Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DoD Takes Criticism From Security Experts On Cyberwar Incident

Soulskill posted about 4 years ago | from the no-mr-bond-i-expect-you-to-torrent dept.

Government 116

wiredmikey writes "Undersecretary of Defense William J. Lynn is being challenged by IT security experts who find it hard to believe that the incident which led to the Pentagon's recognizing cyberspace as a new 'domain of warfare' could have really happened as described. In his essay, 'Defending a New Domain,' Lynn recounts a widely-reported 2008 hack that was initiated when, according to Lynn, an infected flash drive was inserted into a military laptop by 'a foreign intelligence agency.' Critics such as IT security firm Sophos' Chief Security Adviser Chester Wisniewski argue that this James Bond-like scenario doesn't stand up to scrutiny. The primary issue is that the malware involved, known as agent.btz, is neither sophisticated nor particularly dangerous. A variant of the SillyFDC worm, agent.btz can be easily defeated by disabling the Windows 'autorun' feature (which automatically starts a program on a drive upon insertion) or by simply banning thumb drives. In 2007, Silly FDC was rated as Risk Level 1: Very Low, by security firm Symantec."

cancel ×

116 comments

Sorry! There are no comments related to the filter you selected.

Lifting the Lid on the Guilty Yid (-1, Troll)

Anonymous Coward | about 4 years ago | (#33477974)

The liberals got it exactly right. For years now they’ve been telling us how “vibrant” mass immigration has made stale, pale White societies. Well, London was certainly vibrating on 7th July and that got me thinking: What else have the liberals got right? Mass immigration “enriches” us too, they’ve always said. Is that “enrich” as in “enriched uranium”, an excellent way of making atom bombs? Because that’s what comes next: a weapon of real mass destruction that won’t kill people in piffling dozens but in hundreds of thousands or millions. Bye-bye London, bye-bye Washington, bye-bye Tel Aviv.

I’m not too sure I’d shed a tear if the last-named went up in a shower of radioactive cinders, but Tel Aviv is actually the least likely of the three to be hit. What’s good for you ain’t good for Jews, and though Jews have striven mightily, and mighty successfully, to turn White nations into multi-racial fever-swamps, mass immigration has passed the Muzzerland safely by. And mass immigration is the key to what happened in London. You don’t need a sophisticated socio-political analysis taking in Iraq, Afghanistan, Bosnia, Jewish control of Anglo-American foreign policy, British colonialism, and fifteen centuries of Christian-Muslim conflict. You can explain the London bombs in five simple words:

Pakis do not belong here.

And you can sum up how to prevent further London bombs – and worse – in three simple words:

PAKI GO HOME.

At any time before the 1950s, brown-skinned Muslim terrorists would have found it nearly impossible to plan and commit atrocities on British soil, because they would have stood out like sore thumbs in Britain’s overwhelmingly White cities. Today, thanks to decades of mass immigration, it’s often Whites who stand out like sore thumbs. Our cities swarm with non-whites full of anti-White grievances and hatreds created by Judeo-liberal propaganda. And let’s forget the hot air about how potential terrorists and terrorist sympathizers are a “tiny minority” of Britain’s vibrant, peace-loving Muslim “community”.

Even if that’s true, a tiny minority of 1.6 million (2001 estimate) is a hell of a lot of people, and there’s very good reason to believe it isn’t true. Tony Blair has tried to buy off Britain’s corrupt and greedy “moderate” Muslims with knighthoods and public flattery, but his rhetoric about the “religion of peace” wore thin long ago. After the bombings he vowed, with his trademark bad actor’s pauses, that we will... not rest until... the guilty men are identified... and as far... as is humanly possible... brought to justice for this... this murderous carnage... of the innocent.

His slimy lawyer’s get-out clause – “as far as is humanly possible” – was soon needed. Unlike Blair and his pal Dubya in Iraq and Afghanistan, the bombers were prepared not only to kill the innocent but to die themselves as they did so. And to laugh at the prospect: they were captured on CCTV sharing a joke about the limbs and heads that would shortly be flying. Even someone as dim as Blair must know you’ve got a big problem on your hands when there are over 1.6 million people in your country following a religion like that.

If he doesn’t know, there are plenty of Jewish journalists who will point it out for him. There’s the neo-conservative Melanie Phillips in Britain, for example, who never met an indignant adverb she didn’t like, and the neo-conservative Mark Steyn in Canada, who never met an indignant Arab he didn’t kick. Reading their hard-hitting columns on Muslim psychosis, I was reminded of a famous scene in Charles Dickens’ notoriously anti-Semitic novel Oliver Twist (1839). The hero watches the training of the villainous old Jew Fagin put into action by the Artful Dodger:

What was Oliver’s horror and alarm to see the Dodger plunge his hand into the old gentleman’s pocket, and draw from thence a handkerchief! To see him hand the same to Charley Bates; and finally to behold them both running away round the corner at full speed! He stood for a moment tingling from terror; then, confused and frightened, he took to his heels and made off as fast as he could lay his feet to the ground.
In the very instant when Oliver began to run, the old gentleman, putting his hand to his pocket, and missing his handkerchief, turned sharp round. Seeing the boy scudding away, he very naturally concluded him to be the depredator; and shouting “Stop thief!” with all his might, made off after him. But the old gentleman was not the only person who raised the hue-and-cry. The Dodger and Master Bates, unwilling to attract public attention by running down the open street, had merely retired into the very first doorway round the corner. They no sooner heard the cry, and saw Oliver running, than, guessing exactly how the matter stood, they issued forth with great promptitude; and, shouting “Stop thief!” too, joined in the pursuit like good citizens.

“Wicked Muslims!” our two Jewish Artful Dodgers are shouting. “Can’t you see how they hate the West and want to destroy us?” Well, yes, we can, but some of us can also see who the original West-haters are. Mark Steyn claims not to be Jewish, but his ancestry shines through time after time in his writing. Above all, there’s his dishonesty. One week he’s mocking anti-Semites for claiming that the tiny nation of Israel could have such a powerful influence for bad on the world’s affairs. The following week he’s praising the British Empire for having had such a powerful influence for good. You know, the world-bestriding British Empire – as created by a tiny nation called Britain.

If the Brits could do it openly and honestly, Mr Steyn, why can’t the yids do it by fraud and deception? And the yids have done it, of course. They’ve run immigration policy and “race relations” in Europe and America since the 1960s, and Steyn is very fond of pointing out what’s in store for Europe as our Jew-invited non-white guests grow in number and really start to show their appreciation of our hospitality.

Funnily enough, I’ve never seen him point out that the same is in store for North America, which has its own rapidly growing non-white swarms. And when Steyn launches one of his regular attacks on the lunacies of multi-culturalism and anti-racism, a central fact always somehow seems to escape his notice. He recently once again bemoaned the psychotic “Western self-loathing” that has such a “grip on the academy, the media, the Congregational and Episcopal Churches, the ‘arts’ and Hollywood”. Exhibit one: the multi-culti, hug-the-world, “Let’s all be nice to the Muslims” memorial for 9/11. This was his list of those responsible for it:

Tom Bernstein... Michael Posner... Eric Foner... George Soros...
Well, that’s a Jew, a Jew, a Jew, and a Jew – sounds like a lampshade collector showing off his Auschwitz shelf. But fearless “Tell It Like It Is” Steyn, ever-ready to mock the “racial sensitivity” of deluded liberals, is himself very sensitive about race when it comes to the Chosen Ones. He’ll kick dark-skinned Muslims and their liberal appeasers till the sacred cows come home and he can start kicking them too, but just like Melanie Phillips he never whispers a word about the Jews who created liberal appeasement or about the enormous power Jews wield in “the academy, the media, the 'arts', and Hollywood”.

The same is true of all other Jewish “conservatives”. They’re shouting “Stop thief!” at the top of their voices and hoping that no-one will notice that they all belong to the biggest race of thieves who ever existed. Those bombs went off in London because Jews have stolen large parts of Britain from their rightful White inhabitants and handed them over to the non-white followers of a psychotic alien religion. When non-whites commit more and worse atrocities in future, you won’t need to ask who’s really responsible: it’s liberal Jews like Tom Bernstein and George Soros, who organize mass immigration and the anti-racism industry, and “conservative” Jews like Mark Steyn and Melanie Phillips, who distract White attention from the racial motives of Jews like Soros and Bernstein. Heads they win, tails we lose – liberal, “conservative”, they’re all of them Jews.

lulz (1, Insightful)

Anonymous Coward | about 4 years ago | (#33477982)

Millitary runs windows without disabling autorun. Now that's egg on your face...

