Slashdot Mirror
Significant Russian Attack On US Military Networks
killmofasta notes an LA Times story on a severe and widespread attack on US military computers that may have originated in Russia. Turns out the military's recent ban on flash drives was a precursor to this attack, which was significant enough that the President and the Defense Secretary were briefed on it. "The 'malware' strike, thought to be from inside Russia, hit combat zone computers and the US Central Command overseeing Iraq and Afghanistan. The attack underscores concerns about computer warfare. 'This one was significant; this one got our attention,' said one defense official, speaking on condition of anonymity when discussing internal assessments. Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary. ... [A defense official said] 'We have taken a number of corrective measures, but I would be overstating it if I said we were through this.'"
Anonymous coward here, for a reason etc.
I work with the USAF in a very official capacity in IT and got wind of the flash media ban a while back.
I've been asked to keep quiet about this, but since it isn't classified, and nobody takes slashdot seriously, take this for what it is worth:
We stopped using all flash media on all networks because we can no longer be confident that they do not come from the factory with payloads attached. I've seen entire boxes of flash media from the "amnesty boxes" set up inside USAF buildings sent off to NSA and FBI for investigation.
There are some who think that manufacturers have been infiltrated with the sole purpose of loading malware onto drives. And it isn't that it's specifically an attack on US Gov. computers - it's just that Gov. networks tend to be pretty incestuous, and flash drives are often moved back and forth between multiple computers daily by most users due to the flakiness of CAC (common access card) infrastructure.
So beware.
"may have originated in Russia" is not the same as "originated with the Russian government," of course.
My guess, the attacks are an attempt to turn the vast power of military computer systems into one giant spam-bot.
And, also, just think of all the new Nigerian scam letters that they could pull off with military connections... the "your son was wounded in Iraq and is being airlifted to a hospital in Germany, please send $10,000 to pay for a private room for him" scam will be much more powerful if it issues from a military computer (and, for that matter, much more convincing if the scammer knows the actual name, rank, and next-of-kin of the 'son').
http://www.geoffreylandis.com
To be fair, it's not like when the US reports these attacks to China/Russia they do anything about them to suggest you might be right though.
It's the same with the whole Litvinenko thing here in the UK, we know where the Polonium came from (a Russian lab) we even pretty much know Lugovoi did it but as they wont help whatsoever to put him to trial and have instead put him into their parliament in a position of power it's kind of hard to give them the benefit of the doubt.
Maybe if they actually helped bring these perpetrators to justice we could give them the benefit of the doubt as you suggest, but when they instead protect the almost certainly guilt with no real trial or investigation then it only adds to the idea that the governments of these nations themselves are in fact responsible.
If a bunch of Canadians crossed the US border and attacked the US and then made it back to Canada safely and the Canadian government did nothing about it or even went as far as giving these people places in government as per the Luogovoi/Litvinenko affair then yeah I think most people would still say the Canadian government deserves a lot of the blame.
Don't get me wrong however, I do feel these "cyber attacks" are a little overstated, I hate to say it but it's becoming so common when I read about them I can't help but think "Who cares, stop moaning and either return the favour or learn from it and stop it happening again". As is pointed out here on Slashdot often though, they don't seem to learn from their mistakes and instead simply repeat them over and over. I'm not sure what the US government is trying to achieve with these cries? Trying to make us hate Russia/China? Don't worry their human rights record means a lot of us already do. Trying to get sympathy? Well what for? You're the military, you're the ones who are meant to be dealing with it and so on.
Or in other words, to put it simply- they're all just as bad as each other.
It is exactly this vain "cover-my-ass" attitude that makes situations escalate, sometimes up to the point of war. I understand that a bunch of old farts in DoD feel a strong need to justify (or increase) their Cyberwarfare budgets but pointing fingers at an allied country (relations with which are not always easy) in public over a non-issue like this is, imho, going way too far.
Network security by isolation of the critical parts is possible and this whole "cyberwarfare"-bullshit is just driving tears into the eyes of anyone who knows a bit about the subject.
Yes, an attacker could overload and DoS less important/perimeter networks and yes an attacker may able to overtake various individual machines or department networks, e.g. by sneaking trojans onto employee's computers, phishing etc.
If any of that worries you in a national-security kind of way then do your fucking homework and implement appropiate security layers and airgaps already!
A flash trojan is a non-issue because a critical system won't run flash. In fact, a critical system won't even interface with a system that could be taken over in such a way.
It doesn't even mean that the ones behind the attack are russian nationals. For all we know it could be americans using 0wned computers in Russia.
Sorry, couldn't resist.
Also, the CBC [Canadians] are running sensationalist crud on their TV.
Most irritating soundbite from a DHS 'expert':
"Digital Pearl Harbor"
I think they must have run the same quote 3-4 times.
Me? I think the military / DoD is begging for $$$ as usual. What? We didn't bail out the military? Shame!
--- See you at the Tannhäuser Gate.
I'm not sure it matters. Whether US military computers were choosing to load and execute foreign code as a result of a foreign first strike, or a foreign counter-attack, we still have the situation that US military computers are loading and executing untrusted code, and apparently unsandboxed, so that it ended up mattering.
I don't care why it happened at the political level; I care about why it's happening at the computer or operator level. People using "important" computers shouldn't be doing that, nor should their computers be making it easy for them to do that.
No matter why the military computers were attacked, the fact that the attack worked proves incompetence.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
while i don't doubt that electronic warfare is being actively developed by other nations (i'm sure the U.S. armed forces aren't the only military interested in, or actively developing, electronic warfare tactics), i wouldn't put it past the MIC to exaggerate the risk of electronic attacks in order to manipulate the public. it certainly wouldn't be the first time the public was mislead about our nation's defense in order to funnel tax dollars into unnecessary defense projects. and now with war logistics being an more lucrative than ever through the Logistics Civil Augmentation Program (LOGCAP) and its cost-plus award-fee contracts, even more more private sector companies have a vested interest in seeing a renewed Cold-War-type international tension and corresponding military spending.
it's just too bad Americans never heeded Eisenhower's farewell address. of course, if more people working in the defense industry were truly patriotic, they'd all be as morally enlightened as you, and the MIC wouldn't exist.
Yes, there are countries worse than us, much worse. But, there are also countries better than us. I find it odd that we went from claiming "We're the bastion to freedom" to claiming "We're not as bad as random Muslim theocracies, and some African anarchies, and perhaps China!". We should be striving to be the most free country in the world again, and not just mediocre.
As for all of our other metrics, we're failing. Sure, we're better than Congo, but who isn't (besides the Congo)? Its like murdering someone and saying "at least I didn't rape her!".
I do find it odd that we count DRM in here, DRM is not a government mandate, its a stupid mandate from the free market. No one is forcing anyone to use DRM media, sell DRM media, or anything else like that. Companies decided to do so, we decide to buy their products. Isn't the free market grand?
This is why my idea of striving to be the freest country in the world doesn't equate with many other people's idea of freedom. I don't think corporations fall into the list of priorities, only people as individuals. Free corporations have done their share in destroying America. I'm getting sick of having to spend energy on thinking of reasons to be proud of my own country.
A patriot must always be ready to defend his country against his government. -edward abbey
I think that, right now, no one is really sure what to do. I don't think that it is a cause for war (traditionally speaking), but it is a violation of sovereignty. I'm not sure what we can do about it at this point aside from defense and counter-offense.