×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DoD Lost 24k Files In Attack On Contractor

timothy posted more than 2 years ago | from the for-your-own-safety dept.

Government 49

Trailrunner7 writes with this news from ThreatPost: "A targeted attack on a defense contractor in March of this year resulted in the theft of 24,000 files by an unknown attacker, according to Defense Department officials. The attack, which officials say was the work of a foreign government, would represent one of the more serious known attacks on the department and its contractors. In a speech Thursday in which he unveiled the Department of Defense Strategy for Operating in Cyberspace, William J. Lynn, deputy defense secretary, said that the attack was just one of thousands such intrusions that the government and its contractors suffer every year."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

49 comments

Oh well as long as it happens thousands of times.. (0)

Anonymous Coward | more than 2 years ago | (#36769436)

Makes me feel so much better.

24K Files (1)

Synerg1y (2169962) | more than 2 years ago | (#36769440)

Coming to a torrent near you.

Re:24K Files (1)

Luckyo (1726890) | more than 2 years ago | (#36771440)

Not damn likely. These thefts are usually paid-for jobs, done for a client. And clients for such operations are usually ones who want the information for themselves.

Re:24K Files (1)

oztiks (921504) | more than 2 years ago | (#36772408)

That or China. My money is on China.

Re:24K Files (1)

Luckyo (1726890) | more than 2 years ago | (#36780202)

IF you think China is the only one with interest or capability, you're living in a bubble. A list of countries interested in US defense contractor inside information starts in the Western Europe and Latin America, and ends in Japan. Of these, most have the capability to either pay private criminal organisations to do the job, and several have capability and agencies to do the job themselves (i.e. GB, France, Germany, Russia, Australia, Japan, China, India...).

Just because some countries are painted as more friendly then others by mass media, you shouldn't make a mistake thinking that they don't want to compete when it comes to arms sales.

Re:24K Files (1)

oztiks (921504) | more than 2 years ago | (#36806746)

Point taken, maybe not China's style. IF anything China's main focus is on commercial gain via legitimate markets, illegitimately.

would be interesting (1)

datorum (1280144) | more than 2 years ago | (#36769450)

if suffer also implies that the attacker were successful or was it the only one that was successful?

porn (0)

Anonymous Coward | more than 2 years ago | (#36769464)

the theft of 24,000 files of porn

DON'T GET MAD - GET EVEN !! NUKE 'EM !! (0)

Anonymous Coward | more than 2 years ago | (#36769516)

Nuuuuuke 'em NOW !! If it's RED, it's better for us it's DEAD !!

That's a lot of files (2)

liquidweaver (1988660) | more than 2 years ago | (#36769536)

I don't know how that did it. My cabinet has probably 150 files at best, and it weighs about 70 lbs. They must have used a really big truck and been awfully quick about it. Sounds like a team that specialized in file organization in the past - a rogue librarian thief ring!

Whoa! That's a lot of filez! (1)

Anonymous Coward | more than 2 years ago | (#36769540)

Oh, wait. My laptop has 148k files. You mean to tell me that the DOD hasn't lost a single laptop before? And none have been hoovered??? Damn, they've got better security than we give them credit for!

Re:Whoa! That's a lot of filez! (1)

dokc (1562391) | more than 2 years ago | (#36772528)

If you have 148k files on your laptop, that means that you have a fresh Windows installation.

They don't "suffer" from attacks. (4, Insightful)

gavron (1300111) | more than 2 years ago | (#36769570)

> the attack was just one of thousands such intrusions that the government and its contractors suffer every year

No, the government and its contractors suffer from incompetence, a lack of encryption, authentication, and data handling procedures. They suffer from violations of their own process. "Here, take this database, decrypt it and email it to our vendor." They suffer from upper management promoted on rank and time served, not competence.

The intrusions aren't what they suffer... they are a direct consequence of the incompetence our government shows daily.

How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

E

Re:They don't "suffer" from attacks. (1)

the eric conspiracy (20178) | more than 2 years ago | (#36769642)

How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

What you really want is for the Federal Reserve to buy 0% interest 30 year bonds that you issue.

