Fascinating read.

http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuclear-ambitions/

Compare and contrast is interesting.

Woah, consequences will never be the same.

Fucking awesome!

Welcome to the new face of war.

That's a hell of a computer virus, but better a smart virus than a smart bomb.

How do I become a cyber soldier?

How do I become a cyber soldier?

http://www.airforce.com/

No, not remote control planes, although that looks fun. Where is the headquarters for writing these virii and DoS'ing websites for the USA?

Is that army, navy, air force, NSA, FBI?

No, not remote control planes, although that looks fun. Where is the headquarters for writing these virii and DoS'ing websites for the USA?

Is that army, navy, air force, NSA, FBI?

None of the above. If you're good enough you are presumably able to find it.

http://www.reuters.com/article/idUSTRE69433120101005

If you're actually serious I'd look at the contractors.

Fort Meade, MD.

http://en.wikipedia.org/wiki/United_States_Cyber_Command

Same area where NSA HQ is.

A lot of colleges are offering classes in cyber defense and the like. Education at a place like that would be a good place to start.

http://cyber.jhu.edu/

No, not remote control planes, although that looks fun. Where is the headquarters for writing these virii and DoS'ing websites for the USA?

You'll most likely be trained in defense and detection and measures to protect your own agency and you'll have to do a lot of Sgt. level stuff for a long time. Then you might learn a few other things, still based primarily on e-defense vs. offensive. There's no way (e.g.) if I'm using certain software programs for analysis that I'm going to be qualified to do a trial run on how to crack them before understanding interfaces, the likes of which I've never seen before. Then there's RFP politics and frequent updating that can start you right back at square one.

Don't bring in anything that can, in any way, somehow interact with a computer; a mouse, headphones, cables, etc.: If you're given the shittiest CAT-line to connect to an internal network, use it, no questions asked.

Do little stuff that shows a professional ethic of a defensive demeanor, e.g., even if you are Chuck Norris, the cyber ninja, still very visibly throw your clearance card (if it's being displayed on a neck-pouch) behind your back, consistently, when shredding.

Ask questions about certain communication relays you might learn about only with employees you've built trust with.

Learn how to find a needle in a haystack using, eh, ixquick.

I can't tell you the names of intelligence agencies, but they're not all -- "Hey! Super-powered deep-within-a-fortified-bunker-in-Greenland. Must have a degree in extraterrestrial ESP before applying." No. If you work with the basics you'll get information about smaller organizations. Become a member in good standing. Attend seminars. This is separate from your direct employer, volunteer position or courses, but I highly advise you, like whizza-what, son, to immediately establish openness with separate resources you'll learn about.

Learn how to copy down ridiculously long alphanumeric sequences; flawlessly, and then not get FUCKING PISSED, ffffu, because a project has been solved by other deterrence intervention methods than what you were assigned to.

Find somebody who's retired AF with a few armstripes and/or an officer who went from field duty to desk work.

I had armstripes!

Civilian status allows for better mobility.

In high school, there were two brothers who managed to hack into a few ticket sales websites along with the schools computers. I'm sure they did a bit more, but when they were eventually caught, they were offered to work for the state police instead of serving time. I'd imagine that's how a lot of our "cyber police" are hired. The problem with that is that they are the ones who got caught.

I wonder what country financed and developed it to stop Iran. I mean, a specific target, with specific systems, vulnerabilities, access methods, distribution and timing over several years? Years where windows 7 didn't exist yet? Zeroday vulnerabilities with two completely unknown? Components that had to be infected separately and then join together inside the plant? Key knowledge of the OS, facility and hardware in the plant...this wasn't a hacker seeing what he could do.

Pretty fucking badass. The US should send a few to North Korean.

