Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Attack Prompts DoD To Ban Use of External Media

Posted by timothy on from the sehr-klug dept.

An anonymous reader writes "The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs [...] The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks."

15 of 295 comments (clear)

  1. This isn't alarming... by Hahnsoo · · Score: 4, Insightful

    This sounds like common sense. Seriously. Several years ago, a military bud of mine said that the worst threat to their security is the USB flash drive.

    1. Re:This isn't alarming... by Anonymous Coward · · Score: 1, Insightful

      Nothing sadder than a sig that is a desperate cry for attention.

    2. Re:This isn't alarming... by PitaBred · · Score: 2, Insightful

      Which just goes to show you that Windows should never be let on the Internet, or use removable media of any sort.

      --
      My blog. Good stuff (when I remember to update it). Read it.
  2. Auto-infect by robo_mojo · · Score: 4, Insightful

    Sounds like someone forgot to disable auto-run.

    1. Re:Auto-infect by Nerdfest · · Score: 3, Insightful

      It's quite sad that you need to with most (all?) versions of Windows. This should be the default state, especially with viruses coming right from the factories in digital picture frames, etc.

  3. Re:They're just ignoring the real problem by idiotwithastick · · Score: 5, Insightful

    Do you honestly think that foreign intelligence agencies won't write Linux or Macintosh viruses if it would get them into the DoD network? The OS might be part of the problem, but users are the much bigger one.

  4. The obvious solution by DesScorp · · Score: 4, Insightful

    Chuck Windows, and adopt Unix. I realize there are some possible implications of using Linux because of the GPL, but then use BSD. There are bright Comp Sci guys in the military and DOD. Customize a military Unix, and use it throughout all the services. In fact, I think it's long past time DOD did this. With the computerization of everything from planes to ships, now's a smart time to do it. There's no way Windows should be running a ship of war.

    --
    Life is hard, and the world is cruel
    1. Re:The obvious solution by ZackZero · · Score: 2, Insightful

      Disclaimer: IAAS (I Am A Sailor)

      Windows does NOT run a ship of war; I cannot say exactly what operating systems are used on the critical components (i.e. NOT shipboard LAN)but can say that they are a derivative of Unix. They are always kept in secured spaces and cannot simply be infected with a worm or virus. They're not even connected to the Internet.

      The issue affects workstations kept on-land, and is likely covering those that are marked unclassified. Those are the ones running Windows - and I'll say it now, DoD should've gotten a contract with Apple.

    2. Re:The obvious solution by link-error · · Score: 2, Insightful

      You mean like the version developed by the NSA? http://en.wikipedia.org/wiki/Selinux

      --
      -Unresolved symbol? Byte me!
    3. Re:The obvious solution by Bobb+Sledd · · Score: 2, Insightful

      You don't understand the scope of what you're suggesting.

      Let's take just one job -- a DoD web developer for example. You have an internally secure web site used for data collection that (we'll say) runs on IIS, PHP, MSSQL and is developed using an IDE such as DreamWeaver (and probably PS is involved too), and is developed specifically for the DoD version of Internet Explorer. It's already been run through testing and received certification for security and all.

      To move to a non-Windows based platform, you have to ditch your web server, ditch the MSSQL server, (and when moving to the new platform ensure that your PHP environment works the same), and run through all your PHP code to make sure it can connect to whatever SQL database you replace it with (No, MSSQL is not necessarily the same syntax). Then, if the site used any JavaScript (or anything else that is IE-only), you have to re-validate it for that new browser. THEN it can be submitted again for security testing and certification (which all this time, the site is brought down while you wait several months for them to get around to testing). And you may have to re-train your developer on new tools on a new platform for programming on yet another new platform.

      This is just ONE type of job to re-tool for. I'd say it's pretty infeasible.

      Now, original platform choice mistakes aside (that you had no control over), I know you're going to say, "well you should have programmed your pages so they could easily be switched to another platform!" or "well, who in their right mind would program for IE only?" But that's just the way the system was made by the guy before you. You can complain all you want, but it's still a lot of work you'd be imposing.

      Oh and by the way? Each system is usually owned by different department and has to be certified independently (expensive and time-consuming). Web server is owned by one tech group. DB server is owned by another. Web Developer is yet another department. And no one talks to each other well.

      --
      "They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
    4. Re:The obvious solution by ZackZero · · Score: 2, Insightful

      When I said "Windows does NOT run a ship of war", I referred to active ships. The USS Yorktown (CG 48) was decommissioned, and therefore is no longer an active ship of war. We evolved past using NT4.0.

  5. Maybe they can use.. by Anonymous Coward · · Score: 1, Insightful

    Maybe they can use one of their $20,000 screwdrivers to remove the USB jacks. Or better yet have the manufactures disable them in the hardware or remove them when they are purchased.

    Banning media doesn't work, you have to break the method for using it. You're just going to get some guy who thinks he's good with computers and he's immune to viruses because he's "a tech" and when he plugs his flash drive in the same things going to happen.

  6. Better ban email to by Synn · · Score: 2, Insightful

    Because a virus can come from there as well. Along with web access, usenet access, ftp access.... might just as well unplug the network cable just to be safe.

    Or they could install an OS that wasn't insecure by design.

  7. When you put something in a locked box by Ungrounded+Lightning · · Score: 3, Insightful

    Do you honestly think that foreign intelligence agencies won't write Linux or Macintosh viruses if it would get them into the DoD network?

    When you try to protect a secret by putting in in a locked box, do you put it in a steel box with a good combination lock? Or do you put it in a cheap transparent plastic box with a lock that can be picked by a safety pin and hundreds of holes and little doors that can be opened even more easily?

    Yes Linux, MacOS, and even OpenBSD aren't absolutely impregnable. But Windows has a decades long track record of holes (some unfixable) and a multibillion dollar malware industry built on exploiting them. The fewer holes you start with the easier it is to close them.

    Essentially ANY military function is a security issue. For a person with any level of IT expertise to put such functions on Windows platforms is, IMHO, either a level of incompetence suitable for dishonorable discharge or of malice meeting the definition of treason.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    1. Re:When you put something in a locked box by Ungrounded+Lightning · · Score: 2, Insightful

      Do you actually think the DOD only uses windows?

      Of course not.

      But I think that the machines affected by THIS WORM use Windows.

      Do you know of any "commercial malware" worms that self-spread on any other OS?

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way