operating systems, NZ
    > isn't a superpower where the information gleaned is going to be worth huge
    > amounts, so very few people are going to try.
    >


    Well, they are already trying. Why was it that Dr Sutch was passing
    mysterious packages to Russian Embassy people in the 1970's?
    peterwn, Sep 11, 2007
    #13
  14. peterwn

    impossible Guest

    "peterwn" <> wrote in message
    news:46e66f43$...
    > impossible wrote:


    >> > "peterwn" <> wrote in message

    >> news:46e6222f$...
    >>>
    >>> If you think I am sowing the seeds of FUD then so be it.
    >>>
    >>> In any case as a patriotic Kiwi who values national sovereignty, I
    >>> consider it quite wrong for 'national interest' IT to be in the thralls
    >>> of a company based in a foreign power with which New Zealanders have
    >>> rather ambivalent feelings.


    >> LOL. Which foreign power would you prefer to source your IT from?

    > Internationally, since with what I have in mind the developers are all
    > round the globe. GCSB then selects the kernel components actually required
    > and compiles them accordingly. Same for applications software...


    Internationally? You mean excepting the United States, France, the UK,
    Australia and other countries that "New Zealanders have rather ambivalent
    feelings about". Are we basically down then to considering contributions
    from the Swedes, Danes, Swiss, and possibly the Argentines (depending on how
    the World Cup goes, of course)?

    >
    > noting that in this case there is a 'bright line' demarcation between
    > kernel and applications. The system is readily 'hardened' to render
    > attacks well nigh impossible. This reduces the source code to be checked
    > to a reasonable proportion. As the 'consist' of the resulting system
    > would be unlike general distributions, hackers would have a helluva job on
    > their hands.


    If the standard of security you're after is to simply make hacking "well
    nigh impossible", then the status quo is perfectly adequate. Making the
    impossible possible is what hackers thrive on, and they've been beating some
    of the best in the business at this game for ages. Just because the latest
    incident makes headlines is no reason to start handing extraordinary powers
    to the state's least accountable police agency.
    impossible, Sep 11, 2007
    #14
  15. peterwn

    impossible Guest

    "peterwn" <> wrote in message
    news:46e66fbb$...
    > Steve wrote:
    >
    >>
    >> Why? Because there's less knowledge about those operating systems, NZ
    >> isn't a superpower where the information gleaned is going to be worth
    >> huge
    >> amounts, so very few people are going to try.
    >>

    >
    > Well, they are already trying. Why was it that Dr Sutch was passing
    > mysterious packages to Russian Embassy people in the 1970's?


    You can climb out of your bomb shelter now and take those silly blinders
    off. The Cold war has been over for twenty years.
    impossible, Sep 11, 2007
    #15
  16. peterwn

    peterwn Guest

    impossible wrote:
    >
    > If the standard of security you're after is to simply make hacking "well
    > nigh impossible", then the status quo is perfectly adequate. Making the
    > impossible possible is what hackers thrive on, and they've been beating some
    > of the best in the business at this game for ages. Just because the latest
    > incident makes headlines is no reason to start handing extraordinary powers
    > to the state's least accountable police agency.
    >
    >


    I would rather have that than have extraordinary powers over NZ
    sovereignty exercised by Bill and Steve such as the Micro$oft tax on new
    computers.
    peterwn, Sep 11, 2007
    #16
  17. peterwn

    impossible Guest

    "peterwn" <> wrote in message
    news:46e6e875$...
    "impossible" <>> wrote in message
    news:HVAFi.79958$Xa3.12385@attbi_s22...
    >> "peterwn" <>> wrote in message
    >> news:46e66f43$...
    >>> impossible wrote:

    >>
    >>>> >> "peterwn" <>> wrote in message
    >>>> news:46e6222f$...
    >>>>
    >>>>> If you think I am sowing the seeds of FUD then so be it.
    >>>>
    >>>>> In any case as a patriotic Kiwi who values national sovereignty, I
    >>>>> consider it quite wrong for 'national interest' IT to be in the
    >>>>> thralls of a company based in a foreign power with which New
    >>>>> Zealanders have rather ambivalent feelings.

    >>
    >>>> LOL. Which foreign power would you prefer to source your IT from?


    >>> Internationally, since with what I have in mind the developers are all
    >>> round the globe. GCSB then selects the kernel components actually
    >>> required and compiles them accordingly. Same for applications
    >>> software...

    >>
    >> Internationally? You mean excepting the United States, France, the UK,
    >> Australia and other countries that "New Zealanders have rather ambivalent
    >> feelings about". Are we basically down then to considering contributions
    >> from the Swedes, Danes, Swiss, and possibly the Argentines (depending on
    >> how the World Cup goes, of course)?
    >>
    >>> noting that in this case there is a 'bright line' demarcation between
    >>> kernel and applications. The system is readily 'hardened' to render
    >>> attacks well nigh impossible. This reduces the source code to be
    >>> checked to a reasonable proportion. As the 'consist' of the resulting
    >>> system would be unlike general distributions, hackers would have a
    >>> helluva job on their hands.

