[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /cyb/ - 34925



File: 1470794769829.png (143.79 KB, 232x300, UncleSam.jpg)

No.34925

ask someone with a security clearance anything.

also DISA/DSA propaganda thread.

  No.34926

>>34925
What sort of clearance?

What country?

What do you do? (in terms as vague as you need to legally describe your job.)

How do you feel about what you do? Do you ever consider your work morally questionable? Or wonder why some things are classified?

Coffee or tea?

  No.34927

File: 1470796082511.png (1015.3 KB, 153x200, KnowTheRisks.jpg)

clearances range from classified secret to top secret. OPSEC dictates i cant say.

USA, land of the free :3

I work in information systems. Linux primarily. my day to day is mostly redhat.

After a certain point you dont really "feel" anything. i was nervous applying, for sure. form 86 as its called, is very personal and means you have to inconvenience a bunch of your friends and family with potential visits from the department of state.

http://www.state.gov/m/ds/clearances/c10978.htm

Pride perhaps? Im really pretty proud ive been trusted to do this kind of work at all. people look at the news and see a lot of horrible stuff associated with government work. classified is a scary word...not many people really know what it is at all outside of hollywood. first of all, we arent allowed to mark things "classified" just because its embarrassing to the government, or because it "feels right." there are very strict rules on what gets called. 99% of that which gets called classified is meaningful work, or mundane. its not as scandalous as the media makes it out to be.

Tea. ten ren, or a good black. you?

  No.34932

File: 1470800870795.png (41.32 KB, 200x113, wan_wan.jpg)

>>34927

What is something that is top secret that you could/would share, that won't compromise your identity?

Should we really be scared as scared of the government as a lot of lainons are? Why or why not?

Are you watching lainchan, for work reasons, or are you here because it's relevant to your own personal interests?

  No.34934

File: 1470802452274.png (826.36 KB, 155x200, ALessonInSecurity.jpg)

>>34932
again, it doesnt work like TV. Everything you do is on a 'need to know' basis. i literally cant, because opsec. the systems and processes in place for classified access make it extremely simple to deduce a leak or source. you wouldnt be amazed by anything I know.

that having been said, its kinda frustrating. you know you're helping. you know the thing you do helps, and is actually very interesting. you just cant tell anyone. what if you worked on something that was so important it wouldnt succeed unless you kept it a secret? Like a birthday party? I cant describe it. Classified isnt forever. almost every classified document becomes unclassified. legally, it must happen. its just a matter of time.

scared is a strong word. I think local government is far more detrimental to the idea of a functional society or even 'america' than the federal government is. the ice cream man gets elected to governor and suddenly bathrooms are criminalized. Flint elected a jackass for mayor and reaped a harvest of more than 40 years of brain damaged populous and long term healthcare requirements that exceed the average for every state. they will ask for federal money, and get it, because there is no choice but to beg for help.

that having been said, you should practice opsec. the same policies and procedures that protect the government, protect you too. use selinux, use multifactor, encrypt everything thats sacred. avoid social networks, or sterilize your presence.

im not watching lainchan. im here because i grew up on cyberpunk. I jammed with the console cowboys, played with aohell, was suspended from highschool for hacking, pretended there was only 1 matrix. I cried when spike died and when the tachicoma fought for Batou. I surf lainchan because Its familiar and I like it.

  No.34939

Do you know how easy it is for other large companies to get security clearances?

Is there anything you can tell us about the interaction between for profit businesses and national security?

Can you tell us general insider opinions of figures like Snowden, Manning, and Assange?

Sort of repeating the other lainon's question: Should we really be as afraid of large businesses like Google as say, Assange is?

  No.34940

File: 1470810758683.png (38.08 KB, 200x134, swagjeet.jpg)

>guys i have a security clearance
>cant say anything cuz le opsec
>validate me please
fake and gay also stop attention whoring
literally nothing you're saying can't be found elsewhere

  No.34945

>>34927
>form 86 as its called, is very personal and means you have to inconvenience a bunch of your friends and family with potential visits from the department of state.

That's the part that would probably disqualify me because I don't have many friends at all. maybe one i could put down for it.

  No.34946

>>34945
I know a friendless guy with a security clearance, he said it's the job of the guy who verifies you to get you verified. If you have no friends it's his problem.