Re:lulz (1, Funny)

Anonymous Coward | about 4 years ago | (#33478152)

Clearly they need to create a new command structure and several brave new cyberwarfighter divisions to hold shift while inserting media. Higher ranking officers can take tech support calls or power cycle the nuke fire control on schedule.

Re:lulz (3, Interesting)

JackieBrown (987087) | about 4 years ago | (#33479222)

Where I work, someone inadvertently emailed emailed a spreadsheet of the 3000+ employees social security numbers, addresses, salaries, and our date of births.

Their solution was to disable access to our personal email so that one one could leak that info to anyone else. It has been half a week and our personal emails are still blocked.

The funny part is that I just plugged in my usb drive and windows popped up asking if I wanted to "open folders to view files" and sure enough, I can access my data on it and move information from my computer to it without the cyber trail.

And I work at a "hippa complainant" medical equipment company.

Funny thing is, since the person who sent the email is high enough on the food chain, they are still here while IT is checking to see if anyone emailed or copied it and threatening action against those employees.

Re:lulz (2, Informative)

JackieBrown (987087) | about 4 years ago | (#33479264)

Re:lulz (1)

Venik (915777) | about 4 years ago | (#33480566)

This is hilarious. A company specializing in identity theft prevention could not safeguard personal data of its own employees. The problem, of course, is not that some bigwig mistakenly sent a spreadsheet with names and SSNs. The problem is that such a spreadsheet existed in the first place and how it was released is really a secondary issue. I assume the guy just downloaded this information from HR database and put it in a spreadsheet for his personal managerial convenience. Probably so he can make pretty pie charts of the upcoming layoffs. This medieval approach to storing and transmitting employee PII suggests a possibility that KCI treats personal information of its customers in a similar manner.

Excel: scourge of IT (2, Interesting)

mangu (126918) | about 4 years ago | (#33480630)

Where I work, someone inadvertently emailed emailed a spreadsheet of the 3000+ employees social security numbers, addresses, salaries, and our date of births.

That's the result of having a tool that allows computer-illiterate people to process data.

When the printing press was invented people started learning to read and write. They learned spelling and grammar.

When the GUI was invented people started forgetting how to read and write. They want to click on icons because they don't want to learn the spelling and grammar of the commands that control the computer.

In the computer world, Johannes Gutenberg invented the comic book.

TrSinemac (-1, Offtopic)

Anonymous Coward | about 4 years ago | (#33478010)

hello

http://trsinemaci.co.cc

They fucked up something really really basic (4, Insightful)

HungryHobo (1314109) | about 4 years ago | (#33478022)

on military systems.

And so they can either pretend it didn't happen or pretend that they were only defeated by a dedicated and skilful foe rather than by their own ineptitude and laziness.

they went with the latter.

Re:They fucked up something really really basic (3, Insightful)

icebike (68054) | about 4 years ago | (#33478190)

You assume the fucked up.

Just because the version of this worm that is common in the wild is not particularly dangerous does not mean that the version used in the attack (or the fuckup if you will) was the same.

How you administer an injection matters a lot less than what was in the syringe.

Auto-run might have stopped this worm, but turning that off did not become standard practice till the Vista roll out, and the military may have had reason to use auto-run. To simply state that some minor setting in windows would have prevented this is naive.

The fuckup, if there was one, was allowing a foreign intelligence agency to get close to a military laptop.

Re:They fucked up something really really basic (1)

HungryHobo (1314109) | about 4 years ago | (#33478242)

oh come on, autorun has been spreading USB viruses for years.
Turning it off was basic common sense before vista ever hit the shelves.

Re:They fucked up something really really basic (2, Informative)

icebike (68054) | about 4 years ago | (#33478420)

But you are assuming facts not yet proven.
1) that it was in fact the commonly found version of this worm that was used rather than a specially crafted one
2) that it required auto-run to do what it was designed to do.
3) that auto-run was in fact still on in the subject machine

Re:They fucked up something really really basic (1, Insightful)

davester666 (731373) | about 4 years ago | (#33478784)

By 'fucked up', he meant that they had installed Windows (any version) on pretty much all their computers.

Re:They fucked up something really really basic (1)

wealthychef (584778) | about 4 years ago | (#33478978)

He's also assuming that
4) Everyone in the military uses common sense.

Re:They fucked up something really really basic (1)

Runaway1956 (1322357) | about 4 years ago | (#33479050)

"Auto-run might have stopped this worm, but turning that off did not become standard practice till the Vista roll out, and the military may have had reason to use auto-run." Sorry - but auto-run is a known security risk, and it has been known for a lot longer than Vista has been in existence. This is the MILITARY we are talking about. The MILITARY is supposed to be more security conscious than Joe Blow who has nothing more important on his hard drives than some illegal porn.

Re:They fucked up something really really basic (1)

quanticle (843097) | about 4 years ago | (#33479612)

The damning portion of this experience isn't that a worm got on to military networks. The damage comes from the fact that this was an autorun worm. These worms are dependent entirely on human intervention to spread, and therefore spread much more slowly than automated worms targeting operating system vulnerabilities. Yet the military was unable to defend itself against this inept attack. If they have trouble defeating an autorun worm (something that a reasonably competent IT department can handle) how are they going to defend against the more sophisticated threats that sure to be on the way?

Re:They fucked up something really really basic (1)

icebike (68054) | about 4 years ago | (#33480122)

You've hit upon a key aspect of the event here, but I'n not sure you've interpreted it correctly.

See that is the part of the story that doesn't hold water, and its why I think the military may have more knowledge of this than the naive attention seeking critics.

This worm would be a really poor way to spread an intrusion, because of the need for human assistance to get started, and because it is essentially harmless and low risk and easily detected by anti-virus software both then and now.

Further, if you were the foreign intelligence agent that deposited this on a Centcom computer, would you wait for it to activate itself? You've risked your life to get in a position to do so, why would you not click that mouse one more time and run it yourself (making the whole auto-run issue a non issue).

Further, you miss the fact that Auto-run is not its principal method of spreading. Its just a subtle method of introduction. It spreads thru the network. See this article:

http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html [threatexpert.com]

Its not like this thing is dependent on someone slipping thumb drives into computers all the way all the way from Iraq to the Pentagon.

It may have been a ruse, or it was a heavily modified form carrying a far more sophisticated (Translation: Chinese) payload.

In any event it is simply impossible to be the standard Agent.btz that everyone here heaps derision upon.

And Auto-Run being ON or OFF would not have made one iota of difference once its on the net.

Re:They fucked up something really really basic (1)

ultranova (717540) | about 4 years ago | (#33480402)

See that is the part of the story that doesn't hold water, and its why I think the military may have more knowledge of this than the naive attention seeking critics.

This worm would be a really poor way to spread an intrusion, because of the need for human assistance to get started, and because it is essentially harmless and low risk and easily detected by anti-virus software both then and now.

Someone brought an infected USB stick from home. I'm sorry, but that's the most likely scenario, and certainly far more likely than someone wastes an agent who's managed to get access to military network in a completely pointless attack.

In all likelihood this wasn't an attack, unless your count attacks of stupidity, and those are just as common with military as they are with any other group.

Re:They fucked up something really really basic (1)

icebike (68054) | about 4 years ago | (#33480418)

If you think that is the likely explanation then you haven't read a single word about the extent of the damage and the amount of files stolen in this incident.

Re:They fucked up something really really basic (1)

HungryHobo (1314109) | about 4 years ago | (#33480626)

"and easily detected by anti-virus software both then and now."

And this is the simple reason why no sophisticated attacker would use an already known virus.
Viruses are not that hard to write, I'm only a moderately skilled programmer and I've written a couple for the sake of proving I could (never released though).

If you use a known virus that's already infected grandmas computer then the AV companies will know it.

If you write your own with code unknown to the AV companies, even a fairly trivial virus that avoids disrupting the system or moving out into the greater internet can remain hidden indefinitely.