    >>
    >> If the standard of security you're after is to simply make hacking "well
    >> nigh impossible", then the status quo is perfectly adequate. Making the
    >> impossible possible is what hackers thrive on, and they've been beating
    >> some of the best in the business at this game for ages. Just because the
    >> latest incident makes headlines is no reason to start handing
    >> extraordinary powers to the state's least accountable police agency.

    > I would rather have that than have extraordinary powers over NZ
    > sovereignty exercised by Bill and Steve such as the Micro$oft tax on new
    > computers.


    <shakes head>
    impossible, Sep 11, 2007
    #17
  18. peterwn

    sam Guest

    Shane wrote:
    > Lawrence D'Oliveiro wrote:
    >
    >> In message <>, Nathan
    >> Mercer wrote:
    >>
    >>> FWIW the New Zealand Government already has
    >>> access to Microsoft source code for Windows, and Office as well
    >>> cryptographic code

    >> Of course, that should make us all stop worrying and rest easy in our
    >> beds, shouldn't it? We can rely on the NZ Government to know exactly what
    >> to do with that source code...

    >
    > Why would the New Zealand Government need access to source code for Windows?
    > So they can see if its trojaned?
    > So they can see if its secure?
    >
    > What ever happened to 'trust'
    >


    Ronald Reagan upgraded it to "trust but verify".
    sam, Sep 11, 2007
    #18
  19. peterwn

    sam Guest

    Nathan Mercer wrote:
    > On Sep 11, 7:43 am, peterwn <> wrote:
    >> See:http://www.stuff.co.nz/4197227a10.html
    >>
    >> New Zealand's Security Intelligence (NZ's CIA equivalent) has
    >> uncovered cyber attacks on Government computers by foreign powers.
    >>
    >> If there is any reason to ditch un-auditable closed soft software and
    >> adopt instead transparent open source software (with Government

    >
    > How so? How exactly does ditching closed source software, and moving
    > to open source make us 'more secure' ?
    >
    > Wave your magic wand and all those eyeballs looking at auditable open
    > source code will find all the security vulns? Because that works
    > really well - like all those MIT Kerberos vulns that we see time and
    > time again, that have been there for 10+ years... Heck even last week
    > we see another 2 new remote root vulns
    >
    >> written special 'proprietary' tweaksif need be especially for maximum
    >> security applications), this is it.

    >
    > I suspect the certain prominent proprietary software vendor that you
    > refer to is Microsoft. FWIW the New Zealand Government already has
    > access to Microsoft source code for Windows, and Office as well
    > cryptographic code
    >

    Then so does any other government, friendly or otherwise.
    You don't know what level of access they have been granted and we have
    been denied.
    Which effectively makes Windows "open source".
    Doesn't really give it an advantage.
    sam, Sep 11, 2007
    #19
  20. peterwn

    ~misfit~ Guest

    impossible wrote:
    > "peterwn" <> wrote in message
    > news:46e66fbb$...
    > > Steve wrote:
    > >
    > > >
    > > > Why? Because there's less knowledge about those operating
    > > > systems, NZ isn't a superpower where the information gleaned is
    > > > going to be worth huge
    > > > amounts, so very few people are going to try.
    > > >

    > >
    > > Well, they are already trying. Why was it that Dr Sutch was passing
    > > mysterious packages to Russian Embassy people in the 1970's?

    >
    > You can climb out of your bomb shelter now and take those silly
    > blinders off. The Cold war has been over for twenty years.


    With respect impossible, have you not heard of the "New Cold War"? (Google
    gives over 400,000 hits, including, on the first page, the BBC, Time,
    Guardian, Washington Post etc.) Putin makes no bones about it. (Then there
    was that deliberate incursion into foreign airspace by those Russian fighter
    planes last week...)

    The main difference about this "Cold War" is that it's primarilly about
    "claiming" fossil-fuel resources. Putin sees it as Russia's chance for
    greatness again. We're not far off the day when whoever has the last few
    billion barrels of oil or gas will be able to dictate policy. Those fighter
    planes, aircraft carriers etc haven't been converted to hybrid engines yet
    and guzzle fossil fuels. (Excepting the nuclear powered ships of course.)
    Putin is far from content with Russia's current place in the world (and even
    more uncomfortable with the US's expansionist policies) and has big, and
    potentially dangerous plans.

    The Cold War has warmed up again.
    --
    TTFN.

    Shaun.
    ~misfit~, Sep 12, 2007
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. oOOo

    Re: blocking spies altogether?

    oOOo, Aug 6, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    419
  2. miss calm

    Re: blocking spies altogether?

    miss calm, Aug 6, 2003, in forum: Computer Support
    Replies:
    8
    Views:
    400
    Brian H¹©
    Aug 6, 2003
  3. Au79
    Replies:
    5
    Views:
    780
    Fuzzy Logic
    Mar 15, 2007
  4. n3td3v
    Replies:
    6
    Views:
    1,678
    unruh
    Jan 10, 2010
  5. Ted

    NZ's cyber spies win new powers

    Ted, Jan 2, 2010, in forum: NZ Computing
    Replies:
    8
    Views:
    424
    ~misfit~
    Jan 5, 2010
Loading...

Share This Page