Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside the Secret War Against Internet Spies

Posted by Soulskill on from the war-on-malware dept.

ahess247 brings us a lengthy BusinessWeek story on the increasing amount of attacks against the US government's online presence as well as its contacts in the private sector. Hackers are gaining a greater awareness of where valuable data might reside, and that awareness is leading to more precise, more sophisticated attacks. Quoting: "The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. 'It's espionage on a massive scale,' says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. 'They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands,' Croom says. Cyber attackers 'are not denying, disrupting, or destroying operations--yet. But that doesn't mean they don't have the capability.'"

28 of 116 comments (clear)

  1. You PWN3D my Empire! by Jeremiah+Cornelius · · Score: 5, Interesting
    Funny, Booz Allen might like to take a leaf from the Northrop-Grumman playbook and charge the Chinese for this information!

    Let's get this straight.

    Northrop-Grumman or General Dynamics or any D.o'D. approved private contractor can post anything they like about future combat systems on their websites, and even sell secret weapons systems to Saudis or the UAE or anyone else who can buy, but for anyone else to do it is an infringement of national security.

    Also, the private contractors can preferentially hire non-nationals, who work diligently and are key to the development of these systems, instead of American citizens who might be disturbed at the nature of what the private contractors are doing in the name of national security, but that's the free market.

    So, if I remember correctly, didn't something happen in Germany in the 1930s that caused its brightest physiscists to flee? And didn't the same imperial hubris that caused Germany to persecute the people who might have made it an economic power after WWI really cause it to enter- and lose- WWII?

    Just askin'. I just wondered what the Party line was these days. http://spacetimecurves.blogspot.com/2008/04/pearl-clutching-by-master-race.html
    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
    1. Re:You PWN3D my Empire! by MrNaz · · Score: 3, Insightful

      I find it amusing that these articles portray the US as some kind of noble victim in online warfare, as though a) the US is not the most aggressive player in international geopolitics and b) the US has no cyber warfare program of its own.

      Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?

      --
      I hate printers.
    2. Re:You PWN3D my Empire! by Jeremiah+Cornelius · · Score: 4, Insightful

      "Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom"

      Yes. Products of the American "education" system.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    3. Re:You PWN3D my Empire! by Anonymous Coward · · Score: 2, Insightful

      these articles portray the US as some kind of noble victim in online warfare

      [citation needed]

      I read the article quickly, and I did see that it describes attempts to penetrate US systems, from a US point of view. But I didn't happen to notice any editorializing about US nobility, or any suggestion of a lack of a US cyber warfare program.

      Sure it wasn't in your head? Go ahead and criticize US policy. Criticize the article too, if you think it's poorly written. But you're criticizing the article based on something that it does not contain.

      Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?
      Probably. Hang around a US military recruiting station, and I bet you can meet a few people who have that vision. Seeing it in real life, is a lot more amusing than the hallucination you had when you "read" the article.
    4. Re:You PWN3D my Empire! by Oligonicella · · Score: 4, Insightful

      The fact that you can even post this without boots at your door shows that those young heroes are indeed defending your liberty and freedom. "The rest of the world" is not one entity, but myriads. Many of those would gladly take you out and put a bullet in your head for your beliefs and speech.

    5. Re:You PWN3D my Empire! by Jeremiah+Cornelius · · Score: 2, Insightful

      "Probably. Hang around a US military recruiting station, and I bet you can meet a few people who have that vision."

      The FoxNews demographic. Earnest, well-intentioned, poorly-informed, misguided and wrong.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    6. Re:You PWN3D my Empire! by Torvaun · · Score: 2, Interesting

      Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ? My grandfather, and probably anyone else who was around when it was still true.
      --
      I see your informative link, and raise you a pithy comment.
    7. Re:You PWN3D my Empire! by phantomfive · · Score: 2, Insightful

      Billions of dollars to buy their feudal allegiance - with goodwill as the PR story to sell Empire back home. Um.....I think you are a bit confused about how feudalism works. You see the idea is the underling gives money and tribute to his feudal Lord. You don't buy feudal allegiance with money, you get it by promising not to destroy the country.

      Maybe this is not what you meant. Maybe you picked the wrong words; but you will get a lot farther using words that represent what you actually mean rather than picking words that sound sensationalistic and are clearly an exaggeration.

      America isn't perfect by any stretch of the imagination. Neither are it's citizens, so how could it be? But comparing America to a feudalistic Kingdoms is to so blatantly misrepresent the situation as to render your argument worthless until it is stated more accurately.
      --
      Qxe4
    8. Re:You PWN3D my Empire! by MrNaz · · Score: 2, Insightful

      Billions in aid? Perhaps you need to have a good, hard look at just how USAID operates, and the role the IMF plays in global development with it's so called "development loans".

      Oh, and the tone of your message is basically "Sure we killed millions of innocents and plundered natural wealth to which we had no legal or moral claim. But hey, at least our heart was in the right place!".

      --
      I hate printers.
    9. Re:You PWN3D my Empire! by janrinok · · Score: 2, Informative

      Yeah the USA doesn't do cyber warfare because we see it as unethical and illegal and immoral

      http://www.afcyber.af.mil/

      You were being sarcastic, right?

