Slashdot Mirror

← Back to Stories (view on slashdot.org)

DoD Lost 24k Files In Attack On Contractor

Posted by timothy on from the for-your-own-safety dept.

Trailrunner7 writes with this news from ThreatPost: "A targeted attack on a defense contractor in March of this year resulted in the theft of 24,000 files by an unknown attacker, according to Defense Department officials. The attack, which officials say was the work of a foreign government, would represent one of the more serious known attacks on the department and its contractors. In a speech Thursday in which he unveiled the Department of Defense Strategy for Operating in Cyberspace, William J. Lynn, deputy defense secretary, said that the attack was just one of thousands such intrusions that the government and its contractors suffer every year."

35 of 49 comments (clear)

  1. 24K Files by Synerg1y · · Score: 1

    Coming to a torrent near you.

    1. Re:24K Files by Luckyo · · Score: 1

      Not damn likely. These thefts are usually paid-for jobs, done for a client. And clients for such operations are usually ones who want the information for themselves.

    2. Re:24K Files by oztiks · · Score: 1

      That or China. My money is on China.

    3. Re:24K Files by Luckyo · · Score: 1

      IF you think China is the only one with interest or capability, you're living in a bubble. A list of countries interested in US defense contractor inside information starts in the Western Europe and Latin America, and ends in Japan. Of these, most have the capability to either pay private criminal organisations to do the job, and several have capability and agencies to do the job themselves (i.e. GB, France, Germany, Russia, Australia, Japan, China, India...).

      Just because some countries are painted as more friendly then others by mass media, you shouldn't make a mistake thinking that they don't want to compete when it comes to arms sales.

    4. Re:24K Files by oztiks · · Score: 1

      Point taken, maybe not China's style. IF anything China's main focus is on commercial gain via legitimate markets, illegitimately.

  2. would be interesting by datorum · · Score: 1

    if suffer also implies that the attacker were successful or was it the only one that was successful?

  3. That's a lot of files by liquidweaver · · Score: 2

    I don't know how that did it. My cabinet has probably 150 files at best, and it weighs about 70 lbs. They must have used a really big truck and been awfully quick about it. Sounds like a team that specialized in file organization in the past - a rogue librarian thief ring!

    --
    mov ah, 4ch
    int 21h
    1. Re:That's a lot of files by blair1q · · Score: 1

      It's the Defense Department. They were all on microfiche.

  4. Whoa! That's a lot of filez! by Anonymous Coward · · Score: 1

    Oh, wait. My laptop has 148k files. You mean to tell me that the DOD hasn't lost a single laptop before? And none have been hoovered??? Damn, they've got better security than we give them credit for!

    1. Re:Whoa! That's a lot of filez! by dokc · · Score: 1

      If you have 148k files on your laptop, that means that you have a fresh Windows installation.

      --
      In love, war and slashdot discussions, everything is allowed.
  5. They don't "suffer" from attacks. by gavron · · Score: 4, Insightful

    > the attack was just one of thousands such intrusions that the government and its contractors suffer every year

    No, the government and its contractors suffer from incompetence, a lack of encryption, authentication, and data handling procedures. They suffer from violations of their own process. "Here, take this database, decrypt it and email it to our vendor." They suffer from upper management promoted on rank and time served, not competence.

    The intrusions aren't what they suffer... they are a direct consequence of the incompetence our government shows daily.

    How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

    E

    1. Re:They don't "suffer" from attacks. by the+eric+conspiracy · · Score: 1

      How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

      What you really want is for the Federal Reserve to buy 0% interest 30 year bonds that you issue.

    2. Re:They don't "suffer" from attacks. by Fuzzums · · Score: 1

      > the attack was just one of thousands such intrusions that the government and its contractors suffer every year

      No, the government and its contractors suffer from incompetence, a lack of encryption, authentication, and data handling procedures. They suffer from violations of their own process. "Here, take this database, decrypt it and email it to our vendor." They suffer from upper management promoted on rank and time served, not competence.

