Cybersecurity and the U.S. House of Nonsense

Thursday, June 02, 2011

J. Oquendo


And so the redundant headlines emblazoned my screen "The accounts targeted reportedly included those of senior U.S. government officials as well as Chinese activists and journalists."

There is nothing new or unique her however, I am now beginning to question the mind-state of politicians who would use Gmail or any other free email service for any kind of sensitive or even mission critical US data. Is it just me or are some of these politicians missing some marbles?

Unless US government officials have been living under a rock, they might not have seen or heard about Sarah Palin's account being hacked [2], Weinergate [3], or those cloned RSA ID tokens [4]. It is becoming disgusting and I don't mean the security state of affairs but the fact that those in government should know better.

When it comes to the technical side of the arena, there is only so much that can be expected of non-tech-savvy individuals. Not many are aware of the attack vectors and this is understandable, however, when it comes to mission critical, sensitive information, why are government officials using anything outside of vetted networks, connections, and or software. This is not only puzzling but borders on outright stupidity and negligence.

More puzzling is, not only the overall claim that "China's Government is Hacking" as that can be debunked [5]. While it is simple to point the finger at China, the reality is that, it is more complex to outright prove this because of the complexities involved with spoofing.

Not to mention, every blackhat from here to Montezuma knows that China is the first choice to use when pivoting attacks. Better to attack from China as the likelihood of being caught is so low and with potential for escalation from a "cyber war" to full-fledged war on the horizon [6], I choose to question the United States' negligence on "getting hacked."

Imagine for a moment I live in a bad neighborhood. Knowing I live in this bad neighborhood, I see news reports warning me about potential break-ins and choose to ignore the reports leaving my expensive possessions right by my window for a passerby to see. Who is at fault here? Sure I can say "there is an expectation of privacy," or "there is an expectation that my home is a sanctuary and no one should enter it," or whatever argument I can muster.

The reality is that, the world is a cruel place, and I am equally stupid and negligent for keeping my expensive possessions at the window. I should have learned from what happened to my neighbors  [2,3] that it is a bad idea to keep doing what I was doing. Same applies for government officials using free-mail services.

When will the "a-ha!" common sense factor kick in? Is it hard to fathom that times have changed, risks have risen or is it that there are some people in government and the private sector truly look forward to a "war of words" escalated from nonsensical cyber attacks that would have never happened had someone used their brains for a change?

Personally, I don't blame any country as all countries spy on one another. There is little to see at this point concerning "China is hacking us" since it seems that US government officials don't seem to care whether or not their data is compromised.

If they did care, they would be using common sense at this point. There would be mandates from officials to stop using insecure means of communications. That is after all, if the US were truly concerned with matters of cybersecurity.




Possibly Related Articles:
Information Security
Gmail China Government Cyber Security Attacks hackers
Post Rating I Like this!
Don Eijndhoven I couldn't agree more. In fact - your article inspired me to write one about user ignorance and why (I believe) this isn't really improving. Thanks J ;)
J. Oquendo Don - outside of that factor (ignorance), I'm just shocked that no one is calling into question why aren't there any qualms raised with regards to politicians using personal email accounts on government computers and or why the heck they would be sending out anything relevant through them.

It's one thing to cry foul (spearphishing) however its another thing to come out with "they're stealing sensitive data from our personal GMail account!" ... Solution is simple, disallow and or punish those who access personal email from government machines, create sanctions and actually PUNISH a user who sends out sensitive information via their personal account (non-gov email) OR... Filter out Gmail from the workplace (gov offices).
Don Eijndhoven Aye, I agree with that. You would think that with all the scandals from the past few years someone would be inviting these people for a little chat. There IS such a thing as OpSec in Government, and im fairly certain this is a violation.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.