Slashdot Mirror


DoD Takes Criticism From Security Experts On Cyberwar Incident

wiredmikey writes "Undersecretary of Defense William J. Lynn is being challenged by IT security experts who find it hard to believe that the incident which led to the Pentagon's recognizing cyberspace as a new 'domain of warfare' could have really happened as described. In his essay, 'Defending a New Domain,' Lynn recounts a widely-reported 2008 hack that was initiated when, according to Lynn, an infected flash drive was inserted into a military laptop by 'a foreign intelligence agency.' Critics such as IT security firm Sophos' Chief Security Adviser Chester Wisniewski argue that this James Bond-like scenario doesn't stand up to scrutiny. The primary issue is that the malware involved, known as agent.btz, is neither sophisticated nor particularly dangerous. A variant of the SillyFDC worm, agent.btz can be easily defeated by disabling the Windows 'autorun' feature (which automatically starts a program on a drive upon insertion) or by simply banning thumb drives. In 2007, Silly FDC was rated as Risk Level 1: Very Low, by security firm Symantec."

1 of 116 comments (clear)

  1. Two words: Bradley Manning by louarnkoz · · Score: 4, Interesting
    The Army just suffered one of the largest leaks in military history, thanks to Pfc Bradley Manning and Wikileaks. You would think that the priority would be to investigate the incident, check how recruits working on army intelligence are selected, trained and supervised, and perhaps review procedures so a lowly private does not have access to 100,000 secret documents that are only remotely linked to his mission.

    Instead, we get this implausible thumb drive scenario. And guess what, instead dof applying $0.02 of common sense, we will see a proposal to spend $2B on intelligence system upgrades and military contracts. Of course, senator, we have earmarked 20% of that for your state...

    -- Loaurnkoz