funsec mailing list archives

Re: Petraeus

From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 12 Nov 2012 12:54:15 -0500

Upon further review...and since this is *funsec*, I'd like to ask a
few rhetorical security questions about this.  I'm sure there are
more that haven't occurred to me yet.

1. How is it that the Director of the CIA does not know how to use
email (relatively) securely?   Did he really compose unencrypted messages
to his paramour using CIA computers on the CIA network and send them
via CIA mail servers?  Really?  REALLY?

If *that* is the clue level of senior national security professionals,
we don't need to be worried about being hacked by the Chinese during
OMG!! CYBERWAR!! or something similar.  We need to worry about being
hacked by bored fifteen-year-olds in Dubuque.

2. How was this woman able to reply?  Is it actually possible for
someone on the public Internet to send an email message to the
inbox of the Director of the CIA?  Why?  Whose bright idea was THAT?

3. The Director of the CIA holds an UltraTopSuperSecret security
clearance or whatever it's called this week.  What does this incident
tell us about the ability of the security clearance system to actually,
you know, provide security? [1]

4. If the internal mechanisms of government aren't sufficient to (quickly)
catch a very very senior person having an affair -- and doing it
incompetently -- then why should we believe that they're sufficient to
catch a well-trained, careful, diligent spy?

5. How do we know that "our" people were the first ones to catch him?

6. What if they weren't?

---rsk

[1] According to "Espionage by the Numbers; A Statistical Overview", 
74% of known cold-war era spies (in their sample set of 141) held
clearances.  Please see:

        http://rf-web.tamu.edu/security/security%20guide/Treason/Numbers.htm

Given that clearances are now being handed out like candy at Halloween,
I can't imagine that this percentage is going to decrease.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Petraeus, (continued)
- Re: Petraeus Rich Kulawiec (Nov 10)
  - Re: Petraeus Blanchard, Michael (InfoSec) (Nov 12)
    - Re: Petraeus Marc (Nov 12)
    - Re: Petraeus John Bambenek (Nov 12)
    - Re: Petraeus Richard Golodner (Nov 12)
    - Re: Petraeus Marc (Nov 12)
    - Re: Petraeus Paul Ferguson (Nov 12)
    - Re: Petraeus Danny McPherson (Nov 12)
    - Re: Petraeus lists (Nov 12)
    - Re: Petraeus David M Chess (Nov 21)
  - Re: Petraeus Rich Kulawiec (Nov 12)
    - Re: Petraeus phester (Nov 12)
    - Re: Petraeus Paul Ferguson (Nov 12)
    - Re: Petraeus Rich Kulawiec (Nov 21)
    - Re: Petraeus mark seiden (Nov 21)