BlackbirdBuilt for SpeedPremiumReviews:
Fort Wayne, IN
|reply to Name Game |
Re: Flame: Massive cyber-attack discovered, researchers say
said by Name Game:A sneaker-net, just as it's always been, remains a network... primitive or simplistic or slow as that might be. And if one of the sneaker-netted computers is connected to the Internet, then all the sneaker-netted computers are connected to the Internet - only over very slow, erratic links. It's all so 1990 retro... only now we use terms like "human vectors," and USB flashdrives are the data containers instead of 5-1/4 or 3-1/2 inch floppies.
... there might not have been a mole but rather an unsuspecting party...the whole article is a good technical read.
FLAME The Story of Leaked Data Carried by Human Vector
So, how is the memory stick carried between the two systems? Well, here is where the human factor kicks in. So its amazing how two instances of Flame communicate with one another using a memory stick and a human as a channel. A private channel is created between two machines and the person carrying the memory stick has no idea that he/she is actually contributing to the data leak. Of course this operation could also be achieved by a man inside a mole who intentionally carries the stick from the restricted network that is being spied on to a system with internet access.
edited to add: A long time ago (in computer years), a pretty smart coworker once told me that computers are like hospital patients, and you have to apply infection controls as if they were. Anything you stick into one patient, you don't just stick into another patient without disinfecting it first... you assume it's contaminated, unless absolutely proven otherwise.
That's why smart organizations once clamped down, HARD, on sneaker-nets... and banned ANY "outside" media from being brought into their facilities and put into their systems. It wasn't perfect, but it helped contain plagues. Now we're in the era of the employee laptop, the micro-Flashdrive, and all the rest. And, because of the twin attractions of 'user convenience' and having 24/7 employees available via "outside" lappies, many organizations have apparently regressed to the olden days, back before "infection control" and the cross-contamination prohibitions. And obviously, some spook agencies out there in this cold, cruel world have taken notice... as well as exploitive action.
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775
North Myrtle Beach, SC
So true..I be on the road now fly fishing for trout 20 feet from where sit now between doing these post at the forum for the last month on a creek in PA Had to get some scripts at the pharmacy for the wife and saw a coupon on the net from the manufacture for $15 off each fill for a year. So no printer here just the lappy and I put the coupon on a flash drive in pdf. They of course need a hard copy.
None of the pharmacies around here would touch the flash drive with a ten foot pole..and I figured they would not.
So started out at the office depot and found they had closed up for good.. so I sweet talk a gal at the travel agency here to give it a try..but even though her PC had a port..it would not recognize the flash..in the end... since her pc was on the internet..she just went to the link and copied it too to paper. All is well.
Just for laughs.. I stopped by the walley world instant photo place with the machine that take USB and other media device a few days after that and ask them.. if the coupon was in jpg or other..would they make a photo of it next time if a needed something like that. Word is..no deal..photos only since they are not allowed to do coupons..something about most always state they can not be reproduced so they don't touch any of them.
I am not disappointed..I am happy most of these places would not touch an unknown quantity like this..say a lot for security.
Yes..I have done stuff like this with just having someone look at the screen of my smart phone and give the ok for many things out there...just in case some one suggest that next time.
Gladiator Security Forum