The simple fact that it was detected as Agent.btz at all will tell you that it's not a foreign intelligence service arranging the infection and is vastly vastly more likely to be a simple case of joe blogs plugging a thumb drive into his infected home machine and then taking it back into work.
Anyone with a serious goal of compromising specific military systems will roll their own if only to avoid detection.
And deniability is a paltry claim, viruses don't come with a "made in" sticker, a custom virus would be little different from the legions of programs created every day by people looking to steal credit card numbers and you're not going to be able to tie it back to whoever created it unless they fuck up.

Actually being ON or OFF makes all the difference.
It does spread through the network- using autorun.

Another infection vector: when a clean computer attempts to map a drive letter to a shared network resource that has Agent.atz on it and the corresponding autorun.inf file, it will (by default) open autorun.inf file and follow its instruction to load the malware. Once infected, it will do the same with other removable drives connected to it or other computers in the network that attempt to map a drive letter to its shared drive infected with Agent.atz - hence, the replication.

Did you even read the article you linked?

Any vaguely security conscious and competent network admin disables autorun and has since long before vista.
There's fuck all essential uses for autorun more significant than the security threat it of having it turned on.

Re:They fucked up something really really basic (0)

Anonymous Coward | about 4 years ago | (#33480064)

the military may have had reason to use auto-run.

Since the problem which auto-run solves is just "needing to doubleclick an icon after inserting a drive", I think I'm going to go with "their own ineptitude and laziness" on this one.

Re:They fucked up something really really basic (1)

icebike (68054) | about 4 years ago | (#33480134)

Seriously? Is that all you got?

No one even knows if auto-run was involved, any you have convinced them in the court of ignorance without even a glance at the facts.

Re:They fucked up something really really basic (1)

HungryHobo (1314109) | about 4 years ago | (#33480644)

Autorun is the only infection vector of Agent.btz, through thumbdrives or through network drives.

If it was not agent.btz then they're being convicted in the the court of ignorance by their own claims.
If it really was agent.btz then they deserve the accusations of incompetence.

Re:They fucked up something really really basic (0)

Anonymous Coward | about 4 years ago | (#33480812)

I think we (the US) should just launch all the nukes, we have enough tinfoil hats in the world and enough in the military, let's release all that paranoia in one cathartic moment, like a huge nuclear fueled orgasm for the war machine and the paranoid crack pots who support it.
WHO REALLY CARES ANY LONGER, THEY WILL JUST FUD YOU WITH LIES, LIE MORE TO COVER UP THOSE LIES AND TWIST THE TRUTH AND SUBVERT ANYONE WHO DOESN'T TOE THE LINE.
So, I know what I did had value to the economy, I am no longer doing it, because contributing to the insanity would make me feel as if I had some ethereal hand in generating this madness that is destroying the world.
STOP IT ALL!!!!!!!!
Tune out the media, their circus has just been turned up to 11 and the volume knob pried off.

Re:They fucked up something really really basic (1)

Thinboy00 (1190815) | about 4 years ago | (#33481150)

In military grade security, there is no legitimate reason to enable autorun, since you can always just manually start the program if you really want to start it.

Re:They fucked up something really really basic (1)

PK Tech Guy (1310715) | about 4 years ago | (#33481566)

How you administer an injection matters a lot less than what was in the syringe

Thats what she said.

easily defeated, only if you disable the vector (5, Informative)

YrWrstNtmr (564987) | about 4 years ago | (#33478036)

A variant of the SillyFDC worm, agent.btz can be easily defeated by disabling the Windows 'autorun' feature (which automatically starts a program on a drive upon insertion) or by simply banning thumb drives.

But in 2007, that wasn't the case. Autorun usually on, and thumb drives not banned. The Air Force SDC (Standard Desktop Configuration) and the follow-on FDCC (Federal Desktop Core Configuration) ended that.

Re:easily defeated, only if you disable the vector (3, Insightful)

antifoidulus (807088) | about 4 years ago | (#33478090)

How about just getting rid of the main attack vector(Windows) altogether? The DoD "security" policies seem like they were written by Microsoft specifically to push Microsoft products. Windows is still the darling child of the DoD and anything else is considered "dangerous" and is subject to infinitely more scrutiny than Windows boxes are. And yet Windows is the most attacked(even if you scale the # of attacks to it's market share), most easily defeated OS out there. Hell even Google banned Windows after it got hacked(via Windows, what else!).

Re:easily defeated, only if you disable the vector (3, Informative)

icebike (68054) | about 4 years ago | (#33478220)

How about just getting rid of the main attack vector(Windows) altogether? The DoD "security" policies seem like they were written by Microsoft specifically to push Microsoft products. Windows is still the darling child of the DoD and anything else is considered "dangerous" and is subject to infinitely more scrutiny than Windows boxes are.

[citation needed]

Military computers, especially in theater, get a custom install of windows, that is well known, because it is a special build, well studied and vetted.

You seem to be asking that something else, linux, apple, bsd, be allowed in without that same level of scrutiny.

But because you managed to bash both the military and microsoft in a single sentence you will probably be modded up anyway.

Re:easily defeated, only if you disable the vector (4, Informative)

hedwards (940851) | about 4 years ago | (#33478276)

Yeah, the DoD is really known for being secure. Remind me again how it was that Gary McKinnon managed to get into all those military computers? Oh, right, they had no password or a default password and no firewall which anybody could've accessed had they the stones or the poor judgment to try. But beyond that, even in its default state BSD is more secure than Windows is in that respect because you can't mount anything by default without having root. Now, there is an exception on most computers by booting into single user mode, but there's ways of handling that which can greatly reduce the likelihood of being haxxored. Unless I'm mistaken you can do that with Linux and Mac OSX, although generally not by default.

But beyond that because most of the individuals with knowledge of securing computer systems are younger and lower in rank, it can be kind of a toughy actually getting proper orders and resources to secure things. Or at least I assume that's what happened, it's the only explanation I can think of that's even halfway plausible that doesn't involve outright treason.

was that a trap system? old systems that where not (1)

Joe The Dragon (967727) | about 4 years ago | (#33479672)

was that a trap system? old systems that where not updated but still where siting on part of the network?

Or did he point how bad there systmes are and they just tried to cover it up and though the book at him?

Re:easily defeated, only if you disable the vector (5, Insightful)

antifoidulus (807088) | about 4 years ago | (#33478400)

And yet it gets hacked. It crashes constantly, it constantly needs virus updates etc. And yet there are a HUGE(before 2008 or so you couldn't actually totally disable autorun in Microsoft) security holes but they are just given a pass. The scrutiny applied to Windows is nothing compared to the amount applied to Linux because, and this is DoD policy, "Linux is open source and thus 'untrusted'". The level of logging required for Linux is insane and yet they really don't require the same level from Windows because you CANNOT log that much in Windows. Hosts.deny is required for Linux but no equivalent for Windows. nosuid has to be applied to every non-root drive for Linux, again nothing even close for Windows because Windows is simply incapable of such security. They allow NTLMv2 despite the fact that it is a proprietary protocol and thus incredibly insecure. Why, because it's really difficult to get Windows(esp. XP, which is still allowed) to authenticate with open, cryptographically secure protocols. They allow local and network users a lot more privileges on machines because it's impossible to actually get Windows operating smoothly without those privileges. The list goes on.

Quite simply put Windows lacks a lot of the basic security mechanisms that ALL other operating systems possess. And instead of doing the rational thing and banning Windows because of its shortcomings the DoD just brushes Windows' shortcomings aside(largely because Microsoft has a lot of lobbyists in high places in Washington). You can be sure as shit that the Chinese PLA isn't using Windows and when the cyberwar comes the Chinese are going to have a HUGE advantage because they aren't saddled with such a primitive OS. You think I am anti-DoD, I'm not. If I was I would be cheering their use of windows. If there is a cyber-war, I want my country to win which is why I think they need to BAN Windows ASAP. Microsoft has repeatedly shown that it is either unable or unwilling to fix their shit, so dump the motherfuckers already.

Re:easily defeated, only if you disable the vector (1)

Jane Q. Public (1010737) | about 4 years ago | (#33478776)

The mere fact that DoD calls software "untrusted" because it's open source reveals a lot about the level of their collective knowledge/intelligence.

That's kind of like saying "We trust the contents of this closed shipping crate because we were told what's in it. But we don't trust the contents of that open shipping crate, even though we can see for ourselves what's in it."

