Comment on Anonymous: Trump is making America weaker and we’ll exploit it - News Cafe
wizardbeard@lemmy.dbzer0.com 2 days ago
Anything supposedly said by “Anonymous” as a hacker group should always be treated with immense skepticism.
There do exist somewhat legitimate sub-factions that actually take serious actions and do serious ops, and also semi-legitimate “outlets” for their statements… but there’s also an overwhelming amount of smokescreen bullshit “anon news outlets” and little script kiddies running around. It’s important/intentional that those continue existing as smoke screen for the more “serious” factions.
Beyond that, being an anonymous group with no real methods of confirming membership to outsiders (insiders can just check if you’re in the private IRCs and etc) it means that just about anyone and everyone can make some big declaration like this. The proof will be in the results, not some announcement that could be made by a rando.
No matter who is really making these threats/warnings, I think things are going to get pretty dire in the US government IT space. It’s been well known for decades that most government orgs have absolutely abysmal cyber security, and now you have a bunch of young adult tech-bros with no true accountability running roughshod over all of it. Then there’s the fact that more than one of them have “serious black hat hacker” backgrounds.
Going to be one wild ride.
I don’t know about government overall, but the military and HHS have has some of the most stringent security stances I’ve encountered. To the point where just working for them was a massive chore. (How effective they were I guess I don’t know, but working for them sucked.)
That said, I’ll take what you said on faith, because I think you’re spot on with everything else.
Often, ridiculous and onerous procedural security is hiding massively incompetent actual software security or is used to constrain people from discovering security by obscurity holes. Everything I’ve done in government interfacing as a vendor would seem to confirm this, at least back when I was doing it a few years ago. You’d be hard pressed to convince me it’s changed much since.
I once answered a phone call inside a com closet on base. Military IT was already escorting me. Security came because the cameras in the closet detected the camera on my phone. It’s definitely physically tight security.
That said, I’ll take what you said on faith, because I think you’re spot on with everything else.
I mean, it’s not a secret that governments everywhere run really outdated software (think things like Windows 7 and older) because “it works”, so it really shouldn’t be too surprising.
I had to help the SSA implement SAML authentication once and they weren’t even allowed to share their screen so I could see what they were doing. Totally agree that it’s a massive chore.
There do exist somewhat legitimate sub-factions that actually take serious actions and do serious ops
Any examples or sources for me to learn more about these? The only Anonymous news I’ve heard of since the early days is updates on Kirtaner.
Yeah. I’ve only spent a few moments skimming through the linked article but if you were part of a legitimate hacktivism group planning a significant operation why would you publish this statement ?
It’s really just spooky hyperbole - as though written by an adolescent that want’s to sound scary and powerful.
I would absolutely love to see hacktivists cause some chaos, and maybe even some real financial harm.
The whole point is to being attention to the rise of fascism. Hacking without releasing a statement like this is just terrorism. Releasing a statement after hacking can make it easier for the govt to cover up, like “no we weren’t hacked, someone in our server room just accidentally tripped over a power cable”
I guess its pointless to believe their words since there is no way to know if its them. Just look at what they actually do and judge based on that.
It’s been well known for decades that most government orgs
I’ve seen Muni and Regional gov and also dotcoms.
The Govs I’ve been at were crazy-tight about security. They were unionized and could decide based on conscience vs costs. Dotcoms, though, followed a different trending, one that really focused on costs.
Semi_Hemi_Demigod@lemmy.world 1 day ago
Yeah, they’re running around the Treasury Dept right now
horse_battery_staple@lemmy.world 1 day ago
Known and vetted systems are always the most secure. Until RSA is broken, and then they’ll need to update to a quantum resilient standard. Which we’ve had in the wild for 6 years already and the NIST has officially approved for 2 years.
We’re still at least a decade away from a machine with enough qbits to do it. So i feel like we should be fine.
It’s the fucking Credit Bureaus, Telecoms, and Energy Companies I worry about. They keep fucking up.
Semi_Hemi_Demigod@lemmy.world 1 day ago
Anyone who complies with the NIST standards is in a good place.
The problem is that a lot of places are not in compliance with NIST standards.
I know, I’ve helped patch them.
horse_battery_staple@lemmy.world 1 day ago
Yep, but we’ve got at least a decade to do it, and when new systems are stood up yhey "should be in compliance.