|
Government Use
Mike "Ender Wiggin" Hudack
(with assistance from whoever@attrition.org)
Every few minutes, a new visitor from the US Government visits OSAll, Attrition.org and HNN. Every day, NSA stops by to read the latest news on OSAll. Once, the German military read an astounding thousand pages of information on OSAll in a single day. Why? The Department of Defense, the Justice Department and the Intelligence Community rely on these three websites for the latest infosec news.
The other day, admins from Attrition, OSAll and HNN spent hours grepping logs for .mil and .gov domains -- we found more than we had expected. Not only that, but we backtracked every available numerical IP and found even more visits from Fort Meade and various Air Force, Navy and Army facilities.
Fort Meade (headquarters of the National Security Agency) seems to be the most serious visitor to OSAll, with hundreds upon hundreds of requests per month. In fact, NSA has a bot that reads new news from OSAll every Monday through Friday at the same time daily. NSA is, in effect, placing its trust in OSAll as a reliable news source in the infosec world. But why can´t NSA rely on its own sources instead of reading Attrition for news of the latest cracked web pages and OSAll for the latest government security short-comings?
Quite simply, NSA simply doesn´t have the sources in this arena. They don´t have people auditing security, browsing for cracked pages or reading GAO (Government Accounting Office) reports. Instead they rely on the journalistic fringe so exemplified by sites like Attrition, OSAll and HNN. According to an NSA source, "We care about what´s happening out there, but we don´t care enough to look into it ourselves. [Sites like these] allow us to keep tabs without the commitment."
Comments like that are reminiscent of Cliff Stole´s excellant book The Cuckoo´s Egg in which NSA was fascinated by accounts of hacks and cracks but not enough to do anything about it. NSA´s comments still don´t explain everything, however. How about the Air Force bases (AFBs) and Army facilities?
A sergeant at Scott AFB explains, "We´re not really into that stuff as an organisation. It´s more that individuals are browsing on their own time." It may be on their own time, but we´re still a little suspicious that it´s either not Air Force personnel or that it´s an Air Force organisation interested in infosec.
As Jericho of Attrition explains, "A lot of these .mil domains aren´t really what they seem. The intelligence community uses innocent-looking .mil systems a lot," and he should know -- he´s spent days at conferences teaching personnel from agencies such as NSA and DOJ about infosec.
A more telling part of the logs is an implied endorsement of the sites NSA, DOJ and DoD (NSA is a part of DoD) visit so frequently. After all, there are lots of infosec sites out there but they´ve singled out only a few for such frequent visits. There´s more to this endorsement than a little tooting of one´s own horn, however. There´s a deeper problem caused by the reliance upon only a few sites.
After all, what if OSAll and HNN miss an important story that a site like AntiOnline picks up instead? We´re sure that our logs aren´t the only ones showing visits from these organisations, but we have seen AntiOnline´s logs: they don´t receive nearly as many visits from these people. NSA, DOJ and DoD have to learn to diversify in the same way that stock market players diversify: they´re putting their eggs in three baskets at the moment.
For more information on these interesting visitors, you can check out Attrition´s list of government visitors and their list of military visitors. In addition, OSAll will begin publishing a newsletter which will include interesting log entries.
We hope that NSA, FBI, DoD and the rest of the DOJ enjoyed reading this article. You´re welcome to continue reading our site -- we take it as a compliment. Attrition and HNN feel the same way, by the way. |