  No.34949

File: 1470829196005.png (442.1 KB, 155x200, ClassifiedPhone.jpg)

>>34939
its not easy. there are requirements for regular monitoring and often times restrictions on who you can employ, for example, foreign nationals.
https://www.fedramp.gov/resources/faqs/what-is-an-authority-to-operate-ato/
there is a lot of planning required based on what the company might be in business for.

for profit businesses and national security? hm. nothing other than the same companies you use are often selling things at the government level. Microsoft, Google, etc...they choose to operate in the government sphere, so there are contracts to bid and rules to play by.

afraid of large business? Im not sure. which ones? I often ask do they operate ethically, what is the product, how well does it perform, and does it compromise my personal opsec. where does my information go and what happens to it, that sort of stuff. It feels like companies will sell you the world if youll just agree to the terms, and most of them suffer some kind of security breach eventually. Facebook is a company where you are the product, so its obvious that using it is against your best interest.

>>34940
thats exactly it. everything im saying can be found elsewhere but unless you know what to ask, you likely wont find it. theres nothing really magical about the thread (sorry.) why not learn about, say, how to do derivative classification?
http://cdsetrain.dtic.mil/dcrefresher/index.htm#

  No.34950

>>34945
I ended up listing my barber.

OP, ever wonder what happened to your SF86 information after the OPM breach? Want to venture a guess?

>>34939
As long as a company meets NIST requirements, has the mandated IA positions filled, and wins the contract there is no real issue. There are plenty of companies that will higher people just to have a requirement met, like a buddy of mine making 100k yearly just for having CISSP and a couple MS certs. How easy is it? We have security contractors that are chinese nationals in mainland China.

Governments don't like any multinational corps, for obvious reasons.

Nessus has a deal with DISA for ACAS, so we use it for vulnerability scans. Runs on redhat (sup OP), like nearly everything government thats not solaris garbage.

  No.34951

File: 1470831314472.png (986.47 KB, 200x171, tmp_24698-purple-dragon-966913649.jpg)

>>34932
>What is something that is top secret that you could/would share, that won't compromise your identity?

Anything snowden already spilled the beans on. Just because it was disclosed doesn't mean its not still classified. I knew of a couple people having their personal electronic devices confiscated after reading news sites when the whole debacle went on.

I'd be scared of any corp with poor security that may have your PII, not just government.

Don't flatter yourself.

  No.34963

>>34927
>its not as scandalous as the media makes it out to be
I had an uncle who was in naval intelligence in Canada during the 90's. He said the majority of information that passed through his hands, though it was classified, was so boring that you wouldn't care to hear it anyway. I knew that they listened to "international communication" but that was all anyone knew about it. My father's friend had another friend who worked at the same facility. He never talked about it either except that one day after work he said "Gaddafi has a cold today". Gripping stuff.


PS: I cried for the tachikomas too ;_;

  No.34967

File: 1470869320364.png (405.83 KB, 155x200, InformationArmy.jpg)

>>34950
not bad. I think i added a bartender. again, for most of your SF86 its just plugging in people you know...rarely do they need to be besties. its a profile.

as for the breach, its funny how when youre a private company and you subcontract your work out its your subcontractors fault, but when youre a government agency you have to take the blame for subcontractors. most OPM collection and repository is handled by government contractors and was largely privatized during the Bush administration. the breech was, im told, an issue with their contractor. FWIW OPM has been starved for funding for decades anyhow...I have a theory that it only became a tipping point after 9/11.

post 9/11 you suddenly had a ton of these midwestern and southeastern companies with zero defense or national security experience that were bidding on grants and projects alongside 40 year old juggernauts of defense like Raytheon. now some will say its because business rose to the call of the nation after a crisis, but im willing to say most of these companies were friend-of-a-senator teat-sucking cash grabs. Again, mind you, these are companies going toe-to-toe with industrials like General Atomics expecting to win a contract for $weapons_system. theyd get crushed on the initial, but GA in turn now had a subcontractor they would see pressure to farm work to. in order to accept that work, you need a certain number of man hours or classified capacity and these companies knew that. they knew the worst thing to come out of a classified bid was if you couldnt cover the working hours, so they blanketed their employees with security clearances and flooded OPM with applications. Does the janitor and the secretary need a clearance? well no, but even though theyll never get sponsored the headcount looks good on your bids. You cover your application fees and overhead, of course, by padding your classified billable hours. now you cost as much as a Raytheon, arent worth as much as a McDonalds, but no one cares. Senator Porkington got jobs in his state, case closed. The ATO companies ive seen are a joke...they plaster things like 'no foreign nationals past this point' on their parking lot entrance and it means nothing. maybe they think a colonel or a senator cares.