Sometimes my government makes me embarrassed to be an American.

Re:easily defeated, only if you disable the vector (4, Informative)

flydpnkrtn (114575) | about 4 years ago | (#33479090)

Surprise: the DoD uses Linux, and they have the same guides for locking and hardening Linux as they do for other Unices (Solaris) and for Windows.

See http://iase.disa.mil/stigs/stig/unix-stig-v5r1.pdf [disa.mil] (search for Linux) for examples.

Re:easily defeated, only if you disable the vector (3, Informative)

Jane Q. Public (1010737) | about 4 years ago | (#33479542)

Well, considering general natures of government and military today, I was willing to believe that Open Source was indeed "untrusted". But since you brought it up, I did some looking and found that there was an official DoD memorandum approving of Open Source back in 2003, updated in 2009. The 2009 document says, in part:

(1) There are positive aspects of OSS that should be considered when conducting market research on software for DoD use, such as:

(i) The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team.

(ii) The unrestricted ability to modify software source code enables the Department to respond more rapidly to changing situations, missions, and future threats.

(iii) Relianceonaparticularsoftwaredeveloperorvendorduetoproprietary restrictions may be reduced by the use of OSS, which can be operated and maintained by multiple vendors, thus reducing barriers to entry and exit.

(iv) Open source licenses do not restrict who can use the software or the fields of endeavor in which the software can be used. Therefore, OSS provides a net-centric licensing model that enables rapid provisioning of both known and unanticipated users.

(v) Since OSS typically does not have a per-seat licensing cost, it can provide a cost advantage in situations where many copies of the software may be required, and can mitigate risk of cost growth due to licensing in situations where the total number of users may not be known in advance. (vi) By sharing the responsibility for maintenance of OSS with other users, the Department can benefit by reducing the total cost of ownership for software, particularly compared with software for which the Department has sole responsibility for maintenance (e.g., GOTS). (vii) OSS is particularly suitable for rapid prototyping and experimentation, where the ability to "test drive" the software with minimal costs and administrative delays can be important.

(2) While these considerations may be relevant, they may not be the overriding aspects to any decision about software. Ultimately, the software that best meets the needs and mission of the Department should be used, regardless of whether the software is open source.

. . .

Re:easily defeated, only if you disable the vector (1)

ToasterMonkey (467067) | about 4 years ago | (#33479600)

Well, considering general natures of government and military today, I was willing to believe...

Hey, what do /., AM radio talk shows, and FOX News have in common? People like you!!!!!!

Re:easily defeated, only if you disable the vector (1)

Jane Q. Public (1010737) | about 4 years ago | (#33479708)

Why yes, they do! But obviously you are one of the rare exceptions.

Re:easily defeated, only if you disable the vector (1)

flydpnkrtn (114575) | about 4 years ago | (#33479714)

Hey, what do /., AM radio talk shows, and FOX News have in common? People like you!!!!!!

Oh come on now that's not fair... as I allude to in my reply to Jane Q., there are those even *inside* the DoD community who have the same preconceptions about FOSS "being insecure"....

Re:easily defeated, only if you disable the vector (1)

flydpnkrtn (114575) | about 4 years ago | (#33479706)

Yup... and when the subject has been brought up by those spreading FUD at work about FOSS (I'm employed by DoD) I have busted out that very same memo and quoted from it :)

Re:easily defeated, only if you disable the vector (0)

Anonymous Coward | about 4 years ago | (#33480732)

Quite simply put Windows lacks a lot of the basic security mechanisms that ALL other operating systems possess.

You are quite simply wrong, Windows XP and greater do not lack basic security mechanisms. You are clearly not well informed in this area. Windows Vista and Windows 7 infact have more powerful "security mechanisms", than any of the 3 main BSDs, Debian, OS X, Ubuntu, SuSE etc. Windows XP and greater, by default, has a far more powerful permission system than POSIX defines, that enables the administrator to more gracefully create complex permission hierarchies.

Just have a browse of this page:
https://secure.wikimedia.org/wikipedia/en/wiki/Security_and_safety_features_new_to_Windows_Vista

The process, security sandboxing feature, I believe was introduced with Windows Vista is also very powerful, and is missing by default, or lacking in many other operating systems. I know that Google Chrome makes use of it:
http://www.pcadvisor.co.uk/news/index.cfm?newsid=3209915&spotlight=1164:b

I'm not a fan of Microsoft, but I wont spread lies about them, especially in areas where they excel. Just because out of the box many of the security mechanisms aren't well configured, or enabled does not mean they are not there and are not being put to their full use in some organisations.

Where I perceive Microsoft lack, is:
  * Their use of proprietary systems that are not fully open to scrutiny by security researchers,
  * Their slow patching of of bugs that pose security issues to the system.
  * Their opaque security practices. They've been caught secretly rolling out security patches by hiding them in operating system updates that are marked as not being security related. I imagine this is to help create the illusion that Microsoft don't get many vulnerabilities in their code.
  * Their malicious, self-serving creation and maintenance of their Desktop operating system monopoly. With so many people using just one system it makes us vulnerable - all our eggs are in one basket.

Just to be clear: I am not stating that Microsoft make "secure" systems, I am simply stating that they do have decent "security mechanisms".

Re:easily defeated, only if you disable the vector (3, Insightful)

Lord_Frederick (642312) | about 4 years ago | (#33478408)

DoD is very big, and there are hundreds of thousands of DoD computers that don't follow the simplest security best practices. Just because the NSA publishes a document on how a Windows box should be configured, doesn't mean it gets configured that way in the field. Military IT is just like social issues; The only area not being neglected and starved of resources is the last area to have a major shitstorm.

Re:easily defeated, only if you disable the vector (1)

icebike (68054) | about 4 years ago | (#33478934)

This story deals with computers in a war zone during 2008.

We are not talking about some receptionist in a recruiting office in Kansas.

Re:easily defeated, only if you disable the vector (0)

Anonymous Coward | about 4 years ago | (#33478922)

How about just getting rid of the main attack vector(Windows) altogether? The DoD "security" policies seem like they were written by Microsoft specifically to push Microsoft products. Windows is still the darling child of the DoD and anything else is considered "dangerous" and is subject to infinitely more scrutiny than Windows boxes are.

[citation needed]

Military computers, especially in theater, get a custom install of windows, that is well known, because it is a special build, well studied and vetted.

Apparently so "well-studied and vetted" that they LEFT FUCKING AUTORUN ON. Yeah, heckuva job security analysts.

Re:easily defeated, only if you disable the vector (2, Insightful)

icebike (68054) | about 4 years ago | (#33479012)

You made that up.

That fact is not in evidence. It's not in the stories linked to this article. It's merely speculation by people here so they can thump their chests and sound like they know something.

Re:easily defeated, only if you disable the vector (1)

AhabTheArab (798575) | about 4 years ago | (#33479128)

Military computers, especially in theater, get a custom install of windows, that is well known, because it is a special build, well studied and vetted.

Ha! Good one! Unless, of course, by "special build" you really mean "a burned ISO downloaded from the Pirate Bay - then you're spot on. And don't give me a [citation needed] either because [i was the guy doing those installs and know that damn near every other unit did it the same way]

Re:easily defeated, only if you disable the vector (1, Informative)

Anonymous Coward | about 4 years ago | (#33479276)

Military computers, especially in theater, get a custom install of windows, that is well known, because it is a special build, well studied and vetted.

You seem to be asking that something else, linux, apple, bsd, be allowed in without that same level of scrutiny.

But because you managed to bash both the military and microsoft in a single sentence you will probably be modded up anyway.

Most of the time it's a standard version of Windows that's been locked down according to the STIG (Secure Technical Implementation Guide). There are STIGs for UNIX, web servers, network devices, etc. There is no magic "custom install of windows...special build" blah blah blah ... because if there were, we would be using it at our office.

Re:easily defeated, only if you disable the vector (1)

robsku (1381635) | about 4 years ago | (#33479970)

You seem to be asking that something else, linux, apple, bsd, be allowed in without that same level of scrutiny.

I know that's exactly what I would be asking. No, not really, actually I would demand *more* scrutiny if Windows is used (and my demand for not using it for anything that important would not work). That can of course be translated (by small evil minds) to mean that I would allow some other system "without same level of scrutiny (than windows)".
I would never support windows (nor OS X but actually I just know too little about it and would only go for system that I know I can trust) in that or any other "serious business" environment (ie. hospitals should not use windows either, especially in any systems which working can be essential for someone to stay alive).