      --
      Have a look at soylentnews.org for a different view
  2. For every defense... by bluemetal · · Score: 3, Insightful

    For every defense there is an attack, and every attack a defense. These military types should know this better than anybody else. It's a battle they should be prepared to fight as it was only a matter of time before it happened. And of course, it will cost yet more resources to mount this defense (or as the case may be, an attack against the attackers) and somebody is going to have to pay for it. As always, technology is a double-edged sword.

    --
    "Taboo, like anything else, goes in and out of style."
  3. Spy vs. Spy by mfh · · Score: 5, Insightful

    Spies use any means available to find information. If the Internet helps, they'll use it. That does not change their ornithological classification, or make them more specialized in one key area.

    Also, spies would rather have infrastructure INTACT, so they can exploit it easily. They are lazy humans, like you.

    --
    The dangers of knowledge trigger emotional distress in human beings.
    1. Re:Spy vs. Spy by virtual_mps · · Score: 5, Funny

      Spies use any means available to find information. If the Internet helps, they'll use it. That does not change their ornithological classification I'm missing what is doubtless a deep and subtle point about spies and birds.
    2. Re:Spy vs. Spy by PopeRatzo · · Score: 5, Interesting

      Spies use any means available to find information. If the Internet helps, they'll use it. That does not change their ornithological classification, or make them more specialized in one key area.
      Great point.

      And just because we're worried about "internet spies" let's not forget that there are plenty of the old-fashioned variety out there, too.

      For example, how many of us know that 15 Bush Administration officials, including Sec'y of State Condi Rice, have just been subpoenaed in the oft-delayed Franklin/AIPAC/Israel Lobby spy case. Even though it's common enough to come up in Google search auto-complete, it hasn't been mentioned on any US media.

      The difference is now the people that are spying on us are employed by the ones that are supposed to be working to protect us.

      And even if we caught every single spy, who among us feels we could trust our Department of Justice to prosecute them with any integrity? Hell, if there were any justice, the top law enforcement appointees (John Yoo, Alberto Gonzalez, Michael Mukasey, etc) not to mention their bosses, would be the ones facing trial.
      --
      You are welcome on my lawn.
    3. Re:Spy vs. Spy by EdIII · · Score: 4, Funny

      He may have meant "ontological" but goofed it up instead with a scientific reference to the study of birds :)

      I could see him thinking about spies, and birds being like spies, and then screwing it up. What I find funnier is how many people will skim over that sentence really quickly and find it smart and intelligent sounding, while never really understanding what ornithology or ontology really is.

    4. Re:Spy vs. Spy by GoodNicksAreTaken · · Score: 3, Interesting

      I'd like to know what they are counting in those numbers. We probably have that many attacks per year on our dozen or so systems with all of the script kiddies running their dictionary attacks against the FTP server we use for getting business cards and flyers to the print shop. I can pull a large number out of my backside and claim the sky is falling as well as the next guy.

    5. Re:Spy vs. Spy by pipingguy · · Score: 2, Funny

      At least he spelled it right.

      What's worse is disagreeing with someone and spouting, "just read these 14 URLs comprising 347,958 words and you'll find out how stupid you really are" rather than putting effort into making some clear statements and taking the time to put coherent thought into words.

      There's not much worse than copypaste advocacy but it's all the rage with those who tend to refer others to talking points and narratives.

  4. Not much of a secret anymore now is it? by Gat0r30y · · Score: 3, Insightful

    And if these spys are doing a good job, it'd be awfully hard to catch em. Of course if this is any indication it couldn't be terribly difficult to gain access to sensitive information.

    --
    Prediction: The real iPhone killer is going to be sex robots from Japan. Think about it.
  5. You shouldn't have military plans on the Net by WillAffleckUW · · Score: 5, Informative

    When I worked at Boeing (and before that the Army) - if you had secret plans, you didn't keep them on a box that was open to the Net.

    The problem is that they're not even following their own rules - Win boxen have never been approved for holding Net-connected data - only in a stand-alone environment are they even considered, and even then in a secure room with full security protocols enforced.

    We used to lock down our drives too. In locked cabinets. When we went home.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:You shouldn't have military plans on the Net by bk_veggie · · Score: 2, Interesting

      I'm a little fuzzy about this. I assume your comments are referring to Boeing policy.

      Windows boxes have been allowed on the SIPRNet and JWICS since before I started my IT career. NT 4.0 was NIAP approved ages ago to do so. While those systems (arguable) aren't connected directly to the net, their boundaries have greatly expanded over the last 5 years to areas outside of military control.

      The only drives that are locked up at night (in my environment) are ones that are used for desktops in non open-storage areas.

      Now if you want to talk about problems, let's discuss why firms like SAIC, Boeing, etc. really need SIPRNet drops to their contracting facilities rather than bring the contractors on site...

    2. Re:You shouldn't have military plans on the Net by Anonymous Coward · · Score: 2, Interesting

      I find that hard to believe. SIPRNET, for example is locked away, in a room, not connected to the real world. And if anyone goes in to said locked room, they have a security clearance. And they damn sure don't walk in with any form of transportable media (thumb drives). Policies, such as the data at rest policy, prevent things like this from happening very often.

