AntiSec: Cyberterrorism training kit leaks to the Web
by Steve Ragan - Jun 27 2011, 06:25An ISO containing documents for SENTINEL, a training program sponsored by the DHS and FEMA’s Cyberterrorism Defense Initiative (CDI), has been published to the Web. It was released as a teaser for future AntiSec leaks, planned for sometime this week.
SENTINEL, or Security and Network Training Initiative and National Education Laboratory, is a national initiative to educate technical personnel in cyberterrorism response and prevention, the FEMA website explains.
“… SENTINEL provides free cybersecurity training... [that] … focuses on enhancing the prevention, preparedness, and response capabilities of local, state, tribal, and rural public safety jurisdictions. Training combines lectures, classroom instruction, course materials, and real-world experience using hands-on lab simulations. SENTINEL is designed for all experience levels of users and technicians in the state and local public safety sector.”
While there are common templates for creating policies, most based on IT needs and assessments, some of the ISO’s parts shown to The Tech Herald are interesting nevertheless. One file, obviously for official use only, is a template for three separate IP pen register/trap and trace orders.
The template covers “an IP trap and trace for a web-based email account; a pen register/trap and trace order to collect addresses on email sent to and from a target account; and an IP pen register/trap and trace order for use in investigating a computer network intrusion,” the document explains.
There is a random collection of tools in the training kit as well. Some are known, such as Tripwire, Ethereal, Netstumbler, and Winpcap. But other tools are outdated, AVG Free version 7.1 for example, and a tool called BackOfficer Friendly (BOF). BOF is used to detect Back Orifice attacks, a form of Malware that is simply not seen these days.
These are just two examples. Many of the installation files are in need of an update.
There is a lot of outdated documentation in the training kit too, including a Sophos report from 2005 and a FBI cybercrime report from that same year as well. In addition, the ISO has what looks to be a mini-dashboard, with plenty of links to information that is publically available.
With the collection of outdated tools and information used in the training kit, we’re forced to wonder if this is an old version of SENTINEL itself. If it isn’t, we’re mystified by the overall lack of value this kit seems to provide to law enforcement.
Surely the DHS has access to better tools and data for law enforcement agencies, but we cannot explain why they are missing from this training kit. Neither FEMA nor the DHS has made a statement on the training kit’s leak.
Update:
A reader, who we can confirm is familiar with the training kit, sent us the following via email:
The "stolen" toolkit was developed in 2006 as an original DHS training aid, over several thousand copies were made, and thousands were given away to students in the class over the course of 4 years.
The kit is absolutely outdated, it was freely available, and multiple updates/revisions to the kit have also been circulated since that time. To be candid, the "toolkit leak" is comical, and anyone claiming any type of hacking success by having a copy of this kit is simply being naive.
Also, the SENTINEL Program is no longer active and has been subsequently replaced with new courses/projects, so the entire topic is quite, quite old. This would be akin to someone gaining the source code for Windows 2000...my response would be "big deal"!
Comment on this Story