Significant Russian Attack On US Military Networks

killmofasta notes an LA Times story on a severe and widespread attack on US military computers that may have originated in Russia. Turns out the military's recent ban on flash drives was a precursor to this attack, which was significant enough that the President and the Defense Secretary were briefed on it. "The 'malware' strike, thought to be from inside Russia, hit combat zone computers and the US Central Command overseeing Iraq and Afghanistan. The attack underscores concerns about computer warfare. 'This one was significant; this one got our attention,' said one defense official, speaking on condition of anonymity when discussing internal assessments. Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary. ... [A defense official said] 'We have taken a number of corrective measures, but I would be overstating it if I said we were through this.'"

Surely the US military is dumb enough..

[Viol8 (599362)]

... to have sensitive systems directly connected to the internet?

Oh , wait...

Re:

[OeLeWaPpErKe (412765)]

Ban on flash drives ... doesn't seem they came in through the internet.

(btw : of course the military has computers connected directly to the internet. They created the internet. The remaining systems are only sensitive in the economic sense of the word though)

just my 2c

Re:

[theaveng (1243528)]

How do we know this attack even happened?

Supreme Commander/General Eisenhower warned us to be wary of the military-industrial complex's desire to create wars just to keep themselves in business, and we already caught them in a recent lie (WMDs in Iraq that never existed). How do we know this "computer war" happened and is not just another made-up story to try to get trillions more dollars & keep the military-industrial companies employed?

I work for these people, and frankly I don't trust them. I'd per

Re:Surely the US military is dumb enough..

[zappepcs (820751)]

The other side of the coin is like this:

How do we know that it's not retaliation for an attack on Russian computers that originated from US military networks?

When we start hearing news stories about computer attacks from Latvia, Peru, or some small country in the far east perhaps they can be believed. Right now the news is all about attacks from people that the current administration would like to demonize. That makes the believability of these reports a little less than zero IMO. It sounds like pure propaganda at this point. If it is real, it's probably part of a cat/mouse game that we've been playing with them all along. Anyone who has been in the US military knows that we play war games all the time with Russia. Look up news on the USS Augusta, search for news about submarines a week before and after, you'll see that it hit a Russian sub in a bad game of chicken. Why would computer networks be any different? I bet there are teams of IT people that set up honey pot networks just for this kind of war game. It would be stupid to believe otherwise.

Re:Surely the US military is dumb enough..

[peragrin (659227)]

well the simplest solution is to look at non US news sources. frequently the BBC posts stories about US military hours before american news outlets do. Pull your head out of your arse, and look at some else's news for a while. France while a some what ally will publish news that American news outlets won't as they are considered "sensitive" or not news worthy(read latest actress scandal is more important).

Re:Surely the US military is dumb enough..

[OeLeWaPpErKe (412765)]

*sigh* this is just so stupid it's hard to decide where to begin, but I'll try :

When you see an American article, in English, you always see "AP", "AFP" under it. There is a third agency, but it's name escapes me for now.

AP stands for associated press, which is not American
AFP stands for "agence france-presse" which is french.

They cooperate with one another, hardly ever making double coverage, so in practice an article with AP under it might have come from AFP. They both translate those articles in over 30 languages, and give their clients, like cnn, the right to copy them verbatim.

So 1/3rd (in theory, in practice more) of all the news you see has been collected by French reporters, or at least reporters paid by french people.

You will find nearly all news duplicated across the atlantic in practice. Everybody agrees having a singular entity collect all news is a terrible idea. Everybody also agrees that it's cheaper, so it wasn't a contest at all.

Also keep in mind that e.g. during the Israel-Lebanon (or rather Israel vs Lebanese terrorists that Lebanon couldn't (and can't) deal with, who are therefore in massive violation of just about every international treaty by their existence alone), AFP hired a Hezbollah "kolonel" to collect news for them (he had very good access to the battlefield, you see, and he didn't tell AFP about his position). This is then passed of as "impartial" information.

But the sad reality is, there isn't any alternative to them.

Re:Surely the US military is dumb enough..

[adam.dorsey (957024)]

When you see an American article, in English, you always see "AP", "AFP" under it. There is a third agency, but it's name escapes me for now.