Anyway it's quite clear that you can't study Windows (any version) as thoroughly as you can study Linux or BSD systems and if they can ever upgrade the system (new system, more studying) then they truly can change it to another one too - and don't say it's much more work than just keeping the old OS, that I could perhaps understand as an argument if we were talking about some small business and not about part of your country's system for national security... But hey, it's not my army and I don't really care about army anyway but I would still have them rather use a decent system in finnish army if my opinion were to be asked.

Re:easily defeated, only if you disable the vector (0)

Anonymous Coward | about 4 years ago | (#33480292)


Military computers, especially in theater, get a custom install of windows, that is well known, because it is a special build, well studied and vetted.

True. However, the problem seems to be that the "vetting" still doesn't give you a reasonably locked-down computer (else 'autorun' would have been disabled by default, as any idiot knows that *automatically* *running* *code* is a major security violation) -- worse, the special version is so crippled that anyone who needs to get actual work done soon learns several ways to circumvent the restrictions. Users are thus going to violate security as a matter of course.

For example, one of the ways these systems are "locked down" is they forbid any sort of CLI/terminal/console access by default (i.e., to untrusted users). At one time, I knew three ways to get a CLI as an untrusted user, contrary to the system-enforced policy. (This was useful for winning bets with the security folks for a few years. In hindsight, I'm lucky I didn't have the Feynman solution applied to me.)

Part of the problem is that the DoD is in love with the idea of CotS software (and hardware). They really ought to go back to investing in their own code, based on their own standards, and make their own dogfood. Dump the Microsoft OSes, and adopt or adapt a more fundamentally sound operating system, with an emphasis on usability and security. Hire contractors to write the OS under DoD guidance, and mandate[1] that all software built on the government's dime be unencumbered by patents, and that the source be released into the public domain.

BSD supports both Bell LaPadula and Biba security models, I hear... sounds like a great place to start.

[1] By placing clauses in the contract that state that any code delivered to the government is unencumbered by patents, at the contractor's expense, and that by the *act* of turning code over to the government, all copyright claims by the contractor are relinquished. Too many big contractors "accidently" include encumbered or copyrighted code in deliverables, contrary to the terms of their contract... and get away with it, year after year.

Re:easily defeated, only if you disable the vector (1)

icebike (68054) | about 4 years ago | (#33480314)

Wait, you are still on this Auto-run thing?

No where in any of the linked articles does it say that auto run was the source of insertion, or that auto run was on, or that the USB ports were free of epoxy.

That auto run was the source of infection is an INVENTION of this thread. There is simply no evidence of this.

The worm engine used was based on an auto run worm, but if that was all there was to it it would have been caught by virus scanners of that era.

Re:easily defeated, only if you disable the vector (0)

Anonymous Coward | about 4 years ago | (#33480520)

You're not actually in the military, are you? I'm "in theater" now, and it's *common* to see your average user circumvent the basic sign-on procedures of SDC because IT TAKES TOO FUCKING LONG. It shouldn't take 15 minutes to log in every single day (excluding boot time), and have frequent and random BSODs because of the poor implementation of SDC. This is at my entire post, back in Europe at home station, and everywhere I've been TDY in the last two years.

SDC is a joke, it's a security hole, and it's made our network FAR more insecure.

Re:easily defeated, only if you disable the vector (1)

interval1066 (668936) | about 4 years ago | (#33478634)

WAITAMINUTE! You left the US because of the emphasis the culture puts on driving? Wow... I can think of a lot of reasons to leave here, but because you have a thin skin about not being able to drive? Incredible. That's about the stupidest... mumble mumble...

Re:easily defeated, only if you disable the vector (1)

YrWrstNtmr (564987) | about 4 years ago | (#33478734)

How about just getting rid of the main attack vector(Windows) altogether?

Sure. The complexity of moving a million users/desktops/servers + govt overhead is trivial. Is next Tuesday soon enough for you?

Re:easily defeated, only if you disable the vector (1)

History's Coming To (1059484) | about 4 years ago | (#33480686)

That's the point, if autorun is enabled it is trivial, just take a bunch of automated linux installers on USB sticks, mark them "porn" and scatter them liberally around DC and a selection of military bases, it won't take long at all...

i work for an agency under DoD... (4, Informative)

pointbeing (701902) | about 4 years ago | (#33480654)

...and was actually discussing the switch from Windows to Linux with couple friends of mine from the IA shop. I'm in charge of desktop PC support for this 3,300-user agency.

I'd like to preface things by saying that I use Linux exclusively at home and have for several years. No dual boot, no wine and no running Windows in a VM. I could do my whole job from within Linux if Firefox supported reading encrypted mail in Outlook Web Access and if there was something available for Linux that'd allow me to read Visio drawings in their native format.

Software costs are inconsequential so we'll ignore that argument for the time being. The biggest expense in an IT budget isn't software or hardware, it's people - and although things would settle down after a year or two the cost of migration is the showstopper here, not the cost of sustainment.

I've heard different stories about what caused the USB ban but for me the short version is that somewhere in DoD some sysadmin should have been fired. I can't say for sure what happened but at least two Defense Information Systems Agency (DISA) policies were violated - autorun wasn't disabled on the workstations and apparently workstation virus scanners weren't configured properly, so to minimize the threat DoD bans USB storage devices rather than fire the nitwit who wasn't doing his job.

Windows as a vector? Out of 3,300 users we had eight (yes, eight) security incidents in the last twelve months where a PC was infected by a hostile application - the reason I know this is I had to put that damn metric in a Powerpoint slide recently. Eight out of better than three thousand is a pretty good average, but the PCs still run like crap ;-)

They've authorized turning USB storage back on, but only for approved devices that will be encrypted and centrally managed - and USB storage will be enabled by device rather than by user. Unauthorized devices still won't work. We've decided that since folks have been working without thumb drives for two years we're gonna continue to let them work that way - we've got the infrastructure in place to authorize thumb drives by hardware signature but we don't plan to issue any to end users at this point.

DoD information security policies aren't written by Microsoft - Microsoft wouldn't hire anybody that stupid. Case in point - DISA mandates that LAN and WLAN interfaces on a machine can't be active at the same time but outside of creating separate hardware profiles for wired and wireless Windows doesn't support this configuration - and simply disabling network bridging doesn't satisfy the requirement. If you ask DISA how to implement this requirement they can't tell you. I can tell you there's a neat little application called Wireless AutoSwitch [wirelessautoswitch.com] that'll do the job and it's dirt cheap, though.

But I digress.

Re:easily defeated, only if you disable the vector (3, Interesting)

Culture20 (968837) | about 4 years ago | (#33478616)

But in 2007, that wasn't the case. Autorun usually on, and thumb drives not banned.

And what's more, Microsoft's suggested method of disabling autorun didn't work back then. They had to release a patch. And even then, they didn't disable autorun by default.

Re:easily defeated, only if you disable the vector (0)

Anonymous Coward | about 4 years ago | (#33481308)

We identified this problem in 2007 on systems we were fielding that couldn't use antivirus. And we identified that disabling Autoplay would mitigate most of the dirty thumb drive threat. We made it part of our non-SDC configurations long before it was part of SDC.

Thumb drives are only as clean as the dirtiest computer you stick them in.

The Article Doesn't Make a Good Case (2, Interesting)

Anonymous Coward | about 4 years ago | (#33478038)

The only thing the article really provides to dispute the Pentagon's account is that the worm is simple and common.

But then it goes on to mention that while common, its payload is configurable. And the soldier quoted at the end of the article point blank says that it was the outsized effect (14 months of cleanup and lost data) compared to the simplicity of the vector that freaked them out so badly.

Shit, all the military really needs is some logs showing where the thing was sending data and it gets a pretty solid idea of what's going on. And they hinted that there was something to the circumstances where the worm initially entered the system...

Really, what's the story here? Pentagon says it conducted 'forensics' on the worm and decided on foreign origin, security analysts say, "But it's such a simple worm, it can't be that!" The analysts are talking out of their asses, and the Pentagon's explanations make a great deal of sense. Maybe the Pentagon is lying, maybe not, but nothing the doubters say in the article means anything.

