ATF Data Breach

[TFOGGER]

Air gaps are about as good as we can do, but you should see the (publicly published) proof of concept methods for remotely compromising air-gapped systems.

I'm familiar with the concept of Van Eck phreaking, and that's a proven technique. Air gapped in a Faraday cage might be considered secure, but there's probably a way around that too. In a high secuity network, the biggest weakness is usually the wetware, not the hardware or software. People are stupid.

[Hound]

There is no patch for human stupidity...... No arguments there. My concern is that the "stuff" in the background (read networks) is so rarely secure. I keep seeing telnet and port 80 on supposedly new networks and when I ask why..... "The internal network is secure! The firewalls will protect us". WTH are we still thinking 1990's security still works now? I keep seeing encryption being "future tech", too difficult or certificates with 40bits of entropy....... Really?.... Just really? This is what IT (be it Gov or Enterprise) fights. And we all think they know what they are doing....... tell the next breach happens. The problem is these are the new battlefields. And we (the US) don't seem to realize it or even know for REAL how this will end. The next Pearl Harbor will not be on some far off island in the Pacific. It will be in the Nest thermostat that is networked accross a whole region and an easy backdoor to all of our information. That information, when control is lost, will bring us all down in ways Hollywood can only dream off. Tinfoil at the ready, the only thing saving us right now is that the wrong person has not been at the wrong place at the wrong time with the will to bring it all crashing down. TEMPEST controls are not the concern.... That is too surgical and labor intensive. Air gaps don't let business do business. IT needs to own security, they already own the keys to the kingdom. They need oversight by a security team, not to catch them like a cop (that only leads to working around being caught not real security.), but to inform upper management if IT is doing its jobs. The fundamental organization is wrong, the accountability and responsibility is wrong, the decision making actually happens at the admin level instead of management level (it's like the Star Trek Paclids saying "You'er smart.... You make 'GO'") and finally we need to take this seriously. Between OPM like breaches from the government losing our PII and places like Home Depot losing our financial data there is only so much the "trust" system that is at the core of all networks can take before it all falls.

I'm familiar with the concept of Van Eck phreaking, and that's a proven technique. Air gapped in a Faraday cage might be considered secure, but there's probably a way around that too. In a high secuity network, the biggest weakness is usually the wetware, not the hardware or software. People are stupid.