Reuters

Re:Surely the US military is dumb enough..

[Sloppy (14984)]

How do we know that it's not retaliation for an attack on Russian computers that originated from US military networks?

I'm not sure it matters. Whether US military computers were choosing to load and execute foreign code as a result of a foreign first strike, or a foreign counter-attack, we still have the situation that US military computers are loading and executing untrusted code, and apparently unsandboxed, so that it ended up mattering.

I don't care why it happened at the political level; I care about why it's happening at the computer or operator level. People using "important" computers shouldn't be doing that, nor should their computers be making it easy for them to do that.

No matter why the military computers were attacked, the fact that the attack worked proves incompetence.

Re:Surely the US military is dumb enough..

[El Torico (732160)]

I work for these people, and frankly I don't trust them. I'd personally be happy to give up my job in order to bring the Congressional budget into the black & reduce taxpayer burdens, but I know many of my colleagues would not. They want to keep their jobs regardless of cost (or lies).

I don't trust any upper-level manager in any industry, but especially not in DoD contracting, and I certainly don't trust DoD civilians to be honest or competent.
This is taking place during the transition between Administrations, so someone at the DoD hierarchy wants to make a show about how they are "protecting America" when everyone in the commercial sector dealt with the agent.btz trojan quietly months ago.

Re:Surely the US military is dumb enough..

[lysergic.acid (845423)]

while i don't doubt that electronic warfare is being actively developed by other nations (i'm sure the U.S. armed forces aren't the only military interested in, or actively developing, electronic warfare tactics), i wouldn't put it past the MIC to exaggerate the risk of electronic attacks in order to manipulate the public. it certainly wouldn't be the first time the public was mislead about our nation's defense in order to funnel tax dollars into unnecessary defense projects. and now with war logistics being an more lucrative than ever through the Logistics Civil Augmentation Program [corpwatch.org] (LOGCAP) and its cost-plus award-fee contracts, even more more private sector companies have a vested interest in seeing a renewed Cold-War-type international tension and corresponding military spending.

it's just too bad Americans never heeded Eisenhower's farewell address [wikisource.org]. of course, if more people working in the defense industry were truly patriotic, they'd all be as morally enlightened as you, and the MIC wouldn't exist.

Re:Surely the US military is dumb enough..

[Nursie (632944)]

No.

Sorry. No.

That's so wrong it's funny. The whole world didn't believe shit about WMDs. Your government made shit up and then our government (UK) got involved because they thought it was politically expedient.

And the Syria thing? Please. Bullshit to justify US actions in light of the complete clusterfuck that the Iraq thing became.

Re:Surely the US military is dumb enough..

[Nursie (632944)]

"So 17 UN resolutions referencing WMDs represents what to you, moron?"

History. The Irqi gov't weren't cooperating, but Blix was not convinced they had any WMD when he was pulled out.

"Put the propaganda UK rags down, get some better medications, and go back to middle school and learn something before further poisoning the internet with your ignorance."

Lol. Republitard.

Re:Surely the US military is dumb enough..

[gwait (179005)]

Bullshit.
Those of us outside the feverish and patriotic US Propaganda machine could see that machine heavily at work.

Yes it was entirely plausible that Saddam had WMD,
so yes it was expedient to send in inspectors.
When said inspectors turned up absolutely nothing,
that wasn't the answer America wanted to hear, since "Something had to be done about 911!".

The best summary of the Iraq war propoganda machine at work is here:

http://www.pbs.org/moyers/journal/btw/watch.html [pbs.org]

Why should you care? America is now worse than broke, and you spend trillions blowing up a country for no benefit to that country or to the average US citizen.

Re:Surely the US military is dumb enough..

[Xelios (822510)]

I think Stephen Colbert did a great job of summarizing the propaganda machine behind the Iraq war. You can watch the bit I'm talking about here:

http://www.youtube.com/watch?v=diEdNgnzR3g [youtube.com]

Re:Surely the US military is dumb enough..

[Deadplant (212273)]

So 17 UN resolutions referencing WMDs represents what to you, moron?

That is the result of the disfunctional and undemocratic security council where the USA has a vetoe.
Don't confuse security council resolutions for something representing world opinion.
It is the general assembly that is democratic and representative, the security council is a private club.

