[Full-disclosure] Pro US government hackerganda
lostzero at gmail.com
Fri Sep 14 18:18:33 BST 2007
You're looking at it from the wrong view. The 20 terabytes didn't happen
overnight. Without a starting time frame you have no idea how many "years"
it has been happening. Not to mention they have workstations and servers
all over the world. Which means no 1 agency or individual looks at all the
traffic from all the locations at the same time. If your network produced
terabytes of traffic a day, 50-100mb isn't that eye catching.
From: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of
Valdis.Kletnieks at vt.edu
Sent: Friday, September 14, 2007 12:41 PM
Subject: Re: [Full-disclosure] Pro US government hackerganda
On Fri, 14 Sep 2007 01:41:40 -0000, jf said:
> You're suffering from a logical falicy, I worked in that arena (albeit it
> a different agency) in incident response for quite some time, while I find
> the number somewhat high, it's not unreasonable, if you broke into $lots
> of workstations and servers on a regular basis and downloaded everything
> that ended in extensions like .pdf, .eml, .doc, et cetera, it wouldn't
> take that long to get up to very high numbers. This is exactly what has
> occurred and makes your assertion that of ignorance and presumption.
Right. The first point is that you'd have to break into *lots* of boxes to
enough PDF's to get 20 terabytes. That's asleep-at-the-wheel #1.
Then there's asleep-at-the-wheel #2 - moving 20 terabytes off the network
without the resulting traffic being noticed. It isn't rocket science to
keep aggregate traffic logs and say "Wow, that workstation usually only
a megabyte or two per day to the Outside World, mostly in the form of Google
queries and GET requests for cnn.com pages. Today they've send 2 gigabytes
out - I wonder what changed".
Maybe that network needs to contract upload detection out to the RIAA.....
Full-Disclosure is hosted and sponsored by Secunia.