Spy's USB Drive Caused Worst US Military Breach
Malware loaded from a USB drive = bad.
A U.S. Military security incident from 2008 has finally been revealed and detailed by Deputy Secretary of Defense William J. Lynn III in a new article he wrote for Foreign Affairs magazine.
Lynn opened his article with this explanation:
In 2008, the U.S. Department of Defense suffered a significant compromise of its classified military computer networks. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.
Deputy Secretary of Defense characterized this as "the most significant breach of U.S. military computers ever," and it marked a turning point in the U.S. cyberdefense strategy, starting with Operation Buckshot Yankee.
Lynn estimated that more than 100 foreign intelligence organizations are trying to break into U.S. networks, which presents a sizeable challenge for the military's global communications backbone, which covers 15,000 networks and 7 million computing devices in dozens of countries.
(Source: Cnet.)
- Man Gets Drunk, Shoots Company Server With .45
- Apple Manager Stashed $150,000 in Shoeboxes
- This Android Tablet Doesn't Need Glasses for 3D
- Crysis 2 $150 Nano Edition Detailed in Video
- Microsoft's Internet Explorer 9, Dissected
- Intel Making Computers That Will Read Your Mind
- Why Valve Nuked Portal 2's VS. Multiplayer Mode
- In Pictures: Insanity At Gigabyte's GO OC 2010
- Your Smartphone CPU May Go into Data Centers
- Intel Says it Will Out-Wrestle ARM in Power Usage
- Valve Wants to Make Half-Life Movie Themselves
- Intel's Sandy Bridge CPUs Will Play Blu-ray 3D
- Gigabyte's VGA Cooling Resembles Car Radiator
- Best Configs Return, Powered By Tom's Hardware Forums
- Intel Buys Infineon's Wireless for $1.4 Billion Cash
- AMD to Ditch the ATI Brand for Radeon Graphics
- Microsoft: Something Big Coming for PC Gamers
- Leak Reveals Toshiba Tegra 2, Android 2.2 Tablet
Dang. When's the movie coming out?
So mix this, with the intel mind reading stuff, and the apple liquid alloy metal, and we have Skynet...
Not surprising.
all your base are belong to us!!
nothing surprises me anymore.. if it was something "top secret" they wouldnt be broadcasting it in the first place.. the medias full of it..
Lynn estimated that more than 100 foreign intelligence organizations are trying to break into U.S. networks, which presents a sizeable challenge for the military's global communications backbone, which covers 15,000 networks and 7 million computing devices in dozens of countries.
LOL WAT
So this is what it took for them to say "no flash drives from outside computers!" or maybe, just maybe, they used one of the zillion available methods to disallow flash drive usage altogether. How hard is that idea to come up with? What about sandboxing any external drive? Persistent internal firewalls? There are so many ways to stop this from happening that it defies belief. Hell, a compromised flash drive was the plot of a damn movie prior to 2008 (the Recruit, 2003) and they still didn't think it was worth safeguarding??? It's nice to see the $600 billion or so per year is well spent!
The best part of this is the fact there is an "Ironkey the worlds most SECURE flash drive" add right beside the comment box.
well played Ironkey.
naah, i saw an ad for kapersky antivirus...
Btw, this is why computers connected to secure networks were not allowed to have floppy drives for years.
The best part of this is the fact there is an "Ironkey the worlds most SECURE flash drive" add right beside the comment box.well played Ironkey.
Really i have adds for summer's eve........ what are they trying to tell me?
I knew as i was posting, that it was a banner that would be diffrent for everyone. Ah well just funny for me then
Really i have adds for summer's eve........ what are they trying to tell me?
Yeah, I hate it when Google Ads tells me I am a douche.
Maybe Uncle Sam needs to realize that the "Business" version of Symantec's Norton Antivirus just doesn't cut it anymore.
LOL
And my friend said that 24 wasn't real...