      The intrusions aren't what they suffer... they are a direct consequence of the incompetence our government shows daily.

      A kind of competence many governments show these days :(

      How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

      E

      You want MORE debt? Sounds like a subprime mortgage for governments :s

      --
      Privacy is terrorism.
    3. Re:They don't "suffer" from attacks. by digitalaudiorock · · Score: 1

      I can't help wondering if this was related to the RSA SecureID breach(??): http://yro.slashdot.org/story/11/06/07/129217/RSA-Admits-SecurID-Tokens-Have-Been-Compromised The timing is about right.

    4. Re:They don't "suffer" from attacks. by sdguero · · Score: 2

      Your post made me feel sad.

    5. Re:They don't "suffer" from attacks. by kermidge · · Score: 1

      Yeah, and in the meanwhile Lulzsec, et alia, get the (FUD, hype) press whilst our solons enact yet more Draconian edicts. Sheesh. The real sufferers will be we citizens stuck with all the various consequences.

    6. Re:They don't "suffer" from attacks. by Wildclaw · · Score: 1

      How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

      You mean the savings ceiling? Because in the real world, one mans debt is another mans savings.

      As for your request to raise your personal debt ceiling. Unfortunately you are not eligible as your lack of ability to issue US dollars at will makes you unsuitable for the task of backing others savings.

      And please stop comparing the currency issuer to a private household when it comes down to economics, because it is like comparing apples and oranges. Some things work the same, and some things work completely differently.

    7. Re:They don't "suffer" from attacks. by freudigst · · Score: 1

      You just figured that out? Uh, would you like to go to war for me, er, I mean the U.S.?

    8. Re:They don't "suffer" from attacks. by wolfemi1 · · Score: 1

      Wow, so an attack on a private contractor working for the government is a result of government incompetence? I suppose if all you have is the hammer of government blame in your toolbox....

    9. Re:They don't "suffer" from attacks. by gavron · · Score: 1

      > Wow, so an attack on a private contractor working for the government is a result of government incompetence? I suppose if all you have is the hammer of government blame in your toolbox....

      We're talking about whether it's "suffering" on the part of the government and its contractors from the attacks... or being incompetent.

      I suppose if all you have is inability to understand simple sentences in your toolbox....[sic] http://en.wikipedia.org/wiki/Ellipsis

      E

  6. Dear LulzSec & Anonymous by TubeSteak · · Score: 3, Insightful

    Dear LulzSec & Anonymous

    Please continue making headlines with your infodumps from .gov, .mil, and contractor websites.
    It's not like you're doing much damage, considering the terabytes being siphoned off by foreign governments.
    Maybe if there's a bright enough spotlight shone onto the problem, the government will finally get around to fixing it.

    Thank You,
    Joe Q. Public

    --
    [Fuck Beta]
    o0t!
    1. Re:Dear LulzSec & Anonymous by todrules · · Score: 2

      They might not fix it, but at least their brother/cousin/nephew or biggest campaign contributor will at least get a fat multi-billion dollar contract to "try" and fix it.

    2. Re:Dear LulzSec & Anonymous by slick7 · · Score: 1

      Dear LulzSec & Anonymous

      Please continue making headlines with your infodumps from .gov, .mil, and contractor websites. It's not like you're doing much damage, considering the terabytes being siphoned off by foreign governments. Maybe if there's a bright enough spotlight shone onto the problem, the government will finally get around to fixing it.

      Thank You, Joe Q. Public

      Naah, we got Manning, Assange and McKinnon; we'll make them pay for the gross stupidity of government contractors, if fact, we'll give the contractor a ten year no-bid renewal.
      Remember the government motto: No good deed goes unpunished and no fuck-up goes un-rewarded. You got to fuck-up to move up.

