• Candelestine@lemmy.world
    link
    fedilink
    arrow-up
    14
    ·
    1 year ago

    This is probably worth believing.

    Fortunately, intelligence is a thing that goes steadily out-of-date as time passes. Also, once you know something has been compromised, you can take steps to significantly mitigate the damage.

    • Maharashtra@lemmy.world
      link
      fedilink
      arrow-up
      12
      ·
      1 year ago

      I don’t believe it, because I work in IT for decades and by now, above a certain level of confidence, the only way for vital information to be shared with wrong recipients can’t be accidental. Years-long “accidental” proceder couldn’t go unobserved. Too many people involved, too many IT-relevant security measures in the action.

      • Candelestine@lemmy.world
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        The entire point is it was happening in the past though. You think they would have been preventing it before 2015, when the article claims the man notified them?

          • CthuluVoIP@lemmy.world
            link
            fedilink
            arrow-up
            14
            ·
            1 year ago

            I dunno, man. I’ve been doing cybersecurity for two decades and there are an awful lot of really stupid / ignorant / blissfully unaware people in IT across the private sector - particularly at big and older companies. It wouldn’t surprise me in the slightest to learn that something like this goes unnoticed. Unless you suspect a problem, if the system isn’t subject to regular audit, it could go on for years without anyone bothering to check.

          • Candelestine@lemmy.world
            link
            fedilink
            arrow-up
            4
            ·
            1 year ago

            Well, without providing an in-depth breakdown of your thought process, you’re just a rando on the internet, along with all the rest of us. After all, I can say I’m the owner of Twitter if I really want.

            Nobody should ever believe anyone’s claims on here automatically. That would be a very unwise habit to get into, for anyone.

            I hope you’re right though, that would be good. It certainly makes more sense to me that this would be caught earlier, and the DoD simply wouldn’t bother telling anyone it was dealt with.

            • Maharashtra@lemmy.world
              link
              fedilink
              arrow-up
              3
              ·
              1 year ago

              I still remember the biggest flaw in Hayes 9600 and how to fix it, or how to set up two soundcards so that their IRQs aren’t in conflict, in DOS environment if it helps strengthening my credentials. 😎

              (Unless one of those cards is Gravis’ clone called Primax, these were often impossible to pair with good old Soundblaster).

                • Maharashtra@lemmy.world
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  Appeal to authority

                  I didn’t quote anyone famous or important.

                  Please do not use words and expressions you’ve heard from someone but neither fully understand, nor seem particularly interested in researching.

      • stevecrox@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Have you met any of the big IT supply subcontractors?

        Many have built a business around highly specific contracts, the expectation is the service level agreements are technically met. Anything outside the contract is irrelevant and will not be done until a contract is in place. This is reflected in the culture of its staff.

        For example if you raised a problem and a team had a 24 hour SLA, the team is focussed on closing the ticket within 24 hours, so they will look for a reason to close the ticket. If you outlined a problem and suggested the issue might be in X area, they will declare “User stated a problem in X, X dashboard is green” and close the ticket. 24 Hour SLA Met!

        It might take you 20+ tickets before your actual problem is resolved but from their perspective that was 20+ tickets all completed within 24 hour SLA and that is the metric reported in the contact.

        If you try and expose the fact it took 20 days to resolve your problem, staff in these organisations will close ranks to protect each other and the business will protect them on the basis it undermines the metrics for the contract.

        It really isn’t surprising

        • Maharashtra@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          You sound like you think there are only humans working on local IT security and that it’s ticket-based model.

      • BoofStroke@lemm.ee
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Not to mention that classified information won’t even be on the regular mail system to begin with, it will be on SIPRNet where this scenario is not even possible.

        • PhoenixRising@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I thought the issue was that even though it wasn’t classified info, the shear volume of “mundane” info was enough to figure it out. Stuff like an average soldier saying “Yeah, I’m getting stationed at Fort blah, Jimmy is heading out to Fort Blah” or “My departure time is 1900 and arrival is 2300”. All that information can paint a pretty accurate picture.