back to article Pentagon confirms attack breached classified network

The Pentagon has opened the kimono on what it described as the “most significant breach of US military computers ever,” in which a flash drive in 2008 was used to infect large numbers of computers, including those used by the Central Command overseeing combat zones in Iraq and Afghanistan. When the device was plugged into a …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    WTF

    Thats what you get for using windows on mil computers, (not a hater, just a realist).

    1. Anonymous Coward
      Anonymous Coward

      Re: Thats what you get for using windows on mil computers

      That is what you get for not putting rudimentary system protection measures in places - things like running at low level accounts, turning off auto play, disabling usb & disks etc. and completely failing to more advanced things like intruder detection systems, monitoring internal and external boundary traffic for suspect traffic - which would have set alarm bells ringing - a level of paranoia much higher than normal is required for admin of a military network

      Using *nix would have made it harder to get in and potentially slower going - but only if the admins had a clue - because I doubt we are talking about simple hackers here

      1. Anonymous Coward
        Anonymous Coward

        Re: Thats what you get

        You would think wouldn't you

    2. Anonymous Coward
      FAIL

      More than that...

      That's what you get when secure and non-secure systems share the same network.

      And when 'secure' systems have enough connectivity that they can contact the outside world (presumably the internet).

      If you want a system to be 100% secure, I'd advise disabling the power button and disassembling everything.

      If you want a system to be as secure as it can be whilst still being usable, you'd best make sure that the network is isolated from ALL other networks - port based segregation + encrypted authorisation (802.1x) etc etc etc.

      It looks like another case of the wetware being the weakest link!

      1. Anonymous Coward
        Anonymous Coward

        re: If you want a system to be 100% secure

        really 100% secure I think needs a sealed lead lined concrete bunker about 500 mtrs below ground with no access points (including air ducts) and no cables in or out - and absolutely no power

        but seriously - security in military coms seems to have goon backwards :s

        1. John Smith 19 Gold badge
          Joke

          AC@08:46

          "really 100% secure I think needs a sealed lead lined concrete bunker about 500 mtrs below ground with no access points (including air ducts) and no cables in or out - and absolutely no power"

          So you know how MS *finally* got their C2 security rating on their servers.

    3. Wize

      Yea, their VAXen were a whole lot safer

      Especially during the Wank Worm incident.

      And the old VAXes were a whole lot more bomb proof than anything else at the time. Just remember that next time you say your machine is a whole lot better than windows. If someone wants in, they will find a way.

      1. jake Silver badge

        @Wize

        And the Morris Worm the year before that (in 1988). Same hardware platform, but running BSD not VMS. The difference is that we learned to avoid such holes over time[1]. Microsoft, on the other hand, has used meaningful filename extensions for HOW long, exactly?

        [1] I can't remember anyone similarly exploiting TOPS-10 or -20 ... Can anyone refresh my memory?

  2. Anonymous Coward
    Anonymous Coward

    Why is it

    that every time someone mentions an "unnamed foreign intelligence agency"

    I immediately think of Mossad?

    1. Anonymous Coward
      Anonymous Coward

      I doubt any foreign intelligence agency was involved this time

      More likely this was a common malware infection and the Americans wish instead to portray it as a determined, targeted attack to deflect from a lack of foresight and general incompetence.

      NT4 had the capability to lock down media via the registry more than 10 years ago.

      This is nothing new. And standard practice in any half-sober organisation with a defined security policy which the US Military surely qualifies as.

      As for the Mossad, it's entirely feasible that they were involved in the smear campaign against Julian Assange last week acting as a proxy for the CIA as they often do.

      Don't forget the Americans love to conjure up a Bogey-man. There is always someone else to blame.

    2. 3G

      I would say..

      Most likely China

  3. Martin Usher
    Black Helicopters

    So it wasn't a Network Breach after all

    Using social engineering or similar tricks to get access inside a network is not a breach of network security. Its just human error -- the weakest link in any security chain.

    The question here was why were executables allowed from a removable drive? (Also, did the drive autoexecute from the media?). Most problems from malicious software can be eliminated if you just move plain text around. Its not as spiffy as multimedia but its pointless opening up a system to all sorts of vulnerabiliites and then trying to individually fix each one as you notice it (the signature feature of Microsoft's software). These systems aren't home computers, they've got work to do and they should be working with a very well defined set of data, not running any old rubbish that they happen to come across.

    1. frank ly

      I know your sort

      You're one of those technical, engineery type people who always looks at things from a practical and scientific point of view. We've got multi-million dollar procurement budgets and 1000s strong administrative empires to maintain here. There are senators and generals who need to be impressed; you just don't understand.

