Pentagon Confirms 2008 Computer Breach — 'Worst Ever'

jowifi writes "The New York Times reports that the Pentagon has confirmed that, in 2008, a foreign agent instigated 'the most significant breach of US military computers ever' using a USB flash drive. While the breach was previously reported on Wired and the LA Times, this is the first official confirmation of the attack that led to the banning of USB drives on government computers."

This is likely why MS has GPOs in W7

[mlts]

This is likely why Windows 7 has explicit GPOs to either set USB flash drives read-only, or deny them the ability to mount whatsoever. Other programs that have this functionality are PGP Universal, and Symantec Endpoint Protection.

Now, if MS can put autoplay/autorun to rest six feet under with Clippy and Bob, that would be a good security advance.

Re:This is likely why MS has GPOs in W7

[rikkards]

The thing that is stupid about it is that sure block exes from being run from a USB, then the user will copy it to the machine and run it there.
BTW, GPOs from day one have had the ability to disable Autoplay and autorun.

Re:This is likely why MS has GPOs in W7

[rickb928]

I have this dim recollection that we could do this with GPOs in Win XP.

And we could use ZenWorks to do it also. Much nicer editor, and volatile accounts are a blessing in school labs.

Disabling removable media isn't new, just overlooked.

Re:This is likely why MS has GPOs in W7

[Lehk228]

there should be a way to restrict execution to only code signed by the owning organization's IT security.

Re:This is likely why MS has GPOs in W7

[Ethanol-fueled]

There are ways to hide stuff like that from view on Windows. They magically show up when the USB device is plugged into a Linux box.

Related note: A similar piece of malware and the ensuing hassle is what prompted me to switch to Linux for good.

Re:This is likely why MS has GPOs in W7

[dgatwood]

There should never have been a way to enable autorun in the first place. The very notion of automatically executing code or installers form a piece of media without the user explicitly taking any action is antithetical to proper security.

Re:This is likely why MS has GPOs in W7

[Mr+44]

Like "Software Restriction Policies" in windows XP and AppLocker in Windows 7?

The right reaction?

[mangu]

the attack that led to the banning of USB drives on government computers.

This reminds me of the joke of the man that, having learned that his wife was fucking other men in the couch in the living room, moved the couch to the garage.

USB drives have a purpose for legal uses. Wouldn't it be better to improve their systems so that USB drives couldn't be used in harmful ways?

Re:The right reaction?

[Dahamma]

From TFA...

In an early step, the Defense Department banned the use of portable flash drives with its computers, though it later modified the ban.

Fixing the vulnerabilities takes time. It was just an emergency measure until they could investigate and come up with better policy.

Re:The right reaction?

[Beardo+the+Bearded]

They have.

Look, they have two completely separate computer networks. They've got a network that can access all the Classified Military Shit, and then they have the computers that can access Everything Bad in the Multiverse. (My terms, not theirs.) The two never meet. Never ever ever, and not even then.

99% of the time, you work with the Unclassified stuff. It's a PITA to work with Classified documents. You've got to go to a secure room, you can't make a copy unless you've signed off a billion times, you have to work on a special computer, you have to have a buddy / guard / watcher, and you've got to go through a debriefing after you've goofed around with it.

If your average worker / troop / contractor picked up a USB drive and put it into their EBitM network and it took over every machine in a billionth of a second and sent all the info on the EBitM network to China, Russia, and Zork the Evil, the risk to National Security would be zilch. Yeah, it would be a PITA to fix the compys, but it would be no worse than the same PITA you'd get in any large civilian network. The only difference is that it's a huge fucking PR nightmare. Think about how embarrassing it would be if Norton was taken down due to a worm. Now go up two orders of magnitude.

The computers you see the troops using are almost always personal property used for emailing back home, watching movies, playing games, and otherwise fucking around. The work computers are usually tied into the EBitM network and they use them for work. Unless you are one of The Anointed Few, you haven't even seen a computer that's handled Classified information.

Re:The right reaction?

[guruevi]

After actually having implemented such a methods, it is noticed that nobody ever uses the classified network except for highly official stuff, when the project is done. It seems that all work in progress is just being saved on the non-classified network.

