Slashdot Mirror

← Back to Stories (view on slashdot.org)

DoD Lost 24k Files In Attack On Contractor

Posted by timothy on from the for-your-own-safety dept.

Trailrunner7 writes with this news from ThreatPost: "A targeted attack on a defense contractor in March of this year resulted in the theft of 24,000 files by an unknown attacker, according to Defense Department officials. The attack, which officials say was the work of a foreign government, would represent one of the more serious known attacks on the department and its contractors. In a speech Thursday in which he unveiled the Department of Defense Strategy for Operating in Cyberspace, William J. Lynn, deputy defense secretary, said that the attack was just one of thousands such intrusions that the government and its contractors suffer every year."

49 comments

  1. Oh well as long as it happens thousands of times.. by Anonymous Coward · · Score: 0

    Makes me feel so much better.

  2. 24K Files by Synerg1y · · Score: 1

    Coming to a torrent near you.

    1. Re:24K Files by Luckyo · · Score: 1

      Not damn likely. These thefts are usually paid-for jobs, done for a client. And clients for such operations are usually ones who want the information for themselves.

    2. Re:24K Files by oztiks · · Score: 1

      That or China. My money is on China.

    3. Re:24K Files by Luckyo · · Score: 1

      IF you think China is the only one with interest or capability, you're living in a bubble. A list of countries interested in US defense contractor inside information starts in the Western Europe and Latin America, and ends in Japan. Of these, most have the capability to either pay private criminal organisations to do the job, and several have capability and agencies to do the job themselves (i.e. GB, France, Germany, Russia, Australia, Japan, China, India...).

      Just because some countries are painted as more friendly then others by mass media, you shouldn't make a mistake thinking that they don't want to compete when it comes to arms sales.

    4. Re:24K Files by oztiks · · Score: 1

      Point taken, maybe not China's style. IF anything China's main focus is on commercial gain via legitimate markets, illegitimately.

  3. would be interesting by datorum · · Score: 1

    if suffer also implies that the attacker were successful or was it the only one that was successful?

  4. porn by Anonymous Coward · · Score: 0

    the theft of 24,000 files of porn

  5. DON'T GET MAD - GET EVEN !! NUKE 'EM !! by Anonymous Coward · · Score: 0

    Nuuuuuke 'em NOW !! If it's RED, it's better for us it's DEAD !!

  6. That's a lot of files by liquidweaver · · Score: 2

    I don't know how that did it. My cabinet has probably 150 files at best, and it weighs about 70 lbs. They must have used a really big truck and been awfully quick about it. Sounds like a team that specialized in file organization in the past - a rogue librarian thief ring!

    --
    mov ah, 4ch
    int 21h
    1. Re:That's a lot of files by blair1q · · Score: 1

      It's the Defense Department. They were all on microfiche.

  7. Whoa! That's a lot of filez! by Anonymous Coward · · Score: 1

    Oh, wait. My laptop has 148k files. You mean to tell me that the DOD hasn't lost a single laptop before? And none have been hoovered??? Damn, they've got better security than we give them credit for!

    1. Re:Whoa! That's a lot of filez! by dokc · · Score: 1

      If you have 148k files on your laptop, that means that you have a fresh Windows installation.

      --
      In love, war and slashdot discussions, everything is allowed.
  8. They don't "suffer" from attacks. by gavron · · Score: 4, Insightful

    > the attack was just one of thousands such intrusions that the government and its contractors suffer every year

    No, the government and its contractors suffer from incompetence, a lack of encryption, authentication, and data handling procedures. They suffer from violations of their own process. "Here, take this database, decrypt it and email it to our vendor." They suffer from upper management promoted on rank and time served, not competence.

    The intrusions aren't what they suffer... they are a direct consequence of the incompetence our government shows daily.

    How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

    E

    1. Re:They don't "suffer" from attacks. by the+eric+conspiracy · · Score: 1

      How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

      What you really want is for the Federal Reserve to buy 0% interest 30 year bonds that you issue.

    2. Re:They don't "suffer" from attacks. by Fuzzums · · Score: 1

      > the attack was just one of thousands such intrusions that the government and its contractors suffer every year

      No, the government and its contractors suffer from incompetence, a lack of encryption, authentication, and data handling procedures. They suffer from violations of their own process. "Here, take this database, decrypt it and email it to our vendor." They suffer from upper management promoted on rank and time served, not competence.

