==Phrack Inc.== Volume 0x0c, Issue 0x41, Phile #0x09 of 0x0f ==Phrack Inc.== |=---------------------------------------------------------------------=| |=--------=[ Australian Restricted Defense Networks and FISSO ]=-------=| |=---------------------------------------------------------------------=| |=-----------------------------[ The Finn ]----------------------------=| |=-----------------------=[ TheFinn@phrack.org ]=----------------------=| |=---------------------------------------------------------------------=| --[ Contents 1. Introduction 2. Wardialling and You 3. Origins of FISSO 4. Australian DoD and FISSO 5. An Introduction to the EPL and CCRA 6. The EPL and CCRA in depth 7. Other standards 8. Secrets 9. Conclusion 10. Annex --[ 1. Introduction This document explains and introduces a new secret network maintained by the Australian DoD. As far as I know, this network is similar in its usage to the American DoD's SIPRNET. To be used in conjunction with specially designed software to promote better communication in the procedures and implementation of command and control systems, intelligence and logistics. Please keep in mind, much if it will be based on my own past experience, observations and guesswork. Due to the volatile nature of the information I will keep it "barely legal" while trying to introduce some of the concepts behind the way the various DoD's are now interconnecting and thus maintaining the same network security philosophy across the world. I found this document a good idea because to find this information out required weeks of reading and knowing where to find these things on the web. Also you'd have to read the kinds of documents that first specifies how it's going to use verbs within the document, then they will convey how they are going to use nouns... etc... You really don't want to go there ;) --[ 2. Wardialling and You After wardialling a lot of numbers I found some really interesting dialups belonging (obviously) to the DoD which were part of the network belonging to the Australian Navy. You don't really see a lot on wardialling anymore as there are so many ISP's people can connect to for vpn connectivity to anywhere in the world, however the military still considers modems a good way to communicate as they can control the access point themselves and log everything. I personally use THCSCAN on windows to wardial with, as it works well in Australia for me as well as other places. (I say it works well in Australia because over the years many wardiallers have come out with VERY stringent rules about the numbers to be dialled which only conform to US area-code and dialling standards - very annoying -_-). I always have it on my laptops - go nowhere without it ;). THC have had to remove many of their great tools from their website recently because of the changes in German law regarding internet security tools, but thanks to the guys from packetstorm it is still available there. The other good wardialler I love to use on linux is iwar. [8] This is a really nice wardialler, lets you use as many modems as you can fit on the box. It can also log all the data to a mysql database - which I am a fan of. They are working on a sip/iax2 functionality which will allow dialout through a sip gateway and wardial the PSTN network on the other side using a software modem - it works, but with some small difficulties at the moment. It's still a work in progress. Pretty sophisticated stuff, really nice. It is possibly useful to note here even a commercial provider like Free World Dialup will allow you to dial the US, UK and NL toll free numbers over sip for free. There are others which will also give you local calls for free (in countries where they are free) with a little research, you can find them. Anyhow, unfortunately in Australia, it costs you $0.22c per local call. So this kind of info is expensive to get - even if you're dialling on a sunday morning at 2am (which is what I did) - unless you like sitting outside peoples homes beiging - I'm getting too old and fat for that anyhow ;) But for you young skinny folk - wardialling still works well, people should be doing it - especially in countries where local calls are free!! When I first saw these pop up, I was pretty happy. I'd not been at the front-door to anything like this in a while, and I knew it would keep me interested for a bit. You have to keep in mind, the Department of Defence is stupid and worthy of your respect - both. They are like mmost other large animals, they are slow to move, but if they hit you, you'll get squished like a bug (I have been there before). However it's amazing how much of an understanding you can get about such a large target by doing a little research. When I first found these dialups it was back in 2004. I noted them all down, and kept a copy very safe. Later on a couple years later I rechecked them to make sure they were still valid - no other reason. I did notice a slight change - in the banner. Here's the original banner back in 2004: ************************************************************************** * CONNECT 57600 * * * * The unauthorised access, use or modification of this computer system * * or the data contained therein or in transit to/from, is prohibited * * by Part VIA of the Commonwealth Crimes Act and other Federal and State * * laws. * * This system is subject to regular audit. * * ---------------------------------------------------------- * * For access problems please log a job through the DRN Customer Support * * Centre. Either phone 133272 or e-mail to * * 