>>34963
and again, the information he was privy to is inevitably declassified after a period of time.

  No.34969

>>34925
What's the difference between classified secret and top secret? could you give sample examples of what would make info fall into which cat.?

Are there any higher levels you are not cleared for? - if so what kind of info would go up there?

is there ANY circumstance in which information is removed from record (or never makes it to record) before it can be classified and so not made public in the long run?

can you clarify: >>34927
>almost every classified document becomes unclassified
ALMOST? what type or cat of info would not be unclassified? any info ever get classified till the end of days?

How much integration is there with foreign partners? is it routine/daily/familiar or is it a bit special/something big when interactions of that sort happen?

Do you/your agency troll through personal info of individuals more targeted, or work more on linking pointers and finding "the big picture"?

When info is declassified how do you get some? where is the best place to find it as a member of the public?

Do you have a very nice computer with lots of ram? can it run crysis? How much hard drive space does your network have?

Do you recommend Raid 6 or Raid 10? or something else? - Does Top secret stuff stay on hard drives/digital or is it hard copied and stored in vaults? If Digital what formats and how guarantee it can be safe and read in say 40-50yrs or more? (how long is max duration for classification?)

As much as you feel you can say would be interesting to hear about.

P.S. >>34951
>Don't flatter yourself.
Emmm? As in you have to be p-paid to be here...

  No.34970

File: 1470875116989.png (753.02 KB, 153x200, Bradley_Manning.jpg)

>>34969
by definition its the difference between the level of harm it could cause national security if it were leaked. the difference between the two is determined by the classifier. believe it or not two completely unclassified documents or pieces of information, when combined together, could become top secret. conversely a snippet of top secret data taken in a report might be entirely acceptable as unclassified. it really depends. check out my earlier post on derivative.

there are surely cases where undocumented information never gets made public. for example the taste of the lubricant on a hind helicopter? its important to remember that the goal is to reduce and limit the total amount of classified data in general. if it doesnt need it, and its reviewed, then it never gets classified. the weather in Iraq for example.

there are rare situations where you can extend 10, or 50 years a classified designation. its got to be demonstrably needed. the data must be dangerous enough or important enough that more than just you and your boss agree its 'classified.' these extensions get shot down at a non trivial rate. as best im aware, you cant just call something classified 'forever.'

foreign partnerships arent uncommon. in the case of
>>34950
it depends on what youre doing. its highly subjective. ive had taxi rides that were abrupt and uncomfortable because we openly admitted we couldnt talk in front of an ethnic driver who may be a foreign national.

information seeking: pass. sorry.

journalists are good at finding declassified documents! generally its GAO or administrative reports. again, declassified information is 99% very boring. ask your local newspaper or submit a FOIA...you would be amazed how effective those are.

uh at home? I run whatever i decided to pack into my lian li. at work its dell/HP/Lenovo and whatever made the budget. again: not hollywood :P

i hate raid, but im more of a performance guy.

[quietly ignores data questions]

as for longevity youre asking the wrong guy. i routinely just blow everything away because i dont care. i run linux at home, multifactor auth too. did you know you can make your own CAC cards? build a CA authority. its seriously fun.

  No.34973

>>34970
>[quietly ignores data questions]
ok - well can I ask;
Are there steps you feel have been put in place to ensure that in say 50yrs the data will be preserved so as not to interfere with release when required?

My ref to raid 6/10 and the PC was more how do they approach safe storage - and hoping you did use a Hollywood 4096 core, 2TB ram beast (and played doom on it :) .... ok I understand you cant say as such... but was thinking with ALL the MASSIVE data going down with the NSA and all that - your network drive might look like somthing like "3594.34 PB free of 98436764764.56 PB" am i right :)

N.b. we all know hind lub tastes of leather!

