DoD Networks Completely Compromised, Experts Say

AZA43 writes "A group of U.S. federal cybersecurity experts recently said the Defense Department's network is totally compromised by foreign spies. The experts suggest the agency simply accept that its networks are compromised and will probably remain that way, then come up with a way to protect data on infected machines and networks."

or it is used as a tool

[FudRucker]

to spread misinformation to those foreign spys that only think they compromised DoD computers (naw too good to be true) the US Gov is too stupid to do anything like that

Re:or it is used as a tool

[cparker15]

The entire DoD network is one massive honeypot. All the real data is sent by carrier pigeon.

Re:or it is used as a tool

[AioKits]

The entire DoD network is one massive honeypot. All the real data is sent by carrier pigeon.

Damnit man! Why did you let them know?! Now I gotta figure out how to armor the pigeons so they're not shot out of the skies... How tiny do they make bullet proof vests? Maybe I could use a swallow instead. Does anyone here know the air speed velocity of... Never mind, I'll figure something out.

Re:or it is used as a tool

[Beardo+the+Bearded]

They don't.

I work with a lot of military documents. I've got some in the other windows right now. 99.9% of military documents are not important, security-wise. Sure, you can find out what kind of cable is used to plug in that receptacle. It's not important. It's not Classified. Nobody gives a shit.

The Classified stuff, should I ever even look at any of it, is really quite a different type of animal. Here's how I'd handle it:
1. Make sure it had to be me since they're a PITA.
2. Our document control folks would burn a copy and FedEx to me.
3. It would be sent to the Secure Room once it arrives.
4. When I went to work on it, I'd get a supervisor, sign in to the secure room, and pull out the removable HDD from the vault.
5. Check the Secure Machine for oddities, like anything in the USB ports or the sudden appearance of an Ethernet port. Seriously, there isn't even a phone jack in the room.
6. Boot the Secure Machine. Yes, it is Win XP. While it's booting, draw the blinds and close the door.
7. Work on the Classified document.
8. Once I'm done, I can burn a disk to send back and have it printed by the document control group. Then I power down, put the HDD in the vault, and then sign out.

Seriously, the important stuff is airgapped. The really important stuff is airgapped and guarded by people with weapons.

Re:or it is used as a tool

[Peristaltic]

What the DoD will do is hire a contractor to armor the pigeons, who will then design armor that puts the pigeons over max gross weight, so they'll add wing extensions, but since pigeon wing muscles can't flap the modified wings as fast, they'll replace their little pigeon wings with fixed composite wings and pigeon-scale turbine engines.

Unfortunately the turbine engine exhaust burns pigeon tail feathers, so they'll replace these with composites also. The Air Force will see an opportunity at this point to add hard-points to the composite wings, so the wing area and turbines will be made larger, increasing cruising speed and altitude, requiring life-support for the pigeons.

Cost: about $500,000 / pigeon for the Block 20 model, assuming the contractor will be allowed to sell Block 10 Pigeon Communication and Reconnaissance (PCR) units to our allies in Saudi Arabia. Test flights slated for 2020.

cut the wire

[the_Bionic_lemming]

Why does the network have to be accessible remotely? It should be isolated and need a meat sack to get the information from the system and relay it to the party that needs the information. Same thing with public utilities and such - why is it wired so that someone remote can tap a few buttons and remotely access controls for water plants?

Re:cut the wire

[HBI]

There are physically isolated networks.

They are referring to the NIPRnet which is directly connected to the rest of the internet. NIPR is all about web apps - time trackers and such, and e-mail. The actual secure stuff has an air gap.

This is mostly hyperbole. These people who are testifying don't know jack shit about technology, and neither do the people who are listening to them.

Re:cut the wire

[Kadin2048]

Or setup a separate ARPA-owned network that no one can access except DOD employees.

This exists, it's called the SIPRnet. You can only access it from secure workstations in secure facilities, and in theory all the network hardware is also secure, etc., etc.

AFAIK, the only recent SIPRnet compromise was Bradley Manning, and that was more of a social exploit than a technical one.

Re:cut the wire

[Whorhay]

From what I've heard that's mostly true. There are a number of 3 letter agencies that have been known to be so egotistical as to believe they are above the air gap requirements and actually run machines that cross that gap.