Re:The Article Doesn't Make a Good Case (1, Interesting)

Anonymous Coward | about 4 years ago | (#33478502)

Really, what's the story here? Pentagon says it conducted 'forensics' on the worm and decided on foreign origin, security analysts say, "But it's such a simple worm, it can't be that!" The analysts are talking out of their asses, and the Pentagon's explanations make a great deal of sense. Maybe the Pentagon is lying, maybe not, but nothing the doubters say in the article means anything.

The implication was that it was a sophisticated attack. The attack vector was autorun. Consider this, my first computer was a Win95 box bought second hand when someone upgraded to 98. I used to buy computer magazines and use the included disks, which would use autorun to change my browser home page, so I learned to disable autorun.

So if I as a computer newb with no training can work out how to disable this attack vector 10 years before it was used to attack pentagon systems, then the pentagon can not have placed system security as any type of a priority at all. They haven't even thought about it. IMO there should be a lot of people fired over this and permanently banned from any government IT security work. There were people being paid to secure those systems and they were sleeping on the job. Such sloppy work done by combat personnel, if it didn't result in their deaths, would probably warrant a dishonourable discharge or prison time for being AWOL.

Re:The Article Doesn't Make a Good Case (1)

guruevi (827432) | about 4 years ago | (#33479396)

No the external security analysts (Sophos, the seller of antivirus software) says: with a good antivirus *cough*buy Sophos AV*/cough* and centrally managed policies *cough*buy Sophos Enterprise*/cough* you can't have this simple attack entering your Windows workstations. They are probably right.

The DoD says, somebody put a USB stick in his computer and this was the result. They are probably also right.

What you can conclude out of those passages is that the DoD probably doesn't have Sophos Antivirus ;-) What a good sysadmin would conclude is that the DoD uses Windows for sensitive stuff, probably doesn't have an antivirus on their Windows machines and probably doesn't bother binding their systems to a central directory or if it is, it is only for central usernames and passwords, not for managing and locking down the computers. Some junior sysadmin probably tried once and then got yelled at because the grunts/management couldn't 'download the Internet' without 'entering my login' and this was very inconvenient and 'making them lose days worth of work' trying to figure out 'to install this program that plays this video - why am I not an administrator on my computer? It's MY computer, it says so right on the icon'

Given that the attack worked the way it did makes me think (as I have seen a lot in the last decade that I worked in the field) that all the military really needs is some logs showing where the thing was sending data and it gets a pretty solid idea of what's going on didn't work because they didn't have any logs to begin with. They might have incoming logs (maybe) on the blocked ports of the firewalls (as is the standard in many a firewall) but legitimate incoming, all outgoing and all established traffic probably isn't logged.

Re:The Article Doesn't Make a Good Case (2, Interesting)

quanticle (843097) | about 4 years ago | (#33479650)

Your explanation gives the Pentagon a lot of benefit. In my view, its equally likely that these government officials are exaggerating the impact and sophistication of the attack to keep from looking like fools when the inevitable congressional hearing on this subject arises. You'll get a lot more sympathy from the senator on the other side of the hearing room if you say you were hacked by a foreign intelligence agency as opposed to some 16 year old Chinese kid. Given how hard it is to trace the origin of these attacks, its quite easy to twist the limited evidence available to support one hypothesis or the other.

My take on this? Some DoD employee brought a thumbdrive from home and infected his work PC. When others used their thumbdrives to copy information from this person's PC, they also got infected. Thanks to autorun and the relatively low profile this attack kept (e.g. it didn't do much to slow down infected computers) it took a long time for the IT department to find out about the infection. At that point the worm had become endemic to the network and many man-hours were spent rooting it out, hence the claim of "large expenses".

Even if you don't find my explanation entirely reasonable, you have to admit that the existing evidence doesn't exactly prove that the Pentagon was attacked by sophisticated and nefarious spies. Could they have been? Sure. But its equally likely that they were attacked by a garden variety piece of malware for which they were unprepared.

Re:The Article Doesn't Make a Good Case (2, Insightful)

Anonymous Coward | about 4 years ago | (#33480014)

They're not exaggerating either the sophistication or the impact; that's just the thing. They fully admit it was a bullshit vector they should have been prepared for, and they fully admit it took them over a year to manage a response. Read the quotes in the article, they sound downright embarrassed. Shamefaced, in fact. The general saying it took months just to get a count of computers? They're not trying to avoid looking like fools, they're shouting, "What fools we were!"

I find your explanation entirely reasonable. In fact, it's precisely what I believe happened. But the fact that it was a simple autorun exploit which administrative incompetence let spread hither and yon doesn't mean the payload wasn't trying to funnel data to someone. Most malware does nowadays, after all. It's pretty clear the Pentagon thinks--or at least wants us to believe--that whatever this virus sent home went to a foreign power. If they wanted to save face, they'd never admit that.

I'm not giving the Pentagon credit, per se. (I do give them credit for admitting such a colossal fuckup, though.) I'm saying that their story is entirely believable and that the detraction of the security experts boils down to, "But foreign spies would never stoop to that!"

Was the threat real? (3, Interesting)

falconwolf (725481) | about 4 years ago | (#33478076)

As the Security Week article suggests this sounds like the lying the military told about the Gulf of Tonkin Incident [fair.org] .

Falcon

Re:Was the threat real? (1)

Anonymous Coward | about 4 years ago | (#33478148)

or the MiG-25 [wikipedia.org] . Oversell the threat so you get a nice big budget for your toys/projects.

Re:Was the threat real? (4, Insightful)

sampas (256178) | about 4 years ago | (#33478186)

Thisis another yellowcake [wikipedia.org] tale -- ginned up to scare Congress into giving DoD the Internet "kill switch" in case of "national emergency" -- like Wikileaks. Most of this is in response to the less-than-credible story in Foreign Affairs: http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain [foreignaffairs.com] . Now our own government wishes they could do what China and Iran can -- shut down the Internet at will when there's something on there that they don't like. Does the military even read the Constitution they swear to uphold?

Re:Was the threat real? (3, Insightful)

hedwards (940851) | about 4 years ago | (#33478318)

Unfortunately, rather than fixing the problem, I fear that's the "fix" we're going to get. There are legitimate reasons to consider a "kill switch." As in the ability to take the nation off the internet at a moment's notice, however none of them are as easy or practical as simply restricting the kill switch to separating the military and emergency infrastructure from the net. Although the stupid thing there is that they probably shouldn't be directly on the internet in the first place.

The problem ultimately is that a kill switch would have to touch a huge amount of infrastructure, including satellite links in order to work, and I have very little confidence that even with highly qualified engineers working on it that there isn't going to be a bug, glitch or vulnerability that ends up working its way into the system.

Re:Was the threat real? (0, Flamebait)

falconwolf (725481) | about 4 years ago | (#33478572)

There are legitimate reasons to consider a "kill switch." As in the ability to take the nation off the internet at a moment's notice,

There are no legitimate reasons to disconnect the nation from the internet. It's all about censorship or fear of the unknown.

Falcon

Re:Was the threat real? (1)

Thiez (1281866) | about 4 years ago | (#33480856)

I can't help but think '... PUNCH!' at the end of your posts, and imagine you striking down those who disagree with you.

I can't help but think (1)

falconwolf (725481) | about 4 years ago | (#33481776)

'... PUNCH!' at the end of your posts, and imagine you striking down those who disagree with you.

Nope, I'm non-violent like Henry David Thoreau [wikipedia.org] , who wrote Civil Disobedience [wikipedia.org] , and Mohandas Karamchand Gandhi [wikipedia.org] . Where I differ is that if it came to it, such as with the NAZIs, I would not hesitate to bare and use firearms.

There are four boxes of liberty: soapbox, ballot box, jury box, and ammo box. Use in that order.

Falcon

Re:Was the threat real? (0)

Anonymous Coward | about 4 years ago | (#33479382)

Let's think this through for a second here:

1. Media Coverage Opiates The People
2. Media Coverage Requires Internet and Satelite Networks
3. The US Government Rules The People
4. The US Government Requires the Internet and Satelite Networks to Accomplish 3.
5. The US Military Protects The People.
6. The US Military Requires the Internet and Satelite Networks to Accomplish 5.
7. Let's Build a Killswitch Capable of Shutting Down All The Above, For All The Important Governments and Militaries In The World.
8. Now Let's Put The People Who Have Their Entire Networks Devastated and Rendered Useless By A Low Threat Worm In Charge of Protecting Said Killswitch.

