The Truth

The Truth about your PC security

By Gerald: Internet Anthropologist Think Tank

1.20.09

From those who know.

These comments are from a post on Wired:

Air Force Unplugs Bases' Internet Connections

While unplugging the Airforce's PC's from some of the Internet

it feels more like a political motivation.

For example why block Air Force personel from Blogs?

Censorship?

The comments make some great points.

Although we have not collected secondary sources to verify

all the info.

GOOGLE FORMATING STILL SCREWING UP/

HIGHT LIGHT TO READ

So much for the Cyberspace in their obnoxious new Air * Space * Cyberspace tag line.

Posted by: Michael Finn | Feb 18, 2009 11:48:39 AM

HIGHT LIGHT TO READ

( Google formatting SUCKS )

It's one thing to unplug the networks because of an active and known threat. It's another when the network is disconnected from a failure to comply with computer policies created by folks who don't have the slightest understanding of information or computer security (pilots).

The AF is bass-ackward when it comes to all things network. As pointed out in the article, much of the internet is blocked for arbitrary reasons based on words in the website such as blogs, forums, flash sites, social networking. I have even been blocked from accessing websites with the word "weapon" and "flight simulation". I wonder how many websites Al Qaeda blocks from their people? ...obviously not flight sims.

An average terrorist with a internet connection is better wired than an Air Force officer. The word to our enemies is, "Don't try to bomb our communications, we will gladly disable them for you the first time you email an Air Force Base a .zip file."

Posted by: Sauce | Feb 18, 2009 9:54:23 PM

HIGHT LIGHT TO READ

( Google formatting SUCKS )

February 27, 2008 - Air Force Blocks Access to Many Blogs
Link - http://blog.wired.com/defense/2008/02/air-force-banni.html
-------
January 06, 2009 - Air Force Releases 'Counter-Blog' Marching Orders
Link - http://blog.wired.com/defense/2009/01/usaf-blog-respo.html 
-------
February 18, 2009 - Air Force Unplugs Bases' Internet Connections
"Many airmen can't access Danger Room, for example — or any site with the word "blog" in the URL."
-------
Strange Days Indeed.

Posted by: Bob Loblaw | Feb 18, 2009 10:31:57 PM

What I can't figure out is why their top secret information is on the same network as their access to the internet.

My company, for example, has a secure intranet all across the US. Any one of us can access it but without hacking in no one outside the intranet can. Then we have a server that feeds us the internet through heavy firewall, proxy, and anti-virus protection.

Altneratively, some companies have two networks. One for public use and one for the secure stuff.

Posted by: Deny The Truth | Feb 19, 2009 5:22:38 AM

I have 1200 or so terminals remotely fed by wireless connect, over a 9000 square-mile service teritory in SE Ks. I'm just a little biz guy paying his bills.

Our 27-year-seasoned techie staff (all licensed Amateur Radio Ops) have personally dealt with this new breed of 'dirty plugin' that is being forced into client machines globally.

Corrupted advertising servers are being used as the viral launch platform. Again.

The 'powers that be' would be very wise to core-disconnect & perform a massive-chassis inspection & P2P viral cleanup.

The Net is globally bi-directional & Grandma, bless her soul, hasn't got a chance in hell of NOT being infected.

Without a personal (hardware-based) firewall in place, a fresh public IP will conduct well over 600-incoming probe hits within the first 30 seconds of raw machine connection to the Net.

More tha likely, most probes were from infected bot machines scanning the network.

Our packet sniffers see the traits, as more infected clients spring to life daily & we scramble to shut them down.

Mr. Obama: My daughter is known to you as 'Home Girl', and she brought back 2-sets of the gold-rimmed w/inaug-seal stemware from your table. She seemed quite enlightened after chatting with you and your wife.

BTW: Enlightenment is a very good thing.

Thank you for your time invested.

Karlea's dad.

Posted by: ISP with a clue... | Feb 19, 2009 5:46:05 AM

I live in mainland China and I can't access most of those sites either. Hmmm...

Posted by: Tom Swift | Feb 19, 2009 6:20:11 AM

I see death of that base commanders career in 3..2..1...

Posted by: Rob | Feb 19, 2009 12:00:10 PM

Yeah, I agree. . . some of the above posts are way off. People talking without knowing. I was military and now am a civilian working in the same ISS type of job.

btw. . . the military doesn't have their secret data on the unclassifed internet.

also Cyae, those 18-26 year old "boys" are the ones brave enough to do something you obviously haven't or you would appreciate the freedom you have. Also it is common knowledge that America has the strongest military forces there are.