LOL WATSo this is what it took for them to say "no flash drives from outside computers!" or maybe, just maybe, they used one of the zillion available methods to disallow flash drive usage altogether. How hard is that idea to come up with? What about sandboxing any external drive? Persistent internal firewalls? There are so many ways to stop this from happening that it defies belief. Hell, a compromised flash drive was the plot of a damn movie prior to 2008 (the Recruit, 2003) and they still didn't think it was worth safeguarding??? It's nice to see the $600 billion or so per year is well spent!
See, what you neglect to account for is the senior guy at the U.S. Central Command that demanded he have unfettered access to the internet AND the secured networks. Plus, he absolutely needed to be able to hook up flash drives, because he needed to print off his daughters school project and his printer at home was on the fritz. The number one reason network security fails is the users, not some outside threat that is attacking said network.
I just thought of a related anecdote. I used to work with some guys that eventually moved on to work at one of the national labs in ABQ. They had a security briefing about all sorts of things not allowed on the facility (anything that can record audio, video, etc...), CDs, floppy discs, mp3 players. Employees were issued company cell phones, they were not allowed to bring their own into the facility. During the meeting, someone in the audience stood up and asked the senior security agent "What about these?" and held up a USB flash drive. Of course, the security agent didn't even know what it was. So yeah, our national security and secrets are in good hands for sure.
Retaliate with kinetic weapons... ASAP.
Now that sounds like a real modern spy story. This thing with the Russians earlier this year sounded more like a crackdown on spy retirement plans.
They forgot to use McAfee
That is why you keep your tech people out of the general military population. ITpro's with above average skills don't want to put on a pair of boots and get a ass chewing by some Idiot on a power trip for 8 weeks just to keep the servers secure.
I'd bet money on china having some hand in this
And how many other countries is the US doing this to? In the "intelligence" world, what comes around goes around.
That is why you keep your tech people out of the general military population. ITpro's with above average skills don't want to put on a pair of boots and get a ass chewing by some Idiot on a power trip for 8 weeks just to keep the servers secure.
Too True. You can't "SIR YES SIR" your way to good information security; it's like trying to order an army team to make a painting or write good fiction; it's incredibly multidisciplinary and just because someone can do 100 pushups doesn't mean they can secure a network.
Let me guess they found the drive on the ground in the camp and plugged it in to see who it belonged to. People should know better than to just plug a drive in and not know whats on it.
How hard is that idea to come up with? What about sandboxing any external drive? Persistent internal firewalls? There are so many ways to stop this from happening that it defies belief.
There also are as many ways to evade protection and break things as there are to stop this from happening. If you can make it you can break it.
One creative, out-of-the-box idea can make those protections completely useless. How else do you think security breaches are still so common?
Apparently the military needs to learn how to turn off Auto-Run.
I can put infected flash drives in my computer all I want. It won't execute anything on them and only an idiot would click on an executable file, especially while on a secured military network.
I use to work with a guy that inadvertently put the Conflicker.A virus on our network via a USB Flash. It happens.
with 15,000 networks and 7 million devices and who knows how many not so security savvy users, it's really hard to secure the entire system. remember a chain is as strong as its weakest link. so too is your network.
lol yeah i remember when that happened back in the 82nd we couldn't use any external devices after that...
hmm.... i see it as simply just an autorun virus explained in a much detailed military way.
That's not to be surprise. Even us were all vulnerable too.
LOL WATSo this is what it took for them to say "no flash drives from outside computers!" or maybe, just maybe, they used one of the zillion available methods to disallow flash drive usage altogether. How hard is that idea to come up with? What about sandboxing any external drive? Persistent internal firewalls? There are so many ways to stop this from happening that it defies belief. Hell, a compromised flash drive was the plot of a damn movie prior to 2008 (the Recruit, 2003) and they still didn't think it was worth safeguarding??? It's nice to see the $600 billion or so per year is well spent!
It's the US Military.. Radio Shack has a better security policy and a more knowledgeable staff.