Jump to content

That Cyber Thread

17D_guy

By 17D_guy
in General Discussion

 Share

Recommended Posts

SuperWSO Flight Lead

SuperWSO

Posted
Posted (edited)

In my experience, IR is ok, Bluetooth/RF mice and keyboards are not. One mouse hooked to a KVM touching several different level machines is also ok

Edited by SuperWSO
Link to comment
Share on other sites
  • Replies 299
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

17D_guy
17D_guy

Hey gents, thanks for keeping this one alive. I retired, got a contract job, got blackballed, filed a FWA complaint and am now 100% doing they cybers on the outside. Somehow lost the password to here

ClearedHot
ClearedHot

A few points to ponder: 1.  It is NOT a foregone conclusion that the Russians hacked anything.  Shockingly the mainstream media is starting to push back on the administration narrative that it wa

17D_guy
17D_guy

Well,   It's been awhile since I've posted in here with the latest happenings from the cyber front.   Since the last time AFSPC finally gave up it's choke hold on cyber ops and it moved over

Posted Images

17D_guy Gray Beard

17D_guy

Posted
  • Author
Posted

Yeah, I don't understand the Air Force and their ridiculous EMSEC and wireless device policies. Where I work now, we have multiple boxes from multiple agencies spanning all classifications (unclass through SAP) sitting next to each other. They are all hooked up to switch boxes and use the same monitors, mice, keyboards, etc. They also all use the same wireless clicker. It's been the same setup in joint deployed environments, from what I've seen.

At my last duty station, which was an Air Force base, we had red tape all over the desks to show you the line you couldn't cross with your mouse or any other equipment. People literally got written up for moving an optical mouse hooked up to NIPR over the SIPR red line. Not only is that too stupid for me to process, they actually employed people who went around checking/monitoring this shit.

I had a 2Lt who plugged a wireless mouse into his SIPR workstation once. Asked him to remove it, that per the "rules" it wasn't allowed.

We were in a SCIF as well.

He asked why, that all it passed was X/Y axis data and there was no information to be gotten off of that. I informed him as a lowly SSgt I didn't have the details as to why he couldn't, but the NSA wrote the rules. He said they didn't know what they were doing. I side that's fine, remove the mouse.

There's a lot of cool stuff going on right now with side-channel analysis. Attacking systems and getting information about what's happening in a system from other means.

TEMPEST was the start of everything in this realm. I generally try to be cool about these things. Wireless mouse on NIPR? I don't care. I've got a MSgt that I supervise that's got one right now actually.

But a lot of the Pilots/Nav's roll into SCIF's here with their iPhones and bricks like it's no big deal. I was going to say Ops dudes since it would cover the back-end Intel guys, Ravens and other folks as well.. but it doesn't. It's mostly front end rated-bros... just thought about that. Not hating, an observation.

Some of the rules are stupid. Some asses interpret them their own way to be a pain/powertrip/etc (Gravedigger's 2nd paragraph). But I can assure they're their for a reason when it comes to EMSEC. I've seen the same thing with the stacked classifications. Drives me nuts, but I'm a little older-school. I think a lot of the problem was mitigated with shielded-copper, fiber, and flat screen monitors that don't emit like the old CRT's.

Also, the switch boxes should be NSA approved. There were... 2(?) approved when I was at Vandenberg for some of their systems to co-exist.

That being said, I've seen images pulled off side-by-side ethernet connections that I didn't think would be there.

From where I sit, it looks a bit like the JSF: Some big joint "program" sucking up service-specific funding then returning capabilities that are less than when you started. Without getting to in the weeds, there are some capability gaps that will emerge when we give up on the gateways (16 AFNET exit points for those at-home viewers who are not immersed in the gory pain of the AFNET) and switch to JRSS. JRSS is funny in that it isn't actually a program at all -i.e.... there's no program element that Congress approved. Instead, its all the services throwing money at this based on DoD CIO direction.

I see a trend of increasing centralization at DISA, and I'm not sure that's a good thing.

