Slashdot Log In
Worm Attack Prompts DoD To Ban Use of External Media
Posted by
timothy
on Fri Nov 21, 2008 03:12 PM
from the sehr-klug dept.
from the sehr-klug dept.
An anonymous reader writes "The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs [...] The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks."
Related Stories
Submission: USB Worm attacks Dept of Defense by Anonymous Coward
[+]
Significant Russian Attack On US Military Networks 270 comments
killmofasta notes an LA Times story on a severe and widespread attack on US military computers that may have originated in Russia. Turns out the military's recent ban on flash drives was a precursor to this attack, which was significant enough that the President and the Defense Secretary were briefed on it. "The 'malware' strike, thought to be from inside Russia, hit combat zone computers and the US Central Command overseeing Iraq and Afghanistan. The attack underscores concerns about computer warfare. 'This one was significant; this one got our attention,' said one defense official, speaking on condition of anonymity when discussing internal assessments. Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary. ... [A defense official said] 'We have taken a number of corrective measures, but I would be overstating it if I said we were through this.'"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
heh (Score:2, Funny)
be careful where you stick in the USB stick.. :)
This isn't alarming... (Score:5, Insightful)
Re: (Score:2)
Absolutely - our internal company network has banned personally-owned USB drives in DoD closed areas for years. It's obvious.
Brett
Re: (Score:3, Interesting)
Re:This isn't alarming... (Score:5, Informative)
It needs to be said:
In linux, one can remove exec permissions from a whole device via the noexec switch in /etc/fstab .
Parent
Re:This isn't alarming... (Score:4, Informative)
Parent
Re:This isn't alarming... (Score:5, Interesting)
Why is everything in Windows managed by tools that do not come with the default installation?
I can perfectly manage a Linux installation without 3rd party or "optional" tools found on some website. Windows requires X tools that provide basic functionality on their site, and not default on the CD.
I hate that.
Parent
Re:This isn't alarming... (Score:5, Funny)
Why is everything in Windows managed by tools that do not come with the default installation
We prefer to be called administrators you insensitive clod.
Parent
Re: (Score:3, Informative)
Re: (Score:3, Informative)
No thats what the admins at my old school thought too.
It only means explorer cant execute anything from there.
Any other program can in fact still execute programs.
For example a single line of vbscript in a word document works rather well. :)
noexec on Linux prevents any execution at all.
Re: (Score:3, Informative)
You can still execute any binary by loading it with ld-linux.so, the dynamic loader.
I.E.
Re:This isn't alarming... (Score:5, Informative)
---There is no technological defense against PEBKAC.
You are absolutely wrong. If a system is designed properly, or set up properly, the user cannot wreak havoc on a system or the network.
In windows, there are many ways to do X behavior that changes the system. Therefore, Windows is hard to secure properly. It is possible, only by globally applying over-secure regedits that disable even basic functionality. Instead, I propose Linux as a good starting point.
PEBKAC, at least in the business setting can be effectively eliminated by the use of simply being unable to even execute the programs.
Games? Not on the HD.
Web browser? If you need it, you'll be in the webbrowser group.
Some document program? does your job require documents, if it does, you'll have that.
Are you a developer for 3d stuff? If so, you get DRI rights. If not, no permission. Can Windows restrict access to the 3d device?
My question is why do you grant rights to users when they do not justify those rights? We need to provide granular access so that the user is limited in what they do and act only in prescribed ways.
As for that, the only way users can then screw things up is if they do not back up their user files, which you should already have thought of. A morning rsync of the /home (which should be mounted from the server) should take care of basic backup issues. Then it turns to your problem of access to the backups (which could be automated also). It really is a game of admin vs user, and you must outsmart stupidity. You do that by providing 1 way as the only way.
---Something about "internet license"
meh. You do that by providing a punishment via the lines of willful negligence. If one does not provide basic security to prevent infection/takeover or notices and takes no heed, one is guilty and owes a fine to the party harmed. In the course of a botnet, that would be the proportion of bandwidth they used (based upon the actions of the the takeover tool).
Simply put: use the laws we already have now, and not some new, easily to corrupt, new license.
Parent
We had this problem... (Score:3, Informative)
The procedure is a HUGE pain in the ass (you need to modify ACL's on registry keys and the whole 9 to cover all angles) but scripted it was as simple as "USBStorage.exe </enable|/disable>" in a logon script.
I think it took all of two hours.
Re:This isn't alarming... (Score:4, Informative)
It is.
But then the network is also so locked down that often times that's the only way to transfer large files. There are shared network drives in the States but they're paltry and always 100% used by some officer's powerpoint presentation and his 2 hour home video.
When my unit was deploying to Iraq I gave all of my guys 2g thumb drives loaded with the data that the company needed. They attached it to their dog tag chain and I had them swear up and down to wear it at all times.
There was simply no other way provided.