Re:They don't "suffer" from attacks. (1)

Fuzzums (250400) | more than 2 years ago | (#36769698)

> the attack was just one of thousands such intrusions that the government and its contractors suffer every year

No, the government and its contractors suffer from incompetence, a lack of encryption, authentication, and data handling procedures. They suffer from violations of their own process. "Here, take this database, decrypt it and email it to our vendor." They suffer from upper management promoted on rank and time served, not competence.

The intrusions aren't what they suffer... they are a direct consequence of the incompetence our government shows daily.

A kind of competence many governments show these days :(

How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

E

You want MORE debt? Sounds like a subprime mortgage for governments :s

Re:They don't "suffer" from attacks. (1)

kermidge (2221646) | more than 2 years ago | (#36770578)

Yeah, and in the meanwhile Lulzsec, et alia, get the (FUD, hype) press whilst our solons enact yet more Draconian edicts. Sheesh. The real sufferers will be we citizens stuck with all the various consequences.

Re:They don't "suffer" from attacks. (1)

freudigst (1778168) | more than 2 years ago | (#36773566)

You just figured that out? Uh, would you like to go to war for me, er, I mean the U.S.?

Re:They don't "suffer" from attacks. (0)

Anonymous Coward | more than 2 years ago | (#36771476)

As someone who has worked at both a government facility that has "suffered" attacks and in industry, I have to say that I've seen much more incompetence in industry management and practices than at the government facilities. Both have limited resources to both be secure and accomplish their mission, and sometimes security isn't up to snuff.

Re:They don't "suffer" from attacks. (0)

Anonymous Coward | more than 2 years ago | (#36772424)

Hey asshole, how about "RSA got hacked, and with spoofed tokens they had a shit lot of access to the unclassnet".

Re:They don't "suffer" from attacks. (1)

Wildclaw (15718) | more than 2 years ago | (#36773068)

How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

You mean the savings ceiling? Because in the real world, one mans debt is another mans savings.

As for your request to raise your personal debt ceiling. Unfortunately you are not eligible as your lack of ability to issue US dollars at will makes you unsuitable for the task of backing others savings.

And please stop comparing the currency issuer to a private household when it comes down to economics, because it is like comparing apples and oranges. Some things work the same, and some things work completely differently.

Re:They don't "suffer" from attacks. (1)

wolfemi1 (765089) | more than 2 years ago | (#36776766)

Wow, so an attack on a private contractor working for the government is a result of government incompetence? I suppose if all you have is the hammer of government blame in your toolbox....

Re:They don't "suffer" from attacks. (1)

gavron (1300111) | more than 2 years ago | (#36780008)

> Wow, so an attack on a private contractor working for the government is a result of government incompetence? I suppose if all you have is the hammer of government blame in your toolbox....

We're talking about whether it's "suffering" on the part of the government and its contractors from the attacks... or being incompetent.

I suppose if all you have is inability to understand simple sentences in your toolbox....[sic] http://en.wikipedia.org/wiki/Ellipsis [wikipedia.org]

E

On that last comment (1)

sean.peters (568334) | more than 2 years ago | (#36777472)

How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

This is just an illustration of how stupid the "debt ceiling" concept is. You agreed to a mortgage with a payment schedule, and now a payment has come due. You didn't set a "debt ceiling" that requires you to get special permission from yourself to actually pay the bill, because... that would be stupid. You explicitly agreed you were going to pay the bill when you made the mortgage.

Mostly, arguments of the form "the government budget should operate more like a family budget" are dumb, because the government isn't like a family. But in the case of the debt ceiling, it's true.

Too big to keep under control (0)

Anonymous Coward | more than 2 years ago | (#36769582)

Good job defending there.

Certainly not a pre-planned excuse to push for the 'permission' to monitor all internet traffic and have ISPs publish association data. I mean, you have to think more than a couple steps ahead and back to suspect social active measures, so obviously that isn't the case. Must be the terrorists. /adjusts tin-foil hat

Dear LulzSec & Anonymous (3, Insightful)

TubeSteak (669689) | more than 2 years ago | (#36769854)

Dear LulzSec & Anonymous

Please continue making headlines with your infodumps from .gov, .mil, and contractor websites.
It's not like you're doing much damage, considering the terabytes being siphoned off by foreign governments.
Maybe if there's a bright enough spotlight shone onto the problem, the government will finally get around to fixing it.

