Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pentagon Confirms 2008 Computer Breach — 'Worst Ever'

Posted by timothy on from the ok-ok-uncle-sam dept.

jowifi writes "The New York Times reports that the Pentagon has confirmed that, in 2008, a foreign agent instigated 'the most significant breach of US military computers ever' using a USB flash drive. While the breach was previously reported on Wired and the LA Times, this is the first official confirmation of the attack that led to the banning of USB drives on government computers."

34 of 157 comments (clear)

  1. This is likely why MS has GPOs in W7 by mlts · · Score: 4, Insightful

    This is likely why Windows 7 has explicit GPOs to either set USB flash drives read-only, or deny them the ability to mount whatsoever. Other programs that have this functionality are PGP Universal, and Symantec Endpoint Protection.

    Now, if MS can put autoplay/autorun to rest six feet under with Clippy and Bob, that would be a good security advance.

    1. Re:This is likely why MS has GPOs in W7 by rikkards · · Score: 3, Interesting

      The thing that is stupid about it is that sure block exes from being run from a USB, then the user will copy it to the machine and run it there.
      BTW, GPOs from day one have had the ability to disable Autoplay and autorun.

    2. Re:This is likely why MS has GPOs in W7 by rickb928 · · Score: 3, Interesting

      I have this dim recollection that we could do this with GPOs in Win XP.

      And we could use ZenWorks to do it also. Much nicer editor, and volatile accounts are a blessing in school labs.

      Disabling removable media isn't new, just overlooked.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    3. Re:This is likely why MS has GPOs in W7 by Lehk228 · · Score: 4, Interesting

      there should be a way to restrict execution to only code signed by the owning organization's IT security.

      --
      Snowden and Manning are heroes.
    4. Re:This is likely why MS has GPOs in W7 by Ethanol-fueled · · Score: 4, Insightful

      There are ways to hide stuff like that from view on Windows. They magically show up when the USB device is plugged into a Linux box.

      Related note: A similar piece of malware and the ensuing hassle is what prompted me to switch to Linux for good.

    5. Re:This is likely why MS has GPOs in W7 by dgatwood · · Score: 4, Insightful

      There should never have been a way to enable autorun in the first place. The very notion of automatically executing code or installers form a piece of media without the user explicitly taking any action is antithetical to proper security.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    6. Re:This is likely why MS has GPOs in W7 by Anonymous Coward · · Score: 2, Interesting

      Doesn't help the government NMCI machines, which are still running XP.

    7. Re:This is likely why MS has GPOs in W7 by Mr+44 · · Score: 3, Informative

      Like "Software Restriction Policies" in windows XP and AppLocker in Windows 7?

    8. Re:This is likely why MS has GPOs in W7 by Anonymous Coward · · Score: 2, Interesting

      In 2008 any standard issue Army computer would've have had autorun disabled. This was standard practice. In 2008 the Army was handing out commercially available encrypted USB drives and telling everyone to use them and nothing else. These drives had an unencrypted partition loaded with the software used to unlock and mount the encrypted partition, along with an autorun.bat script that would eliminate the extra steps needed to launch that encryption software, if you were to actually have autorun enabled.

      So my guess is that some influential user got an admin to enable autorun to save him a few extra steps each time he inserted his encrypted USB drive. From there it was just a matter of time for that to come back and bite him.

    9. Re:This is likely why MS has GPOs in W7 by bleh-of-the-huns · · Score: 2, Interesting

      Disabling the ability to mount or mounting read only for USB mass storage devices would not have made a difference. Further, there is a fundamental flaw with USB...

      During Blackhat/Defcon (or was it B Sides), a guy, whos name completely escapes me right now, as I did not get a chance to attend the briefing/talk, took a USB thumb drive and added some keyboard hardware to it. When you plug it into the system, it registers as an HID device, not a USB Mass storage device...

      Guess what, every computer that is sold uses a USB keyboard and mouse. I am sure you can still find ps2 based keyboards, but not for places that require users to use a crypto card, or a CAC card (per HSPD-12), which generally drops into the keyboard, those are USB devices.

