Subj : Re: Getting a baseline & seeing variations
To   : warmfuzzy
From : m00p
Date : Wed Jun 06 2018 10:46:13

 wa> Think back to the Edward Snoden leaks... could it have been prevented? 
 wa> Yes, and quite easily if they had the right fail-safes in place.  How? 
 wa> Well determining a baseline and monitoring variations.  What doe that
 wa> mean?  Well if you monitored what a normal traffic pattern is on the
 wa> file server and there is a massive spike in download activity you could
 wa> shut down a leech of data before all of the crown jewels are exposed. 
 wa> If an agency as elite as NSA doesn't use a baseline and leeching
 wa> controls there is something very wrong in the intelligence community. 
 wa> If they do implement such controls but lets it get through anyway there
 wa> is still a problem in the IC.  This is basic CEH (certified ethical
 wa> hacking) type of practice to be implemented---its not a hard thing to
 wa> put into place.

Okey, ive been working as a penetration tester/exploit developer/security
reseracher for over 20 years. Also speaking at the largest IT-sec conferences
in the world, being an advisory for some of the largest companies in the
world discussing these things.

CEH is a pile of sh*t to be honest, it doesnt teach you anything else than
how to run Core Impact, Nessis, SQLmap, nmap, Metasploit and other "hacker
tools". 
Regarding the snowden leak. You are correct that some NETWORK based patterns
can be identified, but imagine that they had this in place. A person like
Snoweden would know which security mechanisms they had, so he could find a
good way of extracting this information.

What about dumpng the leaks into a USB stick directly from the file server?
This would default any network monitoring software.

I am pretty sure that leaks in this scale cant be prevented. The Snowden case
is completely different from some hacker-gang compromising a machine with a
SQL injection and dumping that data, or extracting mail-spools etc. Snowden
was a pure inside job, and im pretty sure that the ONLY way to precent this
is simplt with ACL (Accessl Control Lists), water marking of documents and
maybe a quota system. You are not even allowed to access that many files at
the same time. Doesnt matter if you access them locally or over the network.

But these Ethical Hacking classes are a pile of crap! I even have a tshirt
with the CEH logo written wrong, CUNT = Certified Unethical Network Tester :)

Well, these are my personal thoughs, im not saying that you are wrong, im
just saying that i dont agree with you :)

--- Mystic BBS v1.12 A38 2018/01/01 (Windows/64)
 * Origin: SLiME CiTY BBS (700:100/26)

.