Crackers Cause Pentagon to Put Computers Offline

Anarchysoft writes "As many as 1500 Pentagon computers were brought offline on Wednesday in response to a cyber attack. Defense Secretary Robert Gates reported of the fallout both that the attack had 'no adverse impact on department operations' and that 'there will be some administrative disruptions and personal inconveniences.' When asked whether his own e-mail had been compromised, Gates responded, 'I don't do e-mail. I'm a very low-tech person.'"

Gates onto something??

[Actually,+I+do+RTFA]

Gates responded, 'I don't do e-mail. I'm a very low-tech person.'"

Actually, this makes Gates sound stupid but as a general rule don't put sensitive information on computers connected to the internet. The best security is not having the damn wires there in the first place. At the top levels of government, where nation-states are trying to install spyware, intercept and decrypt your packets, and otherwise penetrate your defense, maybe having one of a thousand aides sneakernet it is a good solution.

Re:Gates onto something??

[BrokenHalo]

It explains a lot, doesn't it?

For once, I'm with him.

Email is often ignored these days - in fact, its principal virtue seems to be the fact that it is so easy to ignore until such time (if then) as it suits you.

Mr Gates probably gets more done (as do I, in fact) by picking up the phone.

Re:Gates onto something??

[bstempi]

Mr Gates probably gets more done (as do I, in fact) by picking up the phone.

This approach only works when you're at the top of the food-chain. Everywhere I've worked, the corporate culture has always emphasized "covering one's ass" more than actually doing business.

For instance, PHB gives a subordinate an assignment and asks for X, Y, and Z. The subordinate then delivers X, Y, and Z. PHB then finds out that he fsked-up the requirements (because he's a PHB). Instead of taking the blame, his first instinct is to pass the blame to the subordinate. If it were not for email, it would simply become a he-said/she-said loop, with the manager always winning, simply because they are more trusted due to their title.

I, like most human beings, would like to be able to actually talk with the people that I'm in close quarters with. It seems kind of silly that I have to send an email to the guy sitting next to me, but that's the reality. The business place is too cut-throat to ignore using a communications system that produces a paper trail.

Re:Gate's quote

[g-san]

> I really seems that none of the politicians or bureaucrats in the U.S. government have the slightest clue.

Fixed that for ya.

Re:What the flying fuck?

[aichpvee]

This is what happens when you elect idiots who don't believe in government but do believe in political favors.

There's modern reporting for ya

[kungfoolery]

I could think of a million important questions to ask in a situation like this if I were a reporter:

"What specific systems were attacked?"

"Do we have an idea as to who the attackers were? Al Queda? The Chinese?"

"Were any intelligence reports lost? What steps are being taken to ensure the safety of individuals whose data may have been compromised

etc, etc, ad naseum....,

Instead, we get a single insipid question pondering the Secretary of Defense's private email habits and his moderately disturbing technophobic response. Sheesh.

Re:There's modern reporting for ya

[Anonymous+McCartneyf]

The fine article is originally from the AP, which I don't trust if there is anyone else covering the story. It is also simply covering a press briefing from the Pentagon.
Important questions were asked, but the Pentagon simply didn't answer most of them.
What specific systems? All we know is, the DoD Blackberries didn't get hit by this particular attack. We're also told that the Pentagon systems are attacked all the time.
If the Pentagon systems are attacked all the time, then it's likely not an easy task to determine who launched any specific attack. Al Qaeda, the Chinese government, a Chinese cracker working on his own, a mindless virus--who knows?
Whether any intelligence reports were lost or copied is likely classified itself. If the cracker doesn't know whether what he has, or what he destroyed, is valuable, then why should our government tell him?
We're talking about the Department of Defense, remember. They likely don't care about the safety of the individuals whose data was compromised. They had to compromise those individuals themselves to make their intelligence reports!

Re:There's modern reporting for ya

[smurfsurf]

> his moderately disturbing technophobic response

You can argue that a person in his position does not have to deal with email. Communicating face to face or by phone is better suited to the job, allows for better relationship building. Any email (requests, reports, document distribution et al.) will be handled, filtered (and dealt with where possible), and presented to him by his admin anyway. He probably gets the remainder printed out, so be it.

If anything can go wrong....

[Anonymous+McCartneyf]

At least when something goes wrong with a sealed message sent over the sneakernet, you'll know that something has gone wrong.
Encryption isn't common in the current internet. And it is possible for someone to copy data and leave hardly any trace that it was copied.
"Copyright infringement isn't theft." Is copying another state's secrets theft if the original copy of the secrets is still in the original computer?

Re:If anything can go wrong....

"Copyright infringement isn't theft." Is copying another state's secrets theft if the original copy of the secrets is still in the original computer?

No, that's still not theft. That's espionage.

Re:Gates' quote

[jlarocco]

Seriously, though, the guy's 63.

That's the lamest excuse for incompetence. I'd *almost* buy that if we were talking about some retired grandmother or something.

But saying "the guy's 63", like he's completely incapable of learning is just ridiculous. I've worked with people older than that, and none of them had any problem using email. In this day and age, I think just about anybody with a "white collar" type of job can send and receive email.

"I don't do email" was avoiding the question. He gives orders that affect hundreds of billions of dollars worth of high tech military equipment, and controls hundreds of thousands of soldiers, but he's baffled by email? I just don't buy it.

Which isn't to say I don't think he's incompetent. He's just not incompetent in this particular way ;-)

Re:Hackers today are jokers

[kdemetter]

ICBM : Intercontinental ballistic missile .

you may donate that $100 to EFF http://eff.org/ :-)

on a more serious note though : just because they can't use the codes , doesn't mean there is no threat in it .
In matters like this , it's better to be paranoid . If thisq can happen , they are not paranoid enough .

