From: Sebastian Garcia (sgarcia@citefa.gov.ar)
Date: Fri May 13 2005 - 07:55:20 EDT
I hope this was what you were looking for.
In 2002, www.trustmatta.com consultants analysed CIA PoP (Points of
Presence) on the Internet.
Their quote:
"...Through entirely using open sources (primarily Internet search
engines, WHOIS servers & DNS requests), Matta has undertaken the task of
performing Internetbased counterintelligence against the Central
Intelligence Agency (CIA), with some surprising results. It should be
clearly noted that, at no point did we port scan or directly probe any
CIA Internetbased networks, as all of our intelligence was gathered
using open sources. This counterintelligence was undertaken entirely
within English and American
law regarding computer misuse and control of data. If Matta had been
authorised to launch a determined attack (encompassing network scanning
and aggressive probing of the CIA<A1><C7>s infrastructure) more
information would have been gleaned. In the interests of Matta retaining
professionalism, entirely open sources were used in-line with the law."
It's worth noting that the information they gatter from emails was
minimal. And they didn't found interal ip address in emails.
I think this was the "urban legend" part.
http://www.trustmatta.com/downloads/Matta_Counterintelligence.pdf
http://www.trustmatta.com/services/docs/cia-map.jpg
Sebas
On Thu, 2005-05-12 at 09:45 +1200, Brendan Murray wrote:
> A few years, maybe 2, back I heard that someone in Germany (?) had
> mapped the internal CIA (NSA?) network using the mail header
> information. Unfortunately that might be urban legend since I could
> never find the article - but if it is true then it would suggest
> obfuscating the headers would be a good thing, in the right
> circumstances.
>
> Now if anyone could fid me a pointer to that story I'd be very appreciative.
>
> On 5/10/05, anyluser <anyluser@yahoo.com> wrote:
> >
> > IMO there's a balance between sec through obscurity
> > (STO) and flat out information leakage. Just as most
> > things in security, this as much a balance as any
> > other.
> >
> > Generally speaking sec through obscurity implies (to
> > me) that you're relying on the obfuscation for more
> > then it's really worth. If you think it'll keep you
> > safe, you're using STO. If you're realistic about
> > your expectations then do a CBA (cost/benefit
> > analysis) and make your decision as to whether or not
> > it's worthwhile.
> >
> > IMO if there's a mail routing infrastructure behind
> > your borders then you should obscure it to the
> > outside, if you have the time. That'
> >
> > Granted it wont make you secure but it'll least keep
> > your infrastructure details relatively private, which
> > being the paranoid lot we probably are is a good
> > thing. :)
> >
> >
> > -----Original Message-----
> > From: Bipin Gautam [mailto:visitbipin@hotmail.com]
> > Sent: Monday, May 09, 2005 10:36 AM
> > To: pen-test@securityfocus.com
> > Subject: Filtering email headers generated from
> > internal network (Sensible?)
> >
> > Is it sensible to filter extra email headers in the
> > gateway generated from your internal network before it
> > leaves your server, so that Information like...
> > User-Agent:, X-Virus-Scanned:, and those EXTRA hopps
> > of Received from: (headers........) won't leak
> > out, which could be a valuable information for a
> > potential intruder. Moreover the trouble multiplies if
> > a software exploit is realesed before patch. It is
> > kinda Security by obscurity. But if it buys you some
> > extra time to act isn't is sensible to impliment or
> > just too paranoid?
> >
> > drop your views,
> > Bipin Gautam
> > http://bipin.sosvulnerable.net/
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com
> >
-- Sebastian Garcia Si6 - Laboratorio de Seguridad Informatica CITEFA San Juan B. de La Salle 4397 B1603ALO Villa Martelli - Pcia. Bs. As. Tel: (54-11) 4709-8289 e-mail: sgarcia@citefa.gov.ar - www.citefa.gov.ar/si6/ http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x4305E810
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:20 EDT