Parent
Re: (Score:3, Insightful)
Which just goes to show you that Windows should never be let on the Internet, or use removable media of any sort.
In Soviet Russia... (Score:5, Funny)
... external media bans DOD! [slashdot.org]
Auto-infect (Score:5, Insightful)
Re:Auto-infect (Score:4, Insightful)
Parent
Re: (Score:3, Interesting)
While I agree with you (I disable it on ALL my systems), just image Joe Bob phoning Blizzard bitching that noting happened when he put the CD in the drive!
But then again, I also believe that banking sites should authenticate to YOUR private key, that credit cards should have rolling pins and that it should be illegal to run windows on anything that handles security or financial information...
While all these ideas seem sane, practical and necessary to me, the average person would become irate when they find
Re:Auto-infect (Score:5, Funny)
credit cards should have rolling pins
For a moment I pictured a credit card making pastry.
Parent
It's not intuitive how to disable AutoRun (Score:5, Informative)
Forgot to disable AutoRun, perhaps. But actually, it's quite non-intuitive how to disable AutoRun in Microsoft Windows. There are several options, and none of them (and even all of them combined) will disable AutoRun and AutoPlay features in their entirety. In fact, up until recently, Windows Vista had the logic reversed for one of the AutoRun features! i.e., if you take the effort to disable the AutoRun feature, you actually put yourself at more risk. More details here:
http://www.kb.cert.org/vuls/id/889747 [cert.org]
But luckily, there is a single registry value that can disable AutoRun at its core. Once this change is made, Windows will not interpret the Autorun.inf file on any device, effectively disabling AutoRun for all devices, including USB drives, network shares, and more. Get the scoop here:
http://www.cert.org/blogs/vuls/2008/04/the_dangers_of_windows_autorun.html [cert.org]
Parent
Re: (Score:3, Interesting)
And then, after disabling Autorun, iTunes whines at you about it.
The obvious solution (Score:5, Insightful)
Chuck Windows, and adopt Unix. I realize there are some possible implications of using Linux because of the GPL, but then use BSD. There are bright Comp Sci guys in the military and DOD. Customize a military Unix, and use it throughout all the services. In fact, I think it's long past time DOD did this. With the computerization of everything from planes to ships, now's a smart time to do it. There's no way Windows should be running a ship of war.
Warfare without Clippy? (Score:5, Funny)
1)Grenade
2)An RPG
3)Airstrike
Parent
Re:Warfare without Clippy? (Score:5, Funny)
4)Windows
Parent
Re:Warfare without Clippy? (Score:4, Funny)
5) Banana Bomb
6) Super Sheep
7) Holy Hand-Grenade
Parent
Re: (Score:2)
You can have windows, but you cant have windows and running as administrator 24/7, the same way you cant have linux and running as root 24/7. If this is the same trojan from that wired.com article then it doesnt work without admin rights. Autorun will attempt to run it, but when it tries to write to the machine registry and to c:\windows then its just going to fail.
>here are bright Comp Sci guys in the military and DOD.
They might have bright coders but if their sysadmins are letting them run as local adm
./configure (Score:5, Funny)
Parent
Re: (Score:3, Funny)
Re: (Score:3, Funny)
# make clean ./configure --force /usr/local/bin /usr/local/etc/war.conf and set COUNTRY
#
# make war
# make install
boom copied to
please edit
#
Re:./configure (Score:4, Funny)
# make clean # ./configure --force
# make war
# make install
boom copied to /usr/local/bin
please edit /usr/local/etc/war.conf and set COUNTRY
#
vi /usr/local/etc/war.conf
:w
:q
/bin/war
COUNTRY="TERROR"
Starting war on TERROR...
Error: TERROR is not a valid COUNTRY.
Parent
Re: (Score:3, Insightful)
You don't understand the scope of what you're suggesting.
Let's take just one job -- a DoD web developer for example. You have an internally secure web site used for data collection that (we'll say) runs on IIS, PHP, MSSQL and is developed using an IDE such as DreamWeaver (and probably PS is involved too), and is developed specifically for the DoD version of Internet Explorer. It's already been run through testing and received certification for security and all.
To move to a non-Windows based platform, you
Re: (Score:3, Funny)
Better ban email to (Score:3, Insightful)
Because a virus can come from there as well. Along with web access, usenet access, ftp access.... might just as well unplug the network cable just to be safe.
Or they could install an OS that wasn't insecure by design.
commercial malware? (Score:3, Funny)
ftfa: "Due to the presence of commercial malware.."
So.. this was malware someone purchased?
Re: (Score:3, Funny)
Does it really need to be said? (Score:2)
I'm very surprised it hasn't been already. It probably will have been by the time this gets posted though. "This wouldn't be happening if they were using Linux!"
An actual case where Linux solved this problem (Score:5, Informative)
I'm not surprised the DoD just completely shut the door on these things, but I think that for most admins, a solution like Dave's would be a really good compromise.
