Re: We got owned by the Chinese and didn't even get a"lessons learned"

["Halvar Flake" <halvar () gmx de>]

Hey all,

> Sure, most of the gov and mil internet facing networks are a lot more lax 
> than they should be, but the classified stuff (even the stuff classified 
> at a mere Confidential level) is not there. Not. Look up things like 
> siprnet.

So correct me if I am wrong, but would a better way to ferret stuff out of 
classified
networks go like this:
1) Payload infects other DOC files on the HD and converts them to exploit as 
well
2) Payload does text-search for certain keywords, encrypts the text of the 
documents
   it found and adds the encrypted blobs to existing word files (up to a 
certain size)

While you'd only have limited control about the time and place when data 
will leak out
again, anytime they pass a DOC file through the airgap you have a chance of 
getting
something useful.

All this very much depends on getting a clean resume on the exploit. Does 
anyone
know if the attackers had that ?

Cheers,
Halvar