'outage.notifications@defence.gov.au'. * * * * **************** * * * * * * User Access Verification * * * * Username: * * NO CARRIER * ************************************************************************** Here's the banner in 2006: ************************************************************************** * CONNECT 36000 CCCC * * The unauthorised access, use or modification of this computer system * * or the data contained therein or in transit to/from, * * is prohibited by Part VIA of the Commonwealth Crimes Act * * and other Federal and State laws. * * * * This system is subject to regular audit. * *----------------------------------------------------------------------- * * For access problems please log a job through the FISSO Support Centre. * * Either phone 02 9359 6000 or e-mail to 'fleet.help@defence.gov.au'. * * * * ***************** * * * * * * User Access Verification * * * * Username: * * NO CARRIER * ************************************************************************** (The part I starred out was the actual dialup location and line number which are a code for maintenance purposes for the terminal server I guess.) As you can imagine I was kinda interested in why it changed from a DRN (Defense Restricted Network) to FISSO and what FISSO was. I checked around the web, and then started reading all the pdf's that the military in Australia declassify and make available to the public. --[ 3. Origins of FISSO Currently the RAN (Royal Australian Navy) has expanded the DRN (Defence Restricted Network) to allow for more robust communications protocols (still an IP Network) and Services. Thus FISSO (Fleet Information Systems Support Organisation) is born out of the old Navy driven DRN Support Group. During some time when those banners above changed, the DRN was expanded to include the other armed services branches Army and Air Force. They are now implementing the networking technology overseas with collaboration efforts in the UK and USA. This will allow far better communications between the various armed services of the west and thus provide better cohesion. This is where the CCRA comes in. It is also interesting to mention here one project which has been in the press for years - ECHELON. The USAUK Agreement back after WW2 has allowed vast amounts of intelligence to be shared among the member nations as well as projects like ECHELON to be enacted. This new criteria for security measures internationally is a new brick in the wall for these intelligence communities. Keep in mind - when you see this kind of press for things like ECHELON, that is one thing, but most of the intelligence agencies will not share high level intel with ANYONE, not even allies. What they will usually share are things that used to come under the term "domestic terrorism" - which after 9/11 is a relative term with the Homeland Security Department being formed. Unfortunately or fortunately - depending how you look at it, as a result, the list itself shows clearly which evaluated products are in use on such networks - which is at least of interest to us. One of the fundamental problems with making rules is the existence of anomalous circumstances - exceptions - which most of us are aware of ;) Creating a criteria and then an implementation procedure for security devices takes a long time, it is also expensive for the company doing the implementation - as they must pay for the DSD staff's time to do criteria evaluations - for their specific implementation of their product. These rules are followed stringently at the time of a particular installation. The amount of beaurecracy found in the DSD is mind-blowing. Thus their ability to move quickly on any given specific flaw in security is AT TIMES small. They do however keep internal security mailing lists, patches and often have direct contact with not just vendors of products but also the original architects most of these won't relate to CCRA listed products however - more on all of this in the next section. You will even in places find tricks implemented in a DSD controlled network that you will find nowhere else in the world - you have been warned. --[ 4. Australian DoD and FISSO FISSO themselves are a rehash of the old DRN Support Group who maintained the old Defense Restricted Networks for the DoD. FISSO is the new project the Navy is (still) running for the DoD - Keep in mind, the navy has historically been in charge of many signals projects before other branches of armed services have been invited to join or use them - the same I believe is true of the US Navy. (Must be all that morse code). The FISSO Network is a support network for DoD Personel to communicate with each other around the world with low level communications mediums. Which is to say laptops or other small computer systems with modems in order to help officers and other officials to communicate across the globe in a secure manner for departmental purposes. The FISSO Network Support Group has had several contract workers in the DoD to create a network with many quite amazing and intricate network systems. The officers are able to communicate with voice over ip, digital video, whiteboards, conference rooms, text chat and other ways [6]. They can exchange files and communicate over the parts of the network that have been secured by the DSD and the old DRN Group. Aspect Computing currently hold contract with the DoD for FISSO Core Contract and FISSO In-House Contract Payment. Given the amounts in the reports I've read, I'd suggest they're probably just contracting either software or hardware or both to the Navy (my best guess) who