0wned .gov machines (was Re: Russian cyberwar against Estonia?)
Paul Hoffman
paul.hoffman at vpnc.org
Mon May 21 10:22:30 EDT 2007
At 6:34 PM +0000 5/20/07, John Levine wrote:
> >I've heard nothing formal, but my strong understanding is a lot of US
>>government machines, at least if we're talking workstations on
>>non-classified nets, are in fact "0wn3d" at this point.
>
>Well, here's an anecdote: at last year's CEAS conference, Rob Thomas
>of Team Cymru gave the keynote on the underground economy, with a most
>horrifying set of both live demos and selected snapshots of the online
>bazaars where online warez are traded, everything from zombie farms to
>spamware to stolen credit cards. One of the more amusing was a guy
>who offered a zombie in some part of the government that you'd hope
>would be moderately secure, NASA or someplace like that, at a higher
>than normal price. The immediate response was ridicule, bots on
>government nets are a dime a dozen, and aren't worth any more than any
>other bot.
Oh, goodie. I get to the same source to show the opposite. At Rob's
talk at the AOTA summit, he talked about someone offering some botted
machines in a particular US government subnet at a normal prices and
someone quickly over-bid by a suspiciously high amount. The
assumption is that it was for the possible data on those machines.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list