      My apologies for posting anon, but I have mod points and I work for the Navy.

    3. Re:You shouldn't have military plans on the Net by zappepcs · · Score: 3, Informative

      Not sure about all that, but when I had my TSEC it would not have been allowed to open secured data traffic to the Internet in any way shape or form. ELINT (USAF electronics spy types) would have laughed at such, then eyed you suspiciously for suggesting it. The military, my friends, is securely running on a darknet which requires more than will power and a h4x0rz kit to get into. This is all about scaring up some more money and a few more personal freedoms in the name of security from the evil terrorists, only this time it's a run up to take away some of your online rights and privacy. Don't even be fooled by the bullshit.

      If the military was as susceptible as they might lead you to believe, they'd still be trying to stop spam emails from pouring out of the RNC servers. Holy shit man, if they were hackable someone on the NYT would already be posting the 'lost RNC emails' if you know what I mean... geez

      --
      Support NYCountryLawyer RIAA vs People
  6. So feed them some bum plans. by jhantin · · Score: 4, Interesting

    Back in Reagan's day, our intel folks managed to slip the Soviets a surprise that would have made Jokey Smurf proud with their bundle of purloined technology.

    --
    ...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
  7. Connection to other malware. by Ungrounded+Lightning · · Score: 3, Insightful

    Some of this is no doubt spear-phishing. (Deploying newly-retuned spyware selectively against a target rather than globally, so it slips past signature-based malware detectors.) But I'd bet that most of this stuff is based on the malware developed for botnet-spamming and DDOSing, regular Phishing, etc.

    We have a multibillion-dollar industry based on corrupting computers and stealing selected information from them, which the governments have virtually ignored while its techniques were honed. Now their own military secrets are the target of a similar attack. Any bets on whether it is built on the same code base.

    Too late now, guys. The enemies' cyber-warfare departments now have the technology.

    But I bet that, if you start finding and closing the barn doors even after most of the horses are gone, you'll find enough fingerprints and tire-tracks to trace down who did it. Hunt them down and take them out, and you'll eliminate a bunch of the talent that would otherwise be developing the technology further.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  8. Color me underwhelmed. by ColdWetDog · · Score: 3, Insightful

    The e-mail message addressed to a Booz Allen Hamilton executive was mundane--a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy" designed to suck sensitive data out of the $4 billion consulting firm's computer network.
    OK, so a contractor gets a random email asking for *something*. The email has a keylogger as an attachment. The executive doesn't activate the keylogger.

    Western civilization was saved from the abyss.

    Who doesn't think these things happen all of the time. I would be upset (in a general way) if our enemies didn't try that sort of stuff. And sneaking in via the side door. And the hot secretary. And countless other bits of espionage craft. Keep up the firewalls men! Loose lips sink ships. Watch them commies, you never know what to expect. Let's have another iPhone article, shall we. It's been maybe 24 hours since the last one. I'm getting bored.

    --
    Faster! Faster! Faster would be better!
  9. Can anyone explain... by zonky · · Score: 2, Insightful

    Why these Defense contractors are using unencrypted email, and Access to "to manage big batches of data.?"

  10. For every threat there is funding by EmbeddedJanitor · · Score: 2, Insightful
    Of course the military and others want to make Joe Sixpack scared. A scared citizen readily hands over funding, privacy etc.

    The end of the Cold War was a huge threat to careers and funding in the CIA, military and govt contractors. Need those Iraq wars, terrorists and hackers to keep the whole war machine going.

    The military industry is not the only one that works this way. The medical industry is catching on too (bird flu) and now the whole greenwashing industry (global warming etc).

    --
    Engineering is the art of compromise.
  11. Logistics is key, even in the cyber age by Anonymous Coward · · Score: 3, Insightful

    Timely and new sensitive data, and various top secret technology always seem cool enough to make the front pages of such espionage stuff. But I'm suprised they aren't speaking of some more mundane channels of attack.

    Wasn't "The military marches on its stomach." some historical quote that was attributed to Napolean? Anyhow, where I'd keep an eye out for cyber vulnerabilities is in the logisitics chain. All it'd take is someone to get into the requisitions, inventory, and procurement channels and they could make all hell break loose. Frozen fish in the place of ammo, livestock sent to some other place, 100 screwdrivers and bomb fuses to an office that only does paperwork, etc. Not only can such things waste resources or man hours to correct, but it can cause negative economic consequences for contract vendors. Stupid shit like that could get old really fast.

    Hopefully the military brass has enough sense to ensure strong verification when dealing with civilian contractors in the supply chain (and via internal supply channels). Also there should be some means to ensure the trustworthiness of supply contractors, as some purchase orders might have the possibility of indicating potential for action, etc.

    On the other hand, this would potentially be a great way for the U.S. to attack any adversaries too. The more bureaucratic, thick, and mundane an organization is - the more opportunities for logistics data mayhem. False requests will tend to look more "reasonable" under such systems.