would likely only trust DoD or DSD staff to maintain the support centre itself. (It might contract out some positions to suitably DoD security cleared contractors - likely top-secret or better would be required). At present Aspect Computing is being paid approximately $2 million dollars a year for support to FISSO. This would probably be a 3rd tier support network, to be used after both the FISSO Support and KAZ could not fix a particular issue. KAZ Technology Services (Procured by Telstra in 2004) is also a contractor who provides Command and Support Systems for Officers and Logistical Support Systems Integration that is to say that these guys provide all the really nice and interesting comms software that the officers and support/logistical personel use for decision making and chain of command order verification. (Think of them as the Australian version of SAIC). They won a 5 year $200million contract back in 2005 to provide desktop computing to the RAN (Royal Australian Navy). Kaz had maintained a relationship with DOD since its inception in 1988 and is being offered 2 year contract extensions up until 2015. Kaz staff go through rigourous security checks in order to be cleared to work on the FISSO network and they have in the past been helicoptered out to sea in order to complete work in required timeframes. From a KAZ document regarding their FISSO solution: "Behind these capabilities, KAZ high security architecture integrates Lotus Notes R5, Domino, SameTime (including server to server federated architecture), LAN/WANs, MS Windows NT Servers, MS Windows Terminal Servers, Citrix Mataframe Xpe 1.0, Ultra Thin Clients, HP-UX and Hummingbird Exceed. The architecture also draws on TCP/IP, ISDN and modems to connect the Fleet to services across Defence intranets, with the addition of cryptographic black boxes outside each of the on-board servers to maintain military level security. KAZ also integrated SameTime technology to extend the Navy's collaborative capabilities to a Coalition Wide Area Network (COWAN), involving naval systems belonging to Allies such as the United States and United Kingdom." [6] You'll notice KAZ's inference of a Coalition Wide Area Network which I can find no other mention of that particular acronym. It might be either a marketting insertation or something that eludes to more restricted documentation. Either way you have to assume KAZ knows more about it than us and I find it interesting that such a beast is mentioned here. IBM Provide Hardware and Software also to do with Logistical support for the various arms of the DoD. [4] Sun Microsystems are providing Hardware and Software for security based firewalls and other security devices (RFID and biometric authentication device drivers and such). [4] Lotus Notes and Domino are in use widely still to this day - which at first I wasn't sure of but I was in discussion on with a friend and he pointed out the KAZ website - I'd suggest the Navy would be loath to update their systems as often as normal corporates would. Lotus-Domino 5.0.9 i'm surprised that still exists those docs are old probably doesn't exist now but might still u never know, their beaurecracy is amazing sometimes i actually worked with a prime 9950 at one company didn't even run the newer version of cobol ... took up half a room was sitting next to all the AT&T servers funny stuff http://www.kaz-group.com/subscribe yeah, just to keep some legacy code running yeah wow there ya go dude im gonna add that in the article how may i own thee, let us count the ways.. haha --[ 5. An Introduction to the the EPL and CCRA. Let's introduce the criteria themselves'. At the moment the DSD have 2 different tables of criteria the ITSEC system and the CCRA for evaluating products for secure use on Military and Government networks. The DSD (Defence Signals Directorate) is the main body behind secure communications for the Australian Government, ostensibly they take the same role as the NSA does in the US. The EPL (Evaluated Products List) is the list the DSD creates and maintains denoting all products put forward by vendors for assessment by the DSD for use in high level, high security government networks and systems. There are a number of criteria in the DSD which products are assessed for. The CCRA (Common Criteria Recognition Arrangement) is an agreement by NATO nations in the west to rate equipment by a shared standard as well as share past evaluated products at a common rating so that they might interconnect their military and government networks to better control your sorry ass. ;) To allow those poor corporates who have spent lots and lots of dollars on getting their products evaluated, time to re-evaluate them under the new international system, the CCRA (as a body) are going to allow member countries who have used the ITSEC (Information Technology Security Criteria) system (including the USA, UK, Australia) to use ITSEC rated products as CCRA rated products for the timebeing. This basically means the EPL's for all these countries are now turning into the CCRA. They are amalgamating 50 years of "defense" protocols and political maneuvering to be able to dominate more freely. After all it wouldn't be nice to have UK troops in some little out of the way village while the US Navy are ordering cruise missiles to destroy it from 1000 kilometers away - the speedy communications methods and stringent protocols (military protocols) enabled by a communications network like this would allow for these kinds of scenarios to be less of a concern and have a million other benefits. Along with