      A small script with some keystrokes embedded into the USB drive that identifies itself as a keyboard, and you can instruct it to do whatever....

      USB itself is flawed in that respect, so simply disabling USB Mass storage will not work.

      Now if only I could remember who gave the damn talk....

      --
      I came, I conquered, I coredumped
  2. Re:Obligatory by Flea+of+Pain · · Score: 2, Funny

    Damn. Parsing got rid of my comic book guy html tags.

    --
    Do not argue with an idiot. He will drag you down to his level and beat you with experience.
  3. The right reaction? by mangu · · Score: 4, Insightful

    the attack that led to the banning of USB drives on government computers.

    This reminds me of the joke of the man that, having learned that his wife was fucking other men in the couch in the living room, moved the couch to the garage.

    USB drives have a purpose for legal uses. Wouldn't it be better to improve their systems so that USB drives couldn't be used in harmful ways?

    1. Re:The right reaction? by Anonymous Coward · · Score: 2, Interesting

      I have heard that the ban has since been lifted. I inferred from this that it was a temporary measure allowing them to get a secure solution in place.

    2. Re:The right reaction? by Dahamma · · Score: 4, Informative

      From TFA...

      In an early step, the Defense Department banned the use of portable flash drives with its computers, though it later modified the ban.

      Fixing the vulnerabilities takes time. It was just an emergency measure until they could investigate and come up with better policy.

    3. Re:The right reaction? by Beardo+the+Bearded · · Score: 5, Informative

      They have.

      Look, they have two completely separate computer networks. They've got a network that can access all the Classified Military Shit, and then they have the computers that can access Everything Bad in the Multiverse. (My terms, not theirs.) The two never meet. Never ever ever, and not even then.

      99% of the time, you work with the Unclassified stuff. It's a PITA to work with Classified documents. You've got to go to a secure room, you can't make a copy unless you've signed off a billion times, you have to work on a special computer, you have to have a buddy / guard / watcher, and you've got to go through a debriefing after you've goofed around with it.

      If your average worker / troop / contractor picked up a USB drive and put it into their EBitM network and it took over every machine in a billionth of a second and sent all the info on the EBitM network to China, Russia, and Zork the Evil, the risk to National Security would be zilch. Yeah, it would be a PITA to fix the compys, but it would be no worse than the same PITA you'd get in any large civilian network. The only difference is that it's a huge fucking PR nightmare. Think about how embarrassing it would be if Norton was taken down due to a worm. Now go up two orders of magnitude.

      The computers you see the troops using are almost always personal property used for emailing back home, watching movies, playing games, and otherwise fucking around. The work computers are usually tied into the EBitM network and they use them for work. Unless you are one of The Anointed Few, you haven't even seen a computer that's handled Classified information.

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
    4. Re:The right reaction? by hedwards · · Score: 2, Interesting

      If the two never meet, then how do you explain that data breech where they lost terabytes of information to the internet? I'm not sure why the classified DARPA stuff wouldn't be similarly secured.

    5. Re:The right reaction? by guruevi · · Score: 4, Insightful

      After actually having implemented such a methods, it is noticed that nobody ever uses the classified network except for highly official stuff, when the project is done. It seems that all work in progress is just being saved on the non-classified network.

      Trust me, I have implemented just about any security method in a variety of settings (medical, financial, ...). The fact remains that people can't be bothered to lock their screens when they step out because it's "too difficult" and "too complicated" let alone click the button to encrypt their e-mail or their USB sticks.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    6. Re:The right reaction? by dwillden · · Score: 2, Interesting

      While I haven't seen any official statement about it being lifted. I have started seeing USB drives work more and more often.

      But then again maybe someone in the G6 (Army IT guys) just decided the ban was stupid when they were issuing out new computers and while USB was blocked, Firewire, eSATA and SD card port and slots were all active and working. My office went from everyone carrying USB drives in their pockets to everyone carrying SD cards.

      Now if the machine is off the mil network the USB works, if the USB drive is in the machine when I connect to the network it works, but if I pull the drive out and re-insert it or if I connect and log in and then insert the USB drive it doesn't work, typical military brilliance.

