NYU Accidentally Exposed Military Code-breaking Computer Project To Entire Internet

An anonymous reader writes: A confidential computer project designed to break military codes was accidentally made public by New York University engineers. An anonymous digital security researcher identified files related to the project while hunting for things on the internet that shouldn't be, The Intercept reported. He used a program called Shodan, a search engine for internet-connected devices, to locate the project. It is the product of a joint initiative by NYU's Institute for Mathematics and Advanced Supercomputing, headed by the world-renowned Chudnovsky brothers, David and Gregory, the Department of Defense, and IBM. Information on an exposed backup drive described the supercomputer, called -- WindsorGreen -- as a system capable of cracking passwords.

Surprised

[p51d007]

Anything like this was even connected on the "internet".

Re:

[rmdingler]

Probably a back door left open that was used during development, initially including a redundant air-gap that some researcher got tired of connecting and disconnecting... it's not just the Muggles who're lazy.

Re:

[ShanghaiBill]

Or the leak was part of a disinformation campaign to make OpFor think we have something when we actually don't.

Re:

[Highdude702]

That was an awesome Half-Life game..

Re:Surprised

[_xeno_]

If I'm reading the article correctly, the computer itself wasn't, the Slashdot headline is at best misleading. What was connected to the Internet was a backup drive containing documents that describe the password cracking computer.

It's actually somewhat unclear if they even built the thing, these are more planning documents that describe how they would. If it exists, it presumably is properly isolated from the Internet, given that it's supposed to be used only by DOD and intelligence agencies.

Re:Surprised

[DickBreath]

Don't be surprised. I'm sure they used an air gap. The air gap was in between some manager's ears.

Re:

[It's the tripnaut!]

Anything like this was even connected on the "internet".

Could be a red herring.

Re:

[AHuxley]

The US has tired that a few times over the decades.
Altered plans to get other nations looking for more information and contacting clandestine service front companies.
Operation Merlin https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[DickBreath]

It is microprocessor controlled. And has bad breath.

Re:

[Chris Mattern]

Where can i haz this Shodan-"Program"??

You can't, you pathetic creature of meat and bone.

Look at *you*, hacker

[fightinfilipino]

a pathetic creature of meat and bone

Sheesh...

[__aaclcg7560]

I get a lot of crap for posting on Slashdot during business hours (4:30AM - 10:30PM), but I wouldn't be stupid enough to connect a military code-breaking computer to the Internet for posting on Slashdot.

Re:

[__aaclcg7560]

but I wouldn't be smart enough to know how to connect a military code-breaking computer to the Internet for posting on Slashdot.

FTFY.

The smart option is not to connect a sensitive system to the Internet.

Re:

[__aaclcg7560]

The smart option is to RTFA and understand that a sensitive system was not connected to the internet.

This is Slashdot. You must be new around here.

It was a backup drive which I'm sure you have connected to the internet for posting on Slashdot or at least pulled out of your ass like your posts on slashdot.

This sentence makes no sense whatsoever.

Re:

[__aaclcg7560]

[...] slashdot makes you money.

Slashdot makes me extra money for something I'm already doing. As Warren Buffett said, "When it's raining gold, reach for a bucket, not a thimble."

Re:

[__aaclcg7560]

By the way, I ctrl-clicked your link till the browser crashed just to see if it would crash.

You crashed your own browser. Sad.

Re:

[__aaclcg7560]

Also, we think you are APK normally, and Creamer when you.

It would be tedious to argue with myself all the time.

https://slashdot.org/comments.pl?sid=9952559&cid=53420987 [slashdot.org]

Re:

[bws111]

Doesn't say one word about a 'sensitive system' being connected to the internet. It says someone found a document on a backup server connected to the internet.

Re:

[__aaclcg7560]

Doesn't say one word about a 'sensitive system' being connected to the internet.

What does "military" mean then?

Re:

[bws111]

It says a DOCUMENT was found on the internet. It does not say the sensitive system DESCRIBED by the document was connected to the internet. Here [sakrete.com] is a document about a bag of cement. By your logic, all bags of cement are now connected to the internet.

Re:

[__aaclcg7560]

By your logic, all bags of cement are now connected to the internet.

Only in Soviet Russia.

Re:

[__aaclcg7560]

"(n) mil-teree- the armed forces of a country." But that's not important right now.

Actually, it is. I work with ex-military all the time. They're sensitive in one way or another.

Re:

[OhSoLaMeow]

Actually, it is. I work with ex-military all the time. They're sensitive in one way or another.

INCOMING!!!!

Re:

[__aaclcg7560]

INCOMING!!!!

I had to duck a virtual chair this afternoon when one of my ex-military coworker discovered that someone scheduled an immediate reboot on his system. Made for some fun email reading.

Re:

[__aaclcg7560]

4:30-10:30 are business hours for you?

I have my regular job and my side business.

Christ, I thought your life of being middle-aged and living in a shitty studio apartment by yourself was sad enough already...

One of these days I need to find commercial space for my home office.

Time for a new ARPANET

[your_mother_sews_soc]

I'm surprised the military and research institutions don't have a new research network by now. Maybe they do and I'm just not aware of it, and if so they messed up big time by not isolating this. Either way, someone violated protocol. Probably won't be the last time this will happen.

Re:

[Megol]

Of course there are alternative networks, it's just that they use the IP protocol(s) with private addresses and with secure routing.There isn't really a reason for a new ARPANET as the network standard already exists and is good enough requiring only standard security measures like air-gaping.

The technical term is:

[Bodhammer]

Ooops.

"Shouldn't be?"

[hackel]

Anything developed using tax dollars MUST be made open source and freely available to all. It absolutely should, and *must*, be available on the internet.

Re:

[mspohr]

Sounds like it already is...

Re:

[will_die]

No it does not. That is covered under 17 USC 105
For most, but there are a bunch of exception, the US Government does not have copyright permission however they are protected by other laws, in addition the government is not required to publish or distribute most material.
In this case where the software was written by a non-government entity there would be a copyright from that and then it was either transferred to the US government, in which case the US Government holds the copyright, or it was licensed i

Re:

[drinkypoo]

Anything developed using tax dollars MUST be made open source and freely available to all. It absolutely should, and *must*, be available on the internet.

It's pretty easy to come up with national security-related counterexamples. Code for weapons, let alone their designs.

Anarchy, State, and Utopia on open-kimono DoD

[epine]

Anything developed using tax dollars MUST be made open source and freely available to all. It absolutely should, and *must*, be available on the internet.

Your main contribution to the debate seems to be using TWO entirely different methods of bold (followed by the near synonym "absolutely" and a second helpful repetition, this time of the word "available"—but I don't see these as your main contribution; did I mention your main contribution?)

Also cute is how you managed to conceal the word "government"

Nothing to see here

[PPH]

Move along now. It's just the Setec Astronomy server.

It's not a problem

[Required Snark]

Trump already leaked this to the Russians, and the Chinese stole it by themselves. The only ones left out of the loop are US allies, and that is because IBM wants to sell them the system instead of having them build their own.

Makes sense

[GameboyRMH]

I'd be more surprised if a group with the NSA's budget, talent, and goals didn't build a system to attack encryption with brute force.

Combine massive computing power with clever ways of narrowing the target...for example, something like an advanced dictionary attack would improve the odds against encryption keys that a human has to remember. Most computers don't use very high quality random numbers, there's potential for weakened encryption there I'm sure.

So if you have this system, you can give it your mos