the E1-E6 (ITSEC) and EAL1-EAL7 (CCRA), there is a network designation relating to the secrecy and security needs for the network, as follows: UNCLASSIFIED, IN-CONFIDENCE, RESTRICTED, PROTECTED, National Security/HIGHLY PROTECTED. The Document relates the required security device to be used interconnecting the different networks which I will include here: ************************************************************************* * SRC NETWORK * AND DST NETWORK IS * THEN YOUR GATEWAY REQUIRES * ************************************************************************* * UNCLASSIFIED * - public domain. * a traffic flow filter. * * * - UNCLASSIFIED. * * * * - IN-CONFIDENCE. * * * * - PROTECTED. * * * * - HIGHLY PROTECTED or * * * * National Security. * * ************************************************************************* * IN-CONFIDENCE * - public domain. * an EAL2 Firewall. * * * - UNCLASSIFIED. * * ************************************************************************* * * - IN-CONFIDENCE. * a traffic flow filter. * * * - PROTECTED. * * * * - HIGHLY PROTECTED or * * * * National Security. * * ************************************************************************* * RESTRICTED * - public domain. * an EAL2 Firewall. * * * - UNCLASSIFIED. * * * * - IN-CONFIDENCE. * * ************************************************************************* * * - PROTECTED. * a traffic flow filter. * * * - HIGHLY PROTECTED. * * * * National Security. * * ************************************************************************* * PROTECTED * - public domain. * an EAL4 Firewall. * * * - UNCLASSIFIED. * * ************************************************************************* * * - IN-CONFIDENCE. * an EAL3 Firewall. * * * - RESTRICTED. * * ************************************************************************* * * - PROTECTED. * an EAL2 Firewall. * ************************************************************************* * * - HIGHLY PROTECTED or * an EAL1 Firewall. * * * National Security. * * ************************************************************************* Can you see the interesting parts with regard to our dialups? 2 things I notice right away. If anything HIGHLY PROTECTED or National Security rated are connected to the network we have dialups for - there's only a packet filter in between me and it - if the old DRN network rating hasn't changed. (A restricted network). Also, behind that terminal server, I can probably expect to find myself facing a nice EAL2 rated firewall. As I would assume the PSTN Network is considered "Public Domain". It may even require some kind of secure-ID type authentication - a one time pad or smartcard. This would be a theoretical login session given the types of equipment listed on the EPL and what they are used for. The network topology could easily include remote identification servers. The terminal server itself can instigate PPP with a client, pass you through to the Cisco VPN 3000 Concentrator(EAL2), you authenticate there via key and it directs you to where you're trying to go, when you get there you have a Sun Firewall-1 (EAL4+) asking for your SecureID one time PAD or similar product. Once you do that, you can check your email, download your porn, whatever. Also the other interesting thing to note - EAL1 rated firewalls are only going to be found on PROTECTED, HIGHLY PROTECTED or National Security networks and only where they interconnect with others of the same security rating. If you find one one of those firewalls - you know the importance of the networks you're on. Now down to the exact security designations for the products: EAL1 - Functionally Tested. Provides analysis of the security functions, using a functional and interface specification of the TOE (target of evaluation), to understand the security behaviour. The analysis is supported by independent testing of the security functions. EAL2 - Structurally Tested. Anaysis of the security functions using a functional and interface specification and the high level design of the subsystems of the TOE. Independent testing of the security functions, evidence of developer "black box" testing, and evidence of a development search for obvious vulnerabilities. EAL3 - Methodically Tested and Checked. The analysis is supported by "grey box" testing, selective independent confirmation of the developer test results, and evidence of a developer search for obvious vulnerabilities. Development environment controls and TOE configuration management are also required. EAL4 - Methodically Designed, Tested and Reviewed. Analysis is supported by the low-level design of the modules of the TOE, and a subset of the implementation. Testing is supported by an independent search for obvious vulnerabilities. Development controls are supported by a life-cycle model, identification of tools, and automated configuration management. EAL5 - Semiformally Designed and Tested. Analysis includes all of the implementation. Assurance is supplemented by a formal model and a semiformal presentation of the functional specification and high level design, and a semiformal demonstration of correspondence. The search for vulnerabilities must ensure relative resistance to penetration attack. Covert channel analysis and modular design are also required. EAL6 - Semiformally Verified Design and Tested. Analysis is supported by a modular and layered approach to design, and a structured presentation of the implementation. The independent search for vulnerabilities must ensure high resistance to penetration attack. The search for covert channels must be