Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Attack Prompts DoD To Ban Use of External Media

Posted by timothy on from the sehr-klug dept.

An anonymous reader writes "The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs [...] The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks."

20 of 295 comments (clear)

  1. This isn't alarming... by Hahnsoo · · Score: 4, Insightful

    This sounds like common sense. Seriously. Several years ago, a military bud of mine said that the worst threat to their security is the USB flash drive.

    1. Re:This isn't alarming... by Creepy+Crawler · · Score: 4, Informative

      It needs to be said:

      In linux, one can remove exec permissions from a whole device via the noexec switch in /etc/fstab .

      --
    2. Re:This isn't alarming... by Creepy+Crawler · · Score: 4, Informative

      ---There is no technological defense against PEBKAC.

      You are absolutely wrong. If a system is designed properly, or set up properly, the user cannot wreak havoc on a system or the network.

      In windows, there are many ways to do X behavior that changes the system. Therefore, Windows is hard to secure properly. It is possible, only by globally applying over-secure regedits that disable even basic functionality. Instead, I propose Linux as a good starting point.

      PEBKAC, at least in the business setting can be effectively eliminated by the use of simply being unable to even execute the programs.
      Games? Not on the HD.
      Web browser? If you need it, you'll be in the webbrowser group.
      Some document program? does your job require documents, if it does, you'll have that.
      Are you a developer for 3d stuff? If so, you get DRI rights. If not, no permission. Can Windows restrict access to the 3d device?

      My question is why do you grant rights to users when they do not justify those rights? We need to provide granular access so that the user is limited in what they do and act only in prescribed ways.

      As for that, the only way users can then screw things up is if they do not back up their user files, which you should already have thought of. A morning rsync of the /home (which should be mounted from the server) should take care of basic backup issues. Then it turns to your problem of access to the backups (which could be automated also). It really is a game of admin vs user, and you must outsmart stupidity. You do that by providing 1 way as the only way.

      ---Something about "internet license"

      meh. You do that by providing a punishment via the lines of willful negligence. If one does not provide basic security to prevent infection/takeover or notices and takes no heed, one is guilty and owes a fine to the party harmed. In the course of a botnet, that would be the proportion of bandwidth they used (based upon the actions of the the takeover tool).

      Simply put: use the laws we already have now, and not some new, easily to corrupt, new license.

      --
    3. Re:This isn't alarming... by Creepy+Crawler · · Score: 5, Interesting

      Why is everything in Windows managed by tools that do not come with the default installation?

      I can perfectly manage a Linux installation without 3rd party or "optional" tools found on some website. Windows requires X tools that provide basic functionality on their site, and not default on the CD.

      I hate that.

      --
    4. Re:This isn't alarming... by Anonymous Coward · · Score: 5, Funny

      Why is everything in Windows managed by tools that do not come with the default installation

      We prefer to be called administrators you insensitive clod.

  2. In Soviet Russia... by markov_chain · · Score: 5, Funny

    ... external media bans DOD!

    --
    Tsunami -- You can't bring a good wave down!
  3. Auto-infect by robo_mojo · · Score: 4, Insightful

    Sounds like someone forgot to disable auto-run.

    1. Re:Auto-infect by Dr_Barnowl · · Score: 4, Funny

      credit cards should have rolling pins

      For a moment I pictured a credit card making pastry.

  4. Re:They're just ignoring the real problem by idiotwithastick · · Score: 5, Insightful

    Do you honestly think that foreign intelligence agencies won't write Linux or Macintosh viruses if it would get them into the DoD network? The OS might be part of the problem, but users are the much bigger one.

  5. The obvious solution by DesScorp · · Score: 4, Insightful

    Chuck Windows, and adopt Unix. I realize there are some possible implications of using Linux because of the GPL, but then use BSD. There are bright Comp Sci guys in the military and DOD. Customize a military Unix, and use it throughout all the services. In fact, I think it's long past time DOD did this. With the computerization of everything from planes to ships, now's a smart time to do it. There's no way Windows should be running a ship of war.