      The intrusions aren't what they suffer... they are a direct consequence of the incompetence our government shows daily.

      A kind of competence many governments show these days :(

      How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

      E

      You want MORE debt? Sounds like a subprime mortgage for governments :s

      --
      Privacy is terrorism.
    3. Re:They don't "suffer" from attacks. by digitalaudiorock · · Score: 1

      I can't help wondering if this was related to the RSA SecureID breach(??): http://yro.slashdot.org/story/11/06/07/129217/RSA-Admits-SecurID-Tokens-Have-Been-Compromised The timing is about right.

    4. Re:They don't "suffer" from attacks. by sdguero · · Score: 2

      Your post made me feel sad.

    5. Re:They don't "suffer" from attacks. by kermidge · · Score: 1

      Yeah, and in the meanwhile Lulzsec, et alia, get the (FUD, hype) press whilst our solons enact yet more Draconian edicts. Sheesh. The real sufferers will be we citizens stuck with all the various consequences.

    6. Re:They don't "suffer" from attacks. by Anonymous Coward · · Score: 0

      As someone who has worked at both a government facility that has "suffered" attacks and in industry, I have to say that I've seen much more incompetence in industry management and practices than at the government facilities. Both have limited resources to both be secure and accomplish their mission, and sometimes security isn't up to snuff.

    7. Re:They don't "suffer" from attacks. by Anonymous Coward · · Score: 0

      Hey asshole, how about "RSA got hacked, and with spoofed tokens they had a shit lot of access to the unclassnet".

    8. Re:They don't "suffer" from attacks. by Wildclaw · · Score: 1

      How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

      You mean the savings ceiling? Because in the real world, one mans debt is another mans savings.

      As for your request to raise your personal debt ceiling. Unfortunately you are not eligible as your lack of ability to issue US dollars at will makes you unsuitable for the task of backing others savings.

      And please stop comparing the currency issuer to a private household when it comes down to economics, because it is like comparing apples and oranges. Some things work the same, and some things work completely differently.

    9. Re:They don't "suffer" from attacks. by freudigst · · Score: 1

      You just figured that out? Uh, would you like to go to war for me, er, I mean the U.S.?

    10. Re:They don't "suffer" from attacks. by wolfemi1 · · Score: 1

      Wow, so an attack on a private contractor working for the government is a result of government incompetence? I suppose if all you have is the hammer of government blame in your toolbox....

    11. Re:They don't "suffer" from attacks. by gavron · · Score: 1

      > Wow, so an attack on a private contractor working for the government is a result of government incompetence? I suppose if all you have is the hammer of government blame in your toolbox....

      We're talking about whether it's "suffering" on the part of the government and its contractors from the attacks... or being incompetent.

      I suppose if all you have is inability to understand simple sentences in your toolbox....[sic] http://en.wikipedia.org/wiki/Ellipsis

      E

  9. Too big to keep under control by Anonymous Coward · · Score: 0

    Good job defending there.

    Certainly not a pre-planned excuse to push for the 'permission' to monitor all internet traffic and have ISPs publish association data. I mean, you have to think more than a couple steps ahead and back to suspect social active measures, so obviously that isn't the case. Must be the terrorists. /adjusts tin-foil hat

  10. Dear LulzSec & Anonymous by TubeSteak · · Score: 3, Insightful

    Dear LulzSec & Anonymous

    Please continue making headlines with your infodumps from .gov, .mil, and contractor websites.
    It's not like you're doing much damage, considering the terabytes being siphoned off by foreign governments.
    Maybe if there's a bright enough spotlight shone onto the problem, the government will finally get around to fixing it.

    Thank You,
    Joe Q. Public

    --
    [Fuck Beta]
    o0t!
    1. Re:Dear LulzSec & Anonymous by todrules · · Score: 2

      They might not fix it, but at least their brother/cousin/nephew or biggest campaign contributor will at least get a fat multi-billion dollar contract to "try" and fix it.