Besides which an air gap is not as full proof as one might think. Just look at what stuxnet managed to do to the Iranians nuclear program. And it would only take a single compromised person on whatever air gapped network to gather the datadumps and send them back to whatever party they work for. Off the top of my head I can think of at least one publisized account of malware being found on an airgapped system that seemingly couldn't be removed.

Whatever your technical measures and implementations, your security is always limited by the personnel using it. What percentage of people with clearances and access are turnable? It's impossible that it'd be zero, and even at a tenth of a percent it'd mean hundreds or thousands of compromised people and consequentially the networks they have access to.

All this ignores that classified information is often derivable from other non-classified sources.

Re:cut the wire

Little anecdotal story from my time in the military (can't speak to the policies of all the 3-letter-agencies) USMC had (has) a very VERY strict policy about crossing the streams.

There are "normal" computers that access the internet and what not, and other computers which exist on a completely separate self-contained network. And never the two shall meet. At all.

For the most part, the secure computers were in a completely different building, or at very least in a different room behind lock and key. If someone was important enough to warrant access to the secure networks in their office (usually restricted to O-5 at bare minimum) the ports for the secure side were emblazoned in bright red and stuffed behind lock-boxes, so there was no possible way to confuse the two. Oh, and the office itself had to be secured. Certain quality of lock on the door, no windows, etc.

Any computers that became part of the secure networks, were part of that network for LIFE. When replacement time came, the secure computers had their HDDs wiped via electromagnets and then holes drilled through the platters.

Even non-computers had to live by a one-way pathing. If you plugged a monitor into a secure computer, that is now a secure monitor and CANNOT leave the secure area. Fax machines, copy machines, etc etc etc. Anything that interfaced with ANY secure data was locked down.

Suffice to say, there was no crossing the streams, and no matter how infected or compromised the "normal" networks were... there was practically zero chance of any info getting out of the "air gapped" secure networks.

Re:The problem with the DOD

[Whorhay]

While I agree that I'd like to see the DoD move to more secure technical solutions, I don't think it'd solve the security problem. Like you pointed out the system is only as good as the people that are using it. And even with a very small percentage of people willing to spy it'd be almost trivial for a foreign government to buy their way into almost any system.

Prior to 2001 everything was more compartmentalized, which was good for Information Security's sake. But it proved to be bad for our national safety as the CIA wouldn't pass on information about a potential threat to the FBI for what amounts to dick measuring reasons. In the aftermath of 9/11 the policies swung the other way and we end up with Bradley Manning having access to way more information than he needed for his job.

A proper solution is a multi faceted problem. We need technical systems that are secure and yet still useable by a barely trained 18 to 50 year old volunteer. We need systems designed to be as secure as possible but still interface with each other and work in a timely manner. We need people that are as immune to corruption and insanity as possible. And the hardest part is probably sticking to fights and engagements that don't force those people to question the morality of the job they are tasked with doing.

Cyano-Acrylate

We use CA epoxy as a very effective security measure. For any commodity hardware we buy, we fill all of the USB ports with a CA epoxy that prevents access. We also use it to permanently attach mouse and keyboard. Motherboard USB headers are also filled with CA to prevent the casual attachment of devices (although users cannot physically get to their machines, since they are in locked cabinets, with IDS tied to building security. Same goes for unused SATA, PCIe, and other ports. Any plug that isn't used is made unusable.

PCs are on a network, but users have no physical access to cables, and similarly we use a secure cable type with a current loop and TDR to detect physical tampering. If the current loop is cut, building security knows precisely where the cut is within seconds.

There is no wireless, and no bluetooth. Employees are not allowed to bring in cell phones, MP3 players, or anything else with any capability of capturing data, and yes, we 100% search at the door with metal detectors and millimeter wave detection like you see at the airport (except we actually know how to use it). We're also in a steel building with no windows and and EMI shielding, just in case.

We're not on the Internet. We have absolutely no need to connect to it. Even if we did have a spy as an employee, they would have to reproduce anything they did on another machine outside the office in order to transmit it anywhere else. And obviously, there is no means to allow employees to "work from home" in their pajamas in sandals.

Any new software has to go through a thorough vetting process, and any vendor wanting to sell us software is required to allow us to load the source code and build environment onto our build farm, review and inspect the code for possible attacks, and then compile it ourselves. This is a lot easier to achieve than you might think.

Finally, we're old school. Everything is compartmentalized. The guy working on the math routines has no idea why he's working on them, or what they will be used for. All he knows is that he's a software engineer in charge of high-level math function development. He doesn't know what the product is or what it does.