The debilitating virus is Windows! (Score:5, Funny)
Yesterday, a terrorist attack on the NHS [today.com] brought three London hospitals to a halt.
The terrorists, representing an organisation calling itself "Microsoft," apparently used insecure third-party contractors to put a virus-running platform called "Windows" into critical systems in the hospitals, in order to extort money from them on an annual basis.
It is understood that a large percentage of all businesses are infected with the virus, wasting up to 25% of employees' working time and opening the companies to further attacks from related criminal organisations demanding to see all their licenses.
The virus in question, W32.SHILL/ZDNET, takes over the host's IT systems, leading to aches, pains, nausea, vomiting, pumping out prodigious quantities of faeces and a terrible compulsion to spread the infection to others. The patient also walks with a shuddering stumble and asks for their hospital meal to include tasty, tasty brains. Recovery has commenced when they have an overwhelming urge to throw their computer out of the window. "Getting this stuff out of the system makes MRSA look like a walk in the park," said one cleaner, waving his shit-encrusted hands about for emphasis.
When the infection became known, ambulances were diverted to other hospitals. "We have maintained a safe environment for our patients throughout the incident," said a spokesman for Barts NHS Trust, "keeping them in the Clostridium difficile culturing lab rather than risking exposing them to 'Windows.'"
Insider perspective... (Score:3)
I work as an IT contractor for the USAF and what it boils down to is muddied interpretations and lack of discipline. They already have regulations stating what you can and cannot do with data coming in and out of the work place. No, you're not allowed to bring a floppy in from home. No, you're not allowed to take a government floppy home with you. The same regulations should, by default, extend to CD/DVD/USB/any and all media but since they're not specifically written that way, people could quote the AFI back and say it was allowed. This new ban is merely a clarification to close the loophole.
Did they swat a fly with a nuclear bomb? Sure.
Has it worked? So far.
Re:They're just ignoring the real problem (Score:5, Insightful)
Parent
When you put something in a locked box (Score:4, Insightful)
Do you honestly think that foreign intelligence agencies won't write Linux or Macintosh viruses if it would get them into the DoD network?
When you try to protect a secret by putting in in a locked box, do you put it in a steel box with a good combination lock? Or do you put it in a cheap transparent plastic box with a lock that can be picked by a safety pin and hundreds of holes and little doors that can be opened even more easily?
Yes Linux, MacOS, and even OpenBSD aren't absolutely impregnable. But Windows has a decades long track record of holes (some unfixable) and a multibillion dollar malware industry built on exploiting them. The fewer holes you start with the easier it is to close them.
Essentially ANY military function is a security issue. For a person with any level of IT expertise to put such functions on Windows platforms is, IMHO, either a level of incompetence suitable for dishonorable discharge or of malice meeting the definition of treason.
Parent
Re: (Score:3, Insightful)
Do you actually think the DOD only uses windows?
Of course not.
But I think that the machines affected by THIS WORM use Windows.
Do you know of any "commercial malware" worms that self-spread on any other OS?
Re:They're just ignoring the real problem (Score:5, Interesting)
There's no way you can automatically run code on a Linux computer by inserting a USB flash drive. It's just not possible. Those virus happen only because of Yet Another Windows Design Mistake - autorun.inf files that run executables.
This has been a problem for years. Make a program that deletes all the files in a system. Put it into a CD along with a autorun.inf file. Burn the CD, don't write anything on it, and leave it near the office of someone you hate. At some point the guy will insert the CD just to check what's there. Boom. The virus will run automatically as soon as the CD is inserted.
And there're more posibilities, like making a virus executable have a carpet icon. Since Windows hides extensions by default, people will double click the virus because they will think it's a carpet.
These things can't happen in Linux (well, not really true, they can happen thanks to the shitty .desktop files that get "interpreted" by file managers even if they don't have execution +x permissions)
Parent
Re:They're just ignoring the real problem (Score:5, Funny)
d'oh, were I write "carpet" I obviously wanted to say "folder". "Folder" is translated to spanish as "carpeta", and I always confuse them.
Parent
Re: (Score:3, Interesting)
Bingo! (Score:3, Interesting)
Get real. Security all comes down to the person who's task it is to implement it.
Years ago, I was on a DoD facility where scheduling was being done on a UNIX box. Everyone there used the console for their work, everyone used the root account to do their work, and the password was written in on the first page of the book marked "Procedures" that was beside the console.
Re:Not News (Score:4, Interesting)
Intelligence agencies did it to eliminate data paths out of the agency. DoD is doing it to eliminate malware paths into and within the agency.
Parent
Re:try this.. (Score:5, Funny)
That's the whole problem with you Linux dorks! People shouldn't have to get down to that level and do such obscure things, just to be able to safely use their computer. And what you don't understand is that most people just plain won't do it! Your post is exactly why Linux will never be ready for the desktop!
Parent
Re: (Score:3, Funny)
The pieces are finally starting to come together...