The Indian navy has been left licking its wounds after suspected Chinese hackers managed to lift classified data from maximum security, non-internet connected PCs via malware hidden on USB drives. The Indian Eastern Naval Command – which is currently overseeing trials of the country’s first nuclear missile submarine, INS Arihant …
Why on earth do so called maximum security PCs have active USB ports?
Even if they needed them (for the keyboard and mouse for instance), they could probably put some locking device, or even just glue the keyboard/mouse USB plugs in and use resin to seal the rest.
re-wire the 5-volt USB slot so that it provides 15-volt (or maybe even household voltage?).
That should take care of thumb drives, and dumb drivers.
"Why on earth do so called maximum security PCs have active USB ports?" (Stuart Caslte - 08:52 BST)
Whilst I agree wholeheartedly, perhaps because occasionally they require Maximum Security updates ?
U = U
S = Sure
B = Bout this ?!?!
Snoop onto them, as they snoop onto us
Mine's the one with the Hackers DVD in the inside pocket.
Military's should be using proprietary computers with proprietary operating systems with proprietary file systems. No they use PCs to save a buck.
I think the shear trauma of trying to educate new recruits into the mysterious of a proprietary operating system would put most militaries off. And ultimately it still has to be used by humans who will circumvent security measures if it makes their lives easier.
Also the world's military forces are spectacularly inept at specifying any propriety system generally coming up with something that's more expensive and less capable than something you could buy off the shelves a decade previously.
"I think the shear trauma of trying to educate new recruits into the mysterious of a proprietary operating system would put most militaries off."
Wtf? If they can train new recruits to fly an aircraft or drive a tank or conduct survellance, I'm damn sure they can train them to use a slightly different GUI or a CLI.
"Also the world's military forces are spectacularly inept at specifying any propriety system generally coming up with something that's more expensive and less capable than something you could buy off the shelves a decade previously."
Except that in this case buying off the shelf puts your secrets at risk so perhaps they should try harder.
"mysterious of a proprietary operating system would put most militaries off."
I don't suppose too many nuclear subs etc are running "Windows for Warmongers"
'Wtf? If they can train new recruits to fly an aircraft or drive a tank or conduct survellance, I'm damn sure they can train them to use a slightly different GUI or a CLI.'
Those are the smart ones, some branches of the armed forces are manned with those uncomfortable with the level of technology available in an anvil. I have on occasion had to explain such simple concepts as 'you don't need to watch the phone in case it rings, you'll hear it'.
For an example of a military specced IT system look at JPA the UK's tri-service administration software. A pig of a system that takes user unfriendliness to a new level while failing in its main job of allowing personnel to manage their own pay and allowances.
A proprietary system is just security by obscurity, it doesn't solve the problem of people taking the easy option like making a print out and losing that, but it does risk the entire defence budget being absorbed coming up with something that's the equivalent of MS-DOS, and not one of the good versions.
For general admin, e-mail etc. no, they're running XP.
For operating the submarine they'll have a separate command and control system, which breaks most of the rules in the user interface book and is no use if you want to store or create documents.
"Those are the smart ones, some branches of the armed forces are manned with those uncomfortable with the level of technology available in an anvil."
I'm sure thats the case , but you wouldn't let those sorts of people near critical systems in the first place. They're the ones cleaning the boots and the bogs.
"A proprietary system is just security by obscurity,"
if thats the only option you've got then its better than nothing. Its certainly better than using a consumer OS which is quite happy to run any old shit it finds on a USB stick as soon as its plugged in!
I don't suppose too many nuclear subs etc are running "Windows for Warmongers"
No, they're running Windows for Warships.
"I'm sure thats the case , but you wouldn't let those sorts of people near critical systems in the first place. They're the ones cleaning the boots and the bogs."
But what if that's all you got? So it's either put these people to work or you got to explain to John Q. Taxpayer why you're sitting on a billion-dollar paperweight (IOW, sink or swim). And rolls on the slide as college grads head for the private sector and drafts are political suicide.
"if thats the only option you've got then its better than nothing. Its certainly better than using a consumer OS which is quite happy to run any old shit it finds on a USB stick as soon as its plugged in!"
That's the thing. That option isn't really an option. One leak and you're done: a task easily accomplished with a competent spy or other insider. Then you're back where we are now, only worse off because proprietary systems are harder to rejig: being by definition custom jobs. And we know what happens with old custom-designed software: it becomes both obsolete and so expensive to replace that the budget basically forces you to put up with it.
The "how hard can it be?" principle"
They probably worked on the "how hard can it be" principle to link up a few PC's and servers and stick a sign over the door saying “Secure - Do Not Enter!" This approach being used in order to save a few bob of in-house or 3rd party consultancy staff.... After all, the Indian Civil Service and Military share a heritage with their fellow British Equivalents.....
Good mornings to you sir, I am beings Dave from "Windows"
Our records be showing that your computer is being having a virus.
Please be ringing our premium rate number to be receiving of the fixes.
SPYRUS makes drives that can help prevent this
On the Hydra Privacy Card, every file is encrypted under its own key. Even if you unlock the drive to get to your files, the files are still encrypted until you explicitly decrypt them. Since you can set a policy on the drive that will only allow encrypted data to be stored, it it impossible for malware to run - since it cannot be put there in the first place.
.that is all
Re: bit locker
How's that work if the user of the system inserted the USB device? As the user they'd have unlocked the data drive for use in which case the files are visible, in which case they can be copied. Active USB ports and AutoRun are the bigger issues here.
consumer kit == consumer problems
Welcome to IT india, maybe you should outsource your IT needs to the UK and then you won't have so many problems :0.
In the Navy, yes, you can bring your own device.
In the Navy, yes, you can snoop our files with ease.
Won't last for ever.
They're stealing everything from everyone at the moment.
It won't be a few years before a German judge announces that the BMW M76849384933994994 has no resemblance to the SsangYonh M76849384933994994 and so BMW has no case to answer.
At the moment they're only doing it because China's miles behind. When they catch up, then they'll come on board with law.
Indian military personnel are plugging random usb sticks into military computers?
Mega fail on so many levels (And I doubt it's just a problem in india)
The Indian Army are simply out-sourcing their data to China. From now on they will send their data via hotmail or drop-box and get paid via paypal. What's the worst that can happen?
The Indian Express story to which a link is provided states that
«The Navy — and the other armed forces — stores sensitive data only in standalone computers that are not connected to the Internet. These computers are not supposed to have ports or access points for pen drives or external storage devices. » Did they or did they not have USB ports ? It should be rather easy - even for a naval officer in charge of security - to ascertain with a simple ocular inspection whether a computer has USB ports. Is it possible that this story is made from the whole cloth and published in the Indian press in order to achieve the twin objectives of fanning anti-Chinese feeling in the country and obtaining larger appropriations for military security, while at the same time bashing the current Indian government ?...