How do people not see the problem with this idea? This is like asking a pedo-rapist to babysit your children, the act is more than inevitable - it's hard to not think it were the intention. An Internet Killswitch is a potentially more powerful weapon than a Nuclear Bomb, and if it existed they would put it in the hands of people with less computer security smarts than my 8 year old sister: she's had a computer since birth and she's smart enough to not open suspicious downloads and disable autorun.

Re:Was the threat real? (0)

Anonymous Coward | about 4 years ago | (#33480212)

The military can already disconnect from the "Internet"...they aren't on it anyway.

http://en.wikipedia.org/wiki/NIPRNet

Keep in mind that DARPA (or ARPA) really created this whole series of tubes to begin with. The D stands for Defense...which means DoD.

As far as the Constitution is concerned, it unfortunately doesn't cover Internet access. You have the right to access information, but there is not specific right for that information to be in a digital format.

And without considering the obvious: decentralize (1)

evought (709897) | about 4 years ago | (#33479674)

It is interesting how any government solution to their own screw-up always involves giving them more power. The obvious solution to an "asymmetrical" cyber-security threat to our national infrastructure, from their point-of-view, is more centralization of authority and a big "cybersecurity command" that gets more budget dollars.

%0

Just another vector for funding... (5, Insightful)

notjustchalk (1743368) | about 4 years ago | (#33478106)

Since when was efficacy or even logic a metric for whether or not a new department/task-group/domain/[insert group du jour] is deemed "necessary" for any govenrmental body? This is just another not-so-subtle attempt at widening the jurisdiction of the military. After all, if the boogyman is unmasked, why, another must be conjured lest we all wake up to the cold truth that these people are simply pissing large reams of money down the tubes.

In the end, all of this will be justified after the fact despite any protestations. War on terror, anyone?

ps. Although if you think about it, it's somewhat ironic that antivirus firms (Sophos, Symantec, etc), which have been frequent fear mongerers themselves, are calling the military on fear mongering.

Say It Ain't So (4, Insightful)

SilverHatHacker (1381259) | about 4 years ago | (#33478132)

Wait, are you saying a government agency might have lied, appealing to the general public's lack of knowledge in the area of computers and using a buzzword-filled report to justify an application of force? I find that hard to believe.

Re:Say It Ain't So (1)

martin-boundary (547041) | about 4 years ago | (#33480024)

How can you say such a thing? Government agencies never lie. Don't you realize that viruses are weapons of mass annoyance? The only way to be sure is to kill the Internet. With a switch. Located in a room deep underground in the basement of the Pentagon. You know the room I'm talking about, it's got a candybar dispenser in it and a pinball machine. The hackers will never think of searching for it there.

What we'd heard... (4, Informative)

NecroPuppy (222648) | about 4 years ago | (#33478158)

Where I am, is a lot less on the "secret agent" / James Bond side of things, and a lot more on social engineering.

Two vectors were talked about.

Vector 1: Middle East. Some guys decided they wanted to be insurgents, but didn't have explosives experience and really didn't want to be shot at. So instead, they loaded up viruses on a bunch of hardware (external drives, thumb drives, etc) and sold it to soldiers. Said soldiers then turned around and used these drives on not only their personal computers, but also on Unclass and Classified systems, where it quickly spread because of bad IS/IA policies.

Vector 2: Pentagon area. Similar situation, but instead of selling pre-infected items, some foreign power just left a lot of pre-infected thumb drives around various coffee shops, etc. While some were turned in to lost and found, others were picked up by people who said, "Hey! Free thumb drive!" and proceeded to use them at work and at home. And when work was in a government office that, again had poor IS/IA policies, suddenly you've got computers opening holes in firewalls and transmitting data out.

Hence the big change in policy, to ban thumb drives, turn off auto-run, etc.

Re:What we'd heard... (0)

Anonymous Coward | about 4 years ago | (#33478232)

some foreign power just left a lot of pre-infected thumb drives around various coffee shops, etc.

Oh my god! They're in our lattes!

To be honest, the fact that it was such a dumb worm suggests the infection wasn't intentional at all.

The next doomsday weapon (3, Insightful)

gilesjuk (604902) | about 4 years ago | (#33478166)

Now that many nations have nuclear weapons, it's obvious that development of the internet or IT doomsday device will be next.

I think the US military are hinting along these lines.

Another patch in the submarine's screen doors (2, Interesting)

Lanteran (1883836) | about 4 years ago | (#33478216)

seeing as they're, you know, the pentagon, I highly doubt there are any real 'killer apps' they must have that they don't have the source code to. That said: why use windows? Its not designed to be a secure operating system in the same way that... say.. openBSD is, and while they may have the windows source code (I believe that large and gov't organizations are allowed to see it) they're not allowed to modify it. I'm just saying that in an environment like that, a very secure operating system, closed source or open is the way to go. You can't have it to where any old person can plug in a flash drive and compromise your system. Disabling autorun helps, it helps quite a lot, but it doesn't solve the underlying problem. If they refuse to change, methinks cyber warfare against the US just got a few orders of magnitude easier.

Re:Another patch in the submarine's screen doors (1, Interesting)

Arker (91948) | about 4 years ago | (#33478440)

And even if they do have the source code, do you really think an organisation that couldnt figure out they needed to turn off 'auto-run' in their install images has done a thorough audit of all those millions of lines of spaghetti?

Re:Another patch in the submarine's screen doors (1)

Lanteran (1883836) | about 4 years ago | (#33478984)

heh, true enough. They want better security? Stop putting kids off of hacking, look at what china's doing...

Go figure (2, Insightful)

ralphdaugherty (225648) | about 4 years ago | (#33478230)

      I would be surprised if the secret forensics information is anything more than the malware has Russian roots.

      Just because malware is written by Russia crackers doesn't make it a Russian government attack.

  rd

And the networks are still insecure... (0)

Anonymous Coward | about 4 years ago | (#33478256)

I work for a TLA that shall remain nameless. Our contract IT support people, who are supposed to know what they are doing, still haven't figured out how to use group policy editor (in an active directory environment) to disable USB storage devices or how to disable autorun.

Two words: Bradley Manning (4, Interesting)

louarnkoz (805588) | about 4 years ago | (#33478330)

The Army just suffered one of the largest leaks in military history, thanks to Pfc Bradley Manning and Wikileaks. You would think that the priority would be to investigate the incident, check how recruits working on army intelligence are selected, trained and supervised, and perhaps review procedures so a lowly private does not have access to 100,000 secret documents that are only remotely linked to his mission.

Instead, we get this implausible thumb drive scenario. And guess what, instead dof applying $0.02 of common sense, we will see a proposal to spend $2B on intelligence system upgrades and military contracts. Of course, senator, we have earmarked 20% of that for your state...

-- Loaurnkoz

Re:Two words: Bradley Manning (2, Funny)

Lifyre (960576) | about 4 years ago | (#33479902)

To be fair this incident happened two years ago. Which means they should be getting around to resolving the Bradley Manning issue and review some time in 2012...

Re:Two words: Bradley Manning (1)

MK_CSGuy (953563) | about 4 years ago | (#33480824)

You would think that the priority would be to investigate the incident, check how recruits working on army intelligence are selected, trained and supervised... Instead, we get this implausible thumb drive scenario.

Who said they are not doing that as well?
I don't see how one thing contradicts the other.

None of us know if that was him (1)

Burz (138833) | about 4 years ago | (#33480984)

...chatting with Lamo. No one has been able to speak to Manning and that chat log seems to be the only thing pointing to him.

