Sigh.
Maybe you should report when they DON'T lose any important info - Would be more newsworthy, it seems.
A system to link a secure communications network used by UK intelligence agencies with other government departments and posts overseas has finally swung into operation, two years later than originally expected. The slow progress of the SCOPE project drew a rebuke in the annual Parliamentary Intelligence and Security Committee …
"but one UK spooks reckon will give the bad guys an advantage in working out the strengths and weaknesses of current techniques. ®"
The Good Guys though will present them with a wholly new technique with wholly new techniques to counter and overwhelm those who have left Office and traded secrets for their thirty pieces of silver. And yes, that would be QuITe Probably everything to do with Royal and Ancient Arts and Covetous Dark Matters and the Post Modern Binary Interpretation and Analysis of them in the Holiest of Holy Grail Territories.
Step into that Fray underprepared and the Gods you Bank on and in will lose all Interest in your Support. And if they be Gods in Banking at all, they will already already be Shifting Invisible Supports to the Good Guys 42 Feed their Sweetest and Darkest of Pleasant Milk and Honey Addictions.
And the penguin because it is cold in the mountains, especially in the winter and on dark nights.
...to cover this stuff up and pretend they're aleast compitent. I mean they're not even trying. They must have known they were going to loose loads of data it's government procedure, but classify the system and it wouldn't reach the public.
Although I guess they're doing that already with the REALLY important stuff, like uranium going missing, and contained outbreaks of Ebola etc.
Right I'm off, where's my Tin Foil hat? I can't go outside without it.
This post has been deleted by its author
"How long before someone hacks it.mmmmmperhaps its done already knowing the UK gov. so called security when it comes to data."
Doubt it. Gov inter-network security is actually pretty good. How often do you hear of the GSI or xGSI being hacked? The problems they've had recently with CDs going missing are a direct result of a lack of a secure network connection between the sites involved - where there has been no gsi connection or network like this to enable the secure transfer of the data, so some muppet has resorted to sticking the data in the post.
If this project is Top Secret, how do you know it was late?
It may have been two years early but no one told us. And how do we know data has been lost if it was top secret? think about it eh (picture me tapping my nose!)
Still not the first goverment project to be fleeced by the private sector eh?
..."Why don't they just use Tor like everyone else?"..
Because they want security not *ANONYMITY*.
Presuming your talking about using tor in the way of having "Organisation1 -> TOR -> Organisation2", you don't want "Organisation2" to not know who "Organisation1". Which, AFAIK is what tor provides for.
The difference between anonymity and privacy has been covered thousands of times on El-reg and all over the web, not to mention countless papers and text books. Hell, its even covered on the Tor site. Tor does not provide security, it provides anonymity and these are very different things.
Digital security encompasses (among other things) the following:
Privacy - (making sure no one but the intended recipient can see the message) [Tor allows anyone running an exit node to see the data going in and out and where its going to "in the clear"]
Integrity -- (Knowing a message has not been tampered with (and in some cases even viewed when in encrypted form)) -- [Tor cannot stop an exit node from manipulating data]
Authentication -- (Knowing the message has from from someone authorised to send the message) [Outside of remote server control, Tor has no mechanism to provide for authentication as far as I know.]
Non-repuduation -- (Proof that the person who stated they sent the message actually did send the message. (e.g. to prevent replay attacks) -- [Tor cannot provide this]
The SCOPE system presumably has to provide for all these. Not simply hide the source of a message.
I have to laugh at ridiculous security suggestions for a Secret/Top Secret government network. Suggestions of SSH or a VPN over SSL etc. Don't forget most forms of internet encryption involve doing a key transfer over a public key system in order to set up a private key session. The public key system used is usually RSA with either 1024 or 2048 bit keys. The largest number known to have been factored in the public domain is 663 bits. GCHQ invented RSA 4 years before Rivest, Shamir and Adleman, and recently allowed that tit-bit of information out into the public domain. Also public key algorithms are very susceptible to meet-in-the-middle style attacks, especially if government scale resources are involved.
The symmetric algorithm used typically has a 128 bit key length. US restrictions were at 40 bit for a while but then those restrictions got dropped got dropped. Anyone want to guess why?
Who would like to bet that no government on the planet has found a way into SSL? Especially with the amount of resources that get swallowed up by NSA and GCHQ. I certainly wouldn't make that bet.
"This has led to a focus on counter-terrorism priorities to the possible detriment of other work."
Surely priorities should be focused on real threats such as China/Russia/NKorea/Iran/especially the USA. and counter-espionage against these countries. I'm not saying that a bomber setting off a bomb and killing people isn't bad but I would say its not the biggest problem is it?
Its not a regular occurrence or as bigger threat as the gov./media would like us to believe.
Also ROFLCOPTERS at the guy above who said just use TOR: http://www.theregister.co.uk/2007/09/10/misuse_of_tor_led_to_embassy_password_breach/
xGSI only offers accreditation upto CONFIDENTIAL. Properly implemented SSL (as per Manual T guidance) is acceptable for RESTRICTED only. The main problem comes with any kind of network connectivity when you are at SECRET or above.
As for TOP SECRET ATOMIC PRINCIPAL ARTIFICER well, I'll tell you...oh hang on there's somebody at my front door....