Re:

[Hal_Porter (817932)]

That is the result of the disfunctional and undemocratic security council where the USA has a vetoe.
Don't confuse security council resolutions for something representing world opinion.

Except when they agree with you presumably, like just before the war.

Re:Surely the US military is dumb enough..

[Deadplant (212273)]

But the whole world believed that Iraq had WMDs

That is so ludicrously wrong you must have been watching american news.
The vast majority of the world did NOT believe that WMD nonsense.

Re:Surely the US military is dumb enough..

[jambox (1015589)]

You must live in a parallel universe!

There are so many mainstream sources around UNSCOM and the IAEA that have come forward since the Iraq war that the truth is no longer in question. It goes like this:

Firstly, the Iraqi military and economy had been smashed by the first gulf war and subsequent sanctions.

Secondly, Hussein and the rest weren't stupid and clearly knew the US government, public and media were all baying for war.

Thirdly, the UNSCOM inspections were very thorough and even well funded and equipped (largely by the US taxpayer) and had a great deal of success in pressurizing the Iraqi regime into getting rid of what it had left, which in any case wasn't much because it was all so old. Dozens of Iraqi army officers defected through Syria or Jordan and confirmed the story.

Because of all this, successive administrations tried and failed to find a pretext to war. Parent is entirely correct - it's the defense industry wanting cash and the government finding any excuse to pump tax dollars to their well-to-do pals. It's good for the economy, according to the politicians.

What helped most of all to tip the balance in favour of war was when someone or other (probably the CIA) forged a now infamous document purporting to show the sale of yellow-cake uranium by Niger to Iraq. It was by all accounts a hilariously bad forgery and contained many, many obvious errors that clearly showed it could not be genuine. However, the White House released it to the media as genuine, who immediately, without checking it, presented it as causus belli to the trusting public. By the time the IAEA's Mohammed El Baradei announced a couple of days later that it was utterly false, it was too late. Not that the same, supposedly liberal media made a big deal of that.

That, my friend, is how rich, powerful people can manipulate the public into doing whatever they see as necessary, even when it calls for the deaths of hundreds of thousands of normal, working class people on all sides.

It's ALL PROPAGANDA

[Jeremiah Cornelius (137)]

These are professional liars, folks! This is a part of the Military disinformation effort - so publicly trumpeted right here on Slashdot - not so long ago.

If there had been any such REAL significance to this 'attack', do you think that it would be published and publicly acknowledged? There are very minor cold-war-era incidents and slip-ups that are still highly-classified, and never acknowledged.

I suppose this to be a non-event of ordinary malware, that is being used to:
1) Shape public opinion and generate suspicion
2) Justify restrictions on the Internet access/speech of military personnel
3) Profit!

Remember: In Soviet America, Military Network Attacks YOU!

They Aren't.

[maz2331 (1104901)]

The US military is not stupid, and does take systems security very seriously. What would look like ultra-paranoid behavior to a civilian may well be fully justified in the military world.

The reason is simple: any breach, leak, or DoS can result in somebody being killed, operations foiled, or even wars lost.

Security people have to guard against known threats and techniques, which are very challenging, plus unknown ones that nobody has even thought to consider. Being able to trust the technology that they ar

Oblig Windows jab

[mrbcs (737902)]

So umm, how's that Vista working out for you? What'd they use for the attack? Solitaire?

Re:Oblig Windows jab

[pubjames (468013)]

Actually it was britneynude.exe

Re:Oblig Windows jab

[oldspewey (1303305)]

britneynude.exe

*shudder*

Re:Oblig Windows jab

[orielbean (936271)]

Pre or post exploitation?

I offer my services

[MadMidnightBomber (894759)]

$100/hour to install air-gap firewalls on sensitive/classified networks. (Includes rental of scissors.)

Re:I offer my services

[onkelonkel (560274)]

You work for cheap. Ask for $225/hr and then offer a "preferred services provider" agreement where they can get you for $195 if they guarantee a minimum of 1000 hours.

Originating in Russian != Russian National

[UltraAyla (828879)]

Just remember that just because it originated in Russia does not mean that this was a Russian Government attack (though it could have been known about and ignored by them if it wasn't) - it just happens to have been in Russia - the headline is a little misleading in that sense.

