And that's why you run your own e-mail server out of Chappaqua

[dutchfire]

http://arstechnica.com/security/201...-from-obama-to-staff-read-by-russian-hackers/

On Saturday the New York Times reported that “senior American officials briefed on the investigation” confirmed a hack of the White House’s unclassified network last year. The breach "was far more intrusive and worrisome than has been publicly acknowledged,” officials said, telling the Times that the perpetrators were likely Russians with ties to the government, if not with direct backing from Russia.

The White House’s classified network, on which message traffic from President Obama’s Blackberry is kept, was not breached, but e-mails he sent to the unclassified network from that device (as well as e-mails sent from that network to him) were obtained.

Thanks, Obama! I wonder if they found his birth certificate among the e-mails.

 

[Commodore]

So an unclassified network was breached? Who cares? And just because emails that were sent from the classified network to the unclassified network doesn't mean anything sensitive was in those emails. Anyone who knows anything about the transfer and security of classified materials should know that this is pretty much a non-story.

 

[gay_Aleks]

I wonder how thrilled was the Russian intelligence to discover what brand of cosmetics Michelle Obama uses or whether Obama likes his McRibs with curry or mustard.

 

[Light Cleric]

Rumor has it the real stuff is hosted on a private server run by Bill Ayers in Kenya.

I normally wouldn't be too bothered by this since it's supposed to be unclassified stuff, bu,t given how stupid people, it wouldn't surprise me to see that some classified stuff was blabbed in these e-mails.

 

[gay_Aleks]

"So, Michelle, I just went out and met some cool people at the local McDonalds while eating the new McRib..

Note to self: Tell Garry from CIA to launch the nukes at North Korea."

-a sample of the emails Obama sent in 2015, 5 months before humanity plunged itself into nuclear darkness.

 

[Antilogic]

They should take the BSG approach and eschew networks. Can't hack something that isn't there.

 

[Light Cleric]

"So, Michelle, I just went out and met some cool people at the local McDonalds while eating the new McRib..

Note to self: Tell Garry from CIA to launch the nukes at North Korea."

-a sample of the emails Obama sent in 2015, 5 months before humanity plunged itself into nuclear darkness.

I don't think Barack would ever tell Michelle he ate at McDonalds.

 

[thecrazyscot]

Not to worry, the media would let her know.

 

[gay_Aleks]

Fox News would claim that it's a kebab and that would be all that is needed to prove that Obama is an evil Muslim out for America.

 

[thecrazyscot]

And his failure to supersize the order is proof of his lack of patriotism.

 

[dutchfire]

So an unclassified network was breached? Who cares? And just because emails that were sent from the classified network to the unclassified network doesn't mean anything sensitive was in those emails. Anyone who knows anything about the transfer and security of classified materials should know that this is pretty much a non-story.

I don't think there's much in there that's sensitive in terms of national security, but I reckon some of the e-mails might be politically interesting (especially out of context) .

 

[Commodore]

I don't think there's much in there that's sensitive in terms of national security, but I reckon some of the e-mails might be politically interesting (especially out of context) .

Oh no doubt. But all the articles I'm reading about this are portraying this as a huge breach of national security, which it is not. Classified networks cannot be hacked because they operate on their own infrastructure that is completely separated from the infrastructure you, I, and the hackers use to access the internet. They are also mostly hardline connections, so the only way to hack into the network would be to tap directly into the lines; and they're buried so far underground that there's no way you are going to be able to dig deep enough to get to them without drawing attention to yourself.

In short, classified networks cannot be hacked because they are designed in way that does not allow any outside access to them whatsoever. It is actually one of the few cyber-security measures the government does a really good job with.

 

[The_J]

Classified networks cannot be hacked because they operate on their own infrastructure that is completely separated from the infrastructure you, I, and the hackers use to access the internet.

It is still possible to hack that, in case you get access, and then you can breach it.
Okay, that's only theoretical. e.g. researchers have infected a computer with malware (via phyiscal access), which then used the scanner to communicate with a nearby internet connected computer via morse code (infected with the same malware).
Okay, that approach is a bit nuts, but shows that it's possible.
And we don't know what different kinds of stuff the intelligence agencies are really dealing with.