Correct JRSS is a unicorn when it comes to DoD programatic function. Army's paying for it, AF's helping with a bunch of stuff. Navy has the NMCI and can sit in the corner until they learn how to cyber like adults.

As much as it pains me to say it the move to a joint cyber environment is the right thing to do. It shouldn't be AF NIPR, Army NIPR.. Navy... vomit. Real savings in time, $$ and manpower can be leveraged with that. Security for the DoD networks can be vastly enhanced. The AF no-kidding leads the way in getting this done in some areas (AFNet, 24th AF, security) and the Army in others (DISA Email).

Additionally, like the sky we don't (to my knowledge) have Air Force sections, Navy sections, etc. It's all under control of the CFACC. Same should be for Cyber, and JIE/JRSS is going to get us there. I'm tired as hell, so I hope this made sense.

Link to comment
Share on other sites
Day Man Gray Beard

Day Man

Posted
Posted

TEMPEST was the start of everything in this realm. I generally try to be cool about these things. Wireless mouse on NIPR? I don't care. I've got a MSgt that I supervise that's got one right now actually.

Interesting...thanks for the link.

Link to comment
Share on other sites
Dupe Gray Beard

Dupe

Posted
Posted

As much as it pains me to say it the move to a joint cyber environment is the right thing to do. It shouldn't be AF NIPR, Army NIPR.. Navy... vomit. Real savings in time, $$ and manpower can be leveraged with that. Security for the DoD networks can be vastly enhanced. The AF no-kidding leads the way in getting this done in some areas (AFNet, 24th AF, security) and the Army in others (DISA Email).

Additionally, like the sky we don't (to my knowledge) have Air Force sections, Navy sections, etc. It's all under control of the CFACC. Same should be for Cyber, and JIE/JRSS is going to get us there. I'm tired as hell, so I hope this made sense.

It's reasonable that cyber should be a joint function. The problem is DISA: it's like Gotham City is asking for Batman and getting Vinny The Goat instead. By federal law, services are now required to go ask service-CIO for permission to go buy data center infrastructure (in a push to reduce foot print and move to the cloud). DISA was then deputized to be the arbiter of which programs could use commercial services and which had to use DoD funded data centers (manageged....by.....DISA). To date, I don't know of one program that has succeeded in using commercial cloud providers where many other executive departments (including the CIA) have been able to. 17D- I know you know most of that story. The viewing public may not. DISA costs are easily 6x-10x that of commercial cloud providers.

Link to comment
Share on other sites
SuperWSO Flight Lead

SuperWSO

Posted
Posted

Sounds like the complaints I've heard about DISA Enterprise Email (DEE). Slow and vastly more expensive.

Link to comment
Share on other sites
Gravedigger Gray Beard

Gravedigger

Posted
Posted

TEMPEST was the start of everything in this realm. I generally try to be cool about these things. Wireless mouse on NIPR? I don't care. I've got a MSgt that I supervise that's got one right now actually.

Some of the rules are stupid. Some asses interpret them their own way to be a pain/powertrip/etc (Gravedigger's 2nd paragraph). But I can assure they're their for a reason when it comes to EMSEC. I've seen the same thing with the stacked classifications. Drives me nuts, but I'm a little older-school. I think a lot of the problem was mitigated with shielded-copper, fiber, and flat screen monitors that don't emit like the old CRT's.

Also, the switch boxes should be NSA approved. There were... 2(?) approved when I was at Vandenberg for some of their systems to co-exist.

I don't want to discuss specific organizations and systems, but I think you'll find that most agencies outside the AF have stacked or side-by-side boxes as the norm. I honestly think the Air Force just uses blanket overly restrictive policies because they are accounting for the lowest common denominator, and worst case scenario. Maybe that's a good strategy, maybe not.

Link to comment
Share on other sites
17D_guy Gray Beard

17D_guy

Posted
  • Author
Posted (edited)

To expand on the OPM hack. Watch the video and realize these are senior gov't employees in all facets of the force. They're the ones making decisions about how to implement cyber.