Re:Originating in Russian != Russian National

[Midnight Thunder (17205)]

Just remember that just because it originated in Russia does not mean that this was a Russian Government attack (though it could have been known about and ignored by them if it wasn't) - it just happens to have been in Russia - the headline is a little misleading in that sense.

But surely there are just evil dudes and dragons beyond our borders jealous about our freedoms (ignore DRM, unwarranted phone snooping, etc for this argument)? I know for sure that there are ice dragons and Igloo dwellers to the north. To the east there is meant to be an old continent, but I am yet to be convinced of its existence. ;)

Re:Originating in Russian != Russian National

[Detritus (11846)]

It would be equally silly to ignore the fact that China, Russia and certain other countries have well-funded technical and military intelligence collection programs that have been running for many decades, and explicitly target the United States.

Re:

[UltraAyla (828879)]

You're absolutely right and I completely agree - I'm not saying that this wasn't sponsored by or carried out by a foreign nation, but that we should not conclude that this is the case. It is very likely that this attack was from a foreign nation, and if it wasn't, there will be others.

Re:Originating in Russian != Russian National

[blhack (921171)]

I'm not sure how things work in Russia (if the state owns the networks or not) but wouldn't it be the ISP or bandwidth provider ignoring this?

I know, I know, ISPs can't (and shouldn't) be held responsible for this sort of thing, but just jumping at the Russian government because technically the copper(or fiber, or whatever) exists in Russian territory is a little bit silly IMHO.

Really the only way that we could hold a foreign government responsible for the actions of their citizens on the Internet would be to expect government oversight on all the packets floating around on the networks that exist within their territories. I highly doubt that there are many people on slashdot that would advocate that.
Really, the Internet needs to exist separately from real-world governments. I know that some are in favor of having no regulatory body of any kind on the networks, but I think things are starting to get out of hand. A government that exists for the internet only is starting to make sense, especially since people who have studied traditional, physical-world-based law have generally don't know head from ass when it comes to computer networks.

KGB or Spotty Teenagers?

[threeturn (622824)]

I love the way these things are always spun as if they are significant military attacks coordinate by the foreign government or their agents. Is there any evidence that it isn't just a few bored teenagers who happen to live in Russia and think it would be fun to try and hack the US DOD?

Re:KGB or Spotty Teenagers?

[Steauengeglase (512315)]

After all that went down in Georgia, I think it proves that there really isn't that much of a difference between the two.

Re:KGB or Spotty Teenagers?

[Erikderzweite (1146485)]

And what do you thing has happened in Georgia? To tell the long story short -- Russia has stopped a Georgian assault on its citizens (most people in South Osetia have Russian citizenship) and made Georgia return to negotiations with South Osetia.

The propaganda machine is working very well though. Next you'll tell that the Russians have violated Germany's sovereignty in 1945 and made their democratic elected leader commit suicide.

Re:KGB or Spotty Teenagers?

[pubjames (468013)]

It probably is some windows worm or something written by a script-kiddie. But to admit that would be to embarrassing, so they make it out to be a big deal.

Like that poor Brit who was looking for info. about UFOs.

Re:KGB or Spotty Teenagers?

[Kent Recal (714863)]

It probably is some windows worm or something written by a script-kiddie. But to admit that would be to embarrassing, so they make it out to be a big deal.

It is exactly this vain "cover-my-ass" attitude that makes situations escalate, sometimes up to the point of war. I understand that a bunch of old farts in DoD feel a strong need to justify (or increase) their Cyberwarfare budgets but pointing fingers at an allied country (relations with which are not always easy) in public over a non-issue like this is, imho, going way too far.

Network security by isolation of the critical parts is possible and this whole "cyberwarfare"-bullshit is just driving tears into the eyes of anyone who knows a bit about the subject.
Yes, an attacker could overload and DoS less important/perimeter networks and yes an attacker may able to overtake various individual machines or department networks, e.g. by sneaking trojans onto employee's computers, phishing etc.

If any of that worries you in a national-security kind of way then do your fucking homework and implement appropiate security layers and airgaps already!
A flash trojan is a non-issue because a critical system won't run flash. In fact, a critical system won't even interface with a system that could be taken over in such a way.

