Pentagon Hid Magnitude of Data Loss From Recent Breach

blueton tips us to a brief story about recent revelations from the Pentagon which indicate that the attack on their computer network in June 2007 was more serious than they originally claimed. A DoD official recently remarked that the hackers were able to obtain an "amazing amount" of data. We previously discussed rumors that the Chinese People's Liberation Army was behind the attack. CNN has an article about Chinese hackers who claim to have successfully stolen information from the Pentagon. Quoting Ars Technica: "The intrusion was first detected during an IT restructuring that was underway at the time. By the time it was detected, malicious code had been in the system for at least two months, and was propagating via a known Windows exploit. The bug spread itself by e-mailing malicious payloads from one system on the network to another."

Windows strikes again.

[urcreepyneighbor]

was propagating via a known Windows exploit. DARPA may want to rethink funding OpenBSD. :)

The DoD doesn't need Windows, we need bunkers.

Re:Windows strikes again.

[Jarik_Tentsu]

Don't forget to mention some kinda overall consistency. Doesn't matter if half your network is as impenetrable as your high school crush when the other half is as easy as her slutty best friend.

~Jarik

Gary McKinnon showed the way with .mil

[AHuxley]

Gary McKinnon is accused of cracking into 97 United States military and NASA computers in 2001 and 2002.
He talked of blank MS passwords and using a tiny Perl script.
So maybe you do not crack or hack MS Pentagon computers but just surf on in.

http://news.bbc.co.uk/2/hi/programmes/click_online/4977134.stm

You know, one time we had a box DoS, for 12 hours. When it was all over, I walked up. We didn't find one of 'em, not one stinkin' Asian ip.
The smell, you know that Microsoft smell, the whole box. Smelled like... owned.

Re:$TRILLIONS for Insecurity

[Adambomb]

While i agree with your overall point, those are relatively poor metrics to base it on.

The vietnam war cost 600B$USD considering 1968 USD.

If you consider inflation based on the first inflation calculator google link that I clicked, plugging in 600B$ from 1968 yields:

What cost $600000000000 in 1968 would cost $3688102617038.20 in 2007.

thats 3.68 trillion in north american terms no?

Re:Is this supposed to be some sort of scandal?

[Mork29]

No "state secrets" were lost. If something is "secret", then it's "classified". If it's classified, then it isn't being stored on a system that has access to the internet, directly or indirectly. According to the article, (yes, I read it...) there was some sensative information lost. This is not going to be launch codes or anything that's even remotely that valuable. I'm not saying it's no big deal, I'm saying that it's not nearly as big a deal as you're trying to make it out to be.

Re:simple question...

[glitch23]

why the hell is any DoD network connected to the Internet????

On the surface, it does sound crazy, however in the technologically connected world we live in even secure networks must be connected to inherently insecure networks. Of course, those "secure" networks aren't so secure anymore and that's where IDSs/IPSs, firewalls, etc. come into play. The DoD must be able to communicate with DHS- and DOJ-type agencies at the federal level and probably many other entities at the state level and as such their data must be on those networks in order for full communication to take place. And although that network may itself be a private WAN specifically for that inter-agency communication, some communication must still occur over the Internet (whether via VPN or not). And that's where you run into originally secure networks coming into contact with insecure networks. It's the nature of business now which demands running the latest technology to be properly protected.

There are still classified networks where the really sensitive data resides (or not as the case may be but the capability for top-secret information to be stored on a classified is possible with the 'classified' label) but for systems accessible on the Internet the information is at most sensitive but unclassified (SBU).

Re:$TRILLIONS for Insecurity

[Doc+Ruby]

No, you're wrong.

The Vietnam cost of $600B is in 2005 dollars. Using your calculator, that's already over $653B.

Iraq alone has already cost more than that, well over $700B.

And if you're interested in using a calculator, look into the fact that at least 80% of Iraq's cost is borrowed money, which (at typical 30 year Treasury bond rates) costs 155%. So that's already going to cost well over $1 TRILLION. And that's just Iraq, which has made us a lot more threatened.

Feel safer?

Re:army net security is indeed ridiculous.

As a army sysadmin that is bogus. Every sysadmin is authorized to patch and maintain a secure system regardless of the offical reporting status. From one of the offical emails I recieve sending me bug reports...

4.0 (U) REGULATORY REQUIREMENTS: Army personnel are reminded that they do not have to wait for an IAVM to patch their systems IAW AR 25-2 Chapter 3-3a (6) all System/Network Administrators are required to ensure secure configurations to include all pertinent patches and fixes by routinely reviewing vendor sites, bulletins, and notifications and proactively updating systems with fixes, patches, definitions, service packs, or implementation of vulnerability mitigation strategies with IAM or IAPM approval.

Now some IAM or IAPMs are more responcive than others to be sure, but that does not mean that they are ok just letting things go until they get exploited. Issues are evaluated soley on risk. I have yet to get a IAVM in the last year that was actively being exploited and had not recieved either a patch or mitigation directions from my higher HQ. I am reading the same stuff directly from JTF-GNO that these sysadmins probably read as well (if they dont then they should have). This looks more like sloppy especially given the level they are at.

Re:DoD Security knows all, does all, is all BullSh

[rtb61]

Now the most interesting thing about this case, is during the whole episode, all internet connections between the US and overseas where being monitored by the NSA. Did no alarm bells go off when all this data was going from the US to China regardless of the intermediaries. So what exactly was the NSA monitoring, obviously nothing with regard to national security or military intelligence material or even information on military hardware.

It really does make what the NSA were doing look very suspicious and starts to look more like a domestic surveillance program searching for those who did not properly align themselves with the current administration. Opposition political leaders and political fund raisers, people who supported peace and not war, those that actually wanted to support the troops rather than just sending them off to bleed money out government and into the pockets of corporations whilst the soldiers bleed on the battlefield.

I wonder how much information got out about the corrupt nature of some of the practices going on in the pentagon that will later be used by the autocratic communist Chinese leadership to manipulate and control those in charge of the Us's national security. A whose who of those that will readily accept bribes regardless of the loss of life.

I bet there are a whole lot of people who now wish they had mandated the use of the NSA's SE Linux on desktops and file servers, the NSA really did now and attempted to do something constructive about the problems inherent in M$ windows before they were cut off by the corrupt M$ executive team and an equally corrupt republican administration.