The Pentagon has opened the kimono on what it described as the “most significant breach of US military computers ever,” in which a flash drive in 2008 was used to infect large numbers of computers, including those used by the Central Command overseeing combat zones in Iraq and Afghanistan. When the device was plugged into a …
Thats what you get for using windows on mil computers, (not a hater, just a realist).
Re: Thats what you get for using windows on mil computers
That is what you get for not putting rudimentary system protection measures in places - things like running at low level accounts, turning off auto play, disabling usb & disks etc. and completely failing to more advanced things like intruder detection systems, monitoring internal and external boundary traffic for suspect traffic - which would have set alarm bells ringing - a level of paranoia much higher than normal is required for admin of a military network
Using *nix would have made it harder to get in and potentially slower going - but only if the admins had a clue - because I doubt we are talking about simple hackers here
More than that...
That's what you get when secure and non-secure systems share the same network.
And when 'secure' systems have enough connectivity that they can contact the outside world (presumably the internet).
If you want a system to be 100% secure, I'd advise disabling the power button and disassembling everything.
If you want a system to be as secure as it can be whilst still being usable, you'd best make sure that the network is isolated from ALL other networks - port based segregation + encrypted authorisation (802.1x) etc etc etc.
It looks like another case of the wetware being the weakest link!
Re: Thats what you get
You would think wouldn't you
re: If you want a system to be 100% secure
really 100% secure I think needs a sealed lead lined concrete bunker about 500 mtrs below ground with no access points (including air ducts) and no cables in or out - and absolutely no power
but seriously - security in military coms seems to have goon backwards :s
Yea, their VAXen were a whole lot safer
Especially during the Wank Worm incident.
And the old VAXes were a whole lot more bomb proof than anything else at the time. Just remember that next time you say your machine is a whole lot better than windows. If someone wants in, they will find a way.
"really 100% secure I think needs a sealed lead lined concrete bunker about 500 mtrs below ground with no access points (including air ducts) and no cables in or out - and absolutely no power"
So you know how MS *finally* got their C2 security rating on their servers.
And the Morris Worm the year before that (in 1988). Same hardware platform, but running BSD not VMS. The difference is that we learned to avoid such holes over time. Microsoft, on the other hand, has used meaningful filename extensions for HOW long, exactly?
 I can't remember anyone similarly exploiting TOPS-10 or -20 ... Can anyone refresh my memory?
Why is it
that every time someone mentions an "unnamed foreign intelligence agency"
I immediately think of Mossad?
I doubt any foreign intelligence agency was involved this time
More likely this was a common malware infection and the Americans wish instead to portray it as a determined, targeted attack to deflect from a lack of foresight and general incompetence.
NT4 had the capability to lock down media via the registry more than 10 years ago.
This is nothing new. And standard practice in any half-sober organisation with a defined security policy which the US Military surely qualifies as.
As for the Mossad, it's entirely feasible that they were involved in the smear campaign against Julian Assange last week acting as a proxy for the CIA as they often do.
Don't forget the Americans love to conjure up a Bogey-man. There is always someone else to blame.
I would say..
Most likely China
So it wasn't a Network Breach after all
Using social engineering or similar tricks to get access inside a network is not a breach of network security. Its just human error -- the weakest link in any security chain.
The question here was why were executables allowed from a removable drive? (Also, did the drive autoexecute from the media?). Most problems from malicious software can be eliminated if you just move plain text around. Its not as spiffy as multimedia but its pointless opening up a system to all sorts of vulnerabiliites and then trying to individually fix each one as you notice it (the signature feature of Microsoft's software). These systems aren't home computers, they've got work to do and they should be working with a very well defined set of data, not running any old rubbish that they happen to come across.
I know your sort
You're one of those technical, engineery type people who always looks at things from a practical and scientific point of view. We've got multi-million dollar procurement budgets and 1000s strong administrative empires to maintain here. There are senators and generals who need to be impressed; you just don't understand.
Still A Network Breach
A Sneakernet breach is still a form of network breach. The firewall they needed was epoxy in the USB ports.
More generally, PNP has no place in a workplace computer system - users should not have the ability to install drives, whether they be external USB or firewire, flash thumb drives, or floppy disks or CDs. I had a user destroy a computer by playing a music CD that tried (and failed) to autoinstall some kind of multimedia presentation. It failed to install but managed to hose the NT4 install somehow. This was back before I really clamped down on the NTFS permissions. A friend had a computer that would periodically shout out "Marshall!" because he'd put an Eminem CD into it once. It took us ages to realize what was going on because it did it so infrequently.
Why the fuck would anyone, with any knowledge of basic computer security, have a so-called "secure system" accessible in any way, shape or form from not-secure systems?
And these are the idiots in charge of my nation's security? Sometimes I despair ...
why have secure systems connected to non-secure?
Because some know-nothing general, whose only qualifications is that he probably knocked up (North American version) some politicians daughter then married her, ordered someone to do so. Said arrogant jackass wouldn't then listen to any advice, and threatened the (army) captain with court martial for disobeying orders. Since the order wasn't illegal (just fucking stupid), it was done. At least that's what happened when we were forced to do it in my days in that particular trench.
The trouble with closed networks is that many assume that local firewalls and up to date anti-virus measures are unnecessary because the network is inherently safe and secure. Everyone forgets that updates from developers or manufacturers have to be introduced from outside. The problem I have specifically had to deal with is that of sub-contractors attaching notebooks to a closed network to perform maintenance - and introducing worms to all the unprotected systems.