 

[IglooDame]

Yeah, in security circles, the only computer which cannot be hacked is one that is encased in concrete and dropped into the ocean out beyond the continental shelf. Anything else is just a question of time and effort.

Commodore, wherever you're reading about 'cables dug really deep', please check on why they're worried about physical taps when they can run everything through an AES-256-encrypted IPsec tunnel.

 

[Commodore]

Yeah, in security circles, the only computer which cannot be hacked is one that is encased in concrete and dropped into the ocean out beyond the continental shelf. Anything else is just a question of time and effort.

Commodore, wherever you're reading about 'cables dug really deep', please check on why they're worried about physical taps when they can run everything through an AES-256-encrypted IPsec tunnel.

I'm not reading about it, I actually dealt with it in the military. For our intelligence operations and reporting we used a network that was completely separated from any infrastructure the public uses. The connections were only hardline connections and there was no wireless for classified networks because there is no way to 100% secure a wireless connection.

Basically, the only feasible way to access the network was to have access to a device that was connected to the network and all of those devices were located in extremely secure facilities.

 

[Light Cleric]

After Stuxnet and Flame, I'm not really going to be completely shocked if the intel community has something that sophisticated. Having said that, most of the proof of concepts are just that. Doing them in a real life environment requires ridiculous amounts of setup, knowledge of the surrounding computers, and some fairly basic countermeasures to not be taken, especially the ones that transmitted data on large distances(i.e. 40-50 feet). There are much more sophisticated ones that are harder to deal with but they also require systems to be within a few dozen milometers of one another. I think we'll see things like that be common in 10-20 years but not right now.

The much bigger threat is, as I said earlier, people's stupidity and ignoring extremely basic security principles like least privilege which leads to stuff like Bradley Manning or classified info being disclosed by situations like General Petraeus.

 

[IglooDame]

I'm not reading about it, I actually dealt with it in the military. For our intelligence operations and reporting we used a network that was completely separated from any infrastructure the public uses. The connections were only hardline connections and there was no wireless for classified networks because there is no way to 100% secure a wireless connection.

Basically, the only feasible way to access the network was to have access to a device that was connected to the network and all of those devices were located in extremely secure facilities.

So I wonder what happens with overseas bases, or ships at sea? (asks the former Navy shipboard CommO/CMS custodian...)

 

[Zelig]

Classified networks cannot be hacked.

Anything can be hacked.

The connections were only hardline connections and there was no wireless for classified networks because there is no way to 100% secure a wireless connection.

There's no way to 100% secure an air gapped computer with no network connection.

http://securityaffairs.co/wordpress/25782/hacking/air-gap-network-hacking.html

 

[TheMeInTeam]

I'm not reading about it, I actually dealt with it in the military. For our intelligence operations and reporting we used a network that was completely separated from any infrastructure the public uses. The connections were only hardline connections and there was no wireless for classified networks because there is no way to 100% secure a wireless connection.

Basically, the only feasible way to access the network was to have access to a device that was connected to the network and all of those devices were located in extremely secure facilities.

I would not be 100% confident beyond all doubt that the buried lines couldn't possibly be compromised, unless the distance over which they travel is short. It's not in the realm of likelihood, but impossible is a strong word.

This is the first I ever heard of the air gap stuff.

 

[Commodore]

Anything can be hacked.



There's no way to 100% secure an air gapped computer with no network connection.

http://securityaffairs.co/wordpress/25782/hacking/air-gap-network-hacking.html

Thanks for the info. That type of attack did not exist when I was in. Although, I doubt that technique will be effective against classified military systems because the article says you have to be within 1 to 6 meters of the system for the attack to work. Even when I was in and this type of attack didn't exist, it was SOP to not allow any cellphones inside the facility where the classified computers were. So a potential hacker would have quite a bit of trouble getting an infected phone close enough for this air gap attack to work.

As for the assertion that any system can be hacked: Normally I would agree, but there has not been a single successful breach of any classified network belonging to the United States military. So it seems the methods used by the military obviously have hackers stymied.