They're in the AF too..

http://www3.blogs.rollcall.com/hill-blotter/opm-breach-includes-congressional-staffers/

Additionally Krebs does a good breakdown of the history of this. CLEARLY targeted, persistent, and skilled. I briefed this to leadership this week, they were not please.

http://krebsonsecurity.com/2015/06/catching-up-on-the-opm-breach/

Edited by 17D_guy
Link to comment
Share on other sites
JS Gray Beard

JS

Posted
Posted

Anyone else concerned about the OPM hack? I just read an article that the Chinese acquired every SF-86 that has ever been submitted electronically. I was perusing through the one I just did a few months ago and it has some pretty good stuff - name, social, address, and phone number of me and my wife along with address and work history, etc. This info could be used to start up another life somewhere in a pretty bad case of identity theft.

Link to comment
Share on other sites
Champ Kind Gray Beard

Champ Kind

Posted
Posted

Anyone else concerned about the OPM hack? I just read an article that the Chinese acquired every SF-86 that has ever been submitted electronically. I was perusing through the one I just did a few months ago and it has some pretty good stuff - name, social, address, and phone number of me and my wife along with address and work history, etc. This info could be used to start up another life somewhere in a pretty bad case of identity theft.

I was trying not to think about it.

All of the "safeguards" that we impose on ourselves and make productivity painful at work... And this still happens.

Link to comment
Share on other sites
JarheadBoom Gray Beard

JarheadBoom

Posted
Posted

Anyone else concerned about the OPM hack?

Yep.

Also infuriated. Every fucking year we get officially harassed about Information Assurance/Information Protection/Cyber Awareness/etc., and every fucking time I log onto a .mil computer on base I get several popups telling be how I'll be burned at the stake if I let PII out of it's encrypted and access-controlled cage. Then a .gov agency with more of my personal info than the fucking IRS says they didn't bother trying to encrypt because "their hardware is too old".

Fat lot of fucking good that one year of credit monitoring will do if the Chinese (or whoever they may sell/trade the data to...) decide 6-9 years from now to get really asymmetric WRT cyber warfare.

  • Upvote 1
Link to comment
Share on other sites
11F Crew Dawg

11F

Posted
Posted

So I get notified on 5-Jun that I'm deploying on a 365 on 01-Jul. My commander gives me 22-29 Jun to knock out all of my deployment training...ADLS is down 22-29 Jun.

This is the best situation ever! I don't have to do a single CBT. Boom!

Link to comment
Share on other sites
17D_guy Gray Beard

17D_guy

Posted
  • Author
Posted

So I get notified on 5-Jun that I'm deploying on a 365 on 01-Jul. My commander gives me 22-29 Jun to knock out all of my deployment training...ADLS is down 22-29 Jun.

This is the best situation ever! I don't have to do a single CBT. Boom!

You're welcome, I'm waiting on the check.

Link to comment
Share on other sites
stract Gray Beard

stract

Posted
Posted

so at work today, I could access gmail on the interwebs, but every other non-mil/gov site I tried to visit gave me the big FU. Displayed error message was that my profile or workstation had been restricted to viewing only .mil/.gov websites. WTFU?

If it matters, my IA just expired but since ADLS is down, can't rehack that. I know that the CS was given guidance not to disable accounts for that reason while ADLS is down, so seems an odd coincidence. Thoughts?

Link to comment
Share on other sites
17D_guy Gray Beard

17D_guy

Posted
  • Author
Posted (edited)

Hrm.. Interesting. I don't think it was the local CS, as the process for restricting accounts is automated.

Your profile gets kicked to a naughty boy/girl list and you're restricted from the glory of the web. I'm not sure on the technical specifics.

Did you try a different workstation? I imagine the same result. If you contact your CFP they might be able to help, but no promises.