Re: 'I don't do e-mail. I'm a very low-tech person

[janrinok]

And why is the ability to use email now a yardstick for someone being capable to do their job? I flew aircraft, using email was totally irrelevant. Nor is it a critical skill for a shopkeeper, a gardener, a fireman or a million other tasks. Sure, they can all use it if they wish to do so, but it does not affect their ability to do their job. I commanded large groups of people and I didn't need to use an email to do it. Lots of information had to be written down but an email was NOT an acceptable format for a set of orders, an intelligence assessment, a personal report on a subordinate or a request for leave. In my environment, you had to be able to write correctly and accurately, using a big boy's pen. Yes, it could be typed, using a traditional typewriter or a computer, but it still didn't need an email to do it. For security reasons, the vast majority of the computers that I used were either standalone or on very limited networks. The email facility, if used at all, wasn't always high up on the list. You probably work in something connected to computers, hence your interest here on /. You are probably interested in technology and other geek pursuits. It might be important to you, but that doesn't make it important to others.

Quit with the "cracker/hacker" bullshit

[venomkid]

It's hacker, okay? Hacker. When someone is able to write code to get a computer to do something awesomely good, that person is a hacker. When someone manages to get a computer to do something is awesomely evil, that's also a hacker. If someone builds a spice rack for Gandhi, or a spice rack for Stalin, they're still both carpenters. Trying to frontload the term with your own moral judgment is just a little too newspeak for me.

You know what bothered me most about that story?

[SmoothTom]

As many as 1500 Pentagon computers were brought offline on Wednesday in response to a cyber attack. Defense Secretary Robert Gates reported of the fallout ... that the attack had 'no adverse impact on department operations'...

What in Hell are those guys doing if taking 1500 'puters off line doesn't affect operations? Should those 'puters even BE on-line then?

*shakes head*

--Tomas

Flamebaiting the digerati

[Shohat]

Now, every other person online will mock him for not knowing how to use email, and being "low tech".
There is no reason why a person should use such new technology, when most of you probably spend all your time sitting of furniture you have no idea how to build (most have no idea how to build a chair that lasts a week), spend a life inside a home with no understanding of architecture or even the most basic ability to alter your surroundings, no ability to fix a broken toilet, repair a frozen refrigerator, fix a broken washing machine, or just replace a window in your house with a new one. And these are things that people live with from their early childhood, unavoidable parts of everyone's lives."Low tech" so to speak.
But when a person doesn't use email? OMG ROFL ROFL ROFL WHAT A DUMBASS NEWB.

Attack or Counterattack?

[TransEurope]

That's the question.

The CIAs and NSAs operations are totally secret, maybe they attacked a cybertarget before, and that's the just a counterattack. That's a widely known strategy to control the media. The public thinks their countries computers are attacked by evil guys from whereever because they can't link that event to the secret event done by their own secret service before. So the (counter)attacker looks more wvil ("Hey, why do they hate us???") and the government can use this to raise the fear of the people. Also the computer guys from the services can demand more money for defense of the countries networks.

You shouldn't believe everything the secret services (of any country) make public. Especially when they make something public ;-)

Slashdot should know better

FYI, that's not crackers. Thats hackers. Does anyone else find it incredibly annoying when main stream media get these 2 terms confused? Do you find it doubly annoying when people who should know better like SLASHDOT get them confused?

I do. Not sure why really. But I do.

Re:Ha, ha--isn't it funny that I'm so ignorant

[KevReedUK]

IIRC, Gates DIDN'T say he doesn't UNDERSTAND email, just that he didn't use it himself...

Not sure, however, whether he meant he doesn't use it specifically for classified/ sensitive info, or whether he simply meant that whilst email is circulated with his credentials in the "From" line, it's one of his army (no pun intended here... it's probably quite literal in this case!) of secretaries who has authored it using delegated access to his mailbox.

Having said that, if it's the latter, this does open up a minefield of possibilities with a subordinate with delegated access using this priviledge to pursue their own agenda...

Just my $0.04 (At current exchange rates, my £0.02 is worth more than your $0.02)

Re:Keyboard Infestation

[TheGreatHegemon]

Joking aside, I applaud the article for differentiating between hackers and crackers.

only weasels and illiterates hate email

[misanthrope101]

For me, its principal virtue is that it serves as a record of what I actually said, and what was said to me. I want taskings and requirements in writing. I'm okay with them changing, as long as I have a record of what I was originally asked so we can track the change in objectives.

I have waaaaay too many memories of supervisors saying "I never said that." Of course, I still have supervisors who want every encounter face-to-face, ostensibly because they feel that email is impersonal. Guess which supervisors have rather flexible memories when it comes to what they did and didn't say to me?

I'll even type up what we discussed right after the meeting and pass it by them to "make sure I understood," and they just reply with "see me." But I push for written records as often as I can. Only weasels and illiterates hate email.

Dumb Language Infestation

[fm6]

I thought, "Hey, yet another attempt to blame computer crime on people from Georgia. Where is this politically correct BS coming from?"

Then I remembered that for some time now, some people who think of themselves as "hackers" (in the original sense of the word) have played language nazi every time they've heard the more popular use of the word. "No!" they exclaim. "You mean cracker!"

This ignores two important linguistic principles:

1. Words can have more than one meaning. You're supposed to figure out which one from context.
2. You can't just coin a new word and expect people to use it in place of an existing well-established word. Especially when the coinage is so lame.