Re:KGB or Spotty Teenagers?

[Xest (935314)]

To be fair, it's not like when the US reports these attacks to China/Russia they do anything about them to suggest you might be right though.

It's the same with the whole Litvinenko thing here in the UK, we know where the Polonium came from (a Russian lab) we even pretty much know Lugovoi did it but as they wont help whatsoever to put him to trial and have instead put him into their parliament in a position of power it's kind of hard to give them the benefit of the doubt.

Maybe if they actually helped bring these perpetrators to justice we could give them the benefit of the doubt as you suggest, but when they instead protect the almost certainly guilt with no real trial or investigation then it only adds to the idea that the governments of these nations themselves are in fact responsible.

If a bunch of Canadians crossed the US border and attacked the US and then made it back to Canada safely and the Canadian government did nothing about it or even went as far as giving these people places in government as per the Luogovoi/Litvinenko affair then yeah I think most people would still say the Canadian government deserves a lot of the blame.

Don't get me wrong however, I do feel these "cyber attacks" are a little overstated, I hate to say it but it's becoming so common when I read about them I can't help but think "Who cares, stop moaning and either return the favour or learn from it and stop it happening again". As is pointed out here on Slashdot often though, they don't seem to learn from their mistakes and instead simply repeat them over and over. I'm not sure what the US government is trying to achieve with these cries? Trying to make us hate Russia/China? Don't worry their human rights record means a lot of us already do. Trying to get sympathy? Well what for? You're the military, you're the ones who are meant to be dealing with it and so on.

Or in other words, to put it simply- they're all just as bad as each other.

It isn't just targeting the US.

[by Anonymous Coward]

Anonymous coward here, for a reason etc.

I work with the USAF in a very official capacity in IT and got wind of the flash media ban a while back.

I've been asked to keep quiet about this, but since it isn't classified, and nobody takes slashdot seriously, take this for what it is worth:

We stopped using all flash media on all networks because we can no longer be confident that they do not come from the factory with payloads attached. I've seen entire boxes of flash media from the "amnesty boxes" set up inside USAF buildings sent off to NSA and FBI for investigation.

There are some who think that manufacturers have been infiltrated with the sole purpose of loading malware onto drives. And it isn't that it's specifically an attack on US Gov. computers - it's just that Gov. networks tend to be pretty incestuous, and flash drives are often moved back and forth between multiple computers daily by most users due to the flakiness of CAC (common access card) infrastructure.

So beware.

Re:

[soulsteal (104635)]

The ban on flash media was to stop the propagation of a Win32 worm that "spreads by creating an AUTORUN.INF file to the root of each drive with the malicious .dll file."

It was just one of many steps taken to triage infected systems and protect uninfected systems.

It's possible it was an attempt to breach the DoD networks, but it's just as likely and more plausible that it's just another botnet being created.

Re:

[jimicus (737525)]

What's the point of putting malware if it won't be run? Or did I miss something, and "autorun" actually works on UMS devices in Windows?

You did, it does.

Good old federal government...

[by Anonymous Coward]

The federal government is finally starting to see the fruits of its trifecta of asinine spending policies:

1) Lowest bidder (God forbid we get the best value for the tax dollar, not the cheapest).
2) Standard pay rates that don't take into serious consideration the skills and experience of employees. God forbid we adopt private sector pay policies because that might make us look like we're discriminating if some employees get paid a lot less than others.
3) The fact that it often takes an act of Congress to fire a federal employee.

Like most Northern Virginia-based software engineers, I've worked a federal contract here and there. I've been exposed to incompetence from federal employees that would not be tolerated by almost any corporation. My company actually brought a formal business case for why our government program manager was wrong and her decisions would be a disastrous waste of tax payer money to her bosses. We **pleaded* with them to override her and let our senior engineer do the architecture since she had no idea how to do it.

Guess what? They told us to shut up and get back in line.

There's this myth that the outsourcing of government has ruined the federal government. That's bullshit. Government contractors are often the only people who actually get shit done! We're the ones who actually do much of the heavy lifting because the civil service for so long was allowed to deteriorate into a combination of an affirmative action program and a welfare program for stupid white men.