  No.34975

File: 1470879246874.png (578.18 KB, 155x200, Trouble.jpg)

>>34973
if the expiry date on its level of classification is passed, and no one argues it, the document is then declassified. if the expiry date isnt passed, and its addition to a document or media is contested, it can be declassified in the context of a combined document or in reference. and if youre unsure about it after 120 days with no answer after consulting the originating document and your security manager, you can escalate the issue to a group that deals specifically with 'is it classified or not' for a final answer. so in short, its super rare that anything stays classified indefinitely.

classified != magic lamp. if you need space or something it still has to have a reason and still has to have a budget. that having been said, some departments get very, very large budgets for compute (obviously.) not all classified is as glorious as the NSA. as for safe storage, OPSEC. use open source, use what you know, keep patched up. learn crypto and pki, its pretty amazing.

  No.34977

assuming OP is for real, how afraid is the government thinking crime is 'going dark' do politicians and agencies really think that encryption and privacy is evil?

  No.34981

>>34975
So your "security manager" gets you cheap hotels and car rental, sorts out your sex life and brings you drugs n booze... sweet number dude!

  No.34982

File: 1470880375638.png (555.4 KB, 155x200, Watch.jpg)

>>34977
its a concern. on the one hand you have an amazing tool that keeps america safe. on the other hand, it can be used to devastating effect to plan attacks and hurt people. then again, so can shortwave OTP...so can dead drops...its just the vector SIGINT and others have decided is most critical. i dont think you can legislate around it. its pure, sexy math.

>>34981
still buying my six packs one at a time here. are you hiring? :3

  No.34983

>>34925
In ref to this first pic... dam right I need to know!

  No.34985

File: 1470888262176.png (18.72 KB, 200x200, serveimage.jpg)

>>34925
Idiot. You have no idea what kind of attention you have drawn here.

>>34927
If you knew anything about opsec you would have never done something this loud. You must be a stupid kid with an inferiority complex, because if you knew anything about intelligence, you would know what posting something like this would do to you, as well as the entire user base of lainchan.

Let's say you are of intelligence value. It is now public that you browse this site. All that is required now is to compromise this site, collect user information, and leverage the site to compromise you, as well as innocent others who knew better and kept their mouth shut but were unlucky enough to be in the access logs during your visit.

Seriously, this stunt is Blake Benthall levels of stupid. You like to use the word opsec a lot. Maybe shut up and practice it. Even if you aren't who you say you are, you probably don't want the heat you are inviting.

  No.34991

>>34985
>All that is required now is to compromise this site

>Implying they can't just look at the ISP's logs

  No.34999

>>34985
I don't remember the term but there's a stage of development in adolescence where a boy pretends to be very important, or to be in a powerful secret society. Whatever your age you're going through that stage now.

OP didn't and wouldn't attract any dangerous negative attention without actually leaking state secrets.

  No.35005

File: 1470910687995.png (264.07 KB, 200x200, fggfggfgf.png)

>>34985
I wishto remind you that everyone's beloved Major QTsanagi you posted over there lives inside a body and a brain owned by the government. Some of her classified memories also belong to the government. If anything, OP has made this place more like GITS and less like the cheap anarcho-NEET hugbox it is. Cheers!

  No.35007

File: 1470920953549.png (64.43 KB, 200x113, lain-facepalm.jpg)

>>34925
You made Lain facepalm. You should be proud.

  No.35010

OP, really? You're not even trying. You pretend to be some securitylord writing like a 13 years old for fuck sake, at least next time fake it better.

  No.35014

File: 1470936317640.png (87.76 KB, 200x125, CoeoMq2XEAELkPh.jpg)

>>34985
>Idiot. You have no idea what kind of attention you have drawn here.

lol... I found this site via the overchan which the FBI and INTERPOL presumably already monitor since idiots were always seeking out low traffic chans to share CP dumps a few years ago. That's the only interest law enforcement has in imageboards, you aren't part of some secret cyber-jihad.

