WTF
Thats what you get for using windows on mil computers, (not a hater, just a realist).
The Pentagon has opened the kimono on what it described as the “most significant breach of US military computers ever,” in which a flash drive in 2008 was used to infect large numbers of computers, including those used by the Central Command overseeing combat zones in Iraq and Afghanistan. When the device was plugged into a …
That is what you get for not putting rudimentary system protection measures in places - things like running at low level accounts, turning off auto play, disabling usb & disks etc. and completely failing to more advanced things like intruder detection systems, monitoring internal and external boundary traffic for suspect traffic - which would have set alarm bells ringing - a level of paranoia much higher than normal is required for admin of a military network
Using *nix would have made it harder to get in and potentially slower going - but only if the admins had a clue - because I doubt we are talking about simple hackers here
That's what you get when secure and non-secure systems share the same network.
And when 'secure' systems have enough connectivity that they can contact the outside world (presumably the internet).
If you want a system to be 100% secure, I'd advise disabling the power button and disassembling everything.
If you want a system to be as secure as it can be whilst still being usable, you'd best make sure that the network is isolated from ALL other networks - port based segregation + encrypted authorisation (802.1x) etc etc etc.
It looks like another case of the wetware being the weakest link!
really 100% secure I think needs a sealed lead lined concrete bunker about 500 mtrs below ground with no access points (including air ducts) and no cables in or out - and absolutely no power
but seriously - security in military coms seems to have goon backwards :s
And the Morris Worm the year before that (in 1988). Same hardware platform, but running BSD not VMS. The difference is that we learned to avoid such holes over time[1]. Microsoft, on the other hand, has used meaningful filename extensions for HOW long, exactly?
[1] I can't remember anyone similarly exploiting TOPS-10 or -20 ... Can anyone refresh my memory?
More likely this was a common malware infection and the Americans wish instead to portray it as a determined, targeted attack to deflect from a lack of foresight and general incompetence.
NT4 had the capability to lock down media via the registry more than 10 years ago.
This is nothing new. And standard practice in any half-sober organisation with a defined security policy which the US Military surely qualifies as.
As for the Mossad, it's entirely feasible that they were involved in the smear campaign against Julian Assange last week acting as a proxy for the CIA as they often do.
Don't forget the Americans love to conjure up a Bogey-man. There is always someone else to blame.
Using social engineering or similar tricks to get access inside a network is not a breach of network security. Its just human error -- the weakest link in any security chain.
The question here was why were executables allowed from a removable drive? (Also, did the drive autoexecute from the media?). Most problems from malicious software can be eliminated if you just move plain text around. Its not as spiffy as multimedia but its pointless opening up a system to all sorts of vulnerabiliites and then trying to individually fix each one as you notice it (the signature feature of Microsoft's software). These systems aren't home computers, they've got work to do and they should be working with a very well defined set of data, not running any old rubbish that they happen to come across.
You're one of those technical, engineery type people who always looks at things from a practical and scientific point of view. We've got multi-million dollar procurement budgets and 1000s strong administrative empires to maintain here. There are senators and generals who need to be impressed; you just don't understand.
A Sneakernet breach is still a form of network breach. The firewall they needed was epoxy in the USB ports.
More generally, PNP has no place in a workplace computer system - users should not have the ability to install drives, whether they be external USB or firewire, flash thumb drives, or floppy disks or CDs. I had a user destroy a computer by playing a music CD that tried (and failed) to autoinstall some kind of multimedia presentation. It failed to install but managed to hose the NT4 install somehow. This was back before I really clamped down on the NTFS permissions. A friend had a computer that would periodically shout out "Marshall!" because he'd put an Eminem CD into it once. It took us ages to realize what was going on because it did it so infrequently.
Because some know-nothing general, whose only qualifications is that he probably knocked up (North American version) some politicians daughter then married her, ordered someone to do so. Said arrogant jackass wouldn't then listen to any advice, and threatened the (army) captain with court martial for disobeying orders. Since the order wasn't illegal (just fucking stupid), it was done. At least that's what happened when we were forced to do it in my days in that particular trench.
The trouble with closed networks is that many assume that local firewalls and up to date anti-virus measures are unnecessary because the network is inherently safe and secure. Everyone forgets that updates from developers or manufacturers have to be introduced from outside. The problem I have specifically had to deal with is that of sub-contractors attaching notebooks to a closed network to perform maintenance - and introducing worms to all the unprotected systems.
There's a large amount of smelly stuff here. How the hell would a military computer run Windows at all? But this is only the tip of the iceberg. The military is supposed to use NIPRNet and SIPRNet, for "regular" stuff and classified stuff respectively. These networks are practically separate from the civilian internet, which means that this malware probably exposed a huge hole in these networks. WTF?
http://en.wikipedia.org/wiki/SIPRNet
Can't be because they have no budget for free software like AVG or Spybot.
Maybe they should put a warning on every laptop saying this is United States Government Property and any unauthorised software running on the equipment will result in the arrest and imprisonment of the software authors.
This should scare them off.
Non secure systems should only be allowed to attach to secured systems in a controlled manner such as a ssh terminal session through a heavily controlled portal or the like. Mixing crappy consumer grade laptops with well known and widely attacked security issues on the same network as systems containing secure data is simply asking to be p0wned.
Didn't know it at the time, but it matches up with military linked friends bitching about having to reset their passwords every day for about two weeks, followed immediately by the implementation of the policy on thumb drives, since modified to allow devices which spin up, albeit requiring encrypted devices.
The problem is specifically that you do need to transfer certain data from non-secure systems and back. That data transfer is most easily accomplished these days by USB drives, thumb sticks at the time. The secure network on a battlefield necessarily involves wireless connections to cover large areas where establishing wired connections is unworkable. Once the malware is in...
As for all you foaming at the mouth haters, I'd like to leave you all on Al Queda's doorstep. Fortunately for you, the US military doesn't like that idea.
"The problem is specifically that you do need to transfer certain data from non-secure systems and back. "
No. the problem is the lack of the systems checking the identity of that drive IE It's one of those *authorized* to be connected the *secure* system and not just *any* random thumb drive loaded with whatever someone decided to load it with (in this case something quite nasty and able to spread around a substantial network.
This suggests one of 2 things.
1) No procedure in place to control which devices are *allowed* to be attached to the network.
2) Procedure in place but ignored (and any software or hardware to support it bypassed).
If this is a *secure* system (and one which is networked into a whole bunch of others) it might *look* like a regular PC but it definitely should *not* be useable like one.
After all the whining over the Gary McKinnon case and with 7 years to brief and train all relevant staff it seem *astonishing* that this can happen.
As others have pointed the US military is not well liked in many parts of the world, *especially* substantial bits of the Middle East. It's not paranoia. They really are out to get you.
Consider yourself got.
This post has been deleted by its author
Who says the secure systems and internet connected systems were in any way connected at all?
Given that we're taking USB (ie rewritable media with auto run), I'm guessing this is how it works:
* Internet-connected machine gets infected - probably from a porn site, being military, and spreads itself to all of the machine's removable media
* USB key gets infected on the internet-connected machine
* USB key gets plugged into the "secure" machine, autorun does its thing, "secure" machine gets infected as well.
* Malware hoovers up files on the "secure" machine
* USB key gets removed, plugged back into the Internet connected machine
* Malware sends the files it picked up straight out the door to wikileaks or the bogeyman or wherever.