It's not a pretty picture (0, Informative)

Anonymous Coward | about 4 years ago | (#33478742)

Firstly, I have direct exposure and knowledge of the state of IA affairs in the DoD/IC world. Very direct. At an extremely senior level. This is a world of dysfunction that you cannot, I promise you, imagine. A world where the Gov hires contractors for insurance (so that they have someone to blame) and is unable to even so much as make a decision without pushing it all the way to the top of the agency/directorate/branch. A world where every vendor that peddles any product with "Cyber" or "Cloud" in the name can rest assured that they'll sell an enterprise license. A world where best practices are forever short-circuited in the name of 'emergent mission need'. There is an almost underworld movement amongst those technologists that understand this whereby Open Source solutions are being sneaked in the back door in the name of "research lab product". The USB problem is already solved (see HBSS Device Control) and the real issue was already solvable (via both a registry hack to disable USB storage devices and the auto-play disabling) but the retards at the top couldn't make a decision to move forward with it because, "What if it disables a keyboard, mouse or CAC reader". Idiots. The Government breeds them internally. No one worth their salt wants to be a Govvie. The pay sucks, the politics is unbearable and the future is bleak. Because of this it attracts dimwits who hire others like them, only dumber so that they don't threaten their 'stature'. The net result is Agencies full of semi-retarded morons who never leave, never get fired and keep getting promoted because the system's wired that way. We're doomed, I assure you.

The Problem behind: (3, Insightful)

drolli (522659) | about 4 years ago | (#33478868)

Virus writers update their viruses 100 times faster than the military its rules. I would not wonder if the rules effective at that moment were 10 years old (or just minor revisions - like fixing security holes already being exploited). I work in a very large company, and each time i try to report a security problem i observe, i am being told the IT department is responsible and its not my job - and nothing changes. I assume in the military its the same problem but worse; maybe you even go in jail because you figured sth out.

Obligatory (0)

Anonymous Coward | about 4 years ago | (#33478912)

In Soviet Russia, KGB thumb worm auto-run you!

A Sysadmin's Lamentation... (5, Informative)

MacroMegaMan (819087) | about 4 years ago | (#33479036)

I was there in 2008 during the midst of this. At that time, there were significant problems with security on the network terminals that we all used to access the internet. In most places, we were limited to two or three ways to access the internet (not NIPERNET.) Either computer labs operated by Spawar (government contractors) ,computers operated by Cyberzone (A commercial entity) or, if your FOB was large enough, in-room/tent access provided by the MWR (Morale Welfare and Recreation.)

Now all the computers that were in use there used satellite up-links to access the internet. Too many users would max the link, and access to the web would slow to a crawl, or worse. Think 5 - 10 minutes to load a web page. Now after a long day (or two, or three, or more!) out on mission, people would roll back in the gate, tromp off to the internet and eat, often in just that order and go to bed. Most of the time people were sending and receiving email and pictures from friends and family, baby pictures, movie clips and the like. Most of the time, these would be put on flash drives so people could see them later in their tents and so on.

The computers that were operated by the Cyberzone and Spawar rarely if ever had their anti-virus up to date. Worse, the anti-virus updates would take so long to download (hours!) that people would give up on doing them. The MWR and Post Exchange were often great about getting laptops out to troops in remote locations. However there was often no way to get software updates to these PC's. The situation was ripe for trouble.

Many people did both their office work and home use on the same computers, as the situation demanded.

While I was there in 2008, we began seeing signs of the SillyFDC worm and agent.btz in increasing numbers. We were able to track it back to the Spawar and Cyberzone computers, but we had no way to convince the people there to update their anti-virus. The PC's that were on NIPERNET at the time had restrictions on the use of flash drives, but those were not fully enforced. No-one is sure who “Crossed the Streams” but both worms started showing up in more and more NIPERNET computers. The largest problem in stopping it was that we were not in charge of policy of our own computers. We knew that the worms spread through the use of autorun, but we could not get people to bring in their flash drives to have them scanned. Worse, we could not disable autorun on the NIPERNET PC's. We had no access to the local policy on the machines (or anti-virus updates!) We were able to finally contain things by disabling autorun on personal computers, sacrificing one of our personal laptops to doing nothing but scanning possible infected drives, and quarantining known infected PC's from use.

We were never able to get updates for the anti-virus for the NIPERNET PC's, but we eventually discovered and distributed ClamWin for personal computers, though.

We received word about the no-flash-drives rule about 3 months later. That generally made things more difficult, as there were quite a few places that had no network access; a flash drive was the only way to move documents about. More people ended up doing work on their personal computers and ignoring the government ones after that.

Things that would help defend against this in the future:

Spawar, Cyberzone, and MWR should be required to keep on their networks a basic SAN that has updated anti-virus, security patches and run a script to update that when network traffic is low. That way, individuals can get their updates from local storage rather than trying to pull hundreds of megabytes over a slow network link.

If you have a computer while downrange, you should be required to make sure that it's security is up to date, and download patches (from the SAN) at least monthly. Anti-virus should be done as frequently as possible.

NIPERNET needs to have some method of having local administrators modify their systems. Many times, the local S-6 (Communication and Networking Support) shops weren't even allowed to administer their own local domains. Local administration, as in the adding of updates, modifying of policy and adding/deleting users was done by contractors, who often were vacant for months at a time. This is after the Army spent good money training the local Soldiers to be A+ , Microsoft and even Cisco certified. These were people who had years worth of training before being let loose, the Army should let the local admins run the local networks, with the option of the higher-ups stepping in if there is likely to be trouble the locals don't know about.

Re:A Sysadmin's Lamentation... (1)

Simulant (528590) | about 4 years ago | (#33479094)

WTF is NIPER? http://en.wikipedia.org/wiki/NIPRNet/ [wikipedia.org]

Re:A Sysadmin's Lamentation... (2, Insightful)

codepunk (167897) | about 4 years ago | (#33479618)

I have been out of the military for quite some time but I don't see how your suggestions would help the matter anyhow. Sure there are some talented enlisted people that would more than be capable of handling the situation but the military command structure is no designed for that. Anyone worth a squat is not going to be doing anything more meaningful than cleaning a tank with a toothbrush. DOD contractors are no better they work for the govt because no one else want's them.

Re:A Sysadmin's Lamentation... (3, Informative)

Lifyre (960576) | about 4 years ago | (#33479922)

Actually the solution to this is training your enlisted troops how to handle this. I was in Iraq when this went down, as a network admin for a grunt unit. The problem went away when we burned 10 CD's with AV that cleaned it (the most recent definitions from Symantec did NOT do this until almost 4 months later, making government computers completely open) and training 2 Marines per company on how to help their users. Within a week we had controlled the issue.

Re:A Sysadmin's Lamentation... (0)

Anonymous Coward | about 4 years ago | (#33480252)

Military personnel, especially enlisted, are not generally hired for years of experience. Potential means capable of learning, not security expert. DoD contractors are the military officers and enlisted cleared for access.

Re:A Sysadmin's Lamentation... (1)

basotl (808388) | about 4 years ago | (#33479710)

Mod parent up.

I was there in 2005/2006. So far you have given the best informed description of the situation that lead to the bad practices.

I still lament over the loss of being able to use a thumb drive. The things were darn useful when used IAW Thumb Drive policy and IMHO could still be used if policies were enforced. Now I often use my personal laptop as opposed a NIPPER and keep large documents such as FM's and TM's there.

you see the same stuff with outsourced IT out side (0)

Anonymous Coward | about 4 years ago | (#33479744)

you see the same stuff with outsourced IT out side of a army setting.

Some times with little to no on site IT guy and outsourced ones are not tied ed to your site and some times there is lot of paper work and other BS to get stuff down as well.

In other news.... (0, Offtopic)

Simulant (528590) | about 4 years ago | (#33479072)

...Iraq didn't really have WMD.

Bait (1)

Joebert (946227) | about 4 years ago | (#33479206)

I think all of these stories of military oopsies sound a lot like the story of the woman who "accidentally" dropped her bag and waits for some guy to pick it up. Except, in this case the guy gets tagged like an animal and watched like a hawk for the next 30 years.

Military + Microsoft = Intelligence? (1)

dogzdik (1700552) | about 4 years ago | (#33481802)

As Goatse said when the watermelon fell out along with his intestines, "There's your problem!"

.

If almost anything and everything Microsoft wasn't such a fragmented fuck up of a shitbag operating system, with 500 security settings in 900 locations, and with no interaction between any of them....

.

Jeezers FUCK I hate Microsoft.

.

I unless you learn the ways of the Jedi, and get power toys, have you ever tied to disable Autorun - so your fucking DVD drive doesn't just sit there spinning it's fucking guts out for hours and hours every day, for no particular reason than you chose to leave a fucking DVD in it.....

.

Fucking dickheads at microsoft.......

.

Fucking MICOSOFT security settings......

.

Farrrrkkkk I hate MICROSOFT.

.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>