May 12, 2005

REAL ID... All Your Data Belong To Us

I haven't said anything much about the latest intrusion by the government - the REAL ID act - mainly because I've said most of it before. There are so many ways that this latest and greatest ID can be misused and/or cause trouble... and I get very tired of repeating myself.

Then I got an email (one of numerous email lists I belong to) pointing to a recent story of data theft. It initially involves the theft of Operating System code from Cisco Systems Routers (these routers are used extensively to direct internet traffic).

Now federal officials and computer security investigators have acknowledged that the Cisco break-in last year was only part of a more extensive operation - involving a single intruder or a small band, apparently based in Europe - in which thousands of computer systems were similarly penetrated.



Investigators in the United States and Europe say they have spent almost a year pursuing the case involving attacks on computer systems serving the American military, NASA and research laboratories.

First of all - let me say - yes it is the NYT presenting this story... so we have no idea how reliable the embellishment is from the basic story found on Reuters. Their take is as follows:

Several supercomputer labs in April 2004 reported that computers connected to the high-speed TeraGrid network had been breached.

A spokeswoman for the White Sands Missile Range in New Mexico confirmed that the facility had experienced an intrusion around the time that Cisco reported its breach, but said no sensitive information was obtained.

Okay guys - whatever you say.

Here is the crux of the matter - large systems with lots of juicy data are HUGE magnets for hackers. Period. Once you put all your information into one neat little bundle, you have made the job of the bad guys about 1000 times easier. Could they have collected all that data from existing systems? Certainly... but why not make them work for it?

I will admit to tremendous paranoia when it comes to computer systems and the data they store. After all, many of the government systems are so very poorly secured, they can't even get a "governmental" passing grade... and that includes the Department of Homeland Security - whose computers flunked the security test completely. Yeah, that just makes me feel all warm and fuzzy when it comes to them storing MY data.

The Congress people who pushed this are all real proud of how they are doing something to stop... ummmm.... I'm not quite sure what. After all, even with all of the supposed identification needed to get a REAL ID, the ID itself won't stop an attack. If I say I'm Joe Smith and I prove I'm Joe Smith and I have a REAL ID saying I'm Joe Smith... I can still try to hijack a plane or bomb a building. Just because I know who someone is... does not mean it will stop bad people from doing very bad things. For that matter - having an ID system like this could be detrimental. It may cause security people to be less vigilant... after all if you've got an ID - you must be okay... Right? Um - sure.

And what really worries me are the people who can get into the systems undetected. The news stories are about the ones who got caught... it's the ones they DON'T catch that should scare the socks off you. Have a nice evening now...

Posted by: Teresa in WebTech at 06:33 PM | Comments (2) | Add Comment
Post contains 590 words, total size 4 kb.

<< Page 1 of 1 >>
24kb generated in CPU 0.02, elapsed 0.0257 seconds.
67 queries taking 0.0153 seconds, 218 records returned.
Powered by Minx 1.1.6c-pink.