There are real pockets of genuine competence and intelligence in the federal government, but unfortunately, they're so isolated by the prevailing culture and leadership that it would take a real Leviathan-wrangler at least 2 presidential terms to get any meaningful culling done.

Russian hackers

[Geoffrey.landis (926948)]

"may have originated in Russia" is not the same as "originated with the Russian government," of course.

My guess, the attacks are an attempt to turn the vast power of military computer systems into one giant spam-bot.

And, also, just think of all the new Nigerian scam letters that they could pull off with military connections... the "your son was wounded in Iraq and is being airlifted to a hospital in Germany, please send $10,000 to pay for a private room for him" scam will be much more powerful if it issues from a military computer (and, for that matter, much more convincing if the scammer knows the actual name, rank, and next-of-kin of the 'son').

The Americans Should Learn From The Brits

[by Anonymous Coward]

The British Intelligence have learnt how to avoid infecting their systems with infected flash drives. They leave them on the train where they can't do any harm.

Preparing for the new propaganda

[Bullfish (858648)]

If thse attacks are successful, they will replace the old practice of dropping leaflets on enemy soldiers... Now when the modern soldier opens his e-mail, he will be greeted with "Feeling ashamed of your small willy, we can help" etc etc

Not News

[jmyers (208878)]

Reading the article, which has almost no details, I think the LA Times is trying to make news out of nothing. The "senior military leaders" are basically like "senior business executives" who probably have no clue about any actual "attacks". They are just trying to hype up anything they can to increase their budgets.

The actual details they are dealing with is the same as any organization that uses computers and employs people.

"We have always been at war with East Asia"

[leoofborg (803260)]

Sorry, couldn't resist.

Also, the CBC [Canadians] are running sensationalist crud on their TV.

Most irritating soundbite from a DHS 'expert':

"Digital Pearl Harbor"

I think they must have run the same quote 3-4 times.

Me? I think the military / DoD is begging for $$$ as usual. What? We didn't bail out the military? Shame!

sigh

[Deadplant (212273)]

...experts have not pinpointed the source or motive of the attack and could not say whether the destructive program was created by an individual hacker or whether the Russian government may have had some involvement.

Classic propoganda.
Shame on Julian Barnes of the LA Times and the unnamed senior military leaders.

Re:My god. solution is stupidly simple

[wiredog (43288)]

Almost as stupidly simple as reading the freakin' article. Which mentions that flash drives were banned inorder to keep the attack off of SIPRNet computers.

And almost as stupidly simple as banning soldiers from e-mailing and blogging on the public internet that, ummm, their families are on and, ummm, OK, maybe we need publicly accessible DoD computers.

Re:

[Endo13 (1000782)]

RFTA maybe? This infection is specifically designed to put itself on flash drives. I'll leave you to figure out the rest for yourself, since you think you're so smart.

Re:tag MICROSOFT + WINDOWS... again n/t

[malevolentjelly (1057140)]

They don't use a lot of Windows on internal systems in the DoD. As I'm to understand, they run a lot more Linux and Solaris. In the interests of national security, though, all these systems are too close to make a big difference security-wise.

They may have different levels of attackability for circumstances relating to casual attacks and casual computer use (this is where we say "is the default linux installation in X version of linux more or less secure than the default windows installation in Y version of windows?) But when these systems have proper internal security policies set up, it doesn't make a huge difference-- when they are well configured, they're functionally the same.

DoD systems are generally set up so that one is connected to the internal network and one to the external network-- when you want to move a file, you simply use a flash drive. The chances are very good that these are running different operating systems, anyway.

For a coordinated and advanced attack on our DoD network infrastructure it has less to do with what operating systems we are running, which is really just a question of usability and administration time, but moreso broader questions of security policy-- such as where do you get your flash drives?

In short, if one OS was the issue here, this attack couldn't have gotten anywhere. An OS really doesn't mean much when you compare it to the overall security model for the network infrastructure, especially with the physical network restrictions used by the DoD.

The biggest difference for the operating systems for their purposes would be more on features like TPM-enabled drive encryption, etc-- things that would make it more difficult to hack a stolen laptop-- stuff like that.