Trust me, I have implemented just about any security method in a variety of settings (medical, financial, ...). The fact remains that people can't be bothered to lock their screens when they step out because it's "too difficult" and "too complicated" let alone click the button to encrypt their e-mail or their USB sticks.

Re:The right reaction?

Wow! It sounds like Internet information clearinghouse sites like wikileaks stand no chance of ever getting their hands on sensitive information with a system as strong as you describe.

Where there's a USB port ... there's a way

[PolygamousRanchKid+]

A US Army dental surgeon told me that their computers were "fixed", so they could not copy pictures of their operations to any external media. The surgeons needed anonymous pictures of operations that they had performed, for preparing for their careers after their service. Like, applying for a job somewhere.

One of them figured a way to use the USB port in the Canon printer that they had. They could toss pictures at the printer, and land them on the USB stick. Circumventing any blocks on the PCs from accessing the PCs' USB ports.

So any unprotected port is, well, a potential source of a leak.

Re:Where there's a USB port ... there's a way

[countSudoku()]

That's a good work-around!

So any unprotected [USB] port is, well, a potential source of a leak.

Along with any camera, copier, cell phone, human with a memory, network accessible device, etc. Every kind of access restriction can be circumvented. *Every* kind.

I would suggest mounting all laptops in cement, then chaining the cement block down to the cube frame structure. Close off all connectivity, embed in a Faraday Cage, then keep anyone, including the approved user, from accessing it, and you're all set! Bob's your uncle! Otherwise, expect your data to escape. Because it will. :) Have a nice day!

More Self-Serving Hype

[yourpusher]

Rob Rosenberger at VMyths notes:

et’s cut to the chase. U.S. Deputy Defense Secretary William J. Lynn III wrote an op-ed for a commercial publication in which he claims a single USB thumb drive caused the worst military data breach in history. And according to Wikipedia, that one little USB stick led to the creation of the Pentagon’s new Cyber Command.
[. . .]

I’ll bet it took so long only because it was a classified operation. This malware would have blown over in a week if DoD-CERT had issued an email saying “hey, there’s a new virus running around, please scan your PCs for agent.btz.”

{sniff} I can definitely smell a lot of groupthink here. Not to mention hype, which goes hand in hand with groupthink.

Lynn suffers from a short memory span. We know this because he thinks the Pentagon got “a wake-up call” when agent.btz slithered into classified networks. If Lynn’s brain had more RAM, he would recall the Melissa virus did EXACTLY the same thing in 1999. It infected classified U.S. networks at a depth & scope even I myself would label “impressive.”

So why this story? Well (from the same source):

You can see I’ve got a healthy dose of skepticism over Lynn’s “Buckshot Yankee” revelation. And I’m not alone: Wired filed a story with the headline “Insiders Doubt 2008 Pentagon Hack Was Foreign Spy Attack.”

Waitaminit. GCN’s breathless story includes the phrase “Lynn said Wednesday in a teleconference with reporters.” You mean to say he gabbed with the media on top of all the hype he wrote in an official capacity for a commercial publication? {sniff} I smell a book deal in the works when Lynn’s boss retires next year.

Not the worst ever...

[d474]

In 1983, a high school kid named David Lightman hacked his way into DOD computer @ Norad called the W.O.P.R. which almost resulted in an all out nuclear war between the U.S.A. and Russia. I believe they made a movie about it.

So until I hear a story that tops that, keep your "worst ever" superlatives to yourself. Oh, wait...

Re:Haven't I seen this movie before?

[PitaBred]

Didn't you read? He said magmetic field. I assume it has to do with magma, maybe burning the user alive. That sounds pretty secure to me.

Re:Still vulnerable

[Beardo+the+Bearded]

It's always someone's first day. It took you years to get to the point you could even post on /.

This is why DoD needs to put a bullet in M$

[SgtChaireBourne]

In 2008 any standard issue Army computer would've...

But were they able to track down and deal with the individual(s) that deployed Microsoft products?

The military procurement procedures produce a solid paper trail even if on some occasions they produce nothing else. Had they deployed properly engineered products rather than brands infamous for bad design the problem would not have arisen. The US Navy will focus on open systems only, if it can stay clear of the old M$ contractors and M$ resellers.