      --
      The mind conceives, the body achieves, the spirit manifests.
  7. Seriously, lost files? by sylvandb · · Score: 1

    Who does these headlines? When something is lost, you do not have it any more.

    Did the DoD really lose the files?

    Or did they simply let some unauthorized someone(s) get a copy of said files?

    1. Re:Seriously, lost files? by beowulfcluster · · Score: 1

      The article says it was a case of "theft" and that the files were "stolen", so no, they probably don't have them anymore. Right?

  8. Re:Oh well as long as it happens thousands of time by Forty+Two+Tenfold · · Score: 1

    Kinda reminds me of "I accidentally 93MB of .rar files. what should I dois this dangerous ?"

    --
    Upward mobility is a slippery slope - the higher you climb the more you show your ass.
  9. I'm trying to figure out... by Unkyjar · · Score: 4, Insightful

    why are these machines even connected to the net?

    1. Re:I'm trying to figure out... by c++0xFF · · Score: 3, Informative

      They were connected because the information on them is unclassified. Yeah, they might prefer that the files wouldn't be disclosed to attackers, but in the end, the information isn't super secret. The convenience of the internet (easy collaboration with other engineers around the country, being able to use people that don't have a security clearance, or saving on the cost of a separate computer network) outweighs the risk in this case.

      Believe it or not, the most blindingly obvious step in securing classified data (putting it on a separate network that's unconnected to the internet, a concept that I came up with before I was 10 years old and I'm sure I wasn't the youngest) has already been taken. It's a good thing, too ... computer security is hard, and you don't want to take that risk with anything that poses a threat to national security.

    2. Re:I'm trying to figure out... by Nyder · · Score: 1

      why are these machines even connected to the net?

      because the net is where the porn is.

      --
      Be seeing you...
    3. Re:I'm trying to figure out... by Unkyjar · · Score: 1

      That was a calm, clear, concise and well thought out answer to my question. Thank you.

      What in the world are you doing on slashdot?

  10. "lost files"? "theft"? by nothings · · Score: 1

    Serious part

    They "lost" 24K files? You mean the attackers deleted and them and they didn't have backups?

    Not-really-serious part (but wait, or is it?)

    "Theft"? So the attacker has the files and the owners of the files don't have them anymore? Because that's what it means to steal a car or a diamond or cash.

    Really, since they didn't do any of these things, shouldn't we say that these attackers "illegally copied" the documents and/or the information?

    And are they really "intruders" or "attackers"? Maybe they're just "pirates".

  11. What did you expect? by Zamphatta · · Score: 1

    Well that's what the gov't gets when they leave SONY in charge of security.

  12. No Problem by aaaaaaargh! · · Score: 1

    No problem, it's the Defense Department. They can just hire another contractor, some fishy little sub-division of Lockheed or Raytheon who in turn hire other people to do the actual work. Their job is to link any incoming attacks to a geo IP database (easy, just steal some GPL'ed one) and automatically launch ICBMs against the threat.

    It would be a waste of money to arm them with nukes, though. Cluster bombs or chemical weapons should suffice. Or, hey, how about this gay bomb? Is it still under development? Does it also work against hackers? Or, the CIA could give a helping hand. They could give away their gigantic porn database (stolen form the FBI) for free to the hackers...that will keep 'em occupied for years!

  13. If they had decent backup by rikkards · · Score: 1

    They wouldn't have lost the files when they were taken.
    Badum-bump
    I'm here all week, have the steak!

  14. On that last comment by sean.peters · · Score: 1

    How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

    This is just an illustration of how stupid the "debt ceiling" concept is. You agreed to a mortgage with a payment schedule, and now a payment has come due. You didn't set a "debt ceiling" that requires you to get special permission from yourself to actually pay the bill, because... that would be stupid. You explicitly agreed you were going to pay the bill when you made the mortgage.

    Mostly, arguments of the form "the government budget should operate more like a family budget" are dumb, because the government isn't like a family. But in the case of the debt ceiling, it's true.