    2. Re:Dear LulzSec & Anonymous by slick7 · · Score: 1

      Dear LulzSec & Anonymous

      Please continue making headlines with your infodumps from .gov, .mil, and contractor websites. It's not like you're doing much damage, considering the terabytes being siphoned off by foreign governments. Maybe if there's a bright enough spotlight shone onto the problem, the government will finally get around to fixing it.

      Thank You, Joe Q. Public

      Naah, we got Manning, Assange and McKinnon; we'll make them pay for the gross stupidity of government contractors, if fact, we'll give the contractor a ten year no-bid renewal.
      Remember the government motto: No good deed goes unpunished and no fuck-up goes un-rewarded. You got to fuck-up to move up.

      --
      The mind conceives, the body achieves, the spirit manifests.
  11. Seriously, lost files? by sylvandb · · Score: 1

    Who does these headlines? When something is lost, you do not have it any more.

    Did the DoD really lose the files?

    Or did they simply let some unauthorized someone(s) get a copy of said files?

    1. Re:Seriously, lost files? by beowulfcluster · · Score: 1

      The article says it was a case of "theft" and that the files were "stolen", so no, they probably don't have them anymore. Right?

    2. Re:Seriously, lost files? by Anonymous Coward · · Score: 0

      Music Piracy is termed theft as well, but no-one is being deprived of their copy of the file in the process. So there's certainly precendence for the misuse of the words theft and stolen/steal, particularly when talking about computers. Given the wording of the article one has to assume they were referring to computer files and not 24k pieces of paper locked away in a filing cabinet somewhere. So unless the people that broke into their systems and copied the data shredded the files and also somehow found and shredded their backups, I highly doubt that theft and stolen are accurate terms to be used here.

      It all seems to me that they are more likely using these two terms which hold decidedly more villainous connotation in order to try to shift more of the blame off of themselves for not abiding best practices in their security. Sad that we are trusting them to defend us when they seemingly cannot even defend themselves...

  12. Re:Oh well as long as it happens thousands of time by Forty+Two+Tenfold · · Score: 1

    Kinda reminds me of "I accidentally 93MB of .rar files. what should I dois this dangerous ?"

    --
    Upward mobility is a slippery slope - the higher you climb the more you show your ass.
  13. I'm trying to figure out... by Unkyjar · · Score: 4, Insightful

    why are these machines even connected to the net?

    1. Re:I'm trying to figure out... by c++0xFF · · Score: 3, Informative

      They were connected because the information on them is unclassified. Yeah, they might prefer that the files wouldn't be disclosed to attackers, but in the end, the information isn't super secret. The convenience of the internet (easy collaboration with other engineers around the country, being able to use people that don't have a security clearance, or saving on the cost of a separate computer network) outweighs the risk in this case.

      Believe it or not, the most blindingly obvious step in securing classified data (putting it on a separate network that's unconnected to the internet, a concept that I came up with before I was 10 years old and I'm sure I wasn't the youngest) has already been taken. It's a good thing, too ... computer security is hard, and you don't want to take that risk with anything that poses a threat to national security.

    2. Re:I'm trying to figure out... by Nyder · · Score: 1

      why are these machines even connected to the net?

      because the net is where the porn is.

      --
      Be seeing you...
    3. Re:I'm trying to figure out... by Unkyjar · · Score: 1

      That was a calm, clear, concise and well thought out answer to my question. Thank you.

      What in the world are you doing on slashdot?

  14. Information security tip for DoD IT departments by Anonymous Coward · · Score: 0

    You know, mitigating this risk is really easy..

    Step 1: STOP PUTTING IT ON THE INTERNET !!!!!
    Step 2: GOTO 'Step 1'

    -or-

    just go here: http://www.xkcd.com/916/

  15. "lost files"? "theft"? by nothings · · Score: 1

    Serious part

    They "lost" 24K files? You mean the attackers deleted and them and they didn't have backups?

    Not-really-serious part (but wait, or is it?)

    "Theft"? So the attacker has the files and the owners of the files don't have them anymore? Because that's what it means to steal a car or a diamond or cash.

    Really, since they didn't do any of these things, shouldn't we say that these attackers "illegally copied" the documents and/or the information?

    And are they really "intruders" or "attackers"? Maybe they're just "pirates".

