Pentagon Hid Magnitude of Data Loss From Recent Breach

blueton tips us to a brief story about recent revelations from the Pentagon which indicate that the attack on their computer network in June 2007 was more serious than they originally claimed. A DoD official recently remarked that the hackers were able to obtain an "amazing amount" of data. We previously discussed rumors that the Chinese People's Liberation Army was behind the attack. CNN has an article about Chinese hackers who claim to have successfully stolen information from the Pentagon. Quoting Ars Technica: "The intrusion was first detected during an IT restructuring that was underway at the time. By the time it was detected, malicious code had been in the system for at least two months, and was propagating via a known Windows exploit. The bug spread itself by e-mailing malicious payloads from one system on the network to another."

army net security is indeed ridiculous.

[r00t]

Sysadmins must apply patches IF AND ONLY IF they are army approved.

Sounds decent so far, hmmm?

The army has some committee that regularly decides which patches to approve.

Still not too bad, hmmm?

The committee approves patches for things that are being actively exploited.

Ponder that one for a moment. It means that every security hole will be exploitable on the army networks. Every security hole gets a chance, since "not exploited yet" means "not a problem".

Re:Windows strikes again.

[SethJohnson]

2) Decent firewall alerting you to connections to chinese IP space,

Duhh.. these guys weren't amateurs. They wouldn't have been communicating directly with the compromised hosts. There'd be like three or more hops of compromised boxes between them and the Pentagon. Not to mention that the intrusion might have originally been thanks to a viral botnet where the controllers recognized some interesting IPs within their herd. Then used the command-control structure to issue specific commands to those boxes to further infiltrate the Pentagon. Probably was always outbound connections uploading data and grabbing new marching orders (encrypted in both cases).

Seth

it is

[Quadraginta]

Twenty thousand people work in the Pentagon, the bulk of them secretaries, flunkies, gophers, paper pushers and form filers. They have, naturally, a plain old typical big business e-mail system for sending memos back and forth about whether the proper signatures have been affixed to form eight six four nine nine stroke seven aitch. This is what got hacked. To the extent "sensitive" data was compromised, it would be stuff like the Assistant Associate Deputy Secretary's daily conference call schedule, which is "sensitive" in the sense that in the remote chance that someone wants to assassinate him they'd find such data mildly useful.

There is of course also a serious network of computers at the Pentagon which handles serious military secrets. It doesn't run Windows. It isn't physically connected to the Internet. The Chinese can't touch it.

This is a silly FUD nonstory. There's no reason for the Pentagon to treat random secretarial computers with the same attention to security as they give classified computers. It would be very expensive, and my taxes are high enough already, thank you.

Re:Windows strikes again.

[Hemogoblin]

Speaking as someone who has worked as an Immigration Officer with the Canada Border Services Agency, I can say that our immigration laws are quite fine, thank you. In addition, our antiterrorism laws are quite robust, and I would argue that the United States' laws are needlessly draconian. Thank you for your time.

Honey pot.

[dsmatthews]

It would not be the first time that a government has gone to great length to convince others that the stolen data they have is real, when really it is not, rather it is carefully crafted misinformation designed to fubar any project or plans it is used in.