    2. Eddie Johnson
      Alert

      Still A Network Breach

      A Sneakernet breach is still a form of network breach. The firewall they needed was epoxy in the USB ports.

      More generally, PNP has no place in a workplace computer system - users should not have the ability to install drives, whether they be external USB or firewire, flash thumb drives, or floppy disks or CDs. I had a user destroy a computer by playing a music CD that tried (and failed) to autoinstall some kind of multimedia presentation. It failed to install but managed to hose the NT4 install somehow. This was back before I really clamped down on the NTFS permissions. A friend had a computer that would periodically shout out "Marshall!" because he'd put an Eminem CD into it once. It took us ages to realize what was going on because it did it so infrequently.

  4. jake Silver badge

    Numpties.

    Why the fuck would anyone, with any knowledge of basic computer security, have a so-called "secure system" accessible in any way, shape or form from not-secure systems?

    And these are the idiots in charge of my nation's security? Sometimes I despair ...

    1. raving angry loony

      why have secure systems connected to non-secure?

      Because some know-nothing general, whose only qualifications is that he probably knocked up (North American version) some politicians daughter then married her, ordered someone to do so. Said arrogant jackass wouldn't then listen to any advice, and threatened the (army) captain with court martial for disobeying orders. Since the order wasn't illegal (just fucking stupid), it was done. At least that's what happened when we were forced to do it in my days in that particular trench.

  5. Anonymous Coward
    Anonymous Coward

    Closed networks

    The trouble with closed networks is that many assume that local firewalls and up to date anti-virus measures are unnecessary because the network is inherently safe and secure. Everyone forgets that updates from developers or manufacturers have to be introduced from outside. The problem I have specifically had to deal with is that of sub-contractors attaching notebooks to a closed network to perform maintenance - and introducing worms to all the unprotected systems.

  6. Anonymous Coward
    Paris Hilton

    Ooo?

    <ouch baby ouch>

    Smells like a honeypot to me though

    </ouch baby ouch>

  7. Anonymous Coward
    FAIL

    Doh!

    http://www.theregister.co.uk/Design/graphics/icons/comment/fail_32.png

    I'm betting that the machines infected weren't firewalled outbound. Imbecile 'security' admins strike again.

  8. WTF007
    Big Brother

    Phony leaks = Cyberwar

    Pretty cool how the Pentagon can sell a story by packaging it inside a "leak". Release through fake outfit some mostly worthless info then maybe the gullible will take the the whole thing at face value. Pure Genius.

  9. Ned Ludd
    Boffin

    A title is pointless

    “It was a network administrator's worst fear: a rogue program operating silently... "

    It's so much easier to spot them when they go "bing!".

    1. Mark Eccleston

      hmmmm

      Maybe someone should invent a machine to goes "bing".

      If you give a tour of a facility be sure to wheel it out to impress the brass.

      1. Anonymous Coward
        Coat

        Monty Python has one that goes "Ping"

        Maybe you could modify theirs?

        http://www.youtube.com/watch?v=arCITMfxvEc

  10. Anonymous Coward
    Grenade

    'most significant breach ever'

    So if that's the case, are they going to extradite those responsible and try them as terrorists?

    And does this mean Gary McKinnon is now only the second 'most dangerous' hacker...

    1. Steve Roper

      To answer that...

      ...no, it means they'll blame Gary McKinnon for this latest breach as well and use it as an excuse to ramp up even more pressure to get this evil and dangerous cyberwarfare mastermind extradited to the US for his show trial.

  11. Doug Glass
    Go

    Oxymoron

    Military Intelligence.

  12. Matt Bucknall
    Coat

    Who'd have thought..

    ..the W.O.P.R. even had a USB port. Damn you Falken!

  13. Daniel B.
    FAIL

    MLF, Multiple Levels of FAIL

    There's a large amount of smelly stuff here. How the hell would a military computer run Windows at all? But this is only the tip of the iceberg. The military is supposed to use NIPRNet and SIPRNet, for "regular" stuff and classified stuff respectively. These networks are practically separate from the civilian internet, which means that this malware probably exposed a huge hole in these networks. WTF?

    http://en.wikipedia.org/wiki/SIPRNet

  14. JaitcH
    FAIL

    Pathetic - and they call themselves 'secure'

    Can't be because they have no budget for free software like AVG or Spybot.

    Maybe they should put a warning on every laptop saying this is United States Government Property and any unauthorised software running on the equipment will result in the arrest and imprisonment of the software authors.

    This should scare them off.

    1. Kelvari
      Stop

      Free Software....,

      sometimes is only free for home use, such as is the case with AVG and avast! antivirus suites. Admittedly, they're cheaper than the alternatives (ex: Norton, McAfee, etc), but still far from free.

    2. Anonymous Coward
      Anonymous Coward

      Damm you've seen our policies...