<ouch baby ouch>
Smells like a honeypot to me though
</ouch baby ouch>
I'm betting that the machines infected weren't firewalled outbound. Imbecile 'security' admins strike again.
Phony leaks = Cyberwar
Pretty cool how the Pentagon can sell a story by packaging it inside a "leak". Release through fake outfit some mostly worthless info then maybe the gullible will take the the whole thing at face value. Pure Genius.
A title is pointless
“It was a network administrator's worst fear: a rogue program operating silently... "
It's so much easier to spot them when they go "bing!".
Maybe someone should invent a machine to goes "bing".
If you give a tour of a facility be sure to wheel it out to impress the brass.
Monty Python has one that goes "Ping"
Maybe you could modify theirs?
'most significant breach ever'
So if that's the case, are they going to extradite those responsible and try them as terrorists?
And does this mean Gary McKinnon is now only the second 'most dangerous' hacker...
To answer that...
...no, it means they'll blame Gary McKinnon for this latest breach as well and use it as an excuse to ramp up even more pressure to get this evil and dangerous cyberwarfare mastermind extradited to the US for his show trial.
Who'd have thought..
..the W.O.P.R. even had a USB port. Damn you Falken!
MLF, Multiple Levels of FAIL
There's a large amount of smelly stuff here. How the hell would a military computer run Windows at all? But this is only the tip of the iceberg. The military is supposed to use NIPRNet and SIPRNet, for "regular" stuff and classified stuff respectively. These networks are practically separate from the civilian internet, which means that this malware probably exposed a huge hole in these networks. WTF?
Pathetic - and they call themselves 'secure'
Can't be because they have no budget for free software like AVG or Spybot.
Maybe they should put a warning on every laptop saying this is United States Government Property and any unauthorised software running on the equipment will result in the arrest and imprisonment of the software authors.
This should scare them off.
sometimes is only free for home use, such as is the case with AVG and avast! antivirus suites. Admittedly, they're cheaper than the alternatives (ex: Norton, McAfee, etc), but still far from free.
Damm you've seen our policies...
...and the only think you can click is OK, which then proceeds with the login.
Next they will blame wikileaks.
Non secure systems should only be allowed to attach to secured systems in a controlled manner such as a ssh terminal session through a heavily controlled portal or the like. Mixing crappy consumer grade laptops with well known and widely attacked security issues on the same network as systems containing secure data is simply asking to be p0wned.
Does this mean
they'll stop claiming Gary McKinnon carried out "the biggest military hack ever"?
It certainly shows that they haven't learnt much from it.
msg from the biggest military hack ever
My boxer shorts have my name and it says Raymond
A dozen determined computer programmers...
Would only take one imo.
It's imporant to consider security...
...when THE ENTIRE PLANET hates you.
AC for obvious reasons.
infect large numbers of computers
> a flash drive in 2008 was used to infect large numbers of computers
What desktop Operating System did this flash drive infestation occur on?
The breach was real not a hoax.
Didn't know it at the time, but it matches up with military linked friends bitching about having to reset their passwords every day for about two weeks, followed immediately by the implementation of the policy on thumb drives, since modified to allow devices which spin up, albeit requiring encrypted devices.
The problem is specifically that you do need to transfer certain data from non-secure systems and back. That data transfer is most easily accomplished these days by USB drives, thumb sticks at the time. The secure network on a battlefield necessarily involves wireless connections to cover large areas where establishing wired connections is unworkable. Once the malware is in...
As for all you foaming at the mouth haters, I'd like to leave you all on Al Queda's doorstep. Fortunately for you, the US military doesn't like that idea.
"The problem is specifically that you do need to transfer certain data from non-secure systems and back. "
No. the problem is the lack of the systems checking the identity of that drive IE It's one of those *authorized* to be connected the *secure* system and not just *any* random thumb drive loaded with whatever someone decided to load it with (in this case something quite nasty and able to spread around a substantial network.
This suggests one of 2 things.
1) No procedure in place to control which devices are *allowed* to be attached to the network.
2) Procedure in place but ignored (and any software or hardware to support it bypassed).
If this is a *secure* system (and one which is networked into a whole bunch of others) it might *look* like a regular PC but it definitely should *not* be useable like one.
After all the whining over the Gary McKinnon case and with 7 years to brief and train all relevant staff it seem *astonishing* that this can happen.
As others have pointed the US military is not well liked in many parts of the world, *especially* substantial bits of the Middle East. It's not paranoia. They really are out to get you.
Consider yourself got.
"a turning point in the Pentagon's computer defense strategy"
So WTF were they doing between 2001 when Gary McKinnon showed how laughable US Military "Computer Security" was and 2008 when this attack happened...???
How is it a cyber war when someone carried a worm in?
Never mind... I get it, it's an excuse to crack down, leverage the FCC, leverage the FTC
Name : Worm:W32/Agent.BTZ
Detection Names : Worm:W32/Agent.BTZ
Didn't anyone notice the bit about USB?
Who says the secure systems and internet connected systems were in any way connected at all?
Given that we're taking USB (ie rewritable media with auto run), I'm guessing this is how it works:
* Internet-connected machine gets infected - probably from a porn site, being military, and spreads itself to all of the machine's removable media
* USB key gets infected on the internet-connected machine
* USB key gets plugged into the "secure" machine, autorun does its thing, "secure" machine gets infected as well.
* Malware hoovers up files on the "secure" machine
* USB key gets removed, plugged back into the Internet connected machine
* Malware sends the files it picked up straight out the door to wikileaks or the bogeyman or wherever.