      --
      I'm too lazy to compose a creative sig.
    7. Re:The right reaction? by Anonymous Coward · · Score: 3, Funny

      Wow! It sounds like Internet information clearinghouse sites like wikileaks stand no chance of ever getting their hands on sensitive information with a system as strong as you describe.

  4. Re:Obligatory by idontgno · · Score: 2, Informative

    That's OK. Maybe some day Slashcode will actually render and tags. About the time they decide to implement more than 2% of the HTML entity set.

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  5. Where there's a USB port ... there's a way by PolygamousRanchKid+ · · Score: 4, Interesting

    A US Army dental surgeon told me that their computers were "fixed", so they could not copy pictures of their operations to any external media. The surgeons needed anonymous pictures of operations that they had performed, for preparing for their careers after their service. Like, applying for a job somewhere.

    One of them figured a way to use the USB port in the Canon printer that they had. They could toss pictures at the printer, and land them on the USB stick. Circumventing any blocks on the PCs from accessing the PCs' USB ports.

    So any unprotected port is, well, a potential source of a leak.

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    1. Re:Where there's a USB port ... there's a way by countSudoku() · · Score: 3, Funny

      That's a good work-around!

      So any unprotected [USB] port is, well, a potential source of a leak.

      Along with any camera, copier, cell phone, human with a memory, network accessible device, etc. Every kind of access restriction can be circumvented. *Every* kind.

      I would suggest mounting all laptops in cement, then chaining the cement block down to the cube frame structure. Close off all connectivity, embed in a Faraday Cage, then keep anyone, including the approved user, from accessing it, and you're all set! Bob's your uncle! Otherwise, expect your data to escape. Because it will. :) Have a nice day!

      --
      This is the NSA, we're gonna geet U h@x0r5! Also, what is a h@x0r5?
  6. More Self-Serving Hype by yourpusher · · Score: 3, Insightful

    Rob Rosenberger at VMyths notes:

    et’s cut to the chase. U.S. Deputy Defense Secretary William J. Lynn III wrote an op-ed for a commercial publication in which he claims a single USB thumb drive caused the worst military data breach in history. And according to Wikipedia, that one little USB stick led to the creation of the Pentagon’s new Cyber Command.
    [. . .]

    I’ll bet it took so long only because it was a classified operation. This malware would have blown over in a week if DoD-CERT had issued an email saying “hey, there’s a new virus running around, please scan your PCs for agent.btz.”

    {sniff} I can definitely smell a lot of groupthink here. Not to mention hype, which goes hand in hand with groupthink.

    Lynn suffers from a short memory span. We know this because he thinks the Pentagon got “a wake-up call” when agent.btz slithered into classified networks. If Lynn’s brain had more RAM, he would recall the Melissa virus did EXACTLY the same thing in 1999. It infected classified U.S. networks at a depth & scope even I myself would label “impressive.”

    So why this story? Well (from the same source):

    You can see I’ve got a healthy dose of skepticism over Lynn’s “Buckshot Yankee” revelation. And I’m not alone: Wired filed a story with the headline “Insiders Doubt 2008 Pentagon Hack Was Foreign Spy Attack.”

    Waitaminit. GCN’s breathless story includes the phrase “Lynn said Wednesday in a teleconference with reporters.” You mean to say he gabbed with the media on top of all the hype he wrote in an official capacity for a commercial publication? {sniff} I smell a book deal in the works when Lynn’s boss retires next year.

  7. Haven't I seen this movie before? by boddhisatva · · Score: 2, Interesting

    Same guy that stole the plans to defend South Korea from attack by the North with a thumb drive? There are solutions guys and they're not very difficult. How about this one, which I stole from "Cryptanomicon": Anything electronic going in or out goes through security. Personnel drop such things off at the entrance and then walk through a very large, strong magmetic field. Same thing leaving. Just like the airport only if you forget to drop off your watch, it gets fried.

    1. Re:Haven't I seen this movie before? by PitaBred · · Score: 3, Funny

      Didn't you read? He said magmetic field. I assume it has to do with magma, maybe burning the user alive. That sounds pretty secure to me.