  16. Unknown Attacker = Foreign Government ? by Anonymous Coward · · Score: 0

    So they don't know who did it, but they know it's a foreign government... Sounds like some pretty flimsy evidence to me.

  17. What did you expect? by Zamphatta · · Score: 1

    Well that's what the gov't gets when they leave SONY in charge of security.

  18. Re:Government IT... by Anonymous Coward · · Score: 0

    Makes you wonder who's responsible, and regrettably, I'd bet it was China... I try to avoid thinking this way because it resembles a Cold War kind of paranoia, but how could anyone with that paranoia NOT be justified to think this way? They're very passive-aggressive in their American relations, especially nowadays, and we all know they have the know-how to pull something like this off as their track record denotes a certain level of technical proficiency rivaled by only 2 or 3 countries. If not the Chinese, then maybe another superpower? Maybe Russia? If we're talking about rogue groups or single people, well, it could be anyone I suppose...

    But whoever did it, it just goes to show how ignorant upper management types have become. Maybe I shouldn't explicitly blame upper management. Instead, maybe I should blame overall under-appreciation of the IT worker and the snot-nosed geeks who keep trying to pull peoples' heads out of their asses who have the abilities to do stuff about problems like these. We all know who goes first when job cuts come down the pipe... Maybe this shit is a wake-up call because the States have fallen behind everyone when it comes to defensive IT, let alone, general IT competitiveness with other countries.

    Unfortunately, it's only going to get worse. Those squabbling fucks in office need to get their shit together and stop playing pucker lip with each other over pity shit that does nothing for the common American. Something's got to give...

  19. That's enough by Anonymous Coward · · Score: 0

    24k ought to be enough for anyone.

  20. No Problem by aaaaaaargh! · · Score: 1

    No problem, it's the Defense Department. They can just hire another contractor, some fishy little sub-division of Lockheed or Raytheon who in turn hire other people to do the actual work. Their job is to link any incoming attacks to a geo IP database (easy, just steal some GPL'ed one) and automatically launch ICBMs against the threat.

    It would be a waste of money to arm them with nukes, though. Cluster bombs or chemical weapons should suffice. Or, hey, how about this gay bomb? Is it still under development? Does it also work against hackers? Or, the CIA could give a helping hand. They could give away their gigantic porn database (stolen form the FBI) for free to the hackers...that will keep 'em occupied for years!

  21. If they had decent backup by rikkards · · Score: 1

    They wouldn't have lost the files when they were taken.
    Badum-bump
    I'm here all week, have the steak!

  22. Here's an idea... by Anonymous Coward · · Score: 0

    You have a computer with sensitive, classified information?

    Then don't put it on the fucking Internet you retarded niggers.

  23. Tour de France on the brain by Anonymous Coward · · Score: 0

    I read the title quickly and couldn't figure out why 1) I had never heard of the DoD cycling team, and 2) why they would loose data attacking Contador, let alone time.

  24. On that last comment by sean.peters · · Score: 1

    How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

    This is just an illustration of how stupid the "debt ceiling" concept is. You agreed to a mortgage with a payment schedule, and now a payment has come due. You didn't set a "debt ceiling" that requires you to get special permission from yourself to actually pay the bill, because... that would be stupid. You explicitly agreed you were going to pay the bill when you made the mortgage.

    Mostly, arguments of the form "the government budget should operate more like a family budget" are dumb, because the government isn't like a family. But in the case of the debt ceiling, it's true.

  25. Truly WELL said... apk by Anonymous Coward · · Score: 0

    I've felt & said much the same here, albeit not in the same tone: I.E.-> That the 1 GOOD THING these "benign hacker/cracker" types do, along w/ folks like Julian Assange + Bradley Manning, is that they EXPOSE PROBLEMS

    * Problems that need a correct & proper fixing... because nothing is "unrecoverable" in society.

    APK

    P.S.=> Things can ALWAYS be fixed, especially by the TRUE problem solvers in our society (philosophers, scientists, & technicians mostly (yes, a combination of the hard & "soft pseudo sciences")), once they understand a given problem!

    We need educated people, TRULY educated people, to be "@ THE HELM/WHEEL in society"... not "glad hander climbers"!

    Once you get THAT? Things get better...

    How it ever gets to THIS stage though? Boggles my mind, personally...

    ... apk