I wonder what country financed and developed it to stop Iran. I mean, a specific target, with specific systems, vulnerabilities, access methods, distribution and timing over several years? Years where windows 7 didn't exist yet? Zeroday vulnerabilities with two completely unknown? Components that had to be infected separately and then join together inside the plant? Key knowledge of the OS, facility and hardware in the plant...this wasn't a hacker seeing what he could do.

Pretty fucking badass. The US should send a few to North Korean.

Who, who isn't us, has intelligence that badass? It shouldn't take too long to think about.

Any country with the money to throw at it, my guess would be Saudi Arabia or Israel - though I lean towards Israel. I think we underestimate the intelligence community outside the US.

Interesting timing:


On November 29, 2010, the Iranian top Stuxnet expert was killed in a bombing. It was the 5th attack within 2 years on Iranian nuclear scientists and related personnel in Tehran.

From the wikipedia stuxnet article.

Not to mention when it was first discovered and they tried to tell people about it the worm caused massive DOS attacks to give itself enough time to cover up its tracks.

Has anyone accounted for Jeff Bridges' whereabouts during this period? I smell a USER.

Has anyone accounted for Jeff Bridges' whereabouts during this period? I smell a USER.

http://www.hauntedreport.com/images/435_tronguy.jpg

Tronguy did stuxnet.

What kills me is the whole thing could have been (potentially) avoided by following procedure. You NEVER, ever never, never ever allow media to cross between an air gap. Once it touches the secure side it's there for life. Hell that was one of the big things I took care of was making sure only new/clean media was used on SIPR and once used it stayed SIPR. It never crossed to NIPR and you never allowed anything to go back and forth.

Damned users.

Sometimes you have to cross the streams.

These aren't Proton Packs they are security measures man!

It's Skynet.

Stuxnet gives me an E-rection

No, not remote control planes, although that looks fun. Where is the headquarters for writing these virii and DoS'ing websites for the USA?

Is that army, navy, air force, NSA, FBI?

Company L, Marine Support Battalion, at Ft. Meade MD does the major computer geek stuff for the Marine Corps. It falls under the NSA. Pretty much every branch has a unit that supports the NSA in that endevour, as well as NSA employees and government contractors. The most important thing you would need to get involved as a civilian would be a TS SI clearance with a lifestyles polygraph. The clearance, and a computer programming background would get you in with most of the contracting companies.

Yeah but that would requiring moving and the wife won't go X amount of miles from family. Now as soon as she gets bored with / sick of me and I'm single, GO TIME!

But how're you going to play WoW from inside Ft. Meade? There's benefits, and then there's drawbacks, man.

Same way I play here at work. My personal laptop tethered to my epic.

I thought shit can't go past the air gap!!

I doubt his current work involves SIPR.

I doubt his current work involves SIPR.

Correct. Now it's just iSeries fun, mostly for distribution and logistics companies.

I thought shit can't go past the air gap!!

I know you're fuckin with, you gotta be. Don't make me explain the interwebnetness to you!!!!

I wonder what country financed and developed it to stop Iran. I mean, a specific target, with specific systems, vulnerabilities, access methods, distribution and timing over several years?

Any bits and pieces off the manufacturing line that function with 0s and 1s and have an iota of a model # are always exploitable. Probably transactions between several countries. Some in the know-how, some in the sort of know-how, some in the not know-how. But raining paper = make it so. Sometimes.

The US or Israeli or some collaboration between the two is my best guess.

The US or Israeli or some collaboration between the two is my best guess.

Yeah that would be my guess as well.

Anything with a MAC address is exploitable, so yeah.

Anything with a MAC address is exploitable, so yeah.

They weren't using macs they were using pcs. Duh.

Same way I play here at work. My personal laptop tethered to my epic.

Good luck getting either one past the guards at the enterance. Assuming you manage to butthole smuggle both inside, which according to Rob is well within your capabilities, the main NSA campus is one giant faraday cage...

Lol yeah obviously I wouldn't be doing that at work there. Now at my old command, sure. And we will leave cubic measurements out of this!