Infiltrated dot Net

U.S. Cybersecurity House of Nonsense
Written by J. Oquendo   

And so the redundant headlines emblazoned my screen "The accounts targeted reportedly included those of senior U.S. government officials as well as Chinese activists and journalists." There is nothing new or unique here however, I am now beginning to question the mind-state of politicians who would use GMail or any other free email service for any kind of sensitive or even mission critical US data. Is it just me or are some of these politicians missing some marbles?

Unless US government officials have been living under a rock, they might not have seen or heard about Sarah Palin's account being hacked [2], Weinergate [3], or those cloned RSA ID tokens [4]. It is becoming disgusting and I don't mean the security state of affairs but the fact that those in government should know better.

When it comes to the technical side of the arena, there is only so much that can be expected of non-tech-savvy individuals. Not many are aware of the attack vectors and this is understandable however, when it comes to mission critical, sensitive information, why are government officials using anything outside of vetted networks, connections, and or software. This is not only puzzling but borders on outright stupidity and negligence.

More puzzling is, not only the overall claim that "China's Government is Hacking" as that can be debunked [5]. While it is simple to point the finger at China, the reality is that, it is more complex to outright prove this because of the complexities involved with spoofing. Not to mention, every blackhat from here to Montezuma knows that China is the first choice to use when pivoting attacks. Better to attack from China as the likelihood of being caught is so low and with potential for escalation from a "cyber war" to full-fledged war on the horizon [6], I choose to question the United States' negligence on "getting hacked."

Imagine for a moment I live in a bad neighborhood. Knowing I live in this bad neighborhood, I see news reports warning me about potential break-ins and choose to ignore the reports leaving my jewelry right by my window for a passerby to see. Who is at fault here? Sure I can say "there is an expectation of privacy," or "there is an expectation that my home is a sanctuary and no one should enter it," or whatever argument I can muster. The reality is that, the world is a cruel place, and I am equally stupid and negligent for keeping my jewelry at the window. I should have learned from what happened to my neighbors  [2,3] that it is a bad idea to keep doing what I was doing. Same applies for government officials using free-mail services.

When will the "a-ha!" common sense factor kick in? Is it hard to fathom that times have changed, risks have risen or is it that there are some people in government and the private sector truly look forward to a "war of words" escalated from nonsensical cyber attacks that would have never happened had someone used their brains for a change?

Personally, I don't blame any country as all countries spy on one another. There is little to see at this point concerning "China is hacking us" since it seems that US government officials don't seem to care whether or not their data is compromised. If they did care, they would be using common sense at this point. There would be mandates from officials to stop using insecure means of communications. That is after all, if the US were truly concerned with matters of cybersecurity.



Nonsense

 

[1] http://uk.ibtimes.com/articles/156246/20110602/google-hack-cyber-attack-cyberattack-china-u-s-security-email-gmail.htm
[2] http://www.huffingtonpost.com/2008/09/17/palins-email-account-hack_n_127184.html
[3] http://blogs.aljazeera.net/americas/2011/06/02/getting-bottom-weinergate
[4] http://www.eweek.com/c/a/Security/Northrop-Grumman-L3-Communications-Hacked-via-Cloned-RSA-SecurID-Tokens-841662/
[5] http://www.infiltrated.net/index.php?option=com_content&view=article&id=30&Itemid=36
[6] http://www.allgov.com/Top_Stories/ViewNews/Pentagon_Classifies_Cyber_Attack_as_Act_of_War_110602