Thank You,
Joe Q. Public

Re:Dear LulzSec & Anonymous (2)

todrules (882424) | more than 2 years ago | (#36770138)

They might not fix it, but at least their brother/cousin/nephew or biggest campaign contributor will at least get a fat multi-billion dollar contract to "try" and fix it.

Re:Dear LulzSec & Anonymous (1)

slick7 (1703596) | more than 2 years ago | (#36774174)

Dear LulzSec & Anonymous

Please continue making headlines with your infodumps from .gov, .mil, and contractor websites. It's not like you're doing much damage, considering the terabytes being siphoned off by foreign governments. Maybe if there's a bright enough spotlight shone onto the problem, the government will finally get around to fixing it.

Thank You, Joe Q. Public

Naah, we got Manning, Assange and McKinnon; we'll make them pay for the gross stupidity of government contractors, if fact, we'll give the contractor a ten year no-bid renewal.
Remember the government motto: No good deed goes unpunished and no fuck-up goes un-rewarded. You got to fuck-up to move up.

Truly WELL said... apk (0)

Anonymous Coward | more than 2 years ago | (#36817928)

I've felt & said much the same here, albeit not in the same tone: I.E.-> That the 1 GOOD THING these "benign hacker/cracker" types do, along w/ folks like Julian Assange + Bradley Manning, is that they EXPOSE PROBLEMS

* Problems that need a correct & proper fixing... because nothing is "unrecoverable" in society.

APK

P.S.=> Things can ALWAYS be fixed, especially by the TRUE problem solvers in our society (philosophers, scientists, & technicians mostly (yes, a combination of the hard & "soft pseudo sciences")), once they understand a given problem!

We need educated people, TRULY educated people, to be "@ THE HELM/WHEEL in society"... not "glad hander climbers"!

Once you get THAT? Things get better...

How it ever gets to THIS stage though? Boggles my mind, personally...

... apk

Seriously, lost files? (1)

sylvandb (308927) | more than 2 years ago | (#36770602)

Who does these headlines? When something is lost, you do not have it any more.

Did the DoD really lose the files?

Or did they simply let some unauthorized someone(s) get a copy of said files?

Re:Seriously, lost files? (1)

beowulfcluster (603942) | more than 2 years ago | (#36772456)

The article says it was a case of "theft" and that the files were "stolen", so no, they probably don't have them anymore. Right?

Re:Seriously, lost files? (0)

Anonymous Coward | more than 2 years ago | (#36775256)

Music Piracy is termed theft as well, but no-one is being deprived of their copy of the file in the process. So there's certainly precendence for the misuse of the words theft and stolen/steal, particularly when talking about computers. Given the wording of the article one has to assume they were referring to computer files and not 24k pieces of paper locked away in a filing cabinet somewhere. So unless the people that broke into their systems and copied the data shredded the files and also somehow found and shredded their backups, I highly doubt that theft and stolen are accurate terms to be used here.

It all seems to me that they are more likely using these two terms which hold decidedly more villainous connotation in order to try to shift more of the blame off of themselves for not abiding best practices in their security. Sad that we are trusting them to defend us when they seemingly cannot even defend themselves...

I'm trying to figure out... (4, Insightful)

Unkyjar (1148699) | more than 2 years ago | (#36771226)

why are these machines even connected to the net?

Re:I'm trying to figure out... (3, Informative)

c++0xFF (1758032) | more than 2 years ago | (#36772042)

They were connected because the information on them is unclassified. Yeah, they might prefer that the files wouldn't be disclosed to attackers, but in the end, the information isn't super secret. The convenience of the internet (easy collaboration with other engineers around the country, being able to use people that don't have a security clearance, or saving on the cost of a separate computer network) outweighs the risk in this case.

Believe it or not, the most blindingly obvious step in securing classified data (putting it on a separate network that's unconnected to the internet, a concept that I came up with before I was 10 years old and I'm sure I wasn't the youngest) has already been taken. It's a good thing, too ... computer security is hard, and you don't want to take that risk with anything that poses a threat to national security.