systematic. Development environment and configuration management controls are further strengthened. EAL7 - Formally Verified Design and Tested. The formal model is supplemented by a formal presentation of the functional specification and high level design showing correspondence. Evidence of developer "white box" testing and complete independent confirmation of developer test results are required. Complexity of the design must be minimised. Note: Only assurance levels 1-4 are incorporated in the CCRA currently, and ratings of products which fit criteria above level 4 in Australia, are designated 4+ on the EPL. Here I'll give a few examples of ratings from random catagories. (The EPL is split up into various network devices and then the larger part of network security products). Biometric Products EAL2 - Iridian Technologies KnoWho Authentication Server and Private ID Miscellaneous Devices E1 - NEC S2 (Mobile Satellite Terminal) EAL1 - Cisco VoIP Telephony Solution Network Security Devices EAL1 - Secure Session VPN v4.1.1 EAL2 - SurfControl Email filter for SMTP EAL4 - Clearswift Bastion II Firewall EAL4+ - Cisco Secure PIX Firewall V7.0(6) Operating Systems E3 - AIX V4.3 EAL4+ - Sun Trusted Solaris 8/04 EAL4+ - Windows 2000 Professional, Server and Advanced Server with SP3 and Q326886 Hotfix *cough*bullshit*cough* There are also smartcard products, PC Security products, encryption products, and many other catagories. More in-depth information can be found on the website itself regarding each product. --[ 6. The EPL and CCRA in depth During 1998 The United Kingdom, France, Germany, The United States and Canada put in place the CCRA. Australia joined in 1999. It should be noted here also that under the member countries list (with contact details) under the DSD website, Japan, South Korea, Netherlands and Norway have also joined the CCRA recently. This Criteria is for use between the countries in any kinds of shared network arrangements - this process is called "Mutual Recognition". The philosophy behind this is that overseas products rated by the DSD, NSA and various other organisations can be used in other member countries without being re-evaluated as the criteria is the same. Although it may be noted that (at least in Australia) the DSD does provide exceptions for any kind of cryptographic equipment which it may need to give particular evaluation to. (I wonder if this is a security concern or more to do with compatibility). Also available is the ACSI33 Network Security Manual - Public Domain Copy [1] - this is much like the old DoD Orange Book in the US. This manual defines many of the Australian DoD Network security standards and criteria prerequisites for many of the supplicants of DSD/DoD approval for the Evaluated Products List (EPL). If you check the EPL itself, you'll find criteria certification reports and security target papers, defining how the product was certified, possible weaknesses in the product, how the product should be used in the DoD and all the contact details any given DoD department should need to buy such a product or get information on it. You have the shopping list for exploits, contact information for social engineering, a detailed outline of what to worry about once you'd attacked a DoD network point and how to hide yourself from IDS - you have the list of what IDS are used, and can download the IDS signature recognition files and run those through something like IDA Pro disassembler. Then modify your code/payload to no longer alert the IDS software, use of polymorphic payload would be a good technique to use for this once you know the triggering pattern. Since the old days of hacking into .mil's on the old milnet (the cold-war ip network of the USA which was used both for research and development) of the early 90's lots of things happened. Lots of busts and a lot of talk of securing the governments of the western world. And they are not the only ones. Since the early 90's we've seen a huge amount of digest on changes to computer related laws worldwide in relation to this particular agenda in places like Russia, China and North Korea. There is more than enough information in these documents to set up an elaborate network attack, when the various military organisations will be more reliant than ever on these networks for command and control, logistics and communications. More interesting is the fact that on the UK EPL and the US EPL they also list the same products with the same rating - even though some of them have been independantly assessed (haha), further pushing the point that these networks are now at least slightly interoperable or at least becoming so over time. The scarey part is that it's connected to the largest military body in the world. The US DoD, who have run SIPRN for many years, since they re-built the early milnet after the cold-war. The network there being able to at least speak to the Australian network and be restricted by guidelines of Mutual Recognition as set down by the new standards in the CCRA must of course adhere to the same standards, and can be recognised by the EAL designation on the Australian and UK EPLs. Theory: Latest exploits - or even old ones - could still work to this day on many of the systems because of the way the EPL is implemented. Companies must pay to become a part of the EPL. It can cost upward of $1,000,000 AUD to get a product certified sufficiently. From the companies point of view - the more they pay, the better their market share is, because the further up the EPL rating they go - by taking more time through evaluation - which