I think someone missed the point.

STOP: Do Not READ This THREAD unless HACKING interests you. I have no idea how to submit this per forum rules and I'm pretty sure I have exhausted my welcome with the mods regarding thread cleanup.

YES YOU!!!!! GO AWAY!!!!!! HACKING is SUBJECT
STOP GO BACK


So CNN reports a hack against Russia

http://hothardware.com/news/jester-vandalizes-russian-ministry-of-foreign-affairs-site

There was DDOS on America the other day... The News tells it one way... Here is another version..

http://www.theverge.com/2016/10/21/13362354/dyn-dns-ddos-attack-cause-outage-status-explained

Sooo... Hacking. It has forever been White Hat vs Black Hat. Now we have Gray Hat. who is who?

Who do you believe? All the hackers I have ever known had one thing in common. Truth, Freedom, and Respect. We all understand Truth, regardless of the 'facts' presented, we acknowledge Truth when presented in a manner than can no longer be questioned. We generally have a concept of Freedom but it's relative. I feel free, but a man 20x my wealth my feel much more free in my same life situation as he could move away or around foreseen adversity as needed. Respect..... Now I'm not talking about lobbing grenades and praying you hit something. I'm talking about the guys that can really do this stuff. It's like any other industry. People get to know each other and a chain of knowledgeable respect is formed and sometimes handed down.

So how is it the USA is getting slammed? How is it Hillary and the DNC is getting exposed? How is it all of a sudden HACKING is an MSM "word of the day"..... and yet the message from AMERICA in DC is simply. Go back to sleep, we will fix this. Our enemies are doing this.

How can that possibly be? I'm not saying it can't be. I just want to know the theory of operation so to speak. Anyone care to present a theory to the common man?

This is a whole new world. We used to accept things because we thought it was the truth or at least close to the truth. Now we see the corruption for what it is.

Truth is three blind men describing an elephant. They don't think they are wrong, what they say isn't inaccurate from their vantage point, and they answering your question.

I won't say I am Mr. Computer as my knowledge base sorta ended with the 90s. But I will say we are post-Hacker these days. The whole cute nickname, only crime is curiosity,and PLUR raver days are gone.

They have actual hacker armies now. Like as a part of a military branch. There are also a lot of guns for hire it seems.

And while the ethical hacker still exists and all, it's a different world. All anyone has to do is cast enough doubt and make life hard for the McDonald's Netflix American and you can make people do what they want. You can influence a nation.

Then there are the undergroundish Anarchist movements who are like globalists except they aren't.

Government is a symptom of laziness.

I'll just say there are no real right answers per the topic at hand.

So current and future wars will be fought in cyberspace. However, our reality is cyberspace. Who's playing who?

You know, I can't help but have wondered this exact thing- H & the DNC (helluva 50's quartet/band name there... :P ) holler "russia russia russia!"
Yet, only all the horrible stuff they've been doing is coming out.
Given the apparent ties I've heard exist between Clintons/DNC and the whole "silicon valley"/ tech thing, why is everything there is to find about the R side of the aisle not splattered all over the internet? You're telling me the best the DNC can do is halfassed allegations of various sexual misconduct?

IS someone somewhere trying to influence the election in their favor for some grand scheme privy only to some unknown foreign state actors?
OR is this the actual real-life end result of someone finally deciding to get up on a roof with a bullhorn and yell "WAKE UP!"
I know which way I'm inclined to lean, especially given the media response cited in the OP, but I wish I genuinely knew...

That being said, I do know two things;

After this election, there is no going back to "the way things were". Everyone's shit is out there. Everyone knows. It's a blue pill / red pill moment.
Also, this "cloud" data storage- there is just no way anyone's data can be secure out on a server *somewhere*. The fact that "secure" data storage seems to be moving more and more in this direction is scary.

One of these days, nothing will work. No ATM, no gas pumps, no automatic doors at the grocery store, no power....no internet. I guess that means I'll be hooking up that Triple Box Wagon to a team and making trips to town over days, not hours. Wood for heat is not a problem, and I'm happy to have Aermoter Windmills still pumping water out of the ground. In some ways, I'm tire of all the bullshit anyway. Maybe returning to an even simpler life will be a blessing. At least I have the means and tools to survive. Living in the City would not be a comforting thought in these times.

In general, the US Government assigns its highest classification markings to hacking-related assets and information.

Anyone who claims to know the full truth can't talk about it (unless your last name is Clinton). Everyone else is just guessing.

I don't know anything, but I know that much.

I think someone missed the point.

STOP: Do Not READ This THREAD unless HACKING interests you. I have no idea how to submit this per forum rules and I'm pretty sure I have exhausted my welcome with the mods regarding thread cleanup.