I just wonder because they're always rolling out new software for security, both locally and in the ether, that will do strange things. So, at some point if your local workstation isn't patched, you could get the same error. Which would be good for us Cyber types in making sure vulnerabilities are mitigated. 4+ months after the vendors release the patches and they've finally percolated through DISA and AFCYBER. I wish I was kidding.

Oh, then AFCYBER backdates the due date for the CS to the vendor release date. Then passes that list of overdues to the MAJCOM A6.

Edited by 17D_guy
Link to comment
Share on other sites
stract Gray Beard

stract

Posted
Posted (edited)

well it ended up being moot, b/c on Tues morning they put me in the penalty box (kiosked) for the overdue IA, thus not following their own guidance. "oh, ADLS is down? Hmm, I didn't know that..." Took an entire 3 days (until this afternoon) for an override to go through so I wouldn't be locked out, and I expect to be locked out again tomorrow afternoon since the override is apparently only good for 24 hrs.

The best part is the popup I've been getting for the last three days "Your IA is overdue, would you like to complete it now?" becomes 4 popups when you click it (it's like being rickrolled), and the phone number listed is for the Enterprise helpdesk that no longer exists (DSN 510 something).

ETA: now that I can go somewhere other than the portal/ADLS, I could knock out the training on the DISA website, but that wouldn't update ADLS, and ADLS can't be manually updated because it's down... #catch22

Edited by stract
Link to comment
Share on other sites
17D_guy Gray Beard

17D_guy

Posted
  • Author
Posted

well it ended up being moot, b/c on Tues morning they put me in the penalty box (kiosked) for the overdue IA, thus not following their own guidance. "oh, ADLS is down? Hmm, I didn't know that..." Took an entire 3 days (until this afternoon) for an override to go through so I wouldn't be locked out, and I expect to be locked out again tomorrow afternoon since the override is apparently only good for 24 hrs.

The best part is the popup I've been getting for the last three days "Your IA is overdue, would you like to complete it now?" becomes 4 popups when you click it (it's like being rickrolled), and the phone number listed is for the Enterprise helpdesk that no longer exists (DSN 510 something).

ETA: now that I can go somewhere other than the portal/ADLS, I could knock out the training on the DISA website, but that wouldn't update ADLS, and ADLS can't be manually updated because it's down... #catch22

First - this is hilarious. For me, not you.

Second - 3 days: normal. Sorry, welcome to the efficiency of operation in an enterprise system. I'm not proud saying that. When your senior leaders (both Cyber and Fliers) say they're leveraging automated systems to blah, blah, blah. This is what they're talking about.

Third - Your CFP/CSL (pronounced Sizzle, we think of the cool names in Cyber) should be able to update your IA date, or put in a ticket (+3 more days!) to have it manually updated. I haven't heard of that process being a complete automated lock down.. and it wouldn't make sense if they did. So.. they probably did.

Fourth - The ESD is gone, long live the vESD. Try putting in a ticket for something that isn't on their little app. You can't. You have to call your CFP for the ticket.

Did you get notified ADLS was going down, then it wasn't, then it was again? i don't know your situation, so I'm not trying to accuse. Thankfully we don't seem to have many people at my location stuck in your boat, but I would be interested if your training/QA/C4I got the info out to you.

I'm still surprised at the number of individuals in senior positions w/ Masters degree in business/management who can't figure out strategic communication. Ex - new ESS roadshows.

Break break -

I got moved out of my DO position to a career-building staff job. So my (cyber) front line info will start to lag and I'm lobotomized by being taught how to build staff meeting slides. Overall, I'm not sure how much good info I'm bringing, but if you've got particular questions I can still bro-network a solution.

Link to comment
Share on other sites
stract Gray Beard

stract

Posted
Posted

The CSL got my days pushed to the 30th. Because ADLS will definitely come back up on time, right?

Yes, I knew of ADLS down week getting pushed right. Not sure why the CS didn't have any idea ADLS was down, tho.

Link to comment
Share on other sites
  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


×
×
  • Create New...