DoD Takes Criticism From Security Experts On Cyberwar Incident

wiredmikey writes "Undersecretary of Defense William J. Lynn is being challenged by IT security experts who find it hard to believe that the incident which led to the Pentagon's recognizing cyberspace as a new 'domain of warfare' could have really happened as described. In his essay, 'Defending a New Domain,' Lynn recounts a widely-reported 2008 hack that was initiated when, according to Lynn, an infected flash drive was inserted into a military laptop by 'a foreign intelligence agency.' Critics such as IT security firm Sophos' Chief Security Adviser Chester Wisniewski argue that this James Bond-like scenario doesn't stand up to scrutiny. The primary issue is that the malware involved, known as agent.btz, is neither sophisticated nor particularly dangerous. A variant of the SillyFDC worm, agent.btz can be easily defeated by disabling the Windows 'autorun' feature (which automatically starts a program on a drive upon insertion) or by simply banning thumb drives. In 2007, Silly FDC was rated as Risk Level 1: Very Low, by security firm Symantec."

Just another vector for funding...

[notjustchalk]

Since when was efficacy or even logic a metric for whether or not a new department/task-group/domain/[insert group du jour] is deemed "necessary" for any govenrmental body? This is just another not-so-subtle attempt at widening the jurisdiction of the military. After all, if the boogyman is unmasked, why, another must be conjured lest we all wake up to the cold truth that these people are simply pissing large reams of money down the tubes.

In the end, all of this will be justified after the fact despite any protestations. War on terror, anyone?

ps. Although if you think about it, it's somewhat ironic that antivirus firms (Sophos, Symantec, etc), which have been frequent fear mongerers themselves, are calling the military on fear mongering.

Re:easily defeated, only if you disable the vector

[antifoidulus]

And yet it gets hacked. It crashes constantly, it constantly needs virus updates etc. And yet there are a HUGE(before 2008 or so you couldn't actually totally disable autorun in Microsoft) security holes but they are just given a pass. The scrutiny applied to Windows is nothing compared to the amount applied to Linux because, and this is DoD policy, "Linux is open source and thus 'untrusted'". The level of logging required for Linux is insane and yet they really don't require the same level from Windows because you CANNOT log that much in Windows. Hosts.deny is required for Linux but no equivalent for Windows. nosuid has to be applied to every non-root drive for Linux, again nothing even close for Windows because Windows is simply incapable of such security. They allow NTLMv2 despite the fact that it is a proprietary protocol and thus incredibly insecure. Why, because it's really difficult to get Windows(esp. XP, which is still allowed) to authenticate with open, cryptographically secure protocols. They allow local and network users a lot more privileges on machines because it's impossible to actually get Windows operating smoothly without those privileges. The list goes on.

Quite simply put Windows lacks a lot of the basic security mechanisms that ALL other operating systems possess. And instead of doing the rational thing and banning Windows because of its shortcomings the DoD just brushes Windows' shortcomings aside(largely because Microsoft has a lot of lobbyists in high places in Washington). You can be sure as shit that the Chinese PLA isn't using Windows and when the cyberwar comes the Chinese are going to have a HUGE advantage because they aren't saddled with such a primitive OS. You think I am anti-DoD, I'm not. If I was I would be cheering their use of windows. If there is a cyber-war, I want my country to win which is why I think they need to BAN Windows ASAP. Microsoft has repeatedly shown that it is either unable or unwilling to fix their shit, so dump the motherfuckers already.