  No.35031

File: 1470954596143.png (882.49 KB, 155x200, Tweets.jpg)

>>34985
not sure if you're paying attention or not, but the name of the board is "cyber-security and cyberpunk." if the topic im offering is too spooky for you to discuss, feel free to try other boards. maybe art?

I will not change the topic. Its my opinion that people like you working to kill the free-flow of security information with fear uncertainty and baseless paranoia are the real threat. through open discussion in forums and online we become stronger and safer. STFU is not a security policy.

im not trying to attention whore. im not hocking like and subscribe social sites, i dont care what you think about me personally and ill surely never go the distance to insist im somehow superior to any of you. I started a thread to begin what i think is a very legitimate discussion of a security topic that does not get the attention it deserves partly because people are scared, and partly because its confusing. The first step to learning is teaching and open dialogue. the AMA approach seemed novel i guess. if it sounds better, why not say "lets talk about government security?"

  No.35286

>>35031

I think the guys were trying to point out that you are unable/unwilling to offer any useful information about what having a clearance means or the process of obtaining a clearance.

Anything you could say about your polygraph, your investigation, etc. would technically be illegal disclosure, and even having this topic for discussion on Lainchan would give any LE agency out there probable cause to investigate this site and its users. I know this thread is old now but I saw it in the catalog and wanted to spell this out for anyone else thinking of fucking around.

  No.35368

File: 1471358360311.png (59.82 KB, 143x200, sec.jpeg)

>>34975
So you never answered...

Is there any higher level than top secret?

I know most info is boring and lame and that most info will be cleared as routine...

But its not that info we* care about - its the other stuff! The info that will never even bother having the discussion about if it can be released... the info that time after time gets put back!

And not just the smell of gear oil!
Ops that are a move of aggression or beyond the remit of gov power.

You know things that if escalated or left unchecked could take us to war - that thing where people do killing and are killed for matters that could be illegal in ways that are not representative of the populations wishes. (no matter who you vote for - secret operates outside of public knowledge so is hard/impossible to be checked).
If people are to be killed then people better be doing it for the "right" or at least honest reasons.

Would/could you say secret classifications can/have been used to "save face" i.e. is it ever used against the population rather than just the "enemy".... who is the enemy?

*The public

  No.35371

>>35368
Highest level secret is BUBERE (Burn Before Reading).

  No.35372

>>35371
what about BUDUWR (Burn During Writing) where you write the message on paper with a hot soldering iron

  No.35553

>>34934
>im not watching lainchan. im here because i grew up on cyberpunk. BLAH BLAH BLAH

typical misinformation and trust-building i'd come to expect from a government employe

  No.35554

File: 1471510089722.png (19.6 KB, 200x200, photo.jpg)

>>35005

reminder that no matter how much you like cyberpunk, Deckard and Kusanagi are still cops; which makes them unlikable killing machines that no one in real life should ever want to be near.

Get behind a cyberpunk neutral/anti-hero. Get behind Neo or Y.T. or Raven or Bob Arctor or Hiro Protagonist.

Don't root for the *really* bad guys, root for the troubled anti-hero.

  No.35571

>>35554
>>35554
>Deckard and Kusanagi are still cops; which makes them unlikable killing machines that no one in real life should ever want to be near.
No, they're rogue cops. They're more vigilantes than anything. They prefer to go on their own way and carry justice by their hands instead of following the rules, even going against the organizations they belong to.

Get your facts straight mate.

  No.35576

>>34985

>Look at me! I'm an eleet member of a sekret cybersecurity imageboard where 90% of people couldn't even pass an A+ exam!


Quit pretending to be a badass. If you want to actually provide badass insight, you gotta know what the fuck you're talking about.

If you seriously believe this imageboard wasn't on the 3-letter agency radar by now, you're retarded. Sure, the userbase is not entirely well-versed in Computer Science and Engineering, but there are some members that probably are, and there are threads that encourage people to improve these skills. These people are 'potential targets', kept on a list to be examined further. Everything posted here is loud, but he's not announcing his SSN or anything related to his identity. Only Lainchan admins and whomever might have backdoors have access to the site logs. As it stands though, things would be different if he claimed he were associated with ISIS or the Taliban. It is very unlikely that we are being seriously considered for terrorism surveillance by the US Govt.

  No.35609

Moved to >>>/sec/62.