Re:I'm trying to figure out... (1)

Unkyjar (1148699) | more than 2 years ago | (#36778072)

That was a calm, clear, concise and well thought out answer to my question. Thank you.

What in the world are you doing on slashdot?

Re:I'm trying to figure out... (1)

Nyder (754090) | more than 2 years ago | (#36773176)

why are these machines even connected to the net?

because the net is where the porn is.

Information security tip for DoD IT departments (0)

Anonymous Coward | more than 2 years ago | (#36771362)

You know, mitigating this risk is really easy..

Step 1: STOP PUTTING IT ON THE INTERNET !!!!!
Step 2: GOTO 'Step 1'

-or-

just go here: http://www.xkcd.com/916/

"lost files"? "theft"? (1)

nothings (597917) | more than 2 years ago | (#36771450)

Serious part

They "lost" 24K files? You mean the attackers deleted and them and they didn't have backups?

Not-really-serious part (but wait, or is it?)

"Theft"? So the attacker has the files and the owners of the files don't have them anymore? Because that's what it means to steal a car or a diamond or cash.

Really, since they didn't do any of these things, shouldn't we say that these attackers "illegally copied" the documents and/or the information?

And are they really "intruders" or "attackers"? Maybe they're just "pirates".

Unknown Attacker = Foreign Government ? (0)

Anonymous Coward | more than 2 years ago | (#36771616)

So they don't know who did it, but they know it's a foreign government... Sounds like some pretty flimsy evidence to me.

Re:Government IT... (0)

Anonymous Coward | more than 2 years ago | (#36771772)

Makes you wonder who's responsible, and regrettably, I'd bet it was China... I try to avoid thinking this way because it resembles a Cold War kind of paranoia, but how could anyone with that paranoia NOT be justified to think this way? They're very passive-aggressive in their American relations, especially nowadays, and we all know they have the know-how to pull something like this off as their track record denotes a certain level of technical proficiency rivaled by only 2 or 3 countries. If not the Chinese, then maybe another superpower? Maybe Russia? If we're talking about rogue groups or single people, well, it could be anyone I suppose...

But whoever did it, it just goes to show how ignorant upper management types have become. Maybe I shouldn't explicitly blame upper management. Instead, maybe I should blame overall under-appreciation of the IT worker and the snot-nosed geeks who keep trying to pull peoples' heads out of their asses who have the abilities to do stuff about problems like these. We all know who goes first when job cuts come down the pipe... Maybe this shit is a wake-up call because the States have fallen behind everyone when it comes to defensive IT, let alone, general IT competitiveness with other countries.

Unfortunately, it's only going to get worse. Those squabbling fucks in office need to get their shit together and stop playing pucker lip with each other over pity shit that does nothing for the common American. Something's got to give...

That's enough (0)

Anonymous Coward | more than 2 years ago | (#36771874)

24k ought to be enough for anyone.

No Problem (1)

aaaaaaargh! (1150173) | more than 2 years ago | (#36772932)

No problem, it's the Defense Department. They can just hire another contractor, some fishy little sub-division of Lockheed or Raytheon who in turn hire other people to do the actual work. Their job is to link any incoming attacks to a geo IP database (easy, just steal some GPL'ed one) and automatically launch ICBMs against the threat.

It would be a waste of money to arm them with nukes, though. Cluster bombs or chemical weapons should suffice. Or, hey, how about this gay bomb? Is it still under development? Does it also work against hackers? Or, the CIA could give a helping hand. They could give away their gigantic porn database (stolen form the FBI) for free to the hackers...that will keep 'em occupied for years!

If they had decent backup (1)

rikkards (98006) | more than 2 years ago | (#36772984)

They wouldn't have lost the files when they were taken.
Badum-bump
I'm here all week, have the steak!

Here's an idea... (0)

Anonymous Coward | more than 2 years ago | (#36775742)

You have a computer with sensitive, classified information?

Then don't put it on the fucking Internet you retarded niggers.

Tour de France on the brain (0)

Anonymous Coward | more than 2 years ago | (#36776382)

I read the title quickly and couldn't figure out why 1) I had never heard of the DoD cycling team, and 2) why they would loose data attacking Contador, let alone time.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...