Posted by: ex | Feb 19, 2009 2:06:19 PM

I agree that it is a draconian style of leadership. The problem with not using that style is that 320,000+ AF members and lots (I don't know the number) of the AF civilian workforce just don't understand the gravity of the situation. Honestly... Do you think a weapons loader for an F-22 really cares if the network is secure? Remember, before you answer, that this is the same guy that doesn't own or even want to own a home computer. This isn't just the weapons guys either... think of the Cooks, Cops, Mechanics, bomb builders, Dirt movers, Red Horse (AF Version of the Navy CBs), etc... Most of them could care less if they don't have access. The whole iPhone/network access thing... It's not about divulging secrets. It's about infection on Government systems. YouTube and MySpace are notorious for infecting viewers with trojans and the like. The whole intent is to protect AF capabilities.

Check out “Solar Sunrise” – Google hits #1 on this: 
www.globalsecurity.org/military/ops/solar-sunrise.htm
protection from these types of intrusion is critical to AF and American sustainability in global information threats. 

Posted by: Faceless AF Guy | Feb 19, 2009 2:31:37 PM

Faceless AF Guy:

This new infectious junk is too slick. This is NOT from a 14-year-old without a girlfriend, wildly coding away in grandma's basement.

This is serious pay-for-play by big-boy hacker kiddies in Russia, Bulgaria, China.

Basic flow: Polymorphic encryption delivery via comprimised ad-servers. 'Gateway drug style', this kernal pulls in a boatload of other crap. Your box is owned in 2 seconds.

We're seeing a P2P linkage with hundreds of global IP's. No head of the dragon to cut off, being P2P.

Once embedded, this junk strips your box of everything of any value.

Within these last 4 weeks, we have reliable estimates of 20 million+ compromised P2P-linked bot machines.

No one will be spared. I saw it happen in front of my eyes while visiting a legit car-listing site.

I swished my mouse across the ads with mouse-triggered pop-ups & KAPOW - my chassis was displaying a ransom-ware display called 'MSANTISPYWARE2009'.

MALWAREBYTE has a worthwhile detection & removal package for this morphing crapo.

Only by shutting down core feed "RIGHT F NOW" could a busy military base positivly track the background network noise, disconnect the hijacked P2P bot security problems, and choke 'em off.

This is serious security shiite being tossed upon the world stage.

I wish the big boys luck with tackling this huge problem...

Posted by: ISP with a clue... | Feb 19, 2009 7:28:21 PM

As I read the rest of the posts, let me clear something up. EVERYTHING is in the network. If it goes down, people die. Literally. All medical records, medical equipment, planes, email, everything. Email is the primary means of communication. Not to mention pay, encryption codes and root certs. As far as wireless, it takes an act of God to get AF network wireless. I know, because I help with monitoring it. And even if you do get it, we wardrive it every month. War driving is where we drive around with an antennae picking up all wireless freqs, and make sure that they are secured properly.

Posted by: Static | Feb 21, 2009 3:44:36 AM

HIGHT LIGHT TO READ

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The conclusion is clear PC's on the net are not safe.

Grandma, bless her soul, hasn't got a chance in hell of NOT being infected.

The WWW should be safe for Grandma, if she 

has a firewall anti virus and a sweeper.

The truth is that won't keep one safe.

Our security configration is massive,

an we still get penetrated. They lost the PC and some arrested.  Any body

that thinks they are safe are fooling themselves.

Security Vendors need some government funding

to get ahead of the malware curve,

so far we are just reacting as we 

discover threats. A very poor defensive 

position.

The Internet is slipping 

away from us.

YOU ARE NOT SAFE.

We can walk thru firewalls

and around anti virus

even trojan sweepers

and plant a rootkit you

can't find.

We don't its illegal,

until we get a letter of Marque and reprisal.

Our hands are tied.

They would burn us in a min.

Graitute is not one of their character flaws..

We can be transparent, Opaque or invisible 

depending on who we think are looking.

Our BSU's meet the letter of the 

law, less than hacking but more

than OSINT.

Gerald

Tactical Internet Systems analyst

.Infected PC's rampant G

INTERNET THREAT MATRIX

.