YES YOU!!!!! GO AWAY!!!!!! HACKING is SUBJECT
STOP GO BACK


So CNN reports a hack against Russia

http://hothardware.com/news/jester-vandalizes-russian-ministry-of-foreign-affairs-site

There was DDOS on America the other day... The News tells it one way... Here is another version..

http://www.theverge.com/2016/10/21/13362354/dyn-dns-ddos-attack-cause-outage-status-explained

Sooo... Hacking. It has forever been White Hat vs Black Hat. Now we have Gray Hat. who is who?

Who do you believe? All the hackers I have ever known had one thing in common. Truth, Freedom, and Respect. We all understand Truth, regardless of the 'facts' presented, we acknowledge Truth when presented in a manner than can no longer be questioned. We generally have a concept of Freedom but it's relative. I feel free, but a man 20x my wealth my feel much more free in my same life situation as he could move away or around foreseen adversity as needed. Respect..... Now I'm not talking about lobbing grenades and praying you hit something. I'm talking about the guys that can really do this stuff. It's like any other industry. People get to know each other and a chain of knowledgeable respect is formed and sometimes handed down.

So how is it the USA is getting slammed? How is it Hillary and the DNC is getting exposed? How is it all of a sudden HACKING is an MSM "word of the day"..... and yet the message from AMERICA in DC is simply. Go back to sleep, we will fix this. Our enemies are doing this.

How can that possibly be? I'm not saying it can't be. I just want to know the theory of operation so to speak. Anyone care to present a theory to the common man?

No one will talk about it with any details...

However, the greatest threat is ALWAYS inside. This is what happens when outsourcing and H1B1 is the predominate IT workforce companies employ. Cheep now pay later.

I think the answer is no one is even remotely using solid Cyber Security practices - DNC / HC / State Dep & most other gov agencies. If you dont have proper defense systems in place a nation state can walk into your system in minutes.

You know, I can't help but have wondered this exact thing- H & the DNC (helluva 50's quartet/band name there... :P ) holler "russia russia russia!"

The stupid thing is that this type of attack has been taking place for years, often in response to an assault on wiki leaks.

And normally by various hacker groups sympathetic to the cause.

I see no evidence this is any different, despite HRC and Obama's finger pointing to the Russians.

Not that the Russians could not organize something like this. But once you do an attack of a particular form everyone will plug the holes, remove the vulnerability. So doing "shots across the bow" is non productive for state actors, where for hackers it's a form of boasting.

Governments use zero day exploits to crack/break systems for that reason. They could use ddos attacks to create problems, but it's an inefficient and unreliable method. We routinely capture and redirect or neutralize them. Botnets used for ddos have a weakness... They have to have a command channel. Which means it can be detected and captured.

So to me, this whole "it's the Russians" bit is just another lie. And will cause us problems if our gov goes off half cocked

Also, this "cloud" data storage- there is just no way anyone's data can be secure out on a server *somewhere*.

This is mathematically incorrect. I've designed encrypted cloud file backup systems that, even having created it, I could not access my client's files. The problem isn't that we can't do security, its that people don't care and won't buy security. They want convenience, and the level of convenience they want usually isn't securable, or is really expensive to do so. When there is no consumer demand for something, and consumers usually turn off security features if they get in the way at all, companies don't invest in it.

I also have no trouble believing the Russians are involved in the DNC hacks, and are influencing the election. Best case, they get Trump elected, who appears to be very friendly with Russia. Worst case they only shake American confidence in the election system and cause civil strife. I do think Putin overplayed his hand when he said that a vote for Trump was a vote for peace, but it doesn't change that most outcomes of their actions are positive for the Russians.

If Putin wanted to influence the election, he could have simply made a large, cash-donation to one of HRC's PACs.

Just sayin'.

As far as anyone knows, aes-128 is still cryptographically secure. Properly implemented with a truly random password/key, it's unfeasible to crack in your lifetime.

If you use aes-256, it's likely the sun will engulf the earth before a random 256 bit password is cracked. Assuming quantum computing doesn't destroy it instantly.

What this means is, use a strong password and encrypt your own files before putting it on the cloud. No one can get access without the password. This also means if you lose your password, no one can save you.

No one will talk about it with any details...

However, the greatest threat is ALWAYS inside. This is what happens when outsourcing and H1B1 is the predominate IT workforce companies employ. Cheep now pay later.
Who's to say all this stuff isn't being perpetuated by assets on our payroll anyways just to stir things up and allow us to beat the war drums? I mean if they went after Trump/RNC I doubt anyone would care to the same extent.

I think the answer is no one is even remotely using solid Cyber Security practices - DNC / HC / State Dep & most other gov agencies. If you dont have proper defense systems in place a nation state can walk into your system in minutes.
My agencies system is an F'ing dinosaur. It's pitiful really.

As far as anyone knows, aes-128 is still cryptographically secure. Properly implemented with a truly random password/key, it's unfeasible to crack in your lifetime.

If you use aes-256, it's likely the sun will engulf the earth before a random 256 bit password is cracked. Assuming quantum computing doesn't destroy it instantly.

What this means is, use a strong password and encrypt your own files before putting it on the cloud. No one can get access without the password. This also means if you lose your password, no one can save you.
Any recommendations on the both the encryption software and cloud service you recommend for they average tech savvy Joe?

https://3.bp.blogspot.com/-DoImiock9_U/WAl9MCBTUcI/AAAAAAAANCY/TYeciZmLqho_lYMOgdlomn4J0nPKaGazgCLcB/s1600/Hillary%2Bemail%2B10.20.16.png

This is mathematically incorrect. I've designed encrypted cloud file backup systems that, even having created it, I could not access my client's files. The problem isn't that we can't do security, its that people don't care and won't buy security. They want convenience, and the level of convenience they want usually isn't securable, or is really expensive to do so. When there is no consumer demand for something, and consumers usually turn off security features if they get in the way at all, companies don't invest in it.

I also have no trouble believing the Russians are involved in the DNC hacks, and are influencing the election. Best case, they get Trump elected, who appears to be very friendly with Russia. Worst case they only shake American confidence in the election system and cause civil strife. I do think Putin overplayed his hand when he said that a vote for Trump was a vote for peace, but it doesn't change that most outcomes of their actions are positive for the Russians.

Ummmmmmm... no.

Mathematically speaking (your point, not mine), virtually ANY data can be accessed and retrieved. Ironically, it's simply a matter of convenience and efficiency (the very reasons you cite as why people don't perform security). Just because YOU can't get to it doesn't mean it's impossible, it simply means you don't have the means (money, time, and/or resources). Make yourself a valuable enough target and, eventually, someone will find a way to access your data.

And arguing that it would takes weeks/months/years/decades is irrelevant - it is still possible. Nothing in a computer system is completely secure by the very nature that it is stored solely to be retrieved, and what is secure is always less-so once uploaded to the "cloud" (I really hate that word).

Also, consumer-grade "security" is a joke.

Who's to say all this stuff isn't being perpetuated by assets on our payroll anyways just to stir things up and allow us to beat the war drums? I mean if they went after Trump/RNC I doubt anyone would care to the same extent.

My agencies system is an F'ing dinosaur. It's pitiful really.

The DNC and HC is hardly the critical failures, the breach at OPM and several others were related to poor practices by external contractors. They did not even follow DISA STIG.

The DNC and HC is hardly the critical failures, the breach at OPM and several others were related to poor practices by external contractors. They did not even follow DISA STIG.

Bingo.

Any recommendations on the both the encryption software and cloud service you recommend for they average tech savvy Joe?

Spideroak is solid, and works well both from a cloud storage and encryption aspect. I stay abreast of the alternatives can it is still the best if you look at how it works, pricing, reliability of their client, etcetera

The DNC and HC is hardly the critical failures, the breach at OPM and several others were related to poor practices by external contractors. They did not even follow DISA STIG.

I work in the IT field. Any of our employees would have been fired for not following the standards designed to prevent these types of attacks. Just about everything HRC did is a firing offense and is covered in a yearly training program. Every employee knows about it.

They were sloppy, had been audited and informed they were sloppy, and just did not do anything about it (OPM, anyway)

As far as anyone knows, aes-128 is still cryptographically secure. Properly implemented with a truly random password/key, it's unfeasible to crack in your lifetime.

If you use aes-256, it's likely the sun will engulf the earth before a random 256 bit password is cracked. Assuming quantum computing doesn't destroy it instantly.

What this means is, use a strong password and encrypt your own files before putting it on the cloud. No one can get access without the password. This also means if you lose your password, no one can save you.

140-2 after 15 years is still a good start for SBU. Shame the .gov does not actually implement it. Still do not understand why DISA is not a regulatory entity. Everyone in the .gov doing their own thing like a bunch of idiots.

I work in the IT field. Any of our employees would have been fired for not following the standards designed to prevent these types of attacks. Just about everything HRC did is a firing offense and is covered in a yearly training program. Every employee knows about it.

They were sloppy, had been audited and informed they were sloppy, and just did not do anything about it (OPM, anyway)

the kicker is that same contractor still holds several contracts at PFPA...

Don't forget that the Postal Service was the only federal agency, during an audit, that was properly running crypto on radio comms...

:fie:


Everyone in the .gov doing their own thing like a bunch of idiots.

140-2 after 15 years is still a good start for SBU. Shame the .gov does not actually implement it. Still do not understand why DISA is not a regulatory entity. Everyone in the .gov doing their own thing like a bunch of idiots.

Well it is a DoD agency, so it makes sense it doesn't cover everything in the government. God, DISA inspections were a pain in the ass every other year.

Any recommendations on the both the encryption software and cloud service you recommend for they average tech savvy Joe?

It depends on what you're using the cloud for and what devices you expect access on.

Using it for file backups is different than using it for quick and easy photo storage/sharing which is different than storing sensitive files for access across computers and mobile devices.

And arguing that it would takes weeks/months/years/decades is irrelevant - it is still possible. Nothing in a computer system is completely secure by the very nature that it is stored solely to be retrieved, and what is secure is always less-so once uploaded to the "cloud" (I really hate that word).

The timeframe with modern encryption isn't decades, but thousands or millions of years. I've seen some estimations put it at multiples of the existence of the universe.

A file encrypted locally before being uploaded to the "cloud" doesn't change or become less secure simply because its in the "cloud".

I've been following these more closely as I'm taking three classes online this semester for finish a bachelors degree I started twenty-six years ago. One of the classes is called "Cyber Warfare". I've learned more over the past couple of weeks than I have since cyber warfare became a catch phrase. It amazes me how much Russia, China, and North Korea are investing in cyber warfare, and how they use their "non-state" citizens to help them with their electronic proliferation.

It's certainly an interesting topic, and IMHO it's a broader application of espionage and psychological warfare. Then again, the things some of these people could do if they were able to gain access to power and transportation grids makes it a really chilling thought. One thing for sure, cyber warfare is real.

I'm just an average joe who knows how to turn on my computer and go to my favorite websites. I don't have any technical expertise in the IT field at all, but the above is just my average joe take.

I absolutely despise and loathe hackers. They are the reason I have fifteen bazillion passwords, each an impossible to remember combination of characters and why I can't use some programs when the computer pukes someplace and forgets my login information. They are why many of my programs have to be updated and why those updates have to be babysat during installation to prevent some add generating program or some retarded dash board thingy installed my browser "to improve my internet experience".

Hackers aren't about freedom and respect. They're about creating chaos for the sake of chaos and hang the consequences to others. They are as bad as those who think the government needs to get involved in our personal lives. Line as many of them up before the firing squad as we can, fit nooses about the necks of the rest and make a national holiday of Piss on Their Graves Day

In all fairness Bulletdog, youbare describing criminal hackers.

But hackers and hacker mentality predates computers. Edison was a hacker. Gene Stoner was a hacker. Kalashnikov was a hacker. Ben Franklin was a hacker.

They saw something they wanted to do. No tools existed. So they made or modified them.

So your beef isn't with hackers. It is with criminals. Because modern hackers also try to help keep your stuff secure from bad people because they didn't want it to happen to them.

Gun people don't like to be judged by the actions of criminals. We should extend the same courtesy.

Those who modified tools etc to get the job done, do not fit the definition of "hacker" that I grew up with

Those who modified tools etc to get the job done, do not fit the definition of "hacker" that I grew up with

First off, apologies for confusing you with BD. Your avatars sometimes look the same to me.

Second, I don't know your generation. As an 80s kid, a hacker, to me, was someone who wanted his Commodore or Tandy to do something it couldnt or get extra lives. Or someone who wanted to build their own radio. I understand the frustration with people misusing technology and using hacker techniques, but to say all or even most hackers are bad is sort of short sighted.

If you have ever modded an AR. You, yes you, are a hacker, sir.

M4C is like a BBS. We discuss what works, what don't what is a waste of time, and what makes life easier.

Colt sells you a 6920. Not bad. Military trigger, carbine gas, 4 pos stock.

But you decide you want a full URX rail, an optic, a Geissele trigger, a 6 pos stock, etc.

That's hacking. The term even predates PCs. Are their A-holee looking to misuse knowledge? Sure. But there are even more who just want something done quicker and easier

One of these days, nothing will work. No ATM, no gas pumps, no automatic doors at the grocery store, no power....no internet. I guess that means I'll be hooking up that Triple Box Wagon to a team and making trips to town over days, not hours. Wood for heat is not a problem, and I'm happy to have Aermoter Windmills still pumping water out of the ground. In some ways, I'm tire of all the bullshit anyway. Maybe returning to an even simpler life will be a blessing. At least I have the means and tools to survive. Living in the City would not be a comforting thought in these times.

This sums up nicely where Im at myself. I sometimes long for it, actually. But- I know it would be a death sentence for so very many. Ive got family who would suffer greatly, none to my knowledge are ready for anything bad happening. A "return to a simpler life" would be devastating for most of the country Id say. Those who have never been alive without cell phones, apps, games, computer this & that, who don't have a slightest idea of how or why or when to defend themselves, who wont eat if Taco Bell is closed or the microwave is out, who have NO, NONE, ZIP, NADDA survival skills or even a survival instinct, will die. Just imagine all these "triggered" spoiled brats during a nationwide shtf event. Now, imagine the BLM thugs and the like. With no LE to worry about, the ONLY survival "skill" they possses is stealing, robbing, murdering & looting to get what they want or need.
So, thinking BIG PICTURE...I do try to be careful what I wish or pray for. Might not wind up being what I thought it would be.

William Binney gave an interview and he is speculating heavily that someone within the NSA has been behind the DNC and Podesta hacks because they despise Hillary. There could be some truth to that.

It's also possible that when John Podesta lost his cell phone someone gained access. https://wikileaks.org/podesta-emails/emailid/25364

Had to watch this for my class, and I found it interesting.


https://www.youtube.com/watch?v=OG0wKUipab0

Had to watch this for my class, and I found it interesting.


https://www.youtube.com/watch?v=OG0wKUipab0

I think I'm in the background at some point in that documentary.

But...

https://i.imgflip.com/1806f1.jpg


William Binney gave an interview and he is speculating heavily that someone within the NSA has been behind the DNC and Podesta hacks because they despise Hillary. There could be some truth to that.

It's also possible that when John Podesta lost his cell phone someone gained access. https://wikileaks.org/podesta-emails/emailid/25364

https://3.bp.blogspot.com/-DoImiock9_U/WAl9MCBTUcI/AAAAAAAANCY/TYeciZmLqho_lYMOgdlomn4J0nPKaGazgCLcB/s1600/Hillary%2Bemail%2B10.20.16.png

So full of win. :)

Speaking of hacking, a lot of e Cigs, and cheap electronics that are made in china that need to be charged with a USB have malware in the .cxd file. I read an article a while back saying that the bots in the malware were designed to assist search engine results with pro Chinese products. If you were looking for industrial manufacturing, the search results would come up with English translated Chinese websites that offer manufacturing. The bot would also predict a possible search engine result using key words like "for sale", "cheap" and "bulk" with Amazon and eBay sellers based in China. China has flooded both Amazon and eBay disguised as American companies, they have also been seen in the OTC (Offshore Technology Conference) Steel Expo and Mining Expo posing as US Manufactures purposely trying to scare away big oil and steel companies from using US companies for there manufacturing needs by giving quotes that are 8-10 times higher than average.

The stupid thing is that this type of attack has been taking place for years, often in response to an assault on wiki leaks.

And normally by various hacker groups sympathetic to the cause.

I see no evidence this is any different, despite HRC and Obama's finger pointing to the Russians.

Not that the Russians could not organize something like this. But once you do an attack of a particular form everyone will plug the holes, remove the vulnerability.

Just saw that our National Intelligence Director James Clapper is saying all evidence points to a non-state actor. With the usual suspects of hacker groups claiming credit and are most likely the source

As to hackers, I first learned to program in the late seventies and did it for a living through the early eighties. A hack was (and still is in my mind) a particularly clever but nonconventional solution to a problem. A code fragment, and algorithm, or even a program.

Unconventional to the point it broke "rules", violated syntax, took advantage of a bug or loophole. Or changed the rules to allow itself to work.

" dude, check out the heck I did on the database access routine. I used in line assembly to stuff parameters directly into the system call and bypass the compiler's type checking. It's 10x faster now."

That's a hack. It only became used to describe malicious Acts when they used legitimate hacks to bypass security on purportedly secure systems.

Some of the first viruses and worms were legitimately hacks. This stuff that people are doing now are what we call script kiddies. They are using tools and techniques that were developed years ago and made available to those wanting to do malicious things.

They have been industrialized, and very little is clever about them. They take advantage of negligence by users and computer manufacturers.

Non computer analogy: A hack would be to figure out that you could spring the pins in a lock tumblerby tapping it. Or bypass the lock entirely by taking the pins out of the hinges on the door. What script kiddies are doing is just randomly checking for unlocked doors by brute force. Not a hack.

This latest worm just takes advantage of unsecured devices , installs itself, listens on a command Channel, and in it's spare time looks for more unsecured devices.