Skip to Content.
Sympa Menu

netsec-sig - RE: [Security-WG] Strange request from Air Force

Subject: Internet2 Network Security SIG

List archive

RE: [Security-WG] Strange request from Air Force


Chronological Thread 
  • From: Rick Haugerud <>
  • To: "" <>
  • Subject: RE: [Security-WG] Strange request from Air Force
  • Date: Fri, 9 Feb 2018 15:53:06 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:N1Wp0x9hnHwjwv9uRHKM819IXTAuvvDOBiVQ1KB31eMcTK2v8tzYMVDF4r011RmVBdyds6oMotGVmpioYXYH75eFvSJKW713fDhBt/8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFRXjLwp1Ifn+FpLPg8it2O2+54Dfbx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyhzHontJf+RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKWE169b1uhTFUACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMMvrRr42RDui9b9mRh/2hikaKz43/mLZisJyg6JavB2uqAdyw4HIbI2JLPdyYr/RcNEcSGFcXshRTStBAoakYoUTDuoOIeVYpJT/qVQUsBu+ChejBPnyyjBVm3T72rc60+Q7HgHb0wwvAcgOsGnJo9juKacSV+S1wLPWwjrecvNbwDHw45XLfBA5ufyAQ658fMjLxUQgFg7JlEicpI3rMj+Py+gBrnWX4/J9We6xj2MrsQV8rza1yssyhITFnJ8Zx1HK+ClhzoY6O961RFJ+bNOhEZZdtD2WO5VzT88/R2xnozs2x7gItJKmZycKxpEqyATBZ/GHfYiF5A/oWvyLLjdinn1lfaqyhxas/kikze3xTtG63UpNoCZZj9XAr20D2QTO5sSeTfty5Vmu1SyI1wDO9uFLOkc0lbfdK5E82LIwjoATsUPfHiDohEr2kK6WdkIi+uSy7OTnf6nmppubN49ziQHyKLghmsu6AeggMwgOWXaU+fik2bH94UH0Qq9Gg/I3n6XDrZzXJMoWqrSkDwNIz4ov8xO/AC2n0NQck3kHNlVFeBefgojzO1HBOu34DfihjFS2jTdk2uvLPqDnApXJNHTMjqrufatl505G1AUz1cxf545TCrwZO/L8RFP+tMHCDh84Lwy1w//rCdty1o4FXWKPA7SZML/JsVOW/O4vIu+MZJMLtzbnLfgq+eLugWEjlVADYKapwMhfVHftVO9rKFiDYGb9x8gOOWYMogckSuH20huPXSMZLyKpUqkh/DAnGce5Aq/CQJygmrqMwH39E5FLMDNoEFeJRE3pfIbMe/4RZy+IP8MpxiYEXKWuRpU82Tmzsgu8xrZ6eLmHshYEvI7ugYAmr9bYkgs/oGR5
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

We have experienced a situation like this a couple of years ago.  We were contacted by a member of US Air Force Incident Command.  They had identified a series of servers and accounts in one of our colleges that had been compromised, and were being used as a jumping point to go elsewhere.  They asked us to install a “black box” that would allow them to monitor the activity.

 

They actually flew to Lincoln (3 of them) and met with us and described some of the activity.  We allowed them to install the “black box” on our network for about 18 months.  Information sharing was minimal, and ultimately we disconnected the box and shipped it back.

 

Rick

 

Rick Haugerud

Office of Cybersecurity & Identity|ITS|

211 Nebraska Hall, 68588-0522

University of Nebraska |nebraska.edu

Kearney|Lincoln|Omaha

402-472-2135 (o)

 

Information Technology Services
Connecting people, ideas and technology for a better University, a better you.

 

From: [mailto:] On Behalf Of John Dundas, III
Sent: Friday, February 9, 2018 9:33 AM
To:
Subject: Re: [Security-WG] Strange request from Air Force

 

On 2/8/18 1:09 PM, Karl Newell wrote:

Hi all,

 

One of our members experienced the following, I’m wondering if anyone has heard of something similar or what your thoughts are.

 

The Air Force contacted the member’s DNS registrar saying they had information to share about the member’s network.  This request made it to the CISO who called back.  The Air Force wanted to install a device on the member’s network to monitor traffic.  It was assumed there would be information sharing but the member did not agree to work with the Air Force.

 

Thanks,

Karl


Karl,

Thanks for posting this.  To my knowledge, CENIC has not been approached by any agency with such a request.

Also thank you for declining the "offer."  Numerous red flags are at full-mast.

John

Attachment: smime.p7s
Description: S/MIME cryptographic signature


Archive powered by MHonArc 2.6.19.

Top of Page