    --
    Life is hard, and the world is cruel
  6. Warfare without Clippy? by robinsonne · · Score: 5, Funny

    It looks like you're trying to blow up that building. Would you like to use:

    1)Grenade
    2)An RPG
    3)Airstrike

    1. Re:Warfare without Clippy? by haystor · · Score: 5, Funny

      4)Windows

      --
      t
    2. Re:Warfare without Clippy? by DarthJohn · · Score: 4, Funny

      5) Banana Bomb
      6) Super Sheep
      7) Holy Hand-Grenade

  7. An actual case where Linux solved this problem by TheModelEskimo · · Score: 5, Informative

    Dave Richards, the administrator of the Largo, Florida computer network, came up against this problem. He made the system mount USB disks as FTP shares, and made the file browser hide any executable files on the share so they couldn't be transferred.http://davelargo.blogspot.com/2008/02/hp-thin-clients-and-usb-access-for.html

    I'm not surprised the DoD just completely shut the door on these things, but I think that for most admins, a solution like Dave's would be a really good compromise.

  8. ./configure by robo_mojo · · Score: 5, Funny

    make war

  9. The debilitating virus is Windows! by David+Gerard · · Score: 5, Funny

    Yesterday, a terrorist attack on the NHS brought three London hospitals to a halt.

    The terrorists, representing an organisation calling itself "Microsoft," apparently used insecure third-party contractors to put a virus-running platform called "Windows" into critical systems in the hospitals, in order to extort money from them on an annual basis.

    It is understood that a large percentage of all businesses are infected with the virus, wasting up to 25% of employees' working time and opening the companies to further attacks from related criminal organisations demanding to see all their licenses.

    The virus in question, W32.SHILL/ZDNET, takes over the host's IT systems, leading to aches, pains, nausea, vomiting, pumping out prodigious quantities of faeces and a terrible compulsion to spread the infection to others. The patient also walks with a shuddering stumble and asks for their hospital meal to include tasty, tasty brains. Recovery has commenced when they have an overwhelming urge to throw their computer out of the window. "Getting this stuff out of the system makes MRSA look like a walk in the park," said one cleaner, waving his shit-encrusted hands about for emphasis.

    When the infection became known, ambulances were diverted to other hospitals. "We have maintained a safe environment for our patients throughout the incident," said a spokesman for Barts NHS Trust, "keeping them in the Clostridium difficile culturing lab rather than risking exposing them to 'Windows.'"

    --
    http://rocknerd.co.uk
  10. Re:They're just ignoring the real problem by diegocgteleline.es · · Score: 4, Interesting

    There's no way you can automatically run code on a Linux computer by inserting a USB flash drive. It's just not possible. Those virus happen only because of Yet Another Windows Design Mistake - autorun.inf files that run executables.

    This has been a problem for years. Make a program that deletes all the files in a system. Put it into a CD along with a autorun.inf file. Burn the CD, don't write anything on it, and leave it near the office of someone you hate. At some point the guy will insert the CD just to check what's there. Boom. The virus will run automatically as soon as the CD is inserted.

    And there're more posibilities, like making a virus executable have a carpet icon. Since Windows hides extensions by default, people will double click the virus because they will think it's a carpet.

    These things can't happen in Linux (well, not really true, they can happen thanks to the shitty .desktop files that get "interpreted" by file managers even if they don't have execution +x permissions)

  11. It's not intuitive how to disable AutoRun by WD · · Score: 5, Informative

    Forgot to disable AutoRun, perhaps. But actually, it's quite non-intuitive how to disable AutoRun in Microsoft Windows. There are several options, and none of them (and even all of them combined) will disable AutoRun and AutoPlay features in their entirety. In fact, up until recently, Windows Vista had the logic reversed for one of the AutoRun features! i.e., if you take the effort to disable the AutoRun feature, you actually put yourself at more risk. More details here:
    http://www.kb.cert.org/vuls/id/889747

    But luckily, there is a single registry value that can disable AutoRun at its core. Once this change is made, Windows will not interpret the Autorun.inf file on any device, effectively disabling AutoRun for all devices, including USB drives, network shares, and more. Get the scoop here:
    http://www.cert.org/blogs/vuls/2008/04/the_dangers_of_windows_autorun.html

  12. Re:They're just ignoring the real problem by diegocgteleline.es · · Score: 4, Funny

    d'oh, were I write "carpet" I obviously wanted to say "folder". "Folder" is translated to spanish as "carpeta", and I always confuse them.

  13. Re:try this.. by Cajun+Hell · · Score: 5, Funny

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=dword:000000ff

    That's the whole problem with you Linux dorks! People shouldn't have to get down to that level and do such obscure things, just to be able to safely use their computer. And what you don't understand is that most people just plain won't do it! Your post is exactly why Linux will never be ready for the desktop!

    --
    "Believe me!" -- Donald Trump