      --
      My blog. Good stuff (when I remember to update it). Read it.
  8. Not the worst ever... by d474 · · Score: 4, Funny

    In 1983, a high school kid named David Lightman hacked his way into DOD computer @ Norad called the W.O.P.R. which almost resulted in an all out nuclear war between the U.S.A. and Russia. I believe they made a movie about it.

    So until I hear a story that tops that, keep your "worst ever" superlatives to yourself. Oh, wait...

    --
    Authority questions you. Return the favor.
  9. Was it Windows, again? by devent · · Score: 2, Insightful

    So, what system the computer were running? Why is that information never in this news reports? Are they assuming that computers just runs, without any software on it? Don't they know that computers usually have an operation system on it to be useful?

    I really had it now. I clicked through the pages and agent.btz is mentioned. Nobody had mentioned that's a Windows worm Worm:W32/Agent.BTZ http://www.f-secure.com/v-descs/worm_w32_agent_btz.shtml Platform is Windows 32, of course. Why is nobody is mentioning the operation system? Why is nobody blaming Microsoft? Oh George W. Bush was briefed on it, was he briefed on it that the worm is only useful on Windows systems and that his military is vulnerable?

    His article appeared intended partly to raise awareness of the threat to United States cybersecurity — “the frequency and sophistication of intrusions into U.S. military networks have increased exponentially,” he wrote — and partly to make the case for a larger Pentagon role in cyberdefense.

    How about they mentioning that's it's increased on Windows and that Linux and other systems are save and sound? How about they ditched this system which proved times after times after times to be the only system that is vulnerable?

    --
    http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
    1. Re:Was it Windows, again? by Anonymous Coward · · Score: 2, Funny

      Dude, chill. Your English is breaking up.

    2. Re:Was it Windows, again? by WindBourne · · Score: 2, Insightful

      Considering that there are more https servers with CC info on them running Linux/Unix, I would say that your logic is incorrect. The simple fact is, that ppl/crackers go after the EASY systems.

      For example, why go to a house, with a burgler alarm, no windows, doors that you have to pick, that has $100 million if you can go to anther house that has basically no alarm, has open backdoors, and has only $1 million, though they MIGHT have a key to get into the OTHER Place, though you also get to the 100 million EASY? And even better yet, is finding the same easy system that has no money BUT also might contain the key to the above 100 million system.

      I will take the one that is easy to get into to. So do the blackhats.

      --
      I prefer the "u" in honour as it seems to be missing these days.
  10. Re:Still vulnerable by Beardo+the+Bearded · · Score: 4, Funny

    It's always someone's first day. It took you years to get to the point you could even post on /.

    --

    ---
    ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
  11. +1 Funny by PerfectionLost · · Score: 2, Funny

    Hilarious

  12. Re:Still vulnerable by hedwards · · Score: 2, Interesting

    That was my thought, why are they allowing physical access to the USB ports without properly monitoring the devices being allowed to be used in the machines. Physical access to the keyboard and mouse is enough of a security risk as it is, but allowing people to plug in strange USB devices without first inspecting them strikes me as irresponsible. Admittedly, people do have to do their work, but I'm not sure why they weren't being required to scan the information on the drive before connecting it up to a secured computer.

    There's no reason why the check point computer even needs to be connected to the net at all if you're willing to do manual updates to the security software via disk.

  13. Re:Government contractors.. by David_W · · Score: 2, Informative

    Let me guess, it's Alice and Bob again.

    Nah, it's Mallory.

  14. This is why DoD needs to put a bullet in M$ by SgtChaireBourne · · Score: 3, Interesting

    In 2008 any standard issue Army computer would've...

    But were they able to track down and deal with the individual(s) that deployed Microsoft products?

    The military procurement procedures produce a solid paper trail even if on some occasions they produce nothing else. Had they deployed properly engineered products rather than brands infamous for bad design the problem would not have arisen. The US Navy will focus on open systems only, if it can stay clear of the old M$ contractors and M$ resellers.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.