Slashdot Mirror
Pentagon Confirms 2008 Computer Breach — 'Worst Ever'
jowifi writes "The New York Times reports that the Pentagon has confirmed that, in 2008, a foreign agent instigated 'the most significant breach of US military computers ever' using a USB flash drive. While the breach was previously reported on Wired and the LA Times, this is the first official confirmation of the attack that led to the banning of USB drives on government computers."
I have heard that the ban has since been lifted. I inferred from this that it was a temporary measure allowing them to get a secure solution in place.
The thing that is stupid about it is that sure block exes from being run from a USB, then the user will copy it to the machine and run it there.
BTW, GPOs from day one have had the ability to disable Autoplay and autorun.
A US Army dental surgeon told me that their computers were "fixed", so they could not copy pictures of their operations to any external media. The surgeons needed anonymous pictures of operations that they had performed, for preparing for their careers after their service. Like, applying for a job somewhere.
One of them figured a way to use the USB port in the Canon printer that they had. They could toss pictures at the printer, and land them on the USB stick. Circumventing any blocks on the PCs from accessing the PCs' USB ports.
So any unprotected port is, well, a potential source of a leak.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Same guy that stole the plans to defend South Korea from attack by the North with a thumb drive? There are solutions guys and they're not very difficult. How about this one, which I stole from "Cryptanomicon": Anything electronic going in or out goes through security. Personnel drop such things off at the entrance and then walk through a very large, strong magmetic field. Same thing leaving. Just like the airport only if you forget to drop off your watch, it gets fried.
I have this dim recollection that we could do this with GPOs in Win XP.
And we could use ZenWorks to do it also. Much nicer editor, and volatile accounts are a blessing in school labs.
Disabling removable media isn't new, just overlooked.
deleting the extra space after periods so i can stay relevant, yeah.
there should be a way to restrict execution to only code signed by the owning organization's IT security.
Snowden and Manning are heroes.
If the two never meet, then how do you explain that data breech where they lost terabytes of information to the internet? I'm not sure why the classified DARPA stuff wouldn't be similarly secured.
That was my thought, why are they allowing physical access to the USB ports without properly monitoring the devices being allowed to be used in the machines. Physical access to the keyboard and mouse is enough of a security risk as it is, but allowing people to plug in strange USB devices without first inspecting them strikes me as irresponsible. Admittedly, people do have to do their work, but I'm not sure why they weren't being required to scan the information on the drive before connecting it up to a secured computer.
There's no reason why the check point computer even needs to be connected to the net at all if you're willing to do manual updates to the security software via disk.
USB drives were at one time used to transfer between air-gapped networks when CD/DVD transfers would burn through media too often. I can attest to this.
Doesn't help the government NMCI machines, which are still running XP.
In 2008 any standard issue Army computer would've have had autorun disabled. This was standard practice. In 2008 the Army was handing out commercially available encrypted USB drives and telling everyone to use them and nothing else. These drives had an unencrypted partition loaded with the software used to unlock and mount the encrypted partition, along with an autorun.bat script that would eliminate the extra steps needed to launch that encryption software, if you were to actually have autorun enabled.
So my guess is that some influential user got an admin to enable autorun to save him a few extra steps each time he inserted his encrypted USB drive. From there it was just a matter of time for that to come back and bite him.
While I haven't seen any official statement about it being lifted. I have started seeing USB drives work more and more often.
But then again maybe someone in the G6 (Army IT guys) just decided the ban was stupid when they were issuing out new computers and while USB was blocked, Firewire, eSATA and SD card port and slots were all active and working. My office went from everyone carrying USB drives in their pockets to everyone carrying SD cards.
Now if the machine is off the mil network the USB works, if the USB drive is in the machine when I connect to the network it works, but if I pull the drive out and re-insert it or if I connect and log in and then insert the USB drive it doesn't work, typical military brilliance.
I'm too lazy to compose a creative sig.
In 2008 any standard issue Army computer would've...
But were they able to track down and deal with the individual(s) that deployed Microsoft products?
The military procurement procedures produce a solid paper trail even if on some occasions they produce nothing else. Had they deployed properly engineered products rather than brands infamous for bad design the problem would not have arisen. The US Navy will focus on open systems only, if it can stay clear of the old M$ contractors and M$ resellers.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Disabling the ability to mount or mounting read only for USB mass storage devices would not have made a difference. Further, there is a fundamental flaw with USB...
During Blackhat/Defcon (or was it B Sides), a guy, whos name completely escapes me right now, as I did not get a chance to attend the briefing/talk, took a USB thumb drive and added some keyboard hardware to it. When you plug it into the system, it registers as an HID device, not a USB Mass storage device...
Guess what, every computer that is sold uses a USB keyboard and mouse. I am sure you can still find ps2 based keyboards, but not for places that require users to use a crypto card, or a CAC card (per HSPD-12), which generally drops into the keyboard, those are USB devices.
A small script with some keystrokes embedded into the USB drive that identifies itself as a keyboard, and you can instruct it to do whatever....
USB itself is flawed in that respect, so simply disabling USB Mass storage will not work.
Now if only I could remember who gave the damn talk....
I came, I conquered, I coredumped