      ...and the only think you can click is OK, which then proceeds with the login.

  15. Goat Jam
    Grenade

    Numpties

    Non secure systems should only be allowed to attach to secured systems in a controlled manner such as a ssh terminal session through a heavily controlled portal or the like. Mixing crappy consumer grade laptops with well known and widely attacked security issues on the same network as systems containing secure data is simply asking to be p0wned.

  16. norman
    Black Helicopters

    NMCI

    Next they will blame wikileaks.

  17. Anonymous Coward
    Grenade

    Does this mean

    they'll stop claiming Gary McKinnon carried out "the biggest military hack ever"?

    It certainly shows that they haven't learnt much from it.

    1. Anonymous Coward
      Happy

      msg from the biggest military hack ever

      My boxer shorts have my name and it says Raymond

  18. Dave Murray Silver badge

    A dozen determined computer programmers...

    Would only take one imo.

  19. Anonymous Coward
    Anonymous Coward

    It's imporant to consider security...

    ...when THE ENTIRE PLANET hates you.

    AC for obvious reasons.

  20. Anonymous Coward
    Linux

    infect large numbers of computers

    > a flash drive in 2008 was used to infect large numbers of computers

    What desktop Operating System did this flash drive infestation occur on?

    http://www.pcstats.com/articleimages/200409/BSOD_2.gif

  21. Anonymous Coward
    Anonymous Coward

    The breach was real not a hoax.

    Didn't know it at the time, but it matches up with military linked friends bitching about having to reset their passwords every day for about two weeks, followed immediately by the implementation of the policy on thumb drives, since modified to allow devices which spin up, albeit requiring encrypted devices.

    The problem is specifically that you do need to transfer certain data from non-secure systems and back. That data transfer is most easily accomplished these days by USB drives, thumb sticks at the time. The secure network on a battlefield necessarily involves wireless connections to cover large areas where establishing wired connections is unworkable. Once the malware is in...

    As for all you foaming at the mouth haters, I'd like to leave you all on Al Queda's doorstep. Fortunately for you, the US military doesn't like that idea.

    1. John Smith 19 Gold badge
      FAIL

      AC@14:23

      "The problem is specifically that you do need to transfer certain data from non-secure systems and back. "

      No. the problem is the lack of the systems checking the identity of that drive IE It's one of those *authorized* to be connected the *secure* system and not just *any* random thumb drive loaded with whatever someone decided to load it with (in this case something quite nasty and able to spread around a substantial network.

      This suggests one of 2 things.

      1) No procedure in place to control which devices are *allowed* to be attached to the network.

      2) Procedure in place but ignored (and any software or hardware to support it bypassed).

      If this is a *secure* system (and one which is networked into a whole bunch of others) it might *look* like a regular PC but it definitely should *not* be useable like one.

      After all the whining over the Gary McKinnon case and with 7 years to brief and train all relevant staff it seem *astonishing* that this can happen.

      As others have pointed the US military is not well liked in many parts of the world, *especially* substantial bits of the Middle East. It's not paranoia. They really are out to get you.

      Consider yourself got.

  22. Graham Marsden
    FAIL

    "a turning point in the Pentagon's computer defense strategy"

    So WTF were they doing between 2001 when Gary McKinnon showed how laughable US Military "Computer Security" was and 2008 when this attack happened...???

  23. This post has been deleted by its author

  24. Anonymous Coward
    Anonymous Coward

    How is it a cyber war when someone carried a worm in?

    Never mind... I get it, it's an excuse to crack down, leverage the FCC, leverage the FTC

  25. Anonymous Coward
    FAIL

    Worm:W32/Agent.BTZ

    Name : Worm:W32/Agent.BTZ

    Detection Names : Worm:W32/Agent.BTZ

    Worm:W32/Agent.BTZ

    Category: Malware

    Type: Worm

    Platform: W32

    http://www.f-secure.com/v-descs/worm_w32_agent_btz.shtml

  26. Anonymous Coward
    Black Helicopters

    Didn't anyone notice the bit about USB?

    Who says the secure systems and internet connected systems were in any way connected at all?

    Given that we're taking USB (ie rewritable media with auto run), I'm guessing this is how it works:

    * Internet-connected machine gets infected - probably from a porn site, being military, and spreads itself to all of the machine's removable media

    * USB key gets infected on the internet-connected machine

    * USB key gets plugged into the "secure" machine, autorun does its thing, "secure" machine gets infected as well.

    * Malware hoovers up files on the "secure" machine

    * USB key gets removed, plugged back into the Internet connected machine

    * Malware sends the files it picked up straight out the door to wikileaks or the bogeyman or wherever.

This topic is closed for new posts.