costs more to get evaluated for, they find less companies are willing to pay for the evaluation. This directly impacts sales because the more secure a network is rated internally by the DSD the less choice any given department has for the products to secure it. Pretty much the DSD/NSA etc. will give you a license to print money - as long as you pay THEM first. Here's one recent example of the whole deal going wrong which has come out in the press as I wrote this article [7]. I find it interesting that even the most educated security consultants aren't really that aware of the way the intelligence community is functioning when it comes to the CCRA/EPL equipment. Their mention of "Pentest expresses doubts about whether the certification of the firewall according to Common Criteria EAL4+ is merited on the basis of the flaws it unearthed." amuses me. Fact is, once a particular IMPLEMENTATION of a product is evaluated, it doesn't change. It won't be "Regularly Patched" or even "Regularly Evaluated", any changes whatsoever made to the implementation make it non-standard and no longer adhering to the criteria it was evaluated for originally - that's the point of evaluation - as far as the DSD/NSA are concerned. You are almost back at the old NASA addage back when the space race was on and they would joke that the Russians had their best minds and parts going into their project while the US spacecraft was 10,000 moving parts, all built by the lowest bidder run by a group of people chosen on their ability to kiss ass. This is the basic problem with beaurecracy in the western military. Beaurecrats are always trying to justify their existence, they do so by telling everyone what they are doing and companies involved want to say "hey look what we did for the DoD". On with our look at the pretty secure network: Without actually breaking in, we can't know if you can break into the american network from the Australian side, or any other side, however, the previous designations with regard to PROTECTED networks connecting to National Security Networks could tell us that we might be able to easily. I suggest that no matter what the CCRA will tell countries to do, their own internal DSD, NSA, DoD computer departments will require some heavy security between coalition members. But this is only an assumption on my part, I wouldn't put it past the various department heads to cut costs here - it happens. I find it amusing that in none of the above departments or EPL's does NSA SELinux get a mention ;) (Probably just someone's pet project). One assumption you'd have to make is the network wouldn't be fast out of the country you're in. Ground based satellite transponders are bound to be slow, ship based ones even slower. Network coverage of combat areas is going to be pretty nasty for data - especially if you are on a dialup line. But they are there. Recent Satellite scans show a large number of S and X band non-commercial satellite beacons (which show working transponders in space) and data/analog signals which are encrypted as no in-band scans return any valid output at all (you can see the bandwidth is being used however). I dont have a lot of information about the SIPR Network, not being in the U.S (hopefully it will not be long before someone writes another article on it). But from the DISA website: SIPRNet: The Secret IP Router Network (SIPRNet) is DoDs largest interoperable command and control data network, supporting the Global Command and Control System (GCCS), the Defense Message System (DMS), collaborative planning and numerous other classified warfighter applications. (Note: I suggest warfighter applications means training programs). Direct connection data rates range from 56 kbps to 155Mbps. Remote dial-up services are available up to 19.2kbps. The data rates there are interesting, meaning they also have dialup and ATM links available possibly faster is now available as that page hasn't been updated since the mid 90's. --[ 7. Other Standards The only other standards I've found that are worthy of note for this particular paper are the encryption standards. These are also noted in the acsi33 document fully. The usage of 3DES and AES for symmetrical encryption and RSA/DH/DSA/Elliptic Curve Diffie-Hellman (ECDH)/Elliptic Curve Digital Signature Algorithm (ECDSA) for asymmetric (key exchanges). Encryption is not my strong point, however it should be noted the CCRA members defer to NIST with regard to most of their encryption standards. Fact is I am quoting almost directly from the acsi33 document here, the only encrypted VPNs I ever set up for these companies I worked for were Cisco IOS 3des algorithms. --[ 8. Secrets At the end of the cold war, there were probably a few hundred thousand computers hooked up to the internet. Almost every country on earth had SOMETHING hooked up. The R&D departments of universities in Australia was where I got my internet access from and developed contacts in the hacker scene of the time. At that time China and the USSR were both large threats to western dominance, however I find it interesting to note that all of the member countries of both of these power blocks were internet connected at the time the cold war was in full force. The US DoD or DARPA has still never actually disclosed any given project to do with engineering or humanities that the internet actually facilitates apart from communication. One has to wonder about the significance of the storm worm and other such virii, their ability to act as an autonomous strike against non-military, but more a regional strike against economic infrastructure. The foreseen assumption of any given biological, nuclear or widespread terrorist attack would be that that economic infrastructure would disolve before military infrastructure. After having written this article, I'm not entirely sure that is a valid assumption... --[ 9. Conclusion Much as I would like to write more about the networks in other nations (Japan and France would be nice to find out about), I don't really have the time to wardial or do research for so many networks in so many countries. It will have to come at a later date by other writers. But keep in mind, the USA spend the most on industrial military and mainstream military projects in the world just by matter of overall odds for breaking in and not being discovered, they are probably your least favourable target. As the network seems to now be interconnected with other NATO nations, one of the nations spending less on it might be give better outcomes. The standards are the same across the board anyhow, most of this information will still be good as long as you are in, or looking at a network in one of these member nations. I think many people in the various military departments across the world who are member organisations for this particular network should be quite embarassed by this information being so easy to get. Security through obscurity is another oldschool technique which seems to have gone the way of the steam train - even by those who should be most concerned with obscuring and securing their data. Any hacker who has been around for any decent length of time can tell you there is a way around any system - if you added the extra advantage of having many men who are ready and willing to come to your country and "kick the door down" to procure some of this information, the people responsible for this should be concerned. If we can glean all of this from the "public domain" security level, imagine just having some access to documentation from the IN-CONFIDENCE network computer. In my own experience in working for the Australian DSD through contractors, I found many times that their network data security was very dependant upon one or two applications that were bought from outside organisations - poorly implemented and only very rudimentary security precautions taken. Even the fact that I worked there - even with a previous criminal record to do with gaining access to commonwealth systems, inserting data in commonwealth systems, and defrauding the credit card system - was a security breach. One of the first computers I ever broke into was done via a COBOL packet snarfer. I re-wrote all of the screens to all of the computers the terminal servers would connect to. Then from an account I looked over someone's shoulder to get, I ran up the snarfer and it would look as if I had logged out. I hadn't, in fact the program was running and looked like the login screen. When you typed in your username/password pair, it gave the usual "Password Authorisation Failure" or other error message (depending on where you were logging in) and it logged it to a file in another account - which had the file permissions opened on it so other accounts could write to its' directory. The program then logged itself out - giving the user the normal login screen. Completely unseen by them, and they merely thought they had typed the wrong password. 8 Years later I was working for this particular contractor to the DSD, I found myself sitting in Air Force bases, Navy Logistics Centres, as well as many high-end government and corporate computer security departments. Physical security was not an issue - even though, if propper background checks had been done on me - I would not have been allowed to be there. Iin the past few months I've seen various talk in the press about botnets, attack vectors from unknown sources and the dreaded "black hat" hackers. The latest laugh I had was the stats from google saying that more unix boxes had been compromised than windows boxes and the reporter couldn't understand why unix was considered more secure than windows. They didn't and don't to this day understand WHY *nix and open source are more secure - I am not going to educate people here. Creating an aire of "hype" or complacency in any security environment is completely unconstructive, use of "known factors" through use of friends and other associates is likewise unconstructive. The reasons for this are simple and are defined indeed by one of the latest press releases from the whitehouse. "On the last day, we won't be lost because of a lack of strength or a lack of equipment. We'll be lost because of a lack of trust." --[ 10. Annex Acronyms: --------- [i] RAN - Royal Australian Navy [ii] FISSO - Fleet Information System Support Organisation. [iii] DSD - Defence Signals Directorate. [iv] DoD - Department of Defence. [v] DRN - Defence Restricted Network. [vi] NSA - National Security Agency (USA). [vii] SIPRN - Secret IP Router Network (US DoD). Resources: ----------- [1] http://www.dsd.gov.au/library/infosec/acsi33.html [2] http://www.cesg.gov.uk/site/iacs/index.cfm? menuSelected=1&displayPage=151 [3] http://www.defence.gov.au/dmo/id/cic_contracts/Values2001-2002.pdf [4] http://www.yaffa.com.au/defence/pdf/05/top40-20-2004.pdf [5] http://www.disa.mil/main/prodsol/data.html [6] http://www.kaz-group.com/files/casestudies/cs_ran.pdf [7] http://www.theregister.co.uk/2007/10/03/check_point_pentest/ [8] http://www.softwink.com/iwar/ [9] http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi? searchvalue=thefinn&type=archives